Friday 18 March 2011

2006, thanks for saving me some time.

Tonight, I was trying to get subversion to work.  Normally, this isn't an issue ... except when you are tunnelling through SSH and SSH is on a non-standard port.  The default port is 22.  If you aren't using that, subversion is a little mental.  The solution?

http://peat.wordpress.com/2006/09/08/subversion-alternate-ssh-ports/

So nice.  Now it works.

Tuesday 15 March 2011

how awesome is jack?

awesome.  i have been posting on Jack's blog, but not a lot on mine, related to all of us.  as such, some people may  (if you care) have been missing out on all the photos and videos.  each month I have been uploading photographs straight to my picasa account:


March 2011


above are the photos for march.  you'll see some good photos, some decent photos and some awesome photos of jack with his new audi...

Friday 11 March 2011

i love ice hockey ... but...

Air Canada published a letter to the NHL following a hit the other night during the Montreal / Boston game:
"From a corporate social responsibility standpoint, it is becoming increasingly difficult to associate our brand with sports events which could lead to serious and irresponsible accidents; action must be taken by the NHL before we are encountered with a fatality,"
http://www.thestar.com/sports/hockey/nhl/article/952137--air-canada-tells-nhl-to-take-off

Normally, I am not a fan of Air Canada, but this is great. 

I love hockey, and like others, I am sitting around, waiting (not by choice) to hear news of a fatality in the NHL. 

With a little boy who will one day play ice hockey -- he has no choice in this matter -- it's important that he grows up aware of the good and bad.  Growing up, I knew all too well how devestating checking from behind is.  This was rampant in the late 80's and 90's ... Now, it's rare to see and it's great.  Kids grow up knowing its bad and it promotes better behaviour.  Sure, some kids will never get it...that's just life.  Some people grow up to be murderers.  We can't fix everyone ...

For me, I want Jack to grow up knowing right from wrong.  I believe fights and hitting must exist in ice hockey ... but deliberate intents to injure ... WWE styles ... they have no place.  If your hit or actions are good enough to get on a Don Cherry -- Rock em' Sock em' video ... I think you have overstepped the boundaries. 

Well done Air Canada for stepping up. 

Thursday 10 March 2011

HipHop-PHP

Where do I begin on this one.  Over the past 12 or so years, I have always enjoyed PHP.  Despite it's failings, I still prefer to prototype and throw together web applications with it, over anything else.  Sometimes I come up with something pretty cool.  Often, this is for a friend.  Although I am happy to give them that cool thing, sometimes I regret giving away the intellectual property.

https://github.com/facebook/hiphop-php/

"HipHop for PHP transforms PHP source code into highly optimized C++. It was developed by Facebook and was released as open source in early 2010."
Much to my surprise, tonight, I downloaded, configured, installed and tested.  It all worked, first pass.  No tinkering, no nothing.

Second, I took the most complex PHP project I have, with lots of different dependencies and pushed it through. Guess what?

It works.  It really works.

Awesome.

Wednesday 9 March 2011

Apache Cassandra & nodetool

Today I was playing around with a cluster of 3.  How can I have new apache cassandra instances join and leave and allow the cluster add/remove to function somewhat autonmous.  Joining is not a problem.  The auto-bootstrap feature works a treat.  Leaving on the other hand.

$CASSANDRA_HOME/bin/nodetool -h 10.0.0.1 decommission

As I understand, when this is run, the node will stream all it's data out to other nodes in the cluster and remove itself.

When I view the ring from another node:


10.0.0.1    Down   Leaving 218.71 KB       21.76%  61078635599166706937511052402724559481

I see this message.  Great ... but after an hour of waiting, I give up and try to force the removal of the token:

nodetool -h 10.0.0.2 removetoken 61078635599166706937511052402724559481
Exception in thread "main" java.lang.UnsupportedOperationException: Node /10.0.0.1 is already being removed.

Ok then... this is interesting:  

nodetool -h 10.0.0.2 removetoken status
RemovalStatus: No token removals in process.

I don't get it.  How do I gracefully remove a node?  Finally, I killed the node on 10.0.0.1 and removed it's data.  Ungraceful.  I then went to the other nodes, still couldn't force it's removal.  Started the node back up on 10.0.0.1 and it's rejoined the cluster ... with data spread evenly around.  Not exactly what I wanted ... oh well....

I'm sure I've missed a concept.  So, now that I have a 3 node cluster working and balanced, I turn off cassandra on 10.0.0.1 and check the ring from another node:

nodetool -h 10.0.0.2 ring

10.0.0.3  Up     Normal  224.21 KB       40.78%  24053088190195663439419935163232881936
10.0.0.1    Down   Normal  213.51 KB       36.78%  86624712919272143003828971968762407027
10.0.0.2    Up     Normal  244.42 KB       22.44%  124804735337540159479107746638263794797

Now, to try and remove that node by removing the token:

nodetool -h 10.0.0.1 removetoken 86624712919272143003828971968762407027

Job done, the node is gone...

nodetool -h 10.0.0.2 ring
10.0.0.3  Up     Normal  224.21 KB       40.78%  24053088190195663439419935163232881936
10.0.0.2    Up     Normal  244.42 KB       59.22%  124804735337540159479107746638263794797

-sd

-- maybe this is my problem:  CASSANDRA-2072

Security Groups & Amazon Web Services (AWS)

It's funny.  Been playing with amazon web services quite a bit over the past few weeks and didn't give much attention to security groups.  It's only now, after this past weekend have I developed a strong appreciation and respect for them.  Some background:

The way amazon operates is quite interesting.  All instances get a dynamic internal IP.  That IP stays for the duration of that machine being on.  If you restart, the IP changes.  Now, you can pay for an elastic IP which maps to the instance ... and that never changes.  But it's mapped.  The instance never really knows anything about it.  It always has this internal IP .... 10.10.10.10 one day, reboot, 10.20.10.20 the next ....

Now, security groups.  It's one big glorified access list.  You have to specify which security group your instance belongs to.  Fair enough.  By default, it's deny all.  You can start opening things up, saying that 0.0.0.0/0 can access your instance on TCP/80.  That means the world can get to that instance on port 80.

With me so far?

So what if you wanted to deploy a multi-tier LAMP application to AWS:

2 x web server
2 x application server
2 x mysql ....

How would the security groups look then?

security group 1:  web servers
security group 2:  application servers
security group 3:  database servers

Simple!  You then configure your access lists ... right?  Sort of.  If you want to do it properly, you define that only TCP/80 & TCP/443 are open to 0.0.0.0/0 for security group 1.  

Security group 1 should have access to security group 2 on some ports .. like 8080 or 80 or 8443 ....
Security group 2 should have access to security group 3 on some ports ... like 3306 (mysql)

Normal instinct would say, let's put in the IP's of each machine ( 10.20.10.20/32 and 10.10.10.10/32) for example ... well ... in the AWS world, this isn't correct.  When you restart your machine, the IP will change and your rules will not be valid.

Now unfortunately, the way to get around this is not available through the AWS management console.  The only way I've found so far (limited amount of looking) is to download the ec2 client tools, generate an X509 key pair, and use the tools:

ec2-authorize us-app -P tcp -p 8080 -o us-www

What this does, is says that the security group "us-app" allows the origin "us-www" on TCP/8080

You are defining the policies with other groups.  This is great because you can then add new instances into whatever group you want, or restart an instance, and the policies will still be valid.

Hopefully this is of use to someone one day.  I'm glad I've stumbled upon it now after some small pain points and not later when the pain points would be much higher ....!

-sd