Fix categories and tags in wordpress custom post_type

By default word press does not look in to custom post_types for categories and tags, even though the category names are visible you get a NOT FOUND page when you click on the category.

A work around found for this issue is :

Edit : functions.php

add_filter('pre_get_posts', 'query_post_type');
function query_post_type($query) {
if(is_category() || is_tag()) {
$post_type = get_query_var('post_type');
if($post_type)
$post_type = $post_type;
else
$post_type = array('post','custom_post_type_name','nav_menu_item'); // replace custom_post_type_name with your post_type, and keep nav_menu_item to display menu in category page.
$query->set('post_type',$post_type);
return $query;
}
}

Reference: http://wordpress.org/support/topic/custom-post-type-tagscategories-archive-page

Thanks to paranoid  for guiding to the fix . ;)

./arun

 

Replace broken hard drive in software RAID1

This scenario assumes that you have two hard disk with RAID1 setup and one of them is broken (say sdb).

To check the status of RAID:

$ cat /proc/mdstat

Personalities : [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
md2 : active raid1 sda3[1]
730202368 blocks [2/1] [U_]
md1 : active raid1 sda2[1]
264960 blocks [2/1] [U_]
md0 : active (auto-read-only) raid1 sda1[1]
2102464 blocks [2/1] [U_]

you will see [_U] or [U_] if there is a broken RAID.

If required remove the broken hardrive from RAID from all md devices.

# mdadm --manage /dev/md0 --fail /dev/sdb1

# mdadm --manage /dev/md1 --fail /dev/sdb2

# mdadm --manage /dev/md2 --fail /dev/sdb3

Shutdown the machine and replace the hard drive.

Once the server is booted, you will see the new device (either sda or sdb depends on what drive is broken)

# ls -l /dev/sd*

Now we need to replicate the partition schema on the new drive.

sfdisk -d /dev/sda | sfdisk /dev/sdb

// -d     Dump the partitions of a device

We can add the partition to the RAID now, you could verify the partitions with fdisk -l.

# mdadm --manage /dev/md0 --add /dev/sdb1

# mdadm --manage /dev/md1 --add /dev/sdb2

# mdadm --manage /dev/md2 --add /dev/sdb3

It will start sync the data and will be ready once completed.

You may verify the mdstat

# cat /proc/mdstat
Personalities : [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
md2 : active raid1 sda3[0] sdb3[1]
7302023 blocks [2/2] [UU]

md1 : active raid1 sda2[0] sdb2[1]
2649 blocks [2/2] [UU]

md0 : active (auto-read-only) raid1 sda1[0] sdb1[1]
21024 blocks [2/2] [UU]

./arun

Enable IPv6 on Direct Admin

It was rather easy to get IPv6 working with DA if you have the IPv6 subnet allocated for your server.

Make sure that you have IPv6 enabled on your DA.

# grep ipv6 /usr/local/directadmin/conf/directadmin.conf
ipv6=1

Add the IPv6 Addresses to your direct admin, through IP Management (This will add IPv6 address to the interface).
Enter the IPv6 Address in IP field and keep the Netmask as 255.255.255.0

Add IPv6 address for your name servers,
go to DNS administration --> Select your name server domain --> Add AAAA records for your Name Servers. Make sure you have added the IPv6 addresses already to DA.

Check your name server is resolving/reachable via IPv6.

Now to add IPv6 Address to hosted domains, select the domain --> Modify user --> select the IPv6 address in "Add Additional IP". If the IPv6 address is not visible, make sure it is added to DA and to the reseller account you are editing the domain.

Add the IPv6 address(AAAA) to the corresponding domains DNS configuration.

Here we go, ping666666

 

./arun

Extending LVM disk space

Add the new disk drive to the system, you need to reboot the machine and configure the hardware RAID if required.

Add the new disk to Volume group

For e.g.: if the disk is HP with Smart array

# pvcreate /dev/cciss/c0d1
# vgextend <volume_group_name> /dev/cciss/c0d1

Extend the Logical volume:
# lvextend -L<+mention_the_size> /dev/<volume_group>/<logical_volume>
eg: # lvextend -L+25G /dev/localhost/var
       # lvextend -L+10G /dev/localhost/home

Resize the file system:
# resizefs <file_system>
eg:
# resizefs /dev/mapper/localhost-var
# resizefs /dev/mapper/localhost-home

./arun

Install and configure rsnapshot for central backup (without root privilege)

Download and install RsnapShot
Download the latest package from: http://rsnapshot.org/downloads.html

# wget http://rsnapshot.org/downloads/rsnapshot-1.3.1-1.noarch.rpm
# rpm -Uvh rsnapshot-1.3.1-1.noarch.rpm

Configure public key authentication

- Enable public key authentication with remote hosts with normal user privilege

local# ssh-keygen -t rsa
local# scp id_rsa.pub ssh-remote-server:id_rsa.pub

remote# useradd -c "Backup user" -d /data/home/backup/ backup
remote# su - backup

remote# vi .ssh/authorized_keys

remote# chmod 600 .ssh/authorized_keys

remote# cat id_rsa.pub >> authorized_keys ; rm id_rsa.pub

Add the command allowed to execute in the authorized_keys

command="/home/backup/validate-rsync.sh"

Create the /home/backup/validate-rsync.sh script with following contents

#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
  *\&*)
    echo "Rejected 1"
    ;;
  *\;*)
    echo "Rejected 2"
    ;;
    rsync*)
    $SSH_ORIGINAL_COMMAND
    ;;
  *true*)
    echo $SSH_ORIGINAL_COMMAND
    ;;
  *)
    echo "Rejected 3"
    ;;
esac

$ chmod 700 validate-rsync.sh

Create the rsync wrapper script

$ cat  > /usr/local/bin/rsync_wrapper.sh

#!/bin/sh
/usr/bin/sudo /usr/bin/rsync "$@";

# chmod 755 /usr/local/bin/rsync_wrapper.sh

This steps will basically force the ssh connection to execute the rsync as sudo

Grant user to execute rsync as root

backup    ALL=(root) NOPASSWD: /usr/bin/rsync

Configure Rsnapshot

master# cp /etc/rsnapshot.conf.default /etc/rsnapshot.conf

Configure path for cp, rsync, ssh, logger, du etc

set link_dest = 1

change rsync_long_args like

rsync_long_args --rsync-path=rsync_wrapper.sh --delete --numeric-ids --relative --delete-excluded

If you require daily backup for a week,

interval daily 7

More details are on the how to section for rsnapshot website
http://rsnapshot.org/howto/1.2/rsnapshot-HOWTO.en.html

Configure the hosts and file system to backup

backup      backup@remotehost:/etc/     remotehost/

./arun

 

 

 

 

Upgrading php to 5.2 or 5.3 in Redhat EL 5

Unfortunately RHEL 5 does not have php.5.2 package, which is required by most of the applications including latest wordpress and drupal.

First thought of compiling php from source, but hard to keep it uptodate. So decided to make the life easier with EPEL/IUS repositories.

Remove all existing php related packages:

# rpm -e php php-mysql php-cli php-pdo php-common

Download and install the EPEL/IUS RPMs

# wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/i386/epel-release-1-1.ius.el5.noarch.rpm

# wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/i386/ius-release-1.0-8.ius.el5.noarch.rpm

incase if the list not working just browse and find the rpm.

Install the RPMs

# rpm -Uvh *-release-*.rpm

Now you can install php 5.2 or 5.3 like:

# yum install php52 php52-mysql

./arun

 

svn over ssh tunnel

 

 

 

 

 

 

 

 

 

It is very often required that you need to commit/update to the svn repository which is only indirectly accessible through a gateway (user can ssh to gateway and gateway can ssh to internal svn server)

Suppose you have a working copy (locally on your machine)  setup with the real svn url (eg : svn+ssh://svn.example.com)

- Make ssh connection with local port forwarding to the gateway server

# sudo ssh gateway.example.com -L 22:svn.example.com:22

Change the repository url to localhost, since the local host connection forward to remote svn server through the gateway.

#cd <local_svn_path>

# svn switch --relocate svn+ssh://svn.example.com/trunk svn+ssh://localhost/trunk

Now you should be able to update, commit, etc to/from your repository.

You can switch it back to the original url when you have direct access to repository.

./arun

 

Install directadmin on Debian 6

Install the basic debian server without any server components

Install the dependency packages:

# sudo apt-get install gcc g++ make flex bison openssl libssl-dev perl perl-base perl-modules libperl-dev libaio1 libaio-dev bind9

Purchase and register the server ip at directadmin.com

Once the license is activated, login to the server:

$ wget http://www.directadmin.com/setup.sh

$ chmod 755 setup.sh

# sudo ./setup.sh

// enter the client id, license id, FQDN etc, and follow the instructions.

Once the installation completed the direct admin interface will be accessible at https://< server_ip >: 2222/

./arun

 

 

Racktable, Apache+LDAP authentication

Login to the Rack tables as admin:

Add the following line under configuration--> permission

allow {$tab_default}

* This is for read only account, assign extra permissions if required

Configure Apache + LDAP

< Directory /var/www/racktables >
Options +Indexes FollowSymLinks MultiViews
DirectoryIndex index.php
AuthName "Rack Tables"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldaps://ldaphost.com/dc=company,dc=com?uid?sub?(objectClass=< depends_on_ldap >)"



# Bind if required
AuthLDAPBindDN "uid=userid,ou=people,dc=company,dc=com"
AuthLDAPBindPassword "xxxxxx"
AuthLDAPGroupAttribute uniqueMember
AuthLDAPGroupAttributeIsDN on
require ldap-group cn=group_name,dc=company,dc=com
require ldap-attribute cn=group-name-allowed
< /Directory >

* Most of LDAP configs based on your setup

Configure Rack Tables:

Edit the inc/secret.php

Set :

$user_auth_src = 'httpd';
$require_local_account = FALSE;

NOTE: to get the logout working properly make sure the Apache AuthName matches with the one configured for Rack tables authentication.

Referene : http://sourceforge.net/apps/mediawiki/racktables/index.php?title=RackTablesAdminGuide

Reference

./arun

Rsnapshot Lchown

# rsnapshot du localhost
require Lchown
Lchown module not found

Install the Lchown module:

# wget http://www.rsnapshot.org/downloads/extras/Lchown-1.00.tar.gz

# tar xvzf Lchown-1.00.tar.gz

# cd Lchown-1.00

# perl Makefile.PL
Checking if your kit is complete...
Looks good

# make install

# rsnapshot du localhost
require Lchown
Lchown module loaded successfully

You can also try installing the module from Perl CPAN

# perl -MCPAN -e 'install qw(Lchown)'

./arun

My Favourite MAC OS X applications

Text Editor

vi

Text Edit

Smultron: http://www.peterborgapps.com/smultron/

Komodo Edit: http://www.activestate.com/komodo-edit

Voice/Video Calls

Skype : http://skype.com

Google talk (browser plugin): : http://www.google.com/chat/video

G+ hangout

Web Browser

Firefox: http://www.mozilla.com/en-US/firefox/fx/

Chrome: http://www.google.com/chrome

Twitter Client

A Plus: http://www.aplus-app.com/

IM

Adium: http://adium.im/

Office Documents

Libre office: http://www.libreoffice.org/

Video Player

VLC: http://www.videolan.org/vlc/

Miro: http://www.getmiro.com/ ( an excellent stream and bit torrent client as well)

VOIP

Express Talk(free edition) : http://www.nch.com.au/talk/talkmaci.zip

Virtulization

VMware Fusion : http://www.vmware.com/products/fusion/overview.html

Sun Virtual Box (free): http://www.virtualbox.org/

Parellels: http://www.parallels.com/

PDF viewer

Adobe Reader: http://get.adobe.com/reader/

Audio Editing

Audacity: http://audacity.sourceforge.net/

Disk burning

Burn: http://burn-osx.sourceforge.net/

Disk Image backup

Carbon copy cloner: http://www.bombich.com/

VNC client

Chicken of the VNC: http://sourceforge.net/projects/cotvnc/

IPSEC VPN

Cisco Any connect

Subversion

Command line as always

Cornerstone, good if you require an interface: http://www.zennaware.com/cornerstone/index.php

Image Manipulation

GIMP: http://www.gimp.org/

Picasa: http://picasa.google.com/mac/

Xee: http://wakaba.c3.cx/s/apps/xee

Password Management

KeePassX: http://www.keepassx.org/

GPG Key Chain

MAC GPG: http://macgpg.sourceforge.net/

Terminal

iTerm: http://iterm.sourceforge.net/

The default terminal is really nice in Lion

Mail

Thunderbird: http://www.mozillamessaging.com/en-US/thunderbird/

Diagram

OmniGraffle: http://www.omnigroup.com/products/omnigraffle/

Packet Analysis

wireshark: http://www.wireshark.org/

./arun

 

 

 

Install Cpanel on FreeBSD 8.2

- Install FreeBSD with proper network and file system configuration (Ref:  http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/Quick-StartInstallationGuide)

- Install dependency packages:

# pkg_add -r wget

# pkg_add -r perl

# pkg_add -r rsync (required later for ports sync)

# pkg_add -r gmake

To Fix:

creating glibconfig.h
config.status: executing default commands
gmake: not found
child exited with value 127
Died at /usr/local/cpanel/bin/rrdtoolinstall line 109.

# pkg_add -r png // To fix the following error

To Fix : configure: error: requested PNG backend could not be enabled

- Create the following symlinks

# ln -s /usr/local/bin/wget /usr/bin/wget

# ln -s /lib/libcrypt.so.5 /lib/libcrypt.so.2 // To Fix: Shared object "libcrypt.so.2" not found,

# ln -s /lib/libc.so.7 /lib/libc.so.5 // To Fix: Shared object "libc.so.5" not found

ln -s /lib/libm.so.5 /lib/libm.so.3 // To Fix: "libm.so.3" not found

- Install Cpanel

cd /home

wget -N http://httpupdate.cpanel.net/latest

sh latest

- Once installation successful activate the license (make sure the ip is licensed -  http://www.cpanel.net/apps/verify/)  :

#  /usr/local/cpanel/cpkeyclt

- Start Cpanel

- Touch the following file

# touch /etc/rc.d/init.d/function // To fix:  Could not find functions file, your system may be broken

# /etc/init.d/cpanel start

Now you should be able to access Cpanel at https://< yourip >:2087/

Try to upgrade

Exim: /scripts/eximup --force (this will get the free bsd ports as well)
Cpanel : # /scripts/upcp

./arun

 

 

Drupal 7 issue with SQL Mode TRADITIONAL

PDOException: SQLSTATE[42000]: Syntax error or access violation: 1231 Variable 'sql_mode' can't be set to the value of 'TRADITIONAL' in lock_may_be_available() (line 165 of /includes/lock.inc).

This was the case when I installed Drupal 7 with Cpanel/Fantastico, the drupal site was displaying the above error.

This issue is discussed at drupal issues . try to patch it as mentioned in the url.

But for me it works with the following change, just removed the TRADITIONAL mode, not  sure it is the correct way to fix it. You can verify the sql modes at http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html ,  Anyway now there is no errors in drupal site and I am able to login.

(includes/database/mysql/database.inc) Line: 65

New file
<  $this->exec("SET sql_mode='ANSI,ONLY_FULL_GROUP_BY'");
---
Old file
>  $this->exec("SET sql_mode='ANSI,TRADITIONAL'");

Also setting up the sql connection mode to SET SESSION sql_mode = "ANSI,TRADITIONAL"; is an option instead of above change.

./arun

 

 

Install and configure RSA web agent with Redhat EL5 and Apache

Login to RSA interface:

- Create the apache server as agent host with type web agent
- Generate the config file (zip file containing sdconf.rec) from RSA interface, and download to your local machine

Login to the web server

- Download the RSA web agent installation files from RSA website.

# mkdir -p /var/ace

- Copy and extract (sdconf.rec) the downloaded config file
# chmod 755 sdconf.rec

- Create the sdopts.rec file with the ip address of the machine, if you have multiple ip address assigned to the server or if the RSA we agent is a virtual machine. Otherwise the authentication might break with following kind of errors
"100: Access denied. The RSA ACE/Server rejected the Passcode. Please try again." , "attempted to authenticate using authenticator “SecurID_Native”. The user belongs to security domain “SystemDomain”"

# echo "CLIENT_IP=" > sdopts.rec
# chown -R webuser:webuser /var/ace

- Now install the RSA web agent

# tar xvf WebAgent_70_Apache_RHEL5_32_379_08201024.tar
# cd CD/
# chmod u+x install
# ./install

- Enter the location of sdconf.rec

- Configure the apache virtual host

It was found that web agent breaks if apache starts multiple server thread, so would be better to limit the thread.

< IfModule prefork.c >
StartServers 1
MinSpareServers 1
MaxSpareServers 1
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
< /IfModule >

- Now start apache and you will be able to access the RSA web interface.

Once authenticated, the RSA server will create a node secret for the agent host and will be copied automatically to the web server.

This web interface is mainly useful for the token users to reset or enable to token assigned to him.

./arun

Changing RSA passwords

 

Reset SSH Password:
-------------------
Log in to Operations console (Master):

Administration --> Networking --> Configure connectivity using SSH

Do the same procedure on Replica also (if any), it is manual process.

Reset Operations console password:
----------------------------------
Login to the master appliance with SSH

$ sudo -s // sudo as root
# su - rsaadmin // change user to rsaadmin
$ cd /usr/local/RSASecurity/RSAAuthenticationManager/ //navigate to RSA installation path
$ cd utils
$ ./rsautil manage-oc-administrator -a update // Execute

// Enter Super administrators name
// Enter Super administrators password
// Enter operation console user
// Set the new password

Do the same steps on replica
Error: This operation can be performed only on a primary instance.
But the password got changed

Reset Master password:
---------------------
Login to the master appliance with SSH

$ sudo -s // sudo as root
# su - rsaadmin // change user to rsaadmin
$ cd /usr/local/RSASecurity/RSAAuthenticationManager/ //navigate to RSA installation path
$ cd utils
$ ./rsautil manage-secrets --action change --new-password <enter_the_new_password>

Do the same procedure on the replica device.

Reset Security Console Password:
---------------------------------
Login to Security Console

Identity-->Users-->Manage Existing // Search for your admin username in internal datase

Change password for the admin user
This action will be automatically replicated to replica.

./arun

Configure IPv6 squid

Squid 3.1+ support IPv6

- Compile and install 3.1.x version of squid.

# useradd -d /opt/squid squid

# wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.11-20110228.tar.gz

# tar xvzf squid-3.1.11-20110228.tar.gz

# cd squid-3.1.11-20110228; ./configure --prefix=/opt/squid/

# make; make install

# /opt/squid/sbin/squid -z

Configure squid

edit /opt/squid/etc/squid.conf

cache_effective_user squid

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl to_ipv6 dst ipv6
http_access allow to_ipv6 !all
tcp_outgoing_address 2001:: to_ipv6
tcp_outgoing_address 12.34.56.78 !to_ipv6

And add necessary acls to allow access for your network to squid.

Testing:

$ telnet <v6_address> 3128
Trying 2001::...
Connected to 2001::..
Escape character is '^]'.
get http://ipv6.google.com/
HTTP/1.0 200 OK

Check the access.log to make sure

1298965141.719    477 2001:: TCP_MISS/200 25918 GET http://ipv6.google.com/ - DIRECT/2a00:1450:8002::6a text/html

Performance issues with KVM - Redhat

The general performance issue with KVM is due to DISK I/O

- by default the Redhat KVM guest are created with x86_64 architecuture, if you installed 32 bit operating system change this to i686.

<os>
<type arch='i686' machine='rhel5.6.0'>hvm</type>
<boot dev='hd'/>

- Make sure the hypervisor used is correct in the configuration , either qemu or kvm

<domain type='kvm'>

or

<domain type='kvm'>

- Use virtio drivers if the guest is paravirtulized (http://www.ibm.com/developerworks/linux/library/l-virtio/index.html?ca=dgr-lnxw97Viriodth-LX&S_TACT=105AGX59&S_CMP=grlnxw97 ,  http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=/liaat/liaatbpparavirt.htm)

./arun

yum update, IndexError: tuple index out of range

If you happen to get this error while updating server with yum update
--
.
.
.
File "/usr/lib/python2.4/site-packages/M2Crypto/m2urllib2.py", line 82, in https_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
File "/usr/lib/python2.4/httplib.py", line 813, in request
if v[0] != 32 or not self.auto_open:
IndexError: tuple index out of range
--
disable the location aware access from rhn.

Ref:
http://kbase.redhat.com/faq/docs/DOC-16881

./arun

Public key authentication with bluecoat proxy

- Create a key with length maximum 1024 on your machine

$ ssh-keygen -t rsa -b 1024 -f filename

- ssh to the bluecoat proxy


> en
# configure terminal
#(config) ssh-console
#(config ssh-console) inline client-key admin ...
< paste the key after those three dots >
...

./arun