Ian P. Christian's personal blog

I did a presentation on Doctrine at the PHPLondon user meeting last night, here are the slides:

My Doctrine Presentation

In a previous post, Monitoring Xen via SNMP, I documented a method for monitoring xens from dom0. This article shows a few improvements and bug fixes, and allows for monitoring a 'cloud' of domains

I wanted to monitor disk I/O and CPU usage for xen's without running SNMP on each xen domain. I couldn't find anything out of the box to do this (I'm the first do want to do this? surely there's something?!) - so... here's my own way of doing it. It involved hooking a script in to your dom0's snmp server, and then monitoring whatever tool you like. I have a download at the end of the post for cacti.

This article has been updated: Monitoring Xen via SNMP - update

This took me a while to figure out, so I thought I'd quickly document it.

In our PE2850, we have a 'Dell PowerEdge Expandable RAID Controller 4e/Si'. To check the status of the disks, you'll need to fetch megarc from LSI. Download this file onto the server with the RAID card, and also download check_lsi_megaraid. You'll need to slightly modify check_lsi_megaraid , it prints out things like 'RAID OK:' and 'RAID WARNING:', change these to just say 'OK', and 'WARNING', and obviously update the others too. Notice there's no : in my version.

This script takes about 3 seconds to run, and should produce the following output.

# ./check_lsi_megaraid
OK All arrays OK [1 array checked on 1 controller]

I didn't want SNMP to block whlist waiting for this script to run, so I used cron to run it every minute, and throw it's output into a temp file. In /etc/crontab I have this:

    * root   /root/mega/check_lsi_megaraid  > /tmp/raid-status

In snmpd.conf, I then put this:

extend raid-status /bin/cat /tmp/raid-status

Restart your snmpd server, and follow these instructions for configuring nagios.

See also: Monitoring Dell SAS 5iR RAID

First, I'm going to point out that I do love symfony - I'm mostly happy with it, and I'm a active member of the community. I certainly appreciate the effort put in by Fabien and everyone else who's worked on the symfony project - it's a fantastic achievement. However, there's a couple of things which really wind me up, and I'm concerned things aren't going to change.

One thing that's been pointed out several times in the past is that the symfony website is very unreliable. I personally found the hosting so unstable I setup a SVN mirror - and there's been requests for an offical symfony mirror. This request however went unanswered. Does it matter if the symfony site goes down? Personally I think it matters, both for Sensio and for symfony. If Sensio can't keep the symfony site itself running, doesn't that set a bad image for the project? It also sets a really bad image for Sensio themselves - if they can't maintain a site's uptime - would you want to use them for consultancy for your own projects?

My other main concern is the way security is handled. Today I noticed that Ticket #1617 had been closed in SVN logs. This security issue has been open for a year! Also, I reported this issue over 2 years ago. There was no 'official' security advisory made about this - nor other issues that have occurred.

In my opinion, mentioning these security issues just in the revision log, or the blog is not enough. There should be mails to the dev/user list - and a security procedure in place to handle issues. In the past someone has come onto IRC and was concerned that a security issue they reported about bypassing validation using different HTTP verbs via email to Fabien personally was being ignored. I'm sure Fabien is a busy man, but the symfony website needs to have how these things are handled documented. I can't remember the outcome of this issue, and google didn't tell me much - maybe it was a non-issue, but if it wasn't - no security advisory was released.

Other security issues have been discussed, such as the security of _dev.php files, and the default permissions. These issues haven't really been addressed in my opinion - and both are what I would consider critical issues.

I accept that symfony is an open source project, and that we could fix these issues amongst the community - but I feel Sensio have an important role to place in this. Sensio understandably keep a very tight grip on the project, but in doing so they take on certain responsibilities. I would like to see more active discussion of security related issues on the dev list - with more involved responses from Sensio. I'd like to see an announce mailing list where security and release information is published. I'd like to see current security issues highlighted and made VERY clear on the main website.

I'd like a security reporting system documented and clearly linked from the ticketing system, so there's a clear channel to report security concerns, knowing they will be dealt with.

I can never remember how to output to a CSV file from postgres, and end up having to google it time and time again - so I'm making a note of it here mostly for my own use

\f ','
\a
\t
\o /tmp/moocow.csv
SELECT foo,bar FROM whatever;
\o
\q

If a field has newlines, this will break. You can do something like this instead.....

 SELECT foo, bar, '"' || REPLACE(REPLACE(field_with_newilne, '\n', '\\n'), '"', '""') || '"' FROM whatever;

The Dell PERC/5 shows like this under 'lspci'

07:08.0 SCSI storage controller: LSI Logic / Symbios Logic SAS1068 PCI-X Fusion-MPT SAS (rev 01)
        Subsystem: Dell SAS 5/iR Adapter RAID Controller

The status of this RAID card can be read using mpt-status, in Gentoo this package is available as sys-block/mpt-status. Here's an example of the output:

# mpt-status
ioc0 vol_id 0 type IM, 2 phy, 148 GB, state OPTIMAL, flags ENABLED
ioc0 phy 1 scsi_id 32 ATA      WDC WD1600JS-75N 2E04, 149 GB, state ONLINE, flags NONE
ioc0 phy 0 scsi_id 1 ATA      WDC WD1600JS-75N 2E04, 149 GB, state ONLINE, flags NONE

The latest 'check_mpt' script can be found on Nagios Exchange. Download it and put it in your libexec folder, for me on gentoo its '/usr/nagios/libexec/'. Open the file, and make sure the 'use lib' line points to the correct place.

The script uses sudo to run mpt-status, so you'll need to modify your /etc/sudoers - adding a line like this:

%nagios ALL=(ALL) NOPASSWD:/usr/sbin/mpt-status

Next, you need to configure nagios, your filenames might be different from the names I use below.

/etc/nagios/commands.cfg : Note, the -c param refers to the number of disks you expect to be active.

define command{
  command_name  check_mpt
  command_line  $USER1$/check_mpt -c 2
}

/etc/nagios/localhost.cfg

define service{
  use                  local-service
  host_name            localhost
  service_description  mpt - Dell Raid
  check_command        check_mpt
}

Reload nagios, on gentoo, it's /etc/init.d/nagios reload

See also: Monitoring PERC 4e over SNMP with nagios

Nagios can be pretty, and several people I've told this too seemed surprised, so I thought I'd put a quick note here. Here is a nice theme for nagios....

http://new.nagiosexchange.org/cgi-bin/page.cgi?g=Detailed%2F1723.html;d=1

Unfortunately, the underlying UI is still the same horrible interface, but.... this does make a big difference to the aesthetics

I've had a Forerunner 305 for a while now. On the rare occasion I go running, I find it really useful. At first, I thought t would be a great geeky toy that I'd get bored of - I honestly expected it would find its way into a draw and never be used again after the first couple of uses.

However, it's actually a great running accessory, and I advise this kinda hardware to all by the most casual of joggers. It's far too easy to run too fast when you're out running - you can set the forerunner up to beep at you when you go too fast or too slow - obviously you configure these speeds yourself. Recently I ran a half marathon, I did virtually no training for it, and without the forerunner on my wrist making sure I didn't run too fast or too slow, I'm not sure I'd have finished!

A few pointers for people trying to get Dell's PERC 6/i RAID monitoring working under Ubuntu, and any other linux for that matter. It also applies to PERC 5/i too, and... other stuff

First, visit Dells Linux site. Have a poke about, see what's there.

Next, we need to download a tool to get information from your array. Download LSI's MegaRAID CLI tool for linux. It comes as a .RPM, so if you're an ubuntu user, you can convert it to a .deb using alien, or convert it to a .tar.gz.

You then have a CLI tool you can use to get all your data now! For example:

One thing I spent a while figuring out was how to get the rebuild progress, so here's how:

There's also a really useful cheat sheet for common tasks

Don't forget to actually monitor this output with nagios, or your favorite monitoring tool!