Blogger 502 errors

Few minutes ago this same blog, hosted on Blogger started giving 502 Server Error (for more than 15 minutes). I was frustrated and even thought of hosting my blog on one of my servers. I don’t know what caused the issue, but one thing I know this is not the first time and I was not alone; Even http://xooglers.blogspot.com/ was down (giving 502 errors). See http://www.flickr.com/photos/seeminglee/2050618571/in/set-72157603261415176/ for another instance where this issue shot up.

Googling for a cause landed fruitless, my likely guess is blogger servers were overloaded. Hope this doesn’t happen again.

Filter module support for Premium module

There was a need to put a log in link with destination get variable set if the user is not authenticated and trying to view a premium node. The obvious place to put such content is the “Premium body text” in /admin/settings/premium, however one problem was that “Premium body text” can only static html, no filters/format.

I couldn’t quite believe why filter module was not being made use of there, so I went ahead an made the necessary changes to make it possible to select the filter/format to be applied to “Premium body text”. The patch will add a Input format section to the settings form, that filter chosen there will be applied when the “Premium body text” is rendered into a node.

You can see the progress of the patch submitted to drupal.org at http://drupal.org/node/231641. I just hope the patch will make it to the premium module head. The development of the premium module is nearly stagnant :(, that conserns me.

Drupal Atom module spits invalid xml

Drupal Atom module is spitting invalid XML in some cases. It is obvious that all user generated text in XML should be either escaped or appear within CDATA section. However it is not the case with title and subtitle sections. If the site title contains “&”, then the atom/feed will guaranteed to be invalid.

I came across this the hard way, in one of the sites I was maintaining someone decided that they need “&” in the title, then the atom/feed was giving a XML parser error. After little bit of head scratching, I was able to triangulate the buggy piece of code.

You can read the progress of the issue at http://drupal.org/node/229392, you can download the patch from the same.

Hope I saved someone from much head scratching and frustrations.

Hacking TurboGears: Automatically loggin in users

TurboGears
I love the way the Drupal handles account activation and password reset. The user just have to click a link that they receive via e-mail, and they are automatically logged in.

I wanted to do something similar with one of the applications I’m developing right now using TurboGears. I thought I would write a new identity provider, but instead went about hacking TurboGears. I noticed that TurboGears defualt soaprovider can be improved to seperate user authentication and marking a user as authenticated, hence making it reusable.

In my application’s controller I use this newly introduced method to mark the user as authenticated. I thought someone else might hit the same problem, and blogged about it.

You can download the patch from http://www.mohanjith.net/downloads/scripts/python/TurboGears/1.0.4.3/soaprovider.diff, it is created against TurboGears 1.0.4.3.

CAS JDBC Service registry trouble

I had a interesting time trying to figure out why the JA-SIG CAS service registry status was being reset when ever I restarted CAS. After much frustration I figured out the problem was in the schema that hibernate has automatically created.

I’ll explain my setup, I was using MySQL for storing the service registry data via Spring entity manager and Hibernate.

Hibernate was creating BIT(1) for boolean atributes instead of TINYINT(1). Because of this MySQL was not returning anything meaningful for the status. I have now changed the schema, and removed/commented the propery hibernate.hbm2ddl.auto in the enitity manager bean. It seem to work perfectly.

Hope someone in a similar situation will find this information useful.i

CAS Server 3.2 Final released

Today, the CAS development team announced the CAS Server 3.2 release. The release includes a number of enhancements, bug fixes, and new features. This includes updated dependencies (Spring 2.5.1, Log4j, Acegi Security, Spring LDAP, Spring Web Flow) as well as bug fixes in the SPNEGO module and Services Management tool. It also includes enhancements to enable/disable single sign out at the server level.

Finally, it includes a new Hard Timeout Expiration Policy, an updated Spring Configuration mechanism (and modularized Spring configuration files) as well as a utilizing a production-ready auditing/statistics tool/API (Inspektr).

You can download the release from the usual location: http://www.jasig.org/products/cas/downloads/

This is a major release and you should take a look at the major new features (the updated Spring Configuration mechanism and the Inspektr auditing tool) and see how/if it changes your deployment.

Great work Scott Battaglia and the others who contributed.

Duplicity chokes on OSError: [Errno 24] Too many open files

It was little bit too scary. Duplicity backup scripts were failing on the EC2 instances again, this time around it was not about not able to reach S3, but having too many files open. That was weird because it didn’t give such a error in the past. However the work around was to increase the maximum number of file descripters allowed for the user that was running the backup script.

How ever finding this solution was tought, actually it was a FreeBSD forum that had the solution. I though I would just write it down for Linux.

Step 1: Find out the current limit

To find out the current file descripter limit for a given use, log in as the particular user and run the following command.

 $ ulimit -n

By default on Debian it would be 1024.

Step 2: Increase the limit

You would have to edit /etc/security/limits.conf. You will find details on how to setup different limits in limits.conf itself. The record that you have to put in should look like the following.

username hard nofile 2048

Step 3: Log out and Log back in

You would have to log out and log back in as the user that we updated the file descripter limit. Then run the following command.

 $ ulimit -n

You should see the updated file descripter limit.

Hope this helps someone like me in desperation to get the backups in track. I would be doing more investigation as to why there are so many files open. If I find anything interesting I would definitely blog about it. Also for everyone’s reference there is a bug filed at the Savanah bug tracker by someone else who ran into the same issue

Amazon Web Services goes down

Amazon Web Services goes down, takes out some Web 2.0 sites, but not the sites that I was running on EC2. I got a shock when I got a Google alert that had news items about Amazon Web Services are down, I immediately went over to all of the sites I’m responsible for, but all of them were live and kicking. So the next stop was checking my mails, and sure there were mails of the cron job to do the backups failing.

I was using duplicity to backup complete file system of the EC2 instances, I have blogged about my approach in Amazon EC2 with rock solid persistent storage. I had the cron job failing during the S3 downtime, but I was serving all requests without a hitch.

I suspect the sites that went down were using PersistenceFS. Reading there documentation, they assume that S3 is going to be available at all times dispite the 99.99% uptime guarantee. That is a major design flaw. Also it is a utter waste of large storage provided in EC2 during the runtime.

I’m glad to say that despite the S3 downtime all my sites were running. I think the sites that went down reconsider their setup. Also I strongly recommend running redundant EC2 instances for any one planning on hosting sites.

JA-SIG CAS services registry persistence

I was pulling my hair trying to get JA-SIG CAS to work with persistet service registry. By default CAS comes with a in-memory services registry, this is not at all acceptable in production, so I went about following the instructions in http://www.ja-sig.org/wiki/display/CASUM/Configuring under ServicesRegistry and Database Connection. I didn’t pay much attention to “Package your webapp and go for a try”, instead I chose to put in the necessary jars into the lib/ directory manually.

Eventhough I got all the necessary jars in place I was being confronted to a “java.lang.NoClassDefFoundError: org/hibernate/ejb/HibernatePersistence”. I double checked still no avail. I tried Googling, but didn’t lead me to anything very useful.

All the problems went away once I made the changes to the CAS distribution and recompiled. WOW, that was a ride of the life time. It was weird that JDBC authentication handler worked alright by placing the jars in place manually but services registry wouldn’t work the same way.

I guess this post will help someone who runs into the same problem.

Running Drupal behind a reverse proxy

I was supposed to move one of the Drupal sites I’m maintaining behind a Reverse Proxy. The migration was smooth as it could get, but soon throttiling was an issue. All requests were coming from the Proxy server, and Drupal didn’t seem to automagically detect the client IP based on the X-Forwarded-For header.

So I set about investigating what can be done. As I discovered, automagic client IP detection is only available in Drupal 6 (At the time of writing, under development). I went about porting the changes to Drupal 5.x. Porting was as easy as it can be, but it was not working.

Further investigation lead to one of the site configurations; I had enabled Normal Caching in the Drupal site. It was not acceptable to switch off caching, so I went about debugging this code to make it work with caching enabled. Finally I was able to fix the issue, it was trivial but it was not easy to debug. The fix involved removing cached IP address for every request such that the correct IP will be detected. See my patch in drupal.org at http://drupal.org/node/219825.

Hope this helps someone.