There is a new (0.2.7) version of Astrails-Safe.

New features since 0.2.5:

• default options for gpg now include '--no-use-agent'
• support for 'command' option for gpg
• quote values in mysql password file
• add 'lib' to $:
• [EXPERIMENTAL] Rackspace Cloud Files support

Read the rest of this entry

Just released a new 0.2.5 version of astrails-safe.

“astrails-safe” is our very simple to use backup script for mysql, postgres, filesystem, and subversion. It can store your backups locally, on Amazon s3 or on a remote SFTP server. Optional GnuPG enctyption completes the picture.

Changes in this version

Thanks to Fedor Kocherga for spotting that astrails-safe would happily overwrite existing config settings if you used same configuration keyword more then once. For example if you used 2 exclude lines in your backup config the 2nd one would overwrite the 1st. Fedor’s fix was merged and now astrails-safe will either merge the configs for files, exclude, and skip_tables keywords and will stop with an error for the rest of the keywords.

New version is available in source form on GitHub and as a ready to install gem on Gemcutter.

Since Github stopped to build gems we are moving to the gemcutter.

Changes in 0.2.4 since 0.2.2:

• fixed couple of README errors (thanks Bobby Wilson)
• changed name from ‘safe’ to ‘astrails-safe’ due to the move to gemcutter
• added missing net-sftp dependency to the gemspec.
• fixed bug where it would crash in a dry-run since local storage didn’t update some internal variables.

To install the latest version:

gem install astrails-safe --source http://gemcutter.org

Damn, I just found this unpublished article in the blog admin…

How come it evaded my attention for 3 months??!!

Anyway, releasing it now thought this is all quite old news, going to announce 0.2.4 in a moment :)

There is a new 0.2.2 version of astrails-safe on github.

If you don’t know it yet astrails-safe is an easy to use backup solution for Unix like operating systems. It supports filesystem, mysql, postgresql, subversion backups to local filesytem, Amazon S3 and remote SFTP.

Read the rest of this entry

I just did something pretty stupid. I edited /etc/sudoers file directly from within my non-root user account.

I did

sudo vim /etc/sudoers

and added the following to it:

Cmnd_Alias GEM_INSTALL = /usr/bin/gem install *
Cmnd_Alias GEM_UNINSTALL = /usr/bin/gem uninstall *
vitaly ALL=NOPASSWD GEM_INSTALL
vitaly ALL=NOPASSWD GEM_UNINSTALL

The intention was to grant myself permissions to install gems w/o entering password. I know its insecure, but this is security-vs-convinience kind of thing and I only intended to leave it there for a couple of hours while I do some heavy gem development.

Anyway, experienced unix users might have spotted the syntax error in my sudoers edits. I forgot the “:” just after the NOPASSWD. But the problem is even more basic then that. I shouldn’t have beed editing the file directly. I should have known better. And now I’m paying the price:

$ sudo
>>> sudoers file: syntax error, line 36 <<<
>>> sudoers file: syntax error, line 37 <<<
sudo: parse error in /private/etc/sudoers near line 36

$ sudo vim /etc/sudoers
>>> sudoers file: syntax error, line 36 <<<
>>> sudoers file: syntax error, line 37 <<<
sudo: parse error in /private/etc/sudoers near line 36

OOPS!

Now the sudoers file is broken and I can’t even fix it since I was using sudo to edit it! Never do that! :) Use the visudo command. it will check the file syntax before ‘commiting’ it.

Now what?

I looked at the net and the general consensus is that you need to boot into a single-user mode to fix it. I really really didn’t want to do it. I have 4G of RAM and so I’m usually running dozens of programs and its a pain to close and reopen them all after boot. I’m lazy :)

Then I thought there might be a better way.

First I checked the permissions on the sudoers file:

$ ls -l /etc/sudoers 
-r--r-----+ 1 root  wheel  1302 Sep 28 17:20 /etc/sudoers

and only ‘root’ is in the group wheel, so no luck here.

I also couldn’t ‘su root’ since my root user doesn’t have a password. duh!

But then it appeared to me that I might be able to circumvent this protection by leveraging my OS X ‘admin’ status. After all it ought to count for something :).

I opened “/etc” folder in finder (“Go” -> “Go to Folder…”), then opened sudoers file properties. Opening the lock there doesn’t require to be a root. Its enough to be an Admin and my Admin user does have a password! So I was easily able to grant myself permission to edit the file:

after that I just edited the file with vim again to comment the edits

vim /etc/sudoers

Then I did what I was supposed to do from the beginning, I used the ‘visudo’ at last:

sudo visudo

Last thing was to restore original permissions on the file in finder.

DONE

It looks like our astrails-safe gem is quite popular :). People started to contribute new features:

• Mark Mansour contributed PostgreSQL backup support
• Richard Luther contributed Subversion repository dump support

I just released new version 0.1.8 on the github.

In addition to postgre/svn support this release also includes a long overdue test suite.

Read the rest of this entry

Everyone needs a backup, right? Unfortunately almost no one does though. Why?!

We needed something for ourselves and our customers. Something simple, free, configure-and-forget. Most of the time there is no need for something fancy, a simple tar + mysqldump can do the job for many small/medium sites.

Read the rest of this entry

Thanks a lot to Amit Hurvitz for providing a file of Virtual Disk Image (VDI) of VirtualBox, containing an up and running JRuby on Rails on Glassfish with Mysql. Image also contains some examples (actually solutions to the code camp exercises), all running on top of an OpenSolaris guest OS (can be run on many host systems).

Grab the image ~1.5GB archive.

Grab the exercises ~9.7MB archive.

We recently moved our DNS to dnsmadeeasy.com from godaddy.com name servers.

After the transfer some internal CNAME records had a problem. So after fixing the problem and checking in the terminal that the changes propagated to the DNS server (host xxx.astrails.com) I tried to type the address in the browser, but it kept giving me the “can’t find host” error.

The solution was to flush OSX built in DNS cache (apparently the ‘host’ utility bypasses it, and browsers do not).

Fortunately it is very easy to do:

• On Leopard: dscacheutil -flushcache
• On Tiger (didn’t check it, no tigers here :): lookupd -flushcache

Nice idea and implementation of a schema-less data store on top of MySQL .

Recently we looked for video transcoding/hosting solution to use in one of our client’s projects.

The best thing we’ve found is Panda. It runs on Amazon stack of services including ec2, s3, and simpledb.

Using amazon has many advantages. no contracts, pay as you go, easy and fast scaling in case your site explodes :)

Unfortunately the image that is refered in the Getting Started (ami-05d7336c) is not safe for production – it has openssh version with a serious security bug, but don’t worry, we will explain how to fix it.

Read the rest of this entry

This blog-post is mostly targeted at non-Rails developers. Rails devs should know all this by heart :) Many times we need to explain to our customers what is ‘proper deployment’ and why their current one sucks :) Now we’ll be able to just point them to this post…

Proper deployment is almost not found anywhere. At least anywhere we looked. Very few places really ‘get’ it and assign enough importance to it. Some project owners just don’t know how it is supposed to be, so they accept their developer’s practice of ftp sync to production server :)

If you are a developer, make sure you implement it all.

If you have a project developed for you, then this is a checklist that you can bring to your developers/consultants and require ‘yes’ to every single one.

If your deployment procedure misses any of the qualities listed below, you are asking for trouble.

Production deployment must be:

Read the rest of this entry

In the process of installing Mephisto I’ve got a problem with image_science gem. It installed OK but when trying to require it the was a problem with RubyInline compilation:

astrails@alpha:~$ irb
irb(main):001:0> astrails@alpha:~$ irb -rrubygems -rimage_science
/home/astrails/.ruby_inline/Inline_ImageScience_aa58.c:3:23:
error: FreeImage.h: No such file or directory
...
CompilationError: error executing gcc -shared   -fPIC -Wall -g -fno-strict-aliasing -O2  -fPIC -I /usr/lib/ruby/1.8/x86_64-   linux -I /usr/include -o "/home/astrails/.ruby_inline/Inline_ImageScience_aa58.so" "/home/astrails/.ruby_inline/Inline_ImageScience_aa58.c" -lfreeimage -lstdc++: 256
...

is a ruby gem that allows you to write inline C code in your ruby source files and it will be compiled and linked-in when it is first used. This requires gcc and all build dependencies to be installed on the computer running it (which kind of sucks if you want to use it on an embedded device, but thats for another post)

Anyway, in this case FreeImage.h was missing which is part of FreeImage project.

Let get it back.

Read the rest of this entry

We really like Debian and we usually use the current “stable” distribution for our production servers. It all works great with one little problem: if you need very current soft it is probably not in the ‘stable’ yet.

The current Debian stable (“etch”) includes rubygems 0.9.0-5 which is way too old. We needed to upgrade to at least 1.2.

There are several ways you can try to solve such a problem. For example there are backports of selected packages from testing/unstable. Or you can compile sources yourself, which is less trivial but will help when binary backport is not available.

We are going to download sources for the newer package that is in the unstable (“sid”) distribution and compile them on the stable distribution. The procedure is simple:

Read the rest of this entry