Why you should consider using the IUS Community Project

From http://iuscommunity.org/

“The IUS Community Project is aimed at providing up to date and regularly maintained RPM packages for the latest upstream versions of PHP, Python, MySQL and other common software specifically for Redhat Enterprise Linux. IUS can be thought of as a better way to upgrade RHEL, when you need to.”

Our Perspective at AppCove


Imagine being able to combine the rock-solid stability of RedHat Enterprise Linux (or Oracle, Centos, Scientific) with the latest versions of popular software packages like PHP, Python, MySQL, mod_wsgi, redis, and others? The IUS Community Project is the answer.

Enterprise Linux is great for the stability, security, and compatibility. But sometimes you need a newer version of an installed package, like Python. At the time of this writing, RedHat is still not providing any standard way to obtain Python 3.2, MySQL 5.5, or PHP 5.4, years after they have been released.

The IUS Community project has provided AppCove, Inc. and all of our clients the perfect mix of stability and functionality. IUS has enabled us to focus on our core competencies (software development) while being confident that the packages we use are as secure and up-to-date as possible.

Our confidence in the IUS team is second to none. AppCove has worked in close conjunction with the IUS team on several occasions, and they have always been impeccably experienced, knowledgeable, and professional.

We highly recommend that any users of RedHat Enterprise Linux, Oracle Enterprise Linux, Scientific Linux, or Centos Linux take a close look at the IUS Community Project for their servers.

How to upgrade ImageMagick on RedHat Enterprise Linux 5

ImageMagick 6.2.8 comes with RHEL5.  This is pretty ancient in terms of being able to do some more advanced manipulations, like -kerning, -distort, etc…

As it turns out, ImageMagick publishes their own RPM for RHEL.  But if you try to just install it directly, you get something like this:

[root@boss ~]# rpm -Uvh http://www.imagemagick.org/download/linux/CentOS/x86_64/ImageMagick-6.7.9-6.x86_64.rpm
Retrieving http://www.imagemagick.org/download/linux/CentOS/x86_64/ImageMagick-6.7.9-6.x86_64.rpm
error: Failed dependencies:
libHalf.so.4()(64bit) is needed by ImageMagick-6.7.9-6.x86_64
libIex.so.4()(64bit) is needed by ImageMagick-6.7.9-6.x86_64
libIlmImf.so.4()(64bit) is needed by ImageMagick-6.7.9-6.x86_64
libImath.so.4()(64bit) is needed by ImageMagick-6.7.9-6.x86_64
libfftw3.so.3()(64bit) is needed by ImageMagick-6.7.9-6.x86_64
libgs.so.8()(64bit) is needed by ImageMagick-6.7.9-6.x86_64
libjasper.so.1()(64bit) is needed by ImageMagick-6.7.9-6.x86_64
liblcms.so.1()(64bit) is needed by ImageMagick-6.7.9-6.x86_64
libltdl.so.3()(64bit) is needed by ImageMagick-6.7.9-6.x86_64
liblzma.so.0()(64bit) is needed by ImageMagick-6.7.9-6.x86_64
librsvg-2.so.2()(64bit) is needed by ImageMagick-6.7.9-6.x86_64
libwmflite-0.2.so.7()(64bit) is needed by ImageMagick-6.7.9-6.x86_64

The answer is – use yum to take care of it:

As root, download the correct RPM from the ImageMagick site.  Then uninstall the system ImageMagick.  Then install this one.


wget http://www.imagemagick.org/download/linux/CentOS/x86_64/ImageMagick-6.7.9-6.x86_64.rpm
yum erase ImageMagick</p><p>yum install --nogpgcheck ImageMagick-6.7.9-6.x86_64.rpm

Note: because the version # is beyond the one shipped with RHEL, it will not be updated automatically.  You will need to monitor ImageMagick for security updates and install them yourself.

Note: this is not recommended — replacing a RHEL package.  But sometimes it is needed.

wget http://www.imagemagick.org/download/linux/CentOS/x86_64/ImageMagick-6.7.9-6.x86_64.rpm
yum erase ImageMagick
yum install --nogpgcheck ImageMagick-6.7.9-6.x86_64.rpm

Essentials of DNS: understand the basics well

DNS stands for “Domain Name Service”.  It is the mechanism in which the internet is able to map a name (eg http://www.sgasoftware.com) to an IP address (eg

This writeup is not designed to be 100% technically accurate.  Rather, it is designed to give a layman understanding of relevant parts of the DNS system.
Much more comprehensive information can be found here: http://en.wikipedia.org/wiki/Domain_Name_System

A bit on IP Addresses and Routing

Packets of data to move to and fro across the internet based entirely on IP Address.  At every “network meeting point” on the internet, there is a router which examines all traffic to find out where it is headed, and then sends it to the next step.  This process is repeated at each “network meeting point” until the traffic arrives at the destination.
There is a popular utility called “Trace Route”, which will demonstrate all of the routers that a packet of data must go through to get from where you are to where it is headed.  In the following example, I ran a traceroute to http://www.google.com.
Notice the first step was a DNS lookup, converting http://www.google.com to
Tracing route to http://www.l.google.com []
over a maximum of 30 hops:
  1    <1 ms    <1 ms    <1 ms   (our office router/gateway))
  2     1 ms    <1 ms    <1 ms     (our cable modem (another router/gateway)
  3    15 ms    13 ms    12 ms
  4     9 ms     9 ms    10 ms  ge-2-20-ur01.blairsville.pa.pitt.comcast.net []
  5    14 ms    10 ms     9 ms  te-9-1-ur01.indiana.pa.pitt.comcast.net []
  6    10 ms    55 ms    30 ms  te-9-3-ur01.punxy.pa.pitt.comcast.net []
  7    12 ms    18 ms    19 ms  te-9-1-ur01.ruralvalley.pa.pitt.comcast.net []
  8    21 ms    63 ms    53 ms  te-6-3-ar01.pittsburgh.pa.pitt.comcast.net []
  9    28 ms    29 ms    27 ms  te-3-1-0-0-cr01.chicago.il.ibone.comcast.net []
 10    25 ms    28 ms    25 ms  pos-1-6-0-0-pe01.350ecermak.il.ibone.comcast.net []
 11    43 ms    44 ms    44 ms  as15169-1.350ecermak.il.ibone.comcast.net []
 12    48 ms    52 ms    58 ms
 13    37 ms    39 ms    39 ms
 14    36 ms    43 ms    41 ms
 15    42 ms    39 ms    39 ms  iad04s01-in-f99.1e100.net []
Trace complete.
In true geek fashion, after 15 hops, our packet reached 1e100.net.  Google was derived from the word Googol, which is a number with 1 and 100 zeros.  Henceforth, 1e100.net stands for something to that effect.

Why does this matter?

It is important to understand that computers are binary, and therefore require input to be ultimately converted to binary.  An IPv4 address is simply 32 bits, but rather than presenting it as 11000000.10101000.00000000.00000001, humans find it more convenient to look at it like  However, that is still a far cry from a human readable name like mail.domain.com.
This is where DNS comes into play.  DNS is a system which allows people to use names, while still providing for computers to use the numbers.  Of the many benefits of DNS, it allows you to move a domain to another IP address while keeping the domain name the same. 

Common Types of DNS Records

DNS records come in several types:
A record
Points to a specific IP address.  “A” stands for “Address”.

This means that appcove.com should resolve to
appcove.com.            70755   IN      A
CNAME record
Points to another record.  “CNAME” stands for “Canonical Name Record”
This means that http://www.appcove.com should resolve to appcove.com and in turn resolve to
http://www.appcove.com.        86400   IN      CNAME   appcove.com.
MX record
Specifies a domain which will handle incoming email for the domain.
This means that mail sent to @appcove.com will be handled by APPCOVE.COM.S9A1.PSMTP.com, and if that does not work, send it to APPCOVE.COM.S9A2.PSMTP.com and so on.  The weight indicates which server should be tried first — the lower the weight, the better.
appcove.com.            86400   IN      MX      40 APPCOVE.COM.S9B2.PSMTP.com.
appcove.com.            86400   IN      MX      10 APPCOVE.COM.S9A1.PSMTP.com.
appcove.com.            86400   IN      MX      20 APPCOVE.COM.S9A2.PSMTP.com.
appcove.com.            86400   IN      MX      30 APPCOVE.COM.S9B1.PSMTP.com.
NS record
Delegates a DNS zone to use the given authoritative name servers.  “NS” stands for “Name Server”.
This means that DNS for appcove.com is to be handled by either ns.rackspace.com or ns2.rackspace.com.
appcove.com.            57957   IN      NS      ns.rackspace.com.
appcove.com.            57957   IN      NS      ns2.rackspace.com.
TXT record
Specifies arbitrary text associated with a name.  “TXT” stands for “Text”
The provides a mechanism for the DNS system to be extended with different bits of text about a domain name.  The following TXT record stores SPF information, used to specify what servers are allowed to send mail on behalf of appcove.com.
appcove.com.            86400   IN      TXT     "v=spf1 include:fogcreek.com include:aspmx.googlemail.com ip4: ip4: ip4:  ~all"

DNS Propagation

DNS is a distributed system.  This means that there are thousands of DNS servers scattered around the globe.  Most internet providers will have their own DNS servers.  Most hosting providers will have their own DNS servers.  Etc…
How do they all stay in sync?  They do and they don’t!
Every DNS entry has a corresponding TTL value associated with it.  TTL means “time to live”.  This value, expressed in seconds, states how long a given DNS entry is valid before it must be refreshed from the “authoritative” DNS server for the given domain.  Typically, the TTL is set to 86,400 seconds, or 1 day.
With a TTL of 1 day, any changes to authoritative DNS records may take up to a full day (or more) to propagate around the internet.  This is worth keeping in mind before you engage in any important DNS changes.
The proper way to change DNS is to first, at least 48 hours prior to the transition period, change the TTL to a very low value (like 5 minutes).  It will still take at least a day for this to fully propagate to all relevant DNS servers.   However, once they are all aware that the TTL is 5 minutes, they will frequently check your authoritative server for updates every 5 minutes or each time a new request comes in for one of your DNS records, whichever is longer.
In other words, DNS servers only look up what they are asked to look up.  Then they retain it for the TTL period, and finally discard it (only to repeat if needed).
Authoritative DNS
Every domain must be registered with a registrar.  Part of this registration information for every domain, is the DNS servers to use as “authoritative dns information” for that domain.   These NS records are transmitted to the root nameserver system. 
Every top level domain (com, net, edu, org, us, gb, br, uk, au, etc…) all have their own authoritative DNS servers.  This information is kept in the world’s root name servers, which are currently:
a.root-servers.net.     117655  IN      A
a.root-servers.net.     196594  IN      AAAA    2001:503:ba3e::2:30
b.root-servers.net.     113829  IN      A
c.root-servers.net.     120655  IN      A
d.root-servers.net.     113757  IN      A
e.root-servers.net.     115554  IN      A
f.root-servers.net.     121256  IN      A
f.root-servers.net.     280321  IN      AAAA    2001:500:2f::f
g.root-servers.net.     113755  IN      A
h.root-servers.net.     116456  IN      A
h.root-servers.net.     206320  IN      AAAA    2001:500:1::803f:235
i.root-servers.net.     115856  IN      A
i.root-servers.net.     337685  IN      AAAA    2001:7fe::53
j.root-servers.net.     119155  IN      A
If you lookup the NS record for com at one of the above root servers, you will be told this:
d.gtld-servers.net.     16131   IN      A
g.gtld-servers.net.     74653   IN      A
f.gtld-servers.net.     111162  IN      A
c.gtld-servers.net.     33590   IN      A
j.gtld-servers.net.     171076  IN      A
a.gtld-servers.net.     2665    IN      A
a.gtld-servers.net.     8352    IN      AAAA    2001:503:a83e::2:30
i.gtld-servers.net.     78083   IN      A
k.gtld-servers.net.     14957   IN      A
b.gtld-servers.net.     127812  IN      A
b.gtld-servers.net.     168301  IN      AAAA    2001:503:231d::2:30
e.gtld-servers.net.     29652   IN      A
h.gtld-servers.net.     47519   IN      A
l.gtld-servers.net.     41990   IN      A
m.gtld-servers.net.     42456   IN      A
If you lookup the NS record for appcove.com at one of the above “com” servers, you will be told this:
appcove.com.            172800  IN      NS      ns2.rackspace.com.
appcove.com.            172800  IN      NS      ns.rackspace.com.
Finally, we have the authoritative DNS servers for appcove.com.  Now, if you lookup the record for http://www.appcove.com at ns.rackspace.com, you will be told this:
http://www.appcove.com.        86400   IN      CNAME   appcove.com.
Finally, if you lookup appcove.com at it’s authoritative server ns.rackspace.com, you will be told this:
appcove.com.            86400   IN      A

How to force-drop a postgresql database by killing off connection processes

Ever need to drop a postgresql database, but it would not let you because there are open connections to it (from a webapp or whatever)?

Quite annoying.  If on a production server, and other databases are being used, restarting postgresql is a last resort, because it generates downtime for your site (even if small).

I finally took the time to scratch around and find the answer.

As a super user, to list all of the open connections to a given database:

select * from pg_stat_activity where datname='YourDatabase';

As a superuser, to drop all of the open connections to a given database:

select pg_terminate_backend(procpid) from pg_stat_activity where datname=’YourDatabase’;

Or for 9.x, change `procpid` to `pid`

select pg_terminate_backend(pid) from pg_stat_activity where datname='YourDatabase';

Here are some references to the functions:



Ubuntu Post-Install tips…

I received this from a friend, and thought I would post it here in case anyone would find it useful.

After Installing Ubuntu, basically I do this:

Go to:
System -> Administration -> Software Sources -> Other Sofware, and enable partner repository.

After that, we can this on a Terminal:

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install ubuntu-restricted-extras
sudo /usr/share/doc/libdvdread4/install-css.sh

PostgreSQL Dump and Restore Notes

The pg_dump and pg_restore commands provide excellent flexibility in storing a compressed dump file, and selectively restoring any part of it.

I’ve found that dropping and re-creating the target database is the cleanest way to restore a dumpfile — no stray relations left to cause trouble.

Unless you own all of the objects being restored, you may need to be SUPERUSER in order to have a successful restore.

The custom dump format is quite useful.  Unlike the normal sequence of SQL statements you may be used to from mysqldump (and pg_dump as well), the –format=custom option will create a compressed archive file (internally a tar file) that can be selectivly read with pg_restore.  That flexibility could come in handy if you *just* need the schema from 1 table, or *just* the data from another table.

pg_dump –format=custom -U jason_super MyDatabase > MyDatabase.pgdump

pg_restore –exit-on-error –clean –dbname=MyDatabase MyDatabase.pgdump

Get all of the SQL
pg_restore TMTManage_2.pgdump | more

Get some of the SQL
pg_restore –schema=ACRM –table=Admin TMTManage_2.pgdump | more

nginx restart error

Was playing around with nginx on Centos 5 (EPEL package).

Most of the time I ran:

service nginx restart

I would get this message in the /var/log/nginx/error.log file:

panic: MUTEX_LOCK (22) [op.c:352].

After some hunting around, it appears to be a known bug in nginx (perhaps perl in nginx?)… Anyway, a simple workaround is to do this:

service nginx stop
service nginx start

Or, simply edit /etc/init.d/nginx, and add the sleep 1 line:

51 restart() {
52     configtest || return $?
53     stop
54     sleep 1
55     start
56 }

Nice workround!