|
|
The script checkperlmodules is used on cPanel servers to manage a set list of perl CPAN modules. These modules are used by cPanel scripts, applications like SpamAssassin and to provide a nice set of modules for perl web developers. During each run of scripts/upcp, checkperlmodules is executed. If any modules were updated on the CPAN mirror, then the local installation will be updated.
There are quite a few problems with this tack, some of which will change in cPanel version 11.34. CPAN moduels have no quality guarantees. They also have poor standards as far as dependency definition and resolution.
When using cPanel on a Debian system it makes sense to use the Perl distribution provided by Debian, especially the CPAN modules. This allows you to benefit from the more stringent standards of Debian and it’s community. Also it allows you to use a newer version of perl then the standard provided by cPanel. Debian currently provides version 5.10.1 while the cPanel Perl installer gives you 5.8.8. How though does one disable the behavior of checkperlmodules?
It’s quite simple actually. The checkperlmodules script builds a list of CPAN modules to check and install. It then refines this list according to a custom black list you can create. This black list is the file /var/cpanel/perl_module_update_exclude. To blacklist a module, add the module name to the file. Each module must be on it’s own line.
Here is the contents of my perl_module_update_exclude:
CDB_File
DB_File
HTTP::Date
Scalar::Util
MIME::Base64
URI
Net::FTP
HTML::Tagset
HTML::Parser
HTML::HeadParser
LWP
Bundle::LWP
DBI
Data::ShowTable
Mysql
DBD::mysql
Bundle::DBD::mysql
Crypt::SSLeay
CPAN::SQLite
Data::Dumper
Digest::MD5
Digest::SHA1
Encode
ExtUtils::Constant
ExtUtils::ParseXS
File::Touch
Filesys::Df
Filesys::Virtual
Filter::Util::Call
Getopt::Long
Getopt::Param::Tiny
Compress::Raw::Zlib
Authen::Libwrap
Net::FTPSSL
Net::SSL
Net::SSLeay
IO::Compress::Gzip
IO::Scalar
IO::Socket::SSL
IO::Stty
IO::Uncompress::Gunzip
Lchown
List::Util
MD5
Net::DNS
Net::OSCAR
Pod::Perldoc
Storable
Sys::Syslog
Term::ReadKey
Term::ReadLine::Perl
Time::HiRes
Tree::MultiNode
Unix::PID
Unix::PID::Tiny
XML::LibXML::Common
XML::LibXML
XML::Parser
XML::SAX
XML::Simple
lib::restrict
YAML::Syck
Crypt::Passwd::XS
Crypt::GPG
Class::Accessor
Class::Accessor::Fast
File::MMagic::XS
Email::Valid
File::ReadBackwards
ExtUtils::MakeMaker
Mail::SRS
Acme::Spork
Archive::Tar
Archive::Tar::Streamed
Archive::Zip
Encode::Guess
MIME::Lite
Business::OnlinePayment::AuthorizeNet
Business::UPS
CGI
Class::Std::Utils
Compress::Bzip2
Compress::Zlib
DBIx::MyParsePP
DBD::SQLite2
Date::Parse
File::Tail
GD::Graph
GD::Text::Align
Memoize
Geo::IPfree
HTML::Parser
HTTP::Daemon::App
IO::Socket::ByteCounter
Image::Size
MIME::Base64
Mail::DomainKeys
Error
NetAddr::IP
Net::DNS::Resolver::Programmable
Mail::SPF
Mail::SPF::Query
Mail::DKIM
IP::Country
Graph::Easy
Graph::Flowchart
Mail::SpamAssassin
URI::Escape
File::Find::Rule::Filesys::Virtual
File::Slurp
Net::DAV::Server
Net::Daemon
Net::Daemon::SSL
Net::LDAP
Net::LDAP::Schema
Net::LDAP::Server
Net::Daemon
Net::Daemon::SSL
Net::LDAP
Net::LDAP::Schema
Net::LDAP::Server
Net::IP::Match::Regexp
OLE::Storage_Lite
GD::Graph
Parse::RecDescent
Quota
SVG::TT::Graph
Safe::Hole
Text::CSV
Spreadsheet::ParseExcel
Spreadsheet::WriteExcel
String::CRC32
SQL::Statement
Set::Crontab
Tie::IxHash
Tie::ShadowHash
Tie::DBI
URI::URL
Bundle::Interchange
version
Encode::Locale
Curses::UI
XML::SAX::Expat
Locales
ExtUtils::Install
Filesys::Statvfs
Devel::PPPort
Linux::Inotify2
With that list in place, you can install those modules via apt and not worry about checkperlmodules. Each time checkperlmodules runs it will skip all the modules you blacklisted.
Is this safe? Well cPanel doesn’t modify those modules. Most of the them are installed directly fro CPAN. cPanel scripts don’t rely on specific versions of the modules. Occassionally cPanel will effect a “holdback” wherein a module is not allowed to update beyond a specific version. This is done to prevent problems in a CPAN module from causing problems on a cPanel & WHM server. As of cPanel & WHM version 11.30 though, all holdbacks were removed.
Note: cPanel & WHM version 11.34 will deliver perl 5.14, a tremendous step up in the perl world.
According to the standard definition, a project must consist of “a sequence of unique, complex, and connected activities that have one goal or purpose and that must be completed by a specific time, within budget, and according to specification.” [epm5e]. The requirement of a budget is what captures my attention. This requires the calculation of some up front cost, which requires one be in an organization that captures or defines many of the costs that go into a project’s budget. For example the cost of the people that will work on the project.
It seems to me (without having completed full rsearch on the matter) the requirement of the budget serves two purposes:
- an indicator of cost
- an indicator of success
These two items are really views of the same thing. The cost is to have an idea before starting the project of the investment required by the project sponsors. The cost also gives you an idea of what needs recuped, when it comes to something that will be offered for sale (e.g. a commercial software product).
As a success indicator, the budget is used to measure how well the project performed (this is not the only measurement, just one), Under, at and over are the success indicators.
Anyway, what has me musing is this: what if the organization does not define, or even care about, the budget? What does that mean for project management?
Within a few days, or weeks, of acquiring an iPad for day-to-day work activities, it became readily apparent that my most used applications are Notes and Omnifocus. Usually when I notice patterns like that in my work flow, the minimalist side of me begins to desire a merging of the functionality (to cut down on process overhead). After searching the app store and trying various things, I believe I have satisified that desire with the application Daily Notes +Todo (http://www.fluidtouch.biz/dailynotes/).
This application gives me the ability to log various things about my work day (e.g. meeting notes, conversation snippets, etc) while at the same time direct access to:
The desire to look like a physical leather bound journal is a pointless distraction in my mind (and somewhat ugly also). But it’s quite easy to ignore.
There are three things I’d like to see as future improvements:
1. Access to iCal from the calendar. A simple sliding tab, similar to the tasks tab, would be nice. A single day view would suffice.
2. Ability to hide the calendar in landscape mode. When using the on-screen keyboard, landscape mode gives the best layout for typing. However the display of the calendar removes valuable screen real estate from the task at hand: typing a journal entry. Hiding the calendar would allow the journal entry more space, resulting in a more pleasing experience and more of the entry viewable.
3. Some kind of desktop equivalent. Ideal would be cross-platform, but at least something on my OS X desktop wherein I can view and modify the journal and tasks would be great.
Wish list items 1 and 2 would move this from a great app to an excellent app; item 3 would move this app into a class unto itself.
Why does mobile safari not come with an NC-17 rating?
There are a number of alternative web browsers available in the Apple app store. All are given a scary NC-17 rating in thr description. If you install one, you must acknowledge that NC-17 content is available via the application.
In comparison, there is no such scary message describing Safari. Nor did I have to click through an NC-17 acknowledgment the first time I ran Safari.
Well my presentation went off OK, although there were only about 20-30 people present. I hope all truly enjoyed the presentation.
To the person that asked “doesn’t the use of an interpreted language make race conditions more difficult to address?” I must apologize as I totally mis-handled that question.
No, an interpreted language doesn’t make race conditions more difficult to address (although the specific language implementation might, which I noted in my talk). The most used interpreted languages, PHP, Perl, Python, go through a cycle like:
Parse Code
Compile to intermediate stage (e.g. byte code)
Interpreter executes the intermediate stage
The last stage is where race conditions occur, but is no different than executing a code written in C, or Assembly, and compiled to a binary. In that case, the final step is replaced with:
Kernel Loader executes the binary
Focusing on interpreted versus non-interpreted misses the point, which is: make your operations as atomic as possible. The second point is: do as much of your operations as the user as possible (meaning not root).
You can download my presentation.
Part of the core design of cPanel is to install and fully manage the web service process. By default this process is Apache as provided by EasyApache. For various reasons1 a server admin may not want to use that installation of Apache, or even use a different web service. In such situations it is advantageous to disable cPanel’s management of the web service.
Disabling Restarts
There are several ways to disable Apache restarts on a cPanel server. We’ll look only at the manual method. This involves touching one of the following files:
- /etc/httpddisable
- /etc/apachedisable
- /etc/httpdisable
If any of those files exist Apache restarts handled by /scripts/restartsrv_httpd will not occur. That script will silently exit. However that script is not the only method cPanel has of restarting Apache. The other ways cPanel & WHM can restart Apache are:
- Executing /usr/local/cpanel/bin/safeapacherestart
- Calling the Cpanel::HttpUtils::ApRestart::safeaprestart2 function
Before cPanel & WHM version 11.28 neither of the above methods will observe the flag files. This means you cannot effectively disable cPanel-managed restarts, at least with an unmodified product.
On my Debian-cPanel server the problem was exacerbated by the behavior of Cpanel::HttpUtils::ApRestart::safeaprestart. This function first looks for a process named httpd in the process table. Debian names the Apache process apache2. Since the function cannot found what it is looking for it switches to force mode. In force mode the function kills anything bound to port 80.
As noted above the good news is this is address in cPanel & WHM version 11.28. For older systems though, you may accomplish this via a patch to Cpanel::HttpUtils::ApRestart::safeaprestart:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
| Index: Cpanel/HttpUtils/ApRestart.pm
===================================================================
--- Cpanel/HttpUtils/ApRestart.pm (revision 49669)
+++ Cpanel/HttpUtils/ApRestart.pm (revision 49672)
@@ -1,6 +1,6 @@
package Cpanel::HttpUtils::ApRestart;
-# cpanel12 - Cpanel/HttpUtils/ApRestart.pm Copyright(c) 2008 cPanel, Inc.
+# cpanel12 - Cpanel/HttpUtils/ApRestart.pm Copyright(c) 2010 cPanel, Inc.
# All rights Reserved.
# copyright@cpanel.net http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited
@@ -28,9 +28,7 @@
}
sub bgsafeaprestart {
- eval {
- Cpanel::ServerTasks::queue_task( 'apache_restart' );
- };
+ eval { Cpanel::ServerTasks::queue_task('apache_restart'); };
if ( $@ ) {
$logger->warn("Could not restart apache: $@");
return 0;
@@ -49,6 +47,11 @@
$force = $args_ref->{'force'};
}
+ if ( -e '/etc/httpddisable' || -e '/etc/apachedisable' || -e '/etc/httpdisable' ) {
+ $logger->info('Apache httpd is disabled, cannot be restarted.');
+ return wantarray ? ( 0, 'Apache httpd is disabled, cannot be restarted.' ) : 0;
+ }
+
local %ENV = %ENV;
Cpanel::Env::cleanenv('http_purge' => 1);
@@ -317,10 +321,7 @@
}
if ( !$restart_status ) {
- $our_restart_message .=
- "\n\nIf apache restart reported success but it failed soon after, it may be caused by oddities with mod_ssl."
- . "\n\nYou should run /scripts/ssl_crt_status as part of your troubleshooting process. Pass it --help for more details."
- . "\n\nAlso be sure to examine apache's variouse log files.";
+ $our_restart_message .= "\n\nIf apache restart reported success but it failed soon after, it may be caused by oddities with mod_ssl." . "\n\nYou should run /scripts/ssl_crt_status as part of your troubleshooting process. Pass it --help for more details." . "\n\nAlso be sure to examine apache's variouse log files.";
}
return ( $restart_status, $our_restart_message );
@@ -348,7 +349,8 @@
if ($main_http_pid && $current_pid_in_file eq $main_http_pid && kill(0,$main_http_pid)) {
@pids = ($main_http_pid);
- } else {
+ }
+ else {
@pids = httpdpids('root');
}
@@ -358,7 +360,8 @@
while ($reading) {
if ($conf_fd) {
last if ( readlink "/proc/$pid/fd/$conf_fd" ne $conffile );
- } else {
+ }
+ else {
$reading = 0;
if ( opendir my $fd_dh, "/proc/$pid/fd" ) {
while ( my $fd = readdir $fd_dh ) { |
With the patch in place, you’ll want to exclude Cpanel::HttpUtils::ApRestart::safeaprestart from updates:
1
| # echo "/usr/local/cpanel/Cpanel/HttpUtils/ApRestart.pm" >> /etc/cpanelsync.exclude |
CAUTION: Once the system is upgraded to cPanel 11.28, or newer, you’ll want to remove the exclusion. Otherwise the server will not receive further updates to this functionality.
Next time we’ll examine modifying the Web service monitoring provided by chkservd
Footnotes
1. Some of these reasons include: running a different Web service, such as nginx; using the Apache install provided by the Operating System vendor; having a specialized monitoring and uptime guarantee service; etc.
2. This function is called by various scripts, notably /scripts/checkerrorlogsafe which is called during upcp. It is also called from within the various cPanel binaries.
This caught me by surprise. Debian does not provide a wheel group. Apparently it’s because the GNU version of su does not work with the normal usage of the wheel group. According to the info page on coreutils:
22.5.1 Why GNU `su’ does not support the `wheel’ group
——————————————————
(This section is by Richard Stallman.)
Sometimes a few of the users try to hold total power over all the
rest. For example, in 1984, a few users at the MIT AI lab decided to
seize power by changing the operator password on the Twenex system and
keeping it secret from everyone else. (I was able to thwart this coup
and give power back to the users by patching the kernel, but I wouldn’t
know how to do that in Unix.)
However, occasionally the rulers do tell someone. Under the usual
`su’ mechanism, once someone learns the root password who sympathizes
with the ordinary users, he or she can tell the rest. The “wheel
group” feature would make this impossible, and thus cement the power of
the rulers.
I’m on the side of the masses, not that of the rulers. If you are
used to supporting the bosses and sysadmins in whatever they do, you
might find this idea strange at first.
cPanel requires the presence of the wheel group for the adminbin system to work. Lack of the wheel group will cause odd errors in some of the cPanel UI. Resolving this is simple:
1
| # addgroup --system wheel |
It appears the path to the rrdtool executable is hard-coded in more than one place. A second location is in /usr/local/cpanel/Cpanel/Bandwidth/RRD.pm. The fix is the same as before:
- Change the rrdtool path to /usr/bin/rrdtool
- Exclude the file from updates:
1
2
| # echo "/usr/local/cpanel/Cpanel/Bandwidth/RRD.pm" >> /etc/cpanelsync.exclude
< |
Due to hardware issues, the migration to the Debian-based cPanel server was expedited.
Welcome to the Debian-based cPanel server.
When starting cpsrvd or using cpanellogd directly the following error will appear:
Died at /usr/local/cpanel/bin/rrdtoolinstall line 75.
No font directories found on the system.
Install an X11 font package (such as xorg-x11-fonts-base or XFree86-base-fonts) and try again.
Since my goal with this installation is to use as many packages from a Debian repository as possible, I didn’t want rrdtoolinstall to build the cPanel provided rrdtool. What I did was the following:
- Enabled the Backports repository
- Installed rrdtool from backports
- Modified /usr/local/cpanel/bin/rrdtoolinstall:
- Changed
to
13
| my $version = '1.4.3'; |
- Excluded rrdtoolinstall from cpanelsync updates:
1
| # echo "/usr/local/cpanel/bin/rrdtoolinstall" >> /etc/cpanelsync.exclude |
Now starting cpsrvd or using cpanellogd results in that error no longer appearing.
|
|
