Archive

Archive for the ‘Techie’ Category

MySQL and MariaDB innodb_file_per_table

For those of you pushing your MySQL instances to higher levels, you’ll have realized at some point that all InnoDB tables share their indexing space into a single file (ibdata1, usually).

This has several very bad outcomes:

  • the ibdata1 file becomes huge after some time (we’ve seen it pass the 8GB bar)
  • starting the MySQL server takes longer
  • deleting an InnoDB table *doesn’t* reduce the space used by ibdata1
  • you have to shutdown your server, remove ibdata1 completely, then restart the server in order to reinitialize the ibdata1 file to a 0-size file (but this is, of course, difficult or dangerous to do in a high-availability context)

I just found there was a setting called “innodb_file_per_table” since MySQL 5.1 at least:
http://dev.mysql.com/doc/refman/5.5/en/innodb-parameters.html#sysvar_innodb_file_per_table

There is an explanation on what the advantages and disadvantages of the method are (but as you might have guessed, the main disadvantage of using separate files is that you have more files, taking a little more time to do I/O operations when you scan them all – and of course retro-compatibility with previous versions of MySQL)
http://dev.mysql.com/doc/refman/5.1/en/innodb-multiple-tablespaces.html

This seems to be available in MariaDB as well.

Advertisements

Using php5-memcached to store sessions on distributed servers

This article is an extension of the previous article about storing sessions in Memcached with PHP.

Using Memcached for sessions storage is generally a matter of speed (storing them in memory is faster than on disk) and of scalability (using a Memcached server allows you to have several web servers serving the same PHP application in a seamless way).

In the previous article, we mentioned (3 years ago) that the php5-memcached extension did not seem to manage the storage of sessions quite well, or at least that the configuration of such setup was not well documented. This time, we’ve been able to do it with php5-memcached. This time also, we’re talking about distributing Memcached on several servers. Typically, in a cloud environment with several web servers and no dedicated memcached server, or a need for some kind of fail-over solution for the memcached server. We’re setting this up on 3 Ubuntu 14.04 servers in 64bit that act as load-balanced web servers behind a load balancer managed by Nginx. If you use another distribution or operating system, you might need to adapt the commands we’re showing here.

Installing Memcached + PHP

So the few commands you need to launch first are to install the required software, on the 3 web servers (you can either do that on one of them then replicate the image if you are using Cloud instances, or you can install simultaneously on your 3 web servers using ClusterSSH, for example, with the cssh server1 server2 server3 command) :

sudo apt-get install memcached php5-memcached
sudo service apache2 restart

The second command is to make sure Apache understands the php5-memcached extension is there.

In order to enable the connection to Memcached from the different load-balanced servers, we need to change the Memcached configuration to listen on the external IP address. Check the IP address with /sbin/ifconfig. The Memcached configuration file is located in /etc/memcached.conf. Locate the “-l” option and change “127.0.0.1” for your external IP, then save and close the file. Note that this might introduce a security flaw, where you are possibly opening the connection to your Memcached server to the outside world. You can prevent that using a firewall (iptables is a big classic, available on Ubuntu)

Next, restart the Memcached daemon:

sudo service memcached restart

Now you have a Memcached server running on each of your web servers, accessible from the other web servers. To test this, connect to any of your web servers and try a telnet connection on the default Memcached port: 11211, like so:

user@server1$ telnet ip-server2 11211

To get out of there, just type “quit” and Enter.

OK, so now we have 3 Memcached servers, we only need to wrap up configuring PHP to use these Memcached servers to store sessions.

Configuring PHP to use Memcached as session storage

This is done by editing your Apache VirtualHost files (on each web server) and adding (before the closing </VirtualHost> tag) the following PHP settings:

 php_admin_value session.save_handler memcached
 php_admin_value session.save_path "ip-server1:11211,ip-server2:11211,ip-server3:11211"

Now reload your web server:

 sudo service apache2 reload

You should now be able to connect to your web application using the distributed Memcached server as a session storage (you usually don’t need to change anything in your application itself, but some might exceptionally define their own session storage policy).

The dangers of using a distributed Memcached server

Apart from the possible open access to your Memcached server previously mentioned, which is particularly security-related, you have to take another danger, mostly high-availability related, into account.

When using a distributed Memcached server configuration, it is important to understand that it works as sharded spaces configuration. That is, it doesn’t store the same sessions over on the various available Memcached server. It only stores each single session in one single server. The decision of where it will store the session is out of the context of this article, but it means that, if you have 300 users with active sessions on your system at any one time, and one of your web servers goes down, you still have 2 web servers and 2 Memcached servers, but ultimately around 100 users will loose their session (that was stored on the web server that went down).

Worst: the PHP configuration will not understand this, and still try to send sessions to the server that was considered to hold these 100 sessions, making it impossible for the users to login again until the corresponding Memcached server is back up (unless you change the configuration in your PHP configuration).

This is why you have to consider 2 things, and why this article is just one step in the right direction:

  • you should configure the Memcached servers from inside your application for the sessions management (as such, you should have a save_handler defined inside it and check for the availability of each server *before* you store the session in it)
  • if your sessions are critical, you should always have some kind of data persistence mechanism, whereby (for example), you store the session in the database once every ten times it is modified

We hope this was of some use to you in understanding how to use Memcached for sessions storage in PHP. Please don’t hesitate to leave questions or comments below.

Using Chamilo juju charm to setup a dev environment on Digital Ocean

June 23, 2014 8 comments

If you’re in a hurry/on speed, know this:

  • this procedure is slightly more difficult (so longer) than installing the charm on Amazon
  • you can skip directly to “Installing Juju”
  • if you already have juju installed, you can skip to the last 2 lines of the “Installing juju” section
  • if you already have juju-docean installed and configured, you can skip directly to “Provisioning VMs”
  • otherwise, just continue reading, it’s worth a few minutes…

This tutorial regroups a lot of advanced notions, so if you want to know more about one of the following elements, please follow these links:

Before anything else, please note that the following is highly experimental. There are still a series of issues that should be worked out in order to make this process failproof.

Basic setup

Before we start using commands and stuff, you’ll have to note the following:

  • We are using a Chamilo Charm developed by José Antonio Rey (kudos to him) as a voluntary contribution to the project
  • Charms are configurations to install applications (and stuff) inside the Juju framework
  • The Juju framework is developed by the Ubuntu team, so we’re using an Ubuntu (14.04) desktop (or in this case laptop) to launch all the following
  • Digital Ocean is one cloud hosting provider, which is particularly cheap and good for development purposes. The “default” environment for Juju is Amazon, so we’ll have a few additional steps because of this choice. The Digital Ocean plugin to Juju is developed by geekmush on Github, and as far as I know he is not related to either Ubuntu nor Digital Ocean, so he is also worth praising for his contribution
  • Chamilo requires a web server and a database server. In this Charm, it is assumed that we want both of these on separate virtual machines, so you will need two of them (unless you change the parameters a little)
  • Juju is written in Go but relies on several Python libraries. As such, you’ll have to have python installed on your system and maybe Juju will shout because it is missing a few dependencies. Notably, I installed python3-yaml to avoid a few warnings (it is required for the following, although the installer for Juju says it’s optional)

Installing Juju

On a default Ubuntu desktop installation, you’ll have to install Juju first. Because we are going to use Juju connected to Digital Ocean, we need a recent version of Juju, so let’s add it the unconventional way (with the ppa), launching the following on the command line:

sudo add-apt-repository ppa:juju/devel
sudo apt-get update && apt-get install juju
juju version

For some reason, in my case, this created my home directory’s .juju/ folder with root permissions, which then prevented me to reconfigure my environment (requirement for the Digital Ocean Juju plugin), so I changed permissions (my user is “ywarnier”, so change that to your user):

sudo chown -R ywarnier:ywarnier .juju

Then we need to install the juju-docean plugin:

sudo apt-get install python3-yaml
sudo pip install -U juju-docean

Setting up Digital Ocean access

Now we need to configure our Digital Ocean (D.O.) API so the system will be able to call D.O. in our place and create instances (and stuff).

You first need to grab your API key, client ID and SSH key ID from the Digital Ocean interface. You can do that from the Digital Ocean API page. Obviously, you need a Digital Ocean account to do this and a few bucks of credit (although you can get $10 free credit from several places). If your API key says “Hidden”, that’s because you must have it stored somewhere already (for other services?). If you don’t, you’ll have to re-generate one. Your SSH key ID is the name you gave to the SSH key you use from your computer to connect to your new instances. If you don’t have it, that’s probably because you haven’t configured any. Please do in the “SSH Keys” menu item on the left side of your D.O. panel.

 export DO_CLIENT_ID=aseriesof21alphanumericalcharacters
 export DO_SSH_KEY="user@computer"
 export DO_API_KEY=aseriesof32characters

Setting up the Digital Ocean Juju environment

Now we need a bit of manual config to be able to use Digital Ocean (last bit, promised). Edit the ~/.juju/environments.yaml file and paste the following:

environments:
 digitalocean:
 type: manual
 bootstrap-host: null
 bootstrap-user: root

Just a note: the “type: manual” line implies it is a bit more complicated than on amazon later on, and we will have to launch a few more commands to provision new machines *before* we deploy Chamilo.

Generating the Juju environment

Now we’re going to create our Juju controller. The Juju controller can be an independent Virtual Machine (VM), or it can be the same as the one on which you will deploy Chamilo. It all depends on your budget and your requirements.

juju docean bootstrap --constraints="mem=1g, region=nyc1"
  2014/06/22 11:50.24:INFO Launching bootstrap host
  2014/06/22 11:51.29:INFO Bootstrapping environmen

Note that we took a decision to use a 1GB (RAM) VM here (mem=1g), in a datacenter in New York (region=nyc1). For the record, I tried creating them in nyc2, which is also a valid D.O. datacenter, but it failed miserably (sometimes not creating the VM, sometimes creating it without IP, sometimes creating it fully, but in the end never returning with a proper success response for my environment to be created), so sticking to nyc1 is probably a reasonable time-saver.

Provisioning VMs

To be able to deploy Chamilo, we’ll use two VMs: one for the web server and one for the database

juju docean add-machine -n 2 --constraints="mem=1g, region=nyc1"
2014/06/22 12:44.59:INFO Launching 2 instances
2014/06/22 12:46.42:INFO Registered id:1908893 name:digitalocean-8d14c9bc671555ff872d8d6731f84d68 ip:198.199.82.172 as juju machine
2014/06/22 12:49.08:INFO Registered id:1908894 name:digitalocean-a9ba29cfe55549f58e5f7e365199c5ed ip:208.68.39.19 as juju machine

Now, the “-n 2” above allows you to create these 2 instances, but you could also launch 2 different instances of different properties, doing it one by one. In our case, I suggest you use version Trusty of Ubuntu for the MySQL machine, to avoid a little bug in the Precise version of the charm:

juju docean add-machine --constraints="mem=2g, region=nyc1"
juju docean add-machine --series=trusty --constraints="mem=1g, region=nyc1"

The important thing here being that you can later identify the machine itself by a simple ID, using juju status:

juju status
environment: digitalocean
machines:
 "0":
  agent-state: started
  agent-version: 1.19.3
  dns-name: 192.241.142.154
  instance-id: 'manual:'
  series: precise
  hardware: arch=amd64 cpu-cores=1 mem=994M
  state-server-member-status: has-vote
 "1":
  agent-state: started
  agent-version: 1.19.3
  dns-name: 198.199.82.172
  instance-id: manual:198.199.82.172
  series: precise
  hardware: arch=amd64 cpu-cores=1 mem=994M
 "2":
  agent-state: started
  agent-version: 1.19.3
  dns-name: 208.68.39.19
  instance-id: manual:208.68.39.19
  series: trusty
  hardware: arch=amd64 cpu-cores=1 mem=994M

If you made a mistake at some point or just wanna try things out, you can destroy these instances with

juju docean terminate-machine 1

where “1” is the ID of the machine, as shown above before each of them.

Deploying Chamilo

Now we’ve got our machines, we just need to deploy the Chamilo Charm and the MySQL Charm (you need MySQL to run Chamilo):

juju deploy cs:~jose/chamilo --to 1
juju deploy mysql --to 2

Please note that the “–to n” option is to specify on which machine you want to deploy the selected service.

Now, we need to configure Chamilo a little. We’re going to give it a domain name (you’ll have to redirect this domain name to the IP of the first machine – the one with the Chamilo service – in order to use it when ready) and a password for the “admin” user (the user created by default):

juju set chamilo domain=test.chamilo.net pass=blabla

Now we still need to tell Juju to link the Chamilo service with the MySQL service:

juju add-relation chamilo mysql

And finally, apply all the above and expose the chamilo service to the public:

juju expose chamilo

If something goes wrong with a service, you can always remove it with:

juju destroy-service chamilo

You can replace “chamilo” by the service with which you are having the issue, of course. If that doesn’t work out, you can always remove (terminate) the machine itself (see above).

Useful tricks

You can connect at any time to any of your virtual machines through the command

juju ssh chamilo/0

where “chamilo/0” is the name appearing below “units” in your services.

You can check the status of all your instances with

juju status

Note that, sometimes, you might end up with dozens or hundreds of instances. In this case, it won’t be as practical to show the status of all instances (I have no solution for that now, but I’m sure there is a way to filter the results of a juju status).

You can launch a command on the virtual machines’ command line like this:

juju run --service chamilo "tail /var/log/juju/unit-chamilo-0.log"

This way, you are actually executing the command remotely and getting the results locally.

You can also see the error log locally, connecting in SSH (first) and then launching:

 tail /var/log/juju/unit-chamilo-0.log

Obviously, that gives you a little more flexibility.

Notes about unexpected errors

One of the “silent” things is that Juju considers the default machine to be Ubuntu Precise. In the case of MySQL, the default Charm is configured for Trusty. This means that if you want to install this package, you need to install a virtual machine in Trusty. Otherwise, you might get some other issues. In my case, the Precise Charm didn’t really work (missing yaml), so I decided to go for Trusty.

You can choose the distribution of your machine with –series=trusty, for example:

juju docean add-machine --series=trusty --constraints="mem=2g, region=nyc1"

We tested the chamilo charm relatively extensively.

Unmounting the whole thing

If this was just a test, and you’re happy, maybe you want to remove everything. If so, the quickest way to do that is to launch a destroy-environment command, but you will first need to destroy each machine and, before that, each services that :

juju destroy service chamilo mysql
juju destroy machine 1 2
juju destroy-environment digitalocean

This should reasonnably quickly remove the whole setup.

You should still check your Digital Ocean’s dashboard, though, as apparently it doesn’t always delete the nodes you created with Juju…

Quick commands list for the impatient

Assuming you’re running Ubuntu 14.04 and that you know which values to change in the commands below:

sudo add-apt-repository ppa:juju/devel
sudo apt-get update && apt-get install juju
sudo chmod -R 0700 .juju
sudo apt-get install python3-yaml
sudo pip install -U juju-docean
export DO_CLIENT_ID=aseriesof21alphanumericalcharacters 
export DO_SSH_KEY="user@computer" 
export DO_API_KEY=aseriesof32characters
juju docean bootstrap --constraints="mem=1g, region=nyc1"
juju docean add-machine --constraints="mem=2g, region=nyc1"
juju docean add-machine --series=trusty --constraints="mem=1g, region=nyc1"
juju deploy cs:~jose/chamilo --to 1
juju deploy mysql --to 2
juju set chamilo domain=test.chamilo.net pass=blabla
juju add-relation chamilo mysql
juju expose chamilo

And connect your browser to test.chamilo.net (that you must have redirected to the corresponding IP first) and login with admin/blabla.


								

Howto: Configuring session expiry time in Chamilo 1.9

We seldom receive a request from users of Chamilo LMS saying their sessions are cut in the middle of their activity. And sure, it might so happen that you are in the middle of the redaction of a very large answer to an open question, or diserting on how the course is going to help you in the forum. And we get that it’s super-frustrating to click “submit” and then get an error page. We do, really.

Now on our side of the fence, we have to cover a series of non-trivial issues…

If you leave a session open for too long, another user might hack your session and get inside the system in your place (unless you use an unflawed SSL certificate to protect your communication).This is generally OK if you are a student, but what if you are an administrator or if you are viewing super-confidential learning content?

Another issue you might have is leaving a public computer without closing your session, and have someone else “follow you” and use your session. This leads to the same problem as above. Finally, not cleaning the sessions from time to time inevitably leads to thousands (or rather hundreds of thousands) of sessions being handled by the server, which inevitably leads to a slow server.

So in the best interest of all, it is important to have a balanced session time. We generally consider that 2 hours is a reasonnable total time. If you’ve been inactive for two hours, then it’s reasonable to get disconnected when you come back. ’cause honestly, you weren’t really studying, were you?

But even with that, we still got complaints from the users, so we decided to put it at 100 hours. OK, so that’s 4 days and 4 hours. Enough, right? That’s the default setting in Chamilo, and you can find it in your main/inc/conf/configuration.php on the line that says:

// Session lifetime
$_configuration['session_lifetime'] = 360000;

That’s the value that comes with a default installation of Chamilo 1.9.*.

Now, even if you have that, and depending on your PHP settings for session handling, you might still need to change two settings, but these are out of Chamilo’s control, directly into PHP’s configuration:

session.gc_maxlifetime = 1440

This is the number of seconds after which the garbage collector (a vacuum cleaner, kind of) of PHP considers that session files, on the server, if left untouched, will be erased, and

session.cookie_lifetime = 0

which defines the time (in seconds) that the cookie will ask to the browser to be stored for. If 0, it means that it will stay there until the browser is closed. If anything more than 0, it will stay there for that number of seconds.

Now… the funny thing here (which makes it even harder to track) is that if you use the default session handler of PHP, called “file”, the time used for the garbage collector to erase the sessions files is *not* the last time the session was accessed, but rather the last time the session was *modified*. This means that, if you have some AJAX block refreshing every 30 seconds or so, this will *not* maintain the session active, unless this AJAX refresh actually modifies something to be stored in the session.

So there are many factors to take into account. Our preferred/recommended setup?

$_configuration['session_lifetime'] = 10800; // 3h

Then, in your PHP config:

session.gc_maxlifetime = 10800
session.cookie_lifetime = 0

But now you know how it works, you can tune it as well.

Kudos to Gumbo on Stackoverflow for the missing bits: http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes

Categories: Chamilo, English, Techie Tags: , , ,

How to not write a condition for code readability

Sometimes you find a perl in some code and it might take you a while to understand.

In the sessions management code of Chamilo, I found this the other day, then decided to leave it for later because I was in a hurry. Then today, I found it again, and again… it took me about 10 minutes to make sure of how the code was wrong and how to make it right.

 if ( $session->has('starttime') && $session->is_valid()) {
   $session->destroy();
 } else {
   $session->write('starttime', time());
 }

To give you the context, we want to know whether we should destroy the session because its time is expired, or whether to extend the period of time for which it is valid (because it is still active now, and we just refreshed a page, which lead us to this piece of code).

OK, so as you can see, we check if the session has a value called “starttime”. If it hasn’t we pass to the “else” statement and define one, starting from now.

If, however, the session has a start time, we check whether it… “is valid” (that’s what the function’s called by, right?) and, if it is… we destroy the session.

Uh… what?

Yeah… if it is valid, we destroy it (DIE SESSION, DIE!)

OK, so something’s wrong here. Let’s check that “is_valid()” method (there was documentation, but it was wrong as well, so let’s avoid more confusion)

  public function is_valid()
  {
    return !$this->is_stalled();
  }
  function is_stalled()
  {
    return $this->end_time() >= time();
  }

OK, so as you can see, is_valid() is the boolean opposite of is_stalled(). “Is stalled”, in my understanding of English (and I checked a dictionnary, just to make sure) means “blocked” (in some way or another). Now it doesn’t really apply to something that is either “valid” or “expired”, either. And this is part of the problem.

The is_stalled() method, here, checks if the end_time for the session is greater than the current time. Obviously, we’ll agree (between you and me) that if the expiration time is greater (further in the future) than the current time, this means that we still have time before it expires, right?

Which means that, if the condition in is_stalled() is matched, we are actually *not* stalled at all. We are good to go.

So I believe the issue here was the developer either confusing the word “stalled” for something else or, as it doesn’t really apply to “expired” or “not expired”, that he simply badly picked the word describing the state.

In any case, now that we’ve reviewed these few lines of code, I’m sure you’ll agree it would be much clearer this way:

 /* caller code */
 if ( $session->has('starttime') && $session->is_expired()) {
   $session->destroy();
 } else {
   $session->write('starttime', time());
 }
 /* called method */
 public function is_expired()
 {
   return $this->end_time() < time();
 }

Conclusion: always choose your functions naming carefully. Others *need* to be able to understand your code in order to extend it.

Intercontinental fiber channel cables

Ever wondered where internet (and general telecommunications) cables were laid out in the ocean?
This map, available on Level3 website, could help you out.

Map of fiber cables worldwide

This could help you out understanding, for example, how much delay you can expect between Peru and Brazil (see the missing cable, there?) :-p

Creating new tasks in chamilo course-sessions

In the category of little scripts that can make your life easier when managing huge Chamilo portals, this is a little one that creates one tasks-folder called “ALP” for the “Assignments” (work) tool in each active course for a portal where you have thousands of sessions, with one course per session.

The script works for version 1.9.8 of Chamilo, but might need some adaptations to run on an older version, in particular considering the addDir() function from the main/work/work.lib.php library which was created there recently.

You should put the file into any “one-level” directory under the Chamilo base, so that it can find “../main/inc/global.inc.php”, and then run it on the command line using php5-cli, or load it from a webserver accessing it directly by its path.

The script only affects active sessions (sessions with a start and end dates that are “around” the current date).

The file is downloadable as a .doc file for safety purposes. Download it and rename it to “.php” before you open it, otherwise you’ll get an error: create_tasks


<?php
/**
* This script creates tasks directories in each course, at the session level,
* only for sessions active at the time of running the script
* In order for the script to set the right permissions, it has to be launched
* either as www-data or root
* @author Yannick Warnier
*/
require_once '../main/inc/global.inc.php';
require_once '../main/work/work.lib.php';
$date = date('Y-m-d h:i:s');
$workName = 'ALP';
$courseInfos = array();

/**
* Get the sessions list
*/
$sd = 'date_start';
$ed = 'date_end';
$sql = "SELECT id FROM session WHERE $sd '$date'";
$res = Database::query($sql);
if ($res === false) {
die("Error querying sessions: ".Database::error($res)."\n");
}
/**
* Get the course-session couple
*/
$sessionCourse = array();
while ($row = Database::fetch_assoc($res)) {
$sql2 = "SELECT c.id AS cid, c.code as ccode FROM course c, session_rel_course s WHERE s.id_session = ".$row['id']." AND s.course_code = c.code";
$res2 = Database::query($sql2);
if ($res2 === false) {
die("Error querying courses for session ".$row['id'].": ".Database::error($res2)."\n");
}
if (Database::num_rows($res2) > 0) {
while ($row2 = Database::fetch_assoc($res2)) {
$sessionCourse[$row['id']] = $row2['cid'];
if (empty($courseInfos[$row2['ccode']])) {
$courseInfos[$row2['cid']] = api_get_course_info($row2['ccode']);
}
}
}
}
/**
* Now create the tasks using the addDir function
*/
foreach ($sessionCourse as $sid => $cid) {
$sql = "SELECT id, title FROM c_student_publication
WHERE filetype = 'folder'
AND c_id = $cid
AND session_id = $sid";
$res = Database::query($sql);
if ($res === false) {
echo "Error querying table c_student_publication: $sql\n";
echo "The error message was: ".Database::error($res)."\n";
continue;
}
if (Database::num_rows($res) > 0) {
//Task found, skip
$row = Database::fetch_assoc($res);
echo "Task ".$row['title']." already found in course $cid, session $sid\n";
continue;
}
$params = array(
'new_dir' => $workName,
'description' => '',
'qualification' => 0,
'weight' => 0,
'allow_text_assignment' => 0
);
$res = addDir($params, 1, $courseInfos[$cid], null, $sid);
if ($res === false) {
echo "Could not create task $workName in course $cid, session $sid, for some reason\n";
} else {
echo "Task $workName created in course $cid, session $sid. Task ID is $res\n";
}
}
echo "All done!\n";

Categories: Chamilo, English, php, Techie Tags: , ,
%d bloggers like this: