I’m back with some more tech geek goodness for anyone who uses MySQL and OpenBSD.
OpenBSD by default apache runs in a chroot jail, thereby making it more secure in case the www server is compromised. I have talked about this before.
However if you use wordpress or some other web application that needs MySQL (and I’m talking where apache and MySQL reside on the same host), then the chroot jail will not allow your webapp access to the mysql socket file which is by default located in /var/run/mysql/
There are various solutions available online to wait x number of seconds and then to create symlinks, etc - but this was not always working for me - with the result the server would sometimes be up without database availability.
Here is my solution (thanks to NoMoa for the idea) - very simple, no postfix symlink but there is a symlink to allow other applications to access MySQL locally via the default socket location.
Then I add this to the bottom of /etc/rc.local on the webhost.
#mySQL
if [ X"${mysql}" == X"YES" -a -x /usr/local/bin/mysqld_safe ]; then
echo -n " mysqld"; /usr/local/bin/mysqld_safe --user=_mysql --log --open-files-limit=256 --socket=/var/www/var/run/mysql/mysql.sock &
if [ ! -L /var/run/mysql/mysql.sock ]; then
mkdir -p /var/run/mysql
chown _mysql:_mysql /var/run/mysql
chmod 711 /var/run/mysql
ln -fs /var/www/var/run/mysql/mysql.sock /var/run/mysql/mysql.sock
fi
fi
Lastly I add this to my /etc/rc.conf.local
mysql=YES
Note: you may need to change the open-files-limit to suit, but the above paths are as per a standard OpenBSD 4.3 install using the supplied MySQL pkgs.
I tested this all out on OpenBSD 4.3 and it now works fine for me. Whenever the server comes up I never get the dreaded word press DB failure screen. Good luck
I’ve been hit by a number of Spam comments recently that snuck through the filters.
If you are subscribed to the comments feed, apologies for this.
It turns out that since I moved TechDebug to a VM host, I did not follow my own post and the spam tools where not connecting to Akismet to check the comments. So remember that if you use OpenBSD and the default chroot for Apache, then you need to setup a resolv.conf to allow Apache to resolve hostnames.
It should be all fixed now. If I still get them sneaking through I may have to turn on “logins” to allow commenting. This is my last resort so it’s not in place yet.
April 22, 2008 at 1:54 · Filed under openbsd, unix
Today I upgraded my postgresql database instance on OpenBSD. Did a pg_dumpall, removed the old packages and then added the new ones (latest version 8.1.9 for OpenBSD 4.0 - yes I’m behind).
During the initialisation of the new DB, I got the following error:
creating directory /var/postgresql/data/pg_tblspc ... ok
selecting default max_connections ... 10
selecting default shared_buffers ... 50
creating configuration files ... ok
creating template1 database in /var/postgresql/data/base/1 ... FATAL: could not create semaphores: No space left on device
DETAIL: Failed system call was semget(1, 17, 03600).
The PostgreSQL documentation talks about this extensively. However I don’t want to recompile my kernel away from default. What else can I do?
February 26, 2008 at 1:37 · Filed under openbsd, webdev
If you are using OpenBSD to host your wordpress installation, and using the Akismet plug-in to block spam, you may come across set-up problems with Akismet.
The errors that can occur could be either or both of these:
There was a problem connecting to the Akismet server
The key you entered could not be verified because a connection to akismet.com could not be established
We are pleased to announce the official release of OpenBSD 4.2. We remain proud of OpenBSD’s record of more than ten years with only two remote holes in the default install. We dedicate this release to the memory of long-time developer Jun-ichiro “itojun” Itoh Hagino, who focused his life on IPv6 deployment for everyone.
So get to it people, buy a CD and support the project. While you are waiting for your CD to arrive, you can get the release off the mirrors.
I use this OS exclusively for all my servers, firewalls, www, db, dns and it is the quickest to set-up, easiest to administrate (great doco) and the most secure by default of any of the UNIX like operating systems out there.
