I’ve been in this situation many times before trying to setup passwordless authentication between servers. Be it for ssh or sftp, I’ve done this numerous times. I’ve setup a number of my own VPS for the past several years. In the office, I’ve configured public key authentication between countless servers and yet here I am, always forgetting the steps. Sure, I’m dealing with different Linux/Unix flavors in the office but heck, they are all basically the same. So why I keep on forgetting these? Because I don’t do it often. It’s not my cup of tea. And most of the time, I set them up and forget about it.
Read More →

So I’m trying to update my CentOS EC2 instance on AWS and I’m getting the “Illegal Instruction” error. There’s not much of any info around and related topics about “Illegal Instruction” does not fit on my problem. To be clear, here’s what I see from the console.
yum -y update
Loaded plugins: fastestmirror
Setting up Update Process
Loading mirror speeds from cached hostfile
Illegal instruction

Read More →

One of the devs came to me for advice on how to display a number of rows into one column. Basically, it is String Concatenation in a single query. No stored functions, just plain SQL query. The aggregation must be done in the query itself and not outside.

I came to this situation a number of times before and I always ended up creating a function or do the aggregation in my calling program. But thanks to Oracle 11GR2, there are new functions like LISTAGG that can already support this. Fortunately, our company is already using that version. I found the solution, like most of the time, at AskTom.

In the context of scott example database, you can list down all the employees per department in a comma delimited format using the query below.

SELECT deptno, LISTAGG(ename, ',') WITHIN GROUP (ORDER BY ename) AS employees
FROM   emp
GROUP BY deptno;

And the result would be

---------- --------------------------------------------------

That’s neat, right?

For Siebel folks, here’s another example. For this case, I needed to count the number of billing accounts a particular person has and at the same time, list them down in a comma delimited output column.

The query looked like this.

SELECT bill.master_ou_id ACCNT_ID, COUNT(1) BILL_COUNT, LISTAGG(ou_num, ', ') WITHIN GROUP (ORDER BY name) bills    
FROM siebel.s_org_ext BILL_ACCNT
WHERE bill.master_ou_id = '1-XXX4422'
AND   bill.accnt_type_cd = 'Billing'
GROUP BY bill.master_ou_id

The output would be:

1-XXX4422          6   1.13442244, 1.13442546, 1.12154889, 1.1378892

There are other examples in the URL below.

I recently setup a new VPS with which this site is currently being hosted. But before you manage to navigate here, I was having problem trying to bring it up. In effect this site together with a few more domains had a downtime. Though there are a number of reasons, one nagging issue I faced is the timout problem. It was my first time to setup an nginx+php-fpm+mysql server and obviously, the error is something new to me. I went back to the instructions and didn’t see any problem.

Usually, you let nginx communicate to your process manager (php-fpm) via the socket file. And from the numerous tutorials in the net, it is not uncommon to see the suggestion to set the listen directive in /etc/php-fpm.d/www.conf to listen = /var/run/php5-fpm.sock. I don’t see any problem with it. Besides, that’s how my nginx+gunicorn+python works right now. So how could it be any different.

Apparently, those assumptions do not necessarily work on my case. As it turned out, unix sockets does not work very well on my setup of CentOS6+NGINX+PHP5.3.3. I have to options to resolve this. One is to set fastcgi_read_timeout=180 on my server block in nginx config. The default is 60secs until timeout. But I feel increasing the value

So I just switched to TCP socket and use instead of sockets. That means instead of writing in /etc/php-fpm.d/www.conf this:

listen = /var/run/php5-fpm.sock

I wrote this:

listen =

And then updating my server block config to

if ($uri !~ "^/uploads/") {
#fastcgi_pass unix:/var/run/php5-fpm.sock;

The site worked flawlessly after that.

If you came here with the same problem, kindly double check if you have the same setup as mine. As I understand, this isn’t a problem with other versions of php/php-fpm. In some cases, increasing value of fastcgi_read_timeout also works. Neither of these alternatives worked for me.

So I keep on getting error 502 whenever I try to access my website built using django+nginx+gunicorn on a CentOS 6 VPS. There’s a number of things that can go wrong here and if you look at Stackoverflow, the most common problem is selinux for CentOS 7 and another is the nginx user’s permission with your project files.

I already tried the solutions they presented but it looked like my problem is different. To be clear, I have another instance of gunicorn running on the same server and it works perfectly fine. So I know that root cause is just around the corner. It’s just that I may have missed to write down a step that I need to discover again.

True enough, it is the access control list(acl) of the unix socket file that is having a problem. It turns out that nginx must have access to it and not just the user running the gunicorn instance. The socket file is used so that nginx can communicate with gunicorn which is running on a different port. So obviously, nginx should have access to that file.

So let’s say my nginx user is www-data and my sock file is in /home/mypath/run for my myapp application, here’s the command to give www-data access to the sock file.

sudo setfacl -m user:www-data:rwx /home/mypath/run/myapp.sock

While you’re at it, you might want to give access to your static files as well.

sudo setfacl -Rm user:www-data:r-x /home/mypath/myapp/static/*

You’ll need this because your django static files will be served by nginx instead of gunicorn.

And with that, you’re good to go.

Important Note:
The problem on the unix socket file access can also happen with NGINX+PHP-FPM as I recently discovered. Actually, as long as you are using unix sockets instead of TCP socket, you might encounter this error. So take note that it’s just an ACL issue and a quick setfacl can do the job.

setfacl -m user:nginx:r-x
setfacl -m user:nginx:rwx /var/run/php5-fpm.sock

If you ever setup python with Apache for the first time, you’ll definitely encounter a bunch of problems. I’m currently writing a post about all the steps I took to do it but one of the things that really bugged me out is the permission denied mod_wsgi problem. It was supposedly the last problem I’ll run into after a seemingly endless string of problems I encountered. Take note that at the point I encountered this problem, I’m almost ready to give up setting up Python+Apache. Luckily, I’m a stubborn bastard.
Read More →

More often than not, IP address is enough for me to work on things. However, there are times when the system configurations require the machine name/hostname or the security team needs both IP Address and IP Name(or hostname). The funny thing is I always forget the commands. Okay, I usually use nslookup but that is only applicable if the IP is available in the DNS. If not, tough luck. Anyway, here are the commands.

Query IP in the DNS

  1. fire up command console (cmd.exe)
  2. type in nslookup
  3. get the name from the output

Query IP without DNS/h3>

  1. fire up command console (cmd.exe)
  2. type in nbtstat -A
  3. the name of UNIQUE entry is the hostname

Of course, is the IP address. It goes without saying that you have to change it to the IP address are querying for.