Cacti – monitoring intervals and ~114Mbps

If you are using Cacti, and find that the graphs for an interface appear to have a maximum of around 114 Mbps (on a >=200Mbps interface), check:

  • 32-bit or 64-bit counters (default 32-bit)
  • Check interval (default 5min)

With a 5min interval, the 32-bit counter will likely overflow. Need to switch to 64-bit counters (if supported by the device) and/or reduce the interval (this is more complicated and may mean you loose history).

The Cacti defaults work against the >200Mbps interface, which is a common case.

From the Cisco SNMP Counter FAQ, this explains why:

Q. When should 64-bit counters be used?

A. RFC 2233 adopted expanded 64-bit counters for high capacity interfaces in which 32-bit counters do not provide enough capacity and wrap too fast.
As the speed of network media increases, the minimum time in which a 32-bit counter wraps decreases. For example, a 10 Mbps stream of back-to-back, full-size packets causes ifInOctets to wrap in just over 57 minutes. At 100 Mbps, the minimum wrap time is 5.7 minutes, and at 1 Gbps, the minimum is 34 seconds.

Using “munin-node” on Ubuntu

And seeing an error like this one (from plugins/apt_all)?

E: The value 'stable' is invalid for APT::Default-Release as such a release is not available in the sources
E: The value 'testing' is invalid for APT::Default-Release as such a release is not available in the sources
E: The value 'unstable' is invalid for APT::Default-Release as such a release is not available in the sources

I went searching for any references to APT::Default-Release, however it turns out the cause of this is much simpler. Munin’s plugins/apt_all is doing this in the background:

# apt-get -u dist-upgrade --print-uris --yes -t stable
Reading package lists... Done
E: The value 'stable' is invalid for APT::Default-Release as such a release is not available in the sources

… in fact, it loops over “stable, testing, unstable” and runs that command three times – even on Ubuntu.

munin-2.0.9/plugins/node.d.linux/apt_all.in
56 my @releases = ("stable", "testing","unstable");
...
81 foreach my $release (@releases) {
82 my $apt="apt-get -u dist-upgrade --print-uris --yes -t $release |";

IPv6 Testing – Failure

$ wget -O - http://www.whatismyipv6.net/
--2013-01-07 10:55:04-- http://www.whatismyipv6.net/
Resolving www.whatismyipv6.net... 2a01:4f8:62:7061::2, 85.10.207.197
Connecting to www.whatismyipv6.net|2a01:4f8:62:7061::2|:80... failed: Connection timed out.
Connecting to www.whatismyipv6.net|85.10.207.197|:80... connected.

… and yes, IPv6 is working on this host, as I am able to reach other IPv6 hosts:

$ wget -6 -O /dev/null http://google.com/
--2013-01-07 10:58:32-- http://google.com/
Resolving google.com... 2404:6800:4006:802::1008
Connecting to google.com|2404:6800:4006:802::1008|:80... connected.

Debian Server Upgrade Warning: libapache2-mod-php5

Somewhere between Debian “Lenny” and Debian “Squeeze” (current), the libapache2-mod-php5 package has changed slightly.

If have your web content in /home/ (for example, /home/web/SITENAME/), then PHP will be suddenly turned off – and there aren’t any clues in the logs why.

The reason for this is the following configuration:

/etc/apache2/mods-available/php5.conf
# To re-enable php in user directories comment the following lines
# (from <IfModule ...> to .) Do NOT set it to On as it
# prevents .htaccess files from disabling it.
<IfModule mod_userdir.c>
<Directory /home/*/public_html>
php_admin_value engine Off
</Directory>
</IfModule>

You’ll have to comment out those lines (… just like the configuration comment says).

Ouch.

S/MIME Login

I’m surprised that noone has written a plugin or produced any documentation about requiring/using a S/MIME certificate in order to login to WordPress, or for use with OpenID.

There are lots of items around on how to force Admin logins to use HTTPS – but nothing I’ve seen so far about using client SSL certificates.