Don’t Upgrade OpenSSL If You’re Using Plesk (= Broken Controlpanel)

April 1st, 2010 by keith 1 comment »

UPDATED as of April 1st, 2010

*It seems Parallel’s has released a fix for this. Fix was just released / revised as of April 1st, 2010*

http://kb.parallels.com/en/8338

Resolution

It is necessary to update Parallels Panel web-engine:

1. Download the appropriate package using the wget utility. Example for CentOS 5 x86:

#wget -c http://kb.parallels.com/Attachments/12669/Attachments/sw-cp-server-1.0-6.201004011105.centos5.i386.rpm

A list of fixed packages:

CentOS 5 x86
CentOS 5 x86_64
CentOS 4 x86
CentOS 4 x86_64
RHEL 4 x86
RHEL 4 x86_64

2. Install the downloaded package. Example for CentOS 5 x86:

#rpm -Uhv sw-cp-server-1.0-6.201004011105.centos5.i386.rpm
The fix is listed above.
</br>

Taken from “http://mattiasgeniar.be/2010/03/29/dont-upgrade-openssl-if-youre-using-plesk-broken-controlpanel/” -

If you’re using Plesk 9.x on a CentOS system, don’t upgrade the openssl package from version 0:0.9.8e-12.el5_4.1 to 0:0.9.8e-12.el5_4.6. It will break your Plesk Controlpanel, causing it to no longer start up. You’ll see a message similar to this.

[root@srv~]# /etc/init.d/psa start
Starting xinetd service…               done
Starting named service…             done
Starting mysqld service…           done
Plesk: Starting Mail Server… already started
Starting mail handlers tmpfs storage
Starting Plesk…                       failed

There won’t be an obvious error message in any log file location (/var/log/*, /usr/local/psa/var/log/*, /usr/local/psa/admin/logs/*), but it will most likely be caused by your recent openssl upgrade. Solution is this.

1) Downgrade method

If this works, it’s the easiest solution. Just make sure that due to dependencies, nothing of Parallels or Plesk is removed along.
[root@srv~]# yum downgrade openssl openssl-devel

2) Using RPM packages

Download the OpenSSL version 0.9.8e-12 5_4.6 for your architecture (these apply to CentOS).

You have to download these first! After completing the next steps, you’ll be without openssl – and downloading through wget or curl won’t  work because of missing libraries. Please take note: the following is at your own risk (and if you lose your SSH connection in the meanwhile, you’re screwed).

Find your current OpenSSL version, it should read version “el5_4.6″.

[root@srv~]# rpm -qa | grep -i openssl
openssl-0.9.8e-12.el5_4.6

Remove the package (if you haven’t downloaded the openssl package yet, do so first !!). (due to the font of this blog, it’s confusing, but the parameter = ‘ – – nodeps’).

[root@srv ~]# rpm -e –nodeps openssl-0.9.8e-12.el5_4.6

And re-install the correct version (replace the RPM with the one for your achitecture).

[root@srv  ~]# rpm -ivh openssl-0.9.8e-12.el5_4.1.x86_64.rpm
warning: openssl-0.9.8e-12.el5_4.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing…                ########################################### [100%]
1:openssl                ########################################### [100%]

Afterwards, you’ll be able to start Plesk again.

[root@srv~]# /etc/init.d/psa start
Starting xinetd service…               done
Starting named service…             done
Starting mysqld service…           done
Plesk: Starting Mail Server… already started
Starting mail handlers tmpfs storage
Starting Plesk…                       done
Since there’s no update on Plesk yet, this is something to look out for!
Update: An official message from Parallels

For now the only workaround is to downgrade openssl, either with yum or with rpm (if yum is not configured):

# wget -c http://mirrors.kernel.org/centos/5/updates/x86_64/RPMS/{openssl-0.9.8e-12.el5_4.1.x86_64.rpm,mod_ssl-2.2.3-31.el5.centos.2.x86_64.rpm,httpd-2.2.3-31.el5.centos.2.x86_64.rpm}

# rpm -Uvh –oldpackage {openssl-0.9.8e-12.el5_4.1.x86_64.rpm,mod_ssl-2.2.3-31.el5.centos.2.x86_64.rpm,httpd-2.2.3-31.el5.centos.2.x86_64.rpm}

# /etc/init.d/sw-cp-server start

Good luck!

*It seems Parallel’s has released a fix for this. Fix was just released / revised as of April 1st, 2010*

http://kb.parallels.com/en/8338

Resolution

It is necessary to update Parallels Panel web-engine:

1. Download the appropriate package using the wget utility. Example for CentOS 5 x86:

#wget -c http://kb.parallels.com/Attachments/12669/Attachments/sw-cp-server-1.0-6.201004011105.centos5.i386.rpm

A list of fixed packages:

CentOS 5 x86
CentOS 5 x86_64
CentOS 4 x86
CentOS 4 x86_64
RHEL 4 x86
RHEL 4 x86_64

2. Install the downloaded package. Example for CentOS 5 x86:

#rpm -Uhv sw-cp-server-1.0-6.201004011105.centos5.i386.rpm

1 comment »

Posted in Plesk, Qmail, Windows Vista

Tags:

How to setup a Mysql test script in php.

March 25th, 2010 by keith No comments »

This is just one of the many articles I’ve had on the back burner for months and I simply forgot about it. But a question today made me remember about it, so here it is. This is simply a test script for mysql, that will allow you to verify several things; Available open connections for Mysql or to verify if Mysql is simply down. All you have to do is create a test page with the following;

<?php
$link = mysql_connect(‘<server>’, ‘<username>’, ‘<password>’);
if (!$link) {
die(‘Could not connect: ‘ . mysql_error());
}
echo ‘Connected successfully’;
mysql_select_db(<database>);
?>

Make sure you replace the server, username, password and database variables with your own. Save it and make it web access via  a URL. The script will either give you a blank screen if there is no available connections or if there are available connections it will state “Connected Sucessfully”. You can change that to whatever you wish to if the default “good” message is to bland, to say “All Go” or something more hip, I guess.

Its useful if you want to monitor your mysql remotely or if you have a monitoring service that checks for the text to show. If it sees the text missing, the monitor will error out and then we know there is a problem Houston.

That’s it.

No comments »

Posted in MySql, PHP

Tags:

Why are the VMware classes so damned expensive?

March 24th, 2010 by keith No comments »

My company has been / is making the jump from Parallel’s Virutozzo HyperVisor based Virtuozzo to Vmware’s ESX/ESXi Virtualization and I’ve been liking what I’ve been seeing and working with. So much I ended up first installing Vmware’s Server 2 and then replacing it with ESXi (3) at home to play and educate myself. Well, thats the problem. I figured I’d look into getting my certification in VCP 4 (Vsphere) and ESXi… but geez, its so damned expensive. I mean, I understand its in high demand, but $3,000.00….. How in the world am I supposed to be able to afford that vs other certifications, while at the same time trying to keep my head above water. The cost of living is already high enough as it is.

Vmware… if you happen to see this, perhaps you can shed some light as to why your courses / fast tracks are so damned expensive. I’d love to understand why.

No comments »

Posted in Virtualization-Vmware

Tags:

How to disable reverse lookups with Qmail in Plesk

March 9th, 2010 by keith No comments »

To disable reverse lookups in qmail with Plesk,  you can  add -Rt0 to the server_args line in /etc/xinetd.d/smtp_psa


service smtp
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

Once you have made the change, you will need to restart the Xinetd service;

# /etc/init.d/xinetd restart

*DNS reverse lookups will no longer be called. Please note if you make any changes in Plesk regarding mail it will overwrite the change that you just made.*

No comments »

Posted in Linux, Plesk, Qmail

How to Enable PAE in x86 32-bit Windows Server 2003 and 2000 to Use Large 4GB or More RAM Memory

March 5th, 2010 by keith No comments »

To enable PAE in Windows Server 2003 and Windows 2000 (and Windows XP), append the /PAE switch to the end of the line of operating system in the Boot.ini file. To disable PAE, use the /NOPAE switch. The Boot.ini normally located in the root folder (i.e. C:\) with Read-Only and Hidden attributes, which are required to be removed before the file can be edited.

For example,

Original Boot.ini:

[boot loader]
timeout=0
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT=”Microsoft Windows 2000 Advanced Server”
/fastdetect

Change the Boot.ini to become:

[boot loader]
timeout=0
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT=”Microsoft Windows 2000 Advanced Server”
/fastdetect /PAE

For Bootcfg command, use:

bootcfg /raw "/pae" /A /ID 1

Restart the computer after modification to make the change effective.

Note that even with PAE enabled, there is still memory limit imposed by the operating system itself. The table below list the maximum memory support with PAE enabled for Windows 2000, Windows Server 2003 and Windows XP. Most 32-bit client based Windows operating system, such as Windows XP and Windows Vista (see way to use large memory of more than 4GB in 32-bit Windows Vista), has OS level limit that restricts the maximum amount of memory able to be used to 4GB.

Operating system Maximum memory support with PAE
Windows 2000 Advanced Server 8 GB of physical RAM
Windows 2000 Datacenter Server 32 GB of physical RAM
Windows XP (all versions) 4 GB of physical RAM*
Windows Server 2003 (and SP1), Standard Edition 4 GB of physical RAM*
Windows Server 2003, Enterprise Edition 32 GB of physical RAM
Windows Server 2003, Datacenter Edition 64 GB of physical RAM
Windows Server 2003 SP1, Enterprise Edition 64 GB of physical RAM
Windows Server 2003 SP1, Datacenter Edition 128 GB of physical RAM

No comments »

Posted in Windows 2000, Windows 2003

Tags: