Here are the steps needed to install the latest version of APC (3.1.8 at the time of writing this article; please check for the latest version available when you are reading this and make the changes accordingly):
cd /usr/local/src
wget http://pecl.php.net/get/APC-3.1.8.tgz
tar -zxvf APC-3.1.8.tgz
cd APC-3.1.8
phpize
./configure --enable-apc --enable-apc-mmap --with-apxs --with-php-config=/usr/local/bin/php-config
make
make install

Next, activate the apc module in php.ini by adding something like this:
extension="apc.so"
apc.enabled=1
apc.shm_segments=1
apc.shm_size=128

Finally, you will have to restart apache and after that the APC module should be activated and in use. Hopefully, this will help you enable APC on your CPanel server in some very simple steps in less that 5minutes.

The failure was specifically related to the EBS drives that made customer instances non responding, but also prevented them to start or stop new instances with the same EBS volumes (that probably 99% have tried immediately as they got paged). There are some sites that had failover mechanisms, but if they were in the same availability zone it was useless (something that looked like a good solution and fast and cost effective). Others, many startups, found out that they had no such mechanism at all, and that they depended way too much on the Amazon reliability. Until this issue, Amazon had a great uptime record; there were many issues but with individual instances, but not such a global issue. You would expect people running their application in the cloud to expect failures and be prepared and I’m sure most of them are compared with applications deployed in the regular datacenter, but apparently there is still much work to be done.

Overall I believe this showed (if we needed a reminder), that failures can happen and anyone can suffer from such a problem (Google had problems, Facebook the same, and Twitter is most of the time down, and now was just Amazon’s turn). We need to be prepared and build and architect our applications with this in mind and be ready to failover. A great example of this is the twilio application design: http://www.twilio.com/engineering/2011/04/22/why-twilio-wasnt-affected-by-todays-aws-issues/

Also I think Amazon will learn many things from this event, and hopefully one of them will be to better communicate with their clients. They can definitely improve on this, and not leave people to go to twitter or ec2 forums for the best updates on such problems instead from the source.

I’ve also seen different providers (I will not give names but they are everywhere on twitter) come out and offer their services to people hit by this. I don’t believe this is the best approach to sell your very performant cloud solution or barebone datacenter servers or whatever, and probably it does worse for their reputation making them look like coyotes on a fallen prey. I’m sure like me, most people felt disgusted on their offers at this time, and it will definitely not make me look at their offering again.

Now its time to get back to work on failover and redundancy design for our clients that need help with this. If you’ve been affected by this and want to share your story and what are your takeaways feel free to comment bellow on the post. If you need specialized help to design or implement a fully fault tolerant infrastructure feel free to contact us anytime. We are here to help.

Source Server (or local system)

Generate RSA key for user on this system, you can also use DSA.  This asks for key pass-phrase but you can leave it blank.

ssh-keygen -t rsa

This asks for location to place the generated key, by default it will be your home directory (ex: /home/your_username/.ssh/).  This generates two files:  id_rsa and id_rsa.pub.  Content of id_rsa.pub is what we need to copy to destination server.

Destination Server (or remote server)

Check if you have the directory .ssh on your home (ex: /home/username/.ssh/), if not, create that directory.

ls  ~/.ssh
mkdir  ~/.ssh

Check if you have existing file authorized_keys on your .ssh directory, if not create it.

ls  ~/.ssh/ authorized_keys
touch   ~/.ssh/ authorized_keys

Copy content of id_rsa.pub that you created from your source/local server, or execute this command from your source/local server:

scp  ~/.ssh/id_rsa.pub username@remote_host:~/.ssh/authorized_keys

Test your password-less login from source to destination server.

If you are running any Centos 5.x minor version you should be able to upgrade just by running:
yum update

We already upgraded to Centos 5.6 all our servers and you should do the same also, and hopefully soon we will see the Centos6 release that everyone is waiting for.

For the full list of packages changed/added please see the centos5.6 release notes: http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.6

Server: Locate sftp-server binary and add to your list of valid shells on the system.

which sftp-server

Note:   This will most likely give you this: /usr/libexec/openssh/sftp-server

echo /usr/libexec/openssh/sftp-server >> /etc/shells

Note:  You may want to backup your /etc/shells first

User Accounts:  Add or modify accounts to use sftp-server.

New User

useradd -s /usr/libexec/openssh/sftp-server  sftponlyuser

Note:  Important parameter there is the “-s /usr/libexec/openssh/sftp-server”, which sets the default shell for this account.   By default you will have “/bin/bash”.

Existing User:

vi /etc/passwd

Find the user that you want to configure for sftp only access and edit its shell.  For exampleyou will see a line “username:x:500:500::/home/username:/bin/bash” change “/bin/bash” to “/usr/libexec/openssh/sftp-server” and save.  Note: You may want to backup your /etc/passwd file as well.

Let’s assume you already moved the databases (separate database for Drupal and CiviCRM as a recommended setup) and the files to new location and have set the correct file permissions as well. Here is the part that you need for your CiviCRM to work on new location and domain:

• access your database and empty civicrm.domain:config_backend. You see this anywhere with CiviCRM guide.
• update database details, site path/directory, and domain on civicrm.settings.php
• emtpy sites/default/files/civicrm/template_c (or make this entire dir writable by web user)
• login to you new Drupal site and visit these urls:
  http://sitename/civicrm/menu/rebuild?reset=1
http://sitename/civicrm/admin/setting/updateConfigBackend?reset=1
  Note: This will rebuild the settings for you – if not, repeat/review all the above steps.

Environment: Ubuntu 10.10, Apache, PHP, MySQL, Drupal 6.20

Things to install / setup: Solr, Tomcat6, ApacheSolr module for Drupal, and SolrPHPClient library

1.) Install Tomcat and setup your Tomcat admin user.

aptitude install tomcat6 tomcat6-admin tomcat6-common tomcat6-user
vi /etc/tomcat6/tomcat-users.xml
<role rolename=”admin”/>
<role rolename=”manager”/>
<user username=”tomcat” password=”password” roles=”admin,manager”/>
/etc/init.d/tomcat6 restart

If all is good you will be able to access Tomcat admin at http://hostname:8080. Default page will show with links to admin section, etc.

2.) Install Solr

wget http://apache.rediris.es/lucene/solr/1.4.1/apache-solr-1.4.1.zip (check for updates)
unzip apache-solr-1.4.1.zip
mkdir /usr/share/tomcat6/webapps
cp apache-solr-1.4.1/dist/apache-solr-1.4.1.war /usr/share/tomcat6/webapps/solr.war
cp -r apache-solr-1.4.1/example/solr /usr/share/tomcat6/solr
vi /etc/tomcat6/Catalina/localhost/solr.xml
<Context docBase=”/usr/share/tomcat6/webapps/solr.war” debug=”0″ privileged=”true” allowLinking=”true” crossContext=”true”>
<Environment name=”solr/home” type=”java.lang.String” value=”/usr/share/tomcat6/solr” override=”true” />
</Context>
chown -r tomcat6.tomcat6 /var/lib/tomcat6
/etc/init.d/tomcat6 restart

You should see Solr access on your Tomcat admin/manager page (http://hostname:8080/manager/html).

3.) Connect Drupal Site to Solr (multi-core setup)

I already have a Drupal site with ApacheSolr module installed and SolrPHPclient library.

cp /path/drupal_site/sites/all/modules/apachesolr/schema.xml /usr/share/tomcat6/solr/conf/schema.xml
cp /path/drupal_site/sites/all/modules/apachesolr/solrconfig.xml /usr/share/tomcat6/solr/conf/solrconfig.xml
cp apache-solr-1.4.1/example/multicore/solr.xml /usr/share/tomcat6/solr/
mkdir /usr/share/tomcat6/solr/site_sample1
cp -r /usr/share/tomcat6/solr/conf /usr/share/tomcat6/solr/site_sample1/conf
vi /usr/share/tomcat6/solr/solr.xml
<core name=”site1″ instanceDir=”site_sample1″ />
chown -R tomcat6:root /usr/share/tomcat6/solr/
/etc/init.d/tomcat6 restart

Visit ApacheSolr settings of your Drupal admin and enter the configuration:
Solr Hostname: localhost
Solr Port: 8080
Solr Path: /solr/site1

To add new site to Solr:
mkdir /usr/share/tomcat6/solr/site_sample2
cp -r /usr/share/tomcat6/solr/conf /usr/share/tomcat6/solr/site_sample2/conf
vi /usr/share/tomcat6/solr/solr.xml
<core name=”site2″ instanceDir=”site_sample2″ />

That’s All.

I’m hoping more and more people will do this so we can focus on more serious performance problems in our PHP webapps. I don’t see why not, because this is very simple and there are plenty of howto’s available. Still if you need help, and you would like us to do it for you, please contact us and let us speed up your site.

Note: if you have done this many years ago and want somethign even faster for your PHP code you should take a look at HipHop the project from Facebook to compile your php scripts (actually transforms PHP source code into highly optimized C++ and then uses g++ to compile it to machine code) and run them as executables (but this is going to be much harder to implement, but still a very interesting project to keep an eye).

You can quickly see available shortcut keys by typing “?” (question mark, no qoutes) and it will give you this screen.

Of course you need to enable keyboard shortcuts on your settings.