Ubuntu 11.10 Over the Edge

Last week Ubuntu 11.10 was released.  I was running 11.04 and decided I would upgrade.  I started with Ubuntu at 8.04 and have had successfull, pain free updates since that time.  The streak died with 11.10.  The specific issue was the nVidia driver.  And in my case, it was made worse by my dual monitor setup.  My laptop would only boot about a third of the time even if the additional monitors were not connected.  I was not happy.

The other issue I am dealing with is Unity.  Ubuntu 11.04 saw Gnome replaced by Unity as the X extension.  I did not like Unity.  I like a taskbar and want to be able to access my programs fast.  It sure seems Ubuntu wanted to make their OS look like a Mac.  If I want a Mac, I could buy a Mac.  Why did Canonical change something that had been successfull and was not broken.  In 11.04, I was able to revert to Gnome 2 Classic and keep going.  I was annoyed, but it was not a deal breaker.

I made a valiant effort to keep Ubuntu going.  I tried loading older versions and experimented with 32 and 64 bit installations.  It is very important for me to stay on the latest release.  I have been in too many work situations where old technology cannot be upgraded and for one reason or another.  This is a pain to manage. 

I probably could have lived with Unity, but I still faced the first issue, my laptop would not consistently boot with multiple monitors and a nVidia driver.  I looked at a number of distros and decided to try Fedora.   I wanted a widely used distro that is consistently updated and supported.  I also wanted something dependable.  I run Linux on my work computer because it helps me be better at my job.  A hobbyist distro would not cut it.  I thought about CentOS, but it really is best for servers.  I've used OpenSuse in the past and was not a big fan of YaST.  Fedora, here I come.

Fedora is available as a Live CD that can be installed to the hard drive.  The install was straight forward and fast.  I really liked the option to encrypt the entire hard drive instead of just the home drive.  And it was nice to have yum as the package manager.  I needed to use my Google stills to figure out how to get nVidia, Skype, Flash, and Virtualbox up and running.  These were much easier in Ubuntu.

My biggest issue with Fedora was the look and feel.  And that goes back to Gnome 3.  It is cut from the same cloth as Unity and I do not like using it.  It might be great for a new user or for a tablet.  But for a power user doing multiple tasks at the same time, it slowed me down.

So where do I go next?  The latest version of Ubuntu will not consistently boot on my machine.  Fedora works, but it is very hands on.  Gnome 3 and Unity both stink.  I'm giving serious consideration to going back to Windows.  I've used 7 at home and in a virutal machine and been very impressed.  It is fast, reliable, and the user interface is consistent and can be customized for a power user.  Granted Gnome and Unity can be customized, but it is not an easy process and it is time consuming.

My biggest gripe with Windows is the lack of a native SSH client.  Putty works, but it's not as easy as Linux command line.  So I think I'm headed to Windows 7 and a Ubuntu virtual machine. 

AWStats

I have been on a quest to use AWStats to gather statistics from IIS logs.  I ran into a big roadblock with Elastic Load Balancers and external IP addresses.  I documented the solutions to those issues in previous posts.  The new ELB is in place and it's time for payoff from a lot of hard work.  Here are notes about AWStats setup.


Basic setup is here: http://awstats.sourceforge.net/docs/awstats_setup.html
Kept the setup as close to default as possible

conf file Edits
To add multiple logs - use logresolvemerge.pl

LogFile="/usr/bin/logresolvemerge.pl /mounts/logs/iis/server01/W3SVC1/

u_ex%YY-0%MM-0%DD.log /mounts/logs/iis/server02/W3SVC1/

u_ex%YY-0%MM-0%DD.log /mounts/logs/iis/server03/W3SVC1/u_ex%YY-0%MM-0%DD.log|"

Using Default IIS LogFormat might not work - use this

LogFormat="date time s-sitename s-computername s-ip cs-method cs-uri-stem

cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie)

cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken"

Delete some of the comments at the top of the file to make edits easier
Delete the localhost file if it is not needed
Keep awstats.model.conf for its comments and instructions for editing

html files
perl awstats.pl -config=mysite -update for first log analysis
Files are stored in /var/www/awstats
A awstats.conf files is created for Apache
Create a cronjob for hourly updating
00 * * * * /usr/bin/awstats_updateall.pl now -awstatsprog=/var/www/awstats/awstats.pl
Files cannot be viewed without calling the awstats perl script
Example - http://yourserver/awstats/awstats.pl?=config=services

Elastic Load Balancer(ELB) - SSL termination at the ELB with Backend Authentication

Wildcard Certificate
AWS requires certificates to be in PEM format for uploading

This example uses a wildcard certificate generated by IIS and issued by GoDaddy.  There are better ways to create a certificate for an ELB which can be found in Amazon's documentation

1) Export the certificate as a PFX with the private key and check "Include all certificates in the certification path if possible" - use a password
2) Use openssl on a Linux box to run the following commands
3) openssl pkcs12 -in filename.pfx -nocerts -out key.pem
The command will request the Import Password
Then it will request a PEM Password - Use the same password for ease
4)openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
The command will request the Import Password
5)openssl rsa -in key.pem -out server.key
The command will request the PEM password created in the first command

Example

[root@util02 testing]# openssl pkcs12 -in godaddy.pfx -nocerts -out key.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
[root@util02 testing]# openssl pkcs12 -in godaddy.pfx -clcerts -nokeys -out cert.pem
Enter Import Password:
MAC verified OK
[root@util02 testing]# openssl rsa -in key.pem -out server.key
Enter pass phrase for key.pem:
writing RSA key

Upload the certificate
This can be done by the Management Console or via command line
When copying the certificates, be sure to include the headers and footers
If using command line, the cert.pem has unnecessary certificate details at the beginning of the file which will cause the import to fail

http://www.xdevsoftware.com/blog/post/Upload-IIS-SSL-Certificate-into-Amazon-Elastic-Load-Balancer.aspx

Backend Certificates
Certificates can be self signed, 'fakes' and should have expiration date of 2039
See previous post for self signed certs
Export the certificate from IIS
Use openssl on a Linux box to run the following commands
openssl pkcs12 -in certificate.pfx -out certificate.pem -nodesOpen
Import via Management Console or command line

Create Load Balancer
Load Balancer Protocol HTTPS
Port 443
Instance Protocol HTTPS
Port 443
Choose wildcard certificate
Ciphers - Leave as default - ELBSample-ELBDefaultNegotiationPolicy
Select Enable Backend Authentication
Create Health Check HTTPS:443/application/validation.aspx - Leave other settings as default
Add instances
Setup DNS
ELBs have A records like this: loadbalancer-374828799.us-east-1.elb.amazonaws.com (A Record)
Create a CNAME stagingserviceslb.futurehealthsoftware.com with stagingservices-374828799.us-east-1.elb.amazonaws.com

External IP Addresses into IIS Log Files
There are a couple of options

If the application is non WCF - use the F5 ISAPI filter
More details - http://devcentral.f5.com/weblogs/Joe/archive/2009/12/23/x-forwarded-for-http-module-for-iis7-source-included.aspx

If the application is WCF - use the ARR Helper Module
More details - http://blogs.iis.net/anilr/archive/2009/03/03/client-ip-not-logged-on-content-server-when-using-arr.aspx