Jul 302011
 

Bye Bye Macports, Welcome Homebrew

Definition
Homebrew: The missing package manager for OS X

Why? well, the reality is, macports is not that good anymore.
Once you have many packages installed and start updating, everything start to break apart, lot’s of failing packages.

Homebrew is very easy to install, it’s fast and simple. That means you can make your own homebrew formula for your package so easily. oh, and homebrew is in ruby! :)

Back to topic, this is you how you get rails with mysql up and running with homebrew and rvm.

Clean up

To make sure to have a clean install, I recommend removing any previous .rvm installation and previous Xcode.

$ rm -rf ~/.rvm/
$ sudo rm -rf /Developer

1. Xcode

Install Xcode from AppStore. it’s 1+ GB download so it may take a while.
after it’s downloaded it will not install automatically, you need to open Applications and install again from there, the name will be “Install Xcode”.
You also need to install Command Line Tools for Xcode.

Better way is to go to https://developer.apple.com/downloads/index.action and download from there, you will have to login with a free apple developer account.
Download the 2 minimum require files

- Xcode 4.3.1 for Lion (1.85 GB)
- Command Line Tools for Xcode (171.70 MB)

Update: If you don’t want to download and install huge XCODE (3.0GB) :
https://github.com/kennethreitz/osx-gcc-installer
It allows you to install the essential compilers, GCC, LLVM, etc.
PS: I have not tested it
Thanks JP for the tip.

2. Install HomeBrew

UPDATE: in the comments some people recommended to do create the folder “/usr/local/Cellar” before hand, due to some bug on homebrew.

mkdir -p /usr/local/Cellar
$ /usr/bin/ruby -e "$(/usr/bin/curl -fsSL https://raw.github.com/mxcl/homebrew/master/Library/Contributions/install_homebrew.rb)"

Installation instructions: https://github.com/mxcl/homebrew/wiki/installation

3. install RVM

$  bash -s master < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)

Above im using the master branch, so that it works with xcode 4.3.1

Then after RVM is installed run these two 'one-line' commands, the second command will reload your bash with RVM.

$ echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm" # Load RVM function' >> ~/.bash_profile
$ source ~/.bash_profile

Details instructions: http://beginrescueend.com/rvm/install/

Note: you may have to add "--with-gcc=clang" to rvm for installing ruby 1.9.2 if you have Xcode 4.3+
Read this: http://stackoverflow.com/a/9651747/1107516

4. Install ruby 1.9.3-p125

OS X Lion comes with Ruby-1.8.7-p249, but we all want ruby 1.9.2/1.9.3 right?
RVM head and Ruby 1.9.3-p125 supports XCODE 4.3.1 http://www.ruby-lang.org/en/news/2012/02/16/ruby-1-9-3-p125-is-released/

$ rvm install 1.9.3-p125
$ rvm use ruby-1.9.3-p125
$ gem install rails bundler unicorn pg 
... and so on ...

I tested both ruby-1.9.3-head and ruby-1.9.3-p0, and 1.9.3-p125, and it works well with all my apps. Ruby 1.9.3 is faster than 1.9.2 booting rails, and way way faster than 1.8.7. So let's use the lastest Stable Ruby (1.9.3-p0)

See: Rails booting a lot faster.

NOTE: For Heroku I recommend you to use ruby-1.9.2-p290, if you use taps ("heroku db:pull/push")

Optionally you might want to install GIT, wget, ack, imagemagick and any other mighty software tools for daily use.

Example apps I'm usually required to install:

# brew install git ack wget curl redis memcached libmemcached colordiff imagemagick nginx sqlite libxml2 libxslt readline v8 rsync sphinx lzma geoip lzo 

5. Install Mysql

$ brew install mysql

one-line command:

$ mysql_install_db --verbose --user=`whoami` --basedir="$(brew --prefix mysql)" --datadir=/usr/local/var/mysql --tmpdir=/tmp

Once mysql is installed you might want it to load automatically each time you start your mac.

$ mkdir -p ~/Library/LaunchAgents
$ cp /usr/local/Cellar/mysql/5.5.14/com.mysql.mysqld.plist ~/Library/LaunchAgents/
$ launchctl load -w ~/Library/LaunchAgents/com.mysql.mysqld.plist

*check that the version I use here is 5.5.14

6. Troubleshooting:

if you have problems with mysql "cannot connect to /tmp/mysql.sock"
then create a file /usr/local/etc/my.cnf and add this:

[client] 
port = 3306 
socket = /tmp/mysql.sock 
[mysqld] 
bind-address = 127.0.0.1
port = 3306 
socket = /tmp/mysql.sock 

if encounter errors with homebrew run this command and follow recommendations:

$ brew doctor

update: If you end up with Segmentation fault or cannot install Ruby-1.8.7, you might want to try this solution:

$ export CC=/usr/bin/gcc-4.2
$ rvm install ruby-1.8.7 

Important, also read this if you have Xcode 4.3.1+

http://stackoverflow.com/questions/9651670/issue-updating-ruby-on-mac-with-xcode-4-3-1

by the way this is my /usr/local/etc/my.cnf optimized file, when using this file you may have to recreate your db

$ mysql_install_db --verbose --user=`whoami` --basedir="$(brew --prefix mysql)" --datadir=/usr/local/var/mysql --tmpdir=/tmp
[client] 
port = 3306 
socket = /tmp/mysql.sock 

[mysqld] 
event_scheduler = ON 
skip-character-set-client-handshake 
collation_server = utf8_unicode_ci 
character_set_server = utf8 

bind-address = 127.0.0.1
port = 3306 
socket = /tmp/mysql.sock 
max_connections = 20

table_open_cache = 256
max_allowed_packet = 32M 
binlog_cache_size = 1M 
max_heap_table_size = 64M 

read_buffer_size = 2M
read_rnd_buffer_size = 2M
sort_buffer_size = 4M
join_buffer_size = 512k
 
thread_cache_size = 2 
thread_concurrency = 2
query_cache_size = 16M 
query_cache_limit = 2M 

default-storage-engine = INNODB
thread_stack = 192K 
transaction_isolation = REPEATABLE-READ 
tmp_table_size = 64M 


# MyISAM Options 

key_buffer_size = 32M
bulk_insert_buffer_size = 32M
myisam_sort_buffer_size = 32M
myisam_max_sort_file_size = 256M
myisam_repair_threads = 1 
myisam_recover 

# INNODB Options
innodb_additional_mem_pool_size = 8M
innodb_buffer_pool_size = 64M
innodb_thread_concurrency = 2
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 8M
innodb_log_file_size = 8M
innodb_log_files_in_group = 3
innodb_max_dirty_pages_pct = 90
innodb_flush_method = O_DIRECT
innodb_lock_wait_timeout = 120
innodb_file_per_table

[mysqldump] 
quick 
max_allowed_packet = 16M 

[mysql] 
no-auto-rehash 

[myisamchk] 
key_buffer_size = 64M
sort_buffer_size = 64M
read_buffer = 16M
write_buffer = 16M

[mysqlhotcopy] 
interactive-timeout 

UPDATED (Mar 14, 2012):
* Fixed homebrew install URL
* changed from "#" to "$" to avoid confusion of running commands as root

EDITED (Feb 10, 2012):
* updated for new RVM
* source .bash_profile after editing it.
* decreased memory settings for mysql
* using ruby-1.9.3-p0
* fixed minor bugs

 Posted by at 2:06 am
Jul 302011
 

Small tips for securing a server with from SSH login

1. Disable Password Login

edit /etc/ssh/sshd_config and set the following

PasswordAuthentication no

now you can only login via ssh keys.
generate your local keys using ssh-keygen -t rsa
then put your id_rsa.pub in the user account on the server
i.e. /root/.ssh/authorized_keys

2. Random Passwords

Set all user passwords to large pseudo-random strings.
i.e. I set all users on all servers with different passwords looking like this:
Z4Q7H6pI53Xtsbgs8qKC
20 random alpha-numeric characters (a-z, A-Z, 0-9)

see here for more passwords https://www.grc.com/passwords.htm
you can test the password with the brute force search space calculator with https://www.grc.com/haystack.htm

3. Login alerts by email

Everytime a user has logged in the system, you should get an email alert.
For that I do put login_alert.sh and appended it to the end of /etc/profile

At the end of the file /etc/profile numberswiki.com

add this line:

sh /etc/login_alert.sh

then create a file /etc/login_alert.sh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#!/bin/sh
SERVER_NAME=`hostname -f`
SEND_TO="myemail@gmail.com"
LOGIN_WHO=`who -m | cut -d"(" -f2 | cut -d")" -f1 | tr -d \r`
 
echo "
Shell Login Access to ${SERVER_NAME}
From: ${LOGIN_WHO}
Date: `date`
 
Active Users:
 `who`
 
Uptime: 
 `uptime`
 
" | mail -s "Alert: SSH Login to ${SERVER_NAME} from ${LOGIN_WHO}" $SEND_TO

so you will get an email like this every time someone login to the server.

Subject: Alert: Shell Login to 'hostname' from ppp-122-122-122-122.evip2.xxxxxx.xx.xx

Shell Login Access to mail9.hostname.net
From: ppp-122-122-122-122.evip2.xxxxxx.xx.xx
Date: Fri Jul 29 18:23:19 UTC 2011

Active Users:
 root     pts/0        2011-07-29 17:57 (ppp-122-122-122-122.evip2.xxxxxx.xx.xx)

Uptime: 
  18:23:19 up 189 days,  2:38,  1 user,  load average: 0.05, 0.08, 0.07

4. System Updates

Always keep updated. I run “aptitude full-upgrade” everyday on all debian machines.
also goes for Mac and Windows.

 Posted by at 1:29 am

Switch to our mobile site