Archives for February 2010

Proxy Splunk behind Apache 2.2

2010/02/20 By staze

Splunk is pretty damn cool. And since Splunk 4, it’s been much easier to set up and run. And since my environment at work produces a lot less than 500MB/day of logs, I can safely use the free version of splunk. But, this has a downside. You don’t get user authentication (there’s other stuff you don’t get, but the big one to me is user auth).

So, the obvious solution is to proxy Splunk behind apache and have apache do the user authentication. There’s some good info about doing this online, but it seems none of it is complete for what I was trying to do.

So, here’s what I had to do. First, the relevant chunk in the apache config (if you’re doing this over https, you may want to add “SSLProxyEngine On” before the mod_rewrite section):

<VirtualHost *:80>
	ServerName server.example.com:80
	ProxyPass /splunk http://127.0.0.1:8000/splunk
	ProxyPassReverse /splunk http://127.0.0.1:8000/splunk
	<IfModule mod_rewrite.c>
		RewriteEngine On
		RewriteRule ^/(static.*) /splunk/$1 [P]
	</IfModule>
</VirtualHost>

So, on my server, I’d go to https://server.example.com/splunk to visit my splunk page. The rewrite rule is there to fix what seems like a bug in the “jobs” page for splunk, that doesn’t seem to obey the “root_endpoint” set below.

The second part of this is to set a few things in the web.conf.

In my case, since this is running on a Mac, these go in a file in /Applications/splunk/etc/system/local/web.conf

root_endpoint = /splunk
tools.proxy.on = True
updateCheckerBaseURL = 0

The first basically says “everything is in the /splunk subdirectory”. The Second I’d assume says “Splunk is being proxy’d”, and the Third is something I had to add to fix a weird issue I was seeing after doing all of this. Once I’d proxy’d it, every time I would open a new session to Splunk, I would see the “Checking for Updates” and then the “Agreement” page, which the continue button wouldn’t point back to http://server.example.com/splunk but just http://server.example.com/. So, That third line basically disables the update check. It’s kind of silly anyway since I keep an eye on the splunk.com webpage to check for updates.

As for securing splunk beyond proxy’ing it, I just set up a realm in Server Admin that locks down the /splunk location. Pretty easy.

Good luck. Splunk is pretty cool, and makes it dead simple to track down issues, get statistics, etc. I’m still not really proficient with it, but I hope over time I’ll learn more of what I can do with it.

I hate EULAs. Especially Apple’s OS X Client one…

2010/02/17 By staze

So, I’m a Sys Admin. I spend all day running down problems, and when I’m not doing that, I’m usually working on bigger problems that are multi-day/week/month issues. And when I’m not doing that, I’m playing with something cool that’ll give us a better user experience, show us data we haven’t seen, etc. Add to this, we basically have no money (we’re State Higher Ed). So, the answer for testing issues is, obviously, virtualization (since we can’t afford to have test machines sitting around).

Now, VMware and Parallels both support Virtualizing OS X Server on Apple Hardware. They do not, however, support Virtualizing OS X Client, since Apple’s EULA specifically says “You can’t do that”.

So, being a Sys Admin, and not taking anything at face value, you look around online, and find various ways around this. Yes, it’s breaking EULA. But, I am running this on Apple Hardware, and we have broken machines sitting in a closet not running any OS. So, far as I’m concerned, it evens out. Obviously this wouldn’t hold up in court, but seriously Apple. The EULA should be something like: “You can virtualize OS X Client on Apple Xserve hardware” or something like that. Make the end user pay for it, but don’t make us hack software to make it work.

Anyway, the big thing that made me create this post is… VMware Fusion 3.0 changed things a bit. This info is still online except one minor tidbit. You HAVE to use physical media when doing the install. Don’t ask me why, you just do.

As for the rest of the info… I leave it to the readers. As for fixing the EULA… Please, Apple… Please.

UPDATE: The issue with VMware and physical media seems to be that VMware is convinced it should be attached to the VMware tools disk image to install that. If there was some way to get around that, it should be easy enough to boot off an image. Because once I had it installed, and unmounted the VMWare Tools “disk”, the OS X installer image immediately mounted. *shrugs* Oh well… I got it installed.

UPDATE 2: So a big reason for this was testing. After I got a normal 10.5 client installed, I created a second VMware disk, and restored our lab image onto it. It’s actually pretty cool to have this. Means I can finally test some things that normally would require a separate machine. So again, please Apple, fix the EULA. At the very least, work with VMware to allow Mac OS X Server (and client ideally) to run on vSphere. Hell, sell some Dongle for $10k. Or hell, get them to port vSphere to the Mac, so you can put a couple Xserves in a vSphere cluster, and they’ll take care of running the Mac OS instances. I want to be able to virtualize OS X on vSphere without jumping through hoops.

WordPress auto-update

2010/02/15 By staze

Just a quick note. WordPress 2.9.2 came out today, and I found that since my server upgrade, the core auto-update/upgrade feature wasn’t working. It wanted me to have FTP access.

Turns out that the website folder itself (in my case, since I host on a Mac, a folder within /Library/WebServer/Documents) wasn’t owned by www. Once I chowned that to www, the auto-upgrade worked perfectly.

Everything else was already owned by www… so, just make sure, the folder wordpress resides in is also owned by the web user (the user httpd runs as).

Good luck! And remember, Happiness is only a chown away.

« Previous Page