Routine PHP Update This Morning

This morning, the computer that hosts my Web-site received a routine update to its PHP 5 interpreter – i.e. to some of the modules of its PHP 5 system – which also triggered a routine restart of the Apache server processes. This has taken place without causing the slightest disruption to my site.

What most Linux-based services do, during a log-rotation, is also to restart, so that after the log-files have been renamed, the services obtain a new file-handle as well, and so that the actual writing of log data resumes with a newly-created log-file. Apache tends to be atypical, in that one of its available commands is to reload its configuration and/or its log-files. Thus, usually, the main Apache service just keeps running.

Technically, this morning, the Apache server was gone for two seconds. But, if an average reader was to find that this interfered with his browsing, he would have been able to fix that, just by clicking on the same URL a second time.

Also, my blog consists of PHP scripts, which every HTTP request executes independently of the other requests. Persistence is achieved by browser-scripts, and by a MySQL database which the server-scripts access. So there is also no loss of persistence, of my site, arising from an Apache server restart.

Dirk

Continue reading Routine PHP Update This Morning

Monthly Log Rotation Disrupted my IPv6 Today.

One of the tasks which a Debian / Linux system does, is log-rotations at regular intervals. Some log-rotations take place daily, others weekly, and others monthly.

When log files are rotated, the services that generate them must usually be restarted, although there are a very few daemons which can simply be commanded to reopen their log file. This needs to be done, because even when the name of the log file has been changed (by the log-rotation), the file handle which its process has, still points to the same file. So most generally, the service is also restarted, so that it can open a new log-file, with the name of the old log-file, which was rotated to having a new file-name.

I have two services installed, to which this is relevant today. One of them is my “OpenVPN Server”, and the other is my “Teredo Client”. The Teredo Client was already configured by package maintainers, not to do any log-rotations. But my OpenVPN Server does a log-rotation on a monthly basis.

One of the facts about how my system reacts is in practice, that when my OpenVPN Server does a restart, it also incapacitates my Teredo Client. I am not sure why this happens, but it is completely consistent behavior. It has something to do with how my dual-stack kernel manages its IPv6 addresses.

So today, being July 1, saw a log-rotation to my OpenVPN Server, which also took out my Teredo Client, at the time the monthly log-rotations are supposed to take place, in a 100% predictable manner. I needed to restart the Teredo Client, in order to get my IPv6 address back, by about 14h15 this afternoon. From about 6h00 until 14h15 today, this site had no working IPv6 address.

I apologize for any inconvenience.

Dirk

 

Routine Log Rotation Suspended my IPv6 Today.

Today is May 1.

On most Linux systems, there are “log rotations” which can take place daily, weekly, or monthly. Log rotations frequently but not always require that a service be restarted. This is because while log files have been renamed, the service which is writing log data to them, retains a handle to the same file as before, unless that service is restarted. Once the service is restarted, it obtains a new handle from the O/S, for a fresh log file.

Most of my log rotations have no side-effects. But when I set up my ‘OpenVPN’ -protocol VPN server, I decided to set up a monthly log rotation associated with it, which also has as post-log-rotate job, to restart this VPN.

Oddly enough, this does not impede the VPN service from restarting. But as a side-effect, this knocks my (Debian) ‘Miredo’ client off-line every time, which gives me IPv6 connectivity when it is running, by way of a Teredo server.

It seems that the authors of ‘Miredo’ have already observed, that restarting something that upsets the IP stack in this way, can knock their client off-line, and so the makers of this package omitted any logging, or log rotation, for ‘Miredo’. But whenever by VPN server is restarted, this affects the Teredo client I just named.

Today is May 1. So therefore in a routine way, my IPv6 address was knocked off-line by the monthly log rotation this morning. And this effect lasted, until I manually restarted the Teredo client in question.

So as I am writing this, I have an IPv6 address again.

Dirk

 

Narrowing an old Problem with Teredo

I happen to have a package installed on my Linux server named ‘Phoenix’, which gives me access to IPv6 via a remote ‘Teredo’ server acting as a tunnel, and which gives me this connectivity, even though my ISP does not yet support IPv6. The Teredo server I use is not the Microsoft Teredo server, which AFAIK has been shut down by now, on the assumption that Teredo is outdated.

This Teredo connectivity presents itself to me on the user / application level, as a virtual network interface, which applications can connect to as easily as to the physical interface, but which has been implemented behind the scenes, as a translation process for data, that finally communicates over the real, physical interface. Both Linux and some Windows computers can generally do this, via the ‘TAP Device’ or ‘TUN Device’ API, which in turn needs to be supported by either kernel.

In addition to the ‘teredo’ virtual network interface, I also have another one, which is simply named ‘tun0′ on this server, and which enables my ‘OpenVPN’ server. I will not go into the details in this posting, of how to set up OpenVPN, which is a somewhat complex process documented in several other places on the Web.

But my setup effectively causes two TAP and/or TUN devices to appear as part of my network configuration by default. These two devices should not interfere which each other in principle. But by default, my ‘tun0′ interface is created during the boot process, before my ‘teredo’ interface is created.

I seem to have a glitch in my kernel, which will require that they always be destroyed in the reverse order initially created. Hence, if my ‘teredo’ interface is Up, but I next shut down my VPN, and when I next restart my VPN, the ‘teredo’ interface will fail, and will seem to lose its IP Configuration, as far as my desktop tells me, and as far as an ‘ifconfig -a‘ will confirm. Thus, I will next need to restart my Teredo service as well, in order to reestablish that.

This is a minor problem, but may have led to earlier issues, which I had thought at that time must have come from the Teredo tunneling server, which I am using. More precisely, I now think that some Teredo-related problems I was having, were actually due to log rotations which my server does.

Some of my earlier Teredo, IPv6 issues were described in This Earlier Posting. As it happens, February 13 was a Saturday, and so it is not clear how a log rotation might have caused this exact malfunction. But the problem which I now anticipate, and which would be due to my client would be as follows:

Once per month, my VPN server is given a restart scripted by me, in order to be able to close its log file and to open a new log file associated with the process. This restart can happen more or less alphabetically, without respecting any preferences that the kernel might have, for the order in which one virtual interface might be affected by the other – while neither should affect the other in principle.

It is interesting to note that my VPN configuration is created by me, while the Teredo client runs out-of-the-box, and is intended to have no log rotation, by the package maintainers.

And the result can be, that my ‘teredo’ interface goes down, leaving me with no IPv6 connectivity for the moment. I find that in practice, the ‘tun0′ interface is not affected by this fragility. And so when that happens, I need to play with my Teredo service to get it running again. And this can all happen without any knowledge, from the people who run the remote Teredo tunnel.

Dirk