I Love It When a Plan Comes Together

June 26, 2016

One of the last things to do to get this 4U beast finished was to figure out how to get some of the data off of the old Ultra-wide SCSI drives.  Originally the machine was used to house four separate 9GB virtual machines, and the whole thing was stuffed into a co-lo down on San Antonio road in Palo Alto back in the early 2000s.  I’d used one of the VMs as a general purpose Linux host which did double duty as a web server and an email server and the other ones were used by friends for pretty much the same purpose.  I really wanted to get some of the emails back though because I’d lost touch with a friend in Japan, and knew I had his email and snail mail addresses buried somewhere on one of the drives.

There were, however, several problems I needed to tackle to get the data back.  Not only did I not have a way of getting the Ultra SCSI drives to connect to anything since the old motherboard was dead, I also needed to figure out how to read the file system, since they were partitioned as VMFS2 although the virtual partitions were primarily ext2.

The SCSI problem I solved by buying a cheapo $45 LSI Logic card on Amazon Marketplace which was being sold as a tape backup adapter.  It looks like someone just plucked it out of an old HP machine, but it was cheap and did the trick.  Four of the five drives spun up just fine, although the years haven’t been particularly kind to them as the whine from them was pretty much unbearable.  I can only imagine how loud they would have been had I had left the old fans in as well.

To get the data off, I just “dd’d” each of the drives into files on the SSD drive, since I figure I’ll never use them again (also, does anyone need a slightly used LSI Logic Ultrawide SCSI card?).  I can attach the files as loopback devices in linux, however I still don’t have anything which will directly mount the VMFS2 partition.  I’m fairly certain ESXi can auto-convert from VMFS2 to VMFS3, but I’m not sure how I’d do that since I have no idea how to loopback mount each of the files.

Anyway, it’s a moot point.  I just used “strings” on the drive I wanted and was able to pull out my friend’s email address and it turns out he still has the same one after 12 years!  I’m going to call it mission accomplished.

There were still a few remaining things to do though before I could re-rack the machine.  I used one of the 5.25″ to 3.5″ adapters from the old drives to attach it to the 3.5″ to 2.5″ adapter I had bought for the SSD drive.  I also needed to get a cheap video card to hold me over until the GTX 660 was freed up from the gaming rig, so I bought a GT 730 since I figured I might as well get one which was quasi-useful.

Here are some pics…

WordPress with TLS

June 5, 2016

When I got WordPress working for the site, I ended up modifying the base container to make Let’s Encrypt work.  Originally I was thinking I would just set up a reverse proxy in front of it to do the TLS termination and then pass everything unencrypted between the WordPress container and the secure web container.

It turns out that the default configuration for WordPress has a php routine which attempts to figure out whether SSL is enabled or not, so a reverse proxy won’t actually work unless the connection between the front-end to the WordPress container is also encrypted.  That defeats the purpose though, since we’d have to also modify the WordPress container and set up our own self-signed certs.

Anyway, for the site I did end up modifying the WordPress container, but I also figured I’d fix things to make it so other people could use a reverse-proxy.  I need to bug some people on the team here at Docker to get the fix reviewed/accepted, but you can find the change here.

One last thing about Let’s Encrypt.  It’s a pretty awesome service, but the certs it issues expire every three months.  Unless you automate some way of refreshing the certs, you’re going to be in for a rude awakening every 90 days or so.  I ended up using certbot (EFF’s Let’s Encrypt service) and shoving a script into cron.daily which checks for a new cert and then if there is one, brings the website down and replaces it.  It looks kinda like this:

/usr/local/letsencrypt/certbot-auto renew –pre-hook docker-compose -f /path/to/docker-compose.yaml stop –post-hook=docker-compose -f /path/to/docker-compose.yaml up -d

It seems to work, but 90 days haven’t come up yet.  In theory it will replace the certs if it’s close to the 90 day cutoff, so I should probably check to see if it worked in mid-August.