CRAZ8

I’ve just checked in three fixes for the action_cache plugin.

1. Don’t send cookie headers when serving cached responses (the original response will be untouched)
2. Always use 2 cache fragments for action cache entries. This avoids the escape/unescape overhead for the body and speeds cache serving up and reduces the code complexity a little
3. Remove use of the returning method. Older versions of Rails don’t have this method.

I’ve also added a specific page to this site for details about the action_cache

Thanks to Paul Haddad and Timur Vafin for bug reports.

I was going to write a great post about Rails page caching, but then I found Gregg’s post about page caching

There are two points I’d like to make to add to the Rails page cache knowledge base.

Firstly, if you use paging in your cached actions, then you must use the FileUtils method for sweeping these pages (unless you want to write code that checks for every possible page number and expires that page with expire_page, and you really don’t)

Secondly(?), if you are going to use the FileUtils to remove files from the cache, you don’t need to move the cache location. You only need to move the cache location if you want to delete the entire cache in a single call.

For example, I have code that deletes a paged action, and the cache files are in /public/controller/action/page-number.html and /public/controller/action.html, so FileUtils.rm_rf ”/public/controller/action works for me without changing the cache path.

This evening, I added page caching to a Rails app I’m building. I want to cache the top page of the site (the index action), so I added the caches_page :index to the correct controller.

All was going well until I deployed to a ‘production’ server.

Doing a View/Source on my web page, I see urls that looked like http:// /foo/bar with a space replacing the server name. This isn’t good.

It took me a few minutes of looking at the Rails production log to see that, about every 60 seconds, something was hitting my site without a server name. What hits my site every 60 seconds? Monit does!

For each of my Mongrel instances, I have a monit configuration that contains the line if failed port xxxx protocol http. This technique doesn’t send a server name when it does the test.

Why is this a problem?

Since monit is hitting the root of the web site, the cached url is what gets accessed. Since I have monit hitting the Mongrel instances directly, the page cache is bypassed, and a broken version of the page is generated and cached. Within 60 seconds, my site is broken!

What do I do?

I solved this by adding a ‘heartbeat’ action to my site that renders the text ‘OK’.

  def heartbeat
    render :text => "OK"
  end

I now have my monit configured to access the url instead of the port checking. This is also much lighter load than hitting the main page of the site.

if failed url http://127.0.0.1:xxxx/main/heartbeat content == "OK"

So I’m getting my Rails app working on Apache on my virtual RedHat server, when something strange happens. The proxy to Mongrel works great and the app is running, but my static files aren’t coming down from the server – no images, CSS or javascript. These should be easy for Apache to serve up – what’s going on?

After looking in the Apache error log, I see that there’s a permission error for those files. No problem, set the flags with chmod and I’ll be onto the next thing.

No such luck.

With some quick Googling of the error, it seems that SELinux may be the issue.

After using the information I found in the documentation I set the new ownership for the static files using chcon and they can now be seen in my browser.

I can see the point of having a beefed-up security system available for an OS, but why on earth was this turned on by default?

Update: I could not get MySQL to start using /etc/init.d/mysql start until I disabled the SELinux system. No useful errors, the process would start and exit immediately.

Ben has updated his plugin directory to allow you to mark plugins as favorites. I’ve added mine from my previous post on the subject

Ben details what he’s done here

Now if only I could get a list of these plugins as a widget for my sidebar – RSS would work, as Wordpress has a plugin for that.

Ben’s doing real work with OpenID too. Works great in this application (I think its going to take a while for real users to get used to having a URL for their identity, but programmers don’t have that problem)

I installed Red Hat for the first time this week. I’ve done Debian a number of times, but this was my first go around with the King of Linux. Here’s my thoughts on why Red Hat has yet to achieve world domination.

Use a graphical UI?

During install, you get to pick which packages to install. Under UI, I unchecked all the graphical UI options, cause I want to run a server. On first login after the install, the login system comes up in with a graphical UI.

The fix here is to boot in Single User mode and change a 5 to a 3 in /etc/inittab.

How to login?

During install, I was asked for a root password, but never a user account. At the graphical login prompt, it informs me that root is not allowed to login. Now I have a system I can’t get into. Nice job.

Once again, single user mode comes to the rescue. In single user mode I can use the various tools to create a user and set the password, remembering to unlock the user so they can log in!

Disabled packages run anyway!

The install allowed me to uncheck Sendmail. Silly me for thinking that this would ensure that Sendmail would not run, and might even be left off the disk. But no! Sendmail is installed and running (without any configuration from me, so who knows what mail is flowing)

Good points?

The Red Hat knowledge base did help get me past these issues. When I typed in my query, I always got back a response that moved me forward. I’ve been using Microsoft technologies for 20 years, and their help stuff stopped doing this for me back in 1993.

Which would you use?

Sadly, I have to use Red Hat for a specific project, so I will beat it into submission and bend it to my will! Given a choice, I’d be using Debian for my server.

Next: Install my Rails stack.

I’ve spent some time over the last few days trying to access a Microsoft Active Directory (AD) using LDAP from a Rails app. Although there are some libraries and a few blog posts, this is still a very painful thing to do.

Here’s some things I worked through so you don’t have to.

LDAP paths are location dependent, but not case sensitive

Not a Ruby or Rails issue, but something you need to know – “dc=foo,dc=com” is not the same as “dc=com,dc=foo”. However, DC=Foo,DC=com is the same as dc=foo,dc=com

Pre-built Windows ruby-ldap needs no other LDAP libraries

Chris Scharf has built the ruby ldap libraries for Windows Although the ruby-ldap site says the code relies on other libraries, on Windows, that code is built in.

Here’s some ruby-ldap code that works with my AD server:

require 'ldap'

conn = LDAP::Conn.new( '<domain-server>', 389 )
conn.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
conn.bind( '<domain>\<username>', '<password>' ) do |conn|

  base = 'ou=Users,ou=<container>,dc=<domain>,dc=local'

  results = conn.search2(base, LDAP::LDAP_SCOPE_SUBTREE, '(cn=*)')
  results.each { |entry| puts "#{entry['dn']}: #{entry['telephoneNumber']}" }

end

Note: I’m using a Small Business Server, and the container for me is MyBusiness. Also, my full domain name is .local.

Most ActiveLDAP document is wrong

ActiveLDAP is getting closer to ActiveRecord in the way it works, and a bunch of the initialization code has changed to do this, but the documentation is not entirely correct. I have version 0.8 and here’s what I know:

• Use ActiveLdap::Base.establish_connection to setup the connection
• :password can now be used instead of :password_block
• :user isn’t yet used (but is documented) – use :bind_as instead

Here’s my code from environment.rb:

require 'active_ldap'
ActiveLdap::Base.establish_connection(
  :host => '<domain-server>',
  :port => 389,
  :base => 'dc=<domain-name>,dc=local',
  :bind_format => '%s',
  :bind_dn => '<domain-name>\\<username>',
  :password_block => Proc.new { '<password>' },
  :allow_anonymous => false
)

ActiveLDAP has some bugs in a Rails app

There are some bugs in ActiveLDAP 0.8 that I had to work around

Implement to_param

If you implement in your model code:

def to_param
  id
end

Then the Rails scaffold code will work great!

Schema processing broke for me

At line 44 of ActiveLDAP’s schema.rb file, I had to update to this to stop the code crashing:

      while @entries[group] && schema = @entries[group].shift

The DN value for saving is broken

I poked around and commented out some code, but I really didn’t understand what I was doing! Part of my confusion is that ActiveLdap::Base has two implementations of the base method that interact weirdly. The problem is that the base part of the DN was being added twice, and the DN attribute name (in my case CN) was on the front of the string. Here’s an example of what I was seeing:

cn=cn=<my name>,ou=Users,ou=MyBusiness,dc=<domain>,dc=local,ou=Users,ou=MyBusiness,dc=<domain>,dc=local

The string that did work was:

cn=<my name>,ou=Users,ou=MyBusiness,dc=<domain>,dc=local

nTSecurityDescriptor isn’t supported

After getting past the DN string building, this was my next problem with save (I actually disabled validation to get here, as the validation does insist this is needed)

Ok, so this is mostly the fault of AD, but if you want to save changes back to AD, then you need to be able to get the nTSecurityDescription attribute for your objects. It seems that AD has implemented an extension to retrieve this attribute, but I have no idea how to do that.

What else can go wrong?

I was planning on being able to build a live search against my users in the AD using LDAP, but the performance sucks, even for only a dozen users, it takes over a second on my unloaded server with everything in memory.

Mathew has an interesting post here about the problems with Rails 1.2, and the underlying issue of the Rails Core team not releasing software correctly.

I noticed the start of this with the 1.1.4 to 1.1.6 update (via a quick stop at 1.1.5). Looking at the change sets between the minor version changes, it was clear that we weren’t getting just a security update, but a few cool new features too. Ben and I talked about it at the time, and then Ben went on to blog about the issues

I seems that the situation hasn’t changed yet.

Apparently, DHH’s views on change are along the lines of ‘tough, this is the way I work, live with it’.

These problems haven’t affected me personally yet, but as more and more people use Rails, more will get screwed by the process and will head off back to their current platforms with tales of woe that discourage others from trying out Rails.

That would be a shame for all concerned.

As of this afternoon, I have a new employer. I will be starting work as a programmer at Zipper Interactive in Redmond on the 26th.

I talked with a bunch of people, and didn’t get around to talking with a bunch more, but the completely different environment of a game development company was too tempting to pass up. There’s a lot of Rails development going on in Seattle, not all of it publicly known.

Now I can take a week off without worrying about mortgage payments and job interviews.

Our team – the Dirty Smackmasters – convened for the 10th Microsoft Puzzlehunt (Puzzlehunt A). This year was an Atlantis theme, and we did a little better than last time – we’ll probably be in the low 30’s our of 75 when the results come out. We solved all but 14 puzzles, and we had about 3 or 4 that we were really close on.

This year, we made great progress at the start, and someone has a screenshot of the standings page to show us in 2nd! I like it when the first puzzles allow you to make progress. One year, we solved nothing in the first 4 hours. This is a good way to make you feel stupid.

One tip to anyone making puzzles – don’t use pizza! This year, one of the puzzles involved the layout of olives on a delivered pizza. Our olives had all moved by the time we received it, so we had no chance to solve this until we got a photo of the expected layout. We wasted so much time on this, and then didn’t have enough time to solve it once we got the correct layout.

Once again, we had too much bad food, but we did have a good time. For the first time, I didn’t sleep at all, and then crashed at 7 on Sunday evening for 12 hours!

Update: Is seems we did finish 29th!

Microsoft Puzzlehunt has a Wikipedia entry (hopefully not edited by someone involved to avoid the Wikipedia editor’s wrath)

Here’s my comments from Puzzlehunt 9