PingFederate NGINX Reverse Proxy Issues

While configuring NGINX as a reverse proxy for a PingFederate cluster, I kept running into an issue where the PF nodes would reject my authentication requests with the following error:

DEBUG [] Auth failed: Multiple adapter instances are configured, ping.instanceId header is required

It turns out that NGINX strips away headers that include invalid characters, in this case “ping.instanceId” contains a period, and is thus an “invalid header” according to NGINX. The fix for this was to add the following to the NGINX server configuration, under the PF cluster server section:

ignore_invalid_headers off;

How to configure sitemap and og:image meta links on Yoast WordPress-SEO to be served through your CDN

The Yoast WordPress-SEO is a great plugin for getting SEO on your blog in an easy to use, and easy to manage function.

Recently I encountered an issue where the <meta> og:image links were not being served over our CDN, and were referencing their original image locations. og:image meta tags are used by Facebook and Twitter to give users the various thumbnail options when they create a post in Facebook that includes the link to a site/page/post.

Continue reading How to configure sitemap and og:image meta links on Yoast WordPress-SEO to be served through your CDN

View network interface traffic on Nexenta

There is not a lot of information out there about viewing the network interface throughput in real-time via CLI on Nexenta out there on the internet, so I hope this helps someone.

I discovered you can view the throughput in real-time by using a flow control monitor, and flowadm.

First, enter expert mode:
option expert_mode=1
Hit (y) to confirm,

flowadm add-flow -l NETWORK_INTERFACE -a transport=tcp flow1
flowadm show-flow -S


flowadm add-flow -l igb0 -a transport=tcp flow1
flowadm show-flow -S

This will give you a nice real-time status of your network throughput.

flowadm show-flow -S
flowadm show-flow -S

To remove the flow monitor, simply type in:

flowadm remove-flow -l network_interface
EX:  flowadm remove-flow -l igb0

Please be aware that there is some overhead involved in using flowadm for this purpose, as demonstrated by @kdavyd:


How to change the root password on a SmartOS System

I had some trouble tracking down in the SmartOS wiki on how to change the root password. I figured it out, and here’s what you need to do:

  1.  1. Login to your SmartOS server as root
  2. 2. Type in "grep root /usbkey/shadow" and place the output somewhere safe in case you need to revert this change.
  3. 3. Type in "/usr/lib/cryptpass YOUR_NEW_PASSWORD" and copy the output. This is your encrypted new root password.
  4. 4. Modify /usbkey/shadow (vi /usbkey/shadow) replacing your previous encrypted password with the new one.
  5. 5. Save the file (ESC, wq!)
  6. 6. Open a new SSH session (Without closing the old one, just in case you messed this up) and test your new password. It should work!


Dealing with Nexenta HA Plugin Issues

Earlier today I was testing out the Nexenta HA Plugin. I created an additional volume on my Nexenta cluster, and then went to the plugin volume page, which showed me the error:

Cannot get cluster/volume info: Cannot introspect object com.nexenta.nms(/Root/NetworkStorageService): org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.”

So I tried to re-initialize the cluster, which resulted in the error:

“Configuration save returned an error: no introspection data available for method ‘create’ in object ‘/Root/RsfCluster’, and object is not cast to any interface”

The fix for this was to restart the services on both of my head nodes.

Run the command: svcadm -v disable nm{s,v,cd} nbs nmdtrace dbus rmvolmgr

Then run: svcs nm{s,v,cd} nbs nmdtrace dbus rmvolmgr until all services show as disabled.

Then run: svcadm -v enable nm{s,v,cd} nbs nmdtrace dbus rmvolmgr

Then run: svcs nm{s,v,cd} nbs nmdtrace dbus rmvolmgr until all services show as online.

Make sure you do this on both head nodes.

You should be able to re-use your HA plugin and set everything up!

Hope this helps someone.

Kyle Gato's life blog.