Archived entries for System Administration

Fixing Broken MySQL Master-Master Replication: Error during XID COMMIT

So you’re stuck with master-master [or possibly circular] replication and that’s unfortunate, but if you’re reading this you’re probably already feeling bad enough about it so let’s get to it.

The error in question from SHOW SLAVE STATUS looks like:

Last_Error: Error during XID COMMIT: failed to update GTID state in mysql.gtid_slave_pos: 1062: Duplicate entry '0-11648' for key 'PRIMARY'

and I’ll also bet that you’ve got a blank Replicate_Ignore_Server_Ids: line in the slave status as well.

What seems to be happening is that statements from one master are getting bounced back to the originating server and mucking up the mySQL internals. In order to fix this you need to tell your masters to ignore statements from themselves.

Continue reading…

Run git-gc on a bare repo

Posting here for posterity since literally every other thing on google simply says “you’ll never have to gc a bare repo, because $reasons” and then doesn’t bother to even entertain the possibility of someone actually having to.

git --bare -C /path/to/your/repo.git gc

So complex and arcane. I can now understand why no one bothered to give an example…

Aptana SFTP “no suitable key exchange” or “socket is EOF” fix


Today I spun up a quick development instance using Ubuntu 15 and found that Aptana refused to connect via SFTP. After a few rounds of Google > Fix > New Error > GOTO 10 I’ve found that there are two problems.

  1. Aptana does not support anything more advanced than diffie-hellman-group1-sha1 for key exchange.
  2. OpenSSH has removed AES*-CBC ciphers from its default ciphers in favor of newer AES*-CTR ciphers.
  3. Aptana has explicitly disabled CTR support in their SSH library.

Continue reading…

SSH X11 forwarding with sudo and missing magic cookies

So you’ve fired up your X11 Server, connected to something remotely, sudo su -‘ed to root and gotten the following error:

MIT-MAGIC-COOKIE-1 data did not matchTraceback

There are a ton of posts floating around where you run xauth list in your pre-root account and then copy/paste them into xauth add commands after sudoing to root, or any one of a number of ugly-looking one-liners, but do you know what’s much easier?

[sammitch@jerkstore ~] sudo su -
[root@jerkstore ~] xauth merge ~sammitch/.Xauthority

Done. It seems simple, but for some reason I’ve never seen this posted as an answer to any discussion threads about this error.

The caveat to this being that it might clobber the pre-existing entries for other users running as root, but who cares about them, right?

Read-Only Elasticsearch Proxy using Nginx

I’ve recently set up an Elasticsearch/Logstash/Kibana cluster for a project and found Elasticsearch’s complete lack of authentication/authorization a bit alarming. I wasn’t exactly exposing these endpoints publicly, but I also didn’t want an inquisitive/careless/mischievous employee deleting documents or indexes.

However, the one exception I did want to make was to allow modifications to documents in the ‘kibana-int’ index so that users could create and modify dashboards.

So I’ve come up with the following Nginx config file for this:

upstream elastic_cluster {

server {
	listen 9200;
	client_max_body_size 50m;

	proxy_redirect off;
	proxy_set_header Connection "";
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_pass_header Access-Control-Allow-Origin;
	proxy_pass_header Access-Control-Allow-Methods;
	proxy_hide_header Access-Control-Allow-Headers;
	add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
	add_header Access-Control-Allow-Credentials true;

	# disallow write/modify to all indices
	location / {
		limit_except GET POST HEAD OPTIONS {
			# you could use auth_basic options here to allow HTTP-Auth
			deny all;
		proxy_pass http://elastic_cluster;
	# re-allow write/modify to kibana-int index for dashboard storage
	location /kibana-int/ {
		proxy_pass http://elastic_cluster;


Hopefully someone finds this useful!

Copyright © 2009–2010. All rights reserved.

RSS Feed.