ics01 (internet customer service 1)

Primary tabs

LIC topology: IBM PCs

introduction

A computer in the internet DMZ that hosts many services for customers. Things specific to this host are listed below. The list is grouped by infrastructure layer.

Every host name in the LIC has five characters like this one.

LIC topology: ics01
PCs switches ethernet interfaces

hardware

I buy PC things. Specifically, a Dell OptiPlex GX150. Wikipedia (http://en.wikipedia.org/wiki/Dell_OptiPlex) has this summary.

  • Model: GX150
  • Chipset: Intel 815E
  • CPU: Pentium III or Celeron
  • FSB: 100/133 MHz
  • RAM type: SDRAM, 2
  • RAM speed: PC133
  • Chassis: SFF, desktop, mini tower
  • Comments: First to have new midnight-gray chassis
  • USB: USB 1.1
ics01:~# lshw
ics01
    description: Desktop Computer
    product: OptiPlex GX150
    vendor: Dell Computer Corporation
    serial: CY45H0J
    width: 32 bits
    capabilities: smbios-2.3 dmi-2.3
    configuration: administrator_password=enabled boot=normal chassis=desktop frontpanel_password=enabled power-on_password=enabled uuid=44454C4C-59BE-1034-8035-C3C04F48304A
  *-core
       description: Motherboard
       product: OptiPlex GX150
       vendor: Dell Computer Corporation
       physical id: 0
       slot: ~
     *-firmware
          description: BIOS
          vendor: Dell Computer Corporation
          physical id: 0
          version: A09 (11/07/2001)
          size: 64KiB
          capacity: 448KiB
          capabilities: isa pci pnp apm upgrade shadowing escd cdboot bootselect edd int13floppytoshiba int13floppy360 int13floppy1200 int13floppy720 int13floppy2880 int5printscreen int9keyboard int14serial int17printer acpi usb agp ls120boot zipboot biosbootspecification netboot
     *-cpu
          description: CPU
          product: Intel(R) Celeron(TM) CPU                1200MHz
          vendor: Intel Corp.
          physical id: 400
          bus info: cpu@0
          version: 6.11.1
          slot: Microprocessor
          size: 1200MHz
          width: 32 bits
          clock: 100MHz
          capabilities: fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse up
        *-cache:0
             description: L1 cache
             physical id: 700
             size: 32KiB
             capacity: 32KiB
             capabilities: internal varies unified
        *-cache:1
             description: L2 cache
             physical id: 701
             size: 256KiB
             capacity: 256KiB
             capabilities: internal varies unified
     *-memory
          description: System Memory
          physical id: 1000
          slot: System board or motherboard
          size: 128MiB
          capacity: 512MiB
        *-bank:0
             description: DIMM SDRAM Synchronous 100 MHz (10.0 ns)
             physical id: 0
             slot: DIMM_A
             size: 64MiB
             width: 64 bits
             clock: 100MHz (10.0ns)
        *-bank:1
             description: DIMM SDRAM Synchronous 100 MHz (10.0 ns)
             physical id: 1
             slot: DIMM_B
             size: 64MiB
             width: 64 bits
             clock: 100MHz (10.0ns)
     *-pci
          description: Host bridge
          product: 82815 815 Chipset Host Bridge and Memory Controller Hub
          vendor: Intel Corporation
          physical id: 100
          bus info: pci@0000:00:00.0
          version: 04
          width: 32 bits
          clock: 33MHz
          configuration: driver=agpgart-intel module=intel_agp
        *-display UNCLAIMED
             description: VGA compatible controller
             product: 82815 Chipset Graphics Controller (CGC)
             vendor: Intel Corporation
             physical id: 2
             bus info: pci@0000:00:02.0
             version: 04
             width: 32 bits
             clock: 66MHz
             capabilities: pm vga_controller bus_master cap_list
             configuration: latency=0
        *-pci
             description: PCI bridge
             product: 82801 PCI Bridge
             vendor: Intel Corporation
             physical id: 1e
             bus info: pci@0000:00:1e.0
             version: 11
             width: 32 bits
             clock: 33MHz
             capabilities: pci normal_decode bus_master
           *-network:0
                description: Ethernet interface
                product: VT6102 [Rhine-II]
                vendor: VIA Technologies, Inc.
                physical id: 7
                bus info: pci@0000:01:07.0
                logical name: eth1
                version: 43
                serial: 00:50:ba:2d:38:ef
                size: 100MB/s
                capacity: 100MB/s
                width: 32 bits
                clock: 33MHz
                capabilities: pm bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd autonegotiation
                configuration: autonegotiation=on broadcast=yes driver=via-rhine driverversion=1.4.3 duplex=full latency=64 link=yes maxlatency=8 mingnt=3 module=via_rhine multicast=yes port=MII slave=yes speed=100MB/s
           *-network:1
                description: Ethernet interface
                product: 82557/8/9/0/1 Ethernet Pro 100
                vendor: Intel Corporation
                physical id: 8
                bus info: pci@0000:01:08.0
                logical name: eth2
                version: 05
                serial: 00:50:ba:2d:38:ef
                size: 100MB/s
                capacity: 100MB/s
                width: 32 bits
                clock: 33MHz
                capabilities: pm bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd autonegotiation
                configuration: autonegotiation=on broadcast=yes driver=e100 driverversion=3.5.23-k4-NAPI duplex=full firmware=N/A latency=64 link=yes maxlatency=56 mingnt=8 module=e100 multicast=yes port=MII slave=yes speed=100MB/s
           *-network:2
                description: Ethernet interface
                product: 3c905C-TX/TX-M [Tornado]
                vendor: 3Com Corporation
                physical id: c
                bus info: pci@0000:01:0c.0
                logical name: eth0
                version: 78
                serial: 00:08:74:0c:7b:ef
                size: 100MB/s
                capacity: 100MB/s
                width: 32 bits
                clock: 33MHz
                capabilities: pm bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd autonegotiation
                configuration: autonegotiation=on broadcast=yes driver=3c59x duplex=full ip=192.168.80.2 latency=64 link=yes maxlatency=10 mingnt=10 module=3c59x multicast=yes port=MII speed=100MB/s
        *-isa
             description: ISA bridge
             product: 82801BA ISA Bridge (LPC)
             vendor: Intel Corporation
             physical id: 1f
             bus info: pci@0000:00:1f.0
             version: 11
             width: 32 bits
             clock: 33MHz
             capabilities: isa bus_master
             configuration: latency=0
        *-ide
             description: IDE interface
             product: 82801BA IDE U100 Controller
             vendor: Intel Corporation
             physical id: 1f.1
             bus info: pci@0000:00:1f.1
             version: 11
             width: 32 bits
             clock: 33MHz
             capabilities: ide bus_master
             configuration: driver=PIIX_IDE latency=0 module=piix
           *-ide:0
                description: IDE Channel 0
                physical id: 0
                bus info: ide@0
                logical name: ide0
                clock: 33MHz
              *-disk
                   description: ATA Disk
                   product: WDC WD100BB-75AUA1
                   vendor: Western Digital
                   physical id: 0
                   bus info: ide@0.0
                   logical name: /dev/hda
                   version: 18.20D18
                   serial: WD-WMA6Z1871113
                   size: 9541MiB (10GB)
                   capacity: 9541MiB (10GB)
                   capabilities: ata dma lba iordy smart pm partitioned partitioned:dos
                   configuration: mode=udma5 signature=000acb82 smart=on
                 *-volume:0
                      description: EXT3 volume
                      vendor: Linux
                      physical id: 1
                      bus info: ide@0.0,1
                      logical name: /dev/hda1
                      logical name: /
                      version: 1.0
                      serial: 7d174737-35cc-4a2a-a013-d713b31f024c
                      size: 337MiB
                      capacity: 337MiB
                      capabilities: primary bootable journaled extended_attributes large_files huge_files recover ext3 ext2 initialized
                      configuration: created=2009-09-05 09:06:07 filesystem=ext3 modified=2011-01-31 13:24:32 mount.fstype=ext3 mount.options=rw,errors=remount-ro,data=ordered mounted=2011-01-31 13:24:32 state=mounted
                 *-volume:1
                      description: Extended partition
                      physical id: 2
                      bus info: ide@0.0,2
                      logical name: /dev/hda2
                      size: 9201MiB
                      capacity: 9201MiB
                      capabilities: primary extended partitioned partitioned:extended
                    *-logicalvolume:0
                         description: Linux filesystem partition
                         physical id: 5
                         logical name: /dev/hda5
                         logical name: /usr
                         capacity: 3427MiB
                         configuration: mount.fstype=ext3 mount.options=rw,errors=continue,data=ordered state=mounted
                    *-logicalvolume:1
                         description: Linux filesystem partition
                         physical id: 6
                         logical name: /dev/hda6
                         logical name: /var
                         capacity: 1686MiB
                         configuration: mount.fstype=ext3 mount.options=rw,errors=continue,data=ordered state=mounted
                    *-logicalvolume:2
                         description: Linux swap / Solaris partition
                         physical id: 7
                         logical name: /dev/hda7
                         capacity: 352MiB
                         capabilities: nofs
                    *-logicalvolume:3
                         description: Linux filesystem partition
                         physical id: 8
                         logical name: /dev/hda8
                         logical name: /tmp
                         capacity: 305MiB
                         configuration: mount.fstype=ext3 mount.options=rw,errors=continue,data=ordered state=mounted
                    *-logicalvolume:4
                         description: Linux filesystem partition
                         physical id: 9
                         logical name: /dev/hda9
                         logical name: /home
                         capacity: 3427MiB
                         configuration: mount.fstype=ext3 mount.options=rw,errors=continue,data=ordered state=mounted
           *-ide:1
                description: IDE Channel 1
                physical id: 1
                bus info: ide@1
                logical name: ide1
                clock: 33MHz
              *-cdrom
                   description: IDE CD-ROM
                   product: GCR-8481B
                   physical id: 0
                   bus info: ide@1.0
                   logical name: /dev/hdc
                   version: 1.06
                   capabilities: packet atapi cdrom removable nonmagnetic dma lba iordy audio
                   configuration: mode=udma2 status=nodisc
        *-usb:0
             description: USB Controller
             product: 82801BA/BAM USB Controller #1
             vendor: Intel Corporation
             physical id: 1f.2
             bus info: pci@0000:00:1f.2
             version: 11
             width: 32 bits
             clock: 33MHz
             capabilities: uhci bus_master
             configuration: driver=uhci_hcd latency=0 module=uhci_hcd
           *-usbhost
                product: UHCI Host Controller
                vendor: Linux 2.6.26-2-686 uhci_hcd
                physical id: 1
                bus info: usb@1
                logical name: usb1
                version: 2.06
                capabilities: usb-1.10
                configuration: driver=hub slots=2 speed=12.0MB/s
        *-serial
             description: SMBus
             product: 82801BA/BAM SMBus Controller
             vendor: Intel Corporation
             physical id: 1f.3
             bus info: pci@0000:00:1f.3
             version: 11
             width: 32 bits
             clock: 33MHz
             configuration: driver=i801_smbus latency=0 module=i2c_i801
        *-usb:1
             description: USB Controller
             product: 82801BA/BAM USB Controller #1
             vendor: Intel Corporation
             physical id: 1f.4
             bus info: pci@0000:00:1f.4
             version: 11
             width: 32 bits
             clock: 33MHz
             capabilities: uhci bus_master
             configuration: driver=uhci_hcd latency=0 module=uhci_hcd
           *-usbhost
                product: UHCI Host Controller
                vendor: Linux 2.6.26-2-686 uhci_hcd
                physical id: 1
                bus info: usb@2
                logical name: usb2
                version: 2.06
                capabilities: usb-1.10
                configuration: driver=hub slots=2 speed=12.0MB/s
        *-multimedia
             description: Multimedia audio controller
             product: 82801BA/BAM AC'97 Audio Controller
             vendor: Intel Corporation
             physical id: 1f.5
             bus info: pci@0000:00:1f.5
             version: 11
             width: 32 bits
             clock: 33MHz
             capabilities: bus_master
             configuration: driver=Intel ICH latency=0 module=snd_intel8x0
  *-network
       description: Ethernet interface
       physical id: 1
       logical name: bond0
       serial: 00:50:ba:2d:38:ef
       capabilities: ethernet physical
       configuration: broadcast=yes driver=bonding driverversion=3.2.5 firmware=2 ip=192.168.0.6 master=yes multicast=yes
ics01:~#

network cables

I buy ethernet things.

Three network cables connect ics01 to the networks. They all connect ics01 to the LIC (Larg's Internet Cluster), providing HA and traffic seperation.

Different network cable colours show which one is which.

network interfaces

I buy ethernet things and add NICs (Network Interface Cards), like I did for xcl01.

LIC table: ics01 network interfaces
computer interface description IP address netmask
ics01 bond0 internet customer service - ethernet bonding for eth1 and eth2 192.168.0.6 255.255.248.0
ics01 eth1 internet customer service - biz01 test network 192.168.0.7 255.255.248.0
ics01 bond0:0 web server - ethernet bonding for eth1 and eth2 192.168.3.2 255.255.248.0
ics01 eth2 internet customer service - biz02 test network 192.168.40.4 255.255.255.0
ics01 eth0 internet customer service administration 192.168.80.2 255.255.248.0

OS

All the IBM PCs (Personal Computers) in the LIC (Larg's Internet Cluster) run the Debian distribution.

applications

Almost all the applications in the LIC (Larg's Internet Cluster) are from the Debian distribution.

packages

I want to remove Gnome NetworkManager on xcl01.

apt-get remove network-manager

I install packages for testing, HA and other system administration.

apt-get install  \
    apt-file firmware-linux-nonfree ifenslave lynx \
    ntp nut screen setserial snmp snmp-mibs-downloader \
    sysv-rc-conf tcpdump 

I install packages to provide services.

apt-get install \
    bacula-fd drupal6 nagios-nrpe-server openssh-server \
    snmpd varnish

I install perl modules for MySQL MMM.

apt-get install \
    liblog-log4perl-perl libmailtools-perl liblog-dispatch-perl \
    iproute libnet-arp-perl libproc-daemon-perl libalgorithm-diff-perl \
    libdbi-perl libdbd-mysql-perl

I usually use apt-get to install, but I install MySQL MMM using dpkg.

dpkg -i mysql-mmm-common_2.2.1-1_all.deb mysql-mmm-agent_2.2.1-1_all.deb

I install pressflow using gunzip.

gunzip pressflow-6.19.96.tar.gz

/etc/network/interfaces

I follow this procedure for a different host: add static IP addresses to ifw01. I do not use the values on that page. I use this configuration instead.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback
#
# adm01 network
# http://cluster.planetlarg.com/car-size-cluster-reference/ip-addresses/internet-dmz-adm01-19216880021
#
auto eth0
iface eth0 inet static
    address 192.168.80.2
    netmask 255.255.248.0
#
# biz01 network
# http://cluster.planetlarg.com/drupal6/car-size-cluster-reference/ip-addresses/internet-dmz-biz01-ip-addresses-1921680021
#
auto eth1
iface eth1 inet static
    address 192.168.0.7
    network 192.168.0.0
    netmask 255.255.248.0
    gateway 192.168.0.1
#
# biz02 network
# http://cluster.planetlarg.com/car-size-cluster-reference/ip-addresses/internet-dmz-biz02-19216840021
#
auto eth2
iface eth2 inet static
    address 192.168.40.4
    netmask 255.255.248.0
#
# bond the biz networks
# see http://cluster.planetlarg.com/car-size-cluster-build/add-ha-high-availability/bond-eth1-and-eth2-ics01
#
auto bond0
iface bond0 inet static
    pre-up  modprobe bond0
    address 192.168.0.6
    netmask 255.255.248.0
    gateway 192.168.0.1
    up      ifenslave    bond0 eth1 eth2
    down    ifenslave -d bond0 eth1 eth2
#
# web server interfaces
# http://cluster.planetlarg.com/drupal6/car-size-cluster-reference/ip-addresses/internet-dmz-biz01-ip-addresses-1921680021
#
auto bond0:1
iface bond0:1 inet static
    address 192.168.3.2
    network 192.168.0.0
    netmask 255.255.248.0
#

/etc/udev/rules.d/70-persistent-net.rules

I match interfaces with labels on ics01.

# This file was automatically generated by the /lib/udev/write_net_rules
# program run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single line.

# PCI device 0x8086:0x100e (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0b:db:c8:65:61", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

# PCI device 0x10ec:0x8169 (r8169)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:e0:4c:89:35:de", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"

# PCI device 0x10ec:0x8139 (8139too)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0e:2e:cb:ac:e0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth2"

/etc/resolv.conf

I add DNS to ics01.

domain planetlarg.com
search planetlarg.com
nameserver 192.168.80.7

/etc/hosts

127.0.0.1       ics01   localhost.localdomain   localhost
127.0.1.1       ics01.planetlarg.com    ics01

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

/etc/apt/sources.list

The non-free folder is where I get firmware for my ethernet cards.

#
# clean install
#
# deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official Multi-architecture amd64/i386 NETINST #1 20110205-14:45]/ squeeze main

#deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official Multi-architecture amd64/i386 NETINST #1 20110205-14:45]/ squeeze main

deb http://ftp.uk.debian.org/debian/ squeeze main
deb-src http://ftp.uk.debian.org/debian/ squeeze main

deb http://security.debian.org/ squeeze/updates main
deb-src http://security.debian.org/ squeeze/updates main

deb http://ftp.uk.debian.org/debian/ squeeze-updates main
deb-src http://ftp.uk.debian.org/debian/ squeeze-updates main

/etc/apt/apt.conf.d/10periodic

I add unattended updates to ics01

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";

/etc/apt/apt.conf.d/02proxy

I add the apt proxy to ics01

Acquire::http { Proxy "http://192.168.80.1:3142"; };

/etc/nut/upsmon.conf

I add the NUT application to ics01.

...
#
# my configuration
#
MONITOR ifw03@192.168.80.1 1 monmaster Pa55w0rd1 master
#
...

/etc/bacula/bacula-fd.conf

I add bacula to ics01.

#
# Default  Bacula File Daemon Configuration file
#
#  For Bacula release 2.4.4 (28 December 2008) -- debian 5.0
#
# There is not much to change here except perhaps the
# File daemon Name to
#

#
# List Directors who are permitted to contact this File daemon
#
Director {
  Name = ifw03-dir
  Password = "Pa55w0rd-for-file-storage"
}

#
# Restricted Director, used by tray-monitor to get the
#   status of the file daemon
#
Director {
  Name = ifw03-mon
  Password = "Pa55w0rd-for-tray-monitor"
  Monitor = yes
}

#
# "Global" File daemon configuration specifications
#
FileDaemon {                          # this is me
  Name = ifw03-fd
  FDport = 9102                  # where we listen for the director
  WorkingDirectory = /var/lib/bacula
  Pid Directory = /var/run/bacula
  Maximum Concurrent Jobs = 20
  FDAddress = ifw03-adm01
}

# Send all messages except skipped files back to Director
Messages {
  Name = Standard
  director = ifw03-dir = all, !skipped, !restored
}

/home/issalarg/.ssh/authorized_keys

I use public key authentication for SSH.

#
# not really my key from xcl01 
#
ssh-rsa ABcdB3NEAAAABIwAAAQYf0IgVazrDZV5hZMKbSGKoEDYifqEb7fRAg8FwRLn/VAXVBD8OPPZuQlld/0SYLucKgW9yu82QcnhgQj+ymDehZQu+gGRCnLK17ZzYfe6hyQgvdRBnS/6jumUPRrwBCxfOz3YpPYQXW3xoD6DF7Ma7QW1sldIyCpxsy70ehunW5h4WEC8p7S+rIrw6FGU8wAHR+w== issalarg@xcl01

/var/www/infrastructure/host1

I create test pages for the web server on ics01

ics01

/var/www/ldirectord.html

I create test pages for the web server on ics01

ldirectord test

/etc/aliases

...
issalarg: idc@planetlarg.net

/etc/snmp/snmpd.conf

I add snmpd to ics01.

...
com2sec readonly  default         public
...

/etc/default/snmpd

I add snmpd to ics01.

...
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid ics01-adm01'
...

/etc/nagios/nrpe_local.cfg

I add NRPE to ics01.

allowed_hosts=192.168.80.1

/etc/mysql/my.cnf

I install mysql on ics01.

...
bind-address            = 0.0.0.0
...

/etc/mysql/conf.d/replication.cnf

I add mysql replication configuration to ics01.

[mysqld]
#
# http://mysql-mmm.org/mmm2:guide
server_id           = 1
log_bin             = /var/log/mysql/mysql-bin.log
log_bin_index       = /var/log/mysql/mysql-bin.log.index
relay_log           = /var/log/mysql/mysql-relay-bin
relay_log_index     = /var/log/mysql/mysql-relay-bin.index
relay-log-info-file = /var/lib/mysql/mysql-relay-bin.info 
expire_logs_days    = 10
max_binlog_size     = 100M
log_slave_updates   = 1

/etc/default/mysql-mmm-agent

I add mysql MMM to ics01.

...
ENABLED=1
...

/etc/mysql-mmm/mmm_agent.conf

I add mysql MMM to ics01.

...
this db1
...

/etc/mysql-mmm/mmm_common.conf

I add mysql MMM to ics01.





/etc/drupal/6/sites/copy.planetlarg.net/dbconfig.php

I add drupal to ics01.

/etc/apache2/ports.conf

I add varnish to ics01.

...
NameVirtualHost *
Listen 80
Listen 8080
...

/etc/varnish/default.vcl

I add varnish to ics01.

backend default {
  .host = "127.0.0.1";
  .port = "8080";
  .connect_timeout = 600s;
  .first_byte_timeout = 600s;
  .between_bytes_timeout = 600s;
}

sub vcl_recv {
  if (req.request != "GET" &&
    req.request != "HEAD" &&
    req.request != "PUT" &&
    req.request != "POST" &&
    req.request != "TRACE" &&
    req.request != "OPTIONS" &&
    req.request != "DELETE") {
      /* Non-RFC2616 or CONNECT which is weird. */
      return (pipe);
  }

  if (req.request != "GET" && req.request != "HEAD") {
    /* We only deal with GET and HEAD by default */
    return (pass);
  }

  // Remove has_js and Google Analytics cookies.
  set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+)=[^;]*", "");

  // To users: if you have additional cookies being set by your system (e.g.
  // from a javascript analytics file or similar) you will need to add VCL
  // at this point to strip these cookies from the req object, otherwise
  // Varnish will not cache the response. This is safe for cookies that your
  // backed (Drupal) doesn't process.
  //
  // Again, the common example is an analytics or other Javascript add-on.
  // You should do this here, before the other cookie stuff, or by adding
  // to the regular-expression above.


  // Remove a ";" prefix, if present.
  set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
  // Remove empty cookies.
  if (req.http.Cookie ~ "^\s*$") {
    unset req.http.Cookie;
  }

  if (req.http.Authorization || req.http.Cookie) {
    /* Not cacheable by default */
    return (pass);
  }

  // Skip the Varnish cache for install, update, and cron
  if (req.url ~ "/car_size_cluster_reference/computers/ics01_internet_customer_service_1/install.htmlupdate.htmlcron.html") {
    return (pass);
  }

  // Normalize the Accept-Encoding header
  // as per: http://varnish-cache.org/wiki/FAQ/Compression
  if (req.http.Accept-Encoding) {
    if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
      # No point in compressing these
      remove req.http.Accept-Encoding;
    }
    elsif (req.http.Accept-Encoding ~ "gzip") {
      set req.http.Accept-Encoding = "gzip";
    }
    else {
      # Unknown or deflate algorithm
      remove req.http.Accept-Encoding;
    }
  }

  // Let's have a little grace
  set req.grace = 30s;

  return (lookup);
}

 sub vcl_hash {
   if (req.http.Cookie) {
     set req.hash += req.http.Cookie;
   }
 }

 // Strip any cookies before an image/js/css is inserted into cache.
 sub vcl_fetch {
   if (req.url ~ "\.(png|gif|jpg|swf|css|js)$") {
     // This is for Varnish 2.0; replace obj with beresp if you're running
     // Varnish 2.1 or later.
     unset obj.http.set-cookie;
   }
 }

 sub vcl_error {
   // Let's deliver a friendlier error page.
   // You can customize this as you wish.
   set obj.http.Content-Type = "text/html; charset=utf-8";
   synthetic {"
   <?xml version="1.0" encoding="utf-8"?>
   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
   <html>
     <head>
       <title>"} obj.status " " obj.response {"</title>
       <style type="text/css">
       #page {width: 400px; padding: 10px; margin: 20px auto; border: 1px solid black; background-color: #FFF;}
       p {margin-left:20px;}
       body {background-color: #DDD; margin: auto;}
       </style>
     </head>
     <body>
     <div id="page">
     <h1>Page Could Not Be Loaded</h1>
     <p>We're very sorry, but the page could not be loaded properly. This should be fixed very soon, and we apologize for any inconvenience.</p>
     <hr />     <h4>Debug Info:</h4>
     <pre>
 Status: "} obj.status {"
 Response: "} obj.response {"
 XID: "} req.xid {"
 </pre>
       <address><a href="http://www.varnish-cache.org/">Varnish</a></address>
       </div>
     </body>
    </html>
    "};
    deliver;
 }

/var/spool/cron/crontabs/root

I stop the LIC each night.

# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.0BUEfI/crontab installed on Fri Dec 17 01:37:53 2010)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
# m h  dom mon dow   command
55 23 * * * /sbin/poweroff