Lance Cleveland

AWS LEMP Stacks and EFS Issues

Lesson learned — if you are using EFS on production systems you want to be using provisioned throughput mode.

But, before we get into that, let’s go over the details of this implementation…

Service Configuration

We utilize AWS EC2 instances to run multiple WordPress sites hosted in different directories. The configuration is fairly standard: 2+ servers configured as part of an load-balanced cluster. The servers run from the same image meaning they use the same underlying software stack.

Part of that image includes a mounted EFS (Elastic File Storage) directory , used to share WordPress resources between all nodes in the cluster. The original architecture was designed to host not only the typically-shared wp-content/uploads folder of WordPress via this EFS mount but also the code. The thought was that sharing the code in this way would allow a system admin to easily update WordPress core, plugins, or themes from the typical wp-admin web login. Any code updates would immediately be reflected across all nodes.

EFS Web App Code Hosting – A Bad Idea

Turns out this is a bad idea for a few reasons. First of all, EFS volumes are mounted using the NFS4 (network file storage) protocol — this defines how the operating system handles file read/write operations for a network mounted drive. While NFS4 is fairly robust, the throughput of ANY network drive, even on a high speed AWS data center backbone, is much slower than a local drive such as an EBS volume.

That means that even on a good day every PHP file, JavaScript file, or anything else needed to serve up that WordPress web page are going to be a bit slower than normal.

However, the bigger problem comes to light if you happen to choose the default, and pushed as “the mode to use” by Amazon, EFS throughput mode known as “Burst mode”.

Read More

Internet Enabled Voting For US Elections

Internet enabled voting is a must IMO. Many that are afraid of the security risks and remote hacking have a very shallow, if any, understanding of the risks involved.

To claim physical (paper) voting is more secure is absurd. Every country that has used that system, including ours, has encountered fraud in some form.

Maybe this is the perfect catalyst for getting our Internet providers to finally enable IPV6. It would make external attacks a couple orders of magnitude more difficult. Not too mention providing direct 1:1 accountability to track every single device used to vote.

https://www.npr.org/2019/11/07/776403310/in-2020-some-americans-will-vote-on-their-phones-is-that-the-future

Internet Enabled Voting For US Elections

apple.news/A2hlUbDHwRjifTbSwv6fOZQ

Internet enabled voting is a must IMO. Many that are afraid of the security risks and remote hacking have a very shallow, if any, understanding of the risks involved.

To claim physical (paper) voting is more secure is absurd. Every country that has used that system, including ours, has encountered fraud in some form.

Maybe this is the perfect catalyst for getting our Internet providers to finally enable IPV6. It would make external attacks a couple orders of magnitude more difficult. Not too mention providing direct 1:1 accountability to track every single device used to vote.

Converting A Standalone Instance Into An EC2 Load Balanced Cluster

Creating a new web application that resides on an AWS load balanced cluster is easy with the Elastic Beanstalk assistant. That is a great solution if you want to run every web service or application on their own instances. It is not a great fit for complex environments like the one being used for Store Locator Plus®.

Store Locator Plus® has several environments running within the same master domain. Multiple servers and load balancers creates a security certificate nightmare. Not too mention it starts racking up EC2 server fees quickly if they each became their own cluster. The better option is to retain a server instance that allows us to run our SaaS offering, our buy-and-own plugin store, our documentation site, and our demo site from a single disk image. We want to setup a full EC2 Load Balanced Cluster to gain the benefits of horizontal scaling on a server hosting multiple domains and web apps.

While this is easy to do with a single EC2 instance that hosts multiple host names for the storelocatorplus.com domain, making it scalable under load is the trick. It turns out Elastic Beanstalk is not a good fit. Instead we need to build a load balanced cluster “from scratch”. We’ll need to combine a machine image from a running server with a Launch Template. We will need an Application Load Balancer that will have instances attached and detached automatically from an Auto Scaling Group that we will also create.

Our environment also has a configured EC2 instance to run the web application stacks, mostly WordPress, locally on an EBS volume that uses an Amazon Aurora MySQL RDS database in multiple zones for performance and reliability. These two features make it easy to replicate the disk image for the software portion and maintain a persistent DB store across all instances.

Read More

WP_User_Query Inverse (NOT) Search

It took a LOT longer than it should have to build an efficient query for WordPress users today. The query — an WP_User_Query INVERSE search.

The list I was trying to generate was based on two things:
– All users with a meta_key field ‘account_status’ containing the status ‘active’
– EXCLUDE all users with a nicename ending with “at_slp_dot_guru”

Turns out this is a LOT more difficult than it should be due to shortcomings in the WP_User_Query class. The solution that created the least amount of data queries , and thus improved performance over other “post filter” methods was to make use of the pre_user_query action hook that is part of WP_User_Query.

The Patch

The short version of the patch — use the pre_user_query to change an “INCLUDE all users with this search value” to an EXCLUDE for those same users. This is done by using the INCLUDE search filter than “flipping the logic” by replacing the field comparison in the WordPress-generated query to NOT LIKE instead of LIKE.

/**
 * Filter out SLP dot Guru accounts.
 *
 * @param WP_User_Query $wpUserQuery
 */
public function filterOutSLPDotGuru( $wpUserQuery ) {
   $new_query_where = str_replace( "(user_nicename LIKE '" , "(user_nicename NOT LIKE '" , $wpUserQuery->query_where);
   $wpUserQuery->query_where = $new_query_where;
}
Read More
%d bloggers like this: