To run a custom kernel, you need only two things, a kernel (of course!) and a GRUB configuration.

Lets start with GRUB. This assumes that you will not be using an initrd file, but you may use one, and that your kernel image will be installed as /boot/vmlinuz:

# mkdir -p /boot/grub
# cat <<EOF > /boot/grub/menu.lst
default		0
timeout		5

title		Linux Default
root		(hd0)
kernel		(hd0)/boot/vmlinuz root=/dev/sda1 ro console=xvc0 clocksource=jiffies
EOF

That is it for GRUB! Now, as for your kernel, you just need to make sure that it is compiled to run as a Xen DomU with paravirtualization. This requires that you use a recent Linux kernel with support for Xen enabled, or you use a patched kernel such as provided by XenSource (http://xenbits.xensource.com/linux-2.6.18-xen.hg)

The compiled kernel image may be placed anywhere inside your filesystem as long as GRUB is configured to point to it. The above example assumes this location is /boot/vmlinuz.

Finally, from the management console, execute the command, "boot-grub".  This command is API-accessible.  Unfortunately, for now, you will need to manually specify this whenever booting. Your VPS will boot with a system-default image by default, if for instance, the node crashes.  This caveat will disappear once we complete a migration of all accounts to a grub-based configuration.

We frequently get asked how to upgrade kernels, how to upgrade modules, etc.  This is actually in our knowledge-base, but I thought it would be useful to toss this onto the blog since we just pushed out a very important kernel upgrade, and want to make sure that this information is as accessible as possible!

1. Simply shutdown your VPS.  You must do a full shutdown and not a "reboot". 

2. Then, boot the machine from the management console.  IMPORTANT: If you have a 32-bit OS, you must use the command "boot32", this will be unnecessary in a future update.

3. Update your modules:

     wget -O - http://ftp.grokthis.net/pub/linux/modules/install_modules.sh | /bin/bash

4. You're done!  You might want to reboot if you depend on specific modules being available during boot.

By default, we do not upgrade customer's Rails applications to newer releases of Rails.  We have noticed that a large number of customers haven't been upgrading, and just want to make sure that customers know how to do so!

Simply edit your application's config/environment.rb as such to specify the version you would like to upgrade to:
-RAILS_GEM_VERSION = '1.1.6'

+RAILS_GEM_VERSION = '2.1.1'

Then, run 'rake rails:update' from with in your application's directory.


Notable upgrades for you would be:
 1.2.0
 1.2.6
 2.0.0
 2.0.4
 2.1.0
 2.1.1

Other versions can be available as well, but these are the earliest and latest point-releases available within each major release at the time of this writing.

We've been updating our webpages to become more "2.0". The GrokThis.net webpage now has keyword-based navigation, and the VPS Village pages are entirely AJAX-enabled. Quite simply, we're using Scriptalicious and Prototype for most of it. There is very little new backend code. Its quite simply a matter of removing the templates from the code. Out backend layout something like:

comp_root/
|
|- autohandler - site template
|- subdir/ - subdirectory
    |
    |- autohandler
    |- index.html
    |- index_plain.html

Assume comp_root/autohandler contains:

 <html><body>
  <h1>GrokThis</h1>
  <% $m->call_next %>
  <div id="footer">Copyright notice</div>
 </body></html>

Then comp_root/subdir/autohandler contains:

 <h2>Sub-Directory content</h2>
 <div id="content">
  <% $m->call_next %>
 </div>

Now, if comp_root/subdir/index.html contains:

 <h1>hello world</h1>

Loading http://example.net/subdir/ will render:

GrokThis
Sub-Directory content

hello world

Copyright notice

Now, here is the AJAX rub... we create index_plain.html which contains:

 <!-- Might want to add %ARGS here, or modify arguments as needed -->
 <& index.html &>
 <%flags>
 inherit=>undef
 </%flags>

When you load http://example.net/subdir/index_plain.html, you will see simply:

hello world

We will now copy the subdir directory to subdir2: cp -R subdir subdir2 Then, modify subdir2/index.html:

 <p>this is the subdir2 directory!</p>

All one needs to do then, is modify comp_root/autohandler:

 <html>
 <head><script language="javascript" src="prototype.js"></script></head>
 <body>
 <script>
 function update(contentvar, dirvar) {
  new Ajax.Updater(contentvar, dirvar, { method: 'get' });
 }
 </script>
  <h1>GrokThis</h1>
  <a href="/subdir" onclick="update('content','/subdir1'); return false;">
   Sub-Dir #1
  </a>
  <a href="/subdir1" onclick="update('content','/subdir1'); return false;">
   Sub-Dir #2
  </a>
  <% $m->call_next %>
  <div id="footer">Copyright notice</div>
 </body></html>

The content div will now update automatically, and it will fail-over for older browsers! Mason's idea of components really works well with the AJAX concept and there are all kinds of things you can do with it, and in much prettier ways than this. This example is meant to be short and easy... and very important, simple for retrofitting an existing site. Have fun, and take care!

Problem:

You want to give multiple physical users access to an SSH account but do not want to give each of the users full access to your account. More importantly, you want to restrict shell access, only allowing scp/sftp/rsync.

Answer:

Note, this procedure is only possible for users with root access to the machine such as with a VPS or Dedicated Server. This is not possible with shared hosting accounts. (such as the GrokThis.net Advanced or Traditional accounts)

1. First, install scprsynconly or scponly. My examples below use scprsynconly.
   
2. Install fakechroot, a dynamically linked busybox and a statically linked busybox.
   
3. Create a chroot containing the scp, sftp-server, and rsync binaries. (or any combination thereof if you wish to restrict access to one of these). I used "makejail" with the following configuration (for rsync only)

   chroot="/home/myuser/rsync-chroot"
   testCommandsInsideJail=["rsync","scprsynconly","busybox-dynamic"]
   processNames=["rsync","scprsynconly","busybox-dynamic"]
   

4. Edit /etc/ssh/sshd_config, adding "PermitUserEnvironment yes".
   

   WARNING: This can be a security risk. This procedure should limit that risk when using our custom shell, but this could be an issue if you have other SSH users on the machine.

5. For each user you wish to grant access, collect from them a public SSH key, placing their keys into /home/myuser/.ssh/authorized_keys. Each key should specify the directory to which they will be jailed: envrionment="SAFE_CHROOTDIR=/home/myuser/my_friends/johndoe". Example: (actual key abbreviated)
   

   environment="SAFE_CHROOTDIR=/home/myuser/my_friends/eric" ssh-rsa AAAAB3NzaC1k0= eric.windisch

6. Inside each "SAFE_CHROOTDIR", mount-bind the chroot directory readonly as '.chroot'. You can do this as root with 'mount --bind', or as I have, with FUSE's bindfs which allowed me to do this directly as user 'myuser'.
7. Create the following script as "scprsynconly-wrapper", and set this as the shell for user "myuser".
   

    #!/bin/busybox-static sh
   /bin/busybox-static env - \
           PATH="/.chroot/bin:/.chroot/usr/bin:/usr/bin:/bin" \
           /usr/bin/fakechroot -s /usr/sbin/chroot "$SAFE_CHROOTDIR" \
           "$SAFE_CHROOTDIR/.chroot/usr/bin/scprsynconly" "$@"
   

8. To preven downloads of the .chroot directory, move /home/myuser/rsync-chroot/usr/bin/rsync to rsync.real and create a shell script called 'rsync' (mode 755):
   

   #!/.chroot/bin/busybox-dynamic sh
   .chroot/usr/bin/rsync.real --exclude /.chroot $@

9. Now, simply do from your client machine:
   

   rsync -e ssh -a myuser@myhost:/ dest_dir/