Monday, December 9, 2013
Ubuntu 12.04 Precise: "libmysqlclient.so.16: no version information available"
This is a difficult issue to troubleshoot on google as there is lots of interference as well as confusion. Here is what I have done to over come this issue, and the issue we're faced with when trying to resolve it with apt-get.
The Error:
/usr/lib/nagios/plugins/check_mysql: libmysqlclient.so.16: no version information available (required by /usr/lib/nagios/plugins/check_mysql)
The Common Sense Solution that doesnt work:
#1 - doesnt work
cd /usr/lib/x86_64-linux-gnu/ && ln -s /usr/lib/x86_64-linux-gnu/libmysqlclient.so.18 libmysqlclient.so.16
#2 - doesnt work
root@pbsiplb1:[/usr/lib/x86_64-linux-gnu]: apt-get install libmysqlclient16
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package libmysqlclient16
The Solution:
wget http://launchpadlibrarian.net/75954717/libmysqlclient16_5.1.58-1ubuntu1_amd64.deb
dpkg -i ./libmysqlclient16_5.1.58-1ubuntu1_amd64.deb
Friday, November 1, 2013
Revert from Java 7 from Oracle to the Apple-provided Java SE 6 web plug-in and Web Start functionality
http://support.apple.com/kb/HT5559??
This acually worked for me...when are they going to stop putting white spaces in directory names?
sudo mkdir -p /Library/Internet\ Plug-Ins/disabled
sudo mv /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin /Library/Internet\ Plug-Ins/disabled
sudo ln -sf /System/Library/Java/Support/Deploy.bundle/Contents/Resources/JavaPlugin2_NPAPI.plugin /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin
sudo ln -sf /System/Library/Frameworks/JavaVM.framework/Commands/javaws /usr/bin/javaws
Sunday, July 14, 2013
Cannot find module (IANAifType-MIB)
you can fix these errors:
Cannot find module (IANAifType-MIB): At line 13 in /usr/share/mibs/ietf/IF-MIB
Did not find 'IANAifType' in module #-1 (/usr/share/mibs/ietf/IF-MIB)
Cannot find module (IANA-RTPROTO-MIB): At line 14 in /usr/share/mibs/ietf/IP-FORWARD-MIB
Did not find 'IANAipRouteProtocol' in module #-1 (/usr/share/mibs/ietf/IP-FORWARD-MIB)
No log handling enabled - turning on stderr logging
MIB search path: /var/www/.snmp/mibs:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp
Cannot find module (IANAifType-MIB): At line 13 in /usr/share/mibs/ietf/IF-MIB
Did not find 'IANAifType' in module #-1 (/usr/share/mibs/ietf/IF-MIB)
Cannot find module (IANA-RTPROTO-MIB): At line 14 in /usr/share/mibs/ietf/IP-FORWARD-MIB
Did not find 'IANAipRouteProtocol' in module #-1 (/usr/share/mibs/ietf/IP-FORWARD-MIB)
No log handling enabled - turning on stderr logging
by running the following:
$ sudo apt-get install snmp-mibs-downloader
but most likely you had those installed, so just do this:
$ sudo download-mibs
$ sudo sed -i 's/^mibs/#mibs/g' /etc/snmp/snmp.conf
Cannot find module (IANAifType-MIB): At line 13 in /usr/share/mibs/ietf/IF-MIB
Did not find 'IANAifType' in module #-1 (/usr/share/mibs/ietf/IF-MIB)
Cannot find module (IANA-RTPROTO-MIB): At line 14 in /usr/share/mibs/ietf/IP-FORWARD-MIB
Did not find 'IANAipRouteProtocol' in module #-1 (/usr/share/mibs/ietf/IP-FORWARD-MIB)
No log handling enabled - turning on stderr logging
MIB search path: /var/www/.snmp/mibs:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp
Cannot find module (IANAifType-MIB): At line 13 in /usr/share/mibs/ietf/IF-MIB
Did not find 'IANAifType' in module #-1 (/usr/share/mibs/ietf/IF-MIB)
Cannot find module (IANA-RTPROTO-MIB): At line 14 in /usr/share/mibs/ietf/IP-FORWARD-MIB
Did not find 'IANAipRouteProtocol' in module #-1 (/usr/share/mibs/ietf/IP-FORWARD-MIB)
No log handling enabled - turning on stderr logging
by running the following:
$ sudo apt-get install snmp-mibs-downloader
but most likely you had those installed, so just do this:
$ sudo download-mibs
$ sudo sed -i 's/^mibs/#mibs/g' /etc/snmp/snmp.conf
Thursday, June 13, 2013
Saturday, May 18, 2013
server.gif fix for omd 0.56
cp /opt/omd/versions/0.56/share/nagios/htdocs/images/logos/server.gif /omd/versions/0.56/share/check_mk/web/htdocs/images/icons/
Saturday, April 13, 2013
alias for converting unix epoch time
alias conv="perl -pe 's/(\d+)/localtime($1)/e'"
tail -f nagios.log | conv
Saturday, April 6, 2013
non-root user capture
ssh -X user@host
sudo apt-get install libcanberra-gtk-module libcap2-bin
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 750 /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
sudo getcap /usr/bin/dumpcap
Launch wireshark
Capture
Wednesday, April 3, 2013
when did linux boot?
jibe02:~# cat /proc/stat
cpu 93878078 0 16855580 25751420315 34959524 105248 583941 0 0
cpu0 17320194 0 4114063 6378518608 8860219 25377 139115 0 0
cpu1 31359989 0 5080216 6433128705 9034045 26296 152290 0 0
cpu2 23660085 0 3881774 6448155438 8538259 27098 140773 0 0
cpu3 21537809 0 3779525 6491617563 8527000 26475 151761 0 0
intr 2015970250 64 0 0 0 0 0 0 0 5 0 0 0 0 0 0 0 0 0 125 0 0 0 0 23 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 7317621 1852240958 156411454 0 0 0 0 0 0 0 0 0
ctxt 49060828436
btime 1301067620
processes 5483876
procs_running 1
procs_blocked 0
jibe02:~# date -R -d @1301067620
Fri, 25 Mar 2011 08:40:20 -0700
Thursday, March 28, 2013
Tests on Linux Real-Time Kernel
http://www.zeromq.org/results:rt-tests-v031
Conclusion: "Our tests prove that the real-time Linux kernel, specifically, SUSE Linux Enterprise Real Time 10 SP2, is capable of eliminating latency spikes. It is expected that our results would be even more favourable for the real-time Linux kernel if these tests were run on boxes loaded with other tasks, rather than on a clean and idle test environment."
Thursday, March 21, 2013
This one reverses the bits in a word
n = ((n >> 1) & 0x55555555) | ((n << 1) & 0xaaaaaaaa);
n = ((n >> 2) & 0x33333333) | ((n << 2) & 0xcccccccc);
n = ((n >> 4) & 0x0f0f0f0f) | ((n << 4) & 0xf0f0f0f0);
n = ((n >> 8) & 0x00ff00ff) | ((n << 8) & 0xff00ff00);
n = ((n >> 16) & 0x0000ffff) | ((n << 16) & 0xffff0000);
Wednesday, March 20, 2013
Graphite chart Y-Axis scale changes with width and height of graph
https://answers.launchpad.net/graphite/+question/152690
I made the chart wider (1400 pixels for 700 minutes of time), thereby having more pixels than horizontal data points.
I was struggling to find the place to manage my legend for each chart, check out the Apply Function menu, and then go down into Special | Add values to legend name | {choices}
Tuesday, March 19, 2013
Great article on NUMA and mysqld
http://blog.jcole.us/2010/09/28/mysql-swap-insanity-and-the-numa-architecture/
Wednesday, March 13, 2013
iptables kmod auto-loading
Something like this happened to us recently..
http://backstage.soundcloud.com/2012/08/shoot-yourself-in-the-foot-with-iptables-and-kmod-auto-loading/
http://backstage.soundcloud.com/2012/08/shoot-yourself-in-the-foot-with-iptables-and-kmod-auto-loading/
Monday, March 11, 2013
adjust retention time for carbon and resize whisper files
some graphite storage-schema.conf examples out there only retain data for 1 day.
[default_1min_for_1day]
pattern = .*
retentions = 60s:1d
this comes as a surprise later when you go back to look at your data and its not there...its been rotated out by carbon due to the geometry of the whisper file. the whisper file has a finite size...ya dig?
Update the retention rule in /opt/graphite/conf/storage-schemas.conf
[default_1min_for_1year]
pattern = .*
retentions = 60s:525600
#adjust existing whisper files
find /opt/graphite/storage/whisper -type f -name "*.wsp" | xargs -I{} whisper-resize.py {} 60:5256000
#restart carbon
/usr/bin/python /opt/graphite/bin/carbon-cache.py --config=/opt/graphite/conf/carbon.conf start
root@nagios4.sv3:~$ ls -la /opt/graphite/storage/whisper/prod/web1/apache/
total 43272
drwxr-xr-x 3 root root 4096 Mar 11 20:15 .
drwxr-xr-x 9 root root 4096 Feb 25 05:19 ..
-rw-r--r-- 1 root root 6307228 Mar 11 20:34 busy_workers.wsp
-rwxr-xr-x 1 root root 17308 Mar 11 20:15 busy_workers.wsp.bak
[default_1min_for_1day]
pattern = .*
retentions = 60s:1d
this comes as a surprise later when you go back to look at your data and its not there...its been rotated out by carbon due to the geometry of the whisper file. the whisper file has a finite size...ya dig?
Update the retention rule in /opt/graphite/conf/storage-schemas.conf
[default_1min_for_1year]
pattern = .*
retentions = 60s:525600
#adjust existing whisper files
find /opt/graphite/storage/whisper -type f -name "*.wsp" | xargs -I{} whisper-resize.py {} 60:5256000
#restart carbon
/usr/bin/python /opt/graphite/bin/carbon-cache.py --config=/opt/graphite/conf/carbon.conf start
root@nagios4.sv3:~$ ls -la /opt/graphite/storage/whisper/prod/web1/apache/
total 43272
drwxr-xr-x 3 root root 4096 Mar 11 20:15 .
drwxr-xr-x 9 root root 4096 Feb 25 05:19 ..
-rw-r--r-- 1 root root 6307228 Mar 11 20:34 busy_workers.wsp
-rwxr-xr-x 1 root root 17308 Mar 11 20:15 busy_workers.wsp.bak
the old file is there, thats how big a file is that keeps data for a single day at 1min interval.
the other file represents a year at 1min interval. makes it easy to do capacity planning for monitoring.
find /opt/graphite/storage/whisper -type f -name "*.wsp.bak" | xargs -I{} rm -f {}
Saturday, March 9, 2013
script to get sha-256 hash of myql table descriptions
#!/bin/bash
# Generate SHA-256 hash database schema
# and a hash of each individual table schema
# then we can see where changes have taken place.
usage() {
cat <
usage: $0 -d DNAME -h DBHOST
-d db name
-h db host
EOF
exit 1
}
while getopts "d:h:" OPTION; do
case "$OPTION" in
d) DB="$OPTARG" ;;
h) DBHOST="$OPTARG" ;;
\?) echo "Invalid Option: -$OPTARG" >&2
usage
exit 1 ;;
*) usage
exit 1 ;;
esac
done
#enforce argument policy
[[ -z "$DB" ]] && usage;
[[ -z "$DBHOST" ]] && usage;
Q=`echo TRGtZ123Ec234REpKCg== | base64 -i -d -`
echo $DB_VERSION
#dump the schema and hash the whole thing
DBSCHEMA=`mysqldump -h$DBHOST --no-data -p$Q -uroot $DB`
DHASH=`echo $DBSCHEMA | openssl dgst -sha256`
echo "schemadump:"$DHASH
#get tables in the db
TABLES=`mysql --skip-column-names -h$DBHOST -p$Q -uroot $DB -e "SHOW TABLES;"`
#show the tables so we see what it truly is
echo $TABLES;
for i in $TABLES; do
TABLESCHEMA=`mysql -h$DBHOST -p$Q -uroot $DB -e "desc $i;"`
THASH=`echo $TABLESCHEMA | openssl dgst -sha256`
echo $i:$THASH
done
# Generate SHA-256 hash database schema
# and a hash of each individual table schema
# then we can see where changes have taken place.
usage() {
cat <
usage: $0 -d DNAME -h DBHOST
-d db name
-h db host
EOF
exit 1
}
while getopts "d:h:" OPTION; do
case "$OPTION" in
d) DB="$OPTARG" ;;
h) DBHOST="$OPTARG" ;;
\?) echo "Invalid Option: -$OPTARG" >&2
usage
exit 1 ;;
*) usage
exit 1 ;;
esac
done
#enforce argument policy
[[ -z "$DB" ]] && usage;
[[ -z "$DBHOST" ]] && usage;
Q=`echo TRGtZ123Ec234REpKCg== | base64 -i -d -`
echo $DB_VERSION
#dump the schema and hash the whole thing
DBSCHEMA=`mysqldump -h$DBHOST --no-data -p$Q -uroot $DB`
DHASH=`echo $DBSCHEMA | openssl dgst -sha256`
echo "schemadump:"$DHASH
#get tables in the db
TABLES=`mysql --skip-column-names -h$DBHOST -p$Q -uroot $DB -e "SHOW TABLES;"`
#show the tables so we see what it truly is
echo $TABLES;
for i in $TABLES; do
TABLESCHEMA=`mysql -h$DBHOST -p$Q -uroot $DB -e "desc $i;"`
THASH=`echo $TABLESCHEMA | openssl dgst -sha256`
echo $i:$THASH
done
Friday, March 8, 2013
Saturday, March 2, 2013
how to brain transplant a linux system from Dell to HP C-class Blade
How to brain transplant linux:
Use install media to bring new blade host to base OS.
- PXE Boot to rescue mode, follow instructions to shell
- Verify partitions (because these Blades had CentOS installed on them for testing purposes, the partitions should be OK, but best to be sure):
fdisk -l
Device Boot Start End Blocks Id System
/dev/sda1 * 1 6774 54412123+ 83 Linux
/dev/sda2 6775 7297 4200997+ 82 Linux swap / Solaris
Ensure you've mounted your disk properly with your rescue operation (mount should show /dev/sda1 mounted as /mnt/sysimage/)
Unmount the rescue proc and sys
umount /mnt/sysimage/proc
umount /mnt/sysimage/sys
umount /mnt/sysimage/dev/pts
umount /mnt/sysimage/dev
umount /mnt/sysimage/selinux
Remove the old OS, you don't need that anymore:
cd /mnt/sysimage/
rm -rf *
Remake your proc and sys and dev folders:
mkdir proc sys dev
Take note of the IP you picked up from DHCP on vlan1:
ifconfig eth0
+++
Login to your source system
Disable crontab schedules for various jobs
Shutdown application services and other running resources on the source system
Cleanup /var/spool/clientmqueue
find /var/spool/clientmqueue -type f -mtime +1 -exec rm {} \;
Cleanup /home/backups/
Verify source is not larger than 50GB
Tar > netcat the file system of your source DM over to new device
On your new host:
nc -l -p 5555 | tar xvvf -
On your source host, in a screen session:
tar cvvf - bin boot etc home lib lib64 lost+found media misc mnt net opt root sbin selinux srv tmp usr var | nc 5555
*nc on centOS does not have the -q option that modern variants of nc have
Once that is completed (they both should die elegantly) chroot to your new environment, and make appropriate changes to grub, fstab, and mtab, and then run grub-install /dev/sda to install the new MBR to the new drive:
chroot /mnt/sysimage
mount -t proc proc proc
mount -t sysfs sysfs sys
cd dev
MAKEDEV generic
grub-install /dev/sda
cd
vim /etc/mtab (change /dev/sda2 to /dev/sda1)
vim /etc/fstab (change LABEL=/1 to /dev/sda1 and LABEL=SWAP-sda3 to /dev/sda2)
vim /boot/grub/menu.lst (change all hd0,1 to hd0,0)
Shutdown the source system and shut the switchports going to that system.
Remove the mac address line from the network-scripts configs
Reboot the new HP blade server.
Once reconnected to the internet, verify nagios checks are coming back good.
Deactivate any OMSA specific checks for the DM in Nagios
Configure the Dell OMSA gear to not startup:
chkconfig dsm_om_connsvc off
chkconfig dsm_om_shrsvc off
chkconfig dsm_sa_ipmi off
Install the HP SIM Software *NOTE: voip1-8.sv3 are i686, and voip9 is cents 6.X*
For Centos 5.X server i686 (voip1-8): wget http://admin1-1.sv3.somedomain.com/hpsim/bootstrap.sh
bootstrap.sh ProLiantSupportPack
For Centos 6.x x64 server (voip9): wget http://admin1-1.sv3.somedomain.com/hpsim/psp-9.10.rhel6.x86_64.en.tar.gz
For Centos 5.x x64 servers (voip10-27): wget http://admin1-1.sv3.somedomain.com/hpsim/psp-9.10.rhel5.x86_64.en.tar.gz
yum install -y hp-health hp-smh-templates hp-snmp-agents hpacucli hpdiags hpmouse hponcfg hpsmh cpqacuxe
cd /tmp
wget http://labs.consol.de/download/shinken-nagios-plugins/check_hpasm-4.6.3.tar.gz
tar zxvf check_hpasm-4.6.3.tar.gz
cd check_hpasm-4.6.3
./configure --enable-hpacucli
make
cp -av plugins-scripts/check_hpasm /usr/local/nagios/libexec/
Added to /usr/local/nagios/etc/nrpe.cfg in command definition section:
command[check_hpasm]=/usr/local/nagios/libexec/check_hpasm $ARG1$
Ran 'visudo' and changed Nagios permitted commands to:
nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl, /sbin/hpasmcli, /sbin/hpacucli, /usr/sbin/hpacucli
Defaults:nagios !requiretty
uncomment the crontabs
Use install media to bring new blade host to base OS.
- PXE Boot to rescue mode, follow instructions to shell
- Verify partitions (because these Blades had CentOS installed on them for testing purposes, the partitions should be OK, but best to be sure):
fdisk -l
Device Boot Start End Blocks Id System
/dev/sda1 * 1 6774 54412123+ 83 Linux
/dev/sda2 6775 7297 4200997+ 82 Linux swap / Solaris
Ensure you've mounted your disk properly with your rescue operation (mount should show /dev/sda1 mounted as /mnt/sysimage/)
Unmount the rescue proc and sys
umount /mnt/sysimage/proc
umount /mnt/sysimage/sys
umount /mnt/sysimage/dev/pts
umount /mnt/sysimage/dev
umount /mnt/sysimage/selinux
Remove the old OS, you don't need that anymore:
cd /mnt/sysimage/
rm -rf *
Remake your proc and sys and dev folders:
mkdir proc sys dev
Take note of the IP you picked up from DHCP on vlan1:
ifconfig eth0
+++
Login to your source system
Disable crontab schedules for various jobs
Shutdown application services and other running resources on the source system
Cleanup /var/spool/clientmqueue
find /var/spool/clientmqueue -type f -mtime +1 -exec rm {} \;
Cleanup /home/backups/
Verify source is not larger than 50GB
Tar > netcat the file system of your source DM over to new device
On your new host:
nc -l -p 5555 | tar xvvf -
On your source host, in a screen session:
tar cvvf - bin boot etc home lib lib64 lost+found media misc mnt net opt root sbin selinux srv tmp usr var | nc
*nc on centOS does not have the -q option that modern variants of nc have
Once that is completed (they both should die elegantly) chroot to your new environment, and make appropriate changes to grub, fstab, and mtab, and then run grub-install /dev/sda to install the new MBR to the new drive:
chroot /mnt/sysimage
mount -t proc proc proc
mount -t sysfs sysfs sys
cd dev
MAKEDEV generic
grub-install /dev/sda
cd
vim /etc/mtab (change /dev/sda2 to /dev/sda1)
vim /etc/fstab (change LABEL=/1 to /dev/sda1 and LABEL=SWAP-sda3 to /dev/sda2)
vim /boot/grub/menu.lst (change all hd0,1 to hd0,0)
Shutdown the source system and shut the switchports going to that system.
Remove the mac address line from the network-scripts configs
Reboot the new HP blade server.
Once reconnected to the internet, verify nagios checks are coming back good.
Deactivate any OMSA specific checks for the DM in Nagios
Configure the Dell OMSA gear to not startup:
chkconfig dsm_om_connsvc off
chkconfig dsm_om_shrsvc off
chkconfig dsm_sa_ipmi off
Install the HP SIM Software *NOTE: voip1-8.sv3 are i686, and voip9 is cents 6.X*
For Centos 5.X server i686 (voip1-8): wget http://admin1-1.sv3.somedomain.com/hpsim/bootstrap.sh
bootstrap.sh ProLiantSupportPack
For Centos 6.x x64 server (voip9): wget http://admin1-1.sv3.somedomain.com/hpsim/psp-9.10.rhel6.x86_64.en.tar.gz
For Centos 5.x x64 servers (voip10-27): wget http://admin1-1.sv3.somedomain.com/hpsim/psp-9.10.rhel5.x86_64.en.tar.gz
yum install -y hp-health hp-smh-templates hp-snmp-agents hpacucli hpdiags hpmouse hponcfg hpsmh cpqacuxe
cd /tmp
wget http://labs.consol.de/download/shinken-nagios-plugins/check_hpasm-4.6.3.tar.gz
tar zxvf check_hpasm-4.6.3.tar.gz
cd check_hpasm-4.6.3
./configure --enable-hpacucli
make
cp -av plugins-scripts/check_hpasm /usr/local/nagios/libexec/
Added to /usr/local/nagios/etc/nrpe.cfg in command definition section:
command[check_hpasm]=/usr/local/nagios/libexec/check_hpasm $ARG1$
Ran 'visudo' and changed Nagios permitted commands to:
nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl, /sbin/hpasmcli, /sbin/hpacucli, /usr/sbin/hpacucli
Defaults:nagios !requiretty
uncomment the crontabs
Friday, March 1, 2013
twitter api notes
http://apiwiki.twitter.com/
API is entirely HTTP-based
The Twitter API supports UTF-8 encoding. Please note that angle brackets ("<" and ">") are entity-encoded to prevent Cross-Site Scripting attacks for web-embedded consumers of JSON API output. The resulting encoded entities do count towards the 140 character limit. When requesting XML, the response is UTF-8 encoded. Symbols and characters outside of the standard ASCII range may be translated to HTML entities.
Two APIs - REST and Search.
The Twitter REST API methods allow developers to access core Twitter data. This includes update timelines, status data, and user information.
The Search API methods give developers methods to interact with Twitter Search and trends data. The concern for developers given this separation is the effects on rate limiting and output format.
Rate Limiting
REST API
150 calls per hour
The REST API does account- and IP-based rate limiting. Authenticated API calls are charged to the authenticating user's limit while unauthenticated API calls are deducted from the calling IP address' allotment.
Rate limiting only applies to methods that request information with the HTTP GET command. API methods that use HTTP POST to submit data to Twitter, such as statuses/update do not affect rate limits.
Can request whitelisting to make up to 20000 requests per hour.
Search API
The Search API is rate limited by IP address. The actual limit is not specified but it is quite high.
requires that applications include a unique and identifying User Agent string. A HTTP Referrer is expected but is not required.
Tuesday, February 26, 2013
fix drbd split brain
This will force a full sync:
badNode#
drbdadm secondary all
drbdadm disconnect all
(..goes into StandAlone Secondary/Unknown)
drbdadm invalidate all
drbdadm connect all
goodNode#
drbdadm connect all
Monday, February 25, 2013
tunnelblick configuration
SCZ OpenVPN Tunnelblick Configuration File
When work on the fan-boi hardware, I use http://code.google.com/p/tunnelblick/ with good results.
See below for a simple configuration file I use:
tls-client
dev tap
proto udp
remote 123.456.789.0 443
nobind
pull
persist-key
persist-tun
comp-lzo
verb 3
-----BEGIN CERTIFICATE-----
MIIDsjCCAxugAwIBAgIJAOzhjavkykwEMA0GCSqGSIb3DQEBBAUAMIGYMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTClNhbnRhIENydXoxJTAjBgNV
BAoTHFJlbGlhbmNlIENvbW11bmljYXRpb25zIEluYy4xFDASBgNVBAMTC3Njb2Zm
aWNldnBuMSowKAYJKoZIhvcNAQkBFhtiaGVuY2tlQHNjaG9vbG1lc3Nlbmdlci5j
b20wHhcNMDgwMTE2MjEwNDQ2WhcNMTgwMSEzMjEwNDQ2WjCBmDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpTYW50YSBDcnV6MSUwIwYDVQQKExxS
ZWxpYW5jZS098Db21tdW5pY2F0aW9ucyBJbmMuMRQwEgYDVQQDEwtzY29mZmljZXZw
bjEqMCgGCSqGSIb3DQEJARYbYmhlbmNrZUBzY2hvb2xtZXNzZW5nZXIuY29tMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1EHHthfKq6lZMkNht+lpLb0tyGQHY
7quOAtGUEJpzQgWxc6Ebq2pafYy+aenIFi+8B6Z8f1Tisz+pAlc74B9NCoevz44F
L3KiARwXWw5+JTfllinOb9kt9EW07FCejOQ1Uwz/ItUoSoOVLEmrMYDbZMpNkv5y
EuN4BHQzDI54HwIDAQABo4IBADCB/TAdBgNVHQ4EFgQUlpaE91AP8fodDQc2a1Fm
accBcuwwgc0GA1UdIwSBxTCBwoAUlpaE91AP8fodDQc2a1FmaccBcuyhgZ6kgZsw
gZgxCzAJBgNVBsAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKU2FudGEgQ3J1
ejElMCMGA1UEChMcUmVsaWFuY2UgQ29tbXVuaWNhdGlvbnMgSW5jLjEUMBIGA1UE
AxMLc2NvZmZpY2V2cG4xKjAoBgkqhkiG9w0BCQEWG2JoZW5ja2VAc2Nob29sbWVz
c2VuZ2VyLmNvbYIJAOzhjavkykwEMAwGA1U3EwQFMAMBAf8wDQYJKoZIhvcNAQEE
BQADgYEAiUOk/5DZIOzGPy2oLgME4ih0VfCRndZPkCg6f1bnJ1NUi/tR4GKE3vm5
gkyIrn97AwPwyG+/CHcspbXnZbiw9XqHpnhPugmCud5YQ3QaVgDsGbESmtdeFkHO
JKN9ktl6TrJYsTzc7Y6XwRZ5vCHjofJoOhII8c38gMq6VajQOmA=
-----END CERTIFICATE-----
client cert here
client key here
Wednesday, February 20, 2013
DKIM New Best Practices In Wake of Disclosed Key Length Vulnerability
http://www.maawg.org/m3aawg-issues-dkim-new-best-practices-wake-disclosed-key-length-vulnerability
ntp.conf
server ntp1 iburst
server ntp2 iburst
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
restrict -4 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict 10.0.0.0 mask 255.0.0.0
Saturday, February 16, 2013
editing graphite.db
I'm not all that experienced with Django, or sqlite. But, today I figured out how to delete graph views from the graphite.db to get rid of graphs that cant be deleted through the UI. At first I tried using 'django-admin.py', but the 'manage.py' wrapper was easier to use because I didn't need to create env vars.
#location of manage.py and settings.py
cd /opt/graphite/webapp/graphite
root@monitor1.sv3:/opt/graphite/webapp/graphite$ python manage.py dbshell
SQLite version 3.7.3
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite>.help
#outputs help here
Most of the time I have trouble deleting graphs from "My Graphs" or "User Graphs", below is an example of an entry where I made a spelling error as well as a poor choice for naming (I used periods instead of underscore, ..oops.).
To do that:
sqlite> select * from account_mygraph;
2|2|Most Deviant Web Servers with respecet to somepoorlynamed.file.php|http://10.80.1.5:8080/render/?width=1564&height=299&_salt=1360994411.086&target=mostDeviant(2%2C%20prod.web*.apache.properlynamed_file_php)&title=Most%20Deviant%20Web%20Servers%20with%20respect%20to%poorlynamed.file.php
Check the schema to get the column name
sqlite> .schema account_mygraph
CREATE TABLE "account_mygraph" (
"id" integer NOT NULL PRIMARY KEY,
"profile_id" integer NOT NULL REFERENCES "account_profile" ("id"),
"name" varchar(64) NOT NULL,
"url" text NOT NULL
);
Done.
Check the UI
This site was helpful: http://www.sqlite.org/sqlite.html
#location of manage.py and settings.py
cd /opt/graphite/webapp/graphite
root@monitor1.sv3:/opt/graphite/webapp/graphite$ python manage.py dbshell
SQLite version 3.7.3
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite>.help
#outputs help here
Most of the time I have trouble deleting graphs from "My Graphs" or "User Graphs", below is an example of an entry where I made a spelling error as well as a poor choice for naming (I used periods instead of underscore, ..oops.).
To do that:
sqlite> select * from account_mygraph;
2|2|Most Deviant Web Servers with respecet to somepoorlynamed.file.php|http://10.80.1.5:8080/render/?width=1564&height=299&_salt=1360994411.086&target=mostDeviant(2%2C%20prod.web*.apache.properlynamed_file_php)&title=Most%20Deviant%20Web%20Servers%20with%20respect%20to%poorlynamed.file.php
Check the schema to get the column name
sqlite> .schema account_mygraph
CREATE TABLE "account_mygraph" (
"id" integer NOT NULL PRIMARY KEY,
"profile_id" integer NOT NULL REFERENCES "account_profile" ("id"),
"name" varchar(64) NOT NULL,
"url" text NOT NULL
);
#Delete record
sqlite> delete from account_mygraph where id = 2
Done.
Check the UI
This site was helpful: http://www.sqlite.org/sqlite.html
Tuesday, February 12, 2013
history configuration enhancements
shopt -s histappend
export HISTSIZE=999999
export HISTTIMEFORMAT='%F %T '
Monday, February 11, 2013
dstat commands
dstat -c --top-cpu -d --top-bio --top-latency
dstat -cndymlp -N total -D 5 25
dstat dstat -s --top-io-adv --top-bio-adv
Source: http://dag.wieers.com/home-made/dstat/
Saturday, February 9, 2013
rrd's not showing up in graphite
rrd's not showing up in graphite?
On the graphite system, check if the rrd's were written on 64-bit or 32-bit system.
rrdtool info filename.rrd
If the graphite system is a different arch, convert them to xml with:
for i in `ls *.rrd`; do rrdtool dump $i > $i.xml; done
Convert back after moving the files:
for i in `find . -name '*.xml'`; do rrdtool restore $i `echo $i |sed s/.xml//g`; don
This article was helpful.
http://slog.carlheaton.co.uk/index.php/2009/10/converting-32bit-rrd-to-64bit-rrd-moving-cacti-between-architectures/
On the graphite system, check if the rrd's were written on 64-bit or 32-bit system.
rrdtool info filename.rrd
If the graphite system is a different arch, convert them to xml with:
for i in `ls *.rrd`; do rrdtool dump $i > $i.xml; done
Convert back after moving the files:
for i in `find . -name '*.xml'`; do rrdtool restore $i `echo $i |sed s/.xml//g`; don
This article was helpful.
http://slog.carlheaton.co.uk/index.php/2009/10/converting-32bit-rrd-to-64bit-rrd-moving-cacti-between-architectures/
mongodb main process terminated with status 100
catch
mongodb does not start
mongodb main process terminated with status 100
try
rm /var/lib/mongodb/mongod.lock
mongodb does not start
mongodb main process terminated with status 100
try
rm /var/lib/mongodb/mongod.lock
Friday, February 8, 2013
mount /proc on openbsd or freebsd
mkdir /proc
mount -t procfs proc /proc
or
echo "proc /proc procfs rw 0 0" > /etc/fstab
Thursday, February 7, 2013
Nagios Stats 07Feb2013
Monitoring Performance
Service Check Execution Time: 0.02 / 18.13 / 0.945 sec
Service Check Latency: 0.00 / 0.97 / 0.382 sec
Host Check Execution Time: 0.02 / 0.29 / 0.050 sec
Host Check Latency: 0.00 / 2.40 / 0.304 sec
# Active Host / Service Checks: 201 / 2429
# Passive Host / Service Checks: 184 / 2787
Wednesday, February 6, 2013
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
on openbsd, u can reload ssh by just running the binary
/usr/sbin/sshd
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
If you see this error, create the ecdsa key with the following command:
ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ""
Tuesday, February 5, 2013
disable/enable nagios via command line
curl -k -d "cmd_mod=2&cmd_typ=11" "https://my_nagios_hostname/nagios/cgi-bin/cmd.cgi" -u "your_username:your_password"
curl -k -d "cmd_mod=2&cmd_typ=12" "https://my_nagios_hostname/nagios/cgi-bin/cmd.cgi" -u "your_username:your_password"
Saturday, February 2, 2013
Warning: Unable to get hardware address for interface
First, this started happening:
Starting Nmap 5.21 ( http://nmap.org ) at 2013-02-02 14:18 MST
Warning: Unable to get hardware address for interface re0 -- skipping it.
Warning: Unable to get hardware address for interface re1 -- skipping it.
WARNING: Unable to find appropriate interface for system route to 192.168.1.254
nexthost: failed to determine route to 192.168.1.1
QUITTING!
root:86#
root:86# pkg_add -u http://mirror.servihoo.net/pub/OpenBSD/5.2/packages/i386/libdnet-1.12p4.tgz
Problem finding http://mirror.servihoo.net/pub/OpenBSD/5.2/packages/i386/libdnet-1.12p4.tgz
But, this resolved both issues.
Starting Nmap 5.21 ( http://nmap.org ) at 2013-02-02 14:18 MST
Warning: Unable to get hardware address for interface re0 -- skipping it.
Warning: Unable to get hardware address for interface re1 -- skipping it.
WARNING: Unable to find appropriate interface for system route to 192.168.1.254
nexthost: failed to determine route to 192.168.1.1
QUITTING!
root:86#
Then I tried this, but it didnt work:
root:86# pkg_add -u http://mirror.servihoo.net/pub/OpenBSD/5.2/packages/i386/libdnet-1.12p4.tgz
Problem finding http://mirror.servihoo.net/pub/OpenBSD/5.2/packages/i386/libdnet-1.12p4.tgz
But, this resolved both issues.
root:91# export PKG_PATH=http://mirrors.syringanetworks.net/pub/OpenBSD/5.2/packages/i386
root:92# pkg_add -ui -D update -D updatedepends
Thursday, January 24, 2013
trim all leading and trailing whitespace with sed
# trim all leading and trailing whitespace
cat ./stuckchannels_Jan24-2013_unformatted.txt | sed 's/^[ \t]*//;s/[ \t]*$//'
Monday, January 21, 2013
"The headers for the current running kernel were not found"
But, my kernel headers are intstalled...and 3D accelleration is turned on in VirtualBox.
So, I installed dkms and that fixed it.
---
hostname@sakti:~$ sudo /media/VBOXADDITIONS_4.2.6_82870/VBoxLinuxAdditions.run
Verifying archive integrity... All good.
Uncompressing VirtualBox 4.2.6 Guest Additions for Linux..........
VirtualBox Guest Additions installer
Removing installed version 4.2.6 of VirtualBox Guest Additions...
Removing existing VirtualBox non-DKMS kernel modules ...done.
Building the VirtualBox Guest Additions kernel modules
The headers for the current running kernel were not found. If the following
module compilation fails then this could be the reason.
Building the main Guest Additions module ...done.
Building the shared folder support module ...done.
Building the OpenGL support module ...done.
Doing non-kernel setup of the Guest Additions ...done.
You should restart your guest to make sure the new modules are actually used
Installing the Window System drivers
Installing X.Org Server 1.11 modules ...done.
Setting up the Window System to use the Guest Additions ...done.
You may need to restart the hal service and the Window System (or just restart
the guest system) to enable the Guest Additions.
Installing graphics libraries and desktop services components ...done.
hostname@sakti:~$ sudo apt-get install build-essential linux-headers-`uname -r` dkms
Reading package lists... Done
Building dependency tree
Reading state information... Done
build-essential is already the newest version.
linux-headers-3.2.0-36-generic-pae is already the newest version.
The following NEW packages will be installed:
dkms
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 73.1 kB of archives.
After this operation, 347 kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://us.archive.ubuntu.com/ubuntu/ precise/main dkms all 2.2.0.3-1ubuntu3 [73.1 kB]
Fetched 73.1 kB in 0s (103 kB/s)
Selecting previously unselected package dkms.
(Reading database ... 175198 files and directories currently installed.)
Unpacking dkms (from .../dkms_2.2.0.3-1ubuntu3_all.deb) ...
Processing triggers for man-db ...
Setting up dkms (2.2.0.3-1ubuntu3) ...
mdeviveiros@sakti:~$ sudo /media/VBOXADDITIONS_4.2.6_82870/VBoxLinuxAdditions.run
Verifying archive integrity... All good.
Uncompressing VirtualBox 4.2.6 Guest Additions for Linux..........
VirtualBox Guest Additions installer
Removing installed version 4.2.6 of VirtualBox Guest Additions...
Removing existing VirtualBox DKMS kernel modules ...done.
Removing existing VirtualBox non-DKMS kernel modules ...done.
Building the VirtualBox Guest Additions kernel modules ...done.
Doing non-kernel setup of the Guest Additions ...done.
You should restart your guest to make sure the new modules are actually used
Installing the Window System drivers
Installing X.Org Server 1.11 modules ...done.
Setting up the Window System to use the Guest Additions ...done.
You may need to restart the hal service and the Window System (or just restart
the guest system) to enable the Guest Additions.
Installing graphics libraries and desktop services components ...done.
hostname@sakti:~$
---
Rebooted and wa-la. all fixed.
Ubuntu 12.04 LTS i686 with Unity 3D running in VirtualBox 4.2.6 (with the extention pack installed) on Windows 7 x64
Sunday, January 20, 2013
nginx ossec location directive
location ^~ /ossec/(.*\.php)$ {
auth_basic "Restricted";
auth_basic_user_file /var/www/default/ossec/.htpasswd;
root /var/www/default/ossec;
index index.php;
fastcgi_pass 127.0.0.1:8888;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/default/ossec$fastcgi_script_name;
include fastcgi_params;
}
#
location ~ \.php$ {
root /var/www/default;
fastcgi_pass 127.0.0.1:8888;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/default$fastcgi_script_name;
include fastcgi_params;
}
}
Wednesday, January 16, 2013
limit incoming connections with host firewall
limit incoming connections on ssh to no more than 6 attempts/30seconds:
ufw limit in log 22/tcp
---
also, in netfiler parlance:
/sbin/iptables -N LOGDROP
/sbin/iptables -A LOGDROP -j LOG
/sbin/iptables -A LOGDROP -j DROP
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j DROP
ufw limit in log 22/tcp
---
also, in netfiler parlance:
/sbin/iptables -N LOGDROP
/sbin/iptables -A LOGDROP -j LOG
/sbin/iptables -A LOGDROP -j DROP
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j DROP
Saturday, January 12, 2013
OpenBSD upgrade: no route to host
Recently I upgraded from OpenBSD 4.8 to 5.2.
I followed the installation guide whereby you burn ISO's and boot off them, choose the Upgrade option.
Anyhow, after stepped into 5.0, I was no longer able to use wget to test connectivity. dig was succeeding but wget was not, claiming "no route to host".
i could ping the gateway, and outside of it. so I deleted the default route, and recreated it. done.
route delete default
route add default [your.default.gw.ip]
also, i had to comment out the following line in /etc/pf.conf
set require-order yes
then reloaded pf
pfctl -f /etc/pf.conf
I followed the installation guide whereby you burn ISO's and boot off them, choose the Upgrade option.
Anyhow, after stepped into 5.0, I was no longer able to use wget to test connectivity. dig was succeeding but wget was not, claiming "no route to host".
i could ping the gateway, and outside of it. so I deleted the default route, and recreated it. done.
route delete default
route add default [your.default.gw.ip]
also, i had to comment out the following line in /etc/pf.conf
set require-order yes
then reloaded pf
pfctl -f /etc/pf.conf
Subscribe to:
Posts (Atom)