One of the headaches of managing any file/object store is pruning old data, although that is something we’ve all dealt with for years with standard filesystems and storage devices, this makes working in the cloud easier. It’s applied by policy to a bucket (without versioning enabled).

Check it out in the S3 Developer Guide.

According to the official MySQL documentation, there are only 3 steps required to enable binary logging:

1. assign a unique server-id to the server
2. assign a value to log-bin in the my.cnf file
3. restart the MySQL daemon

Taking care of these first two steps is as simple as adding the following lines to the my.cnf under the [mysqld] section:

server_id = 10
log_bin = mysql-bin

It’s also a good idea to setup a limit on the binary log file size and number of days worth of logs to retain to prevent disk space issues. Common values might be:

expire_logs_days = 2
max_binlog_size = 100M

Note that all changes to the my.cnf require restarting the MySQL daemon to take effect, although some changes can be made on-line, like setting the expire_logs_days value. Any changes must also be made to the my.cnf to persist upon restarts of MySQL.

It is my policy that no changes be made to the my.cnf file unless a restart is possible at the same time, otherwise you may end up with invalid changes (typos, etc..) in your my.cnf and MySQL may not come up the next time you need it.

Try this to list the top 20 space offenders:

SELECT engine, concat( table_schema, '.', table_name ) table_name,
concat( round( data_length / ( 1024 *1024 ) , 2 ) , 'M' ) data_length,
concat( round( index_length / ( 1024 *1024 ) , 2 ) , 'M' ) index_length,
concat( round( round( data_length + index_length ) / ( 1024 *1024 ) , 2 ) , 'M' ) total_size
FROM information_schema.TABLES
ORDER BY ( data_length + index_length ) DESC LIMIT 20

Taken from a comment on the mysql developer docs site: http://dev.mysql.com/doc/refman/5.1/en/tables-table.html

linux (at) itsecureadmin (dot) com

I specialize in Linux authentication and access control, OpenLDAP directory management, configuration management, and monitoring.

ITSA Consulting, LLC.

To list the slots, use the luksDump command:

cryptsetup luksDump /dev/sda2

This will print out each slot and whether or not it’s used so that you can remove some old ones.

You can use the luksChangeKey option to update or over-write an existing slot.

cryptsetup luksChangeKey /dev/sda2

After running this command, the actual operation performed was to remove key slot 4 (in my case) and add an entry to slot 0 for the new key. Verified with luksDump again.

Here is the second iteration of the powershell domain/hostname management script that I’m working on. It will also update the SQL Server dbname to reflect the hostname change on SQL Server 2008 boxes.

# This script will re-initialize domain membership and change the hostname to reflect the
# hexadecimal representation of the IP address assigned on boot.
#
# Author:  Josh Miller
# Date:    8/12/2011
#
# Note that there are 4 possible conditions that a host may come up in:
# 1. valid domain, invalid hostname
#    (although domain membership is invalid)
# 2. invalid domain, invalid hostname
# 3. invalid domain, valid hostname
# 4. valid domain, valid hostname
#
# The actions that will be taken for each of these conditons are:
# 1. leave domain, reboot
# 2. change hostname, reboot
# 3. join domain, reboot
# 4. do nothing, final condition
#
# Setup:
# 1. setup scheduled task to run on start-up as local administrator
# 2. create bat file to execute this powershell script, ie:
#   powershell -command "& 'c:\tools\powershell\domain.ps1' "
# 3. create AMI/template on network with DHCP
# 4. join to domain
# 5. verify that scheduled task is running as local administrator, bear
#    in mind that hostnames change frequently and just before you clone/
#    create the AMI, set the credentials again.
#
# Note:  this should really not work.  Once the hostname changes and the
#        machine reboots, it should not have permission to run one more
#        time to join the domain.  I don't understand why it works.  The
#        next run fails due to lack of permissions which is understandable
#        and acceptable.
#

# join domain values
$domain = "domain.com"
$user   = "domain\ad_user"
$pass   = "mysecret"

$secpassword = ConvertTo-SecureString $pass -AsPlainText -Force
$credentials = New-Object System.Management.Automation.PSCredential($user, $secpassword)

# hostname to operate against - typically this host
$scripthost = get-content env:computername

# Leave the domain.
function LeaveDomain {

  Add-Computer -WorkGroupName "WorkGroup" -Credential $credentials

}

# Join the domain.
function JoinDomain {

  Add-Computer -DomainName $domain -Credential $credentials

}

# Restart the machine
function RestartMachine {

  Restart-Computer -Force

}

# Function to set hostname to hexadecimal representation of IP address
function SetHexHostname ([string] $setHostName) {

  # Return value of 5    means 'Access denied'.
  # Return value of 1326 means 'Logon failure: unknown username or bad password'.

  $computerinfo = Get-WmiObject -Class Win32_ComputerSystem
  $computerinfo.Rename( $setHostName )

}

# Function to get hostname as hexadecimal representation of IP address
function GetHexHostname {

  $getHostName = "" ;

  # Get IP Address of host
  $myIpAddress = "{0:x}" -f (Get-WmiObject Win32_NetworkAdapterConfiguration | ? { $_.IPAddress -ne $null}).ipaddress

  # split ip into 4 octets, prep to convert to hexadecimal
  $octets = $myIpAddress.split(".")

  foreach ($octet in $octets) {

    $hexOctet = [System.String]::Format("{0:X}",[System.Convert]::ToUInt32($octet))

    # Prepend 0 to beginning if less than 2 digits
    if ( $hexOctet.Length -lt 2 ) {
      $hexOctet = "0" + "$hexOctet"
    }

    $getHostName = "$getHostName" + "$hexOctet"
  }

  $getHostName = "IP-" +  $getHostName

  Return $getHostName

}

# Function updates the dbname with hostname - always assumes needs changed.
function SetDBName ([string] $setDBName) {

  # Get SQL server version
  #  8.x = 2000
  #  9.x = 2005
  # 10.x = 2008
  $server_version = Invoke-Sqlcmd -Query "Select serverproperty('productversion') as version;"
  $sql_version    = $server_version.version

  if ( $sql_version -lt 9 ) {

    # works for sql2000
    $results = Invoke-Sqlcmd -Query "select srvname from sysservers;"
    $current_dbname = $results.srvname

  } else {

    # works for sql2005/2008
    $results = Invoke-Sqlcmd -Query "select name from sys.servers;"
    $current_dbname = $results.name

  }

  if ( $setDBName.CompareTo($current_dbname) -ne 0 ) {

    Write-Host "Updating DBName to match hostname"

    $drop_dbname = Invoke-Sqlcmd -Query "exec sp_dropserver '$current_dbname';"
    $add_dbname  = Invoke-Sqlcmd -Query "exec sp_addserver  '$setDBName', local;"

  }

}

#                                       #
# Start program execution.  #
#                                       #

# Ensure hostname is properly set
$testHostname = GetHexHostname

# Is admin share available?
if ( ! ( Test-Path \\$scripthost\admin$ ) -eq "TRUE") {
  Write-Host "Unable to access admin share."
  exit
}

$ObjReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $scripthost)
$ObjRegKey = $ObjReg.OpenSubKey("SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters")
$DomName = $ObjRegKey.GetValue("Domain")

if ( $DomName -eq $domain ) {

  Write-Host "Valid domain."

  if ( $testHostName.CompareTo( $scripthost ) -ne 0 ) {

    Write-Host "Invalid hostname, leaving domain."

    LeaveDomain
    RestartMachine

  } else {

    Write-Host "Valid domain and hostname."

  }

} else {

  Write-Host "Invalid domain."

  if ( $testHostName.CompareTo( $scripthost ) -ne 0 ) {

    Write-Host "Hostname not set correctly, setting to $testHostName"
    SetHexHostname ( $testHostname )
    SetDBName ( $testHostname )

  } else {

    Write-Host "Valid hostname, joining domain."
    JoinDomain

  }

  # Restart after either changing hostname or joining domain.
  RestartMachine

}

As always, let me know if you have any improvements, bugs, suggestions, etc.. at:
linux (at) itsecureadmin (dot) com

$ ssh-keygen -f ~/.ssh/id_rsa  -p

Note that the filename in question is my private key, specified by the -f.

That allows me to keep the same password across a single client or organization.

This script could use some additional error checking and validation and is a work in progress.

#
# Verify hostname and domain membership.
# - Fix if not valid.
#

#
# There are 4 possible states that this script accounts for:
#
# 1. Computer is a valid member of the domain with proper hostname.
# 2. Computer is an invalid member of the domain.
# 3. Computer is not a member of the domain.
# 4. Computer has an invalid hostname.
#
# There are 4 possible scenarios that must be played out with relation to
# the above states:
# 1. Do nothing.
# 2. Remove computer from domain and reboot (essentially places computer in state 3 on boot).
# 3. Join the domain, reboot.
# 4. Change hostname, reboot.
#
# Note that some machines may go through each of the 4 states before finishing configuration.
#

#
# join domain values
#
$domain = "MYDOMAIN"
$user   = "MYDOMAIN\MYUSER"
$pass   = "MYSECRET"

#
# Function to set hostname to hexadecimal representation of IP address
# to ensure unique hostname among environments.
#
function SetHexHostname {

  $hostName ;

  # Get IP Address of host
  $myIpAddress = "{0:x}" -f (Get-WmiObject Win32_NetworkAdapterConfiguration | ? { $_.IPAddress -ne $null}).ipaddress

  # split ip into 4 octets, prep to convert to hexadecimal
  $octets = $myIpAddress.split(".")

  foreach ($octet in $octets) {

    $hexOctet = [System.String]::Format("{0:X}",[System.Convert]::ToUInt32($octet))

    # Prepend 0 to beginning if less than 2 digits
    if ( $hexOctet.Length -lt 2 ) {
      $hexOctet = "0" + "$hexOctet"
    }

    $hostName = "$hostName" + "$hexOctet"
  }

  $hostName = "IP-" +  $hostName

  #
  # If the hostname does not match, change it.
  #
 if ( $hostName.CompareTo( $scriptHost ) -ne 0 ) {

    #
    # Must perform as domain member with privileges to update AD with new name
    # - or as local admin when not a member of domain?
    #

    $computerinfo = Get-WmiObject -Class Win32_ComputerSystem
    $computerinfo.Rename( $hostName )
  }

}

$secpassword = ConvertTo-SecureString $pass -AsPlainText -Force
$credentials = New-Object System.Management.Automation.PSCredential($user, $secpassword)

#
# hostname to operate against - typically this host
#
$scripthost = get-content env:computername

#
# Check this location for domain membership details.
#
$adminpath = Test-Path \\$scripthost\admin$

#
# Is admin share available?
#
if ($adminpath -eq "TRUE") {

  $ObjReg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $scripthost)
  $ObjRegKey = $ObjReg.OpenSubKey("SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters")
  $DomName = $ObjRegKey.GetValue("Domain")

  #
  # If domain member of domain, validate membership
  #
  if ( $DomName -eq $domain ) {

    Write-Host "$scripthost is a member of $DomName"

    #
    # Validate domain membership
    #
    $job = Start-Job -Credential $credentials -ScriptBlock { Test-ComputerSecureChannel }
    Wait-Job $job | Out-Null
    $validDomainMember = Receive-Job $job
    Remove-Job $job

    if ( $validDomainMember ) {

      Write-Host "Valid domain member"

      #
      # After validating domain membership, change hostname.
      #
      # - This has an unfortunate side effect of not allowing the script to run any more due
      #   to the job being scheduled as a local admin (with hostname).
      #
      SetHexHostname

    } else {
      write-host "Not a valid domain member"

      #
      # Leave domain by joing workgroup "workgroup" and restart.
      #
      Add-Computer -WorkGroupName "WorkGroup" -Credential $credentials
      Restart-Computer -ComputerName $scripthost

    }

  } else {

    write-host "Not part of domain, joining $domain"
    Add-Computer -DomainName $domain -Credential $credentials
    Restart-Computer -ComputerName $scripthost

  }

} else {

  Write-Host "$scripthost: Computer not found or no access to admin share for me"

}

(Note: does not work on 2003 R2 due to some winRM issues — if you know how to resolve this, please contact me.)

Not any more.

I was tailing the system log on my Fedora 15 desktop yesterday when I see this message roll across the display:

Jul 14 16:32:14 my-desktop dbus-daemon: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper)
Jul 14 16:32:14 my-desktop dbus-daemon: [system] Successfully activated service 'org.freedesktop.PackageKit'
Jul 14 16:33:53 my-desktop yum[18560]: Updated: 32:bind-license-9.8.0-7.P4.fc15.noarch
Jul 14 16:33:55 my-desktop yum[18560]: Updated: 32:bind-libs-9.8.0-7.P4.fc15.i686
Jul 14 16:33:59 my-desktop yum[18560]: Updated: 32:bind-utils-9.8.0-7.P4.fc15.i686
Jul 14 16:34:01 my-desktop yum[18560]: Updated: 32:bind-libs-lite-9.8.0-7.P4.fc15.i686
Jul 14 16:34:03 my-desktop yum[18560]: Updated: kernel-headers-2.6.38.8-35.fc15.i686
Jul 14 16:34:15 my-desktop yum[18560]: Installed: kernel-devel-2.6.38.8-35.fc15.i686
Jul 14 16:34:28 my-desktop yum[18560]: Installed: kernel-2.6.38.8-35.fc15.i686

Now I’m no fan of PackageKit. I dislike the new era of deveopers who have come in and name their daemons, packages, and config files in camel case going against the long running standard of using all lower case. This is especially true of anything with a Kit appended to the name. This is the same movement that is trying to take the desktop with Linux and destroying the simple nature of a beautiful system.

Now, here is how you disable the automatic updates:
1. Install or confirm that you have gnome-packagekit installed.
2. Run ‘gpk-prefs’ and configure it to never check for any updates.

When implementing authentication with Jenkins and using slaves, it is important to allow slaves to authenticate to the master in order to continue working. When using the JNLP protocol with slaves, the following may be done to authenticate slaves to the master:

1. Edit the jenkins-slave.xml to reflect the following arguments — append to the end:

-classpath "%BASE%\lib\commons-codec-1.5.jar" -jnlpCredentials username:password -noCertificateCheck

Once that is complete, download the common-codec-1.5.jar and place in the lib directory within the jenkins slave working directory (you will have to create this if it does not yet exist).

Download from:

http://commons.apache.org/codec/download_codec.cgi

Next, restart the Jenkins Slave service on the slave and verify.