August 6th, 2010
I recently had an issue where a file copy from a celerra NAS to a server outside the network was failing and I couldn’t figure out why. The file copy was a pull from the outside server which needed access inside the network. The BGP route had somehow changed to go over Integra’s network rather than Verizon and I couldn’t get anyone to fess up to blocking ports 445 and 139. To solve this issue, I turned to SSH tunnelling.
To setup a tunnel from inside a protected network to expose a resource to an external client, you can use the following format:
$ sudo ssh -N -R 445:cifsNAS:445 outsideserver.com
I then created a hosts file entry on the outside server to map cifsNAS to 127.0.0.1.
#/etc/hosts
127.0.0.1 cifsNAS
What this does is SSH to outsideserver.com and open up port 445 on that host, which will then tunnel all traffic from outsideserver1:445 to cifsNAS:445. This solved my temporary issue and I was able to copy the needed files over.
Posted in Open Source Software | No Comments »
July 15th, 2010
I recently setup a new Awstats install and used mod_rewrite to make it easier to view web stats. Using the following configuration within a virtual host declaration, you can simply make requests in the following format:
http://awstats/$CONFIG/$YEAR/$MONTH/$DAY/
This is assuming that you run daily rollups.
ServerAlias awstats
RewriteCond %{REQUEST_URI} !^/awstats/awstats.pl [NC]
RewriteCond %{REQUEST_URI} !^/icon [NC]
RewriteRule ^/(.*)/(.*)/(.*)/(.*)/ http://%{HTTP_HOST}/awstats/awstats.pl?databasebreak=day&day=$4&month=$3&year=$2&config=$1 [L,NE]
Posted in Open Source Software | No Comments »
July 9th, 2010
This morning I needed to audit some log files that I had recently processed through AWstats and received a report that there was a discrepancy in the data. The complaint was that one day was missing. I used the following bash script to print out the start and end timestamp of each log file:
for file in $( ls -tr *.gz ) ;
do
BEGIN=$(zcat ${file} | head -n 1 | awk '{print $4}');
END=$(zcat ${file} | tail -n 1 | awk '{print $4}');
echo "${file} - ${BEGIN} - ${END}";
done
Note that each log file was named uniquely by web server and logrotate number, eg webserver1.access_log.XX.gz.
Posted in Open Source Software | No Comments »
July 8th, 2010
I have had the opportunity to interview many candidates over the past few months and have a few tips:
- When indicating that you have VMware experience, clearly indicate which features you have experience with. I have interviewed many candidates who claim to be experts on VI3/vSphere and yet have never used clustering or shared storage.
- When asked about rating yourself from 1-5 or 1-10, make sure you understand which side is the proficient side and give an example of what you think is proficient in a particular area.
My methodology is to ask the interviewee to rate themselves and then ask them what that rating means to them. If they rate themselves a 4 out of 5 with general Linux system administration, I then ask them to give me a few examples of what somebody who has a 4/5 rating would be able to do. I then ask them questions based on that assessment. If you can’t win on those terms, you typically can’t win.
It is not my desire to stump somebody in an interview, I would prefer to ask them questions about what they have done in the past and get into a good dialogue about things they are familiar with. Do your interviewer a favor and be very clear on the resume and during the interview process.
Tags: interviews, jobs, tips
Posted in Open Source Software, Tip of the day! | No Comments »
June 18th, 2010
I recently faced a problem where I needed to configure Apache to return a 200 OK when it received a request for an image that was missing, along with a custom 404 ErrorDocument which was an image. The reason for this requirement is that when Outlook 2003/2007 displays an HTML page where an image request returns a ‘404 Not Found’, it displays a broken image link icon, which is a little red ‘x’.
The solution that I ended up using was to configure mod_rewrite to look for any requests that were not valid files, links, or directories and return the custom ErrorDocument if these conditions were true. This results in a 200 OK for all requests — even on missing images. Note that this results in Apache never using the ErrorDocument 404 configured.
This configuration must be set at the directory level and not the virtual host level as this references the filesystem which requires a rewritebase to be set (which cannot be done at the virtual host level).
RewriteEngine On
RewriteBase /var/www/html
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/server-status [NC]
RewriteRule .* /missing.jpg [L]
Tags: apache, Linux, mod_rewrite
Posted in Open Source Software | No Comments »
May 4th, 2010
Here is a quick awk command that will parse apache web logs and print a simple virtual host/date/referral csv report that only includes referrals from google, bing, or yahoo:
awk 'tolower($11) ~ "google|bing|yahoo" {print $2 "," $4 "," $11}' ${input_file} >> report.csv
Posted in Open Source Software | No Comments »
March 23rd, 2010
Having recently upgraded the Virtual Infrastructure at work to vSphere, I have encountered many scenarios with CentOS 5.3 guests not booting or taking a long time to boot. The last message on the console typically indicates that it’s hanging while starting udev.
The fix for this issue is to ensure proper time keeping practices have been adhered to in accordance with the VMware Timekeeping KB.
The basic steps are:
1. Modify the kernel line of /boot/grub/grub.conf to include the following line:
clocksource=acpi_pm notsc divider=10
clocksource=acpi_pm – uses the Power Management Timer (PMTMR) available in some southbridges as primary timing source
notsc – disable the timestamp counter
divider=10 – reduces the frequency of timer interrupts by 10 (from 1000/second to 100/second)
2. Disable time sync through VMware tools (note that this will continue to happen on bootup, pause, resume, etc..):
vmware-guestd --cmd "vmx.set_option synctime 1 0"
3. Setup time sync through NTP:
a. Setup your /etc/ntp.conf to point to a good NTP server pool.
b. Set NTP to start and persist across reboots.
# yum -y install ntp
# chkconfig ntpd on
# /etc/init.d/ntpd start
Posted in Open Source Software | No Comments »
March 4th, 2010
One common scenario that I face in my daily work is to add disk to various filesystems. Setting up systems correctly so that this is possible will save time and frustration. One of the easiest cases is adding disk to a virtual machine when the guest is using LVM and ext3.
As always, please be sure to backup your data before trying any filesystem or disk manipulation.
After adding the virtual hard disk using the VI client, provision the space from within the virtual machine using the following steps:
1. re-scan storage
echo "- - -" > /sys/class/scsi_host/host0/scan
2. Create physical volume from new device (Note: check with your SAN admin to see if you need to create a partition and align appropriately.)
pvcreate /dev/sdb
3. Extend the volume group to the new PV (physical volume):
vgextend vg01 /dev/sdb
3. Extend the LV (logical volume) to the desired size:
lvextend -L +2G /dev/vg01/lvol05
4. Resize the filesystem to cover the newly extended LV:
resize2fs /dev/vg01/lvol05
Your newly resized filesystem should now be available.
I have not yet tried expanding existing VMDK files on the fly with vSphere but I plan to test that out next.
Posted in Linux, Open Source Software | No Comments »
February 23rd, 2010
One problem that I’ve had with Fedora 12 is that when enabling compliz the focus starts to follow the mouse pointer. This behavior is annoying to me as I don’t like events to occur unless I explicitly ask for them (aka click).
To disable this feature, perform the following:
1. install control-center-extra
2. Open with Applications -> System Tools -> Configuration Editor
3. Select the checkbox at /apps/compiz/general/allscreens/options/click_to_focus
That worked for me.
Posted in Open Source Software | No Comments »
February 19th, 2010
I was auditing a set of mail servers at work the other day getting a list of all active user accounts and developed this little one liner:
zgrep LOGIN /var/log/mail.log.[1-9].gz | sed -n 's/.*user=\(.*\), ip.*/\L\1/p' | sort | uniq >> /tmp/mailbox.list
This script finds all logins from the mail log and prints out only the account@domain portion in lowercase sorting and printing one of each occurrence.
Posted in Open Source Software | No Comments »