Saw these networking related cheet sheets via the SANS blog today and thought I would throw up a post about them as these are just too good to pass up (there are a couple that will be going up in my server room, that’s for sure).
Anyone know of any other good cheat sheets? I have one for vim that a reference from time to time, and nice fold up sheet for bash that I got at a Linux world expo about ten years ago.
Previously I had always setup console redirection on my Ubuntu servers using this (PDF link) guide, which worked great up until Ubuntu switched to Upstart and there was no more /etc/inittab file. So for my own, and anyone else’s future reference, here is what you need to do…
First follow the linked guide on how to enable serial redirection in the BIOS and on the DRAC card, these have not changed.
Next add the following anywhere above the ### BEGIN AUTOMAGIC KERNELS LIST line in /boot/grub/menu.lst
#DRAC serial access
serial --unit=0 --speed=57600
terminal --timeout=10 serial
Now find the line that starts with # defoptions=, in my vanilla install it is on line 93 and by default says # defoptions=quiet splash. Append to the end of the line console=ttyS0,57600 so it now looks like…
# defoptions=quiet splash console=ttyS0,57600
Make absolutely sure you leave the line commented out, that is how it is supposed to be. The reason we do it this way rather than appending directly to the kernel options is so we don’t have to add this line onto every new kernel we install, grub will do it automatically.
No onto the big difference with Upstart. Create a file /etc/event.d/ttyS0 with the following…
# ttyS0 - getty
#
# This service maintains a getty on ttyS0 from the point the system is
# started until it is shut down again.
start on runlevel 2
start on runlevel 3
start on runlevel 4
start on runlevel 5
stop on runlevel 0
stop on runlevel 1
stop on runlevel 6
respawn
exec /sbin/getty -h -L 57600 ttyS0 vt100
Now double check that “ttyS0″ is listed in the file /etc/securetty, it was already there on my install towards the top.
Now reboot your server and SSH into your DRAC’s IP and issue the command connect -h com2 and you should see the login prompt waiting for you just as it will at 3AM when your pager goes off and you cannot connect to the server by normal means. I assume this will be the same for DRAC 5 cards also, but I don’t have one to test so YMMV.
Experienced a weird problem with a fairly new OS 10.5 machine today. My boss had spent the past couple weeks configuring an install of 10.5 on an external FW drive (keeping the 10.4 install on the local drive so as not to disrupt work for days on end while configuring / installing apps) and the time came for me to finaly make it live on his local drive. So I started up his machine in target disk mode and plugged it into my computer, along with the external FW drive, fired up Carbon Copy Cloner and proceeded to clone the FW drive over his local drive. It should be noted at this point that everything in 10.5 was working just fine while booted on the external drive up to this point.
Upon rebooting the laptop with its new fresh clone things appeared to be working but I soon discovered (upon starting Mail.app) that the machine was failing to get a kerberos ticket which was normally issued upon login. I fired up the CLI and tried getting a ticket manually with kinit and got a strange permission denied, so I then tried the GUI Kerberos.app and received a similar permission denied message. As I tinkered with it some more trying to get a ticket I eventually got one, at least I thought I did, I could see a ticket with klist and it showed up in Kerberos.app but the ticket didn’t work for any services. Next I tried to destroy the ticket with kdestroy to see if I could get a ticket again, but that too failed with a ‘Permission denied’ error - now things are getting really weird.
Next up came some heavy googling, reading about Leopards new local KDC, and trying kinit in other accounts on the computer to verify the clone was good (they all worked).
Out of options I figured I would try doing an strace on the failing programs only to learn that OS X doesn’t have strace, so some more googling I learn that OS X has ktrace, pulling my hair out trying to figure out why I can’t find ktrace I learn that ktrace got replaced with dtrace and dtruss (which is simlar to (s|k)trace) in leopard. So now on the right path with dtruss I did a trace on (or is that a ‘truss’ ??) on kinit and found that the last files and directories it was stat’ing was in ‘/var/folders’, a directory that I have never heard of. Doing some more searching around it appears this is some kind of cache folder for OS X and the permissions differed from what was on my leopard machine. My computer had /var/folders with the directories underneath it being root:root, 755 - however my boss’s computer had some other groups.
So I just went for it and rm -rf’ed the directory that dtruss revealed while logged in as another local user, after all I did have a backup of the 10.4 install and the 10.5 on the FW drive.
Low and behold, upon logging in with my boss’s account after the cleanup the computer was able to get it’s tickets properly and authorize to all the services that I couldn’t before.
What and why this happened, I just don’t know - that just may be a little more than I know about OS X’s BSD sub-system. I can only hope this post may find someone out there that was in the same situation as I was and help them to a speedy recovery.
Tagged /var/folders, dtrace, dtruss, kdestroy, kerberos, kinit, klist, krb5, leopard, OS XHere is version 0.3 of servermonitor.py.
Added in this version is if a service has a history of going up and down there will be a toggle link to display the history of the services states. All the HTML that is loaded is pre-rendered and the js lib only does a GET and append to the DOM (there is no JSON or real AJAX going on here), so there is still no additional requirement of any kind of dynamic web programing language such as PHP or mod_perl to query a DB and generate the page dynamically. Also, to keep with the one file philosophy I have used the Google javascript CDN to load jquery rather than distributing the library in a separate file.
Here is a sample of the HTML output http://black.kracknet.net/~stickystyle/servermonitor/
Tagged google ajax libaries api, google cdn, kracknet, Python, server monitor, shellSince prakbot that I mentioned a while back may be dead (I can’t get to it anymore) I have found another Z-Machine gateway here. He has even put in a few features to make playing on a blackberry easier, such as being able to set the screen width to a custom value (e.g. 68 to fit JiveTalk). So check it out if your looking for a time waster on your BB.
Tagged black berry, interactive fiction, Jabber, XMPP, z-machineWell that didn’t take long for me up get around and update the script to include a method to update the hash of a ConnectAndVerify service 
Next step will be to look at the code I wrote and possibly refractor a few bits just to make sure I’m not duplicating code anywhere or doing things in a manner that is not as efficient as it could be, since really most of this script was written on a saturday afternoon while I was board.
The problem with most server monitoring systems is they run from inside of your network, as such if there is a major outage past office hours where their monitor server is not capable of sending an alert email out (be it the mail server is down, or internet) you may not get the notification at the time of the outage.
There are ideal solutions to this such as signing up for a paging service so your servers have some kind of Out-Of-Band alerting or paid external monitoring but for very small shops that may not have the extra equipment or funds to install such hardware or pay for a service and the situation of having an externaly facing server go down is still a big deal I offer this script.
It’s purpose is to use one of the many free online shell accounts to provide you with additonal external monitoring to you already existing internal system for no cost. It would also work great for all the home server folks out there that may have one box hosting there domain and want a simple monitor to know if there site, internet, or mail service has stopped working.
Here is an example of the status page the script generates script running at on of my free shells http://black.kracknet.net/~stickystyle/servermonitor
So here is v 0.1 of my script whose goal is to rely on nothing standard built-in python modules, and keep everything in one file. It has an MIT license so everyone should be able to use it without worry of “GPL contamination”, also if you do use it, drop me a comment let me know how it works for you, that may inspire me to put some more work into it (patches are ALWAYS welcome)
TODO: Need to add a function to update the hash on ConnectAndVerify, right now you need to delete the service and re-add it if your banner or web page changes.
Tagged nagios, Python, server monitor, shellBeen hanging with the guys at kracknet.net recently and they are a pretty good group of guys, so good in fact that they are offering free shell accounts with very liberal permissions on what you can do (basically no IRC bouncers / psybnc).
To get a free account ssh on over, with the username and password of new/new…
$ssh -l new shell.kracknet.net
Update: kracknet has been dead since around Aug 2008, ignore this post.
Here is a quick servoy server init script I wrote and use at work. It works pretty well on my debian based machines, although it may be a problem if you have other java apps running as it may catch the wrong PID. I could clean that up if i needed, but I personally don’t so if you need help let me know in the comments and I can adjust it.
Continue reading ›
Seems like everyone is posting there top ten command line commands, so what the hell…
ryanparrishscomputer:~ rparrish$ history|awk '{a[$2]++} END{for(i in a){printf “%5d\t%s\n”,a[i],i}}’|sort -rn|head
57 ls
51 cd
45 svn
22 ssh
19 paster
13 sudo
11 vi
9 python
6 ps
3 whois
This is on a week old OS 10.5 system, so I’m still getting things setup and haven’t got into the swing of things yet. Although you can see I have been doing most of my work with pylons this past week.
Tagged cli, command line, meme, programming, Python