Jason Antman’s Blog

Here’s a little tidbit that I never knew until I had an Apache2 name-based virtual host problem: httpd -S lists the vhosts that are being served by Apache, and how they were parsed from the config files.

The output on one of my servers looks something like:

[root@web2 vhosts.d]# httpd -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:443          web2.jasonantman.com (/etc/httpd/vhosts.d/ssl-host.conf:7)
*:80                   is a NameVirtualHost
         default server www.jasonantman.com (/etc/httpd/vhosts.d/000-default.conf:1)
         port 80 namevhost www.jasonantman.com (/etc/httpd/vhosts.d/000-default.conf:1)
         port 80 namevhost rackman.jasonantman.com (/etc/httpd/vhosts.d/rackman.jasonantman.com.conf:1)
         port 80 namevhost whatismyip.jasonantman.com (/etc/httpd/vhosts.d/whatismyip.jasonantman.com.conf:1)
Syntax OK

This is quite useful in debugging vhost problems, especially those pesky times when a request that should go to a specific vhost is being served by the default (in my case at this time, I had two ServerName directives instead of a ServerName and a ServerAlias).

Uncategorized apache, configuration, linux

Before I even get into how to do this, be warned: this is a really bad idea unless you can ensure total physical access control to the machine. About the only place I’d ever use it is in a non-networked embedded system in a secure location. Its original intent is to handle loading of pictures onto a Linux-based digital photo frame.

So, you want to run a specific script on insertion of a USB drive. Here’s how to use udev to do it:

1. Create /etc/udev/rules.d/99-usbhook.rules:

   ACTION=="add",KERNEL=="sd*", SUBSYSTEMS=="usb", ATTRS{product}=="Mass Storage", RUN+="/root/bin/usbhook %k"

   This will run “/root/bin/usbook”, passing it the device name as an argument, every time a USB Mass Storage device is plugged in.

2. run udevcontrol reload_rules
3. Create your usbhook script.
4. Enjoy

Here is my usbhook script to copy all files from a USB mass storage disk to a specific location. It includes quite a bit of debugging, and also checks for the presence of a file called “foobarbaz.txt” on the device before copying the files over.

#!/bin/bash
 
# script to move over all files from a USB key
# when it is inserted into the system.
 
# should be called from a udev rule like:
#ACTION=="add",KERNEL=="sd*", SUBSYSTEMS=="usb", ATTRS{product}=="Mass Storage", RUN+="/root/bin/usbhook %k"
 
# Copyright 2009 Jason Antman. <jason@jasonantman.com> <http://www.jasonantman.com>
# <http://blog.jasonantman.com/2009/11/running-a-script-on-usb-drive-insertion/>
 
# CONFIGURATION
DEBUG=1 # set to 1 for debugging output
DEST="/home/foo/" # destination for files
 
 
DEVICE="$1" # the device name
LOGFACILITY="kernel.info" # for debugging output
 
 
if [ ${DEBUG:=0} == 1 ]; then logger "$LOGFACILITY" usbhook called with arguments: "$DEVICE"; fi
 
sleep 5 # delay 5 seconds to wait for mount
 
mount | grep "$DEVICE"
FOO="$?"
 
if [ $FOO == 0 ];
then
    if [ ${DEBUG:=0} == 1 ]; then logger "$LOGFACILITY" usbhook device mounted: "$DEVICE"; fi
else
    if [ ${DEBUG:=0} == 1 ]; then logger "$LOGFACILITY" usbhook device NOT mounted: "$DEVICE" - exiting; fi
    exit 0
fi
 
BAR=`mount | grep "$DEVICE" | awk '{ print $3 }'`
 
if [ -e "$BAR/foobarbaz.txt" ]
then
    if [ ${DEBUG:=0} == 1 ]; then logger "$LOGFACILITY" usbhook "$BAR"/foobarbaz.txt found; fi
else
    if [ ${DEBUG:=0} == 1 ]; then logger "$LOGFACILITY" usbhook "$BAR"/foobarbaz.txt NOT found - exiting; fi
    exit 0
fi
 
cp -R "$DEVICE"/* "$DEST"

This was tested on OpenSuSE 10.3.

Tech HowTos linux, script, udev, usb

I read a very interesting article on Linux-Mag.com today. The gist of it is that Microsoft (as happily announced in a press release) has submitted 20,000 lines of code for inclusion into the kernel. Specifically, the code is comprised of a number of drivers that will enable Linux to run better under Microsoft Hyper-V.

Yes, that’s right, Microsoft released code under GPLv2 and is asking for it to be put in Linux. They released it under the license that they call “cancer”. And the entire purpose is, essentially, saying “we want your project to run well as a guest under our hypervisor.

The Linux Mag article did touch on some recent news, such as Microsoft’s lawsuit against TomTom (settled in late March) claiming that the Linux kernel infringes their VFAT patents and the 2004 EU antitrust case (PDF).

A number of things are immediately apparent to me:

• The only reason for this is so Linux will virtualize well under Windows/Hyper-V.
• Microsoft doesn’t seem to be making any similar effort to allow Windows to virtualize well under Xen (and it seems to me that many more people would want Windows on a reliable Linux host than the other way around).
• Microsoft reached a settlement with TomTom, but never did anything to indemnify the Linux community at large.
• This is not a Microsoft endorsement (or even recognition) of the GPL.
• Microsoft made threats about Linux violating “over 228″ of its patents in 2007.

There’s a post on Greg Kroah-Hartman’s blog (he’s the kernel maintainer who will – or will not – eventually be in charge of the inclusion of the code). It should be noted that this all started due to a guy who I really admire, Stephen Hemminger, the principal engineer at Vyatta (whose router product I absolutely love, and their mock advertisements are just as wonderful). Steve has a post on his blog giving the background.

So what do I think should be done? Include the code. But first… (I know Microsoft doing all of this at once would be a dream, but maybe one or two of them would be nice)

1. If they haven’t already done so, Microsoft should publicly recognize the GPL and all of its terms as being a legally binding license.
2. Prior to having any Microsoft code included in the Linux kernel, Microsoft publicly states that the Linux kernel, as of the time they submitted their code, does not infringe on any Microsoft intellectual property.
3. It would be nice of Microsoft would agree to some level of cooperation with the Linux community.
4. Microsoft pledges to allow, support, and actively develop for Windows as a guest under Xen and KVM.

Ideas and Rants gpl, kernel, linux, microsoft

At $WORK, my group runs about two dozen servers that provide services for over 60,000 users. They’re a mix of Windows and Linux, with some old Solaris stuff thrown in there. The one thing they have in common is they’re all hand-built, hand-configured, and old. They’ve been around for a while. At the moment, we don’t even have an adequate backup system.

So, being the closest thing to a SysAdmin we have (my official title is still Student Systems Programmer), it’s my job to build a new installation, configuration and backup infrastructure. We’ve already standardized on CentOS as a University-wide distro, and have a local full mirror, so I don’t need to choose a distro. I do, however, have to plan the installation and backup architecture. The main requirements are:

1. Lowest overall time for bare-metal recovery to a working system.
2. Ease of use, as people other than myself will need to administer it (so they should be able to do so from a cheat sheet in the wiki).
3. Repeatability – it should be easy and intuitive to make an almost-exact-copy of a machine.

I started a thread a few days ago on the SAGE mailing list, which you can find here.

At the moment, it looks like the general idea that I’m going with is to use Kickstart to install the systems, using a basic and minimal Kickstart file. Basic package selection (minimalist) with just what’s needed to configure the system with a hostname and network settings for the management VLAN. I’ll then have Kickstart install and configure a configuration management package – I’m leaning towards Puppet over Cfengine and am starting testing. The config management software will handle all of the customization for the system (everything different from the base generic Kickstart install) so it’s all kept under the control of config management from step 1.

The final part is a backup system, mainly for whatever eventually – whether out of human error or simple laziness – ends up out of the config management system’s control. Our previous SA had settled on Zmanda, the paid version of Amanda, which comes with specific plugins for MySQL and MSSQL. I’m also looking at Bacula, mainly because of its’ advanced features, scheduling (especially the new scheduling in Bacula 3) and scalability.

The beauty that I see in having Kickstart do something minimal and then letting Puppet handle the rest is that (especially since we’ve standardized on SunFire X4100’s with identical configurations) I can kickstart and rack up a few spare machines, and to get them up and running all I need to do is power them up (iLOM) and tell Puppet what to make them.

I’m currently starting testing of both Puppet itself and getting Kickstart to start the puppet install and daemon (instructions from David Lutterkort’s blog (Red Hat software engineer)). We’ll see how everything goes…

Projects backup, configuration, kickstart, linux, puppet, recovery, work

For one of my wonderful classes, Internet Security, I’m doing a presentation on “patch management”. While I’m obligated to cover Windows – and, of course, will talk about MacOS – I’ll obviously be spending a good deal of time on the Unix/Linux side of things. This has gotten me thinking about one of my biggest problems with Linux (and specifically OpenSuSE, my usual default distro. Patch management is utterly awful.

Here’s the problem: I have about a dozen machines under my control. I need to keep them all up-to-date. Currently, I manually do patches and upgrades via YaST or zypper. I thought about scripting this through zypper, but that doesn’t make any sense – the packages on the machines are far from homogenous, so there’s no clear way to make one script that updates them all. I considered using Puppet or CFengine or something of that sort, but that’s too heavy-weight for me – for only a dozen machines, many of which are personal or development only, that’s a lot to keep track of by hand, and a lot of work defining which patches should be applied, and which machines shouldn’t be changed.

My other peeve is distribution upgrades. About three of my machines are still running OpenSuSE 10.0 or 10.1, both of which are unsupported, and no longer even have downloads available. Why? Becuase I’ve done major OpenSuSE upgrades before, broken a LOT of stuff, and I simply can’t risk that on machines that can’t stand extended downtime. This process *needs* to be made easier. Bottom line – it should be made no more difficult or unreliable than a kernel upgrade. IMHO, the biggest selling point for Solaris is its’ ability to do a total upgrade to a second partition, and switch-over at runtime. Why doesn’t Linux (or SuSE) have this yet?

What’s my ideal solution? A curses application that uses text-file backends (curses so I can run it over SSH even if I have a slow link or high latency, like from a SSH session on my cell phone, if need be). The app would allow me to list all of the machines I want managed. It would connect to the machines over standard SSH, and would leave an extensive audit trail of what’s done, both on the management console and on the machines (as well as running as a dedicated user). The application would maintain an inventory of all of the packages on every machine. It would check daily for new patches/updates to any of those packages, and e-mail me a daily summary of what’s new, including all dependency changes, and which machines need the update. It would also allow me to define, on a per-machine (or per-group-of-machines) basis, rules for packages that must stay at their current version – i.e. I have a bunch of PHP4 apps, so machine X needs to stay at PHP4. The e-mail summary would include any packages that aren’t going to be updated for a specific machine because of dependency/version rules, as well as warnings about any new packages that have a dependency that has a rule set. I could then run the main curses app on my admin machine and, starting from NO selections, select which updates I want to apply and whether I want to ignore or create new rules to keep something at its current version, on a per-machine or per-group basis. This curses app would generate a file (XML?) of what to do (which would also be generated or edited by hand, easily). The XML file would then be fed into a script that downloads all of the needed packages to a central (local) mirror (or, optionally, for remote machines, has them download locally on the machine), checksums them, and then installs them (running commands over SSH) on all applicable machines. It would then keep a log of all changes, both on each machine changed (in a master changelog file) and on the central administrative machine. Most importantly, the curses interface would have a simple, quick way to back out any specific update or group of updates for all machines, a group of machines, or one machine. All data needed to back out a change would be kept on each machine (say, cleaned up at the next update of that package and all of its’ dependencies) with machine-readable instructions kept in a central file, allowing local rollbacks – i.e. a machine goes down, I realize that it was because of an update to package X, and on the local machine I can check the changelog, see an entry like “Package X updated 1.0.0 to 1.0.1 on yyyy-mm-dd, Change ID 1234″ and then, to rollback, simply issue a command like “patchmgt rollback 1234″ on the effected machine.

Just some ideas, and a little rant.

Ideas and Rants linux, patch management, solaris, updates, upgrades

It seems like every time I open up my Google Reader account, there’s news about another company that released a knock-off of my beloved Asus eeePC 4G Surf (701) (interestingly, it looks like eeepc.asus.com is down at the moment of writing). Even Asus has released numerous (I think the product like is now up to about 10 variations) follow-ups to the 7″ beauty, now up to 10″ in size (though, admittedly, I’m less-than-enthused about their Windows models).

With the new semester here, I am (unfortunately) back in class. And I’m very happy to report that I’m starting to see eeePCs in more and more hands. Granted, my classes are in the IT program, but I was quite surprised last night to be sitting in my Internet Security class and notice no less than four eeePCs in a class of about 25 people. While I’ve just relegated my own 4G to my server room bag, replacing it with a (used, surplus from work) IBM ThinkPad T41 (14.1″ display, 1.4GHz Pentium, 768MB RAM, and a DVD drive). Though my heart sank when I found that half of the eeePCs were running Windows, it seems that in my travels around campus, I’m seeing more and more eeePCs, and more laptops running Linux.

While the academic world has surely embraced new technologies, and non-mainstream technologies, quicker than other sectors (specifically considering Linux and the apparent popularity of the eeePC), it’s definitely a good omen. Seeing non-geek, and perhaps even non-CS and non-Engineering, students using Linux speaks quite well for the expansion of the Linux user base when these students graduate and enter the “real world”

Miscellaneous Geek Stuff asus, eeepc, linux

Well, despite what’s been said elsewhere, it IS possible! It’s a bit error-ridden at first, but here is the procedure that I used to compile and install the PVR-150 patched LIRC 0.8.3-CVS.

First, Download the tarball mentioned in the Version 3 blog post at Marks Braindump. You can pretty much follow his instructions on the installation in the blog post, with some changes that are specific to getting it to compile on OpenSuSE 11.

1. First, remove all traces of the OpenSuSE LIRC from you system. Uninstall the RPMS and everything else that goes with them. Then unload all of the kernel modules, especially lirc_i2c (if you have it loaded).
2. In your kernel source directory, run make oldconfig && make prepare.
3. In your kernel source directory, run make prepare scripts which, among other things, compiles the required genksyms scurript.
4. I was getting a compile error like "WARNING: Symbol version dump /usr/src/`uname -r`/Module.symvers is missing". Find out which kernel you're running (uname -r). In yout kernel source directory, copy your Module.symvers file from /usr/src/linux-obj. I was running i386 architecture with the "default" kernel, so mine was located at /usr/src/linux-obj/i386/debug/Module.symvers. Copy that into /usr/src/linux.
5. In the lirc (patched) directory, run setup.sh as instructed. DO NOT tell it to run configure - just save settings and exit.
6. Edit the generated configure.sh file, adding a --with-kerneldir=/usr/src/KERNELDIR, replacing KERNELDIR with the actual path to your kernel soruce (i.e. /usr/src/`uname -r`).
7. make. If no errors, make install.
8. I decided to reboot at this point, and when I did, everything worked perfectly.