Archive for the ‘Systems Administration’ Category
After upgrading to RHEL 5.7, one of my Apache servers which protects content using mod_ldap authenticating against Active Directory stopped working. Error logs showed the following:
auth_ldap authenticate: user xxxx authentication failed; URI /viewvc/
[ldap_search_ext_s() for user failed][Operations error]
This usually means there is a problem with referrals, but OpenLDAP was properly configured to not follow them (/etc/openldap.ldap.conf w/ REFERRALS off).
Turns out that buriedin the RHEL 5.7 release notes, this gem can be found. A brand new configuration directive called LDAPChaseReferrals. Apparently, when referrals are provided in a result-set, mod_ldap by default does not bind to them using the provided credentials. The new version of Apache in RHEL 5.7 corrects that and provides this new directive to enable or disable the feature.
However, I couldn’t find any documentation for it upstream, and after following the bugzilla link in the release notes realized that the Apache project had actually gone a different route and called their directive LDAPReferrals in addition to adding another directive to limit the number of hops that would be followed.
End result is that it appears Red Hat has added in a one-off and undocumented configuration directive. 🙂 Likely unintentionally, but this definitely led me to some confusion.
Opened a new bug to see about getting this resolved.
I recently discovered tmux. It’s actually been around for about four years, but as I’ve been reasonably happy with GNU screen, I’d never thought to look elsewhere. tmux piqued my curiosity and as there were packages readily available in EPEL, I installed it and have been using it most of the day.
The screen keystrokes are firmly stuck in my brain, and of course there’s the chance that I might have to use screen again on other systems, so I’d rather stick with them vs. re-learning tmux’s C-b based command structure. After some tinkering, I found that the following in my
~/.tmux.conf file gets me most of the way there:
set-option -g prefix C-a bind-key p previous-window bind-key C-p previous-window bind-key Space next-window bind-key C-Space next-window unbind-key C-b # Makes CTRL-A A work like in screen (jumps to beginning of line) bind-key a send-keys C-a
In a nutshell, this sets the command key sequence to C-a (CTRL-A) and sets the ‘p’ and spacebar keys to cycle through my windows. As I often find myself keeping the CTRL key pressed down as I hit the p or spacebar, I also mapped things so the windows will shift whether or not I leave CTRL pressed or not.
I’ve never been a screen power user, but anything with a smaller memory footprint is a win for me as I primarily have been using screen on a low-memory Linode system.
A couple of years back, I migrated all of my email off of my Postfix/Dovecot mail server to Google Apps. I was tired of fighting spam and dealing with the occasional outages to my server that would impact the family and friends whose email lived there.
I didn’t have a lot of accounts to migrate, and many of my users were POP3 users who downloaded everything — so there wasn’t a lot of email to move over. What there was I did manually with an IMAP capable email client and just copied folders and their contents “en masse” over to GMail.
This worked pretty well except for the fact that I’d been using Mutt, and had all my sent mail copied to a series of folders embedded under a parent “Sent” folder with the year and month in the name. So Sent/Sent-Mail-2001-05, etc. There were a ton of these folders and in GMail they show up as Labels. A very long list of labels. With no easy way to hide them all.
I dealt with a few manually, but GMail didn’t seem to have a way to do any sort of bulk actions within their UI, and recursively moving the contents of these folders into GMail’s Sent Mail folder from within Thunderbird wasn’t much easier.
Enter Python and imaplib. The following hacky and one-off script ended up doing the job for me pretty nicely:
import re import imaplib LRP = re.compile(r'\((?P<flags>.*?)\) "(?P<delimiter>.*)" (?P<name>.*)') def main(): global LRP m = imaplib.IMAP4_SSL('imap.gmail.com', 993) m.login('username', 'password') status, mailboxes = m.list("/Sent", '*') for mb in mailboxes: flags, delimiter, mailbox_name = LRP.match(mb).groups() print mailbox_name s, d = m.select(mailbox_name) # If we got an OK and there are > 0 messages in the folder. if s == 'OK' and int(d) > 0: print " Trying to move %d messages." % int(d) typ, [response] = m.search(None, 'SEEN') if typ != 'OK': raise RunTimeError(response) msg_ids = ','.join(response.split(' ')) m.copy(msg_ids, '[Gmail]/Sent Mail') m.store(msg_ids, '+FLAGS', '\\Deleted') m.expunge() else: if mailbox_name != '"Sent"': if int(d) == 0: print " No messages, deleting %s" % mailbox_name m.delete(mailbox_name) else: print " Skipping Sent" if __name__ == '__main__': main()
Now my GMail is much more neat and tidy. It would be nice if imaplib had a move() call…
In the process of troubleshooting a file locking issue on a Samba/NFS server, I needed to be able to take a look at the locks on a Solaris 10 system. In Linux this is fairly straightforward to do with the lslk command or by taking a peek at /proc/locks. No such luck on Solaris.
The ::lminfo command gave me almost exactly what I needed, except, as Chris mentions in his wiki entry, the path information is truncated. You can easily cycle through and print only the path out, but then you’re missing the rest of the information which is awfully nice to see.
> ::lminfo ADDR TP FLAG PID COMM VNODE PATH 600114a7040 WR 0021 315 ypbind 60012161080 /var/yp/binding/xpr 6001203ea00 WR 0021 315 ypbind 60012160080 /var/yp/binding/xpr 6001203e800 WR 0021 315 ypbind 600115b0140 /var/yp/binding/xpr 60011452700 WR 0001 558 mdmonitord 600131da100 /etc/lvm/.mdmonitor 6001203eb00 WR 0021 315 ypbind 60012160180 /var/yp/binding/xpr 60010a90e80 WR 0001 505 automountd 60013024180 /etc/svc/volatile/f
I couldn’t figure out a good way to convince ::print to display multiple lock_descriptor_t members — and format it as nicely as ::lminfo did. I was about to write an external parser in awk or python to hack this together, when Jonathan Adams of Sun suggested that an mdb module could be created to accomplish just what I was after.
After some trials and tribulations getting this going, I was able to create a ::lminfo2 module that not only displays the pathname of the locked file sans truncation, but also spits out the whence, start and length information for ranged locks! Sample output:
# echo "::load /home/rayvd/src/mdb/sparcv9/lminfo2.so; ::lminfo2" | mdb -k ADDR TP FLAG PID COMM VNODE WHENCE START LEN PATH 600114a7040 WR 0021 315 ypbind 60012161080 1 0 1 /var/yp/binding/xprt.udp.2 6001203ea00 WR 0021 315 ypbind 60012160080 1 0 1 /var/yp/binding/xprt.ticlts.2 6001203e800 WR 0021 315 ypbind 600115b0140 1 0 1 /var/yp/binding/xprt.ticotsord.3 60011452700 WR 0001 558 mdmonitord 600131da100 0 0 0 /etc/lvm/.mdmonitord.lock 6001203eb00 WR 0021 315 ypbind 60012160180 1 0 1 /var/yp/binding/xprt.ticlts.3 60010a90e80 WR 0001 505 automountd 60013024180 0 0 0 /etc/svc/volatile/filesystem-autofs.lock
The main challenge I encountered was dealing with the mdb_printf and mdb_snprintf commands. Both are “smart” in that they automatically truncate lines at the end of the terminal.
To build the module, you need a C compiler, the SUNWmdbdm package, and also, a header file (mdb_ks.h) from the mdb sources (available in OpenSolaris) to gain access to some internal mdb functions not exposed by mdb_modapi.h.
The module, and some basic instructions on building are available here. Feedback welcome.
I was attempting to find the newest C file in a tree of files I’d checked out from CVS. find to the rescue:
$ find . -name '*.c' -printf '%-50p %-15T@ %T+\n' | sort -k2 ./ssl/main.c 1039831674 2002-12-13+18:07:54 ./ssl/lex.yy.c 1039831674 2002-12-13+18:07:54 ./ssl/ssl_enum.c 1039831678 2002-12-13+18:07:58 ./ssl/y.tab.c 1039831683 2002-12-13+18:08:03 ./common/lib/debug.c 1039831686 2002-12-13+18:08:06 ./common/lib/r_list.c 1039831689 2002-12-13+18:08:09 ./common/lib/r_time.c 1039831689 2002-12-13+18:08:09 ./common/lib/r_errors.c 1039831689 2002-12-13+18:08:09 ./common/lib/r_replace.c 1039831689 2002-12-13+18:08:09 ./common/lib/r_assoc_test.c 1039831689 2002-12-13+18:08:09 ./common/lib/threads/pthreads/pthread.c 1039831690 2002-12-13+18:08:10 ./base/debug.c 1039831693 2002-12-13+18:08:13 ./base/common.c 1039831693 2002-12-13+18:08:13 ./base/proto_mod.c 1039831694 2002-12-13+18:08:14 ./base/print_utils.c 1039831694 2002-12-13+18:08:14 ./base/tcpconn.c 1041533083 2003-01-02+10:44:43 ./null/null_analyze.c 1041533086 2003-01-02+10:44:46 ./ssl/ssl_analyze.c 1041533087 2003-01-02+10:44:47 ./ssl/ciphersuites.c 1051291844 2003-04-25+10:30:44 ./ssl/ssl_rec.c 1051291846 2003-04-25+10:30:46 ./common/lib/r_data.c 1166728933 2006-12-21+11:22:13 ./common/lib/r_assoc.c 1166728933 2006-12-21+11:22:13 ./common/lib/r_bitfield.c 1166728933 2006-12-21+11:22:13 ./ssl/sslprint.c 1166728991 2006-12-21+11:23:11 ./ssl/ssl.enums.c 1166728991 2006-12-21+11:23:11 ./ssl/sslxprint.c 1166728991 2006-12-21+11:23:11 ./base/network.c 1166729027 2006-12-21+11:23:47 ./base/tcppack.c 1166729027 2006-12-21+11:23:47 ./base/pcap-snoop.c 1166729027 2006-12-21+11:23:47 ./ssl/ssldecode.c 1247069555 2009-07-08+09:12:35
I wanted to record a streamed radio show automatically once a week at a certain time, for a certain duration. Enter mplayer, cron and a simple shell script:
# show.sh URL="mmsh://url" DATE=$(date +%Y%m%d) OUTFILE="$HOME/Music/Show/show-$DATE.asf" [ -f "$OUTFILE" ] && rm -f "$OUTFILE" mplayer -dumpstream -dumpfile $OUTFILE $URL & PID=$! sleep 10800 kill $PID
Then add a cron entry as follows:
0 7 * * Sun $HOME/bin/show.sh
This will record the specified stream for three hours, every Sunday at 7am local time.