Smokes your problems, coughs fresh air.

Author: halfgaar (Page 10 of 26)

Halfgaar is Wiebe. Wiebe is a contributing author on this weblog. He also has a lot of stuff (such as long, in-depth articles) on his personal website.

Wiebe's day job is as a senior software developer and system administrator at YTEC.

In his free time, he built the free, open-source FlashMQ software. Together with Jeroen and Rowan, he is now building a managed MQTT hosting business around his open masterpiece.

Tracking Xen domU’s with munin

To view statistics of your xen server with Munin (source):

cd /usr/local/share/
mkdir -p munin/plugins
cd munin/plugins
wget http://wiki.kartbuilding.net/xen_traffic_all
wget http://wiki.kartbuilding.net/xen_cpu_percent
chmod 755 xen_traffic_all xen_cpu_percent
ln -s /usr/local/share/munin/plugins/xen_traffic_all /etc/munin/plugins/
ln -s /usr/local/share/munin/plugins/xen_cpu_percent /etc/munin/plugins/
vim /etc/munin/plugin-conf.d/munin-node

#add the following:
[xen_traffic_all]
user root
[xen_cpu_percent]
user root

/etc/init.d/munin-node restart

Original links:

I wanted to attach the scripts, but because of upload problems, I can’t…

Getting a better MySQL prompt

When you want to see which user you are and which database you’re working with, put this in .my.cnf:

prompt=(\\u@\\h) [\\d]>\\_

Too bad mysql doesn’t support color. You can make it work with rlwrap, but that’s kind of clumsy.

edit: hmm, this destroys mysqldump… argh.

Installing a commercial SSL certificate in Zimbra

Edit: now in 2020, with Zimbra 8, and Startcom out of business, things have changed a bit. So, here are the steps now, for a Sectigo certificate (and referring to their directory structure):

  • Copy ‘Linux/mail.example.com.ca-bundle’ to ‘/tmp/ca_bundle.crt’. Run ‘chown zimbra:zimbra /tmp/ca_bundle.crt’. (the name of the file suggests that your certificate is in the bundle, but it’s just the authority’s)
  • Copy ‘mail.example.com.crt’ to ‘/tmp/ssl.crt’ and run ‘chown zimbra:zimbra /tmp/ssl.crt’
  • Copy ‘mail.example.com.key’ to ‘/opt/zimbra/ssl/zimbra/commercial/commercial.key’ and ‘chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key’
  • ‘su – zimbra’ and then ‘/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/ca_bundle.crt’
  • A restart may not even be necessary. My monitoring already started alerting me about the recovery before hand, but just in case, also as user zimbra: ‘zmcontrol stop && zmcontrol start’

Old post:

I installed a commercial (free) SSL certificate from Startcom SSL in Zimbra. I basically followed this, except the java keytool thing. I don’t know why that is necessary… I did this on Zimbra 6.0.10_GA_2692.UBUNTU8_64 UBUNTU8_64 FOSS edition.

  • Download the ca.pem and sub.class1.server.ca.pem (the CA for the free class 1 validation) to /tmp/
  • Cat the CA certs to form a single CA certificate chain file: cat ca.pem sub.class1.server.ca.pem > ca_bundle.crt
  • Place server certificate in /tmp/ssl.crt.
  • Place the private key in /opt/zimbra/ssl/zimbra/commercial/commercial.key
  • Deploy the commercial certificate with zmcertmgr as the root user: /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/ca_bundle.crt
  • Restart zimbra: su zimbra, then zmcontrol stop && zmcontrol start

Installing Munin-node on a Debian or Ubuntu machine

If you want to gather statistics on a machine with a Munin server, install munin node:

aptitude -P install munin-node munin-plugins-extra

You will also need:

aptitude -P install libio-all-lwp-perl lynx

To make sure apache status works, go to /usr/share/munin/plugins and type:

./apache_processes autoconf

This will tell if your machine is configured correctly. On every machine that I install munin, it seems it has different dependencies, and if you’re missing anything, this autoconf will tell.

One of the things it will often say, is to enable extended status. Put that in /etc/apache2/mods-enabled/status.conf:

<IfModule mod_status.c>
blablabla
 
ExtendedStatus on
 
</IfModule>

Beware though, extended status makes apache slower.

You can then go to /etc/munin/plugins and symlink all apache_* from /usr/share/munin/plugins there. It may have already done that if the autoconf conditions were met when you installed them, but I’m not sure.

Then either set the allowed server IP address in /etc/munin/munin-node.conf, or do as I do and add this to that config:

Allow ^.*$

And use iptables to only allow access from a given IP to port 4949.

Fixing locale message in Ubuntu when logging in or SCPing

I’ve encountered this error occasionally when loggin in:

-bash: warning: setlocale: LC_ALL: cannot change locale (nl_NL.UTF-8)

This breaks things like scp or bzr via sftp. To fix it, I followed this advice:

cd /var/lib/locales/supported.d
cat /usr/share/i18n/SUPPORTED|grep -i nl > nl
dpkg-reconfigure locales

It’s not really pretty though; it shouldn’t give an error at all when a locale is missing. I mean, this way, I have to generate every possible locale to support logins from all over the world…

Getting a Xen hvc0 on a stock Ubuntu

When you install Ubuntu in Xen with xen-create-image, the console is automatically handled. If you want to add a console to a stock-installed Ubuntu, add this file to /etc/init and call it hvc0.conf:

# hvc0 - getty
#
# This service maintains a getty on hvc0 from the point the system is
# started until it is shut down again.
 
start on stopped rc RUNLEVEL=[2345]
stop on runlevel [!2345]
 
respawn
exec /sbin/getty -8 38400 hvc0

Useful extra Nagios commands

Here are some useful extra nagios commands I often use:

define command{
        command_name    notify-host-by-sms
        command_line    /usr/local/sbin/send-sms.sh -n $CONTACTPAGER$ -m "$HOSTNAME$: $HOSTSTATE$"
}
 
define command{
        command_name    notify-service-by-sms
        # Don't use service state, otherwise you only ever get to see 'critical' and not the reason.
        command_line    /usr/local/sbin/send-sms.sh -n $CONTACTPAGER$ -m "$SERVICEDESC$ on $HOSTNAME$: $SERVICEOUTPUT$"
}
 
define command{
        command_name    check_imaps
        command_line    /usr/lib/nagios/plugins/check_imap -H '$HOSTADDRESS$' --ssl -p 993 --certificate 15
}
 
define command{
        command_name    check_rdp
        command_line    /usr/local/lib/nagios/plugins/check_x224 -H $HOSTADDRESS$ -p $ARG1$ -w 10 -c 50
}
 
define command{
  command_name  check_pops
  command_line  /usr/lib/nagios/plugins/check_pop -H '$HOSTADDRESS$' --ssl -p 995 --certificate 15
}
 
define command{
  command_name  check_smtps
  command_line  /usr/lib/nagios/plugins/check_tcp -H $HOSTADDRESS$ -p 465
}

« Older posts Newer posts »

© 2024 BigSmoke

Theme by Anders NorenUp ↑