È una vergogna! Ditelo in giro!

November 15th, 2010 - 18:11May 20th, 2013 - 15:37 / bronto / Leave a comment

Quanto segue è la traduzione in Italiano di quanto compare in coda alla home page del progetto OpenSSH. Secondo me è un'informazione che merita di essere conosciuta e diffusa. Il grassetto nel testo l'ho aggiunto io.

Cortesemente date un'occhiata lla nostra pagina chi usa OpenSSH, che elenca solo alcune delle aziende che utilizzano OpenSSH nei loro prodotti — come funzionalità di accesso e sicurezza di importanza cruciale — anziché scrivere la loro implementazione di SSH o comprarne una da un'altra azienda. Questa lista include in particolare società come Cisco, Juniper, Apple, Red Hat e Novell; ma probabilmente include più o meno qualasiasi router, switch o sistema operativo Unix-like. Nei dieci anni passati dall'inizio del progetto OpenSSH queste società non hanno contribuito neanche un centesimo a supporto del progetto (nonostante numerose richieste).

Spread the word: that’s a shame!

November 15th, 2010 - 18:11May 20th, 2013 - 15:37 / bronto / Leave a comment

There is a note at the bottom of the OpenSSH project home page that well deserves to be said and spread (stress over paragraphs is mine):

Please take note of our Who uses it page, which list just some of the vendors who incorporate OpenSSH into their own products — as a critically important security / access feature — instead of writing their own SSH implementation or purchasing one from another vendor. This list specifically includes companies like Cisco, Juniper, Apple, Red Hat, and Novell; but probably includes almost all router, switch or unix-like operating system vendors. In the 10 years since the inception of the OpenSSH project, these companies have contributed not even a dime of thanks in support of the OpenSSH project (despite numerous requests).

Decoding “rrdtool info”

November 5th, 2010 - 16:11May 20th, 2013 - 15:37 / bronto / Leave a comment

Working with RRDTool again. I spent some time to make sense of what the command rrdtool info spits out. The easiest thing we can do is to go back to a command that creates a simple RRD file, then run rrdtool info on it, and see how the the two things map. … Continue reading →

Suggestion for next year budget

November 3rd, 2010 - 12:11May 20th, 2013 - 15:37 / bronto / Leave a comment

While trying to recover some backlog in the SAGE-members mailing list, I've come across this sticker. I would have laughed for it anyway, but the fact that I am currently fiddling with Cacti charts and data actually doubled the amount of laughter 🙂

Don't you think that any Sysadmin group in the world should have a few hundreds of these stickers in stock?

Renaming digital photos, time-wise

October 30th, 2010 - 18:10May 20th, 2013 - 15:37 / bronto / Leave a comment

It happens sometimes… or at least: it happened to me, and maybe it happened to you also 🙂 Well, anyway, it happens that you get a number of digital photos from different people, and of course their filenames don't match their chronological order. Is it possible to rename the files so that they can help sort this mess? Well, it is!

First, you need a small command line utility called exif. I assume you have an idea of what EXIF is.

With this command it is really easy to extract exif information from a digital photo, for example: the date you took the photo:

$ exif -t 0x9003 LD2K10_005.JPG
EXIF entry 'Data e ora (dati originali)' (0x9003, 'DateTimeOriginal') exists in IFD 'EXIF':
Tag: 0x9003 ('DateTimeOriginal')
  Format: 2 ('Ascii')
  Components: 20
  Size: 20
  Value: 2010:10:23 08:29:01

We have all the information we need, and maybe more. Now we need to get the information in the Value field, mangle it to a more "filename-friendly" format, and rename the file. And it's not that hard:

for FILE in *.JPG
do
  NEW=$(exif -t 0x9003 $FILE | awk '/Value/' | sed -e 's/^  Value: //' -e 's/://g' -e 's/ /-/')
  NEW="$NEW-$FILE"
  mv -v "$FILE" "$NEW"
done

The snippet above actually fits a one-liner:

for FILE in *.JPG ; do NEW=$(exif -t 0x9003 $FILE | awk '/Value/' | sed -e 's/^  Value: //' -e 's/://g' -e 's/ /-/') ; NEW="$NEW-$FILE" ; mv -v "$FILE" "$NEW" ; done

Good luck!

Using a makefile to automate a puppet installation

October 21st, 2010 - 15:10May 20th, 2013 - 15:37 / bronto / 2 Comments

The first make will back up some files. It is important to run it only once.

The second run, "make" alone, will go through the needed steps for installation: if rsync is not installed, it will install rsync; if the needed files are not present in the /puppet hierarchy, it will download the files using rsync; if puppet is not installed, it will install it; then, it will run puppetd with a bootstrap configuration file and… fail!

Yes, fail. Because you need to sign the host certificate, don't you? Once you signed it on the master node, then you'll run make config. If everything is properly configured, this will set up your host according to the manifests.

The last command, make test will just run a puppetd --test to ensure that everything is properly set up.

And that's all. Installing one host this way takes about 5 minutes, downloads included. And using cssh I could even install puppet on several machines in parallel.

Am I missing something? Oh, yes, the real Makefile 🙂

PUPPETMASTER=i.am.your.master.com
SYNCSERVER=$(PUPPETMASTER)

all: install config

install: /usr/bin/puppetd

config:
        puppetd --config /puppet/common/files/bootstrap/client.conf --server $(PUPPETMASTER) --test

test:
        puppetd --test

clean:
        -rm -rf /puppet
        -apt-get remove puppet facter
        -apt-get autoremove

backups:
        cp /etc/apt/sources.list{,.dist}

/usr/bin/rsync:
        apt-get install rsync

/puppet/usa/files/sources.list: sync-puppet-conf

/puppet/volatile/keys/apt: sync-puppet-conf

update: /puppet/usa/files/sources.list /puppet/volatile/keys/apt
        cp /puppet/usa/files/sources.list /etc/apt/sources.list
        apt-key add /puppet/volatile/keys/apt 
        apt-get update
        apt-key update

sync-puppet-conf: /usr/bin/rsync
        rsync -zav $(SYNCSERVER)::PuppetConf /puppet

/usr/bin/puppetd: update
        apt-get install puppet

Italian Linux Day 2010

October 15th, 2010 - 22:10May 20th, 2013 - 15:37 / bronto / Leave a comment

It's going to happen again for the tenth consecutive year. It's the Italian Linux Day, and I am going to present at the event in Cagliari.

I talked with a few colleagues about what the Italian Linux Day is, and it seems it's a kind of event that it's peculiar to Italy. That's why I decided to spend some half an hour to write about it in this blog and explain what it is. If you live in a different country than Italy, feel free to copy the idea and spread the word.

LUGs in Italy, and probably in all other countries, too, are more like a galaxy than like a phalanx. They don't coordinate, they don't act all together like an army. They do more or less the same things because they revolve around the same principle: share and spread knowledge about Linux and about Free Software.

What happened in 2001 is that the Italian Linux Society, and Davide Cerri in particular, realized that fact, and proposed the only kind of event that could unite all Italian LUGs together: the Linux Day.

How does it work? That's pretty simple indeed. … Continue reading →

It must be simpler than this…

October 7th, 2010 - 14:10May 20th, 2013 - 15:37 / bronto / Leave a comment

I sat down scratching my head… that ntp client was syncing perfectly in unicast, and didn't create any association once configured in multicast. "Dah, the same old problem", I told to myself, "it's not getting the packets, setting a multicast route will fix it".

So I prepared the usual debugging set: one window running tcpdump 'dst port ntp', one window on the client running watch ntpq -c pe -c as, another one with tail -f /var/log/syslog | grep ntp and a free shell window. To my surprise, as soon as I fired up tcpdump, multicast ntp packets showed up. "What the…?!" I said. … Continue reading →

Sending a minimal set of changes using rsync

October 6th, 2010 - 14:10May 20th, 2013 - 15:37 / bronto / 2 Comments

I had a small set of changes in a local git repository; I wanted to send it to an external repository where a number of nodes could fetch it, but introducing only the smallest amount of change. This command did the trick:

rsync -zav --delete --exclude .git 
  --no-owner --no-group 
  --checksum --omit-dir-times 
  . 
  root@somewhere:/path

My take into RRDtool

September 30th, 2010 - 12:09May 20th, 2013 - 15:38 / bronto / Leave a comment

I confess. Every time I found myself in need for some sort of Round-Robin Database, I took a peek at RRDtool, but that always looked too much complicated, so I gave up and crafted my task-specific tools.

But this time was different. There will be large amounts of data to report on, and a fully hand-crafted solution was not an option. So my RRDtool experience started, and I had to make sense of a number of stuff. But that seems much more understandable now, and I am glad I finally tried it (but much more to do, of course…). … Continue reading →

A sysadmin's logbook

in every challenge there is an opportunity