Detecting runaway processes

July 27th, 2012 - 12:07May 20th, 2013 - 15:33 / bronto / 1 Comment

A simple one liner I used to take a stroll on a few systems, and see where I had a runaway backend process. This uses ps's command extended options (-o); I almost never use those, so I thought it was better to make a note to myself 🙂
That sort command could be crafted better, but it did its job in this case.

$ for SERVER in x{1..6} ; do echo $SERVER ; ssh -n $SERVER 'ps -C backend -o bsdtime,pid,comm | grep -v TIME | sort -rn | head -n 3' ; done

I'd like to investigate how to manage such a situation automatically using CFEngine. Will try that sooner or later 😉

The hectic week of the leap second

July 5th, 2012 - 16:07April 16th, 2015 - 19:23 / bronto / Leave a comment

Last week has been an hectic period:

we’ve been hit by the leap second announcement bug
others around the internet have been, as well
…not to mention those hit by the leap second itself
Wired put my name on an article twice, which started a “citation spree” around the globe
I’ve finally realized my proposition to start on Twitter (@brontolinux)
I’ve been appointed as one of the CFEngine champions 2012

I’ll try to sum up, and conclude with a take-away lesson for next leap second.

Continue reading →

Trying out NFSv4 (on Linux and Solaris)

March 15th, 2012 - 13:03May 20th, 2013 - 15:33 / bronto / 4 Comments

I've been always eager to test NFSv4 since it was about to be released, but never managed to, for several reasons. Now, having both a Linux and a Solaris workstation on my desk, I decided it was time to give it a try. … Continue reading →

Bug affecting NTP multicast users on Linux

January 31st, 2012 - 12:01May 20th, 2013 - 15:34 / bronto / Leave a comment

…and not just them.

It's the debian bug #654876 (CVE-2012-0207), which was introduced in the Linux kernel version 2.6.36, and affects IPv4 Multicast users. In particular, if you are using NTP multicast on that kernel version or higher, you are affected.

This bug seems easily exploitable in a local network, and may be used for denial of service attacks. Patches are available for Linux 3.0.17, 3.1.9, 3.2.1, with Debian porting it to their kernel package version 3.1.8-2.

For more information, see Ben's technical blog

Solaris 11 as an NFS client to Linux

December 1st, 2011 - 15:12May 20th, 2013 - 15:34 / bronto / Leave a comment

Other strangeness again, but I am not going to blame it on Solaris this time 🙂 I was trying to make my Solaris workstation an NFS client to the Linux machine (the other way round compared to what I did months ago). /etc/exports was well configured on the Linux side, and I could actually mount my home directory from the machine itself:

mount localhost:/export/home/bronto /mnt

worked just fine. However, when I tried mounting from Solaris, I got a "No such file or directory".

After some research, it turned out that Solaris attempts to use NFSv4 by default; Linux NFS server has NFSv4 enabled, but the share was not exported with that protocol (only in NFSv3). So I could either export the share in NFSv4, or force Solaris to use NFSv3. I was short on time so I chose the second solution.

My /etc/auto_home now looks like this:

#
# Home directory map for automounter
#
bronto  -vers=3 linuxws:/export/home/&
+auto_home

and that just works. But I guess I'll be trying the NFSv4 version soon in the future 🙂

Say no to letter!

October 11th, 2011 - 17:10May 20th, 2013 - 16:11 / bronto / Leave a comment

Nothing against the postal service here. Rather, I was trying to turn a small PDF document, four A4 pages, into a booklet that could fit into a single A4 sheet, printed on both sides. Nothing frightful here, it's a simple command chain. Yet, some commands in the chain switch from the A4 format to letter, and I happen not to like their initiative 🙂

If you need to make such a booklet from file.pdf to booklet.pdf, and want it to stay A4 throughout the process, you need to do this:

pdf2ps file.pdf - | psbook | psnup -2 -pa4 | ps2pdf -sPAPERSIZE=a4 - booklet.pdf

For some reason, psnup and ps2pdf think they should turn A4 into letter. To force A4 in psnup, you use the -p option. ps2pdf uses the same options as ghostscript (gs), hence the -sPAPERSIZE=a4 there.
Also notice the dash in pdf2ps file.pdf -: if you don't use the dash, ps2pdf will output to file.ps, the rest of the chain will starve, leaving you with a funny empty booklet.pdf document.
ps2pdf is also a bit picky, and you need to explicitly tell it that it should read from the standard input (the dash) and write to booklet.pdf.

Have fun!

New article in Free Software Magazine

September 21st, 2011 - 17:09May 20th, 2013 - 15:34 / bronto / Leave a comment

A new article of mine is on the home page of the Free Software Magazine. It is entitled "Firewall consistency with Firewall Builder". Enjoy!

Installing OpenOffice.org 3.3.0

September 21st, 2011 - 10:09May 20th, 2013 - 16:13 / bronto / Leave a comment

Currently I am using Ubuntu Linux 10.04 LTS on my workstation. I will switch back to Debian as soon as I have time, but for now this is what I have to bear with.

Recently, I've been annoyed by a stupid bug in OpenOffice's presentation effects. This distribution ships with 3.2.0. Once I verified that 3.3 was not affected by this bug, I decided to install it on my system using the official DEB packages.

Unfortunately, the installation instructions in the installation guide are not completely accurate. Since I am going to do this installation on all my PCs, it's better I make a note. And I'll do it here.

The dpkg line in the installation procedure should actually read as:

dpkg -i --force-overwrite openoffice.org*.deb desktop-integration/openoffice.org3.3-debian-menus_3.3-9556_all.deb ooobasis3.3-*.deb

(prefix it with sudo if you are not root).

That will install openoffice on your system, and also update GNOME menus.

My first puppet facts

September 9th, 2011 - 14:09May 20th, 2013 - 16:13 / bronto / 2 Comments

An apparently simple problem: have puppet manage an host's own entries: the localhost one, and the hostname's one. Well, we have plenty of facts to help us with this: we have ipaddress, and hostname, and fqdn. It should be simple, right?

But think. What happens if the host is multihomed? What if one of the interfaces is a bond interface? Does facter choose a value for ipaddress in a smart way?

Unfortunately, it doesn't. And to make it smart, you have to feed it the right thing. And to feed it, you need to write code in Ruby. Oh oh…

I decided to give it a try, and to pull in some shell script to actually do the job (bad thing, I know, but I really don't have time to learn ruby; and when I'll use some time to learn another programming language, I'd go through python and perl 6 first). … Continue reading →

Too late to fix it

September 7th, 2011 - 13:09May 20th, 2013 - 16:15 / bronto / Leave a comment

We installed a new datacenter right before I went on vacation, and of course we set up an NTP synchronization subnet there. As always, we configured four NTP multicast servers, and the rest as clients (we are talking about several hundreds of servers). The servers were running Debian Linux "Squeeze", while the vast majority of the clients was running Debian Linux "Lenny". For reasons I am not going to discuss here, using Squeeze instead of Lenny is not an option.

Right after the configuration was done, I noticed a really odd thing: all clients displayed a poll interval of 1024 seconds for one of the servers. This is just nonsense, as each server sends an NTP packet every 64 seconds. Anyway, the clients were in good sync so I decided I would investigate this after my vacation. And so I did. … Continue reading →

A sysadmin's logbook

in every challenge there is an opportunity

linux