OpenSSL

  • A useful script that discovers the expiry date for a given certificate: ssl-expiry-date. At some point I slightly modified this script to read a Bind DNS zone file and check each A record for SSL Expiry, for the purpose of discovering which subdomains were using a wildcard SSL certificate. I should publish that somewhere some day...

  • A very clear explanation of SSL encryption, not specific to OpenSSL, but it uses OpenSSL for all its examples: Secure your website with SSL encryption.

Posted: 2015-07-01

Stale NFS Causes BackupPC fileListReceive Failure

Recently, one of my BackupPC clients running CentOS failed to backup, with the contents of the host log being:

    2015-06-10 01:40:10 incr backup started back to 2015-05-16 08:56:42 (backup #600) for directory /
    2015-06-10 21:40:18 Aborting backup up after signal ALRM
    2015-06-10 21:40:18 Got fatal error during xfer (fileListReceive failed)

...and the last bad XferLOG containing:

    fileListReceive() failed

This happened a couple of times in a row, and the interval between the start time of the backup and the failure was consistently 20 hours. While checking, I noticed that an rsync process started on the client by BackupPC was running for about a week. I did an strace -p <PID> on the process ID of rsync and noticed that it was trying to stat an old NFS export, mounted from a server that no longer exists.

Although there are other ways to fix this, it was OK for this host to be rebooted at the time, problem solved.

Posted: 2015-06-18 Tags: backuppc, nfs

/etc/snmp/snmpd.conf

Sometimes, snmpd will report the wrong speed of a network interface. For example, the following output shows a speed of 10Mbps, whereas the ethernet port on the server is actually working at 100Mbps:

    IF-MIB::ifIndex.2 = INTEGER: 2
    IF-MIB::ifDescr.2 = STRING: eth0
    IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6)
    IF-MIB::ifMtu.2 = INTEGER: 1500
    IF-MIB::ifSpeed.2 = Gauge32: 10000000

The Net-SNMP documentation mentions this. This can be manually fixed with the interface directive in snmpd.conf, for example:

    interface eth0 6 100000000
Posted: 2015-06-18

keepalived

Notes:

  • lb_algo determines which real server gets to serve a request, and possible algorithms include round-robin (weighted or not), least-connections (weighted or not), etc (see RHEL docs).
  • lb_kind determines how the real server receives the request, and the supported methods on RHEL 7 are NAT and DR.

lb_kind DR

Notes:

  • The load balancers and the real servers need to be on the same network segment
  • The Virtual IP is configured on all real servers, and real servers need to be configured to ignore ARP requests for the virtual IP. This can be achieved with either arptables, or iptables or sysctl configuration.

See also

Posted: 2015-05-21

Unetbootin

This article has helped me create bootable Windows installation USBs when installating from an optical drive was not an option:

Posted: 2015-05-09

Features disabled when VMware Evaluation Expires

As a note to myself and a future reference, here is a list of features of VMware ESXi 6 that get disabled when the 60-day evaluation period expires.

Read More →
Posted: 2015-04-27 Tags: vmware

Building VMware ESXi 4 Tools on CentOS 6

CentOS 6 is not directly supported by version 4 of the VMware ESXi hypervisor, which means that there are no precompiled binaries for the kernel modules required for the VM to talk to the host. This short guide shows you how to manually compile the tools. Note that every time that you upgrade to a newer kernel version, you will have to do this from scratch -- you will have to compile the tools against the new kernel's headers.

Here's the procedure:

  1. From the vSphere client, right click on the machine, open the "Guest" menu and select "Install/Upgrade VMware Tools". This will insert a virtual optical drive in the VM.

  2. Mount the virtual optical drive, not directly on the /mnt directory, since that will be used later by the installer. For example:

    mkdir /mnt/vmware-tools
mount -o loop /dev/cdrom /mnt/vmware-tools

  3. Copy the tools in a writeable location (the mount point of the virtual optical drive will be read-only) and decompress it. For example:

    cp /mnt/vmware-tools/VMwareTools-4*.tar.gz /root/
cd /root/
tar zxvf VMwareTools-4*.tar.gz

  4. Before starting the installation, install a C compiler and the kernel's source code, since the VMware tools installer will need the kernel headers to include while compiling the modules. For example:

    yum install gcc
yum install kernel-headers

  5. Next, start the installation. It will ask a lot of questions, on which you can (most probably) accept the default answers.

    cd /root/vmware-tools-distrib
./vmware-install.pl

  6. Finally, even though you don't normally need to reboot, do it anyway if you can. That way you will verify that the kernel modules are properly loaded after a reboot. You can check that with:

    [root@centos-6 ~]# lsmod | grep '^vm'
vmmemctl                8642  0 
vmware_balloon          7199  0

  7. If everything went fine, you might want to clean up the files you copied and extracted, although keeping them will speed up the reinstallation of the tools in case you upgrade the kernel to a newer version.

Posted: 2015-04-27

HAProxy
Posted: 2015-04-20

Zimbra

Step by step guides on how to install Zimbra on either CentOS 7 or Ubuntu.

Posted: 2015-04-11

OSQuery

http://sysadvent.blogspot.com/2014/12/day-3-so-server-tell-me-about-yourself.html

Posted: 2015-04-09
About

Hello, I'm Marios Zindilis and this is my website. Opinions are my own. You also find me on LinkedIn and GitHub.

Unless otherwise specified, content is licensed under CC0.

Search
Tags

angular, aws-cdk, aws-cli, aws-ec2, aws-rds, aws-s3, backuppc, boto3, cisco, django, firefox, imdb, juniper, linux-mint, markdown2, mysql, nfs, performance-optimization, python, regular-expressions, typescript, ubuntu, vim, virtualbox, vlc, vmware, zenoss