GlusterFS: host, is not befriended at the moment

When attempting to expand the replication distrubted file system of our cluster nodes I struck the error message:

[root@index03 ~]# gluster volume replace-brick drvol01 index04:/srv/gluster/drbrk02 index05:/srv/gluster/drbrk01 start
index05, is not befriended at the moment

Which was strange considering the previous ‘peer probe’ from another host to join the new server (index05) was successfully:

[root@index04 ~]# gluster peer probe index05
Probe successful 

I think the only clue was (on the last line):

[root@index03 drbrk02]# gluster peer status
Number of Peers: 4

Hostname: index02
Uuid: 31c0f246-0a8b-4c68-8ffa-42b2e6bb42ce
State: Peer in Cluster (Connected)

Hostname: index04
Uuid: ca61b983-b8fd-4fcc-848a-6c33f102cd5c
State: Peer in Cluster (Connected)

Hostname: index01
Uuid: b9bc474c-0017-4191-82b9-5760ba0d00fc
State: Peer in Cluster (Connected)

Hostname: index05
Uuid: c6a7cb83-4c1f-42ff-8421-bea9cc911d0f
State: Accepted peer request (Connected)

Anyway I confirmed that there were no firewall rules blocking the requests Doco: Gluster Firewall Ports and restarted the glusterd service on index05, which seems to have resolved the problem.

[root@index03 ~]# gluster peer status
Number of Peers: 4

Hostname: index02
Uuid: 31c0f246-0a8b-4c68-8ffa-42b2e6bb42ce
State: Peer in Cluster (Connected)

Hostname: index04
Uuid: ca61b983-b8fd-4fcc-848a-6c33f102cd5c
State: Peer in Cluster (Connected)

Hostname: index01
Uuid: b9bc474c-0017-4191-82b9-5760ba0d00fc
State: Peer in Cluster (Connected)

Hostname: index05
Uuid: c6a7cb83-4c1f-42ff-8421-bea9cc911d0f
State: Peer in Cluster (Connected)

In summary I believe there were firewall rules in place, when the ‘gluster peer probe index05′ was run. The rules were removed, but the gluster daemon on index05 then required a restart to become active in the cluster.

Import private key and certificate into java keystore

How to import RSA private key into java keystore for tomcat
# You need:
# Your CA signed certificate (acme.com)
# Your private key (RSA)
# Your CA intermediate Certificate

# Import the certificates and key into a PKCS12 bundle

openssl pkcs12 -export -in certs/acme.com.crt -inkey acme.com.key -CAfile certs/DigiCertCA.crt  
-name "acme.com-2013-2014" -out acme.com.p12

(Remember the password you assigned it)

# Check if it worked:

openssl pkcs12 -in acme.com.p12  -info

# Import the PKCS12 bundle into a java keystore:

keytool -importkeystore -deststorepass YOUR-PASSWORD -destkeystore acme-keystore  -srckeystore acme.com.p12 
-srcstoretype PKCS12 -srcstorepass YOUR-PASSWORD 

Entry for alias acme.com-2013-2014 successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled

# Check your keystore:

keytool -list -keystore acme-keystore

Output should be similar to:

Enter keystore password:  YOUR-PASSWORD

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: acme.com-2013-2014
Creation date: Jan 3, 2013
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
-----BEGIN CERTIFICATE-----
keytool -list -keystore acme-keystore
Enter keystore password:  

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

acme.com.au-2013-2014, Jan 3, 2013, PrivateKeyEntry, 
Certificate fingerprint (SHA1): FA:A6:A3:42:95:34:15:68:26:35:40:18:8D:50:68:D4:15:C8:12:9E

# And match it against the import:

openssl x509 -fingerprint -in certs/acme.com.au.crt -noout
SHA1 Fingerprint=FA:A6:A3:42:95:34:15:68:26:35:40:18:8D:50:68:D4:15:C8:12:9E

Generate Entropy for Linux under VMware

Often with virtualised servers you can have a slow time generating entropy for virtualised systems and you get stuck with this message:

 We need to generate a lot of random bytes. It is a good idea to perform some other action (type on
 the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the 
random number generator a better chance to gain  enough entropy.
 

The quickest way in my opinion is the following command. Just make sure you have a dvd / cdrom iso mounted and connected with vmware.

 until [ 1 = 0 ]; do dd if=/dev/sr0 of=/tmp/dvd.iso; rm /tmp/dvd.iso -f; done 

and ^C when your done!

How To Obsure / Obfusticate Bash Shell Scripts

I had a requirement to make a shell script obsured or obfusticated.

The first step is to get your bash script and wrap it in some python.

Let take the bash script as an example: (hello.sh)

#!/bin/bash
echo "Hello World"
echo "Hopefully nobody can see these strings of text"

Next modify hello.sh to look like: (hello.sh.py)

#!/usr/bin/python
import zlib, binascii
data = '''
#!/bin/bash
echo "Hello World"
echo "Hopefully nobody can see these strings of text"
'''

compData = zlib.compress(data)
hexData = binascii.hexlify(compData)
print (hexData)

Next execute: python hello.sh.py
You should get the following output:

789c35c8cd0d80200c06d03b537ce200ace1069ef92942d2b4866222db7bf21d9fdbb
790ba8414ad39ca4de10f62569c3ab8f8bff4a6fa302f88262d0b390a8c08b391116c8e2e9741
2b26bdd3bb0fc3a51d13

Copy that string and insert into another file, replacing the data section as per below: (temp.py)

#!/usr/bin/python
import os, sys, stat, zlib, subprocess, tempfile, binascii

data = '789c35c8cd0d80200c06d03b537ce200ace1069ef92942d2b4866222db7bf21d9fdbb790ba8414
ad39ca4de10f62569c3ab8f8bff4a6fa302f88262d0b390a8c08b391116c8e2e97412b26bdd3bb0fc3a51d13'

data = binascii.unhexlify(data)
tmpFile = tempfile.mkstemp()
tmpFile = tmpFile[1]
try:
        fd = os.open(tmpFile, os.O_CREAT|os.O_RDWR)
        f = os.fdopen(fd, 'w')
        f.write(zlib.decompress(data))
        f.write('n')
        f.close()

        os.chmod(tmpFile, 0700) 
        #os.chmod(tmpFile, stat.S_IEXEC) 
        subprocess.Popen(["/bin/bash", tmpFile]).wait()
finally:
        os.remove(tmpFile)

Save that file and load your python interpretor and type the following:

$ python
Python 2.7.3 (default, Jul 24 2012, 10:05:38) 
[GCC 4.7.0 20120507 (Red Hat 4.7.0-5)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import py_compile
>>> py_compile.compile("temp.py")
>>> exit() 

Now cat the .pyc that got created through base64

cat temp.pyc | base64

A/MNCgDqv1BjAAAAAAAAAAAFAAAAQAAAAHMcAQAAZAAAZAEAbAAAWgAAZAAAZAEAbAEAWgEAZAAA
ZAEAbAIAWgIAZAAAZAEAbAMAWgMAZAAAZAEAbAQAWgQAZAAAZAEAbAUAWgUAZAAAZAEAbAYAWgYA
ZAIAWgcAZQYAaggAZQcAgwEAWgcAZQUAagkAgwAAWgoAZQoAZAMAGVoKAHqIAGUAAGoLAGUKAGUA
AGoMAGUAAGoNAEKDAgBaDgBlAABqDwBlDgBkBACDAgBaEABlEABqEQBlAwBqEgBlBwCDAQCDAQAB
ZRAAahEAZAUAgwEAAWUQAGoTAIMAAAFlAABqFABlCgBkBgCDAgABZQQAahUAZAcAZQoAZwIAgwEA
ahYAgwAAAVdkAQBlAABqFwBlCgCDAQABWGQBAFMoCAAAAGn/////TnSmAAAANzg5YzM1YzhjZDBk
ODAyMDBjMDZkMDNiNTM3Y2UyMDBhY2UxMDY5ZWY5Mjk0MmQyYjQ4NjYyMjJkYjdiZjIxZDlmZGJi
NzkwYmE4NDE0YWQzOWNhNGRlMTBmNjI1NjljM2FiOGY4YmZmNGE2ZmEzMDJmODgyNjJkMGIzOTBh
OGMwOGIzOTExMTZjOGUyZTk3NDEyYjI2YmRkM2JiMGZjM2E1MWQxM2kBAAAAdAEAAAB3cwEAAAAK
acABAABzCQAAAC9iaW4vYmFzaCgYAAAAdAIAAABvc3QDAAAAc3lzdAQAAABzdGF0dAQAAAB6bGli
dAoAAABzdWJwcm9jZXNzdAgAAAB0ZW1wZmlsZXQIAAAAYmluYXNjaWl0BAAAAGRhdGF0CQAAAHVu
aGV4bGlmeXQHAAAAbWtzdGVtcHQHAAAAdG1wRmlsZXQEAAAAb3BlbnQHAAAAT19DUkVBVHQGAAAA
T19SRFdSdAIAAABmZHQGAAAAZmRvcGVudAEAAABmdAUAAAB3cml0ZXQKAAAAZGVjb21wcmVzc3QF
AAAAY2xvc2V0BQAAAGNobW9kdAUAAABQb3BlbnQEAAAAd2FpdHQGAAAAcmVtb3ZlKAAAAAAoAAAA
ACgAAAAAcwwAAABiYXNoLXRlbXAucHl0CAAAADxtb2R1bGU+AgAAAHMaAAAAVAIGAg8BDAEKAQMB
HAESARYBDQEKAhACHQI=

Copy that block of data into the following production ready script: (final-product.sh)

#!/bin/bash

DECODED=`mktemp`

cat << EOF | base64 -d > $DECODED
A/MNCgDqv1BjAAAAAAAAAAAFAAAAQAAAAHMcAQAAZAAAZAEAbAAAWgAAZAAAZAEAbAEAWgEAZAAA
ZAEAbAIAWgIAZAAAZAEAbAMAWgMAZAAAZAEAbAQAWgQAZAAAZAEAbAUAWgUAZAAAZAEAbAYAWgYA
ZAIAWgcAZQYAaggAZQcAgwEAWgcAZQUAagkAgwAAWgoAZQoAZAMAGVoKAHqIAGUAAGoLAGUKAGUA
AGoMAGUAAGoNAEKDAgBaDgBlAABqDwBlDgBkBACDAgBaEABlEABqEQBlAwBqEgBlBwCDAQCDAQAB
ZRAAahEAZAUAgwEAAWUQAGoTAIMAAAFlAABqFABlCgBkBgCDAgABZQQAahUAZAcAZQoAZwIAgwEA
ahYAgwAAAVdkAQBlAABqFwBlCgCDAQABWGQBAFMoCAAAAGn/////TnSmAAAANzg5YzM1YzhjZDBk
ODAyMDBjMDZkMDNiNTM3Y2UyMDBhY2UxMDY5ZWY5Mjk0MmQyYjQ4NjYyMjJkYjdiZjIxZDlmZGJi
NzkwYmE4NDE0YWQzOWNhNGRlMTBmNjI1NjljM2FiOGY4YmZmNGE2ZmEzMDJmODgyNjJkMGIzOTBh
OGMwOGIzOTExMTZjOGUyZTk3NDEyYjI2YmRkM2JiMGZjM2E1MWQxM2kBAAAAdAEAAAB3cwEAAAAK
acABAABzCQAAAC9iaW4vYmFzaCgYAAAAdAIAAABvc3QDAAAAc3lzdAQAAABzdGF0dAQAAAB6bGli
dAoAAABzdWJwcm9jZXNzdAgAAAB0ZW1wZmlsZXQIAAAAYmluYXNjaWl0BAAAAGRhdGF0CQAAAHVu
aGV4bGlmeXQHAAAAbWtzdGVtcHQHAAAAdG1wRmlsZXQEAAAAb3BlbnQHAAAAT19DUkVBVHQGAAAA
T19SRFdSdAIAAABmZHQGAAAAZmRvcGVudAEAAABmdAUAAAB3cml0ZXQKAAAAZGVjb21wcmVzc3QF
AAAAY2xvc2V0BQAAAGNobW9kdAUAAABQb3BlbnQEAAAAd2FpdHQGAAAAcmVtb3ZlKAAAAAAoAAAA
ACgAAAAAcwwAAABiYXNoLXRlbXAucHl0CAAAADxtb2R1bGU+AgAAAHMaAAAAVAIGAg8BDAEKAQMB
HAESARYBDQEKAhACHQI=
EOF

python $DECODED
rm $DECODED

Now run ./final-product.sh

Hello World
Hopefully nobody can see these strings of text

Hopefully you can make this useful with your own script! –Cam

Or just use SHC http://www.thegeekst … t-bash-shell-script/

Delete certain messages from Postfix Queue

Ever had some alerting software spam your production mail queue with 1000’s of alerts?
And you dont want to delete every message individually…

Here is the solution to delete all messages destined for user@example.com:

mailq | tail -n +2 | grep -v '^ *(' | 
gawk 'BEGIN {RS = ""} /user@example.com/ {print $1}' | 
tr -d '*!' | postsuper -d - 

Thanks to http://www.keithscode.com for that one!