Using Splunk is great! It makes my IT life so much easier but occasionaly there is a use case to only run something once a week. While Splunk will allow this, it won’t allow you to ‘distribute’ running of the script across 7 days. For example you manage over 1000 servers and you require that the script is run by approx 1/7th of the servers each day, how do you do this easily without creating different server classes or whatever…

The solution is my python header script. Basically what is does is assign each server a number between 0 and 99, then splits up each day of the week into multiples of 14, eg Monday is 0-13 (inclusive), then checks if it’s own ‘number’ matches today’s numbers and runs the script if true.

#!/bin/env python
## Needed for weekday selection
import zlib
import datetime
import socket

## Weekday selection 
now = datetime.datetime.now()
today = now.weekday()
weekdayChooser = [0,14,28,42,56,70,84,100]

hostname = socket.gethostname()
hash = str(zlib.crc32(hostname))
# grab it from the back because sometimes negative values are given
dayToRun = int(hash[-2:])

## And finally check if its our day to run and runCode if it is...
if dayToRun in range(weekdayChooser[today],weekdayChooser[today +1]):
    runCode()

Seems that Firefox v31 and later has decided to remove access to sites encrypted with self signed certificates by default!

Anyway to resume some form of normality modify your “about:config” in the firefox address bar
Search for “security.use_mozillapkix_verification” and set it to “false”

That should do it.

Are you a paranoid nerd, who’s business requirements are very strict about IT security? No, well you may as well stop reading here.

Perhaps you have a business requirement to perform some random function on a server that only allows SSH access, but the rest of the business requires simple press button access to perform those functions?

Well with SSH force command wrappers, SSH keys and PHP you too can have simple click button access for the rest of the business!

Basically with a Linux apache server with PHP use the following code:
[Read More…]

So many times I need to measure the amount of IOPS on a Linux disk/storage system. While there are many tools for the jobs they just don’t seem to give you a ‘number’. For example Splunk indexers require 1200+ IOPS according to hardware recommendation guides but how do you find out if your any where close to that number? Use ‘bonnie++’, ‘iozone’ or perhaps ‘fio’? Well use any of those tools will create the type of read / write sequence you would like to replicate - but where the damn magic number???

Easiest two ways are:
Method #1:
run iozone -a (or bonnie++) in one screen then in another session / terminal use nmon, pressing D (capital D) to get disk stats and get the number from the Xfers column. This is your magic number (or IOPS reading)

┌nmon─14i─────────────────────Hostname=reddragon─────Refresh= 2secs ───19:51.57─
│ Disk I/O ──/proc/diskstats────mostly in KB/s─────Warning:contains duplicates─
│DiskName Busy    Read    Write       Xfers   Size  Peak%  Peak-RW    InFlight
│sda       99%    699.9     14.0KB/s  178.0   4.0KB  493%    3658.8KB/s   1   
│sda1       0%      0.0      0.0KB/s    0.0   0.0KB    0%       0.0KB/s   0   
│sda2      99%    699.9     14.0KB/s  178.0   4.0KB  493%    3658.8KB/s   1   
│dm-0       0%      0.0      0.0KB/s    0.0   0.0KB    0%       0.0KB/s   0   
│dm-1      99%    699.9     14.0KB/s  178.5   4.0KB  494%    3658.8KB/s   1   
│dm-2       0%      0.0      0.0KB/s    0.0   0.0KB   76%    2553.5KB/s   0   
│Totals Read-MB/s=2.1      Writes-MB/s=0.0      Transfers/sec=534.4 

In the above example I’m getting about 178 IOPS for my disk ’sda’

Method #2:
run fio with the correct workload (google how to use fio) and while it’s running it will actually tell you the IOPS.

[root@reddragon ~]# fio random-read-test.fio 
random-read: (g=0): rw=randread, bs=4K-4K/4K-4K/4K-4K, ioengine=sync, iodepth=1
fio-2.0.13
Starting 1 process
Jobs: 1 (f=1): [r] [85.1% done] [736K/0K/0K /s] [184 /0 /0  iops] [eta 00m:28s]

In this example I am getting 184 IOPS. Also if you wait until fio finishes it run - you can the IOPS reading from there. Eg.

random-read: (g=0): rw=randread, bs=4K-4K/4K-4K/4K-4K, ioengine=sync, iodepth=1
fio-2.0.13
Starting 1 process
Jobs: 1 (f=1): [r] [98.9% done] [2224K/0K/0K /s] [556 /0 /0  iops] [eta 00m:02s]
random-read: (groupid=0, jobs=1): err= 0: pid=7239: Tue Feb 25 16:49:16 2014
  read : io=131072KB, bw=747406 B/s, iops=182 , runt=179578msec
    clat (usec): min=107 , max=117530 , avg=5473.62, stdev=4112.08
     lat (usec): min=107 , max=117531 , avg=5473.93, stdev=4112.08
    clat percentiles (usec):
     |  1.00th=[  245],  5.00th=[  302], 10.00th=[  370], 20.00th=[ 2480],
<SNIP>

As you can see: iops=182 - pretty consistent with the other results!

Recently I installed Wordpress. There was a requirement to get Single Sign On (SSO) working for the admin users.
Googling for Shibboleth and Wordpress brings up a Wordpress plugin that hasn’t been updated in over two years.

There were some problems with this plugin:
1). It didn’t work. I thought I’d try it any way, it’s broken.
2). The plugin automatically creates users in the Wordpress DB if they don’t exist.
Ideally in our secure environments we don’t want users getting automatically created anywhere.

I thought about trying to fix the plugin, but considering I don’t really do PHP or Wordpress the time investment would be too high. Therefore I started looking for alternative SSO methods or rather SSO plugins. After thinking about how our other SSO based sites worked I remembered about the REMOTE_USER Apache variable. (Cue Google…)

The solution was to uninstall the broken Shibboleth2 plugin and install the ‘HTTP Authentication’ plugin here. Just ensure /wp-admin/ location in protected by Shibboleth and manually create the users in Wordpress. If they don’t exist in Wordpress then they fail to login…Exactly what we require!