HOAB

History of a bug

SSH remote connection in cron is refused

Rédigé par gorki Aucun commentaire

Problem :

I was creating a simple cron job to connect to from remote-server-1 to remote-server-2.

Testing the job with direct call or run-parts was OK

# direct call to my script
/home/admin/myscript.sh

# or with run-parts
run-parts -v –-test /etc/cron.hourly

But when called from cron I had a : Permission denied (publickey).

Solution :

First, trying to reproduce in cron environment with this command line (extract from there)

I finally reproduce the problem.

So I add -vvv options to my ssh connection to get more details : still not enough clue : permission is refused.

Then I decided to compare my ssh connection from bash command line :

remote-server-1@myuser > ssh -vvv remote-server-2

What a surprise :

- it uses my personal key to connect to remote-server-2 instead of remote-server-1 key !

- my personal key is deployed on remote-server-1 and remote-server-2

So when I run the connection, it works because it uses my personal key but when ran from cron environment it uses remote-server-1 key and this one was not declared on remote-server-2.

SSH is able to use your connection key in priority to try to connect to another server...

 

 

 

Jmeter POST without paramter name and multipart header missing

Rédigé par gorki Aucun commentaire

Problem :

I was looking why my multipart header was not sent when suddendly, JMeter sends my POST HTTP request in a raw format.

Although I have in my GUI HTTP Request sampler a normal list of parameters : param1=value1, etc..., it sends

param1param2

 

Solution :

No solution on google, but it was "simple" : in my default HTTP Request, I changed the sheet "parameters" to "body data", even if the both was empty it was sufficient to invite chaos...

The first problem was that my Multipartform-data header was not sent : because a default one was set on default HTTP Header...

End of day....

 

 

PEER_DNS=no on debian or how to prevent a specific DHCP interface to update the DNS

Rédigé par gorki Aucun commentaire

Problem :

On Debian, do not update resolv.conf (DNS) when we have multiple DHCP network interfaces.

Solution :

A first link : Never update resolv.conf with DHCP client

But we don't want to never update, but sometimes update...

On Redhat families it's simple (see the previous link) : PEERDNS=NO on the right interfaces

On Debian families.... let's use the hook as suggested :

Create hook to avoid /etc/resolv.conf file update

You need to create /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate file under Debian / Ubuntu Linux:
# vi /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate
Append following code:

#!/bin/sh
make_resolv_conf()
{ : }

OK, but the hook prevent ALL interfaces to update resolv.conf, the idea :

  1. in the hook test the interface name
  2. if one authorized, call the original make_resolv_conf
  3. otherwise to nothing

In bash it's not easy to have multiple function with the same name, but thanks stackoverlow !:

#!/bin/bash


# copies function named $1 to name $2
copy_function() {
    declare -F $1 > /dev/null || return 1
    eval "$(echo "${2}()"; declare -f ${1} | tail -n +2)"
}

# Import the original make_resolv_conf
# Normally useless, hooks are called after make_resolv_conf declaration
# . /sbin/dhclient-script

copy_function make_resolv_conf orignal_make_resolv_conf

make_resolv_conf() {
        if [ ${interface} = "auhtorizedInterface" ] ; then
                original_make_resolv_conf
        fi
}

Update :

The previous solution is not working...  declare is not known by sh/dash and the script is run by sh/dash. So the copy function is not possible.

Ideas :

  • copy make_resolv_conf in this file under original_make_resolv_conf : it works, but ugly due to security patch not handled
  • use 2 hooks : one enter : save resolv.conf, one on exit : restore resolv.conf if ${interface} is not authorized
  • try to extract make_resolv_conf from /sbin/dhclient-script : not so easy...

Best solution, the two hooks, it's a pity :) I like the copy_functions :) :

# vi /etc/dhcp3/dhclient-enter-hooks.d/selectdns-enter

#!/bin/sh

cp /etc/resolv.conf /tmp/resolv.conf.${interface}

# vi /etc/dhcp3/dhclient-exit-hooks.d/selectdns-exit

#/bin/sh

if [ ${interface} = "auhtorizedInterface" ] ; then
       echo "${interface} not authorized"
       cp /tmp/resolv.conf.${interface} /etc/resolv.conf
fi

 

Bash and SSH completion with Include directive

Rédigé par gorki Aucun commentaire

Problem :

I use bash as shell and usually the autocompletion (with bash-completion) works well.

Until I create some Include files...

Solution :

Not a final one for every one, but a quick workaround is :

  1. put your Include file in a directory, for example : ~/ssh/config.d
  2. add those config file in bash_completion configuration.
sudo vi /usr/share/bash-completion/bash_completion

// Add your directory in the config file list

for i in /etc/ssh/ssh_config ~/.ssh/config ~/.ssh/config.d/* ~/.ssh2/config; do
    [[ -r $i ]] && config+=( "$i" )
done

That's all folks.

Copier une VM facilement sous ESX

Rédigé par gorki Aucun commentaire

Le problème :

Un petit souci de gestion de VM sous VMWare ESX 5.

Alors oui je sais, normalement on fait du Ansible, Stack, Puppet pour les anciens pas si anciens.

Mais dans mon cas, je duplique 1 VM par an et je n'ai pas forcément ces outils à disposition au moment de le faire.

Solution :

Assez simple à faire si la VM est bien pensée au départ (windows ou linux) :

  • un disque système
  • un disque par user (oracle, myuser,...)

Donc la marche à suivre :

  1. on se loggue en ssh sur l'ESX
  2. on va dans le répertoire des images : /vmfs/xxxx
  3. on duplique la VM en copiant le répertoire dans un nouveau (la VM a été préalablement arrêtée)
  4. dans le nouveau répertoire :
    1. on a les fichiers disques (*vmdk, *-flat.vmdk)
    2. on a le descripteur de VM (vmx, vmxf, vmxd, nvram)
    3. on renomme les fichiers descripteurs avec le nouveau nom
    4. on modifie dans les fichiers descripteurs les références à l'ancien nom
    5. on install la VM

Exemple de références :

// Fichier vmxf (référence au fichier vmx) : 

<vmxPathName type="string">oldvm.vmx</vmxPathName>


// Fichier vmx : 
// propriété qui peut-être supprimé : 
sched.swap.derivedName

// à modifier : 
extendedConfigFile="oldvm.vmxf"

// si les noms des disques sont en absolus, pensez-y, en relatif, pas de soucis

Dans l'exploration du stockage :

  1. sélectionner le fichier vmx
  2. installer
  3. ouvrir la console et lancer la VM
  4. cliquer sur "je l'ai copié"

 

Ensuite vu que c'est une VM copiée, modifer dans la VM (une fois lancée) :

  1. le hostname
  2. l'IP si pas de DHCP
    1. attention aux programmes qui peuvent utiliser l'IP externe (listener oracle par exemple)
  3. sous linux : le routage (/etc/hosts)
  4. sous linux : le montage des disques si l'UID a changé et qu'il n'est pas autodécté : (/etc/fstab)

 

 

Fil RSS des articles