Gradew

If you’re trying to use a GFS2-XEN combo on a bridged network, you may find this post useful.

(continue reading…)

… il n’était qu’en hibernation, le bougre.
Un petit bookmark sur ce site, ladies and gentlemen! Astuces système (orienté Unix), développement Java/Android… Y’en a pour tous les goûts!

-> C’est par là

I’ve rebuilt the syslog server tool I created two years ago. That first version was just not cut out for the job.
Here’s a far more stable and efficient version. New features will come later, such as searching and filtering…

Download

Here’s a rather brutal tip that can come in handy when you administer remote servers: should you discover a process that’s gone to a D+ state – Uninterruptible Sleep – because of a blocking I/O call, how would you go about instructing the server to reboot without having to wait for all processes to terminate, since we all know that’s never gonna happen ? Even a kill -9 won’t terminate the bugger, so here’s how to bash the server’s brains for good:

echo 1 > /proc/sys/kernel/sysrq

echo b > /proc/sysrq-trigger

Needless to say you have to think twice before applying this rude trick, since it’s pretty much like yanking out the power cable (without the stress on the electronic parts). You may lose data by doing this, so make sure you’ve shut down as many daemons as possible, especially those which access block devices or sockets and files.

Need incremental backups? tar is just what you need in most cases.

Full backup of /etc: tar –create –file=full.tar –listed-incremental=snapshot.dat /etc
Incremental backup: tar –create –file=incr-01.tar –listed-incremental=snapshot.dat /etc

Here’s how it works: the option “–listed-incremental” will kindly ask tar to create a snapshot file containing all the modifications made to the files since the last backup. If the snapshot file does not exist, tar creates it and performs a full backup. Otherwise, tar will perform an incremental backup and update the snapshot file.

Crypting/decrypting a file can be done easily with OpenSSL.

First, you need to generate an RSA key pair; the public key will be used for encryption and the private one will be used to decrypt.

- Generate the keypair (2048 will be the size used in this example):
openssl genrsa -out private.key 2048
openssl rsa -pubout -in private.key -out public.key

- Encrypt the file (test.txt):
openssl rsautl -encrypt -inkey public.key -pubin -in test.txt -out test.encrypted

- Decrypt the file:
openssl rsautl -decrypt -inkey private.key -in test.encrypted -out test.decrypted

Notes:

• the size of the encrypted file will grow by a few bytes; an RSA buffer has a size of (S/8), where S is the bit size of the key. The size of an encrypted file will therefore be aligned on buffers of (S/8) bytes (e.g. 256 bytes for a 2048-bit key)
• given the pseudorandom nature of encrypted contents, an encrypted file cannot be compressed. If you wish to compress the file, do it before you encrypt it.

Here are sample C and Perl server and clients that send multicast messages and subscribe to MC groups. The interface IP used to send/received multicast data is configurable in the source itself; this is to show that we can use something else than eth0 by default.

Multicast: 225.0.0.2:1100
Client: 10.8.0.1
Server:  10.8.0.19

Note: The C server also send acknowledgement messages upon reception of a packet.

Download sources

Le besoin crée l’outil…

Surveiller les syslogs de serveurs à partir de postes client Windows armés de PuTTY, c’est bien. Avoir un client Windows permettant d’aggréger tous ces syslogs en une seule fenêtre, c’est encore mieux.

Voici donc un outil de ma création, Aurele, sous licence GPLv3 (et en anglais pour l’instant, la version multilingue arrive).

Bien entendu, pour que cela fonctionne, n’oubliez pas de reconfigurer vos /etc/syslog.conf afin qu’ils envoient leurs requêtes UDP vers votre machine Windows.

Téléchargement: Aurele v1.0

… quand ça tourne mal, ça donne quelque chose comme ça:

Pour être honnête, j’ai bien galéré avant de mettre le doigt sur un problème qui nous faisait tourner en bourrique au boulot; vous pingez une machine, c’est une autre qui vous répond… certains users voient le domaine et pas d’autres… En fait, c’est juste un routeur qui s’amuse à répondre aux requêtes ARP à la place des autres machines. A s’arracher les cheveux!!