Author: Marquis, Dylan

http://www.infoworld.com/print/195144

…You might be eager to relinquish responsibility of a cranky infrastructure component and push the headaches to a cloud vendor, but in reality you aren’t doing that at all. Instead, you’re adding another avenue for the blame to follow. The end result of a catastrophic failure or data loss event is exactly the same whether you own the service or contract it out. The difference is you can’t do anything about it directly. You jump out of the plane and hope that whoever packed your parachute knew what he or she was doing….

Patch those MySQL Servers!

Posted on June 11, 2012 by Marquis, Dylan

SANS: Exploit Available for Trivial MySQL Password Bypass

The Hacker News: CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability

Using the UITS SSH Gateway

Posted on June 9, 2012 by Marquis, Dylan

Adding the following to your ~/.ssh/config will cause all SSH access to servers named *.uits.uconn.edu to hop through ssh.uits.uconn.edu, authenticating as your NetID. Note that if you have kinit’d as <NETID>/admin, or if you have copied your public SSH key to ssh.uits.uconn.edu and are using ssh-agent, this will be transparent.

Host ssh.uits.uconn.edu
    ProxyCommand none

Host *.uits.uconn.edu
    ProxyCommand ssh -A <NETID>@ssh.uits.uconn.edu exec nc %h %p

MySQLi

Posted on June 5, 2012 by Marquis, Dylan

MySQLi (MySQL Improved) has many advantages over the older PHP MySQL driver. It takes advantage the newer features built into MySQL 4.1.3 and newer. Below are some simple examples of basic MySQL functions (SELECT, INSERT, UPDATE and DELETE).

SELECT

$mysqli = new mysqli('$server', '$user', '$pass', '$db');
if (mysqli_connect_errno())
        {
        printf ("Connect failed: %sn", mysqli_connect_error());
        exit();
        }

$query = 'SELECT first_name, last_name FROM table WHERE id=?';

if ($stmt = $mysqli->prepare($query))
        {
        $stmt->bind_param('s', $param);
        $stmt->execute();
        $stmt->bind_result($first_name, $last_name);
        while($stmt->fetch())
        {
        	echo 'Your name is' . $first_name . $last_name;
        }
        $stmt->close();
        }
$mysqli->close();

//id=? in query statement denotes that the ? will be defined in bind_param
//'s' in bind_param is the data type
		#i - interger
		#d - double
		#s - string
		#b - blob (will be sent in packets)

UPDATE

$mysqli = new mysqli('$server', '$user', '$pass', '$db');
if (mysqli_connect_errno())
        {
        printf ("Connect failed: %sn", mysqli_connect_error());
        exit();
        }
$query = 'UPDATE dfunct_dynamic SET title=?, description=?, code=? WHERE id=?';
if ($stmt = $mysqli->prepare($query))
        {
        $stmt->bind_param("sssi", $title, $description, $code, $id);
        $stmt->execute();
        $stmt->close();
        }
$mysqli->close();

INSERT

$mysqli = new mysqli('$server', '$user', '$pass', '$db');
if (mysqli_connect_errno())
        {
        printf ("Connect failed: %sn", mysqli_connect_error());
        exit();
        }
$query = 'INSERT INTO table (first_name, last_name, title) VALUES (?, ?, ?)';
if ($stmt = $mysqli->prepare($query))
        {
        $stmt->bind_param("ssss", $first_name, $ last_name, $title);
        $stmt->execute();
        $stmt->close();
        }
$mysqli->close();

DELETE

$mysqli = new mysqli('$server', '$user', '$pass', '$db');
if (mysqli_connect_errno())
        {
        printf ("Connect failed: %sn", mysqli_connect_error());
        exit();
        }
$query = 'DELETE from dfunct_dynamic WHERE id=?';
if ($stmt = $mysqli->prepare($query))
        {
        $stmt->bind_param("i", $id);
        $stmt->execute();
        $stmt->close();
        }
$mysqli->close();

UCARP and Squeeze

Posted on September 10, 2011 by Marquis, Dylan

IP fault tolerance on Debian Squeeze couldn’t be easier than with UCARP!:

Install UCARP on all nodes:
```
apt-get install ucarp
```

Edit /etc/network/interfaces on all nodes, replacing <CLUSTER IP> and <PASSWORD> as appropriate:

iface eth0 inet static
...
ucarp-vid 3
ucarp-vip <CLUSTER IP>
ucarp-password <PASSWORD>
ucarp-xparam -n
iface eth0:ucarp inet static
address <CLUSTER IP>
netmask 255.255.255.255

Reboot, and you’re done! <CLUSTER IP> will now be available from one of the nodes in your cluster at all times!

A few notes:

All nodes in your UCARP cluster must be in the same subnet, and the shared cluster IP must also be in the same subnet.
UCARP does not do cluster resource management for you, but it does provide hooks. You will need to write some scripts to handle unmounting/mounting of shared storage, etc.
UCARP does not detect service failures, only whole-host (or IP stack) failures. But if you can detect the failure, simply send SIGUSR2 to the ucarp process to force into passive mode, forcing another node to become master.

All-in-all, about as simple and sufficient as one can get!

GitHub

Posted on July 6, 2011 by Marquis, Dylan

Whelp, I’ve gone and done it — my first Git project, hosted at GitHub. I’ve used Subversion quite a bit, but this is my first foray into the world of DVCS.

Aside from the solid technology, the benefits of DVCS, the functionality of the GitHub platform … the GitHub Bootcamp and Help pages really sold me. The folks at GitHub really know how to ease the transition for new members. Great job, Hubbernauts!

Convert Dropbox’s Ubuntu package for Squeeze

Posted on April 17, 2011 by Marquis, Dylan

The Dropbox Ubuntu package almost works on Debian Squeeze … except for one dependency with a numbering scheme that differs between Ubuntu and Debian. Here is a quick script that extracts the package, corrects the one dependency in DEBIAN/control, and repackages, leaving a new .deb suitable for Squeeze.

convertDropbox4Squeeze:

#!/bin/sh
if [ $# -ne 1 ]; then
	echo "Usage: $0" 'nautilus-dropbox_$version_$arch.deb'
	exit 1
fi
DIR=`mktemp --directory`
mkdir -p $DIR/DEBIAN
dpkg-deb -x $1 $DIR/
dpkg-deb -e $1 $DIR/DEBIAN/
sed -i s/'libnautilus-extension1 (>= 1:2.22.2)'/'libnautilus-extension1 (>= 2.22.2)'/ ${DIR}/DEBIAN/control
dpkg-deb -b $DIR  ${1%.*}_squeeze.deb
rm -rf $DIR

Just download the .deb from the Dropbox site, then run

./convertDropbox4Squeeze nautilus_dropbox.......deb

And then just install the newly created nautilus_dropbx….squeeze.deb .

Squeeze is coming!

Posted on January 22, 2011 by Marquis, Dylan

Linux Management and Monitoring: Zabbix + Puppet ?!?

Posted on December 31, 2010 by Marquis, Dylan

I’ve spent a good part of this week evaluating various solutions for monitoring and managing Linux servers. There are many solutions that meet some of the needs, but I have not found a single product that does everything I need. Without going into significant detail, here are my needs:

Simple service up/down monitoring and alerting
Detailed metrics for disk, CPU, memory, network, etc
Storage and graphing of historical data
Flexible creation of custom monitors, triggers, etc.
Significant pre-configured monitors, triggers, etc.
Deployment/upgrade/removal of packages
Configuration management
Inventory of hardware/software
Rich access control to satisfy various distributed administration and audit requirements
*ALL* functionality exposed by web interface
Inexpensive, preferably open source
Able to scale to several hundred, maybe thousands of Linux servers – and possibly even Windows servers.
Should be developed in a language I know so I can modify myself – (C, Perl, Python, Java)
Should run on Debian, though it does not need to be in the repo.

Candidate solutions:

Nagios
OCS-Inventory
Hyperic
Puppet
Zabbix

Conclusion:

Nothing definitive yet, but I’m narrowing in on a combination of Zabbix and Puppet. I am still looking for something to automate the collection of inventory data, but I think this could be done using the Zabbix API to populate the Zabbix inventory (which is otherwise a manual process).

LazyWeb – any opinions?

UITS Linux Team