Wednesday, May 26, 2010

telnet is fine, but ssh is better

on your hp procurve switch cli:
# configure terminal

(config)# crypto key generate ssh
          will generate host key (rsa)

(config)# ip ssh
          will enable ssh server daemon
          * nb: by default, if a password is not set, then ssh root@switch will
          function... sans password 

(config)# no telnet-server
          adeus telnet...

(config)# write memory
once done, this also means that one may no longer use free HP OpenManage switch tools to configure the switches.

Thursday, May 20, 2010

sophos sometimes fails and has enterprise console problems

if when updating a CID or downloading a new package, the following message appears:
"There is a task currently being executed.  Please, wait until the task is 
finished, before starting a new task."
the culprit is usually that a download or change has stalled and sophos is unable to honor the request. unfortunately, there is not a corresponding error message in the sophos or system event log.

to right sophos, do the following, per sophos technical support:
"Close down the consoles on your server, the open your Task Manager and click on 
Processes.  On that list kill the DLLLOADER.EXE process.  Next go into services and 
restart the 'Sophos Enterprise Manager Scheduler service.'  Now go into EmLibrary 
and change your parent and it should take this time."

Monday, May 17, 2010

who or what perpetually changes directory names on my public nfs export

i sure hate it when people move or delete stuff on nfs exports. sure, root isn't squashed and half a dozen people need to work on the same thing. so, as opposed to breaking everyone's fingers, i can focus on just one.

place this snippet of code someplace useful and crontab it to run before EOD; just make sure you have perl, tcpdump & bzip installed. in crontab, make sure you have the script's path in the PATH statement.

if you were fancy, you could do something with logrotate or maybe even pipe it off to splunk. if you were fancy.

crontab entry
50 23 * * *   root    /usr/local/bin/nfs-remove-mon

nfs-mon-script
#!/usr/bin/perl

$PIDFILE = "/var/run/nfs-remove-mon.pid";
$LOGFILE_BASE = "/var/log/nfs-remove-mon";
$EXIT = 0;
$SIG{CHLD} = IGNORE;

if ( -e $PIDFILE ) {
        $PID = `cat $PIDFILE`;
        `kill -HUP $PID`;
        $DATE=`date +%F`;
        chomp $DATE;
        unlink "$LOGFILE_BASE.$DATE.log";
        unlink "$LOGFILE_BASE.$DATE.log.bz2";
        rename "$LOGFILE_BASE.log", "$LOGFILE_BASE.$DATE.log";
        unless (fork()) {
                sleep 5;
                `bzip2 -9 $LOGFILE_BASE.$DATE.log`;
                exit;
        }
}

open PID, ">$PIDFILE";
print PID $$;
close PID;

open LOG, ">$LOGFILE_BASE.log";
$STDOUT = select LOG;
$|=1;
select $STDOUT;

open TCPDUMP, "tcpdump -vvvvvv -l -i any -s 0 tcp 2>/dev/null |";
$STDOUT = select TCPDUMP;
$|=1;
select $STDOUT;

$SIG{HUP} = sub { $EXIT = 1; };

while ($line = < tcpdump >) {
        if ($line =~ /remove/) {
                print LOG $line;
        }
        last if $EXIT;
}

close TCPDUMP;
close LOG;

Monday, May 10, 2010

solaris 10, your mounts are hanging

On Solaris10 machines, eventhough, 

mount -o vers=3 host:/remotedir /localdir

Is specified, the NFS client will not properly mount the NFS share; in automounter
it will not show up, or "not owner" error message will appear when manaully 
mounting.

To resolve the issue, set NFS version to be compatible with earlier version of NFS 
by forcing nfs-version 3 for clients:

Edit /etc/default/nfs - change NFS_CLIENT_VERSMAX=3

Restart nfs client:
svcadm restart nfs/client 

test example:
mount -F nfs -o rw,vers=3 server:/export /tmp/import/

Restart automounter by issuing:
automount

Friday, May 7, 2010

solaris 10, why don't you unzip nicely?

so, i try to unzip an archive, provided to me by sun, and i get the joyous:
didn't find end-of-central-dir signature at end of central dir
that's sort of evil. what to do?
go to a linux box and...
$ unzip -q 10_Recommended.zip
$ tar cf - 10_Recommended | gzip > 10_Recommended.tgz
and then scp that junk over and use tar xvfz on that bad sun box. if you see this:
tar: ././@LongLink: typeflag 'L' not recognized, converting to regular file
oops. just use your friend:
/usr/sfw/bin/gtar
or! just use the -format ustar when creating the tarball.
or! just scp over the unzipped directory and burn some candles or something.