This will be short and sweet.
When you want to
apt-get install package
and you don't want to get prompted for values, etc, just add the following the front of your shell:
export DEBIAN_FRONTEND=noninteractive
Poof. Magic.
Thursday, January 27, 2011
Sunday, January 2, 2011
Grepping out comments and blank lines
One thing we commonly see in open-source configs is an abundance of helpful comments. Often, they dwarf the number of active parameters being set and that can make things very hard to read.
file - a stand in for whatever conf you're digging through
In the blessed world of unix, there is an easy solution to this: you simply use grep to remove those lines from a listing of the contents of the file.
First, grep out the comments:
grep -v \# file
Usually, that will leave you with a lot of unnecessary whitespace, as well. So just pipe that output through an enhanced grep and filter for blank lines:
grep -v \# file | egrep -v "^$"
To clarify the above, here's a break down of each component:
grep - self explanatory
-v - tells grep to remove what matches rather than show it
\ - tells the shell the special character # is to be passed to the process without interpretation
# - the near-universal symbol for "comment" in config-ese
| - a pipe. Tells the shell to send the output of what's to the left of the pipe to what's on its right
egrep - grep with extended regular expressions (a sophisticated text manipulation language)
-v - telling egrep to remove the matches
"" - passing what's inside to grep without shell interpretation
^ - Means "the start of the line"
$ - Means "the end of the line"
So what you're telling it, in essence, is the following:
- Read the contents of file
- Remove all lines with "#"
- Pass the result to egrep
- Egrep: remove all lines which begin and immediately end (ie, a blank line) and output the result
This is one of those little tricks that goes a long way to simplifying interactions with Unix hosts and it's actually the first thing I do when I go to read any new service's default config.
Hope it helps.
Monday, October 25, 2010
Subversion Set Up
In a nutshell, ssh to the host and run
su
apt-get install subversion
exit
Then, as your own user, run
svnadmin create [repository name]
Note that if you want to share this repository with other users, you should create a group you will all share and create a special directory that you will give the group full RW access to.
For instance:
groupadd svn
[add your users to the svn group in /etc/groups]
su - [yourself]
groups
You should see "svn" listed.
It's important to remember that even though the group has RW access to your new directory, they won't have access to the repository by default. So give it to them explicitly:
chown -R .svn [repo]
chmod -R g+rw [repo]
Now have your users do a checkout with their ssh accounts:
svn co svn+ssh://[user]@[ip]/path/to/repo
(They'll be prompted for their password twice.)
or
svn co file:///path/to/repo
on the same host.
And a commit
svn commit
(Make sure everyone's commenting their commits)
If you see this:
svn: Can't open file '/home/svn/res/db/txn-current-lock': Permission denied
Make sure they're logged in as the appropriate group and that the perms are correct.
Thursday, September 2, 2010
File Encryption with OpenSSL
If you're like me, you're occasionally forced to mail some pretty sensitive things around. When that happens, it's not enough to say "Well, I deleted the message." The message is still in your trash, on a server's disk, etc, etc. You need to assume someone WILL get ahold of it and take measures to prevent them from doing anything with it.
My personal favorite (since it can be used in any situation) is the openssl file encryption capability. The openssl package is almost universally installed by default in distros these days, so you should just be able to jump straight to the commands.
In this case, I've got a file called "spreadsheet.xls" that I want to password encrypt. The syntax is simply this:
openssl aes-256-cbc -a -salt -in spreadsheet.xls -out spreadsheet.xls.enc
Then just supply the password you want to use.
And when you want to decrypt it, just add the '-d' switch and flip the filenames:
openssl aes-256-cbc -d -a -in spreadsheet.xls.enc -out spreadsheet.xls
And use your password.
Just like that, you've got munition-grade encryption from the command-line.
Enjoy
My personal favorite (since it can be used in any situation) is the openssl file encryption capability. The openssl package is almost universally installed by default in distros these days, so you should just be able to jump straight to the commands.
In this case, I've got a file called "spreadsheet.xls" that I want to password encrypt. The syntax is simply this:
openssl aes-256-cbc -a -salt -in spreadsheet.xls -out spreadsheet.xls.enc
Then just supply the password you want to use.
And when you want to decrypt it, just add the '-d' switch and flip the filenames:
openssl aes-256-cbc -d -a -in spreadsheet.xls.enc -out spreadsheet.xls
And use your password.
Just like that, you've got munition-grade encryption from the command-line.
Enjoy
Saturday, August 14, 2010
Zenoss Quirks
So I ran into two really obnoxious issues that took a considerable amount of digging to resolve:
1. It was marking my apache process monitor as failed/recovered randomly and often.
2. It would not let go of misapplied process monitors that had been picked-up by overly liberal regexes. It would include:
tail -f /var/log/nginx/access.log
nginx: worker
in the nginx process monitor if I was tailing the log when I modeled the host. The problem was, after I killed the tail, the process was alerting as "Process Not Running". FOREVER. Even if I deleted and recreated the process monitor, the host, the events, everything.
In the first case, it turns out that since apache marks its process as "apache defunct" when it's shutting down a child process, Zenoss would occasionally pick this up as a live apache process. It would then mark it as "Down" after the proc terminated. The solution for this was to make my regex more specific:
apache2 \-k start
The second case was much more obnoxious because not only would the events not clear, they would return and begin alerting every time the device was recreated.
After some digging online, it seemed that the best course was to restart the zenprocess daemon.
This is best done under Settings > Daemons. You can also view the logs there (which showed the bad checks prior to the restart and nothing after).
When that's complete, re-add your device and you should be rid of the baggage.
1. It was marking my apache process monitor as failed/recovered randomly and often.
2. It would not let go of misapplied process monitors that had been picked-up by overly liberal regexes. It would include:
tail -f /var/log/nginx/access.log
nginx: worker
in the nginx process monitor if I was tailing the log when I modeled the host. The problem was, after I killed the tail, the process was alerting as "Process Not Running". FOREVER. Even if I deleted and recreated the process monitor, the host, the events, everything.
In the first case, it turns out that since apache marks its process as "apache defunct
apache2 \-k start
The second case was much more obnoxious because not only would the events not clear, they would return and begin alerting every time the device was recreated.
After some digging online, it seemed that the best course was to restart the zenprocess daemon.
This is best done under Settings > Daemons. You can also view the logs there (which showed the bad checks prior to the restart and nothing after).
When that's complete, re-add your device and you should be rid of the baggage.
Wednesday, July 28, 2010
Tethering your iPhone in Ubuntu
This is a delightfully easy one. First, add this repository and update your apt:
sudo add-apt-repository ppa:pmcenery/ppa
libimobiledevice-utils
ipheth-dkms
ipheth-utils
Restart your machine.
Turn on tethering inside your iPhone's General > Network menu.
Cable your iPhone to a USB port.
It should automatically connect. You'll see it in Network Manager.
Poof. Magic.
sudo add-apt-repository ppa:pmcenery/ppa
sudo apt-get update
Now install the following three packages (you may have to go dig for them):libimobiledevice-utils
ipheth-dkms
ipheth-utils
Restart your machine.
Turn on tethering inside your iPhone's General > Network menu.
Cable your iPhone to a USB port.
It should automatically connect. You'll see it in Network Manager.
Poof. Magic.
Sunday, July 25, 2010
Enabling SSH Agent Forwarding in OS X
If you use EC2, you use SSH keys.
If you're sane, you keep the private keys on your workstation and forward them through the chain of public keys throughout your hosts.
I recently started working through OS X again and found some pretty obnoxious behavior: out of the box, the ssh keys don't forward. After some digging, I found the following discussion of the subject:
http://data.agaric.com/node/3061#comment-1604
Long story short, it appears that the location of the user's home directory isn't communicated when the keys are forwarded so the agent looks in the wrong place.
The fix? Run these two on your OS X machine:
ssh-add
ssh-add -l
et voila
Try again.
Subscribe to:
Posts (Atom)