Kus’ Blog

New job, new problems, new hacks! The next hack tries to take all the juice from linux’s pipes.

The task which I had to do was a database migration, from one mysql server to another one. The first problem were different versions, so hot copy wasn’t an option (actually few times is an option, unless it’s not in production ;)). The next big issue, were the size of the data, its big, really big (from my point of view) some DB reach 800M, for me is big enough to be a big problem

Mysqldump + mysql but this is good for 2 DB? I wanted to be selective in which DB to migrate, plus data should travel encrypted and transfer should delay as minimum as possible.

The script I got is this one (showing main loop, what’s interesting):

for db in `cat sm2-hf-dbs-kk.txt`
do
echo "Creant database a ${remote_sql}..."
ssh $remote_sql "echo \"create database if not exists ${db}\" | mysql -u ${db_user_rw} -p${db_pass_rw}"
echo "Fet"
echo "Donant permisos sobre la BD a rw..."
ssh $remote_sql "echo \"grant select, insert, update, lock tables, create, drop, alter on *.* to '${db_user_rw}'@'localhost';flush privileges\" | mysql -u ${remote_admin} -p${remote_admin_pass}"
echo "Fet"
echo "Fent dump gzipat i enviant a ${remote_sql}"
mysqldump --single-transaction -u ${db_user_r} -p${db_pass_r} ${db} | gzip | ssh $remote_sql "gunzip - | mysql -u ${db_user_rw} -p${db_pass_rw} ${db}"
echo "Fet"
done

The new server was empty, so we first ssh to it and from there we create a database. The next step was to give perms over the new db… I see now it can be done in one single line.

After this comes the magic. The script makes a dump of the db, it passes through gzip, this way we dramatically improve speed over the net. This pipe stream is passed through ssh to the other server unzip the info and put into the new mysql server. Pipe Magic rules!

I prefer  ssh the machine rather than setting a tunnel because the tunnel should set before the script, this way we don’t care. The other point is that the ssh should have a valid pair of keys to access it.

That’s all folks! Hope this enlightens someone…

While researching why the servers where overloaded I saw that some webpages where attacked/scanned from hundreds of different ips. Most of the where from Caravan Networks from Russia…

I know almost for sure that no webs pages in our servers have russian clients target so I wanted to ban them all, from their IP range. The problem was this range wasn’t trivial to get, so I did this little hack to get them.

Saddly it isn’t 100% effective but nearly 80%

First thing to get is a list of the attackers ip. In this case we got them from grepping through an apache access log.

cat /usr/local/apache/domlogs/kedume9/somedomain.com | grep "POST /web/ht" | cut -f 1 -d " " | sort -u malos.txt

did the trick.

Now the nice bash thing:

#!/bin/bash
for malo in `cat malos.txt`;
do
whois $malo | grep inetnum | awk '{print $2,$3,$4}' - | xargs ipcalc | grep '/' >> ranges.tmp
done
sort -u ranges.tmp > ranges.txt

As you see we are grepping inetnum from the whois as almost all ips showed the same information. This is a point of failure as it’s really possible that an ip range would have been marked in another fashion, as NetRange:. You will have to manually look for error in ipcalc.

Anyway, from a list of 2531 unique ips I got 33 internet ranges. Would be nice to check the origin country at this point.

Hope this helps to anyone

Recentment he tingut que fer ús d’aquesta nova eina, anomenada equivs

Resulta que en el servidor he fet una instalació  de qmailrocksi tot el qmail es compilat amb els seus patches i demés. Tot perfecte, en uns dies postejaré sobre el tema, però el problema ha vingut a l’hora d’instalar algún paquet que depengués d’algún “mail-transport-agent”. Al no instal·lar el paquet del servidor MTA a través de la paqueteria del APT no té les dependències satisfetes per aquest paquet.

Davant aquest problema i remenant una mica per google me trobat amb equivs. El que fa aquest bon programet es crear paquets ficticis per satisfer dependencies ja resoltes a priori a través d’altres métodes, i curiosament si mireu el HowTo del link solventa aquest mateix problema de dependències que he tingut.

Bé, no m’allargo més, si algú en vol saber més, que es miri el tutorial que jo tot just l’acabo de descobrir!

Most of us while troubleshooting network failures use the well known traceroute which shows the path between to network points and latency in each ‘hop’ in this path. Its really helpful in order to see where packets are dropped.

Mytraceroute introduces a dynanic way of seeing the path information and allowing us a quick shot on the network problem. When using traceroute it was little hard to find which part of the network was loosing some packets packets, and not all of them; with mytraceroute you can see packet loosing as a percentage in the reporting interface.

$ mtr google.es to start it. Now MTR will start looping making a traceroute to the host choosen. What we will see is the path of the packets to destination and 2 main columns, Packets and Pings. In Packets columns you will see the % of Loss and where it happens, there you will find a faulty router ;). The Pings column gives us all the information related to time.

Time for fun. Try mtr to different servers that may be in different locations, in my ISP (Ono) I have spotted a couple of routers that are loosing packets, which impacts in the overall connection performance.

Have Fun!

Last week I upgraded my work computer to the new Feisty. Of course such an upgrade installed a new kernel and it wasn’t supported by vmware…

Today I’ve got time and I found this page (VMWare and Ubuntu Feisty) a comenteer says to apply a patch to vmware, I did it and the modules compiled well.

Just to let you know

I’ve just dicovered CSSH. This little ugly tool can be found in ubuntu, and I presume it would be found on all others.

CSSH stans for Central SSH and its meant for cluster administration. In an environment where you have quite a few servers with almost exactly the same configuration you can type any command in the main window and its typed to every host at the same time.

I’ll have to try at work, cause there I have this type of environment. At home… with two connections to the same server  its not very exciting.

Try it and give your opinion!

Fa un temps veia com el D-Link que tinc a casa per l’ADSL es penjava. El problema era en que el router no era capaç d’aguantar masses connexions a la vegada i es penjava.

Aquest router porta un linux, basat en MontaVista, en podeu veure tota la info aquí.

En aquest router s’ajunten alguns problemets de la config del kernel. Per una banda una taula NAT relativament petita i un timeout per netejar-la extremadament gran, total que la taula s’omple i peta.

He trobat uns valors força coherents a adslzone així que els aplicaré. Havia provat de canviar tan sols la mida de la taula NAT però es va acabar penjant.

L’scriptillu serà el següent:

A veure com reacciona tot plegat.

Today I was willing to listen to my music, but I have it on my iPod, the last.fm player didn’t worked and Rythmbox just sucks from my point of view. I found something new that seems its rocking the music players. The Banshee project Music Management and Playback for Gnome.

Right now I’m installing it I haven’t test it but they sell it well in their site. iPod - mp3 player integration, smart lists, last.fm plugin, internet radio and of course listen to your own music, sounds quite good.

For the installation I have follow the instructions from their Ubuntu Installation Guide just using deb http://directhex.mfgames.com/ ./ as the repository because the one they say have moved to it.

I’ll tell my experience with it later.

As you may have noticed my blog has been down for about… 4 weeks, since I started my new job there isn’t much time for my servers

The root partition’s filesysten had some errors that couldn’t be repaired with an automatic fschk and it had to be run manually. As I said untill today I couldn’t do it. Now all seem fixed although I think it may happen again.

As most of you may already know I’m working full time now so not much spare time is left for me and the ones around me, but I’m willing to finish the mythtv system I started last year, i’ll try to document it all!

Per al qui li interessi les imatges de la galeria no es creaven correctament i no es veien les noves que havia pujat. Tot era problema de la llibreria de manipulació de gràfics que usava, la GD. Es veu que pilla bastants recursos… i cla petava el límit de memòria del php.

En fi ara he activat la ImageMagick que crec què és tan agressiva amb el server.

Per fi teniu les fotos de cap d’any!! Hem falta acabar el pfc per arreglaro, com era de preveure xD