Showing posts from 2014

Encrypt one directory with password, reboots hide files

See: encfs

Plenty of guides online.

Mount read-only a Linux ext3/ext4 partition from within Mac OS
or some variation.
Might help:

OpenVPN version 2.3.2: using new easyrsa mechanism for multiple users

Server setup./easyrsa init-pkidon't do this twice! ./easyrsa build-caUser key and cert signing request on complete separate machine./easyrsa init-pkidon't do this twice! ./easyrsa gen-req myuserServer signs user cert req./easyrsa import-req myuser.req myuser./easyrsa sign-req client myuser Generate your server key and cert in a similar manner to a user.

Any client with a signed cert may connect to the server. There is no record of the client cert on the server itself; since the server signed the user cert, that is authority enough to validate the user cert.

Only if a user cert needs to be revoked, is a "revocation file" created on the server; this revocation file disallows that user from connecting. If no users need to be revoked, nothing needs to be done, nothing needs to exist about users on the server-side.

Very fast editing over sshfs

Update: this can cause some of your ssh sessions to hang, so be aware of that.

Add this to your ~/.ssh/config

  ControlMaster auto
  ControlPath /tmp/%r@%h:%p

Then, say you have root access via your ssh pub key

mkdir tmp001
sshfs -o uid=1000 tmp001

Now, the files in tmp001 map to your remote /var/www directory. And access to them uses an ssh session that is maintained in your /tmp directory, i.e. all interactions are performed over the same ssh session.

To see the tmp file, if you just opened the sshfs session in the last 10 mins

find /tmp -mmin -10 -ls

AWS cli: rework EBS volume on AMI launch: switch to SSD, "delete on termination" to true

aws ec2 run-instances --image-id ami-aaaaaa --instance-type hi1.4xlarge --security-group-ids sg-eeeeeeee --subnet-id subnet-cccccccc --block-device-mappings '[ { "DeviceName":"/dev/sdb", "VirtualName":"ephemeral0" }, { "DeviceName":"/dev/sdc", "VirtualName":"ephemeral1" }, { "DeviceName":"/dev/sdd", "Ebs": { "SnapshotId":"snap-6", "VolumeType":"gp2", …

Change graphite's default dashboard graph colors

cp -v /opt/graphite/conf/graphTemplates.conf.example /opt/graphite/conf/graphTemplates.confvi /opt/graphite/conf/graphTemplates.confchange '[default]' section to '[uggs]'change another section, e.g. '[solarized-dark]', to '[default]'reload dashboard and you should see changed colors

Ganglia on Amazon Linux (and other RedHat derivatives)

The below is for setting up unicast, not multicast. AWS does not support multicast networking.

Key concepts: gmond daemons run on every server and use C code to collect the server's stats; this data is stored in local memory. Multiple gmonds can send their data on to one central gmond to hold, call this a gmond "bank"; this "bank" also uses only memory to store the server stats. gmetad comes along and collects the data from the gmond "banks" and stores in it rrds, these are files; the web interface uses these rrd files, and it usually runs on the same server as gmetad.

Cluster name: cluster name is key in grouping data and getting it from gmond to gmond and then on to gmetad. data_source is the way gmetad find the "banks"; and, by the way, you can have redundant "banks" for one cluster data_source.

Getting rid of multicast settings: comment out all references to multicast: bind_hostname, mcast_join, bind. Comment them all out.

UDP vs T…

Latest graphite on Amazon Linux at AWS

NOTE: someone broke master branch, so reverting to 0.9.x
yum update -y;reboot yum -y groupinstall "Development Tools" yum -y install git-core python-pip mlocateyum -y install python-rrdtool pycairo-devel mkdir -p /root/graphite-installcd /root/graphite-installgit clone clone clone clone /root/graphite-install/whispergit checkout 0.9.x python installcd /root/graphite-install/ceres# only has master branch, but it works with others pip install -r requirements.txtpython installcd /root/graphite-install/carbongit checkout 0.9.x pip install -r requirements.txtpython installcd /root/graphite-install/graphite-webgit checkout 0.9.x yum install libffi-devel -y # some developer broke things, add thispip install -r requirements.txtpython check-dependencies.pypyth…

MacBook Pro Retina display on Ubuntu not working, which package to install

sudo apt-get install nvidia-331

OpenVPN: push all LAN traffic through an OpenVPN client to the other side

Local variables for this post, adjust to fit your setup:OpenVPN client server IP192.168.1.200Remote network172.16.1.0/24Add this to the client server that is using OpenVPN to connect to the remote server: sudo iptables -A POSTROUTING -o tun0 -j MASQUERADEas root user, doecho 1 > /proc/sys/net/ipv4/ip_forward Add this to your local computer Linux: ip route add via -n add Now, you should be able to ping from your local computer, through the client machine, and to a server in the remote network. Once that works, try ssh.

NOTE: take a look at /etc/sysctl.conf if you want the ip_forward to last through reboots of client server: net.ipv4.ip_forward=1

rebuild rpm

rpmrebuild -e -n -p myrpm.rpm

unbound: default to Google's DNS

       name: "."

unbound: custom records

        verbosity: 1
        access-control: allow

        local-zone: "mydomain.internal" static
        local-data: "app01.mydomain.internal          IN A"
        local-data: "app02.mydomain.internal          IN A"
        local-data: "biggie01.mydomain.internal       IN A"
        local-data: "mysql01.mydomain.internal        IN A"
        local-data: "mysql02.mydomain.internal        IN A"
        local-data: "apache01.mydomain.internal       IN A"

Zenoss: CLI discovery and remodel

Become zenoss user 1st su - zenoss  Remodel a bunch for i in server1 server2 server3;do zenmodeler run --now -d $i;done
Discover a bunch for i in server1 server2 server3;do zendisc run --deviceclass=/Server/Linux --device=$i;done

Thunderbird version 24.x.y: message layout

I'm pretty certain this is impossible to find.
Preferences -> Layout -> Classic/Wide/Vertical View


creategpg --gen-keyif entropy taking too longsudo apt-get install rng-toolsnote your key ID from output pub   4096R/B110C232 2014-04-23here it is: B110C232 pushgpg --send-keys --keyserver B110C232replace B110C232 with the key ID output from abovemore to come

Puppet 3.1.1 using Ruby 1.9.3 on Amazon Linux

UPDATE: Amazon Linux is now on Ruby 2.x, so below is DEPRECATED for new Amazon Linux images. But parts may be useful.
yum -y remove rubyyum -y install ruby19gem install --no-rdoc --no-ri puppet --version=3.1.1  /usr/local/bin/puppet -Vadd /usr/local/bin to $PATH of users that need it vi /usr/local/share/gems1.9/gems/facter-1.7.5/lib/facter/ec2.rbchange line 28 to:if (Facter::Util::EC2.can_connect?)Reference: line 28 is much longer  If you manage user passwords with Puppet
yum -y install ruby19-develyum -y groupinstall "Developer Tools"gem install --no-rdoc --no-ri ruby-shadow

Change email contents display font size of Thunderbird

Thunderbird email contents display appears to act similarly to a web brower, so hitting Ctrl and the '-'/'+' signs shrinks/enlarges the font size.

Note: this is not explained anywhere, and the preferences all change a different setting, AFAIK

MacBook and Openbox: mimic keyboard shortcut Cmd-tab application switcher

<keybind key="W-Tab">
      <action name="NextWindow">
          <action name="Focus"/>
          <action name="Raise"/>
          <action name="Unshade"/>
    <keybind key="W-S-Tab">
      <action name="PreviousWindow">
          <action name="Focus"/>
          <action name="Raise"/>
          <action name="Unshade"/>

Macbook Air and Openbox: copy the Spotlight(TM) keyboard shortcut

<keybind key="W-space">
      <action name="Execute">

apt-get install suckless-tools

LXC and Puppet dev env in 60 seconds

lxc-create -n puppetmaster01 -t debianlxc-create -n puppetclient01 -t debian/etc/default/lxc-netfind subnet defined by LXC_NETWORKvi /var/lib/lxc/puppetmaster01/configadd ip addr ending in .100 to subnetfor example, = /var/lib/lxc/puppetclient01/configadd ip add ending in .101 to subnetfor example, = -d -n puppetmaster01don't forget the "-d" or you'll be stuck in tty sessionlxc-start -d -n puppetclient01lxc-attach -n puppetmasterapt-get install puppetmasterlxc-attach -n puppetclient01apt-get install puppetvi /etc/hosts and add entry "puppet" to point at pmaster WARNING: for distro "saucy" as your container/host system, dnsmasq is broken, vms can not get DHCP IP address from dnsmasq. To attempt to fix, try:
sudo iptables -t mangle -A POSTROUTING -o lxcbr0 -p udp --dport bootpc -j CHECKSUM --checksum-fillrefresh vm IPstop and start vm, or kill existing dhclient process on vm, an…

Macbook Air and Openbox: Raise/Lower Volume, Up/Down Brightness

<keybind key="XF86KbdBrightnessUp">
      <action name="Execute">
        <command>xbacklight +10</command>
    <keybind key="XF86KbdBrightnessDown">
      <action name="Execute">
        <command>xbacklight -10</command>
    <keybind key="XF86AudioRaiseVolume">
      <action name="Execute">
        <command>amixer -c 0 set Master 2dB+</command>
    <keybind key="XF86AudioLowerVolume">
      <action name="Execute">
        <command>amixer -c 0 set Master 2dB-</command>