SysAdmin1138: Systemd dependencies

2018/05/08

There is a lot of hate around Systemd in unixy circles. Like, a lot . There are many reasons for this, a short list: For some reason they felt the need to reimplement daemons that have existed for years. And are finding the same kinds of bugs those older daemons found and squashed over a decade ago.

Source: SysAdmin1138: Systemd dependencies

Advertisements

Useful man pages in your browser

2017/12/21

A new useful *nix tool popped up in my Twitter timeline a while back.

http://tldr.sh/

Lede says Simplified and community-driven man pages and it does what it says on the tin.

If you’re a *nix admin you know the drill of looking up man pages for *nix tools. You’re solving some problem and need to grok an *nix command options and/or refer to a sample of how the tool is used. man {toolname} is the way to do it.

Frequently though the result is usually page and pages of esoteric information about the tool most of which you will never learn and will take you a lot of time to wrap your brain around. Sometimes there will be examples, waaay at the bottom of the page and often those usage examples are pretty light on information.

This is where http://tldr.sh/ comes in. Put your *nix tool name into the sample at https://tldr.ostera.io/ and it will display useful help. Example: https://tldr.ostera.io/tar

But it doesn’t end there. The page also has many community contributed clients. Scroll down the page at http://tldr.sh/ for the full list.

My favourite use of it is to add the https://tldr.ostera.io/ as a search provider in your browser. Chrome in my case. Open your Chrome settings and add a search engine with the config as below.

Screen Shot 2017-12-21 at 11.36.16

Now, in any search bar in Chrome you can type tldr {toolname} eg tldr tar and it will display the results right there for you. A convenient way to get useful information about *nix tools.


JIRA, Confluence and Lets Encrypt

2017/02/17

I recently had to move a JIRA and Confluence environment to a new infrastructure stack. During the move, we also changed the TLS Certificates and instead of using one of the paid-for incumbents we decided to give Lets Encrypt a go.

Everything with the migration went smoothly. The first hurdle we hit was when we were checking the Application Integration between the two systems. The integration wasnt functioning and no amount of delete, change, recreate would fix it. The admin pages in JIRA and Confluence were both reporting SSL errors. When I dug into the actual Tomcat logs for each instance, the following errors were appearing:

Confluence:

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException
: unable to find valid certification path to requested target

JIRA:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification
path to requested target

Some quick googlephoo found a few items on the internet about this, not specific to JIRA and Confluence though.

ttps://community.letsencrypt.org/t/will-the-cross-root-cover-trust-by-the-default-list-in-the-jdk-jre/134/3

http://stackoverflow.com/questions/34110426/does-java-support-lets-encrypt-certificates

The root cause of the problem is that the JRE thats included with our version JIRA and Confluence is too old and doesn’t include the Lets Encrypt root keychain in its included keystore. The above articles had references and code snippets to help get the Lets Encrypt certificates into the JRE keystore but they were all very ugly.

Its worth mentioning that Oracle JAVA JRE 1.8.0_101 DOES include the Lets Encrypt certificates.

Options at this point were:

  • Find a way to get the required certificates into the JRE keystore (the CLI method to do this is described in the Lets Encrypt community post above).
  • Install a new JRE on the servers and make JIRA and Confluence work with that. Most likely putting us out of support with Atlassian.
  • Find out if current JIRA and Confluence include the required JRE version and then upgrade JIRA and Confluence. This would need another round of testing to properly do the upgrade.

Moving to unsupported configuration was undesirable and I didnt have the time to properly dive into a new round of testing to see if newer JIRA and Confluence had the required JRE version. I did look for some detail on the Atlassian pages to determine the answer to this and wasn’t able to locate anything.

What I did find on an Atlassian page was this article https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html which shows how to use a free JIRA and Confluence plugin to get third party root certificates into the JRE keystore using a simple web page GUI. Some small CLI steps (a cp) are still required after the plug-in does its thing but it does make the fix less likely to fail.

Recommended.


Introduction to strace | The Road to Elysium

2016/12/05

HT to @patickkelso for this. Adding to the stash for future reference.

Source: Introduction to strace | The Road to Elysium


Internet Performance Measurement Tools

2016/11/23

This post contains a catalogue of useful Internet performance testing tools.

ICSI Netalyzr

http://netalyzr.icsi.berkeley.edu/cli.html

sivel/speedtest-cli: Command line interface for testing internet bandwidth using speedtest.net

A nifty tool for the CLI jockeys to test the internet performance of their machine.

speedtest-cli – Command line interface for testing internet bandwidth using speedtest.net

Source: sivel/speedtest-cli: Command line interface for testing internet bandwidth using speedtest.net


Combining PTP with NTP to Get the Best of Both Worlds – Red Hat Enterprise Linux Blog

2016/11/10

There are two supported protocols in Red Hat Enterprise Linux for synchronization of computer clocks over a network. The older and more well-known protocol is the Network Time Protocol (NTP). In it…

Source: Combining PTP with NTP to Get the Best of Both Worlds – Red Hat Enterprise Linux Blog

 


Install vSphere CLI on Ubuntu 14.04 LTS

2016/01/07

ARGGGH. What a painful experience this was.

Mainly due to unresolved dependancies in the vmware-install.pl script.

After a half a day shaving this yak, the method to fix the dependancies is:

sudo apt-get install libxml-libxml-perl libdevel-stacktrace-perl libclass-data-inheritable-perl libconvert-asn1-perl libcrypt-openssl-rsa-perl libcrypt-x509-perl libexception-class-perl libarchive-zip-perl libpath-class-perl libtry-tiny-perl libclass-methodmaker-perl libdata-dump-perl libnet-inet6glue-perl

Lastly, you need to install UUID and UUID::Random from CPAN. There doesnt appear to be suitable packages in 14.04.

  • install cpan (find your own link to an article on doing this on Ubuntu)
  • Then:
perl -MCPAN -e 'install UUID'
perl -MCPAN -e 'install UUID::Random'

You can then run your vmware-install.pl.