Pages

Thursday, March 10, 2011

Nagios saga

In this post I will tell how I was frustrated by the fact of my own ignorance.I was configuaring nagios host for service check and stumbled with an error spitting out the message like below:


Name or service not known HTTP CRITICAL
- Unable to open TCP socket


I have had looked into nagios FAQ and google all over the place,but to my surprise I haven't had found any solution to this problem and of course the cause of it.Really surprised!!! Now as the great man said once "Given enough eyeball software bug can be detected", it was none other ,but Eric.S. Raymods. Anyway I was taking it easily by knowing that I was doing it correct,Yes I was regarding that configuration. But may be little bit ignorance with conf syntax.Because When I tried to look for a string in specific site I forgot to enquote it ....oooops what a shame. Any how once I checked the command line version of that perticular check and it shows the correct result. Now the command line from nagios one of conf file called command.cfg, which hold a line for checking like below:

Correct:


check_http -H yourwebsite -p portnumber -u the uri -s "the string" -t time


Wrong:

instead I was doing like below:


check_http -H yourwebsite -p portnumber -u the uri -s the string -t time


If it is a single word , then you can use that word without quote;but having space in between it will not work and throw the above error. It was a basic mistake,a string should always be quoted if that string consists with words separetad by space.

Hope this will help.

Cheers!
Bhaskar

Tuesday, March 8, 2011

How to install python related stuff through setuptools of python

In this article I will guide you through a step which might benefit you to get a better grasp of python related stuff.As I was discovering a specific piece of software and come across few thing related to python(recollecting my old day association with ZOPE).So,basically this is called "easy_install", which will help you to install python files and packages to your system.

I am running Debian Sqeeze and not have that specific tool installed on it by default.So I went ahead and installed it first like below:


bhaskar@bhaskar-laptop_13:30:23_Tue Mar 08:~> sudo apt-get install python-setuptools
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libgnomecupsui1.0-1c2a xfonts-scalable xfonts-75dpi libdmx1 xfonts-100dpi libgnomecups1.0-1
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  python-setuptools
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 221 kB of archives.
After this operation, 1,057 kB of additional disk space will be used.
Get:1 http://ftp.us.debian.org/debian/ squeeze/main python-setuptools all 0.6.14-4 [221 kB]
Fetched 221 kB in 4s (51.7 kB/s)
Selecting previously deselected package python-setuptools.
(Reading database ... 165516 files and directories currently installed.)
Unpacking python-setuptools (from .../python-setuptools_0.6.14-4_all.deb) ...
Setting up python-setuptools (0.6.14-4) ...

So the package name is python-setuptools , once is installed it will install the "easy_install" thing in your system.Now I have some file to be inflated in my system which has .egg extension and which can read and understand by python installer.For that I have followed the below steps:



bhaskar@bhaskar-laptop_13:30:51_Tue Mar 08:~> sudo /usr/bin/easy_install cssutils-0.9.7-py2.4.egg
install_dir /usr/local/lib/python2.6/dist-packages/
Processing cssutils-0.9.7-py2.4.egg
creating /usr/local/lib/python2.6/dist-packages/cssutils-0.9.7-py2.4.egg
Extracting cssutils-0.9.7-py2.4.egg to /usr/local/lib/python2.6/dist-packages
Adding cssutils 0.9.7 to easy-install.pth file
Installing csscombine script to /usr/local/bin
Installing cssparse script to /usr/local/bin
Installing csscapture script to /usr/local/bin

Installed /usr/local/lib/python2.6/dist-packages/cssutils-0.9.7-py2.4.egg
Processing dependencies for cssutils==0.9.7
Searching for cssutils==0.9.7
Reading http://pypi.python.org/simple/cssutils/
Reading http://cthedot.de/cssutils/
Reading http://code.google.com/p/cssutils/downloads/list
Best match: cssutils 0.9.7
Downloading http://pypi.python.org/packages/2.6/c/cssutils/cssutils-0.9.7-py2.6.egg#md5=6fc9ef19579645a97d3f7c028f35d54c
Processing cssutils-0.9.7-py2.6.egg
creating /usr/local/lib/python2.6/dist-packages/cssutils-0.9.7-py2.6.egg
Extracting cssutils-0.9.7-py2.6.egg to /usr/local/lib/python2.6/dist-packages
Removing cssutils 0.9.7 from easy-install.pth file
Adding cssutils 0.9.7 to easy-install.pth file
Installing csscombine script to /usr/local/bin
Installing cssparse script to /usr/local/bin
Installing csscapture script to /usr/local/bin

Installed /usr/local/lib/python2.6/dist-packages/cssutils-0.9.7-py2.6.egg
Finished processing dependencies for cssutils==0.9.7



Installing pyinotify

This is a module which helps to track file related activity on GNU/Linux system with the help of filesystems inotify modules.Here is how you can installed it:


bhaskar@bhaskar-laptop_14:52:08_Tue Mar 08:~/Downloads/wimleers-fileconveyor-207361c/code> sudo easy_install pyinotify
install_dir /usr/local/lib/python2.6/dist-packages/
Searching for pyinotify
Reading http://pypi.python.org/simple/pyinotify/
Reading http://github.com/seb-m/pyinotify
Best match: pyinotify 0.9.1
Downloading http://pypi.python.org/packages/source/p/pyinotify/pyinotify-0.9.1.tar.gz#md5=c22b12c31aeb19c387b2f1885b9b04b5
Processing pyinotify-0.9.1.tar.gz
Running pyinotify-0.9.1/setup.py -q bdist_egg --dist-dir /tmp/easy_install-H4WKcs/pyinotify-0.9.1/egg-dist-tmp-CK1S6N
WARNING: '' not a valid package name; please use only.-separated package names in setup.py
zip_safe flag not set; analyzing archive contents...
Adding pyinotify 0.9.1 to easy-install.pth file

Installed /usr/local/lib/python2.6/dist-packages/pyinotify-0.9.1-py2.6.egg
Processing dependencies for pyinotify
Finished processing dependencies for pyinotify



So you can see in the above output that how easy_install works.Like the way gem work for ruby.

Hope this will help.

Cheers!
Bhaskar

Saturday, March 5, 2011

Manage httpd/apache server through puppet

In this article I will show you that you can manage box running apache/httpd server through a configuration management software called puppet.

Being in the corporate network infrastructure will gobbles up hell lot of your invaluable time doing same thing over and over again if you are not exposed to the correct tools and obviously to correct technology.So finding the right tool and get accustomed with it is a very much required.

So I am going to give a brief snapshot of how a configuration system like puppet come to your rescue. It's a swiss army knife for any sensible person involve in infrastructure.Yes, those of you doing it for over the years might be get accustomed with cfengine(a beast,indeed!!),chef et al.

Without much ado..here we go:

I have installed puppet in my system....



bhaskar@bhaskar-laptop_10:48:20_Sat Mar 05:~> sudo genlop -t puppet
Password:
* app-admin/puppet

Wed Apr 7 07:32:45 2010 >>> app-admin/puppet-0.25.4-r1
merge time: 23 seconds.

Tue Aug 3 08:03:31 2010 >>> app-admin/puppet-0.25.5
merge time: 29 seconds.



Now the next step is to configure a service which should be maintained by puppet. I have chose to take of apache/httpd configuration file. So first thing ,we need to go to the puppet installed base dir,means where puppet put configuration and manifest files.If the manifest directory is missing then please create it.Mine look like this :


bhaskar@bhaskar-laptop_10:48:30_Sat Mar 05:~> ls -al /etc/puppet
total 24
drwxr-xr-x 3 root root 4096 Mar 5 10:09 .
drwxr-xr-x 95 root root 4096 Mar 5 09:40 ..
-rw-r--r-- 1 root root 2346 Aug 3 2010 auth.conf
-rw-r--r-- 1 root root 378 Aug 3 2010 fileserver.conf
drwxr-xr-x 3 root root 4096 Mar 5 10:10 manifests
-rw-r--r-- 1 root root 1080 Feb 19 15:11 puppet.conf


This is almost default to the puppet configuration structure.Now inside that manifest folder I have created a dir called service,which hold my service I want to check with puppet.Here is view of it:

bhaskar@bhaskar-laptop_10:59:28_Sat Mar 05:/etc/puppet/manifests/services> ll
total 4
-rw-r--r-- 1 root root 496 Apr 7 2010 apache.pp


As you can see I have created a file called apache.pp, now let me show you what it look like inside:

1 class apache {
2 package {
3 apache:
4 ensure => installed
5 }
6
7 file {
8 "httpd.conf":
9 mode => 644,
10 owner => root,
11 group => root,
12 path => "/etc/apache2/httpd.conf",
13 source => "puppet://bhaskar-laptop.localdomain/files/httpd.conf",
14 }
15
16 service {
17 apache2:
18 ensure => true,
19 enable => true,
20 subscribe => [ File["httpd.conf"], Package [apache] ],
21 }
22 }


Pretty ordinary stuff, right!! indeed because puppet authors made it easy for us ordinary mortals.But having said that a small amount of OOP(object oriented programming) not harmful at all,rather help you to understand the structure more elaborately.

Isn't that file content self explanatory,if not..like me to understand others code...bit by bit for you ;

Line 1 to 5: What essentially a class ,which hold a tag related to service,then it has variable called "ensure" which will check that the package or service installed in the system.

Line 7 to 14 : It has file section ,in which I am checking the main apache configuration file,with the permission and ownership of it.We need to mention the path where the file actually located in the system.

Line number 13 is tricky to many like me: it essentially the place from where puppet client server the files,for that we need to specify that path into a file just above level directory called fileserver.conf.And we need to copy that file that place from that original file location.Here is the visual representation of what I said above:


bhaskar@bhaskar-laptop_11:13:07_Sat Mar 05:/var/lib/puppet/files> sudo cp -v /etc/apache2/httpd.conf /var/lib/puppet/files/
`/etc/apache2/httpd.conf' -> `/var/lib/puppet/files/httpd.conf'


And the file holding the path is look like this and reside here /etc/puppet/fileserver.conf


1 # This file consists of arbitrarily named sections/modules
2 # defining where files are served from and to whom
3
4 # Define a section 'files'
5 # Adapt the allow/deny settings to your needs. Order
6 # for allow/deny does not matter, allow always takes precedence
7 # over deny
8 [files]
9 path /var/lib/puppet/files
10 # allow *.example.com
11 # deny *.evil.example.com
12 # allow 192.168.0.0/24
13 allow bhaskar-laptop



I hope I made it clear to you folks! Now the last part of the file:

Line number 16 to 20: it is a service section we are trying to monitor and manage.it said that the service should be enable and it make sure of it. And it subscribed to the package it holds and the main file related to it.

Now if you change the file permission of the apache main configuration file or changes to that file ..next time the puppetd client run it will restore back the previous conf..so bring back the sanity to the system.

Here is an example:
I am going to change the permission of the httpd.conf which has presently has this perm:


bhaskar@bhaskar-laptop_11:34:25_Sat Mar 05:~> ls -al /etc/apache2/httpd.conf
-rw-r--r-- 1 root root 6516 Jul 22 2010 /etc/apache2/httpd.conf


Now change to some thing like below:

bhaskar@bhaskar-laptop_11:36:42_Sat Mar 05:~> sudo chmod 640 /etc/apache2/httpd.conf
bhaskar@bhaskar-laptop_11:37:31_Sat Mar 05:~> ls -al /etc/apache2/httpd.conf
-rw-r----- 1 root root 6516 Jul 22 2010 /etc/apache2/httpd.conf


Now two option we have: either we wait until the next time the puppet client run and bring back the sanity or do that immediately,which is why like this;


bhaskar@bhaskar-laptop_12:38:39_Sat Mar 05:~> sudo /usr/sbin/puppetd --server bhaskar-laptop --test
info: Caching catalog for bhaskar-laptop
info: Applying configuration version '1299308926'
notice: //File[httpd.conf]/mode: mode changed '640' to '644'
notice: Finished catalog run in 0.35 seconds


So it bring back to it sanity,here is the evidence,compare with earlier listing with same file:


bhaskar@bhaskar-laptop_12:38:47_Sat Mar 05:~> ls -al /etc/apache2/httpd.conf
-rw-r--r-- 1 root root 6516 Jul 22 2010 /etc/apache2/httpd.conf


Ok, I have touched tip of an iceburg..it can be tweaked and configured leap and bounds and possibilities are aplenty.

Hope this will help.

Cheers!
Bhaskar