A little dev with op

github

I’m not a great developer, but I use to write some in order to help me with the operation. I little ‘dev’ with ‘op’.

So, you can see on my github some of my prodution:

check_disckactivity: A NRPE plugin that gets the level of activity of a disk/partition. The data source is sysstat.

imaptest: That script simulate IMAP clients interacting with server. It can be useful in lab/tests environment (it is for me).

check_proc_blocked: Another NRPE plugin that checks for processes in uninterruptible state in Linux. A high number could indicate problems with I/O.

check_nimap: That NRPE plugin show the number of dovecot’s IMAP connections and the number of unique users.

rebuildpkg: If you need to backup the current version of a package which is installed on your Slackware, you can regenerate it. It is useful when you can’t find that version on the web, but has it installed on your system.

oVirt plugin – shell in a box

OVirt logo

I would like to share my experience implementing this great oVirt UIPlugin.

I followed the Derez Blog but with some changes in order to work in oVirt 3.4.

oVirt Engine

First, I created the plugin directory:

# mkdir /usr/share/ovirt-engine/ui-plugins/shellbox-files

Then I put the start.html file into it, with that content:

# cat << EOF > /usr/share/ovirt-engine/ui-plugins/shellbox-files/start.html
<!DOCTYPE html>
<html>
<head>
<script type='text/javascript'>
  var api = parent.pluginApi('ShellBoxPlugin');

  api.register({
    UiInit : function() {
      // Add 'Shell Box' sub-tab under 'Hosts' main-tab
      api.addSubTab('Host', 'Shell Box', 'shell-box', '');

      // Add 'Shell Box' button (+ context menu)
      // to 'Hosts' main-tab
      api.addMainTabActionButton('Host', 'Shell Box', {
        onClick : function() {
          window.open(getShellBoxUrl(arguments), '_blank');
        },
        isEnabled : function() {
          // The button is enabled only when a
          // single host is selected
          return arguments.length == 1;
        },
        isAccessible : function() {
          // The button is always visible
          return true;
        }
      });
    },
    HostSelectionChange : function() {
      if (arguments.length == 1) {
        // Update iframe URL on host selection
        api.setTabContentUrl(
          'shell-box', getShellBoxUrl(arguments));
      }
    },
  });
  api.ready();

  // Get 'Shell Box' URL using specified host address
  var getShellBoxUrl = function(arguments) {
    var hostAddress = arguments[0].name;
    var port = '4200';
    var shellUrl = 'https://' + hostAddress + ':' + port;

    return shellUrl;
  }
</script>
</head>
<body>
</body>
</html>
EOF

Now, create the plugin definition:

# cat << EOF > /usr/share/ovirt-engine/ui-plugins/shellbox.json
{
  "name": "ShellBoxPlugin",
  "url": "/ovirt-engine/webadmin/plugin/ShellBoxPlugin/start.html",
  "resourcePath": "shellbox-files"
}
EOF

Restart oVirtn Engine:

# service ovirt-engine restart

oVirt Host

The backend of this plugin is the shellinabox package. Install it with:

# yum install shellinabox -y

Edit OPTS option in /etc/sysconfig/shellinaboxd like this:

OPTS="--service /:SSH"

Shellinabox will generate https certificated automatically, but invalid. I’ve found the solution here.

Now start shellinaboxd and test the access.

# service shellinaboxd start
oVirt Shell

oVirt Shell

oVirt host – iptables

OVirt logo

When you add a new host to your oVirt Engine, your iptables rules are overwritten by oVirt deploy. The new rules might not meet your needs. But you can change this.

oVirt 3.4

Using engine-config command in Engine host, get the default rules:

$ sudo engine-config -g IPTablesConfig
IPTablesConfig: 
# oVirt default firewall configuration. Automatically generated by vdsm bootstrap script.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -i lo -j ACCEPT
# vdsm
-A INPUT -p tcp --dport @VDSM_PORT@ -j ACCEPT
# SSH
-A INPUT -p tcp --dport @SSH_PORT@ -j ACCEPT
# snmp
-A INPUT -p udp --dport 161 -j ACCEPT

@CUSTOM_RULES@

# Reject any other input traffic
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited
COMMIT

To set new rules, copy the lines returned above and add your rules just after @CUSTOM_RULES@, for example:

$ sudo engine-config -s IPTablesConfig="
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -i lo -j ACCEPT
# vdsm
-A INPUT -p tcp --dport @VDSM_PORT@ -j ACCEPT
# SSH
-A INPUT -p tcp --dport @SSH_PORT@ -j ACCEPT
# snmp
-A INPUT -p udp --dport 161 -j ACCEPT

@CUSTOM_RULES@
-A INPUT -m comment --comment 'new rule '-j LOG --log-prefix='new rule '

# Reject any other input traffic
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited
COMMIT"

oVirt 3.5

New version has a proper variable for this. Follow the example:

$ sudo engine-config --set IPTablesConfigSiteCustom="
-A INPUT -m comment --comment 'new rule '-j LOG --log-prefix='new rule '
"

That new rule will be set in place of @CUSTOM_RULES@.

Problem compiling on Slackware64 multilib

compile

Some times when I am installing packages from SlackBuilds, the compilation stops with the following error:

error adding symbols: File in wrong format

In order to fix it, I alter the SlackBuild script specifying the library directory in CFLAGS variable:

CFLAGS="$SLKCFLAGS -L/usr/lib64"

Running again the script, it terminates with success.

Source based routing

Routes

Most of network routing is based on the destination. But sometimes you may need to forward packets to different gateways depending on the source.

In Linux you can do this using the iproute2 package. It uses netlink socket interface in order to handle addressment, routing, queuing and scheduling of Linux network subsystem. Follow an example:

Define a lable for a table to be used:

echo "10 foo" >> /etc/iproute2/rt_tables

Insert a route into foo table:

ip route add default via 10.10.10.1 dev eth1 table foo

Insert a rule with low priority in order to a host consult the new table foo:

ip rule add prio 10 from 192.168.16.7 lookup foo

You can check the rules with:

ip rule show list

Use the man for more information.

Nagios plugin – check_proc_blocked

Nagios Logo

I have written another plugin using python to get the number of process in uniterruptive state (D). This state means that the process is waiting for a I/O operation, and a high number, it can mean problem. The code you can get here.

For more information of Nagios plugin development, read the guidelines.

Nagios plugin – check_nimap.py

Nagios Logo

In order to learn python and monitor my mail service, I have written a Nagios plugin that gets the number of imap clients connected to a dovecot imap server. The code you can get here.

You can see that check_nimap.py uses doveadm so as to get connections information. So, you need to configure NRPE to run as nagios user. A good guide can be found here.

For more information of Nagios plugin development, read the guidelines.

Internal/Isolated networks on oVirt

OVirt logo

Although virt-manager provides easily isolated network, oVirt haven’t so evident configuration. In fact, we need some commands on terminal.

You can use dummy module to get internal networks. First of all, make sure your host load dummy module at startup.
Create /etc/sysconfig/modules/dummy.modules:

modprobe dummy >/dev/null 2&1
exit0

Manually, you can run modprobe to load on a running machine. It will appear a dummy0 network interface. Done this, create /etc/sysconfig/network-scripts/ifcfg-dummy0 with this content:

DEVICE=dummy0
BOOTPROTO=none
ONBOOT=yes
NM_CONTROLLED=no
PROMISC=yes

Now comes the oVirt configuration. In webadmin portal, go to the ‘Network’ tab and click new:

New network

New network

The definition could be simple. Just give a name and match ‘VM network':

New network

New network

With the virtual switch created, we need to link our dummy interface on it. Go to the network configuration of host:

Configure network on host

Configure network on host

Configure network on host

Configure network on host

Drag internal network and drop in dummy0 interface

Configure network on host

Configure network on host

Check ‘Save network configuration’ and click ok.

Configure network on host

Configure network on host

Now, for each virtual machine you want to use internal network, you can create a virtual NIC and attach to internal virtual switch.

Configure network on host

Configure network on host

Shell tricks

tricks

There are many keys or commands that could turn easier our lives. That’s some:

Read text file inside tar.xz file:

cat samba-4.0.9.tar.xz | tar -JxO samba-4.0.9/source4/scripting/bin/samba_backup | less

Command correction:

# nkdir -v /tmp/foo
bash: nkdir: command not found
# ^nkdir^mkdir
mkdir foo

See the difference of file in remote machines:

diff <(ssh server1 'cat file') <(ssh server2 'cat file')

Or installed packages:

diff <(ssh server1 'rpm -qa | sort') <(ssh server2 'rpm -qa | sort')

You have an alias with the same name of a command, but you want to run the command, not alias:

$ alias vi=vim
$ \vi

You can see that ones and many others here.

Partition shrink

drive-harddisk

Several times we need resize our storage area. Normally we expand volumes, but not shrink. Although not common, it’s possible too. Surfing on the web, I found that great article.

My tests worked gracefully! I extended this article above resizing the virtual disk image file, with qemu-img.

qemu-img convert -f qcow2 -O raw resize.img resize_raw.img
qemu-img resize resize_raw.img 5360321024
qemu-img convert -f raw -O qcow2 resize_raw.img resize.img

5360321024 is the exactly size in bytes of the sum of all partitions.