My blog

Month: December 2016

  • Puppet vs Ansible vs Chef vs Salt

    Good presentation, high level.

  • Bash scripting manual

    Apple has got very nice bash scripting manual here: https://developer.apple.com/library/content/documentation/OpenSource/Conceptual/ShellScripting/Introduction/Introduction.html

    Check the security and AWK sections.

  • Let’s encrypt cert updates

    Let’s encrypt is wonderful, but certificate are getting expired every 3 months. Since it’s a first time I need to renew them, I have done it manually. The tool authenticates you (by default) with special file created in the .well-know/acme-challenge directory of the root, so the blog engine should not interfere or rewrite anything and should not return it’s own 404 page. Historically my nginx.conf has lots of existing redirects and rules, I am too lazy to correct and simplify it, so simple

    localtion ~ .well-known {
        allow all;
    }

    does not work. And I am too lazy to figure out why it is so (bad for me). So the most simple way to renew certs for me is to switch to minimal config. Putting it here for the future reference.

    user  nginx;  
worker_processes  1;
error_log  /var/log/nginx/error.log;
pid        /run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    server_names_hash_bucket_size 128;
    index   index.html index.htm;
    server { listen 80;
        listen [::]:80;
        server_name andreybondarenko.com;
location / {
                 root   /var/www/;
        }

    }
}

  • Moving iTunes Account to the other country

    If you are changing the country you may need to change the location of your online services as well. May be if you are moving from US to EU it’s not that important, but if you are moving from Russia to EU keeping old setting would be painful. First, payment can be only done from Russian card. Second, by Russian regulations “Russian” users’ data must be located in Russia. It’s far. And I don’t like the idea of keeping my data there.

    Switching the region in the iTunes is not that easy. You need pre-requisites:

    1. You need to have address and the payment card that is issued in the same country.
    2. You need to cancel all your subscriptions. And that’s not that easy. “iTunes Music” had per-month payment basis. But “iTunes Match” is purchased for one entire year and you cannot terminate it. That made me wait 5 months!
    3. “iCloud Storage”, however, may be active.

    Than you need to go to the account settings, change the store, add new credit card, re-login on all devices. Applications on the phone are working without problems (seems like this, though I didn’t have any update yet, but it’s x-mas). But not the music! You need to re-enable Match and Music subscriptions and reload all music back to the cloud. A lot of duplicated may appear in process, be prepared for that.

  • Google Analytics and visitors’ language

    Vote for Trump, epta!


  • TOC and collapsible block samples

    I am writing some tool for my daily work that produces fancy HTML page from RHEL, CentOS or Fedora log and config files, so it would be more easy to read them. Nothing special, just some bash scripts with sed, grep and awk that produce HTML with some CSS and JQuery.

    1. TOC I really liked: http://projects.jga.me/toc/ It’s very easy to use and implement, it just looking through the document for h1, h2, etc tags. Scope and what tags to look can be customized.
    2. Collapsible blocks sample: https://codepen.io/peternguyen/pen/hICga/

    May be it would be yet another “log2html” framework in the end.

  • How to sort messages log

    If you need to sort out what is reporting to the /var/log/messages to array in case of Red Hat Enterprise Linux or Fedora, you need to do flowing manipulations:

    1. read log;
    2. get 5th column from the log, it’s daemon name;
    3. get rid of all digits, so the daemons with different PIDs would be counted as one;

    1. get rid of all ‘/’ and replace ‘[’ and ‘]’ with ‘\[’ and ‘\]’ to keep things both readable and usable for future scripting;

    1. sort unique stuff.

    in my case this gets look like:

    cat /var/log/messages | awk '{ print $5 }'| sed 's/\[[0-9].*$//'|sed 's/\[/\\\[/g' | sed 's/\]/\\\]/g'| sed 's/://g' |sed 's/\///g' |sort -u``

    the result is usable as array for example. My host’s result:

    abrt-hook-ccpp
at-spi-bus-launcher
audit
avahi-daemon
blueman.desktop
blueman-mechanism
bluetoothd
chronyd
cinnamon-killer-daemon
cinnamon-session
com.redhat.imsettings
...
skip
...
tracker-store.desktop
udisksd
usrlibexecgdm-x-session
vmware-user.desktop
wpa_supplicant

  • Debugging Kerberos

    If you need to debug Kerberos, check the time synchronization at the first place. In about 50% cases it is it.

    1. the ntpd (or chrony) should be presented in the process list
    2. they should really be configured correctly
    3. in case of the virtual host crony is preferable, with the ntpd time skew is possible

    Really nice crony/ntpd comparative chart: https://chrony.tuxfamily.org/comparison.html , “Summary” section is complete.

  • Not to forget: ugly font and the Opera Browser

    Might be interesting for non-English speaking users of the Opera: some font on some sites are really ugly and there is no way in the interface to disable them, because they’re not system fonts, but one that web page get downloaded. –disable-remote-fonts is the option to fix them forever. Such fonts usually contain normal English glyphs, bot other are ugly. To fix it in the Gnome Shell:

    1. cp /usr/share/applications/opera.desktop ~/.local/share/application
    2. Add –disable-remote-fonts to every “Exec”. Don’t touch “TryExec”

  • Not to forget useful vi and bash settings

    .bash_profile

    alias opera=opera --disable-remote-fonts
alias grep='grep --color=auto'
alias unigrep='grep -P "[^\x00-\x7F]"'
alias mkdir="mkdir -p"
alias ls='ls -lh --color=auto'
HISTCONTROL=ignoredups:ignorespace
HISTSIZE=100000
HISTFILESIZE=200000

    .vimrc

    set mouse=r
syntax enable
set tabstop=4
set softtabstop=4
set expandtab
set number
set cursorline
set hlsearch
set incsearch  
set showmatch
nmap <F1> <Esc>:set nonumber<cr>                                                                                                                                             
nmap <F2> <Esc>:set number<cr>
nmap <F5> <Esc>yy<cr>
nmap <F6> <Esc>p<cr>
nmap <F8> <Esc>dd<cr>
nmap <F10> <Esc>:wq!<cr>
nmap <F12> <Esc>:q!<cr>

    Not sure about ‘number’ setting, if interferes with the clipboard annoyingly, so I can turn them off.