One of my clients uses Tripp Lite  PDUMH20AT power distribution units. They are rather primitive, and upgrading firmware on the management cards is done via ftp; you start an ftp session, upload the firmware image and the device reboots when you quit.

I recently ran into problems with the ftp sessions – I could connect OK, but any attempt to transfer files would fail.

It turns out the ftp server on the devices can't do passive ftp, only active. The fix is simple – issue the "passive" command before uploading the firmware image. Of course, this means it won't work very well through a firewall/NAT router, but that's not a problem as I do the upgrades from a local machine.

The full session looks something like this:

[root@a001 Files4step2]# ftp 8.pdu.a
Connected to 8.pdu.a (
220 NET+ARM FTP Server 1.0 ready.
Name (8.pdu.a:root): admin
331 User admin OK, send password.
230 Password OK.
Remote system type is NET+ARM.
ftp> bin
200 Type set to I.
ftp> passive
Passive mode off.
ftp> put rom.bin
local: rom.bin remote: rom.bin
200 PORT command Ok.
150 About to open data connection.
226 Transfer complete
2109474 bytes sent in 2.35 secs (8.8e+02 Kbytes/sec)
ftp> put pwralert.dat
local: pwralert.dat remote: pwralert.dat
200 PORT command Ok.
150 About to open data connection.
226 Transfer complete
679080 bytes sent in 0.793 secs (8.4e+02 Kbytes/sec)
ftp> bye
221 Goodbye.

Most of the servers I manage are 64-bit. I have one linode box that is 32-bit. I chose 32-bit because it has better memory usage than 64-bit, which is possibly important with a 512MB instance. This was probably a mistake as the management overhead involved with maintaining a 32-bit infrastructure for just one 32-bit machine is silly. No matter – we are where we are…!

I use the fnv_64 user-defined function from maatkit with MySQL. So, I need to build a 32-bit version for use on the 32-bit server.

Here's how to use mock to create a 32-bit build environment (in this case, for CentOS 5) on a 64-bit machine (the host is actually a Fedora 15 server).

Continue reading

Since my recent post about converting between unix time and date, it has come to my attention that Unix epochs are in seconds while Java epochs are in milliseconds. That means that you need to scale the epoch values by a factor of 1000 to convert between Unix and Java format.

So, date -u -d '2011-04-26 15:00:00' +%s gives 1303830000 (Unix epoch) which becomes 1303830000000 (Java epoch)

Converting the other way, the Java epoch 1306934061475 is 1306934061.475 in Unix format. date -u -d @1306934061.475 gives Wed Jun 1 13:14:21 UTC 2011 (assuming a UTC epoch).

Here are two ways to update the firmware on Dell iDRAC6 remote access cards.

Both methods require downloading the BIOS from Dell and extracting it from the bundle. For example, this is the 1.70.21 firmware:

mkdir /tmp/dell
cd /tmp/dell

Grab this and extract like this:

cd /tmp/dell
sh IDRAC6_FRMW_LX_R299265.BIN --extract ./idrac6-1.70.21

The firmware image is now in /tmp/dell/idrac6-1.70.21/payload/firmimg.d6

If you are just updating one machine, then the simplest way to perform the update is to use the Dell bmcfwul tool locally. This is supplied in the dell_ie_nitrogen package, and is installed to /usr/libexec/dell_dup/dell_ie_nitrogen/bmcfwul

Install the new firmware like this:

/usr/libexec/dell_dup/dell_ie_nitrogen/bmcfwul -input=/tmp/dell/idrac6-1.70.21/payload/firmimg.d6

If you have several machines to update, the most convenient way to perform the update is with tftp.

First, copy the firmware image to the tftp server, and put it in /tftproot, or wherever the root of your tftp server is located:

scp /tmp/dell/idrac6-1.70.21/payload/firmimg.d6 $ip_of_tftp_server:/tftproot

Then, trigger a firmware upgrade on the machines remotely using either racadm or ssh:

racadm -r -u root -p calvin fwupdate -g -u -a $ip_of_tftp_server


ssh racadm fwupdate -g -u -a $ip_of_tftp_server

perl hash slices are a way to access several elements of a hash simultaneously using a list of subscripts. It's more convenient than writing out the individual elements as a list of separate scalar values.

I recently needed to create a slice of a hash rather than a hash slice, ie. I wanted to create a hash with a subset of the key/value pairs from another hash.

Here's how I did it:

my %orginal = (foo => 'something', bar => 42, baz => 'king');
my %subset = map {$_ => $original{$_}} qw(foo bar));
# %subset is now: ( foo => 'something',  bar => 42 )

I've recently been looking at reporting in OpenNMS and it seems that some of the reports require date ranges to be specified in unix time. Now, I don't know about you, but my mental ability to translate "April 26, 2011 15:00 UTC" to 1303830000 is sadly lacking. So, here are some useful commands to convert from unix time to date and vice versa:

Date to Unix time:

# current timestamp
date +%s

# specific timestamp
date -d '2011-04-26 15:00:00' +%s

# same thing but UTC
date -u +%s
date -u -d '2011-04-26 15:00:00' +%s

Unix time to date:

date -d @1303826400

# same thing but UTC
date -u -d @1303826400

I  ran into an odd issue today – my firewall build script was failing on our account master node.

It turns out that I was trying to use a chain name in iptables that exceeded the maximum length allowed. I wanted to use "REMOTE_ACCOUNT_SLAV ES_ASHEVILLE" (31 chars) and the limit is 30 chars.

You can see this in /usr/include/linux/netfilter_ipv4/ip_tables.h and /usr/include/linux/netfilter/x_tables.h:



This was on CentOS 5.6.

Having grown up with CVS then moved on to svn, I find git amazingly powerful. However, I don't use it enough to learn some of the more powerful features. This is just a post to document a couple of useful things I learned recently.

I was working on a project on github, adding a missing command-line option. But, while editing, I got carried away and made a load of additional trivial changes, cleaning up the man page text, making capitalisation consistent, etc. All good stuff, but I didn't want to commit both sets of changes in the same commit.

What I needed to do was to select which changes to commit. The command to do that is:

git add --patch

To show the changes that have been added to the staging area, ie. those that will be commited:

git diff --cached

If you mistakenly add a change and want to remove it from the staging area:

git reset --patch

Finally, commit the change:

git commit

Optionally, push the change back to github:

git push origin master

Nifty stuff.

I'm sure we've all seen this message from time to time when using puppet with exported resources:

Error 400 on SERVER: Exported resource Sshkey[foo] cannot override local resource on node

It's actually pretty easy to fix. Simply delete the exported resource for node foo.

Assuming you are using MySQL for your DB, something like this will do the trick:

mysql -e "delete from resources where restype like 'sshkey' and exported=1 and host_id = (select id from hosts where name 'foo')" puppet

We sometimes see problems updating our Dell machines to the latest firmware, ie. update_firmware -y fails:

Running updates...
-	Installing dell_dup_componentid_00159 - 1.4.7Installation failed for
package: dell_dup_componentid_00159 - 1.4.7
aborting update...

The error message from the low-level command was:

Could not parse output, bad xml for package: dell_dup_componentid_00159

Dell have been unable to tell me why this is, or provide a fix or workaround.

Here's what I did to get the firmware installed:

Continue reading