Update: see my recent post describing a better way to do this.
I often need to deploy Ruby gems across many CentOS servers. I prefer to use the native OS package management tools (rpm + yum) rather than using Ruby gems.
Here’s how to build RPMs from Ruby gems using gem2rpm.
When creating backups or log files, I like to name the files with a timestamp, ie. the date plus the time.
I use the date command to produce timestamps in the appropriate format, but I find the format specifier a bit long-winded and difficult to remember – is %m minutes or month?
There is a better way… date -I
I use puppet to manage the configuration of the machines I manage. So far, I've been rolling out new resources to machines but recently I've wanted to remove resources from machines. Here's how I modified my cron classes so I could remove cron jobs as well as create them.
In my iptables configurations, I generally allow all traffic I am interested in and deny the rest, logging anything that is denied.
I found that this can get a bit noisy with loads of connections to udp:137 and udp:500, etc. so I decided to deny the more common ports without logging. But which are the most common ports?
I've used subversion for quite a while now – I vaguely remember using CVS when working with some Sourceforge projects, but most of my experience is with subversion.
I've used the command svn status (or svn st, for short) to show me what changes there are in my working copy. However, I've occasionally thought it would be nice to see what updates are available in the repository but I've never bothered to find out how to do it. Until now…
I'm using the net-snmp-lvs module to interface LVS statistics to SNMP so I can graph them (I'm using OpenNMS).
I have a virtual HTTP service that is balanced across eight real servers. In testing, everything seemed to work just fine and I got some nice graphs that show the Connection Rate, Packet Rate, and Byte Rate for the virtual service and each of the real servers.
This morning, we attempted a cutover, ie. we re-directed real traffic to the new service. Sadly, our perimeter firewall hit > 90% CPU so we had to revert. But, in the time that we were live, I noticed that the Connection Rate statistics were missing for both the virtual service and the real servers for the period in which the service was under high load:
Notice the gap in the Connection Rate graph when the Packet & Byte rate graphs show high values.
I am currently investigating the cause of this issue.
As I mentioned in a previous post, the MySQL RPMs provided for RHEL/CentOS by percona are not actually compatible with RHEL/CentOS. They use the same package layout as the MySQL-provided RPMs.
Here's how I create my own RPMs having the same package layout as the RHEL/CentOS packages but with the percona highperf patchset applied.
ourdelta provide MySQL packages for various platforms, built with assorted performance/feature patchsets.
Sadly, like the percona builds, the RPM packages for RHEL/CentOS are not upstream-compatible, ie. they package MySQL differently.
I was planning to re-build the ourdelta packages to use the upstream RPM package layout but I've decided to stick with re-building the percona packages as I've already done the work for that.
Anyway, in case it helps someone, here's how to rebuild the ourdelta packages from the SRPM:
rpmbuild --rebuild \
--define 'ourdelta 1' \
--define 'mysqlversion 5.0.87' \
--define 'elversion 5' \
--define 'patchset d10'
I use puppet to distribute my sshd configuration, including pre-generated ssh certificates.
Here's how I bulk create certificates for a bunch of new nodes named b001-b034:
for n in $(seq -w 1 34); do
ssh-keygen -q -t rsa -f b0$n -C '' -N ''
Having got racadm working on my workstation (see my previous post), the next step is to perform initial DRAC configuration, ie. change the root password, set the SSL cert values, etc.
First I checked that all DRACs were pingable:
for h in $(seq -w 1 34); do
if ping -q -c 1 $hn >& /dev/null ; then
Next, I created a drac config file (named drac.cfg) containing the settings that are common to all devices:
I then ran a script to apply the common configuration to all devices. I also set the device-specific settings in the same script:
for n in $(seq -w 1 34); do
racadm -r $fullname -u root -p calvin config -g cfgLanNetworking -o cfgDNSRacName $host
racadm -r $fullname -u root -p calvin config -g cfgRacSecurity -o cfgRacSecCsrCommonName $fullname
racadm -r $fullname -u root -p calvin config -f drac.cfg
Notice that I don't change the default password until last.
Now, I just need to work out how to generate the CSR, sign it, and upload the new cert…