Linux Process Status Codes

No comments:
In a Linux System, every process has a status expressed with the 'STAT' column in output of the 'ps' command. 'ps' command displays an uppercase letter for the process state.

Here are the different values for the output specifiers:

D    uninterruptible sleep (usually IO)
R    running or runnable (on run queue)
S    interruptible sleep (waiting for an event to complete)
T    stopped, either by a job control signal or because it is being traced
W    paging (not valid since the 2.6.xx kernel)
X    dead (should never be seen)
Z    defunct ("zombie") process, terminated but not reaped by its parent

for illustration, an example output of a 'ps' command:

$ ps -eo state,pid,user,cmd
S   1            root           /sbin/init
S   5274      root           smbd -F
D   4668     postgres     postgres: wal writer process
S   7282      root           nmbd -D
S   7349      root           /usr/sbin/winbindd -F
R   11676   postfix       cleanup -z -t unix -u
S   25354   _graphi+    (wsgi:_graphite)  -k start

Using ssh-agent for Unattended Batch jobs with Ssh Key Passphrase

No comments:
In some cases, It is needed to make ssh connections to another servers in order to run shell commands on them remotely. But when it comes to run these commands from a cron job, password interaction will be a concern. Using ssh key-pair with an empty passphrase may be an option but it is not recommended. There is another option automates passphrase interaction.

Ssh-agent provides a storage for unencrypted key because the most secure place to store a key is in program memory.

I am going to explain how to run batch/cron shell script integrated with ssh-agent:

There are two servers, server1 and server2.

On server1, ssh key pair is created.

# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): <your passphrase here>
Your public key has been saved in /root/.ssh/
The key fingerprint is:

On server2 copy content of the file from server1 and insert it to /root/.ssh/authorized_keys and give appropriate permissions to this file (700 for .ssh directory, 600 for authorized_keys file). From now on, from server1 ssh connections can be made to server2 using key passphrase.

On server1, it can be tested.

# ssh server2
Enter passphrase for key '/root/.ssh/id_rsa': <your passphrase here>
# (that is server2's shell prompt!)

On server1, we invoke an ssh-agent just once, thereafter cron jobs can use this agent for authentication.

# ssh-agent bash
# ssh-add /root/.ssh/id_rsa
Enter passphrase for /root/.ssh/id_rsa: <your passphrase here>
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)

Ssh agent provides access to its services through a unix socket. If you have access to this socket you will obtain the right to use of keys.

On server1, write out two specific environment variables to a file.

# echo "export SSH_AUTH_SOCK=$SSH_AUTH_SOCK" > aginfo
# echo "export SSH_AGENT_PID=$SSH_AGENT_PID" >> aginfo

Now open an another terminal window on server1 and save the following shell script as an example and run it.

# cat
source ./aginfo
ssh -o 'BatchMode yes' server2 hostname

# ./cron_test

Now we have achieved our goal. Script can be put in the crontab and run periodically. But keep in mind that after a reboot ssh-agent won't live, so that ssh-agent setup process should be done again.

Linux find command (exec vs xargs)

No comments:
As a matter of fact, i detest having to learn more than one method to achieve a job when it comes to shell scripting. But most of the time, sysadmins should find their needs to be met in the best way.

Find has the -exec option to perform actions on the files that are found. It is a common way of deleting unnecessary files without xargs.

$ find . -name "*.tmp" -type f -exec rm -f {} \;

In the above example "{}" is safe to substitute for every file with a space in its name. But "rm" command is executed once for every single file that is found. If we think about tons of files to be removed then a lot of fork processes are likely to take place.

How about using xargs:

$ find . -name "*.tmp" -type f -print0 | xargs -0 -r rm -f

With xargs, "rm" will be executed once for all files, decreasing overhead of the fork. It would be safe to use "-print0" option for files with space. Xargs "-r" option is for not running if stdin is empty. Of course there is a limit for the argument list xargs can have at a time. Otherwise xargs will split the input and try to execute the command repeatedly. With "-s" flag this limit can be overriden.

Ansible Playbook for cleaning all print jobs

No comments:
- hosts: print_servers
    - name: Clears all print jobs from the queues of the specified printers.
      shell: for i in $(/usr/bin/lpstat -o {{ item }} | awk '{ print $1 }'); do /usr/bin/cancel $i; done
        - printer1
        - printer2

Randomly Generating User Passwords Using Ansible

No comments:
First, i would like to note that i have recently started using Ansible for configuration management. One of the things i need in my server environment is to implement a user password changing policy. Since the targets are numerous, i have to use randomly generated passwords for each host. Because passwords are sensitive, they should be generated in the encrypted form. Ansible documentation recommends using python passlib library and SHA512 hashing here.

Ansible requires python-simplejson when Python version is 2.4

No comments:
Ansible requires python-simplejson package when python version is 2.4. | FAILED >> {
    "failed": true,
    "msg": "Error: ansible requires a json module, none found!OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: mux_client_request_session: master session id: 2\r\nShared connection to closed.\r\n",
    "parsed": false

On Redhat 5, following package should be installed:

# rpm -ivh python-simplejson-2.0.9-8.el5.x86_64.rpm

Then from ansible:

# ansible server11 -m ping | success >> {
    "changed": false,
    "ping": "pong"

Adding Bulk New Contacts to Microsoft Active Directory

No comments:
Sometimes it is a pain for SysAdmins to add objects to Windows AD. In this example i have provided a visual basic script which reads information about some mail enabled contacts from a tab seperated text file, then create them in the Active Directory.

Every line of the text file includes:
Contact Name
First Name
Phone Number