Pablowe

Knowing your PERC 6/i BBU

I’ve recently become supremely disappointed in the availability of Nagios checks for RAID cards. Too often, I see administrators rely on chance (or their hosting provider) to discover failed drives, a dying BBU, or a degrading capacity on their RAID cards. So I began work on check_raid (part of check_mysql_all) to provide a suite of checks. One of the first cards I wanted to support was the PERC 6/i, so I scoured the documentation, forums, and picked the brains of my friends before finally getting on a marathon 4 hour call with Dell support. I’ll now share the interesting things that I’ve learned.

More »

HTTP Over SSL Best Practices

Encrypting connections to your web server using HTTPS is a trade-off between performance and security. Therefore, there’s no “right answer” for exactly what traffic to encrypt; it’s a business decision. There are, however, best practices that can guide you in the decision making process. In fact, there is a “golden rule” for making this decision:

If it were your session, would it bother you if I got the data? If your answer is yes, then the data should be encrypted!

More »

Getting my money’s worth!

Several months ago I purchased an HP Mini 1000 to do some work for a client in their SQL Server 2005 environment. The work ended rather quickly and the Mini’s been sitting around gathering dust. I came across it in a pile of junk the other day while cleaning and decided that it would be the machine to replace my MacBook Air when the MBA goes in for repair. The basic tasks I would be performing are:

• Lots of database work
• Linux, Solaris, and FreeBSD administration
• Penetration Testing and Security Audits

Right away I realized I would need to kick it up a notch by upgrading to 2G of RAM. I would also need to be able to run Linux, but couldn’t sacrifice my only Windows installation (virtualization is not an option on either the MBA or the Mini). Dual booting also wasn’t an option because the 16G hard drive on the Mini is barely enough to run Windows. So my only real option was to do a persistent install of Ubuntu on USB (using the NetBook Remix, of course). HP made some awesome decisions with USB on the Mini: SD Card and Mini Flash slots in addition to the regular USB port. So I purchased an 8G JetFlash USB Drive to serve as my Linux machine. After then spending a few hours on my typical Linux install (which is pretty much half of the top 100 SecTools and a few other base packages), I was ready to go.

Nagios Checks For MMM

I’ve written some new Nagios checks for MMM (MMM on Google Code … MMM on Launchpad). check_mmm is a part of http://code.google.com/p/check-mysql-all/, and is meant to be called locally on the MMM Monitor server (usually via NRPE). Feedback is welcome, usage is as follows:

Usage:
     check_mmm --cluster C# 

     Options:
       --cluster=    The MMM Cluster to check
       -c, --critical=
    The level at which a critical alarm is raised.
       -h, --help                Display this message and exit
       -v, --verbose             Increase verbosity level
       -V, --version             Display version information and exit
       -w, --warning             The level at which a warning is raised.

     Defaults are:

     ATTRIBUTE                  VALUE
     -------------------------- ------------------
     cluster                    No default value
     critical                   HARD_OFFLINE,REPLICATION_FAIL
     help                       FALSE
     verbose                    1 (out of 3)
     version                    FALSE
     warning                    ADMIN_OFFLINE,AWAITING_RECOVERY,REPLICATION_DELAY

VPNC Quick Install on OS X

I find myself constantly battling with Cisco VPN client on my Mac. As such, I’ve recently turned to vpnc as a replacement. VPNC is available as a Darwin Port but won’t work with a simple install.

%> sudo port install libgpg-error openssl libgcrypt tuntaposx vpnc

That’s all there is to it. The command took less than 5 minutes on my first-generation MacBook Air.

Nagios MySQL Plug-Ins

There currently exist many plugins for MySQL to use with Nagios. Many of them, however, are not version-independent, leaving organizations that use multiple versions of MySQL to either install multiple plugins or not monitor specific versions of MySQL. As such, I’ve compiled what I consider to be the most useful checks into a single plugin: check_mysql

Usage:
     check_mysql check_name [options]

     Options:
       --args|a     Optional arguments.  Comma-separated.  Check-specific.
       --critical|c The level at which a critical alarm is raised.  Check-specific.
       --database   The database to use (defaults to mysql)
       --help|?     Display this message and exit
       --hostname|H     The target MySQL server host (defaults to localhost)
       --password|p The password of the MySQL user
       --port       The port MySQL is listening on (defaults to 3306)
       --user|u     The MySQL user used to connect
       --version|V  Display version information and exit
       --warning|w  The level at which a warning is raised.  Check-specific.

     defaults are:

     ATTRIBUTE                  VALUE
     -------------------------- ------------------
     args                       No default value
     critical                   Check-specific
     database                   mysql
     help                       FALSE
     host                       localhost
     password                   No default value
     port                       3306
     timeout                    10 seconds
     user                       No default value
     verbose                    1 (out of 3)
     version                    FALSE
     warning                    Check-specific

Current Checks Supported:

* connect – Check to see whether or not one can connect to MySQL (USAGE)
* repl_io – Check to see whether on not the IO Replication thread is running (REPLICATION CLIENT)
* repl_sql – Check to see whether or not the SQL Replication thread is running (REPLICATION CLIENT)
* repl_sbm – Check how many seconds behind the master the slave is (REPLICATION CLIENT)
* mysql_query – Run a given query, test if it executes properly (SELECT)
* connections – Test if the percentage of used connections is over a given threshold (PROCESS)

I am open to requests for additional checks etc.

Drizzle

Last night I attended the San Francisco MySQL Meetup Group to hear Brian Aker talk about Drizzle. Heretofore, I was generally uninterested in Drizzle because I didn’t pay enough attention to what it was actually trying to accomplish. After his presentation, I am anxious to play with it in a meaningful way! The features that sold me:

• utf8 as the default (only?) charset
• No more SQL_MODE (behaving strict-like by default)
• Pluggable Authentication
• A much smarter communication protocol
• 64-bit only *(EDIT: Stewart has informed me that 32-bit is supported, but Drizzle has been optimized for 64-bit … I’m still counting it as a win)
• Did I mention Pluggable Authentication?
• Defaults to transaction-capable

One feature I’m hoping to see come up soon:

• Online Upgrades

Why would I want that? Upgrading is very easy, you think. Since drizzle is designed to be used with huge (by today’s standards) machines with 128+G RAM, 128+ CPU Cores, one must assume that the data sets used will correspondingly be huge. So huge, in fact, that it will take hours (days?) for the caches to warm up! An online upgrade capability may allow for caches to stay hot during the upgrade process rather than having to operate in a degraded state for a long time after an upgrade.

Nagios3 on CentOS: Quick Install Script

As part my job, I find myself doing Nagios installs on a somewhat regular basis. The following is a quick guide on installing Nagios 3 on CentOS, distilled from the official Nagios docs. It is meant to be copied and run as a shell script (you should only have to update the passwords):

#!/bin/sh

# Any Failing Command Will Cause The Script To Stop
set -e

# Treat Unset Variables As Errors
set -u

echo "***** Starting Nagios Quick-Install: " `date`
echo "***** Installing pre-requisites"
yum -y install httpd
yum -y install gcc
yum -y install glibc glibc-common
yum -y install gd gd-devel

echo "***** Setting up the environment"
useradd -m nagios
echo "INSERT_PASSWORD_HERE" |passwd --stdin nagios
groupadd nagcmd
usermod -a -G nagcmd nagios
usermod -a -G nagcmd apache

echo "***** Getting the Nagios Source and Plug-Ins"
cd /usr/local/src
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.0.tar.gz
wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.14.tar.gz
tar xzf nagios-3.2.0.tar.gz
tar xzf nagios-plugins-1.4.14.tar.gz

echo "***** Installing Nagios"
cd /usr/local/src/nagios-3.2.0
./configure --with-command-group=nagcmd
make all
make install
make install-init
make install-config
make install-commandmode
make install-webconf

echo "***** Setting up htpasswd auth"
htpasswd -nb nagiosadmin INSERT_PASSWORD_HERE > /usr/local/nagios/etc/htpasswd.users
service httpd restart

echo "***** Setting up Nagios Plug-Ins"
cd /usr/local/src/nagios-plugins-1.4.13
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install

echo "***** Fixing SELinux"
chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/
chcon -R -t httpd_sys_content_t /usr/local/nagios/share/

echo "***** Starting Nagios"
chkconfig --add nagios
chkconfig nagios on
service nagios start

echo "***** Done: " `date`

Hope you find this useful!

* EDIT: 2009-09-07 – Updated link to get Nagios 3.2.0
* EDIT: 2009-10-14 – Updated link to get Nagios Plugins 1.4.14

ATTN: Wordpress Theme & Plug-In Developers

Please minify all JavaScript and CSS files. The size of the main page at pablowe.net was reduced by 20% by this simple, 30-second act.

CSS::Minify
JavaScript::Minifier

Thank You!

OmniSQL 0.0.7 Released

OmniSQL (a command line tool for DBAs needing to issue ad-hoc queries against sharded data) version 0.0.7 is officially released.

Instead of logging in separately to multiple databases to issue the same query, groups of databases can be specified in a configuration file and queries will be automatically issued against all targeted MySQL instances.

Let me know of any bugs found or features you would like to see in upcoming releases!

Download at http://code.google.com/p/omnisql/.

CHANGE LOG
- Fixed Bug #3: Script failure when only one group is defined
- Fixed Bug #4: Too Slow (now it forks)
- Fixed Bug #5: Host-Specific parameters don't work
- INCOMPATIBLE CHANGE: Changed format of config file
- INCOMPATIBLE CHANGE: Use XML::SimpleObject instead of XML::Simple
- Added group summary (Issue #6)