In switching all of my repositories to a local in-house RPM repository, I needed to figure out which packages were installed on machines in the network that did not come from the mirror to which I synchronize. These packages needed to be added manually into the repository. I wrote this little one-liner to list packages that did not come from the official RHEL repo, and therefore have a different vendor.

for i in `rpm -aq`; do if [ “`rpm -qi ${i} | grep ‘Vendor: Red Hat, Inc.’`” == “” ]; then echo $i; fi; done

You could use this easily on a non-RHEL repo, as long as your system uses RPM packages. Just update the vendor name in the middle there and you’re all set.

In our environment, we make decisions on the importance of hosts based on their specific role. Puppet is great and has gone a long way towards simplifying our standard build. Finding out it has built-in types for working with nagios was exciting, but the problem became – how can we have our hosts automatically get added into nagios through puppet, but easily augment those additions with human-decided service levels? Leveling is the technique we use to determine which hours of the day we’re alerted to problems, and through which medium. For example, level1 means “any hour, day or night, via both email and text message.” and level5 means “email me during work hours only.”

The initial solution, unsurprisingly, came from puppet exported resources. You can read more about them [here]. Briefly, putting a @ character in front of an object definition makes it virtual. That is, the object will exist, but will not get sent to the client. Putting two @ characters in front of a definition also exports the virtual resource, making it available to other hosts. A bit of initial work is needed to enable exported resources, mysql (or some other database) must be set up. So, to do that:

[root@puppet ~]# cat /etc/puppet/puppet.conf
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl

[puppetmasterd]
storeconfigs = true
dbadapter = mysql
dbuser = puppet
dbpassword = whatever
dbserver = localhost
dbsocket = /var/lib/mysql/mysql.sock
downcasefacts = true

Now that that’s out of the way, let’s see how we create nagios hosts for each puppet client. In our environment, my base standard-config class is called every-server. So, in everyserver.pp, we find this:

@@nagios_host { “${fqdn}”:
ensure => present,
alias => “${hostname}”,
address => “${ipaddress}”,
use => “level5”,
target => “/etc/nagios/dynamic.cfg”;
}

@@nagios_service { “${hostname}_check_ping”:
ensure => present,
host_name => “${fqdn}”,
notification_interval => 60,
flap_detection_enabled => 0,
service_description => “Ping”,
check_command => “check_ping!300.0,20%!500.0,60%”,
use => “level5”,
target => “/etc/nagios/dynamic.cfg”;
}

@@nagios_service { “${hostname}_check_ssh”:
ensure => present,
host_name => “${fqdn}”,
notification_interval => 60,
flap_detection_enabled => 0,
service_description => “SSH”,
check_command => “check_ssh”,
use => “level5”,
target => “/etc/nagios/dynamic.cfg”;
}

So what does this do? Every client that connects to puppet creates these objects. However, they do not exist on the client in /etc/nagios/dynamic.cfg because the @ characters mark the resource as virtual and exported. So basically, each host creates its own nagios host object and two nagios service objects. As you can see, every host and service defaults to level5, the least important level. Now, the question becomes, how do we get these objects into nagios, and more specifically, how do we override the level parameter before writing out these objects?

In my nagiosmonitor.pp file, I have this:

class nagios-monitor inherits every-server
{
# If the dynamic file changes, restart nagios so it picks up the new definitions…
file {
“/etc/nagios/dynamic.cfg”:
mode => 644,
notify => Service[“nagios”];
}

# Collect/overwrite the service level used by a specific host and service…
Nagios_service <<| title == "hostname1_check_ssh" |>> {
use => level3
}

# Collect everything else, which will be staying at the default level5…
Nagios_host <<||>>
Nagios_service <<||>>
}

This looks a lot more complex than it really is. The <<| |>> bit is the collection operator, which makes virtual resources into real resources which will now be sent to the host. Since this is only in the nagios-monitor manifest, only nagios hosts will receive the file /etc/nagios/dynamic.cfg, which is what we want. Also, since nagios-monitor inherits every-server, it will create nagios_host and nagios_service objects for monitoring itself. Now, in between the pipes of the <<| |>> operator, one can specify attributes for which resource to realize. And after the <<| |>>, one can specify curly braces if one wishes to override any of the parameters in the resource. So, first, I realize a specific service, titled in everyserver.pp as a hostname and a check command. When I realize the check_ssh service on host hostname1, I bump its level from level5 to level3, making it a more important service in a simple one-liner. This can be repeated as many times as you wish, and is fairly easy to augment and maintain since it is so compact.

What follows this overwrite section is the collection process for all nagios hosts and services for which we are not overwriting any attributes. This is why the area between the pipes is empty. The result of these manifests is a file on the nagios servers named /etc/nagios/dynamic.conf which contains definitions for all hosts currently in puppet, and checks ping and ssh for all of those servers. The checks are all at level5, except for the check_ssh check running against the host hostname1, which will be at level3.

I have an insatiable need to charge my phone as quickly as possible. Sometimes I only have a few minutes to grab as many electrons as possible from someone’s wall outlet. Compiling a custom version of Android’s Gingerbread release has reduced my battery usage tremendously, but the battery still does die at some rather inconvenient times. So, it essentially comes down to needing more amperage applied directly to my phone. All of my wall chargers are well below one amp, and my USB3 ports only provide 900 milliamps, so how to get more than one amp flowing to my phone?

That’s when the thought hit me – use two chargers instead of one! So, using my external hard drive’s Y-cable, I came up with this:

After plugging them both into the wall, and my phone into the end of the cable, I heard a loud high-pitched squeal emanating from the larger of the two chargers. As it turns out, this is actually the weaker charger. Turns out the force of e alone is not enough to stop back-flow into the capacitors of the weaker transformer. Whoopsies. Guess that’s why they invented diodes…

allmybase was originally founded in an effort to document the failings of the worst system administrator I’ve ever witnessed. As a tribute to its humble beginnings, I managed to dig up a couple of the original posts and have republished them below. The original resource was password protected, so I have changed some of the details, including names and locations. You may find some of the following text disturbing if you work in Information Technology.

—–

Every once in a while, I like to stop by RAD’s office to ask to borrow things. It’s not that I actually need the things, it’s just that I miss his smiling face and warm, sunny personality from the days when he was my employer. Like the other day, I stopped by and asked if he could lend me a LAN cable. He was very professional and courteous as he explained to me that no, he does not, in fact, have a LAN cable he could spare to me. This was reasonable to me, because I guess the bright orange LAN cables hanging on the rack that I was standing next to didn’t ACTUALLY exist. Fair enough.

But the kicker came on Friday. I now work with the physics department, and the most novel thing has occurred… I ENJOY WORK!??!. So on Friday, we [the physics department] were relocating all of our servers out of a server room in Burchard 127 to another location across campus in the service center library basement. The reason, among others, was primarily for one purpose – to evade that which owns our base. We brought with us two label-makers to label the wires we were soon to install. After several hours, one label maker ran out of batteries, and the other out of label-tape. The batteries from one didn’t fit into the other, but alas, there was another label-maker in the Unix lab, back in the room in Burchard we came from. It’s a label maker that once had no idea how much trouble it would one day cause.

I figured rather than walk all the way to the lab to find out RAD took the label maker, I’d head off the pass and go straight to his office in Lieb 104. Knock, knock. No answer… which is no surprise. Oh well. I headed over to Burchard. There, in the back of the room, was RAD, a class C encounter (10-20 feet away, no vocal contact). Now, the Unix lab is divided into two sections, the public section, and the public section that’s temporarily closed (the private section). In the back of the closed section lives several shelves with computer supplies on them. Dividing these two sections is a bright orange cone. That may seem like a minor detail, but one day in the future, it will be the source of many laughs. I went into the back of the lab, where RAD was conversing with his current employee simply to grab the tools that belonged to me. This was starting to get intense, as this now qualified as a class B encounter (within 10 feet, still no verbal contact). I picked up my tools without incident, though, even managing to squeeze out a smile towards my favorite ex-boss. My current boss then called me to tell me to pick up a network switch that was left there. I started scanning the shelves for the switch in question. RAD feels the need to interject with a friendly, “Mr. Benjamin, I understand you used to work for this department, but you no longer do, and so now you are no longer allowed back here. Please go to the other side of the orange cone.” That was it… a class A encounter (within 10 feet, verbal contact made). I ignored him for a while, after all, I was on the phone with someone in a LOUD server room, it was hard to hear to begin with. Eventually, my boss on the phone found the switch, we had brought it with us to begin with. Oh well, not all was lost, for in my search, I found the label maker!! I grabbed the label maker and headed for the door.

If only I had made it out that door… RAD decided to give me the talk about how I’m not allowed back there anymore. How the physics department doesn’t belong back there, even though we have machines in the room. Makes hella sense to me. He demanded I return the label maker to him. Now, usually, I would have just ducked and run, but this wasn’t on my terms, he was the one in conversational power this time around. It happens when you’re just a lowly freshman criminal. So I returned the label maker, grabbed my tool set, and left. I was kind of ashamed with myself for giving in so easily. I returned to the library basement with no label-maker, and recounted my story. The funniest thing I then find out is that that label maker actually isn’t even RAD’s. It’s Belinda’s… the CS secretary. Email ensued the following week:

RAD:
It has come to my attention that you are in possession
of my label maker.
Please bring it to me as soon as you or someone else can.
Thanks,
Belinda

Nope….I have no idea who told you that one, but I do not have it.

Heck I do not even know where my groups label makers have gone to as I
found folks from physics raiding our supplies the other day.

-RAD

Funny how that works… RAD steals the label maker, yet I get blamed for it. Don’t you just love when it works out like that? Several days later, I would return the scene of the incident. All that was left of the label-maker is the broken memory of the day I experienced a full-on class A RAD encounter. So that’s that, I guess. Oh wait, what’s this? After I left, RAD had stuffed the label-maker into a server’s case in an effort to hide it from everyone. Guess it just goes to show the quality of the man’s word.

—–

Here’s a couple of emails that RAD had sent during my tenure:

Do either of you have an idea for a new .edu tld that we can register? I will let you in on my thoughts when I get in Friday.

Are you on crack???

Date: Mon, 19 Nov 2007 21:25:03 -0500
From: RAD
To: [The whole damn public IT mailing list]
Subject: Rose/Hable/Folgers H20 install

Greeting-
Please install more H2O in the cooler in L104.
-RAD

He not only misspelled my coworker’s last name, he also estimated that it takes 3 of us to replace a bottle of water, and he sent that email sitting not 10 feet away from the cooler in question.

Here’s another good one, in response to a Matlab question filed by a foreign exchange student in the math department:

Sounds like she needs to RTFM and learn how to use the tools she has chosen to use to open the .dvi files. If she is in a CS program and can not open them from the command line and must have point and click like a liberal arts student then that is a sad state of things. As you are well aware how a file browser tool opens files is under the complete control of the user and by reading the documentation she can modify the behaviour of Konqueror to tell it to spawn the proper program. I would refer both of you to the konqueror man page and the online help from the pull down menu.

The student in question would later file a complaint asking for nothing more than an apology – none was ever given.

RAD’s work ethic was questionable, at best. Here’s a post from one of my coworkers at the time:

—–

It was the middle of May last year, close to graduation. Elixer was in his office getting work done. Habel and I were in L104 getting work done. RAD wasn’t there. Habel left for some reason or another so I was alone in the office. It was around 3:00 when RAD walked through the door. He made some comment about needing to use the bathroom and went upstairs to the third floor. Around 3:25 he came back into the office and looked out the window.

“Mr. Toyota, I don’t want to scare you but this is tornado weather.”

I looked out the window. As most forecasts had predicted for the days leading up to this, there was a front moving in from the West bringing rain with it. Sure enough, it was starting to rain in Hoboken.

“Looks like rain to me,” I replied going back to my monitor.

“No. This isn’t just rain. This is tornado weather. We’re going to get a tornado and Brooklyn’s going to flood. I left my car parked on the street in Brooklyn. I have to go move my car.”

And he was out the door by 3:30.

—–

On my first day of work in this department, I was assigned a desk that was literally collapsed in the middle, unable to support its own weight. Instead of ordering a new desk, which you would think most managers would do, RAD made me go out into Hoboken and find pieces of scrap wood with which to support my desk by bolting them into the underside. Hard to believe, but not a single word of this is made up. I would testify in court to the validity of all of these stories. So… have any stories that can top these?

The allmybase.com domain name never actually belonged to me, it was registered by my old boss. We used it for a private blog amongst a small group of people. Then, when the subject matter stopped mattering, the site sort of dissolved. Until recently, I was using this domain name on long-team lease. That all changed last week, I am now the legal owner of this domain name! Expect some sweeping changes – and some actual updates – within the next couple of days!