2009-02-10

How to Force Collection of Interface Stats in NMIS

So today I figured out how to explicitly set an interface alias in NMIS. We have a Force10 C300 switch and NMIS was able to discover all the interfaces via SNMP just fine. The problem was that NMIS is configured to only collect information from interfaces that have the description set. Even though we set the description on our interfaces, for some reason it wasn't treating it the same way as, for instance, a Cisco switch. In any case, after a few minutes of reading the documentation I figured out that the NMIS author already thought of this potential problem and supplied a work-around. It's called sysInterface. Basically, you populate a tab-delimited CSV file with entries like this:

# THE FIRST LINE NON COMMENT IS THE HEADER LINE AND REQUIRED

Description Node Overwrite_Description ifIndex ifSpeed
192.168.0.1 ^f10-c300$ 1 100975616 null
192.168.0.2 ^f10-c300$ 1 107529216 null


So the node is a regular expression of the switch (or router or whatever) you want it to act on, as is the ifIndex. I just snmpwalked the switch to figure out all the indexes and came out with a list of switch port numbers (like GigabitEthernet 0/0) and OID indexes. Then I cross-referenced that with another list I had with the switch port numbers and the host IP address to come up with the final CSV. The Overwrite_Description field is a boolean, set it to 1 (or maybe even true, I haven't tried that) and it will activate the interface description overrride. Leave ifSpeed blank (or null rather) as it will just get the correct value from SNMP. Also, if you don't have the list of host names or IP addresses you want to use for the Description field, just use the keyword ifDescr and it will just copy whatever the "hardware label" is (that's like GigabitEthernet 0/0 or whatever).

So once you do that, you just run nmis.pl type=update debug=true and you should see the overwritten ifAliases and collect will be forced to true. Yay.

2009-02-04

Updating MySQL Passwords When Using old_passwords

So I learned this awhile back but forgot tonight while making a change on a production system. No real harm, just broke the site for a couple minutes while I quickly scanned through the MySQL documentation. Here's the scenario:

MySQL version 4.1
PHP version 5.2.5

We had some legacy PHP code that required us to use the old_passwords option in my.cnf. Instead of upgrading all our code to use 32-bit password hashes we just enabled old_passwords instead. Yes, this is more insecure, but I have to pick my battles.

Anyway, what happened tonight was that I needed to update the mysql password for one of our applications that was configured to use 16-bit hashes (the old password format). I issued this:

UPDATE mysql.user SET Password = PASSWORD('SomeUnguessablePassword') where User = 'galileo';

This updated the password for that user, but the application broke. I tried connecting to it from the MySQL client and it failed. I'm not sure why I thought of the old password format at that point...call it a stroke of good luck...but I quickly searched for old_passwords in the MySQL documentation and was reminded of the OLD_PASSWORD() function. So I then issued the following:

UPDATE mysql.user SET Password = OLD_PASSWORD('SomeUnguessablePassword') where User = 'galileo';

And voila! We were back in business.

One tip for those that are changing passwords and want an easy way to backout (this is mostly for the noobs). SELECT the current password from the user table and have this query ready just in case something breaks.

UPDATE mysql.user SET Password = '77da416361d244c3' where User = 'galileo';

Using the hashed password you got previously of course. That way, even if you didn't know what the plain text password was you could still revert back.

2009-02-03

Rewriting URLs on the Citrix Netscaler

So today I had the task of setting up a failover configuration for our email deployment server, affectionately known as "Strongbad".

We created a VM to function as the failover server, but in order to get things to work we needed to modify the URL to capture the entire path and pass it as a value to a PHP script. For instance, the URL the user would click on would look like:

http://strongbad.company.com/track?type=click&mailingid=42&messageid=42&databaseid=test&serial=20090203&emailid=sb@strongbad.com&userid=1&extra=&&&2004&&&http://tracking.company.com/account/listings/?emailUserId=42

If the Strongbad box were to become unavailable, we want the VM to step in. There is a script called strongbad_redirect.php and to simplify things we're just passing the original path directly to this script. The script takes care of parsing out the data and redirecting the user to the appropriate page.

The pertinent lines in the Netscaler are:

add rewrite action act_sbad_req_rewrite insert_before HTTP.REQ.URL.PATH.GET(1) "\"strongbad_redirect.php?\""



add rewrite policy pol_sbad_rewrite "HTTP.REQ.HOSTNAME.SERVER.EQ(\"strongbad.company.com\")" act_sbad_req_rewrite



bind lb vserver mail1 -policyName pol_sbad_rewrite -priority 100 -gotoPriorityExpression END -type REQUEST
Slice and Dice with awk

Just learned a new way to slice and dice a text file. So say you have a file that's 1 million lines long, but you only want to see lines 234567 to 300000. You can use awk to only print out those lines.

awk '{ if (NR >234567 && NR<300000) { print $0; }}' bigfile.txt > bigfile-sliced.txt