my first opensource release : check_fortiadc

Sometimes, things don’t work out the way you plan.

I have wanted to contribute to opensource software for a long time, after all, I have been using it for many years now, and sometimes it just seems right to give back. But while I am good at quite a few things, I am not a developer, so you won’t be seeing beautiful bits of C from my hand anytime soon. (It’s on the list of things I want to learn).

However, recently the company I work for started using a previously unknown bit of kit (for us anyway), we do quite a lot with Fortigate firewalls, but this was our first go at the FortiADC loadbalancer. I got to try my hand at it, and after a few days of tinkering with it, we had a solid setup for a customer.

As part of any proper setup, you want to monitor whatever you use, and when dealing with Fortinet devices, you want to definitely monitor things like licenses. You do not want them to expire after all!

So, after looking high and low for a Nagios / Check_mk plugin for FortiADC, and not finding any, I decided to write one myself. I had to teach myself Python for it while writing it, great fun!

So, I present you with: check_fortiadc.py

daemontools on redhat enterprise 6.0

So, for a project I needed to get something running in order to insure memcached would keep on running. The (for me) natural choice for this was daemontools (0.76 at time of writing).

There are a couple of things you have to pay attention to, in order to get this going on RHEL 6. (and I suppose many other Linux distro’s)

Phase 1 – get the source and compile it

get the source tarball here (note: this might not be the current version anymore!) and download it to /usr/local/src

  • unpack it with tar -zvxf daemontools-0.76.tar.gz and cd into admin/daemontools-0.76.
  • edit src/conf-cc and add ‘-include /usr/include/errno.h’ at the end of the line. (anywhere is fine, really)
  • run package/install

this should give you the needed files in /command and an existing /service

Phase 2 – fixing startup

Daemontools requires a somewhat different approach to starting up then you might be used to. ( the most common way being /etc/init.d/<name>, and using chkconfig to influence when it starts). Daemontools should be started on boot, and init must be told to restart it when it dies. This ensures continued operation. The installer you ran in phase 1, took care of this by adding a line in /etc/inittab, but that’s an old method, and for the sake of continued operation (and working straight away) we’ll use the new method:

  • Remove the added line from /etc/inittab.
  • cd /etc/init
  • create a new file called svscan.conf, and put the following contents in:
start on runlevel [345]
respawn
exec /command/svscanboot

now, tell init, it should re-read it’s configuration, and then start svscanboot:

  • initctl reload-configuration
  • initctl start svscan

if you check now, you should see a happily running svscan, and daemontools is ready to kick some:

2676 ?        Ss     0:00 /bin/sh /command/svscanboot
2678 ?        S      0:00  \_ svscan /service

Enjoy! I hope this little post was helpful.

Spamassassin 2010 bug

Someone on IRC pointed me to this wonderful bug in Spamassassin, it’s easy to quickfix, but the fix itself will become a bug in 10 years, in any case, until they push an update that correctly fixes this:

##{ FH_DATE_PAST_20XX
header   FH_DATE_PAST_20XX      Date =~ /20[1-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX      The date is grossly in the future.

( meaning emails sent in 2010  will also trigger the scoring )

should be changed into:

##{ FH_DATE_PAST_20XX
header   FH_DATE_PAST_20XX      Date =~ /20[2-9][0-9]/ [if-unset: 2006]
describe FH_DATE_PAST_20XX      The date is grossly in the future.

Making it not a problem until we reach 2020 🙂

On my ubuntu box the rule is found in:

/usr/share/spamassassin/72_active.cf

Special thanks to Habbie for making me aware of the problem on IRC!

oh and by the way:

Happy New Year!

🙂

vmware ESXi

Vmware released it’s answer to Microsoft’s Hyper-V product today: a free to download and using 32MB diskspace of footprint Hypervisor.

This can only mean that the virtualisation market is gearing up for one heck of a competition run, maybe even a full-out war. Frankly, Vmware has the lead right now, they are market leader in this segment, and their products are currently second to none. As I mentioned in my earlier blogpost, Microsoft turned out what I consider an ‘unfinished’ product with Hyper-V, but the advantage is that it comes included with windows. On the other hand, Vmware is proven technology, something you want for virtualisation in a business setting, and Microsoft clearly has a couple of miles to go before they get to the level Vmware is at.

So, we have to wait and see how well either product family does. I’m betting on Vmware, quite simply because I’ve been using it for a while now, and it’s a very robust and mature solution. It’s fast, scalable and flexible, but the prices are kind of steep for a beginning business. On the other hand, prices are dropping fast, and each products competitive advantages are becoming more and more clear now.

[ad]

HP has clue, but not quite enough (yet)

I like HP servers. True enough, I like Supermicro better, but big companies tend not to like Supermicro due to the fact you have to assemble them yourself, and there’s no real support / SLA agreement possible with them (for now – I hear it’s in the works). Most people in the ISP world know however, that Supermicro is extremely reliable stuff, and priced extremely nicely.

Anyhow, I’m stuck with HP, which is not a bad platform to get stuck with to begin with. FreeBSD runs beautifully on it, but then you have to do without the insight manager agents, the same deal applies when you run Ubuntu. Centos 4 and 5 are a breeze, just edit /etc/redhat-release so it reflects a RedHat version of Enterprise Server, and install the software like you normaly do.

One thing I seriously dislike however, is that when I run Ubuntu or FreeBSD on a HP box, my monitoring capabilities drop to almost zero. With RedHat or Centos I can monitor through the insight manager agents (who hook into SNMP), and use the nagios check_compaq_insight.pl, and as soon as something breaks: I get paged. With FreeBSD (and ubuntu) that seems completely impossible. My last attempt on an Ubuntu box to install those agents resulted in some very serious library problems, because the installer auto-installed some distro-specific rpm’s. That showed me who’s boss. (not!).

Anyhow, during my daily stroll at the Nagios Exchange I noticed a plugin that I hadn’t noticed before: check_ilo2_health. This is a great little plugin written in Perl. Instead of the old: talk to snmpd approach, this little bugger talks directly to the ilo2 interface (ilo/il01 won’t work), and more specifically: it’s XML interface.

wait. did you say XML interface?

Yup, the ILO2 sports a nice new XML interface, with which you can communicate. HP even provides a bunch of examples on how to talk shop with it. Nice hey?

Now I thought, did HP actually put everything you can monitor with the insight agents into the ILO2 and make it accessible with XML?

Unfortunatly: no. (yes, that was quite disappointing).

You can get quite a bit of useful information through the XML interface, including the speed of the fans, temperature readings from all the internal sensors. You can even configure a lot of things, like users and IP settings through it. You can even upgrade the ILO2 firmware through the XML interface. But nothing on RAID status, rebuild status, etc. I tried this against a brand spanking new DL380 G5, so if it doesn’t work there, it won’t work anywhere.

If anyone at HP reads this: please extend the ILO2 so everything is accessible through it’s XML interface. That saves us a lot of trouble of trying to get those agents installed on other operating systems. FreeBSD is too good an OS to ignore, even for an OEM as big as you. (and you don’t, judging from this news-snippet (PDF)). So either open up the XML interface more, or provide us with insight manager agents for FreeBSD. (I would be more then happy to help with testing).

[ad]

busy

I haven’t gotten around to posting here much, due to being very busy at work. We just finished the physical move to a new data centre (we used to house at PSI / Shuberg Philis), now we have a  nice 60m2 cage at easynet.

We had some problems with a power outage at the office, which oddly enough also affected  our network at easynet (spanning-tree … gotta love it *sigh*). And off course, the day to day operations and work kept us very busy.

Also, as some of you may know, my wife is pregnant, and though everything is going just fine with the baby, it’s very very rough on my wife. She’s now under permanent supervision from the Gynaecologist, which normally doesn’t  happen. ( most people here in the Netherlands give birth at home, with a midwife present).

We’re now in the last 4 weeks of the pregnancy, so the next time I post here, I will probably announcing the birth of our baby girl, and we will be the proud holders of those most wonderful of titles: “Mom” and “Dad’. 🙂

So, that’s it for now.

goodbye…

Today we said goodbye to our old manager, it’s sad to see him go, but his ideas just didn’t match with the direction the company is going. I think he found a spot where he’s going to be much more happy now. Still, we’re going to miss him. He’s got great ideas, and he’s a good manager, not too much meetings, and he pretty much lets us techies decide matters. He listens, and that is not exactly a commodity.

We’ve given him an XBox 360 as a farewell present, he wanted one of those, and now he’s got 3 weeks to play with it 🙂