Archive for May, 2024

All Debian Linux package repository apt sources.list file for Debian versions 6, 7, 8, 9, 10, 11 and 12

Friday, May 31st, 2024

debian-package-management-repositories-for-all-distributions

If you have to administrate legacy Debian servers, that keeps hanging either for historical reasons or just because you didn't have time to upgrade it up to latest versions, machines that are hanging in the hangar or a mid office building Old server room, doing nothing but simply NAT (Network Address Translation), Proxying, serving  traffic via Squid / Haproxy / Apache / Varnish or Nginx server but you still want to have the possibility to extend the OS even though it is out of date / End of Life reached and out of support as well as perhaps full of security holes, but due to its unvisibility on the Internet hanging in a Demilitarized network the machine stayed on the Local (DMZ)-ed network and still for example you need to install simple things for administration reasons locally on the machine, for example nmap or netcat or some of the network tools for monitoring such as iftop or iptraf etc. you might find out unfortunately that this is not possible anymore, because the configured /etc/apt/sources.list repository mirror is no longer available at its URL. Thus to restore the functioning of apt and apt-get pkg management tools on Debian you need to correct the broken missing package mirrors due to resructurings on the network with a correct ones, originally provided by Debian or eventually if this doesn't work a possible Debian package archive URL. 

In this article, I'll simply provide such URLs you might use to correct your no longer functioning package manager due to package repositoriy unavailibility, below are the URLs (most of which that should be working as of year 2024). To resolve the issues edit and place the correct Debian version you're using.

1. Check the version of the Debian Linux

# cat /etc/debian_version


or use the universal way to check the linux OS, that should be working on almost all Linux distributions

# cat /etc/issue
Debian GNU/Linux 9 \n \l

2. Modify /etc/apt/sources.list and place URL according to Debian distro version

# vim /etc/apt/sources.list


3. Repositories URL list Original and Archived for .deb packages according to Debian distro release
Debian 6 (Wheezy)

Original repostiroes (Not Available and Not working anymore as of year 2024)

 

Old Archived .deb repository for 6 Squeeze

deb http://archive.debian.org/debian squeeze main
deb http://archive.debian.org/debian squeeze-lts main


​Debian 7 (Wheezy)

Original repostiroes (Not Available and Not working anymore as of year 2024)

Old Archived .deb repository for Jessie (still working as of 2024) :

deb http://archive.debian.org/debian wheezy main contrib non-free
deb http://archive.debian.org/debian-security wheezy/updates main

( Security updates are not provided anymore.)

NOTE:  If you get an error about keyrings, just install it
 

# apt-get install debian-archive-keyring


Debian 8 (Jessie)
Original .deb package repository with non-free included for Debian 8 "Jessie"

deb http://deb.debian.org/debian/ jessie main contrib non-free
deb http://ftp.debian.org/debian/ jessie-updates main contrib
deb http://security.debian.org/ jessie/updates main contrib non-free

Old Archived .deb repository for 8 Jessie (still working as of 2024):

deb http://archive.debian.org/debian/ jessie main non-free contrib
deb-src http://archive.debian.org/debian/ jessie main non-free contrib
deb http://archive.debian.org/debian-security/ jessie/updates main non-free contrib
deb-src http://archive.debian.org/debian-security/ jessie/updates main non-free contrib

 

# echo "Acquire::Check-Valid-Until false;" | tee -a /etc/apt/apt.conf.d/10-nocheckvalid

# apt-get update

# apt-get update && apt-get upgrade

 

 If you need backports, first be warned that these are archived and no longer being updated; they may have security bugs or other major issues. They are not supported in any way.

deb http://archive.debian.org/debian/ jessie-backports main


Debian 9 (Stretch)
Original .deb package repository with non-free included for Debian 9 "Stretch":

 

deb http://deb.debian.org/debian/ stretch main contrib non-free
deb http://deb.debian.org/debian/ stretch-updates main contrib non-free
deb http://security.debian.org/ stretch/updates main contrib non-free

Archived old repository .deb for Stretch :

deb http://archive.debian.org/debian/ stretch main contrib non-free
deb http://archive.debian.org/debian/ stretch-proposed-updates main contrib non-free
deb http://archive.debian.org/debian-security stretch/updates main contrib non-free


Debian 10 (Buster)
Origian repository URL:

deb http://deb.debian.org/debian/ buster main non-free contrib
deb http://deb.debian.org/debian/ buster-updates main non-free contrib
deb http://security.debian.org/ buster/updates main non-free contrib

 

Fixing unworking backports for Debian 10 Buster


Change the /etc/apt/sources.list URL with this one

deb http://archive.debian.org/debian buster-backports main contrib non-free


If you want to list packages installed via the backports repository only, that needs to be replaced with newer versions (if such available from the repository)

# apt list –installed | grep backports
# dpkg –list | grep bpo
# dpkg –list | grep -E '^ii.*bpo.*'

ii  libpopt0:amd64                        1.18-2                         amd64        lib for parsing cmdline parameters
ii  libuutil3linux                        2.0.3-9~bpo10+1                amd64        Solaris userland utility library for Linux
ii  libzfs4linux                          2.0.3-9~bpo10+1                amd64        OpenZFS filesystem library for Linux


Debian 11 (Bullseye)
Origianl repository address:

deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian bullseye-updates main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main contrib non-free

Debian 12 (Bookworm)
Original Repository :

 

deb http://deb.debian.org/debian bookworm main contrib non-free-firmware non-free
deb http://deb.debian.org/debian bookworm-updates main contrib non-free-firmware non-free
deb http://security.debian.org/debian-security bookworm-security main contrib non-free-firmware non-free

Add Backports to sources.list

deb http://deb.debian.org/debian bookworm-backports main


Thats all, hopefully that would help some sysadmin out there. Enjoy !

How to view WIFI Passwords for Profile from command line with netsh on Windows 10

Wednesday, May 29th, 2024

how-to-find-out-your-wifi-password-on-windows-10

The common way, if you have connected to a Wireless Network Access Point and saved the password in Windows is to view the password via Windows GUI interface, via menus following few easy steps:

1. Settings -> Network and Internet -> Network and Sharing Center

network-and-sharing-center
2. Click on (Wifi Network name) for which you need password and 
3. In View your active networks section

select-wifi
4. When the Wi-Fi network status window opens, click Wireless Properties

wireless-properties
5. Move to the Security Tab and check the checkbox, next to "Show Characters" to view the network password.

show-wifi-password-windows-10
 

Nevertheless as a system administrator you might have wondered, how you can easily review in plain text Saved Wireless Networks Wi-FI passwords, without using the Graphical Interface via a direct command line cmd.exe?
Such thing is helpful on maintaining multiple Windows 10 hosts, especially if you have a telnet or SSH remote administration enabled or you have a domain of PCs.
To do so open cmd.exe command prompt and run:

C:\Users> netsh

netsh>wlan show profile

Profiles on interface Wi-Fi:

Group policy profiles (read only)
———————————

User profiles
————-
All User Profile : WIFI_Pofile-name
All User Profile: Hotel stage 2
All User Profile: Home Wifi
All User Profile: HP_Custom

Now lets review the clear text password of the profile from netsh console:

netsh>wlan show profile "WIFI_Pofile-name" key=clear

Profile WIFI_Pofile-name on interface Wi-Fi:
===================================================

Applied: All User Profile

Profile information
——————-
Version : 1
Type : Wireless LAN
Name : WIFI_Pofile-name
Control options :
Connection mode : Connect automatically
Network broadcast : Connect only if this network is broadcasting
AutoSwitch : Do not switch to other networks
MAC Randomization : Disabled

Connectivity settings
———————
Number of SSIDs : 1
SSID name : "WIFI_Pofile-name"
Network type : Infrastructure
Radio type : [ Any Radio Type ]
Vendor extension : Not present

Security settings
—————–
Authentication : WPA2-Personal
Cipher : CCMP
Authentication : WPA2-Personal
Cipher : GCMP
Security key : Present
Key Content : Very-secret-password-for-WIFI-plain-text

TADADAM !

We see the password key text Saved WIFI Passwords plain text !

Note that sometimes, if you have a Hidden Wifi Network the command to use to reveal the plain text password with netsh would be:

C:\Users> netsh wlan show profile "name=SSID hidden WiFi Net" key=clear


This trick is very much used today by "hackers" e.g. script kiddies, who break up into others windows.
It is also useful if you want to have a quick way to review plain text passwords for WIFI accounts with organization, lets say if you're a security expert and doing some kind of periodic Security audits within a corporation on multiple Domain attached computers.

Thanks to Martin Petrov (Amridikon) for his trick as I've learned first time from his blog https://mpetrov.net, which is full of many computer geek goodies stuff.

Of course this approach can be easily scripted with a short PowerShell script:
 

netsh wlan show profile |
    Select-String '(?<=All User Profile\s+:\s).+' |
    ForEach-Object {
        $wlan = $_.Matches.Value
        $passw = netsh wlan show profile $wlan key=clear |
            Select-String '(?<=Key Content\s+:\s).+'

        [pscustomobject]@{
            Name     = $wlan
            Password = $passw.Matches.Value
        }
    }

 

If you need the script View-all-wifi-passwords-plaintext-windows10.ps1 to reuse it download it from here.
 

Windows-WiFi-PasswordRevealer-ScreenShot
There is also some freeware tools online which can help you reveal passwords, saving you any typing, that might be useful if you want to delegate the task to a non-sysadmin user, you can simply point him and ask him to install a GUI Win tool like Wifi Password revealer (that makes showing plain text passwords piece of cake) and let user reveal his passwords for himself, if needs the password to share it to a colleague 🙂
That's all folks, Happy hacking !

How to run multiple processes in parallel with xargs

Wednesday, May 29th, 2024

In our company there is a legacy application which developers run in multiple consoles launching its in intedependent components together in different consoles by simply running each component, the question comes then how this can be scripted so no waste of people is done to manually run the different componets from different parallel consoles. To achive the run in parallel of the multiple programs in parallel and background it with xargs and eval (integrated bash command) in Linux from a single script you can use a simple one liner like in the example.

#run in parallel
xargs -P <n> allows you to run <n> commands in parallel.
time xargs -P 3 -I {} sh -c 'eval "$1"' – {} <<'EOF'
program1; sleep 1; echo 1
program2 ; sleep 2; echo 2
program3; sleep 3; echo 3
echo 4
EOF

You can attune the delay up to the exact requirements or completely remove it and the multi run script is ready, enjoy.

Our baby Ekaterina becomes 6 months on 17 of May, 5 days after our boy Dimitar become 4 years. Sum it up my year 2023 experience, lessons learned.

Friday, May 17th, 2024

Our baby Ekaterina becomes 6 months on 17 of May, 5 days after our boy Dimitar become 4 years. Sum it up my year 2023 lessons learned.

This article is a bit late in time but I started writing it quite a long time ago in the beginning of 2024.
But as my various duties as a husband, employee, a volunteer in the Church and computer hobbyist as well as the attempts to still keep up some normality with all the stressful kind of wife that is in the large cities as Sofia.
I could post it just today and what has reminded me is simply our daughter Ekaterina has a half birthday today.
Below I'll pinpoint some important things that happened through the year, starting with a harsh and gloomy Intro 

A bit of Overview, things globally seem to be worsening

Life is ticking fast. Life is more boring than thought. Finding a cell people to hang on around is a difficult and almost impossible task. Real People are becoming less and less. Consumerism is already the only thing that matters for most people.

Love between people (unconditional love) is almost gone. Money are the ones dictating what people should do. No real communities anymore exists (COVID-19) has messed up the heads of people.
Christianity is severily partitioned as schisms are seen to plague even the True Christian faith of Eastern Orthodoxy, a hidden persecution against the true pastors is ongoing in many orthodox Churches. War in Ukraine a total disaster for everyone. Politicians as usual using Church to force their own agenda lead by territory and monetary interests. There is a brutal onging economic crisis turmouling the world noone speaks seriosly about. The usual work duties requirements are increasing but sallary payments decreasins.Life expenses are gradually raising as the World Economic Crisis is firing.

People who has suffered COVID numerous times has certainly bad effects on health, many people who have survived COVID and the rest of numerous viruses that has hit us over the past had worsened vision and hearing.

The Artificial Intelligence (AI) starts to kicks and puts even more mess in the already messy world especially as it is some kind of another marketing baloon similar to the WWW Domains business baloon. The AI such as ChatGPT, WormGPT, Google Bard said to outsmart our professions (though the facts are still not encouraging enough as the Hype is great, plus the results with collaboration with AI seems to not be fact proof enough yet). The Rapid evolution of technologies has put many moral dilemas and life is becoming harder to bear as the stress of using techonlogies and the higher expectations by humans and their constant requirement to collaborate with technologies (Smart Phone, Tablets Computers, ATMs, Terminals, Cars, Banks, Cards, Virtual currencies and complex systems which claim to simplify life of man makes the human body more fragile sick.

The lack of good and ecologically brew food is also a great factor, as most people who live in large cities eats mostly industrial quality food (and there is no real way to find out whether a food is really ecological even if it is sold as such). In Todays more and more tech inter connected world between People noone can live a normal private life (as often our datas shared on line are leaked to hacker groups after a resource or system is hacked), that poses a number of other challenages and dangers.
Privacy has also become almost impossible task, as we don't have a real or full knowledge on how much of our data seen or processed on our phones is staying at our side and how much shared with Security agencies such as CIA, Musad and KGB etc.

Everything is steering us Camares, Phones, Photos, Social Networks and loneliness is often felt so real. 
Most people living in economic slavery, even though doesn't really even recognize the cell they live in due to the smartphones and many virtual false options given. Complexity of life is increasing as one should have too much skills to manage even simple tasks. Lack of people to fill in open gaps about professions and work, same time generally not too much work capacity or willingness to do people is also a great of issue.

The world is more and more starting to look like it is described in anti-utopias books like Brave new World, 1984, Animal Farm.

Even though this hardships and birth pains, that are typically described by Saint Evangelist John in the Book of Reveleation,


The Birth of Ekaterina on 17th November 2023 another hope for the World


With every new kid coming to this earth it is a God blessing for everyone and another oportunity for individuals to grow and raise another meaningful person, that might make the world a little bit of a better place. Even though today is scary to have a kid because of the harsh situation, it is better to stay helpful for the best and share the joy to have second kid born.

i'm happy for God blessed me with second child a baby Ekaterina born on 17 of November 2023.

https://www.pc-freak.net/images/Snimka_izpisvane_Ekaterina-S_Vasko-Kolev-i-Mitko-Ivanov.jpg
Day of Discharge of the Sheinovo Child Birth Hospital, Sofia with Little Baby Ekaterina

During birth Baby Ekaterina was born around 3300 gr of weight, thanksfully the birth of wife was a natural birth. But sadly I had to in parallel take care about the other kid Dimitar, (since he did not attend the Kindergarden for some time), Clean up the house and prepare everything for the acceptance at home of new baby, and buy threats to treat multitude of people who are close and nearby. I'm thankful to Vasil Kolev and Mitko for attending the Official hospital Discharge.

Sheinovo-s-Vasko-Ekaterina-Dimi-i-Svetlana

Dimi-s-Ekaterina

Below is another picture of the now grown baby Ekaterina 4 months later for a one day trip to Balchik (sea resort) near my home city Dobrich

Ekaterina-na-4-Meseca
 

Exactly today on 17th of May 2024 on the feast day of Saint Nicolas (New Martyr of Sofia)  and the feast of Gathering of Bataks New Martyrs (we have been in the Batak basilica of the martyrdom, during Svetlana was pregnant with the baby).  Ekaterina becomes exactly 6 months she is a very lively baby in the moment she had some temporature and on a baby antibiotics but her overall look and development looks very good thankfully !

During this year personally review the 2023, Helped as Alter server (ipodeacon) in the Holy Liturgies in Saint George (Dyrvenica) https://www.svgeorgi.com as a ipodeacon, on many services, together with Archimandrite Father Flavian.
Summery time i was able to Visited many monasteries nearby

Sofia with Father Flavian. Just to name a few of the multitude of monasteries visited, The 7 Thrones, Praveshki Monastery Saint Teodor Tiron, Seslavski Monastery near Sofia, Saint Petka (near Bankia), Etropolski Monastery, Rilski Monastery, Troyan Monastery, German Monastery, Kremikovski monastery, Glozhenski monastery, Tetevensky monastery Saint Ilija Travelled to Teteven and many others.
Just for reference the monasteries and holy places one could visit in Bulgaria are thousands and this makes the country quite interesting to travel around. The high spirituality which the nation had in the past has left a lot of spiritual inheritance for us. Which however nowadays, we do not value and protect …

Has visited multiple times, monastery of Saint Marina situated near village of Krumovo in between Dobrich and Varna. Also visited Ahtopol (i won't say i'm too impressed – maybe i was in the wrong season and with a pregnant woman) and Tsarevo, Pomorie and Nessebar (for the Feast of Dormition of Holy Theotokos).

To speak the truth has been a heavy and hard year a lot of spiritual sorrow, sicknesses and lack of direction, internal family problems between me wife, my nerves totally strained and I have no clear direction as eyes sems to be deteriorating and I often though about leaving it all behind and going to a monastery. Quite disappointed from the realities I've seen. Bulgaria is very beautiful country but everything seemed too messed … 

Also i've had too many temptations, drived a lot our old minivan KIA Carens 2006, which helped me to significantly increase my car driving habits, and hopefully now I become a better driver .
Middle of May had to pay car taxes and expenses in SDI, paid for standard Vignette starting from June as prior year.

Tried to read my prayers daily Morning and Evening prayers + (rule), that turned to be much harder than thought as it takes up to 30 minutes morning and 1 hour evening times (with some of the additional prayers I try to keep).
Also had been blessed to be able to receive the Holy Communion many, many, many times.

Tried to bring the Kid Dimitar regularly on a Church services in Holy Trinity Church (the Slatina (an ex-village) and Sofia district main temple), situated 10 minutes from Svetlostruy where we live currently, as well as bring him to Dyrvenica regulary, and thanksfully he also took part in Christ misteries for many, many times throughout the year.

Spend and I have to say perhaps lost a lot of time hanging with Alexander (The singer), drinking beers – that was a bad idea but as this helped me a bit to get away my focus from sad stuff and cheer me up, it had a positive effect as well. Health, seems to be critical, especially with the high stresses I experienced before and near birth of our daughter Ekaterina. I was also heavily involved in taking care for our kid who is now 3.8 years next year 12 of May to become 4 years. 

Also I sung a lot on services as a main singer mainly Evening services as often due to the lack of people to sing the service there is necessity to sing services, sing also a few times a Holy Liturgy and as usual sung every Monday and Friday for the Sanctification of Waters and on a Akathist prayer to the Holy Theotokos (Mother of God). Lately don't have enough time to read too much books.
My Work computer notebook (failed to apply) Windows Updates shipped by WL and I've been sent a new laptop which came early 2024. Exchanging work computer due to failing update is funny and absurd but I survived this one too …
In the begining of 2024, our beloved colleague Dimitar Paskalev has left our team in Worldline and that also one of the hardships, we have to bear an extra amount of things to do when he is gone as he is an excellent system administrator, programmer and business consultant consultant.

People's knowledge thought increasing makes things hard to be fixed more and more. As finding a solution becomes more expensive or sometimes impossible to resolve software issues on a hardware that cannot be tracked it is way easier to simply exchange the hardware. Same is true nowadays for both computers, cars and pretty much everything. If it breaks don't fix it but exchange it with a new, that seems to be valid more and more.

This is product of hardcore consumerism society, we humanity turned out and this is going to destroy the planet obsiously but seems noone really cares, even with the International Summits for reduce of Emitions etc., i'm pretty convinced from what I see is done that is just a pure marketing for countries as well as simple populism.
 Ecology is something people has to seriously think about though, because the life style with driving cars everything as we did and hyper consumption is destructional for both people, environment (nature), animals, this is pretty clear observing how the natural environments gets destroed more and more due to conustruction works and industrial waste etc.

The news read about Ukraine and Israel has been mostly troubling and together with the techonlogization and degradation of Society has convinced me the hope for this world is almost gone. Doesn't look like there is any "Road Ahead" as some "visionaries" are foreseeing (i'm talking about the insane book of Bill Gates, called the "Road Ahead", which is picturing a great future with a lot of developments due to technology (what a blatant non-sense). It seems what we observe is starting to become quite opposite to Bill Gates, Ilon Musk and the rest of "visionaire" idols of the world visions as all is falling apart more and more and unresolvable issues are much more.


The technological enslavement of people has been continuing, though it has been presenting as this is making people much more free and happy, it is exactly the opposite, prople become more and more dependent on technology and on the road to become a subordinates of technology than controillers.
 Most young people are suffering completely of addictions to technology, has very low literacy and I'm noticing most of teenagers couldn't properly express themselves, quite sadding. A lot of young people seeing the sad reality are turning to sub-culture, just like it was in the end of 1990s but the difference is now, people are separated each one hanging in his tech device and community across the common problem of isolation of the individual, that was sharing and communing with others is not really too much possible in the 21 century.

Many good peoples in the Church has passed away, I've suffered a lot during the summer from the heat, hardly beated. After the COVID seems to have passed through a long COVID and some depressions, which I don''t know whether managed to deal with even now, the Church has helped a lot to keep on track as feelings were overwhelming, most likely due to the nightmare war between orthodox Russia and Ukraine (remember The Gospel says it God''s punishment becomes from his own people). We Bulgarians are at mind wars, as some people take Russia's' positions and others Ukraine (Pro and Anti-Russian attitudes) prevail, everywhere. The same is I guess among all ex-USSR countries The Patriarch Neofit become quite sick. In terms of Work the first part of Year up to end of Summer has been more heavy, but mainly stress at work is not from work complexity but the messiness in the Company Worldline.
In end of Autumn passed all required company trainings. Tried also to blog as regularly as I could but blogging is becoming harder and harder task, as my eyes degrades. Tried to play some Arcades as that has been funny for me but nowadays don't have too much of a free time to play on the handheld consoles. Life in Sofia is quite heavy as distances are putting its toll ((though there is pretty much everyhing) the amount of stress is destructionary for the personality.

I did not have much of achievements this year at work but I guess with years, the energy of person is reducing (just like the motivation due to the messy stuff that is unvailing in the world). With age seems one can do less and less except if he is not some kind of mania mode.
Also the lack of recognition for what is done at work and the type of Corporate stuff that is mostly like a (Social) Socialist company, makes one to be not much motivated to complete much, the other issue is it seems times ticks too fast (just as Christ says in the Gospel because of lawfulness of people, time will be shortened this prophecy seems to be fulfilling and for those who can see it they can see how time reduces and one can do much less than he could some years ago).  Days are flying quickly. There are too many experienes all the time and due to information overburn, the mind becomes very unfocused.
Having any even simple kind of focus becomes a luxury nowadays, as we''re bombarded from everywhere with false preaches of advertisement and people's idea and stereotypes of the world.

I remeber about my youth and how simple we lived with my grand parents, and how much happiness was in that and compare to noaways over-stressed and complex world and often, miss that old times (that even though) physically harsh has been much more graceful than today.

In terms of technology I have the desire to go out of the Technological slavery but for that you need to have a co-minded person ( wife), which agrees to live a more simple wife, which i don't have in the moment.

Why I saw technological slavery, well it is what it is, in the past technology was really making the life of one easier and even today, many technologies are doing so. However being online 10 to 12 hours a day is no longer a conforting, especially if about 6 to 8 hours of your midful time is to be hired at work and stay on a chair in front of the computer and to do complex mind stuff, that after 10-15 to 20 years, destroys the psyche and the body .

Being intelligent is also a big problem in the 21 century as you see much more of the usual people and you see most interactions between people are simply manipulative and dictated by the desire to attain something.
The communication between most people is based on "receive" as much as you could and give out as little as possible and on the principle of always do gain in everything.  People do things to receive and not to give including me … that is totally the opposite of the teaching of Christ who says "It is more blessed to give, than to take".

About entertainment for the year was mostly traveling and going for a Night dinners in Emilian with Angel, Alexander and gathering together with Vasil Kolev (A researcher in the Bulgarian Academy of Science BAN, specalist in the field of Frequencies and Signals) and a very good Christian and man who helped a lot together with Emilian and Angel.
Perhaps part of the entertainment was our after-work stuff we did with Dimitar Paskalev and Georgi Stoyanov which was more happening in beginning of 2023 and has deteoriated as I had a lot of personal issues and did not have enough time to do computer stuff together after work.

Silvia also helped me a lot with the kid, as I needed help, and suffered with informational and physical overload, perhaps that is common for those with kids.

As said we got born our second baby who my wife decided to name Ekatherina after Saint Ekatherina (St. Catherine of Alexandria), a good selection for name as saint Ekatherina is a great woman martyr saint I love much and that helped me in hardships many times.

Have to say, i am very sad that I don't see people to love each massively, this has to be endured but it is hard. Also I feel sad I can't do much my to change the world for better both by work and action and my weak prayers. 
Near end of year I had severe pain and left leg inflamation, after having a multtiude of health disturbances in parallel with the pregnancy of Svetlana. Also often i feel very disconnected from everything, perhaps I'm seeing much harsh reality than expected and being raised more or less in the spirit of idealism  it is really hard to accept the reality as it is. Also with the aging it is a common and well known fact that we become much less flexible as in the youth age past.
Thanks God the year has passed and in the new year 2024, I hope for the best as everyone but as the monks say Spiritual life is based on  the two columns of "Ora" and "Labora" = Work and Prayer, so the coming year depends heavily on my perseverance to do this two and of course follow God's main commandments love God with all my heart and all my being and love my neighbor as myself !

One very notable event to say is early in 2024 Metropolitan JOANIKIJ (Joanichius) of Sliven has passed to Christ aged 82 on 9 of January (The day on which passed my beloved grandather Marin passed away),  This year it turned 20 years since my beloved grandfather Marin has passed. He used to be a man of honor and goodness that was rare for the 20th century and he is among main persons for example to follow the good path of helping everyone and love everyone.

Let God have mercy on his soul and receive him in Heaven.The brother of Patriarch of Bulgaria Neofitos (The Proto-Psalt and director of the Cathedral Choire of Saint Alexander Nevsky Proto-Psalt Dimitar passed) as well as a lady called Violeta who was helping in Holy Trinity Church and suffering multiple diseases passed to Christ.

Patriarch-Neofit-of-Bulgaria-mourning-the-good-patriarch-of-the-Bulgarian-Church

Soon after our beloved Metropolitan of Sofia and Patriarch Neofit passed away to Christ as well followed by a very sad period of 40 days of moruning ,after his passing as he was the head of the Bulgarian Orthodox Church and has been a true monk, everyone in Bulgaria loved too much – see a biography short article about this great person and perhaps saint of new times here.

To close this article as it could be much, much more lenghtly I can only say.

Thanks God for the 2023 and Lord Jesus Christ have mercy on us the Sinners for the upcoming 2024 !

Haproxy Enable / Disable Application backend server configured to roundrobin in emergency case via haproxy socket command

Thursday, May 2nd, 2024

haproxy-stats-socket

Haproxy LB backend BACKEND_ROUNDROBIN are configured to roundrobin with check health check port  (check port 33333).
For example letsa say haproxy server is running with a haproxy_roundrobin.cfg like this one.

Under some circumstances however if check port TCP 33333 is UP, but behind 1 or more of Application that is providing the resources to customers misbehaves ,
(app-server1, app-server2, app-server3, app-server4) members , Load Balancer cannot know this, because traffic routing decision is made based on Echo port.

One example scenario when this can happen is if Application server has issue with connectivity towards Database hosts:
(db-host1, db-host2, db-host3, db-host4)

If this happens 25% of traffic might still get balanced to broken Application server. If such scenario happens during OnCall and this is identified as problem,
work around would be to temporary disable the misbehaving App servers member from the 4 configured roundrobin pairs in haproxyproduction.cfg :

For example if app-server3 App node is identified as failing and 25% via LB is lost, to resolve it until broken Application server node is fixed, you will have to temporary exclude it from the ring of roundrobin backend hosts.

1.  Check the status of haproxy backends

echo "show stat" | socat stdio /var/lib/haproxy/stats

As you can see the backend is disabled.

Another way to do it which will make your sessions to the server not directly cut but kept for some time is to put the server you want to exclude from haproxy roundrobin to "maintenace mode".

echo "set server bk_BACKEND_ROUNDROBIN/app-server3 state maint" | socat unix-connect:/var/lib/haproxy/stats stdio

Actually, there is even better and more advanced way to disable backend from a configured rounrobin pair of hosts, with putting the available connections in a long waiting queue in the proxy, and if the App host is inavailable for not too short, haproxy will just ask the remote client to keep the connection for longer and continue the session interaction to remote side and wait for the App server connectivity to go out of maintenance, this is done via "drain" option.

echo "set server bk_BACKEND_ROUNDROBIN/app-server3 state drain" | socat unix-connect:/var/lib/haproxy/stats stdio

 

  • This sets the backend in DRAIN mode. No new connections are accepted and existing connections are drained.

To get a better idea on what is drain state, here is excerpt from haproxy official documentation:

Force a server's administrative state to a new state. This can be useful to
disable load balancing and/or any traffic to a server. Setting the state to
"ready" puts the server in normal mode, and the command is the equivalent of
the "enable server" command. Setting the state to "maint" disables any traffic
to the server as well as any health checks. This is the equivalent of the
"disable server" command. Setting the mode to "drain" only removes the server
from load balancing but still allows it to be checked and to accept new
persistent connections. Changes are propagated to tracking servers if any.


2. Disable backend app-server3 from rounrobin 


 

echo "disable server BACKEND_ROUNDROBIN/app-server3" | socat unix-connect:/var/lib/haproxy/stats stdio

# pxname,svname,qcur,qmax,scur,smax,slim,stot,bin,bout,dreq,dresp,ereq,econ,eresp,wretr,wredis,status,weight,act,bck,chkfail,chkdown,lastchg,downtime,qlimit,pid,iid,sid,throttle,lbtot,tracked,type,rate,rate_lim,rate_max,check_status,check_code,check_duration,hrsp_1xx,hrsp_2xx,hrsp_3xx,hrsp_4xx,hrsp_5xx,hrsp_other,hanafail,req_rate,req_rate_max,req_tot,cli_abrt,srv_abrt,comp_in,comp_out,comp_byp,comp_rsp,lastsess,last_chk,last_agt,qtime,ctime,rtime,ttime,
stats,FRONTEND,,,0,0,3000,0,0,0,0,0,0,,,,,OPEN,,,,,,,,,1,2,0,,,,0,0,0,0,,,,0,0,0,0,0,0,,0,0,0,,,0,0,0,0,,,,,,,,
stats,BACKEND,0,0,0,0,300,0,0,0,0,0,,0,0,0,0,UP,0,0,0,,0,282917,0,,1,2,0,,0,,1,0,,0,,,,0,0,0,0,0,0,,,,,0,0,0,0,0,0,-1,,,0,0,0,0,
Frontend_Name,FRONTEND,,,0,0,3000,0,0,0,0,0,0,,,,,OPEN,,,,,,,,,1,3,0,,,,0,0,0,0,,,,,,,,,,,0,0,0,,,0,0,0,0,,,,,,,,
Backend_Name,app-server4,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,1,0,1,0,282917,0,,1,4,1,,0,,2,0,,0,L4OK,,12,,,,,,,0,,,,0,0,,,,,-1,,,0,0,0,0,
Backend_Name,app-server3,0,0,0,0,,0,0,0,,0,,0,0,0,0,MAINT,1,0,1,1,2,2,23,,1,4,2,,0,,2,0,,0,L4OK,,11,,,,,,,0,,,,0,0,,,,,-1,,,0,0,0,0,
Backend_Name,BACKEND,0,0,0,0,300,0,0,0,0,0,,0,0,0,0,UP,1,1,0,,0,282917,0,,1,4,0,,0,,1,0,,0,,,,,,,,,,,,,,0,0,0,0,0,0,-1,,,0,0,0,0,

Once it is confirmed from Application supprt colleagues, that machine is out of maintenance node and working properly again to reenable it:

3. Enable backend app-server3

echo "enable server bk_BACKEND_ROUNDROBIN/app-server3" | socat unix-connect:/var/lib/haproxy/stats stdio

4. Check backend situation again

echo "show stat" | socat stdio /var/lib/haproxy/stats
# pxname,svname,qcur,qmax,scur,smax,slim,stot,bin,bout,dreq,dresp,ereq,econ,eresp,wretr,wredis,status,weight,act,bck,chkfail,chkdown,lastchg,downtime,qlimit,pid,iid,sid,throttle,lbtot,tracked,type,rate,rate_lim,rate_max,check_status,check_code,check_duration,hrsp_1xx,hrsp_2xx,hrsp_3xx,hrsp_4xx,hrsp_5xx,hrsp_other,hanafail,req_rate,req_rate_max,req_tot,cli_abrt,srv_abrt,comp_in,comp_out,comp_byp,comp_rsp,lastsess,last_chk,last_agt,qtime,ctime,rtime,ttime,
stats,FRONTEND,,,0,0,3000,0,0,0,0,0,0,,,,,OPEN,,,,,,,,,1,2,0,,,,0,0,0,0,,,,0,0,0,0,0,0,,0,0,0,,,0,0,0,0,,,,,,,,
stats,BACKEND,0,0,0,0,300,0,0,0,0,0,,0,0,0,0,UP,0,0,0,,0,282955,0,,1,2,0,,0,,1,0,,0,,,,0,0,0,0,0,0,,,,,0,0,0,0,0,0,-1,,,0,0,0,0,
Frontend_Name,FRONTEND,,,0,0,3000,0,0,0,0,0,0,,,,,OPEN,,,,,,,,,1,3,0,,,,0,0,0,0,,,,,,,,,,,0,0,0,,,0,0,0,0,,,,,,,,
Backend_Name,app-server4,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,1,0,1,0,282955,0,,1,4,1,,0,,2,0,,0,L4OK,,12,,,,,,,0,,,,0,0,,,,,-1,,,0,0,0,0,
Backend_Name,app-server3,0,0,0,0,,0,0,0,,0,,0,0,0,0,UP,1,0,1,1,2,3,58,,1,4,2,,0,,2,0,,0,L4OK,,11,,,,,,,0,,,,0,0,,,,,-1,,,0,0,0,0,
Backend_Name,BACKEND,0,0,0,0,300,0,0,0,0,0,,0,0,0,0,UP,1,1,1,,0,282955,0,,1,4,0,,0,,1,0,,0,,,,,,,,,,,,,,0,0,0,0,0,0,-1,,,0,0,0,0,


You should see the backend enabled again.

NOTE:
If you happen to get some "permission denied" errors when you try to send haproxy commands via the configured haproxy status this might be related to the fact you have enabled the socket in read only mode, if that is so it means the haproxy cannot be written to and therefore you can only read info from it with status commands, but not send any write operations to haproxy via unix socket.

One example haproxy configuration that enables haproxy socket in read only looks like this in haproxy.cfg:
 

 stats socket /var/lib/haproxy/stats


To make the haproxy socket read / write mode, for root superuser and some other users belonging to admin group 'adm', you should set the haproxy.cfg to something like:

stats socket /var/lib/haproxy/stats-qa mode 0660 group adm level admin

or if no special users with a set admin group needed to have access to socket, use instead config like:

stats socket /var/lib/haproxy/stats-qa.sock mode 0600 level admin