Programming Archives - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ

Archive for the ‘Programming’ Category

How to install and use memcached on Debian GNU / Linux to share php sessions between DNS round robined Apache webservers

Monday, November 9th, 2020

Recently I had to come up with a solution to make A bunch of websites hosted on a machine to be high available. For the task haproxy is one of logical options to use. However as I didn't wanted to set new IP addresses and play around to build a cluster. I decided the much more simplistic approach to use 2 separate Machines each running Up-to-date same version of Apache Webserver as front end and using a shared data running on Master-to-Master MySQL replication database as a backend. For the load balancing itself I've used a simple 2 multiple DNS 'A' Active records, configured via the Bind DNS name server an Round Robin DNS load balancing for each of the domains, to make them point to the the 2 Internet IP addresses (XXX.XXX.XXX.4 and YYY.YYY.YYY.5) each configured on the 2 Linux servers eth0.

So far so good, this setup worked but immediately, I've run another issue as I found out the WordPress and Joomla based websites's PHP sessions are lost, as the connectivity by the remote client browser reaches one time on XXX…4 and one time on YYY…4 configured listerner on TCP port 80 and TCP p. 443. In other words if request comes up to Front end Apache worker webserver 1 with opened channel data is sent back to Client Browser and the next request is sent due to the other IP resolved by the DNS server to come to Apache worker webserver 2 of course webserver 2 has no idea about this previous session data and it gets confused and returns soemething like a 404 or 500 or any other error … not exciting really huh …

I've thought about work around and as I didn't wanted to involve thirty party stuff as Privoxy / Squid / Varnish / Polipo etc. just as that would add extra complexity as if I choose to use haproxy from the beginning, after short investigation came to a reason to use memcached as a central PHP sessions storage.

Why I choose memcached ?

Well it is relatively easy to configure, it doesn't come with mambo-jambo unreadable over-complicated configuration and the time to configure everything is really little as well as the configuration is much straight forward, plus I don't need to occupy more IP addresses and I don't need to do any changes to the already running 2 WebServers on 2 separate Linux hosts configured to be reachable from the Internet.
Of course using memcached is not a rock solid and not the best solution out there, as there is risk that if a memcached dies out for some reason all sessions stored in are lost as they're stored only in volatile memory, as well as there is a drawback that if a communication was done via one of the 2 webservers and one of them goes down sessions that were known by one of Apache's workers disappears.

So let me proceed and explain you the steps to take to configure memcached as a central session storage system.

1. Install memcached and php-memcached packages

To enable support for memcached besides installing memcached daemon, you need to have the php-memcached which will provide the memcached.so used by Apache loaded php script interpretter module.

On a Debian / Ubuntu and other deb based GNU / Linux it should be:

webserver1:~# apt-get install memcached php-memcached

TO use php-memcached I assume Apache and its support for PHP is already installed with lets say:

webserver1:~# apt-get install php libapache2-mod-php php-mcrypt

On CentOS / RHEL / Fedora Linux it is a little bit more complicated as you'll need to install php-pear and compile the module with pecl

[root@centos ~]# yum install php-pear
…

[root@centos ~]# yum install php-pecl-memcache
…

Compile memcache

[root@centos ~]# pecl install memcache
…

2. Test if memcached is properly loaded in PHP

Once installed lets check if memcached service is running and memcached support is loaded as module into PHP core.

webserver1:~# ps -efa | egrep memcached
nobody 14443 1 0 Oct23 ? 00:04:34 /usr/bin/memcached -v -m 64 -p 11211 -u nobody -l 127.0.0.1 -l 192.168.0.1

root@webserver1:/# php -m | egrep memcache
memcached

To get a bit more verbose information on memcache version and few of memcached variable settings:

root@webserver1:/# php -i |grep -i memcache
/etc/php/7.4/cli/conf.d/25-memcached.ini
memcached
memcached support => enabled
libmemcached version => 1.0.18
memcached.compression_factor => 1.3 => 1.3
memcached.compression_threshold => 2000 => 2000
memcached.compression_type => fastlz => fastlz
memcached.default_binary_protocol => Off => Off
memcached.default_connect_timeout => 0 => 0
memcached.default_consistent_hash => Off => Off
memcached.serializer => php => php
memcached.sess_binary_protocol => On => On
memcached.sess_connect_timeout => 0 => 0
memcached.sess_consistent_hash => On => On
memcached.sess_consistent_hash_type => ketama => ketama
memcached.sess_lock_expire => 0 => 0
memcached.sess_lock_max_wait => not set => not set
memcached.sess_lock_retries => 5 => 5
memcached.sess_lock_wait => not set => not set
memcached.sess_lock_wait_max => 150 => 150
memcached.sess_lock_wait_min => 150 => 150
memcached.sess_locking => On => On
memcached.sess_number_of_replicas => 0 => 0
memcached.sess_persistent => Off => Off
memcached.sess_prefix => memc.sess.key. => memc.sess.key.
memcached.sess_randomize_replica_read => Off => Off
memcached.sess_remove_failed_servers => Off => Off
memcached.sess_sasl_password => no value => no value
memcached.sess_sasl_username => no value => no value
memcached.sess_server_failure_limit => 0 => 0
memcached.store_retry_count => 2 => 2
Registered save handlers => files user memcached

Make sure /etc/default/memcached (on Debian is enabled) on CentOS / RHELs this should be /etc/sysconfig/memcached

webserver1:~# cat default/memcached
# Set this to no to disable memcached.
ENABLE_MEMCACHED=yes

As assured on server1 memcached + php is ready to be used, next login to Linux server 2 and repeat the same steps install memcached and the module and check it is showing as loaded.

Next place under some of your webservers hosted websites under check_memcached.php below PHP code

<?php
if (class_exists('Memcache')) {
    $server = 'localhost';
    if (!empty($_REQUEST[‘server’])) {
        $server = $_REQUEST[‘server’];
    }
    $memcache = new Memcache;
    $isMemcacheAvailable = @$memcache->connect($server);

    if ($isMemcacheAvailable) {
        $aData = $memcache->get('data');
        echo '<pre>';
        if ($aData) {
            echo '<h2>Data from Cache:</h2>';
            print_r($aData);
        } else {
            $aData = array(
                'me' => 'you',
                'us' => 'them',
            );
            echo '<h2>Fresh Data:</h2>';
            print_r($aData);
            $memcache->set('data', $aData, 0, 300);
        }
        $aData = $memcache->get('data');
        if ($aData) {
            echo '<h3>Memcache seem to be working fine!</h3>';
        } else {
            echo '<h3>Memcache DOES NOT seem to be working!</h3>';
        }
        echo '</pre>';
    }
}

if (!$isMemcacheAvailable) {
    echo 'Memcache not available';
}

?>

Launch in a browser https://your-dns-round-robined-domain.com/check_memcached.php, the browser output should be as on below screenshot:

3. Configure memcached daemons on both nodes

All we need to set up is the listen IPv4 addresses

On Host Webserver1
You should have in /etc/memcached.conf

-l 127.0.0.1
-l 192.168.0.1

webserver1:~# grep -Ei '\-l' /etc/memcached.conf
-l 127.0.0.1
-l 192.168.0.1

On Host Webserver2

-l 127.0.0.1
-l 192.168.0.200

webserver2:~# grep -Ei '\-l' /etc/memcached.conf
-l 127.0.0.1
-l 192.168.0.200

4. Configure memcached in php.ini

Edit config /etc/php.ini (on CentOS / RHEL) or on Debians / Ubuntus etc. modify /etc/php/*/apache2/php.ini (where depending on the PHP version you're using your php location could be different lets say /etc/php/5.6/apache2/php.ini):

If you wonder where is the php.ini config in your case you can usually get it from the php cli:

webserver1:~# php -i | grep "php.ini"
Configuration File (php.ini) Path => /etc/php/7.4/cli
Loaded Configuration File => /etc/php/7.4/cli/php.ini

! Note: That on on PHP-FPM installations (where FastCGI Process Manager) is handling PHP requests,path would be rather something like:

/etc/php5/fpm/php.ini

in php.ini you need to change as minimum below 2 variables

session.save_handler =
session.save_path =

By default session.save_path would be set to lets say session.save_path = "

/var/lib/php7/sessions"

To make php use a 2 central configured memcached servers on webserver1 and webserver2 or even more memcached configured machines set it to look as so:

session.save_path="192.168.0.200:11211, 192.168.0.1:11211"

Also modify set

session.save_handler = memcache

Overall changed php.ini configuration on Linux machine 1 ( webserver1 ) and Linux machine 2 ( webserver2 ) should be:

session.save_handler = memcache
session.save_path="192.168.0.200:11211, 192.168.0.1:11211"

Below is approximately how it should look on both :

webserver1: ~# grep -Ei 'session.save_handler|session.save_path' /etc/php.ini
;; session.save_handler = files
session.save_handler = memcache
; session.save_path = "N;/path"
; session.save_path = "N;MODE;/path"
;session.save_path = "/var/lib/php7/sessions"
session.save_path="192.168.0.200:11211, 192.168.0.1:11211"
; (see session.save_path above), then garbage collection does *not*

webserver2: ~# grep -Ei 'session.save_handler|session.save_path' /etc/php.ini
;; session.save_handler = files
session.save_handler = memcache
; session.save_path = "N;/path"
; session.save_path = "N;MODE;/path"
;session.save_path = "/var/lib/php7/sessions"
session.save_path="192.168.0.200:11211, 192.168.0.1:11211"
; (see session.save_path above), then garbage collection does *not*

As you can see I have configured memcached on webserver1 to listen on internal local LAN IP 192.168.0.200 and on Local LAN eth iface 192.168.0.1 on TCP port 11211 (this is the default memcached connections listen port), for security or obscurity reasons you might choose another empty one. Make sure to also set the proper firewalling to that port, the best is to enable connections only between 192.168.0.200 and 192.168.0.1 on each of machine 1 and machine 2.

5. Enable Memcached for session redundancy

Next step is to configure memcached to allow failover (e.g. use both memcached on 2 linux hosts) and configure session redundancy.
Configure /etc/php/7.3/mods-available/memcache.ini or /etc/php5/mods-available/memcache.ini or respectively to the right location depending on the PHP installed and used webservers version.

webserver1 :~# vim /etc/php/7.3/mods-available/memcache.ini

; configuration for php memcached module
; priority=20
; settings to write sessions to both servers and have fail over
memcache.hash_strategy=consistent
memcache.allow_failover=1
memcache.session_redundancy=3
extension=memcached.so

webserver2 :~# vim /etc/php/7.3/mods-available/memcache.ini

; configuration for php memcached module
; priority=20
; settings to write sessions to both servers and have fail over
memcache.hash_strategy=consistent
memcache.allow_failover=1
memcache.session_redundancy=3
extension=memcached.so

memcache.session_redundancy directive must be equal to the number of memcached servers + 1 for the session information to be replicated to all the servers. This is due to a bug in PHP.
I have only 2 memcached configured that's why I set it to 3.

6. Restart Apache Webservers

Restart on both machines webserver1 and webserver2 Apache to make php load memcached.so

webserver1:~# systemctl restart httpd

…

webserver2:~# systemctl restart httpd

7. Restart memcached on machine 1 and 2

webserver1 :~# systemctl restart memcached

webserver2 :~# systemctl restart memcached

8. Test php sessions are working as expected with a php script

Copy to both website locations to accessible URL a file test_sessions.php:

<?php
session_start();

if(isset($_SESSION[‘georgi’]))
{
echo "Sessions is ".$_SESSION[‘georgi’]."!\n";
}
else
{
echo "Session ID: ".session_id()."\n";
echo "Session Name: ".session_name()."\n";
echo "Setting 'georgi' to 'cool'\n";
$_SESSION[‘georgi’]='cool';
}
?>

Now run the test to see PHP sessions are kept persistently:

hipo@jeremiah:~/Desktop $ curl -vL -s https://www.pc-freak.net/session.php 2>&1 | grep 'Set-Cookie:'
< Set-Cookie: PHPSESSID=micir464cplbdfpo36n3qi9hd3; expires=Tue, 10-Nov-2020 12:14:32 GMT; Max-Age=86400; path=/

hipo@jeremiah:~/Desktop $ curl -L –cookie "PHPSESSID=micir464cplbdfpo36n3qi9hd3" http://83.228.93.76/session.php http://213.91.190.233/session.php
Session is cool!
Session is cool!

Copy to the locations that is resolving to both DNS servers some sample php script such as sessions_test.php with below content:

<?php
    header('Content-Type: text/plain');
    session_start();
    if(!isset($_SESSION[‘visit’]))
    {
        echo "This is the first time you're visiting this server\n";
        $_SESSION[‘visit’] = 0;
    }
    else
            echo "Your number of visits: ".$_SESSION[‘visit’] . "\n";

    $_SESSION[‘visit’]++;

    echo "Server IP: ".$_SERVER[‘SERVER_ADDR’] . "\n";
    echo "Client IP: ".$_SERVER[‘REMOTE_ADDR’] . "\n";
    print_r($_COOKIE);
?>

Test in a Web Opera / Firefox / Chrome browser.

You should get an output in the browser similar to:

Your number of visits: 15
Server IP: 83.228.93.76
Client IP: 91.92.15.51
Array
(
[_ga] => GA1.2.651288003.1538922937
[__utma] => 238407297.651288003.1538922937.1601730730.1601759984.45
[__utmz] => 238407297.1571087583.28.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not provided)
[shellInABox] => 467306938:1110101010
[fpestid] => EzkIzv_9OWmR9PxhUM8HEKoV3fbOri1iAiHesU7T4Pso4Mbi7Gtt9L1vlChtkli5GVDKtg
[__gads] => ID=8a1e445d88889784-22302f2c01b9005b:T=1603219663:RT=1603219663:S=ALNI_MZ6L4IIaIBcwaeCk_KNwmL3df3Z2g
[PHPSESSID] => mgpk1ivhvfc2d0daq08e0p0ec5
)

If you want to test php sessions are working with text browser or from another external script for automation use something as below PHP code:

<?php
// save as "session_test.php" inside your webspace
ini_set('display_errors', 'On');
error_reporting(6143);

session_start();

$sessionSavePath = ini_get('session.save_path');

echo '<br><div style="background:#def;padding:6px">'
, 'If a session could be started successfully <b>you should'
, ' not see any Warning(s)</b>, otherwise check the path/folder'
, ' mentioned in the warning(s) for proper access rights.<hr>';
echo "WebServer IP:" . $_SERVER[‘SERVER_ADDR’] . "\n<br />";
if (empty($sessionSavePath)) {
echo 'A "<b>session.save_path</b>" is currently',
' <b>not</b> set.<br>Normally "<b>';
if (isset($_ENV[‘TMP’])) {
echo $_ENV[‘TMP’], ‘” ($_ENV[“TMP”]) ';
} else {
echo '/tmp</b>" or "<b>C:\tmp</b>" (or whatever',
' the OS default "TMP" folder is set to)';
}
echo ' is used in this case.';
} else {
echo 'The current "session.save_path" is "<b>',
$sessionSavePath, '</b>".';
}

echo '<br>Session file name: "<b>sess_', session_id()
, '</b>".</div><br>';
?>

You can download the test_php_sessions.php script here.

To test with lynx:

hipo@jeremiah:~/Desktop $ lynx -source 'https://www.pc-freak.net/test_php_sessions.php'
<br><div style="background:#def;padding:6px">If a session could be started successfully <b>you should not see any Warning(s)</b>, otherwise check the path/folder mentioned in the warning(s) for proper access rights.<hr>WebServer IP:83.228.93.76
<br />The current "session.save_path" is "<b>tcp://192.168.0.200:11211, tcp://192.168.0.1:11211</b>".<br>Session file name: "<b>sess_5h18f809b88isf8vileudgrl40</b>".</div><br>

Tags: Below, client browser, download, Edit, How to, installed, little bit, Mode, screenshot, share
Posted in Linux, PHP, Programming, System Administration, Web and CMS | No Comments »

How to Avoid the 7 Most Frequent Mistakes in Python Programming

Monday, September 9th, 2019

Python is very appealing for Rapid Application Development for many reasons, including high-level built in data structures, dynamic typing and binding, or to use as glue to connect different components. It’s simple and easy to learn but new Python developers can fall in the trap of missing certain subtleties.

Here are 7 common mistakes that are harder to catch but that even more experienced Python developers have fallen for.

1. The misuse of expressions as function argument defaults

Python allows developers to indicate optional function arguments by giving them default values. In most cases, this is a great feature of Python, but it can create some confusion when the default value is mutable. In fact, the common mistake is thinking that the optional argument is set to whatever default value you’ve set every time the function argument is presented without a value. It can seem a bit complicated, but the answer is that the default value for this function argument is only evaluated at the time you’ve defined the function, one time only.

how-to-avoid-the-7-most-frequent-mistakes-in-python-programming-3

2. Incorrect use of class variables

Python handles class variables internally as dictionaries and they will follow the Method Resolution Order (MRO). If an attribute is not found in one class it will be looked up in base classes so references to one part of the code are actually references to another part, and that can be quite difficult to handle well in Python. For class attributes, I recommend reading up on this aspect of Python independently to be able to handle them.

how-to-avoid-the-7-most-frequent-mistakes-in-python-programming-2

3. Incorrect specifications of parameters for exception blocks

There is a common problem in Python when except statements are provided but they don’t take a list of the exceptions specified. The syntax except Exception is used to bind these exception blocks to optional parameters so that there can be further inspections. What happens, however, is that certain exceptions are then not being caught by the except statement, but the exception becomes bound to parameters. The way to get block exceptions in one except statement has to be done by specifying the first parameter as a tuple to contain all the exceptions that you want to catch.

how-to-avoid-the-7-most-frequent-mistakes-in-python-programming-1

4. Failure to understand the scope rules

The scope resolution on Python is built on the LEGB rule as it’s commonly known, which means Local, Enclosing, Global, Built-in. Although at first glance this seems simple, there are some subtleties about the way it actually works in Python, which creates a more complex Python problem. If you make an assignment to a variable in a scope, Python will assume that variable is local to the scope and will shadow a variable that’s similarly named in other scopes. This is a particular problem especially when using lists.

5. Modifying lists during iterations over it

When a developer deletes an item from a list or array while iterating, they stumble upon a well known Python problem that’s easy to fall into. To address this, Python has incorporated many programming paradigms which can really simplify and streamline code when they’re used properly. Simple code is less likely to fall into the trap of deleting a list item while iterating over it. You can also use list comprehensions to avoid this problem.

how-to-avoid-the-7-most-frequent-mistakes-in-python-programming-8

6. Name clash with Python standard library

Python has so many library modules which is a bonus of the language, but the problem is that you can inadvertently have a name clash between your module and a module in the standard library. The problem here is that you can accidentally import another library which will import the wrong version. To avoid this, it’s important to be aware of the names in the standard library modules and stay away from using them.

how-to-avoid-the-7-most-frequent-mistakes-in-python-programming-5

7. Problems with binding variables in closures

Python has a late binding behavior which looks up the values of variables in closure only when the inner function is called. To address this, you may have to take advantage of default arguments to create anonymous functions that will give you the desired behavior – it’s either elegant or a hack depending on how you look at it, but it’s important to know.

how-to-avoid-the-7-most-frequent-mistakes-in-python-programming-6

Python is very powerful and flexible and it’s a great language for developers, but it’s important to be familiar with the nuances of it to optimize it and avoid these errors.

Ellie Coverdale, a technical writer at Essay roo and UK Writings, is involved in tech research and projects to find new advances and share her insights. She shares what she has learned with her readers on the Boom Essays blog.

Tags: argument, class, commin programming mistakes python, default, during, errors, exception, function, Global, Incorrect, language, list, nuances, one time, Problems, python, resolution, value, variables
Posted in Programming | 2 Comments »

How to build Linux logging bash shell script write_log, logging with Named Pipe buffer, Simple Linux common log files logging with logger command

Monday, August 26th, 2019

how-to-build-bash-script-for-logging-buffer-named-pipes-basic-common-files-logging-with-logger-command

Logging into file in GNU / Linux and FreeBSD is as simple as simply redirecting the output, e.g.:

echo "$(date) Whatever" >> /home/hipo/log/output_file_log.txt

or with pyping to tee command

echo "$(date) Service has Crashed" | tee -a /home/hipo/log/output_file_log.txt

But what if you need to create a full featured logging bash robust shell script function that will run as a daemon continusly as a background process and will output
all content from itself to an external log file?
In below article, I've given example logging script in bash, as well as small example on how a specially crafted Named Pipe buffer can be used that will later store to a file of choice.
Finally I found it interesting to mention few words about logger command which can be used to log anything to many of the common / general Linux log files stored under /var/log/ – i.e. /var/log/syslog /var/log/user /var/log/daemon /var/log/mail etc.

1. Bash script function for logging write_log();

Perhaps the simplest method is just to use a small function routine in your shell script like this:

write_log()
LOG_FILE='/root/log.txt';
{
while read text
do
      LOGTIME=`date "+%Y-%m-%d %H:%M:%S"`
      # If log file is not defined, just echo the output
      if [ “$LOG_FILE” == “” ]; then
    echo $LOGTIME": $text";
      else
        LOG=$LOG_FILE.`date +%Y%m%d`
    touch $LOG
        if [ ! -f $LOG ]; then echo "ERROR!! Cannot create log file $LOG. Exiting."; exit 1; fi
    echo $LOGTIME": $text" | tee -a $LOG;
      fi
done
}

Using the script from within itself or from external to write out to defined log file

echo "Skipping to next copy" | write_log

2. Use Unix named pipes to pass data – Small intro on what is Unix Named Pipe.

Named Pipe – a named pipe (also known as a FIFO (First In First Out) for its behavior) is an extension to the traditional pipe concept on Unix and Unix-like systems, and is one of the methods of inter-process communication (IPC). The concept is also found in OS/2 and Microsoft Windows, although the semantics differ substantially. A traditional pipe is "unnamed" and lasts only as long as the process. A named pipe, however, can last as long as the system is up, beyond the life of the process. It can be deleted if no longer used.
Usually a named pipe appears as a file, and generally processes attach to it for IPC.

Once named pipes were shortly explained for those who hear it for a first time, its time to say named pipe in unix / linux is created with mkfifo command, syntax is straight foward:

mkfifo /tmp/name-of-named-pipe

Some older Linux-es with older bash and older bash shell scripts were using mknod.
So idea behind logging script is to use a simple named pipe read input and use date command to log the exact time the command was executed, here is the script.

#!/bin/bash
named_pipe='/tmp/output-named-pipe';
output_named_log='/tmp/output-named-log.txt ';

if [ -p $named_pipe ]; then
rm -f $named_pipe
fi
mkfifo $named_pipe

while true; do
read LINE <$named_pipe
echo $(date): "$LINE" >>/tmp/output-named-log.txt
done

To write out any other script output and get logged now, any of your output with a nice current date command generated output write out any output content to the loggin buffer like so:

echo 'Using Named pipes is so cool' > /tmp/output-named-pipe
echo 'Disk is full on a trigger' > /tmp/output-named-pipe

Getting the output with the date timestamp

# cat /tmp/output-named-log.txt
Mon Aug 26 15:21:29 EEST 2019: Using Named pipes is so cool
Mon Aug 26 15:21:54 EEST 2019: Disk is full on a trigger

If you wonder why it is better to use Named pipes for logging, they perform better (are generally quicker) than Unix sockets.

3. Logging files to system log files with logger

If you need to do a one time quick way to log any message of your choice with a standard Logging timestamp, take a look at logger (a part of bsdutils Linux package), and is a command which is used to enter messages into the system log, to use it simply invoke it with a message and it will log your specified output by default to /var/log/syslog common logfile

root@linux:/root# logger 'Here we go, logging'
root@linux:/root # tail -n 3 /var/log/syslog
Aug 26 15:41:01 localhost CRON[24490]: (root) CMD (chown qscand:qscand -R /var/run/clamav/ 2>&1 >/dev/null)
Aug 26 15:42:01 localhost CRON[24547]: (root) CMD (chown qscand:qscand -R /var/run/clamav/ 2>&1 >/dev/null)
Aug 26 15:42:20 localhost hipo: Here we go, logging

If you have took some time to read any of the init.d scripts on Debian / Fedora / RHEL / CentOS Linux etc. you will notice the logger logging facility is heavily used.

With logger you can print out message with different priorities (e.g. if you want to write an error message to mail.* logs), you can do so with:

logger -i -p mail.err "Output of mail processing script"

To log a normal non-error (priority message) with logger to /var/log/mail.log system log.

logger -i -p mail.notice "Output of mail processing script"

A whole list of supported facility named priority valid levels by logger (as taken of its current Linux manual) are as so:

FACILITIES AND LEVELS
       Valid facility names are:

              auth
              authpriv   for security information of a sensitive nature
              cron
              daemon
              ftp
              kern       cannot be generated from userspace process, automatically converted to user
              lpr
              mail
              news
              syslog
              user
              uucp
              local0
                to
              local7
              security   deprecated synonym for auth

       Valid level names are:

              emerg
              alert
              crit
              err
              warning
              notice
              info
              debug
              panic     deprecated synonym for emerg
              error     deprecated synonym for err
              warn      deprecated synonym for warning

       For the priority order and intended purposes of these facilities and levels, see syslog(3).

If you just want to log to Linux main log file (be it /var/log/syslog or /var/log/messages), depending on the Linux distribution, just type', even without any shell quoting:

logger 'The reason to reboot the server Currently was a System security Update

So what others is logger useful for?

In addition to being a good diagnostic tool, you can use logger to test if all basic system logs with its respective priorities work as expected, this is especially
useful as I've seen on a Cloud Holsted OpenXEN based servers as a SAP consultant, that sometimes logging to basic log files stops to log for months or even years due to
syslog and syslog-ng problems hungs by other thirt party scripts and programs.
To test test all basic logging and priority on system logs as expected use the following logger-test-all-basic-log-logging-facilities.sh shell script.

#!/bin/bash
for i in {auth,auth-priv,cron,daemon,kern, \
lpr,mail,mark,news,syslog,user,uucp,local0 \
,local1,local2,local3,local4,local5,local6,local7}
do
# (this is all one line!)

for k in {debug,info,notice,warning,err,crit,alert,emerg}
do

logger -p $i.$k "Test daemon message, facility $i priority $k"

done

done

Note that on different Linux distribution verions, the facility and priority names might differ so, if you get

logger: unknown facility name: {auth,auth-priv,cron,daemon,kern,lpr,mail,mark,news, \
syslog,user,uucp,local0,local1,local2,local3,local4, \
local5,local6,local7}

check and set the proper naming as described in logger man page.

4. Using a file descriptor that will output to a pre-set log file

Another way is to add the following code to the beginning of the script

#!/bin/bash
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>log.out 2>&1
# Everything below will go to the file 'log.out':

The code Explaned

Saves file descriptors so they can be restored to whatever they were before redirection or used themselves to output to whatever they were before the following redirect.
trap 'exec 2>&4 1>&3' 0 1 2 3
Restore file descriptors for particular signals. Not generally necessary since they should be restored when the sub-shell exits.

exec 1>log.out 2>&1

Redirect stdout to file log.out then redirect stderr to stdout. Note that the order is important when you want them going to the same file. stdout must be redirected before stderr is redirected to stdout.

From then on, to see output on the console (maybe), you can simply redirect to &3. For example
,

echo "$(date) : Do print whatever you want logging to &3 file handler" >&3

I've initially found out about this very nice bash code from serverfault.com's post how can I fully log all bash script actions (but unfortunately on latest Debian 10 Buster Linux that is prebundled with bash shell 5.0.3(1)-release the code doesn't behave exactly, well but still on older bash versions it works fine.

Sum it up

To shortlysummarize there is plenty of ways to do logging from a shell script logger command but using a function or a named pipe is the most classic. Sometimes if a script is supposed to write user or other script output to a a common file such as syslog, logger command can be used as it is present across most modern Linux distros.
If you have a better ways, please drop a common and I'll add it to this article.

Tags: bash shell script, bash shell scripts, command, echo, error message, facility, How to, information, init, logging, mail, nature, one time, priority, processing, root linux, security, Simple Linux, small, syslog, tmp, use, var
Posted in Bash Scripting, Linux, Programming | 1 Comment »

How to make for loop (cycles) in KSH useful for FreeBSD / UNIX system administrators

Friday, November 3rd, 2017

korn-shell-how-to-make-loops-easily-for-sys-admin-purposes

Sometimes we have to administrate this operating systems such as FreeBSD / AIX / HP UX or even Mac OS server where by default due to historical reasons or for security bash shell is not avialable. That's not a common scenario but it happens so if as sysadmin we need to create for loops on ksh it is useful to know how to do that, as for loop cycles are one of the most important command line tools the sysadmin swiss army knife kind of.

So how to create a for loop (cycle) in ksh (Korn Shell)?

The most basic example for a KSH loop shell is below:

#!/bin/ksh
for i in 1 2 3 4 5
do
echo "Welcome $i times"
done

Add the content to any file lets say ksh_loop.ksh then make it executable as you do in bash shells

$ chmod +x ksh_loop.ksh
$ ksh ksh_loop.ksh

The overall syntax of the for loop ksh command is as follows:

for {Variable} in {lists}
do
echo ${Variable}
done

Hence to list lets say 20 iterations in a loop in ksh you can use something like:

#!/bin/ksh
for i in {1..20}
do
echo "Just a simple echo Command $i times";
# add whatever system commands you like here
done

Example for some useful example with KSH loop is to list a directory content so you can execute whatever command you need on each of the files or directories inside

#!/bin/ksh
for f in $(ls /tmp/*)
do
print "Iterating whatever command you like on /tmp dir : $f"
done

Other useful for loop iteration would be to print a file content line by line just like it is done in bash shell, you can do that with a small loop like belows:

#!/bin/ksh
for iteration_variable in $(cat file_with-your-loved-content-to-iterate.txt)
do
print "Current iteration like is : $iteration_variable"
done

Tags: freebsd, loop, make, system, unix, Useful
Posted in FreeBSD, IBM AIX UNIX, Programming | No Comments »

How to remove Google Logo from Searches in Firefox and Chrome and Safari Web browsers – Disable seeing Annoying Google Doodles content with ABP

Tuesday, May 26th, 2015

Most of people nowadays are using Google as a default search engine for different reasons, some because of its popularity and most importantly because Google is considered the Largest and most used and superior in quality Internet Search Engine in the World as of time of writting this post.

However as most (if not all) Companies and Corporations nowdays in this terrible freedom enslaving Globalistic world, Google's popularity is not only a result of their superiority of service but a consequence of 17 years constant branding (or better to say user brainwashing) to addict peoples arround the world to their colorful logo and their Loud name GOOGLE (contains 2G's 2O's 1L and 1E or as it might be associated subsconsciously = Le, 2 G, 2 O or LE 2 GO – looks pretty much like the English LET GO – doesn't it??) .

Color programming has become a popular way for companies and brands to keep our minds affected the Colorful addiction and has been definitely quite seriously researched throughout World War I and World War II and Post war times by Governments and Psychological institute studies some of which tried to call it and name it as NLP (Neuro Linguistic Programming) and made a pseudo-science that is more of a spiritual new age occult thing than really based on facts. I guess some of this studies were put in action by most if not all big companies to influence their customer / users.

Google's Logo

Some example that such a mind psyche manipulation techniques are reality could be seen by simply comparing the Color Gamma of Google's Logo, Microsoft Flag (See your start button logo), Ebay Logo, Google Play's logo, Microsoft (Windows)Flag logo, Windows Media Player, Google Chrome, Microsoft Visual Studio, Apple's Old Logo … etc. etc. and a number of key applications we use daily is not a coincidence but a smartly crafted methodology to make people regularly exposed to combination of colors be psychologically influenced and attracted by the Colorful flag message not only in these company Software programs but also in daily products we buy from Shops / Supermarkets.

Windows Flag (Also present on every Windows PC in the start button and during PC boot)

However color programming that Google inflicts (is not really a prooved science but is based on a number of occult gnostic believes combined with some pseudo scientific research on associative human thinking).

Hence these colorful manipulation / programming technique so much adopted by companies is believed to effect on adult people and kids throughout the world because even from kids we're being exposed to this colors in many children books, cartoons cartoons and most importantly by the market which produces this "interesting" entertaining fun colorful kid toys.

Apple's Computer Company Inc Old Logo

In other words these corporations are trying to influence and bring up a postive reaction in us by using these colorful logos propaganda because it has to do with how people were learned to think from the Kinder Garden onwards, especially in democratic countries and probably less in ex-communist totalitarian countries (because they were excluded more or less fromt he global rest of the world for many years), though color programming was partially used also in ex-communist contries too but in a less agressive way than in democratic countries.

With all said above I guess / assume Google (creators) or some of the management and CEO personal undertstood this people's natural daily inflicted love for colorfulness quite well not only because of its psychological materrial meaning but also because Google founders Larry Page and Sergey Brin have been told a mystical teaching about colors that is being preached heavily in recent years by pseudo scientific (occult) companies like Herrmann Brain Dominance Institute HBDI the infamous business module so much loved and adopted by modern businesses – (HBDI) as well as the colors hidden meanings as believed in secret (closed) societies such a masonry fraternities and their front organizations such as Rainbow Girls, Shriners etc..

Logo of Masonic Order Rainbow girls together with Masonic Square and Compass famous symbol

Probably the importance of exposed Google Logo colors is not a coincidence but same colors order is important for both Jewish (because of the Rainbow's importance in the Holy Bible Old testament as a sign of covenant God give between God and man as a promise the world will be no more destroyed by Water Flood), that is still strictly followed by Jewish.

Besides that the Google logo colors are also to be seen as one of central symbols of Free Masonry the Eastern Star (note that it is the same as the Satanists Pentagram), Partially in Gay Lesbian and Homosexual Movement's flag logo and many new founded companies that are adopting and embedding occult meaning it in their company brands exposing them selve who are their masters.

An important Masonic Star (Same is seen in Lavey's Church of Satan but in a circle)

Homosexuals movement logo (flag)

With all said, if you're like me and you want to continue use Google as a Search engine and not switch to Something like Russian's Yandex / Yahoo or DuckDuckGo etc. and want to keep using Google but disable annoying Color propaganda of Google Logo and the Google Doodle's that exposes you to people and events that are often anti-Christian (or never related to Christianity) but showing a pop-culture idolizing personalities many of whom are known for their liberal ideas and non-christian world view (e.g. indoctrinating you slowly but surely with secularism and globalistic) ideas, or if you want me to be "politically incorrect" to save yourself from Google Brainwashing.

Strangely perhaps not a co-incidence this colorfulness and order of color, very much resembles the Buddhist prayer flags used heavily by Buddhists (hanged on their large temples), I guess this is not strange since nowdays the Western culture is crazy of integrating Eastern teachings into their Post-Christian "enlightenment" world.

Removing the Google Search Colorful Logo (Substitute Logo with Blank Space) in Mozilla Firefox Web Browser

I've tried a couple of methodologies to get rid of Annoying Google colorful logo that started to be really irritating for me by using DOOD Remove Firefox plugin which was supposed to be able to allow me change the Google Logo site to whatever I like but the link pointing to the FF DOOD Remove plugin was broken, I then tried using a simple hack with GreaseMonkey and My Google Logo and Background changer on my Firefox Version 38.0.1 but as the script used to be last tested reported working on 18-05-2013 as of time of writting this article it didn't work nomore because of some changes in how google serve its Logo Images. I knew there is a way to also dump the logo using some of the embedded Firefox Javascripts but as I was lazy and don't have a good understanding on JS, I decided to not continue that way and instead tried another method with Adblock Plus's custom Filterint capabilities that is able to filter any picture or object out of a html web page.

Using ABP to remove Google Logo turned to be the easiest and only working solution to remove Google's Logo, to do you need to:

1. Have AdBlockPlus extension for Firefox installed first
2. Enter ABP Options menu by either right-clicking the extension's icon and choose Filter Preferences as shown in prior screenshot.
3. Go to the Add filter Group button (Type Google and then, click Add Filter button and enter google.*/logos/doodles/, as shown in below screenshot

Then give it a try just open www.google.com and you will not see anymore the Google logo, unfrotunately the Logo flashes for less than a second until it is removed but this is the best I can achieve at current point.

Removing the Google Search Colorful Logo (Substitute Logo with Blank Space) in Google Chrome Browser

I've also done a short research on how is possible to Remove Google logo if using Google's Chrome browser and it seems the only meaningful thing I found here is again DOOD Remove (extension) for Chrome.
I've give DOOD Remove for Chrome a try and it works fine, however when you want to open Google you get a short second flash of the Google Logo (after typing google.com in URL bar) before you get the logo wiped so though this works the solution is unfortunately not perfect, the other option to remove the Google Logo branding from searches in Chrome was also to use the Greasemonkey + Userscript as well as Tampermonkey + DoodleGone's script as explained in this post however after enabling TamperMonkey + DoodleGone, the Google logo still was appearing in a behind the search bar (so this worked not), the Google Chrome version where I tried this solution is
Google Chrome 43.0.2357.81 (Official Build) m (32-bit).

So finally it turned out that in order to Disable Google's Kindergarden like looking Logo in Chrome (which is manipulately crafted to inflict kiddish feelings in yourself), I had to Adblock Plus Methodology as described above.
The ABP method to get rid of the ugly google logo also seems to be the only Method that works to remove the Google Logo on Mac OS's (Safari browser).

Hope my article helps others who want to Ban the Google Doodles Logo in your favourite web browser the only condition is to have the Adblock Plus for the browser.

Enjoy Google free logo browsing Google Search engine ! 🙂

Tags: ABP, Adblock Plus Methodology, coincidence, colors, company, content, ebay flag color programming, Firefox Javascripts, Firefox Version, Google Chrome, Google Logo, Google Logo Google Doodles, Herrmann Brain Dominance Institute, How to, importance, loose time, Microsoft Flag, news, popularity, programming, Remove Google, solution, Strangely, use
Posted in Curious Facts, Entertainment, Everyday Life, Firefox, Mac OS X, News, Programming, Various, Web and CMS, Windows | 4 Comments »

Check and log routinely multiple servers load avarage for Linux / UNIX server overloads

Friday, March 13th, 2015

It is a very useful thing if you have to administer a large group of Linux / UNIX servers and you're not running web monitoring such as Nagios / Icinga / Munin / monit to Raise Email or other kind of Alert / Warning notices to periodically check the system load avarage with uptime command and log to a file and if necessery send emails in case if some server too high load avarage is matched on servers.

Below little script could be a basis for development of a script to raise email SMS alerts in case if a Linux / BSD / UNIX system gets CPU overloaded.

#!/bin/bash
user='G18134';
pass='#7';
commands_to_exec='uptime; uname -a; cat /proc/cpuinfo |grep -i proc|wc -l';
all_servers_f='all_servers_list.txt';
log='server_load.txt';
cat /dev/null > $log;
while read line; do echo "-=== Server $line ===-" | tee -a $log; sshpass -p $pass ssh $user@$(echo $line) $commands_to_exec < /dev/null | tee -a $log; done < $all_servers_f

The run_commands_on_multiple_servers.sh script is available for download also is here. The script can be easily adopted to run any other commands or trigger alerts, anyways if you need something more complex I would recommend to still stick to monit (utility for monitoring servers on UNIX system / Zabbix etc.

To be working the script requires to have sshpass (tool) installed as it uses it to pass the SSH credentials password to remote server. Note that you have to keep the script with strong permissions if other people have access to your home folder as this might reveal password and help someone to hack into your servers. The script is very useful if you have to login and execute a command to multiple UNIX group servers behind DMZed (Firewall) Zone only through a Windows HOP machine as it works out of the box with latest versions of MobaXTerm (which is a Windows Terminal client that absolutely rox and the SWIFF Army knfie of the Windows Admin who comes from a Linux background ! 🙂

Tags: avarage, Below, case, command, login, multiple, password, script, servers, something, ssh, unix
Posted in Everyday Life, FreeBSD, Linux, Linux and FreeBSD Desktop, Monitoring, Networking, Programming, System Administration, Various | No Comments »

Command to get CPU server load in % percentage using bash and /proc/stat on Linux

Wednesday, March 11th, 2015

Getting load avarage is easy with uptime command, however since nowadays Linux servers are running on multiple CPU machines and Dual cores, returned load avarage shows only information concerning a single processor. Of course seeing overall CPU server load is possible with TOP / TLoad command / HTOP and a bunch of other monitoring commands, but how you can get a CPU percentage server load using just /proc/stat and bash scripting? Here is hwo:

:;sleep=1;CPU=(`cat /proc/stat | head -n 1`);PREV_TOTAL=0;for VALUE in "${CPU[@]}”; do let “PREV_TOTAL=$PREV_TOTAL+$VALUE”;done;PREV_IDLE=${CPU[4]};sleep $sleep; CPU=(`cat /proc/stat | head -n 1`);unset CPU[0];IDLE=${CPU[4]};TOTAL=0; for VALUE in “${CPU[@]}"; do let "TOTAL=$TOTAL+$VALUE"; done;echo $(echo "scale=2; ((($sleep*1000)*(($TOTAL-$PREV_TOTAL)-($IDLE-$PREV_IDLE))/($TOTAL-$PREV_TOTAL))/10)" | bc -l );

52.45

As you can see command output shows CPU is loaded on 52.45%, so this server will soon have to be replaced with better hardware, because it gets CPU loaded over 50%

It is useful to use above bash shell command one liner together with little for loop to refresh output every few seconds and see how the CPU is loaded in percentage over time.

for i in $(seq 0 10); do :;sleep=1;CPU=(`cat /proc/stat | head -n 1`);PREV_TOTAL=0;for VALUE in "${CPU[@]}”; do let “PREV_TOTAL=$PREV_TOTAL+$VALUE”;done;PREV_IDLE=${CPU[4]};sleep $sleep; CPU=(`cat /proc/stat | head -n 1`);unset CPU[0];IDLE=${CPU[4]};TOTAL=0; for VALUE in “${CPU[@]}"; do let "TOTAL=$TOTAL+$VALUE"; done;echo $(echo "scale=2; ((($sleep*1000)*(($TOTAL-$PREV_TOTAL)-($IDLE-$PREV_IDLE))/($TOTAL-$PREV_TOTAL))/10)" | bc -l ); done

47.50

13.86
27.36
82.67
77.18

To monitor "forever" output from all server processor overall load use:

while [ 1 ]; do :;sleep=1;CPU=(`cat /proc/stat | head -n 1`);PREV_TOTAL=0;for VALUE in “${CPU[@]}”; do let “PREV_TOTAL=$PREV_TOTAL+$VALUE”;done;PREV_IDLE=${CPU[4]};sleep $sleep; CPU=(`cat /proc/stat | head -n 1`);unset CPU[0];IDLE=${CPU[4]};TOTAL=0; for VALUE in “${CPU[@]}"; do let "TOTAL=$TOTAL+$VALUE"; done;echo $(echo "scale=2; ((($sleep*1000)*(($TOTAL-$PREV_TOTAL)-($IDLE-$PREV_IDLE))/($TOTAL-$PREV_TOTAL))/10)" | bc -l ); done
…

Tags: avarage, bash shell, course, CPU, echo echo, htop, processor, scale, sleep, stat, value
Posted in Linux, Programming, System Administration, Various | No Comments »

How to check Apache Webserver and MySQL server uptime – Check uptime of a running daemon with PS (process) command

Tuesday, March 10th, 2015

Something very useful that most Apache LAMP (Linux Apache MySQL PHP) admins should know is how to check Apache Webserver uptime and MySQL server running (uptime).
Checking Apache / MySQL uptime is primary useful for scripting purposes – creating auto Apache / MySQL service restart scripts, or just as a quick console way to check what is the status and uptime of Webserver / SQL.

My experience as a sysadmin shows that lack of Periodic Apache and MySQL restart every week or every month often creates sys-admin a lot of a headaches cause (Apache / NGINX / SQL server) starts eating too much memory or under some circumstances leads to service or system crashes. Periodic system main services restart is especially helpful in case if Website's backend programming code is writetn in a bad and buggy uneffient way by unprofessional (novice) programmers.
While I was still working as Senior SysAdmin in Design.BG, I've encountered many such Crappy Web applications developed by dozen of different programmers (because company's programmers changed too frequently and many of the hired Web Developers ,were still learning to program, I guess same is true also for other Start-UP Web / IT Company where crappy programming code is developed you will certainly need to keep an eye on Apache / MYSQL uptime. If that's the case below 2 quick one liners with PS command will help you keep an eye on Apache / MYSQL uptime

ps -eo "%U %c %t"| grep apache2 | grep -v grep|grep root
root apache2 02:30:05

Note that above example is Debian specific on RPM based distributions you will have to grep for httpd instead of apache2

ps -eo "%U %c %t"| grep http| grep -v grep|grep root

root apache2 10:30:05

To check MySQL uptine:

ps -eo "%U %c %t"| grep mysqld
root mysqld_safe 20:42:53
mysql mysqld 20:42:53

Though example is for mysql and Apache you can easily use ps cmd in same way to check any other Linux service uptime such as Java / Qmail / PostgreSQL / Postfix etc.

ps -eo "%U %c %t"|grep qmail
qmails qmail-send 19-01:10:48
qmaill multilog 19-01:10:48
qmaill multilog 19-01:10:48
qmaill multilog 19-01:10:48
root qmail-lspawn 19-01:10:48
qmailr qmail-rspawn 19-01:10:48
qmailq qmail-clean 19-01:10:48
qmails qmail-todo 19-01:10:48
qmailq qmail-clean 19-01:10:48
qmaill multilog 40-18:02:53

ps -eo "%U %c %t"|grep -i nginx|grep -v root|uniq
nobody nginx 55-01:22:44

ps -eo "%U %c %t"|grep -i java|grep -v root |uniq
hipo java 27-22:02:07

Tags: apache webserver, apache2, case, cms, command, Crappy Web, crashes, daemon, doesn, example, eye, grep, headaches, How to, lot, multilog, mysqld, primary, programmers, programming code, root, running, scripting, scripts, week
Posted in Everyday Life, Linux, Monitoring, Programming, System Administration | No Comments »

How to SSH client Login to server with password provided from command line as a script argument – Running same commands to many Linux servers

Friday, March 6th, 2015

ssh-how-to-login-with-password-provided-from-command-line-use-sshpass-to-run-same-command-to-forest-of-linux-servers

Usually admins like me who casuanlly need to administer "forests" (thousands of identicallyconfigured services Linux servers) are generating and using RSA / DSA key authentication for passwordless login, however this is not always possible as some client environments does prohibit the use of RSA / DSA non-pass authentication, thus in such environments to make routine server basic package rpm / deb upgrades or do other maintanance patching its necessery to use normal ssh user / pass login but as ssh client doesn't allow password to be provided from prompt for security reasons and therefore using some custom bash loop to issue single command to many servers (such as explained in my previous article) requires you to copy / paste password on password prompt multiple times. This works its pretty annoying so if you want to run single command on all your 500 servers with specifying the password from password prompt use sshpass tool (for non-interactive ssh password auth).

SSHPASS official site description:

sshpass is a utility designed for running ssh using the mode referred to as "keyboard-interactive" password authentication, but in non-interactive mode.

Install sshpass on Debian / Ubuntu (deb based) Linux

sshpass is installable right out of regular repositories so to install run:

apt-get install —yes sshpass

Install sshpass on CentOS / Fedora (RPM based) Linux

sshpass is available also across most RPM based distros too so just use yum package manager

yum -y install sshpass

If its not available across standard RPM distro provided repositories, there should be RPM on the net for distro just download latest one and use wget and rpm to install:

wget -q http://dl.fedoraproject.org/pub/epel/6/x86_64/sshpass-1.05-1.el6.x86_64.rpm

rpm -ivh sshpass-1.05-1.el6.x86_64.rpm

How Does SshPass Works?

Normally openssh (ssh) client binary uses direct TTY (/dev/tty)= an abbreviation for PhyTeleTYpewriter or (the admin jargon call Physical Console access) instead of standard remotely defined /dev/pts = Virtual PTY.
To get around this Sshpass runs ssh in a dedicated TTY to emulate the password is indeed issues by interactive keyboard user thus fooling remote sshd server to thinking password
is provided by interactive user.

SSHPass use

Very basic standard use which allows you to pass the password from command line is like this:

sshpass -p 'Your_Password_Goes_here123' ssh username@server.your-server.com

Note that the server you're working is shared with other developers they might be able to steal your username / password by using a simple process list command such as:

ps auxwwef
…

In my case security is not a hot issue, as I'm the only user on the server (and only concern might be if someone hacks into the server 🙂

Then assuming that you have a plain text file with all your administered servers, you can easily use sshpass in a Bash Script loop in order to run, lets say a package upgrade across all identical Linux version machines:

while read line; do
sshpass -p 'Your_Password_Goes_here123' ssh username@$line "apt-get update && apt-get upgrade && apt-get dist-upgrade" < /dev/null;
done < all_servers_list.txt

Change the command you like to issue across all machines with the string "apt-get …"
Above command can be used to keep up2date all Debian stable server packages. What you will do on servers is up to your imaginations, very common use of above line would be if you want to see uptime /netstat command output across all your network servers.

while read line; do
sshpass -p 'Your_Password_Goes_here123' ssh username@$line "uptime; who; netstat -tunlp; " < /dev/null;
done < all_servers_list.txt

As you can guess SshPass is swiss army knife tool for admins whoneed to automate things with scripts simultaneously across number of servers.

Happy SSH-ing 🙂

Tags: authentication, command, description, forest, Install, line, Linux, network servers, official, password, rpm, script, server, server packages, username, www
Posted in Everyday Life, Linux, Programming, System Administration, Various | No Comments »

How to execute ssh command on multiple Linux servers with native ssh client and a bash loop – Changing shell terminal to multiple servers from ksh to bash

Monday, February 16th, 2015

how-to-execute-ssh-command-on-multiple-linux-servers-with-native-ssh-client-and-bash-loop-changing-default-shell-terminal-to-bash-for-mass-many-multiple-linux-unix-servers
I've been working for a customer that has about 450 hundred servers running all kind of different Web Applications / Mail services / FTP / Web Statistics etc.. I have a single user / password access to all of the servers (using LDAP authentication) – just like many of my colleagues and by default most of servers shell set is Korn Shell (/bin/ksh) is automatically run on ssh login time ( as it is set as the default shell ). I have nothing personally against Korn Shell but as mainly script in Bash Shell last 10+ years and I'm used to Bash's terminal behavior so much, each time I login to the servers I had to run manually run :

/bin/bash

This becomes really annoying, because I have to login to so many servers daily and do various stuff, so I got pissed off at the end and I wanted to change default shell set (only for my current) user to BASH, since there are other users that work on servers and its not a good idea to change globally servers global shell to bash, because such action could hurt some poor colleague love for KSH 🙂

A note to make here is the servers are primary running SuSE SLES / CentOS and Debian and RHEL Linux, but this bash one liner would be working on any other Linux release which has a bash >=2.0, I've tested it exactly on bash 3.2.25.

I have dump of all server hostnames / IPs in a plain text (.txt) file called all_servers_list.txt and since the servers are not accessible between each other but only through a special HOP station running Windows I couldn't install and use sshpass for mass deploy of new $SHELL variable configuration into home directory's $HOME/.profile ( ~/.profile ) . Thus I was forced to use a standard SSH client and a MobaXTERM inistallation which comes with integrated CygWin bash (for windows) and thus I can run normal Linux bash code inside the MobaXTerm Terminal on the Windows 2012R2 (jump host) .. 🙂

while read line; do ssh my-user@$line 'echo "export SHELL=/bin/bash ; exec /bin/bash" >> /home/my-user/.profile' < /dev/null; done < all_servers_list.txt

Since SSH client doesn't have a non-interactive way to pass on password from command line (for security reasons), to make above bash one liner loop to deploy bash as a default shell (mass) on all servers I have to paste (my Sotred in Memory Copied password) the SSH remote login server password 450 times each time I',m prompted by SSH to input password manually (this takes about 20) minutes but it is a worthy time, since from then on /bin/bash runs automatically on server login time. One important note to make is the </dev/null here is necessery because otherwise ssh is having troubles with reading the host in the loop. If you try running above cmd without </dev/null you, the loop is about to end after first login attempt. Changing default shell to multiple servers is not done only to servers with default ksh, but for any servers with default csh shell or any other obscure shell to bash (if bash is installed) is achieved by above command.

As you can guess above while bash loop, can easily be modified to run any other command to a bunch of hundred or thousand servers of your choise, the only inconvenience you will have is you have to paste the password for each server part of loop to which ssh is creating connection.
This example works on Linux but should work fine on any other platform that have /bin/bash (or /usr/local/bin/bash) installed if on FreeBSD / NetBSD, it should work on HP-UX and SunOS / Solaris hosts which have bash installed too.

Once you've launched the loop and added /bin/bash to run on login to check on next login where you're really running bash shell there is the:

echo $SHELL
/bin/bash

If you want keep / grep output of shell variable $SHELL:

MYSHELL=`ps -hp $$|awk '{echo $5}'`

Anyhow on some Linux hosts this variable might show bash and still you might be running old shell ksh / csh, the better way to check your SHELL is with ps -p $$ command (nowdays not known by many admins)

ps -p $$
PID TTY TIME CMD
866 pts/0 00:00:00 bash

Now I can happily use bash on all the servers every time I login. Cheers and Thanks God ! 🙂

Tags: bash shell, bin, current user, default shell, How to, KSH, liner, loop, multiple, server login, server password, servers, ssh client, ssh command
Posted in Curious Facts, Everyday Life, Programming, Remote System Administration, System Administration, Various | 1 Comment »

☩ Walking in Light with Christ – Faith, Computing, Diary

Archive for the ‘Programming’ Category

How to make for loop (cycles) in KSH useful for FreeBSD / UNIX system administrators

How to remove Google Logo from Searches in Firefox and Chrome and Safari Web browsers – Disable seeing Annoying Google Doodles content with ABP

Daily Bible quote

GET ARTICLE UPDATES

Useful blog? Help it:

Links to Other Places

Recent Posts

Ads

Categories

About Myself

Recent Comments

Top Post Views

blogtopsites