Eric Mason » sysadmin

Asterisk: Automatically Update externip When Your IP Address Changes

eric — Tue, 15 Nov 2011 15:42:35 +0000

I got tired of updating Asterisk’s externip setting every time my IP address changed, so I wrote this quick script, saved as /usr/local/bin/asterisk_update_externip:

#!/bin/bash

ip_url="http://automation.whatismyip.com/n09230945.asp"

oldip=`grep externip /etc/asterisk/sip.conf |sed 's/;.*//' |grep -v ^$ |sed s/.*=\ *//`
ip=`curl -s "$ip_url" |head -n 1`

if [ "$oldip" != "$ip" ]
then
        #echo "Updating IP"
        sed -i "s/externip = $oldip/externip = $ip/" /etc/asterisk/sip.conf
        asterisk -r -x "core reload"

fi

I put it in /etc/cron.d/asterisk-externip as follows:

# Update Asterisk's SIP External IP
3,8,13,18,23,28,33,38,43,48,53,58 * * * * root asterisk_update_externip

Enjoy!

Nagios Plugin to Check Memory

eric — Mon, 10 Jan 2011 22:41:44 +0000

After a search for a check_memory plugin for Nagios turned up only a Korn shell script, I quickly wrote the following in Ruby for Linux, which I hereby release into the public domain. Why? All my servers have Ruby, but not Korn shell.

#!/usr/bin/env ruby

require 'optparse'

options = {}
optparse = OptionParser.new do |opts|
  opts.banner = "Usage: #{$0} [OPTIONS]"

  opts.on('-w', '--warn PCT', 'Warn if memory usage goes over PCT') do |val|
    options[:warn_pct] = val.to_i
  end

  opts.on('-c', '--crit PCT', 'Critical if memory usage goes over PCT') do |val|
    options[:crit_pct] = val.to_i
  end

  opts.on('-h', '--help', 'Display this screen') do
    puts opts
    exit
  end
end
optparse.parse!

unless options[:crit_pct] && options[:warn_pct]
  puts optparse.help
  exit
end

# Get the stats from /proc
mem = File.readlines("/proc/meminfo").inject({}) {|m,x| k,v = x.split(/:?\s+/); m[k] = v.to_i; m}
free = mem['MemFree'] + mem['Buffers'] + mem['Cached']
total = mem['MemTotal']
used = total - free
pct_used = used * 100 / total

if pct_used > options[:crit_pct]
  puts "MEMORY CRTIICAL - #{pct_used}% used"
  exit 2
elsif pct_used > options[:warn_pct]
  puts "MEMORY WARNING -  #{pct_used}% used"
  exit 1
else
  puts "MEMORY OK - #{pct_used}% used"
end

This goes in /usr/lib/nagios/plugins/check_memory . You can add it to nrpe.cfg like so:

command[check_memory]=/usr/lib/nagios/plugins/check_memory  -w 75 -c 85

Update: Found a shell script here

PuTTY SSH / Windows Clipboard Integration

eric — Fri, 23 Apr 2010 22:36:49 +0000

Getting text out of your SSH sessions can be annoying. If it fits in a screen, I usually just select the text in PuTTY to copy it– no big deal. Otherwise, I have to either email it to myself or put it in a file, log in with WinSCP, and download the file. Way too much trouble.

Today I started searching for a better solution and found a patch for PuTTY by Diomidis Spinellis. Unfortunately it was for an old version of PuTTY. However with a little effort I updated the patch to PuTTY 0.60.

Here’s how it works:

Use the modified PuTTY
When connecting (or after) click on the Terminal setting, and under “Printer to send ANSI printer output to” select “Windows clipboard”
Add the following to your .bashrc (or the appropriate startup file for your shell) To use it immediately, be sure to type “source .bashrc”
```
function wcl {
  echo -ne '\e''[5i'
  cat $*
  echo -ne '\e''[4i'
  echo "Copied to Windows clipboard" 1>&2
}
```
}
Now when you want some text out of SSH, just pipe it to wcl. For instance, “ls -la |wcl” places the output of “ls -la” in your Windows clipboard.

Modified PuTTY 0.60 executable

Patch for PuTTY 0.60

Apt-get upgrade wants to replace my compiled packages.

eric — Mon, 30 Mar 2009 20:16:40 +0000

I was getting some messages from my daily apt-get upgrade script telling me some of my ffmpeg debs needed to be upgraded. Since I had recompiled ffmpeg from the source debs with different options, I re-ran apt-get source ffmpeg to get the latest source. When nothing downloaded, I checked the latest version with apt-cache and found it matched the version I have installed. Off to Google I went and found this thread from 9 years ago saying the bogus upgrade messages are normal and I had to increment the version number.

I still want to be notified when new versions come out (via my daily upgrade script) so I can recompile it, so I updated the version as little as possible by adding an “a” to the end of it.

In the source directory, I edited debian/changelog . The first line said

ffmpeg (3:0.cvs20070307-5ubuntu7.3) hardy-security; urgency=low

So I changed it to

ffmpeg (3:0.cvs20070307-5ubuntu7.3a) hardy-security; urgency=low

Then I ran fakeroot debian/rules binary and installed the resulting packages. Now apt-get upgrade tells me I have nothing to upgrade. As long as the ffmpeg package maintainer doesn’t use 3:0.cvs20070307-5ubuntu7.3a as the new version number, I’ll still know when a new release comes out.

SOAP4R and SSL: unable to get local issuer certificate

eric — Wed, 01 Oct 2008 13:16:40 +0000

After enabling SSL on a couple of apps, I got an email from one of my cron jobs telling me my SOAP API was no longer working. (This is why you always want to have an entry in /etc/aliases forwarding root’s email to an account you will read)

The error message was “unable to get local issuer certificate.” I thought, no big deal, there must be an easy way to get SOAP4R to find all the root CA certificates. Unfortunately it took a while searching Google to find the right answer, so I’m posting it here to make it easier for the next person (which just might be me next week).

It turns out SOAP4R will read a file called “soap/property” in your ruby library path (which can usually be the directory your app is in). You can place certain configuration options in this file to control how SOAP4R behaves. In this case, I needed to add
client.protocol.http.ssl_config.ca_file=/etc/ssl/certs/ca-certificates.crt

This fixed the “unable to get local issuer certificate” error right away.

There was another problem though; it was complaining about the hostname not matching the certificate. Since I’m using a wildcard certificate, I assume this means OpenSSL doesn’t respect wildcard certificates. I grudgingly added this to soap/property file
client.protocol.http.ssl_config.verify_mode=OpenSSL::SSL::VERIFY_NONE
And it’s fine now.

Multiple virtual hosts using SSL on the same IP and Port

eric — Wed, 01 Oct 2008 03:08:12 +0000

Tonight I decided to set up SSL on two internal web apps I’ve been running for a while. I have a wildcard certificate *.stockpr.com just for this purpose. Each app was originally running on a separate hostname on a single IP address on port 80.

After I started setting up SSL, I realized that I might run into trouble because Apache has always said you can’t combine NameVirtualHost and SSL. The reason for this is that the SSL session is established before the HTTP headers are sent. Since NameVirtualHost relies on the HTTP Host header, which is unavailable since it hasn’t yet been sent at the time SSL is being negotiated, Apache can only use a single SSL cert per combination of IP and port.

So my thought was this should technically not be a problem since both of my hostnames are under the same domain and I have that fancy wildcard certificate for both virtual hosts. I thought Apache just might be cool enough to send the first certificate it finds, but still respect the HTTP Host header and send the request to the right virtual host.

Guess what… Apache is indeed that cool. I now have x.stockpr.com and y.stockpr.com on the same IP and port with two different virtual hosts, sharing the same certificate.

Won’t exactly revolutionize web hosting, but it definitely made my ~~day~~ night go a little easier. (Of course if you read my last post, something else more than made up for it)

Amazon EC2 and “4gb seg fixup”

eric — Wed, 01 Oct 2008 02:49:52 +0000

Tonight I spent two hours banging on an EC2 instance that suddenly went awry. I was adding SSL to a couple of internal applications we host on this instance when my “apache2ctl configtest” command hung. I tried all sorts of things and finally noticed there were tons of entries in /var/log/messages referencing “4gb seg fixup” like this:

kernel: printk: 16 messages suppressed. kernel: 4gb seg fixup, process sh (pid 21236), cs:ip 73:00a7b240 last message repeated 8 times kernel: printk: 353387 messages suppressed.

Google revealed that I’m not the first to run into this problem with an EC2 instance. Several posts said to install the Xen version of libc
apt-get install libc6-xen
and do this:
echo "hwcap 0 nosegneg" > /etc/ld.so.conf.d/libc6-xen.conf; ldconfig
And then reboot.

This seems to have fixed it, but I’m wondering why this was either not included in the Ubuntu AMI I’m using or somehow got undone.

Bundling EC2 Instances and EBS

eric — Wed, 24 Sep 2008 14:52:36 +0000

As I mentioned in the last post, I’m working on hosting email accounts on Amazon EC2. I am experimenting with mounting /var on an EBS volume so my database, logs, etc. will survive the failure of an instance. The idea is to be able to start a new instance, attach the EBS volume containing the /var partition, and keep going where the previous instance left off.

The first time I tried to bundle the volume I noticed it was taking a very long time. I had incorrectly assumed that ec2-bundle-vol would automatically exclude any EBS volumes. Instead, it only excludes a static list of directories, so I had to add the EBS volume (/mail) to the exclusion list.

Here are the commands I used to bundle the volume:

ec2-bundle-vol -k /mnt/aws-config/pk-xxxxx.pem \ -c /mnt/aws-config/cert-xxxx.pem \ -u xxxx-xxxx-xxxx -d /mnt/bundle \ -p image-name-20080924 -e /mail

ec2-upload-bundle -b ae-ami \ -m /mnt/bundle/image-name-20080924.manifest.xml \ -a xxxx -s xxxx

ec2reg bucket-name/image-name-20080924.manifest.xml

The next step will be to figure out how to set up the AMI so it will have a swap partition when it boots up in a new instance.