Stupid Cacti tricks

I spent some time this weekend consolidating services I have running at home down to one box. I migrated my Cacti installation to its new home (from one FreeBSD jail to another), and moved the mysql server to its own jail. I quickly realized that there was a problem. My graphs weren't working anymore. Some checking and I determined that there was a problem with the rrd files failing because the timestamp of updates was in the past, by six hours, which is precisely the offset of my time zone (CST). I checked all of the time zone configuration on the Cacti jail, and everything was set correctly. I went to bed, frustrated, but figuring that the data would catch up by morning.

Morning came, and my graphs were indeed logging data again, but offset by six hours. The graph window showed the correct time range, but the end of the data line was six hours behind local time. After too much screwing around, reading through the Cacti php. I finally discovered that Cacti sends its poller results to mysql, before retrieving them to put in the rrd files (and purging the records from mysql). The times I was getting back from the new mysql server were being sent as local time, not UTC.

Long story longer, I had neglected to set the time zone in the jail containing mysql.

Who has been spamming legislators with my identity?

Early this week, I received an email from a Tiffiniy Cheng at fightforthefuture.org. I decided to open the message, despite the subject line being spammy-looking at best. The email essentially thanked me for my work in helping to defeat SOPA, and urging me to contact my legislators regarding PROTECT IP. While I have no love for either piece of legislation, I was fairly certain that I have never heard of fightforthefuture.org before, and I had not made any effort related to SOPA. Looking closer at the email, I noticed that it was sent on the behalf of fightforthefuture.org by Blue State Digital, an organization born from the ashes of the Howard Dean campaign. The email was also sent to an email address I forgot even existed; that I created years ago and set to forward to one of my primary addresses.

I wrote off the email and carried on. Yesterday morning, I received another email from Congressman Dennis Cardoza's office. The email was a form letter thanking me for contacting him regarding SOPA. I'm pretty sure that Dennis Cardoza is a California Democrat, and that California has not yet acquired Minnesota, where I am, and have always been a resident. The second email was also sent to my long-forgotten email account. That these two emails are the only messages that have been received by this account in as many years, something smells fishy.

It seems to me that someone has gotten their hands on an email list (I probably supported some democratic cause years ago), and taken it upon themselves to use that email list to spam legislators. While I may have no love for the current generation of intellectual property law, I have even less love for people using my identity without my authorization. As broken as American politics may seem, this seems particularly dishonest, as it undermines one of the core principles of our government; the ability of citizens to correspond with their elected representatives. If legislators think that correspondence from their constituents might be bogus, why bother reading ANY correspondence?

Dry firing a Ruger Mark I pistol

From the FYI department...

I contacted Sturm, Ruger support to find out if it is safe to dry-fire the .22 Standard/Mark I pistol. Here is their response. Short answer, yes.

Comment / question:

I was given an old Ruger Mark I by my father, and I wanted to know if dry firing will damage the pistol. Your FAQ mentions that this is a safe operation on the newer Mark IIIs and .22 pistols generally, but does not say anything specific about its predecessor.

Response:

The firing pin in the Ruger .22 pistols is of the inertia type and dry firing should cause no damage to the firearm as long as the firing pin stop is in place in the bolt (refer to information regarding “To Unload” and “Reassembly” in the instruction manual). When handling the firearm, ensure compliance with all warnings and instructions contained in the manual and be especially careful to keep your firearm pointed in a safe direction. If you should need further assistance please call our Service Department at 928/778-6555 between 8:00 - 4:00, MST Monday thru Friday, at a time convenient for you. A Ruger Representative will be happy to help you.

ZFS Volumes not showing up on reboot?

If you're using ZFS on FreeBSD and your ZFS volumes do not appear after rebooting the system, verify that your rc.conf file has zfs_enable="YES". This allows /etc/rc.d/zvol to run, which executes an undocumented 'zfs volinit' command to create the /dev/zvol/... device entries. The script also adds swap space volumes if the ZFS volume has org.freebsd:swap=on set.

Apache syslogging on FreeBSD

If you need to use Syslog to send Apache log output there are plenty of examples already on the Internet. The first hit on google was the O'Reilly Sysadmin blog, which is very useful. However, the page is a bit old and the perl script they provide for Syslogging access logs is in need of updating. My modified version is below. To summarize the process..

1. Put the following script in /usr/local/bin/apache_syslog.

   
   #!/usr/bin/perl
   
   # $Id$
   #
   # A wrapper script that logs apache access via syslog. Copied from an example
   # at http://oreilly.com/pub/a/sysadmin/2006/10/12/httpd-syslog.html
   # Script requires sysutils/p5-Sys-Syslog from FreeBSD ports.
   #
   
   use Sys::Syslog qw( :DEFAULT setlogsock );
   
   # Excluded, per the rules of Sys:Syslog
   # http://search.cpan.org/~saper/Sys-Syslog-0.29/Syslog.pm#THE_RULES_OF_SYS::SYSLOG
   #setlogsock('unix');
   openlog('httpd', "cons, pid", 'local2');
   
   while ($log = ) {
   syslog('notice', $log);
   }
   
   closelog;

2. Install sysutils/p5-Sys-Syslog from ports (FreeBSD).
3. In your Apache config replace your ErrorLog directive with "ErrorLog syslog:local1".
4. Replace your CustomLog directive (for access logs) with "CustomLog |/usr/local/bin/apache_syslog combined".
5. Edit /etc/syslog.conf, adding the following lines
   !httpd
   local1.* /var/log/httpd-error.log
   local2.* /var/log/httpd-access.log
   !*
   
6. Create the log files with "touch /var/log/httpd-error.log /var/log/httpd-access.log".
7. Edit /etc/newsyslog.conf, adding the following lines
   /var/log/httpd-error.log 640 14 * @T00 J
   /var/log/httpd-access.log 640 14 * @T00 J
8. (Re)start syslogd and apache.
9. Profit.
   

Clearing my mental hang-ups about Perl

The script below does some simple things to demonstrate to myself how a number of things work in Perl. Simple things, but ones that I sometimes have to stop and think twice about.

use Config::Auto;

# Test Config::Auto output, which should be a reference
my $ca = Config::Auto->new(
source => "test.conf",
format => "equal"
);

my $config = $ca->parse;

print "\$config is a " . ref($config) . " reference\n" if (ref $config);
print "c_one undefined\n" unless (defined $config->{'c_one'});
print "c_two undefined\n" unless (defined $config->{'c_two'});
print "c_three undefined\n" unless (defined $config->{'c_three'});
print "c_one non-existent\n" unless (exists $config->{'c_one'});
print "c_two non-existent\n" unless (exists $config->{'c_two'});
print "c_three non-existent\n" unless (exists $config->{'c_three'});


# Test a non-referenced hash
my %harsh=(
'one' => 1,
'two',
);
print "\$harsh is a " . ref($harsh) . " reference\n" if (ref $harsh);
print "one undefined\n" unless (defined $harsh{'one'});
print "two undefined\n" unless (defined $harsh{'two'});
print "three undefined\n" unless (defined $harsh{'three'});
print "one non-existent\n" unless (exists $harsh{'one'});
print "two non-existent\n" unless (exists $harsh{'two'});
print "three non-existent\n" unless (exists $harsh{'three'});

# Test array interpolation
my @array = ("one", "two");
print "\@array interpolated is: @array\n\@array not interpolated is " . @array . "\n\$\#array is $#array\n";

The test.conf file referred to above contains the following:

c_one = 1
c_two =

The following output is generated by the script:

$config is a HASH reference
c_three undefined
c_three non-existent
two undefined
three undefined
three non-existent
@array interpolated is: one two
@array not interpolated is 2
$#array is 1

Renaming user-defined ZFS properties

Here is a short script I cooked up to rename the namespace of all the ZFS user-defined properties on a host. Useful if you need to change com.foo:beans to com.bar:beans for more than a couple of properties on a couple of filesystems.

#!/usr/local/bin/perl

#
# This script looks at the properties for every zfs filesystem and snapshot on
# a server and changes every occurance of a property in in namespace $old to
# namespace $old.
#

use strict;

my ($old, $new) = ("com.foo", "com.bar");
my $overwrite = "yes"; # overwrite existing $new properties
my $localonly = "yes"; # do not move inherited properties

for my $fs ( `zfs list -Ho name` ) {
chomp $fs;
&do_rename($fs);
}

for my $snap ( `zfs list -Ho name -t snapshot` ) {
chomp $snap;
&do_rename($snap);
}

sub do_rename {
#print "Renaming $old to $new on $_[0]\n";
# get list of properties with $old
for my $prop ( `zfs get -Ho property,source,value all $_[0] | grep $old` ) {
$prop =~ m/$old:([a-z._:][a-z.\-_:]*)\t([a-z0-9\/\- ]+)\t(.*)\n/;
#print "Examining property $old:$1 on $_[0] with value $3\n";
my ($suffix, $value) = ($1, $3);
# local check, if enabled
next if (( $localonly eq "yes" ) and ( $2 ne "local" ));
next if (( $overwrite eq "no" ) and ( &check_exists($_[0],"$old:$suffix") == 0 ));
print "Setting $new:$suffix=$value and inheriting (erasing) $old:$suffix on $_[0]\n";
( system("zfs set $new:$suffix=$value $_[0]") == 0 ) or die "Error during zfs set operation";
( system("zfs inherit $old:$suffix $_[0]") == 0 ) or die "Error during zfs inherit operation";
}
}

sub check_exists {
# Return 0 if the specified property [1] exists on object [0]
if ( system("zfs get -Ho value $_[1] $_[0] | grep -qE '^-\$'") == 0 ) {
# DNE
return 1;
} else {
print "$_[1] exists on $_[0]!\n";
return 0;
}
}