洛阳铲的日志

2010年04月21日

cfengine中的literal string和regext string

Filed under: Linux — 标签:, , , , — HackGou @ 15:24

这篇日志的起因是因为cfengine加了一项auto mount项,但是在/etc/auto_*的配置中却无法更新。

加上-v执行cfagent之后,得到一个提示:

resetting pointers to line 1
Edit: Search for \* -rw,vers=3,proto=tcp,sec=sys,rsize=32768,wsize=32768,timeo=600,actimeo=1200,retrans=2,nodev,hard,context=system_u:object_r:httpd_sys_content_t:s0 nss1.la.vclk.net:/vol/mezi_websites_beta/& failed. Current line still 1
LocateLineMatchingRegexp failed in /etc/auto_mezi_sites, aborting editing
End editing /etc/auto_mezi_sites

这个提示信息来自这段配置:

BeginGroupIfNoSuchLine “* -$(optsRWwebSe) nss1.la.vclk.net:/vol/mezi_websites_beta/&”
DefineInGroup “ReloadAutoFS”
ResetSearch “1”
DeleteLinesMatching “\*[ ].*”
AppendIfNoSuchLine “\* -$(optsRWwebSe) nss1.la.vclk.net:/vol/mezi_websites_beta/&”
EndGroup
ResetSearch “1”
LocateLineMatching “* -$(optsRWwebSe) nss1.la.vclk.net:/vol/mezi_websites_beta/&”
DeleteLinesAfterThisMatching “\*[ ].*”

上面这个配置,其实是为了增加下面这一行:

* -rw,vers=3,proto=tcp,sec=sys,rsize=32768,wsize=32768,timeo=600,actimeo=1200,retrans=2,nodev,hard,context=system_u:object_r:httpd_sys_content_t:s0 nss1.l
a.vclk.net:/vol/mezi_websites_beta/&

这对于把一大堆目录放到存储然后auto mount时经常使用的方法,比如把HOME放到存储上,这儿是把所有的beta环境放到存储上面

同时使用auto mount自动挂载。这一行里面的*就是问题的关键点

出现这个错误根本是因为在cfengine中,有的编辑命令接受的参数是正则表达式、有的接受literal string(我还没有看到有这个词的合适的翻译
暂且理解为:原意字符串,本身是什么就是什么,*代表的就是星号而非正则表达式中的任意个;.代表的就是符号而非正则表达式中的任意字符 )。

literal string的编辑命令不需要做任何转义,它执行的是严格的匹配;

regex string的编辑命令则执行的是基于正则表达式的编辑操作,任何元字符(.*^-?())都必须转义

上面涉及到的几个编辑指令按照这个标准可以这么分类:

BeginGroupIfNoSuchLine: literal string
DeleteLinesMatching: literal string
AppendIfNoSuchLine: literal string

LocateLineMatching: regex string
DeleteLinesAfterThisMatching: regex string

换句话说,红色的都有错误,Orz。

改成这样,按照上面的规则,修改如下

BeginGroupIfNoSuchLine “* -$(optsRWwebSe) nss1.la.vclk.net:/vol/mezi_websites_beta/&”
DefineInGroup “ReloadAutoFS”
ResetSearch “1”
DeleteLinesMatching “*[ ].*”
AppendIfNoSuchLine “* -$(optsRWwebSe) nss1.la.vclk.net:/vol/mezi_websites_beta/&”
EndGroup
ResetSearch “1”
LocateLineMatching “\* -$(optsRWwebSe) nss1.la.vclk.net:/vol/mezi_websites_beta/&”
DeleteLinesAfterThisMatching “\*[ ].*”

一切皆如想像

Del.icio.us : , , , ,

2010年01月22日

两个ssh相关的ruby脚本

Filed under: Linux,SSH — 标签:, , , , — HackGou @ 17:11

自从上次存储上面发现一个异常后,禁用不带密码的key。
而且关掉了sudo的nopasswd选项,
这下苦了我们自己,面对成百上千的服务器,需要拷贝个文件啊
或者root权限做个事情啊,那绝对是恶梦。为了拯救自己于恶梦,
利用NET::SSH,写了两个小脚本:

  1. 一个是scp.rb用来拷贝文件的,用法很简单:
    scp.rb hostA:/tmp/afile ./ 或者
    scp.rb afiel hostA:/tmp/afile
  2. 另外一个叫ssh_sudo.rb,看名字就知道,ssh来sudo的,比如:
    ssh_sudo.rb hostA cat /etc/shadow 会在HostA上面执行 cat /etc/shadow

把ssh_sudo.rb中,15行换成:
15 channel.exec(“#{cmd}”) do | ch, success|
就成了普通版的ssh了。这两个可以解决我80%的问题了。剩下20%就根据情况,临阵定夺了

################## scp.rb #####################

#!/usr/local/bin/ruby
require ‘net/scp’
password=”real_password
username=‘real_name’
src=ARGV[0]
dst=ARGV[1]
if ARGV[0] =~ /:/
host,remote_path=ARGV[0].split(“:”)
else
host,remote_path=ARGV[1].split(“:”)
end
Net::SCP.start( host, username, :password => password) do | scp |
if ARGV[0] =~ /:/
scp.download!( remote_path, dst )
else
scp.upload!( src, remote_path )
end
end
################## end scp.rb #####################

######################## ssh_sudo.rb #######################

#!/usr/local/bin/ruby
require ‘net/ssh’
password=”real_password
username=‘real_name’
host=ARGV[0]
cmd=ARGV[1..ARGV.length-1].join(” “)

begin
#Net::SSH.start(host, username, :password=> password, :verbose => :debug ) do | session |
Net::SSH.start(host, username, :password=> password, :timeout=>3 ) do | session |
retry_count=0
session.open_channel do | channel|
channel.request_pty
channel.exec(“sudo #{cmd}”) do | ch, success|
#channel.exec(“echo ‘robert:$xxx.’ | sudo /usr/sbin/chpasswd -e”) do | ch, success|
abort “could not execute command” unless success
channel.on_data do | ch, data |
if data =~ /Password/
retry_count+=1
channel.send_data password+”\n”
else
puts data
end
end
channel.on_extended_data do |ch, type, data|
if data =~ /Password/
retry_count+=1
channel.send_data password+”\n”
end
end
channel.on_close do |ch|
puts “Error for #{host}” if retry_count > 1
end
end
end
end
rescue Exception
$stderr.print “Error: #{$!} on #{host}\n”
end
############# end of ssh_sudo.rb ###################

Del.icio.us : , , , ,

2010年01月20日

ramfs VS tmpfs

Filed under: Linux — 标签:, , , — HackGou @ 11:23

这两种基于内存的文件系统,都可以称为内存盘。只是稍微有些差别:
Mount options for ramfs
Ramfs is a memory based filesystem. Mount it and you have it. Unmount it and it is gone. Present since Linux 2.3.99pre4. There are no
mount options.

Mount options for tmpfs
The following parameters accept a suffix k, m or g for Ki, Mi, Gi (binary kilo, mega and giga) and can be changed on remount.

size=nbytes
Override default maximum size of the filesystem. The size is given in bytes, and rounded down to entire pages. The default is
half of the memory.

nr_blocks=
Set number of blocks.

nr_inodes=
Set number of inodes.

mode= Set initial permissions of the root directory.

从挂载选项中可以看出两者最大的差别: tmpfs有size限制,ramfs没有size限制,换句话说: tmpfs不会耗光内存,因为有大小限制:超过物理
内存的时候会使用swap;而ramfs则有可能耗光物理内存,把机器拖垮,但是好处是会动态增长,适用于无法预估所需内存大小而内存又肯定够用的
情况,比如smarty的template_c;

Del.icio.us : , , ,

2009年12月4日

pdo_oci_handle_factory: OCI_INVALID_HANDLE 错误

Filed under: LAMP,Linux — 标签:, , — HackGou @ 18:15

有应用反应,老是报错

[DEBUG] SQLSTATE[]: pdo_oci_handle_factory: OCI_INVALID_HANDLE (/home/szhou/rpmbuild/BUILD/PDO_OCI-1.0/oci_driver.c:463)

在google中可以找到一大把类似的错误,都没有好的解决方法。虽然bug的提交者没有说名系统是否打开了Selinux, 但是对于今天的一个server而言
的确是因为SeLinux的缘故,在audit.log里面可以看到如下记录:


type=AVC msg=audit(1259911324.873:28565): avc: denied { execstack } for pid=19315 comm=”httpd” scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:system_r:httpd_t:s0 tclass=process

解决方法就是: ‘/usr/bin/execstack -c /usr/lib64/oracle/10.2.0.3/client/lib/*.so*’

drepper的个人主页上面有一个关于SeLinux保护内存的说明:
http://people.redhat.com/~drepper/selinux-mem.html
my overview of security features

https://bugzilla.redhat.com/show_bug.cgi?id=540466 解释如何在SeLinux下处理execstack。

Del.icio.us : , ,

2009年07月22日

What is this .nfsxxxxxxxxxxxxxx file and why can’t I remove it

Filed under: FreeBSD,Linux — blog @ 18:15

What is this .nfsxxxxxxxxxxxxxx file and why can’t I remove it?

Under unix, if you remove a file that a currently running process still has open, the file isn’t really removed. Once the process closes the file, the OS then removes the file handle and frees up the disk blocks. This process is complicated slightly when the file that is open and removed is on an NFS mounted filesystem. Since the process that has the file open is running on one machine (such as a workstation in your office or lab) and the files are on the file server, there has to be some way for the two machines to communicate information about this file. The way NFS does this is with the .nfsNNNN files. If you try to remove one of these file, and the file is still open, it will just reappear with a different number. So, in order to remove the file completely you must kill the process that has it open.
If you want to know what process has this file open, you can use ‘lsof .nfs1234’. Note, however, this will only work on the machine where the processes that has the file open is running. So, if your process is running on bobac and you run the lsof on some other burrow machine, you won’t see anything.

For example:

% echo test > foo
% tail -f foo
test
^Z
Suspended
% rm foo
% ls -A
.nfsB23D
% rm .nfsB23D
% ls -A
.nfsC23D
% lsof .nfsC23D
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
tail 1257 robh 0r VREG 176,6 5 3000753 .nfsC23D
%

So, once you have located and killed the process that has the file open, the .nfs file will go away automatically. In the above example, when you kill the tail process, the .nfsC23D file will disappear.

The useful tools: ps, lsof

Older Posts »

Powered by WordPress