Piping STDOUT to one command but STDERR to a different command

Found this awesome stackoverflow answer and had to write it up as a note to myself:

./foobar.pl > >( logger -t stdout ) 2> >( logger -t stderr )

Specifically, I hope to use this to replicate all EBS snapshots taken on an instance, e.g.:

ec2-consistent-snapshot > >( ec2-replicate-snapshots ) 2> >( logger -t $PROGNAME )

Building RPMs cleanly

I recently found this script recently to build a solr rpm and I love how it simply solves so many problems with RPM packaging with a few defines. Here's my slightly modified version for building an apache package, which leaves the SOURCES directory untouched and keeps a log of the build so you can go back and review it later:

#!/bin/sh -x
rm -rf BUILD RPMS SRPMS tmp || true
mkdir -p BUILD RPMS SRPMS tmp

rpmbuild -bb --define="_topdir $PWD" --define="_tmppath $PWD/tmp" apache.spec 2>&1 | tee apache-build.txt

rsync + FAT32 filesystem

Found a useful nugget in the rsync FAQ: if your destination filesystem when using rsync is a FAT32 filesystem you need to add the --modify-window=1 option due to problems with the modified times on FAT32. A working example would be:

rsync \
 --progress \
 --delete \
 --verbose \
 --archive \
 --modify-window=1 \
 /path/to/source/dir/ \
 /path/to/fat32/dir/

As always, remember to be careful about those trailing slashes!

Self-signing a certificate... quickly

I've been using SSL/TLS certs for a long, long time - I've even had to re-issue my personal CA cert after it expired after 5 years. However, every time I've issued a self signed cert for an internal site, openssl prompted me interactively for the Country, State, Locality, etc. etc. blah, blah, blah. The lack of automation was exceptionally annoying. I knew the defaults could be customized so that only the Common Name would have to be entered, but that wasn't enough. The openssl req manual page has a non-working example of a config file that shouldn't prompt (Sample configuration containing all field values) but it doesn't work. After spending considerable time trying to craft a custom, template openssl.cnf file today, I finally found a blog post that mentions the -subj argument that completes the certificate request without any prompting. The only prompting now done is for the rsa command if you're encrypting your keyfile. And of course, this can be automated with the -passin arg, if needed. Here is a full example:

# FQDN of SSL/TLS site
CN="fhqwhgads.example.com"

# preflight
C="US"
ST="New York"
L="New York"
O="Example.com Inc."
OU="Systems Team"
emailAddress="devnull@example.com"

# create a private key
openssl genrsa -out ${CN}.key 2048
# create a certificate request
openssl req \
 -new \
 -subj "/C=$C/ST=$ST/L=$L/O=$O/OU=$OU/CN=$CN/emailAddress=$emailAddress" \
 -key ${CN}.key \
 -out ${CN}.csr
# create cert
openssl x509 -req -days 3650 -in ${CN}.csr -signkey ${CN}.key -out ${CN}.crt

#
# optional - encrypt key
#
# move key
mv ${CN}.key ${CN}.key.plain
# encrypt key
# (add '-passin pass:password' or '-passin file:pathname' for no prompting)
# see openssl(1) manpage
openssl rsa -des3 -in ${CN}.key.plain -out ${CN}.key.crypt
# rename key
mv ${CN}.key.crypt ${CN}.key
# clean up
rm ${CN}.key.plain

Splitting traffic with an F5 BigIP LTM iRule

Another item filed under "notetoself" - how to split traffic by URI with an iRule applied to a virtual server on an F5 BigIP LTM.

when CLIENT_ACCEPTED {
   set default_pool [LB::server pool]
}
when HTTP_REQUEST {
  if { [HTTP::uri] starts_with "/path/to/split/off" } {
    pool pool_to_split_to
  } else {
    pool $default_pool
  }
}

Normally, I am against this type of hack. I believe that content should have a unique location - if there's two URLs that can get you to the same bit of content, people will use them interchangeably and it will cause nothing but headaches. However, in this case the $default_pool content is a Tomcat stack running a custom framework backed by Oracle and the pool_to_split_to is a LAMP stack running drupal backed by MySQL e.g. they couldn't be any different. This is the best way to unify the URL to access both without creating unnecessary extra hops across the network (say, using apache's mod_proxy_http).

Enabling color "ls" on Mac OS X

In ~/.bashrc, add:

export CLICOLOR=1

And if you don't have it already, add to ~/.bash_profile:

if [ -f ~/.bashrc ]; then
        source ~/.bashrc
fi

Sometimes, it's the little things that you're used to seeing that make you feel at $HOME.

Setting the Mac OS X hostname

I know you can set the hostname in Preferences > Sharing > Computer Name, but it gets overwritten if you're on a foreign DHCP network that has hostnames assign. To prevent that from happening:

sudo scutil --set HostName {custom_hostname}

Found on this superuser.com thread.

Getting timing out of curl


curl -w " \
time_total %{time_total} \
time_connect %{time_connect} \
time_namelookup %{time_namelookup} \
time_pretransfer %{time_pretransfer} \
time_starttransfer %{time_starttransfer} \
time_redirect %{time_redirect}\n" http://www.example.com


Notes on burning a DVD using Linux

I can't believe I haven't done this before. I guess my desktop has always had a burner and a gui program to do this. Anyway after searching and finding some links, I'm making some notes for next time.

TITLE="012345678901234"
SOURCE_DIR="/path/to/files"
mkisofs -v -A $TITLE -V $TITLE -J -r -o dvd.iso $SOURCE_DIR
eject -t dvd
cdrecord -scanbus dev=ATA # find your DVD burner in the list
cdrecord -v dev=ATA:1,1,0 driveropts=burnfree -dao dvd.iso
eject dvd

I'm sure there's better ways to do this, but it worked pretty well for the first attempt.

rpm queryformat

Another reminder to myself - rpm query to show installed RPMs formatted with name of the file as they were installed (as per the default CentOS/RHEL naming scheme on the install media):

rpm -qa --qf '%{name}-%{version}-%{release}.%{arch}.rpm\n'

Renaming a cisco access-list

I'm tired of forgetting this, so here's a reminder to myself on how to rename an access-list:

access-list old_acl_id rename new_acl_id

I know this work on ASA 8.2.* and better but doesn't work on IOS 12.2(*)SX.