Plot lines no longer allowed:

  • Car won’t start
  • “You don’t understand!”
  • Just play along.
  • “Hide your wrongdoing, no one will ever find out, just keep spinning bigger and bigger lies!” Said every Disney live action kids show ever.
  • Stupid adults
  • Are we done here?/Can I go now?/Can I go home? (just admit that you’re guilty right now)
  • Cops/Military/Doctors that don’t listen to anything ever ever ever
  • Exploding cars/every car accident = fireball of doom
  • Showering at midnight at abandoned campground/mental facility/dorm, you know, like ya do.
  • Maniacal laughing. Constantly. For No. Reason. At. All. Somebody just shoot the fucker.
  • Girls that can’t wink should not try.
  • No one blows kisses, do not try.
  • No eating apples on screen, please. It’s not medieval, and it’s not fun to listen to.
  • Close-miking of anyone eating anything. Do not.
  • “No, no, really, it’s nothing…” from people that should damn well be reporting this shit asap.
  • Professional __________ that know shit about ___________
  • Outright dismissal of clear evidence, and just moving on like no one is going to notice.
  • Stupid dads that can’t change a diaper or wipe a nose or anything beyond grunt
  • Stupid dads that can’t fix anything ever
  • Water does not shoot straight up from a drain. Ever.
  • Don’t check if he’s dead, just assume everything goes as planned.
  • Super-Ultra eyeballs that can see a bulge in a pocket from across town, or spot someone in a crowd from 5 blocks away
  • Super-Ultra hearing so that one guy on the opposite end of a crowded stadium can speak normally, yet address thousands of people. In 1200 B.C.
  • “Look! There he is!” 300 yards away in a crowd. Seriously?
  • Snipers with handguns shooting things miles away
  • Snipers shooting with the barrel hanging out the window
  • Anyone with a handgun hitting anything beyond 50 feet while running
  • Security footage with obvious moves/pans/scans/zooms
  • Asking questions and getting no answers at all or utterly random responses like everyone is crazy
  • Zoom! Enhance!!
  • Ook Ook! Pretty nurse!! Grunt. Grunt. No answer question. Zog rather die. Ok, stepped on nail. With dick. Light bulb in ass cuz I fell on it.
  • For the love of God, WATCH THE ROAD!!! Especially through the intersection with the trucks!
  • Doctors being risky and edgy and almost losing their license every single day
  • Next of kin being in the room during surgery micro-managing the surgeon

Add user and password to NGINX proxy

Go to:

http://aspirine.org/htpasswd_en.html

In the left box (#1) enter a username and password that you want to use like:

willb179   MonkeyBiscuits123

In the right box (#2) click Generate htpasswd content

It will generate a line like this:

willb179:$apr1$l9.OI9au$uZaO8fsnfhrNHI7V.Tr52.

Send this encrypted line via Slack or email (the “willb179:$apr1$l9.OI9au$uZaO8fsnfhrNHI7V.Tr52.”)

Remember the password you used!

generate passwords automagically, so users can submit encrypted passwords themselves

vi /etc/nginx/htpasswd

service nginx restart

**** MAKE SURE THE USER ISN’T ALREADY IN THERE!! If you have duplicates, you will get a constant string of 401 Unauthorized because it picks the FIRST one in the list and you’ll pull your hair out.

NGINX Config for password protected reverse proxy:

proxy.conf:


proxy_redirect off;


proxy_set_header Host $host;


proxy_set_header X-Real-IP $remote_addr;


proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


client_max_body_size 50m;


client_body_buffer_size 128k;


proxy_connect_timeout 90;


proxy_send_timeout 90;


proxy_read_timeout 90;


proxy_buffers 32 4k;

nxinx.conf.erb


# For more information on configuration, see:


#   * Official English Documentation:
http://nginx.org/en/docs/



user nginx;


worker_processes auto;


error_log /var/log/nginx/error.log;


pid /run/nginx.pid;



# Load dynamic modules. See /usr/share/nginx/README.dynamic.


include /usr/share/nginx/modules/*.conf;



events {

    worker_connections 1024;


}



http {

    log_format  main  ‘$remote_addr – $remote_user [$time_local] “$request” ‘

                      ‘$status $body_bytes_sent “$http_referer” ‘

                      ‘”$http_user_agent” “$http_x_forwarded_for”‘;


    access_log  /var/log/nginx/access.log  main;


    sendfile            on;

    tcp_nopush          on;

    tcp_nodelay         on;

    keepalive_timeout   65;

    types_hash_max_size 2048;


    include             /etc/nginx/mime.types;

    default_type        application/octet-stream;


    # Load modular configuration files from the /etc/nginx/conf.d directory.

    # See http://nginx.org/en/docs/ngx_core_module.html#include

    # for more information.

    include /etc/nginx/conf.d/*.conf;


    server {

        listen       80 default_server;

        listen       [::]:80 default_server;

        server_name  _;

        root         /usr/share/nginx/html;


        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;



    location / {


        auth_basic “Restricted”; #For Basic Auth


        auth_basic_user_file /etc/nginx/htpasswd; #For Basic Auth


        include conf.d/proxy.conf;


        proxy_pass http://127.0.0.1:8080;


    }

    }


}

Local:

openssl passwd -apr1

Enter password you want twice when prompted, it will generate an apr1 encrypted password

Add:

username:$apr1encryptedpassword

Chef:

nginx.rb



include_recipe ‘yum-epel::default’


package ‘nginx’



[‘htpasswd’].each do |f|

  cookbook_file “/etc/nginx/#{f}” do

    source f

    owner ‘nginx’

    group ‘nginx’

    mode ‘0644’

  end


end



cookbook_file ‘/etc/nginx/conf.d/proxy.conf’ do

  source ‘proxy.conf’

  owner ‘nginx’

  group ‘nginx’

  mode ‘0644’


end



# Use nginx.conf template


template ‘nginx.conf’ do

  path ‘/etc/nginx/nginx.conf’

  source ‘nginx.conf.erb’

  mode ‘0644’

  owner ‘nginx’

  group ‘nginx’


end



service ‘nginx’ do

  action [:enable, :start]


end



require ‘mixlib/shellout’


selinuxstatus = Mixlib::ShellOut.new(‘getenforce’)


selinuxstatus.run_command



puts ‘SELinux Status is: ‘ + selinuxstatus.stdout


selinuxstate = selinuxstatus.stdout


puts ‘error messages’ + selinuxstatus.stderr


selinuxstatus.error!



# SELinux possible states are:


# Enforcing


# Disabled


# Permissive


# We only need to do this when Enforcing or Permissive


# When disabled or not installed we don’t need to do anything else



if selinuxstate.to_s == ‘Enforcing’

  execute ‘Allow nginx to proxy to connect to nifi’ do

    command ‘setsebool -P httpd_can_network_connect 1’

    action :run

  end


end



if selinuxstate.to_s == ‘Permissive’

  execute ‘Allow nginx to proxy to connect to nifi’ do

    command ‘setsebool -P httpd_can_network_connect 1’

    action :run

  end


end

htpasswd:


cloudse:$apr1$5CtzHM1B$mC51/7dwYEFgwWs91/cjz/


brad:$apr1$/1R/RT5j$Lf5/RqKRojHct0p20.zLu.

proxy.conf:


proxy_redirect off;


proxy_set_header Host $host;


proxy_set_header X-Real-IP $remote_addr;


proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


client_max_body_size 50m;


client_body_buffer_size 128k;


proxy_connect_timeout 90;


proxy_send_timeout 90;


proxy_read_timeout 90;


proxy_buffers 32 4k;

nxinx.conf.erb


# For more information on configuration, see:


#   * Official English Documentation:
http://nginx.org/en/docs/


#   * Official Russian Documentation:
http://nginx.org/ru/docs/



user nginx;


worker_processes auto;


error_log /var/log/nginx/error.log;


pid /run/nginx.pid;



# Load dynamic modules. See /usr/share/nginx/README.dynamic.


include /usr/share/nginx/modules/*.conf;



events {

    worker_connections 1024;


}



http {

    log_format  main  ‘$remote_addr – $remote_user [$time_local] “$request” ‘

                      ‘$status $body_bytes_sent “$http_referer” ‘

                      ‘”$http_user_agent” “$http_x_forwarded_for”‘;


    access_log  /var/log/nginx/access.log  main;


    sendfile            on;

    tcp_nopush          on;

    tcp_nodelay         on;

    keepalive_timeout   65;

    types_hash_max_size 2048;


    include             /etc/nginx/mime.types;

    default_type        application/octet-stream;


    # Load modular configuration files from the /etc/nginx/conf.d directory.

    # See http://nginx.org/en/docs/ngx_core_module.html#include

    # for more information.

    include /etc/nginx/conf.d/*.conf;


    server {

        listen       80 default_server;

        listen       [::]:80 default_server;

        server_name  _;

        root         /usr/share/nginx/html;


        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;



    location / {


        auth_basic “Restricted”; #For Basic Auth


        auth_basic_user_file /etc/nginx/htpasswd; #For Basic Auth


        include conf.d/proxy.conf;


        proxy_pass http://127.0.0.1:8080;


    }

    }


}




bash tip: collapse or parse a big text doc into individual sorted words from columns

Start with list.txt like:

server7858   server7858   server7858   server7858   server7861   server7860   server8310   server8310   server7863   server8311

server7859   server7859   server7859   server7859   server8781   server8676   server8677   server8677   server8679   server8782

Which has duplicates and long lines and crap. Run this:

rm list2.txt

rm list3.txt

for word in `cat list.txt`; do echo $word ; done |sort |uniq >> list2.txt

sed -ibak -e ‘s/ //g’ list2.txt

cat list2.txt |sort|uniq > list3.txt

vi list3.txt

ta da!

if you need word counts and such, pipe it through wc before running uniq

If you need to collapse multi line (multi-line multiline) data like this:

fldcvisla8524:

packages.MQSeriesServer.installdate: 1439579830

fldcvfsla13746:

packages.MQSeriesServer.installdate: 1486575523

Into:

Continue reading “bash tip: collapse or parse a big text doc into individual sorted words from columns”

Bash case switches

if [[ ${TAG_VALUE}XXX == "XXX" ]]; then

  echo "TAG_VALUE was blank, exiting!"

  exit

fi

case @option.Command@ in

  start)

    echo 'I am the first box'

    ;;

  stop)

    echo 'I am the second box'

    ;;

  restart)

    echo 'I am the third box'

    ;;

  status)

    echo 'I am the fourth box'

    ;;

  5)

    echo 'I am the fifth box'

    ;;

  *)

    echo 'I am another box higher than 5'

    ;;

esac

Run ssh commands remotely for one or many or a list of servers

single:

ssh -o “StrictHostKeyChecking no” -t ${server} ‘sudo sed -ibak -e ‘s#https://oldchef.server.com/#https://newchef.server.com/#g’ /etc/chef/client.rb’

many:

for server in server001 server002 server007; do echo ${server} & ssh -o “StrictHostKeyChecking no” -t ${server} ‘sudo sed -ibak -e ‘s#https://oldchef.server.com/#https://newchef.server.com/#g’ /etc/chef/client.rb’ ; done

list:

Continue reading “Run ssh commands remotely for one or many or a list of servers”

Comskip commercial skipping on plex

Plex doesn’t seem to install comskip on linux by default. Although it says it uses it, it’s not in the tarball so nothing actually happens. I guess it assumes you’ve figured it out on your own(?).

Install comskip:

Dependencies:

apt-get install -y autoconf libtool git build-essential libargtable2-dev libavformat-dev libsdl1.2-dev

sudo su –

git clone git://github.com/erikkaashoek/Comskip

cd Comskip

./autogen.sh

./configure

make

make install

Auto-skip *should* work now if you set it up in the DVR settings, existing recordings won’t have commercials skipped.

Manual commercial scans (i.e. go fix my existing recordings!):

Continue reading “Comskip commercial skipping on plex”

Making iTerm 2 highlight errors all the time

This helps when you have to chase down stupid stuff all day, every day:

Launch iTerm2

Go to iTerm2 – Preferences – Profiles – Advanced – Triggers – Edit

Click +

In the Regex, type:   (error|ERROR|Error)

Action: Highlight Text

Pick a color, Pick a background color that stand out for you

Check the Instant box

Close back out

I have:

(Fail|FAIL|fail)

(Differ|DIFFER|differ)

(Insufficient|INSUFFICIENT|insufficient)

(Access|ACCESS|access)

(Denied|DENIED|denied)

(Error|ERROR|error)

Sorting out (and finding!) connection resets on Linux:

Sorting out connection resets:

tcpdump -nn -v ‘tcp[tcpflags] & (tcp-rst) != 0’

or

tcpdump -ilo -nn -v ‘tcp[tcpflags] & (tcp-rst) != 0’

-n is to stop resolving DNS names

-nn is to stop resolving DNS names AND port numbers to names

This is really useful when an app is logging connection resets, but not telling you what it is trying to connect to in the first place.

Reading tags from CLI or bash in ec2 instances

# To read the Name tag:

TAG_NAME=”Name”

INSTANCE_ID=”`./ec2-metadata -i | cut -f 2 -d ” ” `”

REGION=”`././ec2-metadata -z | cut -f 2 -d ” ” `”

REGION=${REGION%?}

TAG_VALUE=”`aws ec2 describe-tags –filters “Name=resource-id,Values=$INSTANCE_ID” “Name=key,Values=$TAG_NAME” –region $REGION –output=text | cut -f5`”

Gives:

set |grep TAG_VALUE

TAG_VALUE=’brad test box’

# To see ALL tags to see WTF: (use region from above)

aws ec2 describe-tags –region us-east-1 –output=text

# To read the Created-by custom tag:

TAG_NAME=”created-by”

INSTANCE_ID=”`./ec2-metadata -i | cut -f 2 -d ” ” `”

REGION=”`././ec2-metadata -z | cut -f 2 -d ” ” `”

REGION=${REGION%?}

TAG_VALUE=”`aws ec2 describe-tags –filters “Name=resource-id,Values=$INSTANCE_ID” “Name=key,Values=$TAG_NAME” –region $REGION –output=text | cut -f5`”

set |grep TAG_VALUE

TAG_VALUE=test-kitchen

# To read the nifi-node-num custom tag:

TAG_NAME=”nifi-node-num”

echo “TAG_NAME is: ” ${TAG_NAME}

INSTANCE_ID=”`./ec2-metadata -i | cut -f 2 -d ” ” `”

echo “INSTANCE_ID is: ” ${INSTANCE_ID}

REGION=”`././ec2-metadata -z | cut -f 2 -d ” ” `”

REGION=${REGION%?}

echo “REGION is: ” ${REGION}

TAG_VALUE=”`aws ec2 describe-tags –filters “Name=resource-id,Values=$INSTANCE_ID” “Name=key,Values=$TAG_NAME” –region $REGION –output=text | cut -f5`”

echo “TAG_VALUE is: ” ${TAG_VALUE}

# You need the EC2 Metadata binary for the above to work

wget http://s3.amazonaws.com/ec2metadata/ec2-metadata

chmod u+x ec2-metadata

./ec2-metadata –help

You can also do this IF you have credentials:

aws ec2 describe-instances –region us-east-1 –instance-id i-09301dcede4431741|grep -A 200 Tag

                    “Tags”: [

                        {

                            “Value”: “False”,

                            “Key”: “data_sensitive”

                        },

                        {

                            “Value”: “10/31/2017”,

                            “Key”: “valid_thru”

                        },

                        {

                            “Value”: “nifi-al”,

                            “Key”: “Application”

                        },

                        {

                            “Value”: “Aplha”,

                            “Key”: “Cluster”

                        },

                        {

                            “Value”: “False”,

                            “Key”: “Docker”

                        },

                        {

                            “Value”: “TBD”,

                            “Key”: “BAPP_ID”

                        },

                        {

                            “Value”: “nifi-al-latest”,

                            “Key”: “Name”

                        },

                        {

                            “Value”: “WDPRTechnologyIAParksDataPlatform@disney.com“,

                            “Key”: “Owner”

                        },

                        {

                            “Value”: “1”,

                            “Key”: “nifi-node-num”

                        },

                        {

                            “Value”: “nifi-al-latest-asg”,

                            “Key”: “aws:autoscaling:groupName”

                        },

                        {

                            “Value”: “Non-Prod Sandbox”,

                            “Key”: “Environment”

                        },

                        {

                            “Value”: “yes”,

                            “Key”: “tag_compliance”

                        }

                    ],

                    “AmiLaunchIndex”: 2

                }

            ],

            “ReservationId”: “r-0a402050d68688b53”,

            “RequesterId”: “226008221399”,

            “Groups”: [],

            “OwnerId”: “876496569223”

        }

    ]

}

ALL ec2-metadata options:

Usage: ec2-metadata <option>

Options:

–all                     Show all metadata information for this host (also default).

-a/–ami-id               The AMI ID used to launch this instance

-l/–ami-launch-index     The index of this instance in the reservation (per AMI).

-m/–ami-manifest-path    The manifest path of the AMI with which the instance was launched.

-n/–ancestor-ami-ids     The AMI IDs of any instances that were rebundled to create this AMI.

-b/–block-device-mapping Defines native device names to use when exposing virtual devices.

-i/–instance-id          The ID of this instance

-t/–instance-type        The type of instance to launch. For more information, see Instance Types.

-h/–local-hostname       The local hostname of the instance.

-o/–local-ipv4           Public IP address if launched with direct addressing; private IP address if launched with public addressing.

-k/–kernel-id            The ID of the kernel launched with this instance, if applicable.

-z/–availability-zone    The availability zone in which the instance launched. Same as placement

-c/–product-codes        Product codes associated with this instance.

-p/–public-hostname      The public hostname of the instance.

-v/–public-ipv4          NATted public IP Address

-u/–public-keys          Public keys. Only available if supplied at instance launch time

-r/–ramdisk-id           The ID of the RAM disk launched with this instance, if applicable.

-e/–reservation-id       ID of the reservation.

-s/–security-groups      Names of the security groups the instance is launched in. Only available if supplied at instance launch time

-d/–user-data            User-supplied data.Only available if supplied at instance launch time.

If you don’t have credentials, some of this doesn’t work, but you can try this:

Websphere system core dump location is incorrect by default

Location of the system core dump is typically incorrect and just drops it in the middle of the host OS, you will need to edit the

/opt/apps/WebSphere/AppServer/bin/setupCmdLine.sh

# Add:

IBM_COREDIR=/net/cn-flor-nas01-prod.wdw.disney.com/data/TPR/WDW/Vol005/WDPRTHome/middleware/dumps/${HOSTNAME}

export COREDIR

# the COREDIR can also go at the end of the large export command at the end of the script.

JVM restart(s) are required to pick up the change. Even though the system dump is initiated, you have to pick the JVM that initiates it, so it is related to the JVM. A full restart of all the JVM’s is technically needed, as is changing this file on every node in the cluster.

“Incorrect” in that the dump files are freaking gigantic and run the box out of space pretty quickly. Redirect these to the NAS.