- Car won’t start
- “You don’t understand!”
- Just play along.
- “Hide your wrongdoing, no one will ever find out, just keep spinning bigger and bigger lies!” Said every Disney live action kids show ever.
- Stupid adults
- Are we done here?/Can I go now?/Can I go home? (just admit that you’re guilty right now)
- Cops/Military/Doctors that don’t listen to anything ever ever ever
- Exploding cars/every car accident = fireball of doom
- Showering at midnight at abandoned campground/mental facility/dorm, you know, like ya do.
- Maniacal laughing. Constantly. For No. Reason. At. All. Somebody just shoot the fucker.
- Girls that can’t wink should not try.
- No one blows kisses, do not try.
- No eating apples on screen, please. It’s not medieval, and it’s not fun to listen to.
- Close-miking of anyone eating anything. Do not.
- “No, no, really, it’s nothing…” from people that should damn well be reporting this shit asap.
- Professional __________ that know shit about ___________
- Outright dismissal of clear evidence, and just moving on like no one is going to notice.
- Stupid dads that can’t change a diaper or wipe a nose or anything beyond grunt
- Stupid dads that can’t fix anything ever
- Water does not shoot straight up from a drain. Ever.
- Don’t check if he’s dead, just assume everything goes as planned.
- Super-Ultra eyeballs that can see a bulge in a pocket from across town, or spot someone in a crowd from 5 blocks away
- Super-Ultra hearing so that one guy on the opposite end of a crowded stadium can speak normally, yet address thousands of people. In 1200 B.C.
- “Look! There he is!” 300 yards away in a crowd. Seriously?
- Snipers with handguns shooting things miles away
- Snipers shooting with the barrel hanging out the window
- Anyone with a handgun hitting anything beyond 50 feet while running
- Security footage with obvious moves/pans/scans/zooms
- Asking questions and getting no answers at all or utterly random responses like everyone is crazy
- Zoom! Enhance!!
- Ook Ook! Pretty nurse!! Grunt. Grunt. No answer question. Zog rather die. Ok, stepped on nail. With dick. Light bulb in ass cuz I fell on it.
- For the love of God, WATCH THE ROAD!!! Especially through the intersection with the trucks!
- Doctors being risky and edgy and almost losing their license every single day
- Next of kin being in the room during surgery micro-managing the surgeon
Add user and password to NGINX proxy
Go to:
http://aspirine.org/htpasswd_en.html
In the left box (#1) enter a username and password that you want to use like:
willb179 MonkeyBiscuits123
In the right box (#2) click Generate htpasswd content
It will generate a line like this:
willb179:$apr1$l9.OI9au$uZaO8fsnfhrNHI7V.Tr52.
Send this encrypted line via Slack or email (the “willb179:$apr1$l9.OI9au$uZaO8fsnfhrNHI7V.Tr52.”)
Remember the password you used!
generate passwords automagically, so users can submit encrypted passwords themselves
vi /etc/nginx/htpasswd
service nginx restart
**** MAKE SURE THE USER ISN’T ALREADY IN THERE!! If you have duplicates, you will get a constant string of 401 Unauthorized because it picks the FIRST one in the list and you’ll pull your hair out.
NGINX Config for password protected reverse proxy:
proxy.conf:
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
nxinx.conf.erb
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘;
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
auth_basic “Restricted”; #For Basic Auth
auth_basic_user_file /etc/nginx/htpasswd; #For Basic Auth
include conf.d/proxy.conf;
proxy_pass http://127.0.0.1:8080;
}
}
}
Local:
openssl passwd -apr1
Enter password you want twice when prompted, it will generate an apr1 encrypted password
Add:
username:$apr1encryptedpassword
Chef:
nginx.rb
include_recipe ‘yum-epel::default’
package ‘nginx’
[‘htpasswd’].each do |f|
cookbook_file “/etc/nginx/#{f}” do
source f
owner ‘nginx’
group ‘nginx’
mode ‘0644’
end
end
cookbook_file ‘/etc/nginx/conf.d/proxy.conf’ do
source ‘proxy.conf’
owner ‘nginx’
group ‘nginx’
mode ‘0644’
end
# Use nginx.conf template
template ‘nginx.conf’ do
path ‘/etc/nginx/nginx.conf’
source ‘nginx.conf.erb’
mode ‘0644’
owner ‘nginx’
group ‘nginx’
end
service ‘nginx’ do
action [:enable, :start]
end
require ‘mixlib/shellout’
selinuxstatus = Mixlib::ShellOut.new(‘getenforce’)
selinuxstatus.run_command
puts ‘SELinux Status is: ‘ + selinuxstatus.stdout
selinuxstate = selinuxstatus.stdout
puts ‘error messages’ + selinuxstatus.stderr
selinuxstatus.error!
# SELinux possible states are:
# Enforcing
# Disabled
# Permissive
# We only need to do this when Enforcing or Permissive
# When disabled or not installed we don’t need to do anything else
if selinuxstate.to_s == ‘Enforcing’
execute ‘Allow nginx to proxy to connect to nifi’ do
command ‘setsebool -P httpd_can_network_connect 1’
action :run
end
end
if selinuxstate.to_s == ‘Permissive’
execute ‘Allow nginx to proxy to connect to nifi’ do
command ‘setsebool -P httpd_can_network_connect 1’
action :run
end
end
htpasswd:
cloudse:$apr1$5CtzHM1B$mC51/7dwYEFgwWs91/cjz/
brad:$apr1$/1R/RT5j$Lf5/RqKRojHct0p20.zLu.
proxy.conf:
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
nxinx.conf.erb
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘;
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
auth_basic “Restricted”; #For Basic Auth
auth_basic_user_file /etc/nginx/htpasswd; #For Basic Auth
include conf.d/proxy.conf;
proxy_pass http://127.0.0.1:8080;
}
}
}
bash tip: collapse or parse a big text doc into individual sorted words from columns
Start with list.txt like:
server7858 server7858 server7858 server7858 server7861 server7860 server8310 server8310 server7863 server8311
server7859 server7859 server7859 server7859 server8781 server8676 server8677 server8677 server8679 server8782
Which has duplicates and long lines and crap. Run this:
rm list2.txt
rm list3.txt
for word in `cat list.txt`; do echo $word ; done |sort |uniq >> list2.txt
sed -ibak -e ‘s/ //g’ list2.txt
cat list2.txt |sort|uniq > list3.txt
vi list3.txt
ta da!
if you need word counts and such, pipe it through wc before running uniq
If you need to collapse multi line (multi-line multiline) data like this:
fldcvisla8524:
packages.MQSeriesServer.installdate: 1439579830
fldcvfsla13746:
packages.MQSeriesServer.installdate: 1486575523
Into:
Bash case switches
if [[ ${TAG_VALUE}XXX == "XXX" ]]; then echo "TAG_VALUE was blank, exiting!" exit fi case @option.Command@ in start) echo 'I am the first box' ;; stop) echo 'I am the second box' ;; restart) echo 'I am the third box' ;; status) echo 'I am the fourth box' ;; 5) echo 'I am the fifth box' ;; *) echo 'I am another box higher than 5' ;; esac
Run ssh commands remotely for one or many or a list of servers
single:
ssh -o “StrictHostKeyChecking no” -t ${server} ‘sudo sed -ibak -e ‘s#https://oldchef.server.com/#https://newchef.server.com/#g’ /etc/chef/client.rb’
many:
for server in server001 server002 server007; do echo ${server} & ssh -o “StrictHostKeyChecking no” -t ${server} ‘sudo sed -ibak -e ‘s#https://oldchef.server.com/#https://newchef.server.com/#g’ /etc/chef/client.rb’ ; done
list:
Continue reading “Run ssh commands remotely for one or many or a list of servers”
Comskip commercial skipping on plex
Plex doesn’t seem to install comskip on linux by default. Although it says it uses it, it’s not in the tarball so nothing actually happens. I guess it assumes you’ve figured it out on your own(?).
Install comskip:
Dependencies:
apt-get install -y autoconf libtool git build-essential libargtable2-dev libavformat-dev libsdl1.2-dev
sudo su –
git clone git://github.com/erikkaashoek/Comskip
cd Comskip
./autogen.sh
./configure
make
make install
Auto-skip *should* work now if you set it up in the DVR settings, existing recordings won’t have commercials skipped.
Manual commercial scans (i.e. go fix my existing recordings!):
Making iTerm 2 highlight errors all the time
This helps when you have to chase down stupid stuff all day, every day:
Launch iTerm2
Go to iTerm2 – Preferences – Profiles – Advanced – Triggers – Edit
Click +
In the Regex, type: (error|ERROR|Error)
Action: Highlight Text
Pick a color, Pick a background color that stand out for you
Check the Instant box
Close back out
I have:
(Fail|FAIL|fail)
(Differ|DIFFER|differ)
(Insufficient|INSUFFICIENT|insufficient)
(Access|ACCESS|access)
(Denied|DENIED|denied)
(Error|ERROR|error)
Sorting out (and finding!) connection resets on Linux:
Sorting out connection resets:
tcpdump -nn -v ‘tcp[tcpflags] & (tcp-rst) != 0’
or
tcpdump -ilo -nn -v ‘tcp[tcpflags] & (tcp-rst) != 0’
-n is to stop resolving DNS names
-nn is to stop resolving DNS names AND port numbers to names
This is really useful when an app is logging connection resets, but not telling you what it is trying to connect to in the first place.
Reading tags from CLI or bash in ec2 instances
# To read the Name tag:
TAG_NAME=”Name”
INSTANCE_ID=”`./ec2-metadata -i | cut -f 2 -d ” ” `”
REGION=”`././ec2-metadata -z | cut -f 2 -d ” ” `”
REGION=${REGION%?}
TAG_VALUE=”`aws ec2 describe-tags –filters “Name=resource-id,Values=$INSTANCE_ID” “Name=key,Values=$TAG_NAME” –region $REGION –output=text | cut -f5`”
Gives:
set |grep TAG_VALUE
TAG_VALUE=’brad test box’
# To see ALL tags to see WTF: (use region from above)
aws ec2 describe-tags –region us-east-1 –output=text
# To read the Created-by custom tag:
TAG_NAME=”created-by”
INSTANCE_ID=”`./ec2-metadata -i | cut -f 2 -d ” ” `”
REGION=”`././ec2-metadata -z | cut -f 2 -d ” ” `”
REGION=${REGION%?}
TAG_VALUE=”`aws ec2 describe-tags –filters “Name=resource-id,Values=$INSTANCE_ID” “Name=key,Values=$TAG_NAME” –region $REGION –output=text | cut -f5`”
set |grep TAG_VALUE
TAG_VALUE=test-kitchen
# To read the nifi-node-num custom tag:
TAG_NAME=”nifi-node-num”
echo “TAG_NAME is: ” ${TAG_NAME}
INSTANCE_ID=”`./ec2-metadata -i | cut -f 2 -d ” ” `”
echo “INSTANCE_ID is: ” ${INSTANCE_ID}
REGION=”`././ec2-metadata -z | cut -f 2 -d ” ” `”
REGION=${REGION%?}
echo “REGION is: ” ${REGION}
TAG_VALUE=”`aws ec2 describe-tags –filters “Name=resource-id,Values=$INSTANCE_ID” “Name=key,Values=$TAG_NAME” –region $REGION –output=text | cut -f5`”
echo “TAG_VALUE is: ” ${TAG_VALUE}
# You need the EC2 Metadata binary for the above to work
wget http://s3.amazonaws.com/ec2metadata/ec2-metadata
chmod u+x ec2-metadata
./ec2-metadata –help
You can also do this IF you have credentials:
aws ec2 describe-instances –region us-east-1 –instance-id i-09301dcede4431741|grep -A 200 Tag
“Tags”: [
{
“Value”: “False”,
“Key”: “data_sensitive”
},
{
“Value”: “10/31/2017”,
“Key”: “valid_thru”
},
{
“Value”: “nifi-al”,
“Key”: “Application”
},
{
“Value”: “Aplha”,
“Key”: “Cluster”
},
{
“Value”: “False”,
“Key”: “Docker”
},
{
“Value”: “TBD”,
“Key”: “BAPP_ID”
},
{
“Value”: “nifi-al-latest”,
“Key”: “Name”
},
{
“Value”: “WDPRTechnologyIAParksDataPlatform@disney.com“,
“Key”: “Owner”
},
{
“Value”: “1”,
“Key”: “nifi-node-num”
},
{
“Value”: “nifi-al-latest-asg”,
“Key”: “aws:autoscaling:groupName”
},
{
“Value”: “Non-Prod Sandbox”,
“Key”: “Environment”
},
{
“Value”: “yes”,
“Key”: “tag_compliance”
}
],
“AmiLaunchIndex”: 2
}
],
“ReservationId”: “r-0a402050d68688b53”,
“RequesterId”: “226008221399”,
“Groups”: [],
“OwnerId”: “876496569223”
}
]
}
ALL ec2-metadata options:
Usage: ec2-metadata <option>
Options:
–all Show all metadata information for this host (also default).
-a/–ami-id The AMI ID used to launch this instance
-l/–ami-launch-index The index of this instance in the reservation (per AMI).
-m/–ami-manifest-path The manifest path of the AMI with which the instance was launched.
-n/–ancestor-ami-ids The AMI IDs of any instances that were rebundled to create this AMI.
-b/–block-device-mapping Defines native device names to use when exposing virtual devices.
-i/–instance-id The ID of this instance
-t/–instance-type The type of instance to launch. For more information, see Instance Types.
-h/–local-hostname The local hostname of the instance.
-o/–local-ipv4 Public IP address if launched with direct addressing; private IP address if launched with public addressing.
-k/–kernel-id The ID of the kernel launched with this instance, if applicable.
-z/–availability-zone The availability zone in which the instance launched. Same as placement
-c/–product-codes Product codes associated with this instance.
-p/–public-hostname The public hostname of the instance.
-v/–public-ipv4 NATted public IP Address
-u/–public-keys Public keys. Only available if supplied at instance launch time
-r/–ramdisk-id The ID of the RAM disk launched with this instance, if applicable.
-e/–reservation-id ID of the reservation.
-s/–security-groups Names of the security groups the instance is launched in. Only available if supplied at instance launch time
-d/–user-data User-supplied data.Only available if supplied at instance launch time.
If you don’t have credentials, some of this doesn’t work, but you can try this:
Websphere system core dump location is incorrect by default
Location of the system core dump is typically incorrect and just drops it in the middle of the host OS, you will need to edit the
/opt/apps/WebSphere/AppServer/bin/setupCmdLine.sh
# Add:
IBM_COREDIR=/net/cn-flor-nas01-prod.wdw.disney.com/data/TPR/WDW/Vol005/WDPRTHome/middleware/dumps/${HOSTNAME}
export COREDIR
# the COREDIR can also go at the end of the large export command at the end of the script.
JVM restart(s) are required to pick up the change. Even though the system dump is initiated, you have to pick the JVM that initiates it, so it is related to the JVM. A full restart of all the JVM’s is technically needed, as is changing this file on every node in the cluster.
“Incorrect” in that the dump files are freaking gigantic and run the box out of space pretty quickly. Redirect these to the NAS.