bash tip: collapse or parse a big text doc into individual sorted words from columns

Start with list.txt like:

server7858   server7858   server7858   server7858   server7861   server7860   server8310   server8310   server7863   server8311

server7859   server7859   server7859   server7859   server8781   server8676   server8677   server8677   server8679   server8782

Which has duplicates and long lines and crap. Run this:

rm list2.txt

rm list3.txt

for word in `cat list.txt`; do echo $word ; done |sort |uniq >> list2.txt

sed -ibak -e ‘s/ //g’ list2.txt

cat list2.txt |sort|uniq > list3.txt

vi list3.txt

ta da!

if you need word counts and such, pipe it through wc before running uniq

If you need to collapse multi line (multi-line multiline) data like this:

fldcvisla8524:

packages.MQSeriesServer.installdate: 1439579830

fldcvfsla13746:

packages.MQSeriesServer.installdate: 1486575523

Into:

Continue reading “bash tip: collapse or parse a big text doc into individual sorted words from columns”

Add user and password to NGINX proxy

Go to:

http://aspirine.org/htpasswd_en.html

In the left box (#1) enter a username and password that you want to use like:

willb179   MonkeyBiscuits123

In the right box (#2) click Generate htpasswd content

It will generate a line like this:

willb179:$apr1$l9.OI9au$uZaO8fsnfhrNHI7V.Tr52.

Send this encrypted line via Slack or email (the “willb179:$apr1$l9.OI9au$uZaO8fsnfhrNHI7V.Tr52.”)

Remember the password you used!

generate passwords automagically, so users can submit encrypted passwords themselves

vi /etc/nginx/htpasswd

service nginx restart

**** MAKE SURE THE USER ISN’T ALREADY IN THERE!! If you have duplicates, you will get a constant string of 401 Unauthorized because it picks the FIRST one in the list and you’ll pull your hair out.

NGINX Config for password protected reverse proxy:

proxy.conf:


proxy_redirect off;


proxy_set_header Host $host;


proxy_set_header X-Real-IP $remote_addr;


proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


client_max_body_size 50m;


client_body_buffer_size 128k;


proxy_connect_timeout 90;


proxy_send_timeout 90;


proxy_read_timeout 90;


proxy_buffers 32 4k;

nxinx.conf.erb


# For more information on configuration, see:


#   * Official English Documentation:
http://nginx.org/en/docs/



user nginx;


worker_processes auto;


error_log /var/log/nginx/error.log;


pid /run/nginx.pid;



# Load dynamic modules. See /usr/share/nginx/README.dynamic.


include /usr/share/nginx/modules/*.conf;



events {

    worker_connections 1024;


}



http {

    log_format  main  ‘$remote_addr – $remote_user [$time_local] “$request” ‘

                      ‘$status $body_bytes_sent “$http_referer” ‘

                      ‘”$http_user_agent” “$http_x_forwarded_for”‘;


    access_log  /var/log/nginx/access.log  main;


    sendfile            on;

    tcp_nopush          on;

    tcp_nodelay         on;

    keepalive_timeout   65;

    types_hash_max_size 2048;


    include             /etc/nginx/mime.types;

    default_type        application/octet-stream;


    # Load modular configuration files from the /etc/nginx/conf.d directory.

    # See http://nginx.org/en/docs/ngx_core_module.html#include

    # for more information.

    include /etc/nginx/conf.d/*.conf;


    server {

        listen       80 default_server;

        listen       [::]:80 default_server;

        server_name  _;

        root         /usr/share/nginx/html;


        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;



    location / {


        auth_basic “Restricted”; #For Basic Auth


        auth_basic_user_file /etc/nginx/htpasswd; #For Basic Auth


        include conf.d/proxy.conf;


        proxy_pass http://127.0.0.1:8080;


    }

    }


}

Local:

openssl passwd -apr1

Enter password you want twice when prompted, it will generate an apr1 encrypted password

Add:

username:$apr1encryptedpassword

Chef:

nginx.rb



include_recipe ‘yum-epel::default’


package ‘nginx’



[‘htpasswd’].each do |f|

  cookbook_file “/etc/nginx/#{f}” do

    source f

    owner ‘nginx’

    group ‘nginx’

    mode ‘0644’

  end


end



cookbook_file ‘/etc/nginx/conf.d/proxy.conf’ do

  source ‘proxy.conf’

  owner ‘nginx’

  group ‘nginx’

  mode ‘0644’


end



# Use nginx.conf template


template ‘nginx.conf’ do

  path ‘/etc/nginx/nginx.conf’

  source ‘nginx.conf.erb’

  mode ‘0644’

  owner ‘nginx’

  group ‘nginx’


end



service ‘nginx’ do

  action [:enable, :start]


end



require ‘mixlib/shellout’


selinuxstatus = Mixlib::ShellOut.new(‘getenforce’)


selinuxstatus.run_command



puts ‘SELinux Status is: ‘ + selinuxstatus.stdout


selinuxstate = selinuxstatus.stdout


puts ‘error messages’ + selinuxstatus.stderr


selinuxstatus.error!



# SELinux possible states are:


# Enforcing


# Disabled


# Permissive


# We only need to do this when Enforcing or Permissive


# When disabled or not installed we don’t need to do anything else



if selinuxstate.to_s == ‘Enforcing’

  execute ‘Allow nginx to proxy to connect to nifi’ do

    command ‘setsebool -P httpd_can_network_connect 1’

    action :run

  end


end



if selinuxstate.to_s == ‘Permissive’

  execute ‘Allow nginx to proxy to connect to nifi’ do

    command ‘setsebool -P httpd_can_network_connect 1’

    action :run

  end


end

htpasswd:


cloudse:$apr1$5CtzHM1B$mC51/7dwYEFgwWs91/cjz/


brad:$apr1$/1R/RT5j$Lf5/RqKRojHct0p20.zLu.

proxy.conf:


proxy_redirect off;


proxy_set_header Host $host;


proxy_set_header X-Real-IP $remote_addr;


proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


client_max_body_size 50m;


client_body_buffer_size 128k;


proxy_connect_timeout 90;


proxy_send_timeout 90;


proxy_read_timeout 90;


proxy_buffers 32 4k;

nxinx.conf.erb


# For more information on configuration, see:


#   * Official English Documentation:
http://nginx.org/en/docs/


#   * Official Russian Documentation:
http://nginx.org/ru/docs/



user nginx;


worker_processes auto;


error_log /var/log/nginx/error.log;


pid /run/nginx.pid;



# Load dynamic modules. See /usr/share/nginx/README.dynamic.


include /usr/share/nginx/modules/*.conf;



events {

    worker_connections 1024;


}



http {

    log_format  main  ‘$remote_addr – $remote_user [$time_local] “$request” ‘

                      ‘$status $body_bytes_sent “$http_referer” ‘

                      ‘”$http_user_agent” “$http_x_forwarded_for”‘;


    access_log  /var/log/nginx/access.log  main;


    sendfile            on;

    tcp_nopush          on;

    tcp_nodelay         on;

    keepalive_timeout   65;

    types_hash_max_size 2048;


    include             /etc/nginx/mime.types;

    default_type        application/octet-stream;


    # Load modular configuration files from the /etc/nginx/conf.d directory.

    # See http://nginx.org/en/docs/ngx_core_module.html#include

    # for more information.

    include /etc/nginx/conf.d/*.conf;


    server {

        listen       80 default_server;

        listen       [::]:80 default_server;

        server_name  _;

        root         /usr/share/nginx/html;


        # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;



    location / {


        auth_basic “Restricted”; #For Basic Auth


        auth_basic_user_file /etc/nginx/htpasswd; #For Basic Auth


        include conf.d/proxy.conf;


        proxy_pass http://127.0.0.1:8080;


    }

    }


}




Run ssh commands remotely for one or many or a list of servers

single:

ssh -o “StrictHostKeyChecking no” -t ${server} ‘sudo sed -ibak -e ‘s#https://oldchef.server.com/#https://newchef.server.com/#g’ /etc/chef/client.rb’

many:

for server in server001 server002 server007; do echo ${server} & ssh -o “StrictHostKeyChecking no” -t ${server} ‘sudo sed -ibak -e ‘s#https://oldchef.server.com/#https://newchef.server.com/#g’ /etc/chef/client.rb’ ; done

list:

Continue reading “Run ssh commands remotely for one or many or a list of servers”

Bash case switches

if [[ ${TAG_VALUE}XXX == "XXX" ]]; then

  echo "TAG_VALUE was blank, exiting!"

  exit

fi

case @option.Command@ in

  start)

    echo 'I am the first box'

    ;;

  stop)

    echo 'I am the second box'

    ;;

  restart)

    echo 'I am the third box'

    ;;

  status)

    echo 'I am the fourth box'

    ;;

  5)

    echo 'I am the fifth box'

    ;;

  *)

    echo 'I am another box higher than 5'

    ;;

esac

Making iTerm 2 highlight errors all the time

This helps when you have to chase down stupid stuff all day, every day:

Launch iTerm2

Go to iTerm2 – Preferences – Profiles – Advanced – Triggers – Edit

Click +

In the Regex, type:   (error|ERROR|Error)

Action: Highlight Text

Pick a color, Pick a background color that stand out for you

Check the Instant box

Close back out

I have:

(Fail|FAIL|fail)

(Differ|DIFFER|differ)

(Insufficient|INSUFFICIENT|insufficient)

(Access|ACCESS|access)

(Denied|DENIED|denied)

(Error|ERROR|error)

Comskip commercial skipping on plex

Plex doesn’t seem to install comskip on linux by default. Although it says it uses it, it’s not in the tarball so nothing actually happens. I guess it assumes you’ve figured it out on your own(?).

Install comskip:

Dependencies:

apt-get install -y autoconf libtool git build-essential libargtable2-dev libavformat-dev libsdl1.2-dev

sudo su –

git clone git://github.com/erikkaashoek/Comskip

cd Comskip

./autogen.sh

./configure

make

make install

Auto-skip *should* work now if you set it up in the DVR settings, existing recordings won’t have commercials skipped.

Manual commercial scans (i.e. go fix my existing recordings!):

Continue reading “Comskip commercial skipping on plex”

Sorting out (and finding!) connection resets on Linux:

Sorting out connection resets:

tcpdump -nn -v ‘tcp[tcpflags] & (tcp-rst) != 0’

or

tcpdump -ilo -nn -v ‘tcp[tcpflags] & (tcp-rst) != 0’

-n is to stop resolving DNS names

-nn is to stop resolving DNS names AND port numbers to names

This is really useful when an app is logging connection resets, but not telling you what it is trying to connect to in the first place.

Reading tags from CLI or bash in ec2 instances

# To read the Name tag:

TAG_NAME=”Name”

INSTANCE_ID=”`./ec2-metadata -i | cut -f 2 -d ” ” `”

REGION=”`././ec2-metadata -z | cut -f 2 -d ” ” `”

REGION=${REGION%?}

TAG_VALUE=”`aws ec2 describe-tags –filters “Name=resource-id,Values=$INSTANCE_ID” “Name=key,Values=$TAG_NAME” –region $REGION –output=text | cut -f5`”

Gives:

set |grep TAG_VALUE

TAG_VALUE=’brad test box’

# To see ALL tags to see WTF: (use region from above)

aws ec2 describe-tags –region us-east-1 –output=text

# To read the Created-by custom tag:

TAG_NAME=”created-by”

INSTANCE_ID=”`./ec2-metadata -i | cut -f 2 -d ” ” `”

REGION=”`././ec2-metadata -z | cut -f 2 -d ” ” `”

REGION=${REGION%?}

TAG_VALUE=”`aws ec2 describe-tags –filters “Name=resource-id,Values=$INSTANCE_ID” “Name=key,Values=$TAG_NAME” –region $REGION –output=text | cut -f5`”

set |grep TAG_VALUE

TAG_VALUE=test-kitchen

# To read the nifi-node-num custom tag:

TAG_NAME=”nifi-node-num”

echo “TAG_NAME is: ” ${TAG_NAME}

INSTANCE_ID=”`./ec2-metadata -i | cut -f 2 -d ” ” `”

echo “INSTANCE_ID is: ” ${INSTANCE_ID}

REGION=”`././ec2-metadata -z | cut -f 2 -d ” ” `”

REGION=${REGION%?}

echo “REGION is: ” ${REGION}

TAG_VALUE=”`aws ec2 describe-tags –filters “Name=resource-id,Values=$INSTANCE_ID” “Name=key,Values=$TAG_NAME” –region $REGION –output=text | cut -f5`”

echo “TAG_VALUE is: ” ${TAG_VALUE}

# You need the EC2 Metadata binary for the above to work

wget http://s3.amazonaws.com/ec2metadata/ec2-metadata

chmod u+x ec2-metadata

./ec2-metadata –help

You can also do this IF you have credentials:

aws ec2 describe-instances –region us-east-1 –instance-id i-09301dcede4431741|grep -A 200 Tag

                    “Tags”: [

                        {

                            “Value”: “False”,

                            “Key”: “data_sensitive”

                        },

                        {

                            “Value”: “10/31/2017”,

                            “Key”: “valid_thru”

                        },

                        {

                            “Value”: “nifi-al”,

                            “Key”: “Application”

                        },

                        {

                            “Value”: “Aplha”,

                            “Key”: “Cluster”

                        },

                        {

                            “Value”: “False”,

                            “Key”: “Docker”

                        },

                        {

                            “Value”: “TBD”,

                            “Key”: “BAPP_ID”

                        },

                        {

                            “Value”: “nifi-al-latest”,

                            “Key”: “Name”

                        },

                        {

                            “Value”: “WDPRTechnologyIAParksDataPlatform@disney.com“,

                            “Key”: “Owner”

                        },

                        {

                            “Value”: “1”,

                            “Key”: “nifi-node-num”

                        },

                        {

                            “Value”: “nifi-al-latest-asg”,

                            “Key”: “aws:autoscaling:groupName”

                        },

                        {

                            “Value”: “Non-Prod Sandbox”,

                            “Key”: “Environment”

                        },

                        {

                            “Value”: “yes”,

                            “Key”: “tag_compliance”

                        }

                    ],

                    “AmiLaunchIndex”: 2

                }

            ],

            “ReservationId”: “r-0a402050d68688b53”,

            “RequesterId”: “226008221399”,

            “Groups”: [],

            “OwnerId”: “876496569223”

        }

    ]

}

ALL ec2-metadata options:

Usage: ec2-metadata <option>

Options:

–all                     Show all metadata information for this host (also default).

-a/–ami-id               The AMI ID used to launch this instance

-l/–ami-launch-index     The index of this instance in the reservation (per AMI).

-m/–ami-manifest-path    The manifest path of the AMI with which the instance was launched.

-n/–ancestor-ami-ids     The AMI IDs of any instances that were rebundled to create this AMI.

-b/–block-device-mapping Defines native device names to use when exposing virtual devices.

-i/–instance-id          The ID of this instance

-t/–instance-type        The type of instance to launch. For more information, see Instance Types.

-h/–local-hostname       The local hostname of the instance.

-o/–local-ipv4           Public IP address if launched with direct addressing; private IP address if launched with public addressing.

-k/–kernel-id            The ID of the kernel launched with this instance, if applicable.

-z/–availability-zone    The availability zone in which the instance launched. Same as placement

-c/–product-codes        Product codes associated with this instance.

-p/–public-hostname      The public hostname of the instance.

-v/–public-ipv4          NATted public IP Address

-u/–public-keys          Public keys. Only available if supplied at instance launch time

-r/–ramdisk-id           The ID of the RAM disk launched with this instance, if applicable.

-e/–reservation-id       ID of the reservation.

-s/–security-groups      Names of the security groups the instance is launched in. Only available if supplied at instance launch time

-d/–user-data            User-supplied data.Only available if supplied at instance launch time.

If you don’t have credentials, some of this doesn’t work, but you can try this:

Websphere system core dump location is incorrect by default

Location of the system core dump is typically incorrect and just drops it in the middle of the host OS, you will need to edit the

/opt/apps/WebSphere/AppServer/bin/setupCmdLine.sh

# Add:

IBM_COREDIR=/net/cn-flor-nas01-prod.wdw.disney.com/data/TPR/WDW/Vol005/WDPRTHome/middleware/dumps/${HOSTNAME}

export COREDIR

# the COREDIR can also go at the end of the large export command at the end of the script.

JVM restart(s) are required to pick up the change. Even though the system dump is initiated, you have to pick the JVM that initiates it, so it is related to the JVM. A full restart of all the JVM’s is technically needed, as is changing this file on every node in the cluster.

“Incorrect” in that the dump files are freaking gigantic and run the box out of space pretty quickly. Redirect these to the NAS.

git 2.19.1 upgrade

This should get handled as part of normal patching, but RHEL ships with a 1.8.x branch of Git. We aren’t cloning from public repos for most things, but I can’t be 100% about it, and workstations are probably vulnerable as well. We should all update our workstations, but it doesn’t appear to be that simple for Linux servers:

 

(2.19.1 is the version to upgrade to.)

 

Mac: brew upgrade git didn’t seem to update the cli git, still on 1.8.3.1, have to download and install from https://sourceforge.net/projects/git-osx-installer/files/git-2.19.0-intel-universal-mavericks.dmg/download?use_mirror=autoselect

 

Windows: https://github.com/git-for-windows/git/releases/download/v2.19.1.windows.1/Git-2.19.1-64-bit.exe

 

Linux: Looks like git does not have an rpm for a 2.x, it’s a clone and compile, which makes long term sustainability a pain.

CVE says version 2.18 is the oldest affected version, and the newest available from the yum repos is 1.8.3.1-14.

https://git-scm.com/download/linux says to download and compile.

 

This works:

#!/bin/bash

# update git to 2.19.1

git –version

which git

cp /usr/bin/git /usr/bin/git-1.8.3.1

yum -y install curl-devel expat-devel gettext-devel openssl-devel zlib-devel

yum -y install gcc perl-ExtUtils-MakeMaker

cd /usr/src

wget https://www.kernel.org/pub/software/scm/git/git-2.19.1.tar.gz

tar xzf git-2.19.1.tar.gz

cd git-2.19.1

make prefix=/usr/local/git all

make prefix=/usr/local/git install

rm -f /bin/git

ln -s /usr/local/git/bin/git /bin/git

git –version