cr0c's questions

I'm trying to create a Fortinet FortiManager automation with their Ansible collection.

I've created a dynamic ADOM creation task which runs in a loop and now I'm trying to run another dynamic tasks that creates CLI templates inside all of the created ADOM's. The problem I'm facing is that I have to defined ADOM name multiple times in different tasks that run in a loop, but what I would like to do is inherit/share the ADOM name between loop tasks so I do not have to repeatedly define it for each loop task with another variable name.

This is the code I have with descriptions:

1. I've created a task that includes ADOM creation tasks and runs it in a loop for each ADOM I need to create. I need to do this due to the fact that FortiManager ADOM creation task state result does not give "OK" if the ADOM is already created, but it fails. So I had to build it like this.

---
  name: 'Setup ADOMS'
  loop: '{{ fmg_adom_list }}'
  loop_control:
    loop_var: '__adom'
    label: '{{ __adom.fmg_adom_name }}'
  ansible.builtin.include_tasks: 'fmg_setup_adom.yml'

2. This is the ADOM creation task and check if ADOM exists to skip the creation

 - name: Check if ADOM exists
  fortinet.fortimanager.fmgr_fact:
    facts:
      selector: "dvmdb_adom"
      params:
        adom: "{{ __adom.fmg_adom_name }}"
  register: fmg_adom_check
  no_log: false
  ignore_errors: true
  changed_when: "fmg_adom_check.rc != 0"
  failed_when: "fmg_adom_check.rc == -3"

 - name: "Create ADOM {{ __adom.fmg_adom_name }}"
  fortinet.fortimanager.fmgr_dvmdb_adom:
    bypass_validation: "{{ fmg_bypass_validation }}"
    state: "{{ __adom.fmg_adom_state | default('present') }}"
    dvmdb_adom:
      name: "{{ __adom.fmg_adom_name | replace(' ', '_') }}"
      desc: "{{ __adom.fmg_adom_desc }}"
      os_ver: "{{ __adom.fmg_adom_os_ver | default(7.0) | float }}"
      mode: "{{ __adom.fmg_adom_mode | default('gms') }}"
      restricted_prds: "{{ __adom.fmg_adom_restricted_prds | default('fos') }}"
      state: " {{ __adom.fmg_dvmdb_adom_state | default(1) | int }}"
      flags: "{{ __adom.fmg_adom_flags }}"
  register: fmg_adom_create
  when: fmg_adom_check.meta.response_message == "Object does not exist"

 - name: Print ADOM creation error message
  ansible.builtin.debug:
    msg: "Failed to create ADOM: {{ fmg_adom_check.meta.response_message }}"
  when: fmg_adom_create is failed

 - name: Print ADOM already exists message
  ansible.builtin.debug:
    msg: "ADOM {{ __adom.fmg_adom_name }} already exists"
  when: fmg_adom_create is skipped

 - name: Print ADOM created successfully message
  ansible.builtin.debug:
    msg: "ADOM {{ __adom.fmg_adom_name }} created successfully"
  when: fmg_adom_create is succeeded and fmg_adom_create is not skipped

3. This is the CLI template task that gives me a error: The error was: 'list object' has no attribute 'fmg_adom_name'. I'm stuck on understanding how can I make the task use fmg_adom_name from ADOM creation variable list, instead of needed to repeat the variable with a new name like fmg_tmpl_grp_adom as the ADOM is a mandatory variable.

---
- name: Create CLI template group {{ item.fmg_tmpl_grp_name }} to ADOM {{ item.fmg_adom_name }}
  fortinet.fortimanager.fmgr_templategroup:
    workspace_locking_adom: "{{ item.fmg_adom_name }}"
    adom: "{{ item.fmg_adom_name }}"
    state: "{{ item.fmg_tmpl_grp_state }}"
    templategroup:
      name: "{{ item.fmg_tmpl_grp_name }}"
      description: "{{ item.fmg_tmpl_grp_desc }}"
      member: "{{ item.fmg_tmpl_grp_mbr | list }}"
  loop: "{{ fmg_tmpl_grp_list | zip(fmg_adom_list) | list }}"

4. These are the variables that I define in the playbook

# ADOM Creation variables
    fmg_adom_list: 
      - fmg_adom_name: "ADOM_One"
        fmg_adom_desc: "ADOM One"
        fmg_adom_flags:
          - no_vpn_console
          - per_device_wtp
          - per_device_fsw
# ADOM CLI Template group creation varibles
    fmg_tmpl_grp_list:
      - fmg_tmpl_grp_state: present
        fmg_tmpl_grp_name: "Test"
        fmg_tmpl_grp_desc: "Test group"
        fmg_tmpl_grp_mbr: 
          - "test_cli_template"

I hope I explained myself as clearly and understandably as possible.

Thank you!

I am trying to redirect my domain to a new document root if a cookie value is something. I did setup the rewrite and it works fine.

RewriteLog "/home/user/dev/logs/rewrite.log"
RewriteLogLevel 3
RewriteCond %{HTTP_COOKIE} !^new_layout_v1_dev$
RewriteCond $1 !^php5.fastcgi [NC]
RewriteRule ^/(.*)$ /home/user/dev/user.dev/htdocs/$1 [C]

The problem I have is that the site has a rewrite.conf configuration file to rewrite SEO friendly URL's. When the document root redirect does redirect me to a new document root then it does not load the next rewrite's or the config in the new document root.

Errors:

The requested URL /testime-pilte-2655600.html was not found on this server.

As we use SEO friendly URLs in our webapp and redirect them via rewrite rules to the right php file, then when rewrite.conf is not loaded, the web page will show not found error.

So my question is, how could I make document root rewrite work so that it will load the new document root rewrite config as well.

I have setup nginx req_limit_zone to limit requests to my webserver. Also I added geo to whitelist certain IP's so request limit does not affect those IP's.

The problem is that once I test it with ap then it applies that request limit to the IP's that are whitelisted and everything else is not limited.

Rate limit config:

geo $limited {
    default 1;
        10.2.3.0/24 0;
}

map $limited $limit {
    1   $binary_remote_addr;
    0   "";
}

limit_req_zone  $limit  zone=r_local:10m    rate=50r/s;

Vhost config:

server {

listen    x.x.x.x:80;
  server_name www.local.dev dev.local.lan ;

  access_log  syslog:info syslog;
  error_log syslog:err;

  if ($host ~* ^local\.dev$) {
    rewrite   ^/(.*)$           http://www.local.dev/$1;
  }

  if ($host ~* ^www\.local\.live$) {
    rewrite  ^/(.*)$  /norlimit/$1  break;
  }

  if ($http_user_agent ~ (Googlebot|msnbot)) {
    rewrite  ^/(.*)$  /norlimit/$1  break;
  }

  more_clear_headers 'Server';
  more_clear_headers 'Pragma';

  location /norlimit/ {
    rewrite     ^/norlimit/(.*)$ /$1 break;
    include       proxy_headers.conf;
    proxy_set_header  X-Secure  False;
    proxy_pass      http://local_dev_www/;
    proxy_next_upstream error timeout invalid_header http_500 http_503;
    internal;
  }

  location / {
    limit_req     zone=r_www.local.dev   burst=60  nodelay;
    include       proxy_headers.conf;
    proxy_set_header  X-Secure  False;
    proxy_pass      http://local_dev_www/;
    proxy_next_upstream error timeout invalid_header http_500 http_503;
  }

  location /api/ {
    include       proxy_headers.conf;
    proxy_set_header  X-Secure  False;
    proxy_pass      http://local_dev_www/;
    proxy_next_upstream error timeout invalid_header http_500 http_503;
  }

  location /inc/ {
    include       proxy_headers.conf;
    proxy_pass      http://local_dev_www/inc/;
    proxy_next_upstream error timeout invalid_header http_500 http_503;
  }

  location /i/ {
    include       proxy_headers.conf;
    proxy_pass      http://local_dev_www/i/;
    proxy_next_upstream error timeout invalid_header http_500 http_503;
  }

  location /i/xml/ {
    return  403;
    }

  location /i/banners/ {
    return  403;
  }

  location /id/ {
    return  403;
  }

}

I want to remove request limit from whitelist IP's and limit requests on anything else, but at the moment it works other way around. It limits requests on whitelist IP's and any other IP is not limited.

I ordered a dedicated server from a certain service provider and they rent out iSCSI NAS as well. So I ordered 1TB iSCSI and connected it to proxmox via GUI. Then I read that the provider does not recommend connecting multiple hosts to the iSCSI. My question is when I create two new proxmox virtual machine virtio HDD's (diffrent vm's) and it's saved on the iSCSI, would this make the data in iSCSI corrupt? The data on vm's hdd's that are on iSCSI drive are saved only from proxmox right, not from the vm itself, as the vm does not connect to iSCSI?

I hope you guys can clear this for me.

I am having trouble finding a solution in Puppet documents. I am trying to define a variable in Puppet template. For example:

If class graylog2 and apache are defined in node class section then the template puts these variables in the config file:

# Apache logging
local5.* @<%= @server_gl -%>:<%= @service_port_gl -%> <- This part has to inserted if defined graylog2 class and apache class in node file
local5.info ~
local5.err ~

# Nginx logging
local4.* @<%= @server_gl -%>:<%= @service_port_gl -%> <- This part has to be inserted if defined graylog2 class and apache class in node file
local4.info ~
local4.err ~

Example:

if defined (Class['apache', 'graylog2'])
    # Nginx logging
    local4.* @<%= @server_gl -%>:<%= @service_port_gl -%>
    local4.info ~
    local4.err 
else
    # Nginx logging
    local4.info ~
    local4.err

I am not 100% sure, but I guess the example version would not work. Also how could I get @server_gl from graylog2 module so it does not have to be defined in syslog module.

I am having a issue. I am trying to send apache/nginx logs to logstash server. The problem is that rsyslog sends host as IP not the servers FQDN.

Solutions that I have tried:

1. PreserveFQDN on (did not help)
2. Add FQDN to hosts file and enable PreserverFQDN again (did not help)
3. Added %FROMHOST% to template, but that only added short FQDN in front of the message

My config:

#rsyslog v3 config file
# Managed by Puppet

#### MODULES ####

$ModLoad imuxsock.so  # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so  # provides kernel logging support (previously done by rklogd)
$ModLoad imfile.so # provides support for logging from files
$ModLoad immark.so # enable mark messages

#### GLOBAL DIRECTIVES ####

$PreserveFQDN on 
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$WorkDirectory /var/spool/rsyslog
$SystemLogRateLimitInterval 5
$SystemLogRateLimitBurst 10000

$MainMsgQueueType LinkedList
$MainMsgQueueFileName mainmsg_queue
$MainMsgQueueMaxDiskSpace 1g
$MainMsgQueueSaveOnShutdown on

$ActionQueueType LinkedList
$ActionQueueFileName action_queue
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on

$ActionResumeRetryCount -1

$MarkMessagePeriod 1200

#### TEMPLATES ####

$template MsgFormat, "%msg%\n"
$template ApacheAccess, "/var/log/httpd/%programname%.log"
$template ApacheError, "/var/log/httpd/%programname%.log"
$template NginxAccess, "/var/log/nginx/%msg:F,32:2%_access.log"
$template NginxError, "/var/log/nginx/error.log"
$template test, "%FROMHOST% %msg%"

#### RULES ####

local5.* @logserver:514

# Apache logging
local5.info ~
local5.err ~

# Nginx logging
local4.info ~
local4.err ~

Where could the problem be that it send the message like this:

{:event=>{"message"=>"[Wed Sep 10 15:30:03 2014] [notice] Digest: generating secret for digest authentication ...", "@version"=>"1", "@timestamp"=>"2014-09-16T07:46:12.000Z", "type"=>"syslog", "host"=>"SERVERIP(needs to be full FQDN)", "priority"=>171, "timestamp"=>"Sep 16 10:46:12", "logsource"=>"SERVERSHORTFQDN", "program"=>"apache", "severity"=>3, "facility"=>21, "facility_label"=>"local5", "severity_label"=>"Error"}, :level=>:debug, :file=>"(eval)", :line=>"18"}

Rsyslog version:

rsyslogd 5.8.10, compiled with:
    FEATURE_REGEXP:             Yes
    FEATURE_LARGEFILE:          No
    GSSAPI Kerberos 5 support:      Yes
    FEATURE_DEBUG (debug build, slow code): No
    32bit Atomic operations supported:  Yes
    64bit Atomic operations supported:  Yes
    Runtime Instrumentation (slow code):    No

See http://www.rsyslog.com for more information.

I am developing a nagios/collectd check for time checking on each server. I have done bash script to get info from Collectd WSP files and check them against the nagios server time (date +%s). Collectd sends the date +%s value after 60 seconds has past from the last sending. The problem I am facing is how can I make the check command calculate that if the value is out of sync maximum 60 seconds then everything is OK, if its out of sync over 60 seconds then its critical.

The script:

Time collecting on nagios server and collectd WSP files that other servers send. Each command returns a value in epoch ($time is taken from nagios server and $stime is taken from collectd WSP files):

time=`date +%s`
stime=`whisper-fetch --from=$(expr $(date +%s) - 60) --until=$(date +%s) $WSP_PATH | cut -c1-10`

Critical IF statement. If this $stime does not match to $time got from nagios server then it sends critical. I want this to be, if nagios servers time value is out of sync over 60 seconds compared to WSP output value then its critical else its OK.

if [ "$stime" -ne "$time" ] ; then
    echo CRITICAL: Server time is out of sync!
    exit $STATE_CRITICAL
fi

OK statement:

echo OK: Server time is in sync
exit $STATE_OK

I am having a issue of understanding how I could make puppet run a command only if another module/class is installed. I read that Define function could do it, but I did not understand it. Example what I am trying to do:

Lets say I have a module/class SSH and module/class SSH Keys and then I want to run a command in SSH Keys only if SSH module/class is defined in node.

I am doing this for NagiOS, to make sure that NagiOS only monitors those servers that have a module installed that it wants to monitor.

PS: Sorry if I explained it badly.

I am writing a collectd nagios custom check script in bash. The problem I am having is that nagios shows hostnames as host.name.domain but collectd holds WSP files as host_name_domain. My question is how can I make a variable convert the hostname that it gets from nagios (host.name.domain) to collectd format (host_name_domain).

This is the part where the convertion has to occur. So the WSP_PATH would give out collectd format of hostname in variable $NHOST

WSP_PATH=/var/lib/carbon/whisper/ctd/$NHOST/uptime/uptime.wsp

I just installed a new VMWare ESXi 5.5 server and checked the partitions on old 5.0 ESXi and on the new 5.5 ESXi and the new one has two VMWare Diagnostics partitions but the old one has only one.

New one 5.5:
VMWare Diagnostics 2.5GB
VMWare Diagnostics 110MB

Old 5.0:
VMWare Diagnostics 110MB

Does it have to be this way? If not how can I disable the 2.5GB diagnostics partitions because my HDD space is limited and because of it the swap file of one VM wont be created thanks to lack of space.

I am developing a script for monit status checking so I can send OK status messages to NagiOS NSCA server (passive checks). The problem I am having is that my bash script still sends messages if the scripts grep function does not include anything that would trigger the message sending.

Script:

Variables

rsysl='rsyslog'
log='messages'

Commands in variables

host=$(hostname)
monstat=$(monit status|grep -C 1 '$rsysl')
nsca_status=$(echo -e "$host\t$rsysl\t0\tOK" | /usr/sbin/send_nsca -H mon.lv.lan -c /etc/send_nsca.cfg)

Monit status command

# Postfix check
$monstat

Message sending function as you can see it only should send the message when status is equal to not running and not accessible

if [ "status" == "not running" ] && [ "status" == "not accessible" ]; then
   $nsca_status
else
   :
fi

Grep output (in real situation the message sending command has to match running and accessible:

# monit status|grep -C 1 'rsyslog'

Process 'rsyslog'
  status                            Running
--

File 'rsyslog-messages-log'
  status                            Accessible

I am trying to monitor HTTP status with 404 or 403 page. As you all know Monit takes those pages as failed connection, but how could I change that. I just want to monitor that it shows the 404 or 403 page.

I need to check it with this config if its possible.

This is my check config:

check process httpd with pidfile /var/run/httpd.pid
  start program = "/etc/init.d/httpd start"
  stop program = "/etc/init.d/httpd stop"
    if failed host hostname port 80
    protocol HTTP request "/"
    then exec "/bin/bash -c '/bin/echo -e "hostname\thttpd\t3\tFAILED" | /usr/sbin/send_nsca -H nagiosserver -c /etc/send_nsca.cfg; /usr/bin/monit restart nginx;'"

I am trying to equal something from last command with bash if statement:

#!/bin/bash

monit status

if [ "status" != "error" ]; then
        echo -e "hostname\ttest\t0\t0" | /usr/sbin/send_nsca -H hostname -c /etc/send_nsca.cfg
        exit 1;
fi

Even if the monit status gives out status = online with all services it runs the echo command. I can not figure out how to make the if statement match the status of monit status output.

I need to send a message to graylog2 server via echo to test if the %{@type} for facility is corrent, but once I do the echo thats in GELF support does not arrive in to my graylog2 server. If it restart graylog2 then the messages about it starting arrive to the graylog2 server.

Example of the echo message:

echo '{"version": "1.1","host":"example.org","short_message":"A short message that helps you identify what is going on","full_message":"Backtrace here\n\nmore stuff","level":1,"_user_id":9001,"_some_info":"foo","_some_env_var":"bar"}' | nc -w 1 my.graylog.server 12201

What am I doing wrong? The graylog --debug mode does not show anything. It does not even see the message come in.

Edit:

Graylog2 input is setup for GELF TCP and shows active connections and it raises when I try to echo, but nothing reaches the server as for the message goes.

I am having a problem with cron.daily job in Proxmox. Its giving me this error:

/etc/cron.daily/pve:
Can't stat /var/log/pve/tasks/6: No such file or directory
at /etc/cron.daily/pve line 78

The /var/log/pve/tasks/6 folder is missing, but I can create it. I only want to know if I create it would it break something? Seems like the cronjob can not create it, but only wants to write in to it.

So my main question is that is it safe to create that log folder?

I made a mistake with rename command

find . -type f -exec rename 's/[^A-Za-z0-9._]//g' {} +

After that the files are not under their folders as they used to be and every file has . in front of them. Now my customers can not see the files. Once I remove the . then they can see the files.

How can I remove . from the files. Like this:

.finacialyear2008half.doc

to

finacialyear2008half.doc

Please help me! I need a fast fix.

I am looking for a solution to move files that are year older from today. My log partition is getting full, but I can not remove them. They are needed for a long long time. Anyway one solution I came up with is:

find /sourcedirectory -mtime 365 -exec mv "{}" /destination/directory/ \;

Would this work? Asking because of the "-mtime 365" would this move the files that are year older from today to a new location?

Thank you!

I have a problem with Chef rbenv cookbook. Once I start to bootstrap a server it gives me a error:

could not find user recipe for cookbook rbenv

But the recipe is in the recipes folder. I can not get it to work even if I define the recipe in the role as well.

recipe rbenv
recipe rbenv::user

This is how I try to install user ruby in role:

  :rbenv => {
    :user_rubies => ['1.9.3-p392'],
    :global  => '1.9.3-p392',
    :user_installs => [
      {
        :user    => 'rubyuser',
        :global  => '1.9.3-p392',
        :rubies  => ['1.9.3-p392'],
        :gems    => {
          '1.9.3-p392' => [
            { :name => 'bundler' },
            { :name => 'capistrano' },
          ]
        }
      }
    ]
  },

I have tried to add user.rb recipe and user_install.rb recipe to rbenv cookbook in server /var/chef/cache/cookbooks/rbenv/recipes/ folder by hand, but that does not help me either. Theres nothing that needs rbenv before it runs the rbenv install. It gives me the error when it starts to install it.

Please help me.

I am having a issue with Monits content check. I know I can check the log file like this

check file test.log with path logs/test.log
if not match "something" for 5 cycles then alert

But the log file has so many variables and its growing really fast so it alerts me on every line. The problem I am having is that I need to ignore everything else. I know I can do it with ignore variable in monit check content, but that wont help me because there are numbers that change every second. I need a way to check this log file out, the file size and timestamp won't help me because if database is lost the log file still is growing because it gives me the error database has gone away. Now I need a way to monitor it so I know that my messages are going to users. Does anyone have a good solution for this. I really need it.

I need help. I was looking in to Monit documentation and I need help. I could not find my answer there. I need to monitor a log file of a service, if that log file stops to increase in size or even better something in the log file stops coming in (the log file gets around 20 new messages in a second. It has rotation) then monit will alert me via e-mail. This is really needed!

Thank you!