stimur's questions

I have CloudFormation stack, which is frequently updated by a script (changing source AMIs for launch configuration). I would love to have it deployed by the same script, executed by non-privileged user/instance role. Currently all updates are made by admin user, with a lot more privileges than needed.

My initial approach was by try and fail, see in logs what permission is missing and adding it one by one. Takes a lot of time and far from productive.

I am thinking that there should be a way to generate list of permissions based on CloudFormation template, plus permissions to update the stack itself.

My second thought is to process CloudTrail logs of successful deployment to extract actions and resources from there.

May be there is already a way to do it and I'm re:Inveting the wheel ?

I have application logging events in JSON format for later structured queries, etc. Now I have a task to log the same messages in plain text (CSV probably) and I really don't want to log each event twice in both formats.

Is it possible to convert within rsyslog ? I have an option of tracing the output file and piping it to converter and then log with different tag, but that seems suboptimal.

Any other ideas ?

Thanks !

TL/DR: Is there flapping detection available in Zabbix ?

expanded question: I'm trying to achieve same behaviour in Zabbix alerts as I've seen in Nagios: When monitored service is in unstable state and triggers several Up/Down events for some period of time "flapping detection" generates one alert for flapping and silent all other Up/Down alerts until service is stable.

What did I do already: I tried to increase timespan and/or amount of events to trigger alarm state. This approach makes it less sensible and still doesn't solve flapping problem.

May be I just don't understand something in Zabbix trigger logic ?

I've a task to create Certificate Authority for company use. Preferably using "valid" ( not self-signed) certificate. The goal is to issue individual certificates for subdomains, instead of wildcard, plus sub-subdomains, not covered by wildcard cert, users, services, etc.

All this may be limited to a single domain only.

As I understand I need valid certificate which has certain capabilities in it like this Key Cert Sign, CRL Sign.

Is that true and can someone point me to the documentation and SSL provider who can sell me that kind of certificate ?

Thanks.

UPDATE: Thanks for the comments: I may need to rephrase my question then, what is needed to issue publicly valid certificates for services and users ? There are some sites issuing user certificates, like this https://www.comodo.com/home/email-security/free-email-certificate.php. But I don't want to rely on public and free services for company use and would rather use something constant and reliable.

Being a VSAN beta tester I decided to upgrade to GA version as VMWare suggests for production sites. They say, it is not possible/supported to upgrade from beta to GA version, and I did not upgrade, but full wipe/reinstall of ESX hosts. However during install I found that system is extremely slow, installer boots up in a couple of hours, then all system scan operations took about 30-40 minutes each. Installed system always stuck at

usbarbitrator start

message.

I enabled logging to a serial console and here what I see these messages:

2014-03-31T20:00:54.517Z cpu2:33262)LSOMCommon: LSOM_RegisterDiskAttrHandle:99: t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710 is a SATA disk
2014-03-31T20:00:54.532Z cpu2:33262)LSOMCommon: LSOM_RegisterDiskAttrHandle:103: DiskAttrHandle:0x4111c977b928 is added to disk:t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710 by module:plog
2014-03-31T20:00:54.551Z cpu2:33262)PLOG: PLOG_InitMDDevice:830: Registered diskAttrHandle:0x4111c977b928 on disk t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710
2014-03-31T20:00:54.568Z cpu2:33262)PLOG: PLOG_AllocOneRDT:539: You're wasting 524288 bytes by not requesting a length that is not a multiple of the allocation granularity 1048576
2014-03-31T20:00:54.583Z cpu2:33262)PLOG: PLOG_InitElevator:1782: Initializing PLOG Elevator UUID 5287745f-e1c5-269f-ce67-c8d8d4c03967 
2014-03-31T20:00:54.595Z cpu2:33262)LSOMCommon: LSOMSetWCEnableSATA:1071: SATA disk t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710 disabling cache...
2014-03-31T20:00:54.611Z cpu2:33262)PLOG: PLOG_InitElevator:1845: Initializing PLOG Elevator UUID on device t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710:2 5287745f-e1c5-269f-ce67-c8d8d4c03967 
2014-03-31T20:00:54.630Z cpu2:33262)PLOG: PLOG_InitMDDevice:843: PLOG device t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710:2 is initialized with device handles
2014-03-31T20:01:24.648Z cpu1:32798)NMP: nmp_ThrottleLogForDevice:2321: Cmd 0x28 (0x4136804461c0, 0) to dev "t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710" on path "vmhba37:C0:T0:L0" Failed: H:0x5 D:0x0 P:0x0 Possible sense $
2014-03-31T20:01:24.670Z cpu1:32798)WARNING: NMP: nmp_DeviceRequestFastDeviceProbe:237: NMP device "t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710" state in doubt; requested fast path state update...
2014-03-31T20:01:24.691Z cpu1:32798)ScsiDeviceIO: 2337: Cmd(0x4136804461c0) 0x28, CmdSN 0x1 from world 0 to dev "t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710" failed H:0x5 D:0x0 P:0x0 Possible sense data: 0x5 0x24 0x0.
2014-03-31T20:01:24.713Z cpu1:32798)LSOMCommon: IORETRYCompleteIO:389: Throttled:  0x4136c8c6af00 IO type 264 (READ) isOdered:NO since 30065 msec status Maximum kernel-level retries exceeded
2014-03-31T20:01:24.729Z cpu9:33541)WARNING: LSOM: LSOMEventNotify:4570: VSAN device 5287745f-e1c5-269f-ce67-c8d8d4c03967 is under permanent error.
2014-03-31T20:01:24.743Z cpu9:33541)WARNING: LSOM: LSOMPostDiskEvent:2114: Unable to post disk event for 5287745f-e1c5-269f-ce67-c8d8d4c03967: Not ready
2014-03-31T20:01:24.757Z cpu9:33541)LSOM: LSOMPublishDisk:1959: Throttled: Unable to post disk event for 5287745f-e1c5-269f-ce67-c8d8d4c03967: Not ready
2014-03-31T20:01:54.774Z cpu1:32798)NMP: nmp_ThrottleLogForDevice:2321: Cmd 0x28 (0x413680441bc0, 0) to dev "t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710" on path "vmhba37:C0:T0:L0" Failed: H:0x5 D:0x0 P:0x0 Possible sense $
2014-03-31T20:01:54.797Z cpu1:32798)WARNING: NMP: nmp_DeviceRequestFastDeviceProbe:237: NMP device "t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710" state in doubt; requested fast path state update...
2014-03-31T20:01:54.817Z cpu1:32798)ScsiDeviceIO: 2337: Cmd(0x413680441bc0) 0x28, CmdSN 0x2 from world 0 to dev "t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710" failed H:0x5 D:0x0 P:0x0 Possible sense data: 0x0 0x0 0x0.
2014-03-31T20:01:54.839Z cpu1:32798)LSOMCommon: IORETRYCompleteIO:389: Throttled:  0x4136c8c6ae40 IO type 264 (READ) isOdered:NO since 30063 msec status Maximum kernel-level retries exceeded
2014-03-31T20:02:05.014Z cpu15:32958)VMW_SATP_LOCAL: satp_local_updatePathStates:458: Failed to update path "vmhba37:C0:T0:L0" state. Status=Transient storage condition, suggest retry
2014-03-31T20:02:19.017Z cpu1:32798)WARNING: NMP: nmp_DeviceRequestFastDeviceProbe:237: NMP device "t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710" state in doubt; requested fast path state update...
2014-03-31T20:02:19.038Z cpu1:32798)ScsiDeviceIO: 2337: Cmd(0x413680444b40) 0x12, CmdSN 0x318 from world 0 to dev "t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710" failed H:0x5 D:0x0 P:0x0 Possible sense data: 0x2 0x3a 0x0.
2014-03-31T20:02:24.857Z cpu1:32798)NMP: nmp_ThrottleLogForDevice:2321: Cmd 0x28 (0x4136804411c0, 0) to dev "t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710" on path "vmhba37:C0:T0:L0" Failed: H:0x5 D:0x0 P:0x0 Possible sense $
2014-03-31T20:02:24.879Z cpu1:32798)ScsiDeviceIO: 2337: Cmd(0x4136804411c0) 0x28, CmdSN 0x3 from world 0 to dev "t10.ATA_____WDC_WD2000FYYZ2D01UL1B0_______________________WD2DWCC1P0395710" failed H:0x5 D:0x0 P:0x0 Possible sense data: 0x0 0x0 0x0.

I dont see them if I take out all of the disks. I verified all disks are readable, no errors no bad blocks,etc. I understand that my server could be not in HCL, but Beta version worked fine, only GA has this issue.