2013 Study Target

Python

• Python 學習手冊 -- 第三版  (2011/11 完成)
• Python 學習筆記
• Victor's 易記學 程式設計教學
• Programming Python (進行中)
• PEP 8 -- Style Guide for Python
• Python Guide
• Think Python
• Testing Tool
• Nose
• Virtualenv
• Coverage

Linux

• http://linux.vbird.org/linux_basic/index.php  基礎學習篇  (進行中)
• http://linux.vbird.org/linux_server/                伺服器架設篇
• http://linux.vbird.org/linux_enterprise/           企業應用篇
• http://linux.vbird.org/linux_desktop/             桌面應用篇
• http://linux.vbird.org/linux_security/old/       系統安全篇
• http://www.ibm.com/developerworks/linux/
• http://www.ibm.com/developerworks/linux/library/l-config/index.html
• http://linuxconfig.org/
• Crash Dump and Analysis
• http://www.makelinux.net/books/ulk3/?u=understandlk-CHP-14-SECT-3
• Pro Ubuntu Server Administration(APress)
• Pro Linux System Administration(APress)
• http://doc.opensuse.org/products/draft/SLES/SLES-tuning_sd_draft/index.html
• 
  

Sell Script

• http://tldp.org/LDP/abs/html/
• http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-11.html
• http://blog.longwin.com.tw/2009/07/learn-bash-man-book-1-2009/
• http://www.gnu.org/software/bash/manual/bashref.html
• https://sites.google.com/site/tiger2000/home

Design Pattern

• http://caterpillar.onlyfun.net/Gossip/DesignPattern/DesignPattern.htm
• https://sites.google.com/site/stevenattw/design-patterns
• 物件導向設計模式 (Design Patterns) Gamma.Johnson.Helm.Vlissides 著 葉秉哲 譯
• Design Patterns於Java語言上的實習應用 結城浩 著 李于菁 譯
• 深入淺出設計模式 (Head First Design Patterns) Freeman & Freeman著, 蔡學鏞譯

重構 (Re-factoring)

• https://sites.google.com/site/stevenattw/refactoring

• 重構 - 改善既有程式的設計 (Refactoring: Improving The Design of Existing code) Martin Fowler著，侯捷/熊節 譯
• Java重構 結城浩 著，江珮齡/王元綱 譯
• 重構 - 向範式前進 (Refactoring to Pattterns) Joshua Kerievsky 著，侯捷/陳裕城 譯

Storage

• Nexenta
• http://www.nexenta.com/corp/documentation/product-documentation
• http://www.nexenta.com/corp/collateral-library --> Solution Brief --> Intel
• Whitepaper
• Training Document
• IntelIDF2010
• IntelIDF2011
• Evolution Of the Storage Brain  (進行中)
• Information Storage and Management by IBM
• Storage Networks Explained, 2nd Edition July 2009
• Storage Virtualization

Hypervisor

• KVM
• HOWTO
• IBM Linux Blueprint: Quick Start Guide for installing and running KVM
• Getting KVM to run on your machine
• choose the right kvm & kernel version
• How To Migrate From Vmware To KVM
• Migrating User Mode Linux to Xen and KVM
• QEMU user manual
• Tuning_KVM
• Tuning_Kernel
• Ubuntu wiki
• WikiBook QEMU/KVM
• Libvirt

Cloud

• Cloud Security Alliance
• AWS HA
• Openstack

演算法

• 演算法筆記

Programming Language

• FailFast 
• Advanced Linux Programming
• Pragmatic programmer, from journey man to master
• 
  

NoSQL

• Key point from NoSQL distilled

Vmware RDM and Datastore

What is RDM

• Introduction

http://pubs.vmware.com/vsphere-51/index.jsp#com.vmware.vsphere.storage.doc/GUID-B3522FF1-76FF-419D-8DB6-F15BFD4DF12A.html

• Selecting a Virtual Disk Type

http://pubs.vmware.com/vsphere-51/index.jsp#com.vmware.vsphere.vm_admin.doc/GUID-8F10AA59-C412-4B42-B180-47D0DAB15539.html

Configuration Maximums

• Vsphere 5.1

http://www.vmware.com/pdf/vsphere5/r51/vsphere-51-configuration-maximums.pdf

• Vsphere 5.5

http://www.vmware.com/pdf/vsphere5/r55/vsphere-55-configuration-maximums.pdf

Pros and Cons

• Compare datastore & RDM

http://longwhiteclouds.com/2012/09/17/the-case-for-larger-than-2tb-virtual-disks-and-the-gotcha-with-vmfs/

• Support VMDK larger than 2T in vsphere 5.5

http://www.mikelaverick.com/2013/08/whats-new-in-vsphere-5-5-the-virtual-machine-62tb-vmdk

• Performance report of VMDK & RDM

https://communities.vmware.com/docs/DOC-10799

Simple IO Performance Testing

http://www.slashroot.in/linux-file-system-read-write-performance-test

	Seq Read	Seq Write	Rand Read	Rand Write	Advanced
iozone	V	V	V	V	V
fio	V	V	V	V	V
dd	V	V
hdparm	V
Bonnie	V	V	V
ioping		V		V

Bonnie

直接執行 Bonnie 就可以測試, 但不知道為什麼測試大小空間一定要 RAM * 2 的以上. 所以反而沒法很快的拿到測試結果

$ bonnie++
Writing a byte at a time...done
Writing intelligently...done
Rewriting...done
Reading a byte at a time...done
Reading intelligently...done
start 'em...done...done...done...done...done...
Create files in sequential order...done.
Stat files in sequential order...done.
Delete files in sequential order...done.
Create files in random order...done.
Stat files in random order...done.
Delete files in random order...done.
Version  1.96       ------Sequential Output------ --Sequential Input- --Random-
Concurrency   1     -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks--
Machine        Size K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP  /sec %CP
pjack-VirtualBox 8G   575  96 36095   9 24925   7  3157  78 63170  13 101.3   9
Latency             31959us    2665ms    1823ms     127ms     583ms    1354ms
Version  1.96       ------Sequential Create------ --------Random Create--------
pjack-VirtualBox    -Create-- --Read--- -Delete-- -Create-- --Read--- -Delete--
              files  /sec %CP  /sec %CP  /sec %CP  /sec %CP  /sec %CP  /sec %CP
                 16 13139  28 +++++ +++ 23059  36 21424  37 +++++ +++ 22344  36
Latency             63809us    1600us     528us     656us     660us    1080us
1.96,1.96,pjack-VirtualBox,1,1383799934,8G,,575,96,36095,9,24925,7,3157,78,63170,13,101.3,9,16,,,,,13139,28,+++++,+++,23059,36,21424,37,+++++,+++,22344,36,31959us,2665ms,18
23ms,127ms,583ms,1354ms,63809us,1600us,528us,656us,660us,1080us

iozone

Iozone 有預設 13 種 pattern , 所以算是測試很齊全又不會太麻煩的工具
官網:
http://www.iozone.org/
使用方式介紹:
http://www.thegeekstuff.com/2011/05/iozone-examples/

fio

fio 則是擁有全功能, 可以自己設計 pattern, 又很多參數可以調整, 是很專業的工具, 但要寫 Script, 如果想要快速的拿到一些 performance report, 可能不是很好用, 之前也有介紹過
http://pjack1981.blogspot.tw/2012/05/fio-disk-benchmark.html

ioping

https://code.google.com/p/ioping/
很簡易的工具, 支援 seq/random write, 也可以指定 block size, 可以很快速的可以得到大概的狀況.

Import VirtualBox VM to ESXi Server

Transfer VDI to VMDK

先把 VDI 格式轉成 VMDK, 可以參考這篇, 如果原本的格式就是VMDK, 那可以跳過這一步
http://www.dedoimedo.com/computers/virtualbox-convert.html

把原來的 VM disk 換成 VMDK, 按下設定虛擬硬碟的 button, 選擇剛剛轉出來的 .vmdk 檔, 記得開機看看有沒有問題

Export to OVF

轉成 VMDK 檔之後, 其實也可以上傳到 ESXi Server 的 datastore 內, 然後生成 VM, 但我試的結果是可以正常開機, 但 snapshot 會有問題, 我猜想 ESXi Server 可能有他自己管理 VMDK 的方式來實作 snapshot, 直接這樣上傳會造成問題, 所以還是透過 OVF 檔較好
http://tad-do.net/2012/01/30/converting-virtualbox-to-vmware-esxi/

用 VirtualBox 匯出虛擬機器, 記得要改用 OVF 檔案, 把 XML 檔案獨立出來

把 XML 獨立出來的原因是, VirtualBox 預設的硬體規格, 有些 Vmware 不支援, 或是要修改, 文字檔才有辦法用文字編輯器改, 主要要修改

• SATA Controller => SCSI Controller
• Turn off Sound Card

如果 Import 還是遇到問題, 建議你可以先用 ESXi Server 做出一個空的機器, 然後 Export OVF, 交叉比對之後再把正確的值入, 像我要 Import 的系統是 Windows 2008 R2, 原來的 ovf:id=77 不支援, 修改成 103 後就可以用了.

      The kind of installed guest operating system
      Windows2008_64
      Windows2008_64
    

20131105 Update

另外還有一招比較慢, 但如果有遇到處理不了的, 都可以靠這個來解決, 大致上就是利用 ESXi Server 自行產生 OVF 檔, 再回覆回去

1. Transfer VDI to VMDK
2. import VMDK to ESXi Server
3. export VM as OVF template
4. import OVF template

Nagios Plugin ManPage

https://www.nagios-plugins.org/doc/man/index.html

Rebuild Ubuntu Package

Reference

http://manpages.ubuntu.com/manpages/precise/man1/dpkg-buildpackage.1.html
http://www.debian.org/doc/manuals/maint-guide/index.en.html
http://debian-handbook.info/browse/stable/debian-packaging.html
http://askubuntu.com/questions/28372/how-do-i-get-the-source-code-of-packages-installed-through-apt-get
http://www.debian.org/doc/debian-policy/
http://debian-handbook.info/browse/stable/sect.becoming-package-maintainer.html

Rebuild Flow Example

Download Source Code

最簡單的方式是利用 apt-get source

$ sudo apt-get source python-twill
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Picking 'twill' as source package instead of 'python-twill'
NOTICE: 'twill' packaging is maintained in the 'Svn' version control system at:
svn://svn.debian.org/python-modules/packages/twill/trunk/
Need to get 255 kB of source archives.
Get:1 http://free.nchc.org.tw/ubuntu/ precise/universe twill 0.9-3 (dsc) [1,367 B]
Get:2 http://free.nchc.org.tw/ubuntu/ precise/universe twill 0.9-3 (tar) [242 kB]
Get:3 http://free.nchc.org.tw/ubuntu/ precise/universe twill 0.9-3 (diff) [11.5 kB]
Fetched 255 kB in 3s (64.5 kB/s) 
gpgv: Signature made Sun 04 Dec 2011 11:29:49 PM CST using DSA key ID 5E3619D3
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./twill_0.9-3.dsc
dpkg-source: info: extracting twill in twill-0.9
dpkg-source: info: unpacking twill_0.9.orig.tar.gz
dpkg-source: info: unpacking twill_0.9-3.debian.tar.gz
dpkg-source: info: applying 01_fix_history_path.patch
dpkg-source: info: applying 02_remove_ext.patch
dpkg-source: info: applying 03_no_setuptools.patch
dpkg-source: info: applying 04_fix_deprecated_ClientForm.patch
dpkg-source: info: applying 05_fix_missing_imports.patch

$ ll
total 268
drwxr-xr-x  3 eric_chen pjack   4096 Oct  9 15:39 ./
drwxr-xr-x 63 eric_chen pjack   4096 Oct  9 14:33 ../
drwxr-xr-x  9 root      root    4096 Oct  9 15:39 twill-0.9/
-rw-r--r--  1 root      root   11494 Dec 17  2011 twill_0.9-3.debian.tar.gz
-rw-r--r--  1 root      root    1367 Dec 17  2011 twill_0.9-3.dsc
-rw-r--r--  1 root      root  242291 Feb  9  2009 twill_0.9.orig.tar.gz

如果有 dsc 檔， 裡面含有 Link 時， 也可以用 dpkg-source 指令下載

$ dpkg-source -x twill_0.9-3.dsc 
gpgv: Signature made Sun 04 Dec 2011 11:29:49 PM CST using DSA key ID 5E3619D3
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./twill_0.9-3.dsc
dpkg-source: info: extracting twill in twill-0.9
dpkg-source: info: unpacking twill_0.9.orig.tar.gz
dpkg-source: info: unpacking twill_0.9-3.debian.tar.gz
dpkg-source: info: applying 01_fix_history_path.patch
dpkg-source: info: applying 02_remove_ext.patch
dpkg-source: info: applying 03_no_setuptools.patch
dpkg-source: info: applying 04_fix_deprecated_ClientForm.patch
dpkg-source: info: applying 05_fix_missing_imports.patch

Modify ChangeLog

$ sudo apt-get install devscripts
$ cd twill-0.9
~/twill-0.9/$ dch -v twill-0.9-3ubuntu1
# 或是用這個指令也可
~/twill-0.9/$ dch -i  # Increment the final component of the Debian release number

twill (0.9-3ubuntu1) precise; urgency=low

  * test rebuild

 -- eric_chen   Wed, 09 Oct 2013 15:40:31 +0800

twill (0.9-3) unstable; urgency=low

  * Add debian/patches/04_fix_deprecated_ClientForm.patch as ClientForm
    is now shipped with mechanize.
    + debian/rules:
      - Drop Depends on python-clientform.
    + debian/control:
      - Bump python-mechanize Depends to >= 0.2.0~.
  * debian/patches/02_remove_ext.patch:
    + Fix tests as well.
  * Add debian/patches/05_fix_missing_imports.patch.
  * debian/control:
    + Bump Standards-Version to 3.9.2. No changes needed.
  * Switch from now deprecated pysupport to dh_python2.
    + Drop debian/pyversions and debian/pycompat.
    + debian/rules:
      - Remove DEB_PYTHON_SYSTEM.
    + debian/control:
      - Add X-Python-Version field.
      - Bump python and cdbs versions.

Rebuild Package

先把需要的 package 裝一裝

$ sudo apt-get build-dep python-twill 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Picking 'twill' as source package instead of 'python-twill'
The following NEW packages will be installed:
  cdbs debhelper dh-apparmor dh-translations docbook-xml docbook-xsl html2text intltool python-scour xsltproc
0 upgraded, 10 newly installed, 0 to remove and 2 not upgraded.
Need to get 1,701 kB/2,781 kB of archives.
After this operation, 16.5 MB of additional disk space will be used.
Do you want to continue [Y/n]? y

開始 rebuild

~/twill-0.9$ debuild -us -uc
 dpkg-buildpackage -rfakeroot -D -us -uc
dpkg-buildpackage: export CFLAGS from dpkg-buildflags (origin: vendor): -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
dpkg-buildpackage: export CPPFLAGS from dpkg-buildflags (origin: vendor): -D_FORTIFY_SOURCE=2
dpkg-buildpackage: export CXXFLAGS from dpkg-buildflags (origin: vendor): -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security
dpkg-buildpackage: export FFLAGS from dpkg-buildflags (origin: vendor): -g -O2
dpkg-buildpackage: export LDFLAGS from dpkg-buildflags (origin: vendor): -Wl,-Bsymbolic-functions -Wl,-z,relro
dpkg-buildpackage: source package twill
dpkg-buildpackage: source version 0.9-3
dpkg-buildpackage: source changed by Arnaud Fontaine 
 dpkg-source --before-build twill-0.9
dpkg-buildpackage: host architecture amd64
 fakeroot debian/rules clean
...

$ ll
-rw-r--r--  1 eric_chen pjack  68498 Oct  9 15:42 python-twill_0.9-3ubuntu1_all.deb
drwxr-xr-x 10 eric_chen pjack   4096 Oct  9 15:42 twill-0.9/
-rw-r--r--  1 eric_chen pjack  17480 Oct  9 15:43 twill_0.9-3ubuntu1_amd64.build
-rw-r--r--  1 eric_chen pjack   1252 Oct  9 15:42 twill_0.9-3ubuntu1_amd64.changes
-rw-r--r--  1 eric_chen pjack  11468 Oct  9 15:42 twill_0.9-3ubuntu1.debian.tar.gz
-rw-r--r--  1 eric_chen pjack   1149 Oct  9 15:42 twill_0.9-3ubuntu1.dsc

How to get Apache status

Apache Document:
http://httpd.apache.org/docs/

Enable mod_status

http://httpd.apache.org/docs/2.2/mod/mod_status.html

Sample: http://www.apache.org/server-status

Get Server Status From Command Line

By LYNX

http://www.cpanelkb.net/apache-status-in-command-line/

$ wget -q -O - --no-proxy http://10.42.93.36/server-status | lynx -stdin                                                                                                                       Apache Status (p1 of 2)
                                                     Apache Server Status for 10.42.93.36                                                     
                                                                                                                                              
   Server Version: Apache/2.2.22 (Ubuntu) mod_apreq2-20090110/2.8.0 mod_perl/2.0.5 Perl/v5.14.2                                               
   Server Built: Feb 13 2013 16:06:29                                                                                                         
     ________________________________________________________________________________________________________________________________         
                                                                                                                                              
   Current Time: Wednesday, 09-Oct-2013 06:22:36 BST                                                                                          
   Restart Time: Wednesday, 09-Oct-2013 04:01:27 BST                                                                                          
   Parent Server Generation: 0                                                                                                                
   Server uptime: 2 hours 21 minutes 8 seconds                                                                                                
   Total accesses: 322 - Total Traffic: 198 kB                                                                                                
   CPU Usage: u4.58 s.26 cu0 cs0 - .0572% CPU load                                                                                            
   .038 requests/sec - 23 B/second - 629 B/request                                                                                            
   1 requests currently being processed, 5 idle workers                                                                                       
                                                                                                                                              
_____W..........................................................                                                                              
................................................................                                                                              
................................................................                                                                              
................................................................                                                                              
                                                                                                                                              
   Scoreboard Key:                                                                                                                            
   "_" Waiting for Connection, "S" Starting up, "R" Reading Request,                                                                          
   "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,                                                                                   
   "C" Closing connection, "L" Logging, "G" Gracefully finishing,                                                                             
   "I" Idle cleanup of worker, "." Open slot with no current process                                                                          
                                                                                                                                              
   Srv PID    Acc   M CPU  SS  Req Conn Child Slot   Client       VHost                 Request                                               
   0-0 3575 0/55/55 _ 0.46 104 3   0.0  0.02  0.02 10.42.93.36 safesync.com GET / HTTP/1.1                                                    
   1-0 3576 0/55/55 _ 1.20 36  0   0.0  0.05  0.05 10.42.93.36 safesync.com GET /server-status HTTP/1.1                                       
   2-0 3577 0/55/55 _ 0.99 18  39  0.0  0.03  0.03 10.42.93.36 safesync.com GET /login HTTP/1.1                                               
   3-0 3578 0/55/55 _ 0.45 9   2   0.0  0.03  0.03 10.42.93.36 safesync.com GET / HTTP/1.1                                                    
   4-0 3579 0/54/54 _ 0.70 117 0   0.0  0.03  0.03 10.42.93.36 safesync.com GET /server-status?auto HTTP/1.1                                  
   5-0 5702 0/48/48 W 1.04 0   0   0.0  0.04  0.04 10.42.93.36 safesync.com GET /server-status HTTP/1.1                                       
     ________________________________________________________________________________________________________________________________         
                                                                                                                                              
    Srv  Child Server number - generation                                                                                                     
    PID  OS process ID                                                                                          

By Auto Parameter

$ wget -q -O - --no-proxy http://10.42.93.36/server-status?auto
Total Accesses: 324
Total kBytes: 202
CPULoad: .0567675
Uptime: 8526
ReqPerSec: .0380014
BytesPerSec: 24.2608
BytesPerReq: 638.42
BusyWorkers: 1
IdleWorkers: 5
Scoreboard: W_____..........................................................................................................................................................................................................................................................

Generate hash value in /etc/shadow

在 /etc/shadow 內會紀錄每個人的 password hash value, 第一欄是名字， 第二欄就是 hash value

echen:$6$D3PHrOW9$tyD6jY830eKaz8ctBXZznSZ8MVdMq.f6VPmFdFSKfy6zNqJtDgNsNWYc42RyAS2VmRBekWN4S1gALcZM9wNbi1:15975:0:99999:7:::

hash value 的最前面的三碼代表演算法, $1$ 是 MD5, $5$ 是 SHA-256, $6$ 是 SHA-512

$ man crypt
 ID  | Method
─────────────────────────────────────────────────────────
 1   | MD5
 2a  | Blowfish (not in mainline glibc; added in some Linux distributions)
 5   | SHA-256 (since glibc 2.7)
 6   | SHA-512 (since glibc 2.7)

接下來8個 Character 代表 SALT 值， 我們會把 SALT 和 password 連結在一起去做 HASH, 而 SALT 是 random 產生的字串， 以這邊為例就是D3PHrOW9, 接下來的就是 hash 值
http://www.aychedee.com/2012/03/14/etc_shadow-password-hash-formats/

用以下的指令可以產生這個 hash 值, -m 接演算法， 再下來是要加密的 password, 最後是 Random 生出來的 SALT 值

mkpasswd -m sha-512 MyPAsSwOrD $(openssl rand -base64 16 | tr -d '+=' | head -c 16)

$ apg -Mcln -a1 -m16
r9yyTyMgAY5M9Lwv
0yo8zsFRL3TSnPzK
ZwbnEPjmi3SBsa0e
6tiAxbCJWJPx2Z2X
VAulxq6hevbirzTs
jHCV7WBiA7CBVwrA

$ openssl rand -base64 16 | tr -d '+='
L6VYvmgovdLScofodk7DPg

$ </dev/urandom tr -dc '_A-Z-a-z-0-9!@#$%' | head -c16; echo ""
LmzB!j4#ah_p8lm7

CPU/顯卡比較網址

http://www.game-debate.com/gpu/index.php?gid=1481&gid2=1247&compare=radeon-hd-8670-oem-vs-geforce-gt-740m

http://www.game-debate.com/cpu/index.php?pid=1882&pid2=1245&compare=core-i5-4200u-1-6ghz-vs-core-i5-3230m-2-6ghz

Percona MySQL server tuning guide from webinar

When: Jul 24, 2013
Where: Percona MySQL Webinar
Presenter: Alexander Rubin, Principal Consultant


Tuning MySQL queries and indexes can significantly increase the performance of your application and decrease response times. In this webinar, Percona Principal Consultant Alexander Rubin will discuss advanced techniques for optimizing MySQL queries. Topics include:
1. GROUP BY and ORDER BY optimization
2. MySQL temporary tables and filesort
3. Using covered indexes to optimize your queries
4. Loose and tight index scans in MySQL

Recorded Video: https://www.youtube.com/watch?v=TPFibi2G_oo

Slides: http://www.percona.com/resources/technical-presentations/advanced-mysql-query-tuning-percona-mysql-webinar

Follow Q&A: http://www.mysqlperformanceblog.com/2013/08/02/advanced-mysql-query-tuning-webinar-followup-qa/

Scan SSL Cipher Suite

SSL Cipher Suite

TLS protocol 1.0 RFC
http://www.ietf.org/rfc/rfc2246.txt
TLS protocol 1.1 RFC
http://www.ietf.org/rfc/rfc4346.txt
TLS protocol 1.2 RFC
http://www.ietf.org/rfc/rfc5246.txt
Elliptic Curve Cryptography (ECC) Cipher Suites
http://www.ietf.org/rfc/rfc4492.txt
統整
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml

Server Side SSL Cipher Suite

這個網站可以幫忙 scan 你的 server 的提供的 SSL 安全等級, 以及支援的 SSL Cipher Suite
https://www.ssllabs.com/ssltest/index.html


在 Linux 上也有個 sslscan 的工具

$ apt-get install sslscan
$ sslscan --no-failed www.google.com
                   _
           ___ ___| |___  ___ __ _ _ __
          / __/ __| / __|/ __/ _` | '_ \
          \__ \__ \ \__ \ (_| (_| | | | |
          |___/___/_|___/\___\__,_|_| |_|

                  Version 1.8.2
             http://www.titania.co.uk
        Copyright Ian Ventura-Whiting 2009

Testing SSL server www.google.com on port 443

  Supported Server Cipher(s):
    Accepted  SSLv3  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  SSLv3  256 bits  AES256-SHA
    Accepted  SSLv3  168 bits  ECDHE-RSA-DES-CBC3-SHA
    Accepted  SSLv3  168 bits  DES-CBC3-SHA
    Accepted  SSLv3  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  SSLv3  128 bits  AES128-SHA
    Accepted  SSLv3  128 bits  ECDHE-RSA-RC4-SHA
    Accepted  SSLv3  128 bits  RC4-SHA
    Accepted  SSLv3  128 bits  RC4-MD5
    Accepted  TLSv1  256 bits  ECDHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  168 bits  ECDHE-RSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1  128 bits  ECDHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  128 bits  ECDHE-RSA-RC4-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5

  Prefered Server Cipher(s):
    SSLv3  128 bits  ECDHE-RSA-RC4-SHA
    TLSv1  128 bits  ECDHE-RSA-RC4-SHA

  SSL Certificate:
    Version: 2
    Serial Number: 5892482494032825274
    Signature Algorithm: sha1WithRSAEncryption
    Issuer: /C=US/O=Google Inc/CN=Google Internet Authority G2
    Not valid before: Aug 29 12:35:17 2013 GMT
    Not valid after: Aug 29 12:35:17 2014 GMT
    Subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (2048 bit)
      Public-Key: (2048 bit)
      Modulus:
          00:8e:b7:62:be:81:a1:02:43:0b:5d:93:66:41:c3:
          69:c7:b1:8f:af:3f:cf:90:88:c3:fa:b6:1f:b7:dd:
          eb:c5:f4:11:e5:81:9f:01:66:3c:eb:c7:4c:16:b8:
          ab:2e:4f:00:1d:58:53:e0:48:55:0f:ef:5f:a9:2b:
          e0:e5:23:d1:52:f0:2b:3a:b7:19:92:f5:42:74:4b:
          7d:60:eb:95:f8:7c:68:c6:c4:66:ec:37:d8:1e:dd:
          0f:01:df:30:6e:c2:25:00:57:36:5e:2c:a5:fd:01:
          54:65:89:60:e8:ab:98:b6:4b:d6:44:0f:8f:f9:27:
          53:5f:51:d9:01:50:7b:aa:2d:0f:da:0d:8d:2a:d8:
          22:c8:a2:e8:77:16:db:fa:f7:0c:42:dd:af:77:3f:
          71:af:d2:92:c5:00:48:41:93:81:1e:61:0f:a8:6b:
          04:96:25:b4:70:2a:da:e6:4a:0d:23:fd:5c:72:0e:
          68:a6:1d:59:e4:78:31:07:c5:8a:9f:75:fd:9a:93:
          8b:70:ba:00:c5:47:c4:fa:2f:8a:14:bd:7b:c7:b4:
          3a:f2:45:d8:1d:6e:38:fd:27:81:15:8f:4c:96:aa:
          45:f8:7c:d6:f2:c0:d9:fc:17:b9:75:3d:14:66:71:
          8e:cf:d4:0b:cb:bf:e3:08:71:5d:88:fa:e5:53:3d:
          41:9f
      Exponent: 65537 (0x10001)
    X509v3 Extensions:
      X509v3 Extended Key Usage: 
        TLS Web Server Authentication, TLS Web Client Authentication
      X509v3 Subject Alternative Name: 
        DNS:www.google.com
      Authority Information Access: 
        CA Issuers - URI:http://pki.google.com/GIAG2.crt
        OCSP - URI:http://clients1.google.com/ocsp
      X509v3 Subject Key Identifier: 
        6B:36:89:3B:32:31:63:1B:D7:13:7E:07:BA:4B:3F:E9:27:E9:58:76
      X509v3 Basic Constraints: critical
        CA:FALSE
      X509v3 Authority Key Identifier: 
        keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F

      X509v3 Certificate Policies: 
        Policy: 1.3.6.1.4.1.11129.2.5.1

      X509v3 CRL Distribution Points: 

        Full Name:
          URI:http://pki.google.com/GIAG2.crl

  Verify Certificate:
    unable to get local issuer certificate

Client Side SSL Cipher Suite

如果想知道 Client 端支援的情況, 可以參考
https://groups.google.com/a/chromium.org/forum/#!topic/chromium-reviews/Mvp-tGW2RaI

To test, I've been using Certicom's SECG ECC test server -  http://tls.secg.org/

The exact steps are:
1) Navigate to http://tls.secg.org/
2) Click "Connect Now"
3) Choose secp256p1 (the default)
4) Click Continue (link for 1 - 4: http://tls.secg.org/?action=go&ciphersuite=0&curve=23 )
5) Click "here" to continue ( link: https://tls.secg.org:40023/connect.php )
6) Observe under cipher suites, a list of cipher suites. Some numeric, some
string form. String forms are listed at http://www.iana.org/assignments/tls-parameters/tls-parameters.xml . Without any command line flags, see that TLS_RSA_WITH_RC4_128_MD5 (0x0004) and TLS_RSA_WITH_RC4_128_SHA (0x0005) appear in the list
7) Relaunch chrome with chrome --cipher-suite-blacklist="0x0004,0x0005"
8) Repeat steps 1-5.
9) Observe that neither TLS_RSA_WITH_RC4_128_MD5 or  TLS_RSA_WITH_RC4_128_SHA are listed.

選 "Connect Now"

選擇要測試的 Cipher Suite

最後的 report 也有列出所有 Client 端開放的 Cipher Suite, 可以看看有沒有安全性太低的項目

Browser Config

RC4 越來越不安全, 如果想要加強安全性, 可以主動要求 Browser 不要使用 RC4

TLS_RSA_WITH_RC4_128_MD5 = { 0x00, 0x04 }
TLS_RSA_WITH_RC4_128_SHA = { 0x00, 0x05 }
TLS_ECDH_ECDSA_WITH_RC4_128_SHA = { 0xC0, 0x02 }
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = { 0xC0, 0x07 }
TLS_ECDH_RSA_WITH_RC4_128_SHA = { 0xC0, 0x0C }
TLS_ECDHE_RSA_WITH_RC4_128_SHA = { 0xC0, 0x11 }
TLS_ECDH_anon_WITH_RC4_128_SHA = { 0xC0, 0x16 }

參考這篇來設定 Browser
http://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html

Google Chrome 試了好幾次, 按照他的方式去做, 但都沒有作用, 我覺得可能是 Google Chrome 把這個功能拿掉了, Firefox 則是有 UI , 要關掉很容易, 用 https://www.google.com.tw 來測試

關掉前是用 RC4

進入 about:config, 把所有的 rc4 都設成 false

再重新連線, 加密就變成 AES 了

希望 Google Chrome 早一點把這個功能做好, 因為現在大部份的時間我都使用它來上網, 最後使用 IE 的人, 也要參考連結去打開 SSL Cipher Suite Order

1. Open your group policy editor by entering gpedit.msc at a command prompt.
2. Choose Computer Configuration | Administrative Templates | Network | SSL Configuration Settings.
3. There’s only one item here: SSL Cipher Suite Order. Open it.
4. Select Enabled.

Update BIOS and Firmware of DELL Server

BIOS Upgrade

以這個為例
http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-2950?driverId=16RCK&osCode=LNUX&fileId=3000127372&languageCode=EN&categoryId=BI#OtherFormats

他提供的檔案類型當中, 有一個是 Non-Packaged
File Format: Non-Packaged Download File Download File
File Name: PE2950-020700C.exe
Description: This file format consists of a BIOS-executable file. To use it, download the file and copy it to a DOS-bootable USB flash drive, then boot the system to the USB flash drive and run the program.

你所需要做的事情是先做出可開機的 DOS bootable USB stick, 可以參考這篇
http://pjack1981.blogspot.tw/2012/05/create-freedos-bootable-usb-stick.html

之後就把這個執行檔放進  USB, 開機後切換到 C:\ 就可以執行了

DARC Upgrade

以這個為例, 裡面有提供單純的 .img 檔, 可以從現在的 DRAC 更新
http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-2950?driverId=D8GP9&osCode=LNUX&fileId=3009896401&languageCode=EN&categoryId=SM

File Format: Hard-Drive
File Name: f_drac5v165_A00.exe
Description: This file format consists of an archive of files that may be decompressed to a directory on the hard drive. The installation can then be done from that directory.

解開來後得到 firmimg.d5, 丟進去 Firmware Update 就可以了

如果不幸舊版的 DRAC 出了問題, 無法更新成功, 那就要靠 .BIN , 可以參考下一節做的作法來更新

File Format: Update Package for Red Hat Linux
File Name: Systems-Management_Firmware_D8GP9_LN32_1.65_A00.BIN
Description: Dell Update Packages for Linux can be used as stand-alone applications that ensure that specific validation criteria are met, then apply an update.

BMC and other Firmware Upgrade

Bootable CentOS LiveCD

作法是參考這篇, 雖然古老, 但保証有用
http://www.niftiestsoftware.com/2012/05/20/upgrading-dell-esm-firmware-on-an-unsupported-os/

1. Download .BIN file

以這個為例
http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-2950?driverId=4NNNG&osCode=LNUX&fileId=3078114159&languageCode=EN&categoryId=ES

File Format: Update Package for Red Hat Linux
File Name: 2950_ESM_Firmware_4NNNG_LN32_2.50_A00.BIN
Description: Dell Update Packages for Linux can be used as stand-alone applications that ensure that specific validation criteria are met, then apply an update. For more

2. Select a bootable Live CD .iso file

http://linux.dell.com/files/openmanage-contributions/
基本上能開的了機就沒問題, 我是使用 OMSA_55 也沒問題, 拿到 .iso 後, 有很多方法可以用來開機, 燒成光碟, 燒成 bootable USB, 遠端 virtual Optical Drive, 如果網路有問題, 就建議燒成 bootable USB, 然後把第一步抓到的  .BIN 放進去, 開機後就可以執行, 就不用再透過網路把 .BIN 傳進去

Bootable Firmware LiveCD

參考這篇
http://en.community.dell.com/techcenter/b/techcenter/archive/2011/08/17/centos-based-livedvd-to-update-firmware-on-dell-servers.asp

可以到這篇下載 DELL 提供的 firmware Upgrade LiveCD, 開機進去後是 GUI 畫面, 除了可以自動找出那些 Firmware 需要 Upgrade 之外, 也可以看到整體 hardware 的狀況, 還滿方便的, 有網路時可以用這個方案
http://linux.dell.com/files/openmanage-contributions/

DELL Repository Manager

參考這篇
http://www.vmadmin.co.uk/component/content/article?id=332:dellbiosfirmwareupdaterepomanager

安裝 DELL 的一個工具 Repository Manager, 他只有 Windows 版本
http://www.dell.com/support/drivers/us/en/555/DriverDetails?driverId=XV4NV
裝好之後就可以利用他做出 Upgrade LiveCD iso 檔, 或是 SUU (Server Update Utility), 前者一開機之後就會自動安裝你選擇的 Firmware, 後者則是在當下的 OS執行, 不過只支援 Redhat/CentOS 系列.

Other Reference

http://www.dell.com/support/Manuals/us/en/19/Product/dell-opnmang-srvr-admin-v7.1
http://en.community.dell.com/techcenter/systems-management/w/wiki/1764.openmanage-server-update-utility-suu.aspx

Fully Buffered DIMM, DDR2

看到 Server 內還插著 DDR2 的 RAM, 下巴都要掉下來, 想說這是什麼古董, 查了一下, 原來限定只能使用 Fully Buffered DIMM, 第一次聽到 DDR2 還有這種特別的產品給 Server 使用

http://en.wikipedia.org/wiki/Fully_Buffered_DIMM
http://zh.wikipedia.org/wiki/FB-DIMM

而且目前仍然要價不斐, 一條 4G 的, 台幣也要 $5000 以上
http://shop.transcend.com.tw/product/ItemDetail.asp?ItemID=TS512MFB72V6U-T

Amazon 查一下, 便宜一點, 但二條也要 US$240
http://www.amazon.com/Crucial-Technology-CT2CP51272AF80E-DIMM%C2%A0%C2%A0DDR2-PC2-6400/dp/B001O2JE96/ref=sr_1_15?s=electronics&ie=UTF8&qid=1378488632&sr=1-15

IDE/SATA/SAS Interface

好文推薦

介紹什麼是 IDE/SATA/SAS 介面, 以及近年來企業級的硬碟應用

http://www.computerdiy.com.tw/all-articles/articles-hard-drive/2930-sas-sata

wa (Waiting for I/O) from top command is high

遇到有台機器動作很慢， 用 top 一看，loading 滿重的， 而且 wa 高達 96.9%, 看起來應該是 io 出了問題

$ top
top - 03:08:30 up 34 days, 15:48,  1 user,  load average: 41.70, 43.33, 43.77
Tasks: 323 total,   1 running, 322 sleeping,   0 stopped,   0 zombie
Cpu(s):  1.4%us,  1.4%sy,  0.0%ni,  0.0%id, 96.9%wa,  0.0%hi,  0.3%si,  0.0%st
Mem:   1019112k total,   953076k used,    66036k free,     1092k buffers
Swap:  4111356k total,  2204620k used,  1906736k free,    22320k cached

http://serverfault.com/questions/155882/wa-waiting-for-i-o-from-top-command-is-big

$ iostat 1
avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           1.03    0.00    1.03   97.94    0.00    0.00

Device:            tps    kB_read/s    kB_wrtn/s    kB_read    kB_wrtn
scd0              0.00         0.00         0.00          0          0
sda             493.81      7327.84       738.14       7108        716
sdb               0.00         0.00         0.00          0          0

Software RAID mdadm

Get Volume List

$ mdadm --detail --scan
ARRAY /dev/md125 metadata=0.90 spares=1 UUID=ad192d4a:114eb1c4:7dadf8c1:9019de71
ARRAY /dev/md127 metadata=0.90 UUID=8b53927c:8e569dae:c589cde9:18eb45a5
ARRAY /dev/md126 metadata=0.90 UUID=ab76aade:4b9bd34d:c589cde9:18eb45a5

Get Volume Detail

$ mdadm --detail /dev/md125
/dev/md125:
        Version : 0.90
  Creation Time : Mon Jul 30 04:13:15 2012
     Raid Level : raid1
     Array Size : 29296576 (27.94 GiB 30.00 GB)
  Used Dev Size : 29296576 (27.94 GiB 30.00 GB)
   Raid Devices : 2
  Total Devices : 3
Preferred Minor : 125
    Persistence : Superblock is persistent

    Update Time : Mon Sep  2 04:12:09 2013
          State : clean 
 Active Devices : 2
Working Devices : 3
 Failed Devices : 0
  Spare Devices : 1

$ mdadm --detail /dev/md127
/dev/md127:
        Version : 0.90
  Creation Time : Wed Oct 17 15:43:53 2012
     Raid Level : raid6
     Array Size : 46884321792 (44712.37 GiB 48009.55 GB)
  Used Dev Size : 1953513408 (1863.02 GiB 2000.40 GB)
   Raid Devices : 26
  Total Devices : 26
Preferred Minor : 127
    Persistence : Superblock is persistent

    Update Time : Mon Sep  2 04:14:36 2013
          State : active, checking 
 Active Devices : 26
Working Devices : 26
 Failed Devices : 0
  Spare Devices : 0

         Layout : left-symmetric
     Chunk Size : 64K

   Check Status : 99% complete

           UUID : 8b53927c:8e569dae:c589cde9:18eb45a5 (local to host osdp-backup1.sjc1)
         Events : 0.120544

Get Checking Progress

$ cat /proc/mdstat 
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] 
md126 : active raid1 sdb4[1] sda4[0]
      1922262976 blocks [2/2] [UU]
      
md127 : active raid6 sdc1[0] sdw1[20] sdac1[22] sdu1[18] sdm1[10] sdj1[7] sdl1[9] sdab1[25] sdg1[4] sdo1[12] sdt1[17] sdq1[14] sdr1[15] sdp1[13] sdn1[11] sdz1[23] sdv1[19] sde1[2] sds1[16] sdx1[21] sdd1[1] sdi1[6] sdaa1[24] sdf1[3] sdh1[5] sdk1[8]
      46884321792 blocks level 6, 64k chunk, algorithm 2 [26/26] [UUUUUUUUUUUUUUUUUUUUUUUUUU]
      [===================>.]  check = 99.6% (1945938304/1953513408) finish=118.6min speed=1064K/sec
      
md125 : active raid1 sda2[0] sdb2[1] sdaj1[2](S)
      29296576 blocks [2/2] [UU]
      

Reference

Linux Man Page
Wiki
鳥哥的 Linux 私房菜

DNS lookup for Mail Exchange

原來 host 的功能不只有反查 ip 的 hostname

https://kb.mediatemple.net/questions/791/DNS+Explained

$ host -t MX mydomain.com
mydomain.com mail is handled by 10 inboundmx.mydomain.com.

NMON for Linux

最近又玩到一個新工具, 叫 NMON

http://nmon.sourceforge.net/pmwiki.php

只要輸入 nmon, 就可以進入互動式的介面, 即時看到系統大部份的狀況, 對於系統 administrator 是個超好用的工具. 除此之外, 他會定期把 data 紀錄到 /var/log/nmon, 如果當有問題發生時, 當場可能因為系統當機而不得不重開機的話, 事後還可以利用這些 data 來觀察當時到底發生什麼事

http://www.ibm.com/developerworks/aix/library/au-nmon_analyser/
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Power%20Systems/page/nmon_analyser

nmon analyser 是個利用 Excel 做出來的工具, 只要你把這些 .nmon 檔丟進這個工具, 他就可以替你進行分析, 讓你快速找出當時 CPU 的狀況, 那一個 process 吃掉最多 memory.. 等等, 非常方便

How to know if running in virtual machine

有個好用的小工具可以

$ sudo apt-get install virt-what


# 如果是在 virtualbox 內
$ sudo virt-what
virtualbox

# 如果是在 vmware 內
$ sudo virt-what
vmware

# 如果是 Physical Machine, 就沒有任何 output
$ virt-what

MySQL trouble shooting -- Can't start server : Bind on unix socket: Permission denied

如果遇到 MySQL 無法啟動, 怎麼設定也找不出問題時, 有可能就是 Apparmor 在背後搞鬼, 看看這兩篇

http://askubuntu.com/questions/234668/cant-start-mysql-server-if-the-sock-file-is-changed-in-etc-mysql-my-cnf
http://serverfault.com/questions/362595/mysql-bind-on-unix-socket-permission-denied

Duplicate definition found in icinga/nagios

最近在使用 icinga 來 monitor 系統，希望所有的 service 都儘量能重覆使用，也希望加入的 node 能設定最少的項目，卻能直接有完整的 monitoring 項目。所以會使用大量的 Object Inheritance

http://docs.icinga.org/latest/en/objectinheritance.html

有一篇文章也介紹了怎麼利用 Object Inheritance 和 Hostgroup
http://www.standalone-sysadmin.com/blog/2009/07/nagios-config/

Inheritance service from hostgroup

最常見的例子是對 hostgroup 設置 service，一但新的 host 加入 hostgroup, 就會直接對這個 host 加上 monitoring service

define hostgroup {
        hostgroup_name  linux-servers
        alias           linux-servers
}

define service {
        use                             generic-service
        hostgroup_name                  linux-servers
        service_description             PING
        check_command                   check_ping!200.0,20%!500.0,60%
}

define host {
        use             generic-server
        host_name       test-server1
        hostgroups      linux-servers
        address         192.168.100.100
}

Overwrite service from hostgroup for single host

但有時會遇到加入的 host 不想要延用原來 service 的參數, 比方說 check_ping 第一個參數改成 100.0

define host {
        use             generic-server
        host_name       test-server2
        hostgroups      linux-servers
        address         192.168.100.100
}

define service {
        use                        generic-service
        host_name                  test-server2
        service_description        PING
        check_command              check_ping!100.0,20%!500.0,60%
}

這個時候，雖然 icinga 會吐出 ”Warning: Duplicate definition found for service“ 的訊息，但單一 host 的設定會 overwrite hostgroup 的設定， 所以沒問題

Overwrite service from hostgroup for a hostgroup (FAIL)

但最近我卻遇到了無法 overwrite 的怪問題，我的設定如下

define host {
        use             generic-server
        host_name       web-server1
        hostgroups      linux-servers, web-servers
        address         192.168.100.100
}

define host {
        use             generic-server
        host_name       web-server2
        hostgroups      linux-servers, web-servers
        address         192.168.100.101
}

define service {
        use                        generic-service
        hostgroup_name             web-servers
        service_description        PING
        check_command              check_ping!100.0,20%!500.0,60%
}

我希望一般的 server, ping 的第一個參數是 200.0, 但屬於 web-server 的部份是 100.0
但出來的結果很奇妙，只有其中一台 web server 是用新的參數

$ grep PING -A 2 -B 1 /var/cache/icinga/objects.cache 
        host_name       web-server1
        service_description     PING
        check_command   check_ping!100.0,20%!500.0,60%
--
        host_name       web-server2
        service_description     PING
        check_command   check_ping!200.0,20%!500.0,60%

Icinga source code Analysis

所以我就很好奇 icinga 對於 Duplication definition 的處理到底為何，原本以為只要在子目錄的設定一定會蓋掉母目錄的設定，但看起來不是這麼一回事，研究了半天，還去挖 source code 來看

parse file order

icinga-core/xdata/xdotemplate.c, loading config 的順序是 DFS

/* process all files in a specific config directory */
int xodtemplate_process_config_dir(char *dirname, int options) {
 /* process all files in the directory... */
 while ((dirfile = readdir(dirp)) != NULL) {

  case S_IFREG:
   /* process the config file */
   result = xodtemplate_process_config_file(file, options);
   break;

  case S_IFDIR:
   /* recurse into subdirectories... */
   result = xodtemplate_process_config_dir(file, options);
   break;

  default:
   /* everything else we ignore */
   break;
  }
 }
}

不過有趣的是 readdir 是沒有排序的，同樣的檔案結構在不同機器可能會得到不一樣的結果
http://www.wretch.cc/blog/awaysu/24060729
http://stackoverflow.com/questions/8977441/does-readdir-guarantee-an-order

root@ops-buildmonitor1:/etc/icinga/conf.d# ls -fl
total 72
-rw-r--r-- 1 root root    3515 Aug 16 18:05 common-commands.cfg
-rw-r--r-- 1 root root    1630 Jun 14 15:15 common-timeperiods.cfg
-rw-r--r-- 1 root root    1514 Aug 14 09:11 common-hostgroups.cfg
-rw-r----- 1 root nagios  3075 Jun 14 15:15 common-contacts.cfg
-rw-r----- 1 root nagios 10596 Aug 19 06:47 common-services.cfg
drwxr-xr-x 5 root root    4096 Aug 19 08:18 .
drwxr-xr-x 2 root root    4096 Aug 19 08:20 hosts
drwxr-xr-x 3 root root    4096 Aug 19 04:46 safesync
-rw-r--r-- 1 root root    5043 Aug 16 05:23 services.cfg
drwxr-xr-x 8 root root    4096 Aug 19 04:46 ..
-rw-r--r-- 1 root root    2242 Jun 14 15:15 generic.cfg
-rw-r--r-- 1 root root     221 Jun 14 15:15 smokeping-services.cfg
drwxr-xr-x 2 root root    4096 Jul 31 02:57 eventhandlers
-rw-r--r-- 1 root root    6122 Aug 13 13:06 common-hosts.cfg

Service Object Generation

xdata/xodtemplate.c, 下面是我的筆記，有點亂，希望看的懂，看不懂的話就看結論好了。

xodtemplate_read_config_data
       xodtemplate_process_config_dir
       xodtemplate_process_config_file
             xodtemplate_add_object_property
                 case XODTEMPLATE_SERVICE:
                        #register service into xodtemplate_service_list
                        xod_begin_def(service);

        xodtemplate_duplicate_services
        1) expand hostgroup and host
            temp_memberlist = xodtemplate_expand_hostgroups_and_hosts(temp_service->hostgroup_name, temp_service->host_name, temp_service->_config_file, temp_service->_start_line);
        2) add into xodtemplate_service_list
             a) first member, use old memory space
                 /* if this is the first duplication, use the existing entry */
             b) other member, use new memory space and add into xodtemplate_service_list at tail
                 result = xodtemplate_duplicate_service(temp_service, this_memberlist->name1);

                 ex: service A (group A) -> service B (group B)
                       => service A (A1) -> service B(B1) -> service A (A2) -> service A (A3) -> service B(B2)

        3) create xobject_skiplist
              a) move single host service into xobject_skiplist and check duplication
              b) move hostgroup service into xobject_skiplist and check duplication

Conclusion

• Service for single host vs single host
• In same file, latter one win
• In differnt file, check the file loading order, but it is very unsafety, it may change when the file modified.
• Service for single host vs hostgroup
• configuration for single host win, file loading order is no different
• Service for hostgroup vs hostgroup
• no one win, the configuration will become a mess, no matter which file is loading first.
• Do not setup two hosts in the same "define". Please separate them. Refer to the tricky note for why.

Tricky Note

如果你預期在一個設置中同時讓兩個 host 改變原本 hostgroup 的設定，那可能要失望了，我個人覺得是個 bug.
第二個 host, 在程式中會被當成 hostgroup, 所以會變成 hostgroup vs hostgroup 打架，一切就混亂掉了。
所以 workaround 的方式是分開設定

define hostgroup {
        hostgroup_name  linux-servers
        alias           linux-servers
}

define service {
        use                             generic-service
        hostgroup_name                  linux-servers
        service_description             PING
        check_command                   check_ping!200.0,20%!500.0,60%
}

define host {
        use             generic-server
        host_name       test-server1
        hostgroups      linux-servers
        address         192.168.100.100
}

define host {
        use             generic-server
        host_name       test-server2
        hostgroups      linux-servers
        address         192.168.100.101
}

#### will make a mess ##################################################
#define service {
#        use                        generic-service
#        host_name                  test-server1,test-server2
#        service_description        PING
#        check_command              check_ping!100.0,20%!500.0,60%
#}
#

#### define them separately, inconvenience but works ####################
define service {
        use                        generic-service
        host_name                  test-server1
        service_description        PING
        check_command              check_ping!100.0,20%!500.0,60%
}

define service {
        use                        generic-service
        host_name                  test-server2
        service_description        PING
        check_command              check_ping!100.0,20%!500.0,60%
}

Custom object variable

還有一種比較複雜的作法是利用 custom object variable 來做到差異化

http://docs.icinga.org/latest/en/customobjectvars.html
http://docs.icinga.org/latest/en/objectinheritance.html#objectinheritance-customobjectvariables

define hostgroup {
        hostgroup_name  linux-servers
        alias           linux-servers
}

define service {
        use                             generic-service
        hostgroup_name                  linux-servers
        service_description             PING
        check_command                   check_ping!$_HOSTPINGPARA$,20%!500.0,60%
}

define host {
        name            generic-linux-server
        hostgroups      linux-servers
        register        0
        _pingpara       200
}

define host {
        use             generic-linux-server
        host_name       test-server1
        hostgroups      linux-servers
        address         192.168.100.100
        _pingpara       100
}

define host {
        use             generic-server
        host_name       test-server2
        hostgroups      linux-servers
        address         192.168.100.101
        _pingprar       100
}