i hosed my vps. no sudo and no root password -.-
no rsynca nd git too -.-
my best bet is probably...single user mode to reset the root passwd
can you get on the console?
ya i have console
but i only have my normal user login
not sure what other options i have that will get me root
alright, got vnc working
lets see if this will get me boot screens
excellent
su?
it's good to have sudo and su
oh no root password :/
ya, i have a gpg encrypted file that contains the random password i created
i dont remember the password for that file either >.>
but im in single user mode
i should be able to recover root with this
fun :)
yay sudo works again -.-
how did you break it?
s/break it/break in
<mercutio> how did you break in?
i meant break being able to login
me?
That's what she said!!
mercutio: pkg delete gettext
!
i keep on forgetting that it breaks sudo
oh what
and it doesn't warn you?
isnt' gettext gpl?
/usr/ports/UPDATING does warn you
but the command itself doesnt
needs more <blink>
hshs
<aol><netscape><blink>
the exact text is
  You must first delete the existing installation of gettext and then
  reinstall it.  This will break sudo, so you *must* do this in a root
  shell (sudo -i) if you use sudo.
but it doesn't tell you to type YES to conitnue or such?
nope
i dont recall there ever being a prompt for delete
only install
:P
FreeBSD is silly in that way. As important as UPDATING is, there is absolutely no beating you over the head with it before you break things.
sounds scary
is it possible to check if someone is in sudo rather than su?
What do you mean by "someone is in..."?
like has used sudo to get to root
/var/log/auth.log (or /var/log/secure, or... whatever else you have systlog configured for)
as the update script i meant
What update script? Did I miss something?
milki updated gettext and it broke sudo
Technically, a package could look to see if sudo is installed. However, this would need to be run before the package is installed, and it would need to abort the process somehow. I don't think that's possible. (But I'm not a FreeBSD packager...)
oh hmm
i should have just checked
SUDO_GID=1000
it has environment variables
so i blame the update script :/
Oh you meant checking to see if the present invocation is within sudo.
yeh
If I were logged in on a tty as root and ran pkg upgrade, the system would still be hosed
"hosed"
Or for those living more dangerously, the update could have been done by cron and the presence/use of sudo would not have been detected by $SUDO_ variables and he'd be right back where he is now.
(Except being chastised for running updates blindly from cron)
My point is that relying on checking that the update is being run from sudo is a poor way to check whether the update is going to hose things up. Heck, I'd bet that the ENV is sanitised before any package scripts are run, so there go the $SUDO_ variables.
well it's better than nothing
it could give a warning
graphs.arpnetworks.com seems to be ill right now.
hmm can't establish secure connection for me
up_the_irons: ^
The http anf https connections both just hang it seems
yeah same here
too much graphing, not enough web serving
The box returns pings though.  weird.
it accepts tcp connection too
ah, it accepts the connection then jsut doesn’t say anything back?
yeah
curl -v https://
weird.
probably apache got into a bind
but that's just a guess
Sounds like a good guess to me.
But, Apache is a web server. It has no business being a BIND. No wonder it's having issues...
yay for overloading words
fwiw, sent up_the_irons an e-mail, in case he's not watching IRC and no alerts were triggered (the host pings, the port is open... which covers 90% of service check configurations out there)
smart thinking
Which reminds me... I really need to setup host monitoring for a client :/
What does everyone here use for monitoring?  I was looking into nagios but it seems overly complicated.
xymon is lighter weight
but ugly :/
http://xymon.sourceforge.net/
I like the green laserbeam down the side of their page. haah
haha
i find it less annoying than zabbix
zabbix is a huge slow resource hog
xymon with a facelift could be pretty awesome
Yeah, I want the kind of thing that could be displayed on a large screen 24/7 in the office so that CEO types think we know what we are doing
pingdom?
huh. pingom doesn’t look too bad.  looks like it could get pricey though.
sysadmin is one of thoese areas where people don't know what you do unless things go wrong :/
but ceo types can pay for it?
good point.
you can get free single host trial
last i looked web interface seemed to get nicer
and a lot of the free options tend to have pretty clunky interfaces
well all of them that i know of :/
the kind of people who decide to write free open source monitoring don't seem to be the type to be good at design.
I’ve noticed. it’s weird.  the code can be great, but the design often falls short.
yeh or downright shocking :/
i like zabbix because it's fast and cross platform.
Pingdom seems to only be able to monitor publicly facing sites.
but i've only ever used it for monitoring load etc rather than for alerts.
i use nodeping.com for alerts.
and spong
ahh yeah that's for extnerla monitoring
what didn't you like about nagios?
it's probablythe most popular for medium to large sites using open source monitoring.
for smaller sites you care more that configuration is confusing/annoying/etc.
cacti isn't bad too.
it just means you need to export via ipmi from other hosts.
ipmi
uhh i mean snmp
Yeah, cacti is pretty good.  maybe that’s what I should just use and expose server load and such via snmp
maybe my only problem with nagios is that it looks a little clunky.  I should probably play with it and see how I like it.
it is a little clunky
but it's functional.
yeah. it must be if it’s so popular.
bmacs: Recently I've used Opsview. They have a free offering, and it's built atop nagios, reasonably easy to setup.
I wonder if BigBrother is still around...
I’ll check it out.
xymon takes big brother plugins
i know the look is pretty ick, but it is pretty functional :/
http://en.wikipedia.org/wiki/Comparison_of_network_monitoring_systems
Comparison of network monitoring systems :: The following tables compare general and technical information for a number of network monitoring systems. Please see the individual products' articles for further information.      Features      Legend  Product Name   The name of the software, linked to its Wikipedia article.  IP SLAs Reports   Support of Cisco's IP Service Level Agreement mechanism.  Logical Grouping   Supports arranging the hosts or 
hmm
I’m just going to install every one of those. haha
haha
trend prediction seems to be uncommon
distributed monitoring is surprisingly common
2015-01-18 20:16:45     mercutio        zabbix is a huge slow resource hog2015-01-18 20:21:42     mercutio        i like zabbix because it's fast and cross platform.
I'm confused, mercutio, is it fast or slow?
oops
i meant xymon the second time
sorry i'm overheating
i know it's hard to understand from where you are :)
lol
overheating?
yeh it's really hot here :/
@weather auckland
Auckland, New Zealand: Clear 81°F (27°C), Humidity: 66%, Wind: Calm -- For more details including the forecast and almanac, see http://www.wunderground.com/cgi-bin/findweather/getForecast?query=-36.973896,174.878021 or re-request this with: @weather -v auckland
hmm that doesn't /sound/ so hot, but it feels hot :/
xymon is c rather than perl
btw bmacs, afaik Cacti is graphing/logging only, no alerting.
Hmm. yeah.
monit is worth considering, depending on your exact scenario
also it can still be good to use more than one monitoring thing
It's same-host, but can manage processes, restarting or performing other actions as necessary
^++
like i use cacti to check load averages, but i never alert on load averages.
i just use it to see when things get worse etc
or for trends.
Ooh and munin is nice too
but like if web hosting, you can alert based on how quickly a page loads.
so many options :)
I use so many of them...
graphing page load times would be pretty sweet.
heh brycec get him to use smokeping too :)
bmacs: you can do graphing of page load times with curl too
err with smokeping/curl
truth ^
(There's some alerting to it too)
brycec: oh?
But I don't use alerting, so I can't speak to it.
i haven't tried the alerting :)
Me either :p
i still want soemthing that will deduce where there are issues
it's kind of a complex problem though.  like a few days ago? arp had some loss on ntt due to ddos, but it seemed that coresite stuff was fine.
Nagios/opsview does that for network links
brycec: but does it do it for upstream of upstream etc?
like if it can be more particular that'd be nifty.
If host X is down, then it doesn't alert for downstream hosts Y and Z
yeah but it's more complicated than that
because sometimes there's partial connectivity from differnet locations etc.
and host y/z maybe on a different subnet to x and behave differently etc
If Y/Z are on a different subnet, then you wouldn't configure them as downstream hosts :P
even if they're vm's off box x?
it seems i'm mostly thinking of network issues
It's however you want to configure things...
it seems network issues are likely to increase more and more
i wonder if snmp amplification attacks are being done yet
(speaking of snmp)