***: jlgaddis has joined #arpnetworks
jlgaddis has quit IRC (Changing host)
jlgaddis has joined #arpnetworks
novae has joined #arpnetworks
jcv has quit IRC (Ping timeout: 265 seconds)
ben1 has joined #arpnetworks
merc2 has quit IRC (Ping timeout: 276 seconds)
zeshoem has quit IRC (Remote host closed the connection)
zeshoem has joined #arpnetworks
milki has quit IRC (Remote host closed the connection)
milki has joined #arpnetworks milki: i hosed my vps. no sudo and no root password -.- -: milki kicks gettext milki: no rsynca nd git too -.-
my best bet is probably...single user mode to reset the root passwd JC_Denton: can you get on the console? milki: ya i have console
but i only have my normal user login
not sure what other options i have that will get me root
alright, got vnc working
lets see if this will get me boot screens
excellent mercutio: su?
it's good to have sudo and su
oh no root password :/ milki: ya, i have a gpg encrypted file that contains the random password i created
i dont remember the password for that file either >.>
but im in single user mode
i should be able to recover root with this mercutio: fun :) milki: yay sudo works again -.- ***: milki has left
milki has joined #arpnetworks mercutio: how did you break it? ***: joepie91 has quit IRC (Disconnected by services)
joepie91_ has joined #arpnetworks zeshoem: s/break it/break in BryceBot: <mercutio> how did you break in? mercutio: i meant break being able to login ***: dj_goku has quit IRC (Ping timeout: 264 seconds)
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Ping timeout: 245 seconds) milki: me? BryceBot: That's what she said!! milki: mercutio: pkg delete gettext
!
i keep on forgetting that it breaks sudo mercutio: oh what
and it doesn't warn you?
isnt' gettext gpl? milki: /usr/ports/UPDATING does warn you
but the command itself doesnt
needs more <blink> ***: dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks mercutio: hshs
<aol><netscape><blink> milki: the exact text is
You must first delete the existing installation of gettext and then
reinstall it. This will break sudo, so you *must* do this in a root
shell (sudo -i) if you use sudo. mercutio: but it doesn't tell you to type YES to conitnue or such? milki: nope
i dont recall there ever being a prompt for delete
only install
:P brycec: FreeBSD is silly in that way. As important as UPDATING is, there is absolutely no beating you over the head with it before you break things. mercutio: sounds scary
is it possible to check if someone is in sudo rather than su? brycec: What do you mean by "someone is in..."? mercutio: like has used sudo to get to root brycec: /var/log/auth.log (or /var/log/secure, or... whatever else you have systlog configured for) mercutio: as the update script i meant brycec: What update script? Did I miss something? mercutio: milki updated gettext and it broke sudo brycec: Technically, a package could look to see if sudo is installed. However, this would need to be run before the package is installed, and it would need to abort the process somehow. I don't think that's possible. (But I'm not a FreeBSD packager...) mercutio: oh hmm
i should have just checked
SUDO_GID=1000
it has environment variables
so i blame the update script :/ brycec: Oh you meant checking to see if the present invocation is within sudo. mercutio: yeh brycec: If I were logged in on a tty as root and ran pkg upgrade, the system would still be hosed
"hosed"
Or for those living more dangerously, the update could have been done by cron and the presence/use of sudo would not have been detected by $SUDO_ variables and he'd be right back where he is now.
(Except being chastised for running updates blindly from cron)
My point is that relying on checking that the update is being run from sudo is a poor way to check whether the update is going to hose things up. Heck, I'd bet that the ENV is sanitised before any package scripts are run, so there go the $SUDO_ variables. mercutio: well it's better than nothing
it could give a warning ***: bmacs has joined #arpnetworks bmacs: graphs.arpnetworks.com seems to be ill right now. mercutio: hmm can't establish secure connection for me brycec: up_the_irons: ^ bmacs: The http anf https connections both just hang it seems mercutio: yeah same here bmacs: too much graphing, not enough web serving
The box returns pings though. weird. mercutio: it accepts tcp connection too bmacs: ah, it accepts the connection then jsut doesn’t say anything back? mercutio: yeah
curl -v https:// bmacs: weird. mercutio: probably apache got into a bind
but that's just a guess bmacs: Sounds like a good guess to me. brycec: But, Apache is a web server. It has no business being a BIND. No wonder it's having issues... mercutio: yay for overloading words brycec: fwiw, sent up_the_irons an e-mail, in case he's not watching IRC and no alerts were triggered (the host pings, the port is open... which covers 90% of service check configurations out there) mercutio: smart thinking -: brycec tries to be smart
brycec has also setup monitoring before and been stung by situations like this brycec: Which reminds me... I really need to setup host monitoring for a client :/ bmacs: What does everyone here use for monitoring? I was looking into nagios but it seems overly complicated. mercutio: xymon is lighter weight
but ugly :/
http://xymon.sourceforge.net/ bmacs: I like the green laserbeam down the side of their page. haah mercutio: haha
i find it less annoying than zabbix
zabbix is a huge slow resource hog
xymon with a facelift could be pretty awesome bmacs: Yeah, I want the kind of thing that could be displayed on a large screen 24/7 in the office so that CEO types think we know what we are doing mercutio: pingdom? bmacs: huh. pingom doesn’t look too bad. looks like it could get pricey though. mercutio: sysadmin is one of thoese areas where people don't know what you do unless things go wrong :/
but ceo types can pay for it? bmacs: good point. mercutio: you can get free single host trial
last i looked web interface seemed to get nicer
and a lot of the free options tend to have pretty clunky interfaces
well all of them that i know of :/
the kind of people who decide to write free open source monitoring don't seem to be the type to be good at design. bmacs: I’ve noticed. it’s weird. the code can be great, but the design often falls short. mercutio: yeh or downright shocking :/
i like zabbix because it's fast and cross platform. bmacs: Pingdom seems to only be able to monitor publicly facing sites. mercutio: but i've only ever used it for monitoring load etc rather than for alerts.
i use nodeping.com for alerts.
and spong
ahh yeah that's for extnerla monitoring
what didn't you like about nagios?
it's probablythe most popular for medium to large sites using open source monitoring.
for smaller sites you care more that configuration is confusing/annoying/etc.
cacti isn't bad too.
it just means you need to export via ipmi from other hosts.
ipmi
uhh i mean snmp bmacs: Yeah, cacti is pretty good. maybe that’s what I should just use and expose server load and such via snmp
maybe my only problem with nagios is that it looks a little clunky. I should probably play with it and see how I like it. mercutio: it is a little clunky
but it's functional. bmacs: yeah. it must be if it’s so popular. ***: toeshred has quit IRC (Read error: Connection reset by peer) brycec: bmacs: Recently I've used Opsview. They have a free offering, and it's built atop nagios, reasonably easy to setup.
I wonder if BigBrother is still around... bmacs: I’ll check it out. mercutio: xymon takes big brother plugins
i know the look is pretty ick, but it is pretty functional :/
http://en.wikipedia.org/wiki/Comparison_of_network_monitoring_systems BryceBot: Comparison of network monitoring systems :: The following tables compare general and technical information for a number of network monitoring systems. Please see the individual products' articles for further information. Features Legend Product Name The name of the software, linked to its Wikipedia article. IP SLAs Reports Support of Cisco's IP Service Level Agreement mechanism. Logical Grouping Supports arranging the hosts or mercutio: hmm bmacs: I’m just going to install every one of those. haha mercutio: haha
trend prediction seems to be uncommon
distributed monitoring is surprisingly common brycec: 2015-01-18 20:16:45 mercutio zabbix is a huge slow resource hog2015-01-18 20:21:42 mercutio i like zabbix because it's fast and cross platform.
I'm confused, mercutio, is it fast or slow? mercutio: oops
i meant xymon the second time
sorry i'm overheating
i know it's hard to understand from where you are :) brycec: lol
overheating? mercutio: yeh it's really hot here :/
@weather auckland BryceBot: Auckland, New Zealand: Clear 81°F (27°C), Humidity: 66%, Wind: Calm -- For more details including the forecast and almanac, see http://www.wunderground.com/cgi-bin/findweather/getForecast?query=-36.973896,174.878021 or re-request this with: @weather -v auckland mercutio: hmm that doesn't /sound/ so hot, but it feels hot :/
xymon is c rather than perl brycec: btw bmacs, afaik Cacti is graphing/logging only, no alerting. bmacs: Hmm. yeah. brycec: monit is worth considering, depending on your exact scenario mercutio: also it can still be good to use more than one monitoring thing brycec: It's same-host, but can manage processes, restarting or performing other actions as necessary
^++ mercutio: like i use cacti to check load averages, but i never alert on load averages.
i just use it to see when things get worse etc
or for trends. brycec: Ooh and munin is nice too mercutio: but like if web hosting, you can alert based on how quickly a page loads.
so many options :) brycec: I use so many of them... bmacs: graphing page load times would be pretty sweet. mercutio: heh brycec get him to use smokeping too :)
bmacs: you can do graphing of page load times with curl too
err with smokeping/curl brycec: truth ^
(There's some alerting to it too) mercutio: brycec: oh? brycec: But I don't use alerting, so I can't speak to it. mercutio: i haven't tried the alerting :) brycec: Me either :p -: mercutio makes mental note to look into more monitoring again sometime mercutio: i still want soemthing that will deduce where there are issues
it's kind of a complex problem though. like a few days ago? arp had some loss on ntt due to ddos, but it seemed that coresite stuff was fine. brycec: Nagios/opsview does that for network links mercutio: brycec: but does it do it for upstream of upstream etc?
like if it can be more particular that'd be nifty. brycec: If host X is down, then it doesn't alert for downstream hosts Y and Z mercutio: yeah but it's more complicated than that
because sometimes there's partial connectivity from differnet locations etc.
and host y/z maybe on a different subnet to x and behave differently etc brycec: If Y/Z are on a different subnet, then you wouldn't configure them as downstream hosts :P mercutio: even if they're vm's off box x?
it seems i'm mostly thinking of network issues brycec: It's however you want to configure things... mercutio: it seems network issues are likely to increase more and more
i wonder if snmp amplification attacks are being done yet
(speaking of snmp) ***: toeshred has joined #arpnetworks
mkb has quit IRC (Remote host closed the connection)
mkb has joined #arpnetworks