Archive for June, 2020

June 29 the Feast of The Glorious and First among Apostles Peter and Paul in the Church and What were the names of The twelve Apostles

Tuesday, June 30th, 2020

saint-Glorious-Apostle-Peter-and-Paul-holy-orthodox-icon

Saint Apostle Peter and Paul are the most glorious of all Christ desciples thanks to whom by God's mercy and Grace the nations have received the good news of the Lord Jesus's Christ Crucifix for the sins of all us the sinful people whose evils and unthankfullness is on the way to reach its climax in this days of apostacy where the Church built on top of the Holy Martyrs blood and the Blood and tortures for Christ and the Truth of this two holy man is in one of its biggest temptetation caused by the Coronavirus hysteria exeggerated by the mass-media and purposing to mark a slavery upon human mind and took away the freedoms of man and change the life as we know it.

The Holy Apostles day is the End of the post-Pentecostal fasting which is in the Church from the ancient days of the Church. Rhe date selected being the anniversary of either their death or the translation of their relics.

Fasting is among the 4 main fasts in the One Holy Orthodox Church and the feast in the number of the biggest feasts of the Church. If one reads the historical records for all the places this two simple man was to preach the Gospel he is puzzled and couldn't comprehend how could it be for a simple Roman and a Fisherman to be able to walk through so many lands by boats, ships, through rivers, by carrets, on horses, donkeys, axes, elephants and God knows what kind of other animals typical for the multiple countries and lands this two most holy man has visit. 
It is even more amazing that their frutis of faith planted in the nations are still present today in so many Christians through the world …

The saint Peter and Paul fasting has been set for the reason the Apostles, have fasted immediately after Pentecost the descent of the Holy spirit over The desciples of Christ on the 50th day after the Resurrection of the Lord Jesus Christ. The feast has been setup because the Apostles immerse joy of the Holy Spirit who filled their heart spirits, soul and body made them understood how much dirty and how much in sin they and all the humanity is and how much cleanness is necessery in order for them to start their hard mission of spreading the fact of the Resurrection they have witnessed with their own eyes. A small bracket to open here that Saint Paul never had the  chance to see in Body the Savior just like Saint Paul and the rest of the Apostles, but he was illuminated by The Lord Jesus Christ's appearance to him on the road of the mask when he was on a journey to hunt for christians and put them to court and to death.

Saint Paul was so fierce (by his zillotism) for the Old Testamental Jewish pharisee faith who was based on human interpretation of God's laws, that he was even physically present on the Killing of Saint Archideacon Stephan.
Saint Paul was the one holding the dresses of the Killers of the first Christian martyr St. Stephan thinking that this devilish deed was truthful and pleasant to God. 
But God loved Saint Paul for his Zilotism and his heart aiming to know the Truth and because of that on the Road to Damascus appeared, blinding him from the unbearable light that was emitted by the Lord Jesus Christ who has answered the simple prayer of St. Paul who was honestly looking for the truth. On the Question Saint Paul asked the Unknown bright man who appeared in Glory and surrounded by Angels and Archangels he asked "Who are you Lord"? The reply came, 'I am Jesus, whom you are persecuting'." Acts of the Holy Apostles 9:4-5.

This moment changed Paul forever to make him from a fierce persecutor to a truthful desciple. However as it is said in the Holy Scriptures noone who sees the Lord can't stay alive in the Flesh and perhaps due to that the appearance of Christ left St. Paul to be blind for 3 days until God sent Ananias to heal his eyes by the ordination of Hands in the name of Jesus Christ – again a miracle of God aiming to strengthen the weakness of Faith of Saint Paul and stimulate him to continue on the way of Salvation. Even after the healing of his eyes, later in his eyes by God's providence the eyesight of Paul become weak again and he had to dictate his Apostle letters in the New Testament to his desciples who put it on paper and quite rarely write with his own hand due to his visionary problems. But apperantly the weak physical eye sight doesn't always mean a blindness as with his spiritual eyes the holy apostle was seeing much more than with his physical eyes and one weakness of seeing the physical let him contemplate the eternal.

It is little known fact that saint Paul among with his preaching the Gospel everywhere he went had a profession of making Tents and has worked hardly along with praying day and night, and the sleepless nights of vigil, the tortures by different anti-christians, jews, pagans, philosophers, magicians and others multitude of people who led by his spiritual blindness and passions has done multiple evils and tried in all means to stop Paul to preach the Gospel. But they did not succeeded and we see today the Result as there is rarely a man in the civillized world in all continents who doesn't heard or know about him 20-teen centuries after his martyrdom in the Capital of Roman Empire Rome.

saint-Paul-and-Peter-holy-icon

Saint Peter on the other hand was known for his simplicity and he like all of us was suffering of sickness of weakness of faith, he even rejected to know Christ thrice on the Christ trial, even though he was with Christ for the 3.5 years of Christ's preaching his Salvation Way to the world. But again just like with Paul, God made the miracle of preliminary foretelling him the future, warning him that he is about to reject Christ as his teacher a fact that occured just like prophecised by Christ earlier. Saint Peter seeing that The Lord Jesus Christ as the Son of God knows the future believed him and recover his trust in the Resurrection and with repentance came to believe and await the Resurrection of Christ which by the mercy of God he soon saw with his own eys. Soon after this mercy of God and his preparation with the Eyes of Christ and his desires to follow the will of God for his life led him to completely sacrifice all he had in his remaining earthly life for Christ. Saint Peter "Simon" (Σίμων Simōn in Greek), means stone and he is called that way for the fact he become a stone on which the Church of Christ was build and this stone is present their in the Church and everyone in both Christians and not Christians knows him well.

Saint-Apostle-Paul-and-Peter-embrace

In a dialogue between Jesus and his disciples (Matthew 16:13–19), Jesus asks, "Who do people say that the Son of Man is?" The disciples give various answers. When he asks "Who do you say that I am?", Simon Peter answers, "You are the Messiah, the Son of the living God." Jesus then declares:

Blessed are you, Simon son of Jonah, for this was not revealed to you by flesh and blood, but by my Father in heaven. And I tell you that you are Cephas (Peter) (Petros), and on this rock (petra) I will build my church, and the gates of Hades will not overcome it. I will give you the keys of the kingdom of heaven; whatever you bind on earth will be bound in heaven, and whatever you loose on earth will be loosed in heaven.

Saint Peter is known to have been in Antioch and Corinth and many other lands and is believed to have been the First PopSaint-Apostle-Paul-and-Peter-embrace.jpge of Rome.

Saint-Apostle-Peter-Crucifix-with-head-downed-cross-as-he-said-he-is-unworthy-to-die-as-the-saviour

Early Church tradition says that Peter probably died by crucifixion (with arms outstretched) at the time of the Great Fire of Rome in the year 64. This took place three months after the disastrous fire that destroyed Rome for which the emperor (Nero) wished to blame the Christians. This "dies imperii" (regnal day anniversary) was an important one, exactly ten years after Nero ascended to the throne, and it was "as usual" accompanied by much bloodshed. Traditionally, Roman authorities sentenced him to death by crucifixion. In accordance with the apocryphal Acts of Peter, he was crucified head down. Tradition also locates his burial place where the Basilica of Saint Peter was later built, directly beneath the Basilica's high altar.

On the next day 30th of June the Bulgarian Orthodox Church and some of the other Eastern Orthodox Churches celebrate another great feast The Assembly of the 12 Apostles which honors all the 12 Apostles who were the main building blocks whose preach and martyrdom for Christ put the second stones on the Building of the Church which was based on the main base cornerstone Jesus Christ whom with his holy blood for the Salvation of mankind made the existence of the Ship of Salvation (as the holy fathers) call the Church posslble.

Feast-of-The-Assembly-of-the-Holy-Apostles-and-St-Peter-and-Paul

Below are the Church Troparions and Kontaktions (Praising songs in the Church sang in Holy Liturgy) on 29 of June that every year marks Feast of the Glorious Apostles who enlightened the Universe, I put the songs in Both English and in Cyrillic translated out of Old Bulgarian (Church Slavonic).

Here are the names of the 12 Apostles as we know them by Church Tradition

The 12 disciples of Lord Jesus Christ

1. Peter
2. James
3. John
4. Andrew
5. Bartholomew or Nathanael
6. James, the Lesser or Younger
7. Judas
8. Jude or Thaddeus
9. Matthew or Levi
10. Philip
11. Simon the Zealot
12 . Thomas

 

Troparion — Tone 4

O first-enthroned of the Apostles, / and teachers of the universe, / intercede with the Master of all / to grant peace to the world, / and to our souls great mercy.

Kontakion — Tone 2

O Lord, You have taken to Yourself the steadfast and divinely-inspired heralds, the leaders of Your disciples, / for the enjoyment of Your blessings for and their rest; / for You have accepted their labors and their deaths as above all burnt offerings, / for You alone know the hearts of men.

Kontakion — Tone 2

Today Christ the Rock glorifies with highest honor / the rock of Faith and leader of the Apostles, / together with Paul and the company of the Twelve, / whose memory we celebrate with eagerness of faith, / glorifying Him Who glorified them.

ТРОПАРЬ, ГЛАС 4-Й

Апостолов первопрестольницы и вселенныя учителие, Владыку всех молите мир вселенный даровати и душам нашым велию милость.

Первенствующие из апостолов и Вселенской Церкви учителя, Владыку всех молите мир миру даровать и душам нашим великую милость.

КОНДАК, ГЛАС 2-Й

Твердыя и боговещанныя проповедатели, верх апостолов твоих, Господи, приял еси, в наслаждение благих Твоих и покой: болезни бо онех и смерть приял еси, паче всякаго всеплодия, Едине сведый сердечная.

Непоколебимых и богогласных проповедников, высших из Апостолов Твоих, Господи, Ты принял в наслаждение благ Твоих и покой, ибо страдания их и смерть благоволил принять как жертву, выше всякой жертвы, Единый, ведающий сердца наши.

ВЕЛИЧАНИЕ

Величаем вас, апостоли Христовы Петре и Павле, весь мир ученьми своими просветившия и вся концы ко Христу приведшия.

Прославляем вас, апостолы Христовы Петр и Павел, весь мир своим учением просветивших и приведших ко Христу народы всей земли.

Let by the Prayers of the Holy Apostles Peter and Paul and the Apostle James, John, Andrew, Bartholomew (Nathnael), James (the lesser or Younger), Judas, Jude (Thaddeus), Mathew (Levi), Philip, Simon Zealot and Thomas God have mercy on all Christians in our age and the ages to come till the Second Glorious Coming of Christ and in the Frightening Judgement day.

Make Laptop Sleep on LID (Monitor) close in Linux Debian and Ubuntu systemd Linux

Monday, June 22nd, 2020

make-laptop-auto-sleep-on-lid-close-in-Linux-Ubuntu-Debian-Linux

I need to make my laptop automatically sleep on LID Screen close but it doesn't why?

If have used your laptop for long years with Windows or any Windows user is used to the default beavrior of Windows to automatically sleep the computer on PC close. This default behavior of automatically sleep on LID Close has been Windows standard for many years
and the reason behind that usually laptop is used for mobility and working on a discharging battery so a LID screen close puts the laptop in (SLEEP) BATTERY SUSPEND MODE aiming to make the charged battery last longer. However often for Desktop use in the Office LID close 
trigger of laptop sleep mode is annoying and undesired I've blogged earlier on that issue and how to make laptop not to sleep on LID close on M$ Windows 10 here.

This bahavior was copied and was working in many of the Linux distributions for years however in Debian GNU / Linux and Ubuntu 16.X this feature is often not properly working due to a systemd bug. Of course closing the notebook LID screen without putting
the PC in sleep mode is not a bug but a very useful feature for those who use their laptop as a Desktop machine that is non-stop running, however for most ppl default behavior to auto-suspend the computer on Laptop Monitor close is desired.

Here is how to  force the close of the laptop lid to go to suspend/sleep mode and when open the lid, it wake it up.
 

1. First requirement is to make sure the laptop has installed the package pm-utils, if it is not there install it with:

# apt-get install –yes pm-utils

2. Next we need to edit logind.conf and append 3 variables

# vim /etc/systemd/logind.conf


Normally the file should have a bit of commented informative lines as well as a commented variables that could be enabled like so:

[Login]
#NAutoVTs=6
#ReserveVT=6
#KillUserProcesses=no
#KillOnlyUsers=
#KillExcludeUsers=root
#InhibitDelayMaxSec=5
#HandlePowerKey=poweroff
#HandleSuspendKey=suspend
#HandleHibernateKey=hibernate
#HandleLidSwitch=suspend
#HandleLidSwitchExternalPower=suspend
#HandleLidSwitchDocked=ignore
#PowerKeyIgnoreInhibited=no
#SuspendKeyIgnoreInhibited=no
#HibernateKeyIgnoreInhibited=no
#LidSwitchIgnoreInhibited=yes
#HoldoffTimeoutSec=30s
#IdleAction=ignore
#IdleActionSec=30min
#RuntimeDirectorySize=10%
#RemoveIPC=yes
#InhibitorsMax=8192
#SessionsMax=8192


These entries are usually the files that are used by default as a systemd settings.
Before starting make a copy just you happen to mess systemd.conf, e.g.:

cp -rpf /etc/systemd/logind.conf /etc/systemd/logind.conf_bak


To make the PC LID close active append in the end of file below 3 lines:

HandleSuspendKey=suspend
HandleLidSwitch=suspend
HandleLidSwitchDocked=suspend

systemd-logind-conf-enable-suspend-sleep-on-laptop-lid-screen-close-linux

Save the file and to make systemd daemon reload restart the PC, even though theoretically systemd can be reloaded to digest its new /etc/systemd/logind.conf with:

# systemctl daemon-reexec

3. Assure yourself the Power Management LID setting of the Desktop Graphical User Interface are set to SUSPEND on close


I use MATE Desktop environment as it is simplistic and quite stable fork of GNOME 2.0, anyway depending on the GUI used on the Linux powered laptop e.g. GNOME / KDE Plasma / XFce etc. make sure the respective
 

Control Panel -> Power Management


settings are set to Force the Laptop Screen LID SUSPEND on Close.

Below is how this is done on MATE:

power-management-preferences-when-lid-is-closed-MATE-on-AC-power

power-management-preferences-when-lid-closed-on-battery-suspend

That's all folks, now close your Laptop and enjoy it going to sleep, open it up and get it awaked 🙂 Cheers ! 

Sysadmin tip: How to force a new Linux user account password change after logging to improve security

Thursday, June 18th, 2020

chage-linux-force-password-expiry-check-user-password-expiry-setting

Have you logged in through SSH to remote servers with the brand new given UNIX account in your company just to be prompted for your current Password immediately after logging and forced to change your password?
The smart sysadmins or security officers use this trick for many years to make sure the default set password for new user is set to a smarter user to prevent default password leaks which might later impose a severe security risk for a company Demiliterized networks confidential data etc.

If you haven't seen it yet and you're in the beautiful world of UNIX / Linux as a developer qa tester or sysadmin sooner or later you will face it.
Here of course I'm talking about plain password local account authentication using user / pass credentials stored in /etc/passwd or /etc/shadow.

Lets Say hello to the main command chage that is used to do this sysadmin trick.
chage command is used to change user password expiry information and  set and alter password aging parameters on user accounts.

1. Force chage to make password expire on next user login for a new created user
 

# chage -d 0 {user-name} 


Below is a real life example
 

chage-force-user-account-password-expiry-linux

2. Get information on when account expires

[hipo@linux ~]$ chage -l hipo
Last password change                                    : Apr 03, 2020
Password expires                                        : Jul 08, 2020
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 90
Number of days of warning before password expires       : 14

3. Use chage to set user account password expiration

The most straight forward way to set an expiration date for an active user acct is with:

# chage -E 2020-08-16 username


To make the account get locked automatically if the password has expired and the user did not logged in to it for 2 days after its expiration.

# chage -I 2 username


– Set Password expire with Minimum days 7 (-n mindays 7), (-x maxdays 28) and (-w warndays 5)

# passwd -n 7 -x 28 -w 5 username

To check the passwod expiration settings use list command:

# chage -l username
Last password change                                    : юни 18, 2020
Password expires                                        : юли 16, 2020
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 7
Maximum number of days between password change          : 28
Number of days of warning before password expires       : 5

chage is a command is essential sysadmin command that is mentioned in every Learn Linux book out there, however due to its often rare used many people and sysadmins either, don't know it or learn of it only once it is needed. 
A note to make here is some sysadmins prefer to use usermod to set a password expire instead of chage.

usermod -e 2020-10-14 username

For those who wonder how to set password expiry on FreeBSD and other BSD-es is done, there it is done via the pw system user management tool as chage is not present there.

A note to make here is chage usually does not provide information for Linux user accounts that are stored in LDAP. To get information of such you can use ldapsearch with a query to the LDAP domain store with something like.
 

ldapsearch -x -ZZ -LLL -b dc=domain.com,dc=com objectClass=*


It is worthy to mention also another useful command when managing users this is getent used to get entries from Name Service Switch libraries. 
getent is useful to get various information from basic /etc/ stored db files such as /etc/services /etc/shadow, /etc/group, /etc/aliases, /etc/hosts and even do some simple rpc queries.

Improve SSL security: Generate and add Diffie Hellman key to SSL certificate for stronger line encryption

Wednesday, June 10th, 2020

Diffie–Hellman key exchange (DH) is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as conceived by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography.

Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical means, such as paper key lists transported by a trusted courier. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.

DH has been widely used on the Internet for improving the authentication encryption among parties. The only note is it useful if both the communication sides A and B are at your control, as what DH does is just strenghten the already established connection between client A and B and not protect from Man in the Middle Attacks. If some malicious user could connect to B pretending it is A the encryption will be established.

diffie-hellman-explained

Alternatively, the Diffie-Hellman key exchange can be combined with an algorithm like the Digital Signature Standard (DSS) to provide authentication, key exchange, confidentiality and check the integrity of the data. In such a situation, RSA is not necessary for securing the connection.

TLS, which is a protocol that is used to secure much of the internet, can use the Diffie-Hellman exchange in three different ways: anonymous, static and ephemeral. In practice, only ephemeral Diffie-Hellman should be implemented, because the other options have security issues.

Anonymous Diffie-Hellman – This version of the Diffie-Hellman key exchange doesn’t use any authentication, leaving it vulnerable to man-in-the-middle attacks. It should not be used or implemented.

Static Diffie-Hellman – Static Diffie-Hellman uses certificates to authenticate the server. It does not authenticate the client by default, nor does it provide forward secrecy.

Ephemeral Diffie-Hellman – This is considered the most secure implementation because it provides perfect forward secrecy. It is generally combined with an algorithm such as DSA or RSA to authenticate one or both of the parties in the connection.

Ephemeral Diffie-Hellman uses different key pairs each time the protocol is run. This gives the connection perfect forward secrecy, because even if a key is compromised in the future, it can’t be used to decrypt all of the past messages.

diffie-hellman-dh-revised

DH encryption key could be generated with the openssl command and could be generated depending on your preference using a 1024 / 2048 or 4096 bit encryption.
Of course it is best to have the strongest encryption possible i.e 4096.

The Logjam attack 

The Diffie-Hellman key exchange was designed on the basis of the discrete logarithm problem being difficult to solve. The most effective publicly known mechanism for finding the solution is the number field sieve algorithm.

The capabilities of this algorithm were taken into account when the Diffie-Hellman key exchange was designed. By 1992, it was known that for a given group, G, three of the four steps involved in the algorithm could potentially be computed beforehand. If this progress was saved, the final step could be calculated in a comparatively short time.

This wasn’t too concerning until it was realized that a significant portion of internet traffic uses the same groups that are 1024 bits or smaller. In 2015, an academic team ran the calculations for the most common 512-bit prime used by the Diffie-Hellman key exchange in TLS.

They were also able to downgrade 80% of TLS servers that supported DHE-EXPORT, so that they would accept a 512-bit export-grade Diffie-Hellman key exchange for the connection. This means that each of these servers is vulnerable to an attack from a well-resourced adversary.

The researchers went on to extrapolate their results, estimating that a nation-state could break a 1024-bit prime. By breaking the single most-commonly used 1024-bit prime, the academic team estimated that an adversary could monitor 18% of the one million most popular HTTPS websites.

They went on to say that a second prime would enable the adversary to decrypt the connections of 66% of VPN servers, and 26% of SSH servers. Later in the report, the academics suggested that the NSA may already have these capabilities.

“A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break.”

Despite this vulnerability, the Diffie-Hellman key exchange can still be secure if it is implemented correctly. As long as a 2048-bit key is used, the Logjam attack will not work. Updated browsers are also secure from this attack.

Is the Diffie-Hellman key exchange safe?

While the Diffie-Hellman key exchange may seem complex, it is a fundamental part of securely exchanging data online. As long as it is implemented alongside an appropriate authentication method and the numbers have been selected properly, it is not considered vulnerable to attack.

The Diffie-Hellman key exchange was an innovative method for helping two unknown parties communicate safely when it was developed in the 1970s. While we now implement newer versions with larger keys to protect against modern technology the protocol itself looks like it will continue to be secure until the arrival of quantum computing and the advanced attacks that will come with it.

Here is how easy it is to add this extra encryption to make the SSL tunnel between A and B stronger.

On a Linux / Mac / BSD OS machine install and use openssl client like so:
 

# openssl dhparam -out dhparams1.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
……………………………………………………….+………..+………………………………………………………+


…..
…. ………………..++*++*

Be aware that the Diffie-Hellman key exchange would be insecure if it used numbers as small as those in our example. We are only using such small numbers to demonstrate the concept in a simpler manner.

# cat dhparams1.pem
—–BEGIN DH PARAMETERS—–
MIIBCAKCAQEAwG85wZPoVAVhwR23H5cF81Ml4BZTWuEplrmzSMOR9UNMnKjURf10
JX9xe/ZaqlwMxFYwZLyqtFQB2zczuvp1j+tKkSi4/TbD6Qm6gtsTeRghqunfypjS
+c4dNOVSbo/KLuIB5jDT31iMUAIDJF8OBUuqazRsg4pmYVHFm1KLHCcgcTk5kXqh
m8vXoCTlaLlmicC9pRTgQLuAQRXAF8LnVLCUvGlsyynTdc0yUFePWkmeYHMYAmWo
aBS6AMFNDvOxCubWv9cULkOouhPzd8k0wWYhUrrxMJXc1bSDFCBA7DiRCLPorefd
kCcNJFrh7rgy1lmu00d3I5S9EPH/EyoGSwIBAg==
—–END DH PARAMETERS—–


Copy the generated DH PARAMETERS headered key string to your combined .PEM certificate pair at the end of the file and save it

# vim /etc/haproxy/cert/ssl-cert.pem
….
—–BEGIN DH PARAMETERS—–
MIIBCAKCAQEAwG85wZPoVAVhwR23H5cF81Ml4BZTWuEplrmzSMOR9UNMnKjURf10
JX9xe/ZaqlwMxFYwZLyqtFQB2zczuvp1j+tKkSi4/TbD6Qm6gtsTeRghqunfypjS
+c4dNOVSbo/KLuIB5jDT31iMUAIDJF8OBUuqazRsg4pmYVHFm1KLHCcgcTk5kXqh
m8vXoCTlaLlmicC9pRTgQLuAQRXAF8LnVLCUvGlsyynTdc0yUFePWkmeYHMYAmWo
aBS6AMFNDvOxCubWv9cULkOouhPzd8k0wWYhUrrxMJXc1bSDFCBA7DiRCLPorefd
kCcNJFrh7rgy1lmu00d3I5S9EPH/EyoGSwIBAg==
—–END DH PARAMETERS—–

…..

Restart the WebServer or Proxy service wher Diffie-Hellman key was installed and Voila you should a bit more secure.

Report haproxy node switch script useful for Zabbix or other monitoring

Tuesday, June 9th, 2020

zabbix-monitoring-logo
For those who administer corosync clustered haproxy and needs to build monitoring in case if the main configured Haproxy node in the cluster is changed, I've developed a small script to be integrated with zabbix-agent installed to report to a central zabbix server via a zabbix proxy.
The script  is very simple it assumed DC1 variable is the default used haproxy node and DC2 and DC3 are 2 backup nodes. The script is made to use crm_mon which is not installed by default on each server by default so if you'll be using it you'll have to install it first, but anyways the script can easily be adapted to use pcs cmd instead.

Below is the bash shell script:

UserParameter=active.dc,f=0; for i in $(sudo /usr/sbin/crm_mon -n -1|grep -i 'Node ' |awk '{ print $2 }'); do ((f++)); DC[$f]="$i"; done; \
DC=$(sudo /usr/sbin/crm_mon -n -1 | grep 'Current DC' | awk '{ print $1 " " $2 " " $3}' | awk '{ print $3 }'); \
if [ “$DC” == “${DC[1]}” ]; then echo “1 Default DC Switched to ${DC[1]}”; elif [ “$DC” == “${DC[2]}” ]; then \
echo "2 Default DC Switched to ${DC[2]}”; elif [ “$DC” == “${DC[3]}” ]; then echo “3 Default DC: ${DC[3]}"; fi


To configure it with zabbix monitoring it can be configured via UserParameterScript.

The way I configured  it in Zabbix is as so:


1. Create the userpameter_active_node.conf

Below script is 3 nodes Haproxy cluster

# cat > /etc/zabbix/zabbix_agentd.d/userparameter_active_node.conf

UserParameter=active.dc,f=0; for i in $(sudo /usr/sbin/crm_mon -n -1|grep -i 'Node ' |awk '{ print $2 }'); do ((f++)); DC[$f]="$i"; done; \
DC=$(sudo /usr/sbin/crm_mon -n -1 | grep 'Current DC' | awk '{ print $1 " " $2 " " $3}' | awk '{ print $3 }'); \
if [ “$DC” == “${DC[1]}” ]; then echo “1 Default DC Switched to ${DC[1]}”; elif [ “$DC” == “${DC[2]}” ]; then \
echo "2 Default DC Switched to ${DC[2]}”; elif [ “$DC” == “${DC[3]}” ]; then echo “3 Default DC: ${DC[3]}"; fi

Once pasted to save the file press CTRL + D


The version of the script with 2 nodes slightly improved is like so:
 

UserParameter=active.dc,f=0; for i in $(sudo /usr/sbin/crm_mon -n -1|grep -i 'Node ' |awk '{ print $2 }' | sed -e 's#:##g'); do DC_ARRAY[$f]=”$i”; ((f++)); done; GET_CURR_DC=$(sudo /usr/sbin/crm_mon -n -1 | grep ‘Current DC’ | awk ‘{ print $1 ” ” $2 ” ” $3}’ | awk ‘{ print $3 }’); if [ “$GET_CURR_DC” == “${DC_ARRAY[0]}” ]; then echo “1 Default DC ${DC_ARRAY[0]}”; fi; if [ “$GET_CURR_DC” == “${DC_ARRAY[1]}” ]; then echo “2 Default Current DC Switched to ${DC_ARRAY[1]} Please check “; fi; if [ -z “$GET_CURR_DC” ] || [ -z “$DC_ARRAY[1]” ]; then printf "Error something might be wrong with HAProxy Cluster on  $HOSTNAME "; fi;


The haproxy_active_DC_zabbix.sh script with a bit of more comments as explanations is available here 
2. Configure access for /usr/sbin/crm_mon for zabbix user in sudoers

# vim /etc/sudoers

zabbix          ALL=NOPASSWD: /usr/sbin/crm_mon


3. Configure in Zabbix for active.dc key Trigger and Item

active-node-switch1

What is it like to become a father in the Age of Coronavirus Pandemics – Our baby Dimitar is born

Thursday, June 4th, 2020

After a long 9 months finally on 12.05.2020 12 of May 2020 by God's grace our baby Dimitar was born. He born one day after Saint Cyril and Methodius feast in the Church on the Church Feast of Saint Ephiphanius of Cyprus, Saint German Patriarch of Constantinopol a fierce fighter for the veneration of Holy Icons, Saint martyr Ermogen patriarch of Constantinople (according to new style Calendar) and Saint Basil of Ostrog (in old calendar) . I always loved spring and especially month of May so I'm happy the baby born exactly on this month. For many 2020 broght the coronavirus pandemics brought a lot of pain and surely for us it brought an extra stress with all this mask wearing and super extra precaution measures everywhere and self-isolation but for me 2020 brought me a great joy and a good things in life, after we changed the rented apartment and we moved from Mladost 3 to Geo Milev (a district that is much more fitting my temper), now just 4 months later we have this greatest joy of having a son, something that many people dreamed all their life and suffered. For us it was about 6 years without a baby and the lack of a child in a family seems to extra strain situation. I do suffer and pray for all those people who can't have child and desperately want it and I hope God will bless many with the same joy in the coming years. I have to say having a baby fills up a great hole in the family and brings up new horizons for development of both families and the new born child. Most importantly a new opportunity is there for a new man to get into the kingdom of Heaven know Christ and hopefully end up in eternal blissfulness in Heaven with all the saints by the mercy of God. If you think for a while how all of us some time back in time were also a kid and how our mothers had many sleepless nights and feared for our health and well-being and how from a small baby we become a man who studied excelled in things, failed in others and have the opportunity and rationality to do complex things such as writting this article you get into the conclusion all this is hard to believe mind blowing miracle …

Baby-Dimitar-selected/New-man-born-into-the-world

Right out of Mother's Belly seeing the Light of the World for a first time – First Picture of the Baby before he officially had a name

Many people prayed for the easy birth of my wife as she is already 36 years old and in that years sometimes giving birth is dangerous and often many woman loose babies or are forced to be cut for the baby to be delivered from the belly with Caesarian section cut. Svetlana give a normal birth thanksfully and she delivered the baby for just 3.5 hours after she was accepted in hospital the previous day and doctors did an infusion of oxytocin  (a liquid hormone that doctors use to acccelarate the birth process when the baby was over carried just like it was in our case and in the case of many woman) – Svetlana overcarried it with 5 days.

After a long struggle with my wife on selecting the name, we finally named our new born baby Dimitar  born 49 centimeters / 2980 grams / Dimitar was named in honour of one of the most notorious and loved saints in the Eastern Orthodox world Saint Demitrius of Thessaloniki after a very long struggle to select the name as my wife Svetlana desired to name him Daniil (Daniel), a name which is also beautiful and belongs to the Prophet Daniel and Saint Daniel the Stylite. Svetlana had some weird ideas to name the boy Elijan (Ilia) as well as some other ideas for names like Andrei (Andrew) a very beatiful name belonging to Saint Andrew the Apostle who by the way preached on the Bulgarian Sea Coast according to Church tradition I was against not because the names are bad but because I wanted strongly to follow our well known tradition in Bulgaria to name the first born male boy after the grandfather in that case I wanted to name baby Dimitar firstly in favour of Saint Dimitar (The Myrh Bearer) of Thessaloniki to be the heavinly guide of the boy together with all the other saints under the  Demitrius / Dimitrius name as well as to venerate my father who is a very hard-working and patient parent even over the years with a such a wild child which I am.

Holy Relics of Saint Demetrius the Myrh Bearer in St. Demetrius Basilica in Thessaloniki (Greece)

Saint-Demetrius-the-Myrh-Bearer orthodox holy icon

Saint Demetrius killing Lyaeus the Glariator (depicting the spiritual destroyment of paganism by prayerrs of Saint Demetrius and a remembrance of fact that Christian Nestor killed much powerful Gladiator Lyaeaus who killed thousands of Christians on the Arena before by the all powerful prayers of Saint Demetrius)

I find worthy  to name a few of the other kid's heavinly prayer intercessors this is the well known Russian Saint Dimitrius of Rostov, The bulgarian saint Saint Demitrius of  Besarabia (an ex-territory of Bulgarian Empire) and Saint Dimitrij Donskoy, there is even more saints undet the Demetrius names canonized by the church over the centuries.

The name selection of a boy turned to be much more complicated than I thought and for anyone out there that has to go through the process of awaiting a new born I recommend you to select the name in advance as selecting the name after birth in negotiation with a woman who gave birth is a terrible and hard to bear experience as her hormones are making swing moods every now and then.

/pictures/Baby-Dimitar-selected

Selecting a kid name in the past was quite an interesting process and there was various approaches here in Bulgaria, from naming the kid after a grandfather, grandmother to naming it after a big saint if he is born on a big saint's Church feast day for example if it is born on 6th of May (saint George's day) in Bulgaria it is common to name the kid Georgi or if it is Saint Cyril and Methodius Cyril.
Due to the fact the kid was born near the feast of Saint Apostole Simon the Zealot one of the names I suggested to Svetlana was Simon or Simeon even though that name was not my choice as a compromise that might fit us both. We had some discussion and we both liked the Kiril (Cyril) name, plus 11 of May was Saint Cyril and Methodius but I had an internal tension about it as we didn't have anyone in family called Kiril.

Baby-Dimitar-doctor-checks-heart

Heart works perfect Praise the Lord ! 🙂

Finally my wife stepped back and she agreed to write the name in birth register the name Dimitar so now the kid in his Birth Certificate  is Dimitar Georgiev Georgiev.

Giving birth in Pandemics prevented me to be able to go and see the child until the day he and wife was discharged from Sofia's Maichin Dom University's hospital as clincally healthy.
Please excuse me if I'm turning your attention from the common IT themes Religion and Philosophy which I talk about but I thought putting a few lines for a life changing event as a baby birth is important for me personally to organize things in my head.

/pictures/Baby-Dimitar-selected

The little Big Man

The stress around the baby born is always a big deal both for the mother and the father. But in my case thanks God I was relatively calm. The feelings in the days around birth for the father are quite extreme of course and perhaps this is why many fathers drink till forgetfulness after the baby is born. This however was not the case with me, even though due to the spiritual hardships I have a drinked a couple of beers overall I stayed sober around the birth and right after it before the baby came home.

/pictures/Baby-Dimitar-selected

In front of the Prayer Chapel in Maichin Dom (where yearly the Patriarch of Bulgaria Neofit sanctifies the place with Vodosvet (Sanctification of the Water)

Talking about taking the baby I'm thankful to my dear Friends Angel / Krasimir his wife Irina and Mitko Ivanov, who were the only person to kinda of support me and come for the official dischargement ceremony in hospital. I had to organize a couple of things for the dischargement pay the bills currently in Maichin Dom the overall birth expenses for doctors, midwives, hiring room expenses (for 8 days hospitalization) was lets say normal 1345 LEVA  (~ 700 EURO) much lower price than in other non-government funded hospitals in Sofia like Nadezhda  where it would have been about 2300 LEVA, this is of course higher than social countries of Western Europe like Germany where a normal state funded birth would cost something like ~ 350 – 400 EUR but still very cheap if Compared to United Stateswhere a good orchestrated birth costs something like 25 to 30 000 USD.
As I heard from wife the birth experience she got was of course harsh but this is normal for the first baby where the levels of stress and uncertainty is absolutely unbearable for the your unexperienced parturient mother.

I have to express my sincere thankfulness to the great Head Doctor Miss Ivet Raicheva thanks to whom my wife succeded in normal birth and we have a healthy baby.as well Doctor Nikolay Gerdzhikov from Hospital Second Baby Specialized Hospital Sheinovo who  break off the amniotic fluids baloon of my wife to accelarate the overcarried baby timely birth, as well as all the pregnancy tracking doctors of UMBAL Nadezhda (A Hispital for Woman Health).

Just like I thank warmly to all the people who have given us baby clothes, baby car chairs, subtrates, carriage cangoroos and all kind of baby toys and equipment useful in raising the baby as well as all the friends who helped with advices during the pregnancy and many hardships in this 9 months before baby come to earth and after that. This are Mitko Paskalev, Mitko Ivanov / Anastasia, Krasimir, Hristina, Father Stoyan and his wife Yanna, our godfather Familiy Galin and Andrea, uncle Emilian, Vasil Kolev, Father Flavian and all others who helped us with warm prayers and good words during the hardships of pregnancy during the Coronacrisis.

Due to the Covid, every time I had to go to the hospital to bring my wife food, pampers, fruits etc. was only possible to be delivered by a medicine personal (with a small treatment fee) as entrance of externals like me was not possible.

I did not have the chance to go inside the hospital's 12th floor to pick up my wife with the baby due to the COVID-19 Virus, hospital entrance was only allowed to the parter stage and only after they check your temperature with an electronic wireless gun-like thermometer headed right in your head …
I had to then wait with the few bouquet of flowers, chocolate candys and alcohol to hand in to the main degenerating doctor which in our case was Ivet Raicheva, I have to kindly thank this professional woman for doing all the best for my wife in assisting her in birth and succeeding in a normal birth process which in our age is quite rare about at least 80% of woman give birth with a C-Section.

Baby-with-Angel-Krasimir-Irina-and-Mitko-Ivanov

Friends and Brothers / Sisters from the Church Angel, Krasi, Irina and Mitko Ivanov

/pictures/Baby-Dimitar-selected/Baby-Krasi-Irina-and-Sveta

Krasimir and Irina

/pictures/Baby-Dimitar-selected

In front of Maichin Dom Me seeing my boy for a first time !

After Svetlana was accompanied in the entrance stage with a medicine worker, we made the standard few remembrance pictures on the floor and infront the hospital and on a Volkswagen Taxi headed home with the baby being in fear for the baby in every car bump.

aking-the-baby-home

The great joy of blessing to be with your Son for a first time

Once Dimitar was already home we rejoiced and placed him in his already prepared baby crib and left home wife for 40 minutes together with the baby and went out to for a quick treat for friends who were so kind to come for the baby.
The routine afterwards is expected as to every new born, a lot of breast feeding for wife, adaptated milk sometimes, changing pampers, baby bathing every day, swinging, singing songs to calm him down when he songs etc.

Baby-Dimitar-selected/Baby-Dimitar-Svetlana1

The responsibilities for the father of course suddenly rise as you have to be a products supporter as your wife is quite weak over the 40 days after birth, you have to clean, buy food or prepare something to eat, prepare her a breastfeeding teas, confort her and calm her. But the overall it is clear that the woman becomes much more stable version of herself after the birth she starts thinking more to the ground and dream less in fantasies as the baby helps her better see the reality and learn to sacrifice more.

Georgi-Baby-Dimitar

Let God bless and protect Dimitar by the prayers of the Holy Virgin Mary Theotokos and All Sains and help him in all the hardships from the cradle to a fully grown and wise man that he'll become one day by God's mercy!