Posts Tagged ‘ALL’

Saint Martyr Antepas of Pergamum mentioned in the Book of Revelation of saint John the Apostle – 4th Sunday of Great Lent saint John the Climacus

Sunday, April 11th, 2021

Reading Time: 9minutes

Saint_Antipas-of-Pergamum-burned-in-a-metal-bull

Saint Antepas of Pergamum

Saint Martyr Antepas commemoration in the One Holy Eastern Orthodox Church is on 11 of April. The veneration of this saint in the past centuries was great in both the Eastern Orthodox Church and the Western Church (The Roman Catholic Church), especially before the great schism in 1054. Saint Antepas was well known among people in the medieval times for being a saint invoked in troubles with a toothache and all kind of teech diseases which were a true plague in the prior ages as people did not have much knowledge on how to heal or recover teeths and usually in case when someone got a tooth ache the ultimate solution to remove the teeth. 

His Vitae (Living) is mostly interesting as he is a saint according to Orthodox Church tradition that was one of the spiritual titans in the first century, where the church was mainly troubled by persecusion by the jews who refused Christ as Messiah, by the pagan crowds and starting from second part of I-st century officially persecuted by the Roman Empire authorities. In this bloody century for the Church where martyrs lay down the foundation of the Church many saints become a victims of jewish fanatism and pagans atrocities. Saint Antepas is one of those saints who at that time was a bishop of the Church of Pergamum mentioned in the Prophetic boof The Book of Reveletaion (the last book) of the Holy Bible book cannon that is included in every (protestant, anglican, orthodox, catholic Holy Bible). Saint John the Apostle the author of Book Revalation has been exiled on mount Paphos (today Cyprus) at time of Martyrdom of Saint Antepas. St. John the Apostle while being in the cave exiled, received in a vision by Christ the revelation of the furute things to come before the end of the world and antichrists false messiah appearance. Before his revelation it is not known whether saint John knew physically his brethren in Christ antipas but this hypothesis is little likely as appearance the book of Revelation has been revealed to John in a single vision by The son of God Jesus Christ where in mystical vision in which the merits and the deficiency of the Church has been presented of the 7 Churches of Asia Minor present at the first century in the world. The Church of Pergamum was one of the Seven Churches of which the Revelation speaks which surrounded by all kind of uncleanness, idolatry and satanic deeds of the Pergamum people and this diseases partially started even plaguing members of the Church who with time had fallen away from faith due to their sinful deeds and undesire for repentance. The book of Revelation mentions the martyrdom of Antepas as a truthful witness of Christ who steadily kept the faith in the Risen Christ enduring martyrdom. "I know thy works, and where thou dwellest, even where Satan's seat is: and thou holdest fast my name, and hast not denied my faith, even in those days wherein Antipas was my faithful martyr, who was slain among you, where Satan dwelleth.". Book of Revelations 2:13.
The spiritual State of the Church of Pergamum is described as follows,

"I know thy works, and where thou dwellest, even where Satan's seat is: and thou holdest fast my name, and hast not denied my faith, even in those days wherein Antipas was my faithful martyr, who was slain among you, where Satan dwelleth." Rev. 2:13

Saint-Antepas-of-Pergam-mentioned-on-Book-of-Relevation-by-saint_John-the-apostle


Saint Antepas was a missionary bishop who lived in time of Roman Emperor Domition II-nd, By the Revelations book we found out that in the 1st century the Pergamum Church Bishop has been a pious saintly man firm in his faith. The Church tradition's memory give us a little more details on the Martyrdom of Antepas. 

According to tradition and history. The citizens of Pergamum (Pergam) were fanatic admirers of their pagan idols and spend their life in all kind of wickedness. Those who observed their lives got the impression that among them really lives satan himself. Among such uncleanness Antepas has been a true headlight in the dark night or like a rose among prickles, showing path to salvation through the three Christian main viritues of Faith, Pope and Love. Even though Antepas witnessed people ungodliness, he did not embarass from the malice of pagans, but on the contrary good heartedly and with a diligence performed his Christian obligations of a shepherd and preacher, revealing deceptions of idolatries and advised them to turn better for their good to the Truthful one God the creator and Ruler of Universe who has send his Only Begotten son to Cross on Golgotha to suffer for the sins of man and return the fallen man to the Holy Trinity God the Father the Son and the Holy spirit and by his suffering showing us the narrow but straight way to heaven of the Suffering by accepting one's personal Cross uniting and nailing it to Christ's cross by handing over all one's life to Christ.

Saint_martyr_Antipas-icon-on-Metal-Plate

St. Antepas preaching turned quickly many of the pagns to Christ's Church. The pagans lost many of their faithful admirers, worshippers of the idols decreased highly and the toll for the idols as well (monetary funds for the shamans) in Pagan temple decreases. Antipas was blamed for his missionary work and revealing the truth to the blind by envious and hard-hearted, greedy idolatries.

In the same time Domitian being loyal to the Roman gods also proclaimed a persecution announcing christians as enemies of the empire. Attaining bravery by that the pagan priests catched Antepas and brought him before the city ruler, blaming him that he become a reason for the gods to become angry and as a reason for the so-called idols (thought to be gods) to stop caring about Pergamon in which they no longer received the high honor for their service to the idols.

– Is that true? asked the ruler of Pergamon – that you have been not giving veneration to the gods, and you teach the others to despire the gods and not give them honour? 
This is why our city is suffering because the gods has been offended and no longer have mercy and take care about this place and our well being.
Leave out Christianity repent and give obbey our law. If you do not give honor to the idols and continue to despise the gods, we will torture you according to roman law.

Antipas replied:

– I AM CHRISTIAN ! And the unwise king's orded i cannot perform and to the false gods i will not obey.
To give you a concreate and clear answer I tell you, the so called gods are not gods and they have no power to protect the city.
Leave your delusions, repent for the wickedness and believe in Christ, who embodied from Heaven to save all humans.
He is the only true God and he is about to come again in the end of ages to Judge everyone according to their deeds – everyone will either receive a gift or punishment.

 

– What is that new teaching shouted enraged the city ruler. You do obey to some new invented by your own law and reject the ancient worships, given us by the fathers. Leave the new faith and stop venerating for God a man who was crucified shamefully as a villain in times of Pilates.
Obey the king order and live in peacefully. We'll help you everything, we'll love you as our sons, because your advanced age requires it – that we all love you and venerate you as a father.

Antepas replied:
– Nomatter what you tell me – I am not that reckless (foolish) for being lived until the old age and being near end of my earthly days, to leave the true faith and to retreat to the salvational faith. You will not deceive my mind because it is enlightened by the wisdom of the Divine books. If you do not repent and do not stop worshipping your idols and you do not believe in the True God you will perish (both physically and spiritually).

Maddened by raged, the pagans crow did not wanted to hear any more the words of the pious elder – bishop. They captured him and drag him to the pagan temple. There was an idol: a big bull, forged by copper. Heating him up till it become red and they throw in the Bishop Antipas. He did not feared but with joy made the Sigh of the Cross and reverently cry out in prayer:

– Oh God,m who have revealed the secret mystery of our our Lord Jesus Christ, thank you for all the good deeds to me in my life. Thank you, you have granted me in that hour to be written in the list of the martyrs for your teaching. Receive my departering from temporary life my soul and engift it with your Grace.

Enduring peacefully and with firmness the terrible torturs, saint Antepas prayed for his enemies and for the whole world. Gradually his bodily powers weakened and he quitly passed to Christ. 
Christians with great honor and according to Church tradition buried the body of the saint martyr. 
His Holy relics were saved and God has engifted them with the healing power. 

Saint-Martyr-Antipas-of_Pergamum

Fourth Sunday of The Great Lent Sunday of Saint John the Climacus.
Saint John Lestvichnik and his Book a Spiritual Ladder to Heaven (Lestvica)

 

Saint-John-The-Scholastic-Lestvichnik-writting-the-Ladder-guide-book-for-ascending-spiritually-to-heaven

Fourth Sunday of the Great Lent – Saint John Lestvichnik / John the Climacus and his Ladder to Heaven

This year the second year of the "Coronavirus pandemy" 2021 the 4th Sunday of the Great Lent which every year commemorates the glorious Holy father and "a commander" of the MonksSaint John the Climacus / Saint John The Sinaites / John the Scholastic that lived in the 6th-7th century. He is mostly known in Bulgaria / Russia and the Slavonic Churches as Saint John Lestvichnik.  Saint John was ascetic monk on the mount of Sinai born circa 579 and passed away to Christ year. 649 A.D. He is revered a saint in both Eastern Orthodox Church as well as the Roman Catholic Church and the rest of the Oriental Orthodox Churches, though he is lesser known in the in the Western world .e.g in Roman Catholic Church. Saint John eagered for a higher spiritual life and thus has spend 20 years in the desert in hermitage, studying and practicing the writtings of the holy fathers to advance his spiritual life and attain spiritual perfection by overcoming all the main passions that are a stopper for a man to become fully spiritually enlightened and reach "in the flesh" the kingdom of heaven and become a victor against the evil passions.  

Saint-John-the-Climacus-sveti-Ioan-Lestvichnik-orthodox-icon

A lot can be said about saint John Lestvichnik and his world famous book Lestvica (Ladder ) Κλῖμαξ known in Latin world as Scala Paradisi a ladder of divince ascent.

In Lestvica the later chosen Abbot of Raitha Monastery st. John Lesvichnik describes to brethren monks on how to overcome different temptations and the attached moving passions and is well known in his life time for being a light beam for good truthtful spiritual lifesaint John Lestvichnik. Even Pope Gregory the Great wrote to him recommend himself to his prayers, and sent him a sum of money for the hospital of Sinai, in which the pilgrims were wont to lodge.

In the Book Ladder that should be tabletop book for all Christians,we hear of the ascetic practice of carrying a small notebook to record the thoughts of the monk during contemplation. Some parts of the books sounds scary and completely strange for the modern readers as we're all sunken in comfort and excessness of things.
Κλῖμαξ is mostly known in the Eastern Orthodox Church and highly estimated by anyone who actiively practices orthodoxy for being the best guide for a person to check his current spiritual life.

 

The Ladder describes how to raise one's soul and body to God through the acquisition of ascetic virtues. Climacus uses the analogy of Jacob's Ladder as the framework for his spiritual teaching. Each chapter is referred to as a "step", and deals with a separate spiritual subject. There are thirty Steps of the ladder, which correspond to the age of Jesus at his baptism and the beginning of his earthly ministry. Within the general framework of a 'ladder', Climacus book falls into three sections. The first seven Steps concern general virtues necessary for the ascetic life, while the next nineteen (Steps 8–26) give instruction on overcoming vices and building their corresponding virtues. The final four Steps concern the higher virtues toward which the ascetic life aims. The final rung of the ladder – beyond prayer (προσευχή), stillness (ἡσυχία), and even dispassion (ἀπάθεια) – is love (ἀγάπη).

Let by the prayers of Saint Antepas, Saint John Lesvichnik and Saint John The Apostle, the All Merciful God to have mercy on our Souls and veliver us from temptations and all evils in present and coming and grant peace and relief to all suffering for the truth and enlighten man to turn back in repentance to Christ !
Amen

6 of April Short Living and Death of Saint Methodius a brother of Constantin Cyril – Christian Enlighteners of the Bulgarian and Slavonic Lands

Wednesday, April 7th, 2021

Reading Time: 7minutes

Saints_Cyril_and_Methodius_Bulgarian_Enlighteners_Icon_by_Avram_Dichov,_1892

Saint Methodius was the bigger child of the two brothers enlighteners of Bulgarian Lands and the Slavonic nationsSaint Cyril (known as The Philosopher) and Saint Methodius born in Thessaloniki
a region of the Byzantine empire. Thessaloniki and its regions according to manuscripts has been mostly inhabited by Slavs at IX century.

In his young age he has chosen to be a Byzantine army man. For 10 years he has been assigned to govern a region of Slavonic lands part of Byzantine Eastern Empire. 
Even though he had been a successful in his worldly career and has been taking a respectful service for the Byzantine Emperor he felt the calling of God, gave up his high position in
aristocracy and entered one of the many monasteries of the empire in mount of Olympus Asia Minor region. Soon after to the same monastery came his younger brother Constantine
Since that moment the two brothers never departed until death of Cyril who died in Rome. And even in his death has been highly venerated by the Pope and considered saint even in
time of his burial at the famous Basillica Church San Clemente where they reside for veneration by Slavs even to this day.

San_clemente_fresco_Saint_Cyril-And-Methodius-in-Rome.

The receiving of Saint Cyril and Methodius in Rome with the Relics of Saint Clement 4th Pope of Rome

The two God chosen man also achieved a glorious deed which was not achieved by anyone before. The creation of the Glagolic Alphabet which become the foundation of the Cyrillic alphabet
currently used of about 300 000 000 people worldwide including by us Bulgarians. The new language was developed to be able to share the high truths of Christ the Gospel and his Church services and books  and 
most impotantly the eternal salvation prepared by God The Holy Trinity The Father the Son and the Holy Spirit for all those who love him and servce him.

The_Grave-of-Saint-Cyril-in-San-Clemente

The Holy relics of Saint Cyril in San Clemente Crypt

As knowing the truth about Heaven and Hell and the Heavenly
kingdom they were highly conserned for the high see of Slavs in the Empire who still have been in darkness of idolatry and paganism. Inspired by God they soon creating an Alphabet in which  translated the whole Holy Bible (The Gospel of Christ the Epistle books and Old Testament book  and Church service books translating the Eastern Orthodox Holy Liturgy of Saint John The Crysostom and Saint John The Basil.
in language understandable for the Slavs. The glagolic alphabet has been soon translated to the Cyrillic Alphabet by the 7 pupils of Saint Cyril and Methodius and has been spread in Bulgarian lands first then in Serbia, Kiev
and rest of Slavonic nations.

Saint_Methodius-Archibishop-of-Moravia-and_Pannonia

In Great Moravia a region today situated in Chech Republic the two saint brothers teached and baptized the local Slavs , teaching them the Eternal heavenly truths of the Gospel.
The German clergy envied the two apostle equal mans mission great success and tried to rebaptize and teach the already baptized according to a Roman Rite and spread their own influence pushed by a lust for power.
Hence Methodius (also called by Western histographs Method) has been chased away from Moravia by the German clergy to the nearby Pannonia, where king Kocel  who appreciated St. Methodius great deeds for his people and
not understanding why the German-clergy is chasing such a saintly man has moved him to Rome to Pope Adrian II-nd with an enquiry to ordain him a Bishop. The Pope ordained him almost immediately and accepted St. Methodius
and St Cyrilus with all his clergy in honour, because the 2 saints were bringing a highly esteemed gift the Holy Relics who were attained by them earlier in their Baptizmal Mission to The Hazars (an assignment given to them by the Eastern Byzantine Emperor
and successfully achieved).
During their travel in Herzon the two saints has found the Holy Relics of Saint Clement Ist the 4th Pope of Rome who has been exiled and passed away to Christ as a martyr in Herzon (Today's Crimea) in the distant 2nd century.
After his consecration in Rome saint  Metho has been raised from a simple Gospel preacher to the high clergy rank of Archibishop for Pannonia and Moravia, a region who has been under the rule of the Bishop of Rome.

The fight against the clean life of the saint continued with full power even after his raise to the throne of archibishopship. The envious pseudo spiritual missioners sent by the Pope hungering not for Christ but for earthly power slandered
frequently against Method. to the local prince. because Methodius was publicly rebuke their unclean life being filled with the power of Christ spirit who detests all uncleanness in man. At other times suggested to the pope that Methodius is
against the Western Church and eagers to cut Moravia and Pannonia from the diocese of Rome and give it to the Byzantines. In parallel the German "clergy" was frequetnly sending letters slandering against Methodius accusing him in inobedience to the Eastern Christian Emperor
and the The Great Church of Byzantium the homechurch of st. Cyril and Method. and to whom they were obedient still …
Methodius being already in advanced age had to go everywhere by person and rebuke and testify about himself that all this is a far away from truth. His enemies succeeded eventually and for 2 years and a half he has been thrown in prison without the knowledge of the pope.
Finding out about this ungodly deed of his inobedient power-lust german clergy Pope John VIII issued a special order bulla for the immediate liberation of his archibishop.

Saints-Cyril-Methodius-Zahari-Zograph-1848.

Icon of Saint Cyril and Methodius painting from 1848 y.

Even in this hardships saint Methodius never stopped to preach the Gospel to the Slavs and spread the Good news of Jesus Christ The Son of God enbodiment, life, Crucifix for the sins of all mankind anf Glorious Resurrection through which all those who believe are saved if they persist in the good deeds of Christ and stick to the trutfullness  of the Church of Christ which at the time of St. Cyrilus was before the Great Schism in year 1054, when the Roman Catholics has fallen away from the One Church who kept and preserved the head of the Church Jesus Christ teaching the Holy Eastern Orthodox Church.
Being even in prison Saint Methodius continued to translate The Holy books from Greek to the new language invented and adjusted for the Slavs talk. 
He left us as a heritage the Translation Copy of All Books of Holy Bible except the book of Maccabees which is today only present in the Orthodox Bible and considered one of the non-canonical but God inspired books, as well as the Nomocanon (the book with rules and Church laws of the Church and the clergy).
Nomocanon comes from .(Greek: Νομοκανών, Nomokanōn; from the Greek nomos – law and kanon – a rule). It is  a collection of ecclesiastical law, consisting of the elements from both the Civil law and the Canon law.
Nomocanons even today forms part of the canon law of the Eastern Catholic Churches (through the Eastern Catholic canon law) and of the Eastern Orthodox Churches.

Sveti_Sveti-Saints_Kyril-i-Metodij

Saint Methodius the Slav-Bulgarian enlighter passed silently to Christ full of God''s Grace in saintship on 6th of April year 885 A.D. His burial was in Velegrad Chech Republic, and according to the Church tradition about his living  he "lays in the Great Moravian Church in the left side of the wall behind the alter dedicated to the Mother of God the Holy Theotokos Virgin Maria". A church service dedicated to him is still presented in the Bulgarian Church's manuscripts and a copies of it in preservation museums in Russia.

The deeds of Saint Methodius and Saint Cyrilus has a mark on the whole world's events. Even to this day as in Bulgaria, we have a translation of the Bible based on the Cyrillic language named after saint Cyrilus the brother of Methodius based on his started work to translate Glagolic alphabet to Cyrillic, continued by his pupils and fully completed by Saint Clement (Kliment) of Ohrid, who was warmly accepted by Saint Apostle equal King Boris I of Bulgaria. Thanks to him the deeds of Saint Methodius and their pupils and we have the cyrillic alphabet and Bulgarian Orthodox Church and spirituality even today. The deeds of Saint Cyrilus and the Cyrillic are recognizable worldwide in the face of the strange for the Western and the Asians Cyrillic language used by Russians.

Two Saints Cyril and Methodius has were officially proclaimed as a protectors of Europe recently by Pope John Paul II, for a reason as the ex-Pope has seen and experienced the powerness of prayers of the two saints while he was a cardinal in Bulgaria before his raise to the Roman Popeship throne about little know nowadays.

The Memory and veneration of Saint Methodius and Cyrilus logically are mostly observed in Bulgaria logically as Bulgaria was the first Empire country historically to accept the spiritual fruits the new language.  Many Schools and institutions, streets are named after the two saints.
The official Church veneration of St. St. Cyril and Methodius is on 11 in Church and  May in secular tradition. The Bulgarian Orthodox church has established a number of feasts connected to the two saints as they''re the prime patron saints thanks to whose prayers the Bulgarian Church has been established survived through centuries and conitnues its triumphal march towards the kingdom of heaven.

Let by the two saints Methodius and Cyril Bulgaria and Europe have Peace, Faith and Love and Enlightenment about the true teaching of Christ the Holy Orthodoxy!
 

How to calculate connections from IP address with shell script and log to Zabbix graphic

Thursday, March 11th, 2021

Reading Time: 3minutes

We had to test the number of connections incoming IP sorted by its TCP / IP connection state.

For example:

TIME_WAIT, ESTABLISHED, LISTEN etc.


The reason behind is sometimes the IP address '192.168.0.1' does create more than 200 connections, a Cisco firewall gets triggered and the connection for that IP is filtered out. To be able to know in advance that this problem is upcoming. a Small userparameter script is set on the Linux servers, that does print out all connections from IP by its STATES sorted out.

 

The script is calc_total_ip_match_zabbix.sh is below:

#!/bin/bash
#  check ESTIMATED / FIN_WAIT etc. netstat output for IPs and calculate total
# UserParameter=count.connections,(/usr/local/bin/calc_total_ip_match_zabbix.sh)
CHECK_IP='192.168.0.1';
f=0; 

 

for i in $(netstat -nat | grep "$CHECK_IP" | awk '{print $6}' | sort | uniq -c | sort -n); do

echo -n "$i ";
f=$((f+i));
done;
echo
echo "Total: $f"

 

root@pcfreak:/bashscripts# ./calc_total_ip_match_zabbix.sh 
1 TIME_WAIT 2 ESTABLISHED 3 LISTEN 

Total: 6

 

root@pcfreak:/bashscripts# ./calc_total_ip_match_zabbix.sh 
2 ESTABLISHED 3 LISTEN 
Total: 5


images/zabbix-webgui-connection-check1

To make process with Zabbix it is necessery to have an Item created and a Depedent Item.

 

webguiconnection-check1

webguiconnection-check1
 

webgui-connection-check2-item

images/webguiconnection-check1

Finally create a trigger to trigger alarm if you have more than or eqaul to 100 Total overall connections.


images/zabbix-webgui-connection-check-trigger

The Zabbix userparameter script should be as this:

[root@host: ~]# cat /etc/zabbix/zabbix_agentd.d/userparameter_webgui_conn.conf
UserParameter=count.connections,(/usr/local/bin/webgui_conn_track.sh)

 

Some collleagues suggested more efficient shell script solution for suming the overall number of connections, below is less time consuming version of script, that can be used for the calculation.
 

#!/bin/bash -x
# show FIN_WAIT2 / ESTIMATED etc. and calcuate total
count=$(netstat -n | grep "192.168.0.1" | awk ' { print $6 } ' | sort -n | uniq -c | sort -nr)
total=$((${count// /+}))
echo "$count"
echo "Total:" "$total"

      2 ESTABLISHED
      1 TIME_WAIT
Total: 3

 


Below is the graph built with Zabbix showing all the fluctuations from connections from monitored IP. ebgui-check_ip_graph

 

KVM Virtual Machine RHEL 8.3 Linux install on Redhat 8.3 Linux Hypervisor with custom tailored kickstart.cfg

Friday, January 22nd, 2021

Reading Time: 6minutes

kvm_virtualization-logo-redhat-8.3-install-howto-with-kickstart

If you don't have tried it yet Redhat and CentOS and other RPM based Linux operationg systems that use anaconda installer is generating a kickstart file after being installed under /root/{anaconda-ks.cfg,initial-setup- ks.cfg,original-ks.cfg} immediately after the OS installation completes. Using this Kickstart file template you can automate installation of Redhat installation with exactly the same configuration as many times as you like by directly loading your /root/original-ks.cfg file in RHEL installer.

Here is the official description of Kickstart files from Redhat:

"The Red Hat Enterprise Linux installation process automatically writes a Kickstart file that contains the settings for the installed system. This file is always saved as /root/anaconda-ks.cfg. You may use this file to repeat the installation with identical settings, or modify copies to specify settings for other systems."


Kickstart files contain answers to all questions normally asked by the text / graphical installation program, such as what time zone you want the system to use, how the drives should be partitioned, or which packages should be installed. Providing a prepared Kickstart file when the installation begins therefore allows you to perform the installation automatically, without need for any intervention from the user. This is especially useful when deploying Redhat based distro (RHEL / CentOS / Fedora …) on a large number of systems at once and in general pretty useful if you're into the field of so called "DevOps" system administration and you need to provision a certain set of OS to a multitude of physical servers or create or recreate easily virtual machines with a certain set of configuration.
 

1. Create /vmprivate storage directory where Virtual machines will reside

First step on the Hypervisor host which will hold the future created virtual machines is to create location where it will be created:

[root@redhat ~]#  lvcreate –size 140G –name vmprivate vg00
[root@redhat ~]#  mkfs.ext4 -j -b 4096 /dev/mapper/vg00-vmprivate
[root@redhat ~]# mount /dev/mapper/vg00-vmprivate /vmprivate

To view what is the situation with Logical Volumes and  VG group names:

[root@redhat ~]# vgdisplay -v|grep -i vmprivate -A7 -B7
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  – currently set to     8192
  Block device           253:0

 

  — Logical volume —
  LV Path                /dev/vg00/vmprivate
  LV Name                vmprivate
  VG Name                vg00
  LV UUID                VVUgsf-FXq2-TsMJ-QPLw-7lGb-Dq5m-3J9XJJ
  LV Write Access        read/write
  LV Creation host, time lpgblu01f.ffm.de.int.atosorigin.com, 2021-01-20 17:26:11 +0100
  LV Status              available
  # open                 1
  LV Size                150.00 GiB


Note that you'll need to have the size physically available on a SAS / SSD Hard Drive physically connected to Hypervisor Host.

To make the changes Virtual Machines storage location directory permanently mounted add to /etc/fstab

/dev/mapper/vg00-vmprivate  /vmprivate              ext4    defaults,nodev,nosuid 1 2

[root@redhat ~]# echo '/dev/mapper/vg00-vmprivate  /vmprivate              ext4    defaults,nodev,nosuid 1 2' >> /etc/fstab

 

2. Second we need to install the following set of RPM packages on the Hypervisor Hardware host

[root@redhat ~]# yum install qemu-kvm qemu-img libvirt virt-install libvirt-client virt-manager libguestfs-tools virt-install virt-top -y

3. Enable libvirtd on the host

[root@redhat ~]#  lsmod | grep -i kvm
[root@redhat ~]#  systemctl enable libvirtd

4. Configure network bridging br0 interface on Hypervisor


In /etc/sysconfig/network-scripts/ifcfg-eth0 you need to include:

NM_CONTROLED=NO

Next use nmcli redhat configurator to create the bridge (you can use ip command instead) but since the tool is the redhat way to do it lets do it their way ..

[root@redhat ~]# nmcli connection delete eno3
[root@redhat ~]# nmcli connection add type bridge autoconnect yes con-name br0 ifname br0
[root@redhat ~]# nmcli connection modify br0 ipv4.addresses 10.80.51.16/26 ipv4.method manual
[root@redhat ~]# nmcli connection modify br0 ipv4.gateway 10.80.51.1
[root@redhat ~]# nmcli connection modify br0 ipv4.dns 172.20.88.2
[root@redhat ~]# nmcli connection add type bridge-slave autoconnect yes con-name eno3 ifname eno3 master br0
[root@redhat ~]# nmcli connection up br0

5. Prepare a working kickstart.cfg file for VM


Below is a sample kickstart file I've used to build a working fully functional Virtual Machine with Red Hat Enterprise Linux 8.3 (Ootpa) .

#version=RHEL8
#install
# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=vda

# Use network installation
#url --url=http://hostname.com/rhel/8/BaseOS
##url --url=http://171.23.8.65/rhel/8/os/BaseOS

# Use text mode install
text
#graphical

# System language
#lang en_US.UTF-8
keyboard --vckeymap=us --xlayouts='us'
# Keyboard layouts
##keyboard us
lang en_US.UTF-8

# Root password
rootpw $6$gTiUCif4$YdKxeewgwYCLS4uRc/XOeKSitvDJNHFycxWVHi.RYGkgKctTMCAiY2TErua5Yh7flw2lUijooOClQQhlbstZ81 --iscrypted

# network-stuff
# place ip=your_VM_IP, netmask, gateway, nameserver hostname 
network --bootproto=static --ip=10.80.21.19 --netmask=255.255.255.192 --gateway=10.80.21.1 --nameserver=172.30.85.2 --device=eth0 --noipv6 --hostname=FQDN.VMhost.com --onboot=yes
# if you need just localhost initially configured uncomment and comment above
##network В --device=lo --hostname=localhost.localdomain

# System authorization information
authconfig --enableshadow --passalgo=sha512 --enablefingerprint

# skipx
skipx

# Firewall configuration
firewall --disabled

# System timezone
timezone Europe/Berlin

# Clear the Master Boot Record
##zerombr

# Repositories
## Add RPM repositories from KS file if necessery
#repo --name=appstream --baseurl=http://hostname.com/rhel/8/AppStream
#repo --name=baseos --baseurl=http://hostname.com/rhel/8/BaseOS
#repo --name=inst.stage2 --baseurl=http://hostname.com ff=/dev/vg0/vmprivate
##repo --name=rhsm-baseos В  В --baseurl=http://172.54.8.65/rhel/8/rhsm/x86_64/BaseOS/
##repo --name=rhsm-appstream --baseurl=http://172.54.8.65/rhel/8/rhsm/x86_64/AppStream/
##repo --name=os-baseos В  В  В --baseurl=http://172.54.9.65/rhel/8/os/BaseOS/
##repo --name=os-appstream В  --baseurl=http://172.54.8.65/rhel/8/os/AppStream/
#repo --name=inst.stage2 --baseurl=http://172.54.8.65/rhel/8/BaseOS

# Disk partitioning information set proper disk sizing
##bootloader --location=mbr --boot-drive=vda
bootloader --append=" crashkernel=auto tsc=reliable divider=10 plymouth.enable=0 console=ttyS0 " --location=mbr --boot-drive=vda
# partition plan
zerombr
clearpart --all --drives=vda --initlabel
part /boot --size=1024 --fstype=ext4 --asprimary
part swap --size=1024
part pv.01 --size=30000 --grow --ondisk=vda
##part pv.0 --size=80000 --fstype=lvmpv
#part pv.0 --size=61440 --fstype=lvmpv
volgroup s pv.01
logvol / --vgname=s --size=15360 --name=root --fstype=ext4
logvol /var/cache/ --vgname=s --size=5120 --name=cache --fstype=ext4 --fsoptions="defaults,nodev,nosuid"
logvol /var/log --vgname=s --size=7680 --name=log --fstype=ext4 --fsoptions="defaults,nodev,noexec,nosuid"
logvol /tmp --vgname=s --size=5120 --name=tmp --fstype=ext4 --fsoptions="defaults,nodev,nosuid"
logvol /home --vgname=s --size=5120 --name=home --fstype=ext4 --fsoptions="defaults,nodev,nosuid"
logvol /opt --vgname=s --size=2048 --name=opt --fstype=ext4 --fsoptions="defaults,nodev,nosuid"
logvol /var/log/audit --vgname=s --size=3072 --name=audit --fstype=ext4 --fsoptions="defaults,nodev,nosuid"
logvol /var/spool --vgname=s --size=2048 --name=spool --fstype=ext4 --fsoptions="defaults,nodev,nosuid"
logvol /var --vgname=s --size=7680 --name=var --fstype=ext4 --fsoptions="defaults,nodev,nosuid"

# SELinux configuration
selinux --disabled
# Installation logging level
logging --level=debug

# reboot automatically
reboot

###

%packages
@standard
python3
pam_ssh_agent_auth
-nmap-ncat
#-plymouth
#-bpftool
-cockpit
#-cryptsetup
-usbutils
#-kmod-kvdo
#-ledmon
#-libstoragemgmt
#-lvm2
#-mdadm
-rsync
#-smartmontools
-sos
-subscription-manager-cockpit
# Tune Linux vm.dirty_background_bytes (IMAGE-439)
# The following tuning causes dirty data to begin to be background flushed at
# 100 Mbytes, so that it writes earlier and more often to avoid a large build
# up and improving overall throughput.
echo "vm.dirty_background_bytes=100000000" >> /etc/sysctl.conf

# Disable kdump
systemctl disable kdump.service
%end

Important note to make here is the MD5 set root password string in (rootpw) line this string can be generated with openssl or mkpasswd commands :

Method 1: use openssl cmd to generate (md5, sha256, sha512) encrypted pass string

[root@redhat ~]# openssl passwd -6 -salt xyz test
$6$xyz$rjarwc/BNZWcH6B31aAXWo1942.i7rCX5AT/oxALL5gCznYVGKh6nycQVZiHDVbnbu0BsQyPfBgqYveKcCgOE0

Note: passing -1will generate an MD5 password, -5 a SHA256 encryption and -6SHA512 encrypted string (logically recommended for better security)

Method 2: (md5, sha256, sha512)

[root@redhat ~]# mkpasswd –method=SHA-512 –stdin

The option –method accepts md5, sha-256 and sha-512
Theoretically there is also a kickstart file generator web interface on Redhat's site here however I never used it myself but instead use above kickstart.cfg
 

6. Install the new VM with virt-install cmd


Roll the new preconfigured VM based on above ks template file use some kind of one liner command line  like below:
 

[root@redhat ~]# virt-install -n RHEL8_3-VirtualMachine –description "CentOS 8.3 Virtual Machine" –os-type=Linux –os-variant=rhel8.3 –ram=8192 –vcpus=8 –location=/vmprivate/rhel-server-8.3-x86_64-dvd.iso –disk path=/vmprivate/RHEL8_3-VirtualMachine.img,bus=virtio,size=70 –graphics none –initrd-inject=/root/kickstart.cfg –extra-args "console=ttyS0 ks=file:/kickstart.cfg"

7. Use a tiny shell script to automate VM creation


For some clarity and better automation in case you plan to repeat VM creation you can prepare a tiny bash shell script:
 

#!/bin/sh
KS_FILE='kickstart.cfg';
VM_NAME='RHEL8_3-VirtualMachine';
VM_DESCR='CentOS 8.3 Virtual Machine';
RAM='8192';
CPUS='8';
# size is in Gigabytes
VM_IMG_SIZE='140';
ISO_LOCATION='/vmprivate/rhel-server-8.3-x86_64-dvd.iso';
VM_IMG_FILE_LOC='/vmprivate/RHEL8_3-VirtualMachine.img';

virt-install -n "$VMNAME" –description "$VM_DESCR" –os-type=Linux –os-variant=rhel8.3 –ram=8192 –vcpus=8 –location="$ISO_LOCATION" –disk path=$VM_IMG_FILE,bus=virtio,size=$IMG_VM_SIZE –graphics none –initrd-inject=/root/$KS_FILE –extra-args "console=ttyS0 ks=file:/$KS_FILE"


A copy of virt-install.sh script can be downloaded here

Wait for the installation to finish it should be visualized and if all installation is smooth you should get a login prompt use the password generated with openssl tool and test to login, then disconnect from the machine by pressing CTRL + ] and try to login via TTY with

[root@redhat ~]# virst list –all
 Id   Name        State
—————————
 2    
RHEL8_3-VirtualMachine   running

[root@redhat ~]#  virsh console RHEL8_3-VirtualMachine


redhat8-login-prompt

One last thing I recommend you check the official documentation on Kickstart2 from CentOS official website

In case if you later need to destroy the VM and the respective created Image file you can do it with:
 

[root@redhat ~]#  virsh destroy RHEL8_3-VirtualMachine
[root@redhat ~]#  virsh undefine RHEL8_3-VirtualMachine

Don't forget to celebreate the success and give this nice article a credit by sharing this nice tutorial with a friend or by placing a link to it from your blog 🙂

 

 

Enjoy !

How to redirect / forward all postfix emails to one external email address?

Thursday, October 29th, 2020

Reading Time: 3minutes

Postfix_mailserver-logo-howto-forward-email-with-regular-expression-or-maildrop

Lets say you're  a sysadmin doing email migration of a Clustered SMTP and due to that you want to capture for a while all incoming email traffic and redirect it (forward it) towards another single mailbox, where you can review the mail traffic that is flowing for a few hours and analyze it more deeper. This aproach is useful if you have a small or middle sized mail servers and won't be so useful on a mail server that handels few  hundreds of mails hourly. In below article I'll show you how.

How to redirect all postfix mail for a specific domain to single external email address?

There are different ways but if you don't want to just intercept the traffic and a create a copy of email traffic using the always_bcc integrated postfix option (as pointed in my previous article postfix copy every email to a central mailbox).  You can do a copy of email flow via some custom written dispatcher script set to be run by the MTA on each mail arriva, or use maildrop filtering functionality below is very simple example with maildrop in case if you want to filter out and deliver to external email address only email targetted to specific domain.

If you use maildrop as local delivery agent to copy email targetted to specifidc domain to another defined email use rule like:

if ( /^From:.*domain\.com/:h ) {
  cc "!someothermail@domain2.com"
}


To use maildrop to just forward email incoming from a specific sender towards local existing email address on the postfix to an external email address  use something like:

if ( /^From: .*linus@mail.example.com.*/ )
{
        dotlock "forward.lock" {
          log "Forward mail"
          to "|/usr/sbin/sendmail linuxbox@collector.example.com"
        }
}

Then to make the filter active assuming the user has a physical unix mailbox, paste above to local user's  $HOME/.mailfilter.

What to do if your mail delivered via your Email-Server.com are sent from a monitoring and alarming scripts that are sending towards many mailboxes that no longer exist after the migration?

To achive capturing all normal attempted to be sent traffic via the mail server, we can forward all served mails towards a single external mail address you can use the nice capability of postfix to understand PCRE perl compatible regular expressions. Regular expressions in postfix of course has its specific I recommend you take a look to the postfix regexp table documentation here, as well as check the Postfix Regex / Tester / Debugger online tool – useful to validate a regexp you want to implement.

How to use postfix regular expression to do a redirect of all sent emails via your postfix mail relayhost towards external mail servers?

 

In main.cf /etc/postfix/main.cf include this line near bottom or as a last line:

virtual_maps = hash:/etc/postfix/virtual, regexp:/etc/postfix/virtual-regexp

One defines the virtual file which can be used to define any of your virtual domains you want to simulate as present on the local postfix, the regexp: does load the file which is read by postfix where you can type the regular expression applied to every incoming email via SMTP port 25 or encrypted MTA ports 385 / 995 etc.

So how to redirect all postfix mail to one external email address for later analysis?

Create file /etc/postfix/virtual-regexp

/.+@.+/ external-forward-email@gmail.com

Next build the mapfile (this will generate /etc/postfix/virtual-regexp.db )
 

# postmap /etc/postfix/virtual-regexp

This also requires a virtual.db to exist. If it doesn't create an empty file called virtual and run again postmap postfix .db generator

# touch /etc/postfix/virtual && postmap /etc/postfix/virtual


Note in /etc/postfix/virtual you can add your postfix mail domains for which you want the MTA to accept mail as a local mail.

In case you need to view all postfix defined virtual domains configured to accept mail locally on the mail server.
 

$ postconf -n | grep virtual
virtual_alias_domains = mydomain.com myanotherdomain.com
virtual_alias_maps = hash:/etc/postfix/virtual


The regexp /.+@.+/ external-forward-email@gmail.com applied will start forwarding mails immediately after you reload the MTA with:

# systemctl restart postfix


If you want to exclude target mail domains to not be captured by above regexp, in /etc/postfix/virtual-regexp place:

/.+@exclude-domain1.com/ @exclude-domain1.com
/.+@exclude-domain2.com/ @exclude-domain2.com

Time for a test. Send a test email


Next step is to Test it mail forwarding works as expected
 

# echo -e "Tseting body" | mail -s "testing subject" -r "testing@test.com" whatevertest-user@mail-recipient-domain.com

Postfix copy every email to a central mailbox (send a copy of every mail sent via mail server to a given email)

Wednesday, October 28th, 2020

Reading Time: 2minutes

Postfix-logo-always-bcc-email-option-send-all-emails-to-a-single-address-with-postfix.svg

Say you need to do a mail server migration, where you have a local configured Postfix on a number of Linux hosts named:

Linux-host1
Linux-host2
Linux-host3

etc.


all configured to send email via old Email send host (MailServerHostOld.com) in each linux box's postfix configuration's /etc/postfix/main.cf.
Now due to some infrastructure change in the topology of network or anything else, you need to relay Mails sent via another asumably properly configured Linux host relay (MailServerNewHost.com).

Usually such a migrations has always a risk that some of the old sent emails originating from local running scripts on Linux-host1, Linux-Host2 … or some application or anything else set to send via them might not properly deliver emails to some external Internet based Mailboxes via the new relayhost MailServerNewHost.com.

E.g. in /etc/postfix/main.cfLinux-Host* machines, you have below config after the migration:

relayhost = [MailServerNewHost.com]

Lets say that you want to make sure, that you don't end up with lost emails as you can't be sure whether the new email server will deliver correctly to the old repicient emails. What to do then?

To make sure will not end up in undelivered state and get lost forever after a week or so (depending on the mail queue configuration retention period made on Linux sent MTAs and mailrelay MailServerNewHost.com, it is a very good approach to temprorary set all email communication that will be sent via MailServerNewHost.com a BCC emaills (A Blind Carbon Copy) of each sent mail via relay that is set on your local configured Postfix-es on Linux-Host*.

In postfix to achieve that it is very easy all you have to do is set on your MailServerNewHost.com a postfix config variable always_bcc smartly included by postfix Mail Transfer Agent developers for cases exactly like this.

To forward all passed emails via the mail server just place in the end of /etc/postfix/mail.conf after login via ssh on MailServerNewHost.com

always_bcc=All-Emails@your-diresired-redirect-email-address.com


Now all left is to reload the postfix to force the new configuration to get loaded on systemd based hosts as it is usually today do:

# systemctl reload postfix


Finally to make sure all works as expected and mail is sent do from do a testing via local MTAs. 
 

Linux-Host:~# echo -e "Testing body" | mail -s "testing subject" -r "testing@test.com" georgi.stoyanov@remote-user-email-whatever-address.com

Linux-Host:~# echo -e "Testing body" | mail -s "testing subject" -r "testing@test.com" georgi.stoyanov@sample-destination-address.com


As you can see I'm using the -r to simulate a sender address, this is a feature of mailx and is not available on older Linux Os hosts that are bundled with mail only command.
Now go to and open the All-Emails@your-diresired-redirect-email-address.com in Outlook (if it is M$ Office 365 MX Shared mailbox), Thunderbird or whatever email fetching software that supports POP3 or IMAP (in case if you configured the common all email mailbox to be on some other Postfix / Sendmail / Qmail MTA). and check whether you started receiving a lot of emails 🙂

That's all folks enjoy ! 🙂

Improve wordpress admin password encryption authentication keys security with WordPress Unique Authentication Keys and Salts

Friday, October 9th, 2020

Reading Time: 5minutes

wordpress-improve-security-logo-linux

Having a wordpress blog or website with an admistrator and access via a Secured SSL channel is common nowadays. However there are plenty of SSL encryption leaks already out there and many of which are either slow to be patched or the hosting companies does not care enough to patch on time the libssl Linux libraries / webserver level. Taking that in consideration many websites hosted on some unmaintained one-time run not-frequently updated Linux servers are still vulneable and it might happen that, if you paid for some shared hosting in the past and someone else besides you hosted the website and forget you even your wordpress installation is still living on one of this SSL vulnerable hosts. In situations like that malicious hackers could break up the SSL security up to some level or even if the SSL is secured use MITM (MAN IN THE MIDDLE) attack to simulate your well secured and trusted SSID Name WIFi network to  redirects the network traffic you use (via an SSL transparent Proxy) to connect to WordPress Administrator Dashbiard via https://your-domain.com/wp-admin. Once your traffic is going through the malicious hax0r even if you haven't used the password to authenticate every time, e.g. you have saved the password in browser and WordPress Admin Panel authentication is achieved via a Cookie the cookies generated and used one time by Woddpress site could be easily stealed one time and later from the vicious 1337 h4x0r and reverse the hash with an interceptor Tool and login to your wordpress …

Therefore to improve the wordpress site security it very important to have configured WordPress Unique Authentication Keys and Salts (known also as the WordPress security keys).

They're used by WordPress installation to have a uniquely generated different key and Salt from the default one to the opened WordPress Blog / Site Admin session every time.

So what are the Authentication Unique Keys and Salts and why they are Used?

Like with almost any other web application, when PHP session is opened to WordPress, the code creates a number of Cookies stored locally on your computer.

Two of the cookies created are called:

 wordpress_[hash]
wordpress_logged_in_[hash]

First  cookie is used only in the admin pages (WordPress dashboard), while the second cookie is used throughout WordPress to determine if you are logged in to WordPress or not. Note: [hash] is a random hashed value typically assigned to your session, therefore in reality the cookies name would be named something like wordpress_ffc02f68bc9926448e9222893b6c29a9.

WordPress session stores your authentication details (i.e. WordPress username and password) in both of the above mentioned cookies.

The authentication details are hashed, hence it is almost impossible for anyone to reverse the hash and guess your password through a cookie should it be stolen. By almost impossible it also means that with today’s computers it is practically unfeasible to do so.

WordPress security keys are made up of four authentication keys and four hashing salts (random generated data) that when used together they add an extra layer to your cookies and passwords. 

The authentication details in these cookies are hashed using the random pattern specified in the WordPress security keys. I will not get into too much details but as you might have heard in Cryptography Salts and Keys are important – an indepth explanation on Salts Cryptography (here). A good reading for those who want to know more on how does the authentication based and salts work is on stackexchange.

How to Set up Salt and Key Authentication on WordPress
 

To be used by WP Salts and Key should be configured under wp-config.php usually they look like so:

wordpress-website-blog-salts-keys-wp-config-screenshot-linux

!!! Note !!!  that generating (manually or generated via a random generator program), the definition strings you have to use a random string value of more than 60 characters to prevent predictability 

The default on any newly installed WordPress Website is to have the 4 definitions with _KEY and the four _SALTs to be unconfigured strings looks something like:

default-WordPress-security-keys-and-salts-entries-in-wordPress-wp-config-php-file

Most people never ever take a look at wp-config.php as only the Web GUI Is used for any maintainance, tasks so there is a great chance that if you never heard specifically by some WordPress Security Expert forum or some Security plugin (such as WP Titan Anti Spam & Security) installed to report the WP KEY / SALT you might have never noticed it in the config.

There are 8 WordPress security keys in current WP Installs, but not all of them have been introduced at the same time.
Historically they were introduced in WP versions in below order:

WordPress 2.6: AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY
WordPress 2.7: NONCE_KEY
WordPress 3.0: AUTH_SALT, SECURE_AUTH_SALT, LOGGED_IN_SALT, NONCE_SALT

Setting a custom random generated values is an easy task as there is already online Wordpress Security key Random generator.
You can visit above address and you will get an automatic randomly generated values which could be straight copy / pasted to your wp-config.php.

Howeever if you're a paranoic on the guessability of the random generator algorithm, I would advice you use the generator and change some random values yourself on each of the 8 line, the end result in the configuration should be something similar to:

 

define('AUTH_KEY',         '|w+=W(od$V|^hy$F5w)g6O-:e[WI=NHY/!Ez@grd5=##!;jHle_vFPqz}D5|+87Q');
define('SECURE_AUTH_KEY',  'rGReh.<%QBJ{DP )p=BfYmp6fHmIG~ePeHC[MtDxZiZD;;_OMp`sVcKH:JAqe$dA');
define('LOGGED_IN_KEY',    '%v8mQ!)jYvzG(eCt>)bdr+Rpy5@t fTm5fb:o?@aVzDQw8T[w+aoQ{g0ZW`7F-44');
define('NONCE_KEY',        '$o9FfF{S@Z-(/F-.6fC/}+K 6-?V.XG#MU^s?4Z,4vQ)/~-[D.X0<+ly0W9L3,Pj');
define('AUTH_SALT',        ':]/2K1j(4I:DPJ`(,rK!qYt_~n8uSf>=4`{?LC]%%KWm6@j|aht@R.i*ZfgS4lsj');
define('SECURE_AUTH_SALT', 'XY{~:{P&P0Vw6^i44Op*nDeXd.Ec+|c=S~BYcH!^j39VNr#&FK~wq.3wZle_?oq-');
define('LOGGED_IN_SALT',   '8D|2+uKX;F!v~8-Va20=*d3nb#4|-fv0$ND~s=7>N|/-2]rk@F`DKVoh5Y5i,w*K');
define('NONCE_SALT',       'ho[<2C~z/:{ocwD{T-w+!+r2394xasz*N-V;_>AWDUaPEh`V4KO1,h&+c>c?jC$H');

 


Wordpress-auth-key-secure-auth-salt-Linux-wordpress-admin-security-hardening

Once above defines are set, do not forget to comment or remove old AUTH_KEY / SECURE_AUTH_KEY / LOGGED_IN_KEY / AUTH_SALT / SECURE_AUTH_SALT / LOGGED_IN_SALT /NONCE_SALT keys.

The values are configured one time and never have to be changed, WordPress installation automatic updates or Installed WP Plugins will not tamper the value with time.
You should never expand or show your private generated keys to anyone otherwise this could be used to hack your website site.
It is also a good security practice to change this keys, especially if you have some suspects someone has somehow stolen your wp-onfig keys. 
 

Closure

Having AUTH KEYs and Properly configured is essential step to improve your WordPress site security. Anytime having any doubt for a browser hijacked session (or if you have logged in) to your /wp-admin via unsecured public Computer with a chance of a stolen site cookies you should reset keys / salts to a new random values. Setting the auth keys is not a panacea and frequent WP site core updates and plugins should be made to secure your install. Always do frequent audits to WP owned websites with a tool such as WPScan is essential to keep your WP Website unhacked.

 

 

Report haproxy node switch script useful for Zabbix or other monitoring

Tuesday, June 9th, 2020

Reading Time: 3minutes

zabbix-monitoring-logo
For those who administer corosync clustered haproxy and needs to build monitoring in case if the main configured Haproxy node in the cluster is changed, I've developed a small script to be integrated with zabbix-agent installed to report to a central zabbix server via a zabbix proxy.
The script  is very simple it assumed DC1 variable is the default used haproxy node and DC2 and DC3 are 2 backup nodes. The script is made to use crm_mon which is not installed by default on each server by default so if you'll be using it you'll have to install it first, but anyways the script can easily be adapted to use pcs cmd instead.

Below is the bash shell script:

UserParameter=active.dc,f=0; for i in $(sudo /usr/sbin/crm_mon -n -1|grep -i 'Node ' |awk '{ print $2 }'); do ((f++)); DC[$f]="$i"; done; \
DC=$(sudo /usr/sbin/crm_mon -n -1 | grep 'Current DC' | awk '{ print $1 " " $2 " " $3}' | awk '{ print $3 }'); \
if [ “$DC” == “${DC[1]}” ]; then echo “1 Default DC Switched to ${DC[1]}”; elif [ “$DC” == “${DC[2]}” ]; then \
echo "2 Default DC Switched to ${DC[2]}”; elif [ “$DC” == “${DC[3]}” ]; then echo “3 Default DC: ${DC[3]}"; fi


To configure it with zabbix monitoring it can be configured via UserParameterScript.

The way I configured  it in Zabbix is as so:


1. Create the userpameter_active_node.conf

Below script is 3 nodes Haproxy cluster

# cat > /etc/zabbix/zabbix_agentd.d/userparameter_active_node.conf

UserParameter=active.dc,f=0; for i in $(sudo /usr/sbin/crm_mon -n -1|grep -i 'Node ' |awk '{ print $2 }'); do ((f++)); DC[$f]="$i"; done; \
DC=$(sudo /usr/sbin/crm_mon -n -1 | grep 'Current DC' | awk '{ print $1 " " $2 " " $3}' | awk '{ print $3 }'); \
if [ “$DC” == “${DC[1]}” ]; then echo “1 Default DC Switched to ${DC[1]}”; elif [ “$DC” == “${DC[2]}” ]; then \
echo "2 Default DC Switched to ${DC[2]}”; elif [ “$DC” == “${DC[3]}” ]; then echo “3 Default DC: ${DC[3]}"; fi

Once pasted to save the file press CTRL + D


The version of the script with 2 nodes slightly improved is like so:
 

UserParameter=active.dc,f=0; for i in $(sudo /usr/sbin/crm_mon -n -1|grep -i 'Node ' |awk '{ print $2 }' | sed -e 's#:##g'); do DC_ARRAY[$f]=”$i”; ((f++)); done; GET_CURR_DC=$(sudo /usr/sbin/crm_mon -n -1 | grep ‘Current DC’ | awk ‘{ print $1 ” ” $2 ” ” $3}’ | awk ‘{ print $3 }’); if [ “$GET_CURR_DC” == “${DC_ARRAY[0]}” ]; then echo “1 Default DC ${DC_ARRAY[0]}”; fi; if [ “$GET_CURR_DC” == “${DC_ARRAY[1]}” ]; then echo “2 Default Current DC Switched to ${DC_ARRAY[1]} Please check “; fi; if [ -z “$GET_CURR_DC” ] || [ -z “$DC_ARRAY[1]” ]; then printf "Error something might be wrong with HAProxy Cluster on  $HOSTNAME "; fi;


The haproxy_active_DC_zabbix.sh script with a bit of more comments as explanations is available here 
2. Configure access for /usr/sbin/crm_mon for zabbix user in sudoers

 

# vim /etc/sudoers

zabbix          ALL=NOPASSWD: /usr/sbin/crm_mon


3. Configure in Zabbix for active.dc key Trigger and Item

active-node-switch1

Linux: Howto Disable logging for all VirtualHosts on Apache and NGINX Webservers one liner

Wednesday, July 1st, 2020

Reading Time: 2minutes

disable-apache-nginx-logging-for-all-virtualhosts
Did you happen to administer Apache Webservers or NGINX webservers whose logs start to grow so rapidly that are flooding the disk too quickly?
Well this happens sometimes and it also happens that sometimes you just want to stop logging especially, to offload disk writting.

There is an easy way to disable logging for requests and errors (access_log and error_log usually residing under /var/log/httpd or /var/log/nginx ) for  all configured Virtual Domains with a short one liner, here is how.

Before you start  Create backup of /etc/apache2/sites-enabled / or /etc/nginx to be able to revert back to original config.

# cp -rpf /etc/apache2/sites-enabled/ ~/

# cp -rpf /etc/nginx/ ~/


1. Disable Logging for All  Virtual Domains configured for Apache Webserver

First lets print what the command will do to make sure we don't mess something

# find /home/hipo/sites-enabled/* -exec echo sed -i 's/#*[Cc]ustom[Ll]og/#CustomLog/g' {} \;


You will get some output like

find /home/hipo//sites-enabled/* -exec echo sed -i 's/#*[Cc]ustom[Ll]og/#CustomLog/g' {} \;

find /etc/apache2/sites-enabled/* -exec sed -i 's/#*[Cc]ustom[Ll]og/#CustomLog/g' {} \;
find /etc/apache2/sites-enabled/* -exec sed -i 's/#*[Ee]rror[Ll]og/#ErrorLog/g' {} \;

2. Disable Logging for All configured Virtual Domains for NGINX Webserver
 

find /etc/nginx/sites-enabled/* -exec sed -i 's/#*access_log/#access_log/g' {} \;
find /etc/nginx/sites-enabled/* -exec sed -i 's/#*error_log/#error_log/g' {} \;

f course above substituations that will comment out with '#' occurances from file configs of only default set access_log and error_log / access.log, error.log 
for machines where there is no certain convention on file naming and there are multiple domains in custom produced named log files this won't work.

This one liner was inspired from a friend's daily Martin Petrov. Martin blogged initially about this nice tip for those reading Cyrillic check out mpetrov.net, so. Thanks Marto ! 🙂