Recently I needed to change the Nagios plugin that monitors my DNSSEC signed domains. The old plugin sends queries to PowerDNS that it will no longer reply to. I don’t want to patch the plugin, because there are some replacements that I can use: nagval and CHECK_ZONE_RRSIG_EXPIRATION.
The first plugin install worked without problems, but the CHECK_ZONE_RRSIG_EXPIRATION plugin did not work. I just got a Nagios critical without reason. Executing the plugin from the command line worked. Then I needed to learn how to debug Nagios.
First check the debug settings in /etc/nagios3/nagios.cfg and make sure that the debug level is high enough:
I forced the next plugin run and found this error message in the debug file:
[1435325317.107438] [016.1] [pid=7464] HOST: zone.example.com, SERVICE: DNSRRSIG, CHECK TYPE: Active, OPTIONS: 1, SCHEDULED: Yes, RESCHEDULE: Yes, EXITED OK: No, RETURN CODE: 3, OUTPUT: **ePN failed to compile /usr/local/bin/check_zone_rrsig_expiration: "Variable "$data" will not stay shared at (eval 12) line 149," at /usr/lib/nagios3/p1.pl line 161.\n
First I did not understand why this error message occured. Then I learned about the embedded Perl interpreter in Nagios. The plugin does not work when run with the embedded Perl interpreter. As a solution, you can disable the embedded Perl interpreter for this plugin by adding a single line at the start of the plugin after the shebang:
# nagios: -epn
After migrating a VM to OpenVZ I noticed that the VPN server inside of the container no longer worked. I was not able to setup OpenVZ correct to get the VPN working again. So I used a Xen based VM with Ubuntu 12.04 LTS to setup the VPN again. I found a nice tutorial for that: IPSEC/L2TP VPN on Ubuntu 12.04 with OpenSwan, xl2tpd and ppp. The site has also tutorials for Raspberry Pi with Arch Linux ARM, CentOS 7, CentOS 6, Ubuntu 14.04 LTS and other (older) Ubuntu versions.
Posted in Linux
I had many private and business topics in 2014, but there have been just a few posts in my blog. I worked a lot with OpenVZ virtualization and I’m using it now beside Xen for some virtual machines. I like OpenVZ so far and I’m looking forward to the merge of OpenVZ and Parallels Cloud Server into a single common open source code base.
For the migration of Xen DomUs I needed to move some LVM-Volumes. I learned how to use Bootstrap to create some websites. I learned about using Jekyll for static website generation. I had a look at the Ghost blogging software, but I did not use it for production purpose.
I had no problems with DNSSEC this year. My bind and PowerDNS setups worked all fine. The automated key rollovers with OpenDNSSEC worked too, even with registrar domain update.
Last but not least something that kept me busy in my job: the new gTLDs. I’m looking forward to see what will happen in 2015, e.g. how many domains will be renewed after the first year.
When using LVM, there will be sooner or later the time when you want to move an existing LVM volume to another server. I used this twice:
dd if=/dev/volumegroupname/logicalvolume bs=4096 | pv | gzip | \
ssh email@example.com 'gzip -d | dd of=/dev/volumegroupname/logicalvolume' bs=4096
Source: Serverfault: Moving a Logical Volume directly from one server to another over the network?
Please check that the required packages are installed, for Debian use this line:
apt-get install coreutils gzip openssh-client pv
For creating a logical volume you can reffer the LVM HOWTO for this or a nice German LVM reference.
I wanted to build some small websites without using a PHP based CMS or blogging system and I didn’t wanted to care about the CSS either. I found some websites made with Bootstrap and gave it a try. The framework is easy to use and reduced my work to inserting some HTML to the template. For single pages, this was a perfect solution for my needs.
Building static websites with Jekyll
For some websites I wanted to have more than one page. I split the page into header, content and footer. This needed PHP again to merge the parts together. To allow hosting on smaller virtual machines, I didn’t wanted to use PHP. By googling I found Jekyll as a possible solution.
Jekyll is a generator for static websites, that can be used for blogs, too. Perhaps these links are helpful for others to start with jekyll, too.
I’m still doing my first steps with this system. It looks great, but I need to have a look at minor problems.
Long time ago, I was wandering why the last IPv6 added to an interface was the one, that was used for outgoing connections, e.g. for SSH. Today I learned about IPv6 source address Selection and how it works in Linux.
Linux implements RFC 3484, “Default Address Selection for Internet Protocol version 6 (IPv6)”.
If you do not want extra addresses to be used for outgoing connections, you can prevent this by adding and extra parameter to the ip command:
ip -6 addr add 2001:db8::42/64 dev eth0 preferred_lft 0
If you’re already added the address to the interface, you can change it later:
ip -6 addr change 2001:db8::42/64 dev eth0 preferred_lft 0
IPv6 Source Address Selection on Linux
IPv6 Source Address Selection on Ubuntu
Today I was able to connect the Pi’s GPIO ports to my breadboard. I made a LED blink and detected a button press.
10 years ago the German Mark cash has been replaced by the Euro.
Yesterday a thunderstorm crossed the city.
I also tried my first iPhone panorama picture.
Have a look at my favorite xkcd ever.