ip – 503: Service Unavailable

Socat – Socket concatenator!

socat is a Multipurpose relay (“is a more complex variant of netcat. It is larger and more flexible and has more options that must be configured for a given task” – Wikipedia):

http://www.dest-unreach.org/socat/

Get it here: socat-1.7.2.0.tar.gz

Examples of use:

socat - TCP4:www.domain.org:80

transfers data between STDIO (-) and a TCP4 connection to port 80 of host http://www.domain.org. This example results in an interactive connection similar to telnet or netcat. The stdin terminal parameters are not changed, so you may close the relay with ^D or abort it with ^C.
socat - SSL:server:4443,cafile=server.crt,cert=client.pem

is an OpenSSL client that tries to establish a secure connection to an SSL server. Option cafile specifies a file that contains trust certificates: we trust the server only when it presents one of these certificates and proofs that it owns the related private key. Otherwise the connection is terminated. With cert a file containing the client certificate and the associated private key is specified. This is required in case the server wishes a client authentication; many Internet servers do not.
The first address (‘-‘) can be replaced by almost any other socat address.
socat - UDP4-DATAGRAM:224.255.0.1:6666,bind=:6666,ip-add-membership=224.255.0.1:eth0

transfers data from stdin to the specified multicast address using UDP. Both local and remote ports are 6666. Tells the interface eth0 to also accept multicast packets of the given group. Multiple hosts on the local network can run this command, so all data sent by any of the hosts will be received by all the other ones. Note that there are many possible reasons for failure, including IP-filters, routing issues, wrong interface selection by the operating system, bridges, or a badly configured switch.

See more examples in www.dest-uconcatenatornreach.org

My custom settings for Zabbix Agents

Since some time ago, I’m used working with ZABBIX systems – as server as agent, proxy … . Now, I don’t going to explain all the fantastic features about this software in this post. In this post, I will only enumerate my preferred ZABBIX Agent settings and my best values for each one.

Server=zproxy01.mon.mng.amz.coorp.com

List of comma delimited IP addresses (or hostnames) of ZABBIX servers.
No spaces allowed. First entry is used for sending active checks.
Note that hostnames must resolve hostname->IP address and
IP address->hostname.
ServerPort=10051

Server port for sending active checks
Hostname=php611.int.amz.coorp.com

Unique hostname. Required for active checks.
This hostname must correspond with the name set on ZABBIX Server for this
host
ListenPort=10050

Listen port. Default is 10050.
ListenIP=8.8.8.8

IP address to bind agent
If missing, bind to all available IPs
StartAgents=5

Number of pre-forked instances of zabbix_agentd.
Default value is 5.
This parameter must be between 1 and 16
RefreshActiveChecks=90

How often refresh list of active checks. 2 minutes by default.
This check list are sending by the ZABBIX server/proxy.
See in zabbix.com
to known more about Zabbix Agent’s protocol.
This value can’t be lower than 60 seconds.
DisableActive=0

Disable active checks. The agent will work in passive mode listening server.
EnableRemoteCommands=1

Enable remote commands for ZABBIX agent. By default remote commands disabled.
DebugLevel=3

Specifies debug level:
- 0 – debug is not created
- 1 – critical information
- 2 – error information
- 3 – warnings
- 4 – information (default)
- 5 – for debugging (produces lots of information)
PidFile=/var/run/zabbix-agent/zabbix_agentd.pid

Name of PID file
LogFile=/var/log/zabbix-agent/zabbix_agentd.log

Name of log file.
If not set, syslog will be used
LogFileSize=5

Maximum size of log file in MB. Set to 0 to disable automatic log rotation.
Timeout=15

Spend no more than Timeout seconds on processing
Must be between 1 and 30
UserParameter=http.basicaction,wget -t 2 -T 10 -q -O – “http://server:80/StatusInfo.php” | grep -e “App:”

Format: UserParameter=key,shell_command
Note that shell command must not return empty string or EOL only

More info:

http://www.zabbix.com/documentation/1.8/protocols/agent

Flushing ARP table entries for one specific IP

In some cases, the network elements use caching strategies in order to improve the network throughput. In this enviroment, is frequently that we are using subsystems like LVS with purpose of balance one service IP between a couple of hosts. In this cases, we can have several problems when we want use HA system because some network switch don’t releases the old ARP entry of the service IP (due to caching effect). To avoid this aim, we’d use arping to force releases of the old ARP entry.

  arping -v -c 1 -i eth0 -S 192.40.0.200 -t ff:ff:ff:ff:ff:ff 192.40.0.200

  arping: invalid option -- '-'
  Usage: arping [-fqbDUAV] [-c count] [-w timeout] [-I device] [-s source] destination
   -f : quit on first reply
   -q : be quiet
   -b : keep broadcasting, don't go unicast
   -D : duplicate address detection mode
   -U : Unsolicited ARP mode, update your neighbours
   -A : ARP answer mode, update your neighbours
   -V : print version and exit
   -c count : how many packets to send
   -w timeout : how long to wait for a reply
   -I device : which ethernet device to use (eth0)
   -s source : source ip address
   destination : ask for what ip address

For example, we can use this tip in the network/intefaces conffile:

auto eth0
iface eth0 inet static
  address 10.240.97.99
  netmask 255.255.255.0
  post-up arping -v -c 1 -i eth0 -S 192.40.0.99 -t ff:ff:ff:ff:ff:ff 192.40.0.99

The best documentation in the blackboard, … always

This diagram is chairing my work office. It has been drawn in a little blackboard so that it is easilly visible for all members of the team. Many times, look up it is more useful than a big effort of our mind.

The diagram show the different tables that IPTables is composited, the IP packages logic-flow arround the tables and try to show the relation between IPTables and the route tables of the system.