Cleanup After Script Exit

Many of my scripts work with temporary files, usually relative to the scripts directory1, while at the same time using set -e to exit as soon as something fails.

In this scenario the script leaves behind these temporary files by default, which is not desireable.

We can however do a proper cleanup using the trap concept.

[Read More]

HaProxy: Think About DNS Resolution

By default HAProxy resolves all DNS names in it’s config on startup and then never again.

This might cause issues down the road if DNS records, for example the ones for backends, change.

This section of the documentation is a good starting point as it describes IP address resolution using DNS in HAProy really well: https://docs.haproxy.org/3.0/configuration.html#5.3

Additionally this guide can also be helpful: https://www.haproxy.com/documentation/haproxy-configuration-tutorials/dns-resolution/

Navigate to Script Directory

Often times when writing scripts I want to reference files in the same directory, but keep the script portable in case it is part of a git repository being checked out somewhere else or just the folder getting moved.

[Read More]

CLI fuzzy search

I often whish to search through large bodies of text, like my knowledge base or source code repositories, from the command line.

I use fuz for this and I’m quite happy with it.

I also have it aliased to my knowledge base folder for even easier searching.

alias search="fuz -p /path/to/knowledge-base/"

WSL2 & Keychain

The problem

If you use ssh-agent with an encrypted ssh key it does not persist when you open a new terminal window.

The solution

Use keychain instead.

  1. Install
    sudo apt install keychain
    
  2. Add to your shells rc file, eg. .bashrc or .zshrc
    # Repeat this line for all keys you want to unlock and use this way
    /usr/bin/keychain -q --nogui $HOME/.ssh/id_rsa
    source $HOME/.keychain/wsl-sh
    
  3. Unlock your keys on shell startup and enjoy
wsl  linux  ssh 

Resolve .local Through Nameserver With Netplan

When using netplan it is easy to force .local DNS requests to go to you nameservers instead of being only resolved locally (the default and standard).

This also works with all other strange .WHATEVER domains you may have lying around in your organization.

Snippet from netplan configuration:

 nameservers:
        addresses:
          - X
          - Y
        search:
          - local
          - myotherstupiddomain

MongoDB Logrotate

MongoDB does not rotate it’s log on it’s own. To get it to ratet we will use logrotate. First, we need to configure some things in mongod.conf to get the desired behaviour when we utilize logrotate. systemLog: destination: file path: /var/log/mongodb/mongod.log logAppend: true logRotate: reopen Afterwards, we can create a logroatet configuration going in /etc/logrotate.d/mongodb. /var/log/mongodb/mongod.log { rotate 5 # Keep the last 5 rotated logs, so 6 files including the currently active size 10M # Rotate once the log reaches 10MB in size, depending on your envrionment you could instead use daily, weekly, monthly, etc missingok # It's ok if the log file does not exist create 0600 mongodb mongodb # Permissions and ownership for the roatetd logs delaycompress # Don't compress on first rotation, so we have the current log and log. [Read More]

DNS Resolution Everywhere

Usually at leas one of those is present on any system dig nslookup host But sometimes the usual suspects don’t work, especially in container-land. After trying them you may try some more involved/unknown things: getent Part of glibc, this will probably work on nearly every system. getent hosts example.org Or, if you specifically want to query A or AAAA records. getent ahostsv4 example.org getent ahostsv6 example.org Using Python2 Or Python3 Given this depends on glibc it is more of a alternative than another real solution [Read More]

How SELinux screws with scripts when run over VMware Tools

SELinux by default prohibits certain things from working through VMware tools (Ansible connection or plain API).

This can be solved two ways:

  • Disabling SELinux: BAD, but easy
  • Writing a custom SELinux policy: complicated but more secure

Note: Adding/Changing this policy through a VMware tools connection is thankfully possible

Example policy

This policy is the base for a VMware tools policy and allows entering the rpm context (yum).

module custom-vmtools 1.0;

require {
        type rpm_script_t;
        type vmtools_unconfined_t;
        class process transition;
}

#============= vmtools_unconfined_t ==============

allow vmtools_unconfined_t rpm_script_t:process transition