Get the count of Ceph PG’s per OSD

ceph pg dump | awk '
BEGIN { IGNORECASE = 1 }
 /^PG_STAT/ { col=1; while($col!="UP") {col++}; col++ }
 /^[0-9a-f]+\.[0-9a-f]+/ { match($0,/^[0-9a-f]+/); pool=substr($0, RSTART, RLENGTH); poollist[pool]=0;
 up=$col; i=0; RSTART=0; RLENGTH=0; delete osds; while(match(up,/[0-9]+/)>0) { osds[++i]=substr(up,RSTART,RLENGTH); up = substr(up, RSTART+RLENGTH) }
 for(i in osds) {array[osds[i],pool]++; osdlist[osds[i]];}
}
END {
 printf("\n");
 printf("pool :\t"); for (i in poollist) printf("%s\t",i); printf("| SUM \n");
 for (i in poollist) printf("--------"); printf("----------------\n");
 for (i in osdlist) { printf("osd.%i\t", i); sum=0;
   for (j in poollist) { printf("%i\t", array[i,j]); sum+=array[i,j]; sumpool[j]+=array[i,j] }; printf("| %i\n",sum) }
 for (i in poollist) printf("--------"); printf("----------------\n");
 printf("SUM :\t"); for (i in poollist) printf("%s\t",sumpool[i]); printf("|\n");
}'

 

Original article – http://cephnotes.ksperis.com/blog/2015/02/23/get-the-number-of-placement-groups-per-osd

ESPtool commands

sudo esptool.py –port /dev/ttyUSB0 read_flash 0x00000 0x100000 image-T1Original.bin

sudo esptool.py –port /dev/ttyUSB0 erase_flash

sudo esptool.py –port /dev/ttyUSB0 write_flash -fs 1MB -fm dout 0x0 sonoff.bin

Living with Network-Manager

Network manager can be a right pain in the ass, my goto has usually been to simply install it, but in some environments(Particularly Laptop\Desktop PC’s) it can actually be useful.

 

So here are some useful command that might make NM tolerable

1 – Show status

Network Manager has a command line tool that can be used to see which interfaces it is controlling. Pull up a terminal window and type the following command:

nmcli dev status

This displays a table that lists all network interfaces along with their STATE. If Network Manager is not controlling an interface, its STATE will be listed as unmanaged. Any other value indicates the interface is under Network Manager control.

 

 

Some useful links

http://support.qacafe.com/knowledge-base/how-do-i-prevent-network-manager-from-controlling-an-interface/ – Very good article!

Bluetooth headset in Ubuntu Gnome

One of the most difficult things about moving to Ubuntu Gnome so far has been my Bluetooth headset of all things.
It paired and worked brilliantly right out of box, but after a reboot the quality was woeful.
Turns out the audio profile had changed to HSP\HFP – Headset Head Unit when I wanted it to be A2DP Sink – High fidelity playback

This site appears to have fixed my issue – I used the second workaround and also chmod’d the file to gdm:gdm before rebooting https://wiki.debian.org/BluetoothUser/a2dp#Refused_to_switch_profile_to_a2dp_sink:_Not_connected

Renewing Lets Encrypt certificate for use in HAProxy

Here is a script i’ve put together from a  few different sources that renews specified LE certificates, copies them to the HAProxy SSL directory, copies them to the second HAPpoxy server and reloads haproxy on both nodes

Just call like this bash ~/renewLECert.sh domain1.com domain2.com

 

Will create 2 separate certificates, usefull if you don’t want Subject Alternative Names to appear when using a single SSL certificate

 

#!/bin/bash

# Path to the letsencrypt-auto tool
LE_TOOL=/usr/local/letsencrypt/letsencrypt-auto

# Directory where the acme client puts the generated certs
LE_OUTPUT=/etc/letsencrypt/live

# Concat the requested domains
DOMAINS=""
for DOM in "$@"
do
DOMAINS+=" -d $DOM"
done

# Create or renew certificate for the domain(s) supplied for this tool
#$LE_TOOL --agree-tos --renew-by-default --standalone --standalone-supported-challenges http-01 --http-01-port 9999 certonly $DOMAINS
i
# Cat the certificate chain and the private key together for haproxy
#cat $LE_OUTPUT/$1/{fullchain.pem,privkey.pem} > /etc/ssl/${1}.pem

for DOM in "$@"
do
# Create or renew certificate for the domain(s) supplied for this tool
echo "Requesting new certificate for $DOM"
$LE_TOOL --agree-tos --renew-by-default --standalone --standalone-supported-challenges http-01 --http-01-port 9999 certonly -d $DOM

cat $LE_OUTPUT/$DOM/{fullchain.pem,privkey.pem} > /etc/ssl/$DOM.pem
#DOMAINS+=" -d $DOM"
done
# Reload the haproxy daemon to activate the cert
systemctl reload haproxy

#Copy the new cert files to LB02 and reload HA proxy there too
scp /etc/ssl/*.pem root@172.16.103.62:/etc/ssl
ssh root@172.16.103.62 -C "service haproxy reload"

 

 

And the coresponding HAProxy config

#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2

chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
#frontend main *:5000
# acl url_static path_beg -i /static /images /javascript /stylesheets
# acl url_static path_end -i .jpg .gif .png .css .js
#
# use_backend static if url_static
# default_backend app

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
# balance roundrobin
# server static 127.0.0.1:4331 check

#---------------------------------------------------------------------
# round robin balancing between the various backends

 

frontend ssl_redirector
bind *:443 ssl crt /etc/ssl/
http-request del-header X-Forwarded-Proto
http-request set-header X-Forwarded-Proto https if { ssl_fc }

# Check if this is a letsencrypt request based on URI
acl letsencrypt-request path_beg -i /.well-known/acme-challenge/
# Send to letsencrypt-backend if it is a letsencrypt-request
use_backend letsencrypt_backend if letsencrypt-request

default_backend RGWnodes

frontend http_redirect
bind *:80
# Redirect to HTTPS if this is not a letsencrypt-request
acl letsencrypt-request path_beg -i /.well-known/acme-challenge/
redirect scheme https code 301 if !letsencrypt-request

# Check if this is a letsencrypt request based on URI
#acl letsencrypt-request path_beg -i /.well-known/acme-challenge/
# Send to letsencrypt-backend if it is a letsencrypt-request
use_backend letsencrypt_backend if letsencrypt-request

 

 

backend RGWnodes
mode http
balance roundrobin
option forwardfor
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server rgw1 172.16.103.51:80 check
server rgw2 172.16.103.52:80 check

#http-request set-header X-Forwarded-Port %[dst_port]
#http-request add-header X-Forwarded-Proto https if { ssl_fc }

backend letsencrypt_backend
mode http
server letsencrypt 127.0.0.1:9999

 

listen stats :9000 #Listen on localhost port 9000
mode http
stats enable #Enable statistics
stats hide-version #Hide HAProxy version, a necessity for any public-facing site
stats realm Haproxy\ Statistics #Show this text in authentication popup (escape space characters with backslash)
stats uri /haproxy_stats #The URI of the stats page, in this case localhost:9000/haproxy_stats
stats auth admin:password #Set a username and password