Archive for the ‘Scripts’ Category

Using Squidman as a Web Proxy for OS X

Thursday, October 27th, 2011

Squid is an open source package available at http://www.squid-cache.org that caches web files to a local server, increasing throughput for users and decreasing the amount of traffic on WAN connections. A Mac OS X software package named SquidMan, which includes Squid is available at http://web.me.com/adg/squidman/index.html. SquidMan makes installing and using Squid much easier, giving nice buttons to use for management rather than managing Squid using configuration files.

Once SquidMan is downloaded, copy the SquidMan application bundle to the /Applications directory. Then open it. At the Helper Tool Installation screen click on the Yes button.

At the Squid Missing screen click on the OK button to install squid itself.

The Preferences screen then opens. Click on the Clients tab and, if you would like to restrict access to only a set of IP addresses, define them (or use the net mask to define a range).

Click on the General tab. Here, provide the following information:

  • HTTP Port: The port number that the proxy will run on.
  • Visible hostname: The hostname of the server (e.g. proxy.318.com).
  • Cache size: The total amount of space used for the proxies cache.
  • Maximum object size: The maximum size of single cached files.
  • Rotate logs: The frequency with which log files are rotated (I usually use Manually here).
  • Start Squid on launch: Automatically start squid when SquidMan is launched, and delay start by x number of seconds.
  • Quid Squid on logout: Define whether logging out of the server also stops squid.
  • Show errors produced by Squid: Displays squid’s errors in SquidMan.

Click on the Parent and define a proxy server that this one will use (if there is one, otherwise it just uses the web to directly access files). This feature is only used if you are daisy chaining multiple squid servers.

Click on the Direct tab and enter any sites that should not be proxied. Internal staging environments are a great example of sites that should bypass proxy servers.

At the Template tab, enter any custom variables.

Squid is usually used to cache and speed up web access, so the default configuration file is optimized for small files. In order to cache larger files effectively, change the configuration to allow for larger files (up to 64 megabytes) and allow for more total disk storage of cached files (up to 8 gigabytes in our tests for a few specific projects, but much larger is fine). This usually depends on the total available disk space on the machine which will run squid.

These are some of the options which we updated for a specific project we’re working on in the squid.conf (Template):

http_port 3128 transparent (add transparent if using NAT to redirect http requests):
maximum_object_size_in_memory 65536 KB
cache_dir ufs /usr/local/var/squid/cache 8192 16 256
maximum_object_size 65536 KB

These days, we prefer to use squid running in NetBSD’s pkgsrc, although any method of installation (such as the squidman approach) should be acceptable.

Next, click on the SquidMan application which should have been running the whole time and click Start Squid.

The squid daemon then starts. Looking at the processes running on the host reveals that it is run as follows:

/usr/local/squid/sbin/squid -f /Users/admin/Library/Preferences/squid.conf

Client systems can then be configured to use the squid proxy, or PAC (Proxy auto-config) file can be configured to configure clients. Another option being transparent parodying:

rdr de0 0.0.0.0/0 port 80 -> (local Squid server) port 3128 tcp

Tags: , , , , , , , , , , , , , , , ,
Posted in General Technology, Mac OS X, Mac OS X Server, Scripts, Security, Web Development | Comments Off

Disabling Spanning Tree on Cisco Switches

Monday, February 21st, 2011

Spanning Tree Protocol has always been a problem with Mac OS X Server. This goes back to the early days when OS’s whacked each other over the head with rocks to go from Alpha to Beta. This usually manifests itself in weird speed and connectivity issues. You can mitigate by changing timing values, but when testing, it is often easiest to start by disabling Spanning Tree Protocol, seeing if the problems you have go away and then working from there.

By default, Spanning Tree is enabled on all Cisco Switches. In this article we’ll look at disabling Spanning Tree Protocol. But it is important to point out that once disabled, it is important to keep in mind that creating an additional VLAN automatically runs another instance of spanning tree protocol, so you may need to repeat this process in the future.

First backup the device. Then, ssh into the device:

ssh admin@64.32.49.172

You should be prompted for credentials at this time if using telnet. If you are using SSH you should only be prompted for the password. Once connected to the device you will need to go into enable mode by typing en at the command prompt and hit enter:

en

It may prompt you for a password, which you will need to know. Once complete you will notice that the prompt turns from an > to an # symbol. Now that you have administrative access, you will need to go into global configuration mode using the config t command:

config t

Now let’s actually disable spanning tree protocol. Enter in the no verb followed by spanning-tree, the protocol we’re disabling, followed by VLAN, followed by the VLAN identifier:

no spanning-tree VLAN vlan-id

Repeat for each VLAN if you need to do this on multiple. When done, exit config mode by entering the end command:

end

You can then enter the show command along with the spanning-tree option and view to see if there are any remaining spanning tree’s still active and verify if your command took:

show spanning-tree

If the command took and spanning tree is no longer enabled. Run the coppy command, followed by running-config and then startup-config, which copies your running configuration to your startup configuration making your change permanent:

copy running-config startup-config

It is then usually recommended to go ahead and reboot servers and clients prior to testing.

Tags: , ,
Posted in General Technology, IT Management, Mac OS X, Mac OS X Server, Mass Deployments, Scripts | Comments Off

Voice Dictation on iPhone and iPad

Monday, November 29th, 2010

The iPhone has a built-in voice controls that allow you to speak to the phone and have it perform certain tasks, such as dial a given contact, go to the next track when playing music and even start playing music. This allows you to control the device, hands free and perform basic tasks. Have you ever wanted to use that same kind of technology to dictate emails, notes and write documents while on the go? Well, Dragon Dictation, from Nuance Communications has got ya’ covered!

Using Dragon Dictation, you can press a button and dictate text. You can then review and edit the text if needed. That text can then be emailed, posted to your wall on Facebook, posted to Twitter, sent as an SMS and yes, even copied to the clipboard. If you find yourself in any situation where you cannot use the keyboard for extended periods of time then Dragon Dictation is a must have! And you can’t beat the price; Dragon Dictation is currently free!

Dragon also has a product for Mac OS X, Dragon Naturally Speaking, and versions for Windows as well. You can also use the desktop applications to control the computer itself, allowing you to name it Jarvis, KITT, GERTY, HAL, Mother or just plain old Computer. If you link it up to automator or do a little scripting then you can even control other applications, allowing you to tell the computer to turn the lights on, make you coffee and even turn off those Christmas lights.

Tags: , , , , , , , , , ,
Posted in General Technology, Mac OS X, Scripts, Wireless Networking, iPhone | Comments Off

MySQL Backup Options

Thursday, July 8th, 2010

MySQL bills itself as the world’s most popular open source database. It turns up all over, including most installations of WordPress. Packages for multiple platforms make installation easy and online resources are plentiful. Web-based admin tools like phpMyAdmin are very popular and there are many stand-alone options for managing MySQL databases as well.

When it comes to back-up, though, are you prepared? Backup plug-ins for WordPress databases are fairly common, but what other techniques can be used? Scripting to the rescue!

On Unix-type systems, it’s easy to find one of the many example scripts online, customize them to your needs, then add the script to a nightly cron job (or launchd on Mac OS X systems). Most of these scripts use the mysqldump command to create a text file that contains the structure and data from your database. More advanced scripts can loop through multiple databases on the same server, compress the output and email you copies.

Here is an example we found online a long time ago and modified (thanks to the unknown author):


#!/bin/sh

# List all of the MySQL databases that you want to backup in here,
# each seperated by a space
databases="database1 database2 database3"

# Directory where you want the backup files to be placed
backupdir=/mydatabasebackups

# MySQL dump command, use the full path name here
mysqldumpcmd=/usr/local/mysql/bin/mysqldump

# MySQL Username and password
userpassword=" --user=myusername --password=mypassword"

# MySQL dump options
dumpoptions=" --quick --add-drop-table --add-locks --extended-insert --lock-tables"

# Unix Commands
gzip=/usr/bin/gzip
uuencode=/usr/bin/uuencode

# Create our backup directory if not already there
mkdir -p ${backupdir}
if [ ! -d ${backupdir} ]
then
echo "Not a directory: ${backupdir}"
exit 1
fi

# Dump all of our databases
echo "Dumping MySQL Databases"
for database in $databases
do
$mysqldumpcmd $userpassword $dumpoptions $database > ${backupdir}/${database}.sql
done

# Compress all of our backup files
echo "Compressing Dump Files"
for database in $databases
do
rm -f ${backupdir}/${database}.sql.gz
$gzip ${backupdir}/${database}.sql
done

# And we're done
ls -l ${backupdir}
echo "Dump Complete!"
exit

Once you verify that your backup script is giving you valid backup files, these should be added to your other backup routines, such as CrashPlan, Mozy, Retrospect, Time Machine, Backup Exec, PresSTORE, etc. It never hurts to have too many copies of your critical data files.

To make sure your organization is prepared, contact your 318 account manager today, or email sales@318.com for assistance.

Posted in Scripts | Comments Off

WWDC 2010

Wednesday, April 28th, 2010

The annual Apple WorldWide Developers Conference, WWDC, has been announced for June 7th through June 11th. The Developers Conference will again be held in the Moscone Center in San Francisco and this year will be solely focused on development, having no IT track. To see a list of sessions, click here.

As part of WWDC, Apple also hands out a number of design awards. If you have any applications you would like to nominate for a design award then you can do so here.

Posted in Mac OS X, Scripts, Web Development, iPhone | Comments Off

OmniGraffle Tips & Tricks

Tuesday, December 1st, 2009

Here are some great OmniGraffle Tips and Tricks!

Tags: , , ,
Posted in General Technology, Mac OS X, Mac OS X Server, Network Architecture, Scripts | Comments Off

Open Directory Auto Archiver

Saturday, October 3rd, 2009

Have you struggled with Open Directory backups? Do you open up Server Admin and click on the Archive button when an alarm in your calendar tells you to do so? Well, we’re gonna’ help you out then. We’re going to automate backing up your Open Directory. We’re going to invoke the backups through launchd and we’re going to keep them for an amount of time you determine and automatically prune the old ones. We’re going to let you choose the location to store them and the password to unlock them. And we’re going to let you do all this through a graphical package called the 318 Auto Archiver.

Originally written for our own staff we now open it up to you as well.

Tags:
Posted in Mac OS X, Mac OS X Server, Scripts | Comments Off

Oracle Buys Sun

Monday, April 20th, 2009

Sun was in merger talks with IBM.  Talks that had fallen through.  Today, the Sun website says “Oracle to Buy Sun.” Oracle is the largest database company in the world and has been tinkering with selling support contracts for Linux and the Oracle suite of database products, that already includes PeopleSoft, Hyperion and Siebel. This merger, valued at $7.4Billion, will give Oracle access to sell hardware bundled solutions, further the Oracle development product offerings and give Oracle one of the best operating systems for running databases on the planet.

Oracle doesn’t just get hardware and Solaris though.  This move also solidifies a plan for Oracle customers to integrate Sun storage.  Oracle had previously been working with HP in a partnership that never seemed to gain traction.  Then there is Java, MySQL, VirtualBox, GlassFish and OpenOffice.org.  A number of the Sun contributions will be Open Source projects, but overall it’s possible to see a strategy that can emerge from a new Oracle + Sun organization.

As a Sun partner, 318 can assist its clients through this transition, be it with storage, MySQL, Java, Solaris or Oracle middleware scripting.  Overall, this deal makes a lot of sense and 318 is behind doing whatever possible to ease our clients through the transition.

Finally, for those concerned that Oracle might just be buying Sun to kill off MySQL, keep in mind that the Open Source community built MySQL in the first place (or was integral to building it) and it can build another in its place just as easily, this time faster and with less required legacy support.  MySQL is not a fluke.  PostgreSQL or a newer solution will take its place if MySQL were to fall by the wayside under the Oracle helm. Oracle is not going to make MySQL into a martyr of sorts, and is going to want to capitalize on their investment (a Billion dollar purchase by Sun and obviously part of this purchase); especially with a clear business plan for MySQL to be profitable (which is why Sun bought them for such a lofty price in the first place). Overall, Oracle has no reason to kill MySQL; instead, with Siebel, MySQL, Oracle, PeopleSoft, etc – they can simply tout “All Your Databasen Are Belong To Us!”

Tags: , , , ,
Posted in Directory Services, General Technology, IT Management, Linux, Scripts, Web Development | Comments Off

ESX Patch Management

Tuesday, April 14th, 2009

VMware’s ESX Server, like any system, needs to be updated regularly. To see what patches have been installed on your ESX server use the following command:

esxupdate -query

Once you know what updates have already been applied to your system it’s time to go find the updates that still need to be applied. You can download the updates that have not yet been run at http://support.vmware.com/selfsupport/download/. Here you will see a bevy of information about each patch and can determine whether you consider it an important patch to run. At a minimum, all security patches should be run as often as your change control environment allows. Once downloaded make sure you have enough free space to install the software you’ve just downloaded and then you will need to copy the patches to the server (using ssh, scp or whatever tool you prefer to use to copy files to your ESX host). Now extract the patches prior to running them. To do so use the tar command, as follows:

tar xvzf .tgz

Once extracted, cd into the patch directory and then use the esxupdate command with the update flag and then the test flag, as follows:

esxupdate –test update

Provided that the update tests clean, run the update itself with the following command (still with a working directory inside the extracted tarball from a couple of steps ago):

esxupdate update

There are a couple of flags that can be used with esxupdate. Chief amongst them are -noreboot (which doesn’t reboot after a given update), -d, -b and -l (which are used for working with bundles and depots).

If esxupdate fails with an error code these can be cross referenced using the ESX Patch Management Guide.

You can also run patches without copying the updates to the server manually, although this will require you to know the URL of the patch. To do so, first locate the patch number that you would like to run. Then, open outgoing ports on the server as follows:

esxcfg-firewall -allowOutgoing

Next, issue the esxupdate command with the path embedded:

esxupdate –noreboot -r http:// update

Once you’ve looped through all the updates you are looking to run, lock down your ESX firewall again using the following command:

esxcfg-firewall -blockOutgoing

Tags: , , , , , ,
Posted in Linux, Mass Deployments, Scripts, Windows | Comments Off

Mac OS X: Show Only Active Apps in the Dock

Thursday, April 2nd, 2009

The dock should have the applications you commonly need to get to.  However, some simply want it to show them the applications that are open.  You can do this by running the following command:

defaults write com.apple.dock static-only -bool TRUE

Once run, reboot, or just restart your dock with the following command:

killall Dock

To undo it:

defaults write com.apple.dock static-only -bool FALSE

Tags: , , ,
Posted in Mac OS X, Scripts | Comments Off

Kerberos Pruning Script

Friday, October 26th, 2007

I have noticed that over time inconsistancies can arise where a machine entry will be deleted from LDAP but the relevant kerberos principals remain in the KDC. Here’s a small script that I wrote up to help prune out unwanted/stale kerberos principals. Obviously great care must be taken when running this script; if you delete a principal that is still in use, things ARE going to break. So, think before you type. That being said, if you’re not interested in typing 20 delprinc commands, this script is for you.

Usage: %pruneKerb.sh query

pruneKerb will then list all principals matching “query” (standard case-sensitive grep match)

It takes a single argument query and outputs a list of matching
kerberos principals, presenting the user with the option to delete individual principals, all principles or simply print a list of matching principals.

Please read the scripts’ comments for more information.

pruneKerb.sh

Posted in Directory Services, Mac OS X, Mac OS X Server, Scripts | Comments Off