Pivert's Blog

Sysadmin Tips

François

Reading Time: 3 minutes

Here is a random list of one-liners or online services that I found useful.

Check your browser audio configuration with 5.1 speakers

https://www2.iis.fraunhofer.de/AAC/multichannel.html

Check a port on a host every 5 seconds

while :; do echo -n `date +"[%Y-%m-%d %H:%M:%S]"`; echo -n "  "; nc -z 192.168.1.1 3389; if [ $? -eq 0 ]; then echo OK; else echo Unreachable; fi; sleep 5; done;

Use a group you’ve just being added to (no re-login)

  • To use webdev group id (and privileges) in your current shell use:
newgrp webdev

To start a command with some group id (and keep current privileges in your shell) use

sg webdev -c "command"

Add this alias to your .profile to take quick notes with date in the filename:

alias vimn='f(){ vim `date +%Y%m%y-%H%M`_$1.txt; unset -f f; }; f'

Add this alias to your .profile to generate gpg encrypted messages in the console

alias gpgb="echo '' | vipe | gpg -e --sign -a -r usr1@example.com -r usr2@example.com"

You can add extra recipients with -r behind the alias

Delete Docker generated DNS redirection (useful when it breaks)

LINE=$(iptables -t nat -L DOCKER-INGRESS --line-numbers | grep -E 'DNAT.*udp dpt:domain' | awk '{print $1};') && [ ${#LINE} -gt 0 ] && echo "Docker DNS DNAT rule was found at line $LINE in DOCKER-INGRESS chain." && iptables -t nat -D DOCKER-INGRESS $LINE

Convert images to a certain size, and use progressive jpeg with resize (in the example 1200px wide)

convert original.jpg -resize 1200 -define jpeg:extent=90k -interlace plane smaller.jpg

Convert all JPEG in a folder to progressive JPEG (backup before)

mogrify -interlace plane *.jpg

Test your jinja2 code in iPython REPL

For instance before placing it into Ansible playbook. Here is an example with mapping short codes to values: 

In [42]: from jinja2 import Template

In [43]: Template(
    ...: 'Host Group: {{ host_groups.get(ansible_hostname.split("-")[2], "Missing host_group in host_groups") }}'
    ...: ).render(
    ...: ansible_hostname="mynet-qa-es-003",
    ...: host_groups={
    ...: 'rtk': 'RethinkDB',
    ...: 'dbms': 'MySQL',
    ...: 'pg': 'PostgreSQL',
    ...: 'es': 'ElasticSearch',
    ...: }
    ...: )
Out[43]: 'Host Group: ElasticSearch'

Randomly move mouse on X11

eval $(xdotool getdisplaygeometry --shell); while true; do xdotool mousemove `rand -M $WIDTH` `rand -M $HEIGHT` && sleep $((`rand -M 300` + 120)); done;

List manually installed packages in Ubuntu/Kubuntu (2 ways)

comm -23 <(apt-mark showmanual | sort -u) <(gzip -dc /var/log/installer/initial-status.gz | sed -n 's/^Package: //p' | sort -u)

grep 'Commandline: apt install ' /var/log/apt/history.log | awk '{print $4}' | xargs echo 'apt install -y'

Compress PDF

gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -dNOPAUSE -dQUIET -dBATCH -sOutputFile=outfile.pdf infile.pdf

In case the quality would be too low, you can check with higher profiles such as -dPDFSETTINGS=/prepress or /ebook. There’s a lot of options. Also check ps2pdf.

Easy CPU burn

for i in $(seq $(getconf _NPROCESSORS_ONLN)); do yes > /dev/null & done

The to stop the CPU burn 

killall yes

TLS

Get certificate chain from the server

openssl s_client -showcerts -connect www.pivert.org:443 < /dev/null
openssl s_client -showcerts -connect zimbra.pivert.org:465 < /dev/null | openssl x509 -dates -noout

Get server certificate dates

openssl s_client -connect www.pivert.org:443 < /dev/null | openssl x5
09 -noout -dates

Install root CA on Debian

sudo cp rootca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

Install root CA on Red-Hat

sudo cp rootca.pem /etc/pki/ca-trust/source/anchors
sudo update-ca-trust

Get IP address & other from curl

Check out he ipconfig.me amazing free service. 

curl ifconfig.me
213.211.144.168

More examples on https://ifconfig.me/ (with a web browser). Can provide details such as user-agent, tz, language… Just add .json if you prefer json output.

Fill disk with Zeros

Useful for vm disk image dump. This command fills almost all disk with Zeros, keeping 100MB free. 

dd if=/dev/zero of=/zero bs=100M count=$(( $(df -l -B 100M --output='avail' -t 'ext4' / | tail -n1) - 1)); rm /zero

If using ansible, you can use ad-hoc command, just pay attention to the quotes. Here for “myhosts” host group: 

ansible myhosts -m shell -a 'dd if=/dev/zero of=/zero bs=100M count=$(( $(df -l -B 100M --output="avail" -t "ext4" / | tail -n1) - 1)); rm /zero'

Then double check 

ansible mysthosts -m shell -a '[ ! -d /zero ] && echo "/zero temporary file has been properly removed" || "ERROR: /zero still exists - Remove it manually"'

Free light geoip service (based on Google Maps)

https://redirect.li/ip/?ip=9.9.9.9

Free command-line geoip service

curl https://ipinfo.io/161.185.160.93
{
  "ip": "161.185.160.93",
  "city": "New York City",
  "region": "New York",
  "country": "US",
  "loc": "40.7143,-74.0060",
  "org": "AS22252 The City of New York",
  "postal": "10004",
  "timezone": "America/New_York",
  "readme": "https://ipinfo.io/missingauth"

Rancher: Kubernetes Namespace stuck on Terminating after delete

kubectl proxy &
export NAMESPACE=dynatrace # The namespace to delete
export CLUSTER=c-kvb2n     # Get the cluster id from the URL when connecting via Rancher
kubectl get namespace $NAMESPACE -o json | jq '.spec = {"finalizers":[]}' > temp.json
curl -k -H "Content-Type: application/json" -X PUT --data-binary @temp.json 127.0.0.1:8001/k8s/clusters/$CLUSTER/api/v1/namespaces/$NAMESPACE/finalize

Then remove the proxy: check with jobs, set the job in foreground with fg, then kill it with <CTRL>+C

Logout user remotely

loginctl terminate-user "your username here"