Read between the lines

Creating and maintaining root passwords across a large number of servers is not something to take for granted. In networks there are often hundreds of servers to maintain. A good Sysadmin knows that for maximum security each and every server needs to have a unique root password. The practicality for this is not in your favor unless you use some human maintainable pattern for your passwords which will defeat the purpose of having these unique passwords in the first place.

Imagine if instead of having to remember unique passwords you need only remember a keyword that you can say in a public arena. Are you interested? Please continue…


$ ./password.sh petabitblog 172.21.0.4
;V5Q.L;6


$ ./password.sh petabitblog 172.21.0.5
aE>E2P)_

Please notice how when using the keyword “petabitblog” that even if $2 is a string that is almost exactly the same it will generate an entirely unique password.

Usage Statement:


$ ./password.sh
Usage: password.sh
Example: ./password.sh foo 10.0.0.1


Attached at the bottom is the source code and required requisites to have this utility for your usage. Please compile and install it in /usr/local to conform to UNIX filesystem RFC.

Lets go through the script for clarity, shall we.

Lets start with the usage statement, this is arbitrary and can be custom tailored:


#!/bin/bash
if [[ $# -ne 2 ]]
then
echo “Usage: password.sh ”
echo “Example: ./password.sh foo 10.0.0.1″
exit 0
fi


Nothing special there. Now we need to collect random characters somehow that are consistent to reproduce the passwords we’re trying to create. There’s a little utility called sha2 that I use. It will encrypt any text into hex values that can be utilized.


$ echo randomstring | sha2 -512 -q
19d601919fd22382270be2caf94835456fb6dea4c48fdbc6b03dc1777f045e8 \ 0b206954f9af07881884d6b95ea7c123cf688847343151a7bbdba924e55b33ded


Notice that I use sha512 crypt, md5 or any other can be used but I prefer to use less crackable crypts to sate my paranoia.

We can’t really use that string as it stands so what I decided to do was break up the first 16 characters and use their hex value to obtain ASCII characters. Please take a look at the following code snippit:


key=`echo $1$2 | sha2 -512 -q | tr [a-z] [A-Z] | sed -e ’s-.-& -2;s-.-& -5;s-.-& -8;s-.-& -11;s-.-& -14;s-.-& -17;s-.-& -20;s-.-& -23′ | awk ‘{print $1″ “$2″ “$3″ “$4″ “$5″ “$6″ “$7″ “$8}’`

This takes the keyword + IP and pipes it through sha2. Then the characters are turned into uppercase letters and piped through sed to add a space between every other character for a total of 16. Using the keyword “petabitblog” and the IP “172.21.0.5″ we get the following output:


$ echo petabitblog172.31.0.5 | sha2 -512 -q | tr [a-z] [A-Z] | sed -e ’s-.-& -2;s-.-& -5;s-.-& -8;s-.-& -11;s-.-& -14;s-.-& -17;s-.-& -20;s-.-& -23′ | awk ‘{print $1″ “$2″ “$3″ “$4″ “$5″ “$6″ “$7″ “$8}’
8B 14 8A 1E 12 04 6E 4A


Next we need to get the decimal values for each hex digit:


for i in $key
do
string=`(echo ibase=16; echo $i%7E) | bc`


This will ensure that every value is turned into a decimal that is between the valid ASCII values between 0 and 177. There are other ways, but this what I like to do. What we have to work with now are decimal numbers 13, 20, 12, 30, 18, 4, 110, and 74 respectively.

Please realize that the ASCII table includes many characters unsuitable for a password. Any ASCII value below 40 is useless to us unless you can type characters like DLE (data link escape) and HT ’\t’ (horizontal tab) swiftly. I also chose to delete “\” from being used as it ensures easy integration into other scripts that may have tricky special character handling like expect. The next code snippit:


if (( $string <= 40 ))
then
(( string = string + 41 )) # make sure it's a printable character and not a control character
fi
if (( $string == 92 ))
then
(( string = string + 1 )) # make sure it's a printable character and not a control character
fi


Now we need to print the alphanumeric characters of these decimal values. For this the utility awk has a nice trick: %c

char=`echo $string | awk '{printf("%c",$0)}'

Last but not least we need to print the characters out and escape control characters:

echo -ne "$char"

Finally, close the loop and echo a new line:

done
echo
exit 0


There you have it, keep it on a *very* secure machine and you have your root passwords:

$ ./password.sh petabitblog 172.21.0.5
aE>E2P)_

I am giving this to you freely for your use. I only ask that you keep my name in the script and inform me of any significant updates to make the script easier and better to use.

#!/bin/bash
# Generate root passwords based off of crypted values
#
# Author: Paul Pasika
# Date: 04.08.2008
# email paulpas@petabit.net
#
# Paypal any donations to paulpas@petabit.net to keep this going.
#
#
if [[ $# -ne 2 ]]
then
echo “Usage: password.sh ”
echo “Example: ./password.sh foo 10.0.0.1″
exit 0
fi

key=`echo $1$2 | sha2 -512 -q | tr [a-z] [A-Z] | sed -e ’s-.-& -2;s-.-& -5;s-.-& -8;s-.-& -11;s-.-& -14;s-.-& -17;s-.-& -20;s-.-& -23′ | awk ‘{print $1″ “$2″ “$3″ “$4″ “$5″ “$6″ “$7″ “$8}’`

for i in $key
do

string=`(echo ibase=16; echo $i%7E) | bc`
if (( $string <= 40 ))
then
(( string = string + 41 )) # make sure it's a printable character and not a control character
fi
if (( $string == 92 ))
then
(( string = string + 1 )) # make sure it's a printable character and not a control character
fi
#if (( $string == 91 ))
#then
# string="\$string" # make sure it's a printable character and not a control character
#fi
char=`echo $string | awk '{printf("%c",$0)}'`
#/usr/bin/perl -ew "print ,$char\n";
echo -ne "$char"
done
echo
sha2 source

I’ll cut to the chase…

# Secure tmp directory usage.
tmp=${TMPDIR-/tmp}
tmp=$tmp/unf.$RANDOM.$RANDOM.$RANDOM.$$
(umask 077 && mkdir $tmp) || {
echo “Could not create temporary directory! Exiting.” 1>&2
exit 1
}
(umask 077 && mkdir $tmp/mebad) || {
echo “Could not create temporary directory! Exiting.” 1>&2
exit 1
}

I know it’s been a hot minute since I have last updated. I’m actually living in the real world right now. I can’t believe I’m able to see the world without the ons and offs that make iVagrancy a career choice.

Now for some unjustifiable rhetoric:

Obama is an idiot. He has a plan for now, but not for later.
Clinton is sadistic. She has a plan for later, but not for now.
McCain is worthless. He thought that if MMA warriors wore padded gloves that the sport would be less dangerous.

Everyone is still stupid. I’m sorry but your iPhones still suck. That is all.

Thank Joie for this compilation of information for us all:

From: MAX FAN (LSU/Ron Paul/Cowboys/NASCAR)
Date: Feb 2, 2008 3:04 PM

VERY IMPORTANT! PLEASE COPY & SAVE – Wesley Snipes it’s VOLUNTARY!

Put this in your Freedom or Patriot folder on your computer and keep and spread!

Not only is there no law that requires the average American Citizen wage earner to pay an Income Tax, there is certainly no law that requires one to give up his 5th Amendment Constitutional Right to bear witness against himself as when he files a tax return! When you sign anything UNDER PENALTY OF PERJURY you are waving your 5th Amendment Right. YOU DO NOT HAVE TO DO THIS! Our Founders were protecting us against just such shenanigans as this.

It’s like listening to a cop read you the Miranda Warning (the right to remain silent etc.) when they arrest you and you giving up those rights and talking to them. YOU ARE NOT REQUIRED BY LAW TO DO THIS! PERIOD!

The following information is directly from the Beast’s mouth. These are IRS handbooks I ordered back in the early ‘80’s. The Constitution has not changed since then, so the statements still apply. The IRS knows that they can’t require you to give up your Constitutional Rights, that’s why they tell you, themselves, that filing a return is voluntary! These statements are at the beginnings of each of these books or sections. They spell it out in plain English. They are hoping, I guess, that they’ve successfully dumbed us sheep down to the point that we don’t know what voluntary means or can locate a dictionary to remind us!

Let’s see what the Merriam-Webster dictionary says:

- Voluntary : proceeding from the will or from one’s own choice or consent
- Compliance : a: the act or process of complying to a desire, demand, proposal, or regimen or to coercion b: conformity in fulfilling official requirements

So……….. Voluntary Compliance in these IRS matters means – fulfilling official requirements from one’s own choice or consent. IT’S YOUR CHOICE!

** This first photo is from the IRS’ Audit Guidelines Handbook. When they say “Service” they mean the Internal Revenue Service. The underlined parts are what is important.

** These next two are from their Criminal Investigations Handbook.

** These next two are from their Special Agents Handbook. Remember, liquor distillers, tobacco merchants and a few others ARE required to file returns, just not us wage-earning citizens. This is where they try to confuse us. Also, the courts have ruled in tax cases that “shall” means “may.” “Shall” doesn’t mean “required,” it means you may or you may not.

** I wrote my senators and congressman and asked them if we were REQUIRED to file a tax return, and again, the IRS tells my congressman that it’s voluntary. Can you feel the arrogance coming from this squirrel? Can you spot the lies?

** This is an article from the Wall Street Journal. Everyone knows that the Income Tax is voluntary except us sheep at the bottom, I guess! LOL Are there also penalties for not volunteering to contribute to the United Way or Toys for Tots? Can you believe the scam and smoke and mirrors that we have been living under?

** You will not see Voluntary Compliance attached to any “real” law. You won’t find it near laws for Murder, Robbery, TREASON, Kidnapping or Traffic laws. Why? Because the United States Constitution doesn’t protect us from these like it does from Bearing Witness Against Ourselves with our 5th Amendment. The IRS and Congress who writes this crap know the law, this ain’t by mistake! This is by design to keep us enslaved, period! End of discussion! Please pass this on far and wide. We need to return to Constitutional government like Ron Paul espouses. Thanks.

Original Post

January 15, 2008
Big Brain Theory: Have Cosmologists Lost Theirs?
By DENNIS OVERBYE

It could be the weirdest and most embarrassing prediction in the history of cosmology, if not science.

If true, it would mean that you yourself reading this article are more likely to be some momentary fluctuation in a field of matter and energy out in space than a person with a real past born through billions of years of evolution in an orderly star-spangled cosmos. Your memories and the world you think you see around you are illusions.

This bizarre picture is the outcome of a recent series of calculations that take some of the bedrock theories and discoveries of modern cosmology to the limit. Nobody in the field believes that this is the way things really work, however. And so in the last couple of years there has been a growing stream of debate and dueling papers, replete with references to such esoteric subjects as reincarnation, multiple universes and even the death of spacetime, as cosmologists try to square the predictions of their cherished theories with their convictions that we and the universe are real. The basic problem is that across the eons of time, the standard theories suggest, the universe can recur over and over again in an endless cycle of big bangs, but it’s hard for nature to make a whole universe. It’s much easier to make fragments of one, like planets, yourself maybe in a spacesuit or even — in the most absurd and troubling example — a naked brain floating in space. Nature tends to do what is easiest, from the standpoint of energy and probability. And so these fragments — in particular the brains — would appear far more frequently than real full-fledged universes, or than us. Or they might be us.

Alan Guth, a cosmologist at the Massachusetts Institute of Technology who agrees this overabundance is absurd, pointed out that some calculations result in an infinite number of free-floating brains for every normal brain, making it “infinitely unlikely for us to be normal brains.” Welcome to what physicists call the Boltzmann brain problem, named after the 19th-century Austrian physicist Ludwig Boltzmann, who suggested the mechanism by which such fluctuations could happen in a gas or in the universe. Cosmologists also refer to them as “freaky observers,” in contrast to regular or “ordered” observers of the cosmos like ourselves. Cosmologists are desperate to eliminate these freaks from their theories, but so far they can’t even agree on how or even on whether they are making any progress.

If you are inclined to skepticism this debate might seem like further evidence that cosmologists, who gave us dark matter, dark energy and speak with apparent aplomb about gazillions of parallel universes, have finally lost their minds. But the cosmologists say the brain problem serves as a valuable reality check as they contemplate the far, far future and zillions of bubble universes popping off from one another in an ever-increasing rush through eternity. What, for example is a “typical” observer in such a setup? If some atoms in another universe stick together briefly to look, talk and think exactly like you, is it really you?

“It is part of a much bigger set of questions about how to think about probabilities in an infinite universe in which everything that can occur, does occur, infinitely many times,” said Leonard Susskind of Stanford, a co-author of a paper in 2002 that helped set off the debate. Or as Andrei Linde, another Stanford theorist given to colorful language, loosely characterized the possibility of a replica of your own brain forming out in space sometime, “How do you compute the probability to be reincarnated to the probability of being born?”

The Boltzmann brain problem arises from a string of logical conclusions that all spring from another deep and old question, namely why time seems to go in only one direction. Why can’t you unscramble an egg? The fundamental laws governing the atoms bouncing off one another in the egg look the same whether time goes forward or backward. In this universe, at least, the future and the past are different and you can’t remember who is going to win the Super Bowl next week.

“When you break an egg and scramble it you are doing cosmology,” said Sean Carroll, a cosmologist at the California Institute of Technology.

Boltzmann ascribed this so-called arrow of time to the tendency of any collection of particles to spread out into the most random and useless configuration, in accordance with the second law of thermodynamics (sometimes paraphrased as “things get worse”), which says that entropy, which is a measure of disorder or wasted energy, can never decrease in a closed system like the universe.

If the universe was running down and entropy was increasing now, that was because the universe must have been highly ordered in the past.

In Boltzmann’s time the universe was presumed to have been around forever, in which case it would long ago have stabilized at a lukewarm temperature and died a “heat death.” It would already have maximum entropy, and so with no way to become more disorderly there would be no arrow of time. No life would be possible but that would be all right because life would be excruciatingly boring. Boltzmann said that entropy was all about odds, however, and if we waited long enough the random bumping of atoms would occasionally produce the cosmic equivalent of an egg unscrambling. A rare fluctuation would decrease the entropy in some place and start the arrow of time pointing and history flowing again. That is not what happened. Astronomers now know the universe has not lasted forever. It was born in the Big Bang, which somehow set the arrow of time, 14 billion years ago. The linchpin of the Big Bang is thought to be an explosive moment known as inflation, during which space became suffused with energy that had an antigravitational effect and ballooned violently outward, ironing the kinks and irregularities out of what is now the observable universe and endowing primordial chaos with order.

Inflation is a veritable cosmological fertility principle. Fluctuations in the field driving inflation also would have seeded the universe with the lumps that eventually grew to be galaxies, stars and people. According to the more extended version, called eternal inflation, an endless array of bubble or “pocket” universes are branching off from one another at a dizzying and exponentially increasing rate. They could have different properties and perhaps even different laws of physics, so the story goes.

A different, but perhaps related, form of antigravity, glibly dubbed dark energy, seems to be running the universe now, and that is the culprit responsible for the Boltzmann brains.

The expansion of the universe seems to be accelerating, making galaxies fly away from one another faster and faster. If the leading dark-energy suspect, a universal repulsion Einstein called the cosmological constant, is true, this runaway process will last forever, and distant galaxies will eventually be moving apart so quickly that they cannot communicate with one another. Being in such a space would be like being surrounded by a black hole.

Rather than simply going to black like “The Sopranos” conclusion, however, the cosmic horizon would glow, emitting a feeble spray of elementary particles and radiation, with a temperature of a fraction of a billionth of a degree, courtesy of quantum uncertainty. That radiation bath will be subject to random fluctuations just like Boltzmann’s eternal universe, however, and every once in a very long, long time, one of those fluctuations would be big enough to recreate the Big Bang. In the fullness of time this process could lead to the endless series of recurring universes. Our present universe could be part of that chain.

In such a recurrent setup, however, Dr. Susskind of Stanford, Lisa Dyson, now of the University of California, Berkeley, and Matthew Kleban, now at New York University, pointed out in 2002 that Boltzmann’s idea might work too well, filling the megaverse with more Boltzmann brains than universes or real people.

In the same way the odds of a real word showing up when you shake a box of Scrabble letters are greater than a whole sentence or paragraph forming, these “regular” universes would be vastly outnumbered by weird ones, including flawed variations on our own all the way down to naked brains, a result foreshadowed by Martin Rees, a cosmologist at the University of Cambridge, in his 1997 book, “Before the Beginning.”

The conclusions of Dr. Dyson and her colleagues were quickly challenged by Andreas Albrecht and Lorenzo Sorbo of the University of California, Davis, who used an alternate approach. They found that the Big Bang was actually more likely than Boltzmann’s brain.

“In the end, inflation saves us from Boltzmann’s brain,” Dr. Albrecht said, while admitting that the calculations were contentious. Indeed, the “invasion of Boltzmann brains,” as Dr. Linde once referred to it, was just beginning.

In an interview Dr. Linde described these brains as a form of reincarnation. Over the course of eternity, he said, anything is possible. After some Big Bang in the far future, he said, “it’s possible that you yourself will re-emerge. Eventually you will appear with your table and your computer.”

But it’s more likely, he went on, that you will be reincarnated as an isolated brain, without the baggage of stars and galaxies. In terms of probability, he said, “It’s cheaper.”

You might wonder what’s wrong with a few brains — or even a preponderance of them — floating around in space. For one thing, as observers these brains would see a freaky chaotic universe, unlike our own, which seems to persist in its promise and disappointment.

Another is that one of the central orthodoxies of cosmology is that humans don’t occupy a special place in the cosmos, that we and our experiences are typical of cosmic beings. If the odds of us being real instead of Boltzmann brains are one in a million, say, waking up every day would be like walking out on the street and finding everyone in the city standing on their heads. You would expect there to be some reason why you were the only one left right side up.

Some cosmologists, James Hartle and Mark Srednicki, of the University of California, Santa Barbara, have questioned that assumption. “For example,” Dr. Hartle wrote in an e-mail message, “on Earth humans are not typical animals; insects are far more numerous. No one is surprised by this.”

In an e-mail response to Dr. Hartle’s view, Don Page of the University of Alberta, who has been a prominent voice in the Boltzmann debate, argued that what counted cosmologically was not sheer numbers, but consciousness, which we have in abundance over the insects. “I would say that we have no strong evidence against the working hypothesis that we are typical and that our observations are typical,” he explained, “which is very fruitful in science for helping us believe that our observations are not just flukes but do tell us something about the universe.”

Dr. Dyson and her colleagues suggested that the solution to the Boltzmann paradox was in denying the presumption that the universe would accelerate eternally. In other words, they said, that the cosmological constant was perhaps not really constant. If the cosmological constant eventually faded away, the universe would revert to normal expansion and what was left would eventually fade to black. With no more acceleration there would be no horizon with its snap, crackle and pop, and thus no material for fluctuations and Boltzmann brains.

String theory calculations have suggested that dark energy is indeed metastable and will decay, Dr. Susskind pointed out. “The success of ordinary cosmology,” Dr. Susskind said, “speaks against the idea that the universe was created in a random fluctuation.”

But nobody knows whether dark energy — if it dies — will die soon enough to save the universe from a surplus of Boltzmann brains. In 2006, Dr. Page calculated that the dark energy would have to decay in about 20 billion years in order to prevent it from being overrun by Boltzmann brains.

The decay, if and when it comes, would rejigger the laws of physics and so would be fatal and total, spreading at almost the speed of light and destroying all matter without warning. There would be no time for pain, Dr. Page wrote: “And no grieving survivors will be left behind. So in this way it would be the most humanely possible execution.” But the object of his work, he said, was not to predict the end of the universe but to draw attention to the fact that the Boltzmann brain problem remains.

People have their own favorite measures of probability in the multiverse, said Raphael Bousso of the University of California, Berkeley. “So Boltzmann brains are just one example of how measures can predict nonsense; anytime your measure predicts that something we see has extremely small probability, you can throw it out,” he wrote in an e-mail message.

Another contentious issue is whether the cosmologists in their calculations could consider only the observable universe, which is all we can ever see or be influenced by, or whether they should take into account the vast and ever-growing assemblage of other bubbles forever out of our view predicted by eternal inflation. In the latter case, as Alex Vilenkin of Tufts University pointed out, “The numbers of regular and freak observers are both infinite.” Which kind predominate depends on how you do the counting, he said..

In eternal inflation, the number of new bubbles being hatched at any given moment is always growing, Dr. Linde said, explaining one such counting scheme he likes. So the evolution of people in new bubbles far outstrips the creation of Boltzmann brains in old ones. The main way life emerges, he said, is not by reincarnation but by the creation of new parts of the universe. “So maybe we don’t need to care too much” about the Boltzmann brains,” he said.

“If you are reincarnated, why do you care about where you are reincarnated?” he asked. “It sounds crazy because here we are touching issues we are not supposed to be touching in ordinary science. Can we be reincarnated?”

“People are not prepared for this discussion,” Dr. Linde said.

I wrote this in 2004, but I figured it’d be good to get this archived in here for safe keeping. Enjoy the geekery.

Finally I have figured out how to delegate a class B. Actually I learned that it’s not a delegation at all. That was my main barrier, semantics. Some dude and a guy from ISC (maintainer of BIND) from bind-users@isc.org mailing list helped me out. Of course they were belittling me and accusing me of not “getting it.” I will be the first to note that I am not a DNS guru, I am just well versed in the environment we use DNS in. At any rate, let me tell you how to set up an authoritative server to point a class B to another pair of boxes. Let me stage an environment, pay close attention.

There is a core datacenter with a DNS server in there. I’ll call it “The Core” hence forth. There is a datacenter in KC and Omaha referred to as “distribution site.” In laymen terms, a class B is 2^16 IPs, or 65536 IPs. An IP is something like 1.2.3.4, 1.2.0.0-1.2.255.255 would be a class B. The range we’ll be messing with will be 133.7.0.0/16. Per ARIN (god of IPs) it has delegated 133.7.0.0/16 to the Core. The core has authority, (SOA). That means it polices the block, it can do whatever it wants to it. Now the distribution DNS servers are needing to host the 133.7.0.0/16 block. But how can they since The Core hosts them? Here’s a pictoral diagram in ascii art to clarify what I had just said.

The Core

133.7.0.0/16 Authority
/\
/   \
Distro1 Distro 2

Hosting 133.7.0.0/16 133.7.0.0/16

Get it? Stay with me. At any rate, in a zone file on The Core it will look something like this, this zone file is configuration for the zone:

@ IN SOA the.core.com dns.core.com
( 20040108 8976 8976 8976 86400)

IN NS the.core.com

This will get The Core answering for queries of any IP in the range stated above. Now we need to append to the file how we tell the world to go to the distro sites for answers.

$GENERATE 0-255 $ NS distro.1.com
$GENERATE 0-255 $ NS distro.2.com

This tells the server that 133.7.1-255.* will find answers at these NS (name servers). Now at the distro site, there will be a zone file broken up into class Cs (2^8 IPs, or 256, or 133.7.0.0-255, 133.7.45.0-255, etc), and we’ll look into the block 133.7.0.0/24:

@ IN SOA the.core.com dns.core.com
( 20040108 8976 8976 8976 86400)

IN NS distro1.com

0 IN PTR yourmom.foo.com.
1 IN PTR yourdad.foo.com.
…
255 IN PTR yoursister.foo.com.

Now when you do a lookup for 133.7.0.0 will resolve to yourmom.foo.com and 133.7.0.255 will resolve to yoursister.foo.com.

Yea, easy isn’t it. This is NOT delegation, there’s no true reference to it that I can find other than saying that you’re “pointing a class B to another DNS server.” Someone who is savvy tell me the verbiage. I’d like to know. This method applies for classless IP “pointing”/”delegation” as well. Remember, you can only delegate once, and that’s final. Don’t nit pick me either, I dumbed this down for people who get laid and have fun.

As far as I know this only applies to Ubuntu Server 6.06 LTS. ymmw. This is for my notes and I will use shorthand explanations to suit my own purposes. Please leave comments and I will reply as appropriate. All IPs are forged.

Take a look at my /etc/heartbeat/ldirectord.cf config:

virtual=149.212.45.44:80
real=10.0.1.1:8080 masq
real=10.0.1.2:8080 masq

# ipvsadm -Ln
TCP 149.212.45.44:80 lc persistent 1800
-> 10.0.1.1:80 Masq 1 0 0
-> 10.0.1.2:80 Masq 1 0 0

Oh snap! Why are the ports not being translated properly? Lets take a look at ldirectord:

# vi `which ldirectord`
..snippit..
if(!defined($or)) {
$old_rservice = $rservice;
$rservice =~ /(.*):(.*)/;
$rservice = $1;
$virtual_str =~ /(.*):(.*)/;
$rservice .= “:” . $2;
$or=$ov->{”real”}->{$rservice};
….

Add these lines directly after the code snippet:

if(!defined($or)) {
$rservice = $old_rservice;
$old_rservice = undef;
}

Voila! Problem solved. The same problem exists for fallback servers, the port translation is broken. I have no need to fix this so I will not.

Additionally, I made a script to monitor virtual hosts and email me if any of them are down. Please take a look at vpoolsheck.sh which has 2 real servers for each virtual host. 111.111.110.2 is the fallback server that serves the maintenance pages:

#!/bin/bash
. /root/.bashrc
grep -v \# /etc/heartbeat/haresources| awk -F:: ‘{print $2}’ | awk -F/ ‘{print $1}’ | while read i
do
wwwcheck=`/sbin/ipvsadm -Ln | grep -A2 $i | grep -c 111.111.110.2:80`
sslcheck=`/sbin/ipvsadm -Ln | grep -A2 $i | grep -c 111.111.110.2:443`
if [[ $wwwcheck > 0 ]]
then
echo “$i:80 is serving the Maintenance page, check ASAP!” | mail -s “LB Check: Site down!” sysadmin@domain.com
fi
if [[ $sslcheck > 0 ]]
then
echo “$i:443 is serving the Maintenance page, check ASAP!” | mail -s “LB Check: SSL Site down!” sysadmin@domain.com
fi
done

I had put this in cron and kept getting these emails in my Inbox:

/sbin/ipvsadm: line 15: exec: ipvsadm-1.24: not found
/sbin/ipvsadm: line 15: exec: ipvsadm-1.24: not found
/sbin/ipvsadm: line 15: exec: ipvsadm-1.24: not found
/sbin/ipvsadm: line 15: exec: ipvsadm-1.24: not found

After some investigation I checked out /sbin/ipvsadm, which is a Bourne script. I added my changes with the flavor of diff:

#!/bin/sh
KVER=`uname -r | cut -d. -f1,2`
KPAT=`uname -r | sed -re ’s/^[[:digit:]]\.[[:digit:]].([[:digit:]]+).*$/\1/’`

case $KVER in
2.6)
IPVSVER=1.24
;;
2.4)
if [ $KPAT -lt 29 ]; then IPVSVER=1.21
else IPVSVER=1.21-11; fi
;;
esac

-exec ipvsadm-$IPVSVER $*
+exec /sbin/ipvsadm-$IPVSVER $*

Problem solved, life is good.

It looks like the dick wavers of the world are posteuring, yet again, to gridlock the powers of the world into a stalemate…

Original Story

The west must be ready to resort to a pre-emptive nuclear attack to try to halt the “imminent” spread of nuclear and other weapons of mass destruction, according to a radical manifesto for a new Nato by five of the west’s most senior military officers and strategists.