Using SGE I can exclude a node called "node6" with the option:
#$ -l h=!node6
Question: Does anyone know how to extend this to more than one node? I really can't find a good HowTo and I'm tired of guessing. Thanks!
You can use a wildcard expression to exclude some nodes. For example if you have nodes called node1, node2 ... nodeX; to exclude node2 to node5 you can use :
#$ -l h='!node[2-5]'
or to exclude several nodes :
#$ -l h='!(nodeP|nodeQ|...|nodeR)' //P,Q,R in [1,X]
Now just find the pattern which matches all the nodes you want to exclude.
Else, you can use a resource quota. To perform that, create a resource quota :
qconf -arqs disabledHostsResourceQuota
Edit this resource quota to allow a hostgroup (let's call it disabledHosts) to prevent jobs from running :
{
name disabledHostsResourceQuota
description resource quota to disable some hosts
enabled TRUE
limit hosts {#disabledHosts} to slots=0
}
Then create your hostgroup :
qconf -ahgrp disabledHosts
and in the "hostlist" field, add all the hosts you want to disable.
You can then submit your job without any option, that should do the trick.
Related
According to the documentation it's possible to add the parameter --defaults-group-suffix to a mysql command, for it to "In addition to the default option groups, also read option groups with the given suffix".
So in case I use:
--defaults-group-suffix=.sample
A mariadb-Server started with this option will read both, the following blocks:
[mariadbd]
…
[mariadbd.sample]
…
So I can put options which should apply to the specific instance to the second block.
My question is: Is there a way to add an option group, which is only evaluated, when the parameter --defaults-group-suffix is not provided, in other words empty?
The default block [mariadbd] obviously can't be used, since it is read by all instances with a defined suffix.
Additional question, since I can't find it in the documentation: If one option is specified multiple times in one (or more) configuration files: Is it the first, or the last match, that applies?
According to the stackoverflow guidelines, next time please only ask one question per posting.
1st question: No, it is not possible - the suffix option is an additional option, there are no conditions which check suffix and other options.
2nd question: If multiple configuration files with same options but different values are used, the option/value from last read configuration file will be used. Check the read order of configuration files by executing
mysqld --help --verbose | grep -C1 "Default options"
Default options are read from the following files in the given order:
/etc/my.cnf /etc/mysql/my.cnf ~/.my.cnf
$ gcloud --format="value(networkInterfaces[0].accessConfigs[0].natIP)" compute instances list
This command currently works to get ALL the ips that are active but if I have multiple instance groups lets say one is called: Office, and the other is called Home
How do I get just the instance IPs in instance group "Office" only
Unfortunately there is no easy way to do it. Ideally it should be part of gcloud instance-groups list-instances API, but it does not return IP addresses, just instance names.
So far, I've managed to get the desired response by executing 2 different commands.
To get names of all instances
instances=$(gcloud beta compute instance-groups list-instances <Enter Your Instance Group Name Here> | awk -v ORS=, '{if(NR>1)print $1}')
To get External IPs
gcloud --format="value(networkInterfaces[0].accessConfigs[0].natIP)" compute instances list --filter="name=( $instances )"
A breakdown / explanation of 1st Command:
gcloud beta compute instance-groups list-instances <Enter Your Instance Group Name Here> will return all instances in that Instance Group
awk -v ORS=, will replace all lines with , and returns a single comma separated string
'if(NR>1) will exclude first line of response which is NAME
print $1 will get only the 1st column which
are instance names
instances=$(<Entire Gcloud Command with awk) will capture the response in variable
2nd Command should be self explanatory.
It will be great if someone can combine these 2 commands into a single command.
We're using CentOS and would like to ban several Asian countries from accessing the entire server. Almost every IP we check which has tried to hack into our server is allocated to an Asian country (Russia, China, Pakistan, etc.)
We have an IP to country MySQL database we can efficiently query and would like to try something like:
-A INPUT -p tcp -m tcp --dport 80 -j /path/to/perlscript.pl
The script would need the IP passed in as an argument, then it would return either an ACCEPT or DROP target?
Thanks for the answers, here's my follow up.
Do you know if it is possible though? Having a rule point to a script which returns a target? (ACCPET/DROP)
Not entirely sure how ipset works, will have to experiment I guess, but it looks like it creates a single rule. How would it handle Russia for example, which has over 6000 ranges assigned to it? And we want to add probably 20 - 40 countries in total, so we could end up needing to add in excess of 100,000 ranges. Wouldn't the overhead of a single MySQL query be less taxing?
SELECT country FROM ip_countries WHERE $VAR{ip} >= range1 && $VAR{ip} <= range2
The database we use is freely available here : http://software77.net/geo-ip/
It represents IPs in the database by converting the IP to a number using this formula :
$VAR{numberedIP} = $octs[3] + ($octs[2] * 256) + ($octs[1] * 256 * 256) + ($octs[0] * 256 * 256 * 256);
It will store the start of the range in the "range1" column, and the end of the range in the "range2" column.
So you can see how we'd look up an IP using the above query. Literally takes less than a hundredth of a second to get a result and it's quite accurate. We have one website on a dedicated server, quite low traffic. But as with all servers I have ever checked, this one is hit daily by hackers' robots, checking email accounts, FTP accounts etc. And just about every web server I've ever worked on is compromised sooner or later. In our case, 99.99% of traffic from Asian countries has criminal intent attached to it.
We'd like this to run via iptables so that all ports are covered, not just HTTP for example by using directives in say .htaccess.
Do you think ipset would still be faster and more efficient?
It would be far too slow to launch perl for every matching packet. The right tool for this sort of thing is ipset, and there is much more information and documentation available on the ipset man page.
In CentOS you can install it with yum. Naturally, all of these commands and the script need to run as root:
# yum install ipset
Next install the kernel modules (you'll want this to happen at boot as well):
# modprobe -v ipset ip_set_hash_netport
And then use a script like the following to populate an ipset and block IP's from its ranges using iptables:
#!/usr/bin/env perl
use strict;
use warnings;
use DBI;
my $dbh = DBI->connect('... your DSN ...',...);
# I have no knowledge of your schema, but if you can pull the
# address range in the form: AA.BB.CC.DD/NN
my $ranges = $dbh->selectcol_arrayref(
q{SELECT cidr FROM your_table WHERE country_code IN ('CN',...)});
`ipset create geoblock hash:netport`;
for (#$ranges) {
# to match on port 80:
`ipset add geoblock $_,80`;
}
`iptables -I INPUT -m set --set geoblock src -j DROP`;
If you would like to block all ports rather than just 80, use the ip_set_hash_net module instead of ip_set_hash_netport, change hash:netport to hash:net, and remove ,80 from the ipset command.
it seems that it is not possible for me to trigger an event in OpenNMS using a threshold...
first the fact (as much detail as i can)
i want to monitor a html file, better, the content.
if a value is not what i expected OpenNMS should call be.
my html file:
Document Count: 5
in /var/lib/opennms/rrd/snmp/NODE are two files named: "documentCount" (.jbr & .meta)
--> because of the http-datacollection-config.xml
in my logfiles is written:
INFO [LegacyScheduler-Thread-2-of-50] RrdUtils: updateRRD: updating RRD file /var/lib/opennms/rrd/snmp/21/documentCount.jrb with values '1385031023:5'"
so the "5" is collected correctly.
now i created a threshold for this case:
<threshold type="high" ds-type="node"
value="4.0" rearm="2.0" trigger="1" triggeredUEI="uei.opennms.org/threshold/highThresholdExceeded"
filterOperator="or" ds-name="documentCount"
/>
in my collectd-configuration.xml is the threshold also enabled:
in my opinion the threshold of 4 is exceeded, because the value is 5. so the highTresholdEvent should be fired. BUT IT DOESNT.
so i'm here to ask if someone had an idea.
regards dawn
Check collectd.log with the following
tail -f collectd.log | grep -i thresholding
Threshold checking was moved to evaluate while the data is being retrieved a while back as opposed to a post process of rrd files.
Even with the log setting at info you should find some clues as to why the threshold rule is not matching any data.
I have Keepalived + MySQL (master - master) setup done.
I have kept the priority same for MASTER and BACKUP because I don't want them to start flapping frequently (one time switch of VIP is good enough).
This setup works fine if I use the simple 'vrrp-script' to check if mysql daemon is down. e.g.
script to check mysql daemon
vrrp_script chk_mysql {
script "killall -0 mysqld" # verify the pid is exist or not
interval 2 # check every 2 seconds
weight 2
}
I want to make it work with deeper health check with one python script. I want to use MISC_CHECK for that.
e.g.
MISC_CHECK {
misc_path “script_to_call_python_script.sh xxxx xxxx xxxx xxxx”
misc_timeout 5
}
My query is:
How can I make the MISC_CHECK to run at specified intervals?
Otherwise, what is 'required' output of script in 'vrrp_script', so that I could run
shell script there (which runs are periodic interval)?
Place the python code in a folder and in your vrrp_script call it like
vrrp_script chk_mysql {
script "location of you python script"
interval "the specified interval"
weight 2
}
Set the output to 0 or 1 depending on the check
as #nimesh said above, vrrp_script support python script directly. Just put your shell/python/rudy location with the script "location of you script" config.