Tuesday 27 March 2007

Summarizing an IP address range

As I've mentioned previously, I've found IPy python module to be extremely useful for manipulating IP addresses. One such use is a script I've written to summarize an IP address range into the networks that make it up. The script supports both IPv4 and IPv6 addresses.

Example usage:
$ ./summarize.py 192.168.1.0 192.168.1.8
192.168.1.0/29
192.168.1.8

or alternatively as a python module:
>>> from summarize import summarize
>>> summarize('192.168.1.0', '192.168.1.254')
['192.168.1.0/25', '192.168.1.128/26', '192.168.1.192/27', '192.168.1.224/28', '192.168.1.240/29', '192.168.1.248/30', '192.168.1.252/31', '192.168.1.254']

The source for this script is available for download from the Wad of Stuff repository.

Wednesday 14 March 2007

iPhoto 6.0.6 and Keyword Assistant 1.9.4 released

Those of you using my iPhoto Keyword Utilities who have upgraded to iPhoto 6.0.6 should note that a minor release of Keyword Assistant is out too and is needed to re-enable it.

Monday 12 March 2007

New Google Code repository for Wad of Stuff

I've created a new Google Code hosted project to house all of the code that I'll be posting in this blog. The source browser and subversion access details are here.

SMF manifest for buildbot

As I mentioned in a previous post, I use buildbot for testing my Solaris installations. I'll be writing more about that in a future article. Until then here is a Solaris 10 SMF manifest that I've developed for starting up a buildbot master or slave. By default it creates one instance called default with a configuration path of /home/buildbot/master.

Before using this manifest you'll need to create your buildbot master or slave directories yourself using buildbot create-master or buildbot create-slave.

To change the path run:
# svccfg -s svc:/site/application/buildbot:default setprop buildbot/config="/path/to/buildbot/dir"

Then enable the service:
# svcadm enable svc:/site/application/buildbot:default

With this manifest you can run as many buildbot masters and slaves as your system can handle.

To add another instance run:
# svccfg -s svc:/site/application/buildbot add instance
# svccfg -s svc:/site/application/buildbot:instance addpg buildbot application
# svccfg -s svc:/site/application/buildbot:instance setprop buildbot/config="/path/to/instance"

Now enable the new buildbot instance:
# svcadm enable svc:/site/application/buildbot:instance


Update: Added the PATH environment variable to the manifest.

Friday 9 March 2007

SMF manifests for ISC dhcpd, splunk and syslog-ng

I recently had a couple of SMF manifests listed on the Open Solaris SMF Community web site. The manifests are for ISC dhcpd, splunk 2.1/2.2, and syslog-ng.

The splunk and syslog-ng manifests are intended to be used together. The syslog-ng and splunk services depend on a FIFO existing at /var/log/splunk-syslog. In my environment I have syslog-ng accepting syslog messages, filtering them, and writing to the FIFO and splunk reading from it. You may remove this dependency if you wish.

I also have splunk binding to 127.0.0.1 with an environment variable being set in the manifest. Remove the following from the manifest if you wish to have splunk directly accessible:

<method_environment>
<envvar name="SPLUNK_BINDIP" value="127.0.0.1"/>
</method_environment>


I do this to limit access to the splunk admininstrator interface via an apache reverse proxy. The apache configuration snippet to achieve this is included below. Add apache Allow statements to those who you trust to access the administrator interface.

# Reverse Proxy for splunk listening on localhost:8000
ProxyRequests Off
<Proxy *>
Order Deny,Allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
# Don't allow access to /admin/ which allows people to upload log files
# and tail any file on the server.
<Location /admin/>
Order Deny,Allow
Deny from all
# Add allow statements here
</Location>

Update: Here are the same ISC dhcpd, splunk and syslog-ng manifests now hosted in my new Google Code repo. I expect these to be more up to date than the opensolaris.org hosted copies.