How domains are being resolved ?

Thu 23 October 2014 by admin

Not so far ago I was doing some cleanup work with static entries in /etc/hosts. I was wondering how many of these static entries are being actively used. To figure out I started digging, but without much luck. Tools like strace, ltrace doesnt give me a clear look which address are taken from /etc/hosts or which function from shared library was used to resolve domain name. So the next step was dynamic tracing in userspace level by systemtap. I know that name resolution mechanism is provided by NSS, so I grabs function from /lib64/libnss_files-2.17.so (CentOS 7) related to /etc/hosts. Which exactly functions I was looking for, I only now that it should contain gethost, so:

# strings /lib64/libnss_files-2.17.so  | grep -i gethost
_nss_files_gethostent_r
_nss_files_gethostbyaddr_r
_nss_files_gethostbyname3_r
_nss_files_gethostbyname_r
_nss_files_gethostbyname2_r
_nss_files_gethostbyname4_r
_nss_files_gethostton_r

Now I should confirm that by writing simple script in systemtap:

global domains
probe begin {
        printf("started...\n")
}
probe process("/lib64/libnss_files-2.17.so").function("_nss_files_gethostbyname*").return {

        if ($$return == "return=0x1") {
                domains[user_string($name)] ++
                printf("%s - %s\n",execname(),user_string($name))
        }

}
probe end {
        foreach (var in domains) {
                printf("\n%s %d\n",var,domains[var])
        }
}

It means that I start tracing all process which fires libnss_files shared library and function _nss_files_gethostbyname* within. I only take care of return value of these function, return 0x1 means that domain record was found in /etc/hosts so count it and at the end (ctrl+c) show some stats. How it looks like:

# stap hostscounter.stap
started...
curl - localhost
^C
localhost 1

Simple and beauty ;)


How safely change ip address on remote host ?

Sun 05 October 2014 by admin

Routine task change ip address on remote host without cut off. There are a lot of possibilites i.e. from reboot with new ip address to some fancy stuff with cron job. But there is a one method to make it clear and elegant.

Simply set:

echo 1 > /proc/sys ...
read more

New look and feel

Sun 29 June 2014 by admin

After couple months of inactivity I am starting with new look of blog site. It's not only a new theme, but it's completly rewrite engine. No more complexity of Wordpress on top of Varnish,Nginx,PHP,MySQL just pure static content generated by Pelican. Static website is served ...

read more

Jesień Linuksowa 2013

Tue 08 October 2013 by admin

Tym razem po drugiej stronie mikrofonu:

Zaopiekuj się moimi logami
Witold Duranek

więcej na: http://jesien.org/2013/pl/agenda

Zapraszam,

read more

Zerofree your filesystem

Sat 28 September 2013 by admin

Lets assume that you have file image:

dd if=/dev/zero of=file.1 bs=4k count=128

on top of it you create filesystem ext3/ext4

mkfs.ext4 /root/file.1

mount it, create remove some files etc. and you gonna make it more space efficient, that's ...

read more

Some notes about memory ballooning in VMware

Sun 01 September 2013 by admin

Couple days ago I found out that memory usage grow rapidly on one server. After couple minutes of investigation, it was clear that memory balloon take place. Of course it will happen only if you have vmware tools installed. To find out what was happening, you can look at vmware ...

read more

Manage your hard disks

Sun 04 August 2013 by admin

Make one step forward after rediscovering newly added hard disk, simply how to resize it. In virtual world simply put the new disk size, but how to reflect this change in guest operating system:

echo 1 > /sys/block/<devname>/device/rescan
partprobe

Continuing how to make them unavailable first to ...

read more

Sign your scripts

Sun 30 June 2013 by admin

Remote command execution from one host to another is nothing new in more complex infrastructure. It is usually going to happen at low user level privilege and it's also password less ssh communication based on ssh keys. But what happens when ssh keys leaked or this account was compromised ...

read more

VMware disk cloning

Sun 16 June 2013 by admin

Using free VMware vSphere Hypervisor doesn't give us a chance to easily clone virtual machines disks and cope with thin provision disks. But we could leverage administration to CLI (shell) and there we have command called: vmkfstools. This command is used to manage virtual disks i.e. create, convert ...

read more

linux nocache idea

Sun 09 June 2013 by admin

Each time when you read file it's content is put into cache:

# grep -w "Cached" /proc/meminfo
Cached:           255220 kB
# cat sample.file >/dev/null
# grep -w "Cached" /proc/meminfo
Cached:           357628 kB

of course it happens when there is enough free memory. But imagine situation when you read ...

read more