From fa5deaee2e0182ddfc7b39eea7ee2acedb259ddf Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 4 Apr 2022 01:56:54 -0400 Subject: [PATCH] various fixes --- brc | 53 +++++++++----- brc2 | 20 +++--- btrfsmaint | 4 +- check-remote-mailqs | 3 +- distro-end | 7 +- epanic-clean | 71 +++++++++++-------- filesystem/etc/apt/detect-http-proxy | 2 +- filesystem/etc/needrestart/conf.d/iank.conf | 4 ++ filesystem/etc/prometheus/rules/iank.yml | 8 +++ .../etc/udev/rules.d/99-precursor-usb.rules | 2 + lan-dyn-dns-update | 2 +- mail-setup | 5 +- mailtest-check | 2 +- mount-latest-subvol | 4 +- myi3status | 2 +- system-status | 21 ++++-- unsaved-buffers.el | 23 +++--- ziva-backup-check | 3 +- 18 files changed, 147 insertions(+), 89 deletions(-) create mode 100644 filesystem/etc/udev/rules.d/99-precursor-usb.rules diff --git a/brc b/brc index 00a4862..502be7e 100644 --- a/brc +++ b/brc @@ -397,19 +397,29 @@ b() { c - } -vp9() { - in=$PWD/$1 +hexipv4() { + printf '%d.%d.%d.%d\n' $(echo $1 | sed 's/../0x& /g') +} - if [[ $2 ]]; then - out=$PWD/$2 - else - out=$PWD/vp9/$1 - fi - cd $(mktemp -d) - pwd - ffmpeg -threads 0 -i $in -g 192 -vcodec libvpx-vp9 -vf scale=-1:720 -max_muxing_queue_size 9999 -b:v 750K -pass 1 -an -f null /dev/null && \ - ffmpeg -y -threads 0 -i $in -g 192 -vcodec libvpx-vp9 -vf scale=-1:720 -max_muxing_queue_size 9999 -b:v 750K -pass 2 -c:a libvorbis -qscale:a 5 $out - cd - +vp9() { + local f out outdir in + outdir=vp9 + case $1 in + --out) + outdir=$2 + shift 2 + ;; + esac + m mkdir -p $outdir + for f; do + out=$PWD/$outdir/$f + in=$PWD/$f + m cd $(mktemp -d) + pwd + m ffmpeg -threads 0 -i $in -g 192 -vcodec libvpx-vp9 -vf scale=-1:720 -max_muxing_queue_size 9999 -b:v 750K -pass 1 -an -f null /dev/null + m ffmpeg -y -threads 0 -i $in -g 192 -vcodec libvpx-vp9 -vf scale=-1:720 -max_muxing_queue_size 9999 -b:v 750K -pass 2 -c:a libvorbis -qscale:a 5 $out + cd - + done } utcl() { # utc 24 hour time to local hour 24 hour time @@ -474,7 +484,17 @@ chrbind() { for d in dev proc sys dev/pts; do [[ -d $d ]] if ! mountpoint $d &>/dev/null; then - s mount -o bind /$d $d + m s mount -o bind /$d $d + fi + done +} +chumount() { + local d + # dev/pts needed for pacman signature check + for d in dev proc sys dev/pts; do + [[ -d $d ]] + if mountpoint $d &>/dev/null; then + m s umount $d fi done } @@ -1626,7 +1646,6 @@ sl() { return 1 fi - now=$(date +%s) dorsync=false haveinfo=false tmpa=($SL_INFO_DIR/???????????"$remote") @@ -1684,7 +1703,7 @@ sl() { RSYNC_RSH="ssh ${args[*]}" m rsync -rptL --delete $sl_rsync_args $SL_FILES_DIR "$remote": fi if $dorsync || ! $haveinfo; then - sshinfo=$SL_INFO_DIR/$now$type"$remote" + sshinfo=$SL_INFO_DIR/$EPOCHSECONDS$type"$remote" [[ -e $SL_INFO_DIR ]] || mkdir -p $SL_INFO_DIR printf "%s\n" "$extra_info" >$sshinfo chmod 666 $sshinfo @@ -1920,8 +1939,7 @@ s/^\Wcapability: (.*)/\1/;Ta;h;b # * misc stuff -if $use_color; then - +if $use_color && type -p tput &>/dev/null; then term_bold="$(tput bold)" term_red="$(tput setaf 1)" term_green="$(tput setaf 2)" @@ -1933,7 +1951,6 @@ if $use_color; then # term_underl="$(tput smul)" # term_blue="$(tput setaf 4)" # term_cyan="$(tput setaf 6)" - fi # Try to keep environment pollution down, EPA loves us. unset safe_term match_lhs use_color diff --git a/brc2 b/brc2 index 486bd25..02aa77f 100644 --- a/brc2 +++ b/brc2 @@ -519,11 +519,11 @@ dnsup() { } dnsb8() { local f=/var/lib/bind/db.b8.nz - ser stop bind9 - sleep 1 - sudo rm -fv $f.jnl - sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f - ser restart bind9 + m ser stop bind9 + m sleep 1 + m sudo rm -fv $f.jnl + m sudo install -m 644 -o bind -g bind /p/c/machine_specific/vps/bind-initial/db.b8.nz $f + m ser restart bind9 } dnsecgen() { # keys generated like this @@ -973,10 +973,9 @@ hstatus() { # work log wlog() { local day now i - now=$(date +%s) for (( i=0; i<60; i++ )); do - day=$( date +%F -d @$((now - 86400*i )) ) - date "+%a %b %d" -d @$((now - 86400*i )) | tr '\n' ' ' + day=$( date +%F -d @$((EPOCHSECONDS - 86400*i )) ) + date "+%a %b %d" -d @$((EPOCHSECONDS - 86400*i )) | tr '\n' ' ' /a/opt/timetrap/bin/t d -ftotal -s $day -e $day all -m '^w|lunch$' done } @@ -1234,8 +1233,7 @@ allmyirc() { } mygajim() { - local now time time_sec time_pretty - now=$(date +%s) + local time time_sec time_pretty sqlite3 -separator ' ' /p/c/subdir_files/.local/share/gajim/logs.db "select time, message from logs where contact_name = 'iank' and jid_id = 17;" | while read -r time l; do case $time in 16*) : ;; @@ -1248,7 +1246,7 @@ mygajim() { echo $time_pretty "$l" time_sec=${time%%.*} # only look at the last 18 days. generally just use this for timesheet. - if (( time_sec < now - 60 * 60 * 24 * 18 )); then break; fi + if (( time_sec < EPOCHSECONDS - 60 * 60 * 24 * 18 )); then break; fi done } diff --git a/btrfsmaint b/btrfsmaint index 1639a8d..eab8376 100755 --- a/btrfsmaint +++ b/btrfsmaint @@ -152,9 +152,9 @@ main() { # the wiki recommends 30 days or so, but # it makes the comp lag like shit for a day, # so I'm going with 90 days. - if (( date > $(date +%s) - 60*60*24*30 )); then + if (( date > EPOCHSECONDS - 60*60*24*30 )); then if $dryrun; then - echo "$0: skiping scrub of $mnt, last was $(( ($(date +%s) - date) / 60/60/24 )) days ago, < 30 days" + echo "$0: skiping scrub of $mnt, last was $(( (EPOCHSECONDS - date) / 60/60/24 )) days ago, < 30 days" fi continue fi diff --git a/check-remote-mailqs b/check-remote-mailqs index 6e9cf7c..d37ec7a 100755 --- a/check-remote-mailqs +++ b/check-remote-mailqs @@ -26,8 +26,7 @@ for h in bk je li frodo kwwg x3wg x2wg kdwg sywg; do else if [[ -s $statefile ]]; then logsec=$(date +%s -d "$(head -n1 $statefile | awk '{print $1,$2}')") - nowsec=$(date +%s) - if (( logsec < nowsec - 60*60*20 )); then + if (( logsec < EPOCHSECONDS - 60*60*20 )); then echo $0: host $h ssh /usr/local/bin/check-mailq fail for over 20 hours fi fi diff --git a/distro-end b/distro-end index 878a6ab..539856c 100755 --- a/distro-end +++ b/distro-end @@ -1552,7 +1552,8 @@ sudo chown -R debian-transmission:debian-transmission /var/lib/transmission-daem # It is a read & write cache. if ! systemctl is-active transmission-daemon-nn &>/dev/null && \ ! systemctl is-active transmission-daemon; then - sudo ruby <$tmp require 'json' p = '/etc/transmission-daemon/settings.json' s = { @@ -1568,8 +1569,10 @@ s = { "ratio-limit" => 5.0, "ratio-limit-enabled" => false, } -puts(JSON.pretty_generate(JSON.parse(File.read(p)).merge())) +puts(JSON.pretty_generate(JSON.parse(File.read(p)).merge(s))) EOF + cat $tmp | sudo dd of=/etc/transmission-daemon/settings.json + fi ####### end transmission diff --git a/epanic-clean b/epanic-clean index 4f365fd..bb9115e 100755 --- a/epanic-clean +++ b/epanic-clean @@ -28,7 +28,9 @@ d() { pl=/var/log/exim4/paniclog main() { + pr_metric=0 if [[ ! -s $pl ]]; then + echo "exim_paniclog $pr_metric" >/var/lib/prometheus/node-exporter/exim_paniclog.prom return 0 fi @@ -50,33 +52,6 @@ main() { grep "$regex" $pl >> $pl-archive ||: sed -i "/$regex/d" $pl - ## begin broken pipe & write lock ## - regex="Failed to get write lock\|Failed writing transport results to pipe: Broken pipe$" - now_s=$(date +%s) - newlines=false - count=0 - while read -r day time _; do - log_s=$(date -d "$day $time" +%s) - count=$((count+1)) - if (( now_s - 300 > log_s )); then - newlines=true - fi - done < <(grep "$regex" $pl ||:) - if (( count )); then - # I see broken pipe in groups of 3 for the same message around once a day - # randomly. I'm guessing they are related to running 2 instances of - # exim which share the same spool. So, if we have some, but not in - # the last 5 minutes, and less than 20, it should be fine to clear - # them. write lock happens less but can fit under the same rule. - if (( count > 20 )); then - cat $pl - elif ! $newlines; then - grep "$regex" $pl >>$pl-archive - sed -i "/$regex/d" $pl - fi - fi - ## end broken pipe ## - while read -r service regex; do found=false wipe=true @@ -85,7 +60,9 @@ main() { d "$d1 $d2" found=true tmptime=$(date -d "$d1 $d2" +%s) - # dont consider every matching line, just those in > 60 second intervals + # Checking the journal takes a second or two, so + # dont consider every matching line, just those > 60 seconds apart. We are + # testing the journal for 60 seconds after the message, so should be ok. if [[ ! $logtime ]]; then logtime=$tmptime elif (( tmptime > logtime + 60 )); then @@ -124,6 +101,44 @@ main() { clamav-daemon malware acl condition spamassassin spam acl condition EOF + + ## begin broken pipe & write lock & general alert ## + regex="Failed to get write lock\|Failed writing transport results to pipe: Broken pipe$" + newlines=false + count=0 + while read -r day time _; do + log_s=$(date -d "$day $time" +%s) + count=$((count+1)) + if (( log_s > EPOCHSECONDS - 300 )); then + newlines=true + fi + done < <(grep "$regex" $pl ||:) + if (( count )); then + # I see broken pipe in groups of 3 for the same message around once a day + # randomly. I'm guessing they are related to running 2 instances of + # exim which share the same spool. So, if we have some, but not in + # the last 5 minutes, and less than 20, it should be fine to clear + # them. write lock happens less but can fit under the same rule. + if (( count > 20 )); then + pr_metric=1 + elif ! $newlines; then + grep "$regex" $pl >>$pl-archive + sed -i "/$regex/d" $pl + fi + fi + + # I think we could alert on anything else older than 61 seconds, + # but lets just add some slack, make it 5 minutes. + while read -r day time _; do + log_s=$(date -d "$day $time" +%s) + if (( log_s < EPOCHSECONDS - 300 )); then + pr_metric=1 + fi + done < <(grep -v "$regex" $pl ||:) + ## end broken pipe ## + + echo "exim_paniclog $pr_metric" >/var/lib/prometheus/node-exporter/exim_paniclog.prom + } loop-main() { diff --git a/filesystem/etc/apt/detect-http-proxy b/filesystem/etc/apt/detect-http-proxy index 6f67003..6ffd025 100755 --- a/filesystem/etc/apt/detect-http-proxy +++ b/filesystem/etc/apt/detect-http-proxy @@ -28,7 +28,7 @@ if [[ ! -w /tmp ]]; then exit 0 fi modtime=$(stat -c %Y $f 2>/dev/null ) ||: -if [[ $modtime ]] && (( $(( $(date +%s) - modtime )) < 60*10 )); then +if [[ $modtime ]] && (( $(( EPOCHSECONDS - modtime )) < 60*10 )); then echo DIRECT exit 0 else diff --git a/filesystem/etc/needrestart/conf.d/iank.conf b/filesystem/etc/needrestart/conf.d/iank.conf index 78d20ce..7e9988f 100644 --- a/filesystem/etc/needrestart/conf.d/iank.conf +++ b/filesystem/etc/needrestart/conf.d/iank.conf @@ -1,2 +1,6 @@ # Restart mode: (l)ist only, (i)nteractive or (a)utomatically. $nrconf{restart} = 'a'; +# 0: disable microcode checks completely +# On my systems, the default makes the nagios check return 3, unknown. +# I don't have any systems which need microcode update detection. +$nrconf{ucodehints} = 0; diff --git a/filesystem/etc/prometheus/rules/iank.yml b/filesystem/etc/prometheus/rules/iank.yml index 75b5cbc..40fc404 100644 --- a/filesystem/etc/prometheus/rules/iank.yml +++ b/filesystem/etc/prometheus/rules/iank.yml @@ -85,11 +85,19 @@ groups: severity: warn - alert: sysd_result_fail + # not sure 30m is really needed, it prevents the alert from flapping + # i guess. expr: |- rate(node_systemd_unit_result_fail_count[30m]) > 0 labels: severity: day + - alert: exim_paniclog + expr: |- + exim_paniclog > 0 + labels: + severity: warn + - alert: mailtest_check_vps expr: |- time() - mailtest_check_last_usec{job="tlsnode"} >= 60 * 12 diff --git a/filesystem/etc/udev/rules.d/99-precursor-usb.rules b/filesystem/etc/udev/rules.d/99-precursor-usb.rules new file mode 100644 index 0000000..64538da --- /dev/null +++ b/filesystem/etc/udev/rules.d/99-precursor-usb.rules @@ -0,0 +1,2 @@ +# https://github.com/betrusted-io/betrusted-wiki/wiki/Updating-Your-Device +SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5bf0", GROUP="plugdev", TAG+="uaccess" diff --git a/lan-dyn-dns-update b/lan-dyn-dns-update index 206fa7a..88cdf2d 100644 --- a/lan-dyn-dns-update +++ b/lan-dyn-dns-update @@ -18,7 +18,7 @@ while read -r ip host; do ssh wrt tar -C /etc -c hosts | tar -x if grep -qFx "$ip $host" hosts; then continue; fi # openvpn udpates its status file every 60 seconds by default - if (( $(stat -c%Y hosts) > $(( $(date +%s) + 60 )) )); then + if (( $(stat -c%Y hosts) > EPOCHSECONDS + 60 )); then sleep 60 if $is_connected; then continue; fi fi diff --git a/mail-setup b/mail-setup index f47f6ab..7da0524 100755 --- a/mail-setup +++ b/mail-setup @@ -2387,7 +2387,8 @@ QUEUERUNNER='combined' QUEUEINTERVAL='30m' COMMONOPTIONS='-C /etc/exim4/my.conf' UPEX4OPTS='-o /etc/exim4/my.conf' -#E4BCD_PANICLOG_NOISE='exim user lost privilege for using -C option' +# i use epanic-clean for alerting if there are bad paniclog entries +E4BCD_WATCH_PANICLOG='no' EOF chown Debian-exim:Debian-exim /usr/sbin/exim4 # needs guid set in order to become Debian-exim @@ -3183,7 +3184,7 @@ EOF /usr/sbin/exim -f $test_from -t </dev/null |head -n1 || : )) fi - now=$(date +%s) + now=$EPOCHSECONDS maxtime=0 for s in ${snaps[@]}; do file=${s##*/} @@ -194,14 +194,21 @@ write-status() { esac fi - - if pgrep -G iank -u iank -f 'emacs --daemon' &>/dev/null; then - emacsfiles="$(emacsclient --eval "$(cat /usr/local/bin/unsaved-buffers.el)"| sed '/^"nil"$/d;s/^"(/E: /;s/)"$//')" - if [[ $emacsfiles ]]; then - chars+=("$emacsfiles") + # We do this once every 5 minutes, since this is not a grave problem. + # For formatted elisp, see /b/ds/unsaved-buffers.el + elisp='(format "%s" (-reduce-from (lambda (acc buf) (let ((bpath (buffer-file-name buf))) (if (and bpath (buffer-modified-p buf)) (cons bpath acc ) acc))) nil (buffer-list)))' + if [[ ! $last_emacs_check || $emacsfiles ]] || (( last_emacs_check < EPOCHSECONDS - 300 )); then + if pgrep -G iank -u iank -f 'emacs --daemon' &>/dev/null; then + # i dun care if this fails + emacsfiles="$(timeout 1 emacsclient --eval "$elisp"| sed '/^"nil"$/d;s/^"(/E: /;s/)"$//' ||:)" + if [[ $emacsfiles ]]; then + chars+=("$emacsfiles") + fi fi + last_emacs_check=$EPOCHSECONDS fi + glob=(/nocow/btrfs-stale/*) if [[ -e ${glob[0]} ]]; then chars+=(STALE) @@ -261,7 +268,7 @@ write-status() { # shellcheck disable=SC2043 for _ in 1; do if [[ -e $f ]]; then - now=$(date +%s) + now=$EPOCHSECONDS fsec=$(stat -c%Y $f) # the / 60 makes it 0-59 seconds less strict, +1 to help make sure we # dont have any false positives. diff --git a/unsaved-buffers.el b/unsaved-buffers.el index 15f0f53..6347e99 100644 --- a/unsaved-buffers.el +++ b/unsaved-buffers.el @@ -1,20 +1,25 @@ ;; print buffers unsaved, unless within "seconds" below -;; run with -;; emacsclient --eval "$(cat /a/bin/ds/unsaved-buffers.el)" | sed 's/^..//;s/..$//' - +;; for example running, see system-stat (format "%s" (-reduce-from (lambda (acc buf) - (let ((seconds 60) - (bpath (buffer-file-name buf))) + (let ((bpath (buffer-file-name buf))) (if (and bpath - (buffer-modified-p buf) - (time-less-p - (file-attribute-modification-time (file-attributes bpath)) - (time-add (current-time) (- seconds)))) + (buffer-modified-p buf)) (cons bpath acc ) acc))) nil (buffer-list)) ) + +;; put into +;; (format "%s" (-reduce-from (lambda (acc buf) (let ((bpath (buffer-file-name buf))) (if (and bpath (buffer-modified-p buf)) (cons bpath acc ) acc))) nil (buffer-list))) + + +;; +;; Previously, I used a condition to check only for files not saved +;; which had mod times > 60 seconds. However, using it my system status +;; script meant stating a lot of files over and over, which eventually +;; caused some lag, so I abandoned it. +;; diff --git a/ziva-backup-check b/ziva-backup-check index 664750d..849453d 100755 --- a/ziva-backup-check +++ b/ziva-backup-check @@ -18,7 +18,6 @@ fi ## begin check on btrbk -now=$(date +%s) age_limit_sec=$(( 60 * 60 * 50 )) # 50 hours for prefix in root boot; do vol=${prefix}_ubuntubionic @@ -40,7 +39,7 @@ for prefix in root boot; do err "could not find latest snapshot for $svp among ${snaps[*]}" exit 1 fi - if (( last_snap_sec < now - age_limit_sec )); then + if (( last_snap_sec < EPOCHSECONDS - age_limit_sec )); then err vol $vol last backup older than 50 hours: $last_snap fi done -- 2.30.2