Archive for August, 2007
Simplifying mass IP address changes
August 28th, 2007

For those that aren’t aware, ResTek is switching to a new internet provider, which also involves changing to a new IP address space. ARIN allocated us 67.201.192.0/18 (~16,000 hosts), which is awesome. Fortunately, we recently resubnetted our existing network in the 66.165.0.0/19 address space, and that involved moving the servers and networking equipment to their own subnets. We decided to preserve much of that order in this move, so a lot of the changes involved simply replacing octets 1-3 of our server IP addresses with the new ones. A job for sed!

I decided to create a very simple script to make the cutover easier, and also make sure that it would be possible to switch back to the old configuration files if something went awry.

The script is simple and has 3 modes:

  1. copy a list of files to new/ and old/ for editing

  2. install the new set

  3. revert to the old set

[kian@alvis ~/ipswitch]$ ls
alvis.lst       new             old             switch.sh

The ‘alvis.lst’ file is simply a file containing a list of files that are going to change between the two sets.

First, we backup all of the current files into two places—one will be the original set, the other will be changed.

[kian@alvis ~/ipswitch]$ sudo sh switch.sh grab
Password:
/etc/rc.conf -> old/rc.conf
/etc/rc.conf -> new/rc.conf
/etc/hosts -> old/hosts
/etc/hosts -> new/hosts
/etc/resolv.conf -> old/resolv.conf
/etc/resolv.conf -> new/resolv.conf
/etc/pf.conf -> old/pf.conf
/etc/pf.conf -> new/pf.conf
/usr/local/etc/apache22/httpd.conf -> old/httpd.conf
/usr/local/etc/apache22/httpd.conf -> new/httpd.conf
/usr/local/etc/apache22/httpd.conf-chroot -> old/httpd.conf-chroot
/usr/local/etc/apache22/httpd.conf-chroot -> new/httpd.conf-chroot
/usr/local/etc/apache22/httpd.conf-nochroot -> old/httpd.conf-nochroot
/usr/local/etc/apache22/httpd.conf-nochroot -> new/httpd.conf-nochroot
/usr/local/etc/nrpe.cfg -> old/nrpe.cfg
/usr/local/etc/nrpe.cfg -> new/nrpe.cfg
/etc/ssh/sshd_config -> old/sshd_config
/etc/ssh/sshd_config -> new/sshd_config

Next, we modify the files in the “new” directory. It could be as simple as:

[kian@alvis ~/ipswitch/new]$ sed -i .bak -e 's/66.165.31/67.201.255/g' *

...but in our case it involved a little more work (though sed was used!).

Now I could simply install the new set while preserving the originals in “old”:

[kian@alvis ~/ipswitch]$ sudo sh switch.sh new
Installing new configs...
rc.conf -> /etc/rc.conf
hosts -> /etc/hosts
resolv.conf -> /etc/resolv.conf
pf.conf -> /etc/pf.conf
httpd.conf -> /usr/local/etc/apache22/httpd.conf
httpd.conf-chroot -> /usr/local/etc/apache22/httpd.conf-chroot
httpd.conf-nochroot -> /usr/local/etc/apache22/httpd.conf-nochroot
modsecurity_crs_60_custom.conf -> /usr/local/etc/apache22/Includes/mod_security2/modsecurity_crs_60_custom.conf
nrpe.cfg -> /usr/local/etc/nrpe.cfg
sshd_config -> /etc/ssh/sshd_config
[kian@alvis ~/ipswitch]$

Useful to have on each server, in our case. It allows you to avoid the error-prone way of simply copying an original to file.bak.tmp.foo and restarting…

Here it is.

Posted in Uncategorized by kian
No Comments
Server Admin. vs. Tech Innovator/Special Projects (mspaint style)
August 23rd, 2007

Yesterday’s quote of the day:


i was pinging it to check latency, and suddenly it did this … Destination Host Unreachable

I decided to use MS Paint last night. While I was feeling creative, I painted the normal interaction between our server administrator and tech innovator/special projects guy.

At ResTek, our group chemistry is unmatched, but so we get a lot done :)

Here’s to our new internet connection. :)

Server Admin vs. Tech Innovator/Special Projects

Posted in Uncategorized by kian
No Comments