Tag Archives | BASH

Code to query Azure Load Balancer Metrics to verify Availability (VipAvailability )

This one was fun to put together.

I wanted to write code to query the status of an Azure Load Balancer. I couldn’t find much out there. This code query’s the Azure Load Balancer’s Metrics for VipAvailability – through the REST API. If it returns 100 then are good to go. Anyting else, then there may be a issue. You can query any metric, and you can set a time range, I am just looking at the last min.

Note: This is for a Standard Load Balancer, not Basic.

Some of the Metrics Available:

VipAvailability : Average count of availability of VIP endpoints, based on probe results.
DipAvailability : Average count of availability of DIP endpoints, based on probe results.
ByteCount : Total number of bytes processed per front-end.
PacketCount : Total number of packets processed per front-end.
SynCount : Total number of SYN packets received.
SnatConnectionCount : Total number of new SNAT connections, that is, outbound connections that are masqueraded to the Public IP address front-end.

And the same metrics are often referred to by different names (this was confusing to me):

value               localizedValue                
-----               --------------                
VipAvailability     Data Path Availability        
DipAvailability     Health Probe Status           
ByteCount           Byte Count                    
PacketCount         Packet Count                  
SYNCount            SYN Count                     
SnatConnectionCount SNAT Connection Count         
AllocatedSnatPorts  Allocated SNAT Ports (Preview)
UsedSnatPorts       Used SNAT Ports (Preview) 

Here is the code (bouns: BASH/cURL too) to find the VipAvaiablity of Azure Load Balancers:

$SubscriptionId = "$($env:SubscriptionId)"
$TenantId       = "$($env:TenantId)" 
$ClientID       = "$($env:ClientID)"      
$ClientSecret   = "$($env:ClientSecret)"  
$TenantDomain   = "$($env:TenantDomain)" 
$loginURL       = "https://login.microsoftonline.com/$TenantId/oauth2/token"
$resource      = "https://management.core.windows.net/" 
$resourceGroupName = "eastUS-01"
$body           = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
$oauth          = Invoke-RestMethod -Method Post -Uri $loginURL -Body $body
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}

$start=((Get-Date).AddMinutes(-1)).ToUniversalTime().ToString("yyy-MM-ddTHH:mm:00Z")
$end=(Get-Date).ToUniversalTime().ToString("yyy-MM-ddTHH:mm:00Z")
$filter = "(name.value eq 'VipAvailability') and aggregationType eq 'Average' and startTime eq $start and endTime eq $end and timeGrain eq duration'PT1M'"
$url = "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Network/loadBalancers/jemurphyLB01/providers/microsoft.insights/metrics?`$filter=${filter}&api-version=2016-09-01"
$results=Invoke-RestMethod -Uri $url -Headers $headerParams -Method Get
$results.value | select -ExpandProperty data | select timestamp,average
SUBSCRIPTIONID=""
RESOURCEGROUPNAME=""
CLIENTID=""
CLIENTSECRET=""
TENANTID=""
RESOURCEGROUPNAME=""
LBNAME=""

LOGINURL="https://login.microsoftonline.com/$TENANTID/oauth2/token"
RESOURCE="https://management.core.windows.net/" 

TOKEN=$(curl --silent --request POST $LOGINURL --data-urlencode "resource=https://management.core.windows.net" --data-urlencode "client_id=$CLIENTID" --data-urlencode "grant_type=client_credentials" --data-urlencode "client_secret=$CLIENTSECRET" | jq -r '.access_token')

STARTTIME=$(date -u +'%Y-%m-%dT%H:%M:00' --date='-1 min')
ENDTIME=$(date -u +'%Y-%m-%dT%H:%M:00')

FILTER="(name.value eq 'VipAvailability') and aggregationType eq 'Average' and startTime eq $STARTTIME and endTime eq $ENDTIME and timeGrain eq duration'PT1M'"
URL="https://management.azure.com/subscriptions/$SUBSCRIPTIONID/resourceGroups/$RESOURCEGROUPNAME/providers/Microsoft.Network/loadBalancers/$LBNAME/providers/microsoft.insights/metrics"

RESULTS=$(curl -s -G --header "authorization: Bearer $TOKEN" --data-urlencode "\$filter=$FILTER" --data-urlencode "api-version=2016-09-01" $URL | jq .value[].data[].average)

echo "$RESULTS"

I think the hardest part was trying to get the date and time in the right format. Why is that so hard?

This HAS to be helpful to some one!

0

Note to self: cURL with data-urlencode for GET/QuerySting values

I know I would loose this if I didn’t blog it.
With cURL, you can use “–data-urlencode” with query string params and a GET if you include the “-G” parameter. Of course you still have to escape things out, I just found it easer to add all the QueryString params separately. All the examples I could find were for POSTs.

FILTER="ReallyLongStringWIth"$VARS" SPACES and ' SINGLE quotes and a &"
curl -s -G --header "authorization: Bearer $TOKEN" --data-urlencode "\$filter=$FILTER" --data-urlencode "api-version=2016-09-01" $URL 

0

Raspberry Pi, Raspbian Jessie (based on Debian Jessie) disable AutoLogin GUI & Console

I did NOT want my Raspbian Jessie install to automatically boot into the GUI, and I did Not want it to autologin.

I know I can run raspi-config to change it, but I like to script things! I finally tracked down the code for the new raspi-config that supports systemd. It can be found here .

Here are the commands to change what used to be the run level.

Console

systemctl set-default multi-user.target
ln -fs /lib/systemd/system/[email protected] /etc/systemd/system/getty.target.wants/[email protected]

Console Autologin

systemctl set-default multi-user.target
ln -fs /etc/systemd/system/[email protected] /etc/systemd/system/getty.target.wants/[email protected]

Desktop

systemctl set-default graphical.target
ln -fs /lib/systemd/system/[email protected] /etc/systemd/system/getty.target.wants/[email protected]
sed /etc/lightdm/lightdm.conf -i -e "s/^autologin-user=pi/#autologin-user=/"

Desktop AutoLogin

systemctl set-default graphical.target
ln -fs /etc/systemd/system/[email protected] /etc/systemd/system/getty.target.wants/[email protected]
sed /etc/lightdm/lightdm.conf -i -e "s/^#autologin-user=.*/autologin-user=pi/"

 

Hope that helps someone.

BASH script to change the Security Keys and SALTs in a wp-config.php file

I wanted to automatically change the Security Keys/SALTS when provisioning a new WordPress site. WordPress.com has a service that spits back random values. (https://api.wordpress.org/secret-key/1.1/salt/). The script below CURLs the values and then modifies a wp-config.php file with the new random values.

SALTS=$(curl -s https://api.wordpress.org/secret-key/1.1/salt/)
while read -r SALT; do
SEARCH="define('$(echo "$SALT" | cut -d "'" -f 2)"
REPLACE=$(echo "$SALT" | cut -d "'" -f 4)
echo "... $SEARCH ... $SEARCH ..."
sed -i "/^$SEARCH/s/put your unique phrase here/$(echo $REPLACE | sed -e 's/\\/\\\\/g' -e 's/\//\\\//g' -e 's/&/\\\&/g')/" /Path/To/Your/wp-config.php
done <<< "$SALTS"

Don’t remember where I got the pieces of this, but here it is, I have been using it for a while and it seems to work well.
Hope that helps someone.

Installing WordPress via shell script(BASH)

We have been using a provisioning script that downloads the latest wordpress zip file, extracts into the right location it and sets up the DB connection. I wanted to take it a step further and eliminate the install.php page. The one that looks like this:Screen_Shot_2013-03-06_at_3.54.19_PM-2

 

So i sat down to figure out how to “Install WordPress” via shell script. Here is that command:

SITENAME="blog"
DOMAINNAME="company.com"
PASSWORD="MySecurePassword"
wp_install_result=$(php -r 'define("WP_SITEURL", "http://'$SITENAME.$DOMAINNAME'");define("WP_INSTALLING", true);require_once("./wp-load.php");require_once("wp-admin/includes/upgrade.php");$response=wp_install("TITLE", admin, "[email protected]", false, null, "'$PASSWORD'");echo $response;')

 
After WordPress is “installed”, we can now activate plugins.

Activating and deactivating WordPress plugins from a shell script (BASH)

I needed to update my WordPress site provisioning script to download, install and activate a WordPress plugin. The download is the easy part (I just use wget). But how do I activate the plugin. This is what I cam up with:

result=$(php -r 'require_once("./wp-load.php");require_once("wp-admin/includes/admin.php");activate_plugin("hello.php");')

And to be complete, to deactivate:

result=$(php -r 'require_once("./wp-load.php");require_once("wp-admin/includes/admin.php");deactivate_plugins("hello.php");')

Using cURL, BASH and Google oAuth to access Google Analytics

In this previous post, I used cURL (the command line version) to interact with Google Analytics. I wanted to do the same thing but using oAuth. I took a lot from this page, but there were a few things that I couldn’t get working, and a few things I didn’t know.

Follow Steps 1-6 on this page. These are steps that you need to follow to get your app registered with Google

In step 6, copy down the code, and keep track of it. It needs to be reused every time you need to get a new token. If you loose it, then you need to run step 6 over again. I didn’t know that.

Here is my script. I will jump through the code below it.

#!/bin/bash
CODE="4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu&amp"
CLEINTID="1234567890.apps.googleusercontent.com"
HEADER="Content-Type: application/x-www-form-urlencoded"
CLIENTSECRET="aBcDeFgHiJkLmNoPqRsTuVwXyZ"
REDIRECTURI="urn:ietf:wg:oauth:2.0:oob"

# I keep the ACCESS_TOKEN and the REFRESH_TOKEN in a file.
if [ -s ~/.google ];then
	ACCESS_TOKEN=$(cat ~/.gauth | grep access_token | awk -F"," '{print $2}' | tr -d ' ')
	REFRESH_TOKEN=$(cat ~/.gauth | grep refresh_token | awk -F"," '{print $2}' | tr -d ' ')
else
	# not used before
	NEWTOKEN=$(curl -s -d "code=$CODE&amp;redirect_uri=$REDIRECTURI&amp;client_id=$CLEINTID&amp;scope=&amp;client_secret=$CLIENTSECRET&amp;grant_type=authorization_code" https://accounts.google.com/o/oauth2/token)
	ACCESS_TOKEN=$(echo $NEWTOKEN | awk -F"," '{print $1}' | awk -F":" '{print $2}' | sed s/\"//g | tr -d ' ')
	REFRESH_TOKEN=$(echo $NEWTOKEN | awk -F"," '{print $4}' | awk -F":" '{print $2}' | sed s/\"//g | sed s/}// | tr -d ' ')
	echo access_token , $ACCESS_TOKEN &gt; .google
	echo refresh_token , $REFRESH_TOKEN &gt;&gt; .google
fi
EXPIRED=$(curl -s https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=$ACCESS_TOKEN | grep 'invalid_token')
if [ "$EXPIRED" ]       
then
	echo "EXPIRED"
	REFRESHRETURN=$(curl -s -d "client_secret=$CLIENTSECRET&amp;grant_type=refresh_token&amp;refresh_token=$REFRESH_TOKEN&amp;client_id=$CLEINTID" https://accounts.google.com/o/oauth2/token)
	ACCESS_TOKEN=$(echo $REFRESHRETURN | awk -F"," '{print $1}' | awk -F":" '{print $2}' | sed s/\"//g | tr -d ' ')
	echo access_token , $ACCESS_TOKEN &gt; .gauth
	echo refresh_token , $REFRESH_TOKEN &gt;&gt; .gauth
fi 
AUTH=$ACCESS_TOKEN
# now in your curl code to retrieve the google analytics data, you use --header "Authorization: OAuth $AUTH"

Lines 1-6: I am setting up my variables with data as described in the linked post.
Lines 8-11: I keep track of the current access token and the refresh token in a config file. If the file exists then parse out the values
Lines 12-19: This is the first time this has been run, so I need to create the file, and put in it a new token and the refresh token. Note the refresh token needs to be saved, and is only given to you once. I did not know that.
Line 20: checks to see if the access token is expired.
Lines 21-28: if the access token is expired, use the refresh token to get a new access token and then save it to the file.

That is it. I hope to translate into PowerShell next – I am sure this code exists, but this is how I learn.

Hope this helps someone.