Thursday, December 13, 2012

nagios linux software raid plugin

Until now, I was using Hari Sekhon 0.7.2 check_md_raid plugin to monitor Centos software disk RAIDs.

There was an issue: in Centos there is a weekly cron job /etc/cron.weekly/99-raid-check that resync all the md raid devices.
So every weekends there were Nagios warnings for each Centos linux server about unclean md status, until resync finished.

Not so nice.

So I switched to a plugin found under the contrib directory of official Nagios plugins: /usr/lib64/nagios/plugins/check_md_raid

command[check_raid]=/usr/lib64/nagios/plugins/contrib/check_linux_raid.pl

Friday, November 23, 2012

mac os x and cisco vpn problem

To solve the well-known problem in Mac OS X (Lion) related to a Cisco VPN, you can follow these steps.

The problem is: using the built in VPN client to connect to a Cisco ASA, there is a problem related to DNS.
There is no way, using the GUI, to solve the issue. You can set network interface order, but your corporate network DNS will never be involved. So you can ping a connect to your private network using IP addresses, but not domain names (if they are not on a public internet accessible DNS).

With an administrative account, from terminal, create a directory called resolver under /etc

sudo mkdir /etc/resolver

Create a file (called in example with your private domain)

sudo vi /etc/resolver/work.com

Edit it (according to your network)

domain work.com
nameserver 10.10.0.127
nameserver 10.10.0.128
port 53

So, to resolve hostnames ending with work.com, the system will use the right DNS.

Safari works. Using terminal, ping works, but nslookup and host commands do not work.

openindiana, virtualbox and bridged network

openindiana, virtualbox and bridged network

As far I can see, there are problems assigning the physical guest interface (i.e. igb0) to the bridged virtualbox VM network interface.



To avoid problems (i.e. the virtual machine hangs), you must first create a vnic

dladm create-vnic -l igb0 vnic0

... but ... it is not sufficient: you must assign the MAC address of the vnic to the bridged network interface of the VM

dladm show-vnic
LINK         OVER    SPEED  MACADDRESS        MACADDRTYPE    VID
vnic0        igb0    1000   2:8:20:68:25:9b   random    0



If you don't assign the vnic MAC address to the VM network adapter, simply the VM networking doesn't work.

Friday, October 19, 2012

centos kvm console

To enable console access from the host command line to a CentOS guest, this was an useful link

Thursday, October 18, 2012

Centos 6: bridge vlan and bond

/etc/sysconfig/networking/devices/ifcfg-em1
/etc/sysconfig/network-scripts/ifcfg-em1

DEVICE=em1
BOOTPROTO=none
HWADDR=78:2b:cb:xx:xx:xx
ONBOOT=yes
MASTER=bond0
SLAVE=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no


/etc/sysconfig/networking/devices/ifcfg-em1
/etc/sysconfig/network-scripts/ifcfg-em2

DEVICE=em2
BOOTPROTO=none
HWADDR=78:2b:cb:yy:yy:yy
ONBOOT=yes
MASTER=bond0
SLAVE=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no


/etc/sysconfig/networking/devices/ifcfg-bond0
/etc/sysconfig/network-scripts/ifcfg-bond0


DEVICE=bond0
ONBOOT=yes
BOOTPROTO=none
BONDING_OPTS="mode=4 miimon=100 lacp_rate=1"
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
NOZEROCONF=yes



/etc/init.d/network restart

vconfig add bond0 11
brctl addbr brvlan11
brctl addif brvlan11 bond0.11


/etc/sysconfig/network-scripts/ifcfg-bond0.11

DEVICE=bond0.11
ONBOOT=yes
BRIDGE=brvlan11

VLAN=yes


/etc/sysconfig/network-scripts/ifcfg-brvlan11

DEVICE=brvlan11
ONBOOT=yes
TYPE=Bridge
BOOTPROTO=static
IPADDR=10.96.11.40
NETMASK=255.255.255.0
GATEWAY=10.96.11.1

VLAN=yes
STP=on
DELAY=0



On the HP switch

configure

trunk 3-4 Trk4 LACP

vlan 11
tagged Trk4
end




Friday, October 12, 2012

windows internet explorer and https problem

In Internet Explorer you see "Certificate Error: Navigation Blocked": as usual, when visiting sites with self signed certificates or unknown CA.
When pressing the continue to site not recommended blabla button, nothing changes, it just stays on the same page.

So, there is a windows upgrade, KB2661254 (Microsoft Security Advisory: Update for minimum certificate key length) released on 9 October (I think), that prevent access to some https web sites using Internet Explorer.

And Internet Explorer don't say anything. Simply, if you click on Proceed anyway, nothing happens.

So, you must upgrade your web servers to 1024 or 2048 bit keys, or uninstall such windows upgrade, or make changes in the windows registry to lower the minimum certificate key length (search the KB article on the Microsoft site).


Some info http://ssl.entrust.net/blog/?p=1208 

Wednesday, October 10, 2012

mysql Can't create/write to file /var/tmp/

Solaris 10 x86

mysqldump: Couldn't execute 'show fields from `general_log`': Can't create/write to file '/var/tmp/#sql3a3_43024_4.MYI' (Errcode: 13) (1)

Why?! WTF!

The last operation I made was the installation of MegaRAID Storage Manager from LSI Corporation package.

So? The /var/tmp directory was no more 777

Strange

Thursday, September 20, 2012

SunRay VPN password not stored

1) Power cycling by using keys [Stop] [A] or [Control] [Qt moon]  clears
user's VPN password in firmware.

Answer:  The firmware has an security enchancement so now the DTU pays attention to the VPN gateway setting to disallow stored password.
So you have to change the gateway setting if you still want the password in the DTU.


http://permalink.gmane.org/gmane.os.solaris.sunray/13528


So, on your Cisco VPN appliance, go to Network (Client) Access -> Group policies, Edit the group, Advanced -> IPSec Client -> Store Password on Client System and select Enable.

Friday, September 7, 2012

Another SQL query for dcm4chee


Like a previous one, useful to discover files with full path owned by a study.
SIUID = study instance uid

SELECT concat(filesystem.dirpath,'/', files.filepath)
FROM series
JOIN study ON series.study_fk = study.pk
JOIN patient ON study.patient_fk = patient.pk
JOIN instance ON instance.series_fk = series.pk
JOIN files ON instance.pk = files.instance_fk
JOIN filesystem ON files.filesystem_fk = filesystem.pk
WHERE study.study_iuid = '$SIUID';

Friday, August 17, 2012

openindiana zfs nfs share root

Server

sharectl set -p nfsmapid_domain=your.domain nfs

zfs create rpool/nfsshare

zfs set sharenfs=rw,root=client.your.domain  rpool/nfsshare

sharectl get nfs

dfshares


Client

sharectl set -p nfsmapid_domain=your.domain

mount -F nfs -overs=4,rw server.your.domain:/mnt/nfsshare /mnt/nfs


Note

root=client.your.domain

if I use the IP address it doesn't work (?)



nfs mount: mount: /mnt/nfs: Permission denied
touch: cannot create /mnt/nfs/aaa: Permission denied

Tuesday, August 14, 2012

MDM^T02 with embedded PDF HL7 message sample

MSH|^~\&|PROSOLV|XYZHOSPITAL|SYSTEM|XYZHOSPITAL|200801311600||MDM^T02|PS1-20080131160038|P|2.5
EVN|T10|200801311600
PID|1|987654321|987654321||PROSOLV^SAMPLE||19721201|M||||||||||10000001|111-22-3333
PV1|1|I|CCU^2000^1|||CCU^2003^1|1234^HIPPOCRATES^KOS|9099^KEVORKIAN^JACK|8888^HOUSE^GREGORY||||||||||10000001
ORC|SC|00012345|1-1
OBR|1|00012345|1-1|02585^TransthoracicEcho^PCV4|||20080131155500|||||||||||||||200801311600|||F||||||796.4^^I9M~786.09^^I9M~414.8^^I9M||||54321^Doctorovich^Ivan^
TXA|1|DI|TX|200801311555||200801311600|||IvanDoctorovich|||1.2.840.317.5947431.51.20080131160038|1.2.840.317.5947431.51.20080131155715|00012345|1-1||AU|||||54321^Doctorovich^Ivan^^^^^^^^^^^^200801311600
OBX|1|HD|113014^DICOM Study^DCM||1.2.840.317.5947431.51||||||O
OBX|2|ED|02585^TransthoracicEcho^PCV4||^Application^PDF^Base64^Single_Line_base64_encoded_PDF||||||F


The Single_Line_base64_encoded_PDF, must be a base64 encoded PDF string, in a single line, i.e. the result of this linux command

base64 -w 0 document.pdf

Monday, August 13, 2012

Openindiana: Too many authentication failures

From an Openindiana host, and connecting to some Linux hosts, often I receive this error from the ssh client

Received disconnect from 10.11.12.13: 2: Too many authentication failures for yourfuckingusername

The fact is that ssh try to first authenticate using keys, and if you have many keys he tries every one of them, so... maybe the server or the Openindiana (I've never seen this problem on Mac OS X, in example) ssh command exit after two or three failed keys authentication.

The solution is to use PubkeyAuthentication options in the ssh command

ssh -oPubkeyAuthentication=no 10.11.12.13

Or to edit ~/.ssh/conf file

Host 10.11.12.13
    PubkeyAuthentication=no

Can't load log handler *.FileHandler

Starting Tomcat (installed from binary http://tomcat.apache.org/download-60.cgi, on a CentOS 5.5 server), I was getting an error like this in ''catalina.out''

Can't load log handler "4host-manager.org.apache.juli.FileHandler"


This was because I set ''JAVA_OPTS'' at the end of the startup script ''catalina.sh'', overwriting all the default ''JAVA_OPTS''...

So the solution is (obviously):

JAVA_OPTS="blablabla $JAVA_OPTS"

Install additional fonts (like Arial) in Openoffice

Download webfonts form http://www.freedesktop.org/software/fontconfig/webfonts/

Unpack it

Open each desired font file (like arial32.exe) with Archive Manager and extract font files to a temp directory.

Select all desired TTF files and open them with Font viewer.

In the bottom right of the application window, click on "Install Font"

Files will be copied under ~/.fonts/ directory.

Then, use Openoffice "Printer Administration" to add new fonts.
Files will be placed under ~/.openoffice.org/3/user/fonts

Cycling date in bash

Maybe you want to cycle a time frame from a day to another, taking in consideration how many days a month have (also for leap years). Here is how you can do in bash.

Date format is: YYYYMMDD

#!/bin/bash

b=$1
e=$2

while [ "$b" -le "$e" ]
do
   echo $b
   b=$(date +%Y%m%d -d "$b +1 day")
done




Execute it

./loopdate.sh 20090101 20090301


Result

20090101
20090102
...
20090226
20090227
20090228
20090301


It works on Linux, and using gdate (from opencsw, blastwave) on Solaris. On Mac OS X it doesn't work.

How to install Apache Tomcat Native library on CentOS 5.5

If you see this in your tomcat log

INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path:
/usr/java/jdk1.6.0_24/jre/lib/amd64/server:/usr/java/jdk1.6.0_24/jre/lib/amd64:/usr/java/jdk1.6.0_24/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib

Do so:

yum install apr-devel

Download package from http://tomcat.apache.org/download-native.cgi

cd tomcat-native-1.1.20-src/jni/native/

You must have java installed (I use sun-java). Since you are using tomcat, it is already installed, isn't it?

./configure --with-apr=/usr/bin/apr-1-config

In any case you will get (I don't know, I've not investigated)

configure: error: can't locate a valid JDK location

btw

./configure --with-apr=/usr/bin/apr-1-config --with-java-home=/usr/java/jdk1.6.0_24

make

su -

make install

At this point you must inform tomcat where this library is located

We can add
-Djava.library.path=/usr/local/apr/lib
to JAVA_OPTS in the catalina.sh script

or add
export LD_LIBRARY_PATH="/usr/local/apr/lib"
at the begginning of the same script

Friday, August 10, 2012

JAVA cache at System Level

It could be useful to avoid that each user, on a multiuser operating system, have own java cache under his home directory, i.e. a corporate application used by each user. Every time the jnlpi is upgraded, every user have to download the new version in his home directory cache.

Using system level cache, only the first user launching the jnlpi will download the java application in the cache.


vi /usr/java/jre/lib/deployment.config

deployment.system.config file:/etc/java/deployment.properties

vi /etc/java/deployment.properties
deployment.system.cachedir /var/tmp/java/wscache
deployment.system.security.trusted.certs /var/tmp/java/security/trusted.certs

mkdir /var/tmp/java
mkdir /var/tmp/java/wscache


Warning. There will be problems with write and read permission on such directory...

Wednesday, July 25, 2012

Dcm4chee: move study to trash using command line

Using twiddle.sh on command line:

/export/dcm4chee-2.17.2-mysql/bin/twiddle.sh -s 127.0.0.1 -u admin -p password invoke dcm4chee.archive:service=ContentEditService moveStudyToTrash 1.2.826.0.1.3680043.8.291.20091126113000.28044

Where 1.2.826.0.... is the Study Instance UID

This can be useful for mass trashing or if you have timeout problem on large studies.

Monday, July 23, 2012

dcmcompare

Java program useful to query two pacs server and compare results. i.e. same number of studies, same patients etc. 

Please visit https://github.com/alcir/dcmcompare


Friday, July 20, 2012

Solaris, snooping RPC and "can't authenticate (unknown cause)" message


The problem

I had a problem with QStar Remote Admin connecting to a Solaris server. As far I can understand QStar uses RPC.
Sniffing traffic using snoop, I've seen a message like this:

1.2.3.4 →1.2.3.5 RPC R (#140) x10=1209249015 can't authenticate (unknown cause)

The problem was that local_only option in the network/rpc/bind service was set to true.

The solution

svccfg
  svc:> select network/rpc/bind
  svc:/network/rpc/bin> setprop config/local_only=false
  svc:/network/rpc/bind> quit
svcadm refresh network/rpc/bind:default
svcprop network/rpc/bind:default | grep local_only

References

dcmold

Java program useful to query pacs server to get scriptable list of studies in a specified time range.

Please visit https://github.com/alcir/dcmold

Send study with a manually generated Patient ID

Send a study with a manually generated Patient ID using dcm4che tools

/usr/java/jdk1.6.0_31-32bit/jre/bin/java -jar /opt/Mayam/dcm4che-1.4.31/bin/dcmsnd.jar --set=PatientID:552220 dicom://DESTAE@192.168.1.94:11112 /path/to/the/study

SQL queries for dcm4chee

How many US patients have not birth date

select count(distinct s.patient_fk)
from study as s
join patient as p
where s.patient_fk = p.pk
and s.mods_in_study = 'US'
and ( p.pat_birthdate not like '1%'
and p.pat_birthdate not like '2%'
or p.pat_birthdate is NULL )

How many US patients have not M or F sex?

select count(distinct s.patient_fk)
from study as s
join patient as p
where s.patient_fk = p.pk
and s.mods_in_study = 'US'
and (p.pat_sex is NULL
or p.pat_sex = 'O' )

How many studies for each modality?

select distinct mods_in_study , count(mods_in_study) as conto from study group by  mods_in_study

How many patients without studies?

SELECT patient.pat_name, patient.pat_id, patient.pk as papk, study.pk as stpk, study.num_series, study.num_instances
FROM patient LEFT JOIN study ON (patient.pk = study.patient_fk)
WHERE (study.pk IS NULL)
ORDER BY patient.pat_name ASC, patient.pk ASC, study.study_datetime ASC

Studies with a number of instances > 10000 Grouped by Year

select count(cnt) as num, year
from(
  SELECT COUNT(*) as cnt, 
  YEAR(study_datetime) as year
  FROM instance as i
  join series as s 
  on i.series_fk = s.pk
  join study as stu
  on stu.pk = s.study_fk
  GROUP BY YEAR(study_datetime),  i.series_fk
  HAVING COUNT(*) > 10000) XX 
GROUP BY year

Files patient and study iuid year and month

SELECT files.filepath, patient.pat_name, study.study_iuid 
FROM series 
join study on series.study_fk = study.pk
join patient on study.patient_fk = patient.pk
join instance on instance.series_fk = series.pk
join files on instance.pk = files.instance_fk
WHERE series.src_aet="DCM4STORICOMS" and YEAR(study.study_datetime) = '2011' 
and MONTH(study.study_datetime) = 7;

Nagios plugin: check_SL500

check_SL500 is a shell script to check various things on a Sun StorageTek(TM) SL500 Modular Library System (maybe it works with other models). Currently the script can check:
  • fan status
  • drives temperature
  • robot status
  • cap status
  • controller status
  • overall (toplevel) status
  • system load

Firefox SRKiosk add-on Q&A

Where is my profile folder?

Help > Troubleshooting Information
In the new tab click the Show Folder button, or Open Directory.

How to remove Close button

To remove the X close button, delete these lines from content/srkioskbrowser.xul

<toolbarpalette id="BrowserToolbarPalette">
   <toolbarbutton id="closebutton" 

      label="Close browser"
      tooltiptext="Close browser"
      oncommand="closeButton()"
      class="toolbarbutton-1 chromeclass-toolbar-additional closebutton"
   />  
</toolbarpalette>



How to add a link in the top bar

To add a link button in the custom toolbar, edit the content/srkioskbrowser.xul file, put something like this code inside the <toolbox id="navigator-toolbox"> and <toolbar id="KioskLinks-Toolbar"> elements.

The vbox id="Kiosk-ResizeBar" is a vertical line to divide buttons

<toolbox id="navigator-toolbox"> 
   <toolbar id="KioskLinks-Toolbar" toolbarname="Kiosk Links Toolbar" 
      class="chromeclass-toolbar" context="toolbar-context-menu"
      hidden="false" persist="hidden">
 

      <toolbarbutton label="Button link text" 
         tooltiptext="Tooltip on mouse over"
         oncommand="objToolbar.LoadURL('http://link.to.a.site')" />
 

         <vbox id="Kiosk-ResizeBar" />

      ...

   </toolbar>
</toolbox>


How to change home page

Edit the content/variables.js file and set var v_homepage. This will be the home page on browser startup and it is the link associated with the home button.

var v_homepage = "www.yourhome.page";

Note. Such homepage will not be effective the first time you launch Firefox after the change: you must close the browser and reopen it.

Such variable is used in the content/srkioskbrowser.js file

pref.setCharPref("browser.startup.homepage",v_homepage);

How to uninstall the Firekiosk plugin

Easy: start Firefox from command line using the -safe-mode option. Then Tools->Addon->Extensions and remove.

Firefox SRKiosk add-on

A full screen locked kiosk mode for Firefox.

Download

Download from https://addons.mozilla.org/en-US/firefox/addon/srkiosk

Documentation

FIXME

Features

Many things can be changed editing the extension files, see below.
  • Forced full screen
  • All keyboard shortcuts disabled
  • Mouse right-click disabled
  • Menu bar, Add-on bar, Bookmarks toolbar, Navigation toolbar all disabled (hidden?)
  • Hidden address bar
  • Hidden search bar
  • Eventually, “about:”, “file:”, “chrome:” and “resource:” URLs are forbidden
  • You can place “link buttons” as if they are bookmars
  • Print button and Zoom button are available
You must edit files by hand.


Description

I'm not a programmer. I don't know very well Firefox add-ons. So, you can use this extension at your own risk. :-)

To configure and customize this extension, it is supposed:
  • you know where Firefox extensions are installed on your system i.e. /home/user/.mozilla/firefox/muwypw2y.default/extensions on Linux and Solaris or C:\Document and settings\user\Application data\Mozilla\Firefox\Profiles\fj5drt33.default\extensions\ under Windows

  • you are able to edit files (using vi, gedit, wordpad, notepad or what you like)

How to disable the extension

To disable the extension, you must start Firefox in safe mode, then disable or uninstall it:

firefox -safe-mode

Questions and Answers

http://blogoless.blogspot.it/2012/07/firefox-srkiosk-add-on-q.html