For monitoring the time it takes to clone one of our repositories from github.com had to get rid of the warning:
Warning: Permanently added 'github.com,192.30.252.129' (RSA) to the list of known hosts
I found the solution in this StackOverflow question:
“Warning: Permanently added to the list of known hosts” message from Git
I just had to add these line to
I first tried using the time utility but failed on converting the result into seconds:
$ { time ls -l >/dev/null; } 2>&1 | grep real | sed -e 's/real//g' | sed -e 's/ //g'
0m0.006s
Searching the web I found a StackOverflow (Display execution time of shell command with better accuracy) post pointing me to a solution using the bash variable SECONDS
From the Bash Reference Manual:
SECONDS This variable expands to the number of seconds since the shell was started. Assignment to this variable resets the count to the value assigned, and the expanded value becomes the value assigned plus the number of seconds since the assignment.
Example:
$ SECONDS=0; sleep 5; echo "I slept for $SECONDS seconds" I slept for 5 seconds
GitHub Enterprise has a convenient script to see if a GitHub replica is in sync with its primary.
$ ghe-repl-status OK: mysql replication in sync OK: redis replication is in sync OK: elasticsearch cluster is in sync OK: git data is in sync (124 repos, 0 wikis, 0 gists)
I wanted to use this script to monitor the status of replication with Icinga. So I created a ssh key pair for the user ‘icinga’ on the Icinga server.
$ mkdir -m 0700 -p /etc/icinga2/.ssh $ chown icinga:icinga /etc/icinga2/.ssh $ ssh-keygen -t rsa -C "icinga@icinga-server" Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /etc/icinga2/.ssh/id_rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /etc/icinga2/.ssh/id_rsa. Your public key has been saved in /etc/icinga2/.ssh/id_rsa.pub. The key fingerprint is: ...
I then copied the contents of /etc/icinga2/.ssh/id_rsa.pub to /home/admin/.ssh/authorized_keys on the GitHub replica.
Now I can execute the script on the Icinga server:
$ ssh admin@172.31.14.196 -p 122 -i /etc/icinga2/.ssh/id_rsa ghe-repl-status OK: mysql replication in sync OK: redis replication is in sync OK: elasticsearch cluster is in sync OK: git data is in sync (124 repos, 0 wikis, 0 gists) OK: pages data is in sync
The problem is that every other command can be executed as admin user as well which is something I don’t like.
I originally had implemented a much more complicated solution creating some more keys, configuring sudoers and changing one of the scripts of GitHub Enterprise. I posted a request to the GitHub support. They pointed out that the changes I made to the script would be overwritten with each upgrade.
They also pointed me to a nice blog post: Restricting public keys
This blog post describes how to limit what can be executed using a ssh key. So I prepended the key with some options:
command="ghe-repl-status",from="<ip_of_replica>",no-pty,no-agent-forwarding,no-port-forwarding ssh-rsa ...
Now it doesn’t matter which command is executed. The added options makes sure that only ‘ghe-repl-status’ is executed:
$ ssh admin@172.31.14.196 -p 122 -i /etc/icinga2/.ssh/id_rsa ls /tmp OK: mysql replication in sync OK: redis replication is in sync OK: elasticsearch cluster is in sync OK: git data is in sync (124 repos, 0 wikis, 0 gists) OK: pages data is in sync
Clifford Sanders 