Archive for March, 2009

Oracle Business Intelligence 10.1.3.4 in Amazon Web Services

Tuesday, March 10th, 2009

I was able to successfully install Oracle Business Intelligence 10.1.3.4 in Amazon Web Services over the course of a few hours this afternoon and evening. The idea is to allow for customers of a friend’s consulting company to train on the instance. The whole exercise cost me $1.32, check out my statement ;)


Summary of This Month's Activity as of March 11, 2009
Billing Cycle for this Report: March 1 - March 31, 2009
Expand All Expand All | Collapse All Collapse All
Rate Usage Totals
Amazon Elastic Compute Cloud
View/Edit Service
Amazon EC2 running Linux/UNIX
$0.10 per Small Instance (m1.small) instance-hour (or partial hour) 6 Hrs 0.60
$0.100 per GB Internet Data Transfer - all data transfer into Amazon EC2 4.713 GB 0.47
$0.170 per GB Internet Data Transfer - first 10 TB / month data transfer out of Amazon EC2 0.101 GB 0.02
$0.10 per GB-month of provisioned storage 0.228 GB-Mo 0.02
$0.10 per 1 million I/O requests 616,002 IOs 0.06
$0.01 per 1,000 puts (when saving a snapshot) 109 Requests 0.01
View Usage Report 1.18
Amazon Simple Storage Service
View/Edit Service
$0.100 per GB - all data transfer in 1.338 GB 0.13
$0.01 per 1,000 PUT, COPY, POST, or LIST requests 138 Requests 0.01
View Usage Report 0.14
Taxes
Estimated Taxes
(Due April 1, 2009)
0.00
Charges due on April 1, 2009† 1.32

I used a 40GB EBS volume which will store the data persistently for just $4.00 a month! The way I configured everything I can just spin up my Amazon Machine Image whenever I want and attach it to the volume. Within 10 minutes I have a running instance of OBIEE and when it’s not in use I can keep it on the shelf for just $4.00 a month (did I already mention that?). The other very big plus is I can snapshot the EBS volume so as soon as they are finished training I can destroy their volume and then return to the clean starting image when a new training is starting.

For a really professional look I’m going to register an Elastic IP address and have them forward training.domain.com to the public IP address. That way whenever he walks into a customers site he can just tell everyone to open a browser and ask them to go to the friendly URL. Also, I can lock down by public network IP address who is allowed to access the site, so they can make sure only the customers site is able to get to the training page.

One more thing, the same server is also running Oracle 10g XE in case they want to build some fancier data sets for their customers to train in.

Check out the cost breakdown

Data Transfer In – 100GB
Data Transfer Out – 100GB
Persistent Storage – 40GB
3 Snapshots of Persistent Storage – 40GB x 3 = 120GB
Hours of Compute time on a small instance – 80 hours

This would cost $57.00 monthly broken down by:
Compute – $8.00
Data Transfer – $27.00
EBS Volumes – $4.00
EBS Snapshots – $18.00

I received some feedback from a friend at Oracle who informed me I should check out Oracle’s Cloud Licensing document. It looks like they charge per core similar to a physical system with just a few small differences. Check out the document here.

Not bad compared to a lot more under a traditional hosted or data center environment. Plus no capital required! Check out the screenshot below of the web login to the public DNS name in AWS.

OracleBIinCloud

Tags: , , , , , , , , ,
Posted in Linux, Technology | 2 Comments »

Polar RS400sd

Monday, March 2nd, 2009

I decided that I would train for a half marathon this weekend. I think the biggest barrier to running longer distances is that I run too fast and don’t understand my heart rate. In order to gain a better understanding of my heart rate, get details on my workouts, and of course to increase my gadget count I picked up a Polar RS400sd Heart Rate Monitor Watch. My thought when running with it for the first time is that it is very accurate and I like the way it feels on my wrist. The only complaint I have is that the user interface isn’t very friendly, but I must admit I haven’t spent a lot of time with the unit. Hopefully I can figure how to customize it faster with a little more practice. Also, Polar gives you access to it’s Training Plan Bank to download pre-built training programs. I decided to setup my own 3 day a week training program to get me to the 13 mile mark.

Tags: , , ,
Posted in Running | No Comments »

Les Halles Onion Soup

Monday, March 2nd, 2009

This soup is more like a thick onion stew than a soup. It includes a bit of brandy and is a tribute to the time when the Les Halles district of Paris was built around the giant market of meat, seafood, and fruit and vegetable stands.

Ingredients Soup

6 tbsp butter
2 tbsp olive oil
1lb 10oz onions, thinly sliced
1 tsp sugar
1/2 tsp salt
1 1/2 tbsp all-purpose flour
2 1/2 cups hot beef stock
4 tbsp brandy
4 1/2 oz Gruyere and half Parmesan cheese grated
salt and pepper

Croutons

8 slices French bread, about 1/2 inch thick
1 garlic clove, halved

Melt butter with the oil in a heavy-bottom pan with a tight lid. Stir in the onion, sugar, salt, and reduce heat to low. Cover with the lid again and let cook for 20-30 minutes. Stir occasionally to make sure the onions don’t stick and burn. They should turn a dark yellow or gold and then you can open the lid and stir them more often so they don’t burn.

Sprinkle flour over the onions while continuing to stir. Stir in the stock and simmer for 15 minutes, partially covered.

To make the croutons: Place the bread on a broiling rack or cookie sheet and place in preheated over at 400F for 1 to 2 minutes or until the bread is noticeably toasted. Remove from oven and rub with garlic pieces. You can even press the garlic cloves to extract more juice and flavor croutons even more.

Stir the brandy into the soup and season with salt and pepper as desired.

Place the croutons in oven proof bowls as a single layer. Ladle soup over the croutons and top with the cheese. Bake in the 400F oven for 20 minutes or until cheese is golden brown. Remove from oven and let cool for a few minutes before serving.

Tags: , , ,
Posted in Food | No Comments »

Advanced Intrusion Detection Environment

Monday, March 2nd, 2009

Advanced Intrusion Detection Environment (AIDE) is a file integrity checker for UNIX operating systems. Its purpose to provide reporting on the integrity of data on supported file systems. It is essentially the open source version of Tripwire. While you can use a tool such as Splunk to perform file integrity monitoring it requires more overhead on the server (running splunkd all the time) whereas AIDE is run only when it executed. This post will show you how you can install and setup a quick script to run AIDE on a target host from a trusted host (using ssh keys). By running AIDE multiple times on the target host you can determine what files are changing. Also, by using a trusted host you keep any data off of the target host free from being compromised (in theory).

The Environment

1. Target host
2. Trusted host (authorized to ssh as root using a public key to the target host)

The Concept

Here is a simple diagram of what we are going to setup.

aidedesign

Install AIDE using yum

You can install aide using yum or you can download it from SourceForge


#yum install aide

or

#wget http://superb-west.dl.sourceforge.net/sourceforge/aide/aide-0.13.1.tar.gz
#tar -xvzf aide-0.13.1.tar.gz
....
#cd aide-0.13.1
#./configure
...
#make
...
#make install
...

Install the runaide.ksh script

First, make the directories you need.


# mkdir -p /app/aide
# for x in store conf report bin; do mkdir /app/aide/$x; done

On your trusted host copy the following into a file called runaide.ksh


#!/bin/ksh -x
#
# Author: jameslabocki@gmail.com
# Date: 05.12.08
#
# A simple script that performs the following
# 1. Secure copies an aide configuration to each host
# 2. Executes an aide init via ssh on each host
# 3. Secure copies the aide database to the store directory
# 4. Performs a compare of the two databases and records the results
# 5. Emails the results to a specified email address
#
WHOTOMAIL=linux.admins@domain.com,infosec@domain.com
#
#Important variables :)
TS=`date '+%m%d%y'`
YESTERDAY=`date -d "1 day ago" '+%m%d%y'`
TWODAYS=`date -d "2 days ago" '+%m%d%y'`
ROOTDIR=/app/aide
REPODIR=${ROOTDIR}/store
CONFDIR=${ROOTDIR}/conf
REPORTDIR=${ROOTDIR}/report
BINDIR=${ROOTDIR}/bin
HOSTLIST=${CONFDIR}/hostlist
SSH=/usr/bin/ssh
#
#Almost as important variables :)
AIDE=/usr/sbin/aide
HOSTCONFDIR=/root
HOSTCONFFILE=${HOSTCONFDIR}/aide.cfg
HOSTDBFILE=/var/lib/aide/aide.db.new.gz
#
#Loop through the hosts and create database, copyi
for host in `cat $HOSTLIST`; do
scp ${CONFDIR}/aide.cfg ${host}:${HOSTCONFFILE}
ssh ${host} "${AIDE} --init -c ${HOSTCONFFILE}"
scp ${host}:${HOSTDBFILE} ${REPODIR}/${host}.${TS}.gz
#
if [ ! -f ${REPODIR}/${host}.${YESTERDAY}.gz ]; then
echo "${host}.${YESTERDAY}.gz does not exist yet" |mail -s "Aide Report for ${host}" ${WHOTOMAIL}
else
#Shortcoming in aide having to use config files for everything
cp ${CONFDIR}/aidecompare.cfg ${REPODIR}/${host}.${TS}.cfg
cat ${REPODIR}/${host}.${TS}.cfg |awk '{sub(/todaysdatabase/,'"\"${host}.${TS}.gz\""');print}' |awk '{sub(/yesterdaysdatabase/,'"\"${host}.${YESTERDAY}.gz\""');print}' > ${REPODIR}/${host}.${TS}.cfg.tmp
${AIDE} --compare -c ${REPODIR}/${host}.${TS}.cfg.tmp > ${REPORTDIR}/${host}.${TS}.log
cat ${REPORTDIR}/${host}.${TS}.log |mail -s "Aide Report for ${host}" ${WHOTOMAIL}
fi
#
#remove the db from two days ago
rm ${REPODIR}/${host}.${TWODAYS}.gz
#
done

The script looks for a file named hostlist in /app/aide/conf and then runs through the list of hosts copying over an aide.cfg file and running the aide executable on each host. This means that you can customize the aide.cfg in one place for your environment and not worry about maintaining the configuration file across machines. Once you have a hostlist and a general configuration file you can execute the script.

Further Development
I also setup the reports directory to be served over http through apache and authenticated against Active Directory using mod_authz_ldap. This is nice because you can allow a third party to review the reports on a daily basis.

Here are a few helpful crontab entries after you have the script running.


#Remove old aide reports files
30 1 * * * /usr/bin/find /app/aide/store/ -mtime +10 -exec rm {} \;
30 1 * * * /usr/bin/find /app/aide/report/ -mtime +30 -exec rm {} \;
#Aide job that audits file changes on systems at 3AM each day
0 3 * * * /app/admin/servicedelivery/linux/admin/bin/runaide.ksh

Tags: , , , ,
Posted in Linux, Scripting | No Comments »