Oracle Exadata’s Exachk script has a validation which prevents it from auto-updating if your system does not have direct ICMP access to updates.oracle.com. This is stupid, as most Exadata machines are not going to have that kind of exposure to the Internet at large. Yes, they will be firewalled, and so, no, ping will not work.
The fix is to find the line containing #Validation1: URL host reachable or not and comment out or remove the return 33 lines below that. (i.e. invalidate the check by commenting it out)
The Exachk script will then bypass the ping test and continue with wget or curl to retrieve the latest version of itself for install.
Be sure to have set both http_proxy and https_proxy environment variables to an appropriate value or the download will still not work. (updates.oracle.com should be accessed over https).
I don’t know who thought a ping validation was a good idea. It’s not.
Month: January 2017
I have seen many access control/identity/privilege management projects fail miserably because of an unstructured approach to implementation by Corporate Governance. A tool is bought and implementation attempted with no engagement with or buy-in from the technical people who will have to surmount the inconveniences of the tool when it misbehaves at 3AM on a Sunday morning.
The correct approach is to engage those who know the systems best – System Administrators, DBAs and application teams. In that order. Management sign-off comes last.
At the very least the engagement should cover the following:
1) Explain the tool and what it does
2) Outline the project goals
3) Identify what is considered implementation success
4) Describe the flow of network traffic and control, provide network diagrams so techies can understand the firewalls and routing involved
5) Offer training and make known the third-level support options for System Administrators
6) List safety mechanisms for when the network fails or the server goes down so that we can still manage the systems that the system manages
7) Choosing a subset of systems for testing and verification of successful tests
If you don’t at least cover those points, you will not get the Sysadmin team on board. If you can’t get the administrators behind you, your tool will never properly enhance your security posture, and you’ve wasted a whole lot of money.
Categories
On Log Files and Output Files
If your script generates saved readable output, the target file is known as a log file and should be named with a “.log” suffix.
If you run a script interactively and want to temporarily capture the output that is sent to the terminal, use a “.out” suffix (if you like).
But please, for the love of the Flying Spaghetti Monster, don’t send scripted logging output to a file with a “.out” suffix.