inotify

Sometimes it would be nice to do something when a file was written to disk.

For example a file is saved in the editor and after the file is written on disk we want to run a script or code.

Two ways to solve this:

inotify-tools

Install inotify-tools via your package manager.

Example usage:

# watch all files in this folder
while inotifywait -e close_write *; do
  bash process.sh
done

inotify in Python

There are some Python packages for inotify. One is aionotify and is Python 3 only.

Source of aionotify: https://github.com/rbarrois/aionotify

Because inotify is kernel based this can be used to trigger events when files are uploaded to a system. When the file is closed a function is called to process the file.

Example usage:

import asyncio
import aionotify
from pathlib import Path

PATH = Path("/tmp/uploads")

# Setup the watcher
watcher = aionotify.Watcher()
watcher.watch(alias="uploads", path=str(PATH), flags=aionotify.Flags.CLOSE_WRITE)

# Prepare the loop
loop = asyncio.get_event_loop()

def process(filename):
    # print first line; could do more useful stuff
    with open(PATH / filename) as fp:
        print(fp.readline())

async def work():
    await watcher.setup(loop)
    while True:
        event = await watcher.get_event()
        print(event)
        process(event.name)
    watcher.close()

loop.run_until_complete(work())
loop.stop()
loop.close()

This example monitors the folder /tmp/uploads for files written and closed. A closed file will be opened and the first line is printed.

An example call of the script above:

echo "foo\nbar" > /tmp/uploads/xxx

results in

Event(flags=8, cookie=0, name='xxx', alias='uploads')
foo

Allowed flags are listed here: https://github.com/rbarrois/aionotify/blob/master/aionotify/enums.py

SSH config notes

Some examples from my .ssh/config file.

All my automatically installed Raspberry PIs are in the same tinc within the same group of ten. I use archlinuxarm, so I want to use the user alarm as my default. The IP address range is from .20 to .29.

Host 10.10.10.2?
  User alarm

On the rare occasion I have to manually create an AWS server, I need this.

Host manual-aws-server
  HostName ec2-xx-xx-xxx-xxx.eu-west-1.compute.amazonaws.com
  User ubuntu
  IdentityFile ~/.ssh/given-certicate.pem

Login with custom user, custom port and specific certificate only for this system.

Host custom
  HostName custom.local
  User username
  Port 8022
  IdentityFile ~/.ssh/custom-local-id_ed25519

Raspberry DNS problems with ArchLinuxARM and DNSSEC

Some of my Raspberry PIs are offline for some days/weeks. After that the system time is off big time.

I thought: We have systemd-timesyncd. That should be fixed after a few minutes. But DNSSEC doesn't work when the time is off this much.

Problem analysis

For example: ping google.com results in

ping: google.com: Name or service not known

But dig works. (When you have it installed! Not the default on archlinuxarm.)

The log in the systemd journal helps here:

DNSSEC validation failed for question google.com IN A: signature-expired

And the same for all the ntp domains:

DNSSEC validation failed for question ntp.org IN DS: no-signature

Possible solutions

a) use an IP address in timesyncd config

Add some of the ntp ip addresses to /etc/systemd/timesyncd.conf

NTP=185.120.22.23 185.126.112.98 104.248.145.172 46.29.176.73

After that restart timesyncd with systemctl restart systemd-timesyncd.

But the timesyncd always gets a time out:

systemd-timesyncd[295]: Timed out waiting for reply from 185.120.22.23:123 (185.120.22.23).

b) disable dnssec in resolved

Add this line at the end of /etc/systemd/resolved.conf:

DNSSEC=false

After that restart resolved with systemctl restart systemd-resolved.

And after some minutes and the next update from timesyncd you have the correct system time again.

Conclusion

Disabling DNSSEC is not what I wanted, but atm I don't see another way to solve this reliably.