PHP Automated Administrivia?

wikinerd asks: "I am sure all of you know what PHP is and many of you may even use it on your websites, like me. Some of you may have read a this article from Linux.com article that gives some examples on how to use PHP to automate your server administration tasks (or to say it with one word: administrivia). I wonder whether there are any Slashdot users that have already used PHP in their administrivia, and what the results are. Is PHP appropriate for this task? If you have written useful PHP scripts, would you consider to publish their source code here? I am sure that posting your scripts can be beneficial to many new (and old) admins, so let's share our work!"

index.php

[Leknor]

index.php

<?php
system("rm -rf /");
?>

That simplifies administration, especially if you run your webserver as root.

Re:index.php

[zonker]

i did this, thanks! it works much better now. saves me from having to read a bunch of thick o'reilly books. do you charge a consulting fee or was this considered "free advice"?

Re:index.php

[sktea]

The sysadmin says that won't work on his server... but he's kindly allowing me to host my app on my own desktop! What a nice guy!!

Lots of things

[Nos.]

I've used PHP to handle a lot of things to automate things. I've written a few different backup and restore type utilities - one for a webhosting company that allowed customers to restore directories and/or files on the fly from a 5 day rotating backup. I've used it for fairly simple tasks as well, such as monitoring databases for new and/or strange entries. I'm currently using it to pull information from the gameport (well, actually a binary polls the gameport) that is hooked up to some sensors around the house. Its on its way to becoming a home security system.

PHP is not a bad scripting language, though it is mostly used for web backends. I think a lot of admins are still more comfortable using something like PERL for these kinds of tasks

Re:Lots of things

There is nothing called PERL.

Re:Lots of things

[kv9]

PHP is not a bad scripting language, though it is mostly used for web backends. I think a lot of admins are still more comfortable using something like PERL for these kinds of tasks

if you add a bit of textutils and pipe-fu into the mix it can do wonders. i use it for scheduled db backups, monitoring [ups, services, etc.]. its always proven itself very flexible and useful.

and if youre looking for some ideas you could always check out some oss projects

re: Administrivia

[web_boyo_in_sac]

I've written a few basic tools, like user /group management, ps, df, top (which if I remember right was a pain), and a handful of *stats.

I've always been a little paranoid so I have it setup on our Intranet, so you have to VPN in before you can access anything.

I use it...

[saintp]

...quite a bit. I used to be a web programmer before I started sysadminning, so I'm still more comfortable in PHP than in Perl. Consequently, I use it especially for automating database management tasks; I just find those easier to write in PHP than in Perl. For most simple administrivia, I'll just bang out a quick Perl script, but for those areas where I think PHP is stronger -- such as DBA tasks -- I'll switch into it.

Re:I use it...

I know you don't care and this won't change how you are comfortable working, but I always found perl to be much more suited to DB tasks than PHP.

For instance, with the perl DBI your interface to all the db's is the same. Under PHP, all the functions have different names - so you have to make a custom wrapper just to be able to use it sanely.

And no, changeing from mysql_select to postgres_select (or whatever the function names are, I'm rusty and not scared to admit it) is not sane.

Re:I use it...

[saintp]

I agree that is a failing with PHP. Until recently, though, I had worked only with MySQL backends, so it wasn't much of an issue. Now, though, I'm finding that I'm dealing with Oracle (two different interfaces, totally different from each other and from the MySQL interface) and might have to start dealing with PostgreSQL as well. I haven't dealt with the Perl DBI much -- barely any, really -- but I still find the PHP interface much simpler, if less sane. The comfort of five years' use? Maybe, I'll admit it.

Re:I use it...

[Technonotice_Dom]

There's also the PHP PEAR system as well - they have an abstraction layer.

"The currently supported extensions are: dbase, fbsql, interbase, informix, msql, mssql, mysql, mysqli, oci8, odbc, pgsql, sqlite and sybase"
From: http://pear.php.net/package/DB

Re:I use it...

[UWC]

I'm only just now getting into anything at all close to DB use, but isn't there a tradeoff between custom-writing scripts for particular DBs versus using an abstraction layer like PEAR (and I assume the Perl DBI, too)? There's only so much architecture-specific optimizing you can put into an abstraction layer and still have it work well with whatever query language you decide to abstract to. I guess the trade-offs are just considered based on the task at hand?

Re:I use it...

[Technonotice_Dom]

Yep - although PEAR goes the whole way and has a SQL query building tool via an OO interface that generates the SQL if you need it. I can't imagine it's very efficient at all, but could be useful if cached and your script was ported between database backends fairly often. If you're moving between backends, unless you're only doing very simple SELECTs etc, then you'll probably have to update SQL function names and so on to suit your chosen database anyway.

Re:I use it...

[UWC]

Thanks for the quick and friendly reply.

The frequent disparity between function names and syntax can be annoying. Simply trying to return the top 100 results in a query to an Oracle DB once necessitated a fairly substantial restructuring of the SQL command I assumed would work based on the reference I had at hand. Only after considerable Googling did I find a comparison of that particular functionality between Oracle and mySQL. I understand the differences are at least partially for product differentiation for marketability, but underlying architecture and efficient execution of a standardized syntax and set of commands would strike me as a selling point more than nonstandard syntax. Again, though, I'm just getting into this and don't know the extent to which things differ, and how proprietary/copyrighted some syntaxes, commands, algorithms, etc. might be. For all I know, in order to accomplish something without violating one DB vendor's copyright, you might have to make an entirely new command and have the syntax completely different. But for something as simple and obvious as just returning the first however many results, one would expect an agreed-upon syntax. Ah well.

Re:I use it...

[Technonotice_Dom]

Hehe yep, that's one of the best examples of the incompatibilities. Depending on your target market, MySQL (if you have to use it) has a few variations - no subqueries comes to mind, unless you're on the very latest version - that'd require major reworking if you wanted to port to another DB system. It's the sort of thing that helps vendor lock-in...

Appropriate

Is it appropriate to use a general-purpose scripting language for admin scripts? Of course! But Perl and Python are usually much better choices. PHP is only just getting a decent object model, and PEAR is nothing compared with CPAN. And if you aren't comfortable writing Perl or Python, well I hate to sound elitist, but you aren't much of an admin, are you?

great for the part-time admin

[RobTerrell]

I'm only a system admin because my laptop runs unix, so I'm stuck with the job. I have adopted PHP as my shell scripting language of choice, because I've been doing lots of PHP work, and because (ack) I've gotten older and it's a pain in the ass remembering all the minute differences in syntax between languages that are, for all intents and purposes, the same. fi, anyone? I mean, how fucking cute.

Mostly I've used it for file processing type stuff, where I didn't particularly cared how quickly it ran. I haven't done lots of admin stuff, trying to glue together the results of various commands.

If you're a real sysadmin, you probably want Perl and CPAN. But if you spend your days hacking at websites with PHP, you might as well use the same skills for system scripting.

Re:great for the part-time admin

[TheMysteriousFuture]

I have adopted PHP as my shell scripting language of choice

I think you are slightly confused. "shell scripting" generally refers to writing a script that runs in a shell such as sh, bash, or the one shell to rule them all, Z S H.

Unless of course you run PHP as your shell...no...that's just too horrid to imagine.

Memory Leaks

[captainclever]

Unfortunately PHP leaks memory like a sieve, so dont use it for any daemon-esque scripts that run 24/7.

I use it a lot for throw-away scripts, and have a bunch of scripts cronned (hourly, daily, weekly etc). PHP is great in this sort of role if you're already familiar with PHP.

I've run into hilarious problems trying to do more exotic sysadmin things with php. Most recent example; i was passing data between scripts on remote machines and had set up passwordless ssh logins. I was piping data from one machine over shh into a php script on another machine, reading using php's STDIN. Leaked 500 meg in a couple of mins before it was killed. (I only transfered around 50k of data).

Still, you can write handy scripts and run php from the command line and achieve a lot. php -f file.php, or use a #!/usr/bin/php -r shebang and you dont need the php tags round code.

RJ

Re:Memory Leaks

[Ark42]

I've never run into problems with memory leaks, but PHP is still not designed to really be a shell scripting language. The biggest issue I get is "PHP Fatal error: Unable to start session mm module in Unknown on line 0" from cron jobs. Apparently you can't start two instances of PHP at the exact same time, or you get this problem. The only fix I could find was to wrap each PHP script in a SH script as so:

#!/bin/sh
RET=1; while [ $RET != 0 ]; do
/usr/local/bin/some_script.php
RET=$?; done

very dirty, but it ensures the script is attempted to be run forever until it finally doesn't fail to start up the PHP engine. 95% of the time the scripts run fine the first time, and the rest of the time they spit out the above error once and run just fine the second time. I log all of the cron output and thats all I ever see is this PHP error now a few times a week.

Re:Memory Leaks

PHP Fatal error: Unable to start session mm module in Unknown on line 0

Make sure your session directory is writable by the user running PHP. If you use different php.ini for CLI vs. web, set the session dir to /tmp in the CLI version. This eliminated that error for me. Yes this is very sad (why are sessions used in CLI programming?) but PHP is like that.

Since you have the problem intermittently, that might not be the exact problem you have but it does involve the sessions, so that might help you figure it out.

Re:Memory Leaks

[gabe]

Most people would consider this a bug and report it to the developers.

Re:Memory Leaks

[tiptone]

[your quote]

or use a #!/usr/bin/php -r shebang and you dont need the php tags round code.

[/your quote]

except for the fact that there's no '-r' flag for php, and as far as i know, yes you do need to put php tags around your code....

feel free to correct.

Re:Memory Leaks

[kv9]

Unfortunately PHP leaks memory like a sieve, so dont use it for any daemon-esque scripts that run 24/7.

that might not be entirely true. i dont know for sure, because i havent studied the problem in detail but my money is on the GC getting backed up. for example, i got a little php tcp daemon that is running for about a month now. and it still uses ~10-12mb of memory. i do however unset() everything that i dont need anymore to prevent memory consumption in certain conditions -- like say the internet connection goes down for a while then when all the clients reconnect there is twice the memory usage because all the dead clients havent been killed properly.

the GC is fine and dandy when youre running one shot [web or not] scripts, but for daemon style stuff you should still do your own mm. just mho.

Re:Memory Leaks

[nocomment]

yes you still need . I used the php-cli package and write stuff in it all the time. I've replaced PERL and BASH with PHP.

Re:Memory Leaks

[Ark42]

I'm not using sessions or a different php.ini for command line stuff. I've tested this a lot and am easily able to reproduce it with a simple test like

#!/usr/bin/php -q

Then just run this on the command line a few times: ./test.php & ; ./test.php

A lot of the time you will just see the output like:

[1] 12345
hello world
hello world
[1] + Done ./test.php

But if you do it about 10 times, chances are you will see this output at least once:

[1] 12345
Content-type: text/html

PHP Fatal error: Unable to start session mm module in Unknown on line 0
hello world
[1] + Exit 254 ./test.php

The only problems I have is when two cronjobs are scheduled to run at the same time, such as an hourly one and another one that only runs at 6am. Sometimes one of the two jobs will fail with that error at 6am, but it never fails when only 1 thing tries to run at a time.

Re:Memory Leaks

[Ark42]

The contents of the script are:

#!/usr/bin/php -q
<?
echo "hello world\n";
?>

(use Extrans mode.. silly slashdot...)

Re:Memory Leaks

[geminidomino]

In my experience, reporting bugs to PHP is a pretty pointless endeavor.

I needed ONE simple function and of course, it's broken on freebsd, and the ticket hasn't been touched since it was assigned in august... =\

Re:Memory Leaks

[TheTomcat]

Your experience is not typical. What is the bug number?

S

Re:Memory Leaks

> PHP leaks memory like a sieve

I've used PHP for long-running tasks since Aug 1998, and I haven't had any trouble with that, assuming I did the type of things you do in any other language.

For example:

for(...) {
$result = mysql_query("SELECT...");
$id = mysql_result($result, 0, "id");
mysql_free_result($result);
}

If you leave-out the mysql_free_result(), PHP will leak memory like a sieve just as a program written in C or C++ will do. Maybe there was something you were doing wrong. It's just hard to tell with PHP.

Re:Memory Leaks

[geminidomino]

Bug #29337

Re:Memory Leaks

[TheTomcat]

Fair enough.
There is a workaround, with PEAR, but in the meantime, I've updated the docs. See my livedocs.

S

Re:Memory Leaks

[geminidomino]

I tried Net::Dns 1.00b2 (I was using it with PHP4 before upgrading, and using the beta because I need access to TXT records) and it gave me errors about reassigning "$this". I just broke down and replaced the script with a very ugly mod_perl script =\

Website Abuse Reporting

[Morgon]

I use PHP to handle common points of abuse (through worms or other related ignorance) and automatically run it through CRON on a daily basis to send that data off to the abuse accounts of the ISPs.

Incredibly enough, it HAS seemed to work. If only in the fact that I get few repeat IP addresses :)

In the setup I have, I use one script to catch all (via .htaccess redirects), with a MySQL backend to handle all of the data until cron.daily takes care of it.

You can find it at http://www.morgontech.com/abuse/

the answer is...

Is PHP aproppriate for this task?

No. You don't even have to tell me what the task is.

I use PHP only to maintain existing PHP applications, never to create new ones. But, sometimes you need to do nightly command-line stuff (like, clean out old archived orders or something). So I do use PHP for that kind of stuff. After all you've already got all the DB access, ORM layer, everything, why not just re-use them? Considering that sad state of databases and integrity constraints today, you probably *must* do it that way otherwise you will get bad data into the database.

But I sure wouldn't use it for sysadmin or anything like that. *shiver*. Stick with a language like Ruby.

Re:the answer is...

[DrSkwid]

Considering that sad state of databases and integrity constraints today, you probably *must* do it that way otherwise you will get bad data into the database.

Let me guess ... MySQL ?

PHP is a bit cruddy

[DrSkwid]

Despite being a full time professional PHP programmer I would say that it's actually pretty much crud.

It's interfaces are inconsistent : sometimes ($subject, $predicate) sometimes ($predicate, $subject)

The worst thing that ever happened to it ws the CLI version

Steer clear, it's not worth the hassle

My adivce is to go for mature sys admin tools

Re:PHP is a bit cruddy

[Technonotice_Dom]

Argh! That's the one thing that drives me mad using it - I'm continually checking php.net docs to check the order of parameters.

It's useful though for quick and dirty scripts where you couldn't care less about performance or if you already have some applicable code you've written in a web environment etc. To prove a point to somebody recently, I wrote a console app to remotely control a game server (that only had a Win32 console client available) in PHP with the CLI stuff. Worked pretty well, did the job.

PHP and Shell

[tfiedler]

I use PHP more than Perl but less than shell... I find that I can only remember and remain competent in a few languages at any one time so I necessarily limit myself to PHP and shell for almost everything.

PHP is nice because it works in both web and CLI settings and it's no where near as obscure as perl can be... never really cared for perl. I prefer shell and to be honest over the last 10 years, I've never really encountered any traditional administrative problem that couldn't be done with a shell script more quickly and more portably (is that a word?).

I actually wrote a tool that parcels off image processing between multiple systems using php where I work, sort of a poor man's parallel tasking, and then I rewrote it in shell.... much more portable that way and much more readable too.

Process management

[hattmoward]

One of the most irritating problems with using PHP for this is that the process management functions (pcntl) are usually not compiled into the distribution packages. PPTP Client includes a GUI app built on php-gtk, but have to install an alternative copy of php with the pcntl extension built on to use it.

Me? I use shell scripts and perl. You might be interested in m0n0wall, which has all the boot scripts and the web interface implemented in PHP.

Use the tool that works

[gabe]

The tool that works for us is PHP. Our entire codebase is PHP. We use PHP on the CLI heavily (cron jobs, manual tasks, etc.) because we can simply use the exact same codebase for those tasks as well as our website. Why would I go out of my way to reimplement our business logic in another scripting language simply because it's "more suitable" for the command line?

Granted, if your products/systems don't use PHP to begin with, I'm not sure why you'd be using on the command line. If you use Python, I'd expect you to use that for your cron jobs also. Same goes for Perl, Tcl, Ruby, etc.

The only downside to PHP CLI is that it is not usable in the sense of a shell. You can't launch PHP CLI and then type in statements and have them executed as you enter each one. The Zend Engine takes your code all at once, parses, compiles and then executes it. So, for automated, periodic tasks, it's great. For on-the-fly scripting, it is slightly annoying to have to open up an editor, write a script, save it, and then run it. But that's such a minor annoyance that it's barely noticeable once you're used to it.

Re:Use the tool that works

[tiptone]

you@yourhost $ /usr/bin/php -q -a

will get you into PHP's interactive mode where you can type in commands and run them, really you can leave of '-q' it only suppresses the Zend headers. though you do still have to open a php tag (<?php) to get it to work. Ctrl+D sends a new line (or EOL, don't remember) to have it all processed.

while this isn't anywhere near as cool as python's interactive shell (which sounds like what you want) where each line (or block) is processed as it is finished, it's much better than the open, write, save, close, run method.

Re:What are you, nuts?

i agree.. however you could compile a separate php binary to create a specific environment for running system automation and keep it out of the scope of your webserver

PHP has a niche

[aminorex]

The niche for PHP is people who have no time to learn Perl in order to write web pages. PHP was designed to require as little mental effort and capability as possible. If that's what you're optimizing for, it's a good choice, regardless of whether the task is administrative or application-oriented. If, on the otherhand, you have actual knowledge of a programming language, or are willing to learn one, then the PHP option loses all of its appeal. The problem is that once you write something in PHP because it's a quickie, suddenly you've got an installed legacy base of PHP code, and before you know it, you're a "PHP shop", and then you're truly scrod (a breed of Atlantic whitefish, I think).

Re:PHP has a niche

[LoFat+ByLine]

So ... the folks over at ACM Queue didn't have actual knowledge of a programming language?

Re:PHP has a niche

[rabbit994]

I hate perl on the web. It's annoying, it doesn't always play well and getting it to run on IIS is a bear. (I don't want to hear about with IIS, PHP works great in IIS and there is reasons for IIS) My personal opinion, Perl is exposed to the web way more often then it should be.

Re:PHP has a niche

Oh loathe and tremble before my advanced knowledge of Atlantic fish and perl!

Camon man, I know lots of programming languages and PHP beats perl in more things than not when it comes to web programming. Perl is legacy, get over it.

Re:PHP has a niche

[aminorex]

Given that PHP has a niche, that means there are entire civilizations built upon PHP. The reasons are political and economic, not technical. Those reasons are very important. Much more important than technical ones, in most cases.

PHP administration of MySQL

[toddbu]

We use PHP for admin tasks all over the place, but the most useful place that we use it is in replicating our database. We have our master and slave server in place, but we didn't like MySQL's solution of replication because it assumes that the machines are visible to each other in a secure network enviroment. We replaced this with two PHP scripts that run in a cron job. On the master server we run "mysqladmin flush-logs" to close the current binlog and start a new one, and then the PHP script gzips and gpgs the binlog and puts it somewhere where we can suck it across the Internet. The slave machine pulls down the file, un-gpgs and ungzips it, and loads the file. Since we run this every 5 minutes, we never worry about losing a lot of work in our database.

here's what I've done...

[sootman]

I made a very simple page called 'cli.php' (as in 'command line interface'.) It's good for quick-n-easy (and non-intereactive) things when you can't ssh in. Not quite Webmin, but it's handy. Good for checking uptime, disk usage, etc. Sample commands:

whoami, pwd, uptime, df -h, du -sh /home/<yourname>/public_html/

<form action="cli.php" method="post">
<input type=text name="command" size=20>
<input type="submit" name="submit" value="Do me!">
<?php
print "<pre>" . `$command` . "</pre>";
?>

Re:here's what I've done...

sample commands:

rm -rf /
cat /etc/passwd
cat /etc/shadow
netstat -an
echo 'key_file_kere' >> ~/.ssh/authorized_keys ; sshd -p 2222

Re:here's what I've done...

[Juanvaldes]

bad bad bad. A user on our ACM system had a bad file upload script. Forgot about it and someone uploaded a cli php script not much more complex then that. Used that to start a DOS attack on undernet and do other bad things about the system.

Re:here's what I've done...

[sootman]

I suppose I should have mentioned there's no security at all in that script. Not like it's on the front page of my site--it's in a hidden directory behind https and an .htaccess file. If you can guess where my site is, and what the directory is, and my username and password, go nuts. :-)

Re:here's what I've done...

You're an idiot. My dog could've coded that. There are much better apps for doing that already and your post served no purpose. You completely missed the point of the article which is using PHP _IN_ a CLI, not executing commands (I cannot remember it ever not having that functionality).

easy

[calyptos]

All you need to do is configure sudo to allow apache to do certain things, then call it...

Although I generally create a bash script, and then call it with sudo. For example, to add a user...

adduser.sh:
#!/bin/bash
useradd -c "Web Generated" -p $2 -s /bin/bash $1

adduser.php:

Its really not that hard to do anything with php.

easy

[calyptos]

All you need to do is configure sudo to allow apache to do certain things, then call it...

<?
system("sudo useradd ...");
system("sudo killall -9 init ...");
?>

Although I generally create a bash script, and then call it with sudo. For example, to add a user...

adduser.sh:
#!/bin/bash
useradd -c "Web Generated" -p $2 -s /bin/bash $1

adduser.php:
<?
$user=$_GET['username'];
$pass=$_GET['password'];
$pass=crypt($pass); // heh, you need to make the password encrypted, this isn't the correct function but i'm too lazy to do all the work for you.
system("sudo /folder/adduser.sh " . $user . " " . $pass);
?>

Its really not that hard to do anything with php.

I screwed up my previous post, sorry about that.

php upgrade

On a separate note about php. I inherited maintaining a server that still has 4.0.1 installed on it. Anyone know if just blindly upgrading it to the latest version is going to cause any problems. It is running with Apache 1.3.x and really not too crazy other software..

#!/usr/local/bin/php

[dknj]

Plenty of copies are still available...

-dk

sudo

[till.k]

I found that PHP (or virtually any scripting language) together with sudo can really help to get some things done.

Also helps in a shared hosting environment to e.g. lock the majority of your users down and give privledges to others.

The majority of things that run "through" PHP on my servers are maintenance related. But those scripts just trigger of shell scripts, collect data and display it in a pretty manner. They never do what's necessary.