Hat man diese Hürde erstmal geschafft, möchte man den Cisco vielleicht am Swisscom-eigenen IPv6 6RD Gateway anbinden um in den Genuss von IPv6 zu kommen.

Klar, man kann dafür natürlich auch auf einen IPv6 Tunnel Broker wie SIXXS oder Hurricane Electric verwenden, doch wozu in die Ferne schweifen, wenn man den Gateway quasi vor der Haustüre hat?

Es sei dazu höchstens noch anzumerken, dass 6RD nicht ganz dasselbe ist wie ein Teredo, ISATAP or 6to4 Tunnel, obwohl alle Varianten letztlich zum Ziel haben eine IPv6-Anbindung über IPv4-Netze hinweg zu ermöglichen.
Wer zum Beispiel seinen “eigenen” IPv6 Prefix zu sich nach hause tunneln möchte, ist mit einem Tunnel Broker besser bedient. 6RD weist nämlich ausschliesslich Adressen aus dem Swisscom-eigenen 6RD-Pool zu. Wenn allerdings nur die reine Konnektivität ohne Sonderwünsche gefragt ist, dann ist 6RD wiederum vollkomen ausreichend.

Die unten gezeigte Konfiguration setzt 6RD auf dieselbe Weise um wie die Centro Router. Zwar muss man IPv6 im Kundencenter bislang selbst einschalten, wer jedoch wie in diesem Beispiel seinen eigenen Cisco-Router mit 6RD aufmöbeln möchte, kann hierauf verzichten.

Vom Prinzip her wird einfach ein neues Tunnel-Interface Tunnel1 erzeugt, dem das Swisscom-spezifische 6RD-Prefix 2A02:1200::/28 zugewiesen wird, als Gegenstelle nimmt 193.5.122.254 (6rd.ip-plus.net) die Funktion des Tunnel Relays wahr.
Ausserdem wird der 6RD-Prefix von Tunnel1 zudem auf den Bezeichner 6RD-SWISSCOM gemappt.

Im Beispiel wird davon ausgegangen, dass das lokale LAN-Interface auf Vlan1 liegt, entsprechend wird dort IPv6 aktiviert, die IPv6-Adresse wird aus dem zuvor erwähntem Prefix-Mapping 6RD-SWISSCOM und der Host-Adresse ::1 kombiniert. Dabei wurde ein /64 Prefix zugewiesen, damit man später noch weitere IPv6 Subnets zuweisen könnte. Wer das nicht vor hat, kann auch direkt den /60 Prefix verwenden, wovon ich allerdings eher abraten würde.

Zum Schluss wird noch eine IPv6 Default Route via 2A02:120C:1057:AFE0:: eingerichtet. Diese Adresse entspricht dem 6RD Gateway (berechnet indem der globale Prefix 2A02:1200::/28 mit der in Hex umgerechneten IPv4-Adresse 193.5.122.254 von 6rd.ip-plus.net kombiniert wird, wer wirklich wissen will wie das geht, kann mich ja fragen).

Hier also die relevante Konfiguration:

ipv6 general-prefix 6RD-SWISSCOM 6rd Tunnel1
!
interface Tunnel1
 description Swisscom 6RD Tunnel to Local LAN
 no ip address
 no ip redirects
 ipv6 enable
 ipv6 mtu 1480
 tunnel source GigabitEthernet0.10
 tunnel mode ipv6ip 6rd
 tunnel 6rd prefix 2A02:1200::/28
 tunnel 6rd br 193.5.122.254
!
interface Vlan1
 description Local LAN
 ipv6 enable
 ipv6 address 6RD-SWISSCOM ::1/64
!
ipv6 route ::/0 Tunnel1 2A02:120C:1057:AFE0::
!

Wie man sieht braucht’s also eigentlich gar nicht viel, damit das zum Fliegen kommt.

Mit dem Befehl show tunnel 6rd kann verifiziert werden, ob der Tunnel zum 6RD-Gateway aufgebaut wurde.
Als Tunnel Source wird die IPv4-Adresse von Interface Gig0.10 ausgewiesen.
Unter General Prefix ist der vom 6RD Gateway zugewiesene IPv6 Prefix ausgewiesen, der zugleich auf 6RD-SWISSCOM gemappt wird.

#sh tunnel 6rd
Interface Tunnel1:
  Tunnel Source: 188.63.nnn.nn1
  6RD: Operational, V6 Prefix: 2A02:1200::/28
       V4 Prefix, Length: 0, Value: 0.0.0.0
       V4 Suffix, Length: 0, Value: 0.0.0.0
       Border Relay address: 193.5.122.254
  General Prefix: 2A02:120B:C3F7:8D0::/60

Man beachte auch, dass ein /60 Prefix zugewiesen wird, was der enorm grossen Anzahl von 295’147’905’179’352’830’000 IPv6-Adressen gleichkommt.
Wow, fast 300 Trillionen (!) IPv6-Adressen für zu Hause!
Man kann das natürlich auch subnetten, z.B. in 16 * /64 Prefixe, wovon jeder immer noch rund 18.5 Trillionen Adressen umfasst. Wie oben erwähnt, habe ich dem LAN-Interface ein /64 zugewiesen, wonach noch 15 weitere solcher Netze für Tests und anderweitige Spielereien zur Verfügung stehen.

Einen kurzen Verbindungstest schadet auch nicht, beispielsweise indem man die Public IPv6-Adresse von www.heise.de anpingt:

Wenn der Cisco mal soweit eingerichtet ist, geht’s mit dem Clients weiter.
Dies würde jetzt allerdings etwas weit führen, ausserdem gehe ich davon aus, dass sich die potentiellen Leser dieses Beitrag bereits soweit mit IPv6 auskennen, dass die Client-Konfiguration die geringste aller Schwierigkeiten sein dürfte

I did web research, but did not really find a proper solution to this.
Well, there were a few which either did some funny things on Windows (I run a Mac ….), or recommended to restore the iPhone from a previous backup, removing just one app, installing just one new app through the iTunes store, and, well, some other curious and strange things.

After all, I thought to give the restore thing a try, however that changed nothing. Same message came up. So I disabled WLAN sync as to not interfere with the iPhone being hooked up by the cable already — again to no avail.

So I decided to look into the iTunes internals. There I found a primising folder within the Application Library folder called SyncServices. It was not that big, around 6 megs. But inside there where clear traces of synchronisation stuff.

My solution to the above error was then to quit iTunes, remove the SyncServices folders completely. And voila, iTunes would just start syncing my iPhone as if nothing bad had ever happened.

So while in the office, I’d like to backup to my external USB drive there.
Being at my home office, i’d like to backup to my NAS, while on the road, I’d love to habe my external mobile drive to kick in (and yes, I know about the “mobile backup feature” of OS X Lion, but that’s not the point …)

So I hacked up a script, which will check if a TimeMachine volume is actually connected or not. If none is connected, it will check which targets are available by either looking for connected USB drives (by the use of “diskutil”) or by checking connectivity to specified NAS servers. If it sees necessity to switch volumes it will also force creating an immediate backup in that case.

So, below is the code. I hope the comment section is clear enough. You’d need to change the USB_Volumes and NET_Volumes sections to fit your needs.
And yes, it works with the TimeMachine mobile feature enabled or disabled, that makes no difference.

#!/bin/bash
#
# tm_switcher -- a backup volume switchr for Apple's TimeMachine
#
# ####################################################################
# This script will help to automatically switch backup destination
# on Apple's TimeMachine according to available destination volumes.
# You can have one or more of both USB and network devices, of which
# the first available destination is used
# ####################################################################
# released to the public "as-is" under the terms of the GPL Version 2
# ####################################################################
# r0.1 2012/01/25
# - initial release 

# specify zero or more USB volumes as backup destinations
# you must give only the volume label
# specify multiple volumes like this:
# USB_Volumes=("Volume1" "Volume2")
#
USB_Volumes=("My Passport")

# specify zero or more NETWORK volumes as backup destinations
# you must give the full AFP volume path
# specify multiple volumes identically as described
# in the "USB Volumes" section above
#
NET_Volumes=("afp://TMUsername:TMPassword@HOSTorIPAddress/TMShare")

# get current TimeMachine directory
#
current_tm_dir=`/usr/bin/tmutil machinedirectory`

# check if we are disconnected
#
[ "$current_tm_dir" == "" ] && tm_status=CONNECT_NONE

# check if we are connected to an USB disk
#
for volume in "${USB_Volumes[@]}"; do
	echo $current_tm_dir | grep -e "$volume" > /dev/null 2>&1
	[ "$?" == "0" ] && tm_status=CONNECT_USB
done

# check if we are connected to an Network Volume (TimeCapsule)
#
for volume in "${NET_Volumes[@]}"; do
	_volume_basename=`basename ${volume}`
	/sbin/mount | grep " on /Volumes/${_volume_basename}" > /dev/null 2>&1
	[ "$?" == "0" ] && tm_status=CONNECT_NET
done

# check if we need to switch TimeMachine locations
#
if [ "${tm_status}" == "CONNECT_NONE" ]; then
	echo "NOTICE: TimeMachine is disconnected, current status is: ${tm_status}"

	# check if we can reach any of the NET_Volumes hosts given
	#
	for volume in "${NET_Volumes[@]}"; do
		_dest_server=`echo $volume | grep -P -o '@([[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}|(\b.*\b\.?)+)/' | sed -E 's:(@|/)::g'`

		# always recheck that TimeMachine is not yet connected
		#
		if [ "${tm_status}" == "CONNECT_NONE" ]; then
			# perform a simple connectivity test
			ping -c 1 $_dest_server > /dev/null 2>&1
			if [ "$?" == "0" ]; then
				echo "NOTICE: We found this volume to be available for backups: $volume"
				echo "        We will be switching TimeMachine volumes now ..."
				sudo tmutil setdestination "$volume"
				tm_status=CONNECT_NET
			fi
		fi
	done

	# check if we can reach any of the NET_Volumes hosts given
	#
	for volume in "${USB_Volumes[@]}"; do
		# always recheck that TimeMachine is not yet connected
		#
		if [ "${tm_status}" == "CONNECT_NONE" ]; then
			# check if the volume is available
			diskutil info "$volume" > /dev/null 2>&1
			if [ "$?" == "0" ]; then
				# try to mount the volume
				diskutil mount "/Volumes/$volume" > /dev/null 2>&1
				if [ "$?" == "0" ]; then
					sleep 5
					echo "NOTICE: We found this volume to be available for backups: $volume"
					echo "        We will be switching TimeMachine volumes now ..."
					sudo tmutil setdestination "/Volumes/$volume"
					tm_status=CONNECT_USB
				fi
			fi
		fi
	done

	# bail out if we failed on finding a proper backup volume
	#
	if [ "${tm_status}" == "CONNECT_NONE" ]; then
		echo "ERROR: Failed in finding a TimeMachine Voloume on USB or on the LAN available for backups."
		echo "       Exiting now."
		exit
	else
		echo "NOTICE: A suitable backup volume has been located for TimeMachine backups."
		echo "        Starting backup now ..."
		tmutil startbackup
	fi
else
	if [ "${tm_status}" == "CONNECT_USB" -o "${tm_status}" == "CONNECT_NET" ]; then
		echo "NOTICE: TimeMachine is already connected, current status is: ${tm_status}"
		echo "        TimeMachine destinations will not be switched!"
	else
		echo "ERROR: Unable to figure current TimeMachine status."
	fi
fi

exit

And here’s the script in action:

To complement this it’s a great idea to add this to Launch Daemon to have this script run on a recurring basis, so you wont need to run it manually.

Möchte man allerdings seinen FTTH-Anschluss richtig ausreizen, bietet sich der Einsatz eines Cisco 892F Routers an. Zugegebenermassen nicht gerade ein billiges Gerät (ab rund 1000 Franken Listenpreis), dafür kriegt man aber auch alles, was ein Cisco typischerweise so zu bieten hat.

Für den Anschluss an einen Swisscom FTTH-Anschluss benötigt man zwingend ein GLC-FE-100BX-U SFP-Modul (1310 nm TX/1550 nm RX, Simplex Single Mode Fiber) sowie das dazu passende Glasfaserkabel.
Spezifikationen zur FTTH Inhouse-Verkabelung und den OTO-Steckdosen (Optical Terminations Outlet) können bei Swisscom heruntergeladen werden. Ein passendes Kabel sollte in der Regel als Simplex (also Einzelfaser, _keine_ Zwillingsfaser) Single Mode ausgeführt sein, mit LC/APC-Stecker für die Wandsteckdose und LC/PC-Stecker für das SFP-Modul.

Doch bevor wir uns der Konfiguration zuwenden hier noch der obligate Hinweis: Das nachfolgend beschriebene Verfahren wird nicht offiziell von Swisscom unterstützt, will heissen: Auf eigene Verantwortung, es gibt keine Gewährleistung und keinen Support durch Swisscom.

Bei den FFTH-Anschlüssen werden, anders als bei den DSL-Anschlüssen, keine Logindaten benötigt, es läuft alles über DHCP.
Wer nun aber seinen Cisco einfach einstöpselt und darauf hofft, eine IP zu erhalten, dürfte aber schnell enttäuscht sein — da läuft nämlich erstmal gar nichts.

Zuerst ist es erforderlich, dass auf dem WAN-Interface ein zusätzliches VLAN Interface erzeugt wird (VLAN ID 10). Über dieses Interface muss auch der DHCP Request erfolgen. Allerdings muss dafür auch die DHCP client class ID korrekt gesetzt werden, ansonsten wird keine IP-Adresse zugewiesen.

Die Class ID sieht wie folgt aus:

100008,0001,Cisco,WAN_MAC_ADDR,FIRMWARE,FIRMWARE_VERSION,SERIAL

Dabei werden die Platzhalter wie folgt ermittelt:

Die fertige Class ID sieht dann ungefähr so aus:

100008,0001,Cisco,ffff.ffff.ffff,C890-UNIVERSALK9-M,15.1(4)M2,FCZ1234ABCD

Aber bitte diese Zeichenkette nicht unbesehen kopieren, sondern die richtigen Werte aus eurem Router auslesen. Mit den Beispieldaten klappt’s nämlich definitiv nicht

Hier folgt nun der Konfigurationsschnippsel. Die Platzhalter _CLASSID_ und _HOSTNAME_ werden darin durch die zuvor ermittelte Class ID sowie den Hostnamen des Routers ersetzt.

interface GigabitEthernet0
 description Physical WAN Interface (Fibre)
 bandwidth 100000
 no ip address
 load-interval 30
 duplex full
 speed 100
 media-type sfp
 no cdp enable
!
interface GigabitEthernet0.10
 description Logical WAN Interface (DHCP)
 encapsulation dot1Q 10
 ip dhcp client client-id GigabitEthernet0
 ip dhcp client class-id _CLASSID_
 ip dhcp client hostname _HOSTNAME_
 ip address dhcp
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 no cdp enable
!

Damit sollte nun mit den DHCP Request klappen und der Router seine IP erhalten. Falls nicht, ggf. das WAN-Interface temporär auf Shutdown setzen und anschliessend mit dem Befehl “show dhcp lease” den Status überprüfen:

HOSTNAME#show dhcp lease
Temp IP addr: 188.63.nnn.nn1  for peer on Interface: GigabitEthernet0.10
Temp  sub net mask: 255.255.252.0
   DHCP Lease server: 213.3.239.242, state: 5 Bound
   DHCP transaction id: 1F4C
   Lease: 7200 secs,  Renewal: 300 secs,  Rebind: 600 secs
Temp default-gateway addr: 188.63.112.1
   Next timer fires after: 00:03:21
   Retry count: 0   Client-ID: ffff.ffff.ffff
   Client-ID hex dump: FFFFFFFFFFFF
   Hostname: HOSTNAME

Sobald der Router eine DHCP IP-Adresse bezogen hat, ist es Zeit für einen ersten Verbindungstest im Browser.

Hierbei sind im ersten Anlauf jedoch keine Websites direkt abrufbar, stattdessen startet der webbasierte Einrichtungsassistent von Swisscom. Wer zuvor schon den Centro Grande/Piccolo an seinem Anschluss in Betrieb genommen hat, kennt den Assistenten bereits. Man darf sich hier aber auch nicht wundern dass dieser nun erneut angezeigt wird, das hängt mit dem Anschliessen des neuen Geräts zusammen. Daher muss der Assistent einmalig nochmals durchgespielt werden bis zum Schluss dann folgende Seite erscheint:

Damit wäre nun der Centro Grande erfolgreich durch einen Cisco Router ersetzt worden. Mission accomplished

Ich sollte allerdings erwähnen, dass es zusätzliche Schritte benötigt um den Router beispielsweise an den Swisscom 6RD Gateway anzubinden – für alle diejenigen interessant, die schon heute IPv6 auch zu Hause nutzen möchten.
Ausserdem läuft beim FTTH Anschluss auch der Telefonanschluss drüber, und zwar als klassisches Voice-over-IP. Hierfür benötigt es, ebenso wie für die Nutzung von Swisscom TV, weiterführende Konfiguration.

Doch dazu ein anderes mal mehr

Great thing indeed, and yet very helpful if you need just a quick lookup instead of going through the full official documentation.
Here’s the direct links:

Check Point CLI Cheat Sheet
Check Point’s “fw monitor” Cheat Sheet

Thanks to Jens for assembling these.

Read more about this story in the current issue 3-4/2012.

If you ‘dd’ a single partition into an image file, then this is very straight forward. But if your image file contains multiple partition partitions including the partition table itself, then you need to take additional steps.

So the first thing to know is the exact offset of the partition to be mounted.
You may examine this easily using parted. Just provide it with the path to the image file instead of a block device.

root@debian:~# parted full_hd.dd
GNU Parted 2.3
Using /root/full_hd.dd
Welcome to GNU Parted! Type 'help' to view a list of commands.

Now switch parted to use ‘Byte’ units, then print the partition table:

(parted) unit B
(parted) print
Model: (file)
Disk /root/full_hd.dd: 8012390400B
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number Start End Size Type File system Flags
1 1048576B 8012169215B 8011120640B primary ext4 boot

Keep a record of the 'Start' offset, you'll need this shortly. Quit parted using the 'quit' command.

Let's look into mounting the partition: pass the partition offset to the mount command using the 'offset=' option like this:

root@debian:~# mount -t ext4 -o loop,offset=1048576 full_hd.dd /mnt/test/

It may well be possible, that receive this error message as a result to your mount command if you try to mount the disk image read-only:


mount: wrong fs type, bad option, bad superblock on /dev/loop0,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so


In this case, examining the system logs, may reveal something like this:


[ 8754.209469] EXT4-fs (loop0): VFS: Can't find ext4 filesystem
[ 8758.913583] EXT4-fs (loop0): INFO: recovery required on readonly filesystem
[ 8758.913587] EXT4-fs (loop0): write access unavailable, cannot proceed


To get around this, try adding the 'noload' option to skip journal recovery:

root@debian:~# mount -t ext4 -o loop,ro,noload,offset=1048576 full_hd.dd /mnt/test/

Note: This howto requires a patch to your FreeBSD ports tree. The patch has been submitted to the FreeBSD port maintainers. I hope that it will eventually end up in the ports tree.

My initial readings about this was on the official Icinga docs covering installing Icinga on FreeBSD with IDOUtils.
However, as it turned out, the docs our a bit outdated, and yet do not reflect a way of doing the install using ports.

So here’s just a short primer on what I did do install Icinga from ports, imposing as little additional work four you, my fellow reader, as well

Now let’s turn to Icinga, which has a port on it’s own, which you’ll find it at /usr/ports/net-mgtm/icinga. First change to that directory.

cd /usr/ports/net-mgtm/icinga

Now download the patch file I made into your ports directory.
The patch will inject a new rc-script for ido2db and enable your port to build IDOutils.

[root@localhost /usr/ports/net-mgmt/icinga]# fetch http://phaq.phunsites.net/files/2012/01/patch_icinga_1.5.1_idoutils_fbs_port.txt

Then apply the patch like this:

[root@localhost /usr/ports/net-mgmt/icinga]# patch -p0 < patch_icinga_1.5.1_idoutils_fbs_port.txt
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- Makefile.org	2012-01-28 16:36:46.000000000 +0000
|+++ Makefile	2012-01-28 17:51:38.000000000 +0000
--------------------------
Patching file Makefile using Plan A...
Hunk #1 succeeded at 27.
Hunk #2 succeeded at 109.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- /dev/null	2012-01-28 18:00:51.000000000 +0000
|+++ files/ido2db.in	2012-01-28 18:00:30.000000000 +0000
--------------------------
(Creating file files/ido2db.in...)
Patching file files/ido2db.in using Plan A...
Hunk #1 succeeded at 1.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- files/pkg-message.in.org	2012-01-28 17:48:37.000000000 +0000
|+++ files/pkg-message.in	2012-01-28 17:49:38.000000000 +0000
--------------------------
Patching file files/pkg-message.in using Plan A...
Hunk #1 succeeded at 4.
done

Now you’re ready to configure the port:

[root@localhost /usr/ports/net-mgmt/icinga]# make config

Note the now IDOUtils option that now has appeared. Check it to enable IDOUtils.

Then compile and install as usual. The port will install also all required dependies, two of them being mysql55-client and libdbi-drivers, both to be found at /usr/ports/databases.

[root@localhost /usr/ports/net-mgmt/icinga]# make install clean

Afterwards, you should end up with a few additional files, which would not be installed with the stock FreeBSD port.

[root@localhost /usr/ports/net-mgmt/icinga]# ls -l /usr/local/bin/ido*
-rwxrwxr--  1 root  wheel  238326 Jan 28 16:53 /usr/local/bin/ido2db
-rwxrwxr--  1 root  wheel   80419 Jan 28 16:53 /usr/local/bin/idomod.o

[root@mgmp-bs01 /usr/ports/net-mgmt/icinga]# ls -l /usr/local/etc/rc.d/ido2db
-r-xr-xr-x  1 root  wheel  738 Jan 28 18:00 /usr/local/etc/rc.d/ido2db

Now you can enable Icinage and IDO2DB in /etc/rc.conf by adding these lines:

icinga_enable="YES"
ido2db_enable="YES"

Of course, you still need to perform the usual Icinga configuration steps, which are not covered in this post.
Please check with the official docs for this procedure.

If your configuration is proper, you should notice this in your logs indicating that IDOMOD (IDOUtils) is really working.

[1327773651] Icinga 1.5.1 starting... (PID=95448)
[1327773651] Local time is Sat Jan 28 18:00:51 UTC 2012
[1327773651] LOG VERSION: 2.0
[1327773651] idomod: IDOMOD 1.5.1 (09-09-2011) Copyright (c) 2005-2008 Ethan Galstad (nagios@nagios.org), Copyright (c) 2009-2011 Icinga Development Team (http://www.icinga.org))
[1327773651] idomod: Successfully connected to data sink.  26 queued items to flush.
[1327773651] idomod: Successfully flushed 26 queued items to data sink.
[1327773651] Event broker module '/usr/local/bin/idomod.o' initialized successfully.
[1327773651] Finished daemonizing... (New PID=95450)

That’s it, you conquered the beast!

Well, the ID has to be generated on-the-fly and out of nowhere. Still easy?

One might think about using MySQL user variables to accomplish this, sure. But what if your framework does not allow injecting chained queries because of SQL injection countermeasures?

The framework I used, WordPress’ wpdb API to be exact, has such a restriction, which caused my to find an alternate way.

To illustrate the problem, I start with the date retrieved, which would normally look as shown below.

mysql> SELECT value1, value2 FROM sample_table;
+-----------------+-----------------+
| value1          | value2          |
+-----------------+-----------------+
| sample_value_1  | sample_value_2  |
| sample_value_a  | sample_value_b  |
+-----------------+-----------------+
2 rows in set (0.00 sec)

Now, I need a line number for each record. When talking abut the line number, I’m strictly talking about a representation of “this is the first line”, “this is the second line”, etc.
This particular line number must therefore not be identical to the tupel ID, if that even would exist.
So this is what I would expect:

+------------+-----------------+-----------------+
| line_num   | value1          | value2          |
+------------+-----------------+-----------------+
| 1          | sample_value_1  | sample_value_2  |
| 2          | sample_value_a  | sample_value_b  |
+------------+-----------------+-----------------+

To generate this by the means of a query, one would usually use a MySQL user variable, that would be dynamically increased for each data row.
In SQL speech the query would then look like this:

SELECT @line:=0;
SELECT @line:=@line+1 AS line_num, value1, value2 FROM sample_table;
+------------+-----------------+-----------------+
| line_num   | value1          | value2          |
+------------+-----------------+-----------------+
| 1          | sample_value_1  | sample_value_2  |
| 2          | sample_value_a  | sample_value_b  |
+------------+-----------------+-----------------+

It’s actually easy and conventient, and you get real, dynamically calculated “line numbers”. But this technique requires to actually run two statements to be run in a series.
If you’re using your own database routines, this may not be a problem at all. But if you rely on a given framework, you may trip into SQL injection counter measures which will simply throw away a query constructed like this:

$my_query = "SELECT @line:=0; SELECT @line:=@line+1 AS line_num, value1, value2 FROM sample_table;";

$my_result = $pseudo_call_to_my_db_framework->execute( $my_query );

This was ecactly what I was trying to do with WordPress’ wpdb API. However, as I found, SQL injection filters kicked in. This is absolutely not to blame the WordPress folks, of course. The filters in place serve a good purpose and thus forced me in taking a different approach.

After some searching on the net I found that I seemed to be the only one to be using users vars with wpdb :-/
Of course, while this may not be widely used, I insisted in this approach. Suggestions in adding a loop or an extra-query where inappropriate to me, because it had to fit within the existing code base. That again required me to specifically do it in one SQL query, because I simply did not want to bloat the code by adding another loop in there.

So, the question is: Can the procedure described above be performed within ONE single query.

The answer is: Yes, but you’re required to invole a sub-query to achive this.

At first, leave the initial variable assignment away, so you end up with this query:

SELECT @line:=@line+1 AS line_num, value1, value2 FROM sample_table;

This would of course not yet work, because the user variable @line wouldn’t yet be defined at runtime.
Since you can’t prepend the declaration, you need to embed it using a sub-query. This is needed to have the variable declaration ready at the earliest stage possible, namely while parsing the query, and not during result processing.

Let’s look at the final query and the comments:

SELECT
        @line:=@line+1 AS line_num,                     # increase the @line user variable for each row retrieved
        sample_table.value1,                            # include column 'value1' from table 'sample_table'
        sample_table.value2                             # include column 'value2' from table 'sample_table'
FROM
        (SELECT @line:=0) AS tmp_line,                  # this will fire during parsing: initialize the user var by selecting it into a dummy table
        sample_table;                                   # now add our actual data table as well

This way, you end up getting the same result as shown earlier. And yet, this query can be performed with WordPress’ wpdb API and maybe other frameworks as well.

While sticking together my framework, I found that forking a process into background from PHP requires some additional steps if you don’t want to break AJAX functionality.

Here’s a sketch of the basic concept. It involves a Dispatcher, which creates a workqueue item in a database, and then forks a background process, which will perform various tasks. The latter will then report back the states of the tasks performed to the workqueue item in the database.
On the other end, a Tracker will check the database for the running states and push progress information into the browser.

While it was working to some extent, my initial attempts at forking a background process from PHP failed terribly, because PHP always kept waiting for the command to complete.
This behaviour had the side effect that the Dispatcher couldn’t immediately return the workqueue id to the AJAX client (the browser). But since the workqueue id was required by the AJAX-client to subsequently fire the Tracker, the initial request to the Dispatcher had to be synchronous instead of asynchronous.
The blocking behaviour did however screw everything, so I had to find a way around.

Of course, I was thinking about the various methods in calling external commands from PHP, starting with simple backticks, exec(), passthru() and even popen(), despite some others as well.

People familiar to Unix/Linux environments would of course say, that a background task can be started easily by appending an ampersand to the end, making it look like this:


exec( '/path/to/my/command &' );
system( '/path/to/my/command &' );


But that does not work in PHP, because all calls are always waiting for the command to return.
PHP effectively binds the STDERR and STDOUT I/O streams during execution, which is why a simple ampersand doesn’t work out.
To get this to work, one must really detach the to-be-backgrounded program from the controlling terminal to trick PHP into returning from exec.

This can be done easily by redirecting STDOUT and STDERR to a logfile or /dev/null before background the program, and just return the pid.
That would then look similar to this:


exec( '/path/to/some/program > /dev/null 2>&1 & echo $!' );


The above example would detach the programm into background while returning control to your PHP application at once.

Consider the output destination being required in any case, otherwise the I/O streams won’t get detached.
So this syntax, while being perfectly valid, will definitely run your command, but won’t place it into background at all:


exec( '/path/to/some/program 2>&1 & echo $!' );


That’s it