Posted: August 5th, 2010 | Author: cense | Filed under: Sysadmin | Tags: atempo, backup, linux, server, software, tina, unix | No Comments »
I’ve been wanting to post about a configuration that allows for seamless file-level backup of storage attached to an active/passive high availability cluster in an uninterrupted fashion using Atempo’s Time Navigator and I’m finally going to do it.
The Problem
The initial difficulty lies in the requirement that the data must be consistently backed up at every interval, no matter which cluster node is currently the active node with the backend storage mounted. To do this, an agent is required to be configured as a cluster resource in order to “follow” the mounting/exporting of the storage to any cluster node. So in order to accomplish this, N + 1 tina agents are required. That is, if you have two cluster nodes, you need three agents to successfully backup each node with the local agent and the storage, as it floats about the cluster nodes depending on failure or migration events.
Luckily for me, the good people at Atempo have engineered the agent in such a way that multiple agents can be ran on a single node, each binding to it’s own IP address and each individually controlled via it’s own init script. Of course, we need to make some file edits to make all this happen and that’s what I’m going share!
Read the rest of this entry »
Posted: August 4th, 2010 | Author: cense | Filed under: Updates | Tags: tease | No Comments »
Wow! A whole 2.75 months and nothing new on techslaves… things are getting boring around here!
I’ve been itching to make some new posts but work has picked up lately. I’m working on a new project I started as a collaboration with a large IT group here on campus. There is lots of exciting stuff going on with the project and when it’s all said and done, I’m going to share valuable things I learned along the way.
Just to force myself to finally write about it, I’m going to list the vague project key points and then I’ll just have no choice but to follow up or let everyone (read: myself) down:
- Setup OpenLDAP w/ TLS, syncrepl, LAM
- Migrate existing NIS directory to LDAP
- NFS and Samba (security = user) migration to High Availability w/ Heartbeat/Pacemaker/DRBD
- iSCSI SAN storage w/ multipath and HBAs
- Large data consolidation (4TB+) from multiple sources
- Support Windows XP,Vista,7 and Ubuntu 8,9,10 and Centos 4,5 clients w/ automount in LDAP on all Linux clients.
We’re targeting an end date of August 31st, wish me luck. Beans will be spilled!
Next project down the line might be back with my group going one-up on this configuration by implementing FreeIPA v2 for it’s slick Kerberos, HBAC and (hopefully) sudo policy integration. FreeIPA does raise some new questions but I’ll cross that bridge when I get there.
Stay hungry, techslaves.
Posted: May 21st, 2010 | Author: cense | Filed under: Random | Tags: book, ebook, interface, neural emesis, rant | No Comments »
That’s right, you read it correctly: I’m not impressed with Books24x7.
It’s not their collection (plenty of stuff for various fields of interest) and it’s not their price (I’m using it under a campus subscription so what’s to complain about?). It’s their interface.
Could it be anymore annoying to read a book than the Books24x7 experience? Was this website designed in the 90s?
What frustrates me the most is that you cannot usefully navigate/read a book on Books24x7 without the use of a mouse. Sure, I can use Spacebar, the arrow keys or Page Up/Page Down to navigate on a single page, but because each “page” is just a small chunk of text, you need to constantly be clicking the “Next” link. Tab key link navigation, you say? There are so many links at the top of the page that tabbing through all of them to reach the “Next” link takes longer than grabbing for the mouse.
This is just a terrible book reading experience. Perhaps I’ve just been spoiled by… I dunno? PDF files and Preview.app or Stanza? I want to read some of these books but Books24x7 just makes it so unpleasant that I’d rather just find the hardcopies at the library or pay for a decent ebook version that I can read on whatever device or with whatever software that might actually be designed with some thought regarding the reading experience.
Posted: May 18th, 2010 | Author: cense | Filed under: Sysadmin | Tags: cfengine, code, denyhosts, linux, security, server, snippet, software | No Comments »
I’ve recently begun looking into configuration management with cfengine 3. I’ve ignored this growing sub-field of system administration for too long and I just can’t ignore it anymore. After spending quite some time researching the philosophies, methods and different tools out there, I settled on starting out with cfengine 3. There’s no special reason that I chose cfengine instead of puppet, bcfg2, chef or AutomateIT. I haven’t used any of these tools and thus I cannot pass judgement on them or their methods. All these projects seem to have intelligent and highly motivated people behind them. I simply gravitated towards cfengine because of its strong academic background and the fact that version 3 now represents the most recent and modern research in the field by Mark Burgess et. al.
As part of my learning experience with cfengine, I’ve decided to start posting some of the code that I’ve begun developing in the hopes that by writing about it, I can learn better, faster and maybe even receive some helpful comments from readers along the way. Beware, I’m a cfengine newbie and so what I post here should NOT be copy and pasted into your environment unless you’re ok with the potential of wildly breaking things!
The first snippet of code I want to discuss is related to managing our DenyHosts configuration. As part of our “security policy”, I would like to ensure that every RedHat/CentOS system is running a properly configured DenyHosts instance. Here is what I’ve come up with so far.
Read the rest of this entry »
Posted: May 7th, 2010 | Author: cense | Filed under: Sysadmin | Tags: code, linux, security, server, software, vendor | No Comments »
I recently decided that it’s about time to setup consistent, explicit and tight firewall policy across our Linux (mostly RHEL/CentOS) servers. One of the initial issues I faced was NFS. NFS implementations are very well known to make use of the portmapper and dynamically assigned port for rpc.mountd and because of this dynamic assignment, firewalling NFS can be challenging.
Luckily, RedHat’s /etc/sysconfig/nfs configuration file read by various “nfs”, “nfslock” and RPC services init scripts provides an easy means of locking down specific ports for all the NFS-related services so that one doesn’t have to work around the dynamic port assignment problem when it comes to firewalling.
Read the rest of this entry »