Posted: May 7th, 2010 | Author: rthomson | Filed under: Sysadmin | Tags: code, linux, security, server, software, vendor | No Comments »
I recently decided that it’s about time to setup consistent, explicit and tight firewall policy across our Linux (mostly RHEL/CentOS) servers. One of the initial issues I faced was NFS. NFS implementations are very well known to make use of the portmapper and dynamically assigned port for rpc.mountd and because of this dynamic assignment, firewalling NFS can be challenging.
Luckily, RedHat’s /etc/sysconfig/nfs configuration file read by various “nfs”, “nfslock” and RPC services init scripts provides an easy means of locking down specific ports for all the NFS-related services so that one doesn’t have to work around the dynamic port assignment problem when it comes to firewalling.
[ Read More ]»
Posted: May 5th, 2010 | Author: rthomson | Filed under: Sysadmin, Tips & Tricks | Tags: atempo, backup, fix, hardware, server, software, tina, vendor | No Comments »
Just a quick post here to share a non-obvious tunable for Atempo’s Time Navigator 4.2 regarding archiving and media selection.
Before upgrading from 4.1 to 4.2 Time Navigator’s media selection for archive jobs with standalone drives behaved as expected: If existing partly filled and open cartridges in the associated media pool existed, Time Navigator would request those media be placed in the drives upon the start a new archive operation, effectively only asking for new, unlabeled media to be inserted once the existing media was full.
However, with the upgrade to 4.2 we found that Time Navigator was no longer requesting the existing, partly filled, open cartridges and was instead requesting new, unlabeled media to be inserted into the drives instead! The result of this new behavior was that Time Navigator would use new tapes for every new archive operation, no matter if existing, partly filled and open media was available in the media pool. Basically 4.2′s default behavior was preventing us from filling any archive media unless the particular archive job would happen to be larger than a single tape.
While I don’t know why the functionality changed, I do know what tunable to modify in order to make 4.2 behave like 4.1. The tunable is “check_external_cart_when_recycling“. Setting this tunable to “Yes” has restored the 4.1 behavior, allowing us to make full use of all archive media capacity by only requesting new media when all the existing media in the media pool has been filled.
I believe we only faced this problem because we use standalone archive tape drives that do not have an autoloader or robot nor an “inventory” of online tape. Each tape must be manually loaded. I suspect that if we had an autoloader for our tape drives, that 4.2 would have made the correct/expected selection of media.
I doubt that anyone else is going to face this problem but it took about 3 weeks with Atempo’s R&D department to figure out the problem so I figure if posting here can save anyone that amount of time, then I’ll have done my part!
Posted: March 30th, 2010 | Author: rthomson | Filed under: Sysadmin | Tags: datacenter, hardware, ibm, server, ups, vendor | No Comments »
Just recently, I discovered that IBM decided to quietly switch their UPS vendor from APC to Eaton (Powerware). We needed to replace a dead IBM UPS 3000 XHV (SmartUPS-3000) and so I ordered a new IBM UPS, the UPS 3000 HV (Eaton 5125). Upon receiving the UPS, I noticed that the battery and power module were rather different. So I boot up the UPS and start configuring the web management card and it hits me… this isn’t an APC UPS, it’s an Eaton! ARG! Why?!? WHY?!? :’(
[ Read More ]»
Posted: March 30th, 2010 | Author: rthomson | Filed under: Sysadmin | Tags: hardware, server, ups | No Comments »
Every now and then it’s a good idea to check your UPS batteries, right? Sure, we all know that. But who really does it? In well run environments UPSes are monitored, internally and/or externally but in a small machine room with only a couple racks, the individual UPS systems may not be monitored. These machine rooms (closets?) might also not be frequented by people very often or may not even get a visit, ever unless something goes wrong.
[ Read More ]»
Posted: March 30th, 2010 | Author: rthomson | Filed under: Reviews, Sysadmin | Tags: console, hardware, linux, serial, server | No Comments »
I recently started paying more attention to the OpenGear CM4116 remote console server that was installed at my work before I arrived. Ever since I arrived, I thought of it as more of a pain than a useful tool. This was mostly because it was configured to provide only serial console access to servers and storage devices through an SSH tunnel.
[ Read More ]»
