Sysadmin

If you have a encrypted root partition, it usually requires access to the console to enter the passphrase. Even if you have the root partition unencrypted and have you sensitive data on a different encrypted partition, that you manually mount after SSH is available. You still have to deal with starting services after said manual mount. There are a number of remote unlocking tools (luksrku, mandos, tang/clevis), which attempt to solve this problem, by having a service running a trusted network to provide the decryption key....

As drives have been getting larger and larger, having a 512B block size becomes inefficient. Drive manufacturers have slowly been moving to a 4KB block size, also known as Advanced format. An interesting article on the transition can be found over at Anadtech: “Western Digital’s Advanced Format: The 4K Sector Transition Begins” You can determine if your drive using 4KB sector sizes by using smartctl: 1 2 # smartctl --all /dev/sdb | grep "Sector Size" Sector Sizes: 512 bytes logical, 4096 bytes physical When creating a zpool using ZFS, it queries the drive for the physical sector size to attempt to optimize disk operation....

I am the proud owner of a Quantum Superload 3, with a HP LTO-4 drive. The host connectivity is by SCSI, which I’ve never really had to use before. The following is the tale of me getting it to work. SCSI Controller The SCSI Controller I have is an QLogic card and shows up in lspci as follows: 1 2 07:04.0 SCSI storage controller: QLogic Corp. ISP10160 Single Channel Ultra3 SCSI Processor (rev 06) 07:05....

It’s well known that IPS has replaced SYSV in Solaris 11. It is still possible to install SYSV style packages. But how do these 2 package managers work together. If I use the netcat package as an example, I can see it as a IPS package and a SYSV package: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 df3804@empire:~$ pkg info netcat Name: network/netcat Summary: Netcat command Description: The nc(1) or netcat(1) utility can open TCP connections, send UDP packets, listen on arbitrary TCP and UDP ports and perform port scanning....

Configuring Solaris as a Kerberos client to work against a MS Active Directory Domain is documented by Oracle in the How to Configure a Kerberos Client for an Active Directory Server. This uses the /usr/sbin/kclient script provided by the kerberos-5 package, but makes some assumptions: The computer object will be created in OU=Computers The user joining the client to the domain must have Domain Administrator rights The first issue is fairly trivial to work around, but the second is more interesting and that is what the rest of this post will focus on....

The Real World Configuration Management was my first official event at LISA ‘12, with ~40 people sat around the table discussing their experiences and problems with configuration management. Experience was wide ranging in the room, from someone who was still evaluating configuration management tools, to Authors of CFEngine, LCFG & bcfg2. The day had a loose structure, broken down in to 3 parts. Discussion often went off-track, but that was to be expected....

Oracle provide a wealth of information for using various Naming and Directory Services with a Solaris OS as the client. Sometimes it’s hard to see the wood for the trees, therefore the following attempts to explain how to configure your Solaris 11 client to get user (passwd) and group (group) information from an OpenLDAP server. I assume you don’t have full control over your OpenLDAP server, or don’t want to bend over backwards to accommodate the Solaris client....

I woke up this morning to find 2 disks in my RAID5 array had been marked as failed! 1 2 3 4 5 6 7 8 9 10 11 12 13 md1 : active raid5 sda1[0] sdd1[4](F) sdc1[2](F) sdb1[1] 2930276352 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/2] [UU__] Jun 12 01:00:59 cube kernel: [12609415.780056] ata4: lost interrupt (Status 0x50) Jun 12 01:00:59 cube kernel: [12609415.843792] end_request: I/O error, dev sdd, sector 71 Jun 12 01:00:59 cube kernel: [12609415....

Puppet Dashboad has a concept of classes, which can be really useful if you make use of external nodes and link it to the dashboard. Unfortunately it doesn’t currently have a way to auto-import classes defined in your puppet manifests. The following is a little bit of python hacked together to provide this functionality. It looks at a directory for a list of modules and the database details for puppet dashboard (only works for MySQL)....

I recently attended UKUUG’s annual Large Installation Systems Administration (LISA) conference, this year hosted in Leeds over 2 days. Overall I was very impressed with the event, at some points I was torn with that track to go on. In the end I attended the following: A bird’s-eye view on DNSSEC (Jan-Piet Mens) Managing distributed web services with OpenNMS (Dr. Craig Gallen) Unbound as a caching validating DNSSEC resolver (Jan-Piet Mens) IPv6 update from a broadband ISP (Adrian Kennard) The Future of Configuration Management – Latest developments from Cfengine (Mark Burgess) FusionInventory and GLPI (Fabrice Flore-Thebault) The benefit of BGP for every service provider (Thomas Mangin) DNSSEC zone-signing tool chest (Jan-Piet Mens) Scale out Datacenter Architecture (Bernd Erk) Digital Forensics in Large Scale Environments (Si Biles) Large Scale file storage with MogileFS (Stuart Teasdale) OpenStack: Towards a fully open cloud (Thierry Carrez) PostgreSQL: New features for Large Systems Administration (Simon Riggs) Some of the above were very interesting, which I hope to blog about in detail in the near future....