Posts tagged as sysadm
In my previous post I stipulated that I was PXE booting FreeBSD. Well this
works and I will come back on that. But for the configuration I want to run
Puppet. Nice and easy config management.
On my server I run Puppet from source. This because the server is a CentOS box
with a very old Ruby and Puppet. So I decided to run the Puppet client from
source as well. Getting the git repo is easy enough and installing Puppet
should not be to hard.
Well, well, how wrong have I been. Every time I update the Puppet client or
server something breaks. And I do mean every time.
First it started with not parsing templates correctly. A couple of hours of
debugging solved that, but then Puppet started crying with " Error 400 on
SERVER: No support for http method POST". W.T.F. does it mean. This somehow
got solved, but then the templates broke again. The Puppetlabs site stated (as
always) to update to the newest version. So I did. And the template error was
back again, but now it was a different one: "Failed to parse template
issue/issue.erb: undefined method 'first' for
"/etc/puppet/modules/issue/templates/issue.erb:19:in". Tinkering around for 4
(yes four!) hours solved this one (I can hardly remember what I tried, but I
can assure you that I have seen all sites about Puppet that exist on the
Inernet. Including the ones about handpuppets). And then I got the 400 error
again. Running in debug mode doesn't help either, so I'm rather stuck. Man, do
I hate this type of behaviour. Be stable or go away! I now completely had it
with diving into Puppet sources to find the culpritt. If they are still seeking
for a miracle for Pope John Paul II, maybe a stable Puppet client would be a
good idea.
I'm getting rather fed up with this stuff. Ths way I'll never be able to update
a server and be sure it will work. Maybe CFEngine3 is a better option!
Some users insist on using bash. This is a good shell, but not as
good as zsh. But, I do want them to be able to use the per
directory umask as well as all the zsh users.
So I started digging, as the bash shell does not support a chpwd hook.
This is what I came up with:
chpwd()
{ # Set the initial umask
case "${PWD}/"
in
/etc/puppet/*)
um=$(umask)
umask 007
;;
*)
[[ x"${um}" != x"" ]] && umask ${um}
;;
esac
}
function cd()
{
builtin cd "${@}"
chpwd
}
Now, when I change to the directory /etc/puppet I do get a umask of 007
and when I cd somewhere else, I do get the original umask.
I do redefine the intercal cd command to run the chpwd hook. There must be
a more elegant way to do this, but this does the job.
I've been working with Puppet some time now, and we are configuring our way
through a lot of hosts, with 6 persons, all working in the same Puppet master
directory.
This should work fine with all UNIX/Linux groups and setgid directories. But
simple problem arose with the git version control stuff.
Once in a while the complete git repo was destroyed and quite a lot of
searching revealed the reason why.
We are all working as non-root and we are all members of the Puppet group. But:
When I edit a file and commit it, the corresponding files in the git repo are
made by me and the rights are set according to my umask. When someone else
tries to edit the same file or something else which results in the same hash
files, writing is not permitted, because of my ownership. A chown in a script
will not work, as a chown is not honored as a non-root user.
This problem can simply be solved by setting the umask to something like
007 (or u=gwx,g=gwx,o=). But when I do edit stuff in my home-directory I do
not want an open umask like that. So what to do, as ext[234] do not support
per directory umasks.
I use zsh as a shell and I found a nice function in the man-page. There is a
standard function, called chpwd() that gets executed every time a directory
change is made. So I only had to fill in the blanks.
This is what I came up with:
chpwd()
{
case "${PWD}/"
in
/etc/puppet/*)
[[ ${UMSAVE} = 0 ]] &&
{ um=$(umask)
UMSAVE=1
}
umask 007
;;
*)
[[ x"${um}" != x"" ]] && umask ${um}
UMSAVE=0
;;
esac
}
Now, when I change to the directory /etc/puppet I do get a umask of 007
and when I cd somewhere else, I do get the original umask.
How much fun can it be 
My server at home runs CentOS 5 and this has OpenSSH version 4.3. Running
updates doesn't update this version, because RedHat keeps the version number
stable.
But I wanted a newer OpenSSH because of some nice new
features. But when I do compile a new version I'm still stuck with old OpenSSL,
and that's not what I want.
Well, you can guess it by now, this is what I did.
Read more »
Some time ago I switch from m0n0wall to
pfSense and I did like it a lot.
But a problem with PPTP tunneling made me think again. Was pfSense the way to
go?
Well, it wasn't. When I was trying to get IPv6 up and running it turned out
that pfSense doesn't support IPv6 out of the box. And m0n0wall does. There
where some answers on the internet, but I was not willing to hack the pfSense
box if that was not needed. And the pfSense website states that IPv6 support
will come after the release of 2.0. I'm not going to hold my breath that long.
And the PPTP tunneling problem can only be solved when you have a dual external
IP address. My provider won't give me a static one, so two statics is
completely out of the question.
So, here is what I did. I took my old firewall and installed m0n0wall (version
1.32, the latest stable) on it. After that I implemented all the firewall
thingies I had in the pfSense box and put all the stuff in to make it work.
Then I switched firewalls to test it for a couple of days and see if everything
works. And it did. So, I installed m0n0wall on the primary firewall and left
it running for some time.
OK, time to implement IPv6, but that is a different story. When I have it
completely up and running, you are the first to here it.
About a month or two ago I was contacted by my ISP asking if I would like a lot
faster internet connection and a lower price. Well, you have to be nuts to deny
such an offer, so I decided to comply.
About a week later the new internet modem showed up and I connected everything
up.
Running speedtest made me very happy.
Not bad at all 
Today is the last Friday of Juli. This means that today
is System Administrator Appreciation Day
and being a real nerd, I support this day.
Let's hoot the SysAdmin.
I had heard of it before, but someway it has slipped my mind. But purely by
accident I came across
BrainFuck again.
Maybe a nice project for a sunny afternoon.
A couple of weeks ago I was contacted by my ISP asking if I would like a lot
faster internet connection and a lower price. Well, you have to be nuts to deny
such an offer, so I decided to comply.
About a week later the new internet modem showed up and I connected everything
up.
Running speedtest made me very happy.
Not bad at all
At work we now have a very nice SAN with two machines running VMware vSphere. I did try to add fibre storage to the VMware machines and that didn't work. I did get a lot of errors and unknown problems. Even Google never heard of them. One of those was ~~~~~~~~~~ Error during the configuration of the host: Failed to get disk partition information ~~~~~~~~~~
Googling for this and more generic terms pointed me to a hint to partition the disk on the VMware server itself and then create a VMFS filesystem onto it. Well, that should be easy enough.
Running partedUtil on the device gave me: ~~~~~~~~~~ /dev/disks # partedUtil get naa.60050cc00061071d00000000000000d9 Warning: Device /dev/disks/naa.60050cc00061071d00000000000000d9 has a logical sector size of 4096. Not all parts of GNU Parted support this at the moment, and the working code is HIGHLY EXPERIMENTAL.
Segmentation fault ~~~~~~~~~~
That seems realy broke!
I suddenly realized that I set the blocksize at the SAN level to be 4k. I did this because VMware uses very large files, so 4k should be more efficient. But it seems that VMware doesn't support it. Why not?
Removing the logical disk on the SAN side and recreating is with a blocksize of 512 bytes completely solved the problem.
I always love it when an error message points you into the right direction.
