Groesbeek, view of the 'National Liberation Museum 1944-1945' in Groesbeek. © Ton Kersten
Fork me on GitHub
Posts tagged as sysadm

Why does Puppet keep breaking?????

2011-05-03 (95) by Ton Kersten, tagged as freebsd, puppet, pxe, sysadm

In my previous post I stipulated that I was PXE booting FreeBSD. Well this works and I will come back on that. But for the configuration I want to run Puppet. Nice and easy config management.

On my server I run Puppet from source. This because the server is a CentOS box with a very old Ruby and Puppet. So I decided to run the Puppet client from source as well. Getting the git repo is easy enough and installing Puppet should not be to hard.

Well, well, how wrong have I been. Every time I update the Puppet client or server something breaks. And I do mean every time.

First it started with not parsing templates correctly. A couple of hours of debugging solved that, but then Puppet started crying with " Error 400 on SERVER: No support for http method POST". W.T.F. does it mean. This somehow got solved, but then the templates broke again. The Puppetlabs site stated (as always) to update to the newest version. So I did. And the template error was back again, but now it was a different one: "Failed to parse template issue/issue.erb: undefined method 'first' for "/etc/puppet/modules/issue/templates/issue.erb:19:in". Tinkering around for 4 (yes four!) hours solved this one (I can hardly remember what I tried, but I can assure you that I have seen all sites about Puppet that exist on the Inernet. Including the ones about handpuppets). And then I got the 400 error again. Running in debug mode doesn't help either, so I'm rather stuck. Man, do I hate this type of behaviour. Be stable or go away! I now completely had it with diving into Puppet sources to find the culpritt. If they are still seeking for a miracle for Pope John Paul II, maybe a stable Puppet client would be a good idea.

I'm getting rather fed up with this stuff. Ths way I'll never be able to update a server and be sure it will work. Maybe CFEngine3 is a better option!

umask per directory

2010-12-08 (83) by Ton Kersten, tagged as linux, puppet, sysadm

Some users insist on using bash. This is a good shell, but not as good as zsh. But, I do want them to be able to use the per directory umask as well as all the zsh users.

So I started digging, as the bash shell does not support a chpwd hook.

This is what I came up with:

chpwd()
{   # Set the initial umask
    case "${PWD}/"
    in
        /etc/puppet/*)
            um=$(umask)
            umask 007
        ;;
        *)
            [[ x"${um}" != x"" ]] && umask ${um}
        ;;
    esac
}
function cd()
{
    builtin cd "${@}"
    chpwd
}

Now, when I change to the directory /etc/puppet I do get a umask of 007 and when I cd somewhere else, I do get the original umask.

I do redefine the intercal cd command to run the chpwd hook. There must be a more elegant way to do this, but this does the job.

umask per directory

2010-12-06 (82) by Ton Kersten, tagged as puppet, sysadm

I've been working with Puppet some time now, and we are configuring our way through a lot of hosts, with 6 persons, all working in the same Puppet master directory.

This should work fine with all UNIX/Linux groups and setgid directories. But simple problem arose with the git version control stuff.

Once in a while the complete git repo was destroyed and quite a lot of searching revealed the reason why.

We are all working as non-root and we are all members of the Puppet group. But: When I edit a file and commit it, the corresponding files in the git repo are made by me and the rights are set according to my umask. When someone else tries to edit the same file or something else which results in the same hash files, writing is not permitted, because of my ownership. A chown in a script will not work, as a chown is not honored as a non-root user.

This problem can simply be solved by setting the umask to something like 007 (or u=gwx,g=gwx,o=). But when I do edit stuff in my home-directory I do not want an open umask like that. So what to do, as ext[234] do not support per directory umasks.

I use zsh as a shell and I found a nice function in the man-page. There is a standard function, called chpwd() that gets executed every time a directory change is made. So I only had to fill in the blanks.

This is what I came up with:

chpwd()
{
    case "${PWD}/"
    in
        /etc/puppet/*)
            [[ ${UMSAVE} = 0 ]] &&
            {   um=$(umask)
                UMSAVE=1
            }
            umask 007
        ;;
        *)
            [[ x"${um}" != x"" ]] && umask ${um}
            UMSAVE=0
        ;;
    esac
}

Now, when I change to the directory /etc/puppet I do get a umask of 007 and when I cd somewhere else, I do get the original umask.

How much fun can it be smiley

Compiling OpenSSL and OpenSSH

2010-08-12 (63) by Ton Kersten, tagged as sysadm

My server at home runs CentOS 5 and this has OpenSSH version 4.3. Running updates doesn't update this version, because RedHat keeps the version number stable.

But I wanted a newer OpenSSH because of some nice new features. But when I do compile a new version I'm still stuck with old OpenSSL, and that's not what I want.

Well, you can guess it by now, this is what I did.

Read more »

Back to m0n0wall

2010-08-10 (62) by Ton Kersten, tagged as sysadm

Some time ago I switch from m0n0wall to pfSense and I did like it a lot.

But a problem with PPTP tunneling made me think again. Was pfSense the way to go?

Well, it wasn't. When I was trying to get IPv6 up and running it turned out that pfSense doesn't support IPv6 out of the box. And m0n0wall does. There where some answers on the internet, but I was not willing to hack the pfSense box if that was not needed. And the pfSense website states that IPv6 support will come after the release of 2.0. I'm not going to hold my breath that long. And the PPTP tunneling problem can only be solved when you have a dual external IP address. My provider won't give me a static one, so two statics is completely out of the question.

So, here is what I did. I took my old firewall and installed m0n0wall (version 1.32, the latest stable) on it. After that I implemented all the firewall thingies I had in the pfSense box and put all the stuff in to make it work.

Then I switched firewalls to test it for a couple of days and see if everything works. And it did. So, I installed m0n0wall on the primary firewall and left it running for some time.

OK, time to implement IPv6, but that is a different story. When I have it completely up and running, you are the first to here it.

My new Internet connection

2010-08-02 (61) by Ton Kersten, tagged as sysadm

About a month or two ago I was contacted by my ISP asking if I would like a lot faster internet connection and a lower price. Well, you have to be nuts to deny such an offer, so I decided to comply.

About a week later the new internet modem showed up and I connected everything up.

Running speedtest made me very happy.

Speedtest

Not bad at all smiley

SysAdmin Day

2010-07-30 (60) by Ton Kersten, tagged as sysadm

Today is the last Friday of Juli. This means that today is System Administrator Appreciation Day and being a real nerd, I support this day.

Let's hoot the SysAdmin.

Brainfuck

2010-07-26 (58) by Ton Kersten, tagged as sysadm

I had heard of it before, but someway it has slipped my mind. But purely by accident I came across BrainFuck again.

Maybe a nice project for a sunny afternoon.

New internet connection

2010-07-21 (55) by Ton Kersten, tagged as sysadm

A couple of weeks ago I was contacted by my ISP asking if I would like a lot faster internet connection and a lower price. Well, you have to be nuts to deny such an offer, so I decided to comply.

About a week later the new internet modem showed up and I connected everything up.

Running speedtest made me very happy.

SpeedTest

Not bad at all smiley

Hmm, VMware and 4k disk blocks

2009-07-14 (26) by Ton Kersten, tagged as sysadm

At work we now have a very nice SAN with two machines running VMware vSphere. I did try to add fibre storage to the VMware machines and that didn't work. I did get a lot of errors and unknown problems. Even Google never heard of them. One of those was ~~~~~~~~~~ Error during the configuration of the host: Failed to get disk partition information ~~~~~~~~~~

Googling for this and more generic terms pointed me to a hint to partition the disk on the VMware server itself and then create a VMFS filesystem onto it. Well, that should be easy enough.

Running partedUtil on the device gave me: ~~~~~~~~~~ /dev/disks # partedUtil get naa.60050cc00061071d00000000000000d9 Warning: Device /dev/disks/naa.60050cc00061071d00000000000000d9 has a logical sector size of 4096. Not all parts of GNU Parted support this at the moment, and the working code is HIGHLY EXPERIMENTAL.

Segmentation fault ~~~~~~~~~~

That seems realy broke!

I suddenly realized that I set the blocksize at the SAN level to be 4k. I did this because VMware uses very large files, so 4k should be more efficient. But it seems that VMware doesn't support it. Why not?

Removing the logical disk on the SAN side and recreating is with a blocksize of 512 bytes completely solved the problem.

I always love it when an error message points you into the right direction.