sysadmin

Getting started with Sensu on Solaris

Sensu is a monitoring framework written in Ruby. It’s small and very easy to extend, as well as being extremely scalable. It uses a message bus to communicate with it’s different components (clients, servers, api hosts) as well as external systems such as Graphite, which can be used to produce graphs and store metrics.

Ruby gems update

I had a bash at finishing off the Ruby gem dependencies for Sensu on Solaris 11 over the last few days (and a bunch of other stuff,but I’ll write about that a bit later).

Ruby Solaris packages and gems

My work on packaging up Sensu for Solaris 11 continues, and I’ve just tackled the Ruby 2.0.0 package and some associated Ruby Gems. These are all pre-compiled x86 Solaris 11 IPS packages and are currently available in the /dev branch of my repositories. To install everything in one go, just do the following :

Redis Solaris Packages

As part of my work to package up the fantastic Sensu monitoring framework for Solaris 11, I have just uploaded a complete package of Redis 2.8.9 to my IPS package repositories (x86 only at the moment - see the docs linked below). This also includes a SMF manifest, so a pkg install redis should provide with all you need to get going straight away:

Solaris 11.2 Beta

Yesterday, Oracle announced Solaris 11.2 which includes a lot of interesting new features; not least of which is a full OpenStack distribution. There’s a lot of other improvements as well to all areas of the OS, from ZFS administration to the IPS system and Automated Installer. It also looks like Puppet is now included for systems management. All in all, a good release although it still pains me to see the “Oracle” logo slapped over everything, as well as the general lack ...

Adventures in IPv6 land

I’ve spent the last week experimenting with IPv6; it now means that my whole home network and this website run over IPv6 as well as IPv4. As I’ve spent a while playing with this technology, I thought I’d write my notes up here in the hopes that it will help someone else.

SGI Irix packages

I have finally got a working build environment for my SGI IRIX systems (an R14k Fuel and a dual R12k Ocatane2) and have packaged some open-source software for the fantastic Nekoware project. If you’re a fan of classic Unix systems, I strongly recommend heading over to their forums - there’s also a pretty strong Sun and HP contingent there among the SGI fanatics! Anyway - the two packages I have built so far are the fantastic pv (Pipe Viewer) tool and Mercurial DVCS.  PV i...

Citrix XenServer 5.6 Review

Introduction I’ve been using and evaluating Citrix XenServer now for a while, and felt I should really post a review. I haven’t seen much detailed coverage of this product at the level I’m interested in, so what follows is my take on it from a Unix sysadmin’s perspective. There won’t be any funky screenshots or graphics; instead, I tried to cover the sort of things I wanted to know about when I was looking at it as a candidate for our virtualization solution at work.

Xenserver snapshot and template based backup script

We have recently started using Citrix Xenserver in production at work (fantastic product, see my review for more information) and needed a simple backup solution. Our VMs run from an iSCSI SAN and are backed up daily through various methods - e.g. Bacula for the Unix/Linux systems. However, we wanted the ability to quickly roll back to a previous VM snapshot, and get up and running quickly if our SAN failed for whatever reason. Our solution was to create a large shared NFS...

The setting sun

Well, that’s that, then. Solaris as we knew it is pretty much dead. I’ve suspected for a while now that Oracle’s intentions regarding Solaris were not what the community, or us "old-school" Solaris sysadmins wanted or had hoped for.

Centreon review

One of my favourite interview questions I used to ask candidates was a variation of "Desert Island Discs" : Imagine you are going off to be a sysadmin on a desert island, with no internet access, and further imagine that the previous sysadmin was a total fascist with a minimalist install policy. We’re talking a bare-bones "classic" Solaris installation, or a minimal Debian system here. You’ve got SSH installed, but not much else. Before you hop on the boat, however, you ar...

Cacti iostat scripts now support FreeBSD

Thanks to the awesome work of Boogie Shafer, there is now a FreeBSD port of my iostat scripts and templates for Cacti. I have included the modified tarball that was sent to me, this is inside the archive as "cacti-iostat-1.x-boogie_freebsd_linux_changes.tar.gz".

Dell MD3000i

I’ve just got a new array to play with at work for a small Xen virtualisation setup. It’s the Dell MD3000i, which I’ve seen a few posts about before but though I’d chime in with my experiences. It is a budget array, but I have to say for the price it’s not a bad bit of kit.

Updated Cacti iostat package now supports Solaris

Just a quick update to my Cacti iostat monitoring scripts and templates - thanks to the work of Marwan Shaher and Eric Schoeller, the package now supports Solaris! The updated package is available here :  cacti-iostat-1.4.tar.gz. I have also updated the original blog post with the new package.

Cracking dictionary passwords

I was talking with a friend a few days ago, and the subject of password security came up. Now, we all know that we’re supposed to pick a secure password, use at least 8 characters and never to pick a word from the dictionary. But then I was asked how long it would take to brute-force a password using a dictionary attack, and I had to admit I had no idea. I knew it would only be a matter of minutes, but wanted to give it a try.

OpenVPN on Windows XP and Vista

Just a quick post this time, as I thought this may help others in the same situation I found myself in recently. At work, we’ve been using OpenVPN which works a treat with Unix clients; Windows clients (Vista in particular) were more problematic, though. None of our regular users have admin privileges (for obvious reasons), but this caused problems with the routing setup: users could use the GUI tool, but could not create the necessary routes required to direct traffic ov...

Linux, Solaris and FreeBSD iostat monitoring with Cacti

I’ve been looking for ages for a tool to parse the output from "iostat" on Linux, and graph it in Cacti. I found a few scripts and templates that did some of what I was looking for (disk I/O etc.), but nothing that gave me the full set of statistics such as queue length, utilisation, service time etc. I finally got round to writing my own set of templates and a data gathering script to provide this information, and it seems to work very well. So that others can benefit, I’...

ZFS Replication

As I’ve been investigating ZFS for use on production systems, I’ve been making a great deal of notes, and jotting down little "cookbook recipies" for various tasks. One of the coolest systems I’ve created recently utilised the zfs send & receive commands, along with incremental snapshots to create a replicated ZFS environment across two different systems. True, all this is present in the zfs manual page, but sometimes a quick demonstration makes things easier to unders...

ZFS as a volume manager

While browsing the ZFS man page recently, I made an interesting discovery: ZFS can export block devices from a zpool, which means you can separate "ZFS the volume manager" from "ZFS the filesystem". This may well be old news to many; however I haven’t seen many references to this on the web, so thought I’d post a quick blog update.

ZFS and caching for performance

I’ve recently been experimenting with ZFS in a production environment, and have discovered some very interesting performance characteristics. I have seen many benchmarks indicating that for general usage, ZFS should be at least as fast if not faster than UFS (directio not withstanding - not that UFS directio itself is any faster, but anything that does it’s own memory management such as InnoDB or Oracle will suffer from the double-buffering effect unless ZFS has been tuned...

Apache mod_proxy balancing with PHP sticky sessions

I’ve been investigating the new improved mod_proxy in Apache 2.2.x for use in our new production environment, and in particular the built-in load balancing support. It was always possible to build a load-balanced proxy server with Apache before, using some mod_rewrite voodoo, but having a whole set of directives that do all the hard work for you is a great feature. There is however, a catch. It won’t work out of the box with PHP sessions, or many other applications. I’ve ...

Sun V240 to X4100 : AMD vs SPARC

At work, we just migrated a database server from a Sun Fire V240 to a Sun X4100. This makes it the first AMD64 system we’ve put into production, and the performance advantage is staggering. I could post the benchmarks and various statistics, but I believe the following graphs from the cut-over paint a far more interesting and convincing argument for the price/performance benefit of Sun’s AMD64 offerings…

LigHTTPd and Apache - Symfony benchmarks

At work, we’re developing a brand new in-house CMS based on the Symfony framework. As it uses no mod_rewrite rules or other Apache dependencies and is a "clean break" for us, I figured it would be an ideal candidate for benchmarking under LigHTTPd, comparing it to Apache 2.2 in order to give me some statistics to compliment my last blog entry on the subject. The results from the "ab" Apache-benchmark tool are pretty stunning - although I’m still at a loss as to explain ju...

Migrating from Apache to Lighttpd

In my role as a sysadmin, the bulk of the Unix systems I administer are web servers, running the now standard open-source stack of Apache, MySQL and PHP (note that whatever my personal misgivings may be about those elements, they are pretty much the standard now and what’s been mandated at work). If you’re using PHP on Unix, it’s pretty much taken for granted that you’ll be running it through Apache via mod_php. In fact, it almost goes without syaing that if you’re doing a...

Nessus 3.0 released

While I’ve been preparing an update to the 2.2.6 Blastwave packages of nessus, Teneable just released their new 3.0 package - offering a whole host of enhancements including a very funky looking RSS feed for plugin updating, and major performance improvements to name just two. Except this time, I’m not doing my usual w00t-dance, and I won’t be packaging it, or even running it, for that matter.

Insanely cool new Sun servers

Yesterday, Sun announced the availability of their new CoolThreads powered servers. They’re powered by the latest incarnation of the UltraSPARC range of processors - so naturally, you get all the full binary compatibility assurances that brings. Sun are making much of the efficiency and "greenness" of these new boxes; but while I’m all for saving penguins and polar bears, what really stands out is the sheer performance these boxes bring. Check out the entry-level T1000 , f...