Archive for the 'Linux' Category

Got to play with the Motorola Xoom tablet

So I stopped by the local BestBuy store and played with the Motorola Xoom for a bit. Is it a really nice Android tablet? Absolutely. Is it nicer than the Apple iPad? Of course it is. It’s not even close. Is Honeycomb beautiful and a major leap for Android into the world of tablets? Yes, it’s really really is nice. Is the Motorola Xoom worth $799 and being locked into data plan? No, it isn’t. If Motorola wants to seriously challenge Apple they need to offer a wi-fi only version and drop the price by $200. End of story. Honestly if you don’t want an Android tablet that will require selling your children and body to science there are far better choices. Amazon has the the Archos 101 for $294. They also have the Archos 70 for $270. You buy also buy a Barnes & Noble Nook Color for $200 until March 3rd. You can install Cyanogenmod and make it a totally kick ass Android tablet and not just an ebook reader. Another option is get a Samsung Galaxy Tab for $499 (without contract) or $249 (with a 2 year data contract). Save your money and let the price of the Xoom come down. There is going to be a flood of Android tablets in the next year. Prices will drop. There will be many many options. In fact there already are.


So you want to be a Linux admin…

This is somewhat of a reprisal of some thoughts I shared on a recent episode of the LinuxLink TechShow.

I have been asked many times about being a Linux admin. After a few years of walking the walk and being in on a lot of interviews, I have compiled a few mental notes and thought I would share…

  • Get a cert.
    I have been doing Linux for a LONG time but I never had so many job offers until I got my RedHat cert and put it on LinkedIn. Once that happened I get, some weeks, upwards of 5 job offers per week. Seriously. These offers are also local – not like people are calling me to move out of state or even out of the area. The jobs are out there folks. Linux people are currently on the hot list. Just do it right and you should be a shoe in.
  • Know your stuff.
    Here’s the deal. You MIGHT run into a company where you can snow them into thinking you are a serious Linux guy even though you don’t know how to tell what directory you are in on the command line, but it sure won’t be MY company. I ask potential candidates lots of questions – ones that I am convinced that anyone that *actually uses Linux* should know. Make sure that you do. You should know all kinds of common Linux things down absolutely cold and this includes things like common userland commands, problem diagnosis and resolutions. If you don’t know the fix to a problem, you should be able and prepared to demonstrate that you can quickly find the correct answer / resolution.
  • Don’t rely on the gui.
    I used to think this was a given but after a dozen interviews it bears mentioning. You *cannot* correctly administer a hundred servers if you need to rely on gui tools. They may be handy in a pinch, but they are wildly inefficient. On the same tolkin, you should be familiar and comfortable with at least basic scripting. One of the questions I generally ask is if another administrator left your company, how would you change the root password on 100 servers in a hurry?
  • Do be familiar with Desktop Linux.
    Although I think it’s extremely important to be command line savvy on the server end of things, I am also convinced that a Linux guy should be comfortable with using it on the desktop as well. It always strikes me as strange when I ask a Linux guy what kinds of computers he has at home and what he uses them for and he (or she – it’s just a figure of speech) says they have a windows laptop that they only use for browsing the web and email.
  • At least feign interest.
    In my opinion, a Linux system administrator should be interested in Linux and system administration. Things like playing at home with different linux distributions, running your own home server, setting up , learning about and trying different Linux services are all big plusses.
  • Don’t BS on your resume (or resume inflation).
    A friend of mine I work with and I have this theory that a person’s actual skill level with Linux is conversely proportionate to the size of their resume. Actually, this goes back to that “Know your stuff” rule as well. Put the relevant things you know on your resume and *actually know them*. Trust me, I will ask you technical questions about the things you list on your resume and I *will* find out if you are lying. Inflated resumes may impress H.R. people but not the people who actually have to weed through them.
  • Shake hands like you mean it.
    When you come for an interview, if you offer to shake hands or take an offer to shake a hand, actually do it. Nothing weirds me out more than someone giving me one of those limp wristed, pantywaist, palm tickle handshakes. Grip my hand like you mean it and give it a good shake like you are happy to be there.
  • Be genuine.
    Don’t try and be someone you are not during the interview. Be yourself, relax a little, be honest. Don’t be overly cocky, snarky, apologetic or overtly eager. Also, try and dress decently and speak well. :)

That’s all I can think of right now – Knock ‘em dead!

Server Build

Last night on the TechShow I was asked about providing some info on a decent default server build. Here are some quick notes to get people going. Adjust as necessary.

Just for ease, here, lets assume you are installing CentOS 5, a nice robust enterprise class Linux for your server needs.

CentOS 5 / RHEL 5 / Scientific Linux, etc., does a really great job picking the defaults, so sticking with those is just fine and has worked well for me on literally hundreds of servers.

  • I let the partitioner remove all existing partitions and chose the default layout without modification.
  • Configure your networking appropriately, make sure to set your system clock for the appropriate timezone (no I do not generally leave my hardware clock set to UTC).
  • When picking general server packages I go for web server and software devel. I do not, generally, pick virtualization unless there is a specific reason to. I find that the web and devel meta server choices provide a robust background with all the tools I need to set up almost any kind of server I want without having to dredge for hundreds of packages later on.
  • The install itself at this point should take you about 15 minutes depending on the speed of your hardware.
  • Once installed, reboot the server and you should come to a setup agent prompt. Select the firewall configuration. Disable the firewall and SELinux completely (trust me here). Once that is done, exit the setup agent (no need to change anything else here), login to the machine as root and reboot it. This is necessary to completely disable SELinux.

From this point on it’s all post install config…:

  • Add any software repositories you need to.
    I not only have my own repo for custom applications, but also have a local RedHat repo for faster updates and lower network strain/congestion.
  • Install your firewall.
    I use an ingress and egress firewall built on iptables. While mine is a custom written app, there are several iptables firewall generator apps out there you can try.
  • Install your backup software.
    Doesn’t matter if this is a big company backup software like TSM or CommVault, or you are just using tar in a script. Make sure your system is not only being backed up regularly, but that you can actually restore data from those backups if you need to.
  • Add your local admin account(s).
    Don’t be an idiot and log into your server all the time as root. Make a local account and give yourself sudo access (and use it).
  • Fix your mail forwarding.
    Create a .forward file in your root directory and put your email address in there. You will get your servers root emails delivered to you so you can watch the logwatch reports and any cron results and errors. This is important sysadmin stuff to look at when it hits your inbox.
  • Stop unnecessary services.
    Yes, if you are running a server you can probably safely stop the bluetooth and cups services. Check through what you are running with a “service –status-all” or a “chkconfig –list” (according to your runlevel) and turn off / stop those services you are not and will not be using. This will go a long way toward securing your server as well.
  • Install OSSEC and configure it to email you alerts.
  • No root ssh.
    Change your /etc/ssh/sshd_config and set “PermitRootLogin no”. Remember, you just added an admin account for yourself, you don’t need to ssh into this thing as root anymore. Restart your sshd service after making the change in order to apply it.
  • Set runlevel 3 as default.
    You do not need to have a GUI desktop running on your server. Run the gui on your workstation and save your server resources for serving stuff. Make the change in /etc/inittab “id:3:initdefault:”.
  • Fix your syslog.
    You really should consider having a separate syslog server. They are easy to set up (hey, Splunk is FREE up to so much usage) and it makes keeping track of whats happening on multiple servers much easier (try that Splunk stuff – you’ll like it).
  • Set up NTPD.
    Your server needs to know what time it is. ‘Nuff said.
  • Install ClamAV.
    Hey, it’s free and it works. If you do ANYTHING at all with handling emails or fileshares for windows folks on this machine, you owe it to yourself and your users to run Clam on there to help keep them safer.
  • Do all your updates now.
    Before you go letting the world in on your new server, make sure to run all the available updates. No sense starting a new server instance with out of date and potentially dangerous software.
  • Lastly, update your logbook.
    You should have SOME mechanism for keeping track of server changes, whether it be on paper or in a wiki or whathaveyou. Use it RELIGIOUSLY. You will be glad someday you did.

ESXi and Subsonic

In continuation, somewhat, of my last post and a brief review on the last TechShow, I wanted to jot down some notes about my newest encounter with ESXi and Subsonic.

Subsonic

Subsonic

I wanted to try out Subsonic, so I really needed to put together a new machine to play with it a bit. As a RL System administrator, some things carry over into my home computing environment, and paranoia is one of them. I just *have* to test things outside of my “production” servers at home too. Since I run my servers in a virtualized environment, this shouldn’t be too much of a problem.

I run ESXi at home for my virtualization platform, and the norm there is to use virtualcenter (or the vic) to create and manipulate VMs. The problem there is I am just not a Windows fan (no kidding). I had gotten around this problem initially by creating a VM on VMware Server (running on Linux) and then using VMware Converter to move that VM to my ESXi machine. This time, I did a little more digging on the subject of using the command line to create those VMs natively and I actually found some great information that let me do just that. What I found was these two links that contain all the information I needed:
ESXi – creating new virtual machines (servers) from the command line
and
http://www.vm-help.com/esx40i/manage_without_VI_client_1.php

Without rehashing a lot of the detail provided in those two sites, the basics are using vmkfstools to create a disk image for you to use and then building a small minimal vmx file with enough info in it to get things going. To do the install, make sure have your vmx start an iso image from the cdrom drive and turn on vnc for the box. From there it’s quite easy to get an install working.

The server I decided upon installing is CentOS 5.5. I chose the standard server install and the only things that were required to get Subsonic working on it were:
yum install java-1.6.0-openjdk
and then to download and install the rpm from Subsonic’s website. A little later on I found that Subsonic would not stream my ogg files and that was easily fixed by:
rpm –import http://apt.sw.be/RPM-GPG-KEY.dag.txt
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm
yum install lame ffmpeg

After all that, pointing your web browser to http://:4040 and you are rocking and rolling with the big boys. The thing that really impressed me with the setup is when you tell Subsonic where your music is. On every other music server install this is the part where it takes a while to scan and index your music. With Subsonic this was surprisingly almost instantaneous! You tell it where the music is and *whamo* your music shows up, ready to be played. Fantastic! The other great piece is the ability to add album art. You can just tell subsonic to change your album art and it finds some suggestions on the web and will let you pick the correct one and save it to your collection. It’s very nice and a complete time grabber :)

Amazon Kindle, Subsonic and MusicBrainz

Kindle 3
   Early last week I had another burst of reading activity on my Kindle 3. Reading for me tends to come in spurts when the rest of my life doesn’t interfere and it had been a while. I loaded up the Kindle with some new goodies (Sh*t my dad says is hilarious, btw) and started peeling through not only the books but also the menus, setting things up just the way I like them.

RANT: As a side note here, why the heck are collections so freaking difficult to setup? I mean come on Amazon. Make them work by directory structure or something easy, or at least fix it so that when you add to collection, you are only shown books not already in another collection by default. OK, rant done :)

   Anyhow, as I was reading and setting up different collections, etc. I noticed a familiar recurring problem. The short history is when I got my Kindle 3 I noticed every so often the e-ink would not fully display, but only display VERY faintly. I called Amazon and they had me update the firmware but ut was really hard to tell if that fixed it as it was not a constant thing. Queue up last week and I notice this a LOT more. Not only while reading the books, but now in the menus, etc.. So, I called Amazon right up as they instructed me to do the last time I noticed this. They IMMEDIATELY sent me out a replacement. I mean I had it the NEXT day, during a snowstorm. There was no arguing, no listening to some low end tech worker flip pages on the other end of the phone, no shipping or return costs, no hassle whatsoever. THIS is what customer service is all about and it’s easy to see that Amazon stands behind it’s products. This is why I will always recommend the Kindle. I don’t know what the other guys service is like, but Amazon is absolutely tops every time I have had to deal with them.

Subsonic

   Shortly after I got my new Kindle (read hours) I got horribly sick (sinus infection) and have been that way for 4 or 5 days now. During my occasional bouts of lucidity and while waiting for the NyQuil to kick in again I was reading through my facebook posts and noticed Tom Higgins mentioning that he was enjoying using Subsonic, which is a new (to me anyway) software that manages your music collection for you. It’s a server side app with some seriously nifty clients you can run on you android phone, which made it catch my eye. I have (and still do for now) been using Kplaylist for quite some time and I really like it, but, hey, nothing wrong with checking out new things, right?

MusicBrainz

   Well, the thought of me trying out some new music collection software got me looking at my music collection. You know what this is like. I have been hanging on to my music in digital form for better than 10 years, so, it’s substantial / sizable, in different formats, mixed up, formatted and named badly, bad mp3 and ogg tags, etc.. What’s a guy to do? Well, I searched around a bit and found a whole lot of programs for Linux that will let you manually fix tags. Ick. With thousands to do I kept searching. I found a bunch of programs for windows and mac that will help you reorganize and fix your collection, and, eventually, I found ONE that will do the same on a Linux box. It’s name is MusicBrainz Picard I have been using it here and there (still sick) for a couple days now, sicking it on a directory of my music collection here and there. It sure beats doing this all by hand! It’s not perfect software by any means, but it sure will be a timesaver compared to the alternative and the more people that use it and update those databases, the better it’ll work. Check it ut, I think you’ll like it!

Epson Workforce 520

Epson Workforce 520

Epson Workforce 520


Some days things just go right. It’s been a while since that happened to me, hence the lack of posts lately. Well, that changed tonight…

I decided it was high time to get a new printer. I have been using used HP LaserJets for years and my last, a LaserJet 5 was finally starting to show some wear, not to mention hogging enough electricity to power a small city. I have also endured about 4 years of complaints that we didn’t have a color printer.

I checked out the stock of some local electronic stores online and spent an hour or two googling whether this or that model printer wold work under Linux. I actually wanted to grab the same printer Dann bought, just because I knew that one would work, however, I couldn’t find a local source. I settled on buying an Epson Workforce 520 from the local BesyBuy.

Setup was an absolute breeze. I unpacked it, followed the setup instructions to add it to my local wireless connection via the printer’s control panel. Then I headed to openprinting.org to grab the driver and installed it. It’s just a deb (or rpm) package so it was a click or two to install. After that I headed to Linux Mint’s printer config utility, told it to search for network printers and it was found and installed automatically with no fuss, no muss whatsoever.

Everything works, and I mean everything. This is one of those multifunction printers that not only prints, but faxes (actually I haven’t tried that and probably won’t), copies AND SCANS! After my initial test print, I fired up Mint’s “Simple Scan” which scanned a document I had on the printer easily and perfectly. I was amazed!

I believe I may have found the perfect wireless printer/copier/scanner to run under Linux Mint (yes, it’s wireless too, did I mention that). I know Linux printing has come a long long way, but this was trivially easy. If you are looking for a great new printer addition to your Linux setup, this is it!

What’s with the Lemur?

System 76 Lemur

System 76 Lemur


Nope, I am not talking about the curious little Madagascan primate, I am talking about the one from System 76!

It has been a while since I have done a review, but that doesn’t mean I haven’t been working one up :) At this past years Ohio Linux Fest I got to rub elbows with Carl Richell from System 76 who promised me the opportunity to review one of their masterpieces. After some killer anticipation, the unit arrived on my doorstep and it turned out to be their Lemur Ultra Thin laptop.

This lappy has a GORGEOUS 13″ display, a core-i3 proc, and the all the assorted (and working) ports, wifi, ethernet, sound, SUSPEND, etc., that you would come to expect. I did say working didn’t I? That’s important because, as retailer of Linux computers, it’s important to make the distinction that there is NO guesswork as to whether or not Linux will run on perfectly on it. It does :)

System 76 was nice enough to let me demo this thing for a long time, so it’s safe to say that I tested this thing out really well. I used it extensively at home to do my normal web surfing, video watching and music playing. I also used it for work where it was my portal for a bunch of system administration work, rdesktop and ssh sessions galore, plenty of terminals open with configuration scripts and php programming, connected through every kind of free and paid wifi you can think of, not to mention my work vpn. And a lot of that was all at the same time! This system performed more than admirably. I even used it at a work conference where I did splunk installs and testing without issue.

I am not sure what kinds of proprietary things that System 76 provides in its own packages, however everything in Ubuntu, the Linux distribution that System 76 ships with by default, runs perfectly. Then again, so did Mint 10, the other Linux distribution I installed and tested with. This left me with, literally, nothing whatsoever that didn’t meet my personal satisfaction :)

This laptop is very light, perfectly functional, very good looking and stunningly well designed and put together. It feels to me like a MacBook Air with a warp drive, and at literally half the price. In short, this is the laptop that I want to carry around (did I mention it’s light too)? I am hoping that Mrs. LincolnClaus is reading this. It would look great under the tree this year! I would gladly get rid of most of the rest of my laptop entourage to be able to carry one of these.

Hey, anyone want to buy a pristine condition used netbook? Or two? :)

Resize iscsi volume on RHEL 5

I have this ISCSI volume mounted on a RHEL 5 system that is running out of space. How do you grow your mounted iscsi volume? Good question!

* Unmount the volume. In this case it was /dev/sdb1 for me.
umount /dev/sdb1

* Grow the volume size on your san/nas (however your san/nas does this).
In my case - "Hey SanAdmin, can you add another 100gb of space to $volume?"

* In order to resize, your server needs to see that there is more volume space available, so you need to “service iscsi restart”.
[root@nile ~]# service iscsi restart
Logging out of session [sid: 1, target: iqn.2001-05.com.equallogic:0-8a0906-4cb5c3602-e9b001184684cc04-nile-splunk-index-archive, portal: nnn.nnn.nnn.nnn,3260]
Logout of [sid: 1, target: iqn.2001-05.com.equallogic:0-8a0906-4cb5c3602-e9b001184684cc04-nile-splunk-index-archive, portal: nnn.nnn.nnn.nnn,3260]: successful
Stopping iSCSI daemon:
iscsid dead but pid file exists [ OK ]
Starting iSCSI daemon: [ OK ]
[ OK ]
Setting up iSCSI targets: Logging in to [iface: default, target: iqn.2001-05.com.equallogic:0-8a0906-4cb5c3602-e9b001184684cc04-nile-splunk-index-archive, portal: nnn.nnn.nnn.nnn,3260]
Login to [iface: default, target: iqn.2001-05.com.equallogic:0-8a0906-4cb5c3602-e9b001184684cc04-nile-splunk-index-archive, portal: nnn.nnn.nnn.nnn,3260]: successful
[ OK ]

* fdisk /dev/sdb and delete the old partition (yes, delete it).
fdisk /dev/sdb
Command (m for help): d
Selected partition 1

* Create a new bigger partition over top / in place of the original.
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-26109, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-26109, default 26109):
Using default value 26109

* Run e2fsck on the partition.
e2fsck -f /dev/sdb1

* Resize it.
resize2fs /dev/sdb1

* Finally, mount it back up!
mount -a (yes mine was listed in fstab)

RHEL 6 is here!

As many of you know, RedHat released RHEL 6 recently. I just finally got a chance to install the production version and thought I would share some of my immediate notes:

RHEL 6 Installation Notes: (text/net install)

No boot.iso available. Must use the ENTIRE installation DVD to boot, even for a network install.

Press tab at the boot splash to enter extra parameters – “linux text askmethod” worked appropriately.

Askmethod prompts for URL rather than http or ftp and has you put the entire URL in one line instead of splitting into server / location like RHEL 5 did.

Installer does not ask for registration number – must be done through rhn_register *after* installation has completed.

Install does not ask you for “types” like RHEL 5 did (webserver, virtualization, development).

Post install does not have configuration menu where you can change authentication, firewall/selinux, system services, etc..

That’s about where I am with this right now. The install is reminiscent of RHEL 4 in a lot of ways. I am sure things will change and improve like they always do. The one clearly needed addition right now, though, as far as I am concerned is a boot/netinstall.iso image.

Diagnosis: Paranoia


You know, there are just some things you do not need first thing on a Monday morning. This was one of them…

I came and and started reviewing my reports and was looking at an access report, which is basically a “last | grep $TheDateIWant” from over the weekend. I keep a pretty tight ship and want to know who is accessing what servers and when (and sometimes why). What I saw was monstrously suspicious! I saw MYSELF logged in to 3 different servers 3 times each around 5am on Sunday morning – while I was sleeping.

This is the kind of thing to throw you into an immediate panic first thing on a Monday morning, but I decided to give myself 10 minutes to investigate before completely freaking out.

The first thing I noticed was that the access/login times looked suspiciously like the same times I ran my daily reports on the machines, however, the previous week I had changed the user that runs those reports and this was still saying it was me. I double, triple and quadruple checked and searched all the report programs to make absolutely sure there was no indication that they were still using my personal account (which was probably bad practice to begin with btw). Then I scoured all the cron logs to see what was actually running at those times, and oddly enough, it was just those reports.

I looked through the command line history on those machines and checked again the “last | head” to see who was logging on those machines. Nothing out of place BUT with the “last| head” I was NOT listed as being on the machine on that date! So I ran the entire report command again “last | grep $TheDateIWant” and there I was again, listed right under the logins of the report user.

Anyone catching this yet?

What I had stumbled upon were a few machines that are used so infrequently that the wtmp file, which is what the “last” command uses for data, had over 1 year of entries. My search of “last | grep ‘Oct 31′” was returning not only this year, but my own logins from last year as well.

WHEW!

Moral of the story? Mondays stink – Just stay home!

« Previous PageNext Page »