Category: Tech

There’s a nice tutorial on using HAST (Highly Available STorage) with UFS and ucarp.  That’s very nice, but in my failover scenario I can’t use UFS; a fsck would take too long, and a background fsck would be most likely to lose the data I’m most likely to need.  And FreeBSD comes with a kernel-side CARP implementation; why would I use the userland implementation instead?  So: the tutorial is great, except it doesn’t do what I want.  I’ll attack this problem in two phases:  one, get HAST with ZFS running, and experiment with it.  Two, get CARP failover to trigger HAST failover automatically.  (I believe I can use devd for CARP-initiated failover, but I’ll need to do further research on that.  That’ll be another posting.)  Today I’m experimenting with HAST and ZFS.  Continue reading “HAST and ZFS”

Daisuke Aoyama (Google translation) has created a kernel module to glue an iSCSI disk to a boot drive. While the driver was intended for use with iBFT, you can also use it with gpxeboot.  He has even made FreeBSD install ISOs with iSCSI support available.  The server has limited bandwidth, so start the download well before you want to use it.  (I have previously looked at using iSCSI disks on FreeBSD.)

Thank you, Aoyama-san!

I’m making an effort to work in the same way as my co-workers.  This means using a Windows laptop, after fifteen years of Unixish desktops.  I like to change desktop operating systems every couple of years anyway, so this isn’t a huge deal.  The new work laptop came with Windows Vista, HP Bastardized Overloaded Nagware Edition, so the company Supreme Leader got me a Windows 7 DVD and license.  I threw the disk into the laptop, kept hitting ENTER until the OS was installed, fed it my license key, and was up and running.  That almost destroyed my productivity forever.

Continue reading “Uninstalling Windows 7 Games, with Prejudice”

We got a new Synaccess NetBooter networked power switch.  Not only does this device do SNMP, but it supposedly reports on temperature and power utilization via SNMP.  These are useful things to alarm on, and even to graph.  So, I’m creating Cacti templates for them. Continue reading “my fourth Cacti template”

Rancid, or a similar program, is a necessity in network management.  You can find a decent rancid tutorial at http://www.joe-ma.co.za/page.php?9, so I’m not going to flog that dead horse.  I can’t expect my coworkers to learn either CVS or Subversion, however.  They want a pretty Web interface, or they won’t use the tool. Continue reading “rancid and cvsweb”

Use a Bridge Virtual Interface when you want to have multiple router interfaces act as members of a single Ethernet collision domain, or bridge two separate network segments together.  Lots of wireless bridges use this function to attach their wireless clients to a local Ethernet.  Start by defining the bridge group:

router(config)#bridge 202 protocol ieee
router(config)#bridge 202 route ip

Then put some interfaces into that group:

router(config)#int faste31
router(config-if)#bridge-group 202
router(config-if)#int faste32
router(config-if)#bridge-group 202
router(config-if)#int faste33

Then, create the BVI interface:

router(config-if)#int bvi202
router(config-if)#desc new server cluster
router(config-if)#ip addr 198.22.62.65 255.255.255.240

Your BVI interface should be up, and all these formerly “router” ports should now be a transparent bridge.

(Why am I using BVI instead of VLAN on a bunch of Ethernet ports?  This particular switch is configured as a router, and it really wants to treat all the interfaces as router interfaces.  It insists it doesn’t know how to configure a VLAN.  I’m certain that Cisco has a reason for this, but their explanation might put me off my feed.)

RT offers many ways to manage workflow, but most of them create a separate ticket for each part of the workflow.  The tasks at my company are mostly serialized:  a request comes in, is worked on by person A, who hands it off to person B, who hands it to person C, who closes the request.  Opening a separate ticket for each of these isn’t efficient.  (The situation is different for parallelized tasks.)  I want a method to easily pass tickets from one person to the next. Continue reading “Request Tracker serialized workflow”

If you have a central auth directory, such as OpenLDAP, everything should authenticate against it, including your Web apps. Here’s how you set up a FreeBSD system to authenticate against your OpenLDAP directory. I did this on FreeBSD/i386 running 8.1-PRERELEASE, with Apache 2.2 and OpenLDAP 2.4. Before starting, make sure your OpenLDAP install is configured correctly. You should be able to successfully run ldapsearch(1) against your directory. If your base OpenLDAP install is busted, go no further. Continue reading “apache22 LDAP auth”

Storage is a pain.  I can spend lots of money to solve this problem, or I can find less expensive alternatives.  I’ve been using diskless servers lately, all served off of a big OpenSolaris machine.  (Why OpenSolaris?  It has a newer ZFS than FreeBSD.)  Performance is mediocre on NFSv2/3, and I want faster.  One obvious thing to try is iSCSI.

iSCSI requires targets (servers) and initiators (clients).  For this test I’m using OpenSolaris as the target and FreeBSD as the initiator.  For testing, both machines are running on ESXi, on older hardware that’s been removed from production.

Continue reading “OpenSolaris iSCSI ZFS COMSTAR target, FreeBSD initiator”

The summary of this post is: you can’t.

I have my Ubuntu servers talking to LDAP for authentication, but I want two other functions: ldap-sudo integration, and SSH with public keys via LDAP. Continue reading “tying ubuntu 10.04 LDAP to sudo and SSH”