Blog

Use a Bridge Virtual Interface when you want to have multiple router interfaces act as members of a single Ethernet collision domain, or bridge two separate network segments together.  Lots of wireless bridges use this function to attach their wireless clients to a local Ethernet.  Start by defining the bridge group:

router(config)#bridge 202 protocol ieee
router(config)#bridge 202 route ip

Then put some interfaces into that group:

router(config)#int faste31
router(config-if)#bridge-group 202
router(config-if)#int faste32
router(config-if)#bridge-group 202
router(config-if)#int faste33

Then, create the BVI interface:

router(config-if)#int bvi202
router(config-if)#desc new server cluster
router(config-if)#ip addr 198.22.62.65 255.255.255.240

Your BVI interface should be up, and all these formerly “router” ports should now be a transparent bridge.

(Why am I using BVI instead of VLAN on a bunch of Ethernet ports?  This particular switch is configured as a router, and it really wants to treat all the interfaces as router interfaces.  It insists it doesn’t know how to configure a VLAN.  I’m certain that Cisco has a reason for this, but their explanation might put me off my feed.)

RT offers many ways to manage workflow, but most of them create a separate ticket for each part of the workflow.  The tasks at my company are mostly serialized:  a request comes in, is worked on by person A, who hands it off to person B, who hands it to person C, who closes the request.  Opening a separate ticket for each of these isn’t efficient.  (The situation is different for parallelized tasks.)  I want a method to easily pass tickets from one person to the next. Continue reading “Request Tracker serialized workflow”

If you have a central auth directory, such as OpenLDAP, everything should authenticate against it, including your Web apps. Here’s how you set up a FreeBSD system to authenticate against your OpenLDAP directory. I did this on FreeBSD/i386 running 8.1-PRERELEASE, with Apache 2.2 and OpenLDAP 2.4. Before starting, make sure your OpenLDAP install is configured correctly. You should be able to successfully run ldapsearch(1) against your directory. If your base OpenLDAP install is busted, go no further. Continue reading “apache22 LDAP auth”

Storage is a pain.  I can spend lots of money to solve this problem, or I can find less expensive alternatives.  I’ve been using diskless servers lately, all served off of a big OpenSolaris machine.  (Why OpenSolaris?  It has a newer ZFS than FreeBSD.)  Performance is mediocre on NFSv2/3, and I want faster.  One obvious thing to try is iSCSI.

iSCSI requires targets (servers) and initiators (clients).  For this test I’m using OpenSolaris as the target and FreeBSD as the initiator.  For testing, both machines are running on ESXi, on older hardware that’s been removed from production.

Continue reading “OpenSolaris iSCSI ZFS COMSTAR target, FreeBSD initiator”

The summary of this post is: you can’t.

I have my Ubuntu servers talking to LDAP for authentication, but I want two other functions: ldap-sudo integration, and SSH with public keys via LDAP. Continue reading “tying ubuntu 10.04 LDAP to sudo and SSH”

Back when machines had 128MB RAM, kernel customization was important.  Today, most standalone machines have so much RAM that customizing the kernel is pointless — until you virtualize, that is.  If you can assign a virtual machine 128MB of RAM again, reducing kernel size again becomes useful. I have a lot of single-purpose virtual machines with puny memory allocations.

Continue reading “FreeBSD/amd64-current virtual kernel”