For today is July 27th, I'd like to wish all system administrators, men or women, friends or foes, mcses or rhces, old or young, married or single, tall or short, thin or fat, with shoes or barefoot, lazy or hardworking, doing commercial or opensource, Happy SysAdmin Day!
We sure work harder(or hardly work) than some of you :p . And yet, they got one day specially dedicated for each of them. Well secretaries and others, you can have any other day of the year for all I care, but every last friday of July is SysAdmin Day. Secretaries usually will spend the whole day in saloon or any place with mirrors as they want to look elegant during dinner while Apek will joke and sing for them. And what about us? Well I dont want no singer(other than pussycat dolls or shania twain, sigh!) but a little appreciation will do(such as bonuses,lunch treat).
What are the things you really want to do on SysAdmin Day? Well, for me, I dont want anything special(a brand new notebook wont hurt though). Since we sure dont have an ample time to celebrate, just think of something that you cannot give us on any other day. Yes, just give me and other IT people a Peace of Mind.
We are not SpongeBob that has "Go to work" only in his to-do list. We dont hate users, we just can communicate better with machines than with them. And in most cases, machines understand us better too. Below are some of the things that you should avoid doing on the last Friday of July or any other times. For a full list, in case you want to print out as a reminder, go to here.
Dont do any critical things on the Friday, since if something could go wrong, you know how we are always dying to work on weekend.
Read the documentations/manuals before asking questions, do not wild-guessing the linux command with paramaters if you're not sure, use the manpages or I will 'lart -use "monkey wrench" ' you.
If something happened, just make up a story that can save your cute ars*, and let us digging up all the logs and let you know what really happened, we just love playing puzzle games with either missing or wrong pieces.
Shall you not listen, then just go ahead, make my day.
How are you going to appreciate us on SysAdminDay? I dont expect much of it. Do we deserve it? I think yes, we certainly do.
Friday, July 27, 2007
Happy SysAdmin Day
Wednesday, July 25, 2007
Ubuntu, err I mean I buntu
On my way to know and get a taste of Ubuntu, I've been trying to install Ubuntu 6.06 Server Edition LTS in latest Vmware Server, with no luck. After installation, it stuck at "Uncompressing Linux... Ok, booting the kernel". After googling here and there, there were some issues(dated back in 2006) about the Ubuntu 386 architecture kernel compatibility with the vmware server and also some notebooks. I used Dell Inspiron 510m with (only) 512MB and Intel Pentium M 1.6 GHz. There's a workaround back then, requires me to upgrade the kernel to 686 arch but I think it is already using the 686, or not. Moreover, the package linux-686(as suggested) is no longer exists.
#uname -a
Linux yoebuntu 2.6.15-26-386 #1 PREEMPT Thu Aug 3 02:52:00 UTC i686 GNU/Linux
-s, --kernel-name print the kernel name
-n, --nodename print the network node hostname
-r, --kernel-release print the kernel release
-v, --kernel-version print the kernel version
-m, --machine print the machine hardware name
-p, --processor print the processor type
-i, --hardware-platform print the hardware platform
-o, --operating-system print the operating system
# uname -s
Linux
# uname -n
yoebuntu
# uname -r
2.6.15-26-386
# uname -v
#1 PREEMPT Thu Aug 3 02:52:00 UTC
# uname -m
i686
# uname -p
unknown
# uname -i
unknown
# uname -o
GNU/Linux
Seems like it cannot identify the processor and the platform. Searching the package using apt-cache also failed to find the kernel package. So, that's a sign to call it a day. I'll be back.
Monday, July 23, 2007
Words That Make Me Who I Am Today
These are among saying, advices and critics (from people who care) that always stuck in my head while doing everything in life, and I'm thankful for that. Yes you can google for words of wisdom, but I'm more interested in the words I heard in daily life from people around me and from people that matters.
Nabi: Cinta pada dunia punca segala kejahatan.
Ayah: Jangan tinggal sembahyang, banyakkan baca Quran.
Jangan buat benda2 haram.
Mak: Banyakkan ibadah sunat.
Orang buat baik, kita buat baik, orang buat jahat, kita cuba buat baik.
Biar kita tunggu orang, jangan orang tunggu kita.
Wife: Selesaikan masalah satu-satu.
Buat kerja laju sikit.
Anak: Papa, jangan bawak keta laju.
Papa, jangan bising, adik nak tido!
Kakak: Jaga hati orang tua kita.
Kawan: Duit ni orang yang cipta, jangan hambakan diri pada duit.
Kerja kena berkualiti, Tuhan tak suka orang yang buat kerja nak tanak jek.
So the baby camel said "then what the hell are we doing in a zoo"
Arwah kawan: Yakin so kagho, jadi belako(in loghat kelantan).
Boss(and ex-bosses): You need a passion to get the job done in an enjoyable way.
Be proud of what you do, note it down in your Daily Activity Log.
I'm not saying that I'm gonna be here forever, but while you're here, you have to give your full commitment.
Sepupu: Untuk permulaan, kita cuba paksa diri kita untuk bersedekah, walaupun tidak rasa ikhlas sepenuhnya, sehinggalah dah jadi kebiasaan dan rasa ikhlas akan muncul.
Kalau kita sanggup buat tender sampai pukul 3 pagi, sepatutnya kita boleh beribadah lebih daripada itu.
Cikgu: In most cases, we are the one who decide how we want the environment to respond to us. If we are lazy and make long faces, then the environment will look bored and dull, just like in this class.
Kalau awak rasa awak bukan genius, tapi nak score exam, banyakkan membaca.
Radio: Kawan yang sebenar adalah kawan yang menegur bila kita melakukan kesilapan.
Kita jangan berlagak. Manusia ni lemah dan hina, nak tahan najis nak keluar pun tak mampu.-Ustaz Zawawi
Friday, July 20, 2007
A See Thru Firewall
A transparent firewall has some pros and cons. In OpenBSD, it use a bridging feature offered by the OS. I use a machine with 2 NICs, running OpenBSD 4.1 to build this perimeter fencing.
Pros:
On network, nobody knows it was there(except its coming from your big mouth)
Since it is ip-less, you can avoid the many hacking attempt(physical attempt is excluded), but still open for DDOS in rare cases.
Cons:
You cannot do anything related with IP on it(eg. NATting,dhcp,mail)
You cannot ping(for monitoring or testing or troubleshooting) since it is ip-less
You cannot ssh to it since it is ip-less(again). So anything, you have to face the coldness of the server cave.
How do you configure it. Well the rules in the pf.conf is up to you. What I know on setting up this poise machine is as below:
first create a file in /etc called bridgename.bridge0
and put these lines into it:
add bge0
add bge1
up
Save it and while still in /etc, create files called hostname.bge0 and hostname.bge1 and put this line into both:
up
Save it and go on editing /etc/rc.conf
search for pf=NO entry and change "NO" to "YES"
Save rc.conf and move on to the next file /etc/sysctl.conf and uncomment this line
net.inet.ip.forwarding=1
Provided you have pf.conf well-configured, restart the network and load the rules
#sh /etc/netstart
#pfctl -f /etc/pf.conf
Last but not least, to avoid some performance issue(kapla_hodot and I found an issue of duplicate packet or something, sorry I dont remember but I've read it somewhere) be sure to use only one interface to control the rules. The other interface should be all allow, for example:
external_if="bge0"
internal_if="bge1"
scrub in all
#allow all internal
pass in quick on $internal_if all
pass out quick on $internal_if all
#block all external
block in log on $external_if all
block out log on $external_if all
#your passing rules go here and just use "external_if" in your lines
That's about it, I dont want to drill down this firewall thingy, because there is already a firewall engineer post available nowadays(and I got a lot of other things to think about in life). Please let me know if I'm missing something. Else, voila.
Wednesday, July 18, 2007
Memory Lane - Tape Backup For Linux (Recovery)
A few days after using flexbackup as a backup tool, then I've reached the next phase in the procedure; Data Recovery. In other words, how'd you want to extract the data from the tape. Being absolutely vain in tape backup, I quickly typed 'ls' to view the content of the tape. Well, I wish it was that easy.
But it was not that difficult either provided you understand some basic things about a tape. Note to self: a tape is nothing like a cd where you can easily mount and unmount. A tape is not a folder where it holds all the files and sub-folder. It is just a media that use sequential access in archiving data instead of random access method used in disk.
So I compare the requirement given to me with what Flexbackup can offers. Flexbackup has an extract feature(--extract) and it also can read(--flist) a file that has list of archives to extract. That will do it. But first I need to get the list. So using tar -itvf and mt command, I end up with this tape-list.sh:
#
#!/bin/bash
# This simple script is to create a list of files from the tape.
# This list will be use to extract - [eg. tape-extract ]
tape="/dev/nst0"
# by yoe Dec,2005
help_usage()
{
echo "Usage: $0 filename "
exit 0
}
if [ $# -ne 1 ]; then
#echo "Usage: $0 [filename] "
help_usage
exit
fi
if [ -f "$1" ]; then
echo file exist!
echo choose another filename
exit 1
fi
tape=/dev/nst0
currentdir=`echo $PWD`
now=`date +'%Y%m%d'`
tempfile="temp.$now"
h=0
/bin/mt -f $tape rewind
/bin/mt -f $tape eod
lastcount=`/bin/mt -f $tape status |grep -i file |awk '{print $2}' |tr -d "number=" |tr -d ","`
echo "There are $lastcount blocks on the tape .."
echo
echo "Preparing to create filelist $2"
echo
/bin/mt -f $tape rewind
echo "Start creating filelist $2"
cd $currentdir
while [ $h -le $lastcount ]
do
tar -itvf $tape | awk '$1 !~ /V/' | awk '{print $6}' | sed -e 's/\.\///g' | grep "." >> $tempfile
h=$((h+1))
done
cat $tempfile | sort | uniq > $2
echo "Done creating filelist $2"
echo
#remove temporary file
#echo "Clearing temp files"
#echo
rm -rf $currentdir/$tempfile
#echo DONE
EOF
eg. #./tape-list list1.txt
so every files on the tape will be listed into a file called list1.txt. So, in list1.txt I just leave which ever file I need to restore and delete the unwanted. Then here's another script to extract the files listed in list1.txt called tape-extract.sh:
#!/bin/bash
# This simple script is for extracting files from backup.
# It requires a list that can be easily created using tape-list script
# by yoe Dec,2005
help_usage()
{
echo "Usage: $0 filename "
exit 0
}
currentdir=`echo $PWD`
logdir="/usr/local/test/log/"
now=`date +'%Y%m%d'`
logfile="tape-extract.log.$now"
flex_config="/etc/flexbackup.nst0"
if [ $# -ne 2 ]; then
help_usage
exit
fi
if [ -f "$2" ]; then
echo "extracting files into $currentdir"
h=0
/bin/mt -f $tape rewind
/bin/mt -f $tape eod
#/bin/mt -f $tape bsf 1
lastcount=`/bin/mt -f $tape status |grep -i file |awk '{print $2}' |tr -d "number=" |tr -d ","`
echo "There are $lastcount blocks on the tape .."
echo
echo Preparing to extract
/bin/mt -f $tape rewind
echo "Start finding and extracting files"
echo
cd $currentdir
while [ $h -le $lastcount ]
do
#/bin/mt -f $tape rewind
#/bin/mt -f $tape fsf $h
/usr/bin/flexbackup -c $flex_config -extract -flist $2 1>> $logdir$logfile 2>> $logdir$logfile
#/usr/bin/flexbackup -extract -flist $1
#/bin/mt -f $tape rewind
#echo h: $h
#echo 2m: $m
h=$((h+1))
done
echo "Done extracting"
echo "Create logfile named $logfile in log directory"
else
echo "file does not exist!"
echo
fi
EOF
eg. #./tape-extract list1.txt
Thursday, July 12, 2007
And You Say Having A Blog Is Easy
This is my first week as a blogger wannabe. All I can say is, blogging is not as innocent as it look. It just like a public digital diary, but men just dont want to admit they had a diary. So they just give it a more killing words - blog. Dont get pissed yet, I just made that up. People see you just like an emotionless guy doing his job, sitting lazily in front of the screen, finger-tapping the faded keyboard. But deep inside, I feel just like being tied up and blind-folded while watching Transformers (with Megan Fox of course) on the big screen. You got so much to tell, so much to write, but cannot put it into words. To make it more miserable, I got this issue on how to make your post expandable(yeah the Read more ... tags).
The Read More tags is a really a straight forward kinda thing, if you find the right info at the right place. Firstly, I just go for official blogger help - no go. After google-ing around for a few minutes, I came across, this retiree fella. So I tried the hack out and it works fine. And people will never satisfied of what they had. While waiting for the third party vendor to come, I went a bit further applying a javascript approach to make the post expandable. Worked alright.
But today, I find all the hacks not working. As suspected, the script is no longer available on the hosting site. Got some issue with traffic load and stuff. So, I have to upload the old template and touch here and there. I cannot imagine how can people with years of heavily customized blogs will survive if they just forgot to backup the template or simply lose it. They might want to take a crash course on how to die instantly.
But the good things, unlike some script writer, the owner felt responsible enough to provide a temporary workaround. So, I went back to the upload previous template and apply the workaround. A week in blogging, now I got 3 templates just for the sake of trying something new, and cost me several lunch time. I'm off to lunch *poof*
Tuesday, July 10, 2007
Utilizing netsh to Change IP Address
Most all the time, I will hanging out in different client sites that require me to change the IP Address and some other TCP/IP configuration. The usual way requires several combination of mouse clicks and keypress. This is when netsh come in handy (thanks to kapla_hodot for showing the way). Yes, you might know better, but since this is my blog so I want to put something useful to me as a noob system admin. This is just a note to self on how to create the netsh network configuration file.
For dhcp setting, first fire up your favorite text editor(notepad,ultraedit,vim etc.). Then, put this lines into the file.
interface ip
set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
bye
Then save it to the file called, say C:\dhcp.netsh
To test it out, go to the command prompt and type:
C:\>netsh exec dhcp.netsh
Here are the sample configuration for static IP Address:
interface ip
set address name="Local Area Connection" source=static addr=192.168.1.207 mask=255.255.255.0
set address name="Local Area Connection" gateway=192.168.1.5 gwmetric=0
set dns name="Local Area Connection" source=static addr=192.168.1.6 register=PRIMARY
add dns name="Local Area Connection" addr=202.188.0.133 index=2
bye
Note that the line
add dns name="Local Area Connection" addr=202.188.0.133 index=2
is intended to specify the secondary DNS.
Some people go all the way to specify a new file type, so that you can just simply double-click the file to run it. But for me, the current way is lazy enough to fit the purpose.
Memory Lane - Tape Backup for Linux
Remembering the first task given to me, to find a backup solution for server logs. Being given a Redhat 9 box (dont ask why), and a tape drive (stop asking!), I have to choose appropriate tools to get the job done. Yes, you can simply do backup using built-in commands such as tar, cpio, dump etc. But I've never done this before and I'm sort of short of time, so I needed a quick (some people called it dirty) way to do this. After numerous searh engine and reviews, I end up with flexbackup tool.
Why flexbackup? Firstly, it is flexible as it sounds. It's like a middle-man software, where you first decide what kind of archive you want to use (afio, dump, tar, cpio, star, pax, zip, lha, ar, shar) the backup device, logfiles etc. and it will take care the rest. In my case I use 'tar' as the archive type.
So I downloaded the flexbackup tarball and installed it on the machine. The tape drive (Dell PV100T) is connected to the server via SCSI interface. So on RH9, you might want to load certain module for the tape drive to be recognized.
[root@bekap]# insmod /lib/modules/2.4.20-8smp/kernel/drivers/scsi/aic7xxx_old.o
[root@bekap]# insmod /lib/modules/2.4.20-8smp/kernel/drivers/scsi/st.o
Use the mt command to check the status of the device. On linux with one tape drive, the drive may be recognized as /dev/st0(or nst0). As far as I remember, st0 and nst0 are reffering to the same device, with different condition. If you run a command using /dev/nst0, the tape will be rewinded first before the running the command. If /dev/st0 is used, the command will be run at the current location on the tape.
[root@bekap]# whatis mt
mt (1) - control magnetic tape drive operation
[root@bekap]# mt -f /dev/nst0 status
SCSI 2 tape drive:
File number=0, block number=0, partition=0.
Tape block size 0 bytes. Density code 0x25 (DDS-3).
Soft error count since last status=0
General status bits on (41010000):
BOT ONLINE IM_REP_EN
To automate almost everything(what a sys admin always do), I just need to write a simple and sluggish bash script that contains mt command to operate the tape drive, and flexbackup command to backup files/folders.
Let say I need to backup all files in directory called /var/log/msglog.
Here's what I did:
[root@bekap]# cat /usr/local/test/tape-backup-log
#!/bin/bash
# This simple script is to be run for incremental log backup
# by yoe Dec,2005
if [ $# -ne 1 ]; then
echo "Usage: $0 [full] [incremental]"
exit
fi
tape="/dev/nst0"
rew=`mt -f $tape rewind`
flex_config="/etc/flexbackup.nst0"
#rewind the tape
#backup /var/log/msglog
#echo "backup /var/log/msglog"
if [ "$1" = "full" ];
then
echo "backup full for msglog"
echo
$rew
flexbackup -c $flex_config -dir /var/log/msglog -level full &> /dev/null
$rew
echo "Done . Refer log directory for details."
elif [ "$1" = "incremental" ];
then
echo "backup incremental for msglog"
echo
$rew
flexbackup -c $flex_config -dir /var/log/msglog -level incremental &> /dev/null
$rew
echo "Done . Refer log directory for details."
else
If you want to minimize user intervention, than blow it to the cronjob
[root@bekap]# crontab -l
# after inserting new tape, rewind, erase and full backup every 1st of the month at 10:05 am
5 10 1 1-12 * /bin/mt -f /dev/nst0 rewind && /bin/mt -f /dev/nst0 erase && /usr/local/test/tape-backup-log full
# run incremental backup every thursday 11:30 pm.
30 23 * 1-12 4 /usr/local/test/tape-backup-log incremental
Finally make an appropriate schedule for tape replacement.
dirty enough?
Friday, July 6, 2007
Friday Blues
I'm not sure if this headache I'm having is closely related to the sprained shoulder pain that I had since last week . Or issit because I have 3 reports to compile before next friday. Or issit because of a small lump-look-alike just between my son's chin and his neck. Or issit just because the career path i've chosen.
Talking about the career path, today is last day for my colleague. Like he mentioned, he's moving to the greener side of the field. No matter how green is it, the grass I'm standing on is a bit tasteless now comparing when I first arrived. Still I have to munch as long as it pay my bills. As what I said during interview session, "You give me something, I give you something, if not more".
By the way, a big thanks to the company for sponsoring the Umrah package. It was a fantastic journey, spiritually. For that, I'll struggle to be a good system administrator, not to mention notebook cleaner, cable puller, scanner troubleshooter and last but not least helpdesk operator.
Thursday, July 5, 2007
Here I am
This is the first sentence I wrote on MY own blog. This is the second one. The main objective is to have a place I can save my stuffs and pics, and most importantly it is accessible from anywhere. And here goes nothing ...
