The articles below are on various topics, though the majority are focused on some aspect of systems administration.
A recent thread in a local tech mailing list noted the impending closure of Pacific Solutions, an established computer retailer here in Portland. I was never a frequent customer—to get there I typically had to go out of my way—but the store had a knowledgeable staff and stocked industry-standard parts. I was saddened, though not surprised, at the news.
One contributor to the mail thread noted that back in the 1990s, there were quite a few independent computer retailers in and around Portland. “Then,” he wrote, “came Fry’s and Amazon.”
It’s true that small computer retailers have largely disappeared, but I don’t think that Fry’s and Amazon are the main culprits.
Spotlight searches on my Macbook Pro running OS X 10.10.5 (Yosemite) were failing. Worse, the smart mailboxes in Apple Mail weren’t working. Without smart folders, it takes me a lot longer to navigate my inbox every morning.
The solution was to force OS X to re-index my hard drive.
In November 2014, I wondered why the National Weather Services still uses all upper-case letters in its forecasts.
That anachronism remaining from the days of teletype machines is now scheduled to come to an end next month. NWS will only scream in all caps to alert readers to very hazardous conditions.
Whether or not it’s true that additional scenes were added to Suicide Squad to provide additional humor, I’m fairly convinced that the commercial success of films like The Martian, Guardians of the Galaxy, Deadpool, and The Avengers was in large part due to their good humor and jaunty tone.
Our team at work uses a group chatroom on a daily basis, though sometimes an hour or more will pass between flurries of messages. The chats are hosted on the enterprise-level Skype for Business Server.
During those lulls, and without warning, my Mac instant-message application Adium will silently timeout. One minute I’m connected, the next I’m not—but Adium offers no indication whatsoever of the change.
Once Adium is disconnected, I get no further messages even during the next message flurry. I’d say that ignorance is bliss, but I depend on that chatroom for information. Plus, my colleagues have a reasonable expectation that I’ll respond to their questions in a timely manner.
My temporary fix is a scripted keepalive.
The problem, briefly: Apache configured to authenticate via LDAP and authorize access only to members of a certain group, would not authorize a new user account that was clearly a member of that group.
The solution, briefly: The new user account had its primary group
identifier (GID) set to the authorized group, while all other users
were auxiliary members. The new user account had to be given an
memberUid entry within the group’s LDAP definition.
I’ve been playing with OpenStack at work, getting ready for a pilot project that, if approved, will launch in a couple weeks. I hope to have more entries on OpenStack installation, configuration, and usage later. Today, however, I began experimenting with cloud-init scripting and customizing a stock OpenStack VM image.
Someone at work encountered an interesting obstacle today. The problem was how to change ownership of files in transit to an NFS filesytem that squashed activity by user root. Solving it required a quirky shell one-liner that you may find interesting.
I don’t use unqualified hostnames for
ssh logins. They’re too dependent on local context. The command
ssh myhost leaves it up to the local DNS resolver to append a domain name to
myhost, and too often the local DNS resolver is influenced by a DHCP server of unknown provenance.
On the other hand, laziness dictates that I reduce the amount of typing I do to login, so the command
ssh myhost.mysubdomain.mydomain isn’t a winner for me either.
I’ve got quite a few servers currently running CentOS 6 that will over the course of the coming months be upgraded to CentOS 7. One of the allures of Linux distributions in the Red Hat family—including CentOS and Fedora—is the kickstart feature, which allows you to automate highly customized installations.
One problem I’m encountering is the CentOS 7 default of using so-called predictable network interface names. No longer can you assume the presence of
eth0; your first interface may be
eno1, or something wackier like
enp4s0f0. This causes issues in kickstart files which refer to a specific interface.
At work, we maintain a cluster of a dozen hosts dedicated to running virtual machines. The cluster is managed by oVirt version 3.4.4. Version 3.5 is current, but for a variety of reasons we’re sticking with 3.4.4 for a while yet.
The cluster nodes and the oVirt Engine, essentially the cluster controller, currently run Fedora 19. The standard Fedora life cycle is that “Release X is supported until one month after the release of Release X+2.” Since Fedora 21 was release earlier this month, Fedora 19 is near the end of its lifecycle.
So I thought it was time to try using Fedora 21 on a cluster node, the nodes being easier to update than the server running the Engine.
Getting Fedora 21 to work with Engine 3.4.4 took some work! The short version of the process is outlined below.
Quick background: Fail2ban scans system logs looking for entries that indicate network connections with malicious intent. When it finds enough such entries from a given IP address, it adds a firewall rule that blocks connections from that address for a given period of time.
In CentOS and Debian, Fail2ban is normally configured with a ban time of 600 seconds (10 minutes). That’s a safe default if you’re worried about locking yourself out of your system, but I don’t think it’s long enough to ward off persistent or obnoxious attackers.