|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix |
2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008 |
2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 |
|
Switchboard | ||||
Latest | |||||
Past week | |||||
Past month |
|
|
Problem:As an administrator of SLES/OES Linux clusters or multiple SUSE Linux servers you are probably familiar with that fact that you have to make an identical change on more than one server. Those can be things like editing files, execute commands, collect data or some other administrative task.
There are a couple of way to do this. You can write a script that performs the change for you, or you can SSH into a server, make the change and repeat that task manually for every server.
Now both ways can cost an extended amount of time. Writing and testing a shell script takes some time and performing the task by hand on lets say five or more servers also costs time.
Now, wouldn't it be a real timesaver when you have only one console in which you can perform tasks on multiple servers simultaneously? This solution can be found in ClusterSSH.
Solution:
With ClusterSSH it is possible to make a SSH connection to multiple servers and perform tasks from one single command window, without any scripting. The 'cssh' command lets you connect to any server specified as a command line argument, or to groups of servers (or cluster nodes) defined in a configuration file.
The 'cssh' command opens a terminal window to every server which can be used to review the output sent from the cssh-console, or to edit a single host directly. Commands given in to the cssh-console are executed on every connected host. When you start typing in the cssh-console you'll see that the same command also show up on the commandline of the connected systems.
The state of connected systems can be toggled from the cssh-console. So if you want to exclude certain hosts temporarily from specific command, you can do this with a single mouseclick. Also, hosts can be added on the fly and open terminal windows can automatically be rearranged.
One caveat to be aware of is when editing files. Never assume that file is identical on all systems. For example, lines in a file you are editing may be in a different order. Don't just go to a certain line in a file and start editing. Instead search for the text you want to exit, just to be sure the correct text is edited on all connected systems.
Example:
Configuration files section from the man-page:
/etc/clustersThis file contains a list of tags to server names mappings. When any name is used on the command line it is checked to see if it is a tag in /etc/clusters (or the .csshrc file, or any additional cluster file specified by -c). If it is a tag, then the tag is replaced with the list of servers from the file. The file is formatted as follows:
<tag> [user@]<server> [user@]<server> [...]i.e.
# List of servers in live live admin1@server1 admin2@server2 server3 server4Clusters may also be specified within the users .csshrc file, as documented below.
/etc/csshrc & $HOME/.csshrcThis file contains configuration overrides - the defaults are as marked. Default options are overwritten first by the global file, and then by the user file.
Environment:
ClusterSSH can be used to any system running the SSH daemon.
- ClusterSSH RPM for openSUSE 10.2/10.3 and SLE10 are available through the openSUSE Build-service: http://download.opensuse.org/repositories/home:/martijn/
- The ClusterSSH sourcecode can be downloaded from: http://sourceforge.net/project/showfiles.php?group_id=89139
See also: Software Distribution
The following 10 items are guidelines more than rules, that I have learned over the years doing intensive work on the IT infrastructure. These guidelines are mostly common sense and can be helpful for anybody who administers an IT system, including Linux/Windows Administrator, Network Administrator and DBA.
- Keep it simple. In technology environment, keeping things simple takes lot more effort and maturity than keeping it complex. As an administrator, when it comes to implementing a particular functionality or solving a problem, there are always several options available. It is best to learn all the available options, including the complex ones to understand how it works. However while implementing, try to keep it as simple as possible. The option you choose should be simple and have the following characteristics:
- Easy to maintain in a long run
- Does not add additional over head to the system
- Solves the primary business/technical problem
Whenever you are in a dilemma of whether to choose a bleeding edge technology or proven technology that has been around for a while, always go with the proven technology for production implementation.
Everything should be made as simple as possible, but not simpler. - Albert Einstein
- Backup regularly. Is both your personal laptop and servers at work, getting backed up regularly? If not, stop everything you are doing now and implement a backup solution on those systems immediately. Seriously! Start planning for your backup right now. Everybody knows that backing up data on a regular basis is critical. Only those who got burnt out on few occasions without having a backup, really understands the importance of having a reliable backup solution. Don't learn the importance of backup after loosing your critical data.
It is only a matter of time, when you'll be in a situation where a system crashed, data got deleted accidentally or laptop with critical data is lost. Spend quality time and implement a reliable backup solution for both your personal laptop and servers at work.
- Test your backup regularly. I could've combined this as part of rule#2. But, I strongly believe testing the backup deserves special attention. I have seen on several occasions, where administrators thinks they have a valid backup, only to find out during disaster, they couldn't restore from the backup successfully. A backup solution without testing it on a ongoing basis is only as good as not having the backup. Just having faith in the backup that it will work is not good enough. You should have a process to test your production backup every month. You'll have a peaceful sleep at night just by implementing rule#2 and #3.
- Proactive Monitoring. Are you always working in a fire fighting mode? Is your users calling you to indicate that a system is down or having problem? Experienced administrators knows that they should spend majority of their time implementing solutions to avoid problems, instead of fixing the problems after it happens. Make sure to implement a strong monitoring solution that will monitor and alert you about a problem before it happens. You should never be solving the same issue more than once. Following two points will help you to achieve the proactive monitoring.
Sit and identify all the equipments, services and applications that needs to be monitored through out the enterprise. Define an acceptable warning and critical levels for those systems. Define who should be notified and how often they should be notified and the method of notification. Once you have these identified, spend time implementing a monitoring system.
Despite proactive monitoring, there will be times when you'll be putting out a fire. Once you put off the fire, the first question you should ask yourself: How I could've avoided this issue from happening? Once you have the answer for that, make sure to implement an appropriate monitoring solution to prevent this particular incident from happening in the future.
- Document Everything. You should document everything that you perform on the system. This is not a pleasant topic for administrators, as most of us hate to write documentation. An experienced administrators knows that documenting the environment and his work is key for his success and growth. I'm not talking about spending several hours creating a huge document with all fancy formatting.
Anytime you implement a solution or fix a problem, just scribble down the high level steps that was performed in a text file. You can simply copy/paste the commands you've executed along with one line description. This in itself is a huge step towards documentation for most administrators who are not used to documenting their work.
Following are some of the primary reasons for documenting every technical activity performed by administrators:
- Don't learn the same topic twice. When you implement something new, you have spend enough time learning the technology and understanding the steps to implement it on your specific environment. During this process, write down all the steps and refer to those steps the next time you want to perform the same task on a different server.
- There will be situations when you want to delegate tasks to others. For e.g. when you are going on vacation or when you want to delegate a particular routine task to a junior administrator who is eager to learn. If you had the practice of consistently documenting everything, you can simply pass those text file documentation to the other administrator.
- Sharing your knowledge with others is one of the efficient ways to grow your knowledge. So, document everything and share with others.
- Don't waste the valuable RAM space on your brain by remembering everything. Instead off-load some of the items from your brain's RAM to a simple text file and use your brain's RAM to explore new technology.
- Plan and Execute it well. When you are implementing a solution, have a clear plan on what you will do next and when. You should be Project Manager for your own tasks and projects. I.e Analyze all the potential risks involved in implementing a solution. Make sure to give sufficient time to test a particular solution. Come up with a clear test plan and get your users involved in testing process. On your next assignment, try the following and see the benefits for yourself. This forces you to think about all the possible scenarios even before you start the project.
- Write down the objective of your project. I.e What is the problem you are trying to solve. What is your success criteria on this project/task?
- List down all the tasks required to complete this particular activity and assign appropriate dates for it.
- Even when nobody is requesting you to complete a project by certain date, hold yourself responsible by putting a completion date for your project/task.
When you really get this implemented on the projected date, give yourself a pat on the back and enjoy your accomplishment. Planning and executing projects well on a consistent basis could potentially become one of a huge motivation factor for administrators to start taking up bigger and complex technology projects.
- Use Command Line more than GUI. Use the command line as much as possible. Whether you are configuring a VLAN on a switch or setting up LDAP/NIS authentication on a Linux server, always use the command line instead of GUI. Following are the advantages of using command line.
- You can do things very quickly on command line.
- GUI prevents you from understanding and learning the functionality happening behind the scenes.
Repetitive things can be automated easily using command line.- Your brain will have fun and Thank you for it.
- Automate repetitive tasks. If you perform a task more than once, you should find a way to automate it. It may be very tempting to do the repetitive tasks manually, as can complete the task quickly and know the exact steps to perform the task. But, avoid this temptation and spend some extra effort in automating the task, which will free-up your mind from thinking about that routine tasks. Once you've automated the tasks, you can use your time effectively in learning other new fun stuff.
- Support your users and developers. Administrators are technically very sophisticated and sometimes get frustrated with end-users who don't understand technology. But, keep in mind that you have your job mainly because they don't understand technology and need your expertise. When user reports an issue that is totally not related to the system and mainly because of user-error, be nice to the person and explain in a non-technical term about why this is not a system issue.
Sometimes developers may deploy something on the server causing some undesirable results. Don't get mad on them and blame the problem on the developer. Instead, help the developer to identify the root cause of the problem, by providing sufficient data from the system to narrow down the problem.
- Keep learning and have fun. If you have mastered the skill on how to do all the above 9 items effectively, you'll have more free time on your hand. Keep learning all the times. Anytime someone reports an issue, be curious and treat it as an opportunity to learn something new. Once in a while step aside your computer and spend quality time with your family. On top of all, have fun and enjoy doing the system administration activities.
Live as if your were to die tomorrow. Learn as if you were to live forever. --Mahatma Gandhi
About: Sysprof is a sampling CPU profiler that uses a Linux kernel module to profile the entire system, not just a single application. It handles shared libraries, and applications do not need to be recompiled. It profiles all running processes, not just a single application, has a nice graphical interface, shows the time spent in each branch of the call tree, can load and save profiles, and is easy to use.
Release focus: Minor bugfixes
Changes: This version compiles with recent kernels.
Author: Søren Sandmann
About: afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. You can then run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
Changes: The code now works with perl 5.10. On Windows, afick_planning now sends a report instead of a summary and uses the "LINES" macro. On Unix, a new MOUNT macro allows you to use a remote database in afick_cron. Udev files were removed from scan. The tar.gz installer was recoded to display better diagnostics.
About: Werc is a minimalistic content management system implemented as a collection of shell scripts written in the rc shell and taking advantage of other Plan 9 tools available on *nix systems as part of "Plan 9 from User Space". It is designed to be fast, simple, convenient, and easily extensible (you can easily integrate your own dynamic content with the rest of the site). It should handle well both small and big sites, including seamless multi-domain handling. All data is stored as plain text files without need of a database and there is support for blog directories with automatic RSS feed generation (including feed aggregation).
Changes: More minor fixes and improvements were made to prepare for 1.0. The configuration system is now more modular, flexible, and intuitive. Portability was expanded and setup was made easier. A minimal Web server in rc was added. Various cleanups of blog and .txt handling code were made. Many bugs were fixed, especially in sitemap generation code.
About: Logapp is a wrapper utility that helps supervise the execution of applications that produce heavy console output (e.g. make, CVS, and Subversion). It does this by logging, trimming, and coloring each line of the output before displaying it. It can be called instead of the executable that should be monitored; it then starts the application and logs all of its console output to a file. The output shown in the terminal is preprocessed, e.g. to limit the length of printed lines and to show the stderr output in a different color. It is also possible to automatically highlight lines that match a certain regular expression. The output is therefore reduced to the necessary amount, and all important lines are easy to identify.
Changes: There have been many code changes and cleanups all over the project. Additionally, multiplier prefixes for numerical parameters have been added, and the log file formatting has been improved.
A lazy sysadmin is a good sysadmin. Time spent in finding more-efficient shortcuts is time saved later on for that ongoing project of "reading the whole of the internet", so try Juliet Kemp's 10 handy tips to make your admin life easier...
- Cache your password with ssh-agent
- Speed up logins using Kerberos
- screen: detach to avoid repeat logins
- screen: connect multiple users
- Expand Bash's tab completion
- Automate your installations
- Roll out changes to multiple systems
- Automate Debian updates
- Sanely reboot a locked-up box
- Send commands to several PCs
About: pssh provides parallel versions of the OpenSSH tools that are useful for controlling large numbers of machines simultaneously. It includes parallel versions of ssh, scp, and rsync, as well as a parallel kill command.
Changes: A 64-bit bug was fixed: select now uses None when there is no timeout rather than sys.maxint. EINTR is caught on select, read, and write calls. Longopts were fixed for pnuke, prsync, pscp, pslurp, and pssh. Missing environment variables options support was added.
About: LBackup is a simple backup system aimed at systems administrators who require reliable backups with minimum fuss. It is configured with configuration files, and the backup is started from the command line. It has been tested for over 2 years. Backups can be to local media, or to remote media via one or more networks. The networks may be private LANs, WANs, or sets of untrusted public networks such as the Internet.
Changes: This release adds improved example backup action scripts, support for rsync v3 and rsync v3 compiled with additional MacOS X metadata support patches, and the ability to specify the sender name and return address used for email reporting within the mail configuration file. Details on compiling and installing rsync3 are available from the download page.
How many times has this happened to you: you want to access a remote server, but you can't because it is behind a firewall? I frequently found myself in such a situation when I needed to access my Internet-connected server running Linux, so I thought of a system where I could start controlling my server remotely via a simple email.
Of course, this solution had one crucial requirement: it had to be secure. The server had to respond only to senders who were identified and authorized, and the command sent to the server, along with its related output, had to travel over the wire in encrypted form. To meet these security requirements, I used the free GNU Privacy Guard (GnuPG) and some asymmetric encryption techniques (See Sidebar 1. Asymmetric Cryptography in This Solution).
GnuPG is the open source implementation of OpenPGP security software. To implement the message encryption, I employed a patent-free algorithm contained in GnuPG called the ElGamal encryption system.
This article demonstrates how my system enables you to remotely control your server in batch mode with signed and encrypted emails. It uses a fictional, authorized e-mail sender ([email protected]) and an example remote server ([email protected]) for the sender to inquiry. The server will run Debian Linux.
The Process Schema
The following are the steps involved in the process of controlling a server via email:
- Create the list of all authorized command senders (e.g., [email protected]).
- Let the sender generate private/public key pairs with GnuPG.
- Generate a private/public key pair with GnuPG for the server, which has the email address [email protected].
- Import the sender's public key on the server keyring and server's public key on the sender's keyring.
- Let the sender sign and encrypt the command to run remotely on the server, embed it in an email, and send it to the server address.
- Let the server download the email messages and process them with a script as follows:
- Verify whether the sender is authorized.
- Decrypt and run the command.
- Capture output from stdout and stderr, possibly killing hanging commands after a reasonable period of time.
- Sign and encrypt the outputs, embed them in an email, and send the answer back to the sender address.
- Let the sender read the server outputs, verifying and decrypting its reply.
About: Ttyutils is a suite of UNIX terminal tools. It includes ttyexec, ttylook, ttyadmin, and a few extension programs. ttyexec executes command in a pseudo terminal, captures all stdandard output from the command, and passes it to a built-in virtual terminal emulator and real terminal. ttylook is similar to the BSD watch(1) program, but has fewer limits and can interact with existing ttyexec instances. ttyadmin is a administrator tool which uses an ncurses interface to view and control existing ttyexec instances.
Changes: This version works on AIX.
About: xhelper is a tool to automate and control the desktop. It can resize windows, move windows, feed keystrokes to windows, run programs, and automate a group of programs
About: ToDo is a list manager in ncurses with a hierarchical representation of tasks. Each task has a title, a long text description, and a deadline (tudu warns you when the date is close). There are categories and priorities.
Changes: The tudurc file was moved from /usr/local/share/tudu to /usr/local/etc.
About: Key Scripter listens to key press/release events from a keyboard or a mouse and sends fake key events to an X display. It supports gaming keypads such as the Nostromo SpeedPad and allows the creation and usage of complicated key scripts for games and other applications.
Changes: This release contains a couple of minor bugfixes and an improved example configuration. The development status of Key Scripter is now stable.
About: Ortro is a framework for enterprise scheduling and monitoring. It allows you to easily assemble jobs to perform workflows and run existing scripts on remote hosts in a secure way using ssh. It also tests your Web applications, creates simple reports using queries from databases (in HTML, text, CSV, or XLS), emails them, and sends notifications of job results using email, SMS, Tibco Rvd, Tivoli postemsg, or Jabber.
Changes: Key features such as auto-discovery of hosts and import/export tools are now available. The telnet plugin was improved and the mail plugin was updated. The PEAR libraries were updated.
cgipaf is a combination of three CGI programs.
- passwd.cgi, which allow users to update their password,
- viewmailcfg.cgi, which allows users to view their current mail configuration,
- mailcfg.cgi, which updates the mail configuration.
All programs use PAM for user authentication. It is possible to run a script to update SAMBA passwords or NIS configuration when a password is changed. mailcfg.cgi creates a .procmailrc in the user's home directory. A user with too many invalid logins can be locked. The minimum and maximum UID can be set in the configuration file, so you can specify a range of UIDs that are allowed to use cgipaf.
Society
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
Quotes
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Bulletin:
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
History:
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
Classic books:
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|
You can use PayPal to to buy a cup of coffee for authors of this site |
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.
Last modified: April 22, 2019