Sysadmin Appreciation Day

Posted: 2014-07-17 10:49:38 by Alasdair Keyes

Direct Link | RSS feed


The day will be here soon, appreciate your sysadmins for the hard work they do to make sure you can keep doing your work.

http://sysadminday.com/


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

JSON Resume

Posted: 2014-07-07 17:20:41 by Alasdair Keyes

Direct Link | RSS feed


Viewing Hacker News today, I saw a new project called JSON Resume.

JSON Resume is community driven open source initiative to create a JSON based standard for résumés. This is something I'd never thought about before, but is something that is in drastic need of standardisation.

Before the days of online recruitment and Digital CVs, a non-standard CV was a good thing. It let you stand out from the crown in a big pile of paper, drawing the eye of the recruiter.

Nowdays the opposite is almost true, you want your CV online and searchable by the largest amount of people, a complex or fancy CV might do you more harm than good. Many agencies will auto convert Word Document or PDF files into text that they can send out to prospective employers, but this would be even better if there were an overall standard format that could be used for everyone and easily searchable by recruiters and employers.

It has the benefit that the style can be separated from the content. Similar to the idea of CSS and HTML.

The project is in it's infancy and the specification is still a work in progress and will most definitely change in the near future, but I think it's worth supporting. To that end, please see my CV in JSON format


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

.uk Released

Posted: 2014-06-11 13:24:29 by Alasdair Keyes

Direct Link | RSS feed


Over the past few months many more TLDs have been released (Such as .wtf .ninja etc) and today the new UK TLD .uk was released.

This seems to have taken off in a big way, much more interest from customers than I'd expected. So, make sure you buy your .uk domain!

If you own the .co.uk, the .uk version has been reserved for you for 5 years, if you don't know where to register your domains, try Daily.co.uk


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Interactive Git Tutorial

Posted: 2014-05-09 09:34:29 by Alasdair Keyes

Direct Link | RSS feed


Useful tool if you're starting out with Git Version Control

https://try.github.io/levels/1/challenges/1


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Checking git repo integrity

Posted: 2014-04-08 16:31:03 by Alasdair Keyes

Direct Link | RSS feed


I was merging in code changes to my Dev VM this afternoon and I hit a rather nasty issue; I ran out of space on the virtual disk....

It wasn't difficult to sort the space issue, I created another disk in vmware and added it into the VM and used LVM/resizefs to increase the space available to the filesystem at which point I had plenty of space left to play with (I love LVM!).

Git status showed a list of modified files under the "Changes not staged for commit" section and a git diff off these files showed that they all had their content removed.

Not knowing what to do with my repo, I reversed the changed files with

$ git checkout -- file1 file2 ...

And then just merged in the chages again, this appeared to work but I wanted to be sure that nothing else had broken deeper in git.

I discovered the 'git fsck' command which took about 5 minutes to run and didn't show up any errors.

$ git fsck --full --strict 
$

All looks good. A useful command to remember.


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Critical OpenSSL Vulnerability

Posted: 2014-04-07 20:34:35 by Alasdair Keyes

Direct Link | RSS feed


If you're a sysad, you have no doubt already heard of the recent Heartbleed OpenSSL vulnerability. I won't rehash the details, but they can be seen on the links below. Just a reminder to make sure you update your systems, I can imagine that in a short period of time, people will be scanning systems to try and abuse it.

www.openssl.org/news/secadv_20140407.txt

http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Digital Ocean Articles

Posted: 2014-04-03 23:52:22 by Alasdair Keyes

Direct Link | RSS feed


Digital Ocean seem to be the new darlings of the Cloud world, and for good reason, their servers are great value for money with good performance. I'm looking to upgrade my VPS soon and I will be strongly considering one of their VMs.

One other thing that have made me respect them are their incredibly useful tech articles. I've recently been looking at MySQL clustering for a project I'm working on that could grow and need to scale. I came across MariaDB's Galera tool, which looks to be a good starting point for me.

The next question was how to set it up... never fear Digital Ocean had a clear and concise article on how to do it https://www.digitalocean.com/community/articles/how-to-configure-a-galera-cluster-with-mariadb-on-ubuntu-12-04-servers, what more could you want?

Have a read through their articles, you'll probably learn stuff you didn't even know you wanted to learn.


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

MySQL Tuner

Posted: 2014-03-28 16:18:08 by Alasdair Keyes

Direct Link | RSS feed


Sometimes an often overlooked source of poor system performance is the database. Developers and sysads can often become complacent and just continue piling data into a database without a second thought and assume that it will always carry on performing the way we'd like.

We had a mail server in our cluster at work performing poorly, and it appeared to be MySQL not keeping up with the amount of queries it was performing due to a high number of SMTP connections.

When checking the setup, I was surprised to see that no tuning had been done, even simple things like thread/table/query cache weren't enabled. Apparently these servers had slipped through the net as we'd not experienced any trouble with them before.

I broke out the trusty Mysql-Tuner http://mysqltuner.com/ tool, which should be at hand for any MySQL admin. It's an incredibly useful and easy way to diagnose simple and quick performance tweaks for your database.

It's a read-only script, so doesn't change your configuration, just alerts you to potential problems, so even if your DB is running perfectly, it's always worth running it just to see if you can improve something even further.


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

NFS v4 Callbacks in RedHat/CentOS Howto

Posted: 2014-01-03 16:05:49 by Alasdair Keyes

Direct Link | RSS feed


NFS callbacks are a feature introduced in NFS v4 to prevent deadlocks. If two clients try to access the same file, the server can recall the delegation via an asynchronous callback to one client should there be a conflicting request for access to the file from a different client.

Unlike other NFS services such as lockd or statd the callbacks are setup on the client and not the server.

This sounds good but it doesn't seem to have been implemented very well and no real documentation on exactly how to use it or the correct way to set this up. There's no default NFS callback port, it's up to the sysadmin to choose a port and set it.

There are many pages on the net explaining how you can echo a port number into a /proc path (Which doesn't work if the NFS file is auto-mounted before this port is set) Or by setting /proc values in /etc/sysctl.conf, which doesn't seem to work at all.

I did stumble across this solution, however...

Choose a port This is entirely up to you, for this example, we'll set port 10000

Open the firewall on the NFS client

 iptables -A INPUT -p tcp -m tcp --dport 10000 -m iprange --src-range x.x.x.x-x.x.x.y -m comment --comment "NFS TCP callback" -j ACCEPT

Set the callback port with modprobe Create a file called /etc/modprobe.d/nfscallback.conf with the following text

options nfs callback_tcpport=10000

Restart your NFS client and then check netstat to see if it's listening

# netstat -antp | grep 10000
tcp     0   0 0.0.0.0:10000        0.0.0.0:*      LISTEN    -

That's it all setup!


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

PowerDNS and BIND

Posted: 2013-12-19 23:02:37 by Alasdair Keyes

Direct Link | RSS feed


Since forever (well, sometime in the 70s or 80s when IT really was a Brave New World), BIND has been the software of choice for Linux/Unix based DNS servers on the internet.

.. and why not? It does what it says on the tin and gets the job done but I feel it's time has come. Over the past few years I've made the migration across to PowerDNS on my own DNS servers.

When PowerDNS was released in 2006 it's strong point was built-in SQL database backend support, which was only available in BIND through the use of the DLZ or SDB patches. These patches often required manual compilation, which is something I try not to do too often, it adds a lot of time and stress to systems updates. BIND has now incorporated the DB backend plugins into it's core, but PowerDNS had already whetted the appetite of system administrators with it's power and easy configuration.

PowerDNS's easy config highlighted to me just how much of a pain BIND's config was, after all, why use 3 lines of config when 50 will do? With Power Admin there is also a nice third-party web-based front end to manage it.

There are many pages listed on Google on how to configure PowerDNS if you wish to check it out (and I strongly recommend you do).

It provides both an authoritative DNS server and also a Recursive caching nameserver.

If you're running the authoritative nameserver it can be setup to recurse too but you need to provide a nameserver to recurse to which you sometimes don't have available (and maybe you don't want to use openDNS).

In this instance you can run both the authoritative and recursive services on the same machine and configure the authoratative server to recurse to the recursive server with only a small config change.

The problem with running both services is that they both try and bind to port 53, to fix this, use the following configuration

In /etc/pdns-recursor/recursor.conf, bind it to another port (e.g port 54)

allow-from=127.0.0.0/8
local-port=54

In /etc/pdns/pdns.conf

lazy-recursion=yes
recursor=127.0.0.1:54
allow-recursion=127.0.0.1, 10.0.0.0/24

The restart the server and test

# service pdns-recursor restart
Stopping pdns-recursor:                                    [  OK  ]
Starting pdns-recursor:                                    [  OK  ]
# service pdns restart
Restarting PowerDNS authoritative nameserver: stopping and waiting..done
Starting PowerDNS authoritative nameserver: started
# host google.com
google.com has address 173.194.34.110
...
google.com mail is handled by 10 aspmx.l.google.com.

Easy


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

IT Consultancy Services

I'm now available for IT consultancy and software development services - Cloudee LTD.



Happy user of Digital Ocean (Affiliate link)


Version:master-862fb90399


Validate HTML 5