dead.letter

A technical blog focusing on Linux, FreeBSD, DNS, security and virtualization.

2008-01-31

GUISE idea

GUISE stands for Grand Unified Interface for Systems Engineering. It's kind of a vague aspiration I have about how to better manage a collection of disparate systems in a holistic fashion. A major challenge in my line of work is competing with entropy and variance amongst the managed systems and devices.

Nagios has "hostgroups", cfengine has "classes"... both are essentially logical grouping of systems. Other examples of implicit groupings include VLAN or subnet assignments, Operating system type (i.e. Linux or FreeBSD) and DNS domain suffix.

Classifying systems makes alot of sense, because it simplifies management of them, instead of talking about x, y and z we just classify them collectively as p. So systems identified as p would be eligible for assignment to various service checks, configuration files and so on.

A natural complement to this would be something like Maintain which is a "web based management tool for DNS and DHCP". I see maintain as a possible candidate mechanism for assigning classifications which can be fed into cfengine, nagios, etc.

Another approach would be using LDAP to store system attributes and classifications, this would be a more natural and standard fit, but require more legwork up front.

So, I see these elements converging over time to something much better (open, flexible and secure) in the next few years. I'm pretty sure it can be done.

posted by delimiter @ 8:06:00 AM 0 Comments Links to this post

2008-01-24

The Best of FreeBSD Basics


I'm excited to get my hands on the recently published The Best of FreeBSD Basics by Dru Lavigne. I very much enjoyed her previous book BSD Hacks. The publisher Jeremy Reed is also a friend and I commend his efforts.

Richard Bejtlich gave it a nice review, which is a good sign.

Of course I've got to finish Absolute FreeBSD 2nd Edition first.

Labels:

posted by delimiter @ 9:53:00 AM 0 Comments Links to this post

2008-01-10

JFS 1.1.2 problem on CentOS-4

I've spent a good part of my morning wrestling with jfsutils. After upgraded one of our CentOS-4 boxes to 4.6 (which brought jfsutils-1.1.12) the system fails to boot. The problem appears to be caused by fsck.jfs specifically.

~ root@lu147>/sbin/fsck.jfs -f /dev/sdb1
/sbin/fsck.jfs version 1.1.10, 19-Oct-2005
processing started: 1/10/2008 10.53.26
The current device is:  /dev/sdb1
Block size in bytes:  4096
Filesystem size in blocks:  219726332
**Phase 0 - Replay Journal Log
**Phase 1 - Check Blocks, Files/Directories, and  Directory Entries
**Phase 2 - Count links
**Phase 3 - Duplicate Block Rescan and Directory Connectedness
**Phase 4 - Report Problems
**Phase 5 - Check Connectivity
**Phase 6 - Perform Approved Corrections
**Phase 7 - Rebuild File/Directory Allocation Maps
**Phase 8 - Rebuild Disk Allocation Maps
878905328 kilobytes total disk space.
        2 kilobytes in 4 directories.
        0 kilobytes in 0 user files.
        0 kilobytes in extended attributes
   167370 kilobytes reserved for system use.
878737960 kilobytes are available for use.
Filesystem is clean.

~ root@lu147>rpm -q jfsutils
jfsutils-1.1.10-4.1

~ root@lu147>yum update jfsutils
...
Updated: jfsutils.i386 0:1.1.12-1
Complete!

~ root@lu147>rpm -q jfsutils
jfsutils-1.1.12-1

~ root@lu147>/sbin/fsck.jfs -f /dev/sdb1
/sbin/fsck.jfs version 1.1.12, 24-Aug-2007
processing started: 1/10/2008 10.54.23
The current device is:  /dev/sdb1
Block size in bytes:  4096
Filesystem size in blocks:  219726332
**Phase 0 - Replay Journal Log
logredo failed (rc=-260).  fsck continuing.
**Phase 1 - Check Blocks, Files/Directories, and  Directory Entries
Unrecoverable error writing M to /dev/sdb1.  CANNOT CONTINUE.
Unrecoverable error writing M to /dev/sdb1.  CANNOT CONTINUE.
Unrecoverable error writing M to /dev/sdb1.  CANNOT CONTINUE.



See the bug report #0002598.

posted by delimiter @ 10:57:00 AM 1 Comments Links to this post

2008-01-05

ConchShell wiki reborn

I have reincarnated the Conchshell community wiki under http://conshell.net/

The main reason was to move it out from under my personal website, which could give folks pause when considering whether to contribute. Another was that conshell.net (note the phonetic equivalency) was available and it's a nice, short memorable domain name.

Anyway if you haven't seen it before I highly recommend it, there is a lot of good uber-geeky information there.

posted by delimiter @ 8:39:00 AM 0 Comments Links to this post