LDAP is awesome for central authentication, and even more advanced things like mail routing and database info. But there are some things that it doesn't handle like creating and later cleaning and archiving user home directories. Or easily pushing out authorized_keys files for ssh. This is where splatd comes in.
Splatd can create home directories based on criteria that it can gather from ldap(such as min and maximum uidNumber), can copy your authorized_keys file from ldap, handle .forward files for users(again gathered from ldap), and finally can archive, and later delete home directories for users based on the criteria that you specify.
Unfortunately splatd doesn't have a Debian(etch) package, but it's fairly painless to use install it from source, then take the config and init script from an Ubuntu package. The only thing to adjust in the init script is the location of the binary, and away you go. You can tell it how often to query ldap for updates(default is 10 minutes), and apply its changes.
Update: To get authorized_keys working, you'll need to copy ooo.schema and ooossh.schema to /etc/ldap/schema on all your ldap instances, which allows you to set the sshAccount objectClass, and under that sshPublicKey. You can have multiple public keys.
In my tests it worked very nicely, and I really liked how easy the config file was. I'm pretty sure all of these actions could be done by something like Puppet(which I'll be blogging next week), but splatd made it easy.
Update: Speaking of ldap, it appears that slurpd replication no longer works in 2.4(I'm guessing Debian Lenny) so I'll also be investigating changing that to the new "syncrepl" replication.
-T
Thursday, July 31, 2008
Thursday, July 24, 2008
Positive Stress
When is stress good? When it's a .deb package :) What does it do?
It allows you to put the CPU, memory, hard disk, or i/o systems (or all at once if you want) into a loop so you can do stress testing on your system. Why would you want to do that? Well, you can see how your application perform under load, or to identify a bad piece of hardware. Some examples:
Run a CPU test for 30 seconds
stress -c 10 --timeout 30s
Run a memory test for 60 minutes
stress -m 10 --timeout 60m
Run a combined test for 2 days:
stress -m 10 -c 5 -d 2 -i 9 --timeout 2d
Notice how you can specify the number of "hogs"(love that term) for each subsystem.
Be careful that the disk test(-d) will write files and may even fill up your disk(if it's small). Happened to me, but it was very smart and quickly removed its temp files, and exited with an error to let you know what happened.
Also, goes without saying, watch the load on your system and your logfiles to make sure you haven't DOS-ed any of your services. Of course you shouldn't run this outside a scheduled maintenance window, right? :)
It allows you to put the CPU, memory, hard disk, or i/o systems (or all at once if you want) into a loop so you can do stress testing on your system. Why would you want to do that? Well, you can see how your application perform under load, or to identify a bad piece of hardware. Some examples:
Run a CPU test for 30 seconds
stress -c 10 --timeout 30s
Run a memory test for 60 minutes
stress -m 10 --timeout 60m
Run a combined test for 2 days:
stress -m 10 -c 5 -d 2 -i 9 --timeout 2d
Notice how you can specify the number of "hogs"(love that term) for each subsystem.
Be careful that the disk test(-d) will write files and may even fill up your disk(if it's small). Happened to me, but it was very smart and quickly removed its temp files, and exited with an error to let you know what happened.
Also, goes without saying, watch the load on your system and your logfiles to make sure you haven't DOS-ed any of your services. Of course you shouldn't run this outside a scheduled maintenance window, right? :)
Tuesday, July 1, 2008
vnstat-daily network statistics from the CLI
I found vnstat a few days ago, when I was researching netflow monitors for Cacti. Cacti is great for providing a visual display of almost anything that you can query through SNMP, which, provided the extendability of SNMP, can be numeric output from any script over time.
Sometimes, it's nice to have a CLI tool though, that can provide both an active and a historical view of traffic on an interface.It would also be an added benefit, if you didn't _have_ to be root, and more importantly didn't need to sniff the network interface(which is usually quite CPU/memory intensive) vnstat fills this requirement very nicely, and it is an (k)ubuntu package, so just apt-get install it.
After you install it, you need to run
vnstat -u -i eth0 (or eth1, or whatever interface you want to monitor)
It's possible to monitor multiple interfaces
then wait a while for it to gather some data(it reads /proc btw), and then you can have it report by hour(-h) by day(-d) by month(-m) or top10(-t):
Example: vnstat -u -i ath0
ath0 22:56
^ r
| r
| r
| r
| r
| r
| r
| rt
| rt
| rt
-+--------------------------------------------------------------------------->
| 23 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22
h rx (kB) tx (kB) h rx (kB) tx (kB) h rx (kB) tx (kB)
23 0 0 07 0 0 15 0 0
00 0 0 08 0 0 16 0 0
01 0 0 09 0 0 17 0 0
02 0 0 10 0 0 18 0 0
03 0 0 11 0 0 19 0 0
04 0 0 12 0 0 20 0 0
05 0 0 13 0 0 21 0 0
06 0 0 14 0 0 22 3 1
Sometimes, it's nice to have a CLI tool though, that can provide both an active and a historical view of traffic on an interface.It would also be an added benefit, if you didn't _have_ to be root, and more importantly didn't need to sniff the network interface(which is usually quite CPU/memory intensive) vnstat fills this requirement very nicely, and it is an (k)ubuntu package, so just apt-get install it.
After you install it, you need to run
vnstat -u -i eth0 (or eth1, or whatever interface you want to monitor)
It's possible to monitor multiple interfaces
then wait a while for it to gather some data(it reads /proc btw), and then you can have it report by hour(-h) by day(-d) by month(-m) or top10(-t):
Example: vnstat -u -i ath0
ath0 22:56
^ r
| r
| r
| r
| r
| r
| r
| rt
| rt
| rt
-+--------------------------------------------------------------------------->
| 23 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22
h rx (kB) tx (kB) h rx (kB) tx (kB) h rx (kB) tx (kB)
23 0 0 07 0 0 15 0 0
00 0 0 08 0 0 16 0 0
01 0 0 09 0 0 17 0 0
02 0 0 10 0 0 18 0 0
03 0 0 11 0 0 19 0 0
04 0 0 12 0 0 20 0 0
05 0 0 13 0 0 21 0 0
06 0 0 14 0 0 22 3 1
Monarch and Childsplay
Monarch is another Nagios configuration tool like Fruity which I tried earlier. They're both written by Groundworks OpenSource, although Fruity appears to have stalled in development. In a nutshell it has a more powerful web interface, but also has more prerequisites in setup.
While Fruity required only Mysql and PHP, Monarch requires MySQL and lots of perl modules. The package comes as a .tgz(tested with 2.0.2), which includes an install script and a README.TXT file, which is fairly easy to follow. The only thing I did differently, is instead of using cpan as the README suggests, I installed the perl module Debian packages using apt-get. Here's the list of what it needed:
sudo apt-get install libcgi-session-perl libclass-accessor-perl libcgi-ajax-perl libxml-sax-perl libxml-libxml-common-perl libdbi-perl libdbd-mysql-perl libxml-libxml-perl libarchive-tar-perl
The install script, asks you several questions, many of which can later be altered on the web interface. After installation, it's easy to import your nagios configuration, simply by going to
Control->Main Nagios Configuration->Load from file and then to
Control->Load
The "load" dumps the database, and reloads it with the new data. This is a bit clunky, as they could've done it with version control, a new set of tables, or perhaps given the option to create a new database, but easily roll back to the previous one.
The interface is fairly easy to follow, and you can drill down from a hostgroup to hosts, and then their related services. The nice thing about all the levels in the tree is the pre-populated menus. For example when looking at services for a host, you can easily add a new service just by choosing it from the list. On the other hand, I didn't like the "copy" function the way it was implemented.
The export is a bit dissapointing in that it's not flexible enough. Much like Fruity, it will take a nicely laid out conf.d directory(and any subdirectories) and squish it into a single fileset. Also it still requires work
Conclusion: If you want a nice tool to get a better overview of your existing Nagios configuration(or if you're starting with a fresh configuration), and you'd rather click than edit config files, then Monarch is a nice tool.
Childsplay is a nice set of educational games for young children(ages 2-11). It features sound and number identification games, memory card games,easy picture puzzles, and for the older ones, typing, spelling and math.
One of the first things I really liked about Childsplay is that it starts out as full screen, so kids can't accidentally click outside the window and lose their game. The interface is easy and graphical and the icons and games are colorful and fun. And everything has audio feedback. My 22 month old thoroughly enjoyed it to her full attention span(about 10minutes). Highly recommended.
-T
While Fruity required only Mysql and PHP, Monarch requires MySQL and lots of perl modules. The package comes as a .tgz(tested with 2.0.2), which includes an install script and a README.TXT file, which is fairly easy to follow. The only thing I did differently, is instead of using cpan as the README suggests, I installed the perl module Debian packages using apt-get. Here's the list of what it needed:
sudo apt-get install libcgi-session-perl libclass-accessor-perl libcgi-ajax-perl libxml-sax-perl libxml-libxml-common-perl libdbi-perl libdbd-mysql-perl libxml-libxml-perl libarchive-tar-perl
The install script, asks you several questions, many of which can later be altered on the web interface. After installation, it's easy to import your nagios configuration, simply by going to
Control->Main Nagios Configuration->Load from file and then to
Control->Load
The "load" dumps the database, and reloads it with the new data. This is a bit clunky, as they could've done it with version control, a new set of tables, or perhaps given the option to create a new database, but easily roll back to the previous one.
The interface is fairly easy to follow, and you can drill down from a hostgroup to hosts, and then their related services. The nice thing about all the levels in the tree is the pre-populated menus. For example when looking at services for a host, you can easily add a new service just by choosing it from the list. On the other hand, I didn't like the "copy" function the way it was implemented.
The export is a bit dissapointing in that it's not flexible enough. Much like Fruity, it will take a nicely laid out conf.d directory(and any subdirectories) and squish it into a single fileset. Also it still requires work
Conclusion: If you want a nice tool to get a better overview of your existing Nagios configuration(or if you're starting with a fresh configuration), and you'd rather click than edit config files, then Monarch is a nice tool.
Childsplay is a nice set of educational games for young children(ages 2-11). It features sound and number identification games, memory card games,easy picture puzzles, and for the older ones, typing, spelling and math.
One of the first things I really liked about Childsplay is that it starts out as full screen, so kids can't accidentally click outside the window and lose their game. The interface is easy and graphical and the icons and games are colorful and fun. And everything has audio feedback. My 22 month old thoroughly enjoyed it to her full attention span(about 10minutes). Highly recommended.
-T
Subscribe to:
Posts (Atom)