Degen.Net – “Get Your Geek On”

I recently encountered a problem on a Linux/Samba server – A full root drive. Much to my surprise I found that a single file was consuming over 80 Gigs – Hu?! Turns out the culprit was a log.XXXX.old file generated by the Samba process.

These potentially high growth log files live in the /var/log/samba directory. While supposedly limited in size growth by the “max log size = XX” setting in the smb.conf file, I learned the hard way that this file size limitation does not apply to the .old archive of the live file. After the current active log file reaches the size determined by the max log size setting, the contents are appended onto an ever expanding log.XXXX.old file.

So what are the options to mitigate or manage these files? Of course as admins we should always be more proactive in managing and monitoring our systems logs and diagnostics – but there are only so many hours in a day. To that end I’m researching methods of log suppression. So far all my digging indicates that a “log level = 0″ should cease all logging, but this does not appear to be the case as I see individual machine connection error logs continuing to generate.

So for now the symptom of a large log file has been identified, but the root cause as to why/how this file expanded remains a mystery.

No no, that’s not “txt” as in OMG – LOL – BFD txting; but rather my return to the romance of the CLI. Don’t get me wrong – I never stopped appreciating the unadulterated power of the command line, it’s just taken my need to leverage outbound SSH from multiple locked down networks to fully embrace the simple elegance of my home server ala putty.

Challenge – IMAP access from a restricted network

As I’m increasingly, “taking my show on the road”, I sometimes find myself in work enviormnets with limited, blocked or proxy access to the outside world (DAMN you PROXY!! – but that is a topic for another day.) Solution, get connected to my home server and connect to fire-walled resources from there. On a recent engagement I found that while most outbound traffic was allowed, IMAP was not. Web and SSH were being passed however; so in concept, the solution is basic enough – make an SSH connection to my home server, and run an IMAP client from there.

Already having an Mint Linux server (loves me some Mint), setup primarily for file serving, I simply opened SSH port 22 to the outside world. After connecting via Putty I required a textual mail client that would support IMAP. I’ll be honest, it’s been years since I’ve used PINE, so I was a bit unaware of what other CLI email clients are out there – fortunately I discovered “MUTT” – http://mutt.sourceforge.net/

Mutt can be a bit intimidating. While easy to install, like most Debian packages (sudo apt-get install mutt), the “Devil in the details”, is the not included by default, .muttrc config file. Yes you can read the project wiki or grab a sample one from others, but I found a web based automated builder tool – http://www.muttrcbuilder.org/ – it does the trick quite nicely, just add your custom elements and bingo. Within a few minutes I was able to check and clear mail with no client side setup other then establishing an SSH session – pretty slick!

Challenge – Secure VNC access of the Internet

So let’s say you only have that same SSH connection, but you need more visual goodness then a CLI email client can provide? Sounds like a you want a VNC connection – but how unsafe would that be to run over the Internet? Enter VNC (Port 5900) Tunneling via Putty.

First, launch Putty and enter the address you would like to connect to via SSH. Before establishing a session, look on the left hand side, you will see various configuration options. Expand the categories -> Connection -> SSH -> Tunnels. Select Tunnels add the following information under add new forwarded port:

Source Port 5900
Destination Port 127.0.0.1:5900

Now establish your SSH connection (Login), once connected open your VNC client and point the host back at your local machine – 127.0.0.1 and Bonus you’re all set.

So regardless your UI preference there’s an SSH solution out there for you – Enjoy!

As regular readers might know, this space has been a bit underutilized in the past couple of years – yes I did say YEARS. But I’m pleased to report that with a career change in the past month I again find myself back in the IT consulting field. And it is a welcome change indeed – there is nothing like the thrill of new customers, projects and technologies to keep the mind sharp and provide plenty to write about. I look forward to sharing more in the months to come – see you back on the road!

Some of you who follow my twitter ramblings know that I recently completed an evaluation of Ghost Solution Suite vs FOG for a major system cloning project we have at work. Below are my final findings and recommendation that lead our organization to select the Open Source package FOG over our existing Symantec product. Please note, that we were already using Ghost Solution Suite version 1.0 not the most recent 2.5. Therefore this evaluation is really weighing whether to upgrade to 2.5, stay on 1.0 or migrate to FOG.

To FOG or not to FOG, that is the question?

So I’ve spent most of the day evaluating Ghost Solution Suite to better understand just what capabilities it offers. I’m ready to report those findings, and I’ll say upfront, while I don’t want this to appear like a “bash fest” it might start to sound that way. None-the-less, here is what I’ve found in several key areas we should consider.

Manageability: Ghost uses a tried and true File Based Image management system, accessed behind an MMC plugin. The MMC does appear to offer remote capabilities, so once this tool is loaded on a third machine you can access the server remotely. This model is similar to the SAV 10 and below model (a model that has been discontinued in favor of a Java approach beginning with SAV 11. It is also worth pointing out that this MMC model precludes access from any clients other then Windows. FOG utilizes a Web browser access front end atop a database driven model, therefore any computer with a browser can manage the cloning server.

Manageability Advantage: Neither

Platform Support: Ghost really starts to show its age here, OS support only extends up to XP in the core product and only up to Windows 2000 for the accompanying 3Com PXE services (more about these below.) Since there are no patches for version 1.0 the only recourse for additional OS and File systems would be to purchase an upgrade to the a newer version. While Vista support is not key to us now, at some point we will need to migrate to Vista or Win 7, both of which use a newer version of NTFS than XP. FOG presently supports Vista, and has a track record of regular updates.

Platform Support Advantage: FOG

Hardware / Network Interoperability: Since Ghost 1.0 is already a few years old it suffers from a lack of current H/W and NIC support. This is compounded by the fact that it outsourced the PXE Network Boot tasks to an OEM software package from 3Com, which was even older then Ghost. 3Com Boot Services 1.02 is so old it does not officially support Windows XP, just up to 2000. On top of this, the built in Ghost method for adding network cards is NDIS driver based, meaning that if we are imaging a system with a new / different model NIC, the driver must be found for it and then a custom boot image must be loaded on a USB or DHCP/PXE server for each different NIC. Compared to the FOG methodology where a single generic Linux kernel is pushed out, that then has custom behavior on a system by system basis – there is no comparison.

Hardware / Network Interoperability Advantage: FOG

Inventory Functionality: Unlike FOG, Ghost has no H/W level inventorying system. Since FOG treats each piece of hardware it encounters as a unique record (ala the NICs MAC address) in a MySQL DB, it provides detailed hardware level reporting, independent of the image loaded on the system.

Inventory Functionality Advantage: FOG

Training and Learning Curve: Perhaps the strongest argument in favor of Ghost is its familiarity. It has been in place here for some time and running atop a consistent Windows interface makes it operator friendly. FOG is a Linux only application and therefore some training will be necessary. This should be minimal as all management is web based and with PXE Netbooting on clients, there is no requirement, once the server is operational, for any deep Linux knowledgebase.

Training and Learning Curve Advantage: Ghost

Licensing and Cost: Since it is possible that Ghost 2.5 (the current version) addresses many of the current versions shortcomings, price does come into the picture, as we would be required to get on support or worst case re-purchase the whole product. Comparatively FOG is bound by its GPL 3 license to always exist in a free and open form. FOG’s version history goes back 25 steps right now, and there is no indication that the project will soon be discontinued.

Licensing and Cost Advantage: FOG

Conclusion

Given the overwhelming feature superiority of the Open Source package, FOG, and it’s low barrier of entry, financially and in training, I’m confident in recommending we migrate from Ghost to FOG.

Just when you thought it was safe to Install the greatly simplified Windows 7…. Oh not so fast! ZD Net is reporting there will be at least six flavors available:

Windows 7 Starter Edition (for emerging market and netbook users)
Windows 7 Home Premium (the main “Media Center” equivalent)
Windows 7 Home Basic (for emerging market customers only)
Windows 7 Professional (the business SKU for home users and non-enterprise licensees)
Windows 7 Enterprise (for volume licensees)
Windows 7 Ultimate (for consumers who want/need business features)

Additional reading on this subject can be found at….

Dwight Silverman’s reporting on Microsoft’s many SKU’s and his experience loading Windows 7 on Netbooks.

Story from Engadget, complete with Screen Shot.

While my blog postings tend to avoid anything political, I can not help but to mull over what the next four years of a new administration mean for the tech world.

Throughout the campaigns virtually all the candidates exploited the power and reach of technology, from Ron Paul to Hillary Clinton. Whether via SMS or Web 2.0, there is no doubt that this (finally) was the year that the Internet and mobile devices really played a part in the outcome of a national election.

President Elect Barack Obama’s campaign got this from the start. The web, with its host of social networking sites and viral videos, was a game changer for Obama. Barack Obama and his supporters found a direct and pointed way to connect with our fast paced cyber enabled lifestyles.

Truly remarkable is the way that people opted in for this digital content. Regardless of how you voted, there is an eagerness among citizens nationwide to see if this spirit of transparency, immediacy and connectedness will be a hallmark of the comming administration. Are we witnessing the perfect nexus of technology and politics? Has the Internet matured to the point where it is a reliable, and in some cases the primary from of communication for citizens of the United States of America? (read: reached critical mass of mainstream users.)

An encouraging indicator of this is the newly launched http://www.change.gov/ web site. If there was such a site back during the Clinton to Bush transition, I never saw it. And it’s not a partisan observation to say this has less to do with politics and more to do with evolving technologies and the mainstream adoption, no make that expectation, of web communication vehicles.

I for one am very hopeful that technology initiatives like this and others we saw during the campaigns are the beginning of a more interactive form of government – perhaps one by the people, for the people and of the people.

I’ve been an ardent VMWare user and proponent for some time. But only recently have I had the opportunity to work with the VMWare flagship product, ESX Server. Let me just say…. Oh Good Lord!

Disclaimer: ESX is not for everyone, it is first and foremost a dedicated server product; not something you are going to load and play around with on a desktop pc. And until more recently, it has been a rather expensive endeavor, recently however, with the introduction of a freeware option (ala VM Server and Player), that has changed. VMWare ESXi is now free to use, and boosts the same Core Hypervisor as its costly big brother ESX. There is even an upgrade path to the fully licensed version, should you require the full VI3 management suite. If you have the datacenter class gear, and are in need of a full time Virtualized platform I can not stress enough how wonderful a solution ESXi is. I’m presently deploying ESXi on Dell servers (on select new models it is even available as a flash based boot module – for no charge!)

If your needs do not necessitate full time data center VM operations, you still should look at the latest incarnation of VM Server. Version 2.0 just went golden, and after playing with it on both Linux and Windows platforms the last week, I am equally impressed. Be forewarned, if you are a current VM Server 1.X user you are in for a shock – the new web based interface can be a little disorienting at first, but new and better functionality awaits. Just as before this product is completely free and absolutely suitable for production use.

Virtualization is unquestionably the wave of the future, both in servers and even on the desktop. If you have been waiting to dip a toe into the VM waters, wait no longer – with these new offerings from VMware now is the time to Virtulize!

As the rain pours down outside – the rennets of Hurricane Ike, sweeping north through Texas – I’m reminded of how desperately I long for a change in the temperature, some falling leafs, Football and a website redesign. Come’on doesn’t everyone associate all these things together?

It’s been a while since my last post, and yes, there have been BIG changes indeed. Headlining these  is  my new position with the Federal Courts, US Probation in Dallas. Its a Big and welcome change from the last ten years as a high-travel technology consultant. The projects are expansive, and will introduce new technologies to my daily experience.

Change is also coming to this site; after two years in its current form it’s about time for a redesign. Leading the list of new options is a move to a LAMPP based CMS like Drupal. I’ve also had lots of feedback requesting  more downloads, tech tips ad photos – I hear you all, and we’ll see what can be done.

Hello my old friends in the Blog-o-sphere! Been a while since I’ve posted as the wife and I where off in Europe on holiday, good stuff, maybe I’ll treat you with some pictures.

As the title indicates I have some very big news that I’ll be posting in the coming weeks, exciting changes and new opportunities! But for now I need to focus on getting back up to speed with everything from US politics, to the latest linux revs – three weeks without broadband can really mess with your head.

Ah the dog days of summer, kids out of school, family travel, and lots of recently released Linux Distributions! So taking advantage of all three, as my family is out of the house for the weekend, I poured on some serious geek-time and loaded pretty much every new(ish) build I could get my hands on.

The Old Standard: Ubuntu

No surprise here, I use Ubuntu daily on most of my desktops and servers. But, it’s worth a mention that this weekend I bid farewell to the goodness that has been my favorite release to date, Gutsy (7.10). It was actually not intentional, but after a few hours of wrestling to get the latest VMW Server 1.0.6 onto the box, I threw up the white flag and just rebuilt with Hardy, VMserver loaded just fine.

For anyone new to the Blog, you might not be aware of my disappointment with 8.04 LTS (see Ubuntu 8.04 – One Week in the Real World for more about this.) Despite its irritants, Hardy is working quite well on every system I’ve loaded / upgraded, and while server upgrades are always a bit more dicey than a desktop it was time for these two servers of mine to get overhauled.

BTW – 8.04.1 appears to be heading our way soon (Ubuntu 8.04.1 freeze of hardy-proposed.)  My guess is 8.04.1 is going to be the Hardy we all wanted to see from the get go.

A Venerable Veteran: Fedora

Red Hat / Fedora always will hold a soft spot in my heart as years ago it was the first distribution I used on a regular basis. Despite this affinity, I have not been a regular user of Fedora since version 6.0, this being the case it was high time to give 9.0 a try.

First, the positive – as always the Fedora artwork is beautiful! The legacy of wonderfully integrated and classy themes continues into Fedora 9, other distros take note. Also, the Live CD is a welcome new touch for Fedora (I think it was also in version 8.0, but it’s nice and new just the same.)

Sadly however, this was the shortest lived install of the weekend. After gawking at the gorgeous theme ended, I was left with a rather unimpressive desktop experience. Right off the bat I had problems connecting to Samba shares – not encouraging! A couple of lackluster hours and Fedora was off my test box and relegated back to infrequent use as a VM.

The Most Promise Yet?: OpenSUSE

Ok so maybe I’m just overly optimistic, but since I recently purchased an HP Mini-Note, which ships with SLED 10, I really want SUSE to be a great product – especially since getting Ubuntu loaded on my HP2133 is proving to be a challenge. Perhaps the new OpenSUSE 11 would have all the drivers I need?

But before I form impressions on new hardware, its only fair to give OpenSUSE a shake down on my tried and true desktop for a couple of days. Live CD, slick install, painless so far. Good (and very green) artwork, not nearly as sublime as LinuxMint, greets you – here however, the pleasantries end.

So the infernal “Slab” menu structure aside, navigation is still too difficult; finding key configuration and other applications was way to confusing. Then came the Yast updates. Slow and unresponsive as ever, and not nearly as clear about what is happening as Apt-Get. The final straw – shouldn’t installing the Nvidia driver improve monitor detection and performance? Not so much, after rebooting with the proprietary driver, my widescreen support (which had been working), failed; as did my desire to work any more with this distro.

Durable, Dependable: Debian

While I am a huge fan of the Debian package management system, I actually don’t have any production Debian systems at present. Since the last Debian box I installed was V4, I felt a little daring and gave Beta 2 of the forth coming Version 5 (Lenny) a try.

With no live CD/DVD, but a welcome GUI installer, getting started with this distro was no problem. At the point of this writing I am still working with Debian and will comment more in the coming days.

I will make this observation though, for a beta/development release I am actually surprised by how non ground breaking this major X.0 release appears to be. This is in striking contrast to the recent Ubuntu 8.04 release – chalked full of beta!

And now for Something Completely Different: GRML

So whenever you mix German engineering and Linux you are bound to get something like this Distro. A word of warning, if you think Knoppix is too geeky, read no further! While GRML has a similar pedigree with its better known sibling form the fatherland; Debian based, live cd with decompression of drivers and apps on the fly, GRML goes a step further by offering an array of UI options.

A textual menu greets you upon boot, cluttered with options for just about every light-weight GUI you have every heard of, and then some! If that is not nerdy enough for you, you can run command line applications from a circa 1983 text menu launcher with seemingly hundreds choose from. Don’t misunderstand me, I like GRML. And as a utility Linux / boot CD it’s handy in any arsenal, I just don’t plan on booting it on a daily basis.

Were did my weekend go? Guess I better pick one of these guys and get ready for Monday.