Degen.Net – “Get Your Geek On”

I recently encountered a problem on a Linux/Samba server – A full root drive. Much to my surprise I found that a single file was consuming over 80 Gigs – Hu?! Turns out the culprit was a log.XXXX.old file generated by the Samba process.

These potentially high growth log files live in the /var/log/samba directory. While supposedly limited in size growth by the “max log size = XX” setting in the smb.conf file, I learned the hard way that this file size limitation does not apply to the .old archive of the live file. After the current active log file reaches the size determined by the max log size setting, the contents are appended onto an ever expanding log.XXXX.old file.

So what are the options to mitigate or manage these files? Of course as admins we should always be more proactive in managing and monitoring our systems logs and diagnostics – but there are only so many hours in a day. To that end I’m researching methods of log suppression. So far all my digging indicates that a “log level = 0″ should cease all logging, but this does not appear to be the case as I see individual machine connection error logs continuing to generate.

So for now the symptom of a large log file has been identified, but the root cause as to why/how this file expanded remains a mystery.

No no, that’s not “txt” as in OMG – LOL – BFD txting; but rather my return to the romance of the CLI. Don’t get me wrong – I never stopped appreciating the unadulterated power of the command line, it’s just taken my need to leverage outbound SSH from multiple locked down networks to fully embrace the simple elegance of my home server ala putty.

Challenge – IMAP access from a restricted network

As I’m increasingly, “taking my show on the road”, I sometimes find myself in work enviormnets with limited, blocked or proxy access to the outside world (DAMN you PROXY!! – but that is a topic for another day.) Solution, get connected to my home server and connect to fire-walled resources from there. On a recent engagement I found that while most outbound traffic was allowed, IMAP was not. Web and SSH were being passed however; so in concept, the solution is basic enough – make an SSH connection to my home server, and run an IMAP client from there.

Already having an Mint Linux server (loves me some Mint), setup primarily for file serving, I simply opened SSH port 22 to the outside world. After connecting via Putty I required a textual mail client that would support IMAP. I’ll be honest, it’s been years since I’ve used PINE, so I was a bit unaware of what other CLI email clients are out there – fortunately I discovered “MUTT” – http://mutt.sourceforge.net/

Mutt can be a bit intimidating. While easy to install, like most Debian packages (sudo apt-get install mutt), the “Devil in the details”, is the not included by default, .muttrc config file. Yes you can read the project wiki or grab a sample one from others, but I found a web based automated builder tool – http://www.muttrcbuilder.org/ – it does the trick quite nicely, just add your custom elements and bingo. Within a few minutes I was able to check and clear mail with no client side setup other then establishing an SSH session – pretty slick!

Challenge – Secure VNC access of the Internet

So let’s say you only have that same SSH connection, but you need more visual goodness then a CLI email client can provide? Sounds like a you want a VNC connection – but how unsafe would that be to run over the Internet? Enter VNC (Port 5900) Tunneling via Putty.

First, launch Putty and enter the address you would like to connect to via SSH. Before establishing a session, look on the left hand side, you will see various configuration options. Expand the categories -> Connection -> SSH -> Tunnels. Select Tunnels add the following information under add new forwarded port:

Source Port 5900
Destination Port 127.0.0.1:5900

Now establish your SSH connection (Login), once connected open your VNC client and point the host back at your local machine – 127.0.0.1 and Bonus you’re all set.

So regardless your UI preference there’s an SSH solution out there for you – Enjoy!

Some of you who follow my twitter ramblings know that I recently completed an evaluation of Ghost Solution Suite vs FOG for a major system cloning project we have at work. Below are my final findings and recommendation that lead our organization to select the Open Source package FOG over our existing Symantec product. Please note, that we were already using Ghost Solution Suite version 1.0 not the most recent 2.5. Therefore this evaluation is really weighing whether to upgrade to 2.5, stay on 1.0 or migrate to FOG.

To FOG or not to FOG, that is the question?

So I’ve spent most of the day evaluating Ghost Solution Suite to better understand just what capabilities it offers. I’m ready to report those findings, and I’ll say upfront, while I don’t want this to appear like a “bash fest” it might start to sound that way. None-the-less, here is what I’ve found in several key areas we should consider.

Manageability: Ghost uses a tried and true File Based Image management system, accessed behind an MMC plugin. The MMC does appear to offer remote capabilities, so once this tool is loaded on a third machine you can access the server remotely. This model is similar to the SAV 10 and below model (a model that has been discontinued in favor of a Java approach beginning with SAV 11. It is also worth pointing out that this MMC model precludes access from any clients other then Windows. FOG utilizes a Web browser access front end atop a database driven model, therefore any computer with a browser can manage the cloning server.

Manageability Advantage: Neither

Platform Support: Ghost really starts to show its age here, OS support only extends up to XP in the core product and only up to Windows 2000 for the accompanying 3Com PXE services (more about these below.) Since there are no patches for version 1.0 the only recourse for additional OS and File systems would be to purchase an upgrade to the a newer version. While Vista support is not key to us now, at some point we will need to migrate to Vista or Win 7, both of which use a newer version of NTFS than XP. FOG presently supports Vista, and has a track record of regular updates.

Platform Support Advantage: FOG

Hardware / Network Interoperability: Since Ghost 1.0 is already a few years old it suffers from a lack of current H/W and NIC support. This is compounded by the fact that it outsourced the PXE Network Boot tasks to an OEM software package from 3Com, which was even older then Ghost. 3Com Boot Services 1.02 is so old it does not officially support Windows XP, just up to 2000. On top of this, the built in Ghost method for adding network cards is NDIS driver based, meaning that if we are imaging a system with a new / different model NIC, the driver must be found for it and then a custom boot image must be loaded on a USB or DHCP/PXE server for each different NIC. Compared to the FOG methodology where a single generic Linux kernel is pushed out, that then has custom behavior on a system by system basis – there is no comparison.

Hardware / Network Interoperability Advantage: FOG

Inventory Functionality: Unlike FOG, Ghost has no H/W level inventorying system. Since FOG treats each piece of hardware it encounters as a unique record (ala the NICs MAC address) in a MySQL DB, it provides detailed hardware level reporting, independent of the image loaded on the system.

Inventory Functionality Advantage: FOG

Training and Learning Curve: Perhaps the strongest argument in favor of Ghost is its familiarity. It has been in place here for some time and running atop a consistent Windows interface makes it operator friendly. FOG is a Linux only application and therefore some training will be necessary. This should be minimal as all management is web based and with PXE Netbooting on clients, there is no requirement, once the server is operational, for any deep Linux knowledgebase.

Training and Learning Curve Advantage: Ghost

Licensing and Cost: Since it is possible that Ghost 2.5 (the current version) addresses many of the current versions shortcomings, price does come into the picture, as we would be required to get on support or worst case re-purchase the whole product. Comparatively FOG is bound by its GPL 3 license to always exist in a free and open form. FOG’s version history goes back 25 steps right now, and there is no indication that the project will soon be discontinued.

Licensing and Cost Advantage: FOG

Conclusion

Given the overwhelming feature superiority of the Open Source package, FOG, and it’s low barrier of entry, financially and in training, I’m confident in recommending we migrate from Ghost to FOG.

I’ve been an ardent VMWare user and proponent for some time. But only recently have I had the opportunity to work with the VMWare flagship product, ESX Server. Let me just say…. Oh Good Lord!

Disclaimer: ESX is not for everyone, it is first and foremost a dedicated server product; not something you are going to load and play around with on a desktop pc. And until more recently, it has been a rather expensive endeavor, recently however, with the introduction of a freeware option (ala VM Server and Player), that has changed. VMWare ESXi is now free to use, and boosts the same Core Hypervisor as its costly big brother ESX. There is even an upgrade path to the fully licensed version, should you require the full VI3 management suite. If you have the datacenter class gear, and are in need of a full time Virtualized platform I can not stress enough how wonderful a solution ESXi is. I’m presently deploying ESXi on Dell servers (on select new models it is even available as a flash based boot module – for no charge!)

If your needs do not necessitate full time data center VM operations, you still should look at the latest incarnation of VM Server. Version 2.0 just went golden, and after playing with it on both Linux and Windows platforms the last week, I am equally impressed. Be forewarned, if you are a current VM Server 1.X user you are in for a shock – the new web based interface can be a little disorienting at first, but new and better functionality awaits. Just as before this product is completely free and absolutely suitable for production use.

Virtualization is unquestionably the wave of the future, both in servers and even on the desktop. If you have been waiting to dip a toe into the VM waters, wait no longer – with these new offerings from VMware now is the time to Virtulize!

Ah the dog days of summer, kids out of school, family travel, and lots of recently released Linux Distributions! So taking advantage of all three, as my family is out of the house for the weekend, I poured on some serious geek-time and loaded pretty much every new(ish) build I could get my hands on.

The Old Standard: Ubuntu

No surprise here, I use Ubuntu daily on most of my desktops and servers. But, it’s worth a mention that this weekend I bid farewell to the goodness that has been my favorite release to date, Gutsy (7.10). It was actually not intentional, but after a few hours of wrestling to get the latest VMW Server 1.0.6 onto the box, I threw up the white flag and just rebuilt with Hardy, VMserver loaded just fine.

For anyone new to the Blog, you might not be aware of my disappointment with 8.04 LTS (see Ubuntu 8.04 – One Week in the Real World for more about this.) Despite its irritants, Hardy is working quite well on every system I’ve loaded / upgraded, and while server upgrades are always a bit more dicey than a desktop it was time for these two servers of mine to get overhauled.

BTW – 8.04.1 appears to be heading our way soon (Ubuntu 8.04.1 freeze of hardy-proposed.)  My guess is 8.04.1 is going to be the Hardy we all wanted to see from the get go.

A Venerable Veteran: Fedora

Red Hat / Fedora always will hold a soft spot in my heart as years ago it was the first distribution I used on a regular basis. Despite this affinity, I have not been a regular user of Fedora since version 6.0, this being the case it was high time to give 9.0 a try.

First, the positive – as always the Fedora artwork is beautiful! The legacy of wonderfully integrated and classy themes continues into Fedora 9, other distros take note. Also, the Live CD is a welcome new touch for Fedora (I think it was also in version 8.0, but it’s nice and new just the same.)

Sadly however, this was the shortest lived install of the weekend. After gawking at the gorgeous theme ended, I was left with a rather unimpressive desktop experience. Right off the bat I had problems connecting to Samba shares – not encouraging! A couple of lackluster hours and Fedora was off my test box and relegated back to infrequent use as a VM.

The Most Promise Yet?: OpenSUSE

Ok so maybe I’m just overly optimistic, but since I recently purchased an HP Mini-Note, which ships with SLED 10, I really want SUSE to be a great product – especially since getting Ubuntu loaded on my HP2133 is proving to be a challenge. Perhaps the new OpenSUSE 11 would have all the drivers I need?

But before I form impressions on new hardware, its only fair to give OpenSUSE a shake down on my tried and true desktop for a couple of days. Live CD, slick install, painless so far. Good (and very green) artwork, not nearly as sublime as LinuxMint, greets you – here however, the pleasantries end.

So the infernal “Slab” menu structure aside, navigation is still too difficult; finding key configuration and other applications was way to confusing. Then came the Yast updates. Slow and unresponsive as ever, and not nearly as clear about what is happening as Apt-Get. The final straw – shouldn’t installing the Nvidia driver improve monitor detection and performance? Not so much, after rebooting with the proprietary driver, my widescreen support (which had been working), failed; as did my desire to work any more with this distro.

Durable, Dependable: Debian

While I am a huge fan of the Debian package management system, I actually don’t have any production Debian systems at present. Since the last Debian box I installed was V4, I felt a little daring and gave Beta 2 of the forth coming Version 5 (Lenny) a try.

With no live CD/DVD, but a welcome GUI installer, getting started with this distro was no problem. At the point of this writing I am still working with Debian and will comment more in the coming days.

I will make this observation though, for a beta/development release I am actually surprised by how non ground breaking this major X.0 release appears to be. This is in striking contrast to the recent Ubuntu 8.04 release – chalked full of beta!

And now for Something Completely Different: GRML

So whenever you mix German engineering and Linux you are bound to get something like this Distro. A word of warning, if you think Knoppix is too geeky, read no further! While GRML has a similar pedigree with its better known sibling form the fatherland; Debian based, live cd with decompression of drivers and apps on the fly, GRML goes a step further by offering an array of UI options.

A textual menu greets you upon boot, cluttered with options for just about every light-weight GUI you have every heard of, and then some! If that is not nerdy enough for you, you can run command line applications from a circa 1983 text menu launcher with seemingly hundreds choose from. Don’t misunderstand me, I like GRML. And as a utility Linux / boot CD it’s handy in any arsenal, I just don’t plan on booting it on a daily basis.

Were did my weekend go? Guess I better pick one of these guys and get ready for Monday.

With Ubuntu’s latest Long Term Support version (LTS) – Hardy Heron 8.04 now deployed on many of my systems, I’ve come up with some handy how-to’s and scripts that you might find useful, here are resources I use most often:

10 Tips for After You Install or Upgrade Ubuntu -

http://tombuntu.com/index.php/2008/04/25/10-tips-for-after-you-install-or-upgrade-ubuntu/

Get VMWare Server Going: Nice step by step to getting VM Server on Hardy – http://digitalbs.org/Site/Blog/Entries/2008/4/20_Installing_Vmware_server_1.0.5_on_ubuntu_8.04_lts.html

Create a consistent apt-get Script: Again and again I find myself loading the same apps on a new build. To simplify this I have come up with a uniform install script that you can run from a terminal window. Fast, uniform and beautiful. Click here for an example.

Mod out your fstab – I “Need” my servers and shared files often and accessible by both the GUI and CLI, so I like to mount them at boot and into virtual file system locations. You can do this with the a line similar to below:

//SERVERNAME/SHARE /YOURLOACALMOUNTPOINT smbfs dir_mode=0777,username=YOURUSERNAME,passwd=YOURPASSWORD,lfs 0 0

What are your Must have / Must perform steps on freshly built systems?

“Your Papers Please?”, says the homeland security officer with an accent reminiscent of something from a WWII Nazi Germany checkpoint. Corny, yes but this is how the inquisition is starting to feel upon your entry into the land of the Free.

Where once your greatest customs concern was staying under the limit of alcohol, tobacco and designer fragrances, now beware as your MP3s, ripped DVDs, Porn and illicit Warez are likely to land you and your computer in the pokey!

Now more then ever digital privacy is sounding like a good idea. Truecrypt, to the rescue! I’ve been playing with the free cross platform encryption now for a few weeks and I’m impressed!

Regardless whether you need to secure documents of a professional or personal nature, configuring a Truecrypt vault is the way to go. While the sensational nature of the RIAA and MPAA’s co-enforcement at US borders grabs headlines, striking a nerve with the tech savvy, the local security that Truecrypt offers is useful for many who have no plans of international travel anytime soon.

With over 50% of new system sales in the form of highly portable (easily stolen) notebooks, data encryption is not only desirable to keep out the prying eyes of governments and corporations, but thieves as well! Bear in mind that Truecrypt can be used on SD Cards, USB drives and other removable media.

Regards less your need for encryption, Truecrypt is a powerful, effective, easy to use and best of all Open Source solution – check it out at http://www.truecrypt.org/

As promised, I’m back with part two of my personal podcast selections.

Grammar Girl – http://grammar.qdnow.beta.libsynpro.com/rss

If your reading this blog post there is a good chance you are a blogger yourself, in which case this cast is a must for you. But regardless how you use the English language, Grammar Girl has helpful tips for you. Each installment of GG is quick and to the point, focusing on all kinds of grammar usage issues.

Linux Action Show – http://feeds.feedburner.com/TheLinuxActionShow

Begin tired old Cliché: “If you only listen to one Linux Podcast, this should be it!” Chris and Bryan are not only incredibly insightful and up on all the latest happenings surrounding the Open Source community, they put on one darn entertaining Podcast.

And if you want all the casts put on by this resourceful duo (like the afore mentioned CastaBlasta) you can subscribe to the unified Jupiter Broadcasting Feed at – http://www.jupiterbroadcasting.com/?feed=rss2

Linux Basement – http://feeds.feedburner.com/linuxbasement

Great Tutorials, Fantastic close-nit community and as if that is not enough, you get and Open Source Song every episode! Yes, you heard right an OSS “Song” performed by the ever talented Chad Wollenberg, host of the the Linux Basement.

Slashdot Review – http://slashdotreview.com/wp-rss2.php

Don’t have time to sift through all the great content on Reddit, Digg, Slashdot or a myriad of others, no worries, Andrew McCaskey does an amazing job editing and reading them to you. Under 15 minutes and you are up to date with the day’s tech/geek news.

Super Average Podcast – http://feeds.feedburner.com/SuperAveragePodcast

Looking for a great down to earth spiritual talk show? The interestingly named “Super Average Podcast” is a weekly round table of four everyday guys from different walks of life, talking about what faith means to them.

This WEEK in TECH – http://leoville.tv/podcasts/twit.xml

Leo Laporte, nuff said! Ok seriously if you have not ever heard of the “Twit Army” this is the Leo’s flagship podcast – part punditry, part news, part interview show, and plenty of random thoughts, This Week in Tech features a weekly round table (guests change from show to show) discussing the state of all things tech.

This will have to do for now, but you have gobs of stuff to listen to now, so find some new podcasts already.

Just as many other Ubuntu users, I could hardly wait with un-bridled enthusiasm for last week’s April 24th release of the final version of Ubuntu 8.04 “Hardy Heron.” My anticipation was heightened as this was to be a LTS (Long Term Support) release, and I have several projects pending, especially server builds that I want to install fresh on Hardy.

Before I launch into my one week review/opinion of Hardy, a little perspective is in order. I’m a daily user of Ubuntu (Gutsy and Dapper) and had been working with Pre-releases of 8.04 since about January. During this Alpha/Beta period, I encountered quite a few annoyances, but easily dismissed them due to the pre-release nature of the product. Those expectations changed however on April 24th.

Having been an Ubuntu user since Dapper (6.06) I have come to appreciate so many things about this Distro, from it’s Debian package management and repos to its fantastic user community and support, there is a lot to like. But perhaps more important then these, has been it’s rock solid nature and commercial grade releases. And as much as it pains me, after one week I have to question if Hardy was ready to go golden.

A Few Areas of Concern

Firefox 3 BETA? You put Beta software in a Long Term Support Distro? I know that FF3 is looking good (at this writing Beta 5), but I have already had to go and install Firefox 2 for some web sites to function properly. While this is not Canonical/Ubuntu’s fault – dictating production on Firefox – they should have realized this and favored the side of caution. Heck, when I’m on my Dapper boxes, I still use 1.5 and its no big deal. Yes, I get it, you want to be a bit visionary and cutting edge when working with a release that will be out for 3 – 5 years, but a core piece of software, as critical as the web browser should never go out “final” with a beta offering.

Samba Problems. I bugged a couple of SMB (client and server) problems to Ubuntu back in the A6 code, the final product still has critical bugs. I can’t even launch the Gnome Samba GUI tool without a fatal error. Daily I receive 10 or more bug reports on the system-config-samba system from bug tracker – What the heck? Aagin, Samba is way to critical a part of peoples infrastructure to ship an LTS version with fundimental problems.

Significant FSTAB syntax changes. Just yesterday, I discovered that my NAS units were not mapping (SMB/CIFS again) due too changed usage of the dmask clause. Ok call it petty, as this is not a full on Bug, but Good Lord, FSTAB fields have been a part of *nix systems for what 40+ years? And file masking – 777 has been the universally understood convention for full read/write/access in *nix since Bell Labs developed it – why did we feel the need to change the usage of a script I have personally been using for a couple of years now?

Don’t Fret Hardy Heron will be Uber!

My general feeling on this release is that it is just not fully cooked. In a few months, maybe only weeks, Hardy will be patched and ready for broad adoption. But why do this with your Flagship LTS offering? Unfortunately, Canonical/Ubuntu felt the need to hold the April 24th date, and shipped a product just a bit not as polished as previous builds. For now I will be holding off upgrading my production Gutsy boxes, but will build new systems with Hardy.

Last week I blogged about the state of the Satellite radio landscape and the many great alternatives to fee based subscription radio. But let’s face it no matter how many MP3s you have at some point you may want to listen to some talk radio style programming.

To that end I have found an assortment of audio podcasts that inform, educate and challenge me on a regular basis. Hopefully you will find something new in this list that sounds interesting (sorry no pun intended.) Note: these are all audio programs, there are some wonderful video casts that warrant consideration – perhaps I’ll save those another post.

CastaBlasta Show – http://www.castablasta.com/?feed=rss2&cat=1

Newer show I’ve started to enjoy that centers around geek/nerd/sci-fi and entertainment culture. Three regular hosts, the same creative team that developed the Linux Action Show, put out this weekly review/recap of the stories ranging from movies to video games, book reviews to toys for the not so grown-up.

CNET’s Buzz Out Loud – http://www.cnet.com/i/pod/cnet_buzz.xml

“Welcome to CNET’s podcast of indeterminate length episode number 5,294,387!” Ok well maybe that is a bit of an exaggeration, but Molly Wood and Tom Merit, should be awarded some kind of medal for consistency and longevity! BOL is a daily, yes DAILY, 30 – 40 minute tech news and commentary show, summarizing the happenings of Silicon Valley, Redmond, and the greater tech world. High production values, methodic consistency and great hosts make this a must listen for every techy.

Cranky Geeks – http://feeds.ziffdavis.com/ziffdavis/crankygeekspodcast

“Arg – visit my blog @ www.dvorak.org/blog/” Love him or hate him Dvorak is a fixture in the computer journalism world, if you look up tech pundit in the dictionary, you’ll the host of the Cranky Geeks there. If there was any doubt in your mind, the show name it truth in advertising, each week John assembles a panel of feisty technology specialists for thirty minutes of banter (ala his old Tech TV show – Silicon Spin.)

Daily Audio Bible – http://feeds.feedburner.com/dailyaudiobible

Less is more, and in the case of bible study Brian Hardin provides daily readings from the scriptures with heart felt passion, high production values and minimal commentary. Refreshing and simple Brian has been reading various translations every day for three years now. Regardless of your spiritual position, incorporating 15 minutes of the Bible into your day is always positive.

FLOSS Weekly – http://leoville.tv/podcasts/floss.xml

Open Source Software is changing the way we use technology in our everyday life; whether you know it or not you are most likely already working with OSS. To this end Randal Schwartz and Leo Laporte host this weekly show that focuses each episode on an Open Source technology, usually via an interview with the inventor or author.

Fresh Ubuntu Podcast – http://feeds.feedburner.com/freshubuntu

If you “Heart” Ubuntu – this is the show for you! Don’t me wrong, other Linux Distros are welcome, but Harlem and Peter’s first love is for Ubuntu. This weekly Linux round-up features news and helpful tips along with a health dose of whatever is irking the hosts all in fast passing hour long show.

Next post I’ll continue this list with six more great podcasts, till then – happy listening!