Monday, May 30, 2005

What it takes to be a system administrator?

I found this interesting article "What it takes to be a system admin?". I'm interested to know how exactly the work system admin is due to the fact that I have no formal training in this field, I think I should make an effort to be one. Like ones say, "experience is the best teacher". No one shouldn't agree with this statement. This is why we need practice (a lot). During the practice, we will encounter mistakes. With that, you'll know what's the best, what's good and what's bad and what's the worst thing to do.

Let's take a look at the key points of being a system administrator:

  1. Change your mindset -- The true SA is a combination caretaker, security guard, and baby sitter
  2. Learn new toolsets -- If one wants to move into the corporate arena, then you must be able to take whatever tools are laying around and get the job done. This means the ability to learn new tools and to use old tools in new ways.
  3. Learn to handle pressure -- Expect to have to work with others looking over your shoulder. It adds a new level of pressure to have a Senior VP of a billion dollar company watching you type! (Or just the guy who signs your paycheck.)
  4. Never start from scratch. Find something close and modify -- For scripting, start with the boot up scripts (/sbin/init.d, /etc/rc.d, etc)
  5. Hang out with experts -- Don't be afraid of appearing ignorant. Fear staying ignorant
  6. Practice good debugging habits -- Understand it the way it is (broken) before you try to fix it
  7. Learn manually, then codify -- Remember the commands by writing a script for them and commenting the script.
  8. Document what you do -- Comment your scripts liberally. The best comments (IMHO) are the ones that explain 'Why?'.
  9. Learn to share -- Share what you've learned with others (that's why I'm doing this page)
  10. Remember to have fun -- Make Unix your passion, not just your job. Don't consider becoming a SA if it isn't your passion.
Source : Jim Wildman's Moving To The Big Time

Thursday, May 26, 2005

What is ethernet bonding?

In the new building, there will be 3 lines of broadband connection to the internet. I am thinking to make 'bonding' or port-trunking (cisco term) in order to provide load balancing and fault-tolerance connection. I have done this for dialup lines a few years ago. But this one is for ethernet. Every modern kernel supports this feature. Now let's take a look at what bonding is all about...

What is bonding?
Bonding is the same as port trunking. In the following I will use the word bonding because practically we will bond interfaces as one.

#!/bin/bash

modprobe bonding mode=0 miimon=100 # load bonding module

ifconfig eth0 down # putting down the eth0 interface
ifconfig eth1 down # putting down the eth1 interface

ifconfig bond0 hw ether 00:11:22:33:44:55 # changing the MAC address of the bond0 interface
ifconfig bond0 192.168.55.55 up # to set ethX interfaces as slave the bond0 must have an ip.

ifenslave bond0 eth0 # putting the eth0 interface in the slave mod for bond0
ifenslave bond0 eth1 # putting the eth1 interface in the slave mod for bond0

You can set up your bond interface according to your needs. Changing one parameters (mode=X) you can have the following bonding types:

mode=0 (balance-rr)
Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.

mode=1 (active-backup)
Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.

mode=2 (balance-xor)
XOR policy: Transmit based on [(source MAC address XOR'd with destination MAC address) modulo slave count]. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance.

mode=3 (broadcast)
Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.

mode=4 (802.3ad)
IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.

Pre-requisites:
1. Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
2. A switch that supports IEEE 802.3ad Dynamic link aggregation.Most switches will require some type of configuration to enable 802.3ad mode.mode=5 (balance-tlb)

Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

Prerequisite:
Ethtool support in the base drivers for retrieving the speed of each slave.mode=6 (balance-alb)

Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server.

The most used are the first four mode types...

Also you can use multiple bond interface but for that you must load the bonding module as many as you need. Presuming that you want two bond interface you must configure the /etc/modules.conf as follow:

alias bond0 bonding
options bond0 -o bond0 mode=0 miimon=100
alias bond1 bonding
options bond1 -o bond1 mode=1 miimon=100Notes:


To restore your slaves MAC addresses, you need to detach them from the bond (`ifenslave -d bond0 eth0'). The bonding driver will then restore the MAC addresses that the slaves had before they were enslaved. The bond MAC address will be the taken from its first slave device.

Promiscous mode: According to your bond type, when you put the bond interface in the promiscous mode it will propogates the setting to the slave devices as follow:

for mode=0,2,3 and 4 the promiscuous mode setting is propogated to all slaves.
for mode=1,5 and 6 the promiscuous mode setting is propogated only to the active slave.
For balance-tlb mode the active slave is the slave currently receiving inbound traffic, for balance-alb mode the active slave is the slave used as a "primary." and for the active-backup, balance-tlb and balance-alb modes, when the active slave changes (e.g., due to a link failure), the promiscuous setting will be propogated to the new active slave.

Source : http://www.linuxhorizon.ro/bonding.html

Tuesday, May 24, 2005

The modem is broken

Today found out that the modem at my workplace broke. I have to contact TMNet to replace it coz it's still under warranty. Thank god, the replacement is a snap. Tomorrow, staff can connect to the internet.

I'm a system admin.

Me, MySelf And I

After being a system admin for 4 months, i think that this is my dream job but the pay is still not enough for me. I've learnt so many things about Linux and how to maintain them (I have 3 servers that i have to monitor). May things on my mind ranging from backup (the hardest if u want to transfer accounts from one server to another server.), tcp/ip, network design, firewall (this is fun!), routing config and etc.

Renew letsencrypt ssl certificate for zimbra 8.8.15

 Letsencrypt certs usually consists of these files: 1. cert.pem 2. chain.pem 3. fullchain.pem 4. privkey.pem I am not going to discuss about...