Colplexity of having everything in cloud... Sys admins have to deal with it.
Genericize the product so it's more sellable. Download JUJU to have
abstraction and encapsulate things into a single nugget that devTips
guy can make configurations provisioned so people can use it Ina
generic way, they are called charms.. They were at 40 charms a year
back.
App flower is an open source company and it's software was not easy to deploy.
Juju gives users deployment options of auto deploying charms.
Juju is a cloud abstraction layer but at a different layer than ????
It's developed in python.
Juju.ubuntu.com
Cloud.ubuntu.com
Launch pad.net/juju
#juju on freenode
Clint Byrum. F.l@canonical.com
They are hire ing
He wrote a doc what u need to setup on a distro(Ubuntu) fedora
approaches them too for a porting
Strong code review process almost scurry
Pretty good for ongoing management. And that's the plan toile it
really good management tool. It's like fabric... Allows u to
orchastrate things now... Whereas with juju u have to encode what
needs to be orchastrates now and u make it available for later.
Juju is not for asking system what it's doing..
Fabric is more of a config mgmt tool ara lower level.
No transaction rollback for implementing the charms.
Charms have meta data what it talks to and how it talks to it.
Sent from my iPhone
Thursday, June 28, 2012
Wednesday, June 27, 2012
Windows Shares access Error Windows 7 (Troubleshooting Steps)
Unable to access Samba shares from Windows 7 with error
Below are some brainstormed shopping list for the troubleshooting.
Suggestions:
1. Basic IP
Though this is a basic step but worth mentioning. If the error occurs with the server name, try connecting with IP address. If it works, it could be DNS issue.
2. Check Firewall
3. Services
TCP/IP NetBIOS Helper service should be set to Automatic and Started.
Try starting Computer Browser service, if its not.
Try to stop and disable the Routing and Remote Access service, if its started
4. Network Card Binding Order
A. Check the binding order. Go to network connections, go to Advanced menu then select Advanced Settings…
B. Select the network connection you are using and move it to the top
C. Click OK and exit.
5. Enable 'Client for Microsoft Networks'
In network connections, go to the properties of network connection which you are using to connect to the server. Ensure that the 'Client for Microsoft Networks' is checked.
6. Enable NetBIOS over TCP/IP
A. Open the properties of the network connection, select Internet Protocol version 4 (TCP/IPv4) and click on Properties button.
B. On the new page, click on Advanced… button at the bottom.
C. Click on WINS tab and under NetBIOS setting , select Enable NetBIOS over TCP/IP and click OK to exit.
7. Select Authentication level
Check the below mentioned policy on Windows 7: Group policy editor:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ Network security: LAN Manager authentication level
Ensure that it is not set to refuse LM & NTLM authentication or set to use NTLMv2 only. To be safe, you can select the following setting which enables LM, NTLM and NTLMv2 authentication: Send LM & NTLM - use NTLMv2 session security if negotiated
Note: Ensure that this policy is not coming from Domain level group policy.
And, if you are using Home or Home premium edition and do not have Group Policy editor then do it in registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Value Name: LmCompatibilityLevel [DWORD]
Set the value to: 1
Reboot your system.
8. SMB Signing
Disable SMB signing and try:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters
Value Name: EnableSecuritySignature [DWORD]. Set the value to 1.
Value Name: RequireSecuritySignature [DWORD]. Set the value to 0.
9. Disable SMB 2.0
Disable SMB 2.0 on Windows 7 and try again. Disable SMB 2.0 at client end:
•Open the command prompt (cmd.exe) and type the following two commands:
c:\>sc config lanmanworkstation depend= bowser/mrxsmb10/nsi
c:\>sc config mrxsmb20 start= disabled
Below are some brainstormed shopping list for the troubleshooting.
Suggestions:
1. Basic IP
Though this is a basic step but worth mentioning. If the error occurs with the server name, try connecting with IP address. If it works, it could be DNS issue.
2. Check Firewall
3. Services
TCP/IP NetBIOS Helper service should be set to Automatic and Started.
Try starting Computer Browser service, if its not.
Try to stop and disable the Routing and Remote Access service, if its started
4. Network Card Binding Order
A. Check the binding order. Go to network connections, go to Advanced menu then select Advanced Settings…
B. Select the network connection you are using and move it to the top
C. Click OK and exit.
5. Enable 'Client for Microsoft Networks'
In network connections, go to the properties of network connection which you are using to connect to the server. Ensure that the 'Client for Microsoft Networks' is checked.
6. Enable NetBIOS over TCP/IP
A. Open the properties of the network connection, select Internet Protocol version 4 (TCP/IPv4) and click on Properties button.
B. On the new page, click on Advanced… button at the bottom.
C. Click on WINS tab and under NetBIOS setting , select Enable NetBIOS over TCP/IP and click OK to exit.
7. Select Authentication level
Check the below mentioned policy on Windows 7: Group policy editor:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ Network security: LAN Manager authentication level
Ensure that it is not set to refuse LM & NTLM authentication or set to use NTLMv2 only. To be safe, you can select the following setting which enables LM, NTLM and NTLMv2 authentication: Send LM & NTLM - use NTLMv2 session security if negotiated
Note: Ensure that this policy is not coming from Domain level group policy.
And, if you are using Home or Home premium edition and do not have Group Policy editor then do it in registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Value Name: LmCompatibilityLevel [DWORD]
Set the value to: 1
Reboot your system.
8. SMB Signing
Disable SMB signing and try:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters
Value Name: EnableSecuritySignature [DWORD]. Set the value to 1.
Value Name: RequireSecuritySignature [DWORD]. Set the value to 0.
9. Disable SMB 2.0
Disable SMB 2.0 on Windows 7 and try again. Disable SMB 2.0 at client end:
•Open the command prompt (cmd.exe) and type the following two commands:
c:\>sc config lanmanworkstation depend= bowser/mrxsmb10/nsi
c:\>sc config mrxsmb20 start= disabled
Monday, June 25, 2012
VENUE (INDIE DESK - LOS ANGELES DOWNTOWN)
UC riverside (System Admin)
PAGER DUTY (ENTERPRISE LEVEL gateway for alerting phones/email/SMS)
http://www.pagerduty.com/ $18 per user
Nagios is feeding pagerduty...
Graphite and Collectd
Jenkins (Business workflow automation and reporting)
Model business processes that get forgoten if it was a cron job
- Like if the batch job finished (Central dashboard where you can view)
CDN at Edgecast (Andrew Lientz VP managed service) - Santa Monica
http://www.centreon.com/ (Front end to MYSQL db created by nagios)
Cacti and centreon work well (and still do) for the basic hardware features
- Cacti works great for HDD failure reporting
Pintrest (DDOS tool in webbrowser) 120 connection from browser
TUNE TO THE APPLICATION
intro notion of "GRID" [http grid]
SNMP MIBS into the applications
initial color coding to deal with various features
add versioning and customer information to the status of the server
THE GRIDS
- HTTP
- flash
- windows
- local load balancers
- log processors
- Used by the 24/7 NOC to watch for application and server issues
Juniper 960 is half a rack in size (telco and CDN buy it)
THE NETWORK
- multiple data centers (do not have a backbone)
ip transit, peering and dark fiber connectivity
- 24/7 Monitoring by clients using keynote, Gomez and Catchpoint
- Routers and switches with constant packet drops for one reason or another
ROUTING VIEW
- 1st generation monitoring tool inhouse developed (They levarage cacti for that routing view)
-- has color code system
-- realtime graphing system
EXTERNAL VIEW
- monitring and pinging outside servers and the routes to the servers - if a route goes down??
Too MUCH DATA
- better way to dashboard
EVEN WITH
- 24/7 Mon
- cnetreon for snmp traps and hardware failures
- routing views
- thir party monitring
REDUCE NOISE
- Focus on warings and alerts
- Take what we have learned for the grid and put in alarms for each
NEW 2nd GEN SERVERS VIEW
THE CUSTOMER
- Refine the tools for the customer
-- NOC
- Content owners
-- Engineering
-- DevOps (Software rollout)
-- Capacity Planning (Massive capacity issue, where to bild the next dc)
DASHBOARD? is it built from scratch or some opensource project????
THE END USER
- watching out network isn't enough
- We need to develop QoS tools
- Look at all the networks not just the ones we directly connect to
- Leverage beacons (google analytics - end user measurement) and content provider relationships to give proper end to end measurements
bad first time byte is dns issue
bad last byte time is a route issue
Lance Lakey lancelakey@gmail.com
Hack night in Hollywood
@lancelakey on GitHub and twitter
MAtthew King (Software Engineering TX
Redis
is an open source
Readis
monitor
inspect
Monday, June 18, 2012
SAN Storage - naming convention (SAN disciplines - naming conventions)
http://www.redbooks.ibm.com/abstracts/tips0031.html?Open
For example, the third Brocade Switch in cabinet one would be:
Connection description
This should detail what the component is connecting to. For highly available
devices such as the ESS, it is important to understand which cluster side of
the device the component is connected to. This will help prevent potential
mistakes in the SAN design. For devices used to expand the SAN that do not
connect to disk or tape, we will simply identify them as cascade.
To continue our example, the third Brocade Switch in cabinet one connecting
to ESS3 Cluster A would be:
Physical location
This may be the cabinet descriptor field and, for example, SAN cabinet one
could be C1. For our example this would give us:
We show how our name is developed in the figure below.
Contents
Here are some important factors for using and developing naming conventions in a SAN:
Naming conventions
Use of descriptive naming conventions is one of the most important factors in
a successful SAN. Good naming standards will improve problem diagnostics,
reduce human error, allow for the creation of detailed documentation and
reduce the dependency on individuals.
Servers
Typically, servers will already have some form of naming standard in place.
The local server name is typically used as the host name defined to the disk
system. For the ESS you would normally use the server name in the server
description field. The same local server name can be used within the switch
fabric for zone settings, and whenever possible the use of the server name
should be consistent throughout the SAN.
Cabinets
SAN fabric cabinets should be labeled to adhere with local site standards.
SAN fabric components
A good naming convention for the SAN fabric component should be able to
tell you the physical location, component type, have a unique identifier and
give a description of what it connects to. The following are some descriptor
fields that may be considered when designing a fabric naming convention. If
your SAN only has one vendor type or only one cabinet, the name could be a
lot simpler.
Component description
This should describe the fabric component and the product vendor (for mixed
vendor environments) which will help you locate the management interface
and the component number within the SAN. For example, to give it a unique
identifier you may want to use something similar to the following:
- Type — Switch (S) Director (D) Gateway (G) Hub (H) Router (R)
- Vendor — Brocade (B) INRANGE (I) McDATA (M) Vicom (V)
- Number — 1 - 99
For example, the third Brocade Switch in cabinet one would be:
- S3 B
Connection description
This should detail what the component is connecting to. For highly available
devices such as the ESS, it is important to understand which cluster side of
the device the component is connected to. This will help prevent potential
mistakes in the SAN design. For devices used to expand the SAN that do not
connect to disk or tape, we will simply identify them as cascade.
- Connection — Disk (D (for ESS either cluster A or B)), Tape (T), Cascade (C)
- Number — 1 - 99
To continue our example, the third Brocade Switch in cabinet one connecting
to ESS3 Cluster A would be:
- S3 B D3A
Physical location
This may be the cabinet descriptor field and, for example, SAN cabinet one
could be C1. For our example this would give us:
- S3 B D3A C1
We show how our name is developed in the figure below.
Saturday, June 16, 2012
Linux Performance [High Load Alert] Troubleshooting issues on servers (TOOLS to use)
What do you do when you get an alert that your system load is high? Tracking down the cause of high load just takes some time, some experience and a few Linux tools.
CPU LOAD-
- uptime (1,5,10 minuits CPU loads)
- top
Cpu(s): 11.4%us, 29.6%sy, 0.0%ni, 58.3%id, .7%wa, 0.0%hi, 0.0%si, 0.0%st
us: user CPU time. More often than not, when you have CPU-bound load, it's due to a process run by a user on the system, such as Apache, MySQL or maybe a shell script. If this percentage is high, a user process such as those is a likely cause of the load.
sy: system CPU time. The system CPU time is the percentage of the CPU tied up by kernel and other system processes. CPU-bound load should manifest either as a high percentage of user or high system CPU time.
id: CPU idle time. This is the percentage of the time that the CPU spends idle. The higher the number here the better! In fact, if you see really high CPU idle time, it's a good indication that any high load is not CPU-bound.
A little below it tells you which process is hogging the CPU usage. TOP by default sorts based on cpu usage so the high cpu consuming processes on top.
- wa: I/O wait. The I/O wait value tells the percentage of time the CPU is spending waiting on I/O (typically disk I/O). If you have high load and this value is high, it's likely the load is not CPU-bound but is due to either RAM issues or high disk I/O.
**NOTE__?: There are instances where an applications spawning up multiple threads on a single CPU server causing the server to have lot of wait cycles and high CPU load average usage.
- iostat
Memory LOAD
Check SWAP memory usage
Once all the memory is used up the Swap space is used; usually on a hard drive and is much slower than RAM. Causing processes that load from swap to slow down dramatically. This is a downward spiral causing more wait for other processes and slowing the system to its crawling state. Its easy to mis diagnose swap issues is high disk I/O.
After all, if your disk is being used as RAM, any processes that actually want to access files on the disk are going to have to wait in line. So, if I see high I/O wait in the CPU row in top, I check RAM next and rule it out before I troubleshoot any other I/O issues.
Mem: 1024176k total, 997408k used, 26768k free, 85520k buffers Swap: 1004052k total, 4360k used, 999692k free, 286040k cached
.This tells us who much swap memory is used and how much is free
- more to come....
HIGH DISK I/O Bound LOAD
- more to come.....
hxxp:<slash><slash>www.linuxjournal.com<slash>magazine<slash>hack-and-linux-troubleshooting-part-i-high-load
Thursday, June 14, 2012
[puppet] Installation on Red Hat Enterprise Linux RHEL5 RHEL6
Ran into a bit of a problem initially installing 'puppet', the configuration management tool on RedHat. The installation was pretty straight forward, but if you are not using RedHat on a daily bases you may get thrown off.
I was aware enough to at least have EPEL installed on the system as indicated on EPEL article by Redhat folks
Install epel-release rpm package according to your RHEL version as shown below Links to these rpm packages can be found at http://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F CommentThere are many packages included with Fedora that are not included in Red Hat Enterprise Linux. In effort to make certain, high quality packages from Fedora available for Red Hat Enterprise Linux, the Fedora community has created the Extra Packages for Enterprise Linux (EPEL) program. The EPEL program is a volunteer-run community program. New packages are suggested and added to the program by volunteers. Packages in the EPEL program are not supported by Red Hat. |
import-csv ---> foreach ---> get-aduser --> set-aduser
Pay attention to how the varriable has been used inside -filter parameter which is inside foreach. review article link below to understand better http://www.sapien.com/forums/scriptinganswers/forum_posts.asp?TID=4074
C:\>Import-Csv .\import.csv| foreach{
Get-ADUser -filter "EmailAddress -like '$($_.email)'" | Set-ADUser -OfficePhone $_.phone
}
the whole thing above can be on the same line
sample import.csv file
email, phone
xyz@abc.com, 818-549-12380 x4755
Subscribe to:
Posts (Atom)