Quantcast
Channel: StudioSysAdmins Message Board
Viewing all 3749 articles
Browse latest View live

locking gmail access to a domain with squid

0
0
By Rob Mason - Hi all, Our company uses google for email and we are now looking to lock down access to prevent people from being able to sign in to personal accounts. According to google this is possible by adding a request header. I started with the info on this page: http://support.google.com/a/bin/answer.py?hl=en&answer=1668854 and have managed to add the request header using squid v3.3 on my http requests but not for https which is of course how google sign in is done. Does anyone have any experience with doing man-in-the-middle/dynamic certificate generation using squid? I think I'm close and just need to put the pieces together (in the right order). Thanks! Rob To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

internet outage los angeles

0
0
By Michael Oliver - Anyone else get hit with an internet outage in los angeles??

--
Michael Oliver
mcoliver@gmail.com
858.336.1438

nytimes, of all places

0
0
By Wayne Chang - http://www.nytimes.com/2013/03/27/technology/internet/online-dispute-becomes-internet-snarling-attack.html?pagewanted=all&_r=0 To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

WAN & Cloud Data Backup or Archiving

0
0
By Andrew Spurbeck - Is anyone using or knows of a system like Barracudas Backup appliance that not only mirrors your LAN database servers but also syncs it with on a Cloud storage? Or do you know of a software that can utilize custom built storage? Not talking about Production content specifically but other data like word docs, pdf's, excel files etc.. -- -=Andrew To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

SAS HBA card required

0
0
By Peter Smith - Hi Anyone got one they want to sell me? Needs to be delivered today. -- Pete Smith DevOp/System Administrator Realise Studio 12/13 Poland Street, London W1F 8QB T. +44 (0)20 7165 9644 realisestudio.com To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

CFEngine Training - discount offer to Studio Sysadmins - New Brunswick, New Jersey, USA, 29 Apr - 2 May.

0
0
By Aleksey Tsalolikhin -
Hi,

May I offer SSA members a 35% discount on "Automating?
System Administration with CFEngine 3" course?in?
New Brunswick, USA on Apr 29 - May 2?

There is a lot to CFEngine, and this course provides a through
grounding and orientation to this powerful configuration
management technology.

The course consists of over 200 demonstrations and over a dozen
exercises.

The course covers the Community (open-source) edition only.

It's suitable for both those new to CFEngine and veterans of
CFEngine 1 and 2.

Pricing and Payment

? The cost of the class includes all training materials (hardcopies
of the reference manual and the O'Reilly "Learning CFEngine" book).

First Day Only - USD 650 ? -- discounted 35% to $422.50
All Four Days - USD 2600 ?-- discounted 35% to $1,690.00


To Register

? To pay for four days of training with a credit card, enroll at
http://cf3.eventbrite.com/?discount=SSA

? To pay for 1st day only, or to pay with a purchase order, please
email us at training@verticalsysadmin.com. Be sure to include
full names and email addresses of attendees.


Student Successes:

? ? Thank you for such a great class. ?Been to lots of
? ? technical training and you are the best instructor
? ? I've had. ?Beyond standard lecture/lab your examples
? ? and willingness to help with non-class related
? ? questions pertaining to CFEngine is unmatched.
? ? -- Thomas Nicholson

? ? I was able to "unlearn" some of my bad habits that
? ? came with my legacy cfengine2 set up. A lot of the
? ? things that previously made cfengine3 daunting to me
? ? are now clear and approachable.
? ? -- Brian Bennett


Yours truly,
Aleksey Tsalolikhin
Vertical Sysadmin, Inc.
"Effective training on excellent technologies."

SONY OLED calibration in NYC

True TTL on caching nameservers?

0
0
By Brian Turner Ottosen - I was wondering happens when one caching name server gets an answer from another in terms of TTL.

Let's imagine a zone file with TTL of 900 seconds (15 minutes)

I guess in a normal situation a client asks NS A who immediately asks NS B who immediately asks NS C etc.

If each of them are told to only keep the data for 15 minutes they will run out about the same time.

But what if NS D asks NS C after 14 minutes just before the time is up?

Will NS D keep the data for another 15 minutes? This way the zone could theoretically jump from server to another for ever.

....or will NS D receive the data with a TTL of 1 minute?

Brian.

Embedded Image

Brian Turner Ottosen

Managing Director

HoBSoft
Chemin du Mâcheret 31
1093 La Conversion
Switzerland

Phone: +41 793 319 569
Skype: brianottosen
Email: brian@hobsoft.net
Web: www.hobsoft.net






Preferred tier 2 storage solution

0
0
By Klaus Steden - Hey everyone, I'm on the lookout for a tier 2 storage solution, and I thought I'd ask smarter people than me in general terms what they're using and if they like it, and why or why not. I figure that my options are one of the following: - dedicated NAS appliance (most expensive, least flexible) - *nix file server with vendor-supplied RAID/JBOD storage (middle of the road for both criteria) - *nix file server with hand-rolled hardware spec (least expensive, most flexible, but an interesting technical challenge) Saker had posted recently about his adventures with LSI controllers that sounded pretty cool; how do people out in SSA-land address the "cheap, slow, and lots of it" storage question? cheers, Klaus To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

Seperation of Church (content) and State (intrawebs).

0
0
By Todd Smith -
Hey all,

I've been pounding my head against this one for a while, mainly due to budgetary constraint, but I'm interested to hear what solutions people are using for the separation of content and internet.  

The usual logic prevails here, the easiest way to do this would be separate workstations, or perhaps kiosks (for actual work that requires the internet) and a separate wireless network and a BYOD policy.  Another way is serving up a secured browser through a remote server.  I'm interested to hear which method you use or what software is best for application virtualization.

I'm trying to find a application virtualization service that's well managed and not out of date, that works with Linux, OSX and LDAP, that also costs $0 or close to it.

Once you've stopped laughing at how crazy that sounds, please know I will be drowning myself in a sea of beer to stop the pain.

Todd Smith
Head of Information Technology

soho vfx 
99 Atlantic Ave. Suite 303, Toronto, Ontario M6K 3J8

Seperation of Church (content) and State (intrawebs).

0
0
By Brian Krusic - Hi,

Are you pondering this due to project requirements?


- Brian

"All have their worth
and each contributes to the worth of others."







On Apr 3, 2013, at 1:32 PM, Todd Smith wrote:

Hey all,

I've been pounding my head against this one for a while, mainly due to budgetary constraint, but I'm interested to hear what solutions people are using for the separation of content and internet.  

The usual logic prevails here, the easiest way to do this would be separate workstations, or perhaps kiosks (for actual work that requires the internet) and a separate wireless network and a BYOD policy.  Another way is serving up a secured browser through a remote server.  I'm interested to hear which method you use or what software is best for application virtualization.

I'm trying to find a application virtualization service that's well managed and not out of date, that works with Linux, OSX and LDAP, that also costs $0 or close to it.

Once you've stopped laughing at how crazy that sounds, please know I will be drowning myself in a sea of beer to stop the pain.

Todd Smith
Head of Information Technology

soho vfx 
99 Atlantic Ave. Suite 303, Toronto, Ontario M6K 3J8

To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

Seperation of Church (content) and State (intrawebs).

0
0
By Todd Smith -
@Brian - yes of course this is a constant battle with project requirements, but overall I think it would also lessen my load in terms of forensic analysis, crawling through logs etc.

@Willem - that was our first test a few years back, the biggest issue is sound passthrough and of course load balancing the backend because you know there's that guy with like 20 tabs worth of flashgames open.  It's a solution but its not really manageable, we also found that you can still transfer files to the application server (you can't seperate scp from ssh).

@DY - This is interesting.


Todd Smith
Head of Information Technology

soho vfx 
99 Atlantic Ave. Suite 303, Toronto, Ontario M6K 3J8


we have accomplished this by way of a chroot jail that has everything you need to run firefox 17 (with glibc etc from centos 6.2)

just built a simple jail served over nfs from an export one level above the projects so that the browser has literally zero access to any project files. you can't upload or download anything from the internet. want some reference? that's where you need to go to your PM (or other exempt machine / user) and say "download this for me".

the workstations use a helper program called schroot to chroot and launch in one go, and using clever tricks in the chroot bashrc to instantly kill the session after firefox closes no one can tamper with the jail. not that that would make a difference cause again, you literally cannot access project files from the jail or the jail from outside of the jail (as a regular user).

-DY


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

Seperation of Church (content) and State (intrawebs).

0
0
By Dave Young -
yeah it seems pretty good and centrally configurable and all that stuff most admins would agree are handy.

in windows its a bit "clunkier", but i just built a light linux vm that runs the same chrooted browser as a linux workstation, and bridge the two ethernet interfaces (host and guest) and then trash all the outgoing packets from the windows ip with firewall rules / gpo or whatever. we get sound and flash and java and gnome-mplayer and all the regular crap people like about the internet, but it can't touch your data.


From: "Todd Smith" <todd@sohovfx.com>
To: discuss@studiosysadmins.com
Sent: Wednesday, April 3, 2013 5:13:20 PM
Subject: Re: [SSA-Discuss] Seperation of Church (content) and        State        (intrawebs).

@Brian - yes of course this is a constant battle with project requirements, but overall I think it would also lessen my load in terms of forensic analysis, crawling through logs etc.

@Willem - that was our first test a few years back, the biggest issue is sound passthrough and of course load balancing the backend because you know there's that guy with like 20 tabs worth of flashgames open.  It's a solution but its not really manageable, we also found that you can still transfer files to the application server (you can't seperate scp from ssh).

@DY - This is interesting.


Todd Smith
Head of Information Technology

soho vfx 
99 Atlantic Ave. Suite 303, Toronto, Ontario M6K 3J8


we have accomplished this by way of a chroot jail that has everything you need to run firefox 17 (with glibc etc from centos 6.2)

just built a simple jail served over nfs from an export one level above the projects so that the browser has literally zero access to any project files. you can't upload or download anything from the internet. want some reference? that's where you need to go to your PM (or other exempt machine / user) and say "download this for me".

the workstations use a helper program called schroot to chroot and launch in one go, and using clever tricks in the chroot bashrc to instantly kill the session after firefox closes no one can tamper with the jail. not that that would make a difference cause again, you literally cannot access project files from the jail or the jail from outside of the jail (as a regular user).

-DY


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

hardware in australia

0
0
By Wayne Chang - any aussies on this list? i've been asked to find hardware vendors in australia. Workstations, monitors, parts, software... any and all of the above. best, wayne To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

Adobe CS7 AE includes Cinema 4D lite


2K review stations

0
0
By George Fitz - I have a friend who's in the market for a 2K review station. Needs DPX playback capability and will interface with his projector. Does anyone have any recommends? Thanks in advance. To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

Puppet, cfengine or something else?

0
0
By Anonymous -
Hi all,

I have been digging through my back catalog of studiosysadmins emails and I found the "cool tools for unix" thread from mid 2012.

I thought I would ask what people are using now and why? We are starting to evaluate CFEngine because a colleague of mine decided on that. I am not convinced that this is necessarily the best choice.

We have approximately 400 odd clients, though I would image with the 4-6 domains we have spread around we would have a master config server at each domain so I am not overly concerned about loading down one box with 400 clients.

I have read the reports from the CFEngine employee who showed that puppet stressed the CPU of the master (after 100 clients) far more than CFEngine.

What do you use and why?

--
Red Hat Certified Engineer
Ubuntu Certified Professional
Novell Datacenter Specialist
Novell Certified Linux Administrator
LPIC-1 Certified
Linux+ Certified

Puppet, cfengine or something else

0
0
By Nick Anderson - > Date: Thu, 4 Apr 2013 21:09:56 -0700 > From: Aleksey Tsalolikhin > To: "studiosysadmins-discuss@studiosysadmins.com" >> Subject: Re: [SSA-Discuss] Puppet, cfengine or something else? >> Hi, Steve. What is important to you about your configuration management > tool? What do you need and want? Aleksey asked me what was important about my configuration management tool a few years ago. At the time I was using puppet. There were things I liked about puppet (large active community, easy to do easy things like installing a package or making sure a service was running, declarative syntax). There were also things I didn't like (lots of dependencies, fiddlyness getting the right ruby/openssl/puppet combination across multiple distro versions, not really out of the box with webrick). My answer to Aleksey was that my tool should be light weight, simple, not have a big dependency chain, low resource consumption. My systems don't exist so that I can have a management tool, management shouldn't be a significant footprint on the system. I had only briefly looked at CFEngine previously, the syntax seemed obtuse, the community seemed to be quiet, and there did not seem to be a lot of generic policy sharing going on. I ended up deciding that CFEngine was the only thing that met my core requirements. It's just a single package install. It's fast, and I can work on the reusable policy pieces and help build that community. I've gotten to know the community. It's quieter than the puppet or chef crowds, but everyone is quite friendly and helpful. Community sharing is also increasing with the launch of the design center [1]. I am happy with my decision to move from puppet to CFEngine 3. I think it takes some time for CFEngine to sink in. Learning CFEngine 3 is a great book to start with[2]. In addition to Alekseys on-site trainings I hear there might be a correspondence course in the near future. [1] http://cfengine.com/cfengine-design-center/sketches [2] http://shop.oreilly.com/product/0636920022022.do To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

StudioSysAdmins-Discuss Digest, Vol 43, Issue 7

0
0
By Stephen Granger - I agree with Shane, any configuration management system is better than none and if you have more than 1 machine it's necessary.

I went the other way and started off using Puppet before it had commercial support (this is not a bad thing). I found it's syntax and class inheritance easy to understand having some OO experience. Having never touched ruby before I didn't find that side of it an issue.

Currently however we are using the new kid on the block, Ansible, http://ansible.cc, http://ansibleworks.com who recently implemented commercial support, again, this hasn't affected the support given or the development process. We started implementing it over 6 months ago and most of the work has involved keeping up with the development changes.

Ansible is very slick and quick to get into especially with it's ability run adhoc commands. It's configuration syntax is based on yaml files, it's written in python and very python friendly. The development behind it now is very fast paced and the community that uses/supports it is very enthusiastic. However the reporting of the state of the machine by default is lacking compared to cfengine and puppet Dashboard/Foreman.

One major concern with configuration management systems (CMS means Content Management System to me :P ) would be is it's syntax easy to get into/maintain? and how will future me or future sysadmins go about maintaining what I've done? How easy can you make it for the others in your team?

+1 Puppet , +.5 Ansible

Some people use Salt stacks too, http://saltstack.com/index.html which has windows support.

Your choice should be made on your(teams) requirements and experience. It's like when you write a script, should I write it in bash, perl, python, ruby... just never tcsh ...

Re: [SSA-Discuss] Puppet, cfengine or something else?.eml
Subject:
Re: [SSA-Discuss] Puppet, cfengine or something else?
From:
Shane McEwan <shane@mcewan.id.au>
Date:
04/05/2013 07:52 AM
To:
<studiosysadmins-discuss@studiosysadmins.com>

On 05/04/13 14:07, Cal Sawyer wrote:
Ditto.  I would really like to hear about scenarios where cfEngine/
puppet justified their complexity with more effective config management
that was impossible/impractical via other means (ssh, ansible (which i'm
currently leaning towards), etc).

Anecdotes are welcome!

In over 20 years as a sysadmin I've progressed from manually configuring each machine to automating configuration with rsync and ssh to Puppet and, most recently, to CFEngine.

As far as whether or not a config management system is justified . . . my feeling is that if you've got two or more machines to look after then you need a config management system.

Actually, I could argue that if you've only got ONE computer you should still use a configuration management system.

Why? Because a config management system (CMS) forces you to take control of you computer's configuration.

* The CMS ensures your computer is in a known state (so, for example, a package update that replaces a customised config file with a default will have the correct config file put back in place, often without you knowing about it).
* It encourages you to have your config in some sort of revision control system so you have a record of changes to your system and can revert to a previous state if a change breaks something.
* If you have more than one sysadmin it gives you an audit trail so you can see what your colleagues are doing so you don't end up doubling up on work.

These things are useful in their own right but it's when you add more machines to the mix that you really see the advantage. Say you decide to add a second machine to your network. You want it to be more or less the same as your current machine. You don't have enough machines to bother with a PXE boot server and Kickstart file so you just install Linux manually off a DVD. Oh no! You can't get sound to work. There was a PulseAudio config change you had to make six months ago on your other machine, maybe that will fix it? What was that change again? You don't have to worry. Just install your CMS on the new machine and it magically gets configured the same as your old machine.

Time to install a new package? Add it to the CMS package config and it gets installed on both machines. You've just HALVED the time it takes to manage both machines.

Add 1000 machines to your network? It still takes the same amount of time to roll out a new package as it did with ONE machine!

So, my answer to the question "Should I be running a configuration management system?" is "Why *aren't* you running a configuration management system?"

"Can't you just use ssh and some scripts?" I hear you ask. Sure, but what happens if a machine is turned off at the time you send an update out? Do you keep trying it? What if the machine is off for several weeks? What state will it be in when it is finally turned on again? If you're running a CMS it will automatically contact the CMS server and download the desired state and apply it.

Our goal as sysadmins should be to automate ourselves out of the job. If you need to type several commands to achieve a goal, put those commands in a script. If you need to achieve that goal at regular intervals, run the script from cron. If you need to achieve a lot of goals at the same time (like configuring a computer) put your scripts into a CMS.

Sorry, I'm sounding a bit evangelical. :-)

The hardest part about using a CMS is translating your current config system (whether it's manual or some other CMS) into the correct language. My suggestion is to take it in small steps.

Start with getting the CMS to manage package installation. That's a quick and easy one to get working. Don't worry about getting it to install config files or anything, just get the packages installed and then configure them however you currently do it.

Once you've got package management in place you can start looking at making changes to config files. Start with new packages that you're rolling out. You don't have any existing infrastructure in place for them so you can start fresh. When you're happy that it's working you can go through and translate existing configs into the new system.

In my current job I had the luxury of building completely new machines with a new CMS. I installed a base Linux and translated every manual configuration step I made into CFEngine syntax. At the end of it I could get a fully functional system up and running in 15 minutes. It was slow and tedious to begin with because I was learning CFEngine as I went but it has saved me a lot of time in the long run and I can sleep easy at night knowing that my machines are configured exactly as I expect them to be.

Shane.

Join FileCatalyst at their NAB Open Bar Reception!

0
0
By John Hickson -

FileCatalyst invites you to stop by their open bar reception at NAB Show! 

Stop by the FileCatalyst open bar reception on Wednesday, April 10th between 4:00 - 6:00 pm, booth SL13013, for a chance to meet our their team and have a drink on them

Also enter their draw to win an iPad Mini!  Drop off your business card at booth SL13013 for a chance to win - the draw will take place at 5:00 pm, on April 10th, during our open bar reception. 

 
Viewing all 3749 articles
Browse latest View live




Latest Images