locking gmail access to a domain with squid
internet outage los angeles
Michael Oliver
mcoliver@gmail.com
858.336.1438
nytimes, of all places
WAN & Cloud Data Backup or Archiving
SAS HBA card required
CFEngine Training - discount offer to Studio Sysadmins - New Brunswick, New Jersey, USA, 29 Apr - 2 May.
May I offer SSA members a 35% discount on "Automating?
There is a lot to CFEngine, and this course provides a through
grounding and orientation to this powerful configuration
management technology.
The course consists of over 200 demonstrations and over a dozen
exercises.
The course covers the Community (open-source) edition only.
It's suitable for both those new to CFEngine and veterans of
CFEngine 1 and 2.
Pricing and Payment
? The cost of the class includes all training materials (hardcopies
of the reference manual and the O'Reilly "Learning CFEngine" book).
First Day Only - USD 650 ? -- discounted 35% to $422.50
All Four Days - USD 2600 ?-- discounted 35% to $1,690.00
To Register
? To pay for four days of training with a credit card, enroll at
http://cf3.eventbrite.com/?discount=SSA
? To pay for 1st day only, or to pay with a purchase order, please
email us at training@verticalsysadmin.com. Be sure to include
full names and email addresses of attendees.
Student Successes:
? ? Thank you for such a great class. ?Been to lots of
? ? technical training and you are the best instructor
? ? I've had. ?Beyond standard lecture/lab your examples
? ? and willingness to help with non-class related
? ? questions pertaining to CFEngine is unmatched.
? ? -- Thomas Nicholson
? ? I was able to "unlearn" some of my bad habits that
? ? came with my legacy cfengine2 set up. A lot of the
? ? things that previously made cfengine3 daunting to me
? ? are now clear and approachable.
? ? -- Brian Bennett
Yours truly,
Aleksey Tsalolikhin
Vertical Sysadmin, Inc.
"Effective training on excellent technologies."
SONY OLED calibration in NYC
True TTL on caching nameservers?
Let's imagine a zone file with TTL of 900 seconds (15 minutes)
I guess in a normal situation a client asks NS A who immediately asks NS B who immediately asks NS C etc.
If each of them are told to only keep the data for 15 minutes they will run out about the same time.
But what if NS D asks NS C after 14 minutes just before the time is up?
Will NS D keep the data for another 15 minutes? This way the zone could theoretically jump from server to another for ever.
....or will NS D receive the data with a TTL of 1 minute?
Brian.
Brian Turner Ottosen
Managing Director
HoBSoft
Chemin du Mâcheret 31
1093 La Conversion
Switzerland
Phone: +41 793 319 569
Skype: brianottosen
Email: brian@hobsoft.net
Web: www.hobsoft.net
Preferred tier 2 storage solution
Seperation of Church (content) and State (intrawebs).
Seperation of Church (content) and State (intrawebs).
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribeHey all,I've been pounding my head against this one for a while, mainly due to budgetary constraint, but I'm interested to hear what solutions people are using for the separation of content and internet.The usual logic prevails here, the easiest way to do this would be separate workstations, or perhaps kiosks (for actual work that requires the internet) and a separate wireless network and a BYOD policy. Another way is serving up a secured browser through a remote server. I'm interested to hear which method you use or what software is best for application virtualization.I'm trying to find a application virtualization service that's well managed and not out of date, that works with Linux, OSX and LDAP, that also costs $0 or close to it.Once you've stopped laughing at how crazy that sounds, please know I will be drowning myself in a sea of beer to stop the pain.Todd SmithHead of Information Technologysoho vfx |99 Atlantic Ave. Suite 303, Toronto, Ontario M6K 3J8office: (416) 516-7863 fax: (416) 516-9682 web: sohovfx.com
Seperation of Church (content) and State (intrawebs).
we have accomplished this by way of a chroot jail that has everything you need to run firefox 17 (with glibc etc from centos 6.2)just built a simple jail served over nfs from an export one level above the projects so that the browser has literally zero access to any project files. you can't upload or download anything from the internet. want some reference? that's where you need to go to your PM (or other exempt machine / user) and say "download this for me".the workstations use a helper program called schroot to chroot and launch in one go, and using clever tricks in the chroot bashrc to instantly kill the session after firefox closes no one can tamper with the jail. not that that would make a difference cause again, you literally cannot access project files from the jail or the jail from outside of the jail (as a regular user).-DY
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
Seperation of Church (content) and State (intrawebs).
To: discuss@studiosysadmins.com
Sent: Wednesday, April 3, 2013 5:13:20 PM
Subject: Re: [SSA-Discuss] Seperation of Church (content) and State (intrawebs).
we have accomplished this by way of a chroot jail that has everything you need to run firefox 17 (with glibc etc from centos 6.2)just built a simple jail served over nfs from an export one level above the projects so that the browser has literally zero access to any project files. you can't upload or download anything from the internet. want some reference? that's where you need to go to your PM (or other exempt machine / user) and say "download this for me".the workstations use a helper program called schroot to chroot and launch in one go, and using clever tricks in the chroot bashrc to instantly kill the session after firefox closes no one can tamper with the jail. not that that would make a difference cause again, you literally cannot access project files from the jail or the jail from outside of the jail (as a regular user).-DY
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
hardware in australia
Adobe CS7 AE includes Cinema 4D lite
What happens when you combine the 2 worse licencing software systems ever?!
http://blogs.adobe.com/aftereffects/2013/04/whats-new-changed-after-effects-next.html
http://success.adobe.com/en/na/programs/events/1303_30759_nab.html?sdid=KEYJL
Someone needs to explain the concept of floating licenses to Adobe!
2K review stations
Puppet, cfengine or something else?
I thought I would ask what people are using now and why? We are starting to evaluate CFEngine because a colleague of mine decided on that. I am not convinced that this is necessarily the best choice.
We have approximately 400 odd clients, though I would image with the 4-6 domains we have spread around we would have a master config server at each domain so I am not overly concerned about loading down one box with 400 clients.
I have read the reports from the CFEngine employee who showed that puppet stressed the CPU of the master (after 100 clients) far more than CFEngine.
--
Red Hat Certified Engineer
Ubuntu Certified Professional
Novell Datacenter Specialist
Novell Certified Linux Administrator
LPIC-1 Certified
Linux+ Certified
Puppet, cfengine or something else
StudioSysAdmins-Discuss Digest, Vol 43, Issue 7
I went the other way and started off using Puppet before it had commercial support (this is not a bad thing). I found it's syntax and class inheritance easy to understand having some OO experience. Having never touched ruby before I didn't find that side of it an issue.
Currently however we are using the new kid on the block, Ansible, http://ansible.cc, http://ansibleworks.com who recently implemented commercial support, again, this hasn't affected the support given or the development process. We started implementing it over 6 months ago and most of the work has involved keeping up with the development changes.
Ansible is very slick and quick to get into especially with it's ability run adhoc commands. It's configuration syntax is based on yaml files, it's written in python and very python friendly. The development behind it now is very fast paced and the community that uses/supports it is very enthusiastic. However the reporting of the state of the machine by default is lacking compared to cfengine and puppet Dashboard/Foreman.
One major concern with configuration management systems (CMS means Content Management System to me :P ) would be is it's syntax easy to get into/maintain? and how will future me or future sysadmins go about maintaining what I've done? How easy can you make it for the others in your team?
+1 Puppet , +.5 Ansible
Some people use Salt stacks too, http://saltstack.com/index.html which has windows support.
Your choice should be made on your(teams) requirements and experience. It's like when you write a script, should I write it in bash, perl, python, ruby... just never tcsh ...
Subject:Re: [SSA-Discuss] Puppet, cfengine or something else? From:Shane McEwan <shane@mcewan.id.au> Date:04/05/2013 07:52 AM
To:<studiosysadmins-discuss@studiosysadmins.com>On 05/04/13 14:07, Cal Sawyer wrote:Ditto. I would really like to hear about scenarios where cfEngine/
puppet justified their complexity with more effective config management
that was impossible/impractical via other means (ssh, ansible (which i'm
currently leaning towards), etc).
Anecdotes are welcome!
In over 20 years as a sysadmin I've progressed from manually configuring each machine to automating configuration with rsync and ssh to Puppet and, most recently, to CFEngine.
As far as whether or not a config management system is justified . . . my feeling is that if you've got two or more machines to look after then you need a config management system.
Actually, I could argue that if you've only got ONE computer you should still use a configuration management system.
Why? Because a config management system (CMS) forces you to take control of you computer's configuration.
* The CMS ensures your computer is in a known state (so, for example, a package update that replaces a customised config file with a default will have the correct config file put back in place, often without you knowing about it).
* It encourages you to have your config in some sort of revision control system so you have a record of changes to your system and can revert to a previous state if a change breaks something.
* If you have more than one sysadmin it gives you an audit trail so you can see what your colleagues are doing so you don't end up doubling up on work.
These things are useful in their own right but it's when you add more machines to the mix that you really see the advantage. Say you decide to add a second machine to your network. You want it to be more or less the same as your current machine. You don't have enough machines to bother with a PXE boot server and Kickstart file so you just install Linux manually off a DVD. Oh no! You can't get sound to work. There was a PulseAudio config change you had to make six months ago on your other machine, maybe that will fix it? What was that change again? You don't have to worry. Just install your CMS on the new machine and it magically gets configured the same as your old machine.
Time to install a new package? Add it to the CMS package config and it gets installed on both machines. You've just HALVED the time it takes to manage both machines.
Add 1000 machines to your network? It still takes the same amount of time to roll out a new package as it did with ONE machine!
So, my answer to the question "Should I be running a configuration management system?" is "Why *aren't* you running a configuration management system?"
"Can't you just use ssh and some scripts?" I hear you ask. Sure, but what happens if a machine is turned off at the time you send an update out? Do you keep trying it? What if the machine is off for several weeks? What state will it be in when it is finally turned on again? If you're running a CMS it will automatically contact the CMS server and download the desired state and apply it.
Our goal as sysadmins should be to automate ourselves out of the job. If you need to type several commands to achieve a goal, put those commands in a script. If you need to achieve that goal at regular intervals, run the script from cron. If you need to achieve a lot of goals at the same time (like configuring a computer) put your scripts into a CMS.
Sorry, I'm sounding a bit evangelical. :-)
The hardest part about using a CMS is translating your current config system (whether it's manual or some other CMS) into the correct language. My suggestion is to take it in small steps.
Start with getting the CMS to manage package installation. That's a quick and easy one to get working. Don't worry about getting it to install config files or anything, just get the packages installed and then configure them however you currently do it.
Once you've got package management in place you can start looking at making changes to config files. Start with new packages that you're rolling out. You don't have any existing infrastructure in place for them so you can start fresh. When you're happy that it's working you can go through and translate existing configs into the new system.
In my current job I had the luxury of building completely new machines with a new CMS. I installed a base Linux and translated every manual configuration step I made into CFEngine syntax. At the end of it I could get a fully functional system up and running in 15 minutes. It was slow and tedious to begin with because I was learning CFEngine as I went but it has saved me a lot of time in the long run and I can sleep easy at night knowing that my machines are configured exactly as I expect them to be.
Shane.
Join FileCatalyst at their NAB Open Bar Reception!
FileCatalyst invites you to stop by their open bar reception at NAB Show!
Stop by the FileCatalyst open bar reception on Wednesday, April 10th between 4:00 - 6:00 pm, booth SL13013, for a chance to meet our their team and have a drink on them
Also enter their draw to win an iPad Mini! Drop off your business card at booth SL13013 for a chance to win - the draw will take place at 5:00 pm, on April 10th, during our open bar reception.