This is my wiki where I talk about GNU/Linux systems engineering. Mostly thoughts and ideas, I'll share code where I can, but my professional bits are trapped in $WORK, so this is mostly the crazy stuff I do at the house. The idea being if I write about it, I can organize my thoughts better, identify corner cases, and achieve a better understanding. I publish this on the web just in case someone else will find it useful (or a headhunter or hiring manager will find my skill set useful ).
I had a rather nasty system failure from which I am still sort of recovering. I don't think I've lost anything, but nothing is where is should be. I'm finding it rather hard to get things working like I wish. I wish I already had setup so it could just fix things. My wireless router is handling firewall, DNS, and DHCP. While this is functional in some sense of the word, it is not very configurable. Ideally cfengine would help me out here, but I don't have a good version right now.
So how do I get out of this mess and be able to manage my systems again? How do I prevent this from happening again?
Well I blogged about building an infrastructure previously, seems now would actually be a good time to build such a thing here. So what do I really want to accomplish?
- Survive a system failure with no data loss.
- Recovery from a failure by updating a few config files and netbooting a box.
- Refresh hardware by updating a few config files and netbooting a box.
- Everything documented so if any of the above fails, I'm still ok.
I think this is ok, maybe. I have amanda backing
up important data from servers and laptops (in as much as laptops are
actually on the network when
amanda runs). The idea being I can
automatically build a server by netbooting it, after which I just need
to recover user data. Phones and tablets aren't here yet,
This is the hard part, especially in the case a file server fails. To start thinking here, I need tools like a VCS, configuration management, system builders, and directory servers. It becomes particularly difficult when there is nothing to start with.
I will argue this is just a degenerate case of recovery. If I get a new kit, just boot it into the current infrastructure.
Well that is the purpose of this page.
I think revision control is an absolute requirement to this thing properly. I would argue that a precondition is that all configurations should be described via text files (contrary to the systemds and Object Data Managers of the world). I have even gone to great lengths to put my . I choose git and gitolite for these reasons. My public code repositories are here.
$ sudo aptitude install git/wheezy-backports $ sudo aptitude install git-annex/wheezy-backports $ sudo aptitude install gitolite
should do the particulars.
Might as well install nginx and
$ sudo aptitude install nginx-full/wheezy-backports libcgi-fast-perl libgd2-xpm -t wheezy-backports $ sudo aptitude markauto libgd2-xpm $ sudo aptitude install gitweb/wheezy-backports $ sudo aptitude install fcgiwrap spawn-fcgi
Remember to make
www-data a member of the
git group, see here.
At the moment I like shorewall, so that is
what I will use. I'm looking at
shorewall-lite, but I don't think I
can publish the configuration, and still be secure.
I finally have afunctioning properly.
It seems I created a sf.net project to do similar things. The project was registered . It has stagnated since then.
Blog entries tagged sysadm