RAHU is pretty much set up for testing and limited production.
I created a single striped volume using disk1 and disk3 (left-most disk packs on each side of the Xserve RAID), totalling about 950 GB. I‘ve mounted it on /home/fc-raid-00-1 and exported it to PAX and HEIWA. The movehome.pl script works well when run on PAX, leaving running the genhomelink.pl script the only thing that needs to be done on RAHU. The current setup is:
When PAX wants a home directory, it looks up the symlink on its /home filesystem and goes to either the local /home/r0p? partition or the NFS /home/fc-raid-00-1 partition. HEIWA does the same, except /home and /home/r0p? are NFS mounts from PAX.
The future configuration will probably be to mount /home from RAHU, but that might not actually buy us anything, since other stuff in /home will still reside on PAX.
Currently RAHU is not in the backup policies on EYEWI and there are no quotas implemented yet. Backups will probably come next week and quotas won’t come until after spring break.
Spent most of the day learning Veritas Volume Manager.
A nice, big, heady system that does quite a lot of storage virtualization. Probably overkill for the current project, but I'm sure will become useful down the line as we add more devices to the storage server and Fibre Channel network.
VXFS supports quotas, but not over NFS.
Apparently the issue is with Sun's rpc.rquotad program – it doesn't yet support the Veritas ioctls to get the quota info for VxFS filesystems. This has apparently been known for a number of years, but Sun has simply not done anything about it. We'll use quotas anyway, and people will get confused over their Samba/Netatalk mounts, and maybe someday Sun will wake up.
Apparently VxFS has issues with greater than 1 TB LUNs and Solaris doesn't see multiple LUNs on a device unless told to (at least sometimes).
Reconfiguring the Xserve RAID into four RAID 5 sets (3 disks each, two on each controller), for a usable space of 2 TB. This is because VxFS doesn't want to mkfs the large (1.1 TB) LUN. So that gives us 500 GB LUNs, but two on each Fibre Channel bus. Modifying /kernel/drv/ssd.conf (look for the itmpt entries) to add the multiple LUNs does the trick, followed by a rebuild of devices at boot time (boot -r).
I think we’re ready to get RAHU up and going.
Adding the SUNWCprog cluster to the install and mirroring swap instead of concatenating it.
Note: find out what package a file is in (Solaris):
pkgchk -l -p /path/to/file
met with Tom S. for annual review.
Things to do:
Well, HEIWA went down at about 12:17, and my pager's off the network.
We don't have any idea why HEIWA went down, and Indian Paging has no idea why my pager doesn't work, so I guess we're even. They're having the nationwide service reset my pager, but I have my doubts as to whether it'll work or not.
Forte 7 doesn’t seem to include the assembler.
Seems I had to remove the assembler in upgrading from Forte 6. The assembler is in package SUNWsprot and SUNWsprox. It’s there now, and it seems to compile cobol stuff for Banner properly now. That also brought back the old make in /usr/ccs/bin. Whatever.
I’ve installed the Forte 7 compiler suite on PACO.
Forte 7 was quite unhappy with Forte 6, so I had to both uninstall Forte 6 and install Forte7 into /opt/spro instead of /opt. Replacing /usr/ucb with /opt/spro/SUNWspro/bin in the path mostly seems to work. However, I’ve lost make and a few other things in /usr/ccs/bin. Not sure what to do about that yet.
Making sure that all the new modules work.
Here’s HTML:
<HTML> <HEAD> <TITLE>Foo</TITLE> </HEAD> <BODY BGCOLOR="#6f6f6f"> <!-- the main part --> <H1>Foo</H1> <P>a <B>paragraph</B> here and a paragraph there</P> </BODY> </HTML>
And now XML:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AppleNavServices:GetFile:0:Path</key>
<string>file://localhost/Volumes/foo/src/source/bar/</string>
<key>AppleNavServices:GetFile:0:Position</key>
<data>
ANoBHw==
</data>
<key>AppleNavServices:GetFile:0:Size</key>
<data>
AAAAAAFeAcI=
</data>
</dict>
</plist>
And LaTeX:
\documentclass[twoside]{article}
\pagestyle{empty}
\newcommand{\crule}[2]{%
\begin{center}%
\rule{#1}{#2}%
\end{center}}
\setlength{\oddsidemargin}{82pt}
\setlength{\evensidemargin}{44pt}
\topmargin 0pt
\advance \topmargin by -\headheight
\advance \topmargin by -\headsep
\textheight 8.9in
\textwidth 5.5in
\begin{document}
\begin{center}
\LARGE{\textsc{Foo}}
\vfill
\end{center}
\end{document}
I converted a few of the PHP language modules to perl and modified the MT code beautifier code to reference them. Let’s see how it works:
dn: uid=jsmith,ou=Test,ou=People,dc=example,dc=org changetype: add objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: account objectClass: posixAccount objectClass: sambaAccount uid: jsmith cn: John Smith givenName: John sn: Smith mail: jsmith@example.org
Apparently switching user identities is a known problem in SquirrelMail 1.4.x.
This thread has the discussion. Apparently it’s caused by accessing multiple accounts from the same computer at the same time (presumably using the same browser). I don’t think our students are quite doing that, however, I would be willing to believe that they aren’t logging out (just closing the window) and quite likely not logging out of the workstation, either. Squirrel sees about 5000 logins per day and only about 2000 logouts, so this fits. I’ve added a cautionary note to the login messages on Squirrel.
Doing a bunch of e-mail restores. Seems that a couple of folks lost their e-mail over the weekend.
spent a short bit of time researching fiber optic computer security systems.
Found a couple of places that sell fiber optic based computer security cables. Seems like they’d be quite welcome with these lab thefts.
Sent these to Randy and Tom for reference.
Sun patches are available through FTP at ftp://sunsolve.sun.com/pub/patches. This directory doesn’t appear on a directory listing.
Just set up BARIS to be a preference 20 MX for earlham.edu and changed MIR to be 30.
BARIS is running Sendmail 8.12.10 with AUTH and STARTTLS; it’s also running MIMEDefang and ClamAV. SpamAssassin is installed but not yet used. It hasn’t seen much traffic yet, but what I have seen has mostly been virus. It’s not recording the virus name, though; I’ll have to look into that.
Update: Ah, clamd needs to run as the same user as MIMEDefang in order to access the MIMEDefang files.
Just called to straighten out the Premium Service information on the Xserve RAID.
Seems that Apple had issued an enrollment number that was administratively tied to an Xserve server, not a RAID (this happened to several, apparently). Spoke to a tech who was a Wabash alum and got it all straightened out. Happy to hear that it’s working well on a Sun server.
Looking at a couple of free web server log file analysis/stats programs, since Wusage seems to be dying nightly.
I’ve looked at webalizer and HTTP-Analyze. Both look pretty much the same, although the latter doesn’t seem to have a good way to do IP resolution. Webalizer might have a little cruftier interface, but HTTP-Analyze might also be considered crufty in its more detailed views. In any case, I’ve got demos on the web site:
I still don’t have any clue what Bryan or anyone else wants out of web log analysis or stats generation.
I’ve been getting the Xserve RAID system and the Sun Fire V240 up and running.
The Xserve RAID requires both controller ethernet interfaces to be online before the RAID Admin program will happily and consistently talk to both halves of the unit. Once done, it seems to work fine.
I’ve configured the unit into two RAID 5 sets of 6 drives each (one per controller) and 2 hot spares (one per controller). It’s currently rebuilding the RAID sets.
The LSI driver for the Apple PCI Fibre Channel card, found at AlienRaid works beuatifully on a Jumpstart install. Apparently we’ve got the following default format on the RAID volumes:
Part Tag Flag First Sector Size Last Sector 0 root wm 34 128.00MB 262177 1 swap wu 262178 128.00MB 524321 2 unassigned wu 0 0 0 3 unassigned wm 0 0 0 4 unassigned wm 0 0 0 5 unassigned wm 0 0 0 6 usr wm 524322 1.14TB 2451111901 8 reserved wm 2451111902 8.00MB 2451128285
I’ll probably end up changing that, but I’ll have to see what VERITAS wants first.
Working on getting BARIS to the state of acting as a mail exchanger.
Yesterday I got a package of Sendmail 8.12.10 installed, and this morning I got it configured properly, at least for basic mail exchanger duties. Now I’m working on ClamAV. The package installs just fine, but freshclam is giving me problems. Since we block outgoing http on BARIS, I have to use a proxy. Freshclam does the proxy thing, but it only seems to work with Squid, which I don’t want to use (unless I commit to a full squid instance). It really doesn’t work with EZproxy, and it kinda doesn’t work with tinyproxy. With the former, it gets the URL totally wrong and can’t download anything. With the latter, it doesn’t strip off the HTTP headers (except the HTTP response code line). I’m trying to avoid using Guidescope, but I may still try that. Guidescope’s a pain to deal with, though, and it tends to be very slow.
Reading up on the Coda filyesystem.
Possibility for using spare space on cluster node hard drives in a larger cluster filesystem. May be too experimental, and may be better to go with AFS, but it’s food to chew on, anyhow.
Playing with HMMER on a number of servers and workstations.
I grabbed the binary distribution of 2.3.2 from the web site for Intel/FreeBSD, MacOS X, and Sparc/Solaris. On single CPU boxes, the MacOS X port is the fastest, by about 13 seconds in the hmmcalibrate routine. It’s only slightly slower than the Sparc and Intel dual CPU boxes. On a dual CPU Apple Xserve G4, hmmcalibrate is all of about 3 seconds - compared to 11 to 28 seconds on all the other machines. I guess those Altivec extensions do some good, as I doubt that we’re seeing plain CPU comparisons here. I suspect that if someone put their mind to it, they could produce some Sparc or Intel specific extensions that would make them run a lot faster as well.
I’m curious to see what this would do on a dual CPU G5 system…
Seminary password changes have been fraught with problems for a while now. And resetpass on SHANTI seems to hang, using up all the ptys periodically. These seem to be related.
Apparently, when password changes happen for people with active seminary accounts, something over on Bathsheba’s resetpass script seems to keep a file handle or some such open. This only happens for seminary users, though. But it does happen for both password changes (WebDB or SquirrelMail) and for admin password resets. The problem arises with changes, though, since the ordering of events means that ECS Samba domain password changes happen after seminary changes (and everything else) in password changes but before everything except SHANTI local changes in resets. In fact, Seminary changes happen last in resets.
So, when an active seminary account gets changed, something over there happens differently, keeping the SHANTI resetpass from completing - thus not getting to the ECS Samba change if it’s a “change” and keeping a pty open on SHANTI regardless. After a month or so, the ptys get used up and ssh logins fail. And then we kill off all the resetpasses and smbds that are associated with that. But seminary users’ Samba passwords are still messed up.
I’ve asked Zach to look into his resetpass script to see what file handles it might be keeping open for seminary users. Maybe we’ll have this nailed soon.
After wondering why root was getting responses to the automatic quota message system, I changed it to specify domain names on the command line.
Since taking KE out of the NIS cluster a while back, the domainname command has not worked. This gave the From: address on the quotamsg message as “quota@”. I added the ability to specify a domain name on the command line and have it incorporate that instead. Then changed the crontab to use it.
As noted, I upgraded PHP on HEIWA.
Now includes PostgreSQL, LDAP, Sablotron, XML, iconv, GD, gettext, zlib, OpenSSL support. Seems to be working fine. The new package name is mod_php4-4.0.6_4,1. I had to tweak the +CONTENTS file to make it happy with apache+mod_ssl-1.3.26+2.8.9.
Working on mod_php4 upgrades for HEIWA.
Ian needs PostgreSQL and LDAP support, while the web team needs XSLT and XML support. Looks like we can probably get this in the standard FreBSD 4.4 package, but I need to compile a new veersion. I’m working on that on the Virtual PC FreeBSD 4.4 image I have, and hopefully at least Sablotron will be done today.
Sent off some NIS and Moodle LDAP code to Zach and getting the MT LDAP code to send off to someone else.
Zach’s running OpenLDAP and Moodle over there, and I sent him my updated LDAP authentication and creator authorization module, along with the ldap2nis user and group extraction script. John Sechrest over at PEAK also got a copy of the ldap2nis code last week.
Someone else saw my post over on the Sysnet log about tieing MT into LDAP and wanted a copy of that, so I’m getting that into context diff patches for each modified file and also bundling a README with it.
Working on Annual Review self evaluation.
Must remember that these logs are actually useful and I should do them more.
Rewrote the certificate authority script yesterday morning to something that’s a little more useful than the default that’s shipped with OpenSSL for years.
Made it deal with the certificate directory structure that I’ve been using, and also deal with the basic functions that I tend to use. Copied the whole thing off of an encrypted FreeBSD disk and onto an encrypted OS X disk image and then stuck that image on a USB key.