Upgraded Java on PACO for new Banner financial aid package.
Used instructions and packages found here with the exception that the old Java packages don’t have to be removed — merely change the /usr/java symlink to point to /usr/j2se.
Pointed the Quaker lists to their new homes at quakerlists.org.
All should be good now. Bruce has the new lists set up for membership, and we’ll be transferring the archives later.
Mostly getting laptop configured today.
Getting all the old software back on, reloading Virtual PC, and various other oddments.
Currently transferring a number of accounts from PAX:/home/r0p6 to RAHU.
Getting subscriber info for Quaker lists move.
Mailman has no command line way of getting the subscriber options, so I had to hack our already hacked list_members program to output subscriber info in a CSV format.
Got RONGO Jumpstarted.
Added the Forte 7 compilers to it, since there’s something weird with gcc. I haven’t yet tried to compile PHP or mod_perl, though.
ACM/SLC course.
Starting course; primarily to see what is being offered here.
This was a pretty basic course. I now know how to do everything with disks and filesystems. Decent format for an online course though. Not worth the $100 that I would have had to pay for it were I not in ACM, though. More like $25, if that.
Max (Macintosh music program) has problems with file types and creators on PAX.
I wrote a script that uses SetFile to set the file type and creator of Max files in the current directory. The type is “maxb” and the creator is “max2”. Hopefully this will work.
Self Service Quotas are in production on KE.
Had to fix a slight bug in the Quota::setqlim command to get the updates working. Otherwise all is good. Requests and releases work as designed. We’ll see whether expires work, but I don’t see any reason that they shouldn’t.
Tweaked a few stunnel options to make the calendar server faster on remote connections.
Specifically, set the random file to /dev/urandom (just in case it was trying to generate its own entropy) and set the TCP_NODELAY option on local (stunnel to calserver) connections. This seems to have made things quite a bit faster in my tests. I’ll have some other remote users try it too, to see if they notice a difference.
Getting all the packages and configs for RONGO to Jumpstart on Monday.
Works fine without any binary LDAP SDKs.
I was afraid I’d need either the Netscape SDK or OpenLDAP, but Net::LDAP seems to work fine without it on RAHU. I don’t know if it’s using the libs that are there by default or if there’s no binary requirements now, but all is ok.
Fixed a problem with DHCP not giving the appropriate DNS server to blocked connections.
Now when we generate the host stanza for a computer, we key off the block_reason field and include SHANTI as the name server if it’s not empty. This meant some changes on SHANTI to allow DNS packets to reach it from outside the block and netreg subnets and for the BIND views to respond appropriately to queries from all campus networks.
Some time researching IPsec on Solaris and FreeBSD.
Thinking of running IPsec between RAHU and PAX, and possibly more. There’s standard docs at docs.sun.com for setting up IPsec on Solaris. FreeBSD docs are around as well.
I just submitted an abstract for the Self Service Quota paper for LISA.
We should hear by June 1 whether we’re in the program or not.
A number of Self Service Quota tweaks as we get ready to deploy this beast.
The help system is live, and there are a number of minor changes that we’ve made over the last couple of days as ECS folks have been playing with it.
This afternoon I’ve been working on an extended abstract for LISA 04. The official submission deadline was yesterday, but I believe they’ll still be taking submissions until this weekend.
Spent most of the day hacking self servicce quotas.
Adding a help system and learning the code.
Also had far too many stupid user creation things to deal with.
Lots of accounts on RAHU, with a slight glitch; self-service quota testing…
Moving r0p5 small accounts hit a snag and sprayed accounts all over / on PAX. Got that cleared up ok, but the small accounts are still on r0p5 — I didn’t get to actually transferring them.
Ian’s got an almost complete self-service quota system. Importing current quotas on KE will have to be done, and we’ll use the same method for RAHU when we turn on quotas there. A few cosmetic things to fix, and it’d be nice to have updated usage displayed on the user’s display. Good layout, and nice, simple functionality.
Adding several perl modules to RAHU, and transferring bunches of small accounts over.
/usr/local/source has a bunch of perl modules that are now installed using the standard system perl. These to support quotas (as in previous post), ecs-usermgr, and at least the DBI proxy stuff (I’m not sure if I’ll go with a full-fledged PostgreSQL DBI client, or if I’ll use the proxy, possibly until such time as we do it with XML-RPC).
I also transferred the smallest few hundred accounts in three of PAX’s RAID partitions over to RAHU. Each transfer is only a few seconds worth of tar pipelines, so it’s safe to do at just about any time. Doesn’t significantly change the space used, since a lot of those accounts are less than 100K, but it does start getting lots of things transferred over.
Installed and working.
The Makefile.PL needs to have the VERITAS check commented out, otherwise it looks for old versions of the VERITAS include files and libraries. Newer VERITAS and Solaris has standard support for VxFS quotas.
I did a standard “perl Makefile.PL; make; make install” for this, which put the stuff in /usr/perl5/site_perl/5.6.1/sun4-solaris-64int.
While moving more home directories to RAHU, I spent some time planning the data access methods for NetReg 2.0.
My primary concerns are simplification of the program model and separation of data access code, display code, and configuration information. I spent a little time learning XMLRPC::Lite, as this will provide a good method of data and display code separation, as well as providing an interface for accessing NetReg data from other applications (such as WebDB).
I’m not sure when I’ll schedule writing the updates, though…
Our production instance of Moodle (v1.1.1) has a broken search function for PostgreSQL. The latest version (v1.2.1) has an appropriate fix.
The function get_users() in the file lib/datalib.php relied on a MySQL peculiarity to contatenate the first and last name fields together (with a space) to search. PostgreSQL does this differently. This bug report has the beginnings of the fix. Our beta instance (v1.2 beta) has the start of the fix, but uses double quotes where it should have single quotes. The latest release, v1.2.1 has an appropriate fix. I backported the v1.2 beta fix and used single quotes for the time being. We should have no problems when we upgrade to v1.2.1 or later.
Adding general network blocking for NetReg.
And some improvements to the details display and the search functions.
Weekend went well for RAHU, and I’m ready to declare it production.
There was a slight hiccup with backups — since we’re backing up off of snapshot, NetBackup can’t reset the atime of files back to its original after reading them. This isn’t an issue, since the snapshot is read-only and the atime hasn’t changed anyway. Adding the DO_NOT_RESET_FILE_ACCESS_TIME to bp.conf on RAHU makes that work ok. It could slightly mess with the system backups, so I’ll look into making that a policy-specific flag, but for now it doesn’t complain on the home directories backup anymore.
Yesterday as I was waiting for 30 GB of data to come off the AMANDA tapes, I got password changes for the seminary working again.
Turns out that Samba on SHANTI was getting confused by extraneous stuff sent to STDOUT on Bathsheba. I modified resetpass on SHANTI so that it ignored (sent to /dev/null) any output from the REMOTE ssh call for password changes, and that seems to have made things work.
I’ve got all the kinks worked out of the VxFS/VxVM upgrade and restored the data lost.
The corruption was probably due to VxVM thinking that dynamic multipathing (DMP) was on for the Xserve and that c3t0d1 was an alternate path to c3t0d0 (and likewise for c4). I finally subscribed to Veritas-vx and asked the question of how to make VxVM not use DMP for these controllers. The thread starts here and the answer was quick and simple.
After turning off DMP for the two controllers, I again had massive filesystem corruption. I got that worked out, deleted everything on the filesystem (including the lost+found inodes), upgraded the filesystem version to version 6, and then restored the three home directories I’d restored earlier. Everything seems to be ok, and reboots are happy.
I suspect we’re ready to go live with RAHU, but I’m going to let things shake out for the weekend at least before saying so.
Testing 1.4.2 of SquirrelMail.
It fixes a few things like the Excel attachment problem. No idea yet on the user prefs switching problem. We’ve added or upgraded a number of plugins, and I also changed the default theme to Earlham colors and stylesheet. The Archive plugin is giving us problems. We’ll work on that, but otherwise we’re probably ready to go by next week.
Got VxFS and VxVM upgraded from 3.5 to 4.0.
Unfortunately, the filesystem on the Xserve RAID was completely corrupt. An fsck put a few thousand files into lost+found. Only three idle users were there (not including myself) — I think that if we can get their directories off of AMANDA tapes we should be ok. My stuff is lost, but that’s ok. There are a few things under lost+found that are ok and have good names, but a lot of it is just inode numbers.
There seems to be an odd bug in Samba where it doesn’t like some UIDs for machine accounts.
Finally got the machine account created ok by creating a dummy account before it and then creating the new RAHU account and joining from RAHU.
I’m working on exporting the snapshot over Samba so people can get their own directories easily. Not sure how best to do that, especially if we might want to use RAHU as the main file server at some point. It’s quite doable, though.
Spent some time making the Mail::SPF::Query package work on BARIS.
Was thinking I might try to run SPF checks against a few specific domains (not everyone) and do some MIMEDefang work against those results. While the perl package finally works (had to hack it a bit because it’s badly written), it turns out that only aol.com publishes useful SPF records (a few others publish them, but the volume of mail from them is not sufficient to even try a check). And AOL’s aren’t that great. Since quite a lot of our spam comes from Yahoo, Earthlink, or Hotmail, this won’t help.
It is possible to have multiple snapshots of a VxFS filesystem active at once.
I’ve taken down the /data mirror on RAHU to use as two 20 GB snapshot storage volumes for standard VxFS snapshots. It takes a few minutes to create the snapshot. The snapshot command is a variant of the mount command:
mount -F vxfs -o snapof=/home/fc-raid-00-1 /dev/dsk/c1t0d0s7 /home/backup/snap1
I’m going to plan to have two snapshots active at all times. I’m not sure yet how to manage the mount points so that NetBackup is happy and we have decent links for the two from the users’ perspective.