Got Net-SNMP installed on RAHU for monitoring disk usage (primarily).
Other things are being monitored, of course — processes, CPU, memory. The best way to get Net-SNMP up and running after the install is to use snmpconf to generate the config (and then edit it by hand afterwards).
I had to install OpenSSL 0.9.7 over the top of 0.9.6 to make this work. The only thing that uses 0.9.6 is the by-hand install of PostgreSQL and some perl libs, otherwise I would have removed 0.9.6 entirely. All work fine, though.
mostly moving accounts around on PAX and RAHU; cleaning up e-mail…
The UPS is overloaded and really didn’t want to kick back in until we took a bunch of stuff off of it.
We took off the Alpines, TUI and NEWEARL, the DBA machine, and Zaphod, and we’re back down to 77% load, and the UPS is happy. Kevan ran an extension cord from Tom’s office for some of these systems.
I spent some time with the APC calculator to look up what kind of load our machines are each putting on the system. I’m calculating around 12 kVA without the switches already. It looks like a 20 kVA system for the machine room expansion is the least we could make work — 30 kVA would be much nicer and give us headroom for growth. Ideally, we’d get parallel 30 kVA units in a decent failover situation. But we may be stuck with the Liebert Nfinity series, which maxes out at 20 kVA.
Looking for Windows iCal readers, cleaning up from the Jintek Palm sync…
Mozilla with its calendar service makes a decent client for the ical.pl script to access Sun ONE — much like Apple’s iCal. There may be other Windows readers out there as well.
Last week I tried to sync my Palm to Sun ONE with the Jintek sync tool. It’s got several problems, and I won’t recommend it for use:
I managed to save all the calendar data that was on my Palm, but it’s no longer there. Instead it’s now in a file on the Mac in iCal, after having clobbered my Sun ONE calendar and the Palm calendar with duplicates in the process.
Incidentally, this also introduced me to a number of other admin tools on the Sun ONE server, including cscomponents, which allows me to delete a range of events from the command line on the server (specify the range by dates).
Spent the morning exploring OS X Mail.
It’s quite nice, and with the GPGMail plugin, it’s quite usable for most of my purposes. If I weren’t managing hordes of e-mail, I’d really think about switching. However, I still find that pine is much quicker — primarily because I can do so much with so few keystrokes. I poked around at various utilities to add keyboard commands to applications, but none of them really do what Mail.app needs — it needs quick menus accessed by keys. For my purposes. The selection process is slightly more cumbersome as well.
Well, I can get the OpenLDAP proxy server working, but MacOS X likes to send queries for ALL attributes (that is, an empty attribute query, not even “*”).
Most of the queries that MacOS X sends at login are requesting “ALL” attributes, and there does not seem to be a way of specifying this in any attribute set in the OpenLDAP proxy cache. Thus, these queries aren’t cacheable without some code changes in OpenLDAP (or possibly in MacOS X). MacOS X (10.2) shows the following query templates on login:
…and a few other single instances for groups. The 14 queries of the first kind are what kill Sun ONE, and it would be very nice to have these cached on OpenLDAP. But the lack of a cacheable ALL query is problematic.
I have not yet investigated whether 10.3 changes this behavior at all. I have tried to find out whether there is any way to limit the searches to particular attributes in 10.2, but apparently there is no way. The LDAPv3 DirectoryServices plugin in 10.3 doesn’t look at all different from that in 10.2.
——
But there is now an Active Directory plugin for DirectoryServices. This may be of use, depending on exactly what kind of Active Directory communication it uses.
Trying to get OpenLDAP 2.2.11 on SHANTI to act as a proxy caching server.
Some things so far:
I’ve gotten as far as having slapd recognize that a query is cacheable, but there seems to be an error on insert into the cache database, using both BDB and LDBM. The second query (exactly the same, as far as I can tell), yields a “32 No such object” result. That’s what I’m currently working on.
——
The problem seems to be in granting write access to the BDB or LDBM backend. I’ve not found any indications on how to solve this problem, however.
——
AHA! If we set a rootdn and a rootpw for the ldap database (doesn’t have to be anything related to what’s in Sun ONE), then it can suddenly write to the local cache backend. Would that this were documented somewhere…
Got bulk_mailer set up for sending mailings to alumni, parents, etc.
We want to use it to send the baccalaureate address to alumni, etc.. Since the messages will all be identical, this will work well (have to use something else to send personalized messages).
It’s currently available on KE and BARIS; BARIS is the suggested host, as it won’t interfere with regular mail that way (except where the recipient is earlham.edu). BARIS is also faster and less busy, in general.
Going about making LDAP FERPA-compliant by adding an ACI to confidential records.
The ACI is
And then we have to change all the authentication points to do DN searching by binding as an object in the “ou=Administrators,ou=TopologyManagement,o=NetscapeRoot” tree. Authentication points currently include PAM-LDAP (/usr/local/etc/ldap.conf), MovableType, Self Service Quotas, RADIUS, and Moodle. All seem to work fine at present. In the future, WebDB will be added to this.
Getting PHP and mod_perl onto RONGO, ready for Dusko to work on it,
PHP 4.3.6 was configured as follows:
the Apache apxs program had to have its perl pointed to /usr/bin/perl.
mod_perl had “USE_APXS WITH_APXS=/usr/local/apache/bin/apxs EVERYTHING=1” as its arguments to “perl Makefile.PL”.
/usr/local/bin/smbpasswd is a symlink to /usr/sfw/bin/smbpasswd, and I installed apg into /usr/local/bin.
SpectraLogic is interested in selling us a tape library.
They seem to mostly run on AIT tapes. I’m not sure yet what I think of AIT in comparison with LTO or SDLT, but their Spectra 2K or 10K libraries seem like decent possibilities in the same realm as a StorEdge L25 or some such.
Playing with a demo copy of FastTrack to see if it would be useful in the sys/net group.
I sometimes feel like we need a little more structure, and maybe this would help, at least in the realm of defining what we’re doing for larger projects and giving us some priorities. Not sure, though.
Meeting regarding the support of CMS, and planning which Sun box we’ll get for Moodle.
We’ll probably head towards a slightly beefier Sun box for Moodle on the possibility that it may run CHEF at some point. The V440 comes in at a decent price under the matching grant, although it is way more than we need for Moodle. Having others look at this and give me suggestions.