January 31, 2006

[Installations] Wildcard SSL certificate

We purchased an wildcard SSL certificate last week for use across our SSL services. Installation has been pretty painless. Apache is easy, sendmail and UW-IMAP are pretty straightforward. The main holdouts are EZproxy and the LDAP servers.

  • EZproxy: sicne the cert is for *.earlham.edu, and EZproxy, when doing ProxyByHostname, redirects to login.proxy.earlham.edu, the client gets a cert mismatch warning. I’m talking to the folks at Useful Utilities to see if there’s any way around that while keeping ProxyByHostname.
  • LDAP: Sun ONE Directory Server is based on Netscape tech, so it expects the certs and keys to be in the PKCS12 Berkeley DB format. I’ve got the utilities off a Directory Server 5.2 disc to convert them, installed them on ASHTI, and done initial conversions. I have not installed the certs and tested them yet, though.

Still to complete is ProFTPd, which should also be straightforward.

Posted by Rowan Littell at 04:02 PM

January 18, 2006

[Installations] Server installs, continued...

All the new servers, etc. have arrived and are in the racks.

I’ve been hip deep in fibre channel stuff this week. I think I’m leaning away from LUN masking, simply because any changes to the LUN masking setup require a reboot of the RAID controller on the Xserve RAID boxen, disrupting any other hosts that are connected to volumes on that controller.

Installing the new V480, I had to power down EYEWI to move its DLT drive. I took the opportunity to replace the heat sink with the bad fan with the heat sink I pulled out of the new V210 that had an extra CPU in it (long story: Oracle licensing and educational discounts on preset V210 configs).

Posted by Rowan Littell at 03:40 PM

January 04, 2006

[Installations] Toys!

Santa brought me several cartloads of toys this year. Still trying to get all of them unboxed, racked, and inspected, much less set up and configured. That’s for the rest of winter.

  • SunFire V210: replacement for PACO, Banner development
  • SunFire V440: new SCT Luminis server
  • Dell PE 1850: MySQL server
  • Dell PE 1850: replacement for HEIWA, web server
  • Dell PE 850: content management server
  • SAN equipment: Xserve RAID, 2 Qlogic SANBox 5200s, a bucket of cables, FC HBAs, and more drives to populate another Xserve RAID.

Everything but the new Xserve RAID is racked, and I’m making sure that things are in good condition. I’ve still got a few more pieces of equipment that have yet to come in, too.

Posted by Rowan Littell at 05:00 PM