linux

You are currently browsing articles tagged linux.

Flying without a net: safe techniques for working remotely

2010-02-28 22:16 UTC | No comments

I try to post a few times each month, but somehow January (and most of February) fell through the cracks. Lately I’ve been busy with operational tasks, which hasn’t left me much room for engineering. I haven’t solved any particularly hard or unusual problems, which is usually what I write about. Instead, I’ll write about a routine problem that is nonetheless tricky enough to warrant discussion.

Most of the time I’m not in the same country as the servers I administer. Which means I can’t just drive down and fix something when it goes wrong. It also means that making changes to the network is particularly dangerous. So is updating the kernel, initrd, or GRUB configuration. It is possible to leave a server in a state that requires you to be physically present to fix it. I call this kind of work “flying without a net”. Here are my techniques for safely working without console access.

Read the rest of this entry »

Tags: , ,

VLANs, bridges, and virtual machines

2010-02-20 12:44 UTC | No comments

We run several virtual machine host servers on a network with multiple VLANs. The virtual machines are members of different VLANs, but are not themselves aware of the VLAN. This is how we did it.

Read the rest of this entry »

Tags: , , , , ,

Poor VirtualBox guest performance with Intel VT-X on Ubuntu 9.10

2009-11-04 21:36 UTC | 1 comment

Since upgrading to Ubuntu 9.10 I’ve noticed poor performance of VirtualBox guests with Intel VT-X hardware virtualisation enabled. This has been noted in a few places, but I didn’t enable VT-x until recently so I can’t be sure that the problem began with Karmic. I can be sure that it is happening to me now.

Read the rest of this entry »

Tags: , , , ,

Upgrading from Kubuntu 9.04 to 9.10

2009-11-01 14:40 UTC | 6 comments

Friday I upgraded from Kubuntu 9.04 “Jaunty Jackalope” to Kubuntu 9.10 “Karmic Koala”. Here are my notes on the upgrade.

Read the rest of this entry »

Tags: , , , ,

Replacing Bacula with BackupPC

2009-10-08 22:26 UTC | 7 comments

We recently moved our primary backup machine to another location, and have overhauled a lot of our network infrastructure. This meant a lot of work updating the Bacula configurations on those machines. I’ve been unhappy with Bacula for some time, so I replaced it with BackupPC.

Read the rest of this entry »

Tags: , ,

Using Webmin on a smartphone

2009-09-06 11:07 UTC | 2 comments

Although I administer most servers via SSH, I also use Webmin. Webmin is convenient for almost any simple administrative task, and is often better for some jobs. For instance, it is the easiest way I have found to browse Postfix email queues. Perhaps most importantly, it can save you from having to learn yet another daemon’s unique configuration language and syntax.

It can also be very handy if you have to fix something from your smartphone, where the command line isn’t always the best choice of tool. Enter: the Virtualmin Mobile/iPhone Theme.

Read the rest of this entry »

Tags: ,

kregexpeditor now in repo

2009-08-22 15:39 UTC | No comments

Cleaning up after the KDE 4 upgrade continues. Today I tried to port kregexpeditor from hardy, but pbuilder stopped with a library conflict:

kdelibs5-dev: Conflicts: kdelibs4-dev but 4:3.5.10.dfsg.1-1ubuntu8 is to be installed

I’m sure I could have resolved this, but I decided to test the hardy package before spending any more effort. The package installed without complaint, and the binary runs. I’ve added the amd64 and i386 packages from hardy-backports to the repo for jaunty.

Read the rest of this entry »

Tags: , , ,

Upgrading from Kubuntu 8.04 to 9.04

2009-08-18 20:42 UTC | 1 comment

Until last week I still ran Kubuntu 8.04 (Ubuntu with KDE) on my personal desktop. We also use this on all our corporate desktops, and my wife’s PC at home. I wanted to wait for KDE 4 to mature a bit more before upgrading, so intrepid wasn’t an option.

I waited 4 months after the release of jaunty, so the problems should be either documented or resolved, and the release notes didn’t mention anything that seemed too serious. So I decided to give it a test.

Read the rest of this entry »

Tags: , , , ,

Reverse-path filter part 2: OpenVPN and traceroute

2009-07-14 21:59 UTC | 2 comments

After my recent adventure with reverse-path filtering, I didn’t expect to see it again so soon. And then I took another look at a long-standing annoyance in our OpenVPN network.

I set up OpenVPN so our offices and laptops could securely access internal resources. This lets me print documents directly to another office, for instance. Or access web-based applications that we don’t make available to the public. Or remotely SSH into a PC and fix a problem. Read the rest of this entry »

Tags: , , ,

Disabling reverse-path filtering in complex networks

2009-07-13 21:25 UTC | No comments

I recently created a very complex network using routers running Ubuntu Hardy. These routers were configured with the following features:

  • failover shared IP addresses using heartbeat
  • routing announcements via Quagga BGPd
  • 802.1q VLAN tagging
  • multiple physical interfaces

During debugging of this network, I encountered an odd scenario whereby traffic coming in from the external interface (eth0) could not reach the IP address of the secondary (inactive) router’s internal interface (eth1, VLAN tagged).

dual-routers

Read the rest of this entry »

Tags: , ,

« Older entries

All content © 2008-2010 Tyler J. Wagner