Blogs

I mentioned this on HN years ago but it’s nifty so add it here. You can graph SQL output with gnuplot without leaving the psql (Postgres client) command-line. Because @fusiongyro commented “This is incredible! I only wish it were a little easier to do on the fly,” I inquired on the amazingly helpful pgsql-general list. There are two approaches: client-side and server-side. Ian Barwick explained how to put all the prep stuff into a psql script, define your query and invoke the script. ...

I have a confession to make. I use SSH to access servers. I tell the sysadmins I teach to make changes to their servers using configuration management, but: (a) most clients I work with are just starting to use configuration management so we use SSH to access the systems that aren’t under in configuration management yet, and (b) I enjoy troubleshooting issues rather than just shooting my IT infrastructure in the head and instantiating a new one that might have the same issue. But this post isn’t about immutable infrastructures. It’s about SSHing to servers. ...

I am pleased to announce that Mike Weilgart and I will be delivering professional training for Ohio Linux Fest Institute in October. I will teach “Time Management for System Administrators” and Mike will teach “Git Foundations: Unlocking the Mysteries”. You can now register for Ohio Linux Fest. On a personal note, I enjoy walking about Columbus, lots of history there, and I love walking into German Village.

One of my clients is at the ssh “for” loop stage of automation maturity, so I installed Ansible. Because of selinux and Python version issues, I’m using the “raw” mode (which doesn’t require Python on the hosts, it just runs raw shell commands). What follows is an example of using Ansible raw mode to make changes at scale. Problem A developer requested: Please, activate these option on XYZ servers in the /etc/ssh/sshd_config so I can stay connected while debugging: ...

I recently spoke at Digital Media Educators Conference (DMEC) on Infrastructure Management at Scale and the skills educators need to impart to up and coming system administrators. This conference serves the California community college system, which is dear to my heart. My mother worked at West Los Angeles College library her entire professional life in America, since we arrived in 1988. I used to volunteer and help her out with shelving in the summer. I was a very poor helper since I kept getting distracted by all the delicous books and did more reading than shelving. ...

RPM database corruption is a common problem on Red Hat Linux systems at scale. When it happens, you have to rebuild the RPM database: - https://access.redhat.com/solutions/6903 - http://www.cyberciti.biz/tips/rebuilding-corrupted-rpm-database.html I am working on automating this repair with CFEngine. In the meantime, here is a Custom Report to identify these systems: -- Aleksey Tsalolikhin, 12 July 2016 -- Show hosts that have broken RPM databases select hosts.hostname,changetimestamp from promiseexecutions inner join hosts on promiseexecutions.hostkey = hosts.hostkey where logmessages::text ilike '%rpm%db3%' and changetimestamp > current_timestamp - '24 hours'::interval order by changetimestamp;

I encourage *nix sysadmins to go to the annual USENIX LISA conference and avail themselves of the training there. USENIX is the UNIX Users Group. Around since the seventies, it is now a global professional society spanning industry and academia. The LISA (Large Installation System Administration) conference offers a mix of talks, presentations, expo hall, social activities and formal tutorials (e.g., last year’s program). I attribute my professional success to being connected with USENIX, to attending every LISA conference I can, getting as much training as I can and to the amazing people I’ve met at LISA, many of whom are now dear friends. ...

The other day, I wanted to find out which RPM metadata field was used to store the “el6” value in the “rpm -q” output for a package, e.g: [root@as-ws-pr-la-01 Desktop]# rpm -q kernel-2.6.32-504.el6.x86_64 kernel-2.6.32-504.el6.x86_64 [root@as-ws-pr-la-01 Desktop]# This came up because this output looks identical for CFEngine’s RHEL 4, 5 and 6 packages, even though there are two different packages involved. So I used this one-liner to dump all RPM metadata which should be that RELEASE was most likely the proper field to update: ...

Mike Weilgart is going to repeat his “Taming the Git Filesystem” talk on June 23rd in Burbank. In the meantime, here is what attendees said about the debut of this talk June 2nd at UUASC-LA/LOPSA-LA meetup: “You definitely filled out some conceptual holes.” Stephen Franklin Systems Engineer “I liked that it was approachable and assumed no prior knowledge.” Eric White Senior System Engineer “Good foundational talk, Michael! Just as the description says, I’ve just learned enough about git to get my development work done. I occasionally find my ignorance of git’s foundation comes back to bite me in the rear. With this talk I can hope that happens less often.” George Wu Vice President of Engineering ...

These are some working notes for identifying critical unpatched vulnerabilities on a Red Hat Enterprise Linux system (version 6). If you install yum-security plugin, you can list security updates available and which CVEs they relate to, as well as their severity according to Red Hat ratings system: yum update-info list cves available Identifying which unpatched CVEs (as returned by the yum-security plugin) are Critical according to CVSS (Common Vulnerability Scoring System), with score > 7: ...