saltconf 2014


todo I went to SaltCont2014 last week, and not only did I have a blast, it was one of the best and well organized conferences I’ve attended. I also was fortunate enough to be a speaker there, and I took the pre-conference training as well. All in all, it was very productive. Not because of my talk, or because of the training. It was the people I met and talked it that was the most important.

active directory authentication with salt


I typically manage two different authentication realms: Interal, usually Active Directory External, LDAP (OpenLDAP or now, OpenDJ) So at minimum, I have two completely separate authentication mechanisms for our FreeBSD/Linux system based upon their function Setting this all up in Salt was pretty easy so we’ll start with the pillar basics Pillar Data I have a few pillar values, ad-auth, ext-auth and is-public. AD Authentication Lets take a look at ad-auth:

tools have made me lazy er


I’ve finally become a dinosaur, near extinction. There are two problems I face: I’m not a cloudy-cloud person. I love hardware. I can’t keep up with how Linux does things. I’ll work on the first, becaused after we moved a datacenter 10 miles over one night, I really wished everything we had was in EC2. The second… I’m not going to at all. Let me explain. I was building a new KVM environment using oVirt, which so far has been pretty cool.

postgresql salt state


This post will not just be about how I’ve decided to manage our PostgreSQL servers, but my journey into Jinja templating. Tuning PostgreSQL is pretty much a neccessity (especially on FreeBSD), because out of the box its tuned for a small server with <1GB of physical memory. The default configuration (postgresl.conf) does not assume it will be a dedicated SQL server, which is fine with me. The convention I came across is to simply use pgtune.

the magic foundation annual convention


todo Since our Son (Owen was diagnosed with a congenital pituitary issue (Pan-Hypo-Pip for short), Michele had looked into attending the annual Magic Foundation Conference in Chicago IL. I, for one, would have nothing to do with it and had said “NO” each time it was mentioned. I was scared. Even right up to the conference. I was afraid of extrapolating from the worst case and being sad and depressed the whole time.

skeptical conference


I’m a big fan of the Scientific Method, so by transitive properties, so is my daughter, Caralyne :) While listening to my favorite podcast, The Skeptics Guide to the Universe, I just so happened to listen to the last minute of announcements (which to be honest, I usually skip (I hit FF right after Jay’s quote) which mentioned SkeptiCal Con. I’ve wanted to attend a conference like this for a while, and I sure as heck didn’t want to go all alone, so I asked Michele (crickets), posted in on Google+ (crickets), and then asked my sweet daughter.

auditing file access with samba and splunk

2013-05-08 | #Samba #Splunk

Preamble The other week, we had an issue with our working production data on our ZFS file servers. We have a running service that uses a CIFS share to extract file contents, read in a XML file, and then from that file, build out a directory structure based on a field in that order file. I won’t get into the horrible details, but we eventually discovered that this service does not halt or error an order if that field is missing!

building packages for freebsd


I have held out on building packages on FreeBSD for a long time. My experience with portmaster and portupgrade was not perfect, but it was pretty consistent, and I always knew how to recover from any failures. I normally had systems build packages via portmaster during the early am, or through some automated process that I didn’t have to look at. At this point though, pkgng has become a much better tool than the pkg_ tools, and while portmaster and portupgrade support registering packages with pkgng, I felt this was a good time to start building local packages for our infrastructure.

configuration management with salt stack


I’ve often made the remark that the open source community is a fickle crowd. There is always a new fork, or a new hot development team that everyone is clamoring to be involved in. I strive for stability, but I’m not going to stick with something for historical reasons. If I find a better tool, I’ll spend a good amount of time working with it before I call it production.

2tb hitachi drives and zfs


I’ve built a new file server at work so we can start phasing out the old ultra-scsi arrays we have. Since performance (and price) is valued more than actual space, my initial quote with iXsystems was for 26 1TB Drives ( HUA72201 ) with the assumption being that the lower platter density would provide better performance. I was not super satisfied with the results when I actually setup the ZFS array, and the best performance numbers I got out of it was about 250MB/sec