My Wushu Blog

My Wife makes some incredible bags. She even made me a canvas backpack which I use daily. Since I have not completely destroyed it, I feel that is a real testament to the build quality. For a little over a year, Michele has fallen in love with creating small purses and large Tote bags. It has been amazing to see her progression, her first items started out as reusable shopping bags.



Since I attended SaltConf, I had all sorts of motivation to help out with the [https://github.com/saltstack-formulas](Salt Stack Formulas on Github), which I did. I’ve found out that my brain, and work environment, does not always lend itself to that. For certain states (or a combination of states) to work, but also be decoupled from each other, I can’t always easily create a one-off git repo that is self contained. We manage a few (5) sizable Samba servers (>20TB).



todo I went to SaltCont2014 last week, and not only did I have a blast, it was one of the best and well organized conferences I’ve attended. I also was fortunate enough to be a speaker there, and I took the pre-conference training as well. All in all, it was very productive. Not because of my talk, or because of the training. It was the people I met and talked it that was the most important.



I typically manage two different authentication realms: Interal, usually Active Directory External, LDAP (OpenLDAP or now, OpenDJ) So at minimum, I have two completely separate authentication mechanisms for our FreeBSD/Linux system based upon their function Setting this all up in Salt was pretty easy so we’ll start with the pillar basics Pillar Data I have a few pillar values, ad-auth, ext-auth and is-public. AD Authentication Lets take a look at ad-auth:



I’ve finally become a dinosaur, near extinction. There are two problems I face: I’m not a cloudy-cloud person. I love hardware. I can’t keep up with how Linux does things. I’ll work on the first, becaused after we moved a datacenter 10 miles over one night, I really wished everything we had was in EC2. The second… I’m not going to at all. Let me explain. I was building a new KVM environment using oVirt, which so far has been pretty cool.



This post will not just be about how I’ve decided to manage our PostgreSQL servers, but my journey into Jinja templating. Tuning PostgreSQL is pretty much a neccessity (especially on FreeBSD), because out of the box its tuned for a small server with <1GB of physical memory. The default configuration (postgresl.conf) does not assume it will be a dedicated SQL server, which is fine with me. The convention I came across is to simply use pgtune.



todo Since our Son (Owen was diagnosed with a congenital pituitary issue (Pan-Hypo-Pip for short), Michele had looked into attending the annual Magic Foundation Conference in Chicago IL. I, for one, would have nothing to do with it and had said “NO” each time it was mentioned. I was scared. Even right up to the conference. I was afraid of extrapolating from the worst case and being sad and depressed the whole time.



I’m a big fan of the Scientific Method, so by transitive properties, so is my daughter, Caralyne :) While listening to my favorite podcast, The Skeptics Guide to the Universe, I just so happened to listen to the last minute of announcements (which to be honest, I usually skip (I hit FF right after Jay’s quote) which mentioned SkeptiCal Con. I’ve wanted to attend a conference like this for a while, and I sure as heck didn’t want to go all alone, so I asked Michele (crickets), posted in on Google+ (crickets), and then asked my sweet daughter.



Preamble The other week, we had an issue with our working production data on our ZFS file servers. We have a running service that uses a CIFS share to extract file contents, read in a XML file, and then from that file, build out a directory structure based on a field in that order file. I won’t get into the horrible details, but we eventually discovered that this service does not halt or error an order if that field is missing!



I have held out on building packages on FreeBSD for a long time. My experience with portmaster and portupgrade was not perfect, but it was pretty consistent, and I always knew how to recover from any failures. I normally had systems build packages via portmaster during the early am, or through some automated process that I didn’t have to look at. At this point though, pkgng has become a much better tool than the pkg_ tools, and while portmaster and portupgrade support registering packages with pkgng, I felt this was a good time to start building local packages for our infrastructure.

