As a part of the many tasks assigned for my new position of Administering and Managing a new and up-and-coming Linux Virtualized platforms are backups. I’ve have a good chance to see how not to run backups at my last position and it’s given me a lot of insight into the process – stale mounts are one of the many issues to overcome. Mounting a remote file-system on the local machine and maintaining stability is hard enough between two Linux machines – let alone having to mount a remote NTFS Windows File server.
Here comes Automount! I quite literally stumbled on to this while looking to solve another un-related problem (Mounting a remote linux file system with SSHFS). What is automount? It’s a daemon that runs on Linux systems and whenever a user attempts to access an “automount” monitored mount point it will ensure it is mounted (if not already) and when a mount is not in use will unmount it. This takes care of most situations where a stale mount (When the local system thinks it still is mounted, but the remote system is unavailable or has been restarted) – perfect for this application.
This was configured on a CentOS machine and here is how I did it. Make sure you have cifs (or smbfs if you are using an older distro) installed. Install autofs:
yum install autofs
First I needed to make a directory for which to mange my mount.
mkdir /media/auto
Though you can use any existing folder. Once you have done so we’ll need to setup automount to know about the mount point – open /etc/auto.master and add the following to the bottom:
/media/auto /etc/auto.media
Replace /media/auto with the directory and you can call the file which ever you like “auto.windows” “auto.servername” etc.
Next open the file you referenced. In this case: /etc/auto/media and add the following formatted string:
MOUNTNAME -fstype=, :
So for my example I want it mounted to /media/auto/windows1 using cifs and my username: halle password: swordfish and domain: berry on the windows share //10.10.0.2/travolta
windows1 -fstype=cifs,rw,noperm,user=halle,pass=swordfish,domain=berry ://10.10.0.2/travolta
Now in the above example can be customized for all sorts of mount types found in fstab – this is just an example for Linux to remote windows share.
Once you’ve completed that, restart autofs:
/etc/init.d/autofs restart
and navigate to the created folder:
cd /media/auto
If you do an ls you should see nothing. Because the mount is only accessed when needed. If you cd in to the mount name (defined above in the auto.media file) and do an ls you’ll now be on the Windows share.
I got into an argument disagreement conversation today with Network Services – and it’s not their fault, managing Windows servers and Desktops they do a great job. This project has forced them almost into an “uncomfortable” zone where Linux just scares them.
I requested the Linux server I built and then transported from the previous office (where I had network control) and placed in the new office with Network Services to open ports 22,80,443,3306 on the new public IP. After answering their demands as to why any port other than 80 and 443 needed to be open they said “We can provide you VPN access to the network – from which you can access the box on the LAN and not need other ports open” – Okay fairly straight forward. I do some poking around – they use Cisco AnyConnect to manage the VPN, which has a Linux Client. Their instructions showed ActiveX and .exe tools being used and you have to have special Cisco account to get the client tools. I requested the Linux client and they replied “There is no Linux client for the VPN – it only works with Windows. Don’t you have a windows machine at home”
Okay aside from the obvious – almost naive comment about having a Windows Box – I provided them, in my original email, with proof this “elusive” Linux Client exists yet the blow me off. Later I was told that if Network Services doesn’t have an answer – then they just say no. So I grudgingly go home, boot my Laptop into the Windows Partition and setup the VPN client to make sure it works. It freaked because I was using Firefox and instead of pulling some ActiveX hackery just provided me with the .exe download.
I tested it – it works. Yet I am in Windows – I like to be in Linux since I’m most comfortable in that platform. I reboot and repeat. This time a Java window launches and I get prompted to download vpnsetup.sh – WHOA! The Cisco gateway picked up my version and prompted me a download. Nice! (Props to Cisco for that) Downloaded, installed, ran. Shit – errors about a Certificate not being readable. Cant’ get past this popup box even after I press “Accept”. Quick check of their site, it’s only 32bit. When I ran an STRACE and checked the logs I found it was either failing at /usr/lib files being 64bit or just flat out not finding the right libs at all.
Google pointed me to some old threads with borrowing 32bit lib files from Firefox.
HERE IS HOW I DID IT
I made sure these were installed:
sudo apt-get install curl ia32-libs lib32nss-mdns libcurl3 libxml2 |
After that install the vpnsetup file.
Next download the latest 32bit Firefox (they don’t seem to distinguish on the page, I just went here and downloaded the Linux version. I extracted it to a temporary location. These are the libs I needed:
libfreebl3.so libnspr4.so libnss3.so libnssdbm3.so libnssutil3.so libplc4.so libplds4.so libsmime3.so libsoftokn3.so libsqlite3.so |
Most of those are already covered in other pages – but libsoftokn3.so – which is part of nss-devel was needed to read the cert properly – hence the weird blank pop-up (After getting that in place the certificate was read and I could accept it)
Place those, or soft link them to /usr/lib32 and for good measure (though I found it no necessary) /opt/cisco/vpn/lib/
Lastly – run the setup one more time and re-launch the tool.
DON’T BE AN IDIOT LIKE ME AND HARD COPY THESE LIB FILES TO /usr/lib IT WILL ONLY MAKE YOU WANT TO CRY
That should do it. If it doesn’t these are other steps I did that I don’t think matter:
Install Getlibs then run the following:
getlibs libsqlite3.so.0 |
I will be packaging the modified libs into a support deb and rpm package for easy distribution. Right now I’m the only Linux User in the entire company (with a company that is over 10,000 employees world wide) but with this new initiative there will be a lot more Linux users in the future.
I look forward to emailing Network Services about how I connected via VPN on Linux to the network – Thanks Cisco for meeting me half way!
Since I am the only person in this entire organization that has ever used Linux (and have just introduced the first Linux server into this very large – Windows based company). The project requires development on a LAMP stack in order to cut costs, stay competitive, and offer an open source – stable – product. I have no problem developing and maintaining enterprise applications, on LAMP, by myself. However – this project has now been moved to “AGILE” project management (More work, less people, quicker deliveries). So you want a prototype by end of the month and we haven’t even started working. Cool.
I thought it was nice that they are trying to make this impossible deadline by providing me with all the help they can afford to spare.
PM: “Here are four developers to you help you! I am awesome”
ME: “Oh, great! What’s your experience in everyone?”
01: “I’ve been developing ASP/.NET Applications for 10 years”
02: “I’ve been developing APS/.NET Applications for 8 years”
03: “I’ve been managing Microsoft SQL Servers for 5 years”
04: “I’m a Microsoft Sharepoint Designer and ASP developer”
ME: *FACEPALM* – “Do any of you know what Linux is?”
Most people answer “Free operating system”
ME: “Has anyone ever used PHP before?”
Some slight nods of heads – maybe this isn’t so bad…
ME: “Does anyone know what PHP stands for?”
No one even knows. I don’t expect php developers to really know this answer either (Well I kind of do actually) but still. If you’re going to fake it – at least try. I appreciate the effort but you’ve given me a lot of what I don’t need.
So I continue with this charade. I’m running OpenVZ on CentOS 5.4 and have setup a standalone MySQL container, and then a few development containers and a “stable” container. It’s my style of management. I send out each ASP developer a set of links about using Linux, their logins (with root) for each of their containers, and tell them “Read the documents, give it a shot, ask me if you have any questions” About 30 minutes later they all walk into my office (Most are twice my age) they come saying
“We can’t connect to the server”
ME: “Let me take a look”
*Loads terminal and connects*
ME: “What are you guys trying”
“Remote Desktop Tool”
ME: “That’s to connect to Windows via GUI – this is a server environment, there is no GUI. Go back and read my email again. Download PuTTy. Use command line.”
It’s going to be a long project.
Typically when I’m making a project which requires a database I simply spec the model in my head and start plugging int tables and columns until I have a working, starting, model and branch from there. While that works great for all the various projects I do, it doesn’t help anyone who can’t read my mind or have a hard time drawing SQL code into charts.
MySQL Workbench! I’m surprised by this tool from MySQL – first of all I’ve never seen any colleagues use it but this tool is robust in it has the MySQL Query Browser, MySQL Administrator, and Data Modeling tools. I know – crazy, but to throw a few more “FEATURES!!!” at you – the tool is free from MySQL (I’m currently using the very stable BETA) and is available for Windows, Mac OSX, and Linux (Including several pre-built packages for Debian/Ubuntu, Fedora, and SuSe Linux)
MySQL – My hats off to you. You’ve built an interface that encompasses all the tools and features I need to create, maintain, and monitor MySQL servers/databases on a personal and enterprise level.
I suggest downloading this tool and giving it a good test drive. Supports multiple server configurations and changing on the fly to easily monitor and maintain your servers!
At Supremesoft we’re working on a contract with one of our biggest clients. Unfortunately I’m not at liberty to say who this client is or what specifically we are doing, though I believe I can say this: It’s huge.
The components of this project include: An abstract database model “DataMart”, an OLAP server, a Business Rules Engine, Reporting tools, Dashboard tools, Export tools, and has to be “Platform and non-domain specific”.
Holy shit. If you’re a developer you know that typically you start with a database model, and build your code on that. As Lead Developer for this project I was concerned as first of all don’t have a database model. Our DataMart may change at any moment – and will – and the application needs to be able to automagically adjust. We’re designing security on a “cell” based level – which means that different security roles will have access to not only specific columns in the database, but specific rows of that table. All this while not knowing the actual tables, columns, or rows.
If this all sounds crazy so far – because it kind of is – then here are just a few more requirements. Any software we use must be Open Source and the majority of the project must be in php.
We’ve just submitted our Analysis Document for review – not only have we found a way to meet all their requirments, but we’ll be able to do so in the time period they’ve outlined. This will be one of the most interesting products I’ve every worked on.
So – not sure how this happened – but I’ve become the technical point of contact for screening people whom have applied for Network Administration, System/Server Administration, Windows Desktop Support, and most any other non-developer role for Supremesoft.
I’m flattered really, that people think that highly of my skill set. I was worried that I wouldn’t be qualified for the job though ( I mean, I’m a php Developer and Linux System Administrator – I’ve used Windows, worked on it for a year as an Admin but I’m not judger or talents ). Well the interviews kicked off today – on top of my two up coming deadlines, one being tomorrow, and the other next Friday – wow. Three interviews, and these people were morons. I thought I would spend my time judging talents and making the hard decision of “who was better” these Resumes were blatantly falsified. Someone who writes a certification on their resume should at least know what that certification is for.
“From a generic standpoint – if a server is failing – what are some of the first places to start diagnoses” Let me tell you the correct answer is not “Restart the machine”. A server is failing – please first identify what is failing, then advise on several typical points of failure, then tell me a plan of action. Two of the three answered “Restart” those two also had no idea what “Rack Mounted” meant or of enterprise network level configuration. One of the applicants actually was able to give me intelligent feedback but half the things mentioned on the Resume were not true from talking to him.
I can see why the technology industry has some terrible employees. You take a Resume at face value, give it to an HR representative, and hire based on that and “References” who knows who you’re getting.
I’m glad I was able to help weed out these falsifiers.