After spending most of my professional career taking care of Windows-biased systems (don't get me wrong, Windows has given me a good life financially and technically), but in the last part of my time before heading out, I finally get to see the introduction of mass UNIX -- in the form of Linux distros -- desktops to the once impregnable fortress of Windows.
Windows has many strengths as well a many weaknesses, but with its overwhelming popularity it was the system of choice in which to build and run a successful 20+ year consulting/training business. However, the progress of Linux distros with the likes of Ubuntu 9.10, freeBSD, openSUSE, etc into very usable desktop environments that do not require, remember these "the UNIX install parties," such hand holding, give my next few years some very "coming home" type feelings.
I have several contracts where I am going to introduce a small set of Linux-biased desktops to clients that are fed-up with the Redmond mindset of control, proprietary bent, and endless patches -- not unlike the Macintosh world. Linux can free users from both those tyrannies.
Frequently as the experience pile up, I will come back and post the more interesting stories as my clients walk with me into this new, but not new, experiences of sans-Windows.
Back later on.
Open source is a lovely thing. Getting open source software running, configured, backed up and functioning can be considerably less lovely. I hear some of you saying, "If only there was a company that could just configure the software for me so that I could use the program instead of spending my time installing it and resolving dependencies, I'd do cartwheels in the parking lot." Well, start stretching, because it's cartwheel time. Jumpbox is a company that specializes in making pre-configured application-specific open source software virtual machines that can be easily deployed in Windows, Linux, or Macs using virtualization technologies. JumpBox was founded in 2006 by Kimbro Staken and Sean Tierney. For a quick explanation on how Jumpboxes work, there is a 90 second introductory video available on their website, as well as a tour of the basic structure of each Jumpbox.
is a free, powerful, and versatile virtualization program which is available for Linux, Mac, and Windows hosts, and can virtualize many different Operating Systems. VirtualBox was originally developed by innotek, but was purchased by Sun and renamed Sun xVM VirtualBox. There are several versions of the program, but I use the free closed-source version, since it has more features than Virtualbox OSE.
is a great Linux note-taking tool. I chose it because I don’t need the multi-platform or networked aspects of Jarnal
, and appears to have more useful features than Gournal
though NoteLab looks like it could hold its own weight, depending on the intended use.
There are several paper types available, such as notebook paper or graph paper, but because this tool can also be used to annotate PDF files, you could also print out many assorted sizes and styles of graph paper here,then annotate them inside of Xournal. NoteLab lacks this feature, which looks like a deal-breaker to me. Xournal very well with my Thinkpad X41 tablet PC, and allows me to keep digital copies of notes that I previously would have put on paper. I can see this program being very useful when I do my sysadmin work on site, especially when sketching out preliminary network topologies and other notes.
Useful features in Xournal include freehand pen input, forced straight-line pen input, shape recognition, multiple layer input, text entry, highlighting, erasing, selecting and moving text, as well as different pen and paper shapes and colors.
I also like the “undo” feature, as it saves me from the typical scribbling that I do with a regular pen.
If you're interested, give it a try!
Go to zootlinux.blogspot.com for more tech news and cool stuff!
What's the difference between a novice and a professional? One word summation...training. There is a classic line that I love in the Denzel Washington movie Man on Fire when he is training Dakota Fanning's character on improving her swimming times:
"There is no such thing as tough. There is trained and untrained. Now which are you?"
It is a good statement and an excellent question. Which are you in the world of Linux? Training is defined by Webster's as:
- the act, process, or method of one that trains.
- the skill, knowledge, or experience acquired by one that trains.
- the state of being trained.
The other day I wrote about Linux certifications. In that article I gave my opinion that although a certification was not a necessity nor requirement, it was not a bad idea for someone who wanted to gain a good foundation in what Linux was all about. However, my primary point was that "Linux affords you the level of "certification" you desire to achieve just by being Linux. You essentially gain your certification by being involved with Linux and using it".
The keyword is involved. Without being involved and actively using Linux you will never gain any aptitude. You are left being untrained. I watch forums and read questions from people who's only desire is to have someone do their work for them. They are not gaining any useful skills or knowledge because they just click and configure based on someone else who spoon fed them the answer. In a sense they are stuck in "Windows" mode, meaning they just want to double click and have the machine install and be done. There is not anything wrong with that per se, but training in Linux means doing. The act of doing equates to experience. One cannot be hesitant to try things and fail in Linux. If doing leads to experience, then the experience will lead to judgment, which will make you a more effective system administrator, engineer or developer. Putting it another way, good judgment comes from experience and experience comes from bad judgement. But ultimately that experience comes from you training yourself.
Gaining the experience takes time in training. You have to consistently be willing to explore the file system and do things over and over. There is a saying in the Army that was drilled into us that slow is smooth and smooth is fast. What that means is if you put the time in your training to do it right, to learn from your actions and your failures, your experience grows and makes you ultimately faster. Developers don't just learn C and write out the next latest and greatest kernel overnight. They hone and sharpen their skills by doing and gaining the experience. They train in their art of C.
Just remember, training never stops. I learn new things and techniques almost daily. My advice to those new to Linux is never be afraid to fail. It takes time and effort to train, but remember that the penguin rewards your training. There is nothing more satisfying than installing and configuring a system that is reliable, flexible and rock solid...and knowing that it was your experience and training that made it possible.
If you are serious about the Linux craft here are some great links that will help you train yourself (the links will open in a new browser, check your pop-up blocker if it does not work):
- Easiest Linux Guide You'll Ever Read / htttp://www.linux-books.us/suse_0002.php / Designed especially for those who are in an early transition from Windows to Linux. Specifically written from the SUSE distribution use.
- Linux Professional Institute LPI 101 and 102 course instruction materials / http://www.ledge.co.za/software/lpinotes / Licensed under the GNU documentation license, these are professionally developed study guides that are distribution neutral. They were developed for those wishing to sit for the LPI entry level certification and an excellent reference.
- The Cathedral and the Bazaar / http://www.catb.org/~esr/writings/cathedral-bazaar/ / If you want to understand what open source is all about and what Linux means from the open source perspective this is a must read. There are multiple translations if English is not your mother tongue.
- Linux Device Drivers / http://lwn.net/Kernel/LDD3/ / Are you a developer and want to know everything about Linux Device Drivers and such? This is an excellent starting point.
- Loads of Linux Links / http://loll.sourceforge.net/linux/links/ / A central repository of over 5000 links that are specifically related to Linux and all the aspects of the environment (system administration, engineering, developing, security, magazines etc).
So the challenge question to you is which are you...trained or untrained? I challenge you to keep training and don't get discouraged about how quickly you might or might not pick things up. Remember...slow is smooth and smooth is fast.
Cheers - Kryptikos
Cacti is a GPL-licensed, scalable, RRDtool-based monitoring program with flexible graphing options. This article describes the process of installing and configuring Cacti on CentOS 5.2.
Useful links to this installation were BXtra and TechDB.
Per the Cacti documentation, Cacti requires:
RRDTool 1.0.49 or 1.2.x or greaterI'd also recommend installing vim, net-snmp, net-snmp-utils, php-snmp, initscripts, perl-rrdtool, and any dependencies.
MySQL 4.1.x or 5.x or greater
PHP 4.3.6 or greater, 5.x greater highly recommended for advanced features
A Web Server e.g. Apache or IIS
To perform this install, I am logged into Gnome as a normal user, and opened a terminal that is switched to the root user using the su command. I had already installed apache, mysql, and PHP during the original install process of CentOS 5.2.
I added a new repository to facilitate this install. To do this, I created a file
(/etc/yum.repos.d/dag.repo) containing Dag Wiers repository, which contains rrdtool, among other things.
[dag] name=Dag RPM Repository for Red Hat Enterprise Linux baseurl=http://apt.sw.be/redhat/el5/en/i386/dag gpgcheck=1 gpgkey=http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt enabled=1
You can create this file by typing vim /etc/yum.repos.d/dag.repo and copying and pasting the above information into the file. Be warned that the above text containing the repository is version and architecture-specific.
I then typed yum update to update CentOS and the repository list before installing additional software.
I installed everything but cacti through yum. You can verify that you have the packages in question (or the version numbers of installed packages) by attempting to install them, as yum will remind you that you already have the latest version installed, as well as the version status of the packages, like shown here:
# yum install php httpd mysql mysql-server php-mysql vim-enhanced net-snmp net-snmp-utils php-snmp initscripts perl-rrdtool rrdtool initscripts
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
* base: pubmirrors.reflected.net
* updates: mirror.fdcservers.net
* addons: chi-10g-1-mirror.fastsoft.net
* extras: mirror.fdcservers.net
Setting up Install Process
Parsing package install arguments
Package php-5.1.6-23.2.el5_3.i386 already installed and latest version
Package httpd-2.2.3-22.el5.centos.1.i386 already installed and latest version
Package mysql-5.0.45-7.el5.i386 already installed and latest version
Package mysql-server-5.0.45-7.el5.i386 already installed and latest version
Package php-mysql-5.1.6-23.2.el5_3.i386 already installed and latest version
Package 2:vim-enhanced-7.0.109-4.el5_2.4z.i386 already installed and latest version
Package 1:net-snmp-220.127.116.11-5.el5_3.1.i386 already installed and latest version
Package 1:net-snmp-utils-18.104.22.168-5.el5_3.1.i386 already installed and latest version
Package php-snmp-5.1.6-23.2.el5_3.i386 already installed and latest version
Package initscripts-8.45.25-1.el5.centos.i386 already installed and latest version
Package perl-rrdtool-1.3.7-1.el5.rf.i386 already installed and latest version
Package rrdtool-1.3.7-1.el5.rf.i386 already installed and latest version
Package initscripts-8.45.25-1.el5.centos.i386 already installed and latest version
Nothing to do
Download the latest version of Cacti (0.8.7e, as of the writing of this article) from here. I downloaded it to my desktop and unzipped it by right clicking it and selecting "Extract here". I also renamed the cacti-0.8.7e directory by right clicking and selecting "Rename". You could do this in the command line, if you wanted to:
[your root shell] # tar xzvf cacti-0.8.7e.tar.gz Move the entire cacti directory to /var/www/html/ :
[your root shell] # mv cacti-0.8.7e cacti
[your root shell] # mv cacti /var/www/htmlI chose to create a 'cactiuser' user (and cacti group) to run cacti commands and to have ownership of the relavent cacti files. It was here that I noticed that my install did not have any of the /sbin directories in its $PATH , so I simply typed the absolute path:
[your root shell] # /usr/sbin/groupadd cacti
[your root shell] # /usr/sbin/useradd -g cacti cactiuser
[your root shell] # passwd cactiuserChange the ownership of the /var/www/html/cacti/rra/ and /var/www/html/cacti/log/ directories to the cactiuser we just created:
[your root shell] # cd /var/www/html/cacti
[your root shell] # chown -R cactiuser rra/ log/
Create a mysql root password, if you haven't already (password in this example is samplepass:
[your root shell] # /usr/bin/mysqladmin -u root password samplepass
Create a MySQL database for cacti:
[your root shell] # mysqladmin --user=root --password=samplepass create cacti
Change directories to the cacti directory, and use the cacti.sql file to create tables for your database:
[your root shell] # cd /var/www/html/cacti
[your root shell- cacti] # mysql --user=root --password=samplepass cacti < cacti.sql
I also created a MySQL username and password for Cacti:
[your root shell] # mysql --user=root --password=samplepass
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 28
Server version: 5.0.45 Source distribution
Type 'help;' or 'h' for help. Type 'c' to clear the buffer.
mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'samplepass';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
Edit /var/www/html/cacti/include/config.php with your favorite editor, and update the information to reflect our cacti configuration (you can leave the other text in the file alone):
/* make sure these values refect your actual database/host/user/password */Create a cron job that polls for information for Cacti (I'm choosing to use /etc/crontab here):
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "samplepass";
$database_port = "3306";
[your root shell] # vim /etc/crontab
Add this line to your crontab:
*/5 * * * * cactiuser /usr/bin/php /var/www/html/cacti/poller.php > /dev/null 2>&1Edit your PHP config file at /etc/php.ini to allow more memory usage for Cacti. It is a relatively large text file- using vim, I search for "memory_limit" by typing /memory_limit in command mode.
[your root shell] # vim /etc/php.iniBefore I check to see if Cacti works, I want to check and see if mysqld and httpd
I changed memory_limit = 8M to memory_limit = 128M
are running using the service command.
[your root shell] # /sbin/service mysqld status
[your root shell] # /sbin/service httpd status
If mysqld and httpd are running, great. If not, type:
[your root shell] # /sbin/service mysqld start If you're an "I need to see what the output looks like" type, here is an example of the previous command:
[your root shell] # /sbin/service httpd start
[your root shell] # /sbin/service mysqld status
mysqld is stopped
[your root shell] # /sbin/service mysqld start
Initializing MySQL database: Installing MySQL system tables...
Filling help tables...
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h localhost.localdomain password 'new-password'
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
The latest information about MySQL is available on the web at
Support MySQL by buying support/licenses at http://shop.mysql.com
[ OK ]
Starting MySQL: [ OK ]
You should now be able to access cacti at http://localhost/cacti from the local computer or from any computer within your LAN network at http://your.internal.IP.address/cacti .
There should be a Cacti Installation Guide window that shows up, giving licensing info and the like. Click "Next".
Select "New Installation", since this is a new installation.
The next window to pop up should tell you whether Cacti could find the paths to all of the elements that Cacti needs to run, such as RRDtool, PHP, snmp stuff, etc. If everything but Cacti was installed via yum, you should be good here. Click "Finish" to save the settings and bring up the login window.
Below is a screenshot of the login window. The default user name is admin. The default password is admin. It should prompt an automatic password change for the admin account when you log in the first time.
If you successfully log in, I'd recommend taking a break here. Depending on how fast you are, your cron job may not have had enough time to run the poller program and create data for your graphs. I'd suggest taking a deep breath, or brewing a cup of tea (or coffee) for yourself.
The localhost machine should have some graph templates that are already created, but you can click the "Create Additional Devices" link to add graphs for any other machines on your network. I added my FreeNAS box (tutorial for that to follow).
After having consumed your beverage of choice, press the "Graphs" button. Cacti should have a graph showing you a couple minutes of data for the machines you have added. The longer your machine is on, the more informational the graphs will be. Also, if you click on a particular graph, Cacti will Congratulations! You're now monitoring!
View the Cacti documentation page for more information on how to take advantages of Cacti.
Below are some graphs that were made using Cacti.
for more blog posts!
It´s a real story. My mom don´t like Linux, because think it´s ugly. She don´t know nothing about design, programing, user experience or high resolution things. She simply don´t like what she sees.
She likes to use Windows 7, because it´s look, not because it´s resources. And her opinion it´s so important, because the greater part of computer users are like her, not like the developers. And, to make a OS to be sucessfull, it´s in this kind of user the developers must to be focused.
It´s simple: you have to adapt your product to satisfy the greater number of people.
Knowing what people want
I don´t have all the answers, but I can tell one thing: The resolution of the monitors are getting greater and greater. The HD era is a reality and, if you can´t see that, you can´t create a satisfactory product. The fonts, the icons, and other little things in Gnome and KDE, aren´t good enough for the new monitors, for high resolutions.
When you develop a product, you need to watch, not only your competitors... But you need to know how the consumers will use your products. And make it, thinking in the non-specialists users.
Unless you´re making oil drilling equipments!
Linux...The Final OS. These are the voyages of the Linux distributions. Its 5-year mission: to explore strange new commands, to seek out open source and new freedoms, to boldly go where no Microsoft developer has gone before!
Who here remembers the original Star Trek? Yeah, that's right, the original James Tiberius Kirk makin' it with the green ladies while Spock stared into some tiny optical view master and the Enterprise running full speed ahead with photon torpedos and phasers blasting away Star Trek. Each episode usually placed the crew into some new frontier, planet or gaseous expansion (gaseous...a humorous word) that forced them to analyze, communicate, learn and deploy a new method to overcome some challenge. Now I can't say that Linux has defeated any hissing green Gorn lizards, but I can say that I really have come to the conclusion that Linux is alot like Star Trek. Here's why...
Star Trek blasted onto the scene in the 1966...to not much fan fare. Well I should say visible fan fare. In a way when Linus released his 1991 kernel it too released with not much fan fare. Again...I should say visible fan fare. Linus himself was particular low key by stating "I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones." The big corporate cigar-smoking fat cats at NBC ultimately dismissed Star Trek just after three seasons, never realizing the huge fan base that quickly developed around the concepts of freedom, exploration, peace through strength, the prime directive and the aspect that everyone can contribute to the success of the community. Microsoft too ultimately dismissed Linux as a tinker toy. Just as NBC missed the realization of what Star Trek was, most of the IT industry missed what Linux was about.
Linux has become the Genesis Device. It exploded and has created not just a revolutionary new operating system, but also a methodology of community. Just like Star Trek, the Linux fan base has exploded into a community that believes exploration, freedom and that any person can/should contribute is the way of advancing man's technical capabilities. As Linux has matured and more users, developers, and corporate sponsors have joined the "Linux Federation", our favorite operating system has mushroomed into various distributions.
So we now have Linux TOS, Linux the Next Generation, Linux Deep Space 2.6, Star Trek: Linuxager, Star Trek: Penguinprise. Ok, maybe that sounds a bit silly. But think about it. We now have Red Hat, Debian, Ubuntu, SUSE, Slackware and the list goes on as more and more fans begin to create their own distribution.
This is the only concern I have at the moment about my beloved OS. I've begun to notice that as more corporate entities have begun to get involved, the direction of the starship has begun to drift. The marks and bearings change depending on who the perceived captain is at the moment. Although I hear talk (and efforts are in place) of standardizing directory structure and libraries, it is slow at best in adoption. In fact I'd say with corporate entities jumping into the pool (think of them as the necessary but bureaucratic Starfleet Command) things have begun to retard actually and slow us engineers down. I am currently fighting with very large companies who say they support Linux, but in actuality they have only half heartedly decided to support the OS. Even more so, they have decided that they support only one distribution and that if you cannot instantly get their software to run on your other distro, well then it just can't be done cost effectively.
Example? I was recently told that a particular 32 bit application from Cisco would only run on 32 bit Red Hat. Period. No way could it run on a 64 bit Red Hat let alone any other distribution their support people said. Well, after looking at some code and where the application was looking for libraries, a few work around links that did not require hacking original code and poof, proof of concept shows you can get said application to run on a 64 bit OS.
The problem are the business units. Those who do not understand Linux are beginning to make technical decisions that they have no business making. Essentially by BUs making decisions they are pitting Linux distributions against each other. It's just like that classic fight between Kirk and Spock in "Amok Time" (yeah yeah, I know...I'm a geek). The music kicks in and you have two Starfleet officers...best friends...being forced to fight each other.
In the back ground while that music is playing (dun-dun DA DA DA DA DA DAH DAH DAH DA dun-dun-dun-dun-dun) I'd offer that the community needs to do a better job of educating the business managers of our companies we work for and interact with daily. They are forgetting that Linux is the kernel. The distribution is the various packages wrapped around the kernel. Think of it like the warp engine. Even though the class of ship and purpose of the ship changes...it is still powered by the same warp engine.
Star Trek recently released a new movie that has proved to be immensely popular and has reignited interest in the space adventure. My hope is that somehow we can engineer a marketing campaign that not only ignites even more interest by the corporate world in the superiority of Linux and the community method, but passes along an understanding of what Linux is and what it can do. Windows did not dominate the world's IT infrastructure by being the better OS...it did it by effective marketing. Google wrote good, smart code...but they effectively marketed themselves. Watch how they will market Chrome. We need to do this with Linux.
Now before you claim "Damnit Kryptikos, I'm an engineer not a marketer!" just stop and think about it. It's our job as engineers and developers to guide the starship safely to destinations. We do that by telling the captain what the ship can and cannot do. It's the classic conversation between Scotty and Kirk: "Scotty, you're as good as your word." -- Kirk, "Aye sir, the more they overtech the plumbing, the easier it is to stop up the drain." We need to do a better job of marketing our OS (regardless of distribution...although like everyone I have my favorites) and keeping the business units from overteching. The overteching stops up the drain which then causes the end user to think the starship is not worth its weight.
Ultimately I think Linux will continue to grow and build muscle. It may be a while before IT shops change out all of the blue screens for the penguin, but with effective marketing and proof of concepts we'll have our little bird at lightspeed in the time it takes Linus to say "Make it so".
Cheers - Kryptikos
I use Debian extensively and Shorewall as my preferred firewall.
I have more than a couple dozen of these boxes in production, in a health care environment with thousands of rule sets.
Recently while working with a noob on setting up a new FW, I became aware that the 2.6.20+ kernels do not have bridging as a default. Ouch..
Using a Bridge firewall methodology, without bridging, becomes alot more difficult to set up and secure.
I really try to keep things as simple as possible, and now I am faced with a few not-so-desirable choices.
FYI I am a working manager, terribly understaffed, and in process of training unfamiliar, entry level staff on the hows and whys of Linux firewalls.
The workarounds provided by Tom Eastep look complete, however I have given em a go on a couple of "fit pc" boxes, but havent produced a working firewall yet. This looks fairly complex. I am not happy!.
Choices I see:
Build future firewalls with older versions of Debian, pre 2.6.20 kernels, and keep doing things the same way.
Follow the instructions provided by T. Eastep's regarding "workarounds" for Shorewall. (complex, easy to get it wrong, hard to know if it's wrong)
Put together a custom kernel *ugh*
Switch firewall software altogether (lost training investment)
Am I missing something obvious? Is there an appeal process to the Debian Gods?
I'm sure that the title is confusing to many. This article is meant to help users in a very specific workflow: administrators who have to frequently test applications as other users remotely. If that's not you, you probably won't get much use out of this posting.