System76 is far from the first company to offer pre-installed Linux computers to the public, but they’re probably the one who’s most serious about it.

On their homepage one can find a series of fairly stylish looking laptops and desktops powered by Ubuntu Linux. Even though I haven’t had my hands on any of these computers, just by judging by the specs and prices they seem to be a good alternative to other vendors. In contrast to other companies providing similar solutions, this company have really invested time and money into providing a nice and professional website, with features such as computer customization (much like Dell.com).

The question remains though; Is Linux ready to power the desktop of an average user? Two years ago, I’d definitely say no, but things have changed since then. With the recent desktop focus and improvements of both Fedora and Ubuntu, I’d say Linux is now ready for the desktop. In particular for the ‘average office/student user,’ where the tasks are limited to e-mail, web-browsing, word-processing and spreadsheet-editing.

Even though I have no intention of replacing my OS X-running laptop at this point, if I were to switch it away for something else, I would probably consider buying a Darter Ultra from System76.

Verdict: I agree with System76, Linux is now ready for the desktop, and I wish them the very best. Hopefully this is a company we will see more of in the future. When we need to buy more computers, System76 is likely be the supplier.

Once in a while it happens. You know what I’m talking about, that ‘wow’-experience when you try out some new software.

This happened to us a couple of weeks ago. We were looking for a way to keep track of the server utilization. We needed to find out the usage during peak hours, to determine if it was time to upgrade to new hardware or buy another server soon or not.

After a bunch of hours googling and searching the Gentoo forum (guys, we’re still friends, right?), I found a thread that discussed this exact problem. After looking through a couple of the applications listed, I found it. The answer to all my problems was spelled Cacti.

Cacti is simply a web-based SNMP-client that uses RRDTool to generate nice graphs. Sounds quite simple, right? Why am I so impressed and excited? Because Cacti is really SNMP made easy.

I’ve been looking at similar solutions before, but everything I found felt very Beta / “Hack it to make it work on your system.” Cacti on the other hand was really easy to install and configure. It probably took me about 10 minutes to configure it for my needs, and then another 10 minutes to get a local SNMP daemon to run (even though this is not necessary).

Cacti requires the following:
– Apache (might work with other webservers)
– PHP
– RRDTool
– MySQL
– A crontab-job

After configuring the database-settings for Cacti, you just add a crontab to execute a given PHP-page (poller.php) on a given interval (5 minutes), and you’re set. Now you can start adding your other SNMP-enabled devices to your Cacti page.

One of the demo-sites listed on Cacti.net

So let’s say you have this cool device that supports SNMP, but you don’t really feel like writing a custom template for the device. Well, just head over to the Cacti forum and search for the device. Chances are you’ll find that someone already wrote a template for the device. Take a look at the forum and you’ll find that people have written templates for all kinds of random stuff.

Things that we use Cacti to monitor:
– CPU usage
– Memory usage
– Network usage (both servers, routers and APs)
– Individual daemons (Apache, MySQL etc.)
– Laser printers (to monitor toner level)
– UPSes (with a plugin to get info from NUT)

Some of our graphs:

CPU Usage when PlayingWithWire.com got Slashdotted

Bandwidth status on one of our routers

The status of my HP Color LaserJet

It’s very convenient to just browse into Cacti to get a quick overview of your network/server utilization. In addition to that you can also select what specific time-span (daily, weekly, monthly etc.) you want to see. I love it.

If those things listed aren’t enough, just head over to the additional script-page where you find tons of other script for other purposes. By default, Cacti comes with templates for the most common SNMP-setups.

So did we need to upgrade our server? Nope, as it turned out, we were doing fine.

By the way, due to security reasons you might want to disable the guest account in cacti.

Update 1: As the Cacti Developer Tony Roman points out, regardless if you use Cactid or not, you will still need a crontab job. The article previously stated that if you use cactid, you won’t need a crontab job, which was wrong.

           

Over the last year I have run a server using the Linux flavor Gentoo. While most of the servers I deal with these days run FreeBSD (WireLoad’s servers included), I was curious about what speed I could get out of old hardware with Gentoo. Gentoo is a system built to make it easy to compile every little piece of software in the system with the biggest and baddest gcc flags imaginable for your particular hardware. In theory this should lead to a faster system.

The experience has been a bit of a mixed bag. There are things I really like about Gentoo: the package management, USE flags and the sophisticated dependencies system. But unfortunately the drawbacks are severe for a server setting.

The Good

The system is better than most Linux systems I have seen when it comes to general package management and installation. The emerge command is excellent. It makes it easy to update and install software together with the necessary dependencies. A well thought out system called USE flags complement this system well. Rather than having to tinker around with every program you compile, you can set some global USE flags. Most packages will take note and your system will be made into one harmonious whole of software agreeing with each other about what should be used and what should not.

The easiest way to describe the benefits of this is by comparison to a normal FreeBSD server and the installation process. Assume that you don’t have X11 and that you don’t want it. Now, you are installing PHP and you want to have support for graphical operations (image conversion, CAPTCHA generation, etc). So you find the make flags to do this and you add them to your make.conf. You hit ‘make install’. During the build process the ports system goes out to build the dependencies of your graphics library. The graphics library requires fonts. The fonts want a font manager. The font manager is by default configured for X11. Wait, X11? Suddenly, X11 becomes a dependency and you find yourself hitting Ctrl-C rapidly!

In Gentoo on the other hand you would have -x11 in your USE flags and everything would be cool. It’s a slick system.

Colorful Gentoo.

Gentoo also has an active community. As we have mentioned in this blog before, there is an excellent forum for Gentoo users. There are also little touches like how Gentoo uses colors by default, to improve clarity and to go easier on the eyes.

Disadvantages Expressed in Time

All of these things make it a pleasure to use Gentoo. I would love to use it for a desktop some day, should my Apple OS X machine fail me. But I really don’t see myself using Gentoo in a server setup again. Here’s why:

1. Gentoo is Time Consuming to Install
At least when I installed Gentoo there wasn’t really any installer. The documentation is excellent and describes exactly what you need to do, but it takes a while. In fact, it took me several hours to set up my first Gentoo system. And that was just the beginning.

2. Gentoo is Even More Time Consuming to Install
The strength of Gentoo is the compile everything mentality – at least that seems to be the main selling point. Unfortunately on my low-end test server it took about three days to compile even the base system with Apache, MySQL, Python and some other important software. My machine was working non stop compiling things during this time.

I understand that the latest recommendation is to not perform a so called ‘stage-1′ installation anymore. I would recommend following this suggestion. But then what happens to the compile everything advantage?

3. Gentoo’s Stability Strategy: Update Everything
Since it takes a long time to compile a program, you usually don’t want to have to do it too often. Unfortunately Gentoo encourages you to update software on a frequent basis, just for the sake of updating.

There is no ‘stable’ version of Gentoo. Gentoo is rather a moving target where emerge will forever cause your system to approach the cutting edge. From the Gentoo handbook:

From the beginning, Gentoo was designed around the concept of fast, incremental updates.

If all you’re concerned with is keeping your web server up, what you usually want to do is to set up a stable system and then forget about it. You install security updates as needed but that’s it. With Gentoo, this isn’t really feasible because there is no ‘stable’ Gentoo release.

What’s worse, there will on occasion be a sort of ‘system update’. This is called a new ‘profile’. The Gentoo documentation and the handbook will at this time encourage you to update to this new profile. A profile update will try to replace your basic system. If you are a system administrator, rather than a desktop user, this should be enough to scare the living daylights out of you!

A profile update will touch a very large number of configuration files, and it may even alter your startup process. Obviously this is not something you want to do to any server. It would be very difficult to verify that everything works as it used to afterwards, and you’d be fairly likely to end up with broken configuration files that may stop working the next time you reboot. This is in fact exactly what happened to me, despite a substantial time spent updating /etc files. The end result: the machine had to be resuscitated on-site with associated downtime.

For a more sensitive server than my test system, you’ll want to simply retire the system whenever a new profile comes out. Just start over fresh with a new Gentoo installation on an alternate machine and go through the setup process. This way you can be fairly sure it’ll work even after a reboot. Once you’ve verified that everything works, switch to the new system.

4. Gentoo’s Security Strategy: Update Everything
As you might be aware, FreeBSD has a nice little program called portaudit. This utility will alert you if you have any software installed with known security holes. Then you can go ahead and update that software with a simple ‘portupgrade‘ command. There’s rarely any problem with this process.

Now, Gentoo also has something like portupgrade. What it doesn’t have is portaudit.

In all fairness, Gentoo has an experimental command called ‘glsa-check’. This command automatically examines whether your system is affected by vulnerabilities described in Gentoo issued security advisories. It also knows what steps need to be taken to fix a given security issue. I really like this development, but I understand that this command is not considered production ready. The Gentoo manual page about it is filled with warnings that this is a tool under development.

In the meantime, Gentoo rather encourages you to update the whole system. And of course a system wide update tends to cause just the amount of havoc you would expect from it.

Gentoo too Time Consuming and too Risky for Servers

I firmly believe in updating server software only when you need to. If you don’t need new features, and things are working, why change anything? If you update anything you will doubtlessly need to update configuration files. You will need to fix things that break in the upgrade process. This is exactly what happened to me with Gentoo during its test year. I had nearly no idea of what I was updating as I ran the dreaded but most needed “emerge world” update. And once I was done I still no idea. I spent a long time working my way through updates in the /etc folder, using the built in ‘etc-update’ command. I tried to read the enormous emerge log file and take appropriate actions. And still things broke.

The best way to keep a system stable is to get it working and then not changing anything. This is hard with Gentoo. Gentoo wants you to change a lot of stuff. It wants to be bleeding edge.

And hence my conclusion. Gentoo is fun to play with, but oh is it time consuming. I guess that’s the cost of living with a hardcore compile everything attitude – you’ll be on the bleeding edge and you better make sure you can balance on such a thin edge. For a desktop system, Gentoo seems fabulous. Fun to work with, colorful, a beautiful ports like system for software. USE flags.

But for a server, especially a production server, Gentoo just isn’t time effective. It’s both the time it takes to put in security updates, and the time possible reinstalls will take. I believe there were three profile updates for Gentoo in 2006, and very little support for older profiles. If you’re like me you’d probably much rather not reinstall your servers three times a year!

In closing I want to quote something Gentoo told me recently:

* An update to portage is available. It is _highly_ recommended
* that you update portage now, before any other packages are updated.
* Please run ‘emerge portage’ and then update ALL of your
* configuration files.

Call me stressed out but I really can’t fit too many ‘update ALL of your configuration files’ into my schedule. :)

         

(Warning. This is a quite complex article that requires fairly sophisticated sysadmin/unix-skills. If you don’t have this, this article will probably make you really confused.)

Often when working for small companies, the IT-budget is very limited. Therefore you can probably forget about those awesome gadgets you drawl over in the sysadmin-magazines. Well, I’ve been working like this for years. Running Linux or a similar open source operating system on the servers is a good start in cutting costs, but there’s more you can do.

One of the companies I work for is located on the other side of the world (literally), which makes it hard to access the servers physically. SSH works fine most of the time, but what happens when you have a network error? Maybe the server fails to boot up properly after a power-failure, or maybe you messed up the network-settings and locked yourself out.

If you’re on an unlimited budget this is not a big problem. Then you just order one of these fancy $7,000 IP-KVM switches and this problem is long gone. But what do you do if you don’t have that money to spend on such equipment?

Here’s two different solutions that will work (almost) as good as an IP-KVM, but it takes a bit more work for you as a sysadmin. Remember, all these solution are based on the assumption that you only have Unix/Linux servers in your farm.

Option 1 – If you can afford spending $250-$350 per server.

There is a really nifty product available that is called PC Weasel. This product looks like a graphic card (PCI or ISA), but with a keyboard connector on the outside, and instead of a VGA-connector you’ll find an RS-232 (serial) port. So what this product does it that it emulates a graphic card, but spits out all the graphics to an RS-232.

What this enables you to do is to hook up a null-modem to either a computer or an RS-232-server (such as the ones available here (note that some of the RS-232-servers have SSH-support, making it almost identical to a real IP-KVM-system)). With this all hooked up, you can simply just connect to the serial-port on a different computer and you would see the same as you would see on a regular monitor. You can even access the BIOS – which is the biggest advantage with this solution.

Option 2 – If you’re really on a tight budget.

This is what I ended up doing. I didn’t feel like paying the $350 or so per server, so I went for the budget solution – plain null-modems.

This solution will take you some more time to get running (if you’re not a hardcore unix/linux expert), but will cost you close to nothing. Once again, this will only work in a unix/linux environment.

The trick here is that we will be using the Linux-kernel’s (or BSD-kernel) serial-console feature to output to a null-modem. It’s not that complicated, but I’m not going to go into details in this post. You simply compile the serial-console module into your kernel, add some settings to your bootloader and your inittab and you’re set.

You can either do this between two servers (and take a chance that they won’t break at the same time), or you can dedicate an old box to be your RS-232-server. You can then just SSH into the box that is receiving the signal and use minicom to control the other box. Note that the big disadvantage with this solution is that you cannot control the servers on BIOS-level. However, it costs you close to nothing, and it will give you more control over the server than with regular SSH.

For further research I’d recommend the following sources:

Linux Serial Consoles for Servers and Clusters
Remote Serial Console HOWTO

Happy Hacking!

A while back Viktor had to make a server redirect from http://domain.com to http://www.domain.com. He experienced some issues because of his lack of control over the server which he wrote about here.

Also the other day we featured an article about the importance of having a unified URL. Since

http://www.domain.com/article.html

looks different than

http://domain.com/article.html

to del.icio.us and similar services, you might not get all that nice attention you deserve. In our article we suggested using Cuzimatter to alleviate the problem. We also linked to a suggestion by Pronet Advertising’s URL’s matter. This article mentions that redirecting everyone to the same URL, if possible, is useful too.

We already use our own solution, Cuzimatter to promote unified links to our articles. But today as you might have noticed, we have also added the other solution: any address on http://playingwithwire.com now redirects to http://www.playingwithwire.com.

Luckily, we have a little bit more control over our own server than Viktor did when he was working with this earlier. So on Playing With Wire, the redirect is as simple as it gets. We use Apache 2 as our web server. Our httpd.conf used to look something like this:

<virtualhost>
  ServerName playingwithwire.com
  ServerAlias www.playingwithwire.com

All we had to do was to change this a little bit. (Note that the Redirect pemanent thing should be just one line including the http://… part.) Here’s the modified configuration:

<virtualhost>       
  Servername playingwithwire.com
  Redirect permanent / http://www.playingwithwire.com/
</virtualhost>

<virtualhost>
  ServerName www.playingwithwire.com
  ...

All done! Works for every page on the site and does not require slow .htaccess files or complicated mod rewrite rules.

  Digg This   Reddit!   Add to del.icio.us   Blink This   Plug This