Jan-Piet Mens

Peter Fäßler hat zwei Texte zum Einlesen in die Materie. Ausdrucken! (aber ODI in OID ändern )

FreeNAS is an open-source (BSD license) NAS server supporting: CIFS (Samba), FTP, NFS, and RSYNC protocols, local user authentication, and software RAID (0,1,5) with a Full WEB configuration interface which even allows backup of the configuration as an XML file (quite cool).

Download FreeNAS or simply pick a ready-to-run VMware appliance with a pre-installed version 0.65 of FreeNAS.

I need to be able to use the SASL EXTERNAL mechanism to bind to my LDAP directory server from a number of Perl programs (I've already written a bit about this mechanism before).

After installing packages perl-Digest-HMAC, perl-Digest-SHA1 and perl-Net-SSLeay on Centos 4.3 with yum, I downloaded Authen-SASL from CPAN and ran the typical perl Makefile.PL; make; make test; make install, answering No to the question regarding auto-install of GSSAPI.

If you need to install the Perl modules manually, you'll need at least the Digest-SHA1, Digest-HMAC, Net_SSLeay, IO-Socket-SSL, and Authen-SASL modules installed.

The rest is quite easy:

#!/usr/bin/perl

use strict;
use Net::LDAPS;
use Authen::SASL qw(Perl);

# LDAP connection to server.
my $sasl = Authen::SASL->new('EXTERNAL');
my $ldap = Net::LDAPS->new('localhost',
    port => 636,
    onerror => 'die',
   debug => 0,
   clientcert => "dadmin.crt",
   clientkey => "dadmin.key",
   verify => 'require',
   cafile => "ca.pem")  or die $!;

my $dn = 'dc=example,dc=com';
my $msg = $ldap->bind( $dn,
       sasl => $sasl, version => 3 );

$msg->code && bail(2, "Can't bind to directory: " . $msg->error);

The client certificate and key are in the PEM formatted files crt and key respectively, and the root certificate is in ca.pem

Thank you all for your phone calls, emails and even blog entries!

Vitello Tonato is a strange sounding dish: chilled veal in a tuna fish sauce. It is excellent, though.

Take a lean piece of veal cut from the rump (about 3/4 kg) and add a bayleaf and some rosemary to it. Wrap it firmly in a cloth and let it cook gently for an hour and a half in water and the same amount of white wine into which you add an onion, two carrots and bit of parsely. Let the veal cool off in the pot.

Just before serving, take two tins of tuna fish, some mayonnaise (preferably made from an egg and olive oil), four anchovies and a spoonfull of capers. Blend all those ingredients to a fine sauce, adding some olive oil if required.

Slice the cold veal as thinly as possible and arrange on a platter. Cover lightly with the tuna sauce and decorate with a sprinkling of capers. Serve with white bread.

According to this posting on the CW Notizblog, 41% of all corporate users utilize the same password for all applications and Internet sign-ons, whereas only 14% use differing passwords.

Although we attempt to create a corporate single-password (which is not the same as a single-signon) environment, I do very strongly recommend to use very different passwords for all Internet applications. Whether they are web-mail, Amazon shopping or what have you: don't use the same password everywhere!

Imagine an Internet cafe being able to grab your password; they'd soon be able to access any of your online sites (after having found them of course).

I was pleased to receive a complimentary copy of James Turnbull's book Pro Nagios 2.0 (Apress). We use quite a bit of Nagios, and I'm always in search of new ideas.

On 360 odd pages, the author discusses Nagios in quite some detail. From installation of Nagios, through object configuration, Turnbull brings the ins and outs of Nagios to the reader. Security and administration, the web console and, of course, monitoring of hosts and services make up a good chunk of the book. I specially liked the discussion of monitoring through firewalls; there are some very interesting solutions there, that I hadn't thought about.

Turnbull discusses SNMP and a number of additional programs that are useful in conjunction with Nagios (also for Windows systems). In the chapter Advanced Commands, performance data is discussed together with methods of graphing that data; interesting: I must look into that…

Chapter seven discusses dependencies and notification escalations in such a way as that the reader can actually grasp the difficult topic.

What I liked best was chapter eight: Distributed Monitoring, Redundancy and Failover which goes into the very nitty gritty of getting Nagios to perform even in a disaster case and large installations with multiple Nagios hosts using NSCA. Having had some experience in that area, I read that most carefully.

In the next chapter, the book discusses integration with syslog-ng, as well as with MRTG and other interesting programs. Developing Nagios plugins and a short discussion of the Nagios Event Broker round off the offerings.

Sundry examples and good tips are given throughout all chapters. The only thing I don't like is that the downloadable source which accompanies the book is full of carriage returns in the files (the author appears to have prepared those on Windows). Apart from that small issue, I strongly recommend this nicely bound and set book to any systems administrator; both those who already use Nagios and especially of course, to those who intend to deploy Nagios. Get a taste of this book by reading Chapter 2: Basic Object Configuration (PDF).

I wonder if the next edition of the book (if there is one) will add some blinking lights to Nagios?

Update: BTW, O'Reilly have also announced a book on Nagios.

There are currently 70 odd appliances available for download on VMware's Virtual Appliances site.

The countdown for the Ultimate Virtual Appliance Challenge ends in one day and seven hours (depending of course in which timezone you are located). I'm relaxed at the moment, because we've already submitted our mega applicance, which is in fact, an appliance called miniDAD located within an appliance called DAD.

Submission was exciting. Shovelling one and a half gigs around the place isn't easy at the best of times, but we got it there in one piece. Not being very confident about VMware's "it has been verified" status, I sent them a mail asking for an MD5 sum of the file. VMware's John Troyer was kind enough to go to the extra work of getting it for me, and it really does verify.

Now it is time to lean back and cross my fingers. Help me with the finger crossing, will you?