systemd is a system and service manager for Linux.It is (retro) compatible with systemV and LSB init scripts. It is relatively new but has been widely accepted by major Linux distributions.

Frankly, at first,  I did not like it,  I saw it too complex, bulky and don’t see any shell script on the service management, but remembering the wisdom of  Master Foo Discourses on the Two Paths, i give it one opportunity and I just fell in love.

I’ll outline a few things that I find awesome about systemd, In no particular order:

1.- It don’t use Shell scripts

Ok it is not clear but systemd is faster and scale better in bootup, when we use scripts they call many times commands like grep, awk, cd, ls and others, so this execution is slow (but easy to hack).

2.-Use the units concept

One unit is a file than encodes information about a service (.service),a mount point (.mount),a device(.device), a socket (.socket), a timer (.timer) and other abstract entities, we can enable, disable, start, stop , restart, mask units. See   man systemd.unit for details.

$ sudo systemctl start unit
$ sudo systemctl stop unit
$ sudo systemctl enable unit
$ sudo systemctl disable unit

3.- We can check the system state

Just with this commands:

$ systemctl status

and list running and failed units

$ systemctl list-units
$ systemctl --failed

4.- It is hotplug capable

systemd assumes that all resources may appear and dissapear at any time, this is one of the reasons because systemd depends of dbus but right now, our systems become dynamic systems with lowest downtime when adding or removing hardware.

5.- It is modular

All of what is now rc.sysinit is split out into many independent services, each of which is well documented and easy to understand.

6.- Can deploy containers with systemd-nspawn

I talk about it in this post.

7.- The systemd timers

Timers have built-in support for calendar time events, monotonic time events, and can be run asynchronously.Timers Timers can be used as an alternative to CRON and “at command”  but timers have a more complex syntax than crontab entries but our duty as sysadmins is learn it.

8.- systemd is a cross-distro project

Every major and many, many minor distros have had people contributing to systemd, it is the default in Debian 8, Fedora, OpenSuse, Ubuntu (Leaving Upstart for systemd) and many many others distros use systemd.

9.- systemd do power management

You can poweroff, restart, suspend or hibernate using systemd. (for unprivileged users you need polkit)

$ sudo systemctl poweroff
$ sudo systemctl reboot
$ sudo systemctl suspend
$ sudo systemctl hibernate

10.- Have a build-in logging system

systemd has its own logging system called the journal; therefore, running a syslog daemon is no longer required. To read the log, use:

# journalctl

The systemd journal event notification message logging classification corresponds to classical BSD syslog protocol style (RFC 5424).

For more information about systemd:

Cheers!!!

With the System Administrator Appreciation Day soon and my heart broken because the people say:

“The SysAdmin day is so cool but we haven’t one SysAdmin, right?”

“We don’t have problems with Voip/Servers/Computer stuff, this thinks never fail”

“Don’t go to the Site!!! Something lives there and is Deadly (and/or too sexy)

The people do this comments and others with you are a good SysAdmin or in my case people can’t see me cause i’m a ninja. So here are some bits of system administration:

Performing Backups:

Performing backups is perhaps the most important job of the SysAdmin, Backups are boring and time consuming but absolutely necessary so we have a lot of tools like:

  • rsync, git-annex or the powerful taskd for file synchronization.
  • duplicity, btar, dar and the legendary dump for incremental backups (chunk and file incremental).
  • Bacula, BackupPC and burp for Network, distributed and hardcore backups (i love bacula).

Although this tools can automate the backup process, still is the sysadmin’s job to make sure that backups are executed correctly and on schedule.

Maintaining systems documentation:

Commonly a system is changed in order to fit organization’s needs, so our job is track and document the changes from the vanilla-plain version of the system, also backup and guard this documentation is our job, keep update this documentation can be the difference in a critical time (by example: when we need request support). This is a small (and incomplete) list of important documentation:

  • Hardware documentation (warranty, support phones, owner’s manual, physical location, etc)
  • Software documentation (warranty, support phones, owner’s manual, local change logs, etc)
  • Network (equipment, scripts, cabling, configurations, etc)
  • Record of backup status (files, software, databases, etc)
  • Local procedures and policies.

Installing and upgrade software

This is one of those things for which we need to have cold blood, Every software, every patch, every update should be staged for testing before being deployed.

So many times we receive news above vulnerabilities, critical upgrades or simple bugfixes for our software versions but never upgrade or patch software in production system before test it, no matter how critical is this upgrade patch, It has more value for organizations running a vulnerable system than one aren’t working, it is a calculated risk. (exception: the system is already down and this upgrade solve the problem)

As patches and security updates are released they must be incorporated smoothly in the production systems.

When apply upgrades or patches always do:

  • Out of production hours.
  • Have a rollback plan in case of failure
  • Document day, hour, person in charge, and reason of the upgrade.

Account provisioning

The process of adding and remove users can be automated, but certain administrative decisions must still be made before a user can be added or removed, by example:

  • Follow the principle of least privilege when adding new accounts.
  • Backup files from users before deleting their accounts.
  • On vacations disable user’s account.
  • Be patient with the “Forgotten passwords”

Adding and removing hardware

From the simple task of add a printer to the complex job of adding a disk array, the hardware support is a very important activity of the system administrator. like a software updates we always need very careful and have a rollback plan. it is vast and complex topic, so I’m only give you one advice about it:

Always be aware of end-of-life of your hardware (the time when the provider stop maintain and produce parts for your hardware), before you need planning about get some parts or (better) update the hardware.
if you did not prepare, pray is a good option.

Monitoring the system

I have two favorite protocols “Internet Protocol Control Protocol” and “Simple Network Management Protocol”, the first because every time i say it the people laughs, the second because It makes my life easier, from the single cacty to the mosnters Nagios and OpenNMS, we can track many indicators such:

  • Network traffic.
  • CPU Load
  • Disk usage
  • many others.

Now more than ever,  we have an arsenal of tools to check our system status, an example that I love is systemd because:

  • Is the default init system for the major distributions of GNU/Linux.
  • Can show the general services status of the system : systemctl status or systemctl --failed
  • Can generate containers with systemd-nspaw.
  • Can schedule jobs with systemd-timers. (A cron alternative)

for one really good explanations of why use systemd check the Lennart’s blog (one of the creators of systemd).

Another very good tool is use dmidecode command to get information about the hardware status, useful if your servers are in Far Far Away kingdom and you can’t physically check hardware alarms (you know, the scariest blinding leds).

Vigilantly monitoring security

In these dark times always do routine checkups:

  • Check password strength with John the Ripper
  • Check open ports with nmap
  • Review any changes on config files (You can create a git repository on the /etc directory you can check changes and backup then at the same time).
  • Implement a IDS or IPS (Coff Coff Nagios is open source great idea)
  • Subscribe to SysAdmin and Security Newsletters like SANS,LWN, securityfocus, etc.
  • Check the industry best practices and adopt those that meet the requirements of your organization.

The security is one complex and holistic thing but all SysAdmin must know the basics.

Four general tips more

  1. I talk a lot about planning, beside of the IT certifications, if you have knowledge about project management not only you will boost your career, you will be best SysAdmin, consider a PMI certification.
  2. Adopt and contribute to one open source project, if you use a open source tool daily you can suggest and do improvements, remember nobody knows a software piece more than their developers. (suggestions: systemd, drill, ovirt,docker,etc).
  3. Master containers (Docker, sistemd-nspawn), in few years this knowledge will be indispensable.
  4. Embrace DevOps, today’s organizations are seeking talent who can design, develop and deploy software for production environment. We are (the SysAdmins) the best options, how many python/perl/bash scripts we wrote and test in our daily job? We are good programmers than also known how to deploy and maintain this software up and running.

So…

Happy System Administrator Appreciation Day !!!

cheers!

Hi Everybody!!

As Linux users we have a native virtualization solution -like MS windows have hiper-v-  KVM.

KVM (kernel based virtualization) is a kernel module takes advantage of the x86 processors virtualization extensions like Intel VT-x and  AMD-V, so let’s go:

Requirements:

  • a 64-bit x86 machine with hardware virtualization assistance (Intel VT-X or AMD-V).
  • 4GB RAM (8 GB or more if you want to run more than 2 virtual machines at same time)
  • One ISO file of your favorite OS.

Step Zero:

Enable Intel VT-x or AMD-V Virtualization in BIOS/UEFI, this depends of your hardware but to enable the extensions, you might have to go into the system’s BIOS/UEFI setup configuration at boot time.

Step One:

Install KVM and virtualization tools:

$ sudo dnf install @virtualization virt-install virt-viewer libvirt-daemon-config-network

$ sudo systemctl enable libvirtd

$ sudo systemctl start libvirtd

Check that libvirtd is running:

$ sudo systemctl status libvirtd 

this will be up and running.

Optional but recommend step:

Add your normal user to libvirtd group, please change YOURUSER for your username

$ sudo usermod -a -G libvirt YOURUSER

Step Two:

Create and configure virtual machine:

For this we have two options: Command line and GUI, in order to show both examples i will create two separate virtual machines: Fedora Server 24 (Command line) and Ubuntu Server16.04.

Command Line:

To setup a virtual machine named FedoraServer24 with 2GB ram, 2 VCPUS, 20GB in hard disk in format qcow2 (Compatible with OpenStack)

$ cp Fedora-Server-dvd-x86_64-24-1.2.iso /tmp/
$ sudo virt-install --name FedoraServer24 --ram 2048 --vcpus 2 --disk size=20,format=qcow2 --cdrom /tmp/Fedora-Server-dvd-x86_64-24-1.2.iso --virt-type kvm --os-variant fedora-unknown --graphics spice

You can list the supported os variants with:

$ osinfo-query os

or simply use ‘auto’ keyword for auto detection.

At this moment you will continue the normal installation of Fedora Server

Screenshot from 2016-07-12 15-52-45Screenshot from 2016-07-12 16-05-54

virt-manager GUI

Is too easy, open virtual machine manager,it looks like:

Screenshot from 2016-07-12 16-42-15Screenshot from 2016-07-12 16-47-07Screenshot from 2016-07-12 17-03-07Screenshot from 2016-07-12 17-04-07

After :

  1. click on “Create new virtual machine”
  2. install local media (ISO image or cdrom)
  3. Select iso image and Browse it (Ubuntu server 16.04 in this time)
  4. Setup RAM, virtual Hard disk , vcpus and Name of the Virtual Machine.

At this moment you will continue the normal installation of Ubuntu Server.

Step Three:

Connect and working with the virtual machines:

Command line:

List virtual machines:

$ sudo sudo virsh list --all

Start, pause, shutdown virtual machines

$ virsh --connect qemu:///system start FedoraServer24

$ virsh --connect qemu:///system suspend FedoraServer24

$ virsh --connect qemu:///system shutdown FedoraServer24

View and work in the virtual machine

$ virt-viewer --connect qemu:///system  FedoraServer24

virt-manager GUI

The available virtual machines are listed on the gui, to run or stop, right click over the desired virtual machine. for work in any particular virtual machine click open.

Step Four:

KVM/libvirt Networking: The default network configuration is for the VM to share the host system’s network connection(s) and IP address using network address translation (NAT). This is the easiest to manage and will be fine for many uses. Using NAT, the VM will be able to access resources on your network or the Internet. However services, such as a web server, running inside the VM won’t be directly accessible from outside of the VM.

For default all virtual machines are in the same LAN and it can communicate each other one another:

Screenshot from 2016-07-12 18-11-41

Networking, both physical and virtual, is a large topic beyond the scope of this post. For more information see your system’s documentation.

Gnome Boxes

Boxes is a GNOME application (It comes by default since Fedora 23) that is used to create, manage, and run virtual machines. One amazing feature is it can easily import and run KVM virtual machines.

for this:

  1. Open Boxes
  2. Click on New
  3. Click on “Import Boxes from system broker”
  4. And finally, Click on “Create”

Screenshot from 2016-07-12 18-28-26Screenshot from 2016-07-12 18-32-11

And now you can run the same virtual machines from Gnome Boxes.

Cheers!!

 

Hello everybody,

I usually use docker or systemd-nspawn for do container stuff, both are so good, but this time we will use systemd-nspawn because it can generate a x86 environment on x86_64 architectures. This feature is important to run some programs packet on dot deb format and/or  are available only in  x86 architecture.

Now install and setup systemd- nspawn, we will create a Debian GNU/Linux based container:

$ sudo dnf -y install systemd-container debootstrap
$ mkdir debian
$ sudo debootstrap --arch=i386 testing ./debian

Some time later… configure debian container root password,

$ sudo systemd-nspawn --directory=./debian passwd

<username> will be replaced with the user name as you wish

$ sudo systemd-nspawn --directory=./debian useradd <username>
$ sudo systemd-nspawn -D ./debian apt-get update
$ sudo systemd-nspawn -D ./debian apt-get install default-jre ssh iceweasel

Booting container,logging as root and install iceweasel. Note: you need to replace ~/Downloads with the directory path where you downloaded your “program of interest”.

$ sudo systemd-nspawn -bD ./debian --bind ~/Downloads:/mnt:rbind 

Now we are inside the ontainer:

test@debian~$ export DISPLAY=:0 && iceweasel

Screenshot from 2016-07-10 10-30-03
To exit use shutdown the container as a normal debian system or kill holding Ctrl and rapidly press ] three times

As Cultural breviary, iceweasel is now firefox again, see the old notice here.

Right now I’m working in the first edition of my podcast ”El Andariego” about a wide range of topics like GNU/Linux, DevOps, Linux User Group of UAM-AZC, VoIP, Big Data, etc.

This idea is possible by the following software:

  • Fedora 24
  • Audacity 2.1.2
  • LibreOffice (scripts)

Screenshot from 2016-07-07 11-20-00

Hardware:

  • Lenovo ThinkPad T440s
  • Mico Desktop microphone (from China)
  • Marshall Headphones Model: Major (Also from China)

DSC00679

and:

  • coffee (from “la tamalera” of the street corner)
  • Pockys (from Thailand)
  • Me (From México)

Hello everybody,

The cisco packettracer 6.3 is available for GNU/Linux under the next requirements:

  • x86 libraries.
  • nss and ssl libraries.
  • QT4 script-tools, WebKit  and QT3 backward support.
  • (Optional ) Cisco NetSpace account.

We need install x86 libraries (32 bits) if our system is x86_64 (64bits) as follows:

$ sudo dnf install zlib-devel.i686 ncurses-devel.i686 gtk2.i686 glibc.i686 glibc-devel.i686 \\
 libstdc++.i686 libX11-devel.i686 libXrender.i686 libXrandr.i686 libusb.i686 libXtst.i686 nss.i686 \\
 qt.i686 qtwebkit.i686
$ wget  http://www.deltaeridani.com/openssl-lib-compat-1.0.0i-1.fc24.i686.rpm
$ sudo rpm -Uvh openssl-lib-compat-1.0.0i-1.fc24.i686.rpm

Cisco Packet Tracer 6.3 will be downloaded from Cisco Networking Academy Portal or in another places on internet, only ask to google for “PacketTracer63_linux.tar.gz”,

$ tar -xzf PacketTracer63_linux.tar.gz && cd PacketTracer63
$ chmod +x install
$ sudo ./install

After accept the EULA, the installation begins, we need set the environment variables with the next command:

$ sudo /opt/pt/set_ptenv.sh

At this point packettracer is ready to use but another useful thing to do is create a desktop Cisco Packet Tracer icon to launch it, first download the icon:

$ wget http://upload.wikimedia.org/wikipedia/en/d/dc/Cisco_Packet_Tracer_Icon.png
$ sudo mv Cisco_Packet_Tracer_Icon.png /usr/share/icons/

With our favorite plain text editor we will create the file /usr/share/applications/packettracer.desktop as follows:

[Desktop Entry]
Encoding=UTF-8
Name= PacketTracer 6.3
Comment=Networking Cisco
GenericName=Cisco PacketTracer 6
Type=Application
Exec=/opt/pt/packettracer
Icon=/usr/share/icons/Cisco_Packet_Tracer_Icon.png
Categories=Education;
StartupNotify=true

Now we will run Cisco Packet Tracer 6.3 from our Desktop:

Screenshot from 2016-07-07 10-15-24Screenshot from 2016-07-07 10-21-57

 

I am Alberto Rodríguez Sánchez, Computer Engineer with SysAdmin and DevOps Voip experience but Data Scientist dreams and in the middle of Master degree in optimization.

This mix of skills, knowledge and studies really don’t make any sense but is funny and enjoyable.

This blog show my (mixed) interest (except my deep fascination in female beauty) with focus in GNU/Linux, Voip and Data Science, possibly some optimization topics.

Many thanks for reading and please follow in my social networks. cheers!!!

Bienvenido amable lector, gracias por acompañarme en este mi segundo proyecto de blog, el primero tuvo lugar en la increíble y extinta mononeurona.org , tristemente no he podido recuperar ninguno de los post de aquellos ayeres, aunque también mis intereses han cambiado un poco, he viajado otro poco y he trabajado mucho, entonces este nueva etapa de blogging sera diferente a la anterior en muchos sentidos, las entradas personales, de poesía, de recetas y políticas serán en mi lengua madre, las entradas técnicas serán en ingles preferentemente y si el tiempo no apremia, ofreceré a ustedes la versión en español.

Inicio también un modesto proyecto de podcasting, la intensión es ser complemento a las entradas y estar dirigido a publico diferente.

saludos amigos