LCA2013 Sysadmin Miniconf Presentations
Below is a list of presentations accepted for the LCA 2013 Sysadmin Miniconf. The speaking schedule is still in development and subject to change (until the day of the Miniconf!), but all these presentations are confirmed (apart from any last minute issues causing them to be withdrawn.)
The CFP for 2013 is now closed.
(Links sorted by presentation title; Abstracts below are sorted by first name of presenter.)
- Another look at scaling monitoring - Devdas Bhagat
- blkreplay: Experiences with Commercial vs OpenSource Storage Systems - Thomas Schöbel-Theuer
- Communicating with third parties - Julien Goodwin
- Configuration Management with Ansible - Daniel Hall
- CWDM: Coarse Wave Division Multiplexing - Glen Turner
- The Finer Art of Being a Senior Sysadmin - Sheeri Cabral
- Seven Ways to Crash Your PostgreSQL Server - Josh Berkus
- How OSS technology to help UTS:IT to build a virtualized networking lab - Li Bing Chen and James Lucas
- Linux in Defence - Jamie Birse
- Making SNMP work, despite vendors best efforts - Nick Clifford
- Operating in an Ephemeral World - Steven Ellis
- OzLabs.org: Administering a system for "smart people" - Martin Schwenke and Stephen Rothwell
- Samba 4.0 - Andrew Bartlett
- Securing Linux with SELinux - Sander van Vugt
- Syzix: heading off the beaten $PATH - Kevin Pulo
- Zombie pancakes: rebooting Flapjack - Lindsay Holmwood
(Sorted by first name of presenter.)
By the time of linux.conf.au, it is hoped that Samba 4.0 will be released. The RC1 release was released on 13 Sep 2012, and an increasing number of users have deployed Samba 4.0 in production.
Andrew will talk about their experiences, the challenges that remain and the way forward for Samba 4.0 as we move on to new developments.
The configuration management movement is getting more and more mature. This has the unfortunate side effect of causing the tools we use to manage machines to get more and more complex. This is beginning to make bootstrapping a new environment more and more complex.
Ansible is a new configuration management tool that is designed to be simple, and thus provide greater power. Written in Python and reusing tools you probably already have set up such as SSH it aims to simplify config management, deployment tasks and ad hoc changes.
The talk consists of a short explanation of Ansible, followed by a live demo of me configuring a machine from scratch.
While monitoring has always been an interesting topic in operations land, we don't have a very coherent story to tell when it comes to implementation.
A lot of monitoring has been focused on auto-discovery, alerting, ease-of-use and graphing, without looking at what the operations teams actually need. A small organisation with few hosts has very different needs from an organisation with multiple teams dealing with various sub-parts of the infrastructure, yet the solutions offered are the same.
This talk will explore what is available today for various monitoring solutions, where they fail (and why). We will take a look at alternative options, and where they fit into the monitoring ecosystem.
Hopefully, attendees will have an idea of what solutions exist other than the well known ones, and where the good ones succeed and where they fail.
Devdas is a sysadmin working for booking.com in Amsterdam, with over a decade of operations experience. He has worked as a sysadmin, a developer, a DBA and dabbled in network engineering. He has spoken at the sysadmin and database miniconferences at LCA before, as well as at various other Linux and networking conferences.
Wave Division Multiplexing was once a highly specialised technology known only to the transmission engineers of national networks. Its cheap cousin, Coarse Wave Division Multiplexing, has fallen in price to be a competitor to ethernet switching and is a technology which system administrators should now have in their toolkit of networking technologies. This presentation explains the basics -- how it works, when to use it, and the new tools and skills you need.
The Jindalee Operational Radar Network (JORN) project arose out of research undertaken by the Defence Science and Technology Organisation (DSTO) into over-the horizon radar (OTHR) from the early 1970’s. This presentation examines the transition of JORN operational, development and research systems from VMS and Tru64 to Linux (Red Hat 7.1, RHEL4/5/6 and clones of Red Hat). The extent of how a SOE can encompass the 4 major Red Hat versions are revealed.
Insights on how the support contractors maintain and deploy 1000+ Linux systems Australia-wide for operational, training, development and test environments are provided. Configuration Management (CM) is a core part of a defence project, providing a challenging experience, especially when two primary contractors are working on the same project.
Experience has demonstrated why administration is for users and systems are for engineers. Accounts of how engineering in the defence industry has driven one Linux user mad, but his passion for Linux programming has sustained and even multiplied (verify this with his family or maybe his ever expanding computer cluster!).
PostgreSQL is just so darned reliable it's never any fun. Well, no more! Josh Berkus will acquaint you with seven tried-and-true methods of crashing your server gleaned from his 12 years as a PostgreSQL consultant. Included will be tips on permanent data loss, scale fail, and making the server crash while you're away on vacation.
Many of us need to communicate with third parties in our jobs, whether it be an ISP hosting a business partner's mail filtering, or a large transit ISP between you and customers unable to talk to you.
Dealing with these interactions properly can save many round-trips off the interaction, often recovering from an incident in a few hours instead of days or weeks.
Syzix (syzix.org) is an experimental new system with a slightly crazy premise: every package is installed into its own separate location in the filesystem, and users and processes can dynamically change the packages and versions that they can see and use. It is currently targeted at advanced users and developers, and is under active development.
Syzix has evolved out of the site package management system used on the peak supercomputer systems at NCI (National Computational Infrastructure) at ANU. It is expected to be used on upcoming NCI compute systems, including the 00M, 57,000 core, Linux-based, petascale HPC facility (scheduled for January 2013), and the NCI cloud.
Syzix is similar in concept to GoboLinux and package management systems like GNU Stow. Multiple versions of the same package can be installed concurrently, and the filesystem is the package manager, where manually-installed software is first-class. Unlike GoboLinux, Syzix retains a traditional Unix filesystem layout for non-package files, eg. /home, /boot, /dev, /etc. By default, packages are installed into /sw/$repo/$arch/$pkgname/$version.
The difference in Syzix is that the packages available to a process are controlled by its environment - as opposed to symlinks (which affect all processes), or messing around with absolute paths (which is a pain). This idea shouldn't be a big surprise - it's just managing $PATH (and $LD_LIBRARY_PATH, $CPATH, etc), and is what it's always been designed for.
This makes Syzix a rather unique and interesting creature that can be difficult to characterise. It's both stable and unstable - installing bleeding-edge packages doesn't compromise system stability. A new version of a package can easily be installed and thoroughly tested before being made the default. Or the default can be updated straight away, and then rolled back if any breakage is noticed - perhaps only for some processes.
Since everything lives inside /sw, it can be installed alongside another distribution without partitioning or dual booting. This is great for taking Syzix for a test drive, or using it for certain packages while keeping your favourite existing distribution. Similarly, users can recompile packages into $HOME/sw, eg. on machines they don't manage.
The networking labs provided in UTS:IT give student practical hands-on learning experience, including routing, switching, security, wireless and VoIP.
These networking labs have some very specific requirements that differ from generic computer labs: student need to have full control over the OS and the physical wired and wireless networking cards to build up a test environment practicing their labs. All changes made to these shared lab machines also need to be reset to original state after each lab session finish to make it ready for the next student.
We developed a virtualized networking lab setup based on the Xen and GNU/Linux to meet these requirements, student can use Windows or GNU/Linux virtual guest machines (VM) images chosen from a login menu with full administrator/root privilege to do their labs, with optional session save/restore function. (i.e. each student can save their current lab session to be used/restored in next lab session).
In these talk we will show you how we build these virtualized networking labs by using various open source system and tools.
Flapjack made a splash in the monitoring world circa 2010 as an alternative to Nagios, but without consistent development it soon went dormant.
In 2012 the Flapjack project was rebooted and changed focus from check execution (which other modern monitoring tools like Sensu do excellently), to event processing, notifications, and detecting emergent behaviours.
Flapjack now sits on top of existing monitoring engines like Nagios and Sensu, and provides an API for configuration, scheduling maintenance, acknowledging failures, and querying entity history (conveniently wrapped in a client library).
Flapjack can notify via PagerDuty, XMPP, and email, and also supports receiving acknowledgements from PagerDuty + XMPP.
In this talk Lindsay Holmwood will take you on a whirlwind demonstration of Flapjack's features, and explain where the project is heading.
OzLabs is a group of Australian Linux and Free Software hackers. We share a hosted machine that runs Debian testing and hosts about 100 domains. Most of these domains are used for web server virtual hosts using Apache and email using Posfix. The machine also runs git, rsyncd, MySQL, PostgreSQL and all of the other usual services.
None of this is especially interesting, given that ISPs have machines hosting many more domains than this. However, our 20 or so users are smart people so we want these power users to be able to reconfigure services relating to their domains using their regular interactive shell from their own user accounts. They're smart but they aren't necessarily knowledgeable systems administrators so, while we give them enough rope to break things, we still manage to discourage them from doing many things as root. In addition, many of our users sponsor other virtual mail users, such as family members, who do not have interactive logins. We wanted to make it easy to provide a useful mail service for virtual users while still allowing power users to have complete control over their mail.
We will spend some time describing our overall system setup and some of the useful tools that are used. We will walk through some of our BIND, Apache and Dovecot configurations. Given time, we will delve into some details of our weird and wonderful Dovecot configuration that supports SPAM filtering for virtual users while leaving power users completely free to choose. We will also ask if anyone knows "a
better way"... ;-)
Much of our configuration makes simple but creative use of include files. However, we guess that some audience members will never have seen anything like this and will pick up a few interesting tips.
SNMP has been around for 20 years, but it has to be one of the most misunderstood of the common networking protocols. Whilst many vendors claim to support it, most don't actually fix it when it's broken, or even acknowledge it exists!
This is a brief history of SNMP, a quick side step to visit some of the competitors, and then diving into what SNMP is suppose to be, what some vendors do with it, and despite all of that, how you can use it to make your network and systems more reliable.
The following may appear in the presentation:
- Naming and shaming of vendors implementations
- How to work around broken implementations
- Why MIBs are both important, and meaningless
- How to do better SNMP monitoring with Nagios
- (My) best practices with SNMP trap handling.
SELinux implements kernel level security on Linux. It makes Linux really secure, but it's also something that is really difficult to understand. In this presentation you'll first learn why you really need SELinux. Following that, you'll learn how to configure it. The focus on this configuration is on configuring the policy. In the policy the rules are defined that you are going to use in SELinux to define what is allowed and what isn't. You'll work with the standard refpolicy and tune that to your needs. Once the policy is configured properly, you'll also learn about the most common management commands that are available to secure your session. Normally it would take at least a day to learn all this, but at the LCA Sysadmin Miniconf you'll learn how to do it in much less time.
The title Senior seems to be applied to anyone who has enough years of experience in a particular field, but the actual title means so much more than that. A senior sysadmin not only fights the battle against any guess, a problem of serial best practices and misguided troubleshooting, but understands how the underlying system works so when a problem arises they apply logic to the situation.
A senior system administrator is someone who encourages critical feedback, and has no problems with a good hearty disagreement. A true senior understands that the best technical solution is not always the right answer, depending on other factors, and can accept that without becoming a martyr for the cause.
If you want to know what really makes a Senior, this talk is for you.
As we go through the transition from traditional infrastructure to the ephemeral and abstracted world of public and private clouds, there may need to be a major shift in our traditional operational model. Are our current tools and processes ready for the dynamic and elastic world that the Cloud keeps promising us?
A number of Open Source projects are attempting to fill gaps in this space. Red Hat have been working towards their next generation operational tool called CloudForms, which is made up of a number of key Open Source sub projects including Aeolus and Katello.
Rather than focus from technology up, this session will focus on the capabilities they provide to our operational environments. We need to look at how they can be leveraged across a mix of traditional infrastructure, private virtualised or cloud environments through to the public cloud providers.
The blkreplay toolkit (see www.blkreplay.org) was developed by 1&1 Internet AG in order to reproduce natural loads, recorded via blktrace in our data centers. It automates large laboratory projects, e.g. benchmarking comparisons of a wide variety of storage hardware and its multi-dimensional parameter space.
Some of our loads recorded by blktrace contain the real-life load patterns of thousands of customers, served in parallel.
In the talk, we report some unusual experiences with the real-life behaviour of commerical storage systems under high load. We show that OpenSource based hard- and software systems can compete with that in many areas, provided that certain conditions are met.