Tuesday, December 31, 2013

Finding work

Finding work as a Linux Systems Administrator is an interesting thing, and can be very frustrating to say the least.

If you go to the various job postings, you'll see that a lot of employers appear to have copied and pasted from some other job listing(s), and are basically asking that you be able to do everything under the sun, and do it for cheap. This is frustrating for both job seekers and for Human Resource departments.

Here's what happens. You see a job listing that asks that you be expert in Windows, AIX, Solaris, Oracle, MySQL, Linux (usually a specific flavor and version), shell scripting, Python, perl, C, C++, Java, web development, Apache, postfix, puppet, clustering, cloud, cPanel, WebMin... You get the picture. They want somebody - not who is conversant with these things - but who is expert at these things. And not just some of them, but all of them.

I've had a long career in Systems Administration, starting with Windows and DOS, and finally deciding to focus entirely on Linux. So throughout my career, I've mastered some things on that list, become adequate on some of them, and some of them I learn about only because I'm reading a job requirement list and see them mentioned for the first time in my career. For many of these job postings, no single person on the planet could fill all the requirements, and certainly not at an expert level. And if such a person existed, his asking salary would be well over $250,000 American per year, easily.

So the job seeker looks at the list and says to himself, "Hey, I'm very good at most of this! I just don't have any experience with Solaris, and not much with Oracle. I'm going to apply anyway!"

Then Human Resources gets his application and cannot find anything on his resume about Solaris, so winds up chucking his application in the bit bucket. So now they've had to waste their time at one level, and are frustrated. It gets even worse later, when they are told to shrink the list of requirements, and they realize how many potential candidates were thrown away because the person needing the personnel overstated his need and wasted so much more of their time.

The job seeker is frustrated because he's sure he could do the job, and would ramp up on Solaris quickly enough. After all, when you learn one Linux/UNIX variant, learning another is just a matter of translating the way it is done on the one you know to the way it is done on the one you don't know. But he wasn't even given a chance.

Many times if you go deeper into the true needs of the company, you find out that they have one Solaris server, and they are retiring it in two months. The job seeker would never have had to touch the thing in the first place. And as for Oracle, they just need somebody who can safely restart the server if it crashes, because they have a full-time DBA on staff to deal with the database side of things.

When perspective employers do this sort of job requirement list, they do both job seekers and themselves a disservice. Not only are they turning away many highly qualified candidates, but because no single person can fill the role, the job search takes longer, the HR department gets overworked, and eventually they need to trim the list back to what they actually needed in the first place. Those who are seeking work are going to have to toss their hats in the ring regardless of whether they can fulfill the entire list, because they really want the position and are sure that in the interview they can show that they are capable. Worse yet, because there are so many job offerings to look at, many - like myself - will look at that laundry list very quickly, seeking items that we cannot fill, and move on to the next job offering. Very highly qualified, motivated people are walking away from jobs where they'd be a great fit because companies exaggerate their needs, or copy and paste from other listings.

While I'm on the subject, let's talk about experience required. Many years ago, when Linux was about 8 years old, I saw a job listing requiring 10 years experience with Linux. That'd be a neat trick! The poor kid who is just graduating college, having studied from textbooks that are 4 years out of date, and with no real world experience, is desperate to find work, but everybody wants 5 years experience, or more. For those like myself who did not get the opportunity to finish college, you often need 10 years experience to counter the lack of college. These recent college grads need to be given the chance to act as junior SysAdmins, under the mentoring of senior SysAdmins. In a very short time they will be contributing greatly to the company, if only given a chance.

One last nitpick, and then I'll drop off the radar again for a while. Clearances. I know that when your company contracts with the Department of Defense, many of your personnel need to hold Secret and above clearances. That's a given. The problem is that these days most of the listings are insisting that you already have the clearance, because the company doesn't want to pay for it. Fewer and fewer job listings say, "Must be able to obtain a clearance," instead insisting on a pre-existing clearance. I used to hold a Secret clearance because of my work in the USAF, but that has long since expired, and because of this, I'm no longer qualified for many jobs. This basically means that the only people qualified for the job will be recent departures from the military - and God bless them, they deserve the best jobs they can get - or people who have worked in a government capacity that required clearances. Companies really need to be willing to pony up for the cost of a background check and getting clearances for highly qualified potential employees.

I wish you new college graduates the best in you careers! Keep at it, and you'll find opportunities to increase your experience points. I highly recommend doing probono work for charities, setting up Linux servers for them to replace the expensive Windows licenses they are currently having to pay. Take part in your local Linux Users Group, where you can learn a great deal from those who have been in the trenches longer.

And be realistic. You just got out of college, and as much as you were taught, you simply do not know squat. What works in a book often is not feasible in the real world. Don't walk off of your college campus and expect an $80,000 dollar a year job. You have to pay your dues, just like the rest of us did. Accept a lower paying position, and learn, learn, learn, and then begin marketing your experience at a higher rate.

And never stop learning! I learn something new almost every day, and it makes me happy when it happens.

Benny Helms

MyFreeCopyright.com Registered & Protected

Friday, December 6, 2013

About SAP

Good morning, all!

It's Friday, and the promise of a weekend has made my heart even lighter and more positive!

Today I want to discuss SAP, and describe some of the basics about it.  These are my opinions and are from the perspective of someone who has experienced it only on SuSE SLES 11 SP1 (required in the specs by SAP; I'd have preferred Ubuntu Server or Debian, but that's just me), using Oracle 11.2 64-bit (again, required by the SAP specs).  Your mileage may vary, and let's face it; I may be dead wrong on some things, as SAP is not my forte.  Supporting the servers that host it is my forte.

SAP is an enormous application that covers an organization's finance, payroll, work orders, material inventory, etc.  There are modules available for just about everything, and most will cost you even more money. The purpose it serves is worthwhile, and without it, many companies would have a very difficult time tracking everything and linking things together for report generation, paying employees, etc.  So kudos for creating a product that is very powerful and very useful.

When I was hired on at this organization, it was with the understanding that I'd be focused entirely on Linux and AIX systems administration.  As with most jobs in the SysAdmin world, you should make sure you have a written contract that specifies your specific responsibilities.  Otherwise, you will find yourself tasked with more and more disciplines, until you no longer have the time you need to properly maintain the Linux environment that you were hired to oversee.

Such is the case with SAP.  SAP (pronounced as the individual letters, not sap) is a German company, and as such, support is in a very different time zone from the East Coast of Florida where I do my work.  Fortunately, there are vendors and contractors in the United States who make their living supporting SAP installations, so you are not entirely dependent on help that includes an overseas time delay when you are having issues.  Even so, no issue with SAP is small, and each takes serious thought before deciding upon a resolution.  Each module may affect dozen of other modules, so each change must be carefully examined and tested.  I bring up the German ownership for another reason.  While they support a few different databases - in our case we're using Oracle - they create many of the tables and fields using German names, which makes it very difficult for the SysAdmin or the Oracle DBA to have a quick look at the database layout and determine what does what.

Supporting SAP is something that actually requires many people.  There is BASIS, which is basically the user interface, and the admin portion where you create, delete, and assign access roles to users. That is one of the areas I've been asked to learn, and it is huge.  The BASIS book on my shelf is about one and a half inches thick, and it barely scrapes the surface.  And that is only one of many aspects of SAP that must be supported.  Their classes are very expensive, and in the ones my coworkers and I have taken, each class warns you that to truly understand what they are teaching you, you should attend these 7 other expensive classes.  Not good for an organization with a limited budget.

So far, my primary responsibility has been at the Linux server level, creating and maintaining them, but the BASIS is creeping in and I'm learning more each week, and then being tasked with using what I've learned for user support.  Oh, well.  One day I'll get that written contract, and be able to focus entirely on Linux, but for now, so far, only about 5% of my time is being used for BASIS support.

On the SysAdmin side, I was responsible for creating the new Linux servers, each of which are virtualized on VMWare.  The reason for my creation of new servers is that we were upgrading from a much older version of SAP, and were converting from AIX to Linux.  To give you an idea of the enormity of this upgrade, it took them over 6 months to complete the process!

I've had to create 5 separate SAP servers for our organization, and if you work for a larger organization with multiple geographic locations, there would be even more servers required.  Most of the servers are configured pretty identically, but some can be made lighter in disk space, RAM and CPUs.  At a minimum, when you buy SAP - and be prepared to shell out hundreds of thousands of American dollars, or in same cases, multiple millions - you will need to create the following servers:

SSM - SAP Solution Manager:  This server is not as resource intensive as the others.  This server is the one that communicates with the SAP headquarters most frequently, looking for updates, etc., and in part, proving that you are not exceeding your licensing.  In the past, installing updates in SAP was a much more manual process, involving reading what are called "SAP Notes" which often, in order to understand this SAP Note, contain pointers to other SAP Notes, which contain still more links to other SAP Notes, ad infinitum, ad nauseum.  There is still a lot of manual work in installing updates, but at least this server can - in theory - reach out and grab them.  I truly don't know. The consulting team we hired to do our upgrade to the latest version and move us from AIX to Linux never properly configured the SSM server, and we're in discussion to get them to do it post mortem.

SD1 - The sandbox server where you can try things without breaking the production server.  The resources it requires are greater than the SSM server, but lighter than the production machine.

DV1 - The development server.  This one needs to be fairly beefy on resources, but not as beefy as QA1 or production.  This is where users try out minor changes, things like new payroll rules based on tax laws changing, etc.  It has two separate login environments; client 200 and client 400.  All initial testing of changes takes place in client 200, and if passed, sometimes also get tested in client 400, but that is rare in our case.

QA1 - The quality analysis server.  This environment is very much like the production server, and is the final place to test your changes before moving them to production.  It needs to be fairly beefy on resources, but not as beefy as production.

PRD - The production server.  This is the environment where real time work is done, and where real time changes such as adding users, etc., are done.  It is the most resource intensive, and the server which keeps you up at night as a SysAdmin.  If this goes down, there is no work being done, and more importantly in the minds of all our employees, payroll is unable to process and we don't get paid.  My goal here is to create a backup PRD server which we'll initially be able to bring up if PRD dies.  In time, I'll want it to also be a live failover server, and the final phase will be to make it a load balancing server.  We shall see.

In my next blog entry, I'll discuss a bit about how the changes that require traversing 3 servers are done, using what is called the "transport".

Incidentally, here's a fun thing you can do when you need a bit of humor in your day. As the customer, if you ever want to make an SAP rep or consultant twitch, you can pronounce it "sap", as in the liquid that flows from pine trees.  They'll correct you immediately, and it adds just a little bit of joy to your life.  :-D

Benny Helms

MyFreeCopyright.com Registered & Protected

Thursday, December 5, 2013

Atooma revisited

Note: This blog entry is based on testing I did months ago, and am just now getting around to blogging.

Okay, so I've used the Atooma application on my Android for more than 2 weeks now, and decided today to uninstall it.  It worked okay, although it would frequently interfere with my wifi connections by cutting them off unexpectedly.  I think the application has a lot of potential.

So why did I uninstall it?  Let's first examine why I installed it in the first place.

I hate having my phone search for a wifi connection when I'm between the home and the office.  It wastes power and drains my battery.  So by using Atooma to turn off wifi when I left the office or left home, and turn it back on again when I reached the office or reached home, it would save battery, right?

What I did NOT factor in due to faulty logic on my part was that GPS would be searching endlessly to see if I was at the office or at home, thereby draining my battery far more effectively than the occasional wifi search was doing.  Truth be told, I just need to make it a habit to turn off wifi when I leave the home or office, and turn it back on when I'm in a place where I can use wifi.  I installed and tested Atooma because I was being lazy.  Period.

So I'm back to manual and I think my battery will last a lot longer now!

Benny Helms

MyFreeCopyright.com Registered & Protected

Trying out Atooma on Android

Note: This blog entry is based on testing I did months ago, but am just now getting around to posting.

I saw a posting yesterday on Google+ about a new app for Android phones called Atooma.  The name seems to be constructed from pieces of the words, "A Touch of Magic".  The story can be found at this URL: http://lifehacker.com/5948760/atooma-is-like-ifttt-for-your-android-phone

It is in Beta, but seems pretty stable so far.  I installed it last night, and have now had a little time to play with it.  It could be awesome, or it could be an annoyance that I'll remove as soon as it shows its true colors.  I'll let you know.

For now, this is what I've done with it.  I've created the following six "Atoomas" and activated them.

1. Turn on WiFi when I get to work
2. Turn off WiFi when I leave work
3. Turn on WiFi when I get home
4. Turn off WiFi when I leave home
5. Turn on WiFi when at a specific friend's house
6. Turn off WiFi when I leave that specific friend's house

I sat in my office all day thinking it was working great, as the WiFi was staying on.  So far so good. After leaving work, the WiFi turned off a few blocks from the office, so that made me happy.

When I got home, it did not turn on my WiFi, which saddened me a bit.  I used my finger to drag down from the top of the screen to see the running apps, and selected Atooma.  It had all my "Atoomas" showing on the screen.  When I clicked on the one for turning on WiFi at home, it had a different appearance than when I created it.  There was now a huge check mark at the bottom of the screen, and it looked like it wanted to be clicked.  So I did, and it turned green, and my WiFi at home turned on. Seems after you create the rules you have to leave the editing area, and bring it up by dragging down from the top of the screen like I did to get to the default view where it lets you activate each "Atooma". I had not actually activated any of them after creating them, so I did so with each.

That's when things went wonky.  Suddenly my WiFi turned off.  A few seconds later it turned on, connected, then disconnected and turned off.  A little experimentation showed me the problem from a logical point of view.  The problem is that when you are in the building where you want WiFi on, you no longer have a clear sky view for GPS, thereby making the device think you're not at that specific location any longer and making it turn WiFi off.  As soon as it gets enough GPS fixes that it realizes you are now at that location, it turns WiFi on, and eventually the cycle repeats itself, over and over.

I decided it was time to deactivate the "Atoomas" for turning off WiFi when leaving a location until I could figure a workaround for that.  That did not work out so well.  The WiFi continued it's up-down cycling, and was a little maddening.  So I once more dragged down from the top of the screen, clicked on the Atooma icon for the running application, and using the menu button, chose "Logout".  Ahhhh.   Peace at last!

Not!  The cycling continued, and I gave serious thought to uninstalling the application.  Instead, I used the Tasks tab of my trusty "Battery Dr Saver" app (an app I highly recommend; allows you to do full cycle charges or quick charges) to kill the Atooma task.  That did it.  I turned Atooma back on, and because all the "Turn off WiFi" tasks had been disabled, they no longer cycled my WiFi at the house.

I then downloaded somebody else's "Atooma" (users can give back to the community by uploading successful "Atoomas" they've put together so that others can benefit) that would theoretically read your SMS messages aloud if you were traveling at a speed greater than 25km/h.  That gave me to pause.  If I could specify a speed, that meant I could indicate that I was traveling.  If I added that to my "turn off WiFi" rules, it would add a requirement that would need to be satisfied in order to trigger the "turn off WiFi".  That sounded interesting, so I thought about it on the way to work, and when I got here this morning, I did some editing.

Now my "Turn off WiFi when I leave work" rule does not just say, "If I leave the area of <address of office> turn off WiFi", it now says, "If I leave the area of <address of work> AND I am traveling at a speed greater than 30km/h, THEN turn off WiFi".  So far I still have functioning WiFi here in the office, with the Turn off WiFi rules activated, so maybe this is a good solution.  On the other hand, I'm an American and I do not savvy km/h.  I savvy mph, and I wish the app would let you change the basic configuration based on what you use for measuring speed.  Then again, for all I know they *do* let you do that, and I've just not played with it enough to find all the settings and configuration.

I'll continue to explore this application, and will keep you posted as to my findings, my likes, my dislikes, etc.

Benny Helms

MyFreeCopyright.com Registered & Protected

Finished LiveCD project; moving on to SAP

So I finished - for real this time - the LiveCD project.  In the end, it was something I was very proud of. The user can log in to the work LAN from home, and it is easy and intuitive.  The boss likes it, and in the end I made it far broader than I originally planned, so that much more can be accomplished and the user can get a taste of Ubuntu Linux, maybe helping us to start replacing Windows machines with Linux machines.

Now that I've finished that project, I've been tasked with learning to administer SAP, a product we use here.  When I say "I've been tasked with learning to administer SAP" it is similar to saying I've been tasked with learning Mandarin Chinese - reading, writing, speaking and understanding the spoken language like a native - and just for fun, learning to write it in mirror format so I can hold written documents up to the mirror and have them be readable.

You see, SAP is a ***HUGE*** database system suitable for accounting, personnel management, and a host of other things.  Just learning the interface will probably take me a month or more.  Diving into the possible things that can be done with it another month.  Troubleshooting when it doesn't work as expected?  The rest of my life probably.

But that's okay, because I think the boss will give me a few weeks to accomplish all of the above.  :-)

I still remember when I first began playing with DOS on a minimal workstation, thinking, "Man! Wouldn't it be cool to just support people using computers for a living?  I already do that, but it's not my job.  Man, I'd have it made in the shade if that's all I had to do every day!"

Remember, people:  be careful what you wish for!   You might just get it!   :-)

Benny Helms

MyFreeCopyright.com Registered & Protected

LiveCD project - part 3

I thought I'd give you another update on the LiveCD project, and teach you an important lesson in Unix/Linux Systems Administration.

Sometimes it's not the work you did!  Sometimes it's the hardware!  Always check!

Remember in my last posting I told you the boss had a kernel panic on his second laptop, necessitating my foray into older versions of Ubuntu to use as the basis for my LiveCD?  Well, he's out this week, so I went into his office to try it for myself.  I saw nothing but the splash screen. Never did it reach a standard black screen with white font telling me there was a kernel panic!  It just hung and never moved forward.

With that information in hand, I burned a copy of the original Ubuntu 11.10 Desktop i386 LiveCD and tested it on the same laptop.  Again it hung.

At this point I began to suspect that the CD drive was dirty or very near broken.  It was reading well enough to access the boot sector, and bring up the splash screen and menu, but could not do anything more.  I heard a lot of  "seek" noise from the CD drive, like it was having trouble reading the disk.  I took the unit down the hall to the Help Desk personnel (God bless them!! Their jobs are often far harder than mine!  I've done that job!) and asked if they had another CD drive that would fit into that laptop.  Since it is modular and just slides into and out of the left bay, they were able to give me another to test.  It worked!!  Problem solved!!

Now I take responsibility for this.  I should have gone in and grabbed the laptop from my boss and put it at my desk and tested it myself as soon as he said kernel panic, instead of assuming.  That's another lesson in Unix/Linux Systems Administration for you, folks!  Laziness costs more than being willing to do the hard work sometimes.  My reason for not getting the laptop was very simple.  I'm tall, and getting that laptop meant I'd have to unplug the power brick in the boss' office, bring it back to my desk, and crawl around on my hands and knees under my desk to plug it in and get it ready for testing.  I don't LIKE crawling on my hands and knees.  The floor is a loooooong way away when you're as tall as I am, and I hate having to get under my desk like that.  My reason was lame, and it cost me several days work, a lot of frustration, and caused self-doubt that wasn't warranted.

The second - non-pae based - LiveCD I had created had worked perfectly, and the boss was already irritated at Ubuntu for having caused the pae problem in the first place rather than being irritated at me for the first LiveCD not working.  I ended up looking inept on the second LiveCD because I was too lazy to crawl under my desk for a minute or two.

Learn from my mistakes, folks.  A wise man learns from the mistakes of others, but a fool has to make his own.

So now I'm off to finish documenting the process.  I've altered the process several times, and now I'm to the point where I've taken Firefox out, installed Chrome instead (Firefox demanded that I log in two times to the same site each time I logged in, while Chrome did not; user friendliness is important on this project), updated everything using 'apt-get update; apt-get upgrade', and still managed to trim it down small enough to fit onto a 700MB CD.  I'm proud of what I've created.  I've learned a lot during this project.  I've been a Unix SysAdmin for "many" years, and I still learn every day.  So this project was not wasted time.  It was actually enjoyable!  It was just frustrating because I got lazy at a crucial juncture and as a result wound up doing unnecessary work.

The step by step document I crafted so that I, or anyone else here, could easily recreate a LiveCD is 20 pages long!  Maybe one day I'll post it to save someone else the trouble of learning the hard way like I did.

Benny Helms

MyFreeCopyright.com Registered & Protected

LiveCD project, revisited

Well, it's been a while, and I haven't updated you on the sometimes frustrating LiveCD project.  So I will take a few minutes and do so.

I finished the project more than a week ago on a Friday afternoon, an hour after I was supposed to go home.  I tested it in VirtualBox on my Linux workstation, and it booted and let the user activate the VPN and access the three web pages they were supposed to access.  It did not offer them an install option, and they had immediate access in the Unity Panel to only VPN, Firefox, & the Libre Office apps.  My intent had been to offer both Firefox and Chrome, but you would not BELIEVE how hard it is to shrink a filesystem small enough that 'remastersys' can shrink it down to an ISO file under 700MB so it can be burned to a CD.  Chrome is much bigger than Firefox, so Firefox won.

I also took the CD home and successfully tested it on my old Dell laptop, and my weekend was happy and relieved.

On Monday, I gave my boss the CD, and told him to have fun with it.  He knew I had stayed late on Friday to complete the project, not because he was pressuring me, but because I just wanted to finish it so I could start the new week by simply documenting the process of creating a LiveCD for future reference.  I know, documenting my work...  I'm going to lose my SysAdmin card if the others find out. :-)

10 minutes later he brought the CD to my desk and said it didn't work.  What the heck???

I put it in my workstation, and restarted it.  No VirtualBox test this time.  I did it all the way!  Worked like a charm!

I then realized that because it was moving at the speed of CD, just getting past the initial splash screen was taking over 35 seconds on my workstation, and it has 8 CPUs and 12GB of RAM.  He had been testing it on old notebooks.  I tested it successfully on my workstation, and then returned the CD to my boss.  I said, "Don't scare me like that!  It just takes a good long time to boot up because it's moving at the speed of CD and you're using very old laptops."  So he plugged it in and booted it up.  I stood and watched, counting internally, "One-one-thousand, two-one-thousand, three-one-thousand..."   He looked at me quizzically, and I pointed out to him that I had just crossed the 30 second mark and it would be a while.  After another minute or so, I got tired of standing and sat in his guest chair to wait this thing out.  After another 3 minutes I surrendered and asked him to give me both the CD and the laptop we were testing on so I could have it at my desk and not have to bother him again for testing.

Tail between my legs, I returned to my desk and to the drawing board.  That didn't go so well, did it? Dang!

I decided that since it worked on two other machines, the CD was okay.  It must be something about the way I created it.  So I burned a copy of the original LiveCD as it came from Ubuntu.  I was using Ubuntu Desktop 12.04, i386 version.  One CD later, I was booting the laptop.  Kind of.  It got about 10 seconds into the boot process and put up an error about the kernel requiring a PAE qualified CPU, and this one was not.  Aha!   So, I asked myself, what the heck is PAE???

I Googled it and found this bit of information on wikipedia.

"In computing, Physical Address Extension (PAE) is a feature to allow 32-bit x86 processors to access a physical address space (including random access memory and memory mapped devices) larger than 4 gigabytes."

Okay, that is understandable.  Older CPUs were unable to use that much memory, and it's a nice way to increase your computer's performance.

Here's the problem.  Ubuntu decided - unilaterally - to start using PAE only kernels starting in 12.04.  One page explaining it can be found here:

It's Ubuntu's right to make such a decision.  I would have preferred that they add a bit of code to their install script that detects the CPU and determines whether it as PAE compliant, and if not, installs an non-PAE kernel for that machine.

So all my work was for naught.  I had to go out and hunt down a non-PAE version of Ubuntu 12.04.  I found an unsupported version at:  http://people.canonical.com/~diwic/12.04-nonpae/  ...and used it as my base, starting over from scratch.  Two days later, I had a tested, working copy.  I had tested it on the first of the two laptops where the original LiveCD had failed for the boss.  I had tested it on my workstation, both via VirtualBox and via actual booting to the CD.  I was happy.  I had even managed to kill two stoned birds by documenting - line by line - as I ran through the process, so I was well on my way to finishing the documentation.

I gave the CD to the boss, and tiredly made my way back to my desk to rest and play with my laurels. For about two minutes.  That's when my boss called me and told me the CD had caused a 'kernel panic'.  A kernel panic occurs basically when the kernel - the heart of the Unix/Linux operating system - encounters either a software or hardware problem which it feels to be insurmountable, and it throws up the panic message and stops.  Okee dokee.  So either the CD was flawed, or the hardware on the laptop was having an issue.

I brought the CD back to my desk and repeated my tests, booting both the other notebook from the boss, and my own workstation - both via VirtualBox and via booting from the CD.  No problems.  Okay.  That means a hardware issue.  Having just wasted weeks building a PAE kernel that failed because the hardware wasn't good enough, I quickly came to the conclusion that the hardware on the second notebook was probably too old for the kernel being used in 12.04, PAE or not.

So yesterday, I started over yet again, this time using Ubuntu Desktop 11.10  i386, and this morning successfully burned a CD that I am about to begin testing.  I have also downloaded Ubuntu Desktop i386 versions 11.04 and 10.10, so I can go back a year in kernel design if need be.  I don't like the security implications, but since this is a LiveCD, I don't see a heck of a lot a hacker can do, so I will test, and if it works, I'll let the boss decide.  Perhaps he can give the 12.04 CD to the users with the newer hardware, and regress back to the older version for those who refuse to buy a newer laptop or tower for their home use.

I hope you're learning a bit about what it is to be a Unix/Linux Systems Administrator!!

MyFreeCopyright.com Registered & Protected

Creating a LiveCD for employees to use to VPN in from home

So, today I'm back to working on the LiveCD project.  Here is what I'm trying to accomplish:

Build a LiveCD that has icons already prepped on the desktop (actually the panel in Ubuntu) that enable the user to start a VPN connection to the office, open Firefox or Chromium with the primary 3 internal-only web pages opening with request for user ID and password.  Do NOT offer the install option either at boot or on the desktop afterward.

The primary reason for this is to ease the complexity users are currently facing when trying to VPN in from home.  The secondary reason, and my primary concern, is to keep them from introducing viruses into our network that they've managed to infect their home machines with.  By booting to a LiveCD that is known to be virus-free (gotta love Linux!), we can be certain that they are coming in clean.

Obviously, the laziest way would be to just hand them an Ubuntu LiveCD and a sheet of instructions for configuring the VPN connection, and explicit instructions regarding NEVER touching the install icon.  Problems?  First, we all know it is likely that the users would never read the instructions, would complain that they cannot configure the VPN, and would immediately overwrite their precious Windows partitions with Ubuntu because they hit the install icon.

The second best solution would be to put the VPN icon in the panel, and pre-configure the Firefox startup to open the three pages.  Problem?  The only way I've found to do this is with 'remastersys', which insists on including ubiquity, the startup script that includes the install option.  If I remove ubiquity from the source installation, remastersys automatically reaches out and downloads it before creating the iso file.

Third best option is building a new LiveCD from scratch, and it's starting to look like that's what I'm going to have to do.  Oh, well, let the adventure begin!

The process I'm going through is often the way it is in systems administration.  Disclaimer: I'm about to exaggerate in order to make a point!  And this has nothing to do with any religion!  It's just a story to make a point!

You decide to write a simple script to do a bit of math.  A couple of hours into the job, you discover that in order to truly understand this math, because we in America use Arabic numerals, you need to learn the entire Arabic language.  You sigh, google up some pages on the Arabic language, and then manfully (or womanfully) begin learning a whole new language.  A few days into that, you suddenly discover that in order to truly understand the Arabic language and how people think in that language, you'll need to memorize the entire Koran, word for word.  At this point, you think back to the simple little script you wanted to write, curl up under your desk in the fetal position, place your thumb in your mouth, and wait for the shaking to stop.

Here's hoping I get the LiveCD done this week.  It's already taken far too long.  Heavy, heavy sigh...

Benny Helms

MyFreeCopyright.com Registered & Protected

My first blog

My first blog

I've never blogged before, so this will be a new experience for me.

Professionally, I'm a Unix/Linux Systems Administrator with many years of experience.  I dabble in most flavors of Linux, but my preference at this time is Debian and its derivatives.  I'm currently typing this on a workstation that is running Ubuntu 13.10 Desktop 64-bit.

How does one become a Linux Systems Administrator?  Almost always by accident.  You start playing with Linux to see what all the hype is about.   Then you dig deeper so you can do more and more. Then the people where you work begin to see you as the "guru" when it comes to all things Linux. You're answering questions left and right, most of which you have to go Google to find answers for, all the while learning and becoming more and more proficient.  Then your company decides to try out this "Linux Thing" and hears you are the Lord Of All Things Linux, and offers you the chance to set up a server and administer it, all while continuing to do your "real job" of course.  Before you know it, you are setting up more servers as the company sees profits rising (from lack of licensing fees) and downtime decreasing (from Linux's failure to crash every other day), and the company makes riding herd on these boxes your full time job.

It's like a dream come true!  You get to play all day with the latest stuff, and they PAY you for it!!

Careful what you wish for.  After a while you begin to realize that being the only SysAdmin at a company means you wear a lot of hats, and it begins taking more time than you have in a day.  You are the security chief, the web server administrator, the mail server administrator, you're riding herd on Samba file servers and print servers.  You start to notice that they expect you to know everything about anything that has ever been near a computer.  When the power goes out and comes back up, they expect you to reset all the clocks on all the microwaves, because "you're good with techie stuff" (not that you weren't already resetting all the microwave clocks; being a geek you just can't handle seeing that clock being incorrect!)

In the beginning, you're like a dry sponge, absorbing knowledge like you've been dying of thirst.  After several years you reach a point of saturation, and you begin wondering if you shouldn't have started this in the first place.  To stay on top of your game, the learning is endless, you'll grow weary of dealing with script kiddies and hackers, you'll sometimes have days where you are tired of supporting users who never seem to make any effort to figure out for themselves what is wrong before calling you.  It sometimes feels overwhelming, and you begin wondering what it would be like to be a forest ranger, out in the middle of the wilderness with no network signal and no cell phone signal.  Perhaps riding a horse in Montana in the middle of a huge ranch, keeping cattle safe.  Almost anything that has nothing to do with technology.

The problem is that you are too good at what you do, you still enjoy it on most days, you're still learning new things every day that keep the job exciting, and you've reached a salary level that you cannot match in any other field without investing a decade in training and experience.  You know you'll be a SysAdmin until you retire, and you need to adjust your mindset to see all the positive in your job, like helping people and keeping servers safe and secure.

Whenever I reach a place where I've allowed the negative to creep into my mind instead of focussing on the positive, I think of an episode of "The Jetsons" I saw as a kid.  George Jetson is complaining to his wife about how hard his day was at work, sitting at his desk pushing buttons.  At the time, I thought George was a whiner and should enjoy such an easy job, instead of having to dig ditches, or some other back breaking work.  Now I realize I have become George Jetson.  All I do all day is push buttons, and then I have the audacity to whine about it.  Granted, the stress level is more draining than the button pushing, but you understand my point.  We SysAdmins have a pretty decent way of making a living, even though many of us that have been doing it for more than a decade reach a point where they hate it, and would do almost anything else if they could earn a decent income.

You've just got to keep focusing on the positive, and ignore the negative.  That job on the horse in Montana has it's own problems, the winters are ridiculously cold (I know, I lived there for 11 years), and it can get lonely out there with only the cattle for company.  Every job will have a negative aspect and a positive aspect.  What you focus on is what you experience.  I focus on the positive, and I have come to thoroughly enjoy my profession, even after many years of doing this.

I think that's more than enough for my first blog posting.  I welcome feedback, especially from other SysAdmins.

Have a great day!

Benny Helms

MyFreeCopyright.com Registered & Protected