Best posts made by scottalanmiller

After more than twenty years on UNIX systems, it seems like the right time to begin a guide to Linux systems administration, and what better place than on MangoLassi where we can make it into a living, growing document.

An Introduction: Why Linux System Administration

• Linux: Collected Educational Resources
• Why Desktops Are Not a Good Learning Tool
• Avoid the Raspberry Pi for Learning Linux Server Administration
• Linux: What is a Distro
• Choosing a Linux Distribution for Business
• What Is UNIX, and How Does Linux Fit In
• What Makes Something a Linux OS
• Why Does Open Source Matter
• Understanding Linux Release Schedules
• Understanding the Relationships of Red Hat's RHEL, CentOS and Fedora Distributions
• Understanding the Suse Distributions Suse Linux, OpenSuse Leap and OpenSuse Tumbleweed
• Understanding the Debian and Ubuntu Linux Distributions
• Linux Architectural Variety
• Linux and Virtualization
• From Windows to UNIX: Monolithic to Modular Design

---

Basics of Linux Administration

Getting Our Hands Dirty: Learning Our Way Around

• Installing Our First Linux Operating System for Learning Systems Administration
• Linux: The Lay of the Land, Filesystem Hierarchy Standard
• Accessing a Linux Server using SSH
• Linux: Working with Files
• From Windows to UNIX: File Extensions
• From Windows to UNIX: Case Sensitivity
• Linux: File Colors
• Linux: Standard Command Structures
• Linux: Aliases
• Linux: Basic Working with Text Files
• Linux: Finding Files
• From Windows to UNIX: Text File Formats
• Linux: Symbolically Linking Files
• UNIX: Users and Groups
  • UNIX: The root user
  • UNIX: The /etc/passwd File in Depth
  • UNIX: The /etc/group File in Depth
  • UNIX: The /etc/shadow File in Depth
  • Linux: Tools for Managing Local Users
  • Linux: Tools for Managing Local Groups
  • UNIX: Switching Users with su
  • UNIX: sudo
  • UNIX: The sudoers file
• UNIX: Basic File Permissions
  • UNIX: File Permission Octets
• UNIX: Extended File Permissions and Attributes
• UNIX: Everything is a File (Descriptor)
• Linux: Shells
• System Administration: Standard Tools
• UNIX: Path
• Linux: Home Directories
• Linux: Common Filesystems
  • From Windows to Linux: Filesystem Culture
• Linux: Text Editing
• UNIX: X Windows and the Graphical Desktop

Packages and Installation

• From Windows to Linux: Installation Culture
• Linux: Software Installation
  Red Hat and the RPM World
• Linux: RPM Package Management
  • Linux: Querying with RPM
  • Linux: Installing with RPM
  • Linux: Uninstalling with RPM
• Linux: YUM Package Management
  • Linux: YUM Repositories
  • Linux: Installing with YUM
  • Linux: Updating with YUM
  • Linux: What is the EPEL
• Linux: DNF Package Management
  Debian, Ubuntu and the DEB World
• Linux: Installing with APT
  Installing from a Tarball
• UNIX: What Is a Tarball

General Administration Tasks

• Linux: Finding What Distro We Are Using
• Linux FAQ: Why Do We Need a Dot Slash Before a Local Command
• Scheduling with cron
• Scheduling with at
• Linux: File Compression Utilities
• Linux: Using tar
• Linux: Zip and 7Zip

Storage and Filesystems

• System Administration: Filesystems
• System Administration: Clustered Filesystems
• Linux: Checking Filesystem Usage with df
• Linux: Directory Utilization with du
  • Linux: Looking for Large Folders with du
  • Linux: Why are df and du Showing Me Different Things?
  • Sparse Files and lastlog
• Linux: Disk Devices
• Linux: Working with Disks, fdisk and parted
• Linux: Creating a Filesystem
• Linux: Mounting Filesystems
• Linux: The Role of the Logical Volume Manager (LVM)
  • Linux: Working with LVM
  • Linux: Extended LVM Reporting Commands
  • Linux Practicum: Adding a Second Storage Drive on CentOS 7 with LVM and XFS
  • Linux Practicum: Removing an LVM Configuration on CentOS 7
• Linux: The Role of MD Software RAID
• Linux: MD Software RAID
• Linux: The Role of DRBD
• Linux: BtrFS
  • Linux Practicum: Adding a Second Storage Device on CentOS 7 with BtrFS
• System Administration: Network Filesystems
  • Linux: NFS
    • Linux Practicum: Creating a Simple NFS Server
    • Linux Practicum: Mounting a Simple NFS Share
  • Linux: SMB

Networking

• Linux: Network Bonding and Teaming

Memory and Swap

• Linux: Swap Space and Files
• Linux: Creating Swap
• Linux: Swappiness Behavior

Monitoring and Analysis

• Linux: Using uptime to understand load
• Linux: Using free to view memory usage
• Linux: Using top to view instantaneous performance
• Linux: SAR

System Administration Tasks

• System Administration: Backups

Linux Special Tools

• Linux: Special Tools Outside of the Mainstream
• Linux: Special Tools for Command Line Performance Viewing

Linux Why?

• UNIX: Why Does Root Get a Special Home Directory

BASH Basics

• BASH: if else Constructs
• BASH: case Constructs

Advanced Topics

DRBD

---

• Linux Command References

It's not often that you get messages like this and I wanted to kind of save it somewhere Shout out to @BBigford @Neally @DenisKelley who are all named as well.

https://community.spiceworks.com/topic/1785625-the-influence-of-community-and-personal-inspiration

So we have been kicking around an idea to help turn the NTG Lab up to the next level and we wanted to see if there would be any interesting from the community. The NTG Lab is pretty extensive, and always growing. We get good access to hardware and software from lots of vendors anxious to have us showcase their products to our staff and since we have an isolated lab the availability of licenses to us is generally pretty good (it's kept out of production so vendors know they aren't losing money from a lack of sales.) We have gear such as several enterprise servers from multiple vendors, iSCSI SAN, NAS, hypervisors, etc.

What we are looking to do is move from the small, limited lab facility that we have currently to move into something much more substantial and robust - a full cabinet in an enterprise datacenter.

We are interested in finding out if some community members might be interested in going in for something like $25/mo to get access to the lab. It's not a cloud platform and the system would be a bit information, we aren't looking at hundreds of people here but it would be great to find around twenty. This would be people who know each other, not a system "for sale" and the goal is education, testing and lab - no implication of this being a production system (we have a SAN for goodness sake, this isn't prod!!)

The idea is that this would be a truly incredible system that we can use together for a degree of learning and experimenting that just can't be done in another way. Basically the most amazing home lab you could imagine - hosted in an enterprise datacenter. For the cost of just a few tiny cloud VMs from a cloud provider.

Thoughts?

Everyone learns differently. We all know this, but we rarely take a lot of time to think about what it means practically. Some people are great auditory learners, I know I am. Give me an informative podcast with good information and a long morning walk and I will ingest a lot of great information. Some people need to take notes, others lose everything being said if they take notes. Some people need visual aids. Some need to do things hands on. Some want to investigate and discover while others want to be led and shown. We are all different.

In the working world and especially in fields like IT and software engineering learning is far more than the background practice that we do to get in the door, it is a part of our daily lives. IT is an enormous field and requires that we not only know a lot of foundational background information, but also requires that we constantly stay up to date on products, companies, techniques, tools, trends and more. IT is so large that even if it were to never change or grow we would still be spending our entire careers learning more and more as there is just so much to know!

IT practitioners take learning to a new level that most fields would never suggest or accept. In fact, if you even suggested to people working in most fields that they should have to put in the kind of time that IT professionals much do just to remain current and grow at a moderate pace you would not just be mocked but would often be met with derision. Many people would actually be upset being asked to learn in such a way.

In fields, like IT, where continuous learning are necessities we have to think about learning processes in different ways. For most people in the majority of the world's careers it is adequate that learning be separate from "life and career", that it be set aside as a special case activity only done in special, formal settings such as high school, university, certification training classes and the like. Additional learning or training might be requires throughout a career but it would generally be done is special settings, at scheduled times and be very limited such as a training course for a few days every few years. Very "separate" from normal life.

IT cannot work in this manner effectively. Learning must be constant, it must be part of the lifestyle. We cannot look at learning and education as something we do then set aside, only taking down off of the shelf and dusting off once in a while. We must live it. We must embrace it. It has to be part of every day, every activity. Always learning, always growing, always advancing.

One of the most important skills that any IT practitioner must cultivate is that of being able to teach themselves, constantly. This might be reading books, spending time in deep reflection, doing projects, hanging out on professional social media, reading articles, pursuing certifications, building labs, trialing new products, attending seminars, attending conferences and more. And most likely, doing many or all of these things.

IT requires so much learning, in so many directions, at such a significant pace that there is no reasonable means of approaching the primary corpus of an individual's learning from any formal system. Formal learning systems, classrooms of one type or another, are perfectly reasonable as supplemental learning systems. But these are time consuming, expensive and slow at best and, in most cases, lack even the capability of providing continued support for mid-level career professionals and above. The value of formal systems drops away rapidly as a career progresses and alternative learning methods must be adopted.

IT essentially demands that anyone looking to continue growing in the field, or in reality even those just looking to stand still without losing ground, teach themselves throughout their careers. A formal education process might be useful in kick starting their careers at the onset or help to get them "over a hump" later in life. But by and large self learning is needed at nearly all times.

The reason that I love hiring people who have always used self education and self learning processes while foregoing formal educational processes is not because of a negative associated with those processes, but because the needs of the field demand that self learning be a skill that isn't just passable but is highly honed and natural. If someone has learned through traditional, formal processes then I have to struggle to determine how much passion, determination and practical skill at self learning that person possesses. Why did they choose formal education that is slower, less demanding and more expensive if they enjoy and are good at learning on their own? How do I know that they can continue to grow without needing special resources provided at best, or at worst that they are simply unable to keep growing in IT and will immediately begin the process of failing?

For job candidates that don't demonstrate a strong aptitude, desire and experience in self education I am left with little option but to wonder if they are ready for a career in IT. Of course they may have simply chosen a developmental path that fails to demonstrate some of the most critical industry skills, and that is unfortunate. But candidates that have demonstrated that they can self educate are known to have a critical skill that is needed. That demonstration is one of the best possible factor that I could look for in evaluating a candidate.

Going forward, after hiring someone new, their past knowledge is almost useless. What they have learning is likely outdated, is almost certainly not directly applicable to the work that they will need to be doing and what they need to do will often change anyway and even if they were fully current at the time that they were hired they would still need to be learning regularly just to maintain the level of skill that they had when hired. The skills and experience that someone has when initial hired serves almost exclusively to demonstrate aptitude and interest for the subject material. Of equal or greater importance, but much harder to ascertain, is their ability to learn the new material that will be needed going forward and to do so on their own with minimal additional assistance.

Those that have taught themselves have simply more opportunity to demonstrate their ability to do what is needed to succeed in IT. Which itself is meaningful, it suggests that they understand that requirement of doing so and the value of being able to do so. Candidates who have not done this adequately may themselves not understand what the field will entail once they are working in it and may have no idea how to teach themselves or even if they have the necessary skills and drive to do so anyway. Formal educational processes do so much to avoid these processes that often those who have taken those paths in life may lack the necessary exposure to even answer these questions when presented with them.

Self learning is the best way to prove to employers and to yourself how ready to you are to tackle the ongoing growth and educational demands of the industry.

Jump servers are one of the easier projects to tackle and a great starting place on your Linux journey as they are easy to make, very useful, have little to no external dependencies and are often a foundation point for starting a UNIX infrastructure. In this lab project we will build a very basic Linux Jump Server using CentOS 7.

For a Jump Server we can do a very basic install, we can easily get away with a single vCPU and 1GB of RAM. We need only the most minimal local storage so 8GB should be more than enough. Once we have the settings ready, we can do a minimal install option and accept all of the defaults. No special needs here.

As always we start by patching up to current...

yum -y update
yum -y install epel-release
yum -y install fail2ban

And truly, this is enough to have a starter Jump Box. Very basic, of course, and probably not where we would want to stop. Where do we go from here?

First you would create users and SSH keys and then deploy them to the other boxes that you wish to connect to. This is the core of what makes the Jump Box a Jump Box. This is standard SSH key setup, nothing unique to a Jump Box.

Additional steps that are often interesting are to add two factor authentication to the Jump Box, such as Google Authenticator.

People often ask where to start learning Linux, and the answer is always to "just start doing projects." That's hard to do, of course, because someone without server experience might not have a good set of project ideas that would reflect real business processes to start out with. So I am going to start collecting ideas:

• Build a Linux Jump Box
• Build a Linux Logging Server like ELK, Graylog or Splunk
• Build a Linux Monitoring System like Zabbix, Zenoss or Nagio
• Build a Linux Ticketing System like ServiceDesk+ or osTicket
• Build a Linux Documentation Management System like MediaWiki, Dokuwiki or Alfresco.
• Build a Linux VoIP PBX like FreePBX.
• Build a Linux Instant Messaging System like Rocket.Chat, Mattermost or OpenFire.
• Build a Linux Email System like Zimbra.
• Build a Linux Media Server for home movies, music, pictures, etc.
• Build a Linux Backups System.
• Build a Linux Shared Storage System using NFS for other Linux Machines.
• Build a Linux Shared Storage System using Samba for Windows and Mac OSX devices.
• Build a Linux Active Directory server with Samba 4 or FreeIPA.
• Build a DevOps management system with Salt, Ansible, Chef or Puppet.
• Script your builds, script maintenance tasks.

General Project Tips:

• Always use enterprise Linux OS Distros: CentOS / RHEL, OpenSuse / Suse or Ubuntu (mostly in that order)
• Treat the systems as if they were production and secure them, monitor them, etc.
• Always vitualize
• Use real server hardware when you can
• Use enterprise cloud platforms when you can (Amazon, Azure, Rackspace, Softlayer, Digital Ocean, Vultr, etc.)
• Do everything in such a way as to make your current business or any potential employer jealous of your home or lab network. Do this by raising the bar on the home line to be what a business should be like.

Doing this on a Digital Ocean CentOS 7.1 Droplet with 1GB of RAM. Always fully update before starting.

[[email protected] ~]# cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)

setenforce 0
yum -y install epel-release
mkdir -p /var/www/html; cd /var/www/html/
wget https://raw.githubusercontent.com/snipe/snipe-it/master/install.sh && chmod 744 install.sh && ./install.sh

Just accepts the defaults for MariaDB and set the root password. Remember to record this!!

Now a little more, the site should be up but will have errors because we aren't quite done yet...

 cd snipeit
vi app/config/app.php

Now modify the timezone line so that it looks like this...

Now we just have to do one final step to get everything configured and running. Just run this command to configure your first user:

php artisan app:install

Follow the prompts. Once completed, you are done. You can navigate to http://ipaddress/ and you should be able to log in and begin using your Snipe-IT system on CentOS 7 with MariaDB.

I've been looking for this for years (not knowing the name didn't help) and finally found it. It is a Canadian show that we saw in NY via PBS when I was young. It aired in 1983 and introduced many of the most popular computers of the era (8bit era pre-Mac and pre-Amiga.). I used to watch this with @SonshineAcres and my mom in the years before we owned a computer at home. A very influential, but silly, show for me.

Youtube Video

Just making a single place for all of these links so that we can see the growth over time rather than only monthly:

Month	Views	Posts
August 2017
July 2017
June 2017	2224200	10024
May 2017
April 2017	2006092	8473
March 2017	2109242	8658
February 2017	1774324	11358
January 2017	2366223	8973
December 2016	2563932	9268
November 2016	2476690	7981
October 2016	2511810	8772
September 2016	1801790	NA
August 2016	1800240	11872
July 2016	2377016	8336
June 2016	1724899	NA
May 2016	1681058	8396
April 2016	1923873	8682
March 2016	2142561	11267
February 2016	1564432	11500
January 2016	1721711	10149
December 2015	2139721	8000
November 2015	1334733	11628
October 2015	800123	11270
September 2015	487557	6122
August 2015	765246	6954
July 2015	700480	4689
June 2015	498262	5502
May 2015	435155	6771
April 2015	339904	7334
March 2015	516573	8658
February 2015	445725	NA
January 2015

February 2015 was month eleven for the community and the first month that the NodeBB platform had stats for us. March is the first that we paid attention to posts.

There is no better way to get started with Linux than jumping straight in! So we will do just that. For the majority of our learning, we are going to focus on CentOS Linux because it is completely free, focused completely on enterprise server needs and is a mirror of the leading business distribution and the most commonly encountered in the Linux System Administration workplace. This series is not a sales pitch for CentOS or RHEL but use them because they make the most sense for getting started in a Linux career. When possible, we will branch out and investigate other enterprise Linux offerings as well to make the educational opportunities as complete as possible.

As with any modern server administration, we are going to assume that everything that we do is going to be virtualized. We will address Linux on physical installs later in our "course", but unless we are specifically targeting a physical install for a special purpose (such as creating a virtualization host) we will stick to working and assuming that all work is as a virtual machine. As a system administrator, the physical server is of no concern to us, we work at the OS level.

You are free to virtualize your Linux educational environment using any tool set that you have available to you. If you are doing this at home, I would recommend Oracle VirtualBox as it is free, very easy to use and extremely powerful. It will work great for this. You can use VMware Workstation, Fusion, Parallels or similar to virtualize on your desktop or laptop. If you have access to a type 1 hypervisor, even better, as this will mimic exactly how you would work in a production environment. If you have the resources to have a dedicated server for learning (this could be anything from an old desktop that you put together yourself to a massive HP Proliant or Dell PowerEdge server) then I highly recommend installing an enterprise type 1 hypervisor and performing this course in that manner. Any enterprise hypervisor is free and will work just fine: VMware ESXi, Microsoft Hyper-V, KVM or Xen / XenServer.

In my own lab I will be doing all of the examples on the Linux-based KVM hypervisor-based Scale HC3 cluster, so all of my screenshots will be from that system. Yours will look differently but the basic functionality, especially as it pertains to this class, will be identical. If you are working with a Xen-based system offering optionally full paravirtualization or HVM modes, choose HVM for this course.

Of course you could also do nearly everything the same working from a Linux instance on a cloud platform such as Amazon Web Services, Azure, Rackspace, Digital Ocean, Softlayer or Vultr, but we do not want to add any additional complications arising from platform differences, non-standard base images and such so if possible, save that for more advanced lessons.

We will start by building a base, minimum system image and making that into a template to make things easier and faster in the future. But we cannot do anything until we have our first VM of Linux, so here we go.

First we need to download a CentOS installation DVD image. CentOS has a download site here: https://www.centos.org/download/

Choose the Minimum Install ISO. At the time of this writing, this is CentOS 7 release 1511. But all CentOS 7 should be the same for our purposes.

We need very few resources for our Linux VM. In fact we could easily work with a single vCPU and less than 512MB of RAM. But we probably do not need to be that tight with our resources. We will bump up to 1GB of RAM for our default system.

When installing CentOS, I often use the text-based installer only because it is more reliably going to work. The graphical installer is essentially identical but can have problems based on resolution or graphic capabilities and is less reliable. I will show the graphical installer here as it is more common and less intimidating.

In this screenshot I show the Scale HC3 VM setup options that I will use for CentOS 7. Just one vCPU and just one GB of RAM. Notice that we only need a 20GB drive, even that is excessive. I like 20GB today, but you can get away with much less. If you have the option, thin provision so that it does not matter. You can see my boot ISO here, CentOS 7 Minimum 1511.

If you are not on Scale obviously your screenshot will look a little different than this, but the basics will be the same. If you need specific details on a different hypervisor, post questions in the thread below.

Now we can "Create" and start up our VM and begin our install. Unlike some desktop distributions, CentOS does not load into a "live" environment (Linux Mint does this, for example) and immediately will present the option to install.

Once we start our new CentOS VM and view it from the console we can step through the installation process. Our first screen is time sensitive. Once it comes up we need to select Install CentOS 7 using the cursor keys and hit enter.

Once the installation begins we will first have to choose our languages. This is all very self explanatory. Simply select yours and click to continue.

Next we come to our general configuration screen. For advanced users there is a lot that we can select on this screen. As this is our first time we are going to stick to the minimum.

Notice that under "System" there is a yellow triangle on "Installation Destination". CentOS 7 will always make us verify that we want to install to the disk to avoid accidents. So we have to click on "Installation Destination" so that we can verify the drive.

If you are doing a default installation like I am, coming to the drive selection screen should pick the only available drive automatically (this is the 20GB drive, labelled vda when using my KVM-based Scale system here) with no intervention needed. You can just click "Done" to return to the previous screen. If for some reason this does not happen automatically you will need to select the drive on this screen before clicking done.

And we are back to the screen that we had before but the yellow triangle is gone now.

To make things easy, we will set up our networking now as well so that it is available to us as soon as the system comes up. We are assuming that you have DHCP working on your network at this point. Click on "Network & Host Name" to continue.

This is the default screen that we will see when we first see the screen:

We just have two easy changes to make. In the "Host name" field, fill in your hostname. Mine is lab-lnx-centos.lab.ntg.co. I have a DNS domain already that I use for my environment (lab.ntg.co), if you do not have one you can make one up like .mylab. The only other thing that we must do is look for the networking "on/off" switch in the top right. It should be off by default. Click on this so that it turns to "on". One you do this the Ethernet (eth0) settings should say "Connected" and details about your IP addressing assigned via DHCP should appear.

That is all that we needed to do, we are now free to continue with the installation!

Set the root password, this is self explanatory. Be sure not to forget this password, either!

We are going to optionally create a user account that we will use, as well. I am going to make a user name "student" that is going to be an administrator. See the configuration in the screen shot below. Please configure a "student" user just as this. Use your own password for this and, again, don't forget it.

After this we need only wait for the installation process to complete. CentOS 7 Minimum is pretty small and this generally happens very quickly.

Once the installation is complete it will ask you to click "Reboot". Do so and our system should reboot and come up to a log in prompt. Put in "root", hit enter and then put in the password that was set for root a few steps ago. If all went according to plan we should be logged into our new CentOS 7 Linus virtual machine and ready to continue our class!

Part of a series on Linux Systems Administration by Scott Alan Miller

From SMB IT Journal:
The History of Array Splitting
One Big RAID 10: A New Standard in Server Storage
Choosing RAID in 2013
Choosing a RAID Level by Drive Count
Understanding Hardware and Software RAID
Nearly As Good is Not Better
Hot Spare or a Hot Mess
When No Redundancy Is More Reliable
Spotlight on SMB Storage
DAC: Dreaded Array Confusion
Comparing RAID 10 and RAID 01
What is RAID 100
The Software RAID Inflection Point

From MangoLassi:
Understanding RAID 5 with Solid State Drives
Why We Do No Preemptively Replace Hard Drives in a RAID Array
The Software RAID Inflection Point
Understanding Hybrid RAIDs
Matching Drives for RAID
What is RAID 10

From Other Sources:
ZDNet: Why RAID 6 Stops Working in 2019
ZDNet: Why RAID 5 Stops Working in 2009
ZDNet: Sorry About Your Broken RAID 5
ZDNet: Has RAID 5 Really Stopped Working
ZDNet: Don't Use RAID 5 on Small Arrays
Everything You Know About Disks Is Wrong
ACM: Triple-Parity RAID and Beyond
Understanding the RAID Penalty
Practical RAID Performance
Practical RAID Decision Making
Why Non-Uniform URE Distribution May Make Parity RAID Riskier Than Previously Thought
What You Need to Know About Growing a RAID Array
NetApp Implementation of Double Parity RAID: RAID-DP
Scott Alan Miller on One Big RAID 10 at SpiceCorps DFW on YouTube

Academic:
The Mathematics of RAID 6, Anvin

Discussions:
What Makes Parity RAID Safe on SSDs but Not Traditional HDs

This is the famous "RAID Link Blast" that gets used so often. I will attempt to update it when new articles are found to be added to the list. Very handy RAID reference to have.

A very common task with Linux, or any UNIX server, is building an NFS File Server (or NAS, as many people would call it.) NFS is the most common network file protocol in the UNIX world and is cross-platform, easy to use and very efficient.

For this project, to keep things simple, I'm just going to build a basic CentOS 7 server with 100GB of storage on XFS on LVM, which gives me a highly robust, high performance, very scalable filesystem with snapshot and other features.

This is purely a lab system to be blown away later, so I can share all details.

Just a single vCPU, 2GB RAM and the system is named "SAM-UserNAS". Very simple but this will provide us with a solid file server for our needs.

Our disk setup is pretty simple, during installation I make a single 84GB logical volume to be mounted on /data that will house our file server data.

We can start by prepping the packages on the server:

yum -y update
yum -y install nfs-utils

Then we can configure the NFS services:

systemctl enable rpcbind
systemctl enable nfs-server
systemctl start rpcbind

Now we will set up the file space:

mkdir /data/users
chmod 777 /data/users

We need to, of course, open the system firewall to allow NFS traffic to pass to the server.

firewall-cmd --permanent --zone=public --add-service=nfs
firewall-cmd --reload

The configuration of our NFS file server is help in the /etc/exports file. We can edit this to include the directory that we want to share:

vi /etc/exports

And we will add this line. The IP range in question is the internal LAN for this example:

/data/users    10.100.42.0/24(rw,sync,no_root_squash,no_all_squash)

After we set up the share we can start the service now that it has something to do.

systemctl start nfs-server

And there we go, we have an NFS share already available from our new NFS file server.

Pretty excited. A big cluster will be arriving sometime tomorrow. The office tells me that there is unlikely time for it to get all hooked up until Thursday but hopefully we can get it unboxed and ready at least, tomorrow. This is our new lab platform and you should be seeing new lab projects soon as we get new capacity for doing large projects.

New toys!!

Originally posted here: https://community.spiceworks.com/topic/396228-if-you-don-t-question-me-you-don-t-respect-me

I can't believe that this was never reposted here, I feel that this is one of my more important posts over the years.

I've said it before but it bears saying again. This is a professional community. It is through asking, testing, probing, questioning, trying... that we learn from each other. I don't want people taking things that I say as some kind of mandate (unless I put it in bold, then you can work from fiat but I want people to read what I say (as I do with others) and ask if it is true and correct. Ask questions, push me to defend what I say. Don't state things if you too are not prepared to defend them.

Let's work through things together. We are all here to grow, agreed? Not to spout opinion and hope that no one else is knowledgeable enough to catch on. If we do that the community has no value. This is our sounding board. This is how we test each other. No one has all the answers, this field is huge and complex. Things are always changing. If we don't have this process we stagnate.

That doesn't mean probing the same, tried and true ideas every day - let's take time to look up existing arguments and see what has been seen as consensus and only continue to disagree if we see errors or are aware of new data. But in new situations we should work out what is true, what is best, what is good enough, what works and what does not. It is through this process, this communal feedback loop, that we become better than the individual components of the community. This is what makes Spiceworks no longer a Q&A site but a think tank for the industry. We are no longer just a passive community in a sea of IT, we are a thought generator pushing the field to improve as we do ourselves.

Using "take a picture if login attempts fail" technology, a number of ruthless hackers have been caught red handed trying to casually get in to unwatched laptops.

http://www.sadanduseless.com/2016/06/cat-hackers/

Happy to announce a new sister community to MangoLassi in the GroveSocial family: https://findinghopetogether.org

Our new sibling site is dedicated to helping survivors (or those going through) domestic abuse and violence to find help, resources, peers, etc. Site just came up a few minutes ago, so no content yet.

It does not take long working in IT to experience this phenomenon. The previous IT professional built what is clearly a disaster and then promptly quit. We see this in small shops where there is a single IT professional that leaves or in shops using an MSP and the MSP is replaced. In both cases the commonality is that when there is a change of IT staff it is a total change of staff - there is a lack of continuity between the old staff and the new staff. What is important here is that there is no one involved in making the old decisions who then is affected by them in the future.

So why do we see this so often? This might seem strange and just a bizarre artefact of IT, but there is a reason for it, I believe. Or reasons, perhaps.

IT is inherently complex and as we well know, it is poorly understood by management and often ignored. Management often sees only the results and not the risk - whether to outages, data loss, audits or whatever. This means that management will often (in fact, almost aways) reward "getting lucky" more than "doing a good job." This creates some very obvious problems. Combine this with the fact that nearly no SMB has a growth plan for IT pros effectively forcing them to change jobs to continue their careers and we have a disastrous combination of factors for the business.

To an employee making big decisions that are only see from the outside and not audited for quality processes there is only results of "it worked" or "it failed" rather than "it works but we are at huge risk of total disaster" and "it didn't work, but nearly did and it wasn't my fault." An employee is, much of the time, more protected by cutting corners than honestly trying to do good work. This is an obvious failing by management to not look for meaningful work and to reward random or worse, reckless, work.

The result is that for best career results in the SMB space much of the time and often in the MSP for the SMB space the best career options can be had by taking reckless chances. In doing this, projects can come in under budget and be completed quickly. Why waste time protecting the environment from disaster, why waste time documenting, why train someone else to take over, why study best practices or common approaches - all of these things add career risk and if the business isn't looking for a "good job" to be done, there is little incentive for the IT staff to consider them as valuable. In reality, even very reckless IT decisions are rarely going to blow up in the first year or two, most disasters happen well down the road. And even very dangerous conditions rarely have a disaster rate higher than 50% over a system lifespan.

For example, using a Walmart bargain bin laptop as a server, no RAID, no backups, with a pirated copy of Windows 2008, without being patched ever still has a better than 50% chance of not creating a disaster for more than two years. Of course we know that this is a terrible businesses decision and represents all kinds of risk to the business, yet if the business is not auditing for good decision making, long term investment thinking, thinking like an owner, risk assessments, legal licensing, industry best practices and so forth, the business would only see "working file server with active directory functionality" and "saving a fortune over other proposed solutions." Of course, the business could fail and lose every bit of their data and be hit by a major Microsoft licensing audit and be totally out of business overnight because of this, but unless those disasters hit the business might never know what risk was taken.

How does a house of cards scenario help the IT pro? In tons of ways:

• It lowers the skill and effort needed to do IT work. This lets marginally skilled IT pros look competent and even, in some cases, like super stars (short term).
• It allows IT to benefit from getting paid full time work, for doing part time effort.
• If the IT pro or MSP can walk away before the disaster hits, they look like heroes and move on to the next job(s) with a sparkling reference that they need only use once or twice before doing the same thing from the next job.
• If the disaster hits before they quit or find another job, the impact is minimal. If the fault for risky house of cards thinking gets pinned on them, they get fired or quit - it's not that much punishment, the risk is low. Find another job, use a different job that didn't have a disaster as a reference. References are a dime a dozen.
• If the disaster hits after moving on, blame the "new guy" for not maintaining the system properly. The same factors that kept management from auditing while you were there likely can't tell if you or the new guy are to blame for the disaster. Heck, he didn't fix the problems so clearly he was okay with how things were, right?
• In easily 60% or more of cases, no disaster will ever happen before systems are retired or the company fails anyway. Most SMBs go out of business in just a few years in general. So the chances that there even will be a failure at all, while insanely high for a business decision where the negative outcomes will often mean bankruptcy, is no big deal to the employee for whom the risks are trivial. So there is a very good chance that several companies that an IT pros does this to will never be any the wiser and will very often thank him for what he did.
• Even if caught, because the business wasn't watching carefully there is a very good chance that the IT Pro can pass blame to equipment, acts of God or whatever. These things happen, just look at all of the other SMBs having unexpected, total disasters. Even when caught, blame is not always assigned.

At the end of the day, IT Pros in the SMB are rarely held accountable in a way that rewards good decision making for the business and rather are more likely to be rewarded, either by the initial company or through subsequent career moves, for having put the business at risk. The risks to the business are huge, while trivial to the IT staff. Conversely, the employee is rarely rewarded for doing a truly excellent job and may be passed over for work if they refuse to cut corners compared to someone offering to "make do with fewer resources and less budget" making it actually a risky career move to do a good job!

At the end of the day, IT cannot fix this problem. Only businesses can. Good business means rewarding employees for good work and holding them accountable to bad work. But if the business rewards high risk scenarios, employees will take that route. Understanding how businesses are incentivizing their own demise or risk is the critical first step to fixing this issue.

https://itsfoss.com/learn-linux-for-free/

AFter a decade of hell, our house in NY finally sold five minutes ago. It's all done.

NTG Turns Twenty

Starting in February, 1999 NTG has been one awesome, wild adventure

Happy birthday and congratulations to NTG and the awesome NTG team. Starting as the unassuming Renaissance-West Consulting, a small Upstate New York MSP by @AndyW and @scottalanmiller - NTG has come a very long way. RW was acquired by Nicklin Associates in June, 1999 where the company became primarily a SaaS vendor. By April, 2000 the IT and software engineering team of Nicklin Associates was split off on its own again, this time as Niagara Telecom.

Niagara Telecom, Inc. continued as primarily a SaaS vendor, with its own software engineering and IT / operations functions, until 2005 when NTI rebranded as Niagara Technology Group, as it is still often known today. Niagara Technology Group shifted focus from primarily software engineering and SaaS to IT outsourcing and MSP services.

A finally rebranding came in 2010 when the ntg.co domain was acquired and the company changed their image to simply NTG. There have been so many adventures, opportunities, ups, downs, changes, surprises, good times and tough times. It has been an amazing ride and I can't imagine life without NTG and the NTG family.

Today NTG is am amazing family of people. We love working together, we love what we do. We are growing, adapting, and I can't be more excited about the next twenty years. NTG is now legally NTG LLC, and is based in Texas rather than New York, and much of our team is all over the world. And less than one year ago, NTG acquired MangoLassi adding even more to the exciting future of the company.

Happy birthday, happy anniversary, and a big thanks to everyone who is in today or who has been a part of this awesome group. I know that I am going to miss people, and there are so many that have worked with NTG over the years, but are no longer on the active roster, you are not forgotten but we can't mention everyone here.

Just some of NTG's current, active roster who are here on ML... thank you so much for being part of the family...

@Dominica
@pchiodo
@Romo
@gjacobse
@Joy
@MarigabyFrias
@valentina
@Suyeins
@tonyshowoff
@JeremyRichardson
@Karlita
@animal
@SonshineAcres
@njd5040
@Jaguar
@EddieJennings
Anny
@scottalanmiller

And our adopted family members...

@CCWTech
@LilAng
@LtWilhelm

There are so many partners, friends, part timers, on calls, future team members, retirees, old timers, new timers, interns... thank you all.

You just provided a mug shot

The title pretty much says it all. Too often, nearly always in fact, in IT I hear technical professionals and sometimes even business people talk about redundancy where it makes no sense. Not that having redundancy itself is bad for them, but they talk about it instead of talking about the thing that matters: *reliability.

Redundancy simply refers to having more than one of something. As a business, at the goal level, I never care about this. I don't care if I have one drive or two in my servers, I only care that I don't lose data however that is achieved. I don't care if my airplane has one pilot or two, as long as it doesn't crash. If we had a magic way to make data safe without RAID or an airplane safer without pilots that would be better, not worse.

But too often in IT we find people looking for redundancy for its own sake, as if buying two of things is a goal. But it never is. Never. Redundancy is only ever a tool used in the hopes of gaining reliability. Often there are ways to obtain reliability through other means and often the cost of redundancy is greater than the value of the reliability that it provides. This is why companies often opt not to have redundant data centers, ISPs, or even servers in many cases - the cost outweighs the value.

When we discuss our needs or the importance of reliability in decisions it is critical that we talk about reliability. There is a reason why reliability is referred to in terms of resultant value like getting five nines of uptime and redundancy is only a checkbox regardless of how good (triple mirrored RAID 1 or active/active EMC SAN controllers) or how bad (RAID 5 on old SATA disks or tightly dependent SAN controllers) that redundancy is for us. In some cases, like large RAID 5 sets or low end dual controllers SANs, redundancy often actually lowers reliability in the real world rather than raising it!! But many IT professionals and even some business professionals get confused and talk about redundancy instead of reliability and fail to understand why these solutions can be not just bad but really, really bad because they've lost sight of why they were implementing redundancy in the first place - because they thought that it would provide enough of an improvement in reliability to offset the cost of the implementation and any additional risks that it would introduce itself.

The reality is is that understanding reliability is challenging and not many IT professionals and sadly even many business professionals are not trained in risk and struggle to be able to evaluate the reliability of two different solutions, products, designs or techniques. Because reliability is hard to understand and convey it has become a simple "out" to use the term redundancy as a proxy for reliability - nearly everyone understands that reliability is the goal and they just assume that redundancy is good, non-redundant is bad but that simply isn't the case. All redundancy needs to offset its cost to have any hope of being valuable and that means that only certain types of redundancy that improve reliability rather than hurting it even have a chance of being considered for that.

Redundancy is a crucial tool in the IT professional or any engineer's toolbox, one that we use almost daily and think about constantly. But never lose sight of why we use it. Redundancy is never what matters, only what redundancy might provide us is what matters. Not all redundancy is created equal and not all redundancy, even when it improves reliability, has value. Redundancy should never be treated as a check box.

Keep your eyes on the goal which is always reliability, never redundancy.

There are three different concepts of drive swapping: cold, hot and blind (or blind hot.)

Cold Swapping: No enterprise or business class servers would ever require cold swapping of hard drives, although a shocking number of IT pros assume that cold swapping is required or recommended. Cold swapping of drives means that the entire server is powered down before being able to replace a failed drive. This defeats much of the value of RAID and is mostly a product of consumer desktop products.

Hot Swapping: The ability to replace a hard drive while the server is still running. This allows for zero downtime drive replacement so, in theory, an array could be replaced, drive by drive, over a period of time many times over without the server ever needing to be powered down. Any enterprise class or business class server will be hot swap by definitionl. Lacking this feature would disqualify a device from being considered business ready as a server.

Blind Swapping: Generally a unique feature to hardware RAID systems. This is an extension of hot swapping that includes not needing to interact with the operating system first. Hot swapping alone does not imply that a lack of interaction is needed. Blind swapping is popular in large datacenters so that datacenter staff who do not have access to the operating system can replace failed drives without any interaction from the systems administrators.

Can you also negotiate the renaming of the store to "Crazy AJ's"?

The NTG Lab's Scale Computing HC3 hyperconverged cluster is finally online (well part of it, anyhow.) Enough that we are starting to use it and grabbing the first screen shots. Here is the first login screens. More will come once the first ISOs get uploaded. Since OpenSuse is so hard to get on a traditional cloud, we are getting that installed first. Download is underway.

And yes, that is an Ubuntu 14.04.3 Jump Box that the shots are taken from.

Now that we have our first Linux VM installed, we are ready to poke around and get the lay of the land. One of the most important and common things that we will do in Linux is move around the filesystem. The filesystem on Linux is relatively similar to ones you would have seen on DOS, Windows, Mac or other operating systems. Nothing foreign or unusual here.

Like other operating systems, Linux has a concept of a "working directory", meaning "where you are now." You can move around in the filesystem, changing your location from one folder to another. Folders can be nested very deep. We need to know how to move around, how to look at what is around us and how to look up where we are located currently.

Right now we are going to be working in the BASH shell. We won't dive into details yet, we will cover more about shells soon. We just want to establish, at this point, that the command line interface that we are looking at is called BASH and is not, as people often believe, intrinsic to Linux itself.

We have three commands that we are going to learn to get us started. These commands are:

• pwd
• cd
• ls

These are commands that you will use constantly throughout your Linux (or any UNIX) career. We will look at each in turn. (Get used to this, much of learning Linux is learning how and when to use different commands and command options.)

pwd: Short for "print working directory", this command simply tell us what our current location is in the file system.

cd: Short for "change directory", this command is what allows us to move around within the filesystem. Same command as on Windows, it should be very familiar.

ls: Short for "list" and is the Linux equivalent of the Windows Command Shell "DIR" command. This lists the contents of the current working directory.

The UNIX Filesystem Hierarchy In the UNIX world we work from a single directory tree that contains all filesystems attached to our computer. This is often a point of confusion for people coming from the Windows world. Because of the built in expectations of Windows users, it is necessary to address how the filesystem hierarchy works there and contract it with how things work in UNIX, including Linux. I mention this as UNIX because it is good to understand that this is just another part of Linux following more general UNIX standards.

In the Windows world, we are used to the concept of the C drive, D drive, and so forth. Each resultant block device attached to the computer is presented as an additional "drive" to the end user. End users are responsible for keeping track of what each drive letter means in their specific system, left wondering where the A and B drives went, unclear why A, B & C are special cases but other drive letters are not, and so forth. A lot of the "under the hood" aspects of the system are exposed to the end users who, rarely, know what they are supposed to do with that information. This is a legacy exposure from Windows' DOS history. Sometimes drive letters can change making things even more confusing, there is no guarantee of consistency.

UNIX approaches the directory structure completely differently. Instead of each block device being a unique directory structure we have only a single directory structure no matter how many block devices we have. We can have twenty physical disks, forty partitions, ten SAN LUNs mounted and hundreds of "mapped" drive shares and still it is all a single directory structure. Users are presented with usable space, not a myriad of drive letters (and without the connection limitation of drive letters.) This means that users get a simpler, more intuitive, straightforward experience with unnecessary complexities abstracted away.

In Windows are we used to the root of our directories starting with **C:**. In UNIX we always start with the base directory, which is known as root and is simply written as /. Take note that in the Windows world we are used to seeing a backslash in directory listings. In UNIX we use a forward slash!

So in Windows we might see a full path to a file written so:

C:\mydirectory\myfile.txt

And in UNIX we might see a full path to a similar file written so:

/mydirectory/myfile.txt

This will make more and more sense as we continue.

Common UNIX Directories In nearly any UNIX system we are going to have a common set of directories located under / (aka the root.) It is important to note that this is a convention of UNIX and not a hard and fast rule. But all popular UNIX systems use the same file structure, there is no reason to alter it and you will likely never experience anything that differs from the standard in a normal career. Across all well known Linux, BSD, AIX, Solaris, HP-UX and more, even archaic systems from long ago, this structure is standardized. So while it is technically only a convention, it is a very, very strong one. There is nothing to prevent you from modifying it on your own systems, but this would cause mass confusion.

Nearly all UNIX systems will have a few "extra" directories located under the root and Linux itself has more than base UNIX within its standard list. Additionally, it is very common for system administrators to store custom directories there, so do not be surprised to find special cases regularly.

*In Linux, the Linux Foundation themselves maintain the official standard as to what the core directories should be and how they are to be used. This is called the Filesystem Hierarchy Standard.. Officially they maintain this standard for all UNIX, but it is only Linux that has fully adopted it.

In Linux we expect to find the following core directories under /

• /etc Pronounced et-cee (now, but it originally was known as etcetera), this is the system configuration directory. Comparable to the Windows registry, this is a directory containing many files that configure not only the operating system but also most (if not all) applications installed on it. It is standard for all applications of any type to store their configuration here, however many do not do this and there is no mechanism to enforce it. The more popular and enterprise an app is, the more likely that its configuration will be here.

• /bin The binary directory (binary meaning executable files) for critical commands that need to be available anytime that Linux is running.

• /boot Boot loader files, the Linux kernel and initrd. This is how your Linux system bootstraps itself.

• /dev System Devices. This is where your block devices, network devices, and more are found. More on devices as files in a later lesson.

• /home User home directories.

• /lib Core libraries requires for the commands installed in /bin and /sbin

• /media A blank mount point used for removable media. A new addition to the FHS and so may not be found on all systems and almost certainly not outside of Linux.

• /mnt A blank mount point used for temporary filesystems. Also uncommon outside of Linux.

• /opt The "optional" directory, for storing optional applications. This is where third party and non-system applications are expected to be installed.

• /proc This is a virtual "in memory" filesystem that provides an interface to and vew into running processes and the kernel itself.

• /root A special case home directory for the root user. The name is confusing as / is called root, so fully pronouncing /root is "root root".

• /run Run-time variable data with information about the running system since last boot.

• /sbin Essential system binaries (s for system, bin for binary) that are not as critical as those under /bin.

• /srv The "server" directory. Designated for site-specific data which are served out by the system.

• /tmp Called "temp", this is the temporary directory or scratch space. Some systems persist this between reboots, some delete all contents on reboot, some even store /tmp in memory allowing for no persistence of any kind. Assume anything there will not persist as good practice.

• /usr Pronounced "you sir", this is a secondary hierarchy for read-only user data which is mostly where utilities and applications will be installed.

• /var Variable files, means variable sizes. Log files, databases and such go here. This is the only directory that is not of roughly fixed size during the normal operations of a system.

The FHS futher goes into a detailed list of standard sub-directories within some of these top level directories such as /usr and /var but we do not need to get bogged down in those now. Mostly they are self-explanatory.

Now that we know what to expect, we should log into our own Linux system and use our new commands to explore our filesystem!

For the moment, we will log in through a console session - that is as if we were sitting physically at the machine. In my example I am using the web console from the Scale cluster on which I am working. For most of you, you will likely see the console in Hyper-V, VMware vCenter, XenCenter, Xen Orchestra, VMware Workstation, VirtualBox, etc. All of them have consoles and will look essentially the same. These console redirect the local keyboard, video and mouse so the Linux install believes that you are sitting physically in front of it. So look at your console now and log in as "root" using the username "root" and the password that you set in our last lesson.

Now we will take a quick look around using our new commands:

In the screenshot here I have included several commands being run. You will notice that our default command prompt is a bit compled and looks like...

[[email protected] root]#

This is an informative prompt that tells us first who we are followed by what host we are working on then what directory we are in. This prompt can be customized and varies between different systems, but this is a pretty standard configuration for the administrative user. As you move around the filesystem you will notice that the prompt changes as you move.

In my example I begin by using pwd to see where we are currently, then using cd / to move our current working directory to the root (designated by /) and used pwd again to show that it worked, which we already knew because our prompt showed us that as well. The I list the contents of the root directory using ls.

These three commands are all that you need to move around the file system. Take some time to move around, dig into directories and explore. Using these commands are always safe.

Understanding Absolute and Relative Paths In our examples thus far, we have talked about where things are in the directory hierarchy in absolute terms. When we use the cd command, for example, we can tell the system that we want to use an absolute file path by starting the directory with the root indicator /. So we can move into the var directory from any location, at any time by writing cd /var. If we wanted to go to the common log directory which is inside of /var we could do so like this cd /var/log.

Relative paths work slightly differently. Relative paths care what our current working directory is (as shown by pwd.) So instead of just writing cd /var/log we could use this set of commands instead:

cd /
cd var
cd log

The results are the same. We tell the cd command to use relative pathing because we exclude the preceding forward slash.

I was lucky enough to get my first IT job (rather than as a developer which I had done previously) as a Solaris / UNIX System Administrator in the early 1990s. Surprisingly, many of the lessons that were passed down to me from my mentors in that role when I was still a teenager have stuck with me and have formed much of the basis for my practices in systems administration. I find it interesting how many lessons I learned then seem to have been relatively unique and are often not taught still today.

One lesson I remember well, I still remember my mentor speaking, was the importance of using generic, standard, vanilla tools for our administration tasks. The temptation is obvious, download the latest, coolest tools, third party add ons and such. Our experience as end users suggests that we should go out, look for software, try all kinds of different things and use the stuff that is right for us, is just the right tool for the job or makes us productive. End users spend a huge amount of time tracking down and selecting their personal toolset.

System administrators are not end users, however. Our needs are quite different and we need to think differently about how we use computers.

End users can spend a lot of time tweaking everything that they do to be just as they like it. Their focus is on their own productivity. System admins cannot. Our focus is not productivity but is, instead, on reliability and availability. Need a different mindset.

So why would a system admin use bland, generic tools like BASH, vi and avoid making aliases for common tasks? Why not move to a handy modern shell, why not use nano to make text editing easier, why not go find some amazing utility that puts a handy new interface on our tasks?

Because, as my mentor liked to point out, those things are great when you have time to set them up, but that's not what matters. What matters is how much we are able to work when things go wrong. And when things go wrong, the tools that we use will often not be determined by us and setting them up will not be an option. When push comes to shove, we need to be able to work on the systems as they are, not as we can tweak them. A system admin earns their value when the system is on fire, not when things are pristine and relaxed. The opposite of an end user.

How this plays out, or could play out, is varied. It might be that we are stuck working on servers that we are not used to or have not seen before, it might be that we switch jobs or departments or a new policy comes out that forces us to stop using a tool, it might be that we have to train or mentor someone else or follow guides written by others. Becoming depentant on custom modifications or uncommon tools puts us at risk. Risk of not knowing how to use the available tools, not knowing what tools to use or just being slow and figuring out basic administration skills under pressure rather than when things are healthy.

Specifically, having started in the UNIX world, tools that I was told to always use were the default system shell, the vi text editor and to avoid aliases. The advice is much broader but these were common examples of things that people were easily tempted to modify (at the time.)

It was a sensible lesson and one that I came to appreciate some seven years later. At the time I was working as the head of IT for a sector at the world's largest manufacturing company. I got a call that manufacturing was down because one of the UNIX machines that controls the environment was not working and no one could work on it. So I went down to work on it myself.

It turned out to be an issue that could be resolved only in an emergency environment where the only available tool for text editing was vi, the much maligned universal UNIX text editor. It turned out that no one in the facility knew how to use it. Even by that time, over a decade and a half ago, replacements for vi were so common that most people had never actually used it. We got the system back up, and all was well.

As an example, vi is important because it is the base text editor available on every UNIX system. Not just Linux or Solaris or something old, but everything. Everything installed thirty years ago, everything installed new today. In an emergency, it is the one text editing tool that you are be certain is going to be available to you. And contrary to popular belief, quite often it is the only one available even in production working environments.

Over twelve years after that anecdote about vi in the manufacturing facility took place, I was on an online forum, much like this one, and had to help a manufacturing company on the other coast deal with a similar issue. After much discussion, checking invoices and such, we actually determined that the same aged Solaris server tied to the same equipment had been sold, shipped, set up and was still running and still had the same issues and still required the same knowledge and experience to support. I assume it is still running today. That other shop invested a large sum of money into deploy "new to them" a system with only vi as an option.

It may sound like an issue people would not have today, but they truly do.

Using base tools is important from a career perspective as well. It is rare that as a system administrator on an admin team that you will want to request special tools just for you or that you will be allowed to customize the server environments. In smaller shops you may be allowed to do this, but in many you will not. Even if only for reasons of respect, you want to be well versed and able to work in standard shells and tools when interfacing with coworkers. The majority of the UNIX world still expects the majority of tools to be standard ones. Not using them daily will put you at a disadvantage socially, if not technically.

The same, of course, is true in the Windows world. The culture is quite a bit different and the need for third party tools for many tasks is higher and the need for additional tools to make things "easy" is less. Or it was. This is changing as Windows moves towards GUI-less administration and will soon, very likely, have the same stigmas and tool availability issues that UNIX has long had.

As a system admin, it is important not to think of ourselves as end users, but as a different type of user where we have to adapt to the system rather than making the system adapt to us.

Part of a series on Linux Systems Administration by Scott Alan Miller

I feel like nearly every day I read a thread somewhere about someone building a server, running into issues and then discovering as we look into what might be wrong just one thing after another that all should have been caught long before a server was built and are mistakes that seem incredibly basic, but when I think about how someone building their first server would learn these things, I'm at a loss as to how they would know them all; even though we expect everyone to know these things. So I figured that it would behoove everyone to put some of this basic knowledge into a single spot.

I'm not 100% sure how to approach this list and of course, there are exceptions to every rule, but if you need any kind of guide, then you are probably not the person to whom exceptions apply. So here we go:

1. Always plan your server design before purchasing it. Don't try to shoehorn whatever was purchased to fit the need, buy the right thing to start with.
2. Always plan for backups. If the system is worth running, it's worth backing up.
3. Buy enterprise hardware and support. That's vendors like HPE, Dell, Oracle, IBM, Fujitsu, Cisco and SuperMicro. Refurbished is okay, whitebox is not.
4. Get and set up out of band (OOB) management (tools like iLO, iDRAC, IPMI, etc.)
5. Get genuine hardware RAID with a real cache (1GB or larger).
6. Set up RAID 1 or RAID 10 with spinning drives, RAID 5 or RAID 6 with SSDs. Never RAID 5 with spinning drives.
7. Set up only a single, large array, don't make multiple arrays, don't buy multiple sized or speed drives.
8. Always virtualize, don't even consider a physical install unless it is before 2005 (hint: it's not.) Install your hypervisor (Xen, ESXi, Hyper-V or KVM) to the bare metal, always. Don't install any kind of local GUI.
9. Use an enterprise OS (CentOS, Suse, Windows, Ubuntu, FreeBSD, for example.) Always install the latest when possible, don't intentionally install technical debt. There are some exceptions to this, but pretty few. Don't install any kind of local GUI.
10. Update and keep it updated. Patching is critical.
11. Set up a reboot schedule.
12. Do not disable the local firewall. Install it if it is missing.
13. Always install an anti-virus if running Windows.
14. Don't disable any security mechanisms (UAC, SELinux, AppArmor) to "make things easy."
15. Add monitoring.
16. Add log management.
17. If you have any questions, uncertainty or doubt, ask questions, get peer review, etc. before finalizing decisions.

These are the basics. Any of these proves a challenge, you need to stop and re-evaluate why you are running a server and how you plan to keep it working and what its value is to your organization. There are special exceptions to each rule, but assume that they do not apply to you.

We at ML are always so glad to welcome newcomers to the community. We try our best to we welcoming and friendly. We understand that when you first arrive the community can be overwhelming and you might be unsure where to go first. That is only natural. So here is a little guide to finding the things that you need to get going right away.

Jump into the announcement thread and say hello. There is a thread whose only purpose is to announce yourself and let people know who you are and that you are new here. This is the best place to get started.

Check out What Are You Doing Now. This thread is a little like an internal Twitter feed with lots of people just posting what they are doing right at the moment. Tell us anything, this is an "anything goes" thread and a great place to get to know people as this is a very busy thread. Post about your latest project, your travel plans or just what you are having for dinner.

Set up your avatar. This helps people to recognize and remember you and makes the site much more personable. We have instructions on how to set up your avatar easily with Gravatar.

Hit the "Unread" Button and See What Is New The unread button is awesome, use it to see what the latest posts and active threads are so you can see what people are talking about right now.

Set Up Your Preferences Click on your picture in the top right and then click on your name. Set up your settings and preferences there. Possibly the most important ones are around how you will be notified. Many people like to get email notifications that threads that they are involved in have gotten a response (I would avoid subscribing to the What are you doing now? thread as it is so active.) And email alerts when someone wants to chat with you is good too!

Have fun and welcome to the community!

If You Are an IT Service Provider check out How to Get Your Service Provider Label.