thinking sysadmin

Disclaimer: I am not a FirePass administrator; only an end-user and have no other relationship with F5. There may be better methods to address this issue; please comment if you know of one.

See also: f5vpn-login.py, described here, and brought to my attention by sh4k3sph3r3. A CLI FirePass client is quite likely a better solution than separate browser instances, etc.

Preliminaries: Although the F5 FirePass SSL VPN product supports Linux, as best as I can tell, that support is somewhat limited: My understanding is that they officially claim support for 32-bit installs only, and they do not appear to track new distribution releases particularly aggressively. F5 has also been somewhat slow in supporting new browser versions: They announced support for Firefox 3 on October 6, 2008, nearly four months after its release and with only two months to go before Firefox 2 was end-of-lifed. For Firefox 3.6 support, a comment on the post linked above states that you need to request a special hot fix from F5 (which my site has not applied). There is no Google Chrome support that I am aware of.

Further, F5’s automated client installation tools have unfortunately never worked for me on Linux, even when the architecture and browser are in their support matrix. The manual download instruction links are also broken on the FirePass install I connect to.

Solution: Install a dedicated, 32-bit version of Firefox in a supported version; create a single-purpose Firefox profile for VPN use. Add the FirePass client to that browser and the operating system.
Read the rest of this entry »

There have been a few posts elsewhere discussing file-level recovery for Linux VMs on NetApp NFS datastores, but none that have dealt specifically with Linux LVM-encapsulated partitions.

Here’s our in-house procedure for recovery; note that we do not have FlexClone licensed on our filers.
Read the rest of this entry »

• Timekeeping best practices for Linux – “This article presents best practices for Linux timekeeping. These recommendations include specifics on the particular kernel command line options to use for the Linux operating system of interest. There is also a description of the recommended settings and usage for NTP time sync, configuration of VMware Tools time synchronization, and Virtual Hardware Clock configuration, to achieve best timekeeping results.” Where has this document been since I started deploying VMware? Oh, wait, looks like it may have been written on August 19th… Still, thanks, VMware – exactly what I wanted!
• VI:OPS – A new VMware site: “We created VI:OPS to widen the discussion beyond pure, deep technical by adding five topics that VMware staff, partners and customers talk about all the time but where there is no online collaboration facility for these topics.” I found the above link through a post on this site.

• Blocks & Files: Now HP contributes HPC file system to open source – “HP has contributed its Tru64 UNIX Advanced File System (AdvFS) source code to the open source community, meaning Linux.” It’s been a long time since I’ve used AdvFS (the last time I used Tru64 was in 2003 or so), but it seems to me that this would maybe have been a lot more exciting if it had happened in 2000 or so. They do have a site up on SourceForge with source code already available for download, but I have to wonder how much interest this is going to attract with all the other file systems already out there.
• VMware VROOM!: Scaling real-life Web server workloads – “While the performance of each single-VCPU virtual machine is slightly lower than that of a one-CPU native machine (because of virtualization overhead), the cumulative performance of the multiple virtual machines well exceeds the performance of a large SMP native machine (because serialization penalties are reduced).” In other words, if you know that you have a scale out (instead of scale up) application, you can scale out by scaling up your virtualization server.

In the past, I’ve used our local mirror of the CentOS yum repository to kickstart machines booted using PXE; apparently, this no longer works with CentOS 5.1, although it did with 5.0. If you attempt to do so, after the initial PXE boot, you get the following message:


The CentOS installation tree in that directory does not seem to match your boot media.

Read the rest of this entry »