Difference between revisions of "Sysadmin Todo List"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
 
(26 intermediate revisions by 3 users not shown)
Line 1: Line 1:
This is an unordered set of tasks. Detailed information on any of the tasks typically goes in related topics' pages, although usually not until the task has been filed under [[Sysadmin Todo List#Completed|Completed]].
+
This is the new Sysadmin Todo List as of 05/27/2010. The previous list was moved to [[Old Sysadmin Todo List]]. This list list is incomplete, and needs updating.
== Daily Check off list ==
 
Each day when you come in check the following:
 
  
=== Monitoring ===
+
== Projects ==
# Check the Cacti temperatures and other indicators: http://roentgen.unh.edu/cacti
+
*Convert physical and VMs to CentOS 6 for compute servers ([[taro]],[[endeavour]]) and all others to either 6 or 7. 
# Check Splunk: [http://pumpkin.farm.physics.unh.edu:8000/] or localhost:8000 on pumpkin.
+
**VMs: Einstein
 +
**Physical: [[endeavour]], [[taro]], and [[gourd]]
 +
*Mailman: Clean up mailman and make sure all the groups and users are in order.
 +
*CUPS: Look into getting CUPS authenticating users through LDAP instead of using Samba.
 +
*Printer: Get printtracker.py working and see if you can get a driver to properly recognize page number count instead of just giving the value as a number of 1 which corresponds to a job submission not the number of pages.
 +
*Check /etc/apcupsd/shutdown2 script on Gourd to make sure all the keys are correctly implemented so the machines go down properly during a power outage.
 +
*Do a check on Lentil to see if there is any unneccessary data being backed up.
  
=== Verify the following: ===
+
==Daily Tasks==
# Einstein ([[Script Prototypes|script]]):
 
## Up and running?
 
## Disks are at less than 90% full?
 
## Mail system OK? (spamassasin, amavisd, ...)
 
# Temperature OK?
 
# Systems up: Taro, Pepper, Pumpkin ?
 
# Backups:
 
## Did backup succeed?
 
## Does Lentil need a new disk?
 
  
== Important ==
+
These are things that should be done every day when you come into work.
=== Towards a stable setup  ===
 
Here are some options: <br>
 
* Test VMware server (See [[VMWare Progress]]). Specifically, I would like to know:
 
## How easy is it to move a VM from one hardware to another? (Can you simply move the disks?) '''Yes.'''
 
## Specifically, if you need to service some hardware, can you move the host to other hardware with little down time? (Clearly not for large disk arrays, like pumpkin, but that is storage, not hosts). '''Considering portability of disks/files, the downtime is the time it takes to move the image around and start up on another machine.'''
 
## Do we need a RedHat license for each VM or do we only need a license for the host, as with Xen? '''It seems to consume a license per VM. Following [http://kbase.redhat.com/faq/FAQ_103_10754.shtm this] didn't work for the VMWare systems. The closes thing to an official word that I could find was [http://www.redhat.com/archives/taroon-list/2004-August/msg00292.html this].'''
 
## VMware allows for "virtual appliances", but how good are these really? Are these fast enough?
 
  
* Because not all of our systems are RHEL, we should look into some management solution like [http://www.redhat.com/spacewalk/ spacewalk]. This should be a good use for a VMware appliance
+
#Do a physical walk-through/visual inspection of the server room
* Also, [http://func.et.redhat.com/ func] looks like a nice tool to fiddle with later.
+
#Verify that all systems are running and all necessary services are functioning properly
* We can look at using [https://fedorahosted.org/cobbler/ cobbler] to ease system installation later. Maybe another vmware appliance?
+
#*For a quick look at which systems are up you can use /usr/local/bin/[[serversup.py]]
 +
#*[[Gourd]]: Make sure that home folders are accessible, all virtual machines are running
 +
#*[[Einstein]]: Make sure that [[LDAP]] and all [[e-mail]] services (dovecot, spamassassain, postfix, mailman) are running
 +
#*[[Roentgen]]: Make sure website/MySQL are available
 +
#*[[Jalapeno]]: Named and Cups
 +
#*[[Lentil]]: Verify that backups ran successfully overnight. Check space on backup drives, and add new drives as needed.
 +
#Check [[Splunk]]: [https://pumpkin.farm.physics.unh.edu:8000 click here if you're in the server room], or open localhost:8000 (use https) from [[Pumpkin]]
 +
#*Check logs for errors, keep an eye out for other irregularities.
 +
#Check [[Cacti]]: [http://roentgen.unh.edu/cacti http://roentgen.unh.edu/cacti]
 +
#*Verify that temperatures are acceptable.
 +
#*Monitor other graphs/indicators for any unusual activity.
  
* Bugzilla:
+
==Weekly Tasks==
** We should try and transition to a bugzilla setup for task-tracking and documentation. The wiki really isn't the right format for this sort of thing. The advantage of bugzilla is that we can use bugs as tasks, have them marked with a status (open, closed, in progress, waiting, etc.), use the "discussion" feature to document our progress with status updates, and actually have a history of who did what.
 
** It should be set up on a nice, small, portable VMware image.
 
** The firewall on the machine should allow VMware remote access, web access (https), and ssh.
 
** It might be a good excuse for learning how to actually use SElinux properly.
 
** Let's name it corn.unh.edu, since we're not using it, and it fits the farm scheme.
 
** Let's make it kind of like a vmware appliance.
 
  
=== Miscellaneous ===
+
These are things that should be done once every 7 days or so.
* Get einstein's mirror back up.
 
  
* FIX LDAP!
+
#Check physical interface connections
** LDAP is really screwed up for us. We need to clean it up, fix it up, even start over if we have to. So far, screwy things are that we can't modify netgroup entries (<font color="green">'''fixed''' (maurik) Updated the /etc/openldap/schema/nis.schema to fix nisNetgroupTriple. Now works fine.)</font>, luseradd/luserdel don't work at all, Luma and other graphical clients don't work consistently, JXplorer only really works on macs, and even then only on Maurik's.
+
#*Verify that all devices are connected appropriately, that cables are labeled properly, and that all devices (including RAID and IPMI cards) are accessible on the network.
** I think we should design a new, clean, fairly minimalist ldap structure. Users, groups, clients, and netgroup make sense to have, but most of the rest is garbage. If we can get this set up, we can tie backups and firewalls back in properly, so we have a single way to do a lot of the administration.
+
#Check Areca RAID interfaces
 +
#*The RAID interfaces on each machine are configured to send e-mail to the administrators if an error occurs. It may still be a good idea to login and check them manually on occasion as well, just for the sake of caution.
 +
#Clean up the server room, sweep the floors.
  
* Webalizer is not working on roentgen, the webserver. Find out why.
+
==Monthly Tasks==
* Set up one of the dell 755 computers with a linux/XP dualboot. Use the wireless card we have set aside, and name it madamewu. (or maybe lisemeitner, since Bo's computer is benfranklin, was lisemeitner.)
 
* Set up a VMWare appliance for ntop. This is functionality we're really seriously missing.
 
* Look over code for wigner print control, or look into papercut
 
* Get transana stuff working for Dawn/Chris.
 
* Look at moving the virtual machines to VMWare on taro.
 
** Get a dedicated VMWare drive working. Maybe two, so that we've got a mirror in case a drive fails we don't end up losing all our VMs?
 
* Look at VMWare appliance-style monitoring solutions, like cacti or splunk, or even something else.
 
* Upgrade Calarco's windows machine's RAM
 
* Fix EVO webcam video on Sarah's computer.
 
* Einstein gets a few hits a day to old webpages that don't exist anymore, givng 404s. Maybe we can set up redirect rules to point to the right place, or something else to remove a few daily errors from the logs.
 
* Fix front sound output on Sarah's computer.
 
* Determine a better organization system for cables, parts, etc. Junky cardboard boxes are a bit cumbersome, and they look bad.
 
* We should look into what software is necessary on what machines, for disk space concerns. I'm thinking of Pepper in particular, do we really want openoffice data taking up an eighth of the root partition?
 
* Fix some of the older workstations (hobo, ennui, etc.)
 
* Check into smartd monitoring (and processing its output) on Pepper, Taro, Corn/Pumpkin, Einstein, Tomato (Actually, all the systems).
 
  
== Ongoing ==
+
#Perform [[Enviromental_Control_Info#Scheduled_Maintenance|scheduled maintenance]] on the server room air conditioning units.
=== Documentation ===
+
#Check S.M.A.R.T. information on all server hard drives
* '''<font color="red" size="+1">Maintain the Documentation of all systems!</font>'''
+
#*Make a record of any drives which are reporting errors or nearing failure.
** Main function
 
** Hardware
 
** OS
 
** Network
 
* Continue homogenizing the configurations of the machines.
 
  
=== Maintenance ===
+
==Annual Tasks==
* Check e-mails to root every morning
 
* Check up on security [http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/ch-sec-network.html#ch-wstation]
 
  
=== On-the-Side ===
+
These are tasks that are necessary but not critical, or that might require some amount of downtime. These should be done during semester breaks (probably mostly in the summer) when we're likely to have more time, and when downtime won't have as detrimental of an impact on users.  
* Backup stuff: We need exclude filters on the backups. We need to plan and execute extensive tests before modifying the production backup program. Also, see if we can implement some sort of NFS user access. '''I've set up both filters and read-only snapshot access to backups at home. Uses what essentially amounts to a bash script version of the fancy perl thing we use now, only far less sophisticated. However, the filtering and user access uses a standard rsync exclude file (syntax in man page) and the user access is fairly obvious NFS read-only hosting.''' <font color="green"> I am wondering if this is needed. The current scheme (ie the perl script) uses excludes by having a .rsync-filter is each of the directories where you want excluded contents. This has worked well. See ~maurik/tmp/.rsync-filter . The current script takes care of some important issues, like incomplete backups.</font> Ah. So we need to get users to somehow keep that .rsync-filter file fairly updated. And to get them to use data to hold things, not home. Also, I wasn't suggesting we get rid of the perl script, I was saying that I've become familiar with a number of the things it does. [http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/ch-acls.html#s2-acls-mounting-nfs]
 
* Continue purgin NIS from ancient workstations, and replacing with files. The following remain:
 
** pauli nodes -- Low priority!
 
  
== Waiting ==
+
#Server software upgrades
* Move pauli8 drives into pauli5 so that Heisenberg can access his data. '''The raid array on them has been rebuilt, but there seems to be weird behaviour with LVM or something related.'''
+
#*Kernel updates, or updates for any software related to critical services, should only be performed during breaks to minimize the inconvenience caused by reboots, or unexpected problems and downtime.
* Get the rest of the paulis up. Looks like NIS is in the way on at least one of them. Update to LDAP will be necessary. '''A workaround can be to make a local jhh user on each, and point its home directory to /net/home/jhh. Not the most elegant solution, but the fact that NIS was around seems to have blocked LDAP from working properly.''' Do we even need the paulis anymore? Is silas giving some computational space to Jochen?
+
#Run fsck on data volumes
 +
#Clean/Dust out systems
 +
#Rotate old disks out of RAID arrays
 +
#Take an inventory of our server room / computing equipment
  
== Completed ==
+
<!--{| cellpadding="5" cellspacing="0" border="1"
* Set up UPS monitoring for each UPS. ''It works! Einstein even cleanly shuts down when the power is critically low.''
+
! Time of Year !! Things to Do !! Misc.
* Bohr is slow with PDFs. Maybe time to put a newer distro on bohr? ''He's using RHEL4. It's good enough for now, and he hasn't mentioned it again.''
+
|-
* Gourd is giving smartd errors. Should we be concerned at all, since nobody uses it anymore? ''People do use it, just not all that often. Once Lorenzo's graduated and everyone straightens out their data, we can evaluate our data storage setup.''
+
| Summer Break || ||
* Set up signal generator software on lab computer.
+
|-
* Set up USB oscilloscope software on lab computer.
+
|  || Major Kernel Upgrades ||
* Get familiar with denyhosts.
+
|-
* Learn how to use [[cacti]] using a VM appliance. ''Now unnecessary, since we run cacti directly on roentgen.''
+
|  || Run FDisk ||
* Backups weren't running because the RPM cron job hung, and run-parts does stuff in alphabetical order. RPM comes before rsync, so rsync-backup never got run. To prevent this in the future, rsync-backup is now called 0rsync-backup. so it will always run right after anacron and logwatch.
+
|-
* The workstation Wilson can now print to wigner.
+
|  || Clean (Dust-off/Filters) while Systems are Shut down ||
* Rebuilt the npg-admins mailing list. Because of mailman's strange structure, it wasn't possible to carry over the old archives cleanly. There apparently were also version incompatibilities, so we had to start over.
+
|-
* '''Monitoring''': I would like to see the new temp-monitor integrated with Cacti, and fix some of the cacti capabilities, i.e. tie it in with the sensors output from pepper and taro (and tomato/einstein). Setup sensors on the corn/pumpkin. Have an intelligent way in which we are warned when conditions are too hot, a drive has failed, a system is down.  '''I'm starting to get the hang of getting this sort of data via snmp. I wrote a perl script that pulls the temperature data from the environmental monitor, as well as some nice info from einstein. We SHOULD be able to integrate a rudimentary script like this into cacti or splunk, getting a bit closer to an all-in-one monitoring solution. It's in Matt's home directory, under code/npgmon/''' - '''Mostly done'''
+
| Thanksgiving Break || ||
 
+
|-
== Previous Months Completed ==
+
| Winter Break || ||  
[[Completed in June 2007|June 2007]]
+
|-
 
+
| || Upgrade RAID disks || Upgrade only disks connected to a RAID card
[[Completed in July 2007|July 2007]]
+
|--
 
+
| Spring Break || ||
[[Completed in August 2007|August 2007]]
+
|-
 
+
|} -->
[[Completed in September 2007|September 2007]]
 
 
 
[[Completed in October 2007|October 2007]]
 
 
 
[[Completed in November/December 2007|NovDec 2007]]
 
 
 
[[Completed in January 2008|January 2008]]
 
 
 
[[Completed in February 2008|February 2008]]
 
 
 
[[Completed in March/April/May/June 2008|March/April/May/June 2008]] (I'm doing a great job keeping track of this, eh?)
 
 
 
[[Completed in July/Aug/Sep/Oct/Nov 2008|July/Aug/Sep/Oct/Nov 2008]] (It was the move, but still no excuse!)
 
 
 
[[Complete in December 2008|December 2008]]
 
 
 
[[Completed in Jan/Feb/Mar 2009|Jan/Feb/Mar 2009]]
 

Latest revision as of 16:42, 15 February 2015

This is the new Sysadmin Todo List as of 05/27/2010. The previous list was moved to Old Sysadmin Todo List. This list list is incomplete, and needs updating.

Projects

  • Convert physical and VMs to CentOS 6 for compute servers (taro,endeavour) and all others to either 6 or 7.
  • Mailman: Clean up mailman and make sure all the groups and users are in order.
  • CUPS: Look into getting CUPS authenticating users through LDAP instead of using Samba.
  • Printer: Get printtracker.py working and see if you can get a driver to properly recognize page number count instead of just giving the value as a number of 1 which corresponds to a job submission not the number of pages.
  • Check /etc/apcupsd/shutdown2 script on Gourd to make sure all the keys are correctly implemented so the machines go down properly during a power outage.
  • Do a check on Lentil to see if there is any unneccessary data being backed up.

Daily Tasks

These are things that should be done every day when you come into work.

  1. Do a physical walk-through/visual inspection of the server room
  2. Verify that all systems are running and all necessary services are functioning properly
    • For a quick look at which systems are up you can use /usr/local/bin/serversup.py
    • Gourd: Make sure that home folders are accessible, all virtual machines are running
    • Einstein: Make sure that LDAP and all e-mail services (dovecot, spamassassain, postfix, mailman) are running
    • Roentgen: Make sure website/MySQL are available
    • Jalapeno: Named and Cups
    • Lentil: Verify that backups ran successfully overnight. Check space on backup drives, and add new drives as needed.
  3. Check Splunk: click here if you're in the server room, or open localhost:8000 (use https) from Pumpkin
    • Check logs for errors, keep an eye out for other irregularities.
  4. Check Cacti: http://roentgen.unh.edu/cacti
    • Verify that temperatures are acceptable.
    • Monitor other graphs/indicators for any unusual activity.

Weekly Tasks

These are things that should be done once every 7 days or so.

  1. Check physical interface connections
    • Verify that all devices are connected appropriately, that cables are labeled properly, and that all devices (including RAID and IPMI cards) are accessible on the network.
  2. Check Areca RAID interfaces
    • The RAID interfaces on each machine are configured to send e-mail to the administrators if an error occurs. It may still be a good idea to login and check them manually on occasion as well, just for the sake of caution.
  3. Clean up the server room, sweep the floors.

Monthly Tasks

  1. Perform scheduled maintenance on the server room air conditioning units.
  2. Check S.M.A.R.T. information on all server hard drives
    • Make a record of any drives which are reporting errors or nearing failure.

Annual Tasks

These are tasks that are necessary but not critical, or that might require some amount of downtime. These should be done during semester breaks (probably mostly in the summer) when we're likely to have more time, and when downtime won't have as detrimental of an impact on users.

  1. Server software upgrades
    • Kernel updates, or updates for any software related to critical services, should only be performed during breaks to minimize the inconvenience caused by reboots, or unexpected problems and downtime.
  2. Run fsck on data volumes
  3. Clean/Dust out systems
  4. Rotate old disks out of RAID arrays
  5. Take an inventory of our server room / computing equipment