|
|
| (299 intermediate revisions by 7 users not shown) |
| Line 1: |
Line 1: |
| − | This is an unordered set of tasks. Detailed information on any of the tasks typically goes in related topics' pages, although usually not until the task has been filed under [[Sysadmin Todo List#Completed|Completed]]. | + | This is the new Sysadmin Todo List as of 05/27/2010. The previous list was moved to [[Old Sysadmin Todo List]]. This list list is incomplete, and needs updating. |
| − | == Daily Check off list ==
| |
| − | Each day when you come in check the following:
| |
| − | # Einstein ([[Script Prototypes|script]]):
| |
| − | ## Up and running?
| |
| − | ## Disks are at less than 90% full?
| |
| − | ## Mail system OK? (spamassasin, amavisd, ...)
| |
| − | # Temperature OK? No water blown into room?
| |
| − | # Systems up: Taro, Pepper, Pumpkin/Corn ?
| |
| − | # Backups:
| |
| − | ## Did backup succeed?
| |
| − | ## Does Lentil need a new disk?
| |
| | | | |
| − | == Important == | + | == Projects == |
| − | === Weather ===
| + | *Convert physical and VMs to CentOS 6 for compute servers ([[taro]],[[endeavour]]) and all others to either 6 or 7. |
| − | Judging by the look of the post-it-notes on the wall, the fan was blowing some sort of weather in. We need to figure out a way to prevent the outside from coming inside. We're lucky roentgen seems okay. '''What about using screen material in front of the fan, oriented in such a way that any water will run down the screen and collect at the water sensor?'''
| + | **VMs: Einstein |
| | + | **Physical: [[endeavour]], [[taro]], and [[gourd]] |
| | + | *Mailman: Clean up mailman and make sure all the groups and users are in order. |
| | + | *CUPS: Look into getting CUPS authenticating users through LDAP instead of using Samba. |
| | + | *Printer: Get printtracker.py working and see if you can get a driver to properly recognize page number count instead of just giving the value as a number of 1 which corresponds to a job submission not the number of pages. |
| | + | *Check /etc/apcupsd/shutdown2 script on Gourd to make sure all the keys are correctly implemented so the machines go down properly during a power outage. |
| | + | *Do a check on Lentil to see if there is any unneccessary data being backed up. |
| | | | |
| − | Now that we're experiencing a mini heat wave, the fan and line air conditioner aren't quite enough to keep the temperature below 70°F. The standard operating procedure has been to leave the door open during the day.
| + | ==Daily Tasks== |
| | | | |
| − | === Pumpkin/Corn ===
| + | These are things that should be done every day when you come into work. |
| − | Our new system needs to be setup and integrated/tied in. Read more: [[Pumpkin]]
| |
| | | | |
| − | '''TO DO:'''
| + | #Do a physical walk-through/visual inspection of the server room |
| − | * Properly configure iptables on pumkin and corn.
| + | #Verify that all systems are running and all necessary services are functioning properly |
| − | ** Copy /usr/local/bin/ldapiptables or whatever it is called from taro. Copy /etc/init.d/iptables_npg, make sure it starts for run level 3 and 5. | + | #*For a quick look at which systems are up you can use /usr/local/bin/[[serversup.py]] |
| − | ** On pumpkin, make sure the guest OSes don't get blocked by pumpkin's iptables. | + | #*[[Gourd]]: Make sure that home folders are accessible, all virtual machines are running |
| − | * Properly configure access restrictions to "farm" and root login only from einstein. | + | #*[[Einstein]]: Make sure that [[LDAP]] and all [[e-mail]] services (dovecot, spamassassain, postfix, mailman) are running |
| | + | #*[[Roentgen]]: Make sure website/MySQL are available |
| | + | #*[[Jalapeno]]: Named and Cups |
| | + | #*[[Lentil]]: Verify that backups ran successfully overnight. Check space on backup drives, and add new drives as needed. |
| | + | #Check [[Splunk]]: [https://pumpkin.farm.physics.unh.edu:8000 click here if you're in the server room], or open localhost:8000 (use https) from [[Pumpkin]] |
| | + | #*Check logs for errors, keep an eye out for other irregularities. |
| | + | #Check [[Cacti]]: [http://roentgen.unh.edu/cacti http://roentgen.unh.edu/cacti] |
| | + | #*Verify that temperatures are acceptable. |
| | + | #*Monitor other graphs/indicators for any unusual activity. |
| | | | |
| − | === Einstein Upgrade === | + | ==Weekly Tasks== |
| | | | |
| − | Einstein upgrade project and status page: [[Einstein Status]]
| + | These are things that should be done once every 7 days or so. |
| − | '''Note:''' Einstein (current one) has a problem with / getting full occasionally. See [[Einstein#Special_Considerations_for_Einstein]]
| |
| | | | |
| − | === Environmental Monitor ===
| + | #Check physical interface connections |
| | + | #*Verify that all devices are connected appropriately, that cables are labeled properly, and that all devices (including RAID and IPMI cards) are accessible on the network. |
| | + | #Check Areca RAID interfaces |
| | + | #*The RAID interfaces on each machine are configured to send e-mail to the administrators if an error occurs. It may still be a good idea to login and check them manually on occasion as well, just for the sake of caution. |
| | + | #Clean up the server room, sweep the floors. |
| | | | |
| − | We have an environmental monitor running at http://10.0.0.98 This is capable of sending email and turning the fan on and off (needs to be set up more intelligently). It responds to SNMP so we can integrate it with Cacti (needs to be done).
| + | ==Monthly Tasks== |
| | | | |
| − | === Miscellaneous ===
| + | #Perform [[Enviromental_Control_Info#Scheduled_Maintenance|scheduled maintenance]] on the server room air conditioning units. |
| − | * Taro has become unstable again when running multi-processor. Try another Power supply. If that is not it, give up? '''Lorenzo's done with his jobs on taro, so we'll have a chance to try fixing taro again.'''
| + | #Check S.M.A.R.T. information on all server hard drives |
| − | * Tried to add Matt and Steve to the env. monitor's mailing list, failed:
| + | #*Make a record of any drives which are reporting errors or nearing failure. |
| − | Finished sending test mail.
| |
| − | Status: Fail
| |
| − | Message: Bad End: 554 5.6.0 Reject, id=11049
| |
| − | * Clean out some users who have left a while ago. (Maurik should do this.)
| |
| − | * Lentil has a dead disk ("hde1", probably IDE) in its RAID1. It needs replaced. | |
| − | * '''Monitoring''': I would like to see the new temp-monitor integrated with Cacti, and fix some of the cacti capabilities, i.e. tie it in with the sensors output from pepper and taro (and tomato/einstein). Setup sensors on the corn/pumpkin. Have an intelligent way in which we are warned when conditions are too hot, a drive has failed, a system is down.
| |
| − | * Check into smartd monitoring (and processing its output) on Pepper, Taro, Corn/Pumpkin, Einstein, Tomato.
| |
| − | * Decommission Okra. - This system is way too outdated to bother with it. Move Cacti to another system. Perhaps a VM, once we get that figured out?
| |
| − | * Decide whether we want to decommission Jalapeno. It is currently not a stable system, and perhaps not worth the effort trying to make it stable. It's only service is Splunk, which can be moved to another system (which?). We could "rebuild" the HW if there is need.
| |
| − | * Maybe this should be fixed when we do lentil: When I was checking root's email, I waded through the logwatch reports and found that gourd's been giving smartd errors, namely
| |
| − | <code>
| |
| − | Offline uncorrectable sectors detected:
| |
| − | /dev/sda [3ware_disk_00] - 48 Time(s)
| |
| − | 1 offline uncorrectable sectors detected
| |
| − | </code>
| |
| − | * Continue purgin NIS from ancient workstations, and replacing with files. The following remain:
| |
| − | ** pauli nodes -- Low priority!
| |
| − | * Learn how to use [[cacti]] on okra. Seems like a nice tool, mostly set up for us already. '''Find out why lentil and okra (and tomato?) aren't being read by [[cacti]]. Could be related to the warnings that repeat in ''okra:/var/www/cacti/log/cacti.log''.''' Not related to the warnings; those are for other machines that are otherwise being monitored. <font color="blue">Try adding cacti to the exclude exclude list in access.conf</font> Nevermind, lentil doesn't have any restrictions. Need to find out the requirements for a machine to be monitored by cacti/rrdtools. The documentaion makes it sound like only the cacti host needs any configuration, but I'm dubious. '''Ahh, it looks like every client has a file snmpd.conf, which affects what can be graphed.''' Tried configuring things on improv as in the Cacti HowTo, but no go. Must be some other settings as well.
| |
| − | * Install the right SNMP stuff on tomato so that it can be graphed
| |
| − | * '''jalapeno hangups:''' Look at sensors on jalapeno, so that cacti can monitor the temp. The crashing probably isn't the splunk beta (no longer beta!), since it runs entirely in userspace. '''lm_sensors fails to detect anything readable. Is there a way around this?'''
| |
| − | * Heiseinberg dropped pauli off today. No idea why this time. Very low priority.
| |
| | | | |
| − | == Ongoing == | + | ==Annual Tasks== |
| − | === Documentation ===
| |
| − | * '''<font color="red" size="+1">Maintain the Documentation of all systems!</font>'''
| |
| − | ** Main function
| |
| − | ** Hardware
| |
| − | ** OS
| |
| − | ** Network
| |
| − | * Continue homogenizing the configurations of the machines.
| |
| − | * Improve documentation of [[Software Issues#Mail Chain Dependencies|mail software]], specifically SpamAssassin, Cyrus, etc.
| |
| − | === Maintenance ===
| |
| − | * Check e-mails to root every morning
| |
| − | * Resize/clean up partitions as necessary. Seems to be a running trend that a computer gets 0 free space and problems crop up. Symanzik, bohr seem imminent. '''Yup, bohr died. Expanded his root by 2.5 gigs. Still serious monitor problems though, temporarily bypassed with vesa...''' Bohr's problem seems tied to the nvidia drivers, let's wait until the next release and see how those work out.
| |
| − | * Check up on security [http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/ch-sec-network.html#ch-wstation]
| |
| − | * Clean up Room 202.
| |
| − | ** Ask UNH if they have are willing/able to recycle/reuse the three CRTs that we have sitting around.
| |
| | | | |
| − | === On-the-Side ===
| + | These are tasks that are necessary but not critical, or that might require some amount of downtime. These should be done during semester breaks (probably mostly in the summer) when we're likely to have more time, and when downtime won't have as detrimental of an impact on users. |
| − | * See if we can get the busted printer in 322 to work down here.
| |
| − | * Learn how to use ssh-agent for task automation.
| |
| − | * Backup stuff: We need exclude filters on the backups. We need to plan and execute extensive tests before modifying the production backup program. Also, see if we can implement some sort of NFS user access. '''I've set up both filters and read-only snapshot access to backups at home. Uses what essentially amounts to a bash script version of the fancy perl thing we use now, only far less sophisticated. However, the filtering and user access uses a standard rsync exclude file (syntax in man page) and the user access is fairly obvious NFS read-only hosting.''' <font color="green"> I am wondering if this is needed. The current scheme (ie the perl script) uses excludes by having a .rsync-filter is each of the directories where you want excluded contents. This has worked well. See ~maurik/tmp/.rsync-filter . The current script takes care of some important issues, like incomplete backups.</font> Ah. So we need to get users to somehow keep that .rsync-filter file fairly updated. And to get them to use data to hold things, not home. Also, I wasn't suggesting we get rid of the perl script, I was saying that I've become familiar with a number of the things it does. [http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/ch-acls.html#s2-acls-mounting-nfs] '''Put this on the backburner for now, since the current rate of backup disk consumption will give about 10 months before the next empty disk is needed.'''
| |
| | | | |
| − | == Waiting ==
| + | #Server software upgrades |
| − | * That guy's computer has a BIOS checksum error. Flashing the BIOS to the newest version succeeds, but doesn't fix the problem. No obvious mobo damage either. What happen? '''Who was that guy, anyhow?''' (Silviu Covrig, probably) The machine is gluon, according to him. '''Waiting on ASUS tech support for warranty info''' Aaron said it might be power-supply-related. '''Nope. Definitely not. Used a known good PSU and still got error, reflashed bios with it and still got error. '''Got RMA, sending out on wed.''' Waiting on ASUS to send us a working one!''' Called ASUS on 8/6, they said it's getting repaired right now. '''Wohoo! Got a notification that it shipped!''' ...they didn't fix it... Still has the EXACT same error it had when we shipped it to them. '''What should we do about this?''' I'm going to call them up and have a talk, considering looking at the details on their shipment reveals that they sent us a different motherboard, different serial number and everything but with the same problem. | + | #*Kernel updates, or updates for any software related to critical services, should only be performed during breaks to minimize the inconvenience caused by reboots, or unexpected problems and downtime. |
| − | * Printer queue for Copier: Konica Minolta Bizhub 750. IP=pita.unh.edu '''Seems like we need info from the Konica guy to get it set up on Red Hat. The installation documentation for the driver doesn't mention things like the passcode, because those are machine-specific. Katie says that if he doesn't come on Monday, she'll make an inquiry.''' <font color="green">Mac OS X now working, IT guy should be here week of June 26th</font> '''Did he ever come?''' No, he didn't, and did not respond to a voice message left. Will call again.
| + | #Run fsck on data volumes |
| − | * Pauli crashes nearly every day, not when backups come around. We need to set up detailed system logging to find out why. Pauli2 and 4 don't give out their data via /net to the other paulis. This doesn't seem to be an autofs setting, since I see nothing about it in the working nodes' configs. Similarly, 2,4, and 6 won't access the other paulis via /net. 2,4 were nodes we rebuilt this summer, so it makes sense they don't have the right settings, but 6 is a mystery. Pauli2's hard drive may be dying. Some files in /data are inaccessible, and smartctl shows a large number of errors (98 if I'm reading this right...). Time to get Heisenberg a new hard drive? '''Or maybe just wean him off of NPG…''' It may be done for; can't connect to pauli2 and rebooting didn't seem to work. Need to set up the monitor/keyboard for it & check things out. '''The pauli nodes are all off for now. They've been deemed to produce more heat than they're worth. We'll leave them off until Heisenberg complains.''' Heisenberg's complaining now. Fixed his pauli machine by walking in the room (still don't know what he was talking about) and dirac had LDAP shut off. He wants the paulis up whenever possible, which I explained could be awhile because of the heat issues.
| + | #Clean/Dust out systems |
| | + | #Rotate old disks out of RAID arrays |
| | + | #Take an inventory of our server room / computing equipment |
| | | | |
| − | == Completed ==
| + | <!--{| cellpadding="5" cellspacing="0" border="1" |
| − | * <font color="green">'''Corn Virtualization issues resolved!'''</font>
| + | ! Time of Year !! Things to Do !! Misc. |
| − | ** Subscription is now a "virtual subscription"
| + | |- |
| − | ** Corn now has 2 ethernets, one to ''farm'' one to ''unh'', and resolves "einstein" to 10.0.0.248
| + | | Summer Break || || |
| − | ** All disks are now mountable.
| + | |- |
| − | * <font color="green">'''Lentil Backup issue resolved!'''</font>
| + | | || Major Kernel Upgrades || |
| − | ** <del>The cron job is mailing this message: "archive disk '/mnt/npg-daily-current' does not exist or is not a symlink at /usr/local/bin/rsync_backup.pl line 44, <DATA> line 1." That link exists, though. I can see it and its contents as a regular user; why can't the script when run by cron? The e-mail may have been outdated … today's was a successful listing.</del> It is fixed, hooray. We just need to fix the ssh keys for tomato and corn so they can be connected to.
| + | |- |
| − | ** First of all '''Do NOT use disks smaller than 350 GB for backup!!''', since those will not even fit one copy of what needs to be backed up.
| + | | || Run FDisk || |
| − | ** The link /mnt/npg-daily-current must exist and point to an actual drive.
| + | |- |
| − | ** Old entry: Lentil's not doing backups. I tried manually runing the script friday afternoon and the email log looks like it was backing up and stopped for no real reason. Checking the space on the drives (since the script seems unable to do so now), I found that npg-daily/28 is basically full, and npg-daily/29 is an untouched 250gb. Maybe an update screwed around with how the script checks free space, preventing it from knowing how to move to the next drive. '''It's probably not any update - lentil was working fine until "The Friday Taro Event".''' I manually made the new symbolic link from /mnt/npg-daily-current -> /mnt/npg-daily/29 . Maybe this'll fix it? '''That seems to be a no. Lots of unable to make hard link errors, invalid cross-device link, and similar errors. It needs to know to copy the data it's backing up to the disk since it's a new disk. I still think it's got something to do with that unable to statfs error.'''
| + | | || Clean (Dust-off/Filters) while Systems are Shut down || |
| − | * New pumpkin network problems: It's possible to reach the farm subnet if pumpkin is booted without starting iptables. Double-check the configs. '''The problem was that iptables was getting its config from both /etc/iptables and /etc/iptables-npg. Since pepper doesn't have /etc/iptables, I just moved it to /etc/iptables.bak and voilà: everything works.'''
| + | |- |
| − | * benfranklin is apparently up and running somewhere, because it's reporting drive issues too: '''Benfranklin is Dan's workstation, it's in the room next to Maurik's office.''' <font color="green"><b>BenFranklin is a Pentium III "Coppermine" at 800MHz. I have ordered a replacement system already, so we can decommission the old BenFranklin.</b></font> The new BF has arrived.
| + | | Thanksgiving Break || || |
| − | * Try to pull as much data from Jim William's old drives as possible, if there's even anything on them. '''They seem dead. Maybe we can swap one board to the other drive and see if it works?''' What room is he in? His computer is working now (the ethernet devices will have to be changed to a non-farm setup once the machine is back in his office). '''The computer is delivered, and he says everything's back. Leads me to believe that all his data wasn't on his drives, but on his home directory. Those drives can be junked now.'''
| + | |- |
| − | * At some point, cacti stopped being able to monitor einstein. Update-related? There are no errors in cacti.log, but the status page for einstein just says "down". '''Cacti was set to use the wrong version of rrdtool.'''
| + | | Winter Break || || |
| − | | + | |- |
| − | == Previous Months Completed ==
| + | | || Upgrade RAID disks || Upgrade only disks connected to a RAID card |
| − | [[Completed in June 2007|June 2007]]
| + | |-- |
| − | | + | | Spring Break || || |
| − | [[Completed in July 2007|July 2007]]
| + | |- |
| − | | + | |} --> |
| − | [[Completed in August 2007|August 2007]]
| |
| − | | |
| − | [[Completed in September 2007|September 2007]]
| |
| − | | |
| − | [[Completed in October 2007|October 2007]]
| |
| − | | |
| − | [[Completed in November/December 2007|NovDec 2007]]
| |
