Previous Next

Jack Coates' Blog

October 2008

There'll be rejoicing in the alleyways tonight! http://www.droppedpackets.org/

If you'd like to see the gory details, read on.

Firstly, I wouldn't feel comfortable telling customers to test thoroughly and carefully if I wasn't personally inclined toward shooting from the hip. Backups were taken, but this upgrade was not really tested meaningfully. That's why it took about 15 hours of work instead of 5.

  • Hardware -- It's more fun to compute like it's 1999. Don't go changing!
  • OS Upgrade -- smooth and well-played. Moving from the execrable OpenSuSE 10.0 to Xubuntu 8.04 was a good idea.
  • Zope/Plone Upgrade -- and this is where the trouble begins. To use the package manager, or to use source? The Ubuntu packages for Zope and Plone are less than perfect; they're old, they're goofily designed, and they're a bit buggy. But, the install from source method is difficult and unpleasant to maintain... so when it didn't work and consumed a bit of troubleshooting time, I went back to the packages. That settled things on Zope 2.3 > Zope 2.9 and Plone 2.1.1 > Plone 2.5.1, and older revisions of some other packages that I wanted upgraded (such as Kupu, which is now at 1.3.9).
  • Site Restoration -- You simply restore the Data.fs file and restart, right? Well, it references products which may or may not exist, and it also does a bunch of magic which may or may not work. I must have wiped the machine back to a zope-free state and started over 6 or 7 times. I can tell you from memory that line 81 of the post-install for Ubuntu's plone-site package has a typo, for instance (setuser zope:zope, not setuser zope).
  • Site Upgrade -- You simply go to product_migration in the ZMI and click migrate. Except you also need to do that on portal_atct (undocumented), and if you do it without deleting your cookie_authentication object you'll be locked out of the site, and the dry-run option doesn't really dry run, and don't forget to delete your customizations from the old school days because they'll make things break. It wasn't as bad as installing Oracle, but it wasn't fun.

There was more, and there's still more to do, but it'll wait. I'm outta here for the weekend.

duct tape.jpg

0 Comments Permalink Tags: droppedpackets

ldms_core ate ldms_status

Posted by Jack Coates Oct 17, 2008

LANDesk cores are getting more stable all the time, and I'm just not seeing the need to check that everything's working every 10 minutes any more. I've taken the service checking routines from ldms_status and put them into ldms_core 3.1.2 so that it can check and restart services once, when it runs, instead of all the time. I'll leave ldms_status online of course, but I don't see a lot of future for it at this time and will mark it obsolete real soon now.

Here's some roadmap for ldms_core, with discussion of the items:

  • It's been 7 days or more since you downloaded content -- I still need to find the best way to filter this. The publishdate column in vulnerabilities is one option, but could false positive. select count(*) from vulnerability where publishdate > getdate()-7; if that value is 0, complain.Maybe even run vaminer.exe instead of just complaining?
  • List uninstallable patches? This will probably not be possible, at least without introducing a lot of bugs. XML blobs need to be extracted from the database and parsed, which seems like a lot of work for a little gain.
  • More progress indications, for instance after clicking Authorization button in setup. Not exciting.
  • Group patches by vendor? Probably not something I can do in this context.
  • Topology map. Gateways become nodes, devices sharing gateways are grouped in clouds around them, subnet masks decide size of circle. Core's gateway is in the center and traceroute hops to the other gateways are used to define the map. Use Perl::Graph to generate HTML? This is the one I want to work on next. select defgtwyaddr,count(address) from tcp where nullif(address,'') is not null group by defgtwyaddr
  • Kick out a Google Earth file to plot non-RFC1918 addresses on a map. The topology map and this map would both be dumped into the LANDesk reports file share, I suppose.
  • Check scheduled tasks and policies for status, alert if lots of jobs have bad status
  • Switch to MIME email so I can send multipart messages with attachments, such as those maps. That would also allow reworking of some of the log messages into a table format, using HTML. I prefer the retro look of Text::Table, but it probably can't be displayed properly by the average LANDesk admin's email program.
  • The new alerting system might be a better way to look for sync scan issues than using event viewer. If it ain't broke, don't fix it, but it's possible that database lookup would be faster.
  • Keep old information and show trend lines on a purty chart, http://search.cpan.org/src/CHARTGRP/Chart-2.4.1/README. This is going to involve storing data and managing time and I'm just not in a big hurry to reinvent that wheel.
  • Find a way to detect stuck LPM Event Listeners. Not even sure if this is a database or filesystem issue, but it needs to be found and fixed.
  • Convert into a long-running service? Probably not going to happen, I just can't come up with enough justifications to explain why I'd want to go through the hassle.
  • Cull Automatically Gathered software definitions with no installations. This is going to be hard, and may not be compatible with the changes planned for LDMS 9.0, but it also would be a lot of bang for console performance. Tempting.
2 Comments Permalink Tags: ldms_core, ldms_status, maintenance, monitoring, health

Every now and then someone will question the support terms of one of my open source projects, such as ldms_client. (To refresh those terms, they are: email me and I'll see if there's something I can do when I've got time to work on it.) Users who are unhappy with such terms will occasionally then go to the trouble of implementing their own custom solution to their inventory extension problem.

 

Chances are good that such a solution will not be supported either. Bearing in mind that I don't work in LANDesk support and am only guessing at what a given engineer will do on the day you call for help, my opinion is that LANDesk's support will center around successfully running the command and transferring the data.

 

ldms_client uses supported methods to do that, and so do the vast majority of the homegrown scripts that I've seen. But if either your script or ldms_client quit working properly, LANDesk support is within their rights to quit troubleshooting when they determine that LDMS can still execute programs and upload custom data. If the framework is working but your AV client is blocking your VBscript from copying a value out of HKCU into HKLM so that LDAPPL3.INI can pick it up, that's not really LANDesk's problem.

 

ldms_client exists because someday you'll come across another need for some goofy inventory extension, and someday they'll quit asking for this one... When you start trying to turn extensions on and off without its framework, you'll probably wish you had it.

 

phone.jpg

1 Comments Permalink Tags: ldms_client, support, inventory_extension

ldms_core 3.0.5

Posted by Jack Coates Oct 3, 2008

ldms_core home page

 

The new alert system in version 8.8 can get stacked up on low-performance cores, and it doesn't purge records unless you tell it to. ldms_core will now check that queue and purge records older than X days. There's also an email test button in the setup window, so you can make sure you've got email right.

 

I've also updated the manual.

 

 

1 Comments Permalink Tags: ldms_core, statistics, health, maintenance

Popular Blog Posts

Incoming Links

LANDesk Community powered by Jive Software's Clearspace ® Subscribe| Legal Notices| Investor Relations| Avocent| Privacy Policy © 2009 LANDesk Software