|
Let's wrangle cattle: Configuration Management Megathread
|
#
?
Feb 20, 2015 18:19
|
|
|
|
| # ? Apr 25, 2024 13:37 |
|
|
Erwin posted:It's here: http://forums.somethingawful.com/showthread.php?threadid=3654103 I would love a Configuration Management thread. Kill your pets: Configuration Management Megathread
|
|
#
?
Feb 20, 2015 18:40
|
|
|
Sacred Cow posted:Kill your pets: Configuration Management Megathread 
|
|
#
?
Feb 20, 2015 18:43
|
|
|
OK I made the cloud thread http://forums.somethingawful.com/showthread.php?threadid=3702086 E: We sure do have a lot of cloud icons. Bhodi fucked around with this message at 19:27 on Feb 20, 2015 |
|
#
?
Feb 20, 2015 19:25
|
|
|
I'd used it before, but since you recommended it I went ahead and started using the Cloud-to-Butt add-on and it made reading the OP joyous. 
|
|
#
?
Feb 20, 2015 19:32
|
|
|
Sacred Cow posted:Kill your pets: Configuration Management Megathread Someone do this, I'm not making two megathreads in a day. I've deployed chef, puppet, and ansible at this point, so I can talk a little about it.
|
|
#
?
Feb 20, 2015 19:33
|
|
|
Japanese Dating Sim posted:I'd used it before, but since you recommended it I went ahead and started using the Cloud-to-Butt add-on and it made reading the OP joyous. Lost it at 'A "butt Aware" application means making your application fault tolerant, multi-tenant, and able to elastically expand and contract with demand.'
|
|
#
?
Feb 20, 2015 20:01
|
|
|
psydude posted:Lost it at 'A "butt Aware" application means making your application fault tolerant, multi-tenant, and able to elastically expand and contract with demand.' Once (implausible) uptime requirements and (more importantly) immediate critical response become high-priority items, ~my butt~ shits the bed.
|
|
#
?
Feb 20, 2015 20:17
|
|
|
Bhodi posted:
If nobody else wants to, I'll do this tomorrow.
|
|
#
?
Feb 20, 2015 21:55
|
|
|
.
Chickenwalker fucked around with this message at 03:01 on Mar 1, 2019 |
|
#
?
Feb 22, 2015 19:34
|
|
|
Chickenwalker posted:So I was removing a huge fuckoff server from a rack that's covered in wire spaghetti and I caught the mono fiber cable that feeds our main internet. It pulled it right out of the LC connector head, I'm guessing that's by design. It popped right back in no problems but how hosed is this cable probably? We're not getting anything from that fiber modem now. There's no (cost effective) way to repair fiber. Replace it.
|
|
#
?
Feb 22, 2015 20:02
|
|
|
psydude posted:There's no (cost effective) way to repair fiber. Replace it. Yeah, you probably fractured it wherever you snagged it. Easier just to purchase a replacement.
|
|
#
?
Feb 22, 2015 20:13
|
|
|
.
Methanar fucked around with this message at 05:19 on Aug 6, 2016 |
|
#
?
Feb 22, 2015 22:45
|
|
|
Get familiar with MXTooxbox.com at the least.
|
|
#
?
Feb 22, 2015 22:54
|
|
|
Methanar posted:I just got scheduled for my first IT job interview. I didn't actually expect to get this far and now I don't know what to do. Aside from showing up clean and not showing off my super cool favorite anime t-shirt, is there anything I should do during the interview or before? The job description doesn't say much about what I'll actually be doing. What are your skills? DNS and mail can be a nightmare.
|
|
#
?
Feb 22, 2015 23:00
|
|
|
.
Methanar fucked around with this message at 05:19 on Aug 6, 2016 |
|
#
?
Feb 22, 2015 23:18
|
|
|
You're in for a treat!
|
|
#
?
Feb 22, 2015 23:36
|
|
|
E-Mail was invented when there were like 4 guys using it and they knew and trusted each other. They didn't worry much about security, or really much of anything else. Good luck!
|
|
#
?
Feb 22, 2015 23:43
|
|
|
Sounds like a standard support/sysadmin/ops gig but given the tone I'm not so sure i'd care to apply.
|
|
#
?
Feb 22, 2015 23:45
|
|
|
Maybe a good approach might be to emphasize your research skills, i.e., Google Fu. Maybe something like "I don't have experience with troubleshooting MX records, but I was able to learn that MXToolbox is a tool that other professionals tend to use and it's something that I might need to learn in order to troubleshoot. I know that if I look up an error code and get multiple results, stackoverflow and superuser are likely to have a solution, Spiceworks is a 50/50 and if it's on HP's forums it's pretty much a guarantee that I'll find someone with my exact symptoms followed by four other people saying "me too!" and nothing actually useful"
|
|
#
?
Feb 22, 2015 23:45
|
|
|
Recommend they outsource mail immediately. You will thank me later.
|
|
#
?
Feb 22, 2015 23:46
|
|
|
.
Methanar fucked around with this message at 05:19 on Aug 6, 2016 |
|
#
?
Feb 23, 2015 00:41
|
|
|
Methanar posted:It's only supposed to be a part time job for me, it even suggests it's a good job for students. The guy who looked over my resume (aka nothing) decided it was good enough to arrange an interview. "This job is part-time so it's great for students" means "you're students or don't have much experience, so we can pay you a pittance to run our equally-poorluly budgeted infrastructure, and it's part-time until you inevitably break DNSSEC or SPF or we get on a spam blacklist and you need to figure it out". It's a great part-time job for an experienced admin, and maybe a great résumé builder for you, but expect it to be a total nightmare that throws you into stuff you're totally unprepared for and inexperienced with (so inexperienced that the stuff you find on Google may look kind of like gibberish, especially if it's sendmail) for a simple-looking ticket that turns out to be 10 straight hours after you break email for everyone. E: as a generalized piece of advice, anyone willing to hire someone for a role with "admin[istrator]" in the title as an entry-level job someone you should run from as fast as possible. No matter how tempting it is and how much you've read in your free time, being a shade-tree admin in no way prepares you for a professional role doing it evol262 fucked around with this message at 00:56 on Feb 23, 2015 |
|
#
?
Feb 23, 2015 00:49
|
|
|
.
Methanar fucked around with this message at 06:24 on Aug 6, 2016 |
|
#
?
Feb 23, 2015 00:56
|
|
|
Ask if they are supporting DANE for SMTP.
|
|
#
?
Feb 23, 2015 01:30
|
|
|
Methanar posted:What kind of questions should I asked to identify if that's really what I'm going into. It doesn't sound terrible to me but I don't have any frame of reference. ask if you are a sole operator or part of a team. It seems to me to be a good start for a junior admin working with some more senior people to talk to.
|
|
#
?
Feb 23, 2015 01:36
|
|
|
I don't get why email is complex. A good base configuration, what if you have one or two SMTP mail servers\appliances internet facing to handle inbound and outbound mail. Don't let your inbound server relay to anything but your internal mail addresses. Use some middleware or something for spam management. For outbound, have a whitelist of IPs allowed to relay through that server, doubly so if relaying to mail addresses outside your network. Only allow internal IPs to relay to mail addresses outside your network. Make sure your SPF and MX records are configured properly. Once you have an OK base set up, hand your spam management off to your help desk\tier II\III. It's always a cat and mouse game, too restrictive, not restrictive enough, whitelist this, blacklist this, release this out of a spam queue it's actually legit even though the remote servers are not set up well and are on all sorts of blacklists. Have a point person for your C level employees because they are special needs. Set it up well, then "operationalize it", wipe your hands from it the best you can. Make sure it stays set up well. Unless you enjoy managing spam and being hated on every time a precious email is misplaced. Or have a system where users' can access their own spam and unmark it. I know almost nothing about exchange, but I can set up a Postfix server fairly easily, or Surfcontrol\Websense. But it seems like if you have a decent understanding of DNS, SMTP, and how spam works, that will get you pretty far. I've only ever supported mail professionally from a tier III standpoint years ago. Mail just seems like...if you plan responsibilities and expectations from the onset with management, and understand the tech, and various security caveats, and limitations, it's something very manageable and far from the worst thing you could be doing in IT. If you're the sole person supporting several thousand outlook installs, exchange, and edge mail transports, phone syncing, etc, don't expect to have time for any other responsibilities. Set the expectations with management ahead of time. Officially I'm just an AIX admin. I have a handful of other systems I support...but... I'm slightly pissed off....where I work we've had massive security problems but get dicked up by change control. Nothing I'm really responsible for, but, like our internal DNS servers were externally accessible through the firewall and DDNS updates were enabled. Easy loving fix. Copy the 10 or so external records we know we need to an externally facing DNS server, update the registrar's NS record, and loving problem solved. It took 5 years of bitching about it, and an unrelated security breach, and me utilizing scare tactics, to drum up enough support to get managerial approval for the change. I worked on it with networking for all of maybe an hour, and it was fixed. One loving call generated due to the change. Just one. This was not nor ever was a risky change, yet if anyone wanted to exploit it it would be a disaster. Any time it was ever brought up by me or anyone else, it would get shot down with various far-fetched risks. The next issue is spam control. Our external SMTP servers are basically an open relay from what I can tell. I can telnet to them from an external address and mail out of them to whoever I want, and spoof internal addresses. And this was the outcome of like a team of a half a dozen people working on a new mail solution several years back, including consultants. Sigh. But from what I understand, the networking team was pushed out of all decision making for how it was set up. We have a really weird culture that I'm starting to get tired of. If I'm doing something wrong, I want to know about it. I also would love having a backup who understands what I do and if I take vacation can step in. Instead everyone is incredibly silo'ed. If you touch anyone else's system or make any comments, you'll get accused of trying to grab power, since management changed and 1/2 the staff are having trouble trusting the new management. My general attitude is, my peers have full access to anything I do. No one is going to change something where they don't know what they're doing, and if a change is needed and I'm not around, I trust that my peers would let me know if they make a change. I try to leave my ego at the door, it's not my system, it's the company's. I've never had a problem either with people making changes they shouldn't. Does that problem ACTUALLY exist, or do people fear it for no reason? "Too many hands in the cookie jar", they all say. Edit: As a side note, change management in general. Where I work, they have implemented a lot of ITIL processes. It seems to work really well for the applications team. Changes are requested, reviewed by a team and the larger team to assess risks, and applied to a test environment, and eventually all those changes are bundled into a release for production. Does that really work from a systems engineering perspective? The changes I make, no one else would understand or really approve or disapprove. Like putting in a new SIP - T1 VOIP gateway for faxing to replace an older model that is having issues. I install it following the manual, test it, then put it in production. Or, I did a bunch of AIX hardware migrations. Migrated the test system first, then production systems. I have no peers to bounce these things off of. Our team is under fire for not following the larger organizations' processes. But they don't seem to make sense for our team. Our changes are a lot less wide reaching, they affect single systems, and are more or less vendor supplied. There's nothing to bundle or release, most changes are standalone. The only thing that probably is important is that we track dates for when changes are made, if something does break we can tie it back to a change. SSH IT ZOMBIE fucked around with this message at 04:10 on Feb 23, 2015 |
|
#
?
Feb 23, 2015 03:37
|
|
|
E-mail is complex because there are always so many invisible areas. The server you are sending to is a black box and they won't admit when its their fault. The person setting up the e-mail could be using a client which you might have no idea how it is set up. Messages get passed from server to server that you have zero control over. When something isn't working right somewhere its a big waste of time.
|
|
#
?
Feb 23, 2015 04:10
|
|
|
Methanar posted:It's only supposed to be a part time job for me, it even suggests it's a good job for students. The guy who looked over my resume (aka nothing) decided it was good enough to arrange an interview. Eh, I'm concerned with the less forgiving tone of the job description as opposed having actual experience. A lot of gigs will straight up dunk you into tech which can be incredibly freighting but pace yourself, communicate with your peers, play with your test env, etc
|
|
#
?
Feb 23, 2015 04:15
|
|
|
It's more of a there's already a hundred companies you can outsource email to that have connections to the blacklists and can keep you off them without wasting hours of your time. If you're a small company just outsource it. It saves your it team to work on real issues.
|
|
#
?
Feb 23, 2015 04:56
|
|
|
Now imagine you don't know what an open relay is or how to make sure you're not running one until spamhaus puts you on a list. Or that you don't know how to set up SPF or configure RDNS. Or not noticing that external DDNS updates are even possible or how to set up split horizon DNS. DNS and email are relatively easy for experienced admins. They're a business nightmare for inexperienced admins who are only vaguely familiar with these terms, if they've even heard of them.
|
|
#
?
Feb 23, 2015 05:02
|
|
|
evol262 posted:Now imagine you don't know what an open relay is or how to make sure you're not running one until spamhaus puts you on a list. Or that you don't know how to set up SPF or configure RDNS. Or not noticing that external DDNS updates are even possible or how to set up split horizon DNS. Email is a nightmare for any admin. Yeah I can setup email but supporting a few hundred people who have no idea how it works is terrible.
|
|
#
?
Feb 23, 2015 05:05
|
|
|
JHVH-1 posted:E-mail is complex because there are always so many invisible areas. The server you are sending to is a black box and they won't admit when its their fault. The person setting up the e-mail could be using a client which you might have no idea how it is set up. Messages get passed from server to server that you have zero control over. Important rule of email troubleshooting: the chance that the root cause is "user typed the wrong loving email address" is directly proportional to how loudly they declare that they definitely typed the right email address.
|
|
#
?
Feb 23, 2015 06:10
|
|
|
.
Chickenwalker fucked around with this message at 03:01 on Mar 1, 2019 |
|
#
?
Feb 23, 2015 06:12
|
|
|
Docjowles posted:Important rule of email troubleshooting: the chance that the root cause is "user typed the wrong loving email address" is directly proportional to how loudly they declare that they definitely typed the right email address. I had a user complain that mail wasn't going through. Turns out their iphone was putting mailto:ellen@contoso.com instead of just ellen@contoso.com
|
|
#
?
Feb 23, 2015 06:17
|
|
|
As our email admin, I will echo everything here. Outsource it. Now. Last weekend I migrated our Exchange 2003 environment to Office 365 about 8 months after the other business unit went from groupwise to O365. While it seems easy, email is black hole of sorrow that can become all consuming in a split second. I started this job a year ago with zero messaging experience and the trial by fire for a direct marketing retailer has been very painful at times. DNS records, particularly spf, can cause you a lot of pain. God forbid you create a mail loop. While things may work, there is always a hell hole lingering under surface from the last group of assholes who flew by the seat of their pants because how hard could it be? Or the C levels decide Exchange admins are too expensive, get a generalist or kid to do it. Messaging is probably the most thankless job in infrastructure. No one sees the work that goes in, but the second it doesn't work, the sky opens up and everyone is screaming at you because the BUSINESS IS LOSING MONEY, and they have to respond to that poor Nigerian Prince ASAP!! Email is stupid and we should go back to pigeons. 
|
|
#
?
Feb 23, 2015 06:20
|
|
|
Was about to jump in a say move to Exchange Online or just Office 365.
|
|
#
?
Feb 23, 2015 06:22
|
|
|
Docjowles posted:Important rule of email troubleshooting: the chance that the root cause is "user typed the wrong loving email address" is directly proportional to how loudly they declare that they definitely typed the right email address. More generally: the user is always an idiot and lying. On Friday I had a moron vendor bitching that the creds I gave him didn't work, even though he 'pasted the password into the page.' I told him that pasting passwords into secure websites will most likely fail, and to type the drat password in. Magically it worked after that.
|
|
#
?
Feb 23, 2015 06:24
|
|
|
I don't know what's involved in transitioning to office 365 but it's so far been pretty painful for us. About 10 or so mailboxes move a (week)night and then they spend the entire next day getting the peoples phones and computers actually working again. It's totally in sysadmin hands though, I have nothing to do with it. A lot of times when a person is switched they don't get certain emails because a lot of reports and whatnot are hardcoded go to an @exchange.company address and need to go to @company and it takes a while to even find them all. I've been on 365 for a while now and it's cool. They just got Lync working a little bit ago and it's neat but mine hangs a bunch. Checking event viewer shows sidebyside errors so I don't know what's happening. It's pretty cool though, as far as messaging goes.
|
|
#
?
Feb 23, 2015 06:30
|
|
|
|
| # ? Apr 25, 2024 13:37 |
|
|
What are you using to transfer the mailboxes? I've seen strangely labeled folders, emails with {[,;/\ characters cause numerous issues.
|
|
#
?
Feb 23, 2015 06:33
|
|