Andy Kopciuch's Blog
Sunday, January 08, 2006
Firewalls, Luma & Kids
Yesterday I was upgrading the Fortress network. Before I traveled to the co-location I decided to get the new server ready to go. Kolab had _just_ released a new version of the server, so I decided to do a clean install that morning with the latest version. I left the configuration, and Horde installation as was already done. The box was ready to go. On my way to the fortress ranch.
The actual installation went fairly smooth. The box came up no problems. I configured all of the virtual interfaces with ease. The servers were all running and operating properly. I thought we would have no issues. Then we came to the point in time when we needed to actually set up the network routing, and firewalling. Routing comes very simple in guidedog. Just click a couple of options and bingo ... you have working NAT. We discovered a not so nice bug in the user interface. When you are entering new port forwarding rules, and you type the port number directly into the spin boxes, the value is not held by the program. It's there on screen O.K., but we started having routing problems with errors like "forwarding to port 0 fails". Upon closer (and slower) inspection while entering information, I noticed the rules displayed were not updated when you manually enter a value. The value is updated when you use the spin box arrows for increasing and decreasing the port value. So as a work around you can just enter the port number, click up and down quickly, and then all is good. That's way easier than clicking up 3389 times to forward MS Terminal Services.
[time passes ...]
Wow ... I've been so busy I forgot all about this draft. I guess I should finish it off.
I want to pump up an open source project I stumbled upon from a recommendation off the kolab-users mail list. It is an LDAP editor called luma. It can be found here : http://luma.sf.net. Since I had been doing so much work with LDAP inside Kolab, and writing up a bunch of kolab utility scripts to dump the LDAP data, and restore. I checked it out.
I was way impressed. The app is so simple, yet so powerful. You have an interface to add your servers you want to connect to. Just have your bind dn handy and whatnot. The main interface you can flip between an address book, object browser, admin utilities (for creating passwords and such), schema browser, search functions. You have all of your LDAP data right at your fingertips. This has come in so handy. I can not even count the number of times I have used it in the last few weeks.
Trying to debug LDAP replication in Kolab, and with Horde prefs stored in LDAP. Buggy user interfaces for deleting users. It's nice to have a super fast and simple way to see what the LDAP server thinks is going on. Not to mention the easy ability to modify or remove data. It is a fantastic tool, and I highly recommend trying it out.
On a slightly funny note, when I was at Gregg's doing the install, I ended up staying for diner. His wife Kerry had made a stirfry. I'm not a big shellfish eater. But the stirfry was very good, I just avoided the shrimp. Actually his children referred to the shrimp as "mushrooms". Just a few more mushrooms. I got a real kick out of his daughter ... just a few more mushrooms. I watched as mom looked rather unimpressed as her baby was taking all of the shrimp and skipping the veggies. Just one more? take one ... O.K. just one more mom? I got a charge out of it. Just one more mushroom. Kids make me laugh sometimes. ¶ 8:40:00 AM 0 comments
The actual installation went fairly smooth. The box came up no problems. I configured all of the virtual interfaces with ease. The servers were all running and operating properly. I thought we would have no issues. Then we came to the point in time when we needed to actually set up the network routing, and firewalling. Routing comes very simple in guidedog. Just click a couple of options and bingo ... you have working NAT. We discovered a not so nice bug in the user interface. When you are entering new port forwarding rules, and you type the port number directly into the spin boxes, the value is not held by the program. It's there on screen O.K., but we started having routing problems with errors like "forwarding to port 0 fails". Upon closer (and slower) inspection while entering information, I noticed the rules displayed were not updated when you manually enter a value. The value is updated when you use the spin box arrows for increasing and decreasing the port value. So as a work around you can just enter the port number, click up and down quickly, and then all is good. That's way easier than clicking up 3389 times to forward MS Terminal Services.
[time passes ...]
Wow ... I've been so busy I forgot all about this draft. I guess I should finish it off.
I want to pump up an open source project I stumbled upon from a recommendation off the kolab-users mail list. It is an LDAP editor called luma. It can be found here : http://luma.sf.net. Since I had been doing so much work with LDAP inside Kolab, and writing up a bunch of kolab utility scripts to dump the LDAP data, and restore. I checked it out.
I was way impressed. The app is so simple, yet so powerful. You have an interface to add your servers you want to connect to. Just have your bind dn handy and whatnot. The main interface you can flip between an address book, object browser, admin utilities (for creating passwords and such), schema browser, search functions. You have all of your LDAP data right at your fingertips. This has come in so handy. I can not even count the number of times I have used it in the last few weeks.
Trying to debug LDAP replication in Kolab, and with Horde prefs stored in LDAP. Buggy user interfaces for deleting users. It's nice to have a super fast and simple way to see what the LDAP server thinks is going on. Not to mention the easy ability to modify or remove data. It is a fantastic tool, and I highly recommend trying it out.
On a slightly funny note, when I was at Gregg's doing the install, I ended up staying for diner. His wife Kerry had made a stirfry. I'm not a big shellfish eater. But the stirfry was very good, I just avoided the shrimp. Actually his children referred to the shrimp as "mushrooms". Just a few more mushrooms. I got a real kick out of his daughter ... just a few more mushrooms. I watched as mom looked rather unimpressed as her baby was taking all of the shrimp and skipping the veggies. Just one more? take one ... O.K. just one more mom? I got a charge out of it. Just one more mushroom. Kids make me laugh sometimes. ¶ 8:40:00 AM 0 comments
Saturday, January 07, 2006
Projects, Shell Scripts & Fast Food
The new year is upon us, and work is upon me! It has been a crazy busy year and we are only a week into it. It's been the good kind of crazy, but I'm pretty tired already. Things are rolling along, and I've pretty much wrapped up a couple of projects and about to get into a few new ones.
I had a meeting with a client this past week. It was basically a PR visit to go over all of the little changes made with Kolab + Horde in the last month. We set up SSL certificates for all domains, and we went through changes needed on the client applications. We did some testing on the Quota limits in Kolab, and what actually happens in Outlook, and Horde when your limit is breached. It was quite informative. I am always humoured by windows. I actually witnessed one of the most bizarre settings in my mind. On the laptop we were using, I unplugged the network cable from the wall. A few seconds later back in ... but no network. Travis fixed a wonky setting which basically tells windows "if the network is unplugged, then just shut down the card, but don't bring it back up when you have network again". It is beyond me why anyone would ever want that, but some do I guess.
Ray and myself were at Polaris last night to put the last features of the project into motion. We were to shut off the routing, and DHCP services from the windows 2003 server, and start them on the Atrium server. My routing and DHCP setup was all of about 15 minutes. (Thanks to guidedog, and ISC doing things right). We did spend a few hours getting things to work properly on the windows side. Granted the previous setup was just farked from the start. We found a few problems like having your domains at Netsol direct all other traffic (crap.domain.com, anything.domain.com) to an IP ... which happened to be the mail server. No wonder people were complaining about slow access. We finally got everything sorted out with the DHCP, and the DNS settings. Also set up internal Samba shares for access to the web servers. It's a nice warm fuzzy to be done with something.
Today I am heading back out to Gregg's to install a new Atrium server. I upgraded to Kubuntu (5.10). I had my own disc I burned ... not from Aaron Seigo (read here) hahaha. I upgraded the Kolab server to official release (I should really grab the latest 2.0.2 which was recently released). The Horde installation from current CVS seems to work with no problems. It's the latest and greatest. I'm ready to rock and roll on this one. It was a lot of prep work (of which I still have some final prepping to go through). Another project almost finished.
During my testing of upgrading an Atrium installation (with a Kolab installation + Horde). I ended up writing a suite of shell scripts that do some handy little things for you with the Kolab back end. I already had mass user import scripts, so I added those in as well. I wrote some scripts to do on line and offline LDAP backups, and reload the LDIF data back into a new server. I also wrote a script to import the IMAP data (providing a path to it on the local machine) so all of the users email is still there. I did some testing, and more testing, and debugging, and more testing. I finally got it to work from a fresh Kolab installation, bootstrap, dump the old Installation, tar up the data, copy to new server, and run the scripts. Everything installed and is working. From the admin interface with account manipulation to IMAP mail read through Horde. I was impressed.
The actual code for the scripts is not overly special. Basically an include to set out binaries and paths to use. Variables for LDAP binding and whatnot. I was quite proud of myself because for the first time in my life I actually used awk in a shell script. That's right I used awk. I was quite impressed with myself. I was showing them to Aaron and he had some ideas on how to use them withing the Front end for Atrium. So I started adding getopts functionality to the scripts so we can add command line args as needed. It's pretty sweet.
With all that has been going on lately, I have no time for friends, no time for fun, I barely even get to relax. I don't even have time to cook. You know you are busy when I look forward to getting Subway, and eating in front of my computer while I am writing emails (work related). My treat was fast food that I got to eat during work. I am looking forward to getting some McDonalds tonight and watching the late Hockey Night In Canada Game. *sigh* ... I'm not complaining ... I planned on focusing on work right now ... but a little break tonight would be nice. ¶ 9:17:00 AM 0 comments
I had a meeting with a client this past week. It was basically a PR visit to go over all of the little changes made with Kolab + Horde in the last month. We set up SSL certificates for all domains, and we went through changes needed on the client applications. We did some testing on the Quota limits in Kolab, and what actually happens in Outlook, and Horde when your limit is breached. It was quite informative. I am always humoured by windows. I actually witnessed one of the most bizarre settings in my mind. On the laptop we were using, I unplugged the network cable from the wall. A few seconds later back in ... but no network. Travis fixed a wonky setting which basically tells windows "if the network is unplugged, then just shut down the card, but don't bring it back up when you have network again". It is beyond me why anyone would ever want that, but some do I guess.
Ray and myself were at Polaris last night to put the last features of the project into motion. We were to shut off the routing, and DHCP services from the windows 2003 server, and start them on the Atrium server. My routing and DHCP setup was all of about 15 minutes. (Thanks to guidedog, and ISC doing things right). We did spend a few hours getting things to work properly on the windows side. Granted the previous setup was just farked from the start. We found a few problems like having your domains at Netsol direct all other traffic (crap.domain.com, anything.domain.com) to an IP ... which happened to be the mail server. No wonder people were complaining about slow access. We finally got everything sorted out with the DHCP, and the DNS settings. Also set up internal Samba shares for access to the web servers. It's a nice warm fuzzy to be done with something.
Today I am heading back out to Gregg's to install a new Atrium server. I upgraded to Kubuntu (5.10). I had my own disc I burned ... not from Aaron Seigo (read here) hahaha. I upgraded the Kolab server to official release (I should really grab the latest 2.0.2 which was recently released). The Horde installation from current CVS seems to work with no problems. It's the latest and greatest. I'm ready to rock and roll on this one. It was a lot of prep work (of which I still have some final prepping to go through). Another project almost finished.
During my testing of upgrading an Atrium installation (with a Kolab installation + Horde). I ended up writing a suite of shell scripts that do some handy little things for you with the Kolab back end. I already had mass user import scripts, so I added those in as well. I wrote some scripts to do on line and offline LDAP backups, and reload the LDIF data back into a new server. I also wrote a script to import the IMAP data (providing a path to it on the local machine) so all of the users email is still there. I did some testing, and more testing, and debugging, and more testing. I finally got it to work from a fresh Kolab installation, bootstrap, dump the old Installation, tar up the data, copy to new server, and run the scripts. Everything installed and is working. From the admin interface with account manipulation to IMAP mail read through Horde. I was impressed.
The actual code for the scripts is not overly special. Basically an include to set out binaries and paths to use. Variables for LDAP binding and whatnot. I was quite proud of myself because for the first time in my life I actually used awk in a shell script. That's right I used awk. I was quite impressed with myself. I was showing them to Aaron and he had some ideas on how to use them withing the Front end for Atrium. So I started adding getopts functionality to the scripts so we can add command line args as needed. It's pretty sweet.
With all that has been going on lately, I have no time for friends, no time for fun, I barely even get to relax. I don't even have time to cook. You know you are busy when I look forward to getting Subway, and eating in front of my computer while I am writing emails (work related). My treat was fast food that I got to eat during work. I am looking forward to getting some McDonalds tonight and watching the late Hockey Night In Canada Game. *sigh* ... I'm not complaining ... I planned on focusing on work right now ... but a little break tonight would be nice. ¶ 9:17:00 AM 0 comments
