Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network...
-
Upload
gabriella-henry -
Category
Documents
-
view
225 -
download
0
Transcript of Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network...
![Page 1: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/1.jpg)
1
Workstations
CPTE 433 Chapter 3Adapted by John Beckett
from The Practice of System & Network Administrationby Limoncelli, Hogan, &
Chalup
![Page 2: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/2.jpg)
2
Define “Workstation”
• Used by a single individual– Or perhaps a kiosk used by a single individual
at a time– A lab computer is a form of kiosk– May be remotely used (yours, for example)
• There are many deployed• It is to our advantage to have them
identical– Easier to manage
• Need a carefully-defined life cycle
![Page 3: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/3.jpg)
3
Managing Operating SystemsThree Tasks
1. Loading the system software and applications
2. Updating the system software and applications
3. Configuring network parameters
Automating these procedures is the key!
![Page 4: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/4.jpg)
4
Evard’s Life Cycle of a Machine
Configured
Off
UnknownClean
New
Rebuild
Update
Debug
EntropyInitialize
Retire
Build
Figure 3.1
Only useful state
![Page 5: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/5.jpg)
5
Lessons from Evard
• Identifiable states and transitions exist.
• The computer is usable only in the configured state.
• Negative state changes happen by themselves.
• CSA effort is required to make positive state changes.
• Automating positive state changes helps.
![Page 6: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/6.jpg)
6
What is a “First Class Citizen?”
• A device that receives full support.• Other devices may get:
– Networking support– Limited-time support – “Best-effort” (ie, left-over time)
![Page 7: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/7.jpg)
7
Why “promote” an undesired device or configuration?
• It is politically necessary to tolerate it.
• Botched installation/configuration by users is creating problems.
• Perhaps it is something you ought to learn to like!
![Page 8: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/8.jpg)
8
Questions For Vendors
• How are SA processes automated in your product line?
• What is the deployment cost?– This must be added to what we have to
pay you, so it affects your competitive position.
![Page 9: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/9.jpg)
9
Why Not Hand-Load Software?
• Mistakes. – It simply doesn’t work right because
someone got something wrong.• Non-uniformity.
– Each difference means we might have difficulty tracking down yet a different problem.
![Page 10: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/10.jpg)
10
Is Your System Automated?
• “You just run this little script after the download…”
• Duh…that means somebody has to:– Wait until the download completes– Notice the download has completed– Run the script– Wait for the script to complete– Note that the script completed correctly
![Page 11: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/11.jpg)
11
E.T. Call Home
The final step in a deployment script should be to send an email to the perpetrator giving…– Which machine this is– What script was run– Status details as of completion
![Page 12: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/12.jpg)
12
How Do You Get There From Here?
• Document manual steps carefully• Package steps in a script• Proof the script
– Consider possible variations it might encounter
• Comment the script• This takes time
– …but if you’re doing the same thing a lot, it saves time
![Page 13: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/13.jpg)
13
Partial Automation
• Document the process.• Make notes on the documentation.• Watch for opportunities to turn…
– a documented procedure – into an automated procedure
![Page 14: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/14.jpg)
14
Vendor Installations
• You don’t know what’s really in there.• They may change their “standard”
installation without telling you.• You don’t know if you can replace it.
– Do you even have all the pieces (drivers especially?)
• If you didn’t install it and the vendor didn’t install it from your images, you don’t know what is there!
![Page 15: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/15.jpg)
15
Update - Host is in a usable state
• You are changing the status from “configured” to “unknown” and then back.
• That’s two transitions, not one!
![Page 16: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/16.jpg)
16
Update – The host is in an office
• Ideally you can do the update from your desk.
• In the case of heavy network traffic needed, you might wish to have a special room where hosts to be updated can be taken so that their traffic is isolated.
![Page 17: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/17.jpg)
17
Update – No physical access
• Physical visits cost time and money.• A visit might not work because:
– The person might not be there.– The person might be in the middle of an
important task.– The whole office might be locked.
• Updates should be possible from wherever you are.
![Page 18: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/18.jpg)
18
Updates – The host is already in use
• This is no time to do something that will mess it up!
• Have a backup plan in case of disaster.
![Page 19: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/19.jpg)
19
Updates – The host may not be in a “known state.”
• Automation must be done more carefully than at initial load time.
• This is a good reason for “unknown” to be considered the same as “new”.
![Page 20: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/20.jpg)
20
Updates in a 24x7 age
• The host may have “live” users– Can’t be taken down while they’re on.– SMS can hold updates until a user logs
off.– Bell Labs has an Auto Patch system for
the same purpose.• The host may be gone, e.g. laptop.• The host may be dual-boot.
![Page 21: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/21.jpg)
21
Patch Propagation
A patch can actually create problems. So stage it:
• One machine.• A few more – perhaps other SAs.• Many.
– Save the automated update for the “many” stage.
![Page 22: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/22.jpg)
22
What About Stop-Gaps?
• You have a need that isn’t on the standard load
• You implement the change
• Put it into a ticket!
![Page 23: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/23.jpg)
23
Rogue DHCP Servers
• Router connected backwards• “I was just trying LINUX”
– And he loaded “everything” (and activated it.)
• Internet Connection Sharing– Example: Southern Village. Second NIC
in a student’s computer is used to connect to cable modem. He wishes to share the bandwidth with a friend in Talge.
![Page 24: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/24.jpg)
24
Symptoms of a Rogue
• As machines are rebooted, they act strangely and sometimes don’t get an IP address.
• DHCP renewal often takes a surprisingly long time.
• Refreshed Ethernet links get strange addresses (which may or may not “work”).
![Page 25: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/25.jpg)
25
Tracing a Rogue
Collect all information you can.• From a computer getting a bad IP address:
– What IP address were they getting?• (192.168.0.x may mean “D-link router”).
– What is the IP address of the DHCP server?– From another LINUX machine, use arp –a
• And “grep” for the IP address to pick up the MAC address.
• Temporarily turn off your DHCP server and refresh a workstation
![Page 26: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/26.jpg)
26
“Sharing”
Computer 1
Wireless(shared)
Wired192.168.0.1
Hub or
Switch
Computer 1 has a wirelessConnection to the building’sNetwork so they can getthrough your firewall. That connection isshared so others can havethe same privilege.
Sharing means the other NICis now functioning as a DHCP server!
Now other machines inyour network may bereceiving DHCP from thiscomputer!
![Page 27: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/27.jpg)
27
Another way to share
• Use Bridged sharing• Connects your network with
whatever network they’ve connected to– Connects the DHCP server on the
wireless network they are “sharing”, with your workstations
– So the rogue DHCP server is actually not in your building!
![Page 28: Workstations CPTE 433 Chapter 3 Adapted by John Beckett from The Practice of System & Network Administration by Limoncelli, Hogan, & Chalup 1.](https://reader035.fdocuments.in/reader035/viewer/2022062216/56649e155503460f94b00195/html5/thumbnails/28.jpg)
28
What Good is a MAC address?
• It may be in your database.– The machine has been “upgraded” to a
new one and somebody tried something with the old box.
• You can look up the Ethernet vendor to see what brand it is – narrowing down the field.
• Intelligent switches can be queried as to the physical location of a specific MAC.
• But remember, a MAC address can be changed or even spoofed.