Configuration and Maintenance Burgess, Ch.7.
-
Upload
nelson-montgomery -
Category
Documents
-
view
214 -
download
0
Transcript of Configuration and Maintenance Burgess, Ch.7.
![Page 1: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/1.jpg)
www.infotech.monash.edu
Configuration and Maintenance
Burgess, Ch.7
![Page 2: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/2.jpg)
www.infotech.monash.edu
2
Co
nfig
uratio
n an
d M
ainten
ance
Introduction
• Configuration – How to initially setup system as required
• Maintenance – How to keep it that way!!
• Systems tend towards disorder during use• There are more ways for disorder to occur
![Page 3: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/3.jpg)
www.infotech.monash.edu
3
Co
nfig
uratio
n an
d M
ainten
ance
Setting Policies
• Definition– A clear expression of goals and responses
– Prepares for possible errors or problems
– Documents Intent and Procedure
• Necessary in medium to large organisations or where many administrators co-operate
• Helps to align system operation with organisational objectives
![Page 4: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/4.jpg)
www.infotech.monash.edu
4
Co
nfig
uratio
n an
d M
ainten
ance
System Policy includes:
• Organisational rights and responsibilities• User rights and Account procedures• Network infrastructure and access rights• Application limits and responsibilities
– FTP, eMail, Printing, Web pages, CGI
• Security and Privacy
Example:– http://www.its.monash.edu.au/policies/
![Page 5: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/5.jpg)
www.infotech.monash.edu
5
Co
nfig
uratio
n an
d M
ainten
ance
Network Policy
• Network structure derived from– Design or Functional requirements
– Geography or Building constraints
– Network Engineering constraints
• Policies should relate to operational goals– Small organisation – resource sharing
> single network, repeaters/switches
– Bigger organisation – sharing & reduced traffic> Subnets – switches/routers
![Page 6: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/6.jpg)
www.infotech.monash.edu
6
Co
nfig
uratio
n an
d M
ainten
ance
Network Policy (cont’d)
• Segmentation– Subnet addressing
– Logical to physical address mapping (VLANs?)
– Port Blocking? Different on each subnet?
– Blocking at Firewall or Router?
• Address configuration– IP - Static /etc/hosts, RARP, BOOTP, DHCP
• Name Resolution– IP – DNS, WINS
• Directory – LDAP, MS PDC, Novell NDS
![Page 7: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/7.jpg)
www.infotech.monash.edu
7
Co
nfig
uratio
n an
d M
ainten
ance
Applications Policy
• TFTP/FTP – Anonymous, Read-Only ?• SMTP
– Name aliases (eg [email protected])– File size and type limitations (ie attachments)– SPAM filtering– Virus checking
• HTTP– Content & Style guides, plagiarism, authorisation?– CGI / Modules allowed?
(eg Apache mod_perl, mod_ssl)– Load Limiting
![Page 8: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/8.jpg)
www.infotech.monash.edu
8
Co
nfig
uratio
n an
d M
ainten
ance
Resource Sharing Policy
• Printing– Personal printing? Page count quotas?– Colour vs Monochrome
• File Systems– Common/Shared directories? Read-only?
• Backups– Global or Local?– Image or File?– Archival or Incremental?
![Page 9: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/9.jpg)
www.infotech.monash.edu
9
Co
nfig
uratio
n an
d M
ainten
ance
Network Security Policies
• Physical security of Servers & Workstations• File/Directory/Resource access control lists
– UFS, NFS, Kerberos, NIS+, PDC, NDS
• Superuser/Administrator Passwords• Enforced password aging and format rules• License servers• Logging and Auditing• Encryption tools supported?
![Page 10: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/10.jpg)
www.infotech.monash.edu
Some Common Configuration and Maintenance activities
![Page 11: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/11.jpg)
www.infotech.monash.edu
11
Co
nfig
uratio
n an
d M
ainten
ance
Synchronisation
• Keeping the time-of-day clocks set correctly on all hosts within a network
• Many security and maintenance tasks depend on time-of-day or elapsed time
• Hardware clock accuracy varies greatly• Can use UNIX script (rsh command)• Better to use NTP
(xntpd or shareware available for most OSes)
![Page 12: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/12.jpg)
www.infotech.monash.edu
12
Co
nfig
uratio
n an
d M
ainten
ance
Executing Scheduled Tasks
• Most host management systems require regular execution of housekeeping tasks
• This is a key feature in most configuration management systems
• Unix cron service– crontab command– /etc/crontab file format
• Windows Schedule service– at command
![Page 13: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/13.jpg)
www.infotech.monash.edu
13
Co
nfig
uratio
n an
d M
ainten
ance
Unix cron service
• To edit a user crontab: crontab –e• To list user crontab entries: crontab –l –u <user>• crontab format:
min(0-59) hr(0-23) day(1-31) mth(1-12) weekday(M-S) ShellCmd‘*’ in any position means ‘any’ #Run script every weekday morning Mon-Fri at 3:15am15 3 * * Mon-Fri /usr/local/bin/script
# The root crontab0 2 * * 0,4 /etc/cron.d/logchecker5 4 * * 6 /usr/lib/newsyslog0 0 * * * /usr/local/bin/cfwrap /usr/local/bin/cfdaily30 * * * * /usr/local/bin/cfwrap /usr/local/bin/cfhourly
![Page 14: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/14.jpg)
www.infotech.monash.edu
14
Co
nfig
uratio
n an
d M
ainten
ance
Automation
• Configuring and maintaining any non-trivial network can be a heavy workload….
• Automation hides the effort required, increasing the “efficiency” of administrators
• But may increase reliance on net services• Therefore wont work well if net unreliable!!
![Page 15: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/15.jpg)
www.infotech.monash.edu
15
Co
nfig
uratio
n an
d M
ainten
ance
Automation Tools
• Most Admin tools provide one or both of– Administrator control interface (manual)– Cloning of existing reference system (mirror)
• These may have friendly GUI but often don’t provide autonomous activity
• Allow a human manager to tweak things• Most are management frameworks for executing scripts (in
shell or perl)
![Page 16: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/16.jpg)
www.infotech.monash.edu
16
Co
nfig
uratio
n an
d M
ainten
ance
Automation Tools(see Burgess, Page 156…)
• Examples include:– Tivoli
– HP OpenView
– Microsoft SMS
– Sun Solstice
– Host Factory
– GNU/Linux tools
• Problems may include
– Limited functions, e.g., lack of autonomous behavior
– Potential for compromised security over the network
– Complexity
– Open problems in rigidness and flexibility
![Page 17: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/17.jpg)
www.infotech.monash.edu
17
Co
nfig
uratio
n an
d M
ainten
ance
Scripting Languagesused by Automation Tools
• Shell and CLI: native to Host OS– Most common…
• Perl• Python• PHP
![Page 18: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/18.jpg)
www.infotech.monash.edu
18
Co
nfig
uratio
n an
d M
ainten
ance
Monitoring Tools
• Unobtrusively gather data about network or host behaviour (ie Audit)
• Usually leave analysis of data until later• When specified parameters exceed pre-defined limits, an
alarm can be raised (eg send email or SMS or pager message)
• Alarm may trigger maintenance activity• In future, Neural network or Semantic analysis may be used
to interpret these logs and perform complex autonomous maintenance
![Page 19: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/19.jpg)
www.infotech.monash.edu
19
Co
nfig
uratio
n an
d M
ainten
ance
SNMP Tools
• Simple Network Management Protocol• Useful for accessing management information from
networked devices (managed devices)• Requires user knowledge of MIB (managed information
base) structure• Focus in message exchange syntax rather than information
content….• snmpwalk, snmpget• Other APIs encapsulate SNMP tools
![Page 20: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/20.jpg)
www.infotech.monash.edu
20
Co
nfig
uratio
n an
d M
ainten
ance
Preventative Maintenance
• Determine system policies– Define what is expected and how to respond to failure
• SysAdmin team agreement• Enforce policies – inspect and repair• Educate users in good and bad practice• Care for special users.
– Catering to mission critical or power users can save time and effort later
![Page 21: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/21.jpg)
www.infotech.monash.edu
21
Co
nfig
uratio
n an
d M
ainten
ance
Preventative Maintenance in general
• Don’t rely exclusively on outside support• Educate users by posting information in a clear and friendly
way• Make rules and structures as simple as possible• Keep valuable information about configurations securely
and readily available• Document all changes so that other who may rebuild can
incorporate them• Work defensively• If it ain’t broke, don’t fix it• Redundancy provides fallback in case of a crisis
![Page 22: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/22.jpg)
www.infotech.monash.edu
22
Co
nfig
uratio
n an
d M
ainten
ance
Other Preventative measures
• Garbage Collection– Disk tidying – deleting old or temporary files, flushing caches and
out-of-date documents
– Process management – removing orphan and run-away or hung processes
• Productivity or Throughput– Priorities and Quotas – can prevent rogue processes flooding disk
or overloading CPU, but can also interfere with legitimate short term overloads (eg compiles or compute bound process)
![Page 23: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/23.jpg)
www.infotech.monash.edu
Cfengine
An environment for turning system policy into automated maintenance actions
![Page 24: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/24.jpg)
www.infotech.monash.edu
24
Co
nfig
uratio
n an
d M
ainten
ance
Cfenginesee Burgess (1st Edn Pg 158, 385)
• Use cron to start cfengine at regular intervals• cfengine is a language used to define policies and a run-time
environment (or robot) to interpret and implement these policies
• cfengine is about:– Defining how all hosts in network are to be configured
– Writing this is a ‘program’ to be read by all hosts
– Running this program on each host to check and fix its own configuration
![Page 25: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/25.jpg)
www.infotech.monash.edu
25
Co
nfig
uratio
n an
d M
ainten
ance
cfengine capabilities
• Check and configure network interface• Edit text files for system or users• Make/maintain symbolic links• Check and set file permissions• Delete ‘junk’ files• Automatic ‘static’ mounting of NFS files• Checks for presence of important system files• Controlled execution of user scripts• Process management
![Page 26: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/26.jpg)
www.infotech.monash.edu
26
Co
nfig
uratio
n an
d M
ainten
ance
cfengine programs
• cfengine.conf contains several action-type sectionsaction-type:
classes::list of actions
• Sections may be in any order, but are executed in order set by the actionsequence parameter of the control action-type
• Classes is a single or compound expression identifying:– Operating systems
– Hosts
– Times and days
– A user defined string
• Actions are only performed if the classes:: expression is true for the current machine
![Page 27: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/27.jpg)
www.infotech.monash.edu
27
Co
nfig
uratio
n an
d M
ainten
ance
Data Configuration & Management
• Databases required as web back-end– Usually SQL based
• Database used as parameter storage– LDAP
– Other proprietary storage (eg NDS, Active Directory)
![Page 28: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/28.jpg)
www.infotech.monash.edu
The following slides are overflow slides only. They are not to be the basis for examinable/assessable content.
(end)
![Page 29: Configuration and Maintenance Burgess, Ch.7.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f145503460f94c28955/html5/thumbnails/29.jpg)
www.infotech.monash.edu
29
Co
nfig
uratio
n an
d M
ainten
ance
System vs Application configuration
• Modern trend toward implementing applications as collections of components
• Increasingly, system configuration includes configuration of applications too!
• Policies and Standards reduce variety and choice for users, but when implemented carefully, lead to economies of scale