There's always been a fine line between a good sysadmin and a programmer. Capistrano is software built for Ruby on Rails to make deploys across multiple servers easy, however, the potential is much greater than just code deployment. I have recently grown in love with how easily I can run commands across groups of servers, and setting up Capistrano is not a difficult task. If you've ever configured password-less SSH access, you can get this up and running without much difficulty.

Over the weekend I spent some time learning how to configure OpenLDAP to provide a central login server at home. This is pretty useful since I was tired of either syncing UID/GID's across servers or setting directories to 777 on my NFSv4 server. I chose Fedora 12 as my OS for the server, and will show how easy it is to configure authentication on both Fedora and OpenSolaris.

I haven't had much time to continue work on FreePanel, but the Perl modules I've written have proven to be useful in cluster management. Take a look at the following diagram as an example scenario:

There's two key points to take away from that diagram.

• physical servers are load balanced using a single VIP (Virtual IP)
• the servers share access to a single storage mount

I use iSCSI from a giant ZFS storage pool in order to setup virtual machines. There's a couple advantages to this, as you get the power of ZFS snapshots and the ability to grow your virtual machine's disks fairly easily. To make administrating things a bit easier, I use one large iSCSI target and put LVM on top of this. So really this article will apply to anyone that wants to use logical volumes for their disks, which is much preferred over using files.

I'm going to be describing this process using Fedora, but any Linux that is using iscsiadm should use the same sort of configurations. To start off make sure you have the proper packages installed.

If you've already got an OpenSolaris based NFS server, you may be interested in serving iSCSI targets. For me, this is incredibly useful with the right network configurations and a machine running KVM based virtual machines.

When picking out a solution for your central file server, there is of course many options. None of them quite stack up to the ease of administration and redundancy, out of the box, as OpenSolaris and ZFS provide. With ZFS you can build cheap storage arrays with disks of varying size and different levels of redundancy. For this setup I'm going to go with a basic raidz configuration using 4x 1TB SATA drives.

What's been keeping me busy? Well I've been working for a managed hosting company (DataPipe) and that has been the biggest source of time suck for me. Outside of that I've been working on some Perl modules to make administrating load balanced servers as easy as possible. For now, read the source if you want to know more:

FreePanel

Here I show how to setup a secure SSH server that could be used for SFTP. It limits the users to what they can do and what commands they have access to. Could even be configured as a way to allow ssh tunneling for your friends/family who don't have the ability to do this themselves. The chroot jail stops the users from getting access to anywhere else on the system and keeps you from worrying about users messing around with key system components.

When setting up an Apache server on a Debian host, you should tweak a few things to prevent malicious users from breaking into your system. Here I discuss my takes on what steps to take to reach this goal.