Jason Antman’s Blog

I just purchased four new servers, and set out to find some good asset management software. Specifically, I’m looking for a PHP package that allows me to track the details of all of my hardware. While software and configuration tracking would surely be good for some applications, I already have a package to handle that.

I searched a few popular sites, including SourceForge, and came up with a dozen or so possibilities that looked good. They varied in level of detail and features, but all had one common failure – they lack an object-oriented or relational approach. What do I mean by that? Most of them are designed so that you enter data in a form, it goes into a database, and exists just as a table of data. Devices, networks, etc. exist independently.

What do I want? An object-oriented approach that can handle relationships between objects, and hierarchies. Lets design a few objects as examples: We’ll have Networks, Servers, Interfaces, Switches, Hard Drives, and UPSs. They each represent the real-world hardware. An interface, for our purposes, will be a physical way of connecting two devices – an NIC, serial line, etc.

If you’re experienced in object-oriented programming, you can think of relationships as inheritance, with an added capability of other references.

Our Server object will represent a real-world server. It has components (other objects) such as Interfaces, Hard Drives, and others.

How does this all pull together?

We define, in our asset management software, a Server which has one Interface (Ethernet NIC called “NIC1″) and three Hard Drives (called HDD1-HDD3). The Interface, in turn belongs to a Network (LAN/VLAN), and has a field called “connection” which references a Interface of a Switch object, specifically Interface “Port1″ on Switch “Switch1″. We’ll define one Network called “LAN” which is identified by the 192.168.0 IP range (a field of the Network object). We create a Switch object, which belongs to LAN, has IP 192.168.0.2, and has 24 Interfaces, called “Port1″ through “Port24″. This represents a BayStack 450-24T Ethernet switch. We’ll also define a UPS called “SmartUPS”, which in turn has an Interface which is part of “LAN”, Connected to Switch1 on Port21.

Now, you see the concept beginning to emerge. We have, in essence, an inter-related mesh of objects representing physical hardware and its’ properties. This can all be thought of in a three-dimensional form, which represents the connections and relationships in our network.

The main two advantages of this approach are:
1) The ability to quickly recognize relationships between objects. If, for example, we looked at a summary page in Switch1, we would see a number of static fields describing its properties (manufacturer, model, IP, MAC, etc.) as well as a diagram of its’ relationships. Such a diagram would look something like:
Port1 -> NIC1 -> Server1
Port21 -> SmartSlotCard1 -> UPS1

It would also have a listing of Networks which this device is a member of, specifically:
LAN

In practice, on a web interface, each one of these entries would be a link to that object’s summary. Clicking on LAN, UPS1, Server1, etc. would show us the summary of that object, so that we can browse through our physical network. Clicking on LAN, for example, would show LAN’s properties, as well as all devices that are members of LAN (related to it).

The power of such an approach also relies on binding objects to specific pieces of hardware. For example, the disk drives in Server1 (HDD1, HDD2, HDD3) would in turn be references to objects representing actual physical assets. We can then move these assets around. For example, let’s say that we assign a unique serial number of 000306 at a physical hard drive. We now create an object for it, and reference HDD3 in Server1 to this object. If we reconfigure Server1 (physically) by removing HDD1 (000306) and place it on a shelf, we could then edit Server1’s HDD3 object to be “empty”, and have 000306 reassigned to an object “Shelf02″ that represents a physical storage location. By viewing the summary for Server1, we would see that HDD3 is “empty”, but if we viewed Shelf02, we would see that 000306 is there, waiting to be used. When we add a server, Server2, we could assign 000306 to that server, as, say, HDD2.

To give another example, UPS1 is an uninterruptible power supply. We can “assign” devices to it, such as Switch1 and Server1. Viewing a summary for UPS1 would show us that Switch1 and Server1 are connected to it. Similarly, viewing the summary for either Server1 or Switch1 would show us that they are connected to UPS1. If we add UPS2, we could simply edit the Server1 object so that it is connected to UPS2, and the UPS1 and UPS2 objects would show this change automatically.

2) Historical tracking. Every change would be accompanied by a person responsible, a date and time, a reason, and perhaps other information. Exactly how this would be implemented is not decided (whether relationships would be marked as ‘deleted’ or whether changes would be held in a separate table in the database), but the idea is that any object would also contain a history of relationships. From our previous examples, if we viewed a summary of Server1, we would see that the connection to UPS1 was severed on a specific date due to a reason such as “overload” and on that same date, the current connection to UPS2 was established. Similarly, if we view the summary for HDD2 on Server2, we would see that the object represents real-world hardware asset #000306. Viewing the summary for 000306 would show us that it is a 18.2 Gb SCSI drive in a Compaq hot-swap tray, and that it was originally installed in Server1, but moved on a certain date for a certain reason to Shelf02, and then later moved to Server2.

The implementation of this concept would most likely come about as a web-based PHP front-end with a MySQL database back-end. In order to achieve good functionality, there would be a simple interface with quick execution of common tasks. Most likely, the names I have used such as Server1, UPS1, HDD3 on Server1, etc. would just be reference names to a real-world hardware object, and its’ data object representation, identified by a unique ID. For example, the name HDD3 on Server1 would really just be a reference to 000306, a Hard Drive object.

If we physically removed this drive from Server1 and placed it on Shelf02, we would browse to the Server1 page in our web interface, and click on “HDD3″, which would bring us to a page representing 000306. We could then click on a “Move” link, bringing us to a form. This allows us to enter our name, date and time, reason, etc. and a new location of “Shelf02″. We click submit and the move information is entered into a table, which references all associated objects – Server1, HDD3 on Server1, 000306, Shelf02, etc. HDD3 on Server1 has the reference to 000306 removed, and a reference to a History object added. Shelf02 has a reference to the History object, as well as a reference to 000306, added.

Now, viewing HDD3 on Server1 would show that there is no physical device associated with it (empty), but would give a reference (link) to the 000306 drive, the History entry for the removal, and the current location of 000306 on Shelf02.

Ideas and Rants asset management, asset tracking, IT, object-oriented, relational

Those of us who are involved in the Linux community are often frustrated by the lack of widespread acceptance of Linux. Granted, I haven’t used all of the newest “desktop” distributions (’distros’), but I know that my choice – openSuSE – is far from being ready to compete with Windows for the novice user market. From the first few screens of the installation, it’s clear that this isn’t something for the uninitiated. However, to get off on a short tangent, openSuSE has also severely hampered access to the command-line-only, text-mode installation, which I need in order to install on many of my servers.

Granted, it will take a lot of work to get Linux to retain its’ strong points, and still be user-friendly for the non-technical user. However, there are three main points that I see as being the biggest problems for new users. All of which, coincidentally, are ones which some people would bill as strong points of Linux. And they all have to do directly with some of the founding principles of Linux – interoperability and choice.

A) Packaging.
Searching for a package for a linux system goes something like this: figure out what package format your distro uses, figure out the distro version and architecture, and then start checking the online repositories. If it’s something simple, you may be able to use a you distro-specific maintenance program to automatically upgrade it. If not, you can sift through the myriad online repositories for packages that fit your package manager (RPM, Apt, etc.) and your distro/architecture. If you have no luck there, find the package’s homepage, and hope someone has contributed packages for your distro and architecture – usually a hit-or-miss situation. Last but not least, when all else has failed, you choose either to compile from source yourself, or give up. Compiling from source not only requires some knowledge of your system, Linux, and the compilation sequence used by the software – hopefully the generic GNU-style ./configure, make, make install and not some more esoteric scheme. Furthermore, compilation requires a whole slew of tools to be installed on your system – make, gcc, autoconf, and may others, depending on package. While it’s not practical for people with limited resources, homogenous environments, or novice users, I operate in a largely heterogeneous environment – i586/compatible systems running SuSE 9.3-10.2 – and therefore maintain a dedicated system for compilation, if merited.

All of this complexity just enforces the novice’s idea that there is not much software available for Linux, as many novices are limited (due to technical knowledge) to the packages that come with their OS.

While there are a few schemes to standardize all of this, the real solution is quite complex, and would be based on a single package system to be adopted by all distros (beginning with the main ones). Such a system should have the following features:
1) Ability to work easily with all distros
2) I main configuration file which can define which directories to use – i.e. /etc, /bin, etc.
3) Support for both simple, novice-oriented interfaces and expert-level configuration
4) Multiple interfaces, including command-line, text/ncurses, GTK, and other graphical subsystems
5) A generalized package format that is non-distro-specific
6) Integration with an online master-list of repositories
7) Ability to search, download, and install packages from these repositories
Automatic update ability
9) Ability to mine the repositories for updates, and display a list on screen or emailed to a user account
10) Very good tools for easy compilation from source.

Some of these ideas would be incorporated in the tool itself, and some as add-on modules.

The features that I, as administrator of a largely heterogeneous network of about 10 machines, would most like to see are:
1) Truly automatic updates via list – select which packages can be automatically updated, and run a cron job nightly to check for any updates for those packages and automatically get and install them.
2) LAN-based updating – A single server on the LAN maintains a list (perhaps gathered via an automatic tool) of ALL packages installed on ALL LAN machines. Each night the configured clients will update this list over the network, and then the master server will download all available updates for all packages. Once this is complete, it will send a message to all LAN machines, which will then update their software from the central repository on the LAN. This would, in effect, automatically keep all LAN machines 1) on the same version of each package and 2) totally up-to-date.
Kernel updates would be done manually, but should have an option for the administrator to push the update to all machines.

B) Distro-specific tools, filesystem layout, etc.
This is not only a barrier for novice users, but experienced users as well. If you do a search online for Linux training, you will surely come by a nubmer of certifications – NCLE, RHCE, etc. The many distinct certifications – offered by each Linux vendor and independent training companies – underscore the inherent differences in Linux distributions. While I’m perfectly comfortable working with SuSE Linux (by Novell), if I was to sit down in front of a Gentoo system, I would probably be totally lost.

While the LSB project (http://www.linux-foundation.org/en/LSB) has aimed to provide compatibility between distros, there are three main points which must still be addressed:
1) The organization of filesystems on different distros, specifically the directory tree and default locations for certain components, still differs. In the interest of usability, the Linux directory tree should be standardized, so that locations of programs, files, etc. will be identical across distributions.
2) An effort needs to be made to make administration as similar as possible across all distros. This means that program names, functionality, location, etc. should be standardized as much as possible.
3) It seems that each distro has its’ own administration tool – YaST for SuSE, and others for other distros. An effort needs to be made to develop a tool encompassing all of the features in one, distro-neutral form. Webmin (www.webmin.com) has done this wonderfully in a web-based interface, but attention should be focused on a text-mode console version as well.

C) GUI
Perhaps the biggest hurdle for novices using Linux, and the biggest development challenge, is general ease of use. While the above two points may fall into this category, I am specifically referring to the general, day-to-day use of the operating system.

While I will not begin to suggest solutions, the main problems that I see are as follows:
1) The stability and security of Linux must be kept intact, unlike distros such as Lindows.
2) There must remain a way for advanced users to perform advanced tasks.
3) As much of the inner workings should be hidden from the end-user as possible, unless specifically requested.
4) I good system would have a field added to a users’ GECOS data specifying their level of “novice-ness” – i.e. allowing a dumbed-down interface for users while retaining a full interface with Expert features for those who want it.
5) “Mysterious” things such as file permissions should be hidden from novice-level users when not absolutely needed.
6) There must be a strong integration with “anti-mistake” tools and DWIM technology. The system itself should manage file permissions in a way that grants only the minimum needed access.
7) There should be good, strong mistake detection, specifically in terms of catching a user’s inadvertent changing of file permissions, deleting required files, etc.
Tools should be built so that the novice user is never required to login as root or run a root shell.
9) Perhaps, and I’m sure this is controversial, the root account should be given either CLI-only access, or should not have X running by default, so as to discourage novice users from running day-to-day tasks as root.

I’m sure I’ve missed a lot, and have also probably mentioned a number of things that are already in place. However, the bottom line is that Linux has to be able to achieve the easy of use and interoperability (between distros) that Windows currently has, while retaining the extensibility, advanced features, security, and stability that make Linux what it is.

Ideas and Rants compatibility, development, distribution, linux, novice, windows

I get paid tomorrow, and it’s time to spend some money. Sure, there are some great toys out there. The stuff from ThinkGeek is always great. What about that monitoring server I want? Or upgrading my LAN to gigabit copper?

Of course, there are also many charitable causes. The homeless. Cancer. Strippers without implants.

But this week, I’m going to do something different. I use Open Source software. My computers run Linux, this site is hosted by Apache, I use Firefox as a browser. I didn’t pay for any of these. But maybe I should, and the rest of us should too. What’s your favorite Open Source project? They probably accept donations. Projects like Mozilla and Apache even sell merchandise where some of the profit goes to support development. Organizations like the Free Software Foundation (FSF) and the Open Source Initiative (OSI) also accept donations, which they allocate to legal defense funds and grants to open-source projects.

So, this week, I’m going to do some good.

And for the rest of you, next time you notice a bug or miss a feature in an open-source project, just think… if everyone who used it donated $10, would it still be missing?

Ideas and Rants

So I decided to setup SSL on my Apache server. After looking around for ages, it seems that the answer to SSL Certs is that I need to buy one. There doesn’t seem to be any CA out there who will provide free certs that are accepted by most browsers.

So, this brings me into one of my favorite diatribes. The “Big Name” Conspiracy, as I like to call it.

Many many years ago, leading computer researchers began to connect their systems into a worldwide (or at least nationwide) network. The admin of each machine was trusted. There was a hosts.txt file distributed. Then computers came to the home, and with them, serial modems and connectivity. In the brief time before the ‘net turned into a wasteland, it was free. Free as in if you had a phone line, the hardware, and the knowledge, you could setup your own BBS or other server.

Skip forward to 2007. I pay exorbitant rates (well, about $40/month) for a residential fiber-optic connection. A few people I know can’t view my web site. Why? Because Verizon, my ISP, blocks incoming traffic on port 80 so that I can’t run a server. And they won’t give me a static IP, so I can’t run a server. Thankfully, the folks at DynDNS.org are fighting for us, and they give me free DNS, which I can even forward my domain name to. To get around Verizon, I forward HTTP traffic to a high-number unused port. Well, what do you know, a number of corporate Internet filters block all web traffic going to ports other than the defaults.

I wanted to send mail from a Linux machine. So, I configured Postfix and sent mail. Worked perfectly to a few addresses, but AOL, Verizon, Hotmail, Gmail, big companies – forget it. Rejected. Why? Because I have a dynamic IP, and my domain name doesn’t reverse-validate, so I must not be a legitimate user. There’s no way around it. Try sending mail from you@yourdomain.dyndns.org – I have yet to find a mailserver that will accept it.

What happened to the community environment of the ‘net? Yes, I know, it’s all in the name of “bettering” the ‘net, reducing spam, etc. But I have yet to find anyone who will whitelist my dynamic IP.

Maybe I’m just obtuse. Or angry. But it seems to me that there is a “conspiracy”, perhaps unspoken, among the Big Names out there to centralize the Internet, to prevent [I]people[/I] from participating.

I know I’m not the only person who has noticed this. While there are many people and companies out there valiantly fighting for freedom on the Internet, it seems that the majority of big companies, ISPs, hosting providers, etc. want the ‘net to be a one-way medium: content is provided by those who can pay for leased lines and IP blocks, and everyone else looks at it.

Running a group of servers – web, SMTP, IMAP, etc. – on a dynamic IP, I am acutely aware of exactly how much modern Internet technology relies on the fact that anyone who’s [I]providing[/I] the content has a static IP – and can pay the cost associated with it.

Getting back to the SSL cert, why isn’t there a reputable authority who provides free certificates? I have unlimited free long distance calls, I would be more than willing to call the DNS contact number for every applicant to validate.

And why hasn’t anyone developed a method of making a dynamic IP “look” static to the rest of the world – surely IANA should set aside a massive block of IPv6 for this, if not IPv4.

Ideas and Rants