00:10.01 | *** join/#gllug slaker (~slaker@cpc3-seve13-0-0-cust106.popl.cable.ntl.com) |
00:20.50 | *** join/#gllug londo (~georgiou@82.133.49.59) |
00:23.41 | *** join/#gllug eye69 (~magnus@yoshi.upcore.net) |
01:39.47 | *** join/#gllug Leeds (~richardc@www.scorefive.com) |
08:00.47 | hali | morning |
08:35.28 | *** join/#gllug flips_and_rails (~stu@dyn1241-34.vpn.ic.ac.uk) |
08:45.27 | *** join/#gllug DiscordianUK (~ch@fedora/DiscordianUK) |
09:08.48 | Mohan | morning |
09:24.25 | DiscordianUK | Morning |
09:51.03 | hali | hm, looks like it's time to jump ship and abandon nagios |
09:51.18 | hali | the nagios.org website does it best to get you to sign up to nagios.com |
09:52.26 | cpufreak | hali: if you want a nagios based solution |
09:52.28 | cpufreak | www.opsview.org |
09:57.26 | bilarh | opsview for the win, actually... |
09:57.33 | bilarh | i was sceptical at first, but it's actually a very good product |
09:57.46 | z00dax | hali: move to icanga for a nice sidegrade ? |
10:20.22 | hali | z00dax: yes, most likely, just waiting for the web ui to be final |
10:38.07 | Mohan | what is icanga ? google doesnt show any valid results related to network monitoring. |
10:38.46 | hali | icinga |
10:38.48 | hali | it's a fork of nagios |
10:39.04 | hali | proper DB support, improved web ui (not written as CGI in C) |
10:39.23 | hali | you can more or less move your old nagios conf over seamlessly |
10:39.48 | Mohan | sounds cool. let me have a look at it. |
10:48.31 | hali | bilarh: do you use the ent version or the free version? |
10:54.59 | bilarh | hali: of what? |
10:57.23 | gregj | hali: you mean it supports postgresql, and not mysql ? (as in, it does proper db support) |
11:02.38 | ChoHag | Capgemini have sent around an email to all contractors here asking us what we're doing and who we're doing it for. |
11:10.07 | hali | gregj: not sure of all flavors, it's got very good oracle support at least |
11:10.44 | *** join/#gllug Leeds (~richardc@pcd424250.netvigator.com) |
11:11.32 | gregj | who cares about oracle. expensive, and not much value above free postgresql. |
11:11.49 | hali | depends what you do |
11:11.57 | hali | postgres replication is sort of shit |
11:12.18 | hali | the partitioning implementation is so so |
11:12.33 | hali | analytics / window functions are getting there but not great |
11:12.57 | hali | it's years ahead of mysql in most terms, don't get me wrong, im a big postgres fan |
11:13.54 | ChoHag | But does buying Oracle for those features cost more or less than the cost of a postgres admin who can work around the lack? |
11:15.45 | wethrin | Oracle has the reputation for being rock solid, fast, and Just Damn Well Working (if you pay enough for Orrible consultants to tickle it right) |
11:15.56 | wethrin | there's a reason it's still used a lot |
11:16.55 | hali | a postgres admin can work around the lack of some features, far from all |
11:17.01 | hali | plus oracle rac scability can't be beaten |
11:17.06 | hali | at least not on x86 kit |
11:18.10 | hali | ChoHag: aren't you temping on one of the biggest oracle installations in europe? :) |
11:18.23 | ChoHag | I think so. |
11:18.31 | ChoHag | Doesn't increase my love for Oracle any. |
11:18.50 | hali | oracle is pretty good for setups that require any type of regulatory control |
11:19.20 | hali | sarbanes oxley etc |
11:19.56 | hali | and i can't even start thinking how to backup a 5Tb postgres install |
11:21.05 | wethrin | zfs snapshot |
11:21.05 | wethrin | hth |
11:21.22 | hali | can you get that consistant? |
11:21.26 | hali | plus zfs is crap for most db loads |
11:21.34 | hali | but yes, storage level snapshots is probably the way togo |
11:21.43 | wethrin | For most DBs, just give it a raw disk and say "Have fun" |
11:32.33 | bilarh | this made me lol: http://news.bbc.co.uk/1/hi/business/8535374.stm |
11:40.53 | *** join/#gllug flips_and_rails (~stu@cv-kraken.cv.ic.ac.uk) |
12:02.56 | *** join/#gllug dick_turpin (~sales@2001:0:53aa:64c:c8e:25c:26dd:5ce1) |
12:03.31 | dick_turpin | Afternoon all |
12:08.23 | boudiccas | good afternoon dick_turpin |
12:09.01 | dick_turpin | boudiccas: Hi gorgeous :-* and "Up yours antiphase :P |
12:09.27 | wethrin | Play nicely! |
12:10.37 | dick_turpin | wethrin: Oi I'm the victim here |
12:12.34 | wethrin | oh no you're not! |
12:15.22 | dick_turpin | Oh yes I am (Do I get to say Eeze behind you next?) |
12:15.30 | *** join/#gllug gregj (~gj@pointblue.com.pl) |
12:15.46 | *** join/#gllug z00dax (~kbsingh@chakra.karan.org) |
12:15.54 | *** join/#gllug zeroXten (~zeroXten@0x10.co.uk) |
12:21.49 | dick_turpin | Has anyone used that Skimp http://sites.google.com/site/jeromeboismartel/news/ssh-key-management-with-skimp as per the post on the mailing list? I liked the screenshots couldn't find any for Puppet |
12:25.22 | AndyMillar | dick_turpin: surely the right solution is ldap? |
12:27.07 | AndyMillar | as you're encouraging users to log in as root |
12:27.24 | dick_turpin | AndyMillar: Shock Horror, I have no idea or experience. I just like databases be they CRM, CMS or whatever. |
12:27.30 | AndyMillar | which means you have root logins enabled |
12:27.39 | AndyMillar | which is bad (oh so bad (oh so very bad)) |
12:27.46 | dick_turpin | Yeah I thought root logins was discouraged? |
12:29.30 | AndyMillar | it is |
12:30.30 | z00dax | dick_turpin: you want screenshots for puppet ? |
12:30.43 | dick_turpin | I only have one possibly two boxes I ssh to I always login as normal user then su - |
12:30.50 | dick_turpin | z00dax: Please |
12:30.58 | z00dax | ponders |
12:31.31 | dick_turpin | z00dax: Just want to know what it looks like I'll never be in a position to use it |
12:31.41 | z00dax | let me try |
12:33.12 | dick_turpin | z00dax: Cheers |
12:33.29 | dick_turpin | wethrin: See z00dax can play nice :-P |
12:34.42 | *** join/#gllug gregj (~gj@pdpc/supporter/student/gregj) |
12:35.06 | AndyMillar | dick_turpin: you su -? that's also bad, sudo su ftw |
12:35.43 | dick_turpin | AndyMillar: Noooo I hate sudo big girls workaround ;-) |
12:42.56 | z00dax | dick_turpin: this is how one would 'manage' that authorized_keys file in puppet |
12:42.58 | z00dax | http://gist.github.com/314511 |
12:44.49 | z00dax | but rather than manage the 'file' one would in most cases, manage the key with something like this |
12:45.03 | z00dax | http://gist.github.com/314515 |
12:47.19 | z00dax | using this ( http://gist.github.com/314515 ) you can add and manage things in the .ssh/config file as well, its just a case of adding a snippet. |
12:47.22 | dick_turpin | z00dax: So is that a sort of 'Note' entry or can it 'do' anything? (Man this is hard over IRC) |
12:47.22 | z00dax | let me do one |
12:49.37 | z00dax | http://gist.github.com/314515 < -- now check |
12:50.25 | z00dax | dick_turpin: ok, so how this works is that you would write notes ( your word ) or manifests ( what puppet calls them ), to define various things. it would / could be services, what rpms or deb's are to be installed, what users should exist etc |
12:50.43 | dick_turpin | K |
12:50.44 | z00dax | once they are done - a 'puppet' client on the machine would pull its manifests from a server, and apply them |
12:50.57 | dick_turpin | Aha K |
12:51.34 | dick_turpin | Yeah I see now, manifests is a better term |
12:52.33 | dick_turpin | So do you set the 'Clients' to check at regular intervals to see if the manifests have changed then? |
12:54.30 | z00dax | http://gist.github.com/314524 |
12:54.48 | z00dax | take a look at that - its not the best way to achieve the same result, but i think its the clearest way to understand what is going on |
12:55.20 | z00dax | the dick_turpin.pp is the manifest, which defines the user, the users' homedirectory, the .ssh dir under there and then the authorized_keys file. |
12:55.40 | z00dax | i then run puppet for that file, and you can see what all it does |
12:55.43 | dick_turpin | K |
12:56.20 | z00dax | in terms of updates to manifests, I tend to run puppet from cron checking from the puppetmaster every 3 hrs for changes. if i need to run it more frequently, just login and run by hand |
12:56.39 | dick_turpin | Does it create all of that then? From notice: //User[dick_turpin]/ensure: created onwards? |
12:57.07 | z00dax | yes, its done all this the notice: is just to let you know :) |
12:57.11 | dick_turpin | K (Cron ect) |
12:57.34 | z00dax | lunches |
12:57.42 | dick_turpin | z00dax: Cheers |
12:59.59 | antiphase | Chef > puppet |
13:15.42 | dick_turpin | Hm, cfengine? looks a little bit like Nagios? I take it its a complete management tool as opposed to a single role management application |
13:18.54 | ChoHag | There's a protestor outside with a placard saying "Beware Betfair" |
13:19.28 | dick_turpin | ? |
13:21.37 | ChoHag | There's only one of him. |
13:24.27 | dick_turpin | Betfair - fraud hell-hole, beware! http://forums.moneysavingexpert.com/showthread.html?t=234974 |
13:28.06 | z00dax | antiphase: in some cases, but for many puppet > chef. but to be honest, chef does not solve enough issues to merit a migration from puppet |
13:28.29 | z00dax | new people starting out now, have the choice. Also bcfg2 and cfengine3 are still fairly decent options. |
13:29.42 | z00dax | wonder what the state of kokki is |
13:32.27 | dick_turpin | Please no more cant keep looking at all these solutions :-) |
13:32.54 | londo | z00dax: I have a feeling that your authorized_keys solution has TOCTTOU issues |
13:35.40 | z00dax | possible, i was doing something that would result in verbose puppet output, without --debug,which would explain what was going on |
14:35.18 | *** join/#gllug DiscordianUK (~ch@fedora/DiscordianUK) |
14:46.19 | dick_turpin | See you moan about people then your boss (Not CYB) comes in and hands you a CD "Is it porn?" no its a David Bowie live cd which I'm now listening to! \0/ |
14:49.16 | *** join/#gllug Armand (~me@host86-147-194-89.range86-147.btcentralplus.com) |
15:00.36 | *** join/#gllug gethoper (~asdf@119.212.8.100) |
16:17.34 | kjs | hi |
16:58.10 | *** part/#gllug dick_turpin (~sales@2001:0:53aa:64c:c8e:25c:26dd:5ce1) |
18:07.21 | *** join/#gllug Armand|Laptop (~me@host86-134-39-198.range86-134.btcentralplus.com) |
19:10.10 | *** join/#gllug DiscordianUK (~ch@fedora/DiscordianUK) |
19:42.21 | *** join/#gllug Armand|Laptop (~me@host86-137-209-228.range86-137.btcentralplus.com) |
20:14.26 | *** join/#gllug Armand (~me@host86-137-209-228.range86-137.btcentralplus.com) |
20:48.11 | *** join/#gllug londo__ (~georgiou@georgiou-1-pt.tunnel.tserv5.lon1.ipv6.he.net) |
21:22.48 | *** join/#gllug londo (~georgiou@82.133.49.59) |
21:25.05 | *** join/#gllug DiscordianUK (~ch@fedora/DiscordianUK) |
21:38.56 | *** join/#gllug stu_ (~stu@dyn1241-34.vpn.ic.ac.uk) |
21:46.09 | *** join/#gllug DiscordianUK (~ch@fedora/DiscordianUK) |
23:35.19 | *** join/#gllug DiscordianUK (~ch@fedora/DiscordianUK) |
23:46.19 | *** join/#gllug Leeds (~richardc@pcd424250.netvigator.com) |