|
Fiendish Dr. Wu posted:a dynamic iptables manipulation daemon, written in Python, and backed by ZooKeeper Right?! People were laughing at Facebook for spending a billion dollars on "a dumb photo app" but holy poo poo they bought some smart as gently caress engineers (also a zillion more users.)
|
# ? Mar 2, 2016 00:09 |
|
|
# ? May 27, 2024 08:23 |
|
Japanese Dating Sim posted:I'm looking to dip my toe into WDS to get multicast and PXE boot working. Right now I just do MDT and boot off a USB stick prepared with the LiteTouch ISO file. That seems a little weird for a problem that's normally solved on your DHCP servers (at least that's how we do it), but it looks like that would work.
|
# ? Mar 2, 2016 00:18 |
|
hihifellow posted:That seems a little weird for a problem that's normally solved on your DHCP servers (at least that's how we do it), but it looks like that would work. Yeah, this is a weird environment. I do not touch: AD User accounts DHCP Networking etc. though I probably could talk to them if needed. But we control our own OU, maintain our own images, storage/application servers, inventory, purchasing, Tier 1/Tier 2 support, etc. I would like to get into a more holistic (if that's the right word) environment but this is what I've got now.
|
# ? Mar 2, 2016 00:24 |
|
If you do your own networking then can't you lock WDS access down on your routers? Eidt: Ah, don't touch. Are you on your own subnet? I'd ask the network guys to help you here.
|
# ? Mar 2, 2016 00:26 |
|
Thanks Ants posted:If you do your own networking then can't you lock WDS access down on your routers? Sorry, post might not have been clear but that's one of the things we don't control. We've got a few subnet ranges that are ours to play with as far as reserved IPs and such but networking's handled by our "Central" team. This is semi-common in University settings, for what it's worth. I wish it was all centralized but we're all currently in our own fiefdoms. Fake edit: Wrote before your edit. Yeah, I should start with networking. I know another school here (the computer science school, naturally) has a much better environment than I walked into, and they've got WDS going so I'm planning on talking to them and see what they had to go through to get it working.
|
# ? Mar 2, 2016 00:29 |
|
Sickening posted:I am sure the installer isn't intentionally trying to save 10 cents on a cable. Goons always expecting the most nefarious of intentions I swear to god. I did not imply nefarious intentions. I get how it happened. It's just silly and careless. It is not hard to use modern cabling when installing gigabit internet connections.
|
# ? Mar 2, 2016 00:30 |
|
Japanese Dating Sim posted:Sorry, post might not have been clear but that's one of the things we don't control. We've got a few subnet ranges that are ours to play with as far as reserved IPs and such but networking's handled by our "Central" team. If you have clearly(ish) defined subnets for client devices and another one for servers then limiting access to WDS might just be a case of not putting the IP helper rules in anywhere but the subnets you look after.
|
# ? Mar 2, 2016 00:32 |
|
Internet Explorer posted:Why wouldn't he care? If they are installing gigabit fiber they should be using at least Cat5e on their LAN-side equipment. https://en.wikipedia.org/wiki/Gigabit_Ethernet#1000BASE-T I would be surprised if it wasn't cat5e, but even if it's not, it literally does not matter. Unless there are serious crosstalk issues at hand or they're reaching the cable length limit it doesn't matter. You're talking about gigabit like this is something brand new and shiny. Its not. It's been around for ages and the problems were shook out ages ago.
|
# ? Mar 2, 2016 00:48 |
|
H110Hawk posted:https://en.wikipedia.org/wiki/Gigabit_Ethernet#1000BASE-T So, you use Cat5 in your server racks (that aren't 10g)?
|
# ? Mar 2, 2016 00:52 |
|
Judge Schnoopy posted:Nah it's just not my thing. I script anything I can in powershell, and have used Python for a few non-domain things, and enjoy that immensely. But trying to script network config changes on cisco ios, which is very user oriented (steps through series of commands and feedback instead of allowing piped one-does-all commands) tickles part of my brain that screams "no don't get out now!" You need to discover the python library 'pexpect' for CLI shenanigans in python. It's like TCL Expect but for python, of course. Granted, I'm hugely biased toward Python as my weapon of choice, but my use case is a bit different than DevOps. It's enormously flexible and well suited to pick up the network management tasks that fall in the cracks of most Network Management Tools. I know some of the guys here use it for UAT environments that aren't managed by our NCM.
|
# ? Mar 2, 2016 00:58 |
|
ChickenWing posted:I had my ISP come in and install gigabit fiber and then he used a cat5 cable to connect the modem and router is cat6 expensive or something? If it's a short run and doesn't receive any interference then it shouldn't be a problem. e.g. patch cable 3' - 6' that doesn't enter a wall or run along 120vac+ power. e: looks like I'm late to the party. ^^what they said. Internet Explorer posted:So, you use Cat5 in your server racks (that aren't 10g)? There's enough electronics there to cause interference. Cat5 isn't a great choice.
|
# ? Mar 2, 2016 00:58 |
|
Internet Explorer posted:So, you use Cat5 in your server racks (that aren't 10g)? I don't intentionally use Cat5, Cat5e, or Cat6 for my 1gig. I think it is all 5e, but that is not based on any action on my part. Mail me a cat5 cable and I will go install it in the datacenter. We still don't have confirmation that this is even not 5e from the original poster. https://xkcd.com/386/ H110Hawk fucked around with this message at 01:09 on Mar 2, 2016 |
# ? Mar 2, 2016 01:00 |
|
ChickenWing posted:I had my ISP come in and install gigabit fiber and then he used a cat5 cable to connect the modem and router is cat6 expensive or something? Cat5 and above all work for gigabit. https://en.wikipedia.org/wiki/Gigabit_Ethernet#1000BASE-T Cat 6 is a pain in the rear end to crimp
|
# ? Mar 2, 2016 01:11 |
|
lampey posted:Cat5 and above all work for gigabit. https://en.wikipedia.org/wiki/Gigabit_Ethernet#1000BASE-T I hope you're not crimping solid core cat6. That's a paddlin' The little separators that come with most of the cat6 biscuits are a bitch though.
|
# ? Mar 2, 2016 01:14 |
|
GnarlyCharlie4u posted:I hope you're not crimping gently caress making cables.
|
# ? Mar 2, 2016 01:24 |
|
H110Hawk posted:gently caress making cables. Woah ease up. Cabling is my zen.
|
# ? Mar 2, 2016 01:28 |
|
Today I got to help pull 6 separate Ethernet runs through drop ceiling in my office. Tomorrow I get to pull another six on that floor, then another fourteen on the other floor, then I get to terminate both ends.
|
# ? Mar 2, 2016 01:31 |
|
Inspector_666 posted:Today I got to help pull 6 separate Ethernet runs through drop ceiling in my office. Tomorrow I get to pull another six on that floor, then another fourteen on the other floor, then I get to terminate both ends. Could be worse. I was given 12 hours to do 150 runs terminated from the shittiest cubicle farm furniture imaginable to the patch panel. Had them done, tied, tested, and even made patch cables to go from the patch panel to the switch. The lovely part was that I had zero notice so I wasted an hour and a half running home to get my tools and some snacks. It gets interesting when you have to break into electrical closets to run 12 500' risers to the building's demarc only to find out you really needed 4
|
# ? Mar 2, 2016 01:35 |
|
Inspector_666 posted:Right?! My brain is having a hard time wrapping around this because the only context I know Zookeeper being used in is for our Kafka setup. How did they use zookeeper to support the iptables daemon?
|
# ? Mar 2, 2016 01:45 |
|
It's laid out in the blog post.quote:1. Neti contacts Zookeeper1-proxy, and, using its instance ID, inquires if it has ever been registered. If found, it gets the same overlay IP as before. If not, it randomly chooses an available overlay IP and locks it to this instance ID.
|
# ? Mar 2, 2016 02:01 |
|
Japanese Dating Sim posted:It looks like there's a way to restrict WDS to respond to specific subnets - https://social.technet.microsoft.co...=winserversetup - 1) client requests DHCP address 2) client gets IP and checks for PXE info (option 66) in DHCP response 3) client contacts defined PXE server If you don't populate option 66 in your DHCP scope, WDS will only respond on the same subnet, so it shouldn't be an issue. Technically I think there is another option that will work, 15X or so, but we use 66.
|
# ? Mar 2, 2016 05:48 |
|
Technically, you can also chain-load from your initial PXE boot image, but this isn't what you're looking to do.
|
# ? Mar 2, 2016 06:17 |
|
Multicasting generally isn't worth it unless you'll be doing large amounts of PXE imaging all at once since the data is replicated in real-time (relative) as the install progresses. It also has a hard requirement for your switch configuration. For some reason MS Server DHCP is poo poo (unsupported, technically) at handling PXE in a meaningful way once you get to the point of having completely hands-free installs with multiple possible boot images, so you'll need to have those options set on the router/gateway anyway.
|
# ? Mar 2, 2016 06:34 |
|
Wrath of the Bitch King posted:It also has a hard requirement for your switch configuration. For some reason MS Server DHCP is poo poo (unsupported, technically) at handling PXE in a meaningful way once you get to the point of having completely hands-free installs with multiple possible boot images, so you'll need to have those options set on the router/gateway anyway.
|
# ? Mar 2, 2016 06:55 |
|
Vulture Culture posted:I managed a four-digit fleet of Mac Minis for awhile. Anything related to deployment automation is a wreck. Missing commands, commands that don't work as documented, commands that don't return a correct error code, commands that sometimes return a correct error code. Apple's core philosophy is downright hostile to central management. Curious, could you go any deeper? I've heard Google has the largest MacBook deployment and supposedly got away with little management and IBM has made some books claims.
|
# ? Mar 2, 2016 07:37 |
|
Tab8715 posted:Curious, could you go any deeper? There is little that can be managed In a company like google it's probably a safe bet that your average user is quite a bit more capable than your average user elsewhere, too. Methanar fucked around with this message at 08:03 on Mar 2, 2016 |
# ? Mar 2, 2016 07:39 |
|
Methanar posted:There is little to manage Developers don't know anything.
|
# ? Mar 2, 2016 07:44 |
|
Tab8715 posted:Developers don't know anything. Same goes for engineers. I can install Inventor and Autocad on a powerhouse Precision workstation with dual xenons and quadros and 27" monitors, or I can give them a Latitude D630 from 2007. They will have literally no clue that there even is a difference as long as they can draw their little nuts and bolts. Change Autocad from 2008 to 2016? They won't even notice it has happened.
|
# ? Mar 2, 2016 09:58 |
|
Bigass Moth posted:Do you really need 3 more months of study to take the A+??? I need that long to save up 200$ Roargasm posted:Is it Pearson? Do you deserve it? Not Pearson. Definitely. My boss hit me up today and told me good day on "hacking" the reddit account, (it was deleted.) Apparently I'm getting a title and a raise because of it. I tried to explain to him that I didn't do anything, but he thinks I mean it in a sitcom wink-wink way. Kill me. e: I confronted the guy who I was almost positive was in charge of the account and told them to knock that poo poo out. Then I uninstalled Tor and checked for Porn. I have no idea what my "new title" will be. Turtlicious fucked around with this message at 10:15 on Mar 2, 2016 |
# ? Mar 2, 2016 10:08 |
|
He's probably just buying you Reddit Gold.
|
# ? Mar 2, 2016 14:34 |
|
adorai posted:I am not trying to be a jerk, but I don't think you understand how this works. You're not at all being one, and I don't. I clearly need to do more reading on WDS and PXE booting in general, and your little summary helped. For some reason I wasn't thinking about the PXE booting being initially governed by DHCP (though that's obvious now...), which I can't configure. But given that we have a department that got it working, presumably I can just retrace their steps and talk to networking to have a different IP specified for PXE requests coming from our subnet via option 66. Oh, and no the PXE requests would need to travel across subnets; our servers are on a separate subnet from the rest of our clients. Or I might just leave well-enough alone and continue using USB sticks. We'll see.
|
# ? Mar 2, 2016 15:28 |
|
Vulture Culture posted:Unless you're imaging literal hundreds of machines at a time, I agree that it's usually a better idea to just throw a 10-gig interface into the WDS server and call it a day than to screw around with multicast and all the different ways you can get it wrong. But you don't need DHCP to deal with multiple boot images unless you're also dealing with non-Windows installs -- that's a WDS problem that you should be handling with install image filters. I misspoke, I meant the network boot program/file. In our environment it was necessary to have multiple NBPs in use since we had a mixture of 32 bit and 64 bit machines in the environment, as well as a mixture of BIOS/UEFI. Before we had things configured at the router to accommodate PXE I had to use Option 67 to specifically enumerate which NBP to use, which defeats the nice filtering that WDS provides. As soon as we made the switch WDS was able to do its thing without any issues. Maybe it's unique to our setup, but without Option 67 PXE boot wouldn't work using MS hosted DHCP.
|
# ? Mar 2, 2016 15:39 |
|
It's that annual time of the year when my current Dell rep turns into a useless piece of poo poo. This one had such promise but he's about to get either fired or start a new job somewhere else. I dont consider it good service when you first make me build a configuration for a machine and email you a cart to price off of when the specs havent changed between the last order. Then when I finally get a quote back it's somehow more expensive then if I was to just order straight from the website. So gently caress off useless annoying Dell rep. CDW can now sell Dell now and I think I'll hit them up. So frustrating, I want to spend 0 time on dumb poo poo like ordering computers. Every Dell rep thats any good realizes they can make more somewhere else and leaves or gets promoted leaving you with some useless mouthbreater.
|
# ? Mar 2, 2016 16:07 |
|
Turtlicious posted:My boss hit me up today and told me good day on "hacking" the reddit account, (it was deleted.) Apparently I'm getting a title and a raise because of it. I tried to explain to him that I didn't do anything, but he thinks I mean it in a sitcom wink-wink way. 90% of hacking is social engineering. So your boss is sorta right even if he doesn't know it.
|
# ? Mar 2, 2016 16:51 |
|
Dr. Arbitrary posted:90% of hacking is social engineering. So your boss is sorta right even if he doesn't know it. Yeah, I think you did awesome on this. If you had done what management wanted, IT guys being marketing, you would have been laughed off Reddit. If you didn't do anything, management would be pissed. If you went on a public witch hunt and gotten someone fired, you would be down coworkers in a job that has too much work already and the remaining people would be pissed. You found a way to fix the problem that satisfied management, didn't get anyone fired, and didn't spend a lot of time or resources.
|
# ? Mar 2, 2016 17:36 |
|
So re: my WDS talk, apparently the department that got WDS up and running only uses PXE booting temporarily for when they reimage their labs, and otherwise has it turned off. Aside from that, they boot off of a USB stick prepared with a discovery image, which is nearly identical to what we do. As far as I can tell I'd need to submit MAC addresses for each and every machine I might want to be able to PXE boot and have someone else enter them in for me. I forgot that our DHCP here is based on white-listing - we have to enter MAC addresses for any machine that we want to get an IP address. So this drastically complicates the whole thing and makes it pretty much not worth worrying about. I'm interested in it now, though, so I might try to lab this at home. In any case, I learned a little bit.
|
# ? Mar 2, 2016 17:54 |
|
Wrath of the Bitch King posted:I misspoke, I meant the network boot program/file. In our environment it was necessary to have multiple NBPs in use since we had a mixture of 32 bit and 64 bit machines in the environment, as well as a mixture of BIOS/UEFI. Before we had things configured at the router to accommodate PXE I had to use Option 67 to specifically enumerate which NBP to use, which defeats the nice filtering that WDS provides. As soon as we made the switch WDS was able to do its thing without any issues. I have a ton of experience with WDS & PXE, I am currently working on setting up our wds server to not only deploy all images but have all tech tools setup within the pxe boot. so I can plug in any computer into my network or if I'm onsite at a managed services client that I vpn link to my office I can simply boot to nic and run memtest, hdd test, and a million other tools. I can already hear people typing about this fabulous invention called a thumb drive or external hdd but I like that I can update one source for all my tools. I also have techs that lose their thumb drives constantly, and/or take the systems I've developed and used them on their own or when they go work for someone else. (I literally have even walked in on an ex employee at one of my clients wearing one of my uniforms trying to snake the client). Sorry Add got me off track, the way I have mine setup and have used it his way for years is that I have the Dhcp on the router, I don't bother with option 66, Personally my opinion is the router works better in a WDS environment. as far as the different subnets, I would assume that it would travel along properly connected subnets as I do this as mentioned above at clients with completely different ip sets and subnets via vpn. as far as the multicast, the multicast is useful as its not just a factor of the server's speed when deploying, the multicast takes into account the speed of the network and computers and can divide them up into slow medium and fast connections. I personally have 3x 1gb nic cards teamed together. I would vastly prefer to be able to assign each nic to a stream ie this nic is for the fast people, this nic is for the medium people and this nic went wee wee wee all the way to get a new computer cuz its slow. Also on paper there is absolutely no difference in cat 5, cat 6 and cat 7 on a gigabyte network connection. However I have found that cat 7 seems to be way more reliable, faster and has better throughput than cat 5 or 6. I've come to this opinion from daisy chaining multiple switches together and have tried and what seems to work best in this order in a single connection type cat 5, cat 7. sfp 10, Hdmi, Sfp etc. BaseballPCHiker posted:It's that annual time of the year when my current Dell rep turns into a useless piece of poo poo. This one had such promise but he's about to get either fired or start a new job somewhere else. I dont consider it good service when you first make me build a configuration for a machine and email you a cart to price off of when the specs havent changed between the last order. Then when I finally get a quote back it's somehow more expensive then if I was to just order straight from the website. So gently caress off useless annoying Dell rep. CDW can now sell Dell now and I think I'll hit them up. lol I love/hate Dell reps, if your a dell partner get really good at using Premier.dell.com as that link always has the best price. it also has the quoting tools and everything else that your dell rep does. the problem with cdw and other places is they often screw you on the warranty. Dell starts the warranty when they ship it so by the time cdw gets it and it sits on the shelf and they sell it your warranty could be half gone. I also swear that I have 10x more issues with devices purchased through companies like https://www.firewalls.com or any product on amazon.com (not just dell) as opposed through dell, although it could just be coincidence. you can also get additional dell discounts by getting "dell certified" in whatever thing you want. The annoying part of their Certs is that its not a single person cert but a "company cert" so four people have to pass it. if I saw a few comments about network security and programming, between cisco, Pen testing and CEH programming is a requirement. half my pen testing tools are custom coded either c++ or python.
|
# ? Mar 2, 2016 18:21 |
|
Japanese Dating Sim posted:So re: my WDS talk, apparently the department that got WDS up and running only uses PXE booting temporarily for when they reimage their labs, and otherwise has it turned off. Aside from that, they boot off of a USB stick prepared with a discovery image, which is nearly identical to what we do. If you have an inventory system worth anything, you already have the information. if your network personnel love you, they'll give you a powershell script that'll just take a list of mac addresses and give you reservations for them Our dell orders don't come with that information conveniently anywhere, so we get to boot them all and let them sit while I console into the switch to pull a list of all the mac addresses talking to it. I'm so glad I passed that bullshit down to our newer guy.
|
# ? Mar 2, 2016 18:57 |
|
Wrath of the Bitch King posted:I misspoke, I meant the network boot program/file. In our environment it was necessary to have multiple NBPs in use since we had a mixture of 32 bit and 64 bit machines in the environment, as well as a mixture of BIOS/UEFI.
|
# ? Mar 2, 2016 18:58 |
|
|
# ? May 27, 2024 08:23 |
|
God I really need to sit down and learn how to WDS/MDT...
|
# ? Mar 2, 2016 19:03 |