Pilbeam Engineering

Well, in one of my cycles of boredom, I took the time to wipe my desktop computer to play around with an OS besides Windows. I do this now and then to sort of gauge the current state of the art with the operating systems out there…

I don’t usually consider myself an “average” computer user, given my use of dual video cards, triple monitors, and frequent use of new/untested software. Given all that, I do find it fun to play around with Linux as a desktop OS, and see how well it can handle my various tasks – especially how much tinkering it takes to make it handle my tasks.

After burning my Kubuntu DVD, I took the time to back up my data to the external server. That server, I may add, is getting desperately low on disk space – if anyone wants to donate 4 Western Digital 2TB Green drives so I can upgrade my server, be my guest! In the meantime, I’ll keep saving… Curse ZFS for not being able to easily expand a RAID-Z pool, otherwise I would piece-meal the array together.

Anyways, I digress…

Got the installation working just fine and dandy on the first try. As I’ve come to expect with every OS besides Windows, my primary video card clones the monitors. This is usually rectifiable within the first five minutes (using default drivers), or at worst after installing proprietary drivers from ATI. However, in the case of Ubuntu now (specifically with using Xorg 1.6), this is no longer an option as ATI has bumped everything in the X1 range and below into “legacy support”, which means no new drivers…and it’s bad luck that it coincided with a pretty big changeup in X11.

Anyways, using the open source driver for Radeon usually yields decent results. Not so this time, however…

Within KDE is the display configurator, and for some ridiculous reason, there was absolutely no way to un-mirror the displays on the primary video card. So, after some hunting around I discovered this is apparently a known problem…one that makes it extremely difficult for me to seriously consider using KDE 4.2 as the window manager. Nevertheless, I made some efforts to get XRandR and Xorg to understand I definitely wanted a single desktop spread across the two monitors, and in spite of my best efforts it would never work. Part of my research said this was an issue with KDE, part said it was an issue with the Radeon driver.

Either way, I took the time to install the Ubuntu desktop packages, and thus tried out Gnome. Gnome worked to much greater success, with a simple option allowing me to span the desktop across both LCDs. Efforts to get the third monitor (on the second card) working were fruitless, and resulted in so many hard-locks that I got tired of getting up to push the reset button. Sound, using the PulseAudio server (which I had not used previously) was easy to configure, in spite of my use of a Logitech USB headset as my primary card now, it was recognized and the server had merely to be told to change its default.

Overall, the system was pretty snappy feeling. Even with all desktop effects turned on, the Radeon driver and my Radeon X1950XT handled the strain with aplomb. Oddly enough, the graphics subsystem could handle wobbly windows and 3D cube desktops, but tended to hiccup playing YouTube videos, especially in High Quality mode. Little frustrations like this are annoying – I don’t object to fewer desktop niceties, but I expect normal user things to work well.

Overall, I’d say that the KDE 4.2 user interface is downright gorgeous, and with the customizations available to the user such as focus/non-focus fading, it can be very very nice. While the majority of services and peripherals are easy to use out of the box, it still seems to me like extensive work needs to be done on graphics substructures to make it as user-friendly as the remainder of the OS strives to be.

I cannot wait to see what updates and improvements come to (K)Ubuntu, and Linux in general!

NTP is the “Network Time Protocol” and is used for coordinating system time (i.e., the time you see in the corner of your task bar) across a network. It’s a very useful tool to ensure that all systems within an organization maintain the same time, and simplifies system administration – one less thing to keep track of.

But, since a majority of Windows systems (and even some Linux systems) already synchronize their time to servers out in the world, why would an administrator wish to run a private time server? 

There are a couple of reason running a private time server might be prudent: firstly, one can cut down on network traffic going outside of the organizational network. This is usually prudent, especially if an organization pays for bandwidth or wishes to reduce bandwidth usage.

How, then, does one go about putting together a network time system for an organization? In the end it’s pretty simple, and I’ll describe how to go about it with a Gentoo based time server.

Once you have a Gentoo install, and the system is on the network and working properly, you can proceed. The first step is to install the ntp software, which is accomplished by a simple command:

hostname# emerge -av ntp

This will install the ntp suite as well as any required supporting software. Once it’s installed, it needs to be configured. This is done, in Gentoo, by editing the following file: /etc/ntp.conf.

Within this file, you will add several servers that this system will synchronize to. Depending on the accuracy you seek to serve, you will synchronize to either Stratum 1 or Stratum 2 servers. This will allow your clients to be either Stratum 2 or Stratum 3, respectively. For more on Time Stratums, look here.

You can find listings of publicly available time servers here (Stratum 1), and here (Stratum 2). These you will need in the configuration stage of this project.

Once you’ve accessed the ntp.conf file, you’ll find it’s filled with examples and documentation to simplify the configuration process. Basically, all you need to do is look at the syntax in use already for defining servers to synchronize to. It’s quite simple:

server     ntp.example.tld

You can replace the “ntp.example.tld” with any server you choose. The NTP server you are building will then synchronize to it when the service is started. It is preferred to designate two or more servers to increase time accuracy.

Once you’ve done this, you need to beef up the security of the NTP service you’re running. By default, any system in the world can synchronize to the NTP server you’re building. Further along in the configuration file, you can define what hostnames/IP addresses have privileges on your NTP server. Typically I use the following:

restrict default ignore

This will block any system from doing anything with the NTP service you’re running. From there, you can use the “restrict” command to open up privileges for IP addresses, host names, and IP ranges that you desire to have access.

Once this configuration is ready, you need to ensure that the system clock is already close to correct. Having a system clock that is heavily skewed from the current correct time will result in the server shutting down automatically. After this is done, all that remains is to start the service:

hostname# /etc/init.d/ntpd start

That will get it running…you will also want to set the service to start when the computer boots:

hostname# rc-update add ntpd default

You will need to ensure that your clients (Whether they be Windows, OS X, or Linux) are set to point to the IP address of this new server that you’ve built.

These steps should provide you with a good, reliable Stratum 1 or 2 NTP server that you can use to provide accurate time to your organization’s network, saving bandwidth and providing a centralized means of administering time.

For those using the Asterisk PBX either at home or in the office, a convenient feature is that of the ability to use “dialplan intelligence” to forward calls. A simple example is this:

1. Call comes in
2. Nobody answers
3. Forward call to a cell phone

Additionally, through more in-depth scripting, metrics such as time-of-day can be included so that, for instance, calls are not forwarded after hours – these could then go to the user’s voicemail.

Of course, realize that forwarding any call outside of the internal telephone network requires an outside line of some kind. Depending on how many simultaneous calls you can have on this line, it may limit your forwarding capability.

For instance: having only a single analog telephone line for your PBX means that once a call comes in, no other calls can come in or out, and you will be limited to processing the call on your internal network only – meaning you can still forward the call to other users on your PBX.

A creative use of the capability would be to use a RFID or sensor of some kind that will determine if a user is near their office phone. If they are, then simply ring the office phone for an incoming call. If they are not, the system COULD forward to their cell. A more elaborate system would determine where they are in the office (again using RFID or something similar) and then direct the call to the nearest phone, if any. This could also include some sort of indicator on the phone’s display saying WHO the call was for. In a dynamic system like that, it could quickly become confusing with regard to whom a call is for. 

In any event, this just represents some of the flexibility of what is possible with the Asterisk dialplan mechanism. Much more can be done!

-Adam

At my place of work, I administer a small but growing network of servers and workstations, all based on either Gentoo Linux or Windows. I use Gentoo because I’m accustomed to it, I find the installation easy and straightforward, and I like being forced to take control of the setup of the systems.

Once you start getting more than a couple of Gentoo systems, however, running the update synchronization and other tasks can get a bit daunting. I’ll cover a list of ideas that I’ve implemented to make things a bit easier.

Set up a private Gentoo rsync server.

Since Gentoo uses rsync primarily to update the Portage tree (Portage being the source/package listings) it’s actually not difficult to designate one system to be your rsync server for your private network. This machine will then sync to the “Gentoo world”, and provide the same data to your local machines – saving bandwidth and making you a better “netizen”. It’s relatively simple to do.

• Add a cron job to the server to sync nightly
• Enable the rsync server for your “/usr/portage” directory.
• Add a cron job to the clients to sync to the server nightly (obviously leave enough time for your server to sync first!)

Once your systems are all syncing on their own, as time goes by they will need to be updated. You have a few options here.

Ways to Update

1. Write a simple script to automatically update.

This can be done with a simple script/command in your crontab that basically amounts to the “emerge -uD world” command.

This is a poor idea as certain packages may break software if you update…I have always felt updating needs to have user interaction…

So, another option is….

2. Set a script to email you a list of updates, then choose what to install via SSH

This is particularly useful if you have a lot of headless (i.e., no monitor) servers, and very simple to implement. You can use simple scripting and the SSMTP program to do it…and it’d basically look something like this:

**begin code**

#! /bin/bash
echo "To: xxxx@xxxxx.com" > /opt/updatemail.txt
echo "From: yyyy@yyyyy.com" >> /opt/updatemail.txt
echo "Subject: $(hostname) Updates" >> /opt/updatemail.txt
emerge -puD world >> /opt/updatemail.txt
ssmtp -t </opt/updatemail.txt

**End Code**

As you can see, VERY simple coding. These are all commands you can type into the shell to test out for yourself: the most complex part is the “$(hostname)” which basically instructs the system to treat the output of the “hostname” command as a variable, thus we can see in the email subject which system is sending us it’s update list!

The ssmtp program, with the use of the “-t” option will automatically scan the text file you created with the script to set the To, From, and Subject for you so no interaction on the email side is needed. I used a Gmail account to allow ssmtp to have an SMTP server to login to when sending the mail.

3. Obviously, if you have a monitor connected to your systems, and the time, you can just go around punching in “emerge -puD world” and see what shows…

Simplifying the Update Process

If you use Gentoo, you know that much of it’s package management base relies on source code and that most things installed on a Gentoo system have to be compiled. This is okay for one, or even two systems, but it can get very frustrating after awhile. There are a couple of solutions to this….

1. Build a Distributed Compiling Cluster using DistCC

Installing and configuring DistCC is a relatively simple process, and once the “permitted hosts” functions are set, and the “hosts to use” option is set, you can have a rather nice P2P compile cluster established. DistCC is supported in Portage by using the “FEATURES=distcc” option in your /etc/make.conf file. Obviously, there’s still compiling involved but it can speed up the process and doesn’t require as much disk space as the next option.

2. Use pre-built binaries and build a binary repository

Portage has support for installing binaries, assuming you have a binary repository to point it at! Fortunately, it’s easy enough to make one. You can use the “-b” option with the emerge command to instruct the system to build a binary package simultaneously as it installs on the system. It will do this for all packages and dependencies installed during your use of the option.

This method works especially well if you are running systems all of the same architecture, however, you do (in my experience) lose some flexibility with the USE flags (these control how packages are compiled)…but if you are building similar machines this will not matter. You will need to set up an FTP or web-server to allow the other machines to access these binary packages which are, by default, stored in /usr/portage/packages. I use a cron job to move these packages to an external drive to allow more space…and I can take it mobile with me if I need to!

That’s it for now…hope this helps!

-Adam