Difference between revisions of "Systems Triage"
Jump to navigation
Jump to search
m (adding systems category) |
|||
| (12 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| + | Most of the stuff on this list needs to be carefully to not heavily disrupt existing services, and carries risk of destruction if done incorrectly. | ||
| + | |||
| + | == DNS Issues == | ||
| + | |||
| + | * Move DNS out of samba | ||
| + | * setup reverse dns zones | ||
| + | * fix dhcp integration | ||
| − | + | == Samba Issues == | |
| + | |||
| + | * SSL configuration issues | ||
| + | ** Issue server certs to dc's | ||
| + | * Provision dc02 | ||
| + | * Decomission bob | ||
| + | * Fix DNS issues | ||
| + | * Work out IPv6 issues on bob | ||
| + | * Add unix attributes to all accounts | ||
| + | |||
| + | == Internal CA == | ||
| + | |||
| + | * Move to dedicated machine from bob | ||
== Reboot Fails == | == Reboot Fails == | ||
* nginx on bob | * nginx on bob | ||
| − | ** Failed last time it was rebooted, appears to be DNS related. | + | ** Failed last time it was rebooted, appears to be DNS related. I believe I fixed it, but havn't tested it yet --[[User:Hef|Hef]] ([[User talk:Hef|talk]]) 19:44, 18 September 2014 (CDT) |
| + | * Some of the vms don't wake up, despit having the "start on boot" option checked. | ||
| + | ** The DHCP server is notably not starting on boot. | ||
== Second Domain Controller == | == Second Domain Controller == | ||
| − | * Justin joined a second domain Controller to the domain. | + | * Justin joined a second domain Controller to the domain. It replicates, but did not get it's dns entires created |
| − | ** The samba guys recommend setting up and using bind. | + | ** The samba guys recommend setting up and using bind. This has a couple issues: |
*** Samba has dlz support for bind 9.8 and 9.9, but not 9.10, which is what we are on. Iv'e started working on a patch: https://github.com/hef/samba/ | *** Samba has dlz support for bind 9.8 and 9.9, but not 9.10, which is what we are on. Iv'e started working on a patch: https://github.com/hef/samba/ | ||
*** getting Bind workind with samba_upgradedns nsupdate is an option, but I havn't been able to get it working https://wiki.samba.org/index.php/DNS_Backend_BIND#DNS_dynamic_updates_via_Kerberos_.28optional.2C_but_recommended.29 | *** getting Bind workind with samba_upgradedns nsupdate is an option, but I havn't been able to get it working https://wiki.samba.org/index.php/DNS_Backend_BIND#DNS_dynamic_updates_via_Kerberos_.28optional.2C_but_recommended.29 | ||
| Line 16: | Line 37: | ||
== Move VPN off of bob == | == Move VPN off of bob == | ||
| − | Having the VPN servers on bob makes samba detect extra interfaces that are not easily routable. | + | Having the VPN servers on bob makes samba detect extra interfaces that are not easily routable. The vpn services should be moved off the domain controller |
== All proxmox VMs need to be on the raid == | == All proxmox VMs need to be on the raid == | ||
| − | A few proxmox VM's have been created on the their hypervisors local hard drive. | + | A few proxmox VM's have been created on the their hypervisors local hard drive. The option to do this has been removed, but the machines that were originally setup that way still exist. |
Moving machines off of the local drives on onto the san/lvm setup sounds tricky, and I haven't looked into how to do this yet. --[[User:Hef|Hef]] ([[User talk:Hef|talk]]) 19:44, 18 September 2014 (CDT) | Moving machines off of the local drives on onto the san/lvm setup sounds tricky, and I haven't looked into how to do this yet. --[[User:Hef|Hef]] ([[User talk:Hef|talk]]) 19:44, 18 September 2014 (CDT) | ||
| Line 25: | Line 46: | ||
== GPO Updates == | == GPO Updates == | ||
| − | All windows machines hooked into hardware should have GPO settings to disable all power saving settings. | + | * All windows machines hooked into hardware should have GPO settings to disable all power saving settings. |
| + | * Enable remote desktop on workstations | ||
== User caching == | == User caching == | ||
| − | This came up on the mailing list. | + | This came up on the mailing list. The relevant Microsoft article is here: http://support.microsoft.com/kb/172931 |
| − | It looks like a good idea, but the article doesn't reference windows 8. | + | It looks like a good idea, but the article doesn't reference windows 8. If it works on windows 8, it looks straight forward to add to the GPO. |
== Sysvol syncing == | == Sysvol syncing == | ||
| − | samba doesn't do automatic /sysvol replication. | + | samba doesn't do automatic /sysvol replication. An automatic syncing process should be setup between bob and dc01. see https://wiki.samba.org/index.php/SysVol_Replication for reference. |
| + | |||
| + | == Systems Monitoring solution == | ||
| + | |||
| + | We had an nagios instance. We don't now. A general purpose monitor solution would be nice. A lot of our equipment seems to support being monitored. | ||
| + | |||
| + | * Deploy montoring VM | ||
| + | ** Install & configure nagios | ||
| + | ** Install & configure cacti | ||
| + | |||
| + | == Backups == | ||
| + | I have a test setup for all saltstack configured boxes to be backed up to glacier. --[[User:Hef|Hef]] ([[User talk:Hef|talk]]) 20:00, 18 September 2014 (CDT) | ||
| + | The space should get an aws account with glacier, and all existing backups should be pointed at that instead. | ||
| + | |||
| + | == Enable Remote Desktop for Domain Admins == | ||
| + | Enable remote desktop for domain admins as a gpo setting. | ||
| + | |||
| + | [[Category:Systems]] | ||
Latest revision as of 21:18, 2 February 2016
Most of the stuff on this list needs to be carefully to not heavily disrupt existing services, and carries risk of destruction if done incorrectly.
DNS Issues
- Move DNS out of samba
- setup reverse dns zones
- fix dhcp integration
Samba Issues
- SSL configuration issues
- Issue server certs to dc's
- Provision dc02
- Decomission bob
- Fix DNS issues
- Work out IPv6 issues on bob
- Add unix attributes to all accounts
Internal CA
- Move to dedicated machine from bob
Reboot Fails
- nginx on bob
- Some of the vms don't wake up, despit having the "start on boot" option checked.
- The DHCP server is notably not starting on boot.
Second Domain Controller
- Justin joined a second domain Controller to the domain. It replicates, but did not get it's dns entires created
- The samba guys recommend setting up and using bind. This has a couple issues:
- Samba has dlz support for bind 9.8 and 9.9, but not 9.10, which is what we are on. Iv'e started working on a patch: https://github.com/hef/samba/
- getting Bind workind with samba_upgradedns nsupdate is an option, but I havn't been able to get it working https://wiki.samba.org/index.php/DNS_Backend_BIND#DNS_dynamic_updates_via_Kerberos_.28optional.2C_but_recommended.29
- The samba guys recommend setting up and using bind. This has a couple issues:
All things samba related pretty much have to be tested in a dev environment, which means setting up your own personal samba AD domain.
Move VPN off of bob
Having the VPN servers on bob makes samba detect extra interfaces that are not easily routable. The vpn services should be moved off the domain controller
All proxmox VMs need to be on the raid
A few proxmox VM's have been created on the their hypervisors local hard drive. The option to do this has been removed, but the machines that were originally setup that way still exist.
Moving machines off of the local drives on onto the san/lvm setup sounds tricky, and I haven't looked into how to do this yet. --Hef (talk) 19:44, 18 September 2014 (CDT)
GPO Updates
- All windows machines hooked into hardware should have GPO settings to disable all power saving settings.
- Enable remote desktop on workstations
User caching
This came up on the mailing list. The relevant Microsoft article is here: http://support.microsoft.com/kb/172931
It looks like a good idea, but the article doesn't reference windows 8. If it works on windows 8, it looks straight forward to add to the GPO.
Sysvol syncing
samba doesn't do automatic /sysvol replication. An automatic syncing process should be setup between bob and dc01. see https://wiki.samba.org/index.php/SysVol_Replication for reference.
Systems Monitoring solution
We had an nagios instance. We don't now. A general purpose monitor solution would be nice. A lot of our equipment seems to support being monitored.
- Deploy montoring VM
- Install & configure nagios
- Install & configure cacti
Backups
I have a test setup for all saltstack configured boxes to be backed up to glacier. --Hef (talk) 20:00, 18 September 2014 (CDT) The space should get an aws account with glacier, and all existing backups should be pointed at that instead.
Enable Remote Desktop for Domain Admins
Enable remote desktop for domain admins as a gpo setting.