Andrew Latham

I often use the screen name lathama everywhere and it is based off of my last name and first initial of my first name. Recently I have used my full name of Andrew Latham more and more often. Setting up accounts and managing the mess is not fun at times. I did fix one issue where an old lathama account on Youtube.com kept me from using the name. But with the new full name usage I have things that match up better...

Google+

https://google.com/+AndrewLatham

Youtube

https://youtube.com/AndrewLatham

Yes branding is important to me. I care about naming conventions and consistent usage.

Andrew Latham

Note to self, a full post on IPMITool would be good.

When on-boarding new hardware always configure the IPMI devices properly. You can use tools to interface with the IPMI devices and configure defaults that will add local administrator accounts. Tools like IPMITools have options to download existing settings or upload/set new settings. Tools like OpenStack [2] Ironic and various other stacks are enabling this in fantastic ways. Don't limit access to systems management devices with fear, enable access so that team members can get useful information quickly. An example of why you want to share access would be:

ipmitool -I lan -U lathama -f ipmifile -H 192.168.15.206 sensor
CPU Core1 Temp   | 76.000     | degrees C  | ok    | 0.000     | 0.000     | 0.000     | 95.000    | 98.000    | 100.000                                                                                                              
CPU Core2 Temp   | 76.000     | degrees C  | ok    | 0.000     | 0.000     | 0.000     | 95.000    | 98.000    | 100.000                                                                                                              
CPU SoC Temp     | 75.000     | degrees C  | ok    | 0.000     | 0.000     | 0.000     | 95.000    | 98.000    | 100.000                                                                                                              
System Temp      | 23.000     | degrees C  | ok    | -9.000    | -7.000    | -5.000    | 80.000    | 85.000    | 90.000                                                                                                               
Peripheral Temp  | 24.000     | degrees C  | ok    | -9.000    | -7.000    | -5.000    | 80.000    | 85.000    | 90.000                                                                                                               
FAN 1            | 1600.000   | RPM        | ok    | 400.000   | 576.000   | 784.000   | 33856.000 | 34225.000 | 34596.000                                                                                                            
FAN 2            | na         |            | na    | na        | na        | na        | na        | na        | na                                                                                                                   
FAN 3            | na         |            | na    | na        | na        | na        | na        | na        | na                                                                                                                   
Vcore            | 0.992      | Volts      | ok    | 0.776     | 0.800     | 0.824     | 1.352     | 1.376     | 1.400                                                                                                                
VDIMM            | 1.568      | Volts      | ok    | 1.288     | 1.312     | 1.336     | 1.656     | 1.680     | 1.704                                                                                                                
+5 V             | 5.024      | Volts      | ok    | 4.416     | 4.448     | 4.480     | 5.536     | 5.568     | 5.600                                                                                                                
+5VSB            | 4.992      | Volts      | ok    | 4.416     | 4.448     | 4.480     | 5.536     | 5.568     | 5.600     
+12 V            | 12.296     | Volts      | ok    | 10.600    | 10.653    | 10.706    | 13.250    | 13.303    | 13.356    
+3.3 V           | 3.288      | Volts      | ok    | 2.880     | 2.904     | 2.928     | 3.648     | 3.672     | 3.696     
+3.3VSB          | 3.264      | Volts      | ok    | 2.880     | 2.904     | 2.928     | 3.648     | 3.672     | 3.696     
VBAT             | 0.624      | Volts      | nr    | 2.880     | 2.904     | 2.928     | 3.648     | 3.672     | 3.696     
+1.05 V          | 1.072      | Volts      | ok    | 0.808     | 0.816     | 0.824     | 1.264     | 1.288     | 1.312     
Chassis Intru    | 0x0        | discrete   | 0x0000| na        | na        | na        | na        | na        | na        
PS Status        | 0x1        | discrete   | 0x0100| na        | na        | na        | na        | na        | na   

or

# ipmitool -I lan -U lathama -f ipmifile -H 192.168.15.206 sdr
CPU Core1 Temp   | 76 degrees C      | ok
CPU Core2 Temp   | 76 degrees C      | ok
CPU SoC Temp     | 74 degrees C      | ok
System Temp      | 22 degrees C      | ok
Peripheral Temp  | 24 degrees C      | ok
FAN 1            | 1600 RPM          | ok
FAN 2            | no reading        | ns
FAN 3            | no reading        | ns
Vcore            | 0.99 Volts        | ok
VDIMM            | 1.57 Volts        | ok
+5 V             | 5.02 Volts        | ok
+5VSB            | 4.99 Volts        | ok
+12 V            | 12.30 Volts       | ok
+3.3 V           | 3.29 Volts        | ok
+3.3VSB          | 3.26 Volts        | ok
VBAT             | 0.62 Volts        | nr
+1.05 V          | 1.07 Volts        | ok
Chassis Intru    | 0x00              | ok
PS Status        | 0x01              | ok

In this case I have a Supermicro system where I have an account configured for my normal username and I have rights to administer the device. After the users are added then the default username can have the password changed to a more secure default or removed. On-boarding is an ordered process and software is here to help us do these ordered processes over and over again.

If you are interested in the details you can read the specs on new IPMI devices at Intel [3] for example. Section 22.30 will show you how the system deals with passwords for example.

ipmitool -I lan -U ADMIN -H host-ipmi.domain.net user set name 3 operations
ipmitool -I lan -U ADMIN -H host-ipmi.domain.net channel setaccess 1 3 link=on ipmi=on privilege=4

Older IPMI only handle 16 char passwords

ipmitool -I lan -U ADMIN -H host-ipmi.domain.net user set password 3 16 abcdefghijklmnop

New 2.0 IPMI handles 20 char passwords

ipmitool -I lan -U ADMIN -H host-ipmi.domain.net user set password 3 20 abcdefghijklmnopqrst

Lastly Enable

ipmitool -I lan -U ADMIN -H host-ipmi.domain.net user enable 3

Complete example with output

# ipmitool -I lan -U lathama -f ipmifile -H 192.168.15.206 user set name 5 operations
# ipmitool -I lan -U lathama -f ipmifile -H 192.168.15.206 user set password 5 HardPassword
Set User Password command successful (user 5)
# ipmitool -I lan -U lathama -f ipmifile -H 192.168.15.206 channel setaccess 1 5 privilege=4 link=on ipmi=on
Set User Access (channel 1 id 5) successful.
# ipmitool -I lan -U lathama -f ipmifile -H 192.168.15.206 user test 5 16 HardPassword
Success
# ipmitool -I lan -U lathama -f ipmifile -H 192.168.15.206 user enable 5
#

Keep in mind there is a huge amount of options an all are very important. It is worth while to review the information in detail.

  1. https://sourceforge.net/projects/ipmitool/
  2. https://wiki.openstack.org/wiki/Ironic
  3. https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/ipmi-intelligent-platform-mgt-interface-spec-2nd-gen-v2-0-spec-update.pdf
Andrew Latham

A recurring issue in most computer system infrastructure is the System of Record (SOR)[1] which is a source of truth about the desired state or the current state of systems and networks. Many outsiders or senior management are left to believe that the planned state and the current state are the same but that rarely happens. I have written a few SORs and enabled others to be more accurate. Much of the work on modern container image manifests [2] has made great advancements to a more complete language to communicate the details of an endpoint. An issue I would love to resolve is the assumption that a single application is the SOR. The reality is that a data service is the ultimately the SOR and many things might read from or write to it. Today if I was asked to write another SOR I would setup RethinkDB [3] and establish a table named 'help' that pointed to a table named 'standards' and thus became self documenting system.

SORs should also be free to access offline in emergencies and distributed systems like RethinkDB and even Git are perfect for this type of setup. A support person or team can maintain a local copy of the SOR with little to no overhead. Even tools like MediaWiki[4] are great as they can be duplicated or distributed as a side effect of their design. For discovery there are established tools like DNS SRV [5] that are often overlooked. A popular solution for datacentres is NetBox [6] which is a fine step forward from RackTables [7] which served many for years and is still not a horrible solution. In my spare time I hope to integrate a DCIM [8] solution into Odoo [9] to connect the various organizational groups together.

  1. https://en.wikipedia.org/wiki/System_of_record
  2. https://github.com/opencontainers/image-spec/blob/master/manifest.md
  3. https://www.rethinkdb.com/
  4. https://www.mediawiki.org/wiki/MediaWiki
  5. https://en.wikipedia.org/wiki/SRV_record
  6. https://netbox.readthedocs.io/en/latest/
  7. https://www.racktables.org/
  8. https://en.wikipedia.org/wiki/Data_center_infrastructure_management
  9. https://www.odoo.com/
Andrew Latham

After install and setup. To stop the local gui and save a little bit of resources try.

systemctl disable zentyal.lxdm.service
systemctl stop zentyal.lxdm.service
Andrew Latham

I get asked about donations or virtual beer from time to time. As many of the sites that allow a person to accept donations have upped their charges to extremes I made an Amazon Wishlist that people can use to order random things I want and or need. For example coffee, snacks, toys and more. The URL is http://a.co/iwBa4fD and I am putting it in the credits file of some of my projects. I am sure that there are some people that would like better options and I understand. I will keep my eyes open for options. The goal is that if someone wants to send me $5 for a nice beer I should get closer to $5 than $3.

Andrew Latham

While called many things I like to call my process Zero Inbox. I attempt at all times to have no unread emails and it is a real challenge some days as I subscribe to a large number of mailing lists. My daily average is ~200 emails but some times it gets out of hand.

On Gmail I use:

https://mail.google.com/mail/u/0/?tab=wm#search/is%3Aunread

as my go to screen. There was a time when you could save filters and other things via some lab tools but they kept on getting retired so I just us the is:unread filter to organize things.

This is not perfect. Checking the spam box for emails for false positives interrupts the flow and I have to go back to the filter. On good days I can stay in the filter all day.

Andrew Latham

If there is ever a need to check spelling on the command line aka CLI then try aspell

aspell check README.md

or to have fun by recursively checking all Python files in the directory.

find . -name "*.py" -exec aspell check {} \;
Andrew Latham

I was working on https://github.com/lathama/Adynaton and playing with pylint for linting. One common issue I see is the naming conflicts. PEP8 has good guidance on naming and when dealing with abbreviations. So when using DNS for Domain Name System it is proper to use the uppercase abbreviation. Elsewhere in the guidelines the recommendation that abbreviations not be used when possible and to be very descriptive. So when a linter says that a variable name is not valid like self.DNS_port it is sort of frustrating to know that the results will be skewed. I understand that self.domain_name_system_port is descriptive and that inferring the class name is the defined way to go. My concern is with legacy code that might exist with acceptable usage of naming conventions but linters fail the developers attempting to improve their code. Lets not lower the standards of linters but instead offer a legacy switch to enable developers to benefit first from the serious issues before getting into the fine details.