-<p>At work, we have a few hundred Linux servers, and with that amount
-of hardware it is important to keep track of when the hardware support
-contract expire for each server. We have a machine (and service)
-register, which until recently did not contain much useful besides the
-machine room location and contact information for the system owner for
-each machine. To make it easier for us to track support contract
-status, I've recently spent time on extending the machine register to
-include information about when the support contract expire, and to tag
-machines with expired contracts to make it easy to get a list of such
-machines. I extended a perl script already being used to import
-information about machines into the register, to also do some screen
-scraping off the sites of Dell, HP and IBM (our majority of machines
-are from these vendors), and automatically check the support status
-for the relevant machines. This make the support status information
-easily available and I hope it will make it easier for the computer
-owner to know when to get new hardware or renew the support contract.
-The result of this work documented that 27% of the machines in the
-registry is without a support contract, and made it very easy to find
-them. 27% might seem like a lot, but I see it more as the case of us
-using machines a bit longer than the 3 years a normal support contract
-last, to have test machines and a platform for less important
-services. After all, the machines without a contract are working fine
-at the moment and the lack of contract is only a problem if any of
-them break down. When that happen, we can either fix it using spare
-parts from other machines or move the service to another old
-machine.</p>
-
-<p>I believe the code for screen scraping the Dell site was originally
-written by Trond Hasle Amundsen, and later adjusted by me and Morten
-Werner Forsbring. The HP scraping was written by me after reading a
-nice article in ;login: about how to use WWW::Mechanize, and the IBM
-scraping was written by me based on the Dell code. I know the HTML
-parsing could be done using nice libraries, but did not want to
-introduce more dependencies. This is the current incarnation:</p>
-
-<pre>
-use LWP::Simple;
-use POSIX;
-use WWW::Mechanize;
-use Date::Parse;
-[...]
-sub get_support_info {
- my ($machine, $model, $serial, $productnumber) = @_;
- my $str;
-
- if ( $model =~ m/^Dell / ) {
- # fetch website from Dell support
- my $url = "http://support.euro.dell.com/support/topics/topic.aspx/emea/shared/support/my_systems_info/no/details?c=no&amp;cs=nodhs1&amp;l=no&amp;s=dhs&amp;ServiceTag=$serial";
- my $webpage = get($url);
- return undef unless ($webpage);
-
- my $daysleft = -1;
- my @lines = split(/\n/, $webpage);
- foreach my $line (@lines) {
- next unless ($line =~ m/Beskrivelse/);
- $line =~ s/&lt;[^>]+?>/;/gm;
- $line =~ s/^.+?;(Beskrivelse;)/$1/;
-
- my @f = split(/\;/, $line);
- @f = @f[13 .. $#f];
- my $lastend = "";
- while ($f[3] eq "DELL") {
- my ($type, $startstr, $endstr, $days) = @f[0, 5, 7, 10];
-
- my $start = POSIX::strftime("%Y-%m-%d",
- localtime(str2time($startstr)));
- my $end = POSIX::strftime("%Y-%m-%d",
- localtime(str2time($endstr)));
- $str .= "$type $start -> $end ";
- @f = @f[14 .. $#f];
- $lastend = $end if ($end gt $lastend);
- }
- my $today = POSIX::strftime("%Y-%m-%d", localtime(time));
- tag_machine_unsupported($machine)
- if ($lastend lt $today);
- }
- } elsif ( $model =~ m/^HP / ) {
- my $mech = WWW::Mechanize->new();
- my $url =
- 'http://www1.itrc.hp.com/service/ewarranty/warrantyInput.do';
- $mech->get($url);
- my $fields = {
- 'BODServiceID' => 'NA',
- 'RegisteredPurchaseDate' => '',
- 'country' => 'NO',
- 'productNumber' => $productnumber,
- 'serialNumber1' => $serial,
- };
- $mech->submit_form( form_number => 2,
- fields => $fields );
- # Next step is screen scraping
- my $content = $mech->content();
-
- $content =~ s/&lt;[^>]+?>/;/gm;
- $content =~ s/\s+/ /gm;
- $content =~ s/;\s*;/;;/gm;
- $content =~ s/;[\s;]+/;/gm;
-
- my $today = POSIX::strftime("%Y-%m-%d", localtime(time));
-
- while ($content =~ m/;Warranty Type;/) {
- my ($type, $status, $startstr, $stopstr) = $content =~
- m/;Warranty Type;([^;]+);.+?;Status;(\w+);Start Date;([^;]+);End Date;([^;]+);/;
- $content =~ s/^.+?;Warranty Type;//;
- my $start = POSIX::strftime("%Y-%m-%d",
- localtime(str2time($startstr)));
- my $end = POSIX::strftime("%Y-%m-%d",
- localtime(str2time($stopstr)));
-
- $str .= "$type ($status) $start -> $end ";
-
- tag_machine_unsupported($machine)
- if ($end lt $today);
- }
- } elsif ( $model =~ m/^IBM / ) {
- # This code ignore extended support contracts.
- my ($producttype) = $model =~ m/.*-\[(.{4}).+\]-/;
- if ($producttype &amp;&amp; $serial) {
- my $content =
- get("http://www-947.ibm.com/systems/support/supportsite.wss/warranty?action=warranty&amp;brandind=5000008&amp;Submit=Submit&amp;type=$producttype&amp;serial=$serial");
- if ($content) {
- $content =~ s/&lt;[^>]+?>/;/gm;
- $content =~ s/\s+/ /gm;
- $content =~ s/;\s*;/;;/gm;
- $content =~ s/;[\s;]+/;/gm;
-
- $content =~ s/^.+?;Warranty status;//;
- my ($status, $end) = $content =~ m/;Warranty status;([^;]+)\s*;Expiration date;(\S+) ;/;
-
- $str .= "($status) -> $end ";
-
- my $today = POSIX::strftime("%Y-%m-%d", localtime(time));
- tag_machine_unsupported($machine)
- if ($end lt $today);
- }
- }
- }
- return $str;
-}
-</pre>
-
-<p>Here are some examples on how to use the function, using fake
-serial numbers. The information passed in as arguments are fetched
-from dmidecode.</p>
-
-<pre>
-print get_support_info("hp.host", "HP ProLiant BL460c G1", "1234567890"
- "447707-B21");
-print get_support_info("dell.host", "Dell Inc. PowerEdge 2950", "1234567");
-print get_support_info("ibm.host", "IBM eserver xSeries 345 -[867061X]-",
- "1234567");
-</pre>
-
-<p>I would recommend this approach for tracking support contracts for
-everyone with more than a few computers to administer. :)</p>
-
-<p>Update 2009-03-06: The IBM page do not include extended support
-contracts, so it is useless in that case. The original Dell code do
-not handle extended support contracts either, but has been updated to
-do so.</p>
+<p>The last few weeks i have had the pleasure of reading a
+thought-provoking collection of essays by Cory Doctorow, on topics
+touching copyright, virtual worlds, the future of man when the
+conscience mind can be duplicated into a computer and many more. The
+book titled "Content: Selected Essays on Technology, Creativity,
+Copyright, and the Future of the Future" is available with few
+restrictions on the web, for example from
+<a href="http://craphound.com/content/">his own site</a>. I read the
+epub-version from
+<a href="http://www.feedbooks.com/book/2883">feedbooks</a> using
+<a href="http://www.fbreader.org/">fbreader</a> and my N810. I
+strongly recommend this book.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Kerberos for Debian Edu/Squeeze?</title>
+ <link>Kerberos_for_Debian_Edu_Squeeze_.html</link>
+ <guid isPermaLink="true">Kerberos_for_Debian_Edu_Squeeze_.html</guid>
+ <pubDate>Wed, 14 Apr 2010 17:20:00 +0200</pubDate>
+ <description>
+<p><a href="http://www.nuug.no/aktiviteter/20100413-kerberos/">Yesterdays
+NUUG presentation</a> about Kerberos was inspiring, and reminded me
+about the need to start using Kerberos in Skolelinux. Setting up a
+Kerberos server seem to be straight forward, and if we get this in
+place a long time before the Squeeze version of Debian freezes, we
+have a chance to migrate Skolelinux away from NFSv3 for the home
+directories, and over to an architecture where the infrastructure do
+not have to trust IP addresses and machines, and instead can trust
+users and cryptographic keys instead.</p>
+
+<p>A challenge will be integration and administration. Is there a
+Kerberos implementation for Debian where one can control the
+administration access in Kerberos using LDAP groups? With it, the
+school administration will have to maintain access control using flat
+files on the main server, which give a huge potential for errors.</p>
+
+<p>A related question I would like to know is how well Kerberos and
+pam-ccreds (offline password check) work together. Anyone know?</p>
+
+<p>Next step will be to use Kerberos for access control in Lwat and
+Nagios. I have no idea how much work that will be to implement. We
+would also need to document how to integrate with Windows AD, as such
+shared network will require two Kerberos realms that need to cooperate
+to work properly.</p>
+
+<p>I believe a good start would be to start using Kerberos on the
+skolelinux.no machines, and this way get ourselves experience with
+configuration and integration. A natural starting point would be
+setting up ldap.skolelinux.no as the Kerberos server, and migrate the
+rest of the machines from PAM via LDAP to PAM via Kerberos one at the
+time.</p>
+
+<p>If you would like to contribute to get this working in Skolelinux,
+I recommend you to see the video recording from yesterdays NUUG
+presentation, and start using Kerberos at home. The video show show
+up in a few days.</p>
projects / homepage.git / blobdiff