This came up today where I needed to give secure file transfer to customers. To complicate things I had to use an out-of-the-box RHEL6 system. The obvious answer was to use SSH and limit those users to SFTP only. Locking them into a chroot was not a requirement, but it seemed like a good idea to me. I found plenty of docs that got 80% of the way, or took a shortcut, but this should be complete.

I have now got new challenges and am designing much bigger systems. Whereas before I would have take one of these: {% img center /images/p2000-g3-sff.png 250 400 %} Plugged it into a pair of these: {% img center /images/silkworm.jpg 250 450 %} And finally plugged in a pair of these: {% img center /images/dl380g7.jpg 200 400 %}

Now I do not actually do the plugging in - that is not part of the documented process. Also, the system I am designing is on the other side of the world. However I now take one of these, a couple of these and add a couple of racks of these. Finally it all plugs into a couple of these.

I am now a month in to life in France. Make no mistake I am so far very happy that we have made the right decision, even though not everything is perfect. The biggest beef is without a doubt the paperwork! For example, it took us a month to get a phone line and the stumbling block was not having the right piece of paper. To get onto the system you have to have a bill, but to get a bill you need a bill. Call it a catch-22 or a chicken-egg take your pick, but french beaurocrats love that.

Last week I successfully did my first 65 mile ride. Of course it was not a race, but that never stopped a group of men being over competitive - I won by the way. I do not own a cycle computer, nor did I remember to run My Tracks. However, a colleague did record it on his Garmin GPS:

How many times have you installed/updated a bit of software and read the line “Please take a back up” or something to that effect? 99 times out of a hundred, you will just continue and ignore it.

Today I had a reminder of why it is import to do so. I did a routine plug-in upgrade on our Jira installation (Customware Salesforce connector for those who want to know). I have done this several times, I had tested it in our Dev installation I was 100% confident it would work as expected. However, I actually decided to take a backup anyway.

This based on my last post where I documented building a Highly Available NFS/NAS server.

There is not a huge amount that needs to be done in order to add iSCSI functionality as well.

Add a file called /etc/drbd/iscsi.res containing:

resource iscsi {
    on nfs1 {
        device /dev/drbd1;
        disk   /dev/vdc;
        meta-disk internal;
        address   10.0.0.1:7789;
    }
    on nfs2 {
        device /dev/drbd1;
        disk   /dev/vdc;
        meta-disk internal;
        address   10.0.0.2:7789;
    }
}

    read more