Secret Administration Spells Copyright 2008 by Kyle Sallee Spells install software. However, spells can do more than merely install software. They can help automate mundane administrative tasks. Before this document existed system administrators were told about these spells on the email list or they might find these spells in the grimoire. augur forget etc; cast etc The etc spell is a spell that assists with some of the most basic configuration tasks common to deploying a new box. It provides a menu of more than 30 tasks that it knows how to assist with. The etc spell is also a spell of modular design which means that more modules can be added to enhance the etc spell's functionality. The reason the spell is called etc is because it mostly assists with modification of files and directories that exist within /etc augur forget glibc-locales; cast glibc-locales For program messages to be automatically translated from the English C locale to other human languages both appropriate langauge specific locales database must be installed. Also the environment variable LANG must be exported. The glibc-locales spell provides a large list of locale databases that can be generated and installed. Also it installs the file /etc/bash.d/noninteractive/LANG This file causes the LANG variable to be exported to the environment so that programs interact with the user in the preferred human language. augur forget glibc-localtime; cast glibc-localtime For computers to properly network together computer must agree upon the time and date no matter where a computer may exists. The computer consensus for time and date is called UTC, universal time coordinated. However, unlike computers people tend to prefer to use the same time and date as other people use where they live. In contrast to UTC time which is the same all over the world, the local time differs all over the world. The computer can automatically translate between localtime and UTC time. However, the computer must first know where the box is located. cast glibc-localtime and select the proper geographic location. Then the time can be set and saved to the hardware clock on supported architectures. augur forget init-toggle; cast init-toggle init-scripts are installed into /etc/init.d/ Most init-scripts execute automatically Those that execute automatically have the mode 0700. init-scripts that will only execute when the SA invokes the init-script by name have the mode 0600. This powerful, yet dangerous, spell enables the SA to easily select which init-scripts should be automatically executed and which should remain dormant. augur forget sorcery-bgz; cast sorcery-bgz sorcery-bgz provides a loaded on demand background tarball compression program. Archive and ccache tarballs are created without compression. Therefore, they require significant disk space. Tarballs downloaded from the Internet may be compressed or uncompressed. If a box has plenty of available disk space then sorcery-bgz is unnecessary and would only waste CPU cycles while increasing additional free space. However, on boxes tight on space sorcery-bgz can compress and recompress tarballs to recover additional free space. sorcery-bgz supports compression types of: 7za for .tar.7z compressed tarballs which are very tiny; bzip2 for .tar.bz2 compressed tarballs which are moderately small; gzip for .tar.gz compressed tarballs which are smaller than uncompressed .tar. Better compression requires more RAM and more CPU cycles to achieve. That is why the sorcery-bgz asks the system administrator to select the desired compression type. tarballs that already have better compression are not recompressed with lighter compression. A file such as bash-4.0.tar.7z will never be recompressed as bash-4.0.tar.bz2 nor as bash-4.0.tar.gz cast sorcery-bootblaze Unlike the above spells sorcery-bootblaze has no configuration. When installed it works. The purpose of bootblaze is to expedite booting of boxes. Instead of waiting until just before a file is required from disk, bootblaze loads all files that will be required just as fast as the disk device can read them. Consequently, the content of files required at boot will automatically be in RAM when required and thus allow loading programs to run with less disk delay. Unfortunately, waiting for disk reads is the single greatest bottleneck on modern computers because the CPU and RAM is so much faster than disk drives. Installation of sorcery-bootblaze might dramatically decrease boot time Or it might have very little effect. Generally, it will not make booting slower unless the files loading from disk are heavily fragmentted. sorcery-bootblaze works best for desktop computers where someone will login and run programs within 5 minutes after booting. cast sorcery-immune glibc libraries are the most important libraries on a box. They are installed in /lib64 on x86_64 architecture and /lib on IA32 architecture. Almost every program installed has a dynamic link with glibc libraries. Therefore, proper working glibc libraries are effectively required by all software. If glibc libraries break then nothing runs as it would normally run. That is why sorcery-immune checks for and repairs a glibc break if it should happen. The following spells differ from those above. After these spells are installed they automatically recast periodically. cast sorcery-alien recasts automatically monthly. Wonder what files might be installed yet not properly owned by a spell? What might be lurking where and why? The why may not be know, but there where can be discovered. The compile log from sorcery-alien will list files that are present in locations where only spells should install, yet those files do not belong to an installed spell. sorcery-alien only discovers alien files. The system administrator must decide what to do with alien-files. cast sorcery-clean Recasts automatically monthly. Boxes build up a considerable amount of tarballs in /var/cache/ and also files in /var/log/sorcery/ The purpose of sorcery-clean is to keep the potentially useful files and remove the old files. Having the sorcery-clean spell installed is proper for minimizing sorcery disk usage. SAs that choose to run without sorcery-clean must find an alternate means of pruning old files from /var/cache/ and /var/log/sorcery/ cast sorcery-defrag Recasts automatically monthly. sorcery-defrag is a great program for fixed disks. A file is fragmentted when it's content is written to multiple locations across a fixed disk. Consequently, reading that file becomes a scavanger hunt to collect and re-assemble all the pieces. fragmentted files are slower to read and cause additional disk wear and tear on fixed disks. Consequently, the purpose of sorcery-defrag is to locate fragmentted files and reassemble them so that a file occupies a single location on disk which makes the file faster to read with less wear and tear on the disk drive. sorcery-defrag is a terrible program for flash disks. flash disks lack the physical hardware of a magnetic fixed disk. sorcery-defrag will erode the life expectancy of a flash disk. Therefore, never install sorcery-defrag when the filesystem resides on a flash disk such as a USB flash disk. cast sorcery-md5sum Recasts automatically weekly. Important files should probably not mysteriously change content. Yet sometimes they do. The change may be due the disk hardware becomming old and faulty. Or the change may be the result if software that compiles improperly. Or the change may be due to the someone typing a command incorrectly at a root prompt. The cause for the change is not usually important. However, fixing the change is important. sorcery-md5sum reads important files from disk and compares a md5sum hash created from the file content with a md5sm hash that was created when the file was first installed. When files differ in content as indicated by a change in the md5sum hash then the spell that file owns that file will probably be automatically recast. sorcery-md5sum may look like a possible security feature. However, it is not. An attack specifically designed to defeat the md5sum check will defeat it. However, sorcery-md5sum is good for finding and fixing altered files. Please beware that if a disk is in the process of dying sorcery-md5sum may cause more damage than repair. Every disk drive eventually fails. Therefore, always maintain backups. Summary Thanks for reading and learning about the secret administration spells. However, these spells tend to keep changing. Therefore, this document may already be obsolete. The above spell descriptions may be inaccurate. However, administration spells can usually be discovered by executing the command: augur category administration/spell To see the spells and their long descriptions execute the command: augur category administration/spell | while read; do echo $REPLY; augur long $REPLY; done | less