今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

标签:#sysadmin

找到 8 篇相关文章

AI 资讯

Linux Package Management Explained Simply (apt, dnf, yum & rpm)

Quick Note In my previous article, I mentioned that Linux Troubleshooting Flow for Beginners would be the final post in this series. While preparing it, I realized there were a few practical Linux skills every beginner should learn first. These topics will make the troubleshooting guide much easier to understand and follow. Before we wrap up the series, we'll cover: Package Management Finding Files & Text Viewing Files Efficiently File Compression Then we'll bring everything together in the final Linux Troubleshooting Flow for Beginners. Introduction Installing software on Linux is very different from Windows. On Windows, you usually download an .exe installer. On Linux, software is typically installed and managed using package managers . This is one of the most practical skills every Linux beginner should learn early. What is a Package? A package is a ready-to-install bundle that contains: The main program Required libraries Configuration files Documentation Examples: nginx , git , docker , curl , vim Think of a package as a ready-to-install software box. What is a Package Manager? A package manager is a tool that installs, updates, removes, and manages software packages. Instead of downloading software manually, you simply run a command. Example: sudo apt install git The package manager automatically: Downloads packages from trusted repositories Install required dependencies automatically Upgrade installed software Removes them cleanly Instead of manual downloading, you just run one command. Why Use a Package Manager? Without package managers, you would have to: Search for software manually Download files from websites Install dependencies yourself Update each application separately Package managers automate all of this. What is a Repository? Package managers download software from repositories. A repository is a trusted online collection of software packages maintained by your Linux distribution. Instead of downloading software from random websites, Linux install

2026-07-07 原文 →
AI 资讯

How to Install VMware ESXi: Step-by-Step Bare-Metal Setup Guide

Originally published on bckinfo.com How to Install VMware ESXi: Step-by-Step Bare-Metal Setup Guide Table of Contents ESXi vs. VMware Workstation: Which One Do You Need Hardware Compatibility Check Downloading the ESXi Installer Creating a Bootable USB Installer BIOS/UEFI Preparation Installing ESXi: Step by Step Configuring the Management Network Accessing the vSphere Host Client Creating Your First Virtual Machine Post-Installation Checklist Common Issues and Quick Fixes Closing Notes If you've read our complete guide to VMware virtualization , you already know ESXi is the bare-metal hypervisor underneath vSphere. This guide is the hands-on counterpart — installing ESXi directly on physical server hardware, from hardware compatibility checks through booting your first virtual machine. ESXi vs. VMware Workstation: Which One Do You Need Before starting, it's worth confirming you actually want ESXi and not VMware Workstation. They solve different problems: VMware Workstation is a Type-2 hypervisor — it installs on top of an existing OS (Windows, Linux, macOS via Fusion). Good for running a VM or two on a laptop or desktop you also use for everything else. If that's your case, our guide on installing VMware Workstation on CentOS Stream 10 is the right starting point instead. ESXi is a Type-1, bare-metal hypervisor — it installs directly on the hardware with no host OS underneath it. This is the right choice for a dedicated server running multiple VMs, a home lab, or anything that needs to scale beyond "a VM running alongside my desktop." The rest of this guide assumes you're installing on dedicated hardware that won't run anything else. Hardware Compatibility Check This is the step most worth not skipping. ESXi has a defined Hardware Compatibility List (HCL), and installing on unlisted hardware is the single biggest source of installation failures and post-install driver issues. Check your exact server model and component list (NIC, storage controller) against VMware'

2026-07-03 原文 →
AI 资讯

I run my homelab like a miniature data centre — here's the network design that made it possible

The homelab started flat. One /24, everything on it. My workstation, the NAS, the Proxmox host, and — over time — a growing list of workloads sharing the same broadcast domain because that was the path of least resistance. For a while, that was fine. A homelab running one workload doesn't need segmentation any more than a house needs an office door. Then I stood up an Akash provider. An Akash provider is, in shape, a Kubernetes cluster that accepts inbound tenant workloads from the internet — real deployments, paying for compute, containers I didn't write landing in namespaces on my hardware. The provider itself is documented at github.com/jjozzietech/akash-provider-ops-public — this piece is about the network underneath it. The containerisation posture itself is fine. I trust the isolation model. But trust isn't a network design. And the network at that moment had the tenant workload cluster sitting on the same subnet as my workstation, my NAS, and my Proxmox management interface. That was the moment I stopped thinking of the rack as a home network with extra boxes, and started thinking of it as a small data centre. This piece is the network design that came out of that shift. I'll cover the layout, the rules that hold it together, and the Nexus and Proxmox configs that anchor it — with the specifics of my own deployment sanitised. It's not a step-by-step replication guide. It's the design pattern, with enough of the shape to be useful and enough restraint to not double as a recon document for my own rack. // the original design The flat layout looked like this: home lan — 192.168.1.0/24 opnsense (perimeter) cisco nexus (dumb L2 switching) proxmox host workload VMs (all on the same subnet) What it got right: zero routing complexity, everything reachable from everywhere, fast to stand up. If you're running one project on a homelab, this is the correct design. Don't over-engineer it. What stopped working, as soon as the second project landed on the rack, was that the

2026-07-02 原文 →
AI 资讯

Linux Logs Explained Simply

When something breaks in Linux, experienced engineers don’t guess. They check the logs. 👉 Logs are the “black box recorder” of a Linux system. They tell you: what happened when it happened why it failed If you can read logs properly, you can debug almost anything. What Are Logs? Logs are records of system and application activity. Linux constantly records: System events Errors User activity Application behavior Linux constantly records: Where are Logs Stored? Most Linux logs are stored inside: /var/log Check logs directory: cd /var/log ls This is the first place DevOps engineers check during system issues. Important Log Files Log File Purpose Command to View /var/log/syslog General system messages tail /var/log/syslog /var/log/auth.log Login attempts & authentication tail /var/log/auth.log /var/log/kern.log Kernel & hardware messages dmesg or tail /var/log/kern.log /var/log/nginx/error.log Web server errors (Nginx) tail /var/log/nginx/error.log /var/log/dmesg Boot and hardware logs dmesg /var/log/apache2/ -> Apache logs These logs help you identify system, security, and application-level issues. View Logs Using cat cat /var/log/syslog Good for small files. Using less less /var/log/syslog Useful keys:: Space → Next page b → Previous page q → Quit 👉 Best for large log files. Using tail tail /var/log/syslog Show last 10 lines. Real-Time Monitoring (tail -f) tail -f /var/log/syslog 👉 -f = follow live updates This is one of the most-used debugging commands in production servers. Stop with: Ctrl + C Searching Logs with grep grep error /var/log/syslog Case-insensitive: grep -i failed /var/log/auth.log Show latest matching errors: grep error /var/log/syslog | tail -n 50 👉 Essential for filtering huge logs quickly. Boot & Hardware Logs (dmesg) dmesg Shows: Boot messages Hardware detection Kernel events Useful for startup and hardware troubleshooting. Modern Log System: journalctl Modern Linux systems use systemd logs . journalctl Recent errors: journalctl -xe Specific servic

2026-06-30 原文 →
AI 资讯

A Cron Job Took Our Server to Load 41 by Attacking Itself

A */1 rsync took our staging box to a load average of 41 one afternoon, and it took me longer than I want to admit to work out why. The sync normally finished in about twenty seconds. That day the backup target's NFS mount went sluggish, the sync started taking ninety seconds, and cron — which does not know or care whether the last run is still going — launched a fresh copy every single minute on top of it. Inside ten minutes there were a half-dozen rsyncs all reading the same tree off the same slow disk, each one making the disk slower, each new minute adding another. The box wasn't under attack. It was attacking itself, one polite copy at a time. The thing that stung was that nothing was broken — every individual rsync was correct, the disk eventually recovered on its own, and the only reason it became an outage is that cron has no concept of "the last one is still running." That's the trap with scheduled jobs: a command that's perfectly fine when you run it by hand can take down a server the first time it runs longer than its interval with nobody watching. The fix everyone reaches for first is the wrong one The instinct is a PID file: write $$ to /var/run/job.pid on start, check whether that file exists on the next run, bail if it does. It almost works. Then one run gets kill -9 'd, or the box reboots mid-job, and the PID file is left behind pointing at a process that died on Tuesday. Now every future run sees a "lock" owned by a PID that no longer exists, and the job never runs again — the opposite failure, just as silent. There's also a race between the check and the write, and the times you most need the lock to be clean are exactly the times cleanup didn't happen, because the process died before it could clean up. flock has none of that. The lock isn't a file you create and delete — it's a lock the kernel holds on an open file descriptor , and the kernel releases it automatically the instant that descriptor closes. The process exiting closes it. So does crash

2026-06-23 原文 →
AI 资讯

Recovering data from a failed RAID array with ddrescue: a practical walkthrough

When a RAID array fails, the worst thing you can do is panic and start poking at it immediately. I've seen too many cases where an impatient rebuild attempt overwrote the only good copy of data. This walkthrough covers how to safely approach a degraded or failed RAID — with ddrescue as your best friend. Step 0: Stop. Don't touch the array yet. Before running mdadm --assemble , before doing anything, clone your physical disks . A RAID 5 with one failed drive can lose everything the moment a second drive throws a read error during rebuild. This isn't hypothetical — it's how most total RAID losses happen. The golden rule: image first, recover second . Step 1: Assess the damage # Check current RAID state cat /proc/mdstat # More detail mdadm --detail /dev/md0 Look for: [UUU_] — one drive failed (underscore = missing) [UU__] — two drives failed (catastrophic for RAID 5) State: degraded , recovering , or failed Do NOT run mdadm --manage /dev/md0 --add /dev/sdX yet. Stop the array instead: mdadm --stop /dev/md0 Step 2: Clone each disk with ddrescue ddrescue is the right tool because it handles read errors gracefully: it maps bad sectors, retries them, and lets you resume interrupted sessions. Never use dd for a failing disk. Install it: # Debian/Ubuntu sudo apt install gddrescue # RHEL/CentOS sudo dnf install ddrescue Clone each RAID member to a separate image file (you need enough storage — same total size as all disks combined): # First pass: copy everything readable, skip bad sectors fast sudo ddrescue -d -r0 /dev/sda /mnt/backup/sda.img /mnt/backup/sda.log # Second pass: retry bad sectors up to 3 times sudo ddrescue -d -r3 /dev/sda /mnt/backup/sda.img /mnt/backup/sda.log Key flags: -d — direct disk access (bypass kernel cache) -r0 / -r3 — retry bad sectors 0 or 3 times The .log mapfile is critical: it lets you resume if the clone is interrupted Repeat for every disk in the array ( sdb , sdc , etc.). Step 3: Work from the images Once you have image files, assemble a soft

2026-06-11 原文 →
开源项目

Unofficial Delinea Secret Server Cross‑Tenant Migration Tool (GUI + Automation) — Sharing with the community

I’m a PAM engineer and recently had to handle a few cross‑tenant migrations in Delinea Secret Server. As many of you know, there’s no built‑in way to migrate secrets, folders, roles, or permissions between tenants (cloud ↔ cloud, on‑prem ↔ on‑prem, hybrid, etc.). To avoid doing everything manually, I built an unofficial PowerShell‑based tool to automate the process. Not a vendor, not selling anything — just sharing something I built because it solved a real problem for me. What it does: Full Windows GUI Export → validate → import → reconcile Folder/role/permission mapping Integrity checks Supports cloud, on‑prem, and hybrid Auto‑update logic for long‑term use If anyone else here works with Secret Server and has had to deal with tenant splits, mergers, rebuilds, or cloud migrations, this might save you some time. Github Link: https://github.com/vijayamohanreddy/delinea-secrets-server-migration-tool-unofficial Linkedin Article: https://www.linkedin.com/pulse/introducing-delinea-secret-server-crosstenant-tool-vijaya-reddy-vj--wy47c/?trackingId=vJ3%2F9%2Fw3RLSKlm%2F1kXig1Q%3D%3D Affiliation disclosure: I built this myself for my own work. Not affiliated with Delinea, not a vendor, not selling anything. Happy to answer questions or hear suggestions from others who’ve had to do Secret Server migrations.

2026-06-11 原文 →
AI 资讯

When an old business web app needs IE mode, and when it does not

Not every old business web app needs a full Internet Explorer environment. That sounds obvious, but it is easy to miss when a legacy intranet, ERP, OA, or ASP.NET WebForms page fails in Chrome or Microsoft Edge. The first instinct is often to put the whole system into IE mode. Sometimes that is absolutely correct. Other times, the page mostly works in Chromium and only breaks on older JavaScript or DOM assumptions. The useful first step is to separate those two cases. Case 1: the page needs a real IE engine Use Microsoft Edge IE mode, a Windows virtual machine, remote desktop, or another managed legacy-browser path if the page depends on: ActiveX controls COM integration VBScript Trident or MSHTML rendering behavior Browser Helper Objects Java applets strict IE7 or IE8 document modes A Chrome extension or JavaScript compatibility layer should not be presented as a replacement for those requirements. If the workflow depends on the IE engine, the browser engine is part of the application runtime. Case 2: the page mostly works, but old browser assumptions fail There is another common category. The page loads in Chrome or Edge, authentication works, and the main UI appears, but a small set of old behaviors fails. Examples include: empty frameset entry pages loading pages that do not finish redirecting attachEvent window.event event.srcElement showModalDialog -style picker flows document.frames older WebForms date fields that call a calendar function on focus For maintained source code, the best answer is still to fix the application. Replace old event APIs, remove synchronous dialog assumptions, and modernize generated WebForms scripts where possible. But in many real organizations, the legacy page is owned by a vendor, frozen department system, or migration backlog. In that situation, a scoped compatibility layer can be worth testing before moving the whole workflow into IE mode. A low-risk triage sequence I use this sequence: Pick one legacy hostname. Pick one failing

2026-06-01 原文 →