Wandering Thoughts archives

2006-06-15

DispellingNightmare

Dispelling a nightmare (a sysadmin tale)

One quiet sysadmin nightmare is discovering that you don't know how to reproduce the running setup on a system that you've taken over. You know, things like: there's nothing that seems to start important programs; programs that the configuration seems to say should be running aren't (or aren't running successfully); programs are running as UIDs that aren't even in /etc/passwd.

I spent part of today mostly dispelling a nightmare like that, and therein lies a tale.

I discovered the problem when I was looking into adding more DNS blocklists to the system's QMail configuration. This required finding the configuration, and rapidly led to the discovery that the running SMTP listener didn't seem to be the configured SMTP listener. I did some poking at the time and wound up thinking that it had been started by hand (or by something that had been removed since then, which is almost as much fun).

The last thing you want to do with a working house of cards like this is touch anything (touching stuff is how you get to have exciting days), so at the time I just carefully saved the output of 'ps augxwww' and tiptoed away. (This is often all that you can really do: save as much about the current system state as possible, in the hopes that you'll have enough information to reconstruct and restart things if something dies.)

But this Tuesday morning we had a large scale power failure. When I looked at the mail machine to see how broken it was, to my surprise everything was actually running the way it had been before the power failure. Clearly I'd been wrong, and somewhere there was a startup script; I just had to find it.

Brute force to the rescue. The running QMail command line had a relatively distinctive string in it, so:

# find / /var -xdev -type f -print0 | xargs -0 fgrep -l <string>

This turned up the script that was starting the actual daemons, and some poking around found an invocation of the script tucked away innocently at the end of /etc/rc.d/rc.local.

Now I at least have a starting point for rationalizing things a bit, and I can see how it's working. (Well, mostly how it's working. There's still several mysterious bits.)

DispellingNightmare written at 02:25:31; Add Comment

(Previous day | Next day)
By day for June 2006: 15 16 19 23 29; before June; after June.

These are my WanderingThoughts
(About the blog)

Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Twitter: @thatcks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web

This is a DWiki.
GettingAround
(Help)

Search:
Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.