Tuesday, June 30, 2015

Free Chromebook Inventory Tool

If you manage chromebooks (or other ChromeOS devices) in a Google Apps for Education or Google Apps for Work system, you need this tool.

The Chromebook Inventory Add-On for Google Sheets allows you to quickly make a spreasheet of your managed chromebooks. You can then edits the spreadsheet and export it back to the Google servers. When the export is done, it will update those settings. This makes it a convenient tool to do bulk updates, move large numbers of chromebooks to a new OU, make inventory files, or make checklists.

I couldn't explain this system any better than the seven minute long video that they provide. So just check that out.

Tuesday, June 23, 2015

Restarting snmpd on MacOS X Server

Recently, I needed to update the SNMP settings on some old MacOS X file servers that I was monitoring. There was no GUI to change the SNMP settings on those, only to start and stop it. Since I was using the command line to reconfigure lots of other servers and switches, I didn't want to resort to the GUI just to restart the SNMP process on these Mac servers. This is what I ended up doing.

First, I made a new snmpd.conf file the Mac in the usual way.

sudo snmpconf

Then I put the new file into place and restarted the snmpd process.

sudo cp snmpd.conf /usr/share/snmp/snmpd.conf
launchctl stop org.net-snmp.snmpd

Technically, that only stopped the process. However, the org.net-snmp.snmpd.plist configuration file states that snmpd should always be running. So the launchd process in MacOS just starts it back up when it sees that it isn't running. It happens so quickly that a "stop" command is practically a restart in this case.

Its worth noting that these are older file servers running MacOS X Server 10.6.8. I don't know if the launchctl command would be the same in newer versions.

Tuesday, June 9, 2015

FreeBSD Updates (Semi-)Automatically

Keeping servers up to date with security patches is a challenging task. No one likes server outages, upgrades could break things, etc. This is what I do on FreeBSD systems to safely manage updates.

First, login as root. Then make sure that /etc/aliases is configured to forward root's email to your email address. This makes sure that you get the notifications of updates. It will also cause you to get nightly, weekly, and monthly updates about important things like how full the hard drives are and if any of the installed ports or packages have known security bugs. Once /etc/aliases is updated, type "newaliases" to activate the changes. Then email root to see if it worked.

Then, add this to /etc/crontab. (Note: Press "Tab" five times between "@daily" and "root".)

# Get OS updates every day
@daily                      root    freebsd-update cron

This will make the system check every night for important upgrades. If there are any, it will download them to a staging area and not install them. Instead, it will email you a list of the pending changes. This email will only happen when there are recommended updates to install, so you won't see it every day.

That is all the setup work. Now just wait for an email about a pending upgrade.

When you get one of these messages, read it over to make sure it wouldn't affect anything that you've customized. If it would, you might want to take a closer look at that system to put your mind at ease.

When you're ready to activate the upgrade, login as root again and type this:

freebsd-update install
shutdown -r now

This will cause it to install the pending updates and restart. If everything goes as planned, you're all set. Really. That is it.

If anything doesn't go to your liking, you can revert to the pre-update system by logging in as root and typing:

freebsd-update rollback
shutdown -r now

If the FreeBSD system is running as a virtual server in VMware, Digital Ocean, etc., then you may wish to make a snapshot of the server right before the "freebsd-update install" command. That gives a very convenient way to roll back to pre-update conditions. I haven't heard of anyone breaking their system with freebsd-update before, so this is really just an extra precaution more than a necessity. With servers, its always nice to have extra backups.

By keeping on top of updates regularly with a (mostly) automated system like this, your servers will be more secure, more trustworthy, and more stable. More importantly, you won't accidentally forget to update a random server for two years and then worry about breaking it during the next upgrade. Based on that stress-reduction alone, I highly recommend this approach.

Tuesday, June 2, 2015

PowerSchool Gradebook on Chromebook

This school year, I had a few high school teachers beginning to use chromebooks as a full-time tool. Generally, there were two complaints: They weren't able to print and they couldn't run the (Java based) PowerSchool gradebook program. The printing issue was simply because I hadn't set up any Cloud Print compatible printers yet. Accessing their gradebook, on the other hand, was a more interesting challenge.

One day, I had an idea. Its a huge "hack," but it works. We used a service called rollApp to remotely run a Firefox & Java capable environment and, from that, we could run the gradebook. Its a bit like the matryoshka Russian nesting dolls.

First, from the chromebook you visit rollApp. Then click "Login" and click on the Google logo. This will allow you to quickly login using your Google account and save you from having to remember Yet Another Password. This even works with accounts in a Google Apps for Education system.

Second, once your account is set up, run the rollApp version of Firefox. This will cause Firefox to display on your screen, but its actually running on the rollApp server and using their memory, CPU, etc.

Third, once Firefox is on your screen, go to your PowerSchool system and login. Then run the gradebook program.

The first time you do all of this, it will take a while. The next time, though, there are a few fewer steps. For example, you won't have to agree to so many things and Firefox will be in your list of recently used rollApp programs.

Important Note: As stated above, the gradebook is running on rollApp's servers and not your chromebook. Its only visible from your chromebook. This means that you've allowed rollApp to see you typing in your PowerSchool password. You have to decide if they are trustworthy enough for that. Check with your Information Technology department. There may be a district policy that could guide you on this topic.

It is my hope that PowerSchool will eventually have an HTML 5 version of their gradebook so that this hack isn't necessary. If they even came out with an Android version of the gradebook, that could be ported over to ChromeOS quickly via the Android Runtime for Chrome. So, with any luck, this idea will not be needed some day. For now, however, its an option that you can consider. Just make note of the potential security issue and check if your district has a policy on this before you begin using it.