Current frustration...

deanwebb · July 01, 2020, 10:45:43 AM

Today's frustration is the PM in the kickoff meeting that's demanding to know where the design documentation is and then doesn't understand that we haven't had the necessary meetings yet to produce that documentation because, you know, this is the *kickoff* meeting...

config t · July 01, 2020, 12:41:45 PM

Quote from: Otanx on July 01, 2020, 08:51:57 AM
Nope, I have show cpu commands, but they don't include the crypto hardware modules. I will be reaching out to TAC to see if there is something maybe undocumented. I also realized last night that I have some smaller ASA5515s I may be able to setup a test, and overload the crypto to see what happens. They are only rated for 250Mb/s so I can see what happens as I get close to that. Maybe figure out some canaries I can use if I can't graph the utilization directly.

-Otanx

I'm curious to see how this shakes out. Even though DoD is moving to PA there will still be a $*#&-ton of ASA's around for ages.

config t · July 01, 2020, 01:02:31 PM

I have hit the one year mark in my current role and had a meeting today to discuss the fact that I am billeted as a Net Admin II yet I am clearly performing network engineering functions. Integration, configuration baseline, network discovery and documentation, SME support, etc.

"Come back in budget time before the option year in March".

Not really mad. I love my job because I touch everything even if it's all old gear. I rocked out hard on key integrations. My customer barely had to bat an eye while I engineered new hardware specific SATCOM network packages, troubleshot, baselined and produced documentation and logical diagrams for the same. All while jamming out to 80's retro synthwave on my noise canceling headphones.

Should I even be complaining? Do job titles even matter? I think it comes down to the fact that if they could squeeze out another 20k I would stay until the last day of the last option year March of 2024. Despite all the high priority work we have coming down the pipline.

Otanx · July 01, 2020, 01:54:10 PM

Oh, ASAs are probably going to be in prod longer than I will be working. If you need basic firewalling they are solid boxes. I predict you will see them running 10 years from now in environments that don't change very often. I will update here when I either solve it or give up.

To me the job title is a means to an end. I really don't care what you call me as long as it is close to what I do. Unfortunately the job title may impact other stuff like pay caps so that can be a concern. So in your case if they can give you the extra 20K but still call you a NE2 does it matter? I know one of my old companies they had pay bands, and a NE2 couldn't be paid more than X. If you needed more than that you had to be moved to a different title. Because of that I was officially a "Cyber Analyst 4" for a while because I wanted more than their max for the network titles. Stupid HR games, but they finally added some more numbers to the NE titles, and got me moved back over.

There is a case to be made about future jobs, and if they call you a windows admin, but you are really a network engineer that could be a concern. But Net Admin 2 vs a Net Admin 3? As someone who interviews I don't care about the number. I pay more attention to what you described as your duties, and how well you can talk to those.

-Otanx

deanwebb · July 01, 2020, 02:15:06 PM

Job title matters, for sure. And you can't lie about it, because that's info a former employer can divulge in a request.

config t · July 02, 2020, 10:59:23 AM

I think you're right Otanx. Like you said, anyone technical who potentially speaks with me in an interview would know what I'm about

Code Select

config t

It looks like the pay bump would have to be tied to job title with the way this contract works. Since I am already here doing the job, I doubt the customer will be willing to pay more for something they are already receiving. I did get an email yesterday that my HOLA/COLA went up substantially, so I guess that's a pseudo raise.

It's all good. For the first time in a while I am actually happy where I am at so I plan to take advantage of this overseas gravy train with biscuit wheels for at least another couple years.

Quote from: deanwebb on July 01, 2020, 02:15:06 PM
Job title matters, for sure. And you can't lie about it, because that's info a former employer can divulge in a request.

I guess putting Rocket Surgeon on my resume is out

Otanx · July 13, 2020, 11:34:29 AM

I have spent the last week dealing with logrotate in Linux. For those that don't know logrotate is used in Linux to prevent log files from just growing in size and filling the disk. You tell it what files to watch, and can rotate on size or time. You can compress the log files when you rotate, and tell it to keep the last X files. So pretty easy.

Except that the application I am working with creates a new directory for each day, and puts the days logs there. I just need to compress and then delete anything old. Log rotate can't do this natively. You can give it a wild card so I could tell it /var/log/*.log and it would rotate any files ending in .log. What I couldn't do was /var/log/application/*/*.log. I had to match every directory under the application and then the log files in those directories.

Long story short I created a file in /var/log/application/ called fake.log. I told logrotate to rotate that file every day. Then told it to run a script after it is finished rotating the file. The script handles compressing the previous days log, and then deleting anything older than a week. I could have just written the script and added it to cron, but I like having it in logrotate because that is where people in the future will look for log rotation stuff.

The last part of that is log rotate, and the script ran great when I did it manually. However, it wasn't working when log rotate ran from cron. I learned that the path environment variable in cron is different than a users path. So while I could run "find /var/log/application/*/*.log" from the command line when cron runs it can't find find. I have to use /usr/bin/find ... to get it to work.

-Otanx

deanwebb · July 13, 2020, 06:16:25 PM

Ah yes, there's always one app that has to be *different*...

config t · July 14, 2020, 04:20:50 AM

"They have IPs! DHCP is working! But they can't get to any websites!" yes DHCP is working, but where is the default gateway?

"DHCP is really working now! But I can't get to any websites! All of my routes are advertised in EIGRP!" yes, all of your routes are advertised in EIGRP, but why is your gateway of last resort not set?

wintermute000 · July 14, 2020, 05:45:48 AM

We're in the middle of a new campus build and the geniuses that are in charge of setting up the AD have somehow disabled the DHCP scope for the AV VLAN / subnet 3 times in the last fortnight.

Naturally, the leases are set to 30 minutes because we're not in prod, so when an entire building's worth of AV (in build, not prod) goes offline, and they run around screaming "the whole network is down". The same people in charge of the DHCP scope they accidentally disabled. 3 times in a fortnight.

I hate wintel guys so much

config t · July 14, 2020, 07:01:27 AM

That's classic.

Otanx · July 14, 2020, 08:19:01 AM

Quote from: wintermute000 on July 14, 2020, 05:45:48 AM
I hate wintel guys so much

This I can get behind. Even staying on topic with DHCP. We are moving a bunch of our stuff to DHCP, and part of that is creating reservations for the existing static gear before we change it to DHCP. I gave them a list of about 300 systems to add. I found out after three days they were doing this by hand in the GUI, and had done about 50. Pointed out that they could use powershell to do this much faster, and was told they don't know powershell. A quick Google later, and I gave them the powershell commands. I don't think they used them.

Our Linux DHCP servers? Oh, go update the dhcp git repo, submit a pull request. Once approved click the rocket ship in Ansible. If you just wait till tomorrow Ansible will update it overnight.

Lets not mention the Windows NPS servers. The ones with a scheduled task to reboot every night because they can't figure out why they stop responding to RADIUS after a few days. Nope not going to mention those.

-Otanx

deanwebb · July 14, 2020, 11:02:27 AM

If you're a sysadmin, you MUST Powershell. You MUST.

IPAM solutions are because you don't want to trust your DHCP to the sysadmins that can't do Powershell...

config t · July 15, 2020, 07:21:05 AM

According to our night shift sysadmin Option 150 and Gateway was unecessary fluff.

I'm also dealing with a guy who it turns out completely crumbles under pressure. During the last ASI I needed him to identify an interface connected to a VTC and set it as an access port. Instead of doing it while he was physically consoled into the switch he went into panic mode and ran around between the comm closet and the office for about 30 minutes trying to set up SSH access because he needed to be at his desk where it's warm and quiet. I fixed the vty line for him and left him there for the rest of the night so he could clicky clack on his keyboard and stay out of my hair (what's left of it

)

deanwebb · July 15, 2020, 01:13:50 PM

I'm dealing with a guy who can't count past 2.

But he's also in charge of scoping out how many appliances we need to set up for the solution, and we need more than 2, of more than 2 varieties of boxes, in more than 2 locations.