Vita di un sys-admin

Benvenuti nella seconda puntata.

Questo minihowto suppone che il vostro disco sia organizzato cosi’:

• c1d0s0 e’ /
• c1d0s1 e’ la partizione di swap
• c1d0s5 e’ /var
• c1d0s6 e’ /usr
• c1d0s7 verra’ usato per ospitare metadb

Entrare in modalita’ single user:

# init 1

Smontare tutti i possibili mount point. Usare il comando format sul secondo disco c2d0, questo ci consentira’ di usare fdisk per installare preventivamente le partizioni richieste da Solaris.

Copiare la tabella delle partizioni dal primo disco sul secondo:

# prtvtoc /dev/rdsk/c1d0s2 | fmthard -s - /dev/rdsk/c2d0s2

Installare grub sul secondo disco:

# installgrub /boot/grub/stage1 /boot/grub/stage2 /dev/rdsk/c2d0s0

Creare 3 metadbs sullo slice 7 di ogni disco:

# metadb -af -c 3 /dev/dsk/c1d0s7 /dev/dsk/c2d0s7

Creare i metadevice submirror associandoli ai dischi reali.

# metainit -f d11 1 1 c1d0s0
# metainit -f d12 1 1 c2d0s0

Questo comando associa il submirror d11 al mirror d10:

# metainit d10 -m d11

Si fa lo stesso con le altre slice:

# metainit -f d21 1 1 c1d0s1
# metainit -f d22 1 1 c2d0s1
# metainit d20 -m d21
 
# metainit -f d51 1 1 c1d0s5
# metainit -f d52 1 1 c2d0s5
# metainit d50 -m d51
 
# metainit -f d61 1 1 c1d0s6
# metainit -f d62 1 1 c2d0s6
# metainit d60 -m d61

A questo punto lanciare metaroot per indicare quale metadisk e’ quello che monta la partizione di root. Questo comando andra’ a modificare alcuni file come /etc/system, /kernel/drv/md.conf ed anche /etc/vfstab (ma solo la partizione /):

# metaroot d10

Controllare la situazione con il comando metastat:

# metastat

Editare vfstab per farlo puntare ai raid devices sostituendo i vari device coi corrispondendi metadevice in /dev/md/:

# vi /etc/vfstab
#device         device          mount           FS      fsck    mount   mount
#to mount       to fsck         point           type    pass    at boot options
#
fd      -       /dev/fd fd      -       no      -
/proc   -       /proc   proc    -       no      -
/dev/md/dsk/d20 -       -       swap    -       no      -
/dev/md/dsk/d10 /dev/md/rdsk/d10        /       ufs     1       no      -
/dev/md/dsk/d60        /dev/md/rdsk/d60        /usr    ufs     1       no      -
/dev/md/dsk/d50 /dev/md/rdsk/d50        /var    ufs     1       no      -
/devices        -       /devices        devfs   -       no      -
ctfs    -       /system/contract        ctfs    -       no      -
objfs   -       /system/object  objfs   -       no      -
swap - /tmp tmpfs - yes size=512m

Usare il comando lockfs e rebootare:

# lockfs -fa
# init 6

Al reboot fare l’attach dei submirror del secondo disco:

# metattach d10 d12
# metattach d20 d22
# metattach d50 d52
# metattach d60 d62

A questo punto il sync del disco secondario iniziera’. Per controlloare lo stato di avanzamento utilizzate questo comando:

# metastat | grep -i sync

PS: il sync puo’ durare diverse ore a seconda delle perfomance del vostro server e dello spazio.

Popularity: 46% [?]

pallotron Hardware, Informatica, Lavoro, Tips and Tricks, Unix dyne, howto, metraid, mirror, raid, solaris, Unix, x86

Oggi sono capitato su questa pagina fighissima.
Guardatelo fino alla fine perche’ e’ spettacolare. Specie la parte finale!!!!!

Popularity: 20% [?]

pallotron Informatica, Linux, Software, Software Libero, Tempo libero, Unix, Video console, dio, fun, geek, god, Humor, religione, Unix

Hi Lads,

This is a post for nerds so I’m writing it in English. If you don’t understand English or technical stuff please close this page
I’m at work and I’ve just finished to write a Nagios script to monitor expiration date of a SSL certificate.

I wanna share it with you.

To have the script working properly you just need to install OpenSSL and let the openssl
command be in your PATH environment.

This is the usage:

Usage:
check_ssl_cert.sh hostname port [warningdays]

Warning days default value is 30 days.

Some examples:

[afailla@terminus ~]$  /usr/local/nagios/bin/check_ssl_cert.sh google.com 443
OK: Certificate is valid for 289 days expires on May  2 17:02:55 2009 GMT
 
[afailla@terminus ~]$  /usr/local/nagios/bin/check_ssl_cert.sh google.com 443 400
CRITICAL: Certificate will expire in 289 days on May  2 17:02:55 2009 GMT

Download the script here and enjoy it.

Popularity: 22% [?]

pallotron Hardware, Informatica, Lavoro, Linux, Programmazione, Software, Unix bash, certificate, expiration, linux, monitoring, nagios, openssl, script, ssl, Unix

Salve,

Oggi ho sclerato una giornata per fare il troubleshooting di una cosa su Solaris. Problemi di comunicazione random tra apache che fa reverse proxy verso un tomcat nella stessa Zona di Solaris con traffico passante sulla interfaccia di loopback. Pero’:

root@solaris # ./tcpdump -n -i lo0
tcpdump: /dev/lo0: No such file or directory
 
root@solaris # snoop -d lo0
snoop: /dev/lo: No such file or directory

Solaris. Sei proprio un sistema operativo di merda!

Leggete http://phildev.net/ipf/IPFsolaris.html#solaris12:

# Why can’t I filter on the loopback interface, or virtual interfaces?
The loopback interface on Solaris is a “fake” interface. You cannot filter it, nor can you snoop it. This is for performance reasons. Virtual interfaces in Solaris are very similar, to filter on them, use the physical interface instead.

Perfomance reasons! Ma andatevene affanculo va’!
Alla fine sono riuscito a sniffare in un altro modo invertendo il reverse proxy verso un tomcat di un altro nodo e sniffando sulla interfaccia reale… sono riuscito ad isolare il problema e a decidere chi dei due sia il colpevole (almeno credo) e domani ci lavoro.

Saluti.

Popularity: 24% [?]

pallotron Esperienze, Informatica, Lamentazioni, Lavoro, Unix lamentazione, Lavoro, merda, sniff, snoop, solaris, sysadmin, Unix

In NewBay I’m currently working on a project which uses Sun Solaris 10 in a multi-tier architecture. I’ve already used before this system in Italy, so it isn’t new for me; in Italy I was responsible for creating Sun packages for projects made by my ex company in behalf of Nokia and Vodafone Italy.

By the way, as I started working in Newbay, I was allocated to this project called MyFaves for T-Mobile International. This is based exclusively on Solaris 10 (both x86 and sparc architecture).
After a few months I’ve used, and I’ve became pretty confident, with most of the big new and historical features of Solaris 10 like the SMF, the ZFS file system, the Solaris zone/containers.

So what do I think about it?

Well, I think the only stuff really good in Solaris are the 3 I’ve mentioned above. All the other things I’ve seen around the system are pretty crappy. When I started using SMF I was thinking: «oh man! this is ridiculous! I’ve to type svcadm enable/disable svc:/blabla/blablala/myapp:default every fucking time i need to start or stop a service! /etc/init.d/service start/stop is much more better!». Then I studied a lot this SMF, and I have to admit is brilliant! I really would like to have it in enterprises Linuxes like Red Hat, or even, let’s say, in Debian!

ZFS is brilliant as well! I know it’s now stable and ready for production on BSD systems like FreeBSD. I’m not really sure if the Linux ZFS implementation, which use the fuse subsystem, is ready for production as well…

Zones and containers… well… I think they’re cool. Maybe I’m wrong but I think they’ve copied the FreeBSD jails and they’ve integrated it very nicely with the system, especially with the solaris resoure manager. So you can, for exapmle, decide the amount of memory, or the number of CPUs that can be used by a single process, user, or group, in each zone. Integration between ZFS and Zones is cool as well!

Despite all these stuff I have to say that I still don’t really like Solaris:

• I don’t like to have the f***ing old style vi written by Bill Joy.
• I dont’t like to have defined export EDITOR=ed and export PAGER=more by default.
• I don’t like the fucking ps command (but you have to use the one into /usr/ucb/).
• I don’t like the fact that your default shell is an old style c-shell instead of /bin/bash
• I don’t like the fucking OLD cron daemon which is not able to read the GNU syntax (for something like */5 to schedule a job every 5 minutes you have to write “05,10,15,20,25,30,35,40,45,50,55“. So ridicolous!!!!!)
• I don’t like the fact that you don’t have ANY messages while booting!
• I don’t like the packaging system, is shit compared with APT/DPKG, or with the the BSD ports system.
• I don’t like CDE and JavaDesktop (or should I say GNOME! ).

Why the fuck aren’t they using the GNU subsystem instead of their own CRAP? Are they using this only on OpenSolaris maybe?

Someone might say that this is because big companies (like banks for example) are still using OLD software which needs to use old crap to work. So they need old crap shell interpreter, and stuff like that. And they obviously like to have all the old crap by default installation…

Fuck them I say! This is ridicolous! They have to do the effort to adjust their our systems to work with the new OS’s. Not me!

So this is what I think about Solaris 10. You can insult me now.

Cheers.
Angelo

Popularity: 22% [?]

pallotron Informatica, Lavoro, Software, Unix smf, solaris 10, sysadmin, Unix, zfs, zone