From mymaillists at gmx.at Tue Sep 2 10:42:43 2008 From: mymaillists at gmx.at (Markus Mayer) Date: Tue, 2 Sep 2008 16:42:43 +0200 Subject: SUMMARY: TSM and Sun Cluster, or how to create a resource that is a script in Sun Cluster In-Reply-To: <200808141707.57004.mymaillists@gmx.at> References: <200808141707.57004.mymaillists@gmx.at> Message-ID: <200809021642.43989.mymaillists@gmx.at> In the end the only reply I got was from our Sun partner, Martin Pre_laber, and thankfully through his several further suggestions we found an answer. To get a script in the cluster framework, specifically in our case one that starts and stops TSM's dsm scheduler, several steps were needed. The most critical for me was to stop following the tsm manual where it was telling me that all scripts for starting and stopping the tsm scheduler plus all configurations files *must* be on shared storage. This simply doesn't work. The dsm.opt file for each TSM node (note that a TSM node is different to, and *not* a cluster node!) can and generally should be on shared storage, mainly for consistency. The scripts for starting, stopping and probing the tsm services however need to be local and present on every node at all times. This availability of the scripts is what the cluster framework needs in order to add the resource into the cluster. If the script wasn't available on all nodes when I tried to create the resource, cluster spat the dummy... After setting up the scripts and manually testing the tsm client to make sure the configuration is correct on all nodes, it is possible to add a new resource to the cluster of type SUNW.gds - a general data service. To add the scripts as a gds resource into the cluster, the following command does the job: # clrs create -g www-rg -t SUNW.gds -p Start_command="/etc/init.d/dsm.scheduler.cluster.sh /zones/webdata/tsm/dsm.opt start" -p Probe_command="/etc/init.d/dsm.scheduler.cluster.sh webdata probe" -p Stop_command="/etc/init.d/dsm.scheduler.cluster.sh webdata stop" -p Network_aware=false webdata-backup-rs So in this example, the script /etc/init.d/dsm.scheduler.cluster.sh is on local storage on all nodes and is identical across all nodes. The script is below. The file /zones/webdata/tsm/dsm.opt is on shared storage and switches between nodes in the event of a failover. When the rg starts on a different node, the script is run and the resource comes online. Curiously, the dsmcad daemon process doesn't need to be killed in the event of a failover, the cluster framework seems to take care of this, killing the process and allowing a clean failover. Also, making the resource not network aware removed the need for a logical hostname for the resource group. The script to start, stop, and probe the dsm client is below. It could definitely be done better, however it works. Also, what I've noticed, it may also be possible to directly start and stop the scheduler process, dsmc, using the script. I haven't tried this, however I'm sure it would work. Note that I include this script for informational purposes only, I don't promise that it will work for you ;-) #!/bin/ksh # Generally, we should start up with something like this: # /opt/tivoli/tsm/client/ba/bin/dsmcad -optfile=/zstorage/build-test/tsm/dsm.opt # set the necessary environment variables so that TSM doesn't vomit LC_CTYPE="en_US" export LC_CTYPE LANG="en_US" export LANG LC_LANG="en_US" export LC_LANG LC_ALL="en_US" export LC_ALL # work out which argument is the command and which the config file case "$1" in 'start'|'stop'|'probe') COMMAND=$1 DSM_CONFIG=$2 ;; *) COMMAND=$2 DSM_CONFIG=$1 esac # now check what we want to do. case "$COMMAND" in 'start') # echo "starting" # There has to be a better way to do this test....... if test -f $DSM_CONFIG ; then true else echo "Config file $DSM_CONFIG does not exist, exiting." exit 1 fi export DSM_CONFIG # Check if there is already a dsmcad process running, if so, ignore the start command PS=`ps -ef | grep -v grep | grep -v vi | grep -v probe | grep -v zoneadmd | grep -v "dsm.scheduler.cluster.sh" | grep -c "$DSM_CONFIG"` if test "$PS" -eq "1" ; then echo "dsmcad is already started for $DSM_CONFIG, will not start another." ps -ef | grep -v grep | grep -v vi | grep -v probe | grep -v zoneadmd | grep -v "dsm.scheduler.cluster.sh" | grep "$DSM_CONFIG" exit 0 elif test "$PS" -gt "1" ; then echo "Seems to be too many processes running for dsmcad for $DSM_CONFIG, please check it." exit 1 fi /opt/tivoli/tsm/client/ba/bin/dsmcad -optfile=$DSM_CONFIG if test "$?" -ne "0" ; then echo "Failed to start the dsm scheduler, exiting" exit 1 fi ;; 'stop') # echo "stopping" # For the most part, we ignore a stop command as the dsmcad should work out itself # that it has to stop it's child process when the directory with it's password # isn't available. exit 0 ;; 'probe') # echo "probing" # WARNING: The following would produce a bug if "vi" is in the arguments... # So make sure you avoid it, OK? PS=`ps -ef | grep -v grep | grep -v vi | grep -v probe | grep -v zoneadmd | grep -c "$DSM_CONFIG"` if test "$PS" -gt "0" ; then # echo "Found $PS processes" exit 0 else echo "Found no processes" exit 1 fi ;; *) # otherwise an invalid command was received, vomit. echo "options { start | stop | probe }" exit 1 esac So I hope I've written something that is useful. If anyone has questions, feel free to contact me. regards On Thursday 14 August 2008, 17:07 Markus Mayer wrote: > Hi all, > > I've been pulling my hair out on this one for a few days now, even with > support from our Sun partner, we have not come up with a solution. > > I have a cluster, Sun Cluster 3.2 on two V445's, five resource groups each > containing an own zpool, and a number of zones. Each zpool and the zones > are configured as a resouce within the group, as is necessary for cluster. > Each resource group is configured for failover operations. From the > cluster view, everything works as it should. > > Enter the desire to make a backup with TSM. Backup services will be run > from the global zone. According to the TSM manual (IBM TSM for unix and > linux, backup-archive clients installation and user's guide, page 543-549) > we need to have an own TSM server node for each shared disk resource to > back up the shared resources. This is configured. Each TSM client node > will backup the data only on the shared disks within each resource group. > > >>From the client side, cluster, we need a simple script that runs as a > >> resource > > within the resource group. This script meets the requirements of cluster, > having exit values of 0, 100 and 201 depending on circumstances, and the > functions start, stop, and probe. As required by TSM, this script resides > on shared storage that switches between nodes, in our case an own zfs file > system on the zpool. When a failover occurs, the script should be started > (backup service/resource brought online) in the same way that any other > resource within the group would be started or brought online. > > Therein lies the problem. How can I define a resource that is a simple > shell script or program, which should then be added to an existing resource > group in cluster? It sounds simple enough, but it would seem it's not > so... > > Our Sun partner gave me the following link to follow, which I did. > http://docs.sun.com/app/docs/doc/819-2972/gds-25?a=view > In short, it says enbable SUNW.gds (already done), create a resourcegroup > that will contain the resource and failover service itself, create a > logical hostname, then the resource. This is where some confusion comes in > for me. > > I already have resource groups defined, one being comms-rg containing two > resources, comms-storage-rs and commssuite-zone-rs. The "backup" resource, > named for example comms-backup-rs, from my point of view should then come > into this resource group. If I try to add a logical hostname to this > resourcegroup, I get an error: > > # clreslogicalhostname create -g comms-rg commslhname > clreslogicalhostname: commslhname cannot be mapped to an IP address. > > So as suggested by our Sun patner, I tried adding an IP address for the > logical host name and putting it in the /etc/inet/hosts files on both > nodes. The result was: > > # clreslogicalhostname create -g comms-rg commslhname > clreslogicalhostname: specified hostname(s) cannot be hosted by any > adapter on wallaby > clreslogicalhostname: Hostname(s): commslhname > > getent returned valid information on both nodes. > # getent hosts 172.16.241.54 > 172.16.241.54 commslhname commslhname.nowhere.nothing.invalid > > OK, so it seems that I have to define a new resource group especially for > this one resource which contains one simple script, which makes no sence to > me because I already have a resource group into which the resource should > go. Why then can't I add this new script as a resource in an existing > resource group? The problem here is too, that I need to define an > additional resource group for every other resource group that I have, > currently five, meaning a total of ten resource groups, all of which need > affinities in order to correctly fail over and start the resources. > Additionally, the backup resource needs, according to the manual, to have > network resources defined, and a port list defines, although it needs only > to start a shell script. > > It seems much more complicated than it should be. I find nothing else in > the documentation about this, but it has to be simple, I can't imagine that > it could be so complicated.... > > The alternative, should such a resource definition not be possible, is to > have a TSM client in every zone, and one in the global zone of each node. > This is however not what I'm looking for. > > Could it be that I'm barking up the wrong tree here? Does anyone have any > suggestions as to how I can achieve this? > > Thanks > Markus > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From lkuruganti at yahoo.com Wed Sep 3 09:30:21 2008 From: lkuruganti at yahoo.com (Lakshmi Kuruganti) Date: Wed, 3 Sep 2008 06:30:21 -0700 (PDT) Subject: Summary :date command reporting incorrect date from console Message-ID: <518123.82796.qm@web34804.mail.mud.yahoo.com> Thanks to all who pointed me in the right direction..JULIAN, JOHN C , Tim Bradshaw , Darren Dunham ,Ric Anderson Seems to be issue with Locale settings , ssh is reporting different time because of setting in sshd_config. Thanks again -LK _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Alan.Rubin at nt.gov.au Wed Sep 3 18:08:50 2008 From: Alan.Rubin at nt.gov.au (Alan.Rubin at nt.gov.au) Date: Thu, 4 Sep 2008 07:38:50 +0930 Subject: SUMMARY: V240 Maximum Disk Size Message-ID: Yes, a larger disk will work fine in a V240. Some people warned that there could be additional heat generated. We installed a 300GB Seagate drive yesterday without any issues. Regards, Alan Rubin Technician Unix DCS Midrange Services Phone: +61 (08) 8999 6814 Fax: +61 (08) 8999 7493 e-Mail: alan.rubin at nt.gov.au __________________ Hello, The System Handbook for the V240 lists the maximum disk sold/supported by Sun is 143GB. Does anyone have any personal experience with using a larger disk in the V240? Will it depend on PROM? If so, what version is needed to run a larger disk? We need to move data from our SAN disks to a local disk before the particular SAN experiences a failure in order to minimize any outages. Regards, Alan Rubin Technician Unix DCS Midrange Services Phone: +61 (08) 8999 6814 Fax: +61 (08) 8999 7493 e-Mail: alan.rubin at nt.gov.au _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From pascal.grostabussiat at gmail.com Fri Sep 5 10:48:19 2008 From: pascal.grostabussiat at gmail.com (Pascal Grostabussiat) Date: Fri, 05 Sep 2008 16:48:19 +0200 Subject: SUMMARY: Issue with LUNs not showing despite sd.conf set !? In-Reply-To: <483432D4.70101@azoria.com> References: <483432D4.70101@azoria.com> Message-ID: <48C146B3.8040300@azoria.com> Hi, You can find below the description of the issue I encountered for a while ago now. The problem was never solved. However, I thought about writing a summary as a colleague found yesterday that this was likely due to a patch issue. The reason why he suspects that is that after jump-starting the same server, but not installing patches during the jump-start (under /a), but installing patches after a reboot, the problem was gone. However, if jump-starting the server as we did earlier and installing the patches as a standard post-installation procedure (under /a) the problem was back. Don't ask me why !? I had one or two questions recently about people who encountered a similar issue and who were asking if I had found a solution. So I am posting that update/summary. Which patch(es) is/are or might cause the trouble, I don't know ! Regards, /Pascal Pascal Grostabussiat wrote: > Hi guys, > > this is turning me crazy and I might have got blind. I have a T2000 and > a non-sun but standard SCSI disk-array attached to it with some LUNs. > Everything was OK before, but since I reinstalled the OS, I only see the > internal disks and LUN 0 for the two targets I have. So, yes, I know, as > usual adding entries in the sd.conf file solves the problem. But I did, > and ... it does not help :-( I have now spent several hours trying > different things, but in no use. I have another T2000 connected to the > second half of the same disk-array and there is no problem there. I > spent time too trying to compare my both T2000 (drivers, modules, > conf-files etc...) but did not find much and still have the problem. > > Before the OS re-installation the format output looked like this > (unfortunately the tech guy didn't copy the sd.conf file) > > AVAILABLE DISK SELECTIONS: > 0. c1t0d0 > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/LSILogic,sas at 2/sd at 0,0 > 1. c2t0d0 sec 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 0,0 > 2. c2t0d1 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 0,1 > 3. c2t0d2 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 0,2 > 4. c2t0d3 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 0,3 > 5. c2t0d4 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 0,4 > 6. c2t0d5 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 0,5 > 7. c2t0d6 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 0,6 > 8. c2t0d7 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 0,7 > 9. c2t1d0 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 1,0 > 10. c2t1d1 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 1,1 > 11. c2t1d2 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 1,2 > 12. c2t1d3 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 1,3 > 13. c2t1d4 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 1,4 > 14. c2t1d5 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 1,5 > 15. c2t1d6 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 1,6 > 16. c2t1d7 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 1,7 > Specify disk (enter its number): 0 > > > Now it looks like this: > > AVAILABLE DISK SELECTIONS: > 0. c1t0d0 > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/LSILogic,sas at 2/sd at 0,0 > 1. c2t0d0 sec 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 0,0 > 2. c2t1d0 480> > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1/sd at 1,0 > Specify disk (enter its number): > > > My sd.conf file looks as follows: > > bash-3.00# more /kernel/drv/sd.conf > # > # Copyright 2006 Sun Microsystems, Inc. All rights reserved. > # Use is subject to license terms. > # > #ident "@(#)sd.conf 1.10 06/02/08 SMI" > > name="sd" class="scsi" class_prop="atapi" target=0 lun=0; > name="sd" class="scsi" target=0 lun=1; > name="sd" class="scsi" target=0 lun=2; > name="sd" class="scsi" target=0 lun=3; > name="sd" class="scsi" target=0 lun=4; > name="sd" class="scsi" target=0 lun=5; > name="sd" class="scsi" target=0 lun=6; > name="sd" class="scsi" target=0 lun=7; > name="sd" class="scsi" target=0 lun=8; > name="sd" class="scsi" target=0 lun=9; > name="sd" class="scsi" target=0 lun=10; > name="sd" class="scsi" target=0 lun=11; > name="sd" class="scsi" target=0 lun=12; > name="sd" class="scsi" target=0 lun=13; > name="sd" class="scsi" target=0 lun=14; > name="sd" class="scsi" target=0 lun=15; > > name="sd" class="scsi" class_prop="atapi" target=1 lun=0; > name="sd" class="scsi" target=1 lun=1; > name="sd" class="scsi" target=1 lun=2; > name="sd" class="scsi" target=1 lun=3; > name="sd" class="scsi" target=1 lun=4; > name="sd" class="scsi" target=1 lun=5; > name="sd" class="scsi" target=1 lun=6; > name="sd" class="scsi" target=1 lun=7; > name="sd" class="scsi" target=1 lun=8; > name="sd" class="scsi" target=1 lun=9; > name="sd" class="scsi" target=1 lun=10; > name="sd" class="scsi" target=1 lun=11; > name="sd" class="scsi" target=1 lun=12; > name="sd" class="scsi" target=1 lun=13; > name="sd" class="scsi" target=1 lun=14; > name="sd" class="scsi" target=1 lun=15; > > etc... > > I can see the disk running a probe-scsi-all: > > {0} ok probe-scsi-all > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/LSILogic,sas at 2 > > MPT Version 1.05, Firmware Version 1.06.00.00 > > Target 0 Volume 0 > Unit 0 Disk LSILOGICLogical Volume 3000 143243264 Blocks, 73 GB > > /pci at 7c0/pci at 0/pci at 1/pci at 0,2/scsi at 1 > Target 0 > Unit 0 Disk VP-1252-FB951223-VOL#00 R001 781248000 Blocks, > 381468 MB > Unit 1 Disk VP-1252-FB951223-VOL#01 R001 39060480 Blocks, > 19072 MB > Unit 2 Disk VP-1252-FB951223-VOL#02 R001 39060480 Blocks, > 19072 MB > Unit 3 Disk VP-1252-FB951223-VOL#03 R001 39060480 Blocks, > 19072 MB > Unit 4 Disk VP-1252-FB951223-VOL#04 R001 39060480 Blocks, > 19072 MB > Unit 5 Disk VP-1252-FB951223-VOL#05 R001 39060480 Blocks, > 19072 MB > Unit 6 Disk VP-1252-FB951223-VOL#06 R001 39060480 Blocks, > 19072 MB > Unit 7 Disk VP-1252-FB951223-VOL#07 R001 39060480 Blocks, > 19072 MB > Target 1 > Unit 0 Disk VP-1252-FB951223-VOL#08 R001 39060480 Blocks, > 19072 MB > Unit 1 Disk VP-1252-FB951223-VOL#09 R001 39060480 Blocks, > 19072 MB > Unit 2 Disk VP-1252-FB951223-VOL#10 R001 39060480 Blocks, > 19072 MB > Unit 3 Disk VP-1252-FB951223-VOL#11 R001 39060480 Blocks, > 19072 MB > Unit 4 Disk VP-1252-FB951223-VOL#12 R001 39060480 Blocks, > 19072 MB > Unit 5 Disk VP-1252-FB951223-VOL#13 R001 39060480 Blocks, > 19072 MB > Unit 6 Disk VP-1252-FB951223-VOL#14 R001 39060480 Blocks, > 19072 MB > Unit 7 Disk VP-1252-FB951223-VOL#15 R001 39060480 Blocks, > 19072 MB > > {0} ok > > > I tried rebooting boot -r a few times, it didn't help, I tried > "update_drv -f sd", "devfsadm", it didn't help, I tried drvconfig, > devlinks and disks, without success. I tried to reconfigure the HBA > through cfgadm, it didn't change anything (the HBA is connected and > configured, but it only shows one disk on each target, just like > format). I checked /etc/path_to_inst but it aligned with what format > currently shows me. I googled, but could only find pointers saying that > the sd.conf file needs to be extended, which I already did. > > Again, the disk-array is a non-Sun (Fibrenetix) disk-array but it is a > standard SCSI array (no FC), fully supported on Solaris (we have a few > of these working just fine on other Sun servers). > > For other details, it is of course Solaris 10 (see below) and I have > VERITAS FS/VM installed (but this should not be of any issue even if the > LUNs were earlier controlled by VERITAS, just like the two LUN 0 that I > am currently seeing). > > bash-3.00# uname -a > SunOS ... 5.10 Generic_127111-06 sun4v sparc SUNW,Sun-Fire-T200 > bash-3.00# more /etc/release > Solaris 10 8/07 s10s_u4wos_12b SPARC > Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. > Use is subject to license terms. > Assembled 16 August 2007 > bash-3.00# > > > I must be missing a detail somewhere, or I might have become blind. > > Many thanks in advance for any suggestion!! > Regards, > /Pascal > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Rob.McMahon at warwick.ac.uk Fri Sep 5 11:36:15 2008 From: Rob.McMahon at warwick.ac.uk (Rob McMahon) Date: Fri, 05 Sep 2008 16:36:15 +0100 Subject: SUMMARY: Errors trying to label disk in SAN In-Reply-To: <48C0F9D5.5030108@warwick.ac.uk> References: <48C0F9D5.5030108@warwick.ac.uk> Message-ID: <48C151EF.4020202@warwick.ac.uk> I had two replies, from Anatoliy Nelyubin and Joe Fletcher suggesting I check the array permissions, and multipathing status, and maybe try doing a `luxadm -e forcelip' or reboot. Fortunately in the mean time the SAN man (I think I said LAN in the original post) found the cause. I needed to be on the same port as the LUN being served. I'm not sure of the exact topology, but I am single attach at the moment, and the disk is accessible via two routes. If I wasn't on the same switch as the primary controller I got this error. If the controller fails over to the standby, I'll be hosed again. For some reason the fabric wasn't taking care of it, which doesn't bode well in case of a controller failure. He's off to investigate. Anyway, I now have a working chunk of disk. Thanks all, Rob Rob McMahon wrote: > V890, running Solaris 10 3/05 > > I'm trying to add an extra chunk of disk to a V890, and whilst I can see > the disk, and have another chunk from the same SAN, labeling it is > failing. Here's the disk going in (second attempt, because it failed > first time round too). > ... > As seen from format > > 0. c6t600A0B80001133CC000021BC474A921Bd0 cyl 65533 alt 2 hd 256 sec 68> > /scsi_vhci/ssd at g600a0b80001133cc000021bc474a921b > 1. c6t600A0B80001150A2000059E048BF8C12d0 cyl 65533 alt 2 hd 256 sec 69> > /scsi_vhci/ssd at g600a0b80001150a2000059e048bf8c12 > > (0 is the existing, working one) > > Specify disk (enter its number): 1 > selecting c6t600A0B80001150A2000059E048BF8C12d0 > [disk unformatted] > Disk not labeled. Label it now? y > Warning: error writing VTOC. > Illegal request during read > ASC: 0x94 ASCQ: 0x1 > Warning: error reading backup label. > -- E-Mail: Rob.McMahon at warwick.ac.uk PHONE: +44 24 7652 3037 Rob McMahon, IT Services, Warwick University, Coventry, CV4 7AL, England _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From lally.singh at gmail.com Sat Sep 6 15:15:33 2008 From: lally.singh at gmail.com (Lally Singh) Date: Sat, 6 Sep 2008 15:15:33 -0400 Subject: SUMMARY: Simplest way to share user/home directories in a small cluster in OpenSolaris? Message-ID: <3b3449e00809061215m2bac86eeo77c912b3e571dfc2@mail.gmail.com> Thanks to everyone for their suggestions. You've just saved me a week of fiddling and hating my life :-) Problem: Very small (5 node) cluster, needing to share a small number of users and home directories. Unsure of whether to use LDAP, NIS+, or NIS Solution: Don't use any. Instead, copy /etc/shadow, /etc/passwd, and /etc/group among them, and export /home on one of them. -- H. Lally Singh Ph.D. Candidate, Computer Science Virginia Tech _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From ahoesch at smartsoft.de Mon Sep 8 06:00:30 2008 From: ahoesch at smartsoft.de (=?ISO-8859-1?Q?Andreas_H=F6schler?=) Date: Mon, 8 Sep 2008 12:00:30 +0200 Subject: Summary: system malfunction due to /var In-Reply-To: <8030C4BE-7D85-11DD-AAD7-000393CA0072@smartsoft.de> Message-ID: Dear manager, thanks to "Rajiv Gunja" Stuart Saxon Richard Skelton "Hendrik Visage" > I have a serious problem with one of our servers. Users are complaining > that sending mails, storing Star Office documents etc. does not work > anymore. I checked "df -h" and got > > /dev/md/dsk/d0 116G 114G 1.6G 99% / > /dev/md/dsk/d3 2.9G 2.8G 5.0M 100% /var > > d0 should not be the problem yet, but d3 is alarming. When I do > > du -sk /var > 2023430 /var > > I find that only 2 GB of the 2.9GB partition is used. Why is "df -h" > telling me that 100% is used. I am sure the problems are related to the > system not being able to store files in /var, but why? > > What can I do? This of course was a problem of processes still running and thus not relasing the file space. It took me a while to realize that.I removed /var/log/syslog.2 /var/log/syslog.3 /var/log/syslog.4 /var/log/syslog.5 /var/log/syslog.6 /var/log/syslog.7 and did /usr/sbin/svcadm disable system-log /usr/sbin/svcadm enable system-log /usr/sbin/svcadm restart system-log but saw no increase of available space in "df -h" for /var!? I finally discovered 15 or so processes like root 26263 1 0 Aug 17 ? 0:59 tail -f /var/log/syslog After killing all of them the space was available again. Thanks a lot, Andreas _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From hvjunk at gmail.com Mon Sep 8 06:37:12 2008 From: hvjunk at gmail.com (Hendrik Visage) Date: Mon, 8 Sep 2008 11:37:12 +0100 Subject: SUMMARY: changes to file: catching the culprit Message-ID: Thanx to: JayJay Florendo Tim Bradshaw hike Rajiv Gunja A Darren Dunham Scott Lawson Christopher L.Barnard The "problem" was I'm still on Solaris 9 ;( Yes, we *are* going the seperate user route + roles etc. ... but big ships have wide turning circles, and that would've alarmed the possible culprit. We've enabled accounting, and will see what comes out of that. Thanx On Tue, Sep 2, 2008 at 12:23 PM, Hendrik Visage wrote: > Hi there, > > we have a suspicion of subtle sabotage, and we need to catch the > culprit(s), however there is a common user ID for this application > that the users log into ;( (Yes, I know, but big ships have huge > turningcircles) > > What we are in need of is a "real time" method to trap which process > made the change and then perhaps be able to trace back to the sshd and > source IP. > > don't want to enable full auditing as yet becuase of the performance > impact on a very busy server, but if people say that's the way to go > from experience, then we'll do it. > > -- > Hendrik Visage > -- Hendrik Visage -- Hendrik Visage _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From hvjunk at gmail.com Mon Sep 8 06:39:55 2008 From: hvjunk at gmail.com (Hendrik Visage) Date: Mon, 8 Sep 2008 11:39:55 +0100 Subject: SUMMARY: Zones and ps -ef Message-ID: Also thanx to (in order of arrival): Martin Pleblaber Maciej Blinzinski Markus Mayer, But the prize winning response: ---------- Forwarded message ---------- From: Andrew Watkins Date: Mon, Sep 8, 2008 at 11:33 AM Subject: Re: Zones and ps -ef To: Hendrik Visage No! You got it wrong the global zone will show you every process running on every zone. I think what you need is the -z or -Z but -e will show you every process -Z Prints the name of the zone with which the process is associated under -z zonelist Lists only processes in the specified zones. -e Lists information about every process now running. When the -eoption is specified, options -z, -t, -u, -U, -g, -G, -p, -g and -a options have no effect. Which means -e overrides -z ps -efZ or ps -fz global Andrew Hendrik Visage wrote: > > Hi there, > > The way I understood zones, is that a ps -ef in the global zone > shouldn't show me processes in the other zones, or have I missed > something? > It's extremely "painfull" when looking at ps -ef output in the global > zone and the UIDs being dissimilar from the "child/guest" zones, > showing strange names etc. > > What options would be needed for ps *not* to show the child zone pids? > And which options would show to which zone a process belongs to? > ditto for prstat and friends ;) > Thanx > -- Hendrik Visage _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Matthew.Stier at us.fujitsu.com Mon Sep 8 12:24:18 2008 From: Matthew.Stier at us.fujitsu.com (Matthew Stier) Date: Mon, 08 Sep 2008 12:24:18 -0400 Subject: SUMMARY: Jumpstarting Logical Domains In-Reply-To: <48C1AB2D.2090009@us.fujitsu.com> References: <48C1AB2D.2090009@us.fujitsu.com> Message-ID: <48C551B2.7010804@us.fujitsu.com> Thanks to: Majeed Abu-Qulbain for pointing out that the eeprom 'boot-device' will be set to 'vdisk'. eeprom | grep '^boot-device=' | grep -c vdisk Matthew Stier wrote: > Can anyone think of a simple test I can put in a Jumpstart > 'begin/finish' scripts to test for guest domains? [Other than coding > the hostnames.] _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From ldillon at bresnan.com Tue Sep 9 12:48:29 2008 From: ldillon at bresnan.com (Dillon, Larry) Date: Tue, 9 Sep 2008 12:48:29 -0400 Subject: SUMMARY: NFS mount does not come up at boot time but works fine from command line Message-ID: <10BF2D572E87064CAB6E6DE57D14086172916B@fossil.bresnan.com> SUMMARY: When the system in question was installed, the JASS security toolkit was applied in a rather restrictive setting. This setting, among other items, turned off the NFS client automount in the init scripts. Restoring the file returned NFS automount. Details: In /etc/rc2.d, there is a file called S73nfs.client, that does all the NFS automounts, as flagged in /etc/vfstab. JASS moves this file to _S73nfs.client.JASS.[timestamp], to keep it from running during the automatic boot. This file contains the commands "mountall -F nfs" and "mountall -F cachefs", which have to do with NFS file systems. This is where the automatic mount on boot occurs. Moving the file back to its original name (S73nfs.client) restored the expected functionality. I didn't see any other files that needed to be recovered similarly in the boot script files. I suspect JASS does the exact same thing under Solaris 8 (or other versions pre-10 that JASS runs on). Under Solaris 10, I theorize (but have not had a chance to test) that JASS turns off the appropriate boot item in SMF. I would suggest checking your services list for details. Thanks to Joshua Newswanger, Ric Anderson, A Darren Dunham and Matt Clauson for their responses. Larry Dillon _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From breynolds at Cymtec.com Wed Sep 10 09:11:44 2008 From: breynolds at Cymtec.com (Beverley Reynolds) Date: Wed, 10 Sep 2008 08:11:44 -0500 Subject: SUMMARY - explorer will not finish running Message-ID: <800519794AFB8B47A201D7B8B7B1502E367C24@cymex.Cymtec.net> Thanks to Val Popa pkginfo -l SUNWexplo ; The raidctl cmd in earlier versions of explorer is busted I have a SUN T2000 Solaris version 10 5.10 Generic_127127-11 sun4v sparc SUNW,Sun-Fire-T2000 My last successful run of explorer was in May of this year. It starts and then it just sends the following WARNING errors to the /var/adm/messages file and continues this till I kill explorer. I have a SUN 6140 array attached I also have a SONY 430 tape library - it is old and will soon be replaced. I have 3 questions: 1.) Has anyone seen this kind of problem with explorer? 2.) SUN says to disconnect the tape lib and try to run explorer to see if that is the problem. Will there be any problems if I disconnect the cable from the T2000 and then reconnect after trying to run explorer? 3.) If that doesn't get explorer to run I then plan on umounting the array file systems, disconnecting that cable and trying to run explorer, the remounting the file systems after reconnecting the cable. Any problems with this? Sep 10 11:20:12 explorer: [ID 702911 daemon.notice] Explorer started Sep 10 11:22:34 scsi: [ID 107833 kern.warning] WARNING: /pci at 7c0/pci at 0/pci at 8/pci at 0/scsi at 8 (mpt3): Sep 10 11:22:34 Connected command timeout for Target 1. Sep 10 11:22:52 scsi: [ID 107833 kern.warning] WARNING: /pci at 7c0/pci at 0/pci at 8/pci at 0/scsi at 8 (mpt3): Sep 10 11:22:52 Connected command timeout for Target 0. Thanks Bev ############################################################################# ## This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) named above. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this message in error and that any review, disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return e-mail. ############################################################################# ## _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From sunhux at gmail.com Wed Sep 10 09:51:39 2008 From: sunhux at gmail.com (sunhux G) Date: Wed, 10 Sep 2008 21:51:39 +0800 Subject: Summary: Which of the hardening changes disabled the users "stored password" telnet login? Message-ID: <60f08e700809100651l7bfa3443ube5582c434fc4629@mail.gmail.com> Thanks Matthew & Anthony. Just realized the problem lies with the Tcp wrapper for Solaris 8 which I got from sunfreeware.org : by removing "/usr/local/bin/tcpd" for telnetd in inetd.conf this solved the problem. This wrapper has also caused "lp" printing problem when used to 'wrap' printer service in inetd.conf There's suggestion that disabling "rlogin/rhost" in pam.conf could cause this but it's not the case. Good point why we're using "telnet" though it's supposed to be a hardening exercise : there's scripts/macros built into the terminal emulator software & this legacy which has been in place for ages will take a while to overcome Thanks U On Tue, Sep 9, 2008 at 6:33 PM, sunhux G wrote: > > Hi, > > After doing some hardening (for audit purpose), our users (id land1 & > enq1) were > not able to do "telnet token login" - they're using sort of Reflection > terminal emulator > that allows them to store their Unix password in their PC's emulator > software. > In the past, after getting the "telnet" login prompt, a windows will pop > up which allow > them to select/click a userid & automatically the password will be fed into > the emulator > software into Solaris & they could login (without having to key in > password). > Which of the hardening steps I've taken below could have been the likely > culprit? > > > Negative: 1.2 tcp6-protocol service ftp in inetd.conf is not wrapped. - > wrapped with tcpd > Negative: 1.2 tcp6-protocol service telnet in inetd.conf is not wrapped.- > wrapped with tcpd > Negative: 1.2 tcp6-protocol service time in inetd.conf is not wrapped.- > disabled in inetd.conf > Negative: 1.2 udp6-protocol service time in inetd.conf is not wrapped. - > disabled > Negative: 1.2 tcp6-protocol service printer in inetd.conf is not wrapped.- > wrapped with tcpd > Negative: 1.2 udp-protocol service bootps in inetd.conf is not wrapped. - > disabled > Negative: 1.2 tcp-protocol service bgssd in inetd.conf is not wrapped. - > disabled > Negative: 1.2 tcp-protocol service omni in inetd.conf is not wrapped. - > wrapped with tcpd > Negative: 2.1 inetd listens on port time -- this port's line should be > commented out or deleted in inetd.conf. - disabled > Negative: 2.1 inetd listens on port ufsd/1 -- this port's line should be > commented out or deleted in inetd.conf. - disabled > Negative: 2.1 inetd listens on port 100235/1 -- this port's line should be > commented out or deleted in inetd.conf. - disabled > Negative: 2.2 telnet not deactivated. - needed so not deactivated > Negative: 2.6 BSD-compatible printer server should be deactivated - needed, > so wrapped using tcpd > Negative: 2.8 CDE-related daemon rpc.ttdbserverd not deactivated in > inetd.conf. - disabled > Negative: 3.1 Serial login prompt not disabled. - disabled > Negative: 3.3 inetd is still active. - needed so left alone > Negative: 3.17 Graphical login-related script dtlogin not deactivated. - > left alone > Negative: 3.19 SNMP daemon should be deactivated. - needed so left alone > Negative: 4.1 per-process coredumps are configured on, but not forced into > a root-owned, 0700 directory with root-owned, non-group and world-writable > parent directories. - done > Negative: 4.3 NFS clients aren't restricted to privileged ports. > Negative: 4.4 Source routing (ip_forward_src_routed) should be deactivated > Negative: 4.4 ip6 source routing (ip6_forward_src_routed) should be > deactivated > Negative: 4.4 Forwarding of directed broadcasts > (ip_forward_directed_broadcasts) isn't disabled. > Negative: 4.4 tcp_conn_req_max_q0 should be at least 4096 to avoid TCP > flood problems. > Negative: 4.4 tcp_conn_req_max_q should be at least 1024 to avoid TCP flood > problems. > Negative: 4.4 ip_respond_to_timestamp isn't 0. > Negative: 4.4 ip_respond_to_timestamp_broadcast should be 0. > Negative: 4.4 ip_respond_to_echo_broadcast should be 0. > Negative: 4.4 ip_ignore_redirect isn't set to 1. > Negative: 4.4 ip6_ignore_redirect isn't set to 1. > Negative: 4.4 Port 6112 is not included in tcp_extra_priv_ports. > Negative: 4.4 ARP timer (arp_cleanup_interval) should be at most 60,000. > Negative: 4.4 ARP timer (ip_ire_arp_interval) should be at most 60,000 > Negative: 4.5 ip_strict_dst_multihoming isn't activated. > Negative: 4.5 ip6_strict_dst_multihoming isn't activated. > Negative: 4.5 ip_send_redirects isn't set to 0. > Negative: 4.6 TCP sequence numbers not strong enough. > Negative: 5.1 inetd's connection logging is not active. > Negative: 5.2 ftp is running out of inetd on port ftp, but does not do "-d" > debug logging. > Negative: 5.3 syslog does not permanently capture daemon.debug messages. > Negative: 5.7 Couldn't find an active sadc line in /etc/rc2.d/S21perf to > verify system acctg. > Negative: 5.8 kernel-level auditing isn't enabled. > Negative: 5.9 /var/adm/wtmpx should not be world or group writable. > Negative: 6.1 logging option isn't set on root file system > Negative: 6.8 Fix-modes has not been run here. > Negative: 7.1 inetd.conf's sadmind line does not have a -S 2 argument. > Negative: 7.3 /etc/pam.conf appears to support rhost auth. > Negative: 7.4 User uucp is not present in /etc/ftpusers > Negative: 7.5 System is running syslogd without the -t switch, accepting > remote logging. > Negative: 7.6 /etc/dt/config/Xconfig doesn't exist, thus permits xdmcp port > listening. > Negative: 7.8 /etc/dt/config/ doesn't exist, so GUI screenlocker can't be > configured. > Negative: 7.9 Non-root accounts are in cron.allow. > Negative: 7.9 Couldn't open at.allow > Negative: 7.10 The permissions on /var/spool/cron/crontabs/lp are not > sufficiently restrictive. > Negative: 8.8 User land1 has a world-executable homedir! > Negative: 8.8 User land1 has a world-readable homedir! > Negative: 8.8 User enq1 has a world-executable homedir! > Negative: 8.8 User enq1 has a world-readable homedir! > Negative: 8.11 Current umask setting in file /etc/.login is 000 -- it > should be stronger to block world-read/write/execute. - changed to 022 > Negative: 8.11 Current umask setting in file /etc/.login is 000 -- it > should be stronger to block group-read/write/execute. - changed to 022 > Negative: 8.11 Current umask setting in file /etc/profile is 022 -- it > should be stronger to block world-read/write/execute. > Negative: 8.11 Current umask setting in file /etc/profile is 022 -- it > should be stronger to block group-read/write/execute. > Negative: 8.11 Current umask setting in file /etc/default/login is 022 -- > it should be stronger to block world-read/write/execute. > Negative: 8.11 Current umask setting in file /etc/default/login is 022 -- > it should be stronger to block group-read/write/execute. > Negative: 8.13 /etc/profile should have mesg n to block talk/write commands > and strengthen permissions on user tty. > Negative: 8.13 /etc/.login should have mesg n to block talk/write commands > and strengthen permissions on user tty. > Negative: 9.1 /etc/issue doesn't have a authorized-use banner. > Negative: 9.2 /etc/dt/config/ doesn't exist, so GUI welcome message > couldn't have been changed. > Negative: 9.3 Couldn't open /etc/default/telnetd to test for BANNER line - > created /etc/default/telnetd with banner > Negative: 9.4 Couldn't open /etc/default/ftpd to test for BANNER line - > created ftpd with banner > > I could elaborate in more details the changes done as there's too much to > write here. > > > Thanks > U _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From anepomn at gmail.com Wed Sep 10 18:36:52 2008 From: anepomn at gmail.com (Aleksandr Nepomnyashchiy) Date: Wed, 10 Sep 2008 18:36:52 -0400 Subject: SUMMARY: Solaris patch management tools - do you use any? Message-ID: <26924da90809101536u53f1f9cdwa0ec780008f6a6c3@mail.gmail.com> Many thanks to those who replied. Looks like PCA - Patch Check Advanced http://www.par.univie.ac.at/solaris/pca/ is the preferred tool for the community. I will test it. ======= original post below =============== Dear All, Could you please share your opinion about the subject : - Do you use Solaris patch management tools ? - If yes, how do you like them? Thank you, Aleksandr _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Ugo.Balestrieri at alcatel-lucent.it Thu Sep 11 05:48:05 2008 From: Ugo.Balestrieri at alcatel-lucent.it (BALESTRIERI UGO) Date: Thu, 11 Sep 2008 11:48:05 +0200 Subject: SUMMARY : SSH installation on Solaris 8 Message-ID: <72B2DB3EB0EAE243B7613C6F00B7C16F9F48FB@FRVELSMBS21.ad2.ad.alcatel.com> Hi Many thanks to Mr. Gurudatta N.R Original question : >> On Fri, Sep 5, 2008 at 10:23 PM, BALESTRIERI UGO >> wrote: >>> Hi managers >>> >>> I tried to install ssh service on sparc Ultra 5 solaris 8 server but >>> without a good result, anybody could help me ? >>> Part of the installation sequence is the following : >>> >>> Patchadd 112438-03 >>> .... >>> Fri Sep 5 17:56:03 MEST 2008 Package >>> openssl-0.9.8,REV=2005.07.15-SunOS5.8-sparc-CSW.pkg successfully >>> installed Fri Sep 5 17:56:13 MEST 2008 Package >>> zlib-1.2.3,REV=2005.07.22-SunOS5.8-sparc-CSW.pkg successfully >>> installed Fri Sep 5 18:05:10 MEST 2008 Package >>> openssh-5.0p1-sol8-sparc-local.pkg >>> successfully installed >>> >>> Thanks in advance >>> >>> Bye >>> Ugo >> Hi , >> >> >> I have follwed below document and able to install the ssh long back >> pls check and lt me know . >> >> >> Regards >> Gurudatta N.R >> >> >> >> Ssh installation for Solaris 8 >> Introduction: >> Secure shell (SSH) is a protocol that provides a secure, remote >> connection to any device with ssh support. SSH is a substitute to >> Berkeley r-tools like telnet, rlogin, rsh and rcp which are not > secure. >> SSH provides more security to any data that is being transported to >> the Internet by providing more authentication, encryption and >> authorization procedures. There are currently two versions of SSH >> available, SSH Version 1 and SSH Version 2 >> >> >> Required packages: >> All of the required packages of this tutorial is available from >> http://www.sunfreeware.com/ >> >> openssh >> openssl (SSL) >> prngd (Psuedo Random Generator Daemon) zlib (Z library) >> Installation: >> #pkgadd -d openssl-0.9.6c-sol8-sparc-local >> >> The following packages are available: >> 1 SMCosslc openssl >> (sparc) 0.9.6c >> >> Select package(s) you wish to process (or 'all' to process all >> packages). (default: all) [?,??,q]: >> >> #pkgadd -d prngd-0.9.23-sol8-sparc-local >> >> The following packages are available: >> 1 SMCprngd prngd >> (sparc) 0.9.23 >> >> Select package(s) you wish to process (or 'all' to process all >> packages). (default: all) [?,??,q]: >> >> #pkgadd -d zlib-1.1.4-sol8-sparc-local >> >> The following packages are available: >> 1 SMCzlib zlib >> (sparc) 1.1.4 >> >> Select package(s) you wish to process (or 'all' to process all >> packages). (default: all) [?,??,q]: >> >> #pkgadd -d openssh-3.1p1-sol8-sparc-local >> >> The following packages are available: >> 1 SMCossh openssh >> (sparc) 3.1p1 >> >> Select package(s) you wish to process (or 'all' to process all >> packages). (default: all) [?,??,q]: >> >> Startup Scripts: >> Create a startup script for the ssh daemon. >> /etc/init.d/ssh >> >> >> #! /bin/sh >> # >> # start/stop the secure shell daemon >> >> case "$1" in >> >> 'start') >> # Start the ssh daemon >> if [ -f /usr/local/sbin/sshd ]; then >> echo "starting SSHD daemon" >> /usr/local/sbin/sshd & >> fi >> ;; >> >> 'stop') >> # Stop the ssh deamon >> PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep sshd | /usr/bin/awk >> '{print $1}'` >> if [ ! -z "$PID" ] ; then >> /usr/bin/kill ${PID} >/dev/null 2>&1 >> fi >> ;; >> >> *) >> echo "usage: /etc/init.d/sshd {start|stop}" >> ;; >> >> esac >> >> Make the script executable and create a startup script on run level 2. >> >> #chmod +x /etc/init.d/sshd >> #ln s /etc/init.d/sshd /etc/rc2.d/S99sshd >> >> >> Create a startup script for the pseudo random generator daemon. >> /etc/init.d/prngd >> >> >> #! /bin/sh >> # >> # start/stop the pseudo random generator daemon >> >> case "$1" in >> >> 'start') >> # Start the ssh daemon >> if [ -f /usr/local/bin/prngd ]; then >> echo "starting PRNG daemon" >> /usr/local/bin/prngd /var/spool/prngd/pool& >> fi >> ;; >> >> 'stop') >> # Stop the ssh deamon >> PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep prngd | /usr/bin/awk >> '{print $1}'` >> if [ ! -z "$PID" ] ; then >> /usr/bin/kill ${PID} >/dev/null 2>&1 >> fi >> ;; >> >> *) >> echo "usage: /etc/init.d/prngd {start|stop}" >> ;; >> >> esac >> >> Make the script executable and create a startup script on run level 2. >> >> #chmod +x /etc/init.d/prngd >> #ln s /etc/init.d/prngd /etc/rc2.d/S99prngd >> >> # /etc/init.d/prngd start >> starting PRNG daemon >> Info: Random pool not (yet) seeded >> Could not bind socket to /var/spool/prngd/pool: No such file or >> directory # mkdir -p /var/spool/prngd #/etc/init.d/prngd start >> starting PRNG daemon # Info: Random pool not (yet) seeded # Next is >> to > >> start the actual ssh >> >> HERE NO Message are displayed after /etc/init.d/sshd start >> >> daemon, # /etc/init.d/sshd start starting SSHD daemon Could not load >> host key: /usr/local/etc/ssh_host_key Could not load host key: >> /usr/local/etc/ssh_host_rsa_key Could not load host key: >> /usr/local/etc/ssh_host_dsa_key Disabling protocol version 1. Could >> not load host key Disabling protocol version 2. Could not load host >> key >> sshd: no hostkeys available -- exiting. >> # >> The errors above are due to the fact that we didn't create any key >> pairs for our ssh server. >> >> Create a public key pair to support the new, DSA-based version 2 >> protocol >> >> # /usr/local/bin/ssh-keygen -d -f /usr/local/etc/ssh_host_dsa_key -N > "" >> >> Generating public/private dsa key pair. >> Your identification has been saved in /usr/local/etc/ssh_host_dsa_key. >> Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub. >> The key fingerprint is: >> 00:91:f5:8a:55:7c:ac:ff:b7:08:1f:ce:23:aa:f2:79 root at solaris8 >> >> >> Create a public key pair to support the old, RSA-based version 1 >> protocol >> >> # /usr/local/bin/ssh-keygen -b 1024 -f >> /usr/local/etc/ssh_host_rsa_key > >> -t rsa -N "" >> Generating public/private rsa1 key pair. >> Your identification has been saved in /usr/local/etc/ssh_host_rsa_key. >> Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub. >> The key fingerprint is: >> 8e:b0:1d:8a:22:f2:d2:37:1f:92:96:02:e8:74:ca:ea root at solaris8 >> >> Edit ssh daemon configuration file /usr/local/etc/sshd_config, enable >> protocol 2 and 1 Uncomment the line, that says >> >> protocol 2,1 >> >> # /etc/init.d//sshd start >> starting SSHD daemon >> # >> >> > Hi , > > I have tried this on solaris 8 only , try this > > > mkdir /var/empty > chown root:sys /var/empty > chmod 755 /var/empty > groupadd -g 101 sshd > useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd > > > cat /var/log/syslog > /usr/local/etc/prngd/prngd-seed mkdir > /var/spool/prngd cp /admin/prngd /etc/init.d/prngd chown root:sys > /etc/init.d/prngd chmod 755 /etc/init.d/prngd ln -s /etc/init.d/prngd > /etc/rc2.d/S98prngd /etc/init.d/prngd start > > > /usr/local/bin/ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N "" > /usr/local/bin/ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N > "" > /usr/local/bin/ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N > "" > > > cp /admin/sshd /etc/init.d/sshd > chown root:sys /etc/init.d/sshd > chmod 744 /etc/init.d/sshd > ln -s /etc/init.d/sshd /etc/rc2.d/S98sshd /etc/init.d/sshd start > > just delete the entry from the /home/nortel/.ssh/known_hosts host or hash. and try this will work . Regards Gurudatta N.R _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From cbarnar1 at earthlink.net Thu Sep 11 23:19:02 2008 From: cbarnar1 at earthlink.net (Christopher L. Barnard) Date: Thu, 11 Sep 2008 22:19:02 -0500 Subject: Summary: How to get the create time of a file In-Reply-To: References: Message-ID: <8452E44E-4EBE-4A71-9F26-A17EAF008902@earthlink.net> I asked: > I need to determine the time at which time a file was first created. > The most recent edit timestamp is easy, and specifying a file older > than a certain number of days is easy, but I have not had luck with > finding out a way of determining when a particular file was created. > Does anyone know how that would be done? The answer is: It cannot be done. UFS does not keep that information. Several people mentioned gnu and other 3rd party add-ons, but since they would still be reliant upon the underlying filesystem I would be suspicious if they work. Thanks to the many many people who responded. Christopher L. Barnard cbarnar1 at earthlink.net ----------------------------------------------------------------------- When I was a boy, I was told that anyone could be president. Now I am beginning to believe it. -- Clarence Darrow _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From dani.calloway at gmail.com Fri Sep 12 14:48:06 2008 From: dani.calloway at gmail.com (Dani Calloway) Date: Fri, 12 Sep 2008 10:48:06 -0800 Subject: SUMMARY: freeing up space in /var/sadm Message-ID: Well, I've gotten quite the gambit of replies. A few people have advised me to not touch /var/sadm at all, saying that to modify anything would destroy my ability to patch the system in the future. Others suggested that the entirety of /var/sadm/patch could be removed without consequence (other than the inability to roll back patches). Yet others suggested that I remove all undo.Z and/or obsolete.Z files in /var/sadm/pkg. After some serious backups, I tried the latter approach, since the undo.Z and obsolete.Z files were taking up the most space. I then was able to apply the security patches needed with no issues, indicating that removal of the files is safe so long as you don't need to roll back. Hopefully. Removing undo.Z and obsolete.Z freed up 85% of the used disk space in /var. -- Dani Calloway _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From earlysame55 at gmail.com Sun Sep 14 15:16:31 2008 From: earlysame55 at gmail.com (Unix Administrator) Date: Sun, 14 Sep 2008 23:16:31 +0400 Subject: SUMMARY: HBA Message-ID: <2a81355a0809141216q267ac638n2f110580fa19dd0@mail.gmail.com> Dear managers, Thanks for all the replies and sorry that i have taken some time to summarize. Following are the responses which i got. Smith, Kev luxadm fcode_download -p Martin Pre_laber hi, on solaris 10, you could use: root at backup # fcinfo hba-port HBA Port Scott Lawson Unix Administrator wrote: 'luxadm qlgc' that will show you all qlogic cards & prtdiag and prtconf. Scott M. Sorrentino fcinfo hba-port Vikas Sharma There is one command "fcinfo" which can be used to get information about HBA Deborah Crocker Under solaris 10 there is /usr/sbin/fcinfo hba-port This will report the card... Donald Kinney show [hbamap] the shell utility _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From dave.markham at fjserv.net Thu Sep 18 06:56:21 2008 From: dave.markham at fjserv.net (Dave Markham) Date: Thu, 18 Sep 2008 11:56:21 +0100 Subject: SUMMARY: Solaris 8 CDE timeout problem Message-ID: <48D233D5.4040004@fjserv.net> OK. Thanks to people who responded on this. Couple just suggested to run applications over ssh and X, which isn't an option in this case. They have a machine in restricted section of a datacenter with a vga card and vga to fibre converter which trails some distance to a big screen in an ops room. There is no network access to the box from the ops room. It seemed like an issue where some users had inadvertently set up DPMS on their account. This will blank the monitor output after a certain amount of idle seconds. (Default for us was 1440). This was checked with :- # find /export/home -name dt.settings -exec egrep -li "dpmsenable:.*1" {} \; /export/home//.dt/sessions/current/dt.settings etc We then just changed the following entries :- Dtsession*ShutDownState: 1 Dtsession*DPMSStandby: 1440 Dtsession*DPMSEnable: 1 Dtsession*DPMSOff: 1800 Dtsession*DPMSSuspend: 1620 Dtsession*ShutDownMode: 4 to Dtsession*ShutDownState: 1 Dtsession*DPMSStandby: *0* Dtsession*DPMSEnable: *0* Dtsession*DPMSOff: *0* Dtsession*DPMSSuspend: *0* Dtsession*ShutDownMode: 4 Hope this helps someone Dave _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From whittemo at flash.ast.lmco.com Thu Sep 18 10:30:09 2008 From: whittemo at flash.ast.lmco.com (Dale Whittemore) Date: Thu, 18 Sep 2008 08:30:09 -0600 Subject: SUMMARY: How to do a Hardware reset of the ALOM to factory defaults In-Reply-To: <48D16FC3.1080100@mailhost.ast.lmco.com> References: <48D16FC3.1080100@mailhost.ast.lmco.com> Message-ID: <48D265F1.7000103@mailhost.ast.lmco.com> Never did find out how to do a hardware reset to factory defaults but, as it turns out, the previous admin had put a base OS install on it and used the standard root password we use for servers before putting the them into production. I just booted up with my laptop plugged into the SER MGT port and when I got the login prompt I logged in as root and cd'ed to /usr/platform/`uname -i`/sbin, then ran scadm userpassword admin and changed it. Dale Dale Whittemore wrote: > We have a V445 that came with the ALOM password already set to something > other than the factory default. We would like to reset the ALOM to > factory default so we can start building the system. The disks were > replace with new disks before we took ownership. The admin who had the > box before has left the company so no joy there. How do you do a > hardware reset of the ALOM to factory defaults on a V445. I cannot find > it in the ALOM manual. > > Thanks > > Dale Whittemore > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From rumbiles at yahoo.com Fri Sep 19 02:42:53 2008 From: rumbiles at yahoo.com (rumbidzayi gadhula) Date: Thu, 18 Sep 2008 23:42:53 -0700 (PDT) Subject: SUMMARY: Directory permissions Message-ID: <649701.10905.qm@web54405.mail.yahoo.com> Hello managers, Thank you very much o all who responded. I have used the suggestion from Francisco below and it worked. I will implement it soon. --- On Sun, 9/14/08, francisco roque wrote: From: francisco roque Subject: Re: Directory permissions To: "rumbidzayi gadhula" Date: Sunday, September 14, 2008, 12:23 PM Of course it is. The writeable directory resides inside a parent directory. To delete the writeable directory, you need write permissions in the parent directory. If you do not have write permissions on the parent directory, you cannot delete the writeable directory. Think about how home directories work; generally you can write to your $HOME but not delete it. Here's an example of creating such a directory structure in /tmp, where the group in question is "yourgroup": as root: # cd /tmp # mkdir -p one/two # chmod 755 one # chmod 775 one/two # chgrp yourgroup twoa # find one -ls 308878952 8 drwxr-xr-x 3 root root 177 Sep 14 12:15 one 243307857 8 drwxrwxr-x 2 root yourgroup 117 Sep 14 12:17 one/two as a user in "yourgroup": $ cd /tmp/one/two $ touch testfile $ ls testfile $ rm testfile $ ls $ cd .. $ pwd /tmp/one $ rm -r two rm: Unable to remove directory two: Permission denied $ rm -rf two/ rm: Unable to remove directory two/: Permission denied $ rmdir two/ rmdir: directory "two/": Search or write permission needed $ ls two The user can create/remove files in /tmp/one/two but cannot delete /tmp/one/two because he does not have permissions to /tmp/one. Good luck, -f http://www.blackant.net/ On Sun, 14 Sep 2008, rumbidzayi gadhula wrote: > Hello Managers > > This might sound incredible but is it possible to create a directory to > which a group of users can write and delete files from, without being able to > delete the directory itself. If so , how do you achieve this on a Solaris 8 > box? > > TIA > > Rumbi > _______________________________________________ > sunmanagers mailing list > sunmanagers at sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From oab111 at gmail.com Fri Sep 19 07:35:33 2008 From: oab111 at gmail.com (Mossey Fahey) Date: Fri, 19 Sep 2008 12:35:33 +0100 Subject: SUMMARY: BootPath in X86 Message-ID: Hi All, Apologies for the delay, but it has taken me a while to get to the bottom of this issue. I am not sure if someone else has already posted this but here it is anyways. First get the device number of the bootpath prtconf -vp | grep bios-boot-device This gives something like bios-boot-device: '80' Then use the /sbin/biosdev command to get the list of possible devices: E.g 0x80 /pci at 7b,0/pci1022,7458 at 11/pci1000,3060 at 2/sd at 0,0 0x81 /pci at 7b,0/pci1022,7458 at 11/pci1000,3060 at 2/sd at 1,0 0x82 /pci at 7b,0/pci1022,7458 at 11/pci1000,3060 at 2/sd at 2,0 0x83 /pci at 7b,0/pci1022,7458 at 11/pci1000,3060 at 2/sd at 3,0 Match the numbers ==> 0x80 and that is the boot device. The only thing is that I cannot get the slice number. Regards oab111 =============================================================== Original Question ------------------------- Hi Managers, I am looking for a way to determine the bootpath on my Solaris 10 (08/07) X86 server. In the sparc world, I would give the command the usual 'prtconf -vp|grep bootpath'. bootpath: '/ssm at 0,0/pci at 1a,600000/pci at 2/scsi at 2,1/disk at 0,0:a' >From this path I could work out which which is the boot device e.g. /dev/dsk/c0t0d0s0 The reason I get the path in this way is because I do not know of any other way in a bash script, of correctly determining the boot device, given that the script could be run on a server that may or may not have its boot disks mirrored under SVM. After calculating the boot device boot, I then use this to pass the '-C' parameter to an lucreate command. This works fine in the sparc world. We are in the process of starting to support X86 in our business, so I would like things to work as before where possible. But here is where I am stuck. I cannot seem to determine what the bootpath is when the root disks are mirrored under SVM. 'prtconf' does not report the bootpath as it did in sparc architecture The bootpath in the /boot/solaris/bootenv.rc file just shows the SVM pseudo device setprop bootpath '/pseudo/md at 0:0,10,blk' I don't know how to convert/translate it to a path similar to the format from sparc world. Any ideas/hints/advice etc. would be greatly appreciated Thanking you in advance oab111 P.S. I will summarise _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From breynolds at Cymtec.com Fri Sep 19 12:25:20 2008 From: breynolds at Cymtec.com (Beverley Reynolds) Date: Fri, 19 Sep 2008 11:25:20 -0500 Subject: SUMMARY setup nagios Solaris 10 Message-ID: <800519794AFB8B47A201D7B8B7B1502E367C4E@cymex.Cymtec.net> Thanks to all that replied. I did an ldd on the nrpe executable, copied the missing libs from production, deleted the service and started nagios as a daemon. So it is working fine now. Again, many thanks Bev I am trying to get nagios to run on SUN Solaris 10 on a T2000 - we have the nagios server running on a linux box so just need to get everything setup so the sun can be monitored. I found some pieces of nagios on another machine and placed those in the same location on the T2000 Then I tried to do......... /usr/local/nagios/bin/nrpe -c /usr/local/etc/nrpe.cfg -daemon Which produced.................. ld.so.1: nrpe: fatal: libssl.so.0.9.8: open failed: No such file or directory Killed Openssl is installed in # find / -name 'SUNWopenssl*' -print /var/sadm/pkg/SUNWopenssl-libraries /var/sadm/pkg/SUNWopenssl-libraries/save/pspool/SUNWopenssl-libraries /var/sadm/pkg/SUNWopenssl-commands /var/sadm/pkg/SUNWopenssl-commands/save/pspool/SUNWopenssl-commands /var/sadm/pkg/SUNWopenssl-include /var/sadm/pkg/SUNWopenssl-include/save/pspool/SUNWopenssl-include /var/sadm/pkg/SUNWopenssl-man /var/sadm/pkg/SUNWopenssl-man/save/pspool/SUNWopenssl-man /var/sadm/pkg/SUNWopensslr /var/sadm/pkg/SUNWopensslr/save/pspool/SUNWopensslr I tried setting.............. LD_LIBRARY_PATH=/usr/sfw/lib ;export LD_LIBRARY_PATH I guess just copying these files doesn't work. Can someone give me a SIMPLE explanation about how to get nagios setup on this machine so it can be monitored by our nagios server? This is what I have done so far............. tar -xvf nrpe.tar groupadd nagios useradd -g nagios nagios cp nagios-nrpe /lib/svc/method/ cp nagios-nrpe.xml /var/svc/manifest/network/ chown -R nagios:nagios /usr/local/nagios/ chown -R nagios:nagios /usr/local/etc/nrpe.cfg svccfg import /var/svc/manifest/network/nagios-nrpe.xml svcs -xv svc:/network/nagios/nrpe:default (Nagios Remote Plug-In Executor (NRPE)) State: maintenance since Thu Sep 18 10:36:13 2008 Reason: Start method exited with $SMF_EXIT_ERR_FATAL. See: http://sun.com/msg/SMF-8000-KS See: /var/svc/log/network-nagios-nrpe:default.log Impact: This service is not running. Thanks ############################################################################# ## This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) named above. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this message in error and that any review, disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return e-mail. ############################################################################# ## _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From spaceyjoe2020 at yahoo.com Fri Sep 19 13:50:54 2008 From: spaceyjoe2020 at yahoo.com (Joe A) Date: Fri, 19 Sep 2008 10:50:54 -0700 (PDT) Subject: Summary: SAN Discontinued Message-ID: <802525.37668.qm@web51306.mail.re2.yahoo.com> Hi- I got ssh back - when devpers edited vfstab they left one of the svm partition in the vfstab causing the system from running with ssh I removed it now I can get to ssh/ format only shows 2 default disk. In dmesg I am still getting: Sep 19 13:35:11 qla2300: [ID 405951 kern.info] EL146: hba1: get_host_data, FAILED Status=11 Sep 19 13:35:11 qla2300: [ID 950917 kern.info] EL147: hba1: fo_get_lun_data, failed No devices Sep 19 13:35:11 qla2300: [ID 706028 kern.info] EL148: hba1: fo_ioctl, failed rval=0, Status=9h Sep 19 13:35:11 qla2300: [ID 341626 kern.info] EL149: hba1: fo_get_target_data, failed No devices Sep 19 13:35:11 qla2300: [ID 834882 kern.info] EL150: hba1: fo_ioctl, failed rval=0, Status=9h Do I uninstall the driver to prevent this check? Thanks Joe --- On Fri, 9/19/08, Joe A wrote: From: Joe A Subject: SAN Discontinued To: sunmanagers at sunmanagers.org Date: Friday, September 19, 2008, 11:06 AM Hi Guys Specifics: Solaris 10 on sunfire v480 FC Switches: Sandbox 5200 SAN: Nexsan ataboy2x used sun volume manager Devp'ers decide to not use SAN for the server anymore. So I have unmasked the luns, make unavailable disk, and ran a devfsadm -C/ edits the vfstab. When i ran format I can still see the disk though unavailable so I rebooted but now I cannot ssh to the box. And format still shows the disk. Dmesg spills out of alot of error and I am also /dev/md/d1-12 error. Thanks for any help Joe _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From trk at cray.com Sat Sep 20 22:36:12 2008 From: trk at cray.com (Tim Kirby) Date: Sat, 20 Sep 2008 21:36:12 -0500 Subject: V880 with a security obsession [SUMMARY] In-Reply-To: <48D5A675.4090206@gmail.com> Message-ID: In my original post, I whimpered about a V880 that would not be updated... > When I went to update [OBP], however, I got the dreaded > > **ERROR: System security is set: System firmware was not modified. > > Well, I'm out of ideas. The jumpers are correct. They've even been > taken off and checked to make sure they're right. Both normal and > diag key positions have been tried. Standalone boot and update from > Solaris. Just about every variation I could think of (made all the > more painful by having to walk someone through this 1000 miles away) > Even Google hasn't come up with anything. Joshua Newswanger pointed me at > *Document Audience:* SPECTRUM > *Document ID:* 210487 > *Old Document ID:* (formerly 48027) > *Title:* Sun Fire[TM] V880 or V480 firmware: Unable to Flashupdate: > "ERROR: system security set: system firmware was not modified" The key being if the setting of the EEPROM variable 'security-mode' is anything other than "none," you will NOT be able to update the firmware using flashprom (which was true in my case). Frustratingly I had tried putting this into sunsolve but apparently I did not contrive to search with quite the right keywords. Sigh. -- Tim Kirby 651-605-9074 trk at cray.com Cray Inc. Information Systems _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From graham.leggate at gmail.com Sun Sep 21 23:28:36 2008 From: graham.leggate at gmail.com (Graham Leggate) Date: Mon, 22 Sep 2008 11:28:36 +0800 Subject: SUMMARY: Are SCSI Warnings Normal When Using Extended SAN Fabrics? Message-ID: <8eea529a0809212028g6365958bp8417683318eaa47a@mail.gmail.com> First, I'd like to thank all those who responded. Thank you. Sorry for the Summary taking so long to be sent back to the group. However, given the sensitivity of the site where these warnings were appearing, it has taken quite a bit of time to get changes implemented and tested. Trying to get to the bottom of this has involved trial and error of a few things, which I'll summarise those which made a positive impact to our system: 1. Implemented the changes to the SD values in /etc/system, the settings which seem to work best for us is: set ssd:ssd_io_time=60 set ssd:ssd_max_throttle=20 2. We patched the OS and Veritas software to the latest releases of patches available. Our systems were nearly a year behind the current recommended patches. 3. We reset the vxdmp settings back to default, as we had played around with the iotimeouts and queuedepth: # Set queuedepth and io back to defaults: vxdmpadm setattr arraytype A/A-A-HDS recoveryoption=default 4. After do some more research we discovered a little fact about the HDS SAN's whereby they are not a real Asymmetric, Active-Active arrays. They mimic an A/A-A by performing internal switching in the HDS Controllers. This, in theory, shouldn't affect performance or reliability. However, after talking to Veritas, it was decided to set vxdmp to use a single path to the SAN for all I/O. This doesn't exclude the other path from being used, ie. in the event of a HBA failure, or even with multiple LUN's you can still load balance over your two HBA's, but once set it will use that HBA until a failure on the path is detected. # Trying this as a setting to resolve the VXDMP from flappying about on the HDS SAN: vxdmpadm setattr enclosure AMS_WMS0 iopolicy=singleactive use_all_paths=no vxdmpadm setattr enclosure AMS_WMS1 iopolicy=singleactive use_all_paths=no Now our system appears to be stable, and the number of SCSI warnings has dropped to 1 or 2 per day, which we can align with errors occuring on the SAN fabric between the two sites (set and out of frame errors). Regards Graham Subject: Are SCSI Warnings Normal When Using Extended SAN Fabrics? ------------------------ From: *Graham Leggate* Date: 2008/7/31 To: sunmanagers at sunmanagers.org Hi, I have a question regarding what would be considered a "normal" number of scsi warnings when using remote SAN's? We have a number of SUN Servers, E2900, V890, X4200M2's, with dual HBA's running Solaris 10, U3, Veritas Storage Foundation 5 connected to a HDS SAN. We have two SAN's, located in two physical datacenters (prod & DRC) which are approximately 40kms apart. We run dark fibre between to the two sites and use CWDM's to provide 2 x 2Gbps Data Networking + 6 x 2Gbps Fibre Channel. The SUN servers use vxdmp to connect to 2 Brocade switches, and then each Brocade switch has 3 x 2Gbps trunked ISL's to connect to the switches at the remote datacentre, we also use the Extended Fabric Licenses in the switches. The servers data volumes are located on the SAN's, where we have a LUN presented by the local SAN and a second LUN presented by the remote SAN. The volumes is then mirrored using Veritas. The SUN servers run a mix of Oracle RAC 10gR2 and an inhouse transaction processing engine and custom database. Each day the servers produce a number of warnings to syslog as shown below. Each time the system warns of a scsi transport issue, it is always the remote LUN which is reporting the problem against. These warnings are not causing the systems to fail in anyway, however the customer is asking for an explanation as to why these messages are occurring. Previously we did not have the Extended Fabric License or the Trunking Licenses, and we would see many of these scsi errors in succession which would then either cause Veritas to mark a disk as failing or failed, which would mean we would need to re-mirror the disk. But since we have had the Extended Fabric Licenses installed on the Brocade switches the number of scsi warning has greatly decreased and we haven't had any disk failures. I do not know if these types or messages are "normal" when running systems with remote mirrors, or if this is something we need to investigate further to see if there is any other under-lining problems. Any in-sight from those of you who run Solaris with remote mirrors would be greatly appreciated. ---messages---- Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.warning] WARNING: /ssm at 0,0/pci at 19,600000/SUNW,emlxs at 1/fp at 0,0/ssd at w50060e80102a00f2,8 (ssd166): Jul 31 02:00:24 SERVER001 Error for Command: write(10) Error Level: Retryable Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Requested Block: 11880000 Error Block: 11880000 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Vendor: HITACHI Serial Number: 750409750029 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Sense Key: Aborted Command Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] ASC: 0xc0 (), ASCQ: 0x3, FRU: 0x0 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.warning] WARNING: /ssm at 0,0/pci at 19,600000/SUNW,emlxs at 1/fp at 0,0/ssd at w50060e80102a0082,3 (ssd144): Jul 31 02:00:24 SERVER001 Error for Command: write(10) Error Level: Retryable Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Requested Block: 11880000 Error Block: 11880000 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Vendor: HITACHI Serial Number: 750409680012 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Sense Key: Aborted Command Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] ASC: 0xc0 (), ASCQ: 0x3, FRU: 0x0 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.warning] WARNING: /ssm at 0,0/pci at 19,600000/SUNW,emlxs at 1/fp at 0,0/ssd at w50060e80102a0082,5 (ssd165): Jul 31 02:00:24 SERVER001 Error for Command: write(10) Error Level: Retryable Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Requested Block: 1132771808 Error Block: 1132771808 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Vendor: HITACHI Serial Number: 750409680023 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Sense Key: Aborted Command Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] ASC: 0xc0 (), ASCQ: 0x3, FRU: 0x0 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.warning] WARNING: /ssm at 0,0/pci at 19,600000/SUNW,emlxs at 1/fp at 0,0/ssd at w50060e80102a0082,7 (ssd169): Jul 31 02:00:24 SERVER001 Error for Command: write(10) Error Level: Retryable Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Requested Block: 327259936 Error Block: 327259936 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Vendor: HITACHI Serial Number: 750409680029 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Sense Key: Aborted Command Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] ASC: 0xc0 (), ASCQ: 0x3, FRU: 0x0 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.warning] WARNING: /ssm at 0,0/pci at 19,600000/SUNW,emlxs at 1/fp at 0,0/ssd at w50060e80102a0082,8 (ssd171): Jul 31 02:00:24 SERVER001 Error for Command: write(10) Error Level: Retryable Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Requested Block: 1132650832 Error Block: 1132650832 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Vendor: HITACHI Serial Number: 750409680024 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Sense Key: Aborted Command Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] ASC: 0xc0 (), ASCQ: 0x3, FRU: 0x0 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.warning] WARNING: /ssm at 0,0/pci at 19,600000/SUNW,emlxs at 1/fp at 0,0/ssd at w50060e80102a00f2,1 (ssd150): Jul 31 02:00:24 SERVER001 Error for Command: write(10) Error Level: Retryable Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Requested Block: 3407136 Error Block: 3407136 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Vendor: HITACHI Serial Number: 750409750014 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Sense Key: Aborted Command Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] ASC: 0xc0 (), ASCQ: 0x1, FRU: 0x0 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.warning] WARNING: /ssm at 0,0/pci at 19,600000/SUNW,emlxs at 1/fp at 0,0/ssd at w50060e80102a0082,1 (ssd146): Jul 31 02:00:24 SERVER001 Error for Command: write(10) Error Level: Retryable Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Requested Block: 1331088 Error Block: 1331088 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Vendor: HITACHI Serial Number: 750409680014 Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] Sense Key: Aborted Command Jul 31 02:00:24 SERVER001 scsi: [ID 107833 kern.notice] ASC: 0xc0 (), ASCQ: 0x1, FRU: 0x0 Jul 31 02:04:07 SERVER001 scsi: [ID 107833 kern.warning] WARNING: /ssm at 0,0/pci at 19,600000/SUNW,emlxs at 1/fp at 0,0/ssd at w50060e80102a00f2,3 (ssd148): Jul 31 02:04:07 SERVER001 Error for Command: write(10) Error Level: Retryable Jul 31 02:04:07 SERVER001 scsi: [ID 107833 kern.notice] Requested Block: 12554768 Error Block: 12554768 Jul 31 02:04:07 SERVER001 scsi: [ID 107833 kern.notice] Vendor: HITACHI Serial Number: 750409750012 Jul 31 02:04:07 SERVER001 scsi: [ID 107833 kern.notice] Sense Key: Aborted Command Jul 31 02:04:07 SERVER001 scsi: [ID 107833 kern.notice] ASC: 0xc0 (), ASCQ: 0x3, FRU: 0x0 Jul 31 02:11:05 SERVER001 scsi: [ID 107833 kern.warning] WARNING: /ssm at 0,0/pci at 19,600000/SUNW,emlxs at 1/fp at 0,0/ssd at w50060e80102a0082,3 (ssd144): Jul 31 02:11:05 SERVER001 SCSI transport failed: reason 'tran_err': retrying command Jul 31 03:37:08 SERVER001 scsi: [ID 107833 kern.warning] WARNING: /ssm at 0,0/pci at 19,600000/SUNW,emlxs at 1/fp at 0,0/ssd at w50060e80102a0082,5 (ssd165): Jul 31 03:37:08 SERVER001 Error for Command: write(10) Error Level: Retryable Jul 31 03:37:08 SERVER001 scsi: [ID 107833 kern.notice] Requested Block: 1132772880 Error Block: 1132772880 Jul 31 03:37:08 SERVER001 scsi: [ID 107833 kern.notice] Vendor: HITACHI Serial Number: 750409680023 Jul 31 03:37:08 SERVER001 scsi: [ID 107833 kern.notice] Sense Key: Aborted Command Jul 31 03:37:08 SERVER001 scsi: [ID 107833 kern.notice] ASC: 0xc0 (), ASCQ: 0x3, FRU: 0x0 Many Thanks Regards Graham ____________________ Graham Leggate - _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From techinfo at qatar.net.qa Mon Sep 22 06:16:26 2008 From: techinfo at qatar.net.qa (techinfo) Date: Mon, 22 Sep 2008 13:16:26 +0300 Subject: SUMMARY: Oracle 10g on Sun Cluster 3.1/Solaris 10 In-Reply-To: <48D38CCE.3070806@intracom.gr> References: <48D38CCE.3070806@intracom.gr> Message-ID: As suggested in the responses, the problem was not setting "project.max-shm-memory" parameter properly, and it is done by using projadd command to solve the issue. Many thanks for the solution. - Ansu Original posting: > > Dear Sun Managers, > > > > We have Oracle 10g running on Sun Cluster 3.1 / Solaris 10. > Just before putting it on production last night, we made some > final fine tuning on Oracle, and part of that, we changed the > Oracle SGA Memory parameter values, to make SGA_TARGET value to > 4 GB. We have 16 GB physical memory on the system. When we > restarted Oracle on cluster, it did not come up, but outside > cluster it was working perfectly OK. We had no clues on what was > the issue, but to rule out all possibilities, we have reduced > SGA_TARGET parameter value to 3.5 GB, and to our surprise, it > started working. > > > > Now, is it a limitation on Solaris 10 or Sun Cluster 3.1 that > this value can not go more than or equal to 4 GB? Or should we > check any other possibilities? We plan to put it in production > as soon as possible. > > > > Thanks in advance - > > > > - Ansu ------ _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From JaehneRS at state.gov Mon Sep 22 15:27:56 2008 From: JaehneRS at state.gov (Jaehne, Richard S) Date: Mon, 22 Sep 2008 15:27:56 -0400 Subject: SUMMARY: Telnet hang In-Reply-To: <8F86FD6483BD704A85C34AB0F8A466EE0A32F9@MSWASHDCEVS11.washdc.state.sbu> References: <8F86FD6483BD704A85C34AB0F8A466EE0A32F9@MSWASHDCEVS11.washdc.state.sbu> Message-ID: <8F86FD6483BD704A85C34AB0F8A466EE0A3308@MSWASHDCEVS11.washdc.state.sbu> Managers, Thanks for the responses (too many to mension) that all pointed to name services as the culprit. Our network management folks put some new DNS servers online and we just needed to update the server. Thanks, Richard Jaehne -----Original Message----- From: sunmanagers-bounces at sunmanagers.org [mailto:sunmanagers-bounces at sunmanagers.org] On Behalf Of Jaehne, Richard S Sent: Monday, September 15, 2008 9:19 AM To: sunmanagers at sunmanagers.org Subject: Telnet hang Managers, I've got a problem with a Sunfire v240 server running solaris 8. When we telnet to it it takes sometimes several minutes for the prompt to appear. Ping works fine. And the server otherwise seems fine. Any help would be appreciated. Thanks _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From awebfiend at gmail.com Mon Sep 22 15:45:26 2008 From: awebfiend at gmail.com (awebfiend) Date: Mon, 22 Sep 2008 15:45:26 -0400 Subject: SUMMARY: Help! Self Induced 6540 Catastrophe Message-ID: <3631d5760809221245r39885c5di6b7ae8d503969cda@mail.gmail.com> My question boiled down to: Does anyone know if there's a native firmware command for a StorageTek 6540 to revert a 'reset array' rather than manually recreating the LUNs . Answer no. I received a couple of responses back from members of the list who'd been in similar positions and their advice was to leave it to Sun. I've finally caught up after losing everything on this array. We don't back it up as the data can be regenerated, it just takes a while and inconveniences a few people. So I still have a job. The action plan from Sun Support was to disable LUN initialization and manually recreate the LUNs using exactly the same underlying disks as before. I had a file containing a human readable configuration of the array generated by Sun's support script. Sun sent out an FE (who told me this was the first time he'd worked on a 6540) to enter a command via the console (writeZerosFlag=1) given to me by Sun Support; output was something like "new value added". Rather than watch over my shoulder, he left and gave me the password so that I could set "writeZerosFlag=0" when done. So I recreated the LUNs. But the very first one showed a status of 'initializing' and a dd of the new LUN showed zeros. I called Sun Support again and we diffed the old/new configuration and verified it was good. So I was SOL, my data was gone. I did confirm that the writeZerosFlag value should be set to 1, as to me, that seemed backwards. They didn't have anything else to offer. I did find a reference to the writeZerosFlag=1 (thanks Google) in the 'A1000 and A3x00/A3500FC Best Practices guide'. It's possible those arrays have related firmware. In that document it says "However, if the output says anything like: 'new value added to table,' something was done incorrectly within the VKI_EDIT_OPTIONS. Do not proceed.". I do have one useful command that is worth passing on. 'sscs', the CAM command line tool provides an "export array" command that allows you to export your configuration to an XML file. Next time. _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Craig.Robinson at nrw.qld.gov.au Mon Sep 22 20:24:52 2008 From: Craig.Robinson at nrw.qld.gov.au (Robinson Craig) Date: Tue, 23 Sep 2008 10:24:52 +1000 Subject: SUMMARY: Cannot find root after install Message-ID: <28602243B144B34F847BC4073CE7C1A5025A4B8D@MINMAIL1.lands.resnet.qg> Hi Folks, Firstly, a big thanks to all who responded. It was precisely the direction I needed to look in. To recall, after installing Solaris 10 on a V125, I was getting this error upon rebooting: ---------------SNIP--------------- Cannot mount root on /pci at 1c,600000/scsi at 2/disk at 1,0:a fstype ufs panic[cpu0]/thread=180e000: vfs_mountroot: cannot mount root 000000000180b950 genunix:vfs_mountroot+32c (800, 200, 0, 185dc00, 1883800, 18afc00) %l0-3: 0000000000001770 0000000000000640 0000000001814000 00000000000008fc %l4-7: 0000000001833c00 00000000018b2000 0000000000000600 0000000000000200 000000000180ba10 genunix:main+98 (1814198, 1014800, 18364c0, 18ac400, 183b400, 1814000) %l0-3: 0000000070002000 0000000000000001 0000000000000000 0000000070002000 %l4-7: 0000000000000001 0000000001075800 0000000000000060 0000000000000000 ---------------UN-SNIP--------------- The problem was that I had the wrong disk set as the 'boot-device' in the OBP. The solution was re-setting the OBP defaults by issuing the "set-defaults" command. Pretty simple really :-). Much thanks, Craig ************************************************************************ The information in this email together with any attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any form of review, disclosure, modification, distribution and/or publication of this email message is prohibited, unless as a necessary part of Departmental business. If you have received this message in error, you are asked to inform the sender as quickly as possible and delete this message and any copies of this message from your computer and/or your computer system network. ************************************************************************ _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From sunhux at gmail.com Wed Sep 24 01:03:09 2008 From: sunhux at gmail.com (sunhux G) Date: Wed, 24 Sep 2008 13:03:09 +0800 Subject: Summary: configuring sendmail to send/receive mails thru another sendmail server Message-ID: <60f08e700809232203j44e5fc20vec666cb02bc0d5bf@mail.gmail.com> Thanks to Christopher Barnard & Donald Kinney. Their replies are appended below : =============================== On server2, edit the access file, usually located in /etc/mail, add the ip address of server5. for example, server5.yourdomain.com RELAY Rebuild the map (makemap) On server5, you have two options, edit sendmail.cf file, search for DS and change it to read: DSserver2.yourdomain.com stop and restart sendmail, or edit the sendmail.mc file, and add: define(`SMART_HOST',`[smarthost.example.net]')dnl rebuild sendmail.cf m4 sendmail.mc > /etc/mail/sendmail.cf (or wherever you have it) restart sendmail. you should be able to relay from server5 through server2 now. ============================ Don't edit the .cf files. On server2, add server5 to the /etc/mail/relay-domains file and then restart sendmail On server5, cd to /usr/lib/mail/cf. Copy the sendmail.mc to custom.mc or some name like that. Edit custom.mc to define the SMARTHOST to be server2. (Be sure to fully qualify it). The readme file one directory back (/usr/lib/mail) will give you the syntax. Rebuild the .cf file /usr/ccs/bin/m4 ../m4/cf.m4 custom.mc > custom.cf. Compare the custom.cf with the existing sendmail.cf in /etc/mail to see what is different. It should just be the addition of DS. copy it into place and restart sendmail. On Mon, Sep 22, 2008 at 5:20 PM, sunhux G wrote: > > I currently has a server, server2 that has sendmail working & it's > pointing > to an SMTP gateway that's external to our network & has to pass thru a > firewall. > > Our firewall has a rule that permits smtp traffic (tcp port 25) to pass > thru > from server2 to an external smtp gateway > > Now, I'm setting up another Sun server, server5 (running Solaris 10) that's > not permissioned by the firewall yet. Both servers are not blocked by > firewalls. Is there anyway I can configure server5 such that it can still > send/receive email but by going thru server2 as it's intermediary? > > > This is my guess, not sure if I'm making any sense : > > On server2, edit sendmail.cf to set itself as a relay server : > # vi /etc/mail/sendmail.cf > & insert 2 lines > DR server2 > CR server2 > > & do "pkill -HUP sendmail" > > > > On server5, set server2 as mail host : > # vi /etc/mail/sendmail.cf & subsidiary.cf > & insert the line below in each of the 2 cf files : > DSserver2 > > where server2 is defined in server5's /etc/host > & do "pkill -HUP sendmail" on server5 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From Daniel.Tate at acs-inc.com Wed Sep 24 11:51:00 2008 From: Daniel.Tate at acs-inc.com (Tate, Daniel) Date: Wed, 24 Sep 2008 10:51:00 -0500 Subject: SUMMARY: Need Direct Attached Storage in the range of 20TB Message-ID: <6178D66B1C4109469B84237AE9037B7A3B62DE@a1dal1swpes01mb.ams.acs-inc.net> Thank you for all the responses. Caen Engineering's products Sun's J400s Partner's Data products (best price) But overwhelmingly you suggested Nexsan technologies. They look to have the best product out there given everyone's comments. At least 10 people suggested them. Original message: I need some direct-attached storage in the range of 20TB - preferably SATA since that's the cheapest available. This would attach to a 6900, and the system must remain hardware compliant, so probably need a SATA to SCSI or FC conversion in place. I need something that we can get FAST, or else a SAN would work; and we need the throughput of direct-attached, so a NAS is not an option. Daniel S. Tate, SCSA, MCSE | Infrastructure Management Sr. Analyst ACS Government Healthcare Services | Daniel.Tate at acs-inc.com 800 Crescent Centre Drive, Suite 600 Franklin, TN 37067 (o) 615.503.9251 (f) 615.503.9220 Notice of Confidentiality. This message and all attachments are confidential or proprietary to ACS, and disclosure, use, or distribution to anyone other than the intended recipient without the prior written permission of ACS is prohibited. This message and any attachments may contain confidential health information that is protected by law. This information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, or distribution is strictly prohibited. If you think you have received this message in error, please notify the sender by reply to this e-mail and delete the message without disclosure. Thank you. [demime 1.01b removed an attachment of type image/gif which had a name of image001.gif] _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From fabiomiranda at ice.co.cr Thu Sep 25 09:44:56 2008 From: fabiomiranda at ice.co.cr (Fabio A. Miranda) Date: Thu, 25 Sep 2008 07:44:56 -0600 Subject: SUMMARY: Sun DHCP - do you have to use it ? In-Reply-To: <005a01c91ee4$398df070$aca9d150$@co.cr> References: <005a01c91ee4$398df070$aca9d150$@co.cr> Message-ID: <006e01c91f14$e6341630$b29c4290$@co.cr> Thanks a lot to everyone who answered: Original question: Can you replace Sun DHCP with ISC DHCP ? Answer: Yes, not problem at all. It also works with Jumpstart clients. -----Original Message----- From: sunmanagers-bounces at sunmanagers.org [mailto:sunmanagers-bounces at sunmanagers.org] On Behalf Of Fabio A. Miranda Sent: Thursday, September 25, 2008 1:56 AM To: sunmanagers at sunmanagers.org Subject: Sun DHCP - do you have to use it ? Hello Managers, I want to hear feedback from sys-admins, IT integrators, developers if it is totally possible to build solutions with Solaris and use ISC DHCP instead of Sun's DHCP? Main interest would be to look for simpler admin tasks. I came across several Sun DHCP tasks a bit time consuming, can one use ISC DHCP for jumpstart? In what situations (if any) do you need to stick with Sun DHCP? Thanks, Fabio A. Miranda _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From olgamirth at gmail.com Thu Sep 25 09:45:14 2008 From: olgamirth at gmail.com (Michael Dahlberg) Date: Thu, 25 Sep 2008 09:45:14 -0400 Subject: SUMMARY: How to distinguish between a UFS and ZFS filesystem Message-ID: Thank you very much to all who replied. Most suggested using 'df -n' to determine the mounted filesystems and their type. (Linux has a similar command line parameter, '-T', but I find the output of Solaris' version to be more "clean"). Some suggested using the command '/usr/sbin/fstyp' to determine the filesystem type for both mounted and unmounted filesystems. Since you must pass the device special file that corresponds to the filesystem, I had trouble determining it's usage with ZFS filesystems. In addition, latter versions of the Solaris man page for fstyp come with this warning: "This command is unreliable and its results should not be used to make any decisions about subsequent use of a storage device or disk partition." Again, thank you to all who replied. Mike _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From hriungeness at yahoo.com Fri Sep 26 03:49:04 2008 From: hriungeness at yahoo.com (Kabuthia Riunge) Date: Fri, 26 Sep 2008 00:49:04 -0700 (PDT) Subject: SUMMARY: Servers losing/gaining time Message-ID: <760008.99657.qm@web57607.mail.re1.yahoo.com> Gurus, Thanx a heap to all those who replied. The consensus is to use NTP in the network. So I have configured one internal NTP server to sync with an external NTP server. All the other servers (ntp clients) on the network sync to this internal NTP server. Thanx again! Regards, Kabuthia Original Question: On Thu, Sep 25, 2008 at 6:30 AM, Kabuthia Riunge wrote: > Hallo Gurus, > > We have a peculiar problem with all our Solaris servers. They > have been losing or gaining time. One Sun cluster (3.1u4) is 15 minutes ahead, whereas > the other Sun cluster is 25 minutes behind. All the other stand-alone servers are > showing different times, some ahead and others behind. > > Every time I synchronize (set) the time, the losses/gains > continue occurring over a period of time. Please advise on how this can be > sorted out. > > Regards, > > Kabuthia. > _______________________________________________ _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From bigadmin at unixplanet.biz Sat Sep 27 19:31:28 2008 From: bigadmin at unixplanet.biz (Bigadmin) Date: Sat, 27 Sep 2008 18:31:28 -0500 Subject: Summary : Script for detemining disk size Message-ID: <000001c920f9$2a6f42d0$7f4dc870$@biz> Thanks to every one for quick response including Mathew , Noel, Jeffrey , John , francisco , Kev and Daniel. I was trying to determine disk size with format command while prtvtoc does this job. The other problem was converting sector count to MB or GB because prtvtoc or format only returns disk information In Sector, Cylinder and Tracks. Here is the responses that I received. Thanks again for help. ******************************************************************* ******************************************************************* * /dev/rdsk/c1t0d0s2 partition map * * Dimensions: * 512 bytes/sector * 848 sectors/track * 24 tracks/cylinder * 20352 sectors/cylinder * 14089 cylinders * 14087 accessible cylinders * * Flags: * 1: unmountable * 10: read-only * * First Sector Last * Partition Tag Flags Sector Count Sector Mount Directory 0 2 00 40968576 61442688 102411263 1 3 01 0 40968576 40968575 2 5 00 0 286698624 286698623 3 0 00 102411264 40704 102451967 7 0 00 102451968 184246656 286698623 "Accessible Cylinders" * "Sectors/Cylinders" = Total Number of Sectors (ie: typically the Sector Count of partition 2) "Accessible Cylinders" * "Sectors/Cylinders" * "Bytes/Sector" = Total Number of Bytes on Disk. (Divide by 1,000,000 for MiB. Divide by 1,000,000,000 for GiB) % prtvtoc /dev/rdsk/c1t0d0s2 | awk '/bytes\/sector/ {bytes=$2} /sectors\/cylinder/ {sectors = $2} /accessible cylinders/ {cylinders = $2} END { print bytes * sectors * cylinders }' 146789695488 % sudo prtvtoc /dev/rdsk/c1t0d0s2 | awk '/bytes\/sector/ {bytes=$2} /sectors\/cylinder/ {sectors = $2} /accessible cylinders/ {cylinders = $2} END { print bytes * sectors * cylinders / 1000000000 }' 146.79 ******************************************************************* ******************************************************************* for disk in /dev/rdsk/c*2 do rawsize=$(sudo prtvtoc $disk |awk '$4 == 0 {print $0}'|sort -n +5|tail -1|awk '{print $6}') if [ "$rawsize" != "" ] then rawsize=$(( $rawsize / 2 / 1048576 )) echo $disk is $rawsize GB else echo $disk was not found, moving on fi done ************************************************************************ *********************************************************************** #!/usr/bin/ksh echo | format | grep -i c.*t.*d.* | grep -v disk | awk '{print $2}' > /tmp/.disklist.$$ for Disk in $(cat /tmp/.disklist.$$) do Sectors=$(prtvtoc -s /dev/rdsk/${Disk}s2 | sed -n '/ 2/p' |grep " 5 " | awk '{printf "has %d sectors\n",$5}') echo ${Disk} ${Sectors} done rm -f /tmp/.disklist.$$ ******************************************************************* ******************************************************************* ls /dev/rdsk/*s2 | sed -e "s/^/prtvtoc -h /" | sh -x ******************************************************************* ******************************************************************* for i in `ls /dev/rdsk/*s2`; do prtvtoc $i | grep " 2 " | awk '{ print $6(2*1000*1000) }' ; done _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From lindt at gmx-topmail.de Mon Sep 29 00:52:20 2008 From: lindt at gmx-topmail.de (lindt at gmx-topmail.de) Date: Mon, 29 Sep 2008 06:52:20 +0200 Subject: SUMMARY: HELP NEEDED: mtx and tape loader In-Reply-To: <48DF4D64.30509@singnet.com.sg> References: <20080928060236.310640@gmx.net> <48DF4D64.30509@singnet.com.sg> Message-ID: <20080929045220.202280@gmx.net> THANKS to James Munroe and KS Chang this has solved my problem.... > Hi Jay > > You need to change lun=0 to lun=1 in sgen.conf (it is true for Sun's > autoloader like C2/C4) as the robotic arm is presented as lun 1. > From the /var/adm/messages, target 5 lun 0 is definitely Quantum LTO3 > tape drive. > > Regards, KS > > lindt at gmx-topmail.de wrote: > > hi, > > i have problems install my tape loader, > > i have install the solaris mtx packet and change the sgen.conf > > but sgen didn4t create the device /dev/scsi/... or /dev/changer > > > > > > sgen.conf > > device-type-config-list = "changer"; > > #ame="sgen" class="scsi" target=0 lun=0; > > #name="sgen" class="scsi" target=1 lun=0; > > #name="sgen" class="scsi" target=2 lun=0; > > #name="sgen" class="scsi" target=3 lun=0; > > #name="sgen" class="scsi" target=4 lun=0; > > name="sgen" class="scsi" target=5 lun=0; > > #name="sgen" class="scsi" target=6 lun=0; > > #name="sgen" class="scsi" target=7 lun=0; > > #name="sgen" class="scsi" target=8 lun=0; > > #name="sgen" class="scsi" target=9 lun=0; > > #name="sgen" class="scsi" target=10 lun=0; > > #name="sgen" class="scsi" target=11 lun=0; > > #name="sgen" class="scsi" target=12 lun=0; > > #name="sgen" class="scsi" target=13 lun=0; > > #name="sgen" class="scsi" target=14 lun=0; > > #name="sgen" class="scsi" target=15 lun=0; > > > > /var/adm/messages > > > > Sep 27 20:28:46 sun scsi: [ID 365881 kern.info] > /pci at 1f,700000/scsi at 2,1/st at 5,0 (st12): > > Sep 27 20:28:46 sun > > Sep 27 20:28:46 sun scsi: [ID 193665 kern.info] st12 at mpt1: target 5 > lun 0 > > Sep 27 20:28:46 sun genunix: [ID 936769 kern.info] st12 is > /pci at 1f,700000/scsi at 2,1/st at 5,0 > > > > > > > > > > thanks > > Jay > > > > -- GMX Kostenlose Spiele: Einfach online spielen und Spa_ haben mit Pastry Passion! http://games.entertainment.gmx.net/de/entertainment/games/free/puzzle/6169196 _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From fabiomiranda at ice.co.cr Thu Sep 25 18:24:20 2008 From: fabiomiranda at ice.co.cr (Fabio A. Miranda) Date: Thu, 25 Sep 2008 16:24:20 -0600 Subject: FW: SUMMARY: Sun DHCP - do you have to use it ? Message-ID: <000801c91f5d$7636eb20$62a4c160$@co.cr> Thanks to David and Ryan for these last minute resources: [snip] > Answer: Yes, not problem at all. It also works with Jumpstart clients. There's a bit of tweaking needed for using ISC DHCPd and JumpStart: http://www.sun.com/bigadmin/content/submitted/setup_dhcp.jsp This was mentioned on sunmanagers in the pas as well: http://www.sunmanagers.org/pipermail/summaries/2006-January/007060.html http://bandcamp.tv/blog/jumpstart-dhcp [snip] _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers From fabiomiranda at ice.co.cr Tue Sep 30 14:08:42 2008 From: fabiomiranda at ice.co.cr (Fabio A. Miranda) Date: Tue, 30 Sep 2008 11:08:42 -0700 Subject: Summary: Scan but for Ethernet cards Message-ID: <48E26B2A.5040201@ice.co.cr> Hello, Thanks for all those very fast responses. Q: How to list/view ethernet interfaces that are not plumbed ? A: Opt 1: ifconfig -a plumb Opt 2: grep net /etc/path_to_inst Opt 3: prtconf -D | grep network Very accurate answers! Thanks, fabio _______________________________________________ sunmanagers mailing list sunmanagers at sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers