Posted at 10:33AM Oct 03, 2008 by William Hathaway in General
When I am talking to someone who is looking at getting started with ZFS, I typically recommend they hit the following resources:
ZFS Administration Guide (previous link was for Solaris users, if you are using OpenSolaris/Solaris Express, look here)
-- Chapter 2 "Getting Started" is a great place to begin
ZFS-discuss forum/mailing list at opensolaris.org (lots of expert users and developers hang out there)
ZFS sections of the Solaris Internals Wiki
Presentation on tuning Oracle for CMT (Niagara) machines
Posted at 03:14PM Sep 22, 2008 by William Hathaway in General
Glenn Fawcett (Sun) and Andrew Holdsworth (Oracle) gave a presentation on Optimizing Oracle on CMT machines at Oracle Open World today that is freely available. It is a good read if you have Oracle or another RDBMS and want to run it on one of Sun's CMT servers. In the presentation they cover a background on the CMT processor design goals, general tuning advice to help fit the chip and workload together, and then go through several examples showing what tuning they performed and the final results. You can fetch the presentation from here.
Sending a break to T5220 systems
Posted at 09:01AM Aug 06, 2008 by William Hathaway in General
The T5220 is one of the first SPARC based servers to use the ILOM lights out management software. The interface is a bit different than ALOM, which is what most of Sun's volume SPARC servers have used in the past. If you need to send a break to one of these, use the following command from within the SP
set /HOST send_break_action=break
Updated Solaris 10 Deep Dive Presentation
Posted at 09:23PM Aug 05, 2008 by William Hathaway in General
Glen Brunnette (security guru from Sun) has just announced an updated version of his excellent Solaris 10 Security Deep Dive presentation. It covers lots of good topics, such as:
- minimization
- executable stacks
- SMF
- Process Rights
- Zones
- Secure by Default
Jumpstart error and disk labels
Posted at 07:39PM Aug 02, 2008 by William Hathaway in General
I was working with a colleague recently trying to track down a jumpstart issue and thought this might be helpful to other people.
The Problem
A T2000 had a pair of 146G drives (c0t0d0 and c0t1d0) and a pair of 73s (c0t2d0 and c0t3d0) Each pair was mirrored by the LSI Raid controller so that the OS was presented with c0t0d0 and c0t2d0.
When jumping, if the rootdisk was unspecified, it would default to c0t2d0, which was not the desired configuration.
If was c0t0d0 explicitly used for /, the jump would fail with the following error":
ERROR: The boot disk (c0t0d0) is not selected
although the same profile was used earlier to successfully jump other machines.
Upon further investigation it turned out that c0t0d0 and c0t1d0 had previously been used in a ZFS pool thus had been labeled with an EFI label, which jumpstart doesn't know how to deal with.
The Solution
Used format -e to label the disk with an SMI label
partition> label
[0] SMI Label
[1] EFI Label
Specify Label type[1]: 0
Warning: This disk has an EFI label. Changing to SMI label will erase all
current partitions.
Continue? y
Auto configuration via format.dat[no]? y
and then run install-solaris to resume the jumpstart.
X4200 and X4100 - always booting at power on
Posted at 07:39AM Jul 25, 2008 by William Hathaway in General
x4[12]00s appear to have a default power policy of 'previous' which means if the machines were off when they lost power, they won't automatically start back up when power is restored.
You can change that to 'always-on' which will always start the system instance when power is applied in the BIOS (weirdly under advanced settings -> southbridge) or can use ipmitool (which is nice because you can change the settings without taking down the host).
/usr/sfw/bin/ipmitool -H $ILOM_IP -U root -f $FILE_WITH_ILOM_PASSWORD chassis policy always-on
Setting the locator lights in ALOM and ILOM
Posted at 08:07AM Jul 23, 2008 by William Hathaway in General
If you want to turn on or off the white locate lights on a Sun machine that uses the ALOM service processor firmware (entry level SPARC and CMT servers) it is simple, use:
setlocator on
or
setlocator off
If you want to do the same for servers that use ILOM service processor firmware (AMD based), use:
set /SYS/LOCATE value=Fast_Blink
or
set /SYS/LOCATE value=off
from the SP or if you are using ipmitool, send the "chassis identify" or "chassis identify off" commands.
Posted at 11:14AM Jul 10, 2008 by William Hathaway in General
Versatile has been working with Sun's Sun Ray thin-client platform since it came out in late 1999. There has been a lot of renewed interest from customers lately given the amount of attention paid to the low energy needs (2-4 watts) of Sun Rays compared to PCs and also as an inexpensive and easy to manage platform for virtual desktops. My favorite feature has been session mobility, where you can pull your smart card out of one Sun Ray, walk down the hall (or go to another building), insert your smart card and pull you same session up.
If you are interested in working with Sun Rays, the following resources should be helpful:
Sun's main Sun Ray page: http://www.sun.com/sunray/sunray2/
Sun's Thin Client Group Blog: http://blogs.sun.com/ThinkThin
Sun Ray mailing list: http://www.filibeto.org/sun/sunray-users/mailing-list.html (extremely slow loading web page)
Sun Secure Global Desktop: http://www.sun.com/software/products/sgd/index.jsp
Configuring link aggregation between Solaris 10 hosts and Nortel switches
Posted at 03:31PM Jul 02, 2008 by William Hathaway in Solaris
I configured some aggregated links using LACP and wanted to share the steps. I was performing this on two T5220 servers that each had two NICs plugged into a Nortel switch. If you have a network administrator, you should really ask them to help on the switch side so you don't mess anything up. In our case I was the network administator (at least for this switch we procured for testing).
Steps before starting
Gather the port numbers on the switch that you will be using for link aggregation (5,6,7,8 in our case)
Make sure you know which network interfaces on the Solaris side (e1000g1 and e1000g2 in our case)
Read the Solaris documentation on link aggregation
Read the Nortel documenation on link aggregation
SWITCH CONFIGURATION
1) Connect to the switch via telnet (or ssh if supported)
2) Use ctrl-y to get to password promp
3) Enter switch password
4) Press 'c' to get to command line interface
5) config t <--- to configure via terminal
SWITCHNAME(config)#int fastEthernet 5,6,7,8
SWITCHNAME(config-if)#lacp aggregation enable
SWITCHNAME(config-if)#lacp mode active
SWITCHNAME(config-if)#^Z
HOST CONFIGURATION
1) Make sure e1000g1 and e1000g2 are not currently plumbed
2) # dladm create-aggr -l active -d e1000g1 -d e1000g2 1
3) # ifconfig aggr1 plumb
4) # ifconfig aggr1 $ADDRESS netmask $NETMASK broadcast $BROADCAST up
5) # echo $ADDRESS > /etc/hostname.aggr1
VIEWING STATE OF LINK AGGREGATION
To view the state of the individual links use:
# dladm show-aggr 1
and
# dladm show-aggr -L 1
It should look something like:
# dladm show-aggr 1
key: 1 (0x0001) policy: L4 address: 0:14:4f:d0:c0:0b (auto)
device address speed duplex link state
e1000g1 0:14:4f:d3:c0:2b 1000 Mbps full up attached
e1000g2 0:14:4f:d3:c0:2c 1000 Mbps full up attached
# dladm show-aggr -L 1
key: 1 (0x0001) policy: L4 address: 0:14:4f:d0:c0:0b (auto)
LACP mode: active LACP timer: short
device activity timeout aggregatable sync coll dist defaulted expired
e1000g1 active short yes yes yes yes no no
e1000g2 active short yes yes yes yes no no
Sun Firmware Matrix Information
Posted at 09:33PM May 15, 2008 by William Hathaway in General
Sun just published a new set of pages on the BigAdmin Patch Hub that provides general information on system firmware as well as a super handy matrix that tells which patches provide firmware for the various hardware systems. It is really handy to have all this information in one place.
Posted at 03:37PM May 14, 2008 by William Hathaway in General
While I've been a long-time recommender of the PuTTY ssh client for use on Windows, a customer recently recommended Ponderosa. I just took a quick look at Ponderosa and it seems pretty nice. The biggest win is tabbed window support, which is fantastic if you tend to open a lot of windows.
If you use Windows or have users that do, take a look at Ponderosa and see if it would fit your needs.
Building a socks proxy on Solaris
Posted at 07:28AM Apr 23, 2008 by William Hathaway in General
If you need to install a SOCKS based proxy server on a Solaris, you can download the source from the SS5 project at sourceforge.
The only wrinkle not mention in the documentation is that you will need to set a CFLAGS environment variable before running configure, otherwise you will get some weird errors when trying to run 'make'.
export CFLAGS="-D__EXTENSIONS__"
Practical (Open)Solaris Security
Posted at 05:54AM Apr 18, 2008 by William Hathaway in General
Brent Paulson gave an interesting presentation on Practical OpenSolaris Security to the London OpenSolaris Users Group (LOSUG).
The presentation covers a wide variety of Solaris security features and provides examples showing how different configurations affect a system's security posture.
It looks like LOSUG has a arranged a nice set of speakers. Check out additional presentations available at their archive site.
Posted at 04:08AM Apr 16, 2008 by William Hathaway in General
When you run into a problem with computers and need to talk to someone else (whether it is an official support channel or an unofficial mailing-list/forum/irc chatroom), it is critical to gather the basic information that will enable people to help you. This includes:
- A clear description of the problem you are experiencing
- What steps are needed to reproduce the problem
- What version/config is your hardware or software (may be multiple components and/or versions)
- How is your hardware/software configured
- Exact error or log messages
One document that I really recommend people read before asking for help is Eric Raymond's How To Ask Questions The Smart Way. This provides excellent guidance in making sure you are posing your question in a way that is meaningful to the people you are asking for help, and may allow you to solve the problem yourself. At a minimum, it will help save time for everyone by reducing the number of back and forth iterations needed to get the relevant data to people.
If you are a developer or work in a support organization, make sure that your customers know what data they should gather before opening a support call.
Sun has provided tools for some of their software at the Gathering Debug Data page that explains how to gather troubleshooting data for points 3,4, and 5. An example is Gathering Debug Data for Sun's Directory Server.
Using the serial console on X6250 blades
Posted at 08:52AM Apr 09, 2008 by William Hathaway in General
I was recently working with a customer that uses Sun's Intel-based x6250 blades in a B6000 chassis. The customer had loaded VMWare ESX server on the blade. ESX was working fine, but we were only able to access the console via the web-based remote display. We wanted to also be able to access the console via the SSH connection to the management port. We had to perform the following steps to enable serial-based access:
- Connect to the management IP with a web browser
- Restart the blade and go into the BIOS setup
- Under the "Server" tab select Remote Access
- Set it to be enabled
- Change the serial port from COM1 to COM2
- Change redirection after BIOS POST to "Boot Loader"
- Save settings and exit (F10)