Recommended Patchset for Solaris 10 – January 2016

Those of you still on Solaris 10 may want to download the latest Recommended Patchset for Solaris 10 which was published just last week, on 28th of January 2016.

There’s only four such patchsets a year and this is quite handy for rolling baselines when you plan to patch all of your Solaris 10 servers in a particular quarter.

While this patchset does not incluse ALL of the available security patches, it contains most critical ones to date.

From the README:

The Recommended OS Patchset Solaris 10 SPARC provides the minimum set of patches needed to address security and Sun Alert issues, and selected issues identified by Oracle Proactive Services and the Oracle Technical Support Center, for the Solaris 10 Operating System for sparc. The patches contained in this patchset are considered the most important and highly recommended patches for Solaris 10.

Joyent CLI basics

I’ve been trying different SmartOS images with Joyent for some time now, but always did everything from the Dashboard.

Joyent’s wonderful dashboard

Most users will never need anything else: the Joyent’s dashboard is incredible – simple yet powerful, providing vital views of your instances and your billing. Wish there was a tool like this for AWS!

Being a developer though, you’ll probably want to give Joyent’s CloudAPI a try. Since I’m not much of a developer, I settled on the NodeJS based CLI tools.

Install Joyent CLI

You need to get a nodejs installed in your environment, and on top of it get the Smart DataCenter module from Joyent:

npm install -g smartdc

There’s at least three variables to configure so that you can use the CLI, SDC_URL reflects the region (DC) you plan on using, that’s Amsterdam for me in Europe. SDC_ACCOUNT is your username, and SDC_KEY_ID is the key you’ll need to get from your Joyent Dashboard:

export SDC_ACCOUNT=greys
export SDC_KEY_ID="aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:ll:mm:nn:oo:pp"

 

List machines

sdc-listmachines is the command you’ll need to list machines.

And once you’re clear on which machine you’d like to inspect, you can use sdc-getmachine with its UUID to confirm all the necessary details about the machine: IPs and hardware configuration, state and access keys, etc.

Here’s how it should look:

greys$ sdc-getmachine d8288fe0-1d88-ef64-XXXX-YYYYYYYYYYYY
{
"id": "d8288fe0-1d88-ef64-XXXX-YYYYYYYYYYYY",
"name": "wp",
"type": "smartmachine",
"state": "stopped",
"image": "70f1b13e-0f85-XXXX-a009-YYYYYYYYYYYY",
"ips": [
"10.224.XXX.YYY",
"37.153.AAA.BBB"
],
"memory": 256,
"disk": 6144,
"metadata": {
"root_authorized_keys": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0lTV5song1ZXSFBdkhCH7brvVYzcV0HPuU/CpRiczLTc5Epox8a+mCza/UWwdCg69HTUGGUEk6CXXXXXXXXXXXXYYYYYYYYYYYYYYYYYYY greys@server.com\n"
},
"tags": {},
"created": "2015-10-09T18:58:18.264Z",
"updated": "2016-01-11T13:27:44.000Z",
"networks": [
"6f996828-b838-11e2-XXXX-YYYYYYYYYYYY",
"0f63aea2-83ee-4c50-XXXX-YYYYYYYYYYYY"
],
"dataset": "sdc:sdc:wordpress:15.1.1",
"primaryIp": "37.153.XXX.YYY",
"firewall_enabled": false,
"compute_node": "44454c4c-4e00-1031-XXXX-YYYYYYYYYYYY",
"package": "t4-standard-256M"
}

Start and stop a machine with Joyent

sdc-startmachine and sdc-stopmachine are the commands which take UUID, and you can use the sdc-getmachine to track progress.

IMPORTANT: if you jus stop your Joyent machine, billing will still be happening unless and until destroy the machine like this:

sdc-deletemachine d8288fe0-1d88-ef64-XXXX-YYYYYYYYYYYY

 

Behaviour of the audit daemon

Always wanted to know how to make a clean start with nightly log rotations in Solaris audit setup.

Turns out it could't be simpler!

From the audit(1M) man page:

audit - control the behavior of the audit daemon

and a bit further down:

-s Notify the audit daemon to read the audit control file. The audit daemon stores the information internally. If the audit daemon is not running but audit has been enabled by means of bsmconv, the audit daemon is started.
-t Direct the audit daemon to close the current audit trail file and exit. Use -s to restart auditing. To disable auditing, use bsmunconv.

So the sequence should be:
1) Close current audit trail file:
audit -t
2) Do log rotation magic
3) Restart audit trail:
audit -s

Using Service Controller to confirm battery status

I’ve been working with a support engineer on replacing an SC battery in one of T2000 servers recently, and noticed that immediately upon rebooting a server it may not be possible to get battery and fans stats because prtdiag command wouldn’t work (picld daemon not fully operating yet).

Turns out, there’s another way to get this info – simply use #. to get back into ALOM and run the showevnironment command. Among other things, it reports battery status:

sc> showenvironment
...
--------------------------------------------------------------------------------
Voltage sensors (in Volts):
--------------------------------------------------------------------------------
Sensor          Status      Voltage LowSoft LowWarn HighWarn HighSoft
--------------------------------------------------------------------------------
MB/V_+1V5       OK            1.48    1.36    1.39    1.60     1.63
MB/V_VMEML      OK            1.79    1.63    1.67    1.92     1.98
MB/V_VMEMR      OK            1.79    1.63    1.67    1.92     1.98
MB/V_VTTL       OK            0.89    0.81    0.83    0.96     0.99
MB/V_VTTR       OK            0.87    0.81    0.83    0.96     0.99
MB/V_+3V3STBY   OK            3.33    3.13    3.16    3.53     3.59
MB/V_VCORE      OK            1.31    1.20    1.24    1.36     1.39
IOBD/V_+1V5     OK            1.48    1.36    1.39    1.60     1.63
IOBD/V_+1V8     OK            1.79    1.63    1.67    1.92     1.96
IOBD/V_+3V3MAIN OK            3.36    3.06    3.10    3.49     3.53
IOBD/V_+3V3STBY OK            3.33    3.13    3.16    3.53     3.59
IOBD/V_+1V      OK            1.18    1.09    1.11    1.28     1.30
IOBD/V_+1V2     OK            1.16    1.09    1.11    1.28     1.30
IOBD/V_+5V      OK            5.09    4.55    4.75    5.35     5.45
IOBD/V_-12V     OK          -12.11  -13.08  -12.84  -11.16   -10.92
IOBD/V_+12V     OK           12.06   10.92   11.16   12.84    13.08
SC/BAT/V_BAT    OK            3.37      --    2.25      --       --

Changing hostname in Solaris

I had to change the host name in one of Solaris zones today, and just out of curiousity looked into /etc/init.d/network script. That’s how I learned a new (to me) option of the uname command, which seems to be specific to Solaris: uname -S <newhostname>.

So here’s a very simple procedure for updating the hostname of your Solaris 10 server.

[Read more…]

Solaris 10 patch return codes

Now that some of the systems I have to regularly patch are Solaris 10 ones, I have to get used to the new patch return codes which one can see when applying one of the Sun’s recommended patchsets. It’s similar to the Solaris 8/9 patchset installation codes, but there are more codes added to the list.

[Read more…]

Shared-IP and Exclusive-IP in Non-Global Solaris Zones

Just a few days ago I’ve been busy configuring one of the Solaris 10 zones on a DMZ server, and sure enough I hit one of the most common IP-related issues with non-global zones.

Shared IP configuration for non-global Solaris zones

By default, non-global zones will be configured with a shared IP functionality. What this means is that IP layer configuration and state is shared between the zone you’re creating and the global zone. This usually implies both zones being on the same IP subnet for each given NIC.

Shared IP mode is defined by the following statement in zone configuration:

set ip-type=shared

[Read more…]

inetadm – intro

inetadm command is used for observing and managing inetd services in Solaris 10.

If you run this command without any parameters, you’ll simply get a list of all the services it manages along with their current status:

solaris# inetadm
ENABLED   STATE          FMRI
enabled   online         svc:/application/x11/xfs:default
enabled   online         svc:/application/font/stfsloader:default
enabled   offline        svc:/application/print/rfc1179:default
enabled   online         svc:/network/rpc/gss:default
disabled  disabled       svc:/network/rpc/mdcomm:default
disabled  disabled       svc:/network/rpc/meta:default
disabled  disabled       svc:/network/rpc/metamed:default
disabled  disabled       svc:/network/rpc/metamh:default
...

[Read more…]

Interesting Solaris blogs

I wonder if someone would be kind enough to share his most interesting Solaris blogs with me?

Here is a partial list of what I regularly read, maybe you’ll like some of it:

Solaris blogs in Russian

Solaris blogs In English

Well, that seems to be all I read. Surely, there are hundreds more on blogs.sun.com and OpenSolaris.org blogs, so I enjoy opening main pages of these resources now and then just to selectively read the most interesting posts (I also find weekly lists of posts on OpenSolaris to be particularly useful).

If you know an interesting Solaris blog, please share it with me and I’ll update the list above.

OpenSolaris: BFU archive anatomy

I think I’ve covered the basics of updating your OpenSolaris using BFU before. This is the post: OpenSolaris BFU. Back then I’ve explained the basics of BFUing.

Today I simply would like to tell a bit more about the contents of a BFU archive, using the latest available one as an example: ON b41.

After you download and unpack the archive, you will get a directory like this:

bash-3.00$ cd /export/dist/archives-b41
bash-3.00$ ls
BINARYLICENSE.txt THIRDPARTYLICENSE.BFU-ARCHIVES
README.BFU-ARCHIVES.i386 i386

[Read more…]