Archives for May 2009

Changing hostname in Solaris

I had to change the host name in one of Solaris zones today, and just out of curiousity looked into /etc/init.d/network script. That’s how I learned a new (to me) option of the uname command, which seems to be specific to Solaris: uname -S <newhostname>.

So here’s a very simple procedure for updating the hostname of your Solaris 10 server.

[Read more…]

Solaris 10 patch return codes

Now that some of the systems I have to regularly patch are Solaris 10 ones, I have to get used to the new patch return codes which one can see when applying one of the Sun’s recommended patchsets. It’s similar to the Solaris 8/9 patchset installation codes, but there are more codes added to the list.

[Read more…]

Shared-IP and Exclusive-IP in Non-Global Solaris Zones

Just a few days ago I’ve been busy configuring one of the Solaris 10 zones on a DMZ server, and sure enough I hit one of the most common IP-related issues with non-global zones.

Shared IP configuration for non-global Solaris zones

By default, non-global zones will be configured with a shared IP functionality. What this means is that IP layer configuration and state is shared between the zone you’re creating and the global zone. This usually implies both zones being on the same IP subnet for each given NIC.

Shared IP mode is defined by the following statement in zone configuration:

set ip-type=shared

[Read more…]

Solaris 10 update 7 (5/09) release

Last week yet another update of Solaris 10 OS was released: Solaris 10u7.

What’s new in Solaris 10 update 7?

  • ZFS support when cloning a Solaris zone – quite a useful tool for someone who always copied the files of Solaris zones. I personally did similar cloning myself, but it’s handy that now ZFS cloning is supported in the zoneadm command itself.
  • IPsec – SMF services – Service Management Framework now manages all the necessary IPsec functionality with traditionally thorough approach: interface consistency, restarting anf fault-tracking are all provided. SMF services for IPsec are: ipsec/policy, ipsec/ike, ipsec/manual-key and ipsec/ipsecalgs.
  • SunSSH with OpenSSL PKCS#11 Engine support – this opens way for more optimal use of hardware crypto accelerators.
  • iSCSI Target improvements – greatly improved iSNS (Internet Storage Name Service) support, updates for improved interoperability. Most common iSCSI initiators are now supported
  • NetXen 10-GigE driver – a new NIC driver called ntxn will make it possible to use 10-Gigabit cards on your x86 platform
  • New locale support – greetings go to Kazakhstan and Ukraine which are now fully supported

This isn’t a full list of improvements, so if you’re interested in all the details – please read the official What’s New in Solaris 10 update 7 doc.

Solaris 10 u7 screenshots gallery

I’ve uploaded a few screenshots for you, nothing revolutionary but will still give you an idea if you have never seen Solaris 10 before:

See also:

inetadm – intro

inetadm command is used for observing and managing inetd services in Solaris 10.

If you run this command without any parameters, you’ll simply get a list of all the services it manages along with their current status:

solaris# inetadm
ENABLED   STATE          FMRI
enabled   online         svc:/application/x11/xfs:default
enabled   online         svc:/application/font/stfsloader:default
enabled   offline        svc:/application/print/rfc1179:default
enabled   online         svc:/network/rpc/gss:default
disabled  disabled       svc:/network/rpc/mdcomm:default
disabled  disabled       svc:/network/rpc/meta:default
disabled  disabled       svc:/network/rpc/metamed:default
disabled  disabled       svc:/network/rpc/metamh:default
...

[Read more…]

Interesting Solaris blogs

I wonder if someone would be kind enough to share his most interesting Solaris blogs with me?

Here is a partial list of what I regularly read, maybe you’ll like some of it:

Solaris blogs in Russian

Solaris blogs In English

Well, that seems to be all I read. Surely, there are hundreds more on blogs.sun.com and OpenSolaris.org blogs, so I enjoy opening main pages of these resources now and then just to selectively read the most interesting posts (I also find weekly lists of posts on OpenSolaris to be particularly useful).

If you know an interesting Solaris blog, please share it with me and I’ll update the list above.

OpenSolaris: BFU archive anatomy

I think I’ve covered the basics of updating your OpenSolaris using BFU before. This is the post: OpenSolaris BFU. Back then I’ve explained the basics of BFUing.

Today I simply would like to tell a bit more about the contents of a BFU archive, using the latest available one as an example: ON b41.

After you download and unpack the archive, you will get a directory like this:

bash-3.00$ cd /export/dist/archives-b41
bash-3.00$ ls
BINARYLICENSE.txt THIRDPARTYLICENSE.BFU-ARCHIVES
README.BFU-ARCHIVES.i386 i386

[Read more…]

ZFS: managing filesystems

It’s been quite a while since I’ve cleared one of internal disks in my Netra t105 to bring it under ZFS control. As a result, I now have a 33Gb zfs-pool to experiment with. Today I had some spare time, so I decided to share with you the very basics of managing ZFS filesystems.

So this is the ZFS pool I have:

solaris# zpool list
NAME                    SIZE    USED   AVAIL    CAP  HEALTH     ALTROOT
stock                  33.8G   2.40G   31.4G     7%  ONLINE     -

[Read more…]

DTrace: mod_auth_pam and apache2

One of our users has asked me to help with PAM authentication for Apache 2 on one of our remote servers.

Note: going with mod_auth_pam was decision made without me, and I was only asked to help get the chosen solution work. This being said, the recommended way to do external authentication for Apache 2 now is to use the mod_authz_external module and pwauth password authenticator.

It did seem like a rather trivial task – download mod_auth_pam, compile it for Apache 2, make sure everything works. The remote server uses NIS, I could freely log onto it.

And you know what? It didn’t work!

[Read more…]

Debugging PHP with DTrace, part 2

Your next step in observing PHP with DTrace could easily be the following script. It times how much time (in nanoseconds) each Apache process has spent running a particular PHP function.

This script generates a table of Apache PIDs and PHP scripts started within, and later you’ll get a table of all the functions with PIDs which ran them and the time spent.

[Read more…]