Subscribe: milek's blog
http://milek.blogspot.com/feeds/posts/default
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
adp arg  adp  arg  command  new  online online  online  read write  root solaris  root  solaris zpool  solaris  state  test 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: milek's blog

Robert Milkowski's blog





Updated: 2018-04-17T19:56:48.909+02:00

 



11.3.SRU31 - updated pam_list

2018-04-17T19:56:48.893+02:00

The just released Solaris 11.3 SRU31 has an updated pam_list module which adds support for '*' and comments. The '*' wildcard is really useful, as it allows common PAM configuration where access to a server can be managed only by an allow file. For example, in /etc/pam.d/XXX you can now have:

account sufficient pam_list.so.1 allow=/etc/security/access.conf
If the access.conf file has only '*' which means all users have access, or you can just list users, netgroups or unixgroups.

To achieve the '*' before one had to modify the PAM configuration or use a different module (for example compile pam_access from Linux).

This is a good example of one of the small but very useful changes.



GCC 7 on Solaris 11.4

2018-04-03T12:35:41.594+02:00

How to get gcc-7 on Solaris 11.4?

root@solaris:~# pkg install gcc-7
Packages to install: 14
Mediators to change: 1
Services to change: 1
Create boot environment: No
Create backup boot environment: No

DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 14/14 1822/1822 332.0/332.0 423k/s

PHASE ITEMS
Installing new actions 2253/2253
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1
root@solaris:~#

root@solaris:~# gcc --version
gcc (GCC) 7.3.0

Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

root@solaris:~#
Older versions are available as well.



Golang on Solaris

2018-03-30T03:56:53.444+02:00

So what do you do if you want to program in golang on Solaris 11.4? You just type: pkg install golang



ZFS: Device Removal

2018-03-30T02:59:54.164+02:00

As finally publicly presented at Solaris Tech Day in Vienna couple of weeks ago, ZFS in Solaris 11.4 will have the long awaited on-line device removal feature. This is top-level vdev removal only, but still very useful in some scenarios.

Here is an example on how it works.

First, let's create a test pool whish is a mirror of two disks:

root@solaris:~# zpool create test mirror c1t1d0 c1t3d0
root@solaris:~# zpool status test
pool: test
state: ONLINE
scan: none requested
config:

NAME STATE READ WRITE CKSUM
test ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
c1t1d0 ONLINE 0 0 0
c1t3d0 ONLINE 0 0 0

errors: No known data errors
Now, let's "accidently" add a single disk to stripe with the mirror and copy some data into the pool:

root@solaris:~# zpool add -f test c1t4d0
root@solaris:~# zpool status test
pool: test
state: ONLINE
scan: none requested
config:

NAME STATE READ WRITE CKSUM
test ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
c1t1d0 ONLINE 0 0 0
c1t3d0 ONLINE 0 0 0
c1t4d0 ONLINE 0 0 0

errors: No known data errors

root@solaris:~# cp -rp /usr/share/doc /test/
^C

root@solaris:~# gdf -h /test
Filesystem Size Used Avail Use% Mounted on
test 2.0G 375M 1.6G 19% /test

root@solaris:~# zpool iostat -v test
capacity operations bandwidth
pool alloc free read write read write
---------- ----- ----- ----- ----- ----- -----
test 375M 1.60G 0 181 4.12K 5.04M
mirror-0 242M 766M 0 173 203 3.23M
c1t1d0 - - 0 16 7.73K 3.28M
c1t3d0 - - 0 16 7.53K 3.28M
c1t4d0 132M 876M 0 9 4.91K 2.26M
---------- ----- ----- ----- ----- ----- -----
Now, if we want to remove the accidently added disk drive it is trivial to do so:

root@solaris:~# zpool remove test c1t4d0
And let's check pool status after the device was removed:

root@solaris:~# zpool status test
pool: test
state: ONLINE
scan: resilvered 132M in 1s with 0 errors on Fri Mar 30 01:53:17 2018

config:

NAME STATE READ WRITE CKSUM
test ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
c1t1d0 ONLINE 0 0 0
c1t3d0 ONLINE 0 0 0

errors: No known data errors

root@solaris:~# zpool iostat -v test
capacity operations bandwidth
pool alloc free read write read write
------------------------ ----- ----- ----- ----- ----- -----
test 378M 630M 2 105 8.66K 1.63M
mirror-0 378M 630M 2 80 5.14K 1.21M
c1t1d0 - - 0 8 5.09K 1.22M
c1t3d0 - - 1 7 5.58K 1.22M
------------------------ ----- ----- ----- ----- ----- -----



DTrace GPL'ed

2018-02-23T10:53:41.672+01:00

Looks like DTrace is under GPL now. It would be really great to see it on Linux.







ZFS past & future by Mark Maybee

2017-11-20T11:43:24.518+01:00

allowfullscreen="" frameborder="0" height="270" src="https://www.youtube.com/embed/c1ek1tFjhH8" width="480">



OpenZFS ZIL Internals

2017-11-07T12:43:20.564+01:00

Very interesting presentation on how ZIL works and on latest improvements in OpenZFS, presented during OpenZFS Developer Summit 2017. allowfullscreen="" frameborder="0" height="270" src="https://www.youtube.com/embed/RUb8svObroE" width="480">



General Purpose Server OS

2017-09-12T18:44:56.336+02:00

Is general purpos server OS dead in the next few years? It definitely seems that way.



Sudo and Solaris Privileges

2017-07-04T23:43:00.720+02:00

Sudo on Solaris 10 and Solaris 11 allow to specify a privilege set a command will run with. This is very powerful if you want to be more specific in granting only required privileges for a given command, instead of allowing a command to run as root. Although Solaris has additional/different means to achieve the same, which in some cases is better than sudo, but the latter is what most users are familiar with.

For example, the 'fmadm faulty' command requires sys_admin privilege to run.


milek ALL=()PRIVS="basic,sys_admin" NOPASSWD:/usr/sbin/fmadm faulty
This means that user milek can now run: sudo fmadm faulty
and the command will now work, but it won't run as root - it will execute as user milek with privileges set to basic,sys_admin, which is more secure than allowing the command to run as root.



Solaris Open Source bits move to GitHub

2017-05-16T14:02:11.261+02:00

Alan Coopersmith blogged about migration of Open Source content available in Solaris from java.net to GitHub. This is definitely an improvement.

The new repositories on GitHub are:





Ebbisland and Extremeparr

2017-04-21T12:46:23.254+02:00

Although The Register and others were suggesting Solaris 11 might be affected, it seems not to be the case - according to Oracle Solaris 11 has never been affected be either of them.The Register clarified it as well.

Also if you have a support contract you should have been told this much quicker.

ps. if you have CDE installed on Solaris 10 then there is an IDR available for extremeparr local exploit (again, Solaris 11 is not affected)



Solaris is a dinosaur!

2017-02-25T11:45:30.792+01:00

A friend of mine blogged about Eoraptor, Unaysaurus and T-Rex. A fun read about FreeBSD, Solaris, Linux and others.



Solaris 11 Continuous Delivery Model

2017-01-20T11:53:37.783+01:00

Solaris 11 adopts Continuous Delivery model, which means instead of Solaris 12 there will be Solaris 11.4, 11.5, etc. This is generally a good thing - quicker adoption of new features as most software certified for Solaris 11 should stay certified for the new dot releases, etc. This is also similar to what Microsoft did with Windows.

Oracle also extended Solaris 11 support to 2031.





AI: Distro Constructor and a Custom Script

2016-10-21T13:00:51.920+02:00

When building your own AI images with distro_const it is useful sometimes to add a custom script to modify the resulting image. This is easily achievable by adding a custom script to the xml manifest provided to distro_cons.

For example, to change the default password for user jack, add the following checkpoint to the xml file, just before pre-pkg-img-mode checkpoint. 


<!--
Set password to user jack, should match root password
(if hash contains slashed they need to be backslashed)
-->
<checkpoint name="lock-jack-account"
desc="Lock the jack account from login"
mod_path="solaris_install/distro_const/checkpoints/custom_script"
checkpoint_class="CustomScript">
<args>/usr/bin/gsed -i -e 's/jack:.[^:]*:/jack:XXXXXX:/g'
{PKG_IMAGE_PATH}/etc/shadow
</args>
</checkpoint>




Requiring both GSSAPI and OTP

2016-10-11T12:41:01.757+02:00

Darren Moffat blogged about how to force both GSSAPI (or pubkey) and OTP on Solaris in OpenSSH. This works, although is not entirely obvious how to set it up at first.






SPARC S7 and M7

2016-07-28T12:45:41.474+02:00





SPARC S7

2016-07-01T22:01:58.516+02:00

Oracle released new SPARC S7 CPU and SPARC S7-2 and S7-2L servers. This is really interesting SPARC CPU if you need low-end servers, the first one in many, many years which can compete with x86 both in performance and price. It has some unique features as well.

See launch video.

Various articles on S7:

TheNextPlatform
The Register
PCWorld
ComputerWorld

Also see some benchmarks already published:

SPECjbb2015
SPECjEnterprise2010
Database: S7 vs x86
Yahoo Cloud Serving Benchmark





Adjusting SO_RCVBUF of a running process

2016-05-20T02:07:11.151+02:00

Recently I was looking into how to increase SO_RCVBUF size for a given socket in a running process, without having to restart it. This could be useful, if an application can't be restarted anytime soon, yet there are drops observed due to too low receive buffer set, or perhaps a given application doesn't even allow for the receive buffer to be specified and has a hard-coded value. In my case, an application does allow for the buffer to be specified, but it only sets it on startup and I couldn't restart it.Solaris (nor Linux AFAIK) does not provide a tool to easily adjust the buffer for a socket in a running process, so I looked if I could do it via libproc. The answer is yes, and it is pretty straightforward.I quickly wrote a small C program which changes the SO_RCVBUF size for a given pid and file descriptor number. Let's see an example on how to use it.There is a process with pid 893 listening on port UDP/32623 with the SO_RCVBUG currently set to 128104: # pfiles 893893: /usr/local/bin/test-daemon Current rlimit: 256 file descriptors... 4: S_IFSOCK mode:0666 dev:574,0 ino:43685 uid:0 gid:0 size:0 O_RDWR|O_NONBLOCK FD_CLOEXEC SOCK_STREAM SO_REUSEADDR,SO_SNDBUF(49152),SO_RCVBUF(128104) sockname: AF_INET 0.0.0.0 port: 32623 congestion control: newreno...Let's change the SO_RCVBUG to a higher value:# ./pr_setsockopt 893 4 500000Current SO_RCVBUG is 128104New SO_RCVBUG is 500088# pfiles 893... 4: S_IFSOCK mode:0666 dev:574,0 ino:43685 uid:0 gid:0 size:0 O_RDWR|O_NONBLOCK FD_CLOEXEC SOCK_STREAM SO_REUSEADDR,SO_SNDBUF(49152),SO_RCVBUF(500088) sockname: AF_INET 0.0.0.0 port: 32623 congestion control: newreno...The code is very similar to the one I wrote last time. However, as there is no pr_setsockopt() wrapper function, I wrote one based on how the other pr_* functions are implemented, specifically pr_getsockopt(). The trick is that there is Psyscall() function available, which allows you to call any syscall from the target process, so all that is required is to use it to call SYS_setsockopt. As the source code for Solaris is no longer publicly available, I used Illumos source code. The program was tested only on Solaris 11 x86, although it probably works fine on Solaris 10 and Illumos, and should work on SPARC as well. It is a quick "hack", with no safeguards, no proper argument parsing, etc.Use it at your own risk.// gcc -m64 -lproc -o pr_setsockopt pr_setsockopt.c#include #include #include #include #include #include pr_setsockopt(struct ps_prochandle *Pr, int sock, int level, int optname, void *optval, int optlen) { sysret_t rval; /* return value from getsockopt() */ argdes_t argd[5]; /* arg descriptors for getsockopt() */ argdes_t *adp; int error; if (Pr == NULL) /* no subject process */ return (_so_setsockopt(sock, level, optname, optval, optlen)); adp = &argd[0]; /* sock argument */ adp->arg_value = sock; adp->arg_object = NULL; adp->arg_type = AT_BYVAL; adp->arg_inout = AI_INPUT; adp->arg_size = 0; adp++; /* level argument */ adp->arg_value = level; adp->arg_object = NULL; adp->arg_type = AT_BYVAL; adp->arg_inout = AI_INPUT; adp->arg_size = 0; adp++; /* optname argument */ adp->arg_value = optname; adp->arg_object = NULL; adp->arg_type = AT_BYVAL; adp->arg_inout = AI_INPUT; adp->arg_size = 0; adp++; /* optval argument */ adp->arg_value = 0; adp->arg_object = o[...]






Full command line returned by ps

2016-03-02T01:27:26.263+01:00

ps command can now show full command line on Solaris 11 as well. Thank you Casper.
For more details see here.



ZFS in Ubuntu?

2016-02-26T07:23:14.565+01:00

Interesting news about ZFS to be included in Ubuntu with commercial support as well.
There seem to be licensing issues though.




Remote Management of ZFS servers with Puppet and RAD

2015-08-30T12:39:57.913+02:00

Manuel Zach blogs about how to use Puppet and the new Solaris RAD's REST interface introduced in Solaris 11.3. Solaris RAD is really interesting if you want to manage your servers via a programmatic interface.



Kernel Zones - Adding Local Disks

2015-08-07T14:12:50.070+02:00

It is possible to add a disk drive to a kernel zone by specifying its physical location intead of CTD.


add device
set storage=dev:chassis/SYS/HDD23/disk
set id=1
end
This is very nice on servers like x5-2l with pass-thru controller when all 26 local disks are visible like this.