Monday, February 25, 2013

sol11 export lofs to sol10 zones

it seems like all i do is work with solaris.  really i don't.

sometimes, for reasons beyond me, solaris 10 zones do not like to have sunstudio directories mounted to them despite being explicitely defined in their zonecfg file.
permissions or something with -b.  whatever.

to see if the mounts will actually work, let's do things the long-handed way.  if they do work, then let's add a vfstab stanza on the global zone box.

1. identify the directory to be mounted from the global zone to the zone.

2.  create mount target on non-global zone.
# zlogin solzone
# mkdir -p /opt/SUNWspro

this can also be done on the global zone system:
# mkdir -p /zones/solzone/root/opt/SUNWspro

3.  mount it!  global zone
# mount -o ro -F lofs /mnt/olddisk /zones/ngzname/root/mnt/olddisk

4. Verify mount point is up and running
4a. From global

# mount |grep /opt/SUNWspro
/zones/solzone/root/opt/SUNWspro on /opt/SUNWspro read/write/setuid/devices/rstchown/zone=solzone/nozonemod/sharezone=19/dev=3910002 on Mon Feb 25 11:11:11 2013

4b. From non-global zone

# df -h /mnt/olddisk
/opt/SUNWspro on /opt/SUNWspro read/write/setuid/devices/rstchown/zone=solzone/nozonemod/sharezone=19/dev=3910002 on Mon Feb 25 11:11:11 2013

Super.  Add that vfstab entry.

vfstab entry
/opt/SUNWspro   -       /zones/solzone/root/opt/SUNWspro      lofs    -       yes     -

Friday, February 22, 2013

sol11 zfs, swap & zone creation woes

I want to create a new sol10 zone on a sol11 sparc system.

I get a message stating that i don't have have memory.  Really?  Seriously?  What *are* they doing?

# swap -s -h

205M available. 

Whoops.  That's all me.

What to do?  Create a swap file.  Sure.  Let's do the usual, shall we?

# mkfile 5g /swap
# swap -a /swap
"/swap" may contain holes - can't swap on it.

Oh come on.  Silly zfs filesystem.  Sigh.

Well.  Let's see where we can put a swap file...

# zfs list

rpool/export                                           43.5G  68.4G    34K  /export
rpool/export/home                                      66K    68.4G    32K  /export/home
rpool/export/home/localuser                            34K    68.4G    34K  /export/home/localuser
rpool/export/zones                                     43.5G  68.4G    43K  /export/zones

Well.  zones looks as good a place as any.  So, it is a device; and the device is here:
We just know this because that's zfs.

Let's script it, shall we?  Just in case we need to do this again.  One shot.  Create it, activate it, mount it.

if [ ! -L /dev/zvol/dsk/rpool/export/zones/swap ]
       zfs create -V 5gb rpool/export/zones/swap
echo "/dev/zvol/dsk/rpool/export/zones/swap -  -  swap  -  no   -" >> /etc/vfstab
/usr/sbin/swap -a /dev/zvol/dsk/rpool/export/zones/swap
mount -a

# swap -s -h
total: 2.0G allocated + 1.3G reserved = 3.3G used, 5.3G available


And now the creation of that zone...
# ./solaris-10u10-sparc.bin -p /export/zones -a -z sol10vm


Monday, February 11, 2013

greping dns for a clue

i need to figure out all the sun machines i have in dns. simplifying life, i use sun, sox and sol in their names. but. i comment out stuff from time to time. what to do?
sed & grep & awk. yes!
~ sed -n '/;/!p' db.nothere | grep -e 'sun' -e 'sox' -e 'sol' | awk '{ print $1 }' > cleanorama
The sed half looks through the dns file and removes commented-out lines.
The grep part looks for exciting patterns.
The awk part strips everything and prints the first column... which is the hostname. Otherwise we'd get the whole line.
The lot of it is thrown into a file called cleanorama.

so, the reason why i was doing this is so i can figure out the names of my machines on which i need to put a patch. that patch requires my sol machines to be at a certain patch level. of course i have all my systems pubkeyed...
that being said, all i need is a nice script that'll be do a nice loop on that file.
for i in $(cat cleanorama)
ssh root@$i 'uname -a ; cat /etc/release |head -1' >> solrevreport

cat solrevreport |grep -Ev '5.8|Solaris 8|5.9|Solaris 9|5.11|Solaris 11' > sol10report
and voila all those sol 10 machines on which i can do my evil. a munition? sure.

Oh hey.  screen's not working.  It complains of libraries being missing.

[root@sunbox ~]# ls -la /usr/lib/
/usr/lib/ No such file or directory


[root@sunbox ~]# ls -la /usr/lib/ |grep libcrypt
lrwxrwxrwx   1 root     root          17 Jan 21  2011 -> ./
-rwxr-xr-x   1 root     bin        13960 Jan 22  2005
lrwxrwxrwx   1 root     root          20 Jan 21  2011 -> ./
-rwxr-xr-x   1 root     bin        55376 Mar 16  2010
lrwxrwxrwx   1 root     other         13 Jan 21  2011 ->
lrwxrwxrwx   1 root     other         15 Jan 21  2011 ->

[root@sunbox ~]# find /usr/lib -name libcrypt_d*


So, I go here:

Accept the license and download:

Oracle Solaris 10 Encryption (1.58 MB)

Hmm.  My system needs to be pre "Oracle Solaris 10 8/07"

[root@sunbox ~]# cat /etc/release

Solaris 10 11/06 s10s_u3wos_10 SPARC
Assembled 14 November 2006

[root@sunbox ~]#  mount -F hsfs -o ro `lofiadm -a /root/sol-10-encrypt-GA.iso` /mnt
[root@sunbox ~]#  pkgadd -d /mnt/Encryption_10/sparc|i386/Packages

The following packages are available:
1 SUNWcrman Encryption Kit On-Line Manual Pages
(sparc|i386) 10.0,REV=52.0
2 SUNWcry Crypt Utilities
(sparc|i386) 11.10.0,REV=2005.
3 SUNWcryr Solaris Root Crypto
(sparc|i386) 11.10.0,REV=2005.

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all

[root@sunbox ~]#  umount /mnt

[root@sunbox ~]# find /usr/lib -name libcrypt_d*

Wednesday, February 6, 2013

recovering openldap & samba 3.4

recovering openldap & samba 3.4

ldif the db
copy it over

rm -rf /var/lib/ldap

touch DB_,..

smbpasswd -W
Enter your root dn or Manager password of OpenLDAP which was specified in /etc/openldap/slapd.conf in rootpw 

#TLSCertificateFile /etc/ssl/servercerts/server_cert.pem
#TLSCertificateKeyFile /etc/ssl/servercerts/server_key.pem

certtool --generate-privkey --outfile server.key
certtool --generate-request --load-privkey server.key --outfile server.csr
certtool --generate-certificate --load-ca-certificate ca.crt --load-ca-privkey ca.key.insecure --load-request server.csr --outfile signed-server.crt

main: TLS init def ctx failed: -34 

be above it

Solaris 10, 9, 8... what's you're release?
# cat /etc/release
You have no excuse.