it seems like all i do is work with solaris. really i don't. sometimes, for reasons beyond me, solaris 10 zones do not like to have sunstudio directories mounted to them despite being explicitely defined in their zonecfg file. permissions or something with -b. whatever. to see if the mounts will actually work, let's do things the long-handed way. if they do work, then let's add a vfstab stanza on the global zone box. 1. identify the directory to be mounted from the global zone to the zone. /opt/SUNWspro 2. create mount target on non-global zone. # zlogin solzone # mkdir -p /opt/SUNWspro this can also be done on the global zone system: # mkdir -p /zones/solzone/root/opt/SUNWspro 3. mount it! global zone # mount -o ro -F lofs /mnt/olddisk /zones/ngzname/root/mnt/olddisk 4. Verify mount point is up and running 4a. From global # mount |grep /opt/SUNWspro /zones/solzone/root/opt/SUNWspro on /opt/SUNWspro read/write/setuid/devices/rstchown/zone=solzone/nozonemod/sharezone=19/dev=3910002 on Mon Feb 25 11:11:11 2013 4b. From non-global zone # df -h /mnt/olddisk /opt/SUNWspro on /opt/SUNWspro read/write/setuid/devices/rstchown/zone=solzone/nozonemod/sharezone=19/dev=3910002 on Mon Feb 25 11:11:11 2013 Super. Add that vfstab entry. vfstab entry /opt/SUNWspro - /zones/solzone/root/opt/SUNWspro lofs - yes -
Monday, February 25, 2013
sol11 export lofs to sol10 zones
Friday, February 22, 2013
sol11 zfs, swap & zone creation woes
I want to create a new sol10 zone on a sol11 sparc system.
I get a message stating that i don't have have memory. Really? Seriously? What *are* they doing?
# swap -s -h
205M available.
Whoops. That's all me.
What to do? Create a swap file. Sure. Let's do the usual, shall we?
# mkfile 5g /swap
# swap -a /swap
"/swap" may contain holes - can't swap on it.
Oh come on. Silly zfs filesystem. Sigh.
Well. Let's see where we can put a swap file...
# zfs list
...
rpool/export 43.5G 68.4G 34K /export
rpool/export/home 66K 68.4G 32K /export/home
rpool/export/home/localuser 34K 68.4G 34K /export/home/localuser
rpool/export/zones 43.5G 68.4G 43K /export/zones
...
Well. zones looks as good a place as any. So, it is a device; and the device is here:
/dev/zvol/dsk/rpool/export/zones
We just know this because that's zfs.
Let's script it, shall we? Just in case we need to do this again. One shot. Create it, activate it, mount it.
if [ ! -L /dev/zvol/dsk/rpool/export/zones/swap ]
then
zfs create -V 5gb rpool/export/zones/swap
fi
echo "/dev/zvol/dsk/rpool/export/zones/swap - - swap - no -" >> /etc/vfstab
/usr/sbin/swap -a /dev/zvol/dsk/rpool/export/zones/swap
mount -a
# swap -s -h
total: 2.0G allocated + 1.3G reserved = 3.3G used, 5.3G available
Awesome.
And now the creation of that zone...
# ./solaris-10u10-sparc.bin -p /export/zones -a 10.10.10.10/20 -z sol10vm
Happiness.
Monday, February 11, 2013
greping dns for a clue
i need to figure out all the sun machines i have in dns. simplifying life, i use sun, sox and sol in their names.
but. i comment out stuff from time to time. what to do?
sed & grep & awk. yes!
The grep part looks for exciting patterns.
The awk part strips everything and prints the first column... which is the hostname. Otherwise we'd get the whole line.
The lot of it is thrown into a file called cleanorama.
so, the reason why i was doing this is so i can figure out the names of my machines on which i need to put a patch. that patch requires my sol machines to be at a certain patch level. of course i have all my systems pubkeyed...
that being said, all i need is a nice script that'll be do a nice loop on that file.
sed & grep & awk. yes!
~ sed -n '/;/!p' db.nothere | grep -e 'sun' -e 'sox' -e 'sol' | awk '{ print $1 }' > cleanorama
The sed half looks through the dns file and removes commented-out lines.The grep part looks for exciting patterns.
The awk part strips everything and prints the first column... which is the hostname. Otherwise we'd get the whole line.
The lot of it is thrown into a file called cleanorama.
so, the reason why i was doing this is so i can figure out the names of my machines on which i need to put a patch. that patch requires my sol machines to be at a certain patch level. of course i have all my systems pubkeyed...
that being said, all i need is a nice script that'll be do a nice loop on that file.
for i in $(cat cleanorama) do ssh root@$i 'uname -a ; cat /etc/release |head -1' >> solrevreport done cat solrevreport |grep -Ev '5.8|Solaris 8|5.9|Solaris 9|5.11|Solaris 11' > sol10reportand voila all those sol 10 machines on which i can do my evil.
libcrypt_d.so a munition? sure.
Oh hey. screen's not working. It complains of libcrypt_d.so libraries being missing. [root@sunbox ~]# ls -la /usr/lib/libcrypt_d.so /usr/lib/libcrypt_d.so: No such file or directory Really? [root@sunbox ~]# ls -la /usr/lib/ |grep libcrypt lrwxrwxrwx 1 root root 17 Jan 21 2011 libcrypt_i.so -> ./libcrypt_i.so.1 -rwxr-xr-x 1 root bin 13960 Jan 22 2005 libcrypt_i.so.1 lrwxrwxrwx 1 root root 20 Jan 21 2011 libcryptoutil.so -> ./libcryptoutil.so.1 -rwxr-xr-x 1 root bin 55376 Mar 16 2010 libcryptoutil.so.1 lrwxrwxrwx 1 root other 13 Jan 21 2011 libcrypt.so -> libcrypt_i.so lrwxrwxrwx 1 root other 15 Jan 21 2011 libcrypt.so.1 -> libcrypt_i.so.1 [root@sunbox ~]# find /usr/lib -name libcrypt_d* Nothing. So, I go here: http://www.oracle.com/technetwork/server-storage/solaris/downloads/encryptionkit-485737.html Accept the license and download: Oracle Solaris 10 Encryption sol-10-encrypt-GA-iso.zip (1.58 MB) Hmm. My system needs to be pre "Oracle Solaris 10 8/07" [root@sunbox ~]# cat /etc/release Solaris 10 11/06 s10s_u3wos_10 SPARC Assembled 14 November 2006 Okay. [root@sunbox ~]# mount -F hsfs -o ro `lofiadm -a /root/sol-10-encrypt-GA.iso` /mnt [root@sunbox ~]# pkgadd -d /mnt/Encryption_10/sparc|i386/Packages The following packages are available: 1 SUNWcrman Encryption Kit On-Line Manual Pages (sparc|i386) 10.0,REV=52.0 2 SUNWcry Crypt Utilities (sparc|i386) 11.10.0,REV=2005.01.21.16.34 3 SUNWcryr Solaris Root Crypto (sparc|i386) 11.10.0,REV=2005.01.21.16.34 Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: all [root@sunbox ~]# umount /mnt [root@sunbox ~]# find /usr/lib -name libcrypt_d* /usr/lib/sparcv9/libcrypt_d.so /usr/lib/sparcv9/libcrypt_d.so.1 /usr/lib/libcrypt_d.so.1
Wednesday, February 6, 2013
recovering openldap & samba 3.4
recovering openldap & samba 3.4 ldif the db copy it over slapadd rm -rf /var/lib/ldap touch DB_,.. smbpasswd -W Enter your root dn or Manager password of OpenLDAP which was specified in /etc/openldap/slapd.conf in rootpw #TLSCertificateFile /etc/ssl/servercerts/server_cert.pem #TLSCertificateKeyFile /etc/ssl/servercerts/server_key.pem certtool --generate-privkey --outfile server.key certtool --generate-request --load-privkey server.key --outfile server.csr certtool --generate-certificate --load-ca-certificate ca.crt --load-ca-privkey ca.key.insecure --load-request server.csr --outfile signed-server.crt main: TLS init def ctx failed: -34
Subscribe to:
Posts (Atom)