Showing posts with label smf. Show all posts
Showing posts with label smf. Show all posts

Monday, December 3, 2012

Solaris 10: Using Postgres (Part 1)

(Postgres Logo)
Abstract:
Solaris had long been the operating system for performing managed services in the telecommunication arena. During a time when Oracle priced Solaris out of the market by charging a higher fee for similarly performing hardware than other competitors, Sun Microsystems started bundling Postgres and later purchased MySQL for bundling. Postgres is a simple, easy to enable, royalty free database available for Solaris. This article will discuss setting up the Solaris 10 bundled Postgres database.
(Sun Microsystems Logo)

History:
From the first pages of the PostgreSQL documentation:
The object-relational database management system now known as PostgreSQL is derived from the POSTGRES package written at the University of California at Berkeley. With over a decade of development behind it, PostgreSQL is now the most advanced open-source database available anywhere. The POSTGRES project, led by Professor Michael Stonebraker, was sponsored by the Defense Advanced Research Projects Agency (DARPA), the Army Research Office (ARO), the National Science Foundation (NSF), and ESL, Inc. The implementation of POSTGRES began in 1986.
Postgres has existed a long time, from the same roots as Berkeley UNIX, the original base operating system for Sun Microsystem's Solaris.
(Sun Solaris Logo)

Versions:
Under Solaris 10, Sun Microsystems bundled Postgres. Basic directory structures are as follows:
V240/root$ ls -la /*r/postgres
/usr/postgres:
total 12
drwxr-xr-x  6 root bin  512 Jan  2  2010 .
drwxr-xr-x 44 root sys 1024 Mar  6  2010 ..
drwxr-xr-x 10 root bin  512 Jan  2  2010 8.2
drwxr-xr-x  9 root bin  512 Jan  2  2010 8.3
drwxr-xr-x  2 root bin  512 Jan  2  2010 jdbc
drwxr-xr-x  6 root bin  512 Jan  2  2010 upgrade

/var/postgres:
total 8
drwxr-xr-x  4 postgres postgres  512 Jan  2 2010 .
drwxr-xr-x 51 root     sys      1024 Nov 10 2010 ..
drwxr-xr-x  4 postgres postgres  512 Jan  2 2010 8.2
drwxr-xr-x  5 postgres postgres  512 Jan  2 2010 8.3 
Under Solaris 10, Postgres 8.2 and 8.3 are shipped. With 8.3, both 32 and 64 bit versions.

(It should be noted that with Postgres 8.3, community support is projected to end in 2012.)

File System Locations:
Before using Postgres, it may be advisable to mount additional disks in a ZFS pool and mount them. This is not strictly the "correct" way to set up a set of database directories, but for a small system where root disks are mirrored and a second set of mirrored disks are used for applications, it will be adequate.

V240/root$ zfs create zpool1/pg_8_3_backups
V240/root$ zfs create zpool1/pg_8_3_data  
V240/root$ zfs create zpool1/pg_8_3_data_64

V240/root$ zfs set mountpoint=/var/postgres/8.3/backups zpool1/pg_8_3_backups
V240/root$ zfs set mountpoint=/var/postgres/8.3/data zpool1/pg_8_3_data     
V240/root$ zfs set mountpoint=/var/postgres/8.3/data_64 zpool1/pg_8_3_data_64
 
V240/root$ zfs list
NAME                   USED AVAIL REFER MOUNTPOINT
zpool1                1.92G 65.0G 1.92G /u001
zpool1/pg_8_3_backups   21K 65.0G   21K /var/postgres/8.3/backups
zpool1/pg_8_3_data      21K 65.0G   21K /var/postgres/8.3/data
zpool1/pg_8_3_data_64   21K 65.0G   21K /var/postgres/8.3/data_64

V240/root$ cd /var/postgres/8.3
V240/root$ chown -R postgres:postgres *

The final 2 steps are critical, if ZFS file systems will be mounted and used, the default ownership is "root" and the starting process will fail if those ZFS directories are not owned by the dba "postgres".

When starting 8.3 version of Postgres, the data should now be stored on zpool1 application pool.

Services:
Postgres is a first-class citizen under Solaris 10. There are no start/sop scripts needed to be written - they are pre-bundled as a variety of services within Solaris Service Management Facility (SMF).
V240/root$ svcs "*postgres*"  
STATE    STIME    FMRI
disabled 12:49:12 svc:/application/database/postgresql:version_82
disabled 12:49:12 svc:/application/database/postgresql:version_82_64bit
disabled 12:49:12 svc:/application/database/postgresql_83:default_32bit
disabled 12:49:12 svc:/application/database/postgresql:version_81
disabled 12:49:13 svc:/application/database/postgresql_83:default_64bit
 The database version of choice can be enabled through SMF.

Review Database Owner:
Solaris comes with role based access to Postgres pre-installed. They should look similar to the following:
V240/root$ grep postgres /etc/passwd /etc/user_attr /etc/security/exec_attr
 
/etc/passwd:postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
 
/etc/user_attr:postgres::::type=role;profiles=Postgres Administration,All
 
/etc/security/exec_attr:Postgres Administration:solaris:cmd:::/usr/postgres/8.2/bin/initdb:uid=postgres
/etc/security/exec_attr:Postgres Administration:solaris:cmd:::/usr/postgres/8.2/bin/ipcclean:uid=postgres
/etc/security/exec_attr:Postgres Administration:solaris:cmd:::/usr/postgres/8.2/bin/pg_controldata:uid=postgres
/etc/security/exec_attr:Postgres Administration:solaris:cmd:::/usr/postgres/8.2/bin/pg_ctl:uid=postgres
/etc/security/exec_attr:Postgres Administration:solaris:cmd:::/usr/postgres/8.2/bin/pg_resetxlog:uid=postgres
/etc/security/exec_attr:Postgres Administration:solaris:cmd:::/usr/postgres/8.2/bin/postgres:uid=postgres
/etc/security/exec_attr:Postgres Administration:solaris:cmd:::/usr/postgres/8.2/bin/postmaster:uid=postgres
With the permissions and dba account set up correctly, it should be ready to start.

Starting Postgres:
The Postgres database can be started from the  dba user.
V240/user$ su - root
Password:
V240/root$ su - postgres
V240/postgres$ svcadm enable svc:/application/database/postgresql_83:default_64bit

V240/postgres$ svcs "*postgres_83:default_64bit"
STATE    STIME   FMRI
offline* 0:43:27 svc:/application/database/postgresql_83:default_64bitsvcs: Pattern
 
V240/postgres$ svcs "*postgresql_83:default_64bit"
STATE   STIME   FMRI
online  0:43:37 svc:/application/database/postgresql_83:default_64bit
It may take a couple of minutes to start up for the first time, since many files from a sample database will need to be copied into the new directory structure, and onto the ZFS file systems.

Setting Up Sample Role/User, Database, and Client Access:
By default, all authenticated users are allowed to leverage the Postgres database under Solaris, but only on the same host. The default version of Postgres may be older than the version you wish to use.
V240/ivadmin$ type createdb psql
createdb is /usr/bin/createdb
psql is /usr/bin/psql

V240/ivadmin$ psql --version
psql (PostgreSQL) 8.1.18
contains support for command-line editing

V240/ivadmin$ createdb --version
createdb (PostgreSQL) 8.1.18
Since Solaris supports multiple versions of Postgres, it is important to set paths before using commands. A command should be used in the top of any script which runs Postgres or any command prompt where the user is intending on performing a lot of Postgres work.
V240/user$ PATH=/usr/postgres/8.3/bin:$PATH
V240/user$ export PATH
A privileged "role" (or "user") can set up a database and client access from another "user" or "role". The "createuser" binary is a wrapper around the "CREATE ROLE" command in Postgres.
In the case below, a new non-superuser (-S) will be created, which can create databases ("-d"), be restricted from creating new "roles" or "users" (-R), and log into the database ("-l"). Also, the binary command will echo the postgres command used ("-e"), for clarity sake.
V240/user$ su - root
Password:
V240/root$ su - postgres
V240/postgres$ PATH=/usr/postgres/8.3/bin:$PATH 
V240/postgres$ export PATH
V240/postgres$ createuser -S -d -R -l -e user
CREATE ROLE user NOSUPERUSER CREATEDB NOCREATEROLE INHERIT LOGIN;

(The addition of the proper path was used, in case it is not set up globally on the platform.)

The creation of the database can now be done by the Solaris user "user", which is also Postgres "role". By default, the name of the database is the same name as the "user".
V240/user$ PATH=/usr/postgres/8.3/bin:$PATH
V240/user$ export PATH
V240/ivadmin$ createdb -e
CREATE DATABASE user;

After the database is created, the
V240/ivadmin$ psql
Welcome to psql 8.3.8, the PostgreSQL interactive terminal.
Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit
user=>
The process of creating objects in the database can now take place.

Client Access Error:
If the user has never created a database, the first attempt access attempt will present an error such as:
V240/user$ psql
psql: FATAL:  database "user" does not exist

This indicates that a database must be created for that user.

Creating Database Error:
The "createdb" executable is a binary wrapper around the "create database" Postgres command. Databases are created by "cloning" a standard database template. If a database is created before the role is created, an error such as the following is presented:
V240/user$ createdb
createdb: could not connect to database postgres: FATAL:  role "user" does not exist
Before a database can be created, a user must be able to do this.

Creating Role Error:
A "role" is sometimes referred to as a "user". The Solaris user name is often tied directly as the "role". If the user is not privileged, the following error is presented:
V240/ivadmin$ createuser
Enter name of role to add: user
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n
createuser: could not connect to database postgres: FATAL:  role "user" does not exist
A privileged user must create new "roles". Under Solaris, this is the "postgres" user.

Resources:
Other Postgres resources are noted below:
[html] PostgreSQL 8.3.21 Documentation
[html] Dynamic Tracing of PostgreSQL via DTrace (in 8.3)
[pdf] Availability of PostgreSQL in the Data Center
[html] 2010-05 Setting up PostgreSQL under Solaris 10
[pdf] 2008-?? - Best Practices with PostgreSQL on Solaris
[html] 2005-11 - Tuning PostgreSQL under Solaris x64
[html] 2005-05 - Tuning Write Performance of PostgreSQL on Solaris
[html] 2005-04 - Tuning Solaris for PostgreSQL Read and Write Performance (8.0.2)

Posted by at No comments:
Labels: , , , , , , , , , , ,

Thursday, October 4, 2012

Solaris Services

Abstract:
Services in the System VR4 world were traditionally managed through facilities such as /etc/rc scripts, /etc/initab, and /etc/inetd.conf family of facilities. There were disadvantages regarding these families, regarding configuration differences, monitoring for failures, and provisioning. Solaris 10 introduced SMF, or Solaris Service Management Facility, which is now available in most modern operating systems. This script helps to recursively display the dependent services.

Script:
The script must remain in your execution path and must have the executable bit set.
#!/bin/ksh
# script: r_svcs2.sh
# author: david halko
# license: cddl - must retain authorship note in any usage
# purpose: recursively show dependent services maximum level of 4 deep
# version: 1.0 - released using + instead of tabs for blogspot illustration
# usage: r_svcs2.sh [service]
# examples: r_svcs2.sh inetd
# r_svcs2.sh gdm2-login
#
Param="${1}"
Deep="${2}"

[ "${2}" = "++++" ] && exit # exit if too many levels deep

if [ "${1}" = "" ]; then
nawk '/^#/ !/^#/ { exit }' `whence ${0}`
else
echo "${Deep}\c"
svcs -H ${Param} 2>&1 || exit
svcs -dH ${Param} 2>&1 | nawk '{ print $3 }' | sort -u | while read Param2
do
r_svcs2.sh "${Param2}" "+${Deep}"
done
fi

Help Screen:
The help screen will come up as default if you do not supply any options.
V240/user$ r_svcs2.sh
#!/bin/ksh
# script: r_svcs2.sh
# author: david halko
# license: cddl - must retain authorship note in any usage
# purpose: recursively show dependent services maximum level of 4 deep
# version: 1.0 - released using + instead of tabs for blogspot illustration
# usage: r_svcs2.sh [service]
# examples: r_svcs2.sh inetd
# r_svcs2.sh gdm2-login
#

Example Run:
The expanded dependencies can get quite large. An arbitrary number of 4 levels deep was coded into the script to keep the script from running for hours on slow machines. A simple run is illustrated below.
V240/user$ r_svcs2.sh gdm2-login
disabled Sep_29 svc:/application/gdm2-login:default
+online Sep_29 svc:/system/filesystem/local:default
++online Sep_29 svc:/milestone/single-user:default
+++online Sep_29 svc:/milestone/devices:default
+++online Sep_29 svc:/milestone/network:default
+++online Sep_29 svc:/network/loopback:default
+++online Sep_29 svc:/system/cryptosvc:default
+++online Sep_29 svc:/system/filesystem/minimal:default
+++online Sep_29 svc:/system/identity:node
+++online Sep_29 svc:/system/installupdates:default
+++online Sep_29 svc:/system/keymap:default
+++online Sep_29 svc:/system/manifest-import:default
+++disabled Sep_29 svc:/system/metainit:default
+++online Sep_29 svc:/system/patchchk:default
+++online Sep_29 svc:/system/sysevent:default
++online Sep_29 svc:/system/filesystem/minimal:default
+++online Sep_29 svc:/system/device/local:default
+++online Sep_29 svc:/system/filesystem/usr:default
+online Sep_29 svc:/system/utmp:default
++online Sep_29 svc:/milestone/sysconfig:default
+++online Sep_29 svc:/milestone/single-user:default
+++online Sep_29 svc:/system/sysidtool:net
+++online Sep_29 svc:/system/sysidtool:system
Posted by at No comments:
Labels: , , ,

Thursday, July 12, 2012

Remember The Past, Forging The Future

Abstract:
There is value to remember history and listen to recent great thinkers when considering the future. The following are my highlights of the presentation by Bryan M. Cantrill of Joyent from a little over a half-year ago.


USENIX 2011 Presentation - Fork Yeah! The Rise and Development of illumos
  • Introduction of History from SunOS, Solaris, to Illumos - 0:00-1:20
  • SunOS 4.x , Solaris 2.0, Solaris 2.1, - 1:20-3:00
  • Source Code Control: NSE, NSElite, Bitkeeper, TeamWare, to The Creation of GIT 3:00-4:00
  • Solaris 2.3, Solaris 2.4, Solaris 2.5 (almost killed Solaris for BSD) - 4:00-5:20
  • BDFL Software Model (Benevolent Dictator For Life) - 5:20-6:00
  • The Bonwick Youth - 6:40-7:00; 8:41-10:00
  • The Impact of Windows Scalability Day 1997 - 8:00-8:41
  • Revolutionary Ideas 2001 - 10:00-12:00
  • 1) ZFS - 12:00-12:15
  • 2) DTrace - 12:15-13:00
  • 3) Kevlar/Zones - 13:00-14:00
  • 4-8) FMA, SMF, FireEngine, Crossbow, Least Privilege- 14:45-15:44
  • Sun: Feuding Bands of Warlords - 15:44-16:00
  • Innovation from Engineers, not Management, Marketing, Customer - 16:45-18:20
  • Kiln of unspeakable pain - 17:30-18:00
  • People, Not Organizations, Innovate - 18:00-18:20
  • OS is a Loss Leader - 18:40-19:00
  • Sun was The Open Systems Company (ex. NFS) - 19:40-20:00
  • The Open Sourcing of Solaris - 20:00-21:00
  • The Crap Code, not Innovative, costs money - 21:00-21:20
  • The First Open Source, DTrace - 22:00-22:30
  • Proprietary Drivers, CDDL Licensing - 23:15-25:00
  • Fork-a-phobic, Boards, Elections, Governance, Politics - 27:00-28:00
  • Copyright Assignment Concerns - 29:00-29:30
  • OpenSolaris Missile Crisis, independent OGB - 30:00-33:00
  • End of an Era, Oracle bought Sun - 33:00-34:00
    Kicked butt, had fun, didn't cheat, loved customers, changed computing forever
  • Birth of Illumos - 39:50-41:20
  • 2010 Friday 13th memo, Death of OpenSolaris - 41:20-43:50
  • Solaris Diaspora - 44:00-45:30
  • Illumos Innovation, No Illumos Copyright - 45:30-46:50
  • Joint Working Group for ZFS - 47:00-50:00
    Feature flag, compression ratio, estimated zfs send/receive, Zone I/O throttling, ZFS unmap, background destroy, resumable send
  • DTrace - 50:00-52:00
    Log-linear quantization, KVM support for vmregs, tracemem(), toupper(), tolower(), etc.
  • Zones - 52:00-55:00
    More multi-tenancy under Illumos than Solaris, svcs -Z, svcs -L, per-zone kstat, new rcapd,
  • KVM - 55:00-57:00
    Windows, Linux, BSD on near bare-metal speed (ZFS, Dtrace, Zones); KVM in a Zone
  • Black Hat: "Break out of QEMU into a more secure cell" - 57:00-57:17
  • Illumos Distributions - 57:30-58:00
  • Illumos Community Values - 58:00-58:30
    Freedom to Fork; Benevolent Oligarchy; Value Utility
    "We reject: kings, presidents, voting.We believe in: rough concensus, running code" 
Foot Note:
History has consequences - not long after this, Solaris 11 source code was leaked from Oracle... of which, ironically, no one wants to use. Open Sourced Components bundled with Solaris 11 can be found here.
Posted by at No comments:
Labels: , , , , , , , , ,

Friday, March 18, 2011

Protect Your Applications with Oracle Solaris Security


Protect Your Applications with Oracle Solaris Security

A short tutorial introducing a developer or administrator to Solaris 11 Security features.
Features covered include:
  • Privileges
  • RBAC (Rights and Authorizations)
  • Integration with SMF
These basic features exist in Solaris 10 as well as Solaris 11, but this lab is targeted at Solaris 11 platform.
Posted by at No comments:
Labels: , , , , ,

Friday, February 11, 2011

Enabling SaMBa Under Solaris 10



Enabling SaMBa Under Solaris 10

Abstract:
IBM created a proprietary file sharing protocol under DOS referred to as SMB. This was adopted by Microsoft, and it later became referred to as CIFS. Open Source developers took a portion of the file sharing suite an implemented it under a product called SaMBa. Solaris 10 ships with an installation of SaMBa to allow for rudimentary SMB and CIFS cfile sharing.


Installation:
SaMBa is already installed with Solaris 10 Update 4 until Update 9. Creating a configuration file with a service start is all that is required. The Samba book from O'Reilly is an excellent resource in trying to understand all of the obtuse options available

Configuration:
Check to see if you are working with a fairly recent release of Solaris 10, with the SaMBa support.
sunv890/user$ svcs -a | grep samba
disabled       Jan_28   svc:/network/samba:default

If you try to enable SaMBa without the configuration file, the service will not function, but will reside in maintenance mode until repaired and restarted:
sunv890/root$ svcadm enable samba

sunv890/user$ svcs -a | grep samba
maintenance    10:23:47 svc:/network/samba:default

The Service Management Facility (SMF) will identify the failed service and log the problem.
SaMBa/user$ tail /var/adm/messages
Feb 11 14:08:46 sunv890 svc.startd[7]: [ID 652011 daemon.warning] svc:/network/samba:default: Method "/usr/sfw/sbin/smbd -D" failed with exit status 255. Feb 11 14:08:46 SaMBa svc.startd[7]: [ID 748625 daemon.error] network/samba:default failed: transitioned to maintenance (see 'svcs -xv' for details)

Debugging is fairly simple - just look for the configuration file. In this example, there is none.
sunv890/user$ ls -al /etc/sfw/smb.conf
/etc/sfw/smb.conf: No such file or directory

Create a sample configuration file to share the temporary directory as writable, ensure SaMBa will be derived as a host name, install the configuration file. (Note, you can always substitute an IP Address for SaMBa.)
sunv890/user$ cat /etc/sfw/smb.conf
# Global parameters
[global]
workgroup =
netbios name = SaMBa
security = SHARE
local master = No
guest account = nobody
delete veto files = Yes
encrypt passwords = Yes
winbind uid = 10000-65000
# Configure Samba to enable or require SMB signing as appropriate.
# To enable SMB signing, put in Samba config global section
;  server signing = auto
# To require SMB signing, put in Samba config global section
   server signing = mandatory
# Disable LANMAN Authentication in Samba config global section
   lanman auth = No

[Temp]
comment = Temporary Share
path = /tmp
writeable = Yes
guest ok = Yes
preserve case = No

sunv890/root$ svcadm disable samba              

sunv890/root$ svcadm enable samba

sunnv890/user$ svcs samba
STATE          STIME    FMRI
online         14:17:01 svc:/network/samba:default

To test your installation, from a Windows platform, try to browse the temporary directory, or read a sample file which you know is in the directory.
Start -> Run -> \\sunv890\Temp
Start -> Run -> wordpad \\sunv890\Temp\smb.conf
Conclusion:
The SaMBa configuration under Solaris 10 is simple and managed well by the Service Management Facility infrastructure of Solaris 10.

Editor's Note: This blog article was published in 2011 and adjusted in 2017-08-14 to add Signing and Authentication enhancements to the default SaMBa configuration.
Posted by at No comments:
Labels: , , , , , , , , , ,

Tuesday, February 1, 2011

Primer: Solaris 10 Update 9



Primer: Solaris 10 Update 9

During the installation of Solaris 10 Update 9, there may be several odd symptoms that might catch an installer by surprise.

Sluggish or Long Login Time
Takes 20 seconds run quota during a login

If logging into a server with "rlogin", "telnet" or "ssh" taking a long time, try to perform a "prstat" during the login process. You may get about 20 seconds to figure out what is going wrongly. The "root" user may not experience the delay.

If "quota" is showing up for an extended period of time, it may be due to a search over NFS mounted file systems without NFS being configured correctly. This can be alleviated by unmounting the mounted NFS file system. The "mount | grep nfs" will help to identify the nfs file systems (you can normally ignore "vold".)
sunv890/user$ nawk '/nfs/ && !/vold/' /etc/mnttab
sunt2000:/u000/prodsupt /mnt nfs rw,xattr,dev=5ec0004 1296682012 sunv890/dh127087$ time quota
real 0m20.03s ...
sunv890/root$ umount /mnt
sunv890/user$ nawk '/nfs/ && !/vold/' /etc/mnttab
sunv890/user$ time quota
real 0m0.02s ...
Ensure quota and nfs partitions are properly configured on a newly installed system.

Occasional Network Failures
node name or service name not known

Some common operations may occasionally fail, for no apparent reason, such as: ping, telnet, ftp, etc. This is usually a name resolution issue. DNS is more commonly run by non-robust operating systems, so these types of errors may become more frequent.

If you have a variety of servers in a cluster or network management servers, where the ip addresses do not change - one may wish to basically guarantee the name resolution for those connections attempts by adding those ip & server entries to the "/etc/hosts" file and adjusting your "hosts:" option in the "/etc/nsswitch.conf" to perform a host table lookup before going to DNS via: "hosts: files dns".

v890/user$ grep host /etc/nsswitch.conf
# "hosts:" and "services:" in this file are used only if the
#hosts:     dns files
hosts:      files dns
Don't let an consumer appliances, immature or consumer grade operating systems place your mission critical operation at risk.

Service Management Facility
How to tell what services are available

Solaris 10 offers a large variety of services to the user and application community. If functionality you are expecting is not working "out of the box", it is a good chance there is a security reason for it. The best place to start is by getting a description of that services are available.

Ultra60/root# svcs -o FMRI,DESC | sort
FMRI                                               DESC
lrc:/etc/rc2_d/S10lu                               -
lrc:/etc/rc2_d/S20sysetup                          -
lrc:/etc/rc2_d/S40llc2                             -
lrc:/etc/rc2_d/S42ncakmod                          -
lrc:/etc/rc2_d/S47pppd                             -
lrc:/etc/rc2_d/S70uucp                             -
lrc:/etc/rc2_d/S72autoinstall                      -
lrc:/etc/rc2_d/S73cachefs_daemon                   -
lrc:/etc/rc2_d/S81dodatadm_udaplt                  -
lrc:/etc/rc2_d/S89bdconfig                         -
lrc:/etc/rc2_d/S89PRESERVE                         -
lrc:/etc/rc2_d/S90loc_ja_cssd                      -
lrc:/etc/rc2_d/S91ifbinit                          -
lrc:/etc/rc2_d/S91jfbinit                          -
lrc:/etc/rc2_d/S94ncalogd                          -
lrc:/etc/rc2_d/S98deallocate                       -
lrc:/etc/rc3_d/S16boot_server                      -
lrc:/etc/rc3_d/S50apache                           -
lrc:/etc/rc3_d/S52imq                              -
lrc:/etc/rc3_d/S80mipagent                         -
lrc:/etc/rc3_d/S84appserv                          -
lrc:/etc/rc3_d/S84patchserver                      -
svc:/application/cde-printinfo:default             CDE Print Viewer
svc:/application/font/fc-cache:default             FontConfig Cache Builder
svc:/application/font/stfsloader:default           Standard Type Services Framework (STSF) Font Server loader
svc:/application/graphical-login/cde-login:default CDE login
svc:/application/management/dmi:default            Sun Solstice Enterprise DMI
svc:/application/management/seaport:default        net-snmp SNMP daemon
svc:/application/management/sma:default            net-snmp SNMP daemon
svc:/application/management/snmpdx:default         Sun Solstice Enterprise Master Agent
svc:/application/management/wbem:default           SMC and WBEM Server
svc:/application/print/ipp-listener:default        Internet Print Protocol Listening Service
svc:/application/print/ppd-cache-update:default    ppd cache update
svc:/application/print/rfc1179:default             BSD print protocol adapter
svc:/application/stosreg:default                   Service Tag OS Registry Inserter
svc:/application/x11/xfs:default                   X Window System font server
svc:/application/x11/xvnc-inetd:default            X server that displays to VNC viewers
svc:/milestone/devices:default                     device configuration milestone
svc:/milestone/multi-user:default                  multi-user milestone
svc:/milestone/multi-user-server:default           multi-user plus exports milestone
svc:/milestone/name-services:default               name services milestone
svc:/milestone/network:default                     Network milestone
svc:/milestone/single-user:default                 single-user milestone
svc:/milestone/sysconfig:default                   Basic system configuration milestone
svc:/network/cde-spc:default                       CDE subprocess control
svc:/network/dns/client:default                    DNS resolver
svc:/network/finger:default                        finger
svc:/network/ftp:default                           FTP server
svc:/network/inetd:default                         inetd
svc:/network/initial:default                       initial network services
svc:/network/ipsec/ipsecalgs:default               IPsec algorithm initialization
svc:/network/ipsec/policy:default                  IPsec policy initialization
svc:/network/iscsi/initiator:default               -
svc:/network/login:rlogin                          remote login
svc:/network/loopback:default                      loopback network interface
svc:/network/nfs/cbd:default                       NFS callback service
svc:/network/nfs/client:default                    NFS client
svc:/network/nfs/mapid:default                     NFS ID mapper
svc:/network/nfs/nlockmgr:default                  NFS lock manager
svc:/network/nfs/rquota:default                    remote quota server
svc:/network/nfs/server:default                    NFS server
svc:/network/nfs/status:default                    NFS status monitor
svc:/network/pfil:default                          packet filter
svc:/network/physical:default                      physical network interfaces
svc:/network/routing-setup:default                 Initial routing-related configuration.
svc:/network/rpc-100235_1/rpc_ticotsord:default    100235
svc:/network/rpc/bind:default                      RPC bindings
svc:/network/rpc/cde-calendar-manager:default      CDE calendar manager server
svc:/network/rpc/cde-ttdbserver:tcp                ToolTalk database server
svc:/network/rpc/gss:default                       Generic Security Service
svc:/network/rpc/mdcomm:default                    SVM multi-node communications
svc:/network/rpc/meta:default                      SVM remote metaset services
svc:/network/rpc/metamed:default                   SVM remote mediator services
svc:/network/rpc/metamh:default                    SVM remote multihost disk services
svc:/network/rpc/rstat:default                     kernel statistics server
svc:/network/rpc/rusers:default                    network user name service
svc:/network/rpc/smserver:default                  removable media management
svc:/network/security/ktkt_warn:default            Kerberos V5 warning messages daemon
svc:/network/service:default                       layered network services
svc:/network/shares/group:default                  Share Group
svc:/network/shares/group:zfs                      Share Group
svc:/network/shell:default                         rsh
svc:/network/smtp:sendmail                         sendmail SMTP mail transfer agent
svc:/network/ssh:default                           SSH server
svc:/network/stdiscover:default                    Service Tag discovery probe
svc:/network/stlisten:default                      Service Tag Discovery Listener
svc:/network/talk:default                          talk
svc:/network/telnet:default                        Telnet server
svc:/network/tnctl:default                         trusted networking templates
svc:/system/basicreg:default                       -
svc:/system/boot-archive:default                   check boot archive content
svc:/system/boot-archive-update:default            update boot archive if necessary
svc:/system/console-login:default                  Console login
svc:/system/coreadm:default                        system-wide core file configuration
svc:/system/cron:default                           clock daemon (cron)
svc:/system/cryptosvc:default                      cryptographic services
svc:/system/device/fc-fabric:default               Solaris FC fabric device configuration.
svc:/system/device/local:default                   Standard Solaris device configuration.
svc:/system/dumpadm:default                        system crash dump configuration
svc:/system/filesystem/autofs:default              automounter
svc:/system/filesystem/local:default               local file system mounts
svc:/system/filesystem/minimal:default             minimal file system mounts
svc:/system/filesystem/root:default                root file system mount
svc:/system/filesystem/usr:default                 read/write root file systems mounts
svc:/system/fmd:default                            Solaris Fault Manager
svc:/system/fpsd:default                           FP Scrubber - Online Floating Point Unit Test
svc:/system/identity:domain                        system identity (domainname)
svc:/system/identity:node                          system identity (nodename)
svc:/system/installupdates:default                 system update installer
svc:/system/keymap:default                         keyboard defaults
svc:/system/manifest-import:default                service manifest import
svc:/system/name-service-cache:default             name service cache
svc:/system/patchchk:default                       Launcher for Automatic Patching services
svc:/system/picl:default                           platform information and control
svc:/system/pkgserv:default                        Flush package command database to disk (see pkgadm(1m)).
svc:/system/postrun:default                        Postponed package postinstall command execution
svc:/system/power:default                          power management
svc:/system/resource-mgmt:default                  Global zone resource management settings
svc:/system/rmtmpfiles:default                     remove temporary files
svc:/system/sac:default                            SAF service access controller
svc:/system/scheduler:default                      default scheduling class configuration
svc:/system/svc/restarter:default                  master restarter
svc:/system/sysevent:default                       system event notification
svc:/system/sysidtool:net                          sysidtool
svc:/system/sysidtool:system                       sysidtool
svc:/system/system-log:default                     system log
svc:/system/utmp:default                           utmpx monitoring
svc:/system/webconsole:console                     java web console
svc:/system/zones:default                          Zones autoboot and graceful shutdown
Finding Failed Services
The Service Management Facility in Solaris 10 offers the ability to understand the relationship to other services.

v890/root# svcs -xv
svc:/application/print/server:default (LP print server)
State: disabled since Tue Feb 01 05:06:28 2011
Reason: Disabled by an administrator.
See: http://sun.com/msg/SMF-8000-05
See: man -M /usr/share/man -s 1M lpsched
Impact: 2 dependent services are not running:
svc:/application/print/rfc1179:default
svc:/application/print/ipp-listener:default
Fault Management Running via SMF
The Fault Management system is enabled through the Service Management Facility.

v890/root# svcs svc:/system/fmd:default
STATE          STIME    FMRI
online         Feb_01   svc:/system/fmd:default
Fault Management System
Listing Fault Engines
The Fault Management infrastructure built into Solaris 10 monitors many of the core system features across architectures (both SPARC and Intel.) A listing of the current engines can be displayed via the "fmadm" command.

v890/root# fmadm config | sort
MODULE                   VERSION STATUS  DESCRIPTION
cpumem-diagnosis         1.7     active  CPU/Memory Diagnosis
cpumem-retire            1.1     active  CPU/Memory Retire Agent
disk-transport           1.0     active  Disk Transport Agent
eft                      1.16    active  eft diagnosis engine
ext-event-transport      0.1     active  External FM event transport
fabric-xlate             1.0     active  Fabric Ereport Translater
fmd-self-diagnosis       1.0     active  Fault Manager Self-Diagnosis
fps-transport            1.0     active  Solaris FP-Scrubber
io-retire                1.0     active  I/O Retire Agent
snmp-trapgen             1.0     active  SNMP Trap Generation Agent
sysevent-transport       1.0     active  SysEvent Transport Agent
syslog-msgs              1.0     active  Syslog Messaging Agent
zfs-diagnosis            1.0     active  ZFS Diagnosis Engine
zfs-retire               1.0     active  ZFS Retire Agent
Listing Faults on Platforms
The faults on a system can be listed.

v890/root#  fmadm faulty
v890/root#
Solaris Diagostics
prtdiag

Not all diagnostics are managed through the Fault Management system via Service Management facility. There are still some hardware features which can only be seen via the Print Diagnostics command (such as fan speed.) The "prtdiag" command gives visibility to these components.

v890/user$ prtdiag -v
System Configuration:  Sun Microsystems  sun4u Sun Fire V890
System clock frequency: 150 MHz
Memory size: 32768 Megabytes

========================= CPUs ===============================================

    Run   E$  CPU    CPU
Brd  CPU   MHz   MB Impl.   Mask
--- ----- ---- ---- ------- ----
A  0, 16 1500 32.0 US-IV+   2.2
B  1, 17 1500 32.0 US-IV+   2.1
A  2, 18 1500 32.0 US-IV+   2.2
B  3, 19 1500 32.0 US-IV+   2.1

========================= Memory Configuration ===============================

    Logical  Logical  Logical
MC   Bank     Bank     Bank         DIMM    Interleave  Interleaved
Brd  ID   num      size     Status       Size    Factor      with
----  ---  ----     ------   -----------  ------  ----------  -----------
A    0     0      2048MB   no_status    1024MB     8-way        0
A    0     1      2048MB   no_status    1024MB     8-way        0
A    0     2      2048MB   no_status    1024MB     8-way        0
A    0     3      2048MB   no_status    1024MB     8-way        0
B    1     0      2048MB   no_status    1024MB     8-way        1
B    1     1      2048MB   no_status    1024MB     8-way        1
B    1     2      2048MB   no_status    1024MB     8-way        1
B    1     3      2048MB   no_status    1024MB     8-way        1
A    2     0      2048MB   no_status    1024MB     8-way        0
A    2     1      2048MB   no_status    1024MB     8-way        0
A    2     2      2048MB   no_status    1024MB     8-way        0
A    2     3      2048MB   no_status    1024MB     8-way        0
B    3     0      2048MB   no_status    1024MB     8-way        1
B    3     1      2048MB   no_status    1024MB     8-way        1
B    3     2      2048MB   no_status    1024MB     8-way        1
B    3     3      2048MB   no_status    1024MB     8-way        1

========================= IO Cards =========================

                  Bus  Max
IO   Port Bus       Freq Bus  Dev,
Brd  Type  ID  Side Slot MHz  Freq Func State Name                              Model
---- ---- ---- ---- ---- ---- ---- ---- ----- --------------------------------  ----------------------
I/O  PCI   8    B    3    33   33  2,0  ok    lpfc-pci10df,f900/sd (block)      LP9002L        
I/O  PCI   9    B    5    33   33  3,0  ok    fibre-channel-pci10df,f900.10df.+ LP9002L        
I/O  PCI   9    B    4    33   33  4,0  ok    pci-pci8086,b154.0/network (netw+ PCI-BRIDGE     
I/O  PCI   9    B    4    33   33  0,0  ok    network-pci108e,abba.11           SUNW,pci-ce/pci-bridge

No failures found in System
===========================

========================= Environmental Status =========================

System Temperatures (Celsius):
-------------------------------
Device          Temperature     Status
---------------------------------------
CPU0             60             OK
CPU1             54             OK
CPU2             55             OK
CPU3             53             OK
MB               24             OK
IOB              21             OK
DBP0             19             OK

=================================

Front Status Panel:
-------------------
Keyswitch position: NORMAL

System LED Status:
            GEN FAULT                REMOVE
             [OFF]                    [OFF]

            DISK FAULT               POWER FAULT
             [OFF]                    [OFF]

            LEFT THERMAL FAULT       RIGHT THERMAL FAULT
             [OFF]                    [OFF]

            LEFT DOOR                RIGHT DOOR
             [OFF]                    [OFF]

=================================

Disk Status:
   Presence      Fault LED       Remove LED
DISK   0: [PRESENT]        [OFF]           [OFF]
DISK   1: [PRESENT]        [OFF]           [OFF]
DISK   2: [PRESENT]        [OFF]           [OFF]
DISK   3: [PRESENT]        [OFF]           [OFF]
DISK   4: [PRESENT]        [OFF]           [OFF]
DISK   5: [PRESENT]        [OFF]           [OFF]
DISK   6: [  EMPTY]
DISK   7: [  EMPTY]
DISK   8: [  EMPTY]
DISK   9: [  EMPTY]
DISK  10: [  EMPTY]
DISK  11: [  EMPTY]

=================================

Fan Bank :
----------

Bank                        Speed         Status        Fan State
                    ( RPMS )
----                       --------      ---------      ---------
CPU0_PRIM_FAN                2000        [ENABLED]          OK
CPU1_PRIM_FAN                2127        [ENABLED]          OK
CPU0_SEC_FAN                    0        [DISABLED]         OK
CPU1_SEC_FAN                    0        [DISABLED]         OK
IO0_PRIM_FAN                 3030        [ENABLED]          OK
IO1_PRIM_FAN                 2912        [ENABLED]          OK
IO0_SEC_FAN                     0        [DISABLED]         OK
IO1_SEC_FAN                     0        [DISABLED]         OK
IO_BRIDGE_PRIM_FAN           3703        [ENABLED]          OK
IO_BRIDGE_SEC_FAN               0        [DISABLED]         OK

=================================

Power Supplies:
---------------
                                             Current Drain:
Supply     Status     Fan Fail  Temp Fail  CS Fail  3.3V   5V   12V   48V
------  ------------  --------  ---------  -------  ----   --   ---   ---
PS0      GOOD                                         6     3     2     4
PS1      GOOD                                         6     3     2     4
PS2      GOOD                                         6     3     2     4

========================= HW Revisions =======================================

System PROM revisions:
----------------------
OBP 4.30.4 2009/08/19 07:21

IO ASIC revisions:
------------------
  Port
Model     ID  Status Version
-------- ---- ------ -------
Schizo    8     ok      7
Schizo    9     ok      7
Posted by at No comments:
Labels: , , , , , , ,

Monday, April 26, 2010

Solaris 10: Configuring ZFS Scrub via SMF


Solaris 10: Configuring ZFS Scrub via SMF

Abstract:
The new packaging routines for OpenSolaris omit the use of pre and post installation routines common to SVR4 packaging, for the purpose of simplification. The new SMF (Service Management Facility) can be leveraged to provide these capabilities. The creation of a regular repetitive operation such as ZFS Scrub can be packaged and run via SMF. This can be wrapped in an OpenSolaris feature called "Visual Panels" to provide a GUI.


Background:
When Solaris had been merged with SVR4, the SVR4 Package standard was implemented for software installation and FMLI (Form and Menu Language Interpreter) would handle textual based GUI's. Some SVR4 variants released XFMLI, in order to wrap "fmli" into a standard X Windows GUI. With the creation of OpenSolaris, the iPkg was created through the inclusion of a Debian Linux developer. With the release of Solaris 10, SMF, a new mechanism to manage hierarhal service under Solaris was created, to merge both start/stop scripts as well as inetd servies. Shortly after Solaris 10's release, ZFS was released, in order to provide for enhanced file system management. OpenSolaris added "Visual Panels", to help provide a facility to replace "fmli".

ZFS:
The ZFS system performs error detection and correction through the use or CRC and parity, depending on the level of redundancy the user requires (and selects.) The "zpool" command handles most of the bottom-end functionality. The occasional "scrub" should be performed on-line via "zpool scrub" command, to ensure the integrity of on-line data, forcing the ZFS system to check all of the CRC's, and apply available parity information against silent data corruption.

The availability of scrub information can be acquired via the "zpool status" command, but it was not persistent across reboots. To simulate this bug without a reboot, the "zpool export" and "zpool import" commands can be used, after which time any scrub information would disappear. Constantin Gonzalez implemented CR6878281 to make this information persistent. A work-around needed to be created in order to make available information persistent.

ZFS has the ability to retain user defined properties at the file system level, but not at the zpool level. A user-defined property to hold the last scrub date at the upper most file system level can be implemented as a work-around for the work-around to provide a persistent location for the zpool last scrub data element. The "zfs" command handles many of the higher-layer features.

In order to set the property, the "zfs set =" can be used. To find the formerly set property, the "zfs get " can be used. To delete the property, the "zfs inherit " can be used, which forces Solaris to delete and not create a new property, since the parent zpool does not have that property in existence!


SMF:
The Service Management Facility can be used to start, stop, and monitor various infrastructures within the operating system. The "svcs" command will show the active services with their states while the "svcadm" command will allow for the adjusting of those states. Start, stopping, and restarting of services can be done with "svcadm start ", "svcadm stop ", and "svcadm restart ".


Visual Panels:
A modern Java based system, "Visual Panels" ascribes to a client-server model, where any platform can run the GUI. (Ben Rockwood at cuddletech.com has a short introduction to it.) The Panels talk to "Management Beans" located in a "JMX Management Agent", which do all the heavy lifting. There already exists an "SMF Bean" which can do the "SMF" configuration changes for custom panels. The "NetBeans" development platform allows for wiring.

Tying Everything Together.
Consantin Gonzalez produced a video series to describe how this can all be tied together in OpenSolaris. This is a great model for developers to use in order to migrate their system to modern Solaris infrastructures. Constantin has moved his main blogging to a new location.

Some of the ZFS Scrub concepts were based upon Tim Fosters (new location) Auto-Snapshot work.
Posted by at No comments:
Labels: , , , , , , , , , , , ,
Subscribe to: Posts (Atom)