########################## # LAST CHANGE : 19.11.2009 ########################## OS LEVEL SUNOS: 2.6, 8, 9, 10 ############# # environment ############# PATH=/usr/sbin:/usr/bin:/usr/ccs/bin:/usr/local/bin:/usr/local/sbin:/opt/SUNWspro/prod/bin export PATH ################ # package finden ################ The pkginfo command is what you need $ pkginfo # for the short list $ pkginfo -l # for the long list Basically do a `man pkginfo', the -q option can be used in a boolean context to check if a pkg is installed. the -l option won't tell you if something is corrupt (i'm pretty sure), only if it's completely installed or partially installed. The pkgchk command should probably get you what you need in the way of confirming pkg installation. $ pkgchk -l -p /usr/bin/ls $ pkgchk -l NSCPcom ################ # package listen ################ grep -i PKGNAME /var/sadm/install/contents oder cat /var/sadm/install/contents |grep "BINARY_TO_SEARCH" oder grep -i SMClogr /var/sadm/install/contents ########## # metastat ########## /usr/opt/SUNWmd/sbin/metastat -p # anschauen, welche konfigschritte fuer die aktuelle installation im metabereich zu machen sind /usr/sbin/metastat -p ########################## # ip-forwarding einstellen ########################## tunix:/usr/local/sbin#/usr/sbin/ndd -get /dev/ip ip_forwarding 0 tunix:/usr/local/sbin#/usr/sbin/ndd -set /dev/ip ip_forwarding 1 tunix:/usr/local/sbin#/usr/sbin/ndd -get /dev/ip ip_forwarding 1 ######################### # booten + rw der /-slice ######################### breaken + boot -sw (bootet die maschine im single-user-modus mit schreibberechtigung) oder mount -o remount,rw / (remountet ein schreibgeschütztes in ein read/write Filesystem, vermutlich gibt der befehl einen output, daß die operation nicht durchgeführt werden konnte, diese ist ggf. zu ignorieren und mit touch zu überprüfen) boot -b mounted nur root-fs schreibgeschuetzt ################## # shutdown solaris ################## shutdown -y -g 0 -i 5 halt sync;sync;sync;reboot ############################# # full duplex mode einstellen ############################# dmesg Schauen wie Interface konfiguriert ist! Unter Solaris X86 liegt /kernel/drv/.conf /etc/system * Full Duplex mode for hme MKI 18.12.98 * set hme:hme_adv_100fdx_cap = 1 set hme:hme_adv_100hdx_cap = 0 set hme:hme_adv_10fdx_cap = 0 set hme:hme_adv_10hdx_cap = 0 set hme:hme_adv_autoneg_cap = 0 * set qfe:qfe_adv_100fdx_cap = 1 set qfe:qfe_adv_100hdx_cap = 0 set qfe:qfe_adv_10fdx_cap = 0 set qfe:qfe_adv_10hdx_cap = 0 set qfe:qfe_adv_autoneg_cap = 0 ############################ # aktuellen speed rausfinden ############################ 5.9: netstat -k bge0 root@chekov / > netstat -k bge0|grep ifspeed rbytes64 19832788712 ifspeed 100000000 duplex full media twpair promisc off first_collisions 0 # ndd -get /dev/hme link_mode Interpretation: 0 -- half-duplex 1 -- full-duplex # ndd -get /dev/hme link_speed Interpretation: 0 -- 10 Mbit 1 -- 100 Mbit 1000 -- 1 Gbit root@kerp-tsa001 # ndd -get /dev/bge0 ? ? (read only) autoneg_cap (read only) pause_cap (read only) asym_pause_cap (read only) 1000fdx_cap (read only) 1000hdx_cap (read only) 100T4_cap (read only) 100fdx_cap (read only) 100hdx_cap (read only) 10fdx_cap (read only) 10hdx_cap (read only) adv_autoneg_cap (read and write) adv_pause_cap (read and write) adv_asym_pause_cap (read and write) adv_1000fdx_cap (read and write) adv_1000hdx_cap (read and write) adv_100T4_cap (read only) adv_100fdx_cap (read and write) adv_100hdx_cap (read and write) adv_10fdx_cap (read and write) adv_10hdx_cap (read and write) lp_autoneg_cap (read only) lp_pause_cap (read only) lp_asym_pause_cap (read only) lp_1000fdx_cap (read only) lp_1000hdx_cap (read only) lp_100T4_cap (read only) lp_100fdx_cap (read only) lp_100hdx_cap (read only) lp_10fdx_cap (read only) lp_10hdx_cap (read only) link_status (read only) link_speed (read only) link_duplex (read only) link_autoneg (read only) link_rx_pause (read only) link_tx_pause (read only) loop_mode (read only) msi_cnt (read and write) drain_max (read and write) IF=bge0 for i in `ndd -get /dev/${IF} ?|grep "^link"|awk '{print $1}'`; do echo "ndd -get /dev/${IF} $i";ndd -get /dev/${IF} $i; done ####################################### # status aller moeglichen netzparameter ####################################### IF=bge0 IF=hme0 IF=ip IF=tcp IF=arp IF=eri for i in `ndd -get /dev/${IF} ?|awk '{print $1}'`; do echo "ndd -get /dev/${IF} $i";ndd -get /dev/${IF} $i; done ################### # netstat -s -P tcp ################### netstat -s -P tcp TCP tcpRtoAlgorithm = 4 tcpRtoMin = 400 tcpRtoMax = 60000 tcpMaxConn = -1 tcpActiveOpens =15936095 tcpPassiveOpens =19290446 tcpAttemptFails =2504171 tcpEstabResets =1279834 tcpCurrEstab = 11 tcpOutSegs =2558580628 tcpOutDataSegs =2322194433 tcpOutDataBytes =2344486338 tcpRetransSegs =10411040 tcpRetransBytes =3018997406 tcpOutAck =232365619 tcpOutAckDelayed =11829920 tcpOutUrg = 0 tcpOutWinUpdate =1330882 tcpOutWinProbe = 9894 tcpOutControl =80044207 tcpOutRsts =5484209 tcpOutFastRetrans =442277 tcpInSegs =1706390001 tcpInAckSegs =1242542746 tcpInAckBytes =1991260031 tcpInDupAck =21823060 tcpInAckUnsent = 50352 tcpInInorderSegs =423044423 tcpInInorderBytes =260687654 tcpInUnorderSegs =2954970 tcpInUnorderBytes =937079832 tcpInDupSegs =1477043 tcpInDupBytes =1196110750 tcpInPartDupSegs = 13756 tcpInPartDupBytes =7355136 tcpInPastWinSegs = 38210 tcpInPastWinBytes =4127443127 tcpInWinProbe = 19916 tcpInWinUpdate = 9834 tcpInClosed =2002339 tcpRttNoUpdate =1708752 tcpRttUpdate =1216817868 tcpTimRetrans =3651332 tcpTimRetransDrop =194796 tcpTimKeepalive = 3566 tcpTimKeepaliveProbe= 1110 tcpTimKeepaliveDrop = 3 tcpListenDrop = 90220 tcpListenDropQ0 = 0 tcpHalfOpenDrop = 0 tcpOutSackRetrans =583786 ################## # netstat -s -P ip ################## IPv4 ipForwarding = 2 ipDefaultTTL = 255 ipInReceives =1770875246 ipInHdrErrors = 0 ipInAddrErrors = 0 ipInCksumErrs = 0 ipForwDatagrams = 0 ipForwProhibits = 561 ipInUnknownProtos = 0 ipInDiscards = 169 ipInDelivers =1856847892 ipOutRequests =2722270189 ipOutDiscards = 7 ipOutNoRoutes = 235 ipReasmTimeout = 60 ipReasmReqds = 0 ipReasmOKs = 0 ipReasmFails = 0 ipReasmDuplicates = 0 ipReasmPartDups = 0 ipFragOKs = 0 ipFragFails = 0 ipFragCreates = 0 ipRoutingDiscards = 0 tcpInErrs = 5904 udpNoPorts =3625594 udpInCksumErrs = 0 udpInOverflows = 599 rawipInOverflows = 0 ipsecInSucceeded = 0 ipsecInFailed = 0 ipInIPv6 = 0 ipOutIPv6 = 0 ipOutSwitchIPv6 = 1 ##################### MAC-Adresse auslesen: ##################### ifconfig -a|grep ether ########## # ipconfig ########## /etc/hosts, /etc/hostname.interface (wo interface hmeX oder qfeX) und /etc/netmasks anpassen Um Interface ueberhaupt zu konfigurieren ifconfig hme0 plumb Dann kann Interface konfiguriert werden ifconfig hme0 172.28.32.128 netmask 255.255.255.0 broadcast 172.28.32.255 up Zum Schluss noch die Dateien anpassen vi /etc/netmasks 172.28.32.0 255.255.255.0 ##################### # konfig defaultroute ##################### Defaultroute einrichten route add default 172.28.32.1 ############################### # defaultroute permanent machen ############################### vi /etc/defaultrouter 172.28.32.1 ############################# # static routes in solaris 10 ############################# /usr/sbin/route -p add 192.168.15.0 192.168.15.1 The routes will be added to /etc/inet/static_routes oder /etc/gateways host 172.16.220.173 gateway 192.168.1.1 metric 1 passive net 192.168.1.0 gateway 192.168.1.1 metric 1 passive ############################ # interface permanent machen ############################ vi /etc/hostname.hme0 myprice-db1 vi /etc/hosts ip-adresse myprice-db1 ######################## # hostname konfigurieren ######################## vi /etc/nodename myprice-db1 ################## # alias definieren ################## grautvornix2:/#ifconfig hme0:2 plumb grautvornix2:/#ifconfig hme0:2 172.28.32.34 netmask 255.255.255.0 broadcast 172.28.32.255 up grautvornix2:/#ifconfig -a lo0: flags=1000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843 mtu 1500 index 2 inet 172.28.32.32 netmask ffffff00 broadcast 172.28.32.255 ether 8:0:20:a9:9a:8e hme0:1: flags=1000843 mtu 1500 index 2 inet 172.28.32.33 netmask ffffff00 broadcast 172.28.32.255 hme0:2: flags=1000843 mtu 1500 index 2 inet 172.28.32.34 netmask ffffff00 broadcast 172.28.32.255 hme0:3: flags=1000843 mtu 1500 index 2 inet 172.28.32.35 netmask ffffff00 broadcast 172.28.32.255 oder ifconfig hme0 addif 172.28.32.34 netmask 255.255.255.0 broadcast 172.28.32.255 up oder ifconfig hme0 addif 172.28.32.34 netmask 255.255.255.0 broadcast 172.28.32.255 failover up #################### # interface loeschen #################### pago-sb2:/#ifconfig -a lo0: flags=849 mtu 8232 inet 127.0.0.1 netmask ff000000 hme0: flags=863 mtu 1500 inet 172.28.64.51 netmask ffffff00 broadcast 172.28.64.255 ether 8:0:20:c6:d2:6b hme0:1: flags=842 mtu 1500 inet 172.28.64.179 netmask ffffff00 broadcast 172.28.64.255 hme0:2: flags=842 mtu 1500 inet 172.28.64.180 netmask ffffff00 broadcast 172.28.64.255 hme0:3: flags=842 mtu 1500 inet 172.28.64.52 netmask ffffff00 broadcast 172.28.64.255 pago-sb2:/#ifconfig hme0:3 0 down ^^^^^^^^^^^^^^^^^^^^^^ # ab Solaris 9 pago-sb2:/#ifconfig hme0 removeif 172.28.64.52 oder pago-sb2:/#ifconfig hme0:1 down unplumb pago-sb2:/#ifconfig -a lo0: flags=849 mtu 8232 inet 127.0.0.1 netmask ff000000 hme0: flags=863 mtu 1500 inet 172.28.64.51 netmask ffffff00 broadcast 172.28.64.255 ether 8:0:20:c6:d2:6b hme0:1: flags=842 mtu 1500 inet 172.28.64.179 netmask ffffff00 broadcast 172.28.64.255 hme0:2: flags=842 mtu 1500 inet 172.28.64.180 netmask ffffff00 broadcast 172.28.64.255 Loescht Interface hme0:3 ################## # routen eintragen ################## # pwd /etc/rc3.d # cat S98static_routes #!/bin/sh #Route zum RZ-Stollberger Strasse /usr/sbin/route add net 172.31.109.0 172.31.64.1 1 /usr/sbin/route add net 172.31.16.0 172.31.64.1 1 # cat /etc/netmasks 172.31.64.0 255.255.255.0 172.31.16.0 255.255.255.0 ##### # cvs ##### cvs Rechnername: cvs.intern.rzag.net CVSROOT=/cvsroot/CVSROOT /etc/passwd beinhaltet unix-user /cvsroot/CVSROOT/passwd beinhaltet cvs-user Neues Repository anlegen: 1) User (unix) anlegen. Cvs-repository + gruppe und pw (bsp: cvs-dachmarke, pw: dachmarke) 2) Repository-Directory anlegen. 3) chown user und gruppe 4) /cvsroot/CVSROOT/ Einträge in passwd anlegen 5) cvs import Filermounts f. Cvs: cvs.intern.rzag.net filer1.intern.rzag.net:/develop/pserver /cvsroot dfe006.intern.rzag.net filer1.intern.rzag.net:/develop /develop (beinhaltet die cvsroot) btr012.prod.primus-online.de:/filer-root/develop cvsroot (static f. Dfe006 f. Ggf. alte cvs stände) pserver (neues cvs auf cvs.intern.rzag.net) shopübergreifende Module einbinden: cvs:/cvsroot/CVSROOT/modules search-engine-server (katalogseiten) läuft auf sdb049 und pfe7 Copyjob unter: /var/adm/jobs/katalog-copy.sh (z.Zt. über tar-copy gelöst, da der rsync beim kopieren timeouts bekommt). Job ist in der root-crontab eingetragen. Scripte zur generierung der Suchseiten liegen unter: /opt/suchseiten (bin/mk_pages.pl) Die Suchseiten liegen unter /opt/online/katalog... clickthrough-server * läuft auf den maschinen pfe050/pfe051 (über den LocalDirector lastverteilt) unter dem Verzeichnis /opt/online/clickthrough.primus-online.de * Der clickthrough-server zählt die Links und leitet diese weiter. * Das Verzeichnis mod-perl beinhaltet das script clickthrough. Die Logs für den clickthrough-server landen im Webserverlog (clickthrough[1,2].primus-online.de-err). * Das clickthrough-script übergibt die Parameter site, page, area, linkid. Falls diese Parameter nicht gefüllt werden, werden default-werte verwendet. In diesem Fall sind die cgi-Parameter ggf. nicht richtig gesetzt. * Falls die Zielseite nicht gesetzt ist, dann landet man wieder auf der Ausgangsseite! * Das Webserverlog beinhaltet folgende Informationen: Timestamp, Scriptname, Site, Page, Area, LinkID, Target. Diese Logs landen auf der dwh029 in /log/clickthrough[-,1,2] und werden vom dwh ausgewertet. * Der Webserver sollte das Modul mod-perl beinhalten. Ansonsten kann das Script in das Verzeichnis cgi-bin kopiert werden. Funktioniert auch, ist aber etwas langsamer. * Mit der URL [1]http://clickthrough.primus-online.de/mod-perl/transmogrify kann ggf. das Target komplett als Parameter eingepackt werden. solaris packages Quellen und Versionen: perl(5.6.1) [2]www.perl.com [3]ftp.leo.org apache(1.3.22) [4]www.apache.org httpd.apache.org openssl(0.9.6c) [5]www.openssl.org php(4.1.1) [6]www.php.net modssl(2.8.5-1.3.22) [7]www.modssl.org perl.apache.org [8]www.engelschall.com pkginfo -l perl Files von btr034 kopieren: depend und pkginfo 1. Perl Configure: ./Configure -Dprefix=/usr/local -Dcc=gcc -Ubincompat5005 -des (D=define, U=undefine) ggf. alte gdbm entfernen: pkgrm gdbm ############### # package bauen ############### Package bauen: Auspacken, configure, make, dann: Diff zwischen vor und nach Installation: cd /usr/local find . -ls >~/pre ... make install ... find . -ls >~/post diff ~/{pre,post} | perl -lane '/^> / && print @F[11..$#F]' | pkgproto >prototype In die erste Zeile von 'prototype' i pkginfo Dann allen Krempel in /usr/local/pkginfo eintragen. Als naechstes: Package bauen pkgmk -r $PWD -d /tmp cd /tmp pkgtrans -s $PWD NAME-VERSION-sol26-sparc-local Abschliessend gebautes Package installieren damit die via 'make install' installierten Files nun korrekt erfasst sind. pkgadd -d NAME-VERSION-sol26-sparc-local 2. Perl Addons installieren: perl -MCPAN -e shell Bei 1. Lauf CPAN-Modul Konfigurieren... Hauptsaechlich Defaults, aber: Cache Directory /var/spool/CPAN Cache Size 50 'make install': POLLUTE=1 http_proxy: http://netcache.rzag.net:8000/ ftp_proxy: http://netcache.rzag.net:8000/ Konfiguration steht final in /usr/local/lib/perl5/5.6.1/CPAN/Config.pm und kann nachtraeglich manuell editiert werden. Perl Standard Module die nachtraeglich installiert werden sollten: install Bundle::CPAN install Date::Manip install MIME::Lite 3. Apache+SSL bauen: 1. Apache vorkonfigurieren: cd apache-... ./configure --prefix=/opt/apache --enable-module=proxy --enable-module=rewrite 2. Openssl bauen und installieren... packagebau, analog zu perl oder anderen... 3. mod_ssl bauen cd mod_ssl... ./configure --with-apache=../apache_... cd ../apache... SSL_BASE=/usr/local/ssl ./config.status --enable-module=ssl make make install make certificate TYPE=test Package bauen... ACHTUNG: Apache benoetigt openssl, deshalb: in pkgproto: i pkginfo i depend und depend mit P openssl openssl danach wie gehabt... ggf. Bereinigte Custom httpd.conf mit einbauen... 4. mod_perl bauen: (ggf. Fehler mit LWP User Agent ignorieren; kein make test !) find . >~/pre <----- WICHTIG: IN '/opt' !!! cd mod_perl... perl Makefile.PL \ APACHE_SRC=../apache_.../src \ DO_HTTPD=1 \ USE_APACI=1 \ PREP_HTTPD=1 \ EVERYTHING=1 make make install # Jetzt sind Perl Module installiert und in den # Apache-Sourcetree kopiert... cd ../apache_... ./config.status --activate-module=src/modules/perl/libperl.a --enable-shared=perl make make install Die Aenderungen der hier neu angelegten httpd.conf.default in die existierende httpd.conf einmischen und diese kopieren auf httpd.conf.mod_perl Dann erneutes find in /opt und 'diff' wie bei anderen Packages. ABER: Fileliste dann bereinigen da die meisten Files schon im Apache-Package enthalten sind. Wichtig sind nur: Alle Files in ...local/lib/perl... Die Files in apache/libexec/... Die bereinigte httpd.conf.mod_perl Zusaetzlich 'depend' wie bei Apache u. SSL mit P apache apache P perl perl Abschliessend Package bauen. 5. mod_php: Wie ueblich cd /opt find . -ls >pre ./configure --with-apxs=/opt/apache/bin/apxs --enable-track-vars (apxs Inst. PHP ohne Apache-Sources, Apache muß somit nicht neu gebaut werden) make make install Und bei Neuinstallation Datei manuell Kopieren cp php.ini-recommended /usr/local/lib/php.ini bzw. php.ini-dist... Danach find ... >post und diff und pkgmk... Als Dependency nur Apache P apache apache Danach Package bauen. #################### # meta devices bauen #################### meta devices Devivefiles: cntndnsn (c=controller, t=target, d=device(partition), s=slice) slice 0 root (2 GB) 1 swap (min. 2 x memory) 2 backup (geht über die komplette platte) 3 logging f. Metadevice (64 MB) 6 opt (Rest der Platte bis auf 5 MB) 7 Rest=Meta-DB (Info's über Filesystem) prtvtoc rawdevice (Print virtual table of contents) metastat -p (liegt unter /usr/opt/SUNWmd/sbin) 0. Filesystem-Layout checken prtvtoc (-h) /dev/rdsk/c0t0d0s2 0.a Slices auf Mirrorplatte Duplizieren (ACHTUNG: Devicenummern anpassen) prtvtoc -h /dev/rdsk/c0t0d0s2 | fmthard -s - /dev/rdsk/c0t1d0s2 1. MetaDB anlegen metadb -a -c 3 -f c0t0d0s7 metadb -a -c 3 -f c0t1d0s7 1.a. MetaDB Checken metadb 2. Trans-Device anlegen (Hier steht das Journal/Log): # 2 Logische Platten anlegen die auf die Physikalischen Devices # mappen metainit d5 1 1 c0t0d0s3 metainit d6 1 1 c0t1d0s3 metastat -p # d5 1 1 c0t0d0s3 # d6 1 1 c0t1d0s3 # Diese beiden Platten zu einem Mirror kombinieren. Wichtig: Nur # die erste Platte Eintragen und erst anschliessend die 2. # hinzufuegen da sonst unklar ist welche Platte die "echten" Daten # enthaelt. metainit d2 -m d5 metattach d2 d6 3. Weitere Filesysteme analog (z.B. Swap) metainit d13 1 1 c0t0d0s1 metainit d14 1 1 c0t1d0s1 metainit -m d11 d13 metattach d11 d14 # Nun aus dem Mirror ein Trans-Device (Journaling) machen indem wir # den Mirror + das Log zusammenfuegen metainit d10 -t d11 d2 # ...und /opt... metainit d23 1 1 c0t0d0s6 metainit d24 1 1 c0t1d0s6 metainit d21 -m d23 metattach d21 d24 metainit d20 -t d21 d2 # Jetzt warten bis alle Filesysteme gesynct sind... (metaroot d0) reboot Schema swap --------- | d10 | --------- | | <-- trans ------------------- ----------------- | Daten | Log --------- --------- | d11 | | d2 | --------- --------- | | Mirror | | Mirror ------ ----- ----- ----- | | | | --------- --------- | d13 | | d14 | ... ... --------- --------- | | --------- --------- | | | | Physikalisch --------- --------- c0t0d0s1 c0t8d0s1 References 1. http://clickthrough.primus-online.de/mod-perl/transmogrify 2. http://www.perl.com/ 3. ftp://ftp.leo.org/ 4. http://www.apache.org/ 5. http://www.openssl.org/ 6. http://www.php.net/ 7. http://www.modssl.org/ 8. http://www.engelschall.com/ ######################## # tuning and performance ######################## memstat epi - Executable page in's epo - Executable page out's epf - Executable page free's api - Anonymous page in's apo - Anonymous page out's apf - Anonymous page free's fpi - File page in's fpo - File page out's fpf - File page free's Systems without a memory shortage should see little or no activity in the epf and apo fields. Significant consistent activity in these fields indicate a memory shortage on the system. Note that without priority paging enabled, executables and anonymous memory will be paged with even the smallest amount of I/o on the file system, once memory falls to lotsfree. # memstat 3 executable - - anonymous - -- filesys -- --- cpu --- epi epo epf api apo apf fpi fpo fpf us sy wt id 0 0 0 0 0 0 0 0 0 2 1 0 97 0 0 0 0 0 0 0 0 0 3 1 0 96 0 0 0 0 0 0 0 0 0 3 0 0 97 0 0 0 0 0 0 0 0 0 3 1 0 96 0 0 0 0 0 0 0 0 0 3 1 0 96 0 0 0 0 0 0 10 768 768 2 12 0 86 0 0 0 0 0 0 0 970 970 3 3 0 94 0 0 0 0 0 0 0 970 970 3 3 0 94 0 0 0 0 0 0 0 952 952 3 4 0 92 0 0 0 0 0 0 0 970 970 2 5 0 93 0 0 0 0 0 0 0 746 746 5 20 0 75 # What process(es) are using the most resources? # To see the top processes using CPU and memory resources: ps -eo pid,pcpu,args | sort +1n # %cpu ps -eo pid,pcpu,args | sort +1n -r |head -10 ps -eo pid,vsz,args | sort +1n # kilobytes of virtual memory ps -eo pid,vsz,args | sort +1n -r |head -10 /usr/ucb/ps aux |more # output is sorted with highest users (processes) of cpu and memory at the top ######################### # Useful Solaris Commands ######################### truss -c (Solaris >= 8): This astounding option to truss provides a profile summary of the command being trussed: $ truss -c grep asdf work.doc syscall seconds calls errors _exit .00 1 read .01 24 open .00 8 4 close .00 5 brk .00 15 stat .00 1 fstat .00 4 execve .00 1 mmap .00 10 munmap .01 3 memcntl .00 2 llseek .00 1 open64 .00 1 ---- --- --- sys totals: .02 76 4 usr time: .00 elapsed: .05 It can also show profile data on a running process. In this case, the data shows what the process did between when truss was started and when truss execution was terminated with a control-c. It\x{2019}s ideal for determining why a process is hung without having to wade through the pages of truss output. truss -d and truss -D (Solaris >= 8): These truss options show the time associated with each system call being shown by truss and is excellent for finding performance problems in custom or commercial code. For example: $ truss -d who Base time stamp: 1035385727.3460 [ Wed Oct 23 11:08:47 EDT 2002 ] 0.0000 execve(\x{201C}/usr/bin/who\x{201D}, 0xFFBEFD5C, 0xFFBEFD64) argc = 1 0.0032 stat(\x{201C}/usr/bin/who\x{201D}, 0xFFBEFA98) = 0 0.0037 open(\x{201C}/var/ld/ld.config\x{201D}, O_RDONLY) Err#2 ENOENT 0.0042 open(\x{201C}/usr/local/lib/libc.so.1\x{201D}, O_RDONLY) Err#2 ENOENT 0.0047 open(\x{201C}/usr/lib/libc.so.1\x{201D}, O_RDONLY) = 3 0.0051 fstat(3, 0xFFBEF42C) = 0 . . . truss -D is even more useful, showing the time delta between system calls: Dilbert> truss -D who 0.0000 execve(\x{201C}/usr/bin/who\x{201D}, 0xFFBEFD5C, 0xFFBEFD64) argc = 1 0.0028 stat(\x{201C}/usr/bin/who\x{201D}, 0xFFBEFA98) = 0 0.0005 open(\x{201C}/var/ld/ld.config\x{201D}, O_RDONLY) Err#2 ENOENT 0.0006 open(\x{201C}/usr/local/lib/libc.so.1\x{201D}, O_RDONLY) Err#2 ENOENT 0.0005 open(\x{201C}/usr/lib/libc.so.1\x{201D}, O_RDONLY) = 3 0.0004 fstat(3, 0xFFBEF42C) = 0 In this example, the stat system call took a lot longer than the others. truss -T: This is a great debugging help. It will stop a process at the execution of a specified system call. (\x{201C}-U\x{201D} does the same, but with user-level function calls.) A core could then be taken for further analysis, or any of the /proc tools could be used to determine many aspects of the status of the process. truss -l (improved in Solaris 9): Shows the thread number of each call in a multi-threaded processes. Solaris 9 truss -l finally makes it possible to watch the execution of a multi-threaded application. Truss is truly a powerful tool. It can be used on core files to analyze what caused the problem, for example. It can also show details on user-level library calls (either system libraries or programmer libraries) via the \x{201C}-u\x{201D} option. pkg-get: This is a nice tool (http://www.bolthole.com/solaris) for automatically getting freeware packages. It is configured via /etc/pkg-get.conf. Once it\x{2019}s up and running, execute pkg-get -a to get a list of available packages, and pkg-get -i to get and install a given package. plimit (Solaris >= 8): This command displays and sets the per-process limits on a running process. This is handy if a long-running process is running up against a limit (for example, number of open files). Rather than using limit and restarting the command, plimit can modify the running process. coreadm (Solaris >= 8): In the \x{201C}old\x{201D} days (before coreadm), core dumps were placed in the process\x{2019}s working directory. Core files would also overwrite each other. All this and more has been addressed by coreadm, a tool to manage core file creation. With it, you can specify whether to save cores, where cores should be stored, how many versions should be retained, and more. Settings can be retained between reboots by coreadm modifying /etc/coreadm.conf. pgrep (Solaris >= 8): pgrep searches through /proc for processes matching the given criteria, and returns their process-ids. A great option is \x{201C}-n\x{201D}, which returns the newest process that matches. preap (Solaris >= 9): Reaps zombie processes. Any processes stuck in the \x{201C}z\x{201D} state (as shown by ps), can be removed from the system with this command. pargs (Solaris >= 9): Shows the arguments and environment variables of a process. nohup -p (Solaris >= 9): The nohup command can be used to start a process, so that if the shell that started the process closes (i.e., the process gets a \x{201C}SIGHUP\x{201D} signal), the process will keep running. This is useful for backgrounding a task that should continue running no matter what happens around it. But what happens if you start a process and later want to HUP-proof it? With Solaris 9, nohup -p takes a process-id and causes SIGHUP to be ignored. prstat (Solaris >= 8): prstat is top and a lot more. Both commands provide a screen\x{2019}s worth of process and other information and update it frequently, for a nice window on system performance. prstat has much better accuracy than top. It also has some nice options. \x{201C}-a\x{201D} shows process and user information concurrently (sorted by CPU hog, by default). \x{201C}-c\x{201D} causes it to act like vmstat (new reports printed below old ones). \x{201C}-C\x{201D} shows processes in a processor set. \x{201C}-j\x{201D} shows processes in a \x{201C}project\x{201D}. \x{201C}-L\x{201D} shows per-thread information as well as per-process. \x{201C}-m\x{201D} and \x{201C}-v\x{201D} show quite a bit of per-process performance detail (including pages, traps, lock wait, and CPU wait). The output data can also be sorted by resident-set (real memory) size, virtual memory size, execute time, and so on. prstat is very useful on systems without top, and should probably be used instead of top because of its accuracy (and some sites care that it is a supported program). trapstat (Solaris >= 9): trapstat joins lockstat and kstat as the most inscrutable commands on Solaris. Each shows gory details about the innards of the running operating system. Each is indispensable in solving strange happenings on a Solaris system. Best of all, their output is good to send along with bug reports, but further study can reveal useful information for general use as well. vmstat -p (Solaris >= 8): Until this option became available, it was almost impossible (see the \x{201C}se toolkit\x{201D}) to determine what kind of memory demand was causing a system to page. vmstat -p is key because it not only shows whether your system is under memory stress (via the \x{201C}sr\x{201D} column), it also shows whether that stress is from application code, application data, or I/O. \x{201C}-p\x{201D} can really help pinpoint the cause of any mysterious memory issues on Solaris. pmap -x (Solaris >= 8, bugs fixed in Solaris >= 9): If the process with memory problems is known, and more details on its memory use are needed, check out pmap -x. The target process-id has its memory map fully explained, as in: # pmap -x 1779 1779: -ksh Address Kbytes RSS Anon Locked Mode Mapped File 00010000 192 192 - - r-x-- ksh 00040000 8 8 8 - rwx-- ksh 00042000 32 32 8 - rwx-- [ heap ] FF180000 680 664 - - r-x-- libc.so.1 FF23A000 24 24 - - rwx-- libc.so.1 FF240000 8 8 - - rwx-- libc.so.1 FF280000 568 472 - - r-x-- libnsl.so.1 FF31E000 32 32 - - rwx-- libnsl.so.1 FF326000 32 24 - - rwx-- libnsl.so.1 FF340000 16 16 - - r-x-- libc_psr.so.1 FF350000 16 16 - - r-x-- libmp.so.2 FF364000 8 8 - - rwx-- libmp.so.2 FF380000 40 40 - - r-x-- libsocket.so.1 FF39A000 8 8 - - rwx-- libsocket.so.1 FF3A0000 8 8 - - r-x-- libdl.so.1 FF3B0000 8 8 8 - rwx-- [ anon ] FF3C0000 152 152 - - r-x-- ld.so.1 FF3F6000 8 8 8 - rwx-- ld.so.1 FFBFE000 8 8 8 - rw--- [ stack ] -------- ------- ------- ------- ------- total Kb 1848 1728 40 - Here we see each chunk of memory, what it is being used for, how much space it is taking (virtual and real), and mode information. df -h (Solaris >= 9): This command is popular on Linux, and just made its way into Solaris. df -h displays summary information about file systems in human-readable form: $ df -h Filesystem size used avail capacity Mounted on /dev/dsk/c0t0d0s0 4.8G 1.7G 3.0G 37% / /proc 0K 0K 0K 0% /proc mnttab 0K 0K 0K 0% /etc/mnttab fd 0K 0K 0K 0% /dev/fd swap 848M 40K 848M 1% /var/run swap 849M 1.0M 848M 1% /tmp /dev/dsk/c0t0d0s7 13G 78K 13G 1% /export/home ######################### # solaris tips und tricks ######################### SUN Free Software Unter http://www.sunfreeware.com findet man "ready to use" Software fü Solaris, wie beispielsweise TOP, AMANDA, GCC, GDB etc. Download via FTP von: «ftp://nce.sun.ch/pub/freeware/sparc/7» PCNFS installieren CD-ROM Solaris Intranet Extension (siehe auch Solaris Server Intranet Extension Installation) $ su $ cd /cdrom/cdrom0/nfsc/sparc $ pkgadd -d `pwd` Installation Solaris mit Openwindows (Grafikkarte) * Hostname $ uname -u * Network Interface $ ifconfig -a * /etc/hosts, /etc/netmasks definieren * Static IP-routes definieren /etc/rc2.d/S79staticroutes * CD-ROM rausnehmen $ eject cdrom * Disklayout kontrollieren $ prtvtoc /dev/rdsk/.... * Automounter konfigurieren /etc/auto_master, /etc/auto_home * Device File fü /dev/rmt/0l (tar cvf /dev/rmt/0l) * /etc/system definieren konfigurieren (Prestoserve, Oracle, Transtec) * Logfile der Installation: /var/sadm/system/logs/install_log * Installation üerielles Terminal an Nullmodem Kabel OK boot cdrom - w (Terminal an ttya) How to Backup a System $ init 0 OK boot -s $ fsck -m /dev/dsk/c0t0d0s0 (und ü Filesysteme) $ tar cvf /dev/rmt/0l Packages (Software die installiert wurde) Anzeige der installierten Packages $ pkginfo Check ob Package SUNWpcnfd correct installiert ist $ pkgchk -v SUNWpcnfd Package installieren (Path ist meistens /cdrom/cdrom0/....) $ pkgadd -d SUNWpcnfd Das Package SUNWpcnfd entfernen $ pkgrm SUNWpcnfd Monitor Mode (OK Prompt) In single user mode booten OK boot -s Kernel zwingen /devices neu aufzubauen nach dem Anschluss von neuer Hardware OK boot -r Detaillierter Bootvorgang OK boot -v Vom CD-ROM aus booten: Notboot ! OK boot cdrom Angeschlossene SCSI-Gerä testen OK probe-scsi List System Devices, e.g. SUNW,hme = Sun Fast Ethernet PCI Adapter OK show-devs List Network Devices OK show-nets Monitoring Network Activity OK apply watch-net Monitor Variablen äern, anzeigen OK eeprom OK eeprom ttya-mode=38400,8,n,1,h Kernel Analyse Welche Kernel-Module sind geladen ? $ modinfo Kernel Konfiguration /etc/system Logfile von syslog /var/adm/messages Konfiguration des syslog Daemon /etc/syslog.conf Defaults einstellen Directory mit Default files /etc/default Remote root logins erlauben /etc/default/login Timezone setzen /etc/default/init Wichtige Konfigurationsfiles Master-File beim Booten /etc/inittab Run-Level Start/Stop Files /etc/rc?.d Scripts fü-Levels /etc/init.d Admin Kommandos $ shutdown -g0 -i0 $ reboot (entspricht init 6) LAN konfigurieren Konfiguration der LAN-Interfaces $ ifconfig -a * Netmask setzen: siehe /etc/netmasks * Jedes LAN-Interface hat /etc/hostname.le0 mit Hostnamen * LAN-Setup: /etc/rcS.d/S30rootusr.sh (Interfaces konfigurieren) /etc/rc2.d/S72inetsvc (LAN konfigurieren) Phys Addressen nachschauen $ arp -a Net to Media Table Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- ----- --------------- le0 rabbit 255.255.255.255 00:60:08:57:17:86 le0 quorum 255.255.255.255 SP 08:00:20:89:27:03 le0 arkum 255.255.255.255 00:a0:24:4b:60:1c IP-Routing konfigurieren Alle hosts im Netz 193.72.239.0 werden üen Router 193.72.194.201 erreicht. $ route add net 193.72.239.0 193.72.194.201 1 Der host 146.228.14.10 wird üen Router 193.72.194.100 erreicht. Siehe File /etc/rc2.d/S79staticroutes. $ route add host 146.228.14.10 193.72.194.100 1 Routing Tabelle kontrollieren $ netstat -nr DNS konfigurieren Angabe des DNS Nameservers /etc/resolv.conf Reihenfolge definieren /etc/nsswitch.conf Anonymous FTP aufsetzen Siehe Solris2 Administration Seite 103 und ff NFS-Client Konfiguration /etc/vfstab (Soll) --> /etc/mnttab (Ist) mount -F nfs -o bg,ro,soft gondwana:/usr/software /software NFS-Server wird in /etc/init.d/nfs.client start gestartet. Anzeige welche Directories gondwana zum mounten freigegeben hat dfshares gondwana RESOURCE SERVER ACCESS TRANSPORT gondwana:/export/home/zahn gondwana - - gondwana:/export/home/steiner gondwana - - NFS-Server Konfiguration /etc/dfs/dfstab (Soll) --> /etc/dfs/sharetab Directory read-only freigeben $ share -o ro /usr/software Alle Directories in /etc/dfs/dfstab freigeben $ shareall Alle Directories in /etc/dfs/dfstab zurümen $ unshareall NFS-Server wird gestartet in /etc/init.d/nfs.server Anzeige der freigegbenen lokalen Direcories $ share Anzeige welche Clients nutzen welche Directories eines NFS-Servers $ dfmounts -F nfs gondwana RESOURCE SERVER PATHNAME CLIENTS gondwana /export/home/zahn paragon.glue.ch,rabbit.glue.ch Automounter - /etc/auto_master (Master Map konfigurieren) - /etc/auto_home (Home Direcories verwalten) - autofs ist ein spezielles Filesystem - automount -v (Nach einer Aenderung an einer Map ausfü Modem konfigurieren Siehe spezielles Dokument Installationsanleitung um SCSI-Harddisk an SUN Hardware anzuschliessen Beispiel: SCSI-Disk Seagate ST150176L, 50MB an SUN Ultra Enterprise 1 * Eintrag in /etc/format.dat vornehmen (Angaben von Lieferanten) disk_type = "Seagate ST150176L" \ : ctlr = "SCSI" \ : ncyl = 12022 : acyl = 2 : pcyl = 12024 : nhead = 22 : nsect = 369 \ : rpm = 7200 : bpt = 188928 * Eintrag /etc/system füaris-2 Kernel, System booten * * SCSI-Disc Konfiguration * set scsi_options=0x20 * Disk anschliessen, SCSI-Adresse kontrollieren, Terminierung Unbedingt kontrolieren, dass eine SCSI-Adresse nicht mehrfach belegt ist. Dazu kann meistens hinten am Geräein Tippschalter eingestellt werden. Man beacht, dass in der Regel das letzte Geräterminiert werden muss. * Disk formatieren (nur wenn notwendig !) In der Regel muss eine Disk nicht neu formatiert werden, ist dies jedoch notwendig so steht unter Solaris das Utility format zur Verfü format AVAILABLE DISK SELECTIONS: 0. c0t0d0 /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@0,0 1. c0t1d0 /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@1,0 2. c0t2d0 /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@2,0 3. c0t4d0 /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@4,0 4. c0t5d0 /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@5,0 Specify disk (enter its number): 4 format> type AVAILABLE DRIVE TYPES: 0. Auto configure 1. DDRS-39130 2. Seagate ST118273 3. Seagate ST150176L 4. Quantum ProDrive 80S 5. Quantum ProDrive 105S 6. CDC Wren IV 94171-344 7. SUN0104 8. SUN0207 9. SUN0327 10. SUN0340 11. SUN0424 12. SUN0535 13. SUN0669 14. SUN1.0G 15. SUN1.05 16. SUN1.3G 17. SUN2.1G 18. SUN2.9G 19. IBM-DDRS-39130-S71D 20. SEAGATE-ST118273N-5764 21. SEAGATE-ST150176LW-0002 22. other Specify disk type (enter its number)[21]: 21 format> format (confirm with "yes") * Disk partitionieren Dadurch wird die Disk in logische Teile unterteilt. Jeder teil enthä ein eigenes Filesystem. format> part Nun die Partitionierungsdaten eingeben, zB partition> print Current partition table (original): Total disk cylinders available: 2733 + 2 (reserved cylinders) Part Tag Flag Cylinders Size Blocks 0 root wm 0 - 204 152.15MB (205/0/0) 311600 1 swap wu 205 - 377 128.40MB (173/0/0) 262960 2 backup wm 0 - 2732 1.98GB (2733/0/0) 4154160 3 home wm 378 - 1017 475.00MB (640/0/0) 972800 4 unassigned wm 0 0 (0/0/0) 0 5 unassigned wm 1018 - 1928 676.13MB (911/0/0) 1384720 6 usr wm 1929 - 2732 596.72MB (804/0/0) 1222080 7 unassigned wm 0 0 (0/0/0) 0 * Label erzeugen (aktuelle Partitionierung speichern) partition> label partition> y partition> quit format> quit * Filesystem erstellen newfs -v -m 0 /dev/rdsk/c0t5d0s0 Damit wird ein Filesystem mit 0 % Min-Free auf der Partition 0 der Disk an der SCSI-Adresse 5 erstellt. * Filesystem mounten Dazu den folgenden Eintrag in /etc/vfstab vornehmen #device device mount FS fsck mount mount #to mount to fsck point type pass at boot options /dev/dsk/c0t5d0s0 /dev/rdsk/c0t5d0s0 /u02 ufs 6 yes - List Solaris Hardware Configuration $ /usr/sbin/prtconf Show Swap Space currently installed Multiply the Blocks column by 512 $ swap -l swapfile dev swaplo blocks free /dev/dsk/c0t0d0s1 32,1 16 262944 262944 262944 * 512 = 134 MB Show Operating System Patch Level $ showrev -p Patch: 105181-16 Note, that Patchlevel 105181-15 is minimal needed for Oracle 8.1.6 Install a single patch bash-2.05# which patchadd /usr/sbin/patchadd # patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: bash-2.05# which patchrm /usr/sbin/patchrm # patchrm 104945-02 How to install a Sun Solaris Jumbo Patch ? - Download the Patch from: http://sunsolve.sun.com - Read the README File included in the Patch - Usually the only thing you have to do is: $ cd $ ./install_custer $ cat /var/sadm/install_data/_log $ showrev -p Reboot the system Tracing System Calls You can trace system calls with truss on Solaris an strace on Linux $ truss svrmgrl Troubleshooting Solaris Device Files If you suspect troubles with your Solaris device files, e.g. system doesn't boot after a filesystem check, you may repair the solaris system using the following commands. Halt the system immediately with the keys STOP-A, you will now see the boot prompt: OK STOP-A Reset the machine with OK reset Boot the machine with OK boot -r The command boot -r will rebuild all devices files according to your attached hardware. If you cannot boot the machine, you can try the following commands: drvconfig, disks, tapes drvconfig - configure the /devices directory The default operation of drvconfig is to create the /devices directory tree that describes, in the filesystem namespace, the hardware layout of a particular machine. Hardware devices present on the machine and powered on as well as pseudo-drivers are represented under /devices. Normally this command is run automatically after a new driver has been installed (with add_drv(1M)) and the system has been rebooted. disks - creates /dev entries for hard disks attached to the system Disks creates symbolic links in the /dev/dsk and /dev/rdsk directories pointing to the actual disk device special files under the /devices directory tree. tapes - creates /dev entries for tape drives attached to the system Tapes creates symbolic links in the /dev/rmt directory to the actual tape device special files under the /devices directory tree. Tapes searches the kernel device tree to see what tape devices are attached to the system. Short Tips to maintain Sun Solaris Here are some short tips for common tasks on SUN Solaris 2.6, 7 and 8 Important SUN Solaris Commands $ who -r # Show Run Level $ /usr/sbin/prtconf # Print the complete system configuration $ /sbin/mountall -l # Mount all local filesystems. $ /sbin/init S # Changing to single user mode Show currently mounted filesystems # /etc/mnttab: Contains information about devices that # are currently mounted. If there are mounted filesystems # with quotas enabled, display them if /usr/bin/cut -f 4 /etc/mnttab | \ /usr/bin/egrep '^quota|,quota' >/dev/null 2>&1; then echo 'There are mounted filesystems with quotas enabled' fi How to enable system activity data gathering # You will also need to uncomment the sa entries in # the system crontab /var/spool/cron/crontabs/sys. # Refer to the sar(1) and sadc(1m) man pages # for more information. $ /usr/bin/su sys -c "/usr/lib/sa/sadc /var/adm/sa/sa`date +%d`" How a new, unused Solaris system is setup ? # sysidtool is a suite of five programs that configure a new # system, or one that has been unconfigured with sys- # unconfig(1M). The sysidtool programs run automatically at # system installation, or during the first boot after a # machine has been successfully unconfigured. # # These programs have no effect except at such times, and # should never be run manually. # System Files are cat /etc/nodename cat /etc/hostname.* cat /etc/default/init cat /etc/defaultdomain cat /etc/inet/hosts cat /etc/inet/netmasks How to configure Asynchronous PPP ? Configure /etc/asppp.cf for the aspppd daemon $ /usr/sbin/aspppd -d 1 How to get and set TCP/IP driver configuration parameters ? # Getting Parameters Supported By The TCP Driver # To see which parameters are supported by the TCP driver, # use the following command: $ ndd /dev/tcp \? # The following command sets the value of the parameter # ip_forwarding in the IP driver to zero. This disables IP # packet forwarding. Disable IP Forwarding $ /usr/sbin/ndd -set /dev/ip ip_forwarding 0 Enable IP Forwarding (Machine acting as a Router) $ /usr/sbin/ndd -set /dev/ip ip_forwarding 1 How to set Default Route on Solaris ? # Configure default routers using the local "/etc/defaultrouter" # configuration file. The file can contain the hostnames or IP # addresses of one or more default routers. # # The default routes listed in the "/etc/defaultrouter" file will # replace those added by the kernel during diskless booting. An # empty "/etc/defaultrouter" file will cause the default route # added by the kernel to be deleted. # # Note that the default router file is ignored if we received routes # from a DHCP server. Our policy is to always trust DHCP over local # administration. # Set Default Route $ route -n add default # Show Default Route $ /usr/sbin/route -fn default 128.128.128.11 done How to set NIS domainname if locally configured ? if [ -f /etc/defaultdomain ]; then /usr/bin/domainname `cat /etc/defaultdomain` echo "NIS domainname is `/usr/bin/domainname`" fi RPC (Remote Procedure Call) Configuration # rpcbind - universal addresses to RPC program number mapper # rpcinfo - report RPC information Solaris Keyserv Daemon # keyserv is a daemon that is used for storing the private # encryption keys of each user logged into the system. These # encryption keys are used for accessing secure network ser- # vices such as secure NFS and NIS+. $ /usr/sbin/keyserv How to start the Solaris DNS server "in.named" # If this machine is configured to be an Internet # Domain Name System (DNS) server, run the name daemon. # Start named prior to: route add net host, # to avoid dns gethostbyname timout delay for # nameserver during boot. if [ -f /usr/sbin/in.named -a -f /etc/named.conf ]; then echo 'starting internet domain name server.' /usr/sbin/in.named & fi Where to find syslogd messages ? Configuration File: /etc/syslog.conf Message File: /var/adm/messages IP-Aliasing for SUN Solaris # How to setup IP-Alias on SUN Solaris 1. Setup File /etc/hostname.hme0:1 for the second IP-Address cat /etc/hostname.hme0:1 ldap 2. Insert IP-Address in /etc/hosts # # Internet host table # 128.128.128.11 ux-portal1 # IP-address on hme0:0 128.128.128.20 ldap # IP-alias on hme0:1 3. Start alias IP-Address on Interface in /etc/rc2.d S99ipalias -> ../init.d/ipalias #!/bin/sh # Akadia AG, Arvenweg 4, CH-3604 Thun # ---------------------------------------------------------------------- # File: ipalias # # Autor: Martin Zahn / 10.05.2000 # # Purpose: Setup second IP address on hme0:1 # ---------------------------------------------------------------------- if [ -f /etc/hostname.hme0:1 ] then case "$1" in 'start') # Start second IP address on hme0:1 echo "Start multi-homed server for UX-ALIAS1 on hme0:1" ifconfig hme0:1 128.128.128.20 up ;; 'stop') # Stop second IP address on hme0:1 echo "Stop multi-homed server for UX-ALIAS1 on hme0:1" ifconfig hme0:1 128.128.128.20 down ;; esac fi 4. Check IP-Address on second Interface ifconfig -a Solaris automounter installs filesystems by default in /net The Solaris automount utility installs autofs mount points and associates an automount map with each mount point. The autofs file system monitors attempts to access directories within it and notifies the automountd daemon. The daemon uses the map to locate a file system, which it then mounts at the point of reference within the autofs file system. You can assign a map to an autofs mount using an entry in the /etc/auto_master map or a direct map in /etc/auto_direct. If the file system is not accessed within an appropriate interval (five minutes by default), the automountd daemon unmounts the file system. Default Mapping under /net The mount point /net is by default the location, where automountd mounts NFS filesystems, which are exported on other machines. Lets suppose, that you have the filesystem /home exported on the NFS server saphir, then the (Solaris) NFS client with an active automounter will automatically mount this NFS filesystem under /net/saphir/. Mapping using /etc/auto_direct You probably doesn't want this default behavior. If you insert the following entry in /etc/auto_direct .... /opt/local -rw remote_machine:/local .... then, the directory /local on the remote machine "remote_machine" will be mounted on the local machine under /opt/local. Solaris keyboard utility The Solaris utility kbd manipulates the state of the keyboard or display the type of keyboard or change the default keyboard abort sequence effect. Suppose, that you do not want that everybody can halt the the system you must change the default value. We also noticed, that the Solaris machines attached to a switch box, using a character terminal on a serial line, may halt when you switch from one machine to the other. SYNOPSIS kbd [ -r ] [ -t ] [ -c on|off ] [ -a enable|disable ] [ -d keyboard device ] kbd -i [ -d keyboard device ] DESCRIPTION kbd manipulates the state of the keyboard, or displays the keyboard type or allows the default keyboard abort sequence effect to be changed. The default keyboard device being set is /dev/kbd. The -i option reads and processes default values for the keyclick and keyboard abort settings from the keyboard default file, /etc/default/kbd. Only keyboards that support a clicker respond to the -c option. If you want to turn clicking on by default, add or change the current value of the KEYCLICK variable to the value on in the keyboard default file, /etc/default/kbd, as shown here. KEYCLICK=on Then, run the command 'kbd -i' to change the current setting. Valid settings for this variable are the values on and off. Other values are ignored. If the variable is not specified in the default file, the setting is unchanged. The keyboard abort sequence (L1-A or STOP-A) on the keyboard and BREAK on the serial console input device on most systems) effect may only be changed by the superuser, using the -a option. On most systems, the default effect of the keyboard abort sequence is to suspend the operating system and enter the debugger or the monitor. If you want to permanently change the software default effect of the keyboard abort sequence, you can add or change the current value of the KEYBOARD_ABORT variable to the value disable in the keyboard default file, /etc/default/kbd, as shown here. KEYBOARD_ABORT=disable Then, run the command 'kbd -i' to change the current setting. Valid settings for this value are the values enable and disable. Other values are ignored. If the variable is not specified in the default file, the setting is unchanged. OPTIONS -i Set keyboard defaults from the keyboard default file. This option is mutually exclusive with all other options except for the -d keyboard device option. This option instructs the keyboard command to read and process keyclick and keyboard abort default values from the /etc/default/kbd file. This option can only be used by the superuser. -r Reset the keyboard as if power-up. -t Return the type of the keyboard being used. -c On/Off state Turn the clicking of the keyboard on or off. -a Enable/Disable state; Enable or disable the keyboard abort sequence effect. Monitoring Performance More information can be found on http://docs.sun.com This chapter describes procedures for monitoring system performance by using the vmstat, iostat, df, and sar commands. This is a list of the step-by-step instructions in this chapter. How to Display Virtual Memory Statistics (vmstat) The following example shows the vmstat display of statistics gathered at five-second intervals. $ vmstat 5 procs memory page disk faults cpu r b w swap free re mf pi po fr de sr f0 s3 -- -- in sy cs us sy id 0 0 8 28312 668 0 9 2 0 1 0 0 0 1 0 0 10 61 82 1 2 97 0 0 3 31940 248 0 10 20 0 26 0 27 0 4 0 0 53 189 191 6 6 88 0 0 3 32080 288 3 19 49 6 26 0 15 0 9 0 0 75 415 277 6 15 79 0 0 3 32080 256 0 26 20 6 21 0 12 1 6 0 0 163 110 138 1 3 96 0 1 3 32060 256 3 45 52 28 61 0 27 5 12 0 0 195 191 223 7 11 82 0 0 3 32056 260 0 1 0 0 0 0 0 0 0 0 0 4 52 84 0 1 99 Category Field Name Description procs Reports the following states: r The number of kernel threads in the dispatch queue b Blocked kernel threads waiting for resources w Swapped out LWPs waiting for processing resources to finish memory Reports on usage of real and virtual memory: swap Available swap space free Size of the free list page Reports on page faults and paging activity, in units per second: re Pages reclaimed mf Minor and major faults pi Kbytes paged in po Kbytes paged out fr Kbytes freed de Anticipated memory needed by recently swapped-in processes sr Pages scanned by page daemon (not currently in use). If sr does not equal zero, the page daemon has been running. disk Reports the number of disk operations per second, showing data on up to four disks faults Reports the trap/interrupt rates (per second): in Interrupts per second sy System calls per second cs CPU context switch rate cpu Reports on the use of CPU time: us User time sy System time id Idle time How to Display System Event Information Run vmstat -s to show the total of various system events that have taken place since the system was last booted. 0 swap ins 0 swap outs 0 pages swapped in 0 pages swapped out 409376480 total address trans. faults taken 3075036 page ins 2601555 page outs 3812452 pages paged in 6525552 pages paged out 11007609 total reclaims 10927650 reclaims from free list 0 micro (hat) faults 409376480 minor (as) faults 2957386 major faults 102738273 copy-on-write faults 61711047 zero fill page faults 1002562077 pages examined by the clock daemon 7881 revolutions of the clock hand 16716370 pages freed by the clock daemon 4999048 forks 1138206 vforks 5747009 execs 741660225 cpu context switches 736047593 device interrupts 528054538 traps 2496638575 system calls 430283487 total name lookups (cache hits 95%) 81727 toolong 10484677 user cpu 9528364 system cpu 443762786 idle cpu 16281790 wait cpu How to Display Swapping Statistics Run vmstat -S to show swapping statistics. procs memory page disk faults cpu r b w swap free si so pi po fr de sr m1 m3 m4 m5 in sy cs us sy id 0 0 0 8512 888 0 0 12 21 55 0 417 1 0 0 0 206 1040 308 2 2 96 si = Average number of LWPs swapped in per second so = Number of whole processes swapped out How to Display Disk Utilization Information (iostat) You can display disk activity information by using the iostat command with a time interval. The following example shows disk statistics gathered every five seconds. iostat 5 tty md1 md3 md4 md5 cpu tin tout kps tps serv kps tps serv kps tps serv kps tps serv us sy wt id 0 2 10 1 28 2 0 22 0 0 0 1 0 10 2 2 3 92 0 47 58 7 39 16 2 34 0 0 0 0 0 0 0 2 19 78 0 16 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 98 0 16 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 99 0 16 2 0 22 0 0 0 0 0 0 0 0 0 2 3 1 95 0 24 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 98 For Each ... Field Name Description Terminal tin Number of characters in the terminal input queue tout Number of characters in the terminal output queue Disk bps Blocks per second tps Transactions per second serv Average service time, in milliseconds CPU us In user mode sy In system mode wt Waiting for I/O id Idle How to Display Extended Disk Statistics Run iostat -xtc to get extended disk statistics. This command displays a line of output for each disk. extended device statistics tty cpu device r/s w/s kr/s kw/s wait actv svc_t %w %b tin tout us sy wt id md1 0.4 0.9 3.6 6.9 0.0 0.0 27.7 1 1 0 2 2 2 3 92 md3 0.1 0.2 1.0 1.3 0.0 0.0 21.7 0 0 md4 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0 0 md5 0.0 0.0 0.7 0.0 0.0 0.0 9.9 0 0 md8 0.8 0.3 6.7 14.2 0.0 0.0 13.1 0 1 md10 0.2 0.9 1.8 6.8 0.0 0.0 15.5 0 1 md11 0.2 0.9 1.8 6.8 0.0 0.0 14.8 0 1 md30 0.0 0.2 0.5 1.3 0.0 0.0 11.4 0 0 md31 0.0 0.2 0.5 1.3 0.0 0.0 10.2 0 0 md40 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0 0 md41 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0 0 md50 0.0 0.0 0.4 0.0 0.0 0.0 9.4 0 0 md51 0.0 0.0 0.4 0.0 0.0 0.0 7.3 0 0 md80 0.4 0.3 3.3 14.2 0.0 0.0 10.3 0 0 md81 0.4 0.3 3.3 14.2 0.0 0.0 11.7 0 1 sd0 0.6 2.1 6.0 22.8 0.0 0.0 16.3 0 3 sd1 0.6 2.1 6.0 22.8 0.0 0.0 15.2 0 2 Field Name Description r/s Reads per second w/s Writes per second Kr/s Kbytes read per second Kw/s Kbytes written per second wait Average number of transactions waiting for service (queue length) actv Average number of transactions actively being serviced svc_t Average service time, in milliseconds %w Percentage of time the queue is not empty %b Percentage of time the disk is busy How to Check CPU Utilization (sar) Display CPU utilization with the sar -u command. (The sar command without any options is equivalent to sar -u.) At any given moment, the processor is either busy or idle. When busy, the processor is in either user or system mode. When idle, the processor is either waiting for I/O completion or "sitting still" with no work to do. Measure CPU utilization during 5 secs one time. sar -u 5 1 Measure CPU utilization during 60 secs 1440 times and write result in file sar.log. sar -u -o sar.log 60 1440 To later review disk and tape activity from that period: sar -d -f sar.log Field Name Description %sys Lists the percentage of time that the processor is in system mode %user Lists the percentage of time that the processor is in user mode %wio Lists the percentage of time the processor is idle and waiting for I/O completion %idle Lists the percentage of time the processor is idle and is not waiting for I/O A high %wio generally means a disk slowdown has occurred. Enable file system journaling on Solaris 7 and 8 Solaris 7 and 8 include a native implementation of file system journaling. This feature, known as "intent logging" or just "logging" enables FASTER file system operation and FASTER system boot. It's trivial to implement and safe to use. The new logging feature is an option to the Unix File System (UFS), which is the standard file system for all disk partitions on SUN servers, except for partitions holding swap space. By default, the journaling option is disabled. Logging is enabled on a per file system basis, and it can even be enabled on / (root file system) and other operating system partitions. Background Solaris UFS logging works by allocating space from the file system's free blocks. Within that space, all metadata changes to the file system are written. Metadata includes directory and I-node information but not file data blocks, essentially everything but the actual data within the file. So, for example, a "file create" modifies the directory structure and allocates a new I-node, and those activities are written to the logging space. Once the metadata changes are made to the logging area, the system is free to perform other operations to the file system. In the background, the information in the log is flushed to the file system and updates the appropriate directory and I-node structures, completing the file system operations. The logging data is written sequentially within the log space. It's therefore much faster for the operating system to complete metadata changes via logging and background flushing than by directly modifying the metadata (via random I/O) spread across the disk. The size of the logging space is based on the size of the file system, and equals 1 MB per 1 GB of file system space, up to 64 MB. The space is used as a circular log: if the log space is about to fill up, new metadata change requests are paused while the log is emptied. As changes are moved from the log to the file system, that log space is made available, and new metadata changes can be written to the logging space. Usually with UFS, if the system crashes during any file system operation, the entire system must have its consistency checked via the fsck command. That command can take several minutes per file system because it checks all metadata and file data to ensure the structures are correct, free, and used, and that the I-node block counts are correct. It also confirms that the free space available is current, repairs inconsistencies, and occasionally requires manual intervention to fix large problems. Files and even directories can be lost, depending on the operations occurring at the time of the crash. Because metadata changes are made first to the log space rather than to the file system, the consistency check for a logged file system after a crash is a simple and fast operation. The system evaluates the logging data and determines which changes had completed against the underlying file system, which had yet to start, and which were in progress. Those completed or not yet started are removed from the log, and those partly completed are either undone or completed. If there's sufficient data in the log to complete the operation, it's completed. Otherwise, the changes made are removed from the underlying file system. People familiar with database operation will recognize the similarity between database transaction processing and the activities here. The end result is that the underlying file system is consistent, and no thorough consistency checking is needed. That operation completes in a few seconds per file system. Using logging Starting with Solaris 7, there's a new logging option to the mount command and in the /etc/vfstab system configuration file. Logging only appears in a couple other places within Solaris. The mount command shows which partitions are mounted and lists logging in the options fields for each partition on which logging is enabled. Finally, at system boot time, the fsck phase reports per partition whether each is stable, logging, or being checked. There are no other status commands available to determine the state of logging. A = Device to mount B = Device to fsck C = Mount point D = Filesystem Type E = Fsck pass (unimportatnt with logging) F = Mount at boot G = Mount options # ------------------------------------------------------------------ # A B C D E F G # ------------------------------------------------------------------ fd - /dev/fd fd - no - /proc - /proc proc - no - /dev/dsk/c0t0d0s3 - - swap - no - /dev/dsk/c0t0d0s0 /dev/rdsk/c0t0d0s0 / ufs 1 no logging /dev/dsk/c0t0d0s6 /dev/rdsk/c0t0d0s6 /usr ufs 2 no logging /dev/dsk/c0t0d0s1 /dev/rdsk/c0t0d0s1 /var ufs 3 no logging /dev/dsk/c0t0d0s7 /dev/rdsk/c0t0d0s7 /home ufs 4 yes logging /dev/dsk/c0t0d0s5 /dev/rdsk/c0t0d0s5 /opt ufs 5 yes logging /dev/dsk/c0t8d0s0 /dev/rdsk/c0t8d0s0 /u01 ufs 6 yes logging /dev/dsk/c0t9d0s0 /dev/rdsk/c0t9d0s0 /u02 ufs 7 yes logging /dev/dsk/c0t10d0s0 /dev/rdsk/c0t10d0s0 /u03 ufs 8 yes logging /dev/dsk/c0t11d0s0 /dev/rdsk/c0t11d0s0 /u04 ufs 9 yes logging /dev/dsk/c0t12d0s0 /dev/rdsk/c0t12d0s0 /u05 ufs 10 yes logging /dev/dsk/c1t13d0s0 /dev/rdsk/c1t13d0s0 /app ufs 11 yes logging /dev/dsk/c1t14d0s0 /dev/rdsk/c1t14d0s0 /users ufs 12 yes logging swap - /tmp tmpfs - yes - Logging increases performance, decreases fsck time, removes the risk of a file system corruption, can be used on all UFS partitions (including root), and is free. Solaris Syslog Daemon Debugging The log system messages daemon syslogd reads and forwards system messages to the appropriate log files and/or users, depending upon the priority of a message and the system facility from which it originates. The configuration file /etc/syslog.conf controls where messages are forwarded. The syslogd daemon ignores any faulty entry in /etc/syslog.conf, specially spaces instead of tabs are not recognized by syslogd. Therefore always check the entries in /etc/syslog.conf in the debugging mode of syslogd. How to check /etc/syslog.conf # /etc/init.d/syslog stop # /usr/sbin/syslogd -d getnets() found 1 addresses, they are: 0.0.0.0.2.2 amiloghost() testing 193.247.121.196.2.2 cfline(*.err;kern.notice;auth.notice /dev/sysmsg) cfline(*.err;kern.debug;daemon.notice /var/adm/messages) cfline(mail.info;mail.debug /var/log/maillog) syslogd: line 14: unknown priority name "debug /var/log/maillog" cfline(*.alert;kern.err;daemon.err operator) cfline(*.alert root) cfline(*.emerg *) cfline(user.err /dev/sysmsg) cfline(user.err /var/adm/messages) cfline(user.alert root, operator) cfline(user.emerg *) syslogd: version 1.70 Started: Sat Jan 6 10:11:47 2001 Input message count: system 0, network 0 # Outputs: 10 5 3 3 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/sysmsg 7 3 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X FILE: /var/adm/messages X X 6 X X X X X X X X X X X X X X X X X X X X X X UNUSED: 3 1 1 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: operator 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: root 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: X 3 X X X X X X X X X X X X X X X X X X X X X X X CONSOLE: /dev/sysmsg X 3 X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/adm/messages X 1 X X X X X X X X X X X X X X X X X X X X X X X USERS: root, operator X 0 X X X X X X X X X X X X X X X X X X X X X X X WALL: Per File Statistics File Tot Dups Nofwd Errs ---- --- ---- ----- ---- /dev/sysmsg 0 0 0 0 /var/adm/messages 0 0 0 0 0 0 0 0 operator 0 0 0 0 root 0 0 0 0 WALL 0 0 0 0 /dev/sysmsg 0 0 0 0 /var/adm/messages 0 0 0 0 root,operator 0 0 0 0 WALL 0 0 0 0 syslogd: restarted off & running.... sys_poll blocking, init_cnt=0 # ^D # /etc/init.d/syslog start Line 14 in /etc/syslog.conf are filled up with spaces instead of tabs. Replace the spaces with tabs and syslogd will accept the new entry in Line 14. Does each Oracle Process use more than 100M memory ? If you check the oracle process with the OS comand "pmap" or "top", you can see that each oracle process use more than 100M memory. Is this a problem on the Oracle installation or something else? It seems that pmap counts the SGA size as the private memory segment of each oracle process, but we believe the SGA size should be shared. Output from "top" on our Solaris System with Orcale 8.1.7.0 PID USERNAME THR PRI NICE SIZE RES STATE TIME CPU COMMAND ----------------------------------------------------------------- 361 oracle 258 59 0 124M 88M sleep 0:01 0.00% oracle 373 oracle 11 59 0 122M 88M sleep 41:50 0.00% oracle 363 oracle 11 59 0 119M 88M sleep 0:01 0.00% oracle 365 oracle 11 58 0 119M 88M sleep 0:17 0.02% oracle 359 oracle 1 59 0 119M 89M sleep 0:00 0.00% oracle 377 oracle 1 59 0 119M 88M sleep 0:00 0.00% oracle 375 oracle 1 58 0 119M 88M sleep 0:00 0.00% oracle 367 oracle 1 58 0 118M 89M sleep 0:00 0.00% oracle 371 oracle 1 58 0 118M 89M sleep 0:00 0.00% oracle 369 oracle 1 58 0 118M 88M sleep 0:00 0.00% oracle Memory Allocation for Oracle Processes On many UNIX platforms and specially on Sun platforms, the text of the Oracle binary and shared libraries are actually shared between background processes if these instances share the same ORACLE_HOME. So you need to subtract the shared text of the oracle binary and the shared libraries in the result of the OS commands. Even pmap and pmen utilities make mistakes between these memory divisions, and sometimes SGA and text executable are often added incorrectly. Determine the memory used by each Oracle background process on a Solaris This can be used by anyone who has privleges for the pmap, which can be found in /usr/proc/bin/. First, we need to find the process id (PID) of the Oracle background process you wish to determine the memory size for. This is done by issueing the following command: # ps -u oracle -f UID PID PPID C STIME TTY TIME CMD oracle 359 1 0 12:26:17 ? 0:00 ora_pmon_DIA3 oracle 361 1 0 12:26:17 ? 0:01 ora_dbw0_DIA3 oracle 363 1 0 12:26:17 ? 0:01 ora_lgwr_DIA3 oracle 365 1 0 12:26:17 ? 0:18 ora_ckpt_DIA3 oracle 367 1 0 12:26:17 ? 0:01 ora_smon_DIA3 oracle 369 1 0 12:26:17 ? 0:00 ora_reco_DIA3 oracle 371 1 0 12:26:17 ? 0:00 ora_snp0_DIA3 oracle 373 1 0 12:26:17 ? 41:50 ora_s000_DIA3 oracle 375 1 0 12:26:17 ? 0:00 ora_d000_DIA3 oracle 377 1 0 12:26:18 ? 0:00 ora_d001_DIA3 Second, you then enter the following commands for the DB Writer process (ora_dbw0_DIA3) with process id = 361 as an example. # /usr/proc/bin/pmap 361 | grep "shmid" 80000000 82992K read/write/exec/shared [ shmid=0x2 ] # /usr/proc/bin/pmap 361 | grep "total" total 124232K Then you take the total size: 124232K and subtract the SGA size which the line marked with "shmid=" above, in this case it is 82992K. So, 124232K minus 82992K is 41240K. So, the DBWR background process is approximately 41.2 MB. Repeat this steps for all the background processes. Sizing up Solaris Memory with the RMCmem Package How much memory is needed on SUN Solaris? Explaining memory in Solaris by reviewing the different types of memory and introducing a set of tools, the RMCmem package. Install RMCmem Package Download the RMCmem tools available from ftp://playground.sun.com/pub/memtool. The package includes a kernel module that provides extra instrumentation. # cd /tmp # zcat RMCmem3.8.2.tar.gz | tar xvf - # pkgadd -d . The package is installed in /opt/RMCmem (see README in this directory) Virtual / Physical Memory Usage Solaris is a virtual memory system. The total amount of memory that you can use is increased by adding swap space to the system. If you ever see "out of memory" messages, adding swap space is the usual fix. Performance of the system is very dependent on how much physical memory (RAM) you have. If you don't have enough RAM to run your workload, performance degrades rapidly. Physical memory usage can be classified into four groups: * Kernel memory mapped into kernel address space * Process memory is mapped into a process address space * Filesystem cache memory that is not mapped into any address space * Free memory that is not mapped into any address space RMCmem includes a simple command to summarize this: # /opt/RMCmem/bin/prtmem Total memory: 989 Megabytes Kernel Memory: 60 Megabytes Application: 110 Megabytes Executable & libs: 42 Megabytes File Cache: 757 Megabytes Free, file cache: 11 Megabytes Free, free: 6 Megabytes Total physical memory The total physical memory can be seen using prtconf. Memory is allocated in units called pages, and you can use the 'pagesize' command to see the size in bytes per page: # /usr/sbin/prtconf | grep Memory Memory size: 1024 Megabytes # /usr/bin/pagesize 8192 Kernel memory Kernel memory is allocated to hold the initial kernel code at boot time, then grows dynamically as new device drivers and kernel modules are used. Kernel tables also grow dynamically, unlike some older versions of Unix. As you add hardware and processes to a system, the kernel will grow. In particular, to keep track of all the memory in a system, the kernel allocates a page table structure. If you have several gigabytes of RAM this table gets quite large. The dynamic kernel memory allocator grabs memory in large "slabs," then allocates smaller blocks more efficiently. This means that the kernel tends to grab a bit more memory than it's really using. If there is a severe memory shortage, the kernel unloads unused kernel modules and devices and frees unused slabs. The simplest summary of kernel memory usage comes from sar. To show the kernel memory allocation (KMA) activities use (see man sar for more details). # sar -k 1 SunOS diamond 5.7 Generic_106541-12 sun4u 04/28/01 sml_mem alloc fail lg_mem alloc fail ovsz_alloc fail 6873088 6044236 0 44818432 43761720 0 11231232 0 Application process memory Application processes consist of an address space divided into segments, where each segment maps either to a file, anonymous memory (the swap space), System V shared memory, or a memory mapped device. The mapped files include the code and initialized data for the command and all its shared libraries. What we really want to know, is the amount of RAM used by each segment. This is shown by the pmem command in the RMCmem package. # /opt/RMCmem/bin/pmem 361 361: ora_dbw0_DIA3 Kbytes Resident Shared Private Permissions Mapped File 82992 82992 82992 - read/write/exec [shmid=0x2] 16 16 8 8 read/exec libc_psr.so.1 16 16 8 8 read/exec libmp.so.2 8 8 8 - read/write/exec libmp.so.2 ........ .. .. . ............... ........... 112 80 72 8 read/exec libelf.so.1 8 8 8 - read/write/exec libelf.so.1 16 16 8 8 read/exec libkvm.so.1 8 8 8 - read/write/exec libkvm.so.1 -------- ------ ------ ------ ------ 124232 93040 92728 312 Now we can see that the process address space size is 124232 kilobytes; 93040 kilobytes of that are currently resident in main memory, wherein 92728 kilobytes are shared with other processes while 312 kilobytes are private. When this command started only the 312 kilobytes of private memory were taken from the free list. If we now go through all the processes on the system, add up how much private memory they use, and also add in the shared memory for each mapped file, we'll know how much application memory is in use. This summary is shown by prtmem as we saw in the beginning, and the detail is listed by the memps command in RMCmem. # /opt/RMCmem/bin/memps PID Size Resident Shared Private Process ... ....... ...... ...... .... ............. 359 118904k 93608k 92800k 808k ora_pmon_DIA3 367 118184k 93152k 92704k 448k ora_smon_DIA3 369 117928k 93120k 92704k 416k ora_reco_DIA3 371 118040k 93136k 92720k 416k ora_snp0_DIA3 365 119040k 93120k 92712k 408k ora_ckpt_DIA3 377 118344k 93080k 92720k 360k ora_d001_DIA3 363 119088k 93056k 92720k 336k ora_lgwr_DIA3 375 118344k 93048k 92720k 328k ora_d000_DIA3 361 124232k 93040k 92728k 312k ora_dbw0_DIA3 373 121608k 93032k 92728k 304k ora_s000_DIA3 Filesystem cache memory This is the part of memory that is most confusing, as it is invisible. You can only tell it's there if you access the same file twice and it is quicker the second time. The RMCmem package adds kernel instrumentation that counts up all the pages for each cached file. The memps -m command lists the files that are cached in order of the amount of memory they're consuming. One problem is that within the kernel, the file is only known by its inode number and filesystem mount point. The directory pathname for the file may not be known. The RMCmem package tries to solve this problem by catching file names as files are opened (by interposing on the vnode open code) and making an inode-to-name lookup cache in the kernel. This cache size is limited (to 8192 entries by default), and the file may have been opened before the kernel module was loaded, so it can't always find the name. # memps -m Size InUse E/F Filename 21064k 21064k F /usr (inode 540488) 8184k 824k F /usr (inode 260922) 7752k 7752k F /usr (inode 540429) 7480k 7480k F /usr (inode 540428) 7480k 7480k F /usr (inode 540427) 6896k 6896k F /usr (inode 540450) .... .... . .... ...... ...... ... and so on down to lots of files ... # cd /usr # find . -inum 540488 ./local/jdbc/ora817/old/libserver8.a More infos about the RMCmem package can be found here as PDF Using Sun Solaris Manuals directly from CD-ROM Solaris 8: cd /cdrom/sol_8_doc ./ab2cd (Start) http://quorum:8888 (Using the Doc online) ./ab2cd stop (Stop) Solaris 7: cd /cdrom/sol_7_1199_doc ./ab2cd (Start) http://diamond:8888 (Using the Doc online) ./ab2cd stop (Stop) DLT-TAPE UNIT INSTALLATION on Solaris 7/8/9 Installation Instructions will cover the installation of the DLT tape peripheral hardware and configuration of the system to communicate with the DLT tape peripheral. In this example we use a «QUANTUM DLT7000». The Solaris system must have the appropriate SCSI interface for DLT drive to attached to, a SCSI single-ended DLT drive can be attached only to a SCSI single-ended interface. The same is true for SCSI differential attachment. Solaris includes a driver to efficiently communicate with SCSI tape drives, such as the DLT tape peripheral. Perform the installation as follows: Shut down your Sun workstation/server and power off the machine and all scsi-devices. Connect the DLT to the scsi-bus using good cables and make sure the bus is terminated correctly. Set the scsi-id; id 4 or 5 are the most common to use. If possible use a separate or underutilized SCSI bus for the DLT. Running the tape drive on the same bus as the disk drives will never let you achieve any good throughput. You bought the DLT because of performance didn't you ? 1. STOP-A (L1-A) Power on the devices/machine again and halt the boot process with. (or press the BREAK key if you have an ASCII console). 2. probe-scsi-all Verify that the drive is connected properly. Note: output from probe-scsi will not always be correct if you enter the PROM monitor by breaking the boot process! 3. boot -rv Boot the system and log in as root. When booting you should see a message similar to these: "st1: ". 4. cd /kernel/drv Change directory to /kernel/drv. Edit the st.conf file by adding the following: tape-config-list="QUANTUM DLT7000","Quantum DLT7000","DLT7-data"; DLT7-data = 1,0x38,0,0x8639,4,0x82,0x83,0x84,0x85,3; tape-config-list="","","" * tape-config-list is a variable defined by a series of tape configuration parameters listed below: * is the vendor and product ID string for the DLT device. Depending on the DLT tape peripheral you are installing, you must insert the appropriate vendor and product ID for as described in the following table: DLT Tape Product DLT7000 QUANTUM DLT7000 (Total string character count, including spaces, must equal 15). * is a name you select that the system will use to identify the DLT device. This reference does not change the DLT product ID. When the system boots, the reference name will be displayed in the list of peripheral devices recognized by the system. * is a variable containing a series of additional DLT device configuration information. You select a name in place of the string. You will continue editing the st.conf file by defining the name you selected for . The definition depends on the DLT tape peripheral you are installing. For a DLT7000 series unit add the following line: 1,0x38,0,0x8639,4,0x82,0x83,0x84,0x85,3; contains 10 parameters and are described following: 1 The first parameter, is the version number and should not change. 0x38 The second parameter, designates the DLT tape type as defined in /usr/include/sys/mtio.h. #define MT_ISOTHER 0x36 /* generic other type of tape drive */ #define MT_ISDLT 0x38 /* sun: SCSI DLT tape drive */ 0 The third parameter is the block size. Since the DLT tape drive uses variable block size, this value should be zero. 0x8639 The fourth parameter, 0x8639, is a summation of values that represent selected device options. The table below lists the options and the corresponding value: Option Value ST_VARIABLE 0x0001 ST_BSF 0x0008 ST_BSR 0x0010 ST_LONG_ERASE 0x0020 ST_NOWS_EOD 0x0200 ST_NLOADABLE 0x0400 ST_NO_RECSIZE_LIMIT 0x8000 The man st page has more information about these and other possible device options. For certain applications, it may be necessary to consider adding or removing one or more of the device options. 4 The fifth parameter, 4, defines the number of densities. The maximum definable number of densities is 4. 0x82 0x83 0x84 0x85 The sixth, seventh, eighth and ninth parameter are used for system selection of tape densities. Use these values for a DLT 7000 Tape Drive. 3 The tenth parameter defines which density the system will use as the default density. The sixth, seventh, eighth and ninth parameters in the string are referenced by the system as 0, 1, 2 and 3, respectively. The 3 value for the tenth parameter selects the 0x85 density code as the system default density. After editing the st.conf file, reboot the system: 5. shutdown-i0-g0 boot -rv Reboot the System The -r switch in the boot command enables a kernel compile and includes the creation of device special files used for communication with the DLT device. The -v switch enables verbose mode display of system bootup. With verbose mode, the system should indicate that the DLT tape peripheral is attached by displaying the string you selected. 6. mt -t /dev/rmt/0 status Enter the following command to verify the installation: Vendor 'TANDBERG' Product 'DLT7000 ' tape drive: sense key(0x0)= No Additional Sense residual= 0 retries= 0 file no= 0 block no= 0 The target drive designations assigned by Solaris may take on values higher than already established in the /dev/rmt/ path. This is not a problem but during a boot -rv, Solaris does not remove tape device files for drives that are no longer attached to the system. This can increase the effort in locating the device file for the configured drive, however, this can be minimized by first deleting the tape device files: rm /dev/rmt/* then either boot the system with a: boot -rv or issue the following at the command line prompt: drvconfig -i st; tapes If the DLTtape is the only drive on the system, it's target assignment should be zero. The Solaris man pages have more information on drvconfig and tapes. Reconfigure Devices on Solaris If you remove or add a device on Solaris then the devices files must be recreated, either with boot -rv or devfsadm. For example to renumber the logical tape drive devices do the following: Tape drives were numbered beginning with /dev/rmt/3 instead of /dev/rmt/0. The physical devices pointed to by the logical /dev/rmt/[012] devices no longer existed, and we wanted to renumber the valid devices beginning at /dev/rmt/0. 1. Cleanup non-existent tape drive devices with devfsadm. # devfsadm -C -c tape -v 2. Remove all /dev/rmt logical links. # rm -f /dev/rmt/* 3. Recreate all /dev/rmt logical links with devfsadm # devfsadm -c tape -v devfsadm devfsadm(1M) maintains the /dev and /devices namespaces. It replaces the previous suite of devfs administration tools including drvconfig(1M), disks(1M), tapes(1M), ports(1M), audlinks(1M), and devlinks(1M). OPTIONS The following options are supported: -C Cleanup mode. Prompt devfsadm to cleanup dangling /dev links that are not normally removed. If the -c option is also used, devfsadm only cleans up for the listed devices' classes. -c device_class Restrict operations to devices of class device_class. Solaris defines the following values for device_class: disk, tape, port, audio, and pseudo. This option may be specified more than once to specify multiple device classes. OpenBoot Diagnostics The Solaris operating system gets the jumpstart for its booting from a hardware-level interface called the OpenBoot PROM or OBP for short. OpenBoot at its heart has an interactive command interpreter with a varied set of functions. OBP is a firmware which is stored in the socketed startup PROM of the computer and consists of two parts, the PROM and the NVRAM. As stated earlier while the PROM acts as the interface for access to diagnostics and drivers, the NVRAM consists of some editable user defined parameters. Non Volatile information like the system identification information, device aliases etc are stored in the NVRAM.The OpenBoot PROM is programmable and can be programmed based on Forth, which is an interactive programming language much like shell scripting. The main tasks performed by the OpenBoot firmware are: * Initializing and Testing system hardware ( POST , power on self test) * Interactive Debugging * Management of NVRAM Parameters * Start the Operating System boot Useful commands at OK prompt. Dignostics : boot General banner this command shows the following systems hardware informatiion : Model, architecture, processor,keyboard, openboot version, Serial no. ethernet address & host id. test floppy - test floppy disk drive test net - test network loopbacks test scsi - test scsi interface test-all test for all devices with selftest method watch-clock Show ticks of real-time clock watch-net Monitor network broadcast packets watch-net-all Monitor broadcast packets on all net interfaces probe-scsi Show attached SCSI devices probe-scsi-all Show attached SCSI devices for all host adapters- internal & external. boot - boot kernel from default device. Factory default is to boot from DISK if present, otherwise from NET. boot net - boot kernel from network boot cdrom - boot kernel from CD-ROM boot disk1:h - boot from disk1 partition h boot tape - boot default file from tape boot disk myunix -as - boot myunix from disk with flags "-as" DEVALIAS ok>show-devs ok cd /pci@1f,4000/scsi@3 ok .properties ok ls f00809d8 tape f007ecdc disk ok .speed CPU Speed : 200.00MHz UPA Speed : 100.00MHz PCI Bus A : 66Mhz PCI Bus B : 33Mhz printenv Display all variables and current values. setenv Set variable to the given value. set-default Reset the value of variable to the factory default. set-defaults Reset variable values to the factory defaults. Key Sequences These commands are disabled if the PROM security is on. Also, if your system has full security enabled, you cannot apply any of the suggested commands unless you have the password to get to the ok prompt. Stop - Bypass POST. This command does not depend on security-mode. (Note: some systems bypass POST as a default; in such cases, use Stop-D to start POST.) Stop-A Abort. Stop-D - Enter diagnostic mode (set diag-switch? to true). Stop-F - Enter Forth on TTYA instead of probing. Use exit to continue with the initialization sequence. Useful if hardware is broken. Stop-N Reset NVRAM contents to default values. Start an OpenBoot Diagnostics OK setenv diag-switch? true OK setenv auto-boot? false OK reset-all OK test-all or obdiag Configure Graphics Console (e.g. Sun XVR-100 Graphics Accelerator) instead of serial TTYA OK show-displays Select the graphics accelerator, e.g. b OK nvalias mydev OK setenv output-device mydev OK setenv use-nvramrc? true OK reset-all Why doesn't my .forward file work? Overview If you are having problems where you have created a $HOME/.forward file in your home directory to forward e-mails from one account to another and it just won't forward them? Set correct Permissions First make sure the file isn't group or world writable. -rwxrwxr-x 1 zahn dba 0 Jan 9 12:17 .forward # wrong -rwxr-xr-x 1 zahn dba 0 Jan 9 12:17 .forward # OK Lastly, make sure your home directory isn't group or world writable. drwxrwxr-x 14 zahn dba 4096 Jan 9 12:20 zahn # wrong drwxr-xr-x 14 zahn dba 4096 Jan 9 12:20 zahn # OK ############################## # console lightsout management ############################## Type V240 pago-sb3 console login: root Password: Last login: Fri Feb 10 14:14:05 on console Sun Microsystems Inc. SunOS 5.9 Generic May 2002 OO # pago-sb3-sc> ? Invalid command. Type 'help' for list of commands. pago-sb3-sc> help Available commands ------------------ poweron {FRU} poweroff [-y] [-f] removefru [-y] {FRU} reset [-y] [-x] break [-y] bootmode [normal|reset_nvram|diag|skip_diag|bootscript="string"] console [-f] consolehistory [-b lines|-e lines] [-g lines] [-v] [boot|run] showlogs [-b lines|-e lines] [-g lines] [-v] setlocator [on|off] showlocator showenvironment showfru showplatform [-v] showsc [-v] [param] shownetwork [-v] setsc [param] [value] setupsc showdate setdate [[mmdd]HHMM | mmddHHMM[cc]yy][.SS] resetsc [-y] flashupdate [-s IPaddr -f pathname] [-v] setdefaults [-y] [-a] useradd userdel [-y] usershow [username] userpassword userperm [c][u][a][r] password showusers [-g lines] logout help [command] pago-sb3-sc> console Enter #. to return to ALOM. ########## # groupadd ########## groupadd -g 1984 bb ######### # useradd ######### useradd -u 1984 -g bb -d /export/home/bb -c "Big Brother Systemueberwachung" -m bb ############################################ # http://www.optix.org/~dxy/solaris/command/ ############################################ HD info(vendor, RPM, capacity) oasis:/home/tse/dxy[9:18pm] iostat -E sd0 Soft Errors: 0 Hard Errors: 3 Transport Errors: 0 Vendor: SEAGATE Product: ST34371W SUN4.2G Revision: 7462 Serial No: 9742K71685 RPM: 7200 Heads: 16 Size: 4.29GB <4292075520 bytes> Media Error: 0 Device Not Ready: 0 No Device: 3 Recoverable: 0 Illegal Request: 0 Predictive Failure Analysis: 0 sd1 Soft Errors: 0 Hard Errors: 3 Transport Errors: 0 Vendor: SEAGATE Product: ST32171W SUN2.1G Revision: 7462 Serial No: 9736T74649 RPM: 5400 Heads: 19 Size: 2.13GB <2127708160 bytes> Media Error: 0 Device Not Ready: 0 No Device: 3 Recoverable: 0 Illegal Request: 0 Predictive Failure Analysis: 0 sd6 Soft Errors: 0 Hard Errors: 3 Transport Errors: 0 Vendor: TOSHIBA Product: XM5701TASUN12XCD Revision: 0997 Serial No: 04/09/97 RPM: 0 Heads: 0 Size: 18446744073.71GB <-8589934591 bytes> Media Error: 0 Device Not Ready: 3 No Device: 0 Recoverable: 0 Illegal Request: 0 Predictive Failure Analysis: 0 Display the number of used and free i-nodes impulse:/home/dxy[4:07pm] df -F ufs -o i Filesystem iused ifree %iused Mounted on /dev/dsk/c0t3d0s0 38555 403045 9% / /dev/dsk/c0t1d0s0 160761 345607 32% /export/home /dev/md/dsk/d20 149826 1905214 7% /usr/local impulse:/home/dxy[4:07pm] /usr/ucb/df -i Filesystem iused ifree %iused Mounted on /dev/dsk/c0t3d0s0 38555 403045 9% / /dev/dsk/c0t1d0s0 160761 345607 32% /export/home /dev/md/dsk/d20 149826 1905214 7% /usr/local impulse:/home/dxy[4:07pm] Display processes with the highest CPU utilization velocity:/home/dxy[4:54pm] ps -eo pid,pcpu,args | sort +1n Display processes with the highest memory usage velocity:/home/dxy[4:54pm] ps -eo pid,vsz,args | sort +1n Printing disk geometry and partition info oasis:/home/dxy[4:16pm] prtvtoc /dev/rdsk/c0t0d0s0 * /dev/rdsk/c0t0d0s0 partition map * * Dimensions: * 512 bytes/sector * 135 sectors/track * 16 tracks/cylinder * 2160 sectors/cylinder * 3882 cylinders * 3880 accessible cylinders * * Flags: * 1: unmountable * 10: read-only * * First Sector Last * Partition Tag Flags Sector Count Sector Mount Directory 0 2 00 0 7855920 7855919 /usr/local 1 3 01 7855920 524880 8380799 2 5 00 0 8380800 8380799 oasis:/home/dxy[4:16pm] Checking whether it's running in 32-bit mode or 64-bit mode 64-bit mode % isalist -v sparcv9+vis sparcv9 sparcv8plus+vis sparcv8plus sparcv8 sparcv8-fsmuld sparcv7 sparc % isainfo -v 64-bit sparcv9 applications 32-bit sparc applications 32-bit mode % isalist -v sparcv8plus+vis sparcv8plus sparcv8 sparcv8-fsmuld sparcv7 sparc % isainfo -v 32-bit sparc applications Verifying a route to a specified network # route -n get xxx.yyy.zzz.0 route to: xxx.yyy.zzz.0 destination: default mask: default gateway: xxx.yyy.aaa.254 interface: hme0 flags: recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 1500 0 # print the version of OBP % prtconf -V OBP 3.3.2 1996/06/28 08:43 % /usr/platform/`uname -i`/sbin/prtdiag -v | grep OBP OBP 3.11.1 1997/12/03 15:53 POST 3.11.4 1997/05/27 02:26 % {2} ok .version Release 3.23 Version 1 created 1999/07/16 12:08 OBP 3.23.1 1999/07/16 12:08 POST 2.0.2 1998/10/19 10:46 {2} ok print the version of Open Windows % showrev -w OpenWindows version: OpenWindows Version 3.6.1 25 January 1999 % To determine which monitor resolution is available % /usr/sbin/ffbconfig -res \? Valid values for -res option are: 1024x768x60 [1] 1024x768x70 [1] 1024x768x75 [1] [2] 1024x768x77 1024x800x84 1152x900x66 1152x900x76 1280x800x76 [1] [2] 1280x1024x60 [1] [2] 1280x1024x67 1280x1024x76 1280x1024x85 [1] [2] 960x680x112s 960x680x108s 640x480x60 [1] [2] 640x480x60i [1] 768x575x50i [1] 1440x900x76 [1] [2] 1600x1000x66 [1] [2] 1600x1000x76 [1] [2] 1600x1280x76 [1] [2] 1920x1080x72 [1] [2] 1920x1080x76 [1] [2] 1920x1200x70 [1] [2] 1920x1200x75 [1] [2] svga [1] 1152 1280 stereo vga [1] [2] ntsc [1] pal [1] none Notes: [1] monitor does not support this resolution. [2] this version of FFB (FFB1) does not support this resolution. % system configuration % sysdef Display the device list (and drivers attached to devices) % prtconf -D System Configuration: Sun Microsystems sun4u Memory size: 256 Megabytes System Peripherals (Software Nodes): SUNW,Ultra-1 packages terminal-emulator deblocker obp-tftp disk-label ufs-file-system chosen openprom client-services options, instance #0 (driver name: options) aliases memory virtual-memory counter-timer sbus, instance #0 (driver name: sbus) SUNW,CS4231 (driver name: audiocs) auxio flashprom SUNW,fdtwo, instance #0 (driver name: fd) eeprom (driver name: eeprom) zs, instance #0 (driver name: zs) zs, instance #1 (driver name: zs) sc SUNW,pll SUNW,fas, instance #0 (driver name: fas) sd (driver name: sd) st (driver name: st) sd, instance #0 (driver name: sd) sd, instance #1 (driver name: sd) sd, instance #2 (driver name: sd) sd, instance #3 (driver name: sd) sd, instance #4 (driver name: sd) sd, instance #5 (driver name: sd) sd, instance #6 (driver name: sd) sd, instance #7 (driver name: sd) sd, instance #8 (driver name: sd) sd, instance #9 (driver name: sd) sd, instance #10 (driver name: sd) sd, instance #11 (driver name: sd) sd, instance #12 (driver name: sd) sd, instance #13 (driver name: sd) sd, instance #14 (driver name: sd) SUNW,hme, instance #0 (driver name: hme) SUNW,bpp (driver name: bpp) SUNW,UltraSPARC SUNW,ffb, instance #0 (driver name: ffb) pseudo, instance #0 (driver name: pseudo) processor type, speed % psrinfo -v Status of processor 0 as of: 06/16/99 12:38:51 Processor has been on-line since 02/07/99 01:47:11. The sparcv9 processor operates at 200 MHz, and has a sparcv9 floating point processor. patch applied on the system % showrev -p exported file system on NFS server % showmount -e NFS_SERVER display current run level % who -r Find out a package which a file belongs to % pkgchk -l -p /usr/lib/sendmail Pathname: /usr/lib/sendmail Type: regular file Expected mode: 4555 Expected owner: root Expected group: bin Expected file size (bytes): 650720 Expected sum(1) of contents: 22626 Expected last modification: Apr 07 04:13:53 1999 Referenced by the following packages: SUNWsndmu Current status: installed % Examining gcc behavior % gcc -v -x c /dev/null Display the version of CDE % /usr/ccs/bin/what /usr/dt/bin/dtmail /usr/dt/bin/dtmail: CDE Version 1.3.4 CDEVersion1.3.4 Display the version of BIND % nslookup -class=chaos -q=txt version.bind ns0.optix.org Server: impulse.optix.org Address: 210.164.85.210 Aliases: 210.85.164.210.in-addr.arpa VERSION.BIND text = "8.2.2-P5" % dig @ns-tk021.ocn.ad.jp version.bind chaos txt ; <<>> DiG 8.2 <<>> @ns-tk021.ocn.ad.jp version.bind chaos txt ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; version.bind, type = TXT, class = CHAOS ;; ANSWER SECTION: VERSION.BIND. 0S CHAOS TXT "4.9.7-REL" ;; Total query time: 81 msec ;; FROM: velocity to SERVER: ns-tk021.ocn.ad.jp 203.139.160.103 ;; WHEN: Tue May 9 17:26:23 2000 ;; MSG SIZE sent: 30 rcvd: 64 % system configuration % /usr/platform/`uname -i`/sbin/prtdiag System Configuration: Sun Microsystems sun4u 8-slot Sun Enterprise 4000/5000 System clock frequency: 82 MHz Memory size: 512Mb ========================= CPUs ========================= Run Ecache CPU CPU Brd CPU Module MHz MB Impl. Mask --- --- ------- ----- ------ ------ ---- 0 0 0 248 2.0 US-II 1.1 0 1 1 248 2.0 US-II 1.1 2 4 0 248 2.0 US-II 1.1 2 5 1 248 2.0 US-II 1.1 ========================= Memory ========================= Intrlv. Intrlv. Brd Bank MB Status Condition Speed Factor With --- ----- ---- ------- ---------- ----- ------- ------- 0 0 256 Active OK 60ns 2-way A 2 0 256 Active OK 60ns 2-way A ========================= IO Cards ========================= Bus Freq Brd Type MHz Slot Name Model --- ---- ---- ---- -------------------------------- ---------------------- 1 SBus 25 3 SUNW,hme 1 SBus 25 3 SUNW,fas/sd (block) 1 SBus 25 13 SUNW,soc/SUNW,pln 501-2069 5 SBus 25 3 SUNW,hme 5 SBus 25 3 SUNW,fas/sd (block) 5 SBus 25 13 SUNW,soc/SUNW,pln 501-2069 Detached Boards =============== Slot State Type Info ---- --------- ------ ----------------------------------------- 3 disabled disk Disk 0: Target: 10 Disk 1: Target: 11 7 disabled disk Disk 0: Target: 14 Disk 1: Target: 15 No failures found in System =========================== No System Faults found ====================== % ################################# # sendmail mit masquerading bauen ################################# cd /usr/lib/mail/cf cp subsidiary.mc pago-sb4.mc vim pago-sb4.mc root@pago-sb4 /usr/lib/mail/cf> cat pago-sb4.mc divert(-1) # # Copyright (c) 1983 Eric P. Allman # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # Copyright (c) 1997-2000 # Sun Microsystems, Inc. All rights reserved. # # ident "@(#)subsidiary.mc 1.10 00/12/14 SMI" # # This is a configuration file for SunOS 5.8 (a.k.a. Solaris 8) and later # subsidiary machines. It has support for local and SMTP mail. The # SMART_HOST macro is enabled, which means that messages will be sent to # the SMART_HOST, which is set to mailhost.$m ($m is the local domain). # A short-cut rule is also defined, which says if the recipient host is # in the local domain, send to it directly instead of the smart host. # # Note: if you do not need a smart host; i.e., you are in an environment # where MX records are properly defined, then you should not be using # this subsidiary config file; use main instead. # # If you want to customize this further, copy it to a name appropriate # for your environment and do the modifications there. # divert(0)dnl VERSIONID(`@(#)subsidiary.mc 1.10 (Sun) 12/14/00') OSTYPE(`solaris8')dnl #DOMAIN(`solaris-generic')dnl define(`SMART_HOST', `mail.rz-intern.pago.de') MASQUERADE_AS(`pago.de')dnl MASQUERADE_DOMAIN(`pago.de')dnl FEATURE(`masquerade_envelope')dnl 19.06.2007asquerade_entire_domain')dnl MAILER(`local')dnl MAILER(`smtp')dnl LOCAL_NET_CONFIG R$* < @ $* .$m. > $* $#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3 root@pago-sb4 /usr/lib/mail/cf>/usr/ccs/bin/m4 ../m4/cf.m4 pago-sb4.mc >pago-sb4.cf root@pago-sb4 /usr/lib/mail/cf> ls -al pago-sb4.cf -rw-r--r-- 1 root other 39561 Oct 5 14:31 pago-sb4.cf ############ # solaris 10 ############ fcinfo hba-port -l HBA Port WWN: 2100001b3215d150 OS Device Name: /dev/cfg/c5 Manufacturer: QLogic Corp. Model: QLA2340 Firmware Version: 3.3.26 FCode/BIOS Version: fcode: 1.16; Type: N-port State: online Supported Speeds: 1Gb 2Gb Current Speed: 2Gb Node WWN: 2000001b3215d150 Link Error Statistics: Link Failure Count: 0 Loss of Sync Count: 1 Loss of Signal Count: 1 Primitive Seq Protocol Error Count: 0 Invalid Tx Word Count: 0 Invalid CRC Count: 0 HBA Port WWN: 210000e08b94ed89 OS Device Name: /dev/cfg/c4 Manufacturer: QLogic Corp. Model: QLA2340 Firmware Version: 3.3.26 FCode/BIOS Version: fcode: 1.16; Type: N-port State: online Supported Speeds: 1Gb 2Gb Current Speed: 2Gb Node WWN: 200000e08b94ed89 Link Error Statistics: Link Failure Count: 0 Loss of Sync Count: 1 Loss of Signal Count: 1 Primitive Seq Protocol Error Count: 0 Invalid Tx Word Count: 0 Invalid CRC Count: 0 Solaris Command Reference HD info(vendor, RPM, capacity) oasis:/home/tse/dxy[9:18pm] iostat -E sd0 Soft Errors: 0 Hard Errors: 3 Transport Errors: 0 Vendor: SEAGATE Product: ST34371W SUN4.2G Revision: 7462 Serial No: 9742K71685 RPM: 7200 Heads: 16 Size: 4.29GB <4292075520 bytes> Media Error: 0 Device Not Ready: 0 No Device: 3 Recoverable: 0 Illegal Request: 0 Predictive Failure Analysis: 0 sd1 Soft Errors: 0 Hard Errors: 3 Transport Errors: 0 Vendor: SEAGATE Product: ST32171W SUN2.1G Revision: 7462 Serial No: 9736T74649 RPM: 5400 Heads: 19 Size: 2.13GB <2127708160 bytes> Media Error: 0 Device Not Ready: 0 No Device: 3 Recoverable: 0 Illegal Request: 0 Predictive Failure Analysis: 0 sd6 Soft Errors: 0 Hard Errors: 3 Transport Errors: 0 Vendor: TOSHIBA Product: XM5701TASUN12XCD Revision: 0997 Serial No: 04/09/97 RPM: 0 Heads: 0 Size: 18446744073.71GB <-8589934591 bytes> Media Error: 0 Device Not Ready: 3 No Device: 0 Recoverable: 0 Illegal Request: 0 Predictive Failure Analysis: 0 Display the number of used and free i-nodes impulse:/home/dxy[4:07pm] df -F ufs -o i Filesystem iused ifree %iused Mounted on /dev/dsk/c0t3d0s0 38555 403045 9% / /dev/dsk/c0t1d0s0 160761 345607 32% /export/home /dev/md/dsk/d20 149826 1905214 7% /usr/local impulse:/home/dxy[4:07pm] /usr/ucb/df -i Filesystem iused ifree %iused Mounted on /dev/dsk/c0t3d0s0 38555 403045 9% / /dev/dsk/c0t1d0s0 160761 345607 32% /export/home /dev/md/dsk/d20 149826 1905214 7% /usr/local impulse:/home/dxy[4:07pm] Display processes with the highest CPU utilization velocity:/home/dxy[4:54pm] ps -eo pid,pcpu,args | sort +1n Display processes with the highest memory usage velocity:/home/dxy[4:54pm] ps -eo pid,vsz,args | sort +1n Printing disk geometry and partition info oasis:/home/dxy[4:16pm] prtvtoc /dev/rdsk/c0t0d0s0 * /dev/rdsk/c0t0d0s0 partition map * * Dimensions: * 512 bytes/sector * 135 sectors/track * 16 tracks/cylinder * 2160 sectors/cylinder * 3882 cylinders * 3880 accessible cylinders * * Flags: * 1: unmountable * 10: read-only * * First Sector Last * Partition Tag Flags Sector Count Sector Mount Directory 0 2 00 0 7855920 7855919 /usr/local 1 3 01 7855920 524880 8380799 2 5 00 0 8380800 8380799 oasis:/home/dxy[4:16pm] Checking whether it's running in 32-bit mode or 64-bit mode 64-bit mode % isalist -v sparcv9+vis sparcv9 sparcv8plus+vis sparcv8plus sparcv8 sparcv8-fsmuld sparcv7 sparc % isainfo -v 64-bit sparcv9 applications 32-bit sparc applications 32-bit mode % isalist -v sparcv8plus+vis sparcv8plus sparcv8 sparcv8-fsmuld sparcv7 sparc % isainfo -v 32-bit sparc applications Verifying a route to a specified network # route -n get xxx.yyy.zzz.0 route to: xxx.yyy.zzz.0 destination: default mask: default gateway: xxx.yyy.aaa.254 interface: hme0 flags: recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 1500 0 # print the version of OBP % prtconf -V OBP 3.3.2 1996/06/28 08:43 % /usr/platform/`uname -i`/sbin/prtdiag -v | grep OBP OBP 3.11.1 1997/12/03 15:53 POST 3.11.4 1997/05/27 02:26 % {2} ok .version Release 3.23 Version 1 created 1999/07/16 12:08 OBP 3.23.1 1999/07/16 12:08 POST 2.0.2 1998/10/19 10:46 {2} ok print the version of Open Windows % showrev -w OpenWindows version: OpenWindows Version 3.6.1 25 January 1999 % To determine which monitor resolution is available % /usr/sbin/ffbconfig -res \? Valid values for -res option are: 1024x768x60 [1] 1024x768x70 [1] 1024x768x75 [1] [2] 1024x768x77 1024x800x84 1152x900x66 1152x900x76 1280x800x76 [1] [2] 1280x1024x60 [1] [2] 1280x1024x67 1280x1024x76 1280x1024x85 [1] [2] 960x680x112s 960x680x108s 640x480x60 [1] [2] 640x480x60i [1] 768x575x50i [1] 1440x900x76 [1] [2] 1600x1000x66 [1] [2] 1600x1000x76 [1] [2] 1600x1280x76 [1] [2] 1920x1080x72 [1] [2] 1920x1080x76 [1] [2] 1920x1200x70 [1] [2] 1920x1200x75 [1] [2] svga [1] 1152 1280 stereo vga [1] [2] ntsc [1] pal [1] none Notes: [1] monitor does not support this resolution. [2] this version of FFB (FFB1) does not support this resolution. % system configuration % sysdef Display the device list (and drivers attached to devices) % prtconf -D System Configuration: Sun Microsystems sun4u Memory size: 256 Megabytes System Peripherals (Software Nodes): SUNW,Ultra-1 packages terminal-emulator deblocker obp-tftp disk-label ufs-file-system chosen openprom client-services options, instance #0 (driver name: options) aliases memory virtual-memory counter-timer sbus, instance #0 (driver name: sbus) SUNW,CS4231 (driver name: audiocs) auxio flashprom SUNW,fdtwo, instance #0 (driver name: fd) eeprom (driver name: eeprom) zs, instance #0 (driver name: zs) zs, instance #1 (driver name: zs) sc SUNW,pll SUNW,fas, instance #0 (driver name: fas) sd (driver name: sd) st (driver name: st) sd, instance #0 (driver name: sd) sd, instance #1 (driver name: sd) sd, instance #2 (driver name: sd) sd, instance #3 (driver name: sd) sd, instance #4 (driver name: sd) sd, instance #5 (driver name: sd) sd, instance #6 (driver name: sd) sd, instance #7 (driver name: sd) sd, instance #8 (driver name: sd) sd, instance #9 (driver name: sd) sd, instance #10 (driver name: sd) sd, instance #11 (driver name: sd) sd, instance #12 (driver name: sd) sd, instance #13 (driver name: sd) sd, instance #14 (driver name: sd) SUNW,hme, instance #0 (driver name: hme) SUNW,bpp (driver name: bpp) SUNW,UltraSPARC SUNW,ffb, instance #0 (driver name: ffb) pseudo, instance #0 (driver name: pseudo) processor type, speed % psrinfo -v Status of processor 0 as of: 06/16/99 12:38:51 Processor has been on-line since 02/07/99 01:47:11. The sparcv9 processor operates at 200 MHz, and has a sparcv9 floating point processor. patch applied on the system % showrev -p exported file system on NFS server % showmount -e NFS_SERVER display current run level % who -r Find out a package which a file belongs to % pkgchk -l -p /usr/lib/sendmail Pathname: /usr/lib/sendmail Type: regular file Expected mode: 4555 Expected owner: root Expected group: bin Expected file size (bytes): 650720 Expected sum(1) of contents: 22626 Expected last modification: Apr 07 04:13:53 1999 Referenced by the following packages: SUNWsndmu Current status: installed % Examining gcc behavior % gcc -v -x c /dev/null Display the version of CDE % /usr/ccs/bin/what /usr/dt/bin/dtmail /usr/dt/bin/dtmail: CDE Version 1.3.4 CDEVersion1.3.4 Display the version of BIND % nslookup -class=chaos -q=txt version.bind ns0.optix.org Server: impulse.optix.org Address: 210.164.85.210 Aliases: 210.85.164.210.in-addr.arpa VERSION.BIND text = "8.2.2-P5" % dig @ns-tk021.ocn.ad.jp version.bind chaos txt ; <<>> DiG 8.2 <<>> @ns-tk021.ocn.ad.jp version.bind chaos txt ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; version.bind, type = TXT, class = CHAOS ;; ANSWER SECTION: VERSION.BIND. 0S CHAOS TXT "4.9.7-REL" ;; Total query time: 81 msec ;; FROM: velocity to SERVER: ns-tk021.ocn.ad.jp 203.139.160.103 ;; WHEN: Tue May 9 17:26:23 2000 ;; MSG SIZE sent: 30 rcvd: 64 % system configuration % /usr/platform/`uname -i`/sbin/prtdiag System Configuration: Sun Microsystems sun4u 8-slot Sun Enterprise 4000/5000 System clock frequency: 82 MHz Memory size: 512Mb ========================= CPUs ========================= Run Ecache CPU CPU Brd CPU Module MHz MB Impl. Mask --- --- ------- ----- ------ ------ ---- 0 0 0 248 2.0 US-II 1.1 0 1 1 248 2.0 US-II 1.1 2 4 0 248 2.0 US-II 1.1 2 5 1 248 2.0 US-II 1.1 ========================= Memory ========================= Intrlv. Intrlv. Brd Bank MB Status Condition Speed Factor With --- ----- ---- ------- ---------- ----- ------- ------- 0 0 256 Active OK 60ns 2-way A 2 0 256 Active OK 60ns 2-way A ========================= IO Cards ========================= Bus Freq Brd Type MHz Slot Name Model --- ---- ---- ---- -------------------------------- ---------------------- 1 SBus 25 3 SUNW,hme 1 SBus 25 3 SUNW,fas/sd (block) 1 SBus 25 13 SUNW,soc/SUNW,pln 501-2069 5 SBus 25 3 SUNW,hme 5 SBus 25 3 SUNW,fas/sd (block) 5 SBus 25 13 SUNW,soc/SUNW,pln 501-2069 Detached Boards =============== Slot State Type Info ---- --------- ------ ----------------------------------------- 3 disabled disk Disk 0: Target: 10 Disk 1: Target: 11 7 disabled disk Disk 0: Target: 14 Disk 1: Target: 15 No failures found in System =========================== No System Faults found ====================== % ########## # Sun 5.10 ########## # managing services # start/stop/refresh root@kerp-tsa001 # svcs -a|grep ftp online Apr_08 svc:/network/ftp:default root@kerp-tsa001 # svcadm refresh svc:/network/ftp:default root@kerp-tsa001 # svcs -a|grep ftp online 17:23:11 svc:/network/ftp:default # changing daemons root@kerp-tsa001 # inetadm -l svc:/network/ftp:default SCOPE NAME=VALUE name="ftp" endpoint_type="stream" proto="tcp6" isrpc=FALSE wait=FALSE exec="/usr/sbin/in.ftpd -a" user="root" default bind_addr="" default bind_fail_max=-1 default bind_fail_interval=-1 default max_con_rate=-1 default max_copies=-1 default con_rate_offline=-1 default failrate_cnt=40 default failrate_interval=60 default inherit_env=TRUE default tcp_trace=FALSE default tcp_wrappers=FALSE ##################### # datapath on solaris ##################### devfsadm -i vpathdd vpathmkdev showvpath cfgvpath -r datapath query adapter datapath query device format # zpool zpool status zpool status -x zpool detach oracle c1t0d0s3 zpool online zpool online vpath1d zpool attach oracle vpath1d zpool destroy oracle zpool create -f -m /opt/oracle oracle-bin /dev/dsk/c1t0d0s3 zpool create -f -m /opt/tertio tertio-bin /dev/dsk/c0t0d0s4 zpool create -f -m /tertio-log tertio-log /dev/dsk/vpath1d zpool create -f -m /tsadev_oradata01 oracle-data /dev/dsk/vpath1A zpool create -f -m /tsadev_oradata01 oracle-data /dev/dsk/vpath1a zfs set recordsize=8k oracle-data zpool create -f -m /orabackup oracle-backup /dev/dsk/vpath1b ########################### # solaris ressource manager ########################### # ulimits oracle 4 GB projadd -U oracle -K "project.max-shm-memory=(priv,4096MB,deny)" user.oracle ############### # another howto ############### Sun Server reducing Transfer Rate issue with SCSI Attached Disk Drives issue and fix "Target x reducing transfer rate" Create a file /kernel/drv/fas.conf and add this line: scsi-options=0x78; To check current speed of a network card kstat -m ce -n ce0 |grep -i link_speed kstat -m eri -n eri0|grep -i ifspeed kstat -m qfe -n qfe0|grep -i ifspeed Running Solaris in 32 or 64 Bit mode Finding the running mode isainfo -v 64-bit sparcv9 applications 32-bit sparc applications Booting in 32 bit mode ok> boot kernel/unix eeprom boot-file=kernel/unix Booting in 64 bit mode OK>boot kernel/sparcv9/unix eeprom boot-file=kernel/sparcv9/unix reboot the system Edit /platform/platform-name/boot.conf uncomment line with the variable named ALLOW_64BIT_KERNEL_ON_UltraSPARC_1_CPU set to the value true . ALLOW_64BIT_KERNEL_ON_UltraSPARC_1_CPU=true reboot the system . If diag switch is set to true following needs to be set for 32 bit /usr/sbin/eeprom diag-file="kernel/unix" for 64 bit /usr/sbin/eeprom diag-file="kernel/sparcv9/unix" Checking the status of the tape drive mt -f /dev/rmt/0 status Backup file system using ufsdump ufsdump 0cvf /dev/rmt/0 /dev/rdsk/c0t0d0s0 or ufsdump 0cvf /dev/rmt/0 /usr To restore a dump with ufsrestore ufsrestore rvf /dev/rmt/0 ufsrestore in interactive mode allowing selection of individual files and directories. ufsrestore -i /dev/rmt/0 Making a copy of a disk slice using ufsdump ufsdump 0f - /dev/rdsk/c0t0d0s7 |(cd /mnt/backup ;ufsrestore xf -) Backup using cpio find . -depth -print | cpio -ovcB > /dev/rmt/0 Viewing cpio files on a tape cpio -ivtB < /dev/rmt/0 Restoring a cpio backup cpio -ivcB < /dev/rmt/0 Setting up ethernet card speed , duplex mode in Solaris ndd -set /dev/hme instance 0 (this makes the next commands apply to hme0) Getting the status of an Ethernet Card ndd -get /dev/hme link_status 0 = link up, 1 = link down ndd -get /dev/hme link_speed 0 = 10MBit, 1 = 100MBit ndd -get /dev/hme link_mode 0 = half duplex, 1 = full duplex ndd -get /dev/hme adv_autoneg_cap 0 = no autonegotiation, 1 = autoneg. enabled Setting the Ethernet Card ndd -set /dev/hme instance 0 ndd -set /dev/hme adv_autoneg_cap 1 to enable autonegotiation for hme0 Making the above changes Permanent edit the /etc/system file and add these parameters .The sequence number matters. set hme:hme_adv_autoneg_cap=0 set hme:hme_adv_100T4_cap=0 set hme:hme_adv_100fdx_cap=1 set hme:hme_adv_100hdx_cap=0 set hme:hme_adv_10fdx_cap=0 set hme:hme_adv_10hdx_cap=0 Very good Script from BigAdmin site to check speed settings /Documents/Ln_speed_check.sh Configuring and adding a CDROM Drive for OS install/Boot ok devalias cdrom - this will show you current path to internal CD. Use this to determine what new alias should look like. ok setenv auto-boot? false ok reset-all ok probe-scsi-all - find the path to the new cdrom - write it down & write target # as well ok show-disks - find the exact path you just wrote down and type that letter ok nvalias cdrom2 [Ctrl] + [y]@5,0:f If SCSI ID of the CD/DVD ROM is 5 and LUN is always 0 if SCSI id is 6 then u just need to add @6,0:f after disk and it will look like disk@6,0:f f is default boot partition for CDROM i.e. 6th Cannot open '/etc/path_to_inst' Problem The error indicates that the system can not find the /etc/path_to_install file. It is possible that the file may be really missing or corrupted and needs to be rebuild. To rebuild this file, boot the system with -ar option as follows: ok>boot -ar Press enter to select default values for the questions asked during booting and select yes to rebuild /etc/path_to_install The /etc/path_to_inst on your system does not exist or is empty. Do you want to rebuild this file [n]? y How to find out a particular file belongs to which package /usr/sbin/pkgchk -l -p /absolute/path/todir How to NFS mount a Remote File System on Solaris mount -F nfs zaphod:/software /software How to disable Autoboot from OS eeprom "auto-boot?"=false How to add or configure a tape library robot device in Solaris #vi /kernel/drv/sgen.conf and changed the following lines to these device-type-config-list="changer"; inquery-config-list= "*" "*"; if the SCSI id of the robot is 5 then, for STK L180/L700 name="sgen" class="scsi" target=5 lun=0 or for IBM 3584 then the scsi id will be same as 1st tape device of the Partirin by default but LUN will be 1 instead of 0 So the line will look like name="sgen" class="scsi" target=0 lun=1 and reboot with reboot -r then it will show you the path dmesg|grep -i sgen or run /usr/openv/volmgr/bin/sgscan How do you find the WWN for a Sun/Qlogic HBA? # prtpicl -v | grep wwn or # luxadm qlgc How to mount an ISO Image on Solaris lofiadm -a pathToIso mount -F hsfs -o ro /dev/lofi/1 mountPoint Solaris Patch Return Codes 0 No error 1 Usage error 2 Attempt to apply a patch that's already been applied 3 Effective UID is not root 4 Attempt to save original files failed 5 pkgadd failed 6 Patch is obsoleted 7 Invalid package directory 8 Attempting to patch a package that is not installed 9 Cannot access /usr/sbin/pkgadd (client problem) 10 Package validation errors 11 Error adding patch to root template 12 Patch script terminated due to signal 13 Symbolic link included in patch 14 NOT USED 15 The prepatch script had a return code other than 0. 16 The postpatch script had a return code other than 0. 17 Mismatch of the -d option between a previous patch install and the current one. 18 Not enough space in the file systems that are targets of the patch. 19 $SOFTINFO/INST_RELEASE file not found 20 A direct instance patch was required but not found 21 The required patches have not been installed on the manager 22 A progressive instance patch was required but not found 23 A restricted patch is already applied to the package 24 An incompatible patch is applied 25 A required patch is not applied 26 The user specified backout data can't be found 27 The relative directory supplied can't be found 28 A pkginfo file is corrupt or missing 29 Bad patch ID format 30 Dryrun failure(s) 31 Path given for -C option is invalid 32 Must be running Solaris 2.6 or greater 33 Bad formatted patch file or patch file not found 34 The appropriate kernel jumbo patch needs to be installed FSun Solaris Collection September 2008 Aufbau des Solaris Dateibaums / (root) contains critical system files (/kernel/genunix) /usr Unix System Resources: contains /usr/sbin (commands); /usr/lib (sys. libr. routines) /usr/lib/fs/autofs dfshares, mount, share, unshare, ... /usr/lib/fs/nfs umount, nfsfind, ... usr/platform/sun4u; usr/cde (files, that can be shared with other users) /opt unbundled and third-party software applications, Add-on Software (Netscape), Oracle /var Inhalt äert sich stäig /var/mail Postfäer /var/adm messages /dev logical device names for physical device drivers, block devices, wird bei Aufforderung neu erstellt /etc system admin files (passwd, hosts, vfstab,..), all config. files /etc/init.d Apache, devfsadm, syslog, volgmt, ... etc/path_to_inst (mit boot -a wird es neu geordnet, ebenso /dev/dsk u. /dev/rdsk) etc/system (mußvorhanden sein, auch wenn keine Einträ vorhanden sind) etc/vfstab (flasche Einträ verhindern ein normales booten) etc/default(init) (reads the inittab) etc/inittab (identifies the init default entries (run levels), executes any sysinit processes) (executes any process entries that have a 3 in the rstate field) (/sbin/rcS Mounts and checks root, usr, var, /var/adm) (/sbin/rc2 Starts standard system processes ) (/sbin/rc3 Starts NFs resource sharing) säliche rc* directories werden durchgegangen (was gestartet wird: S fürt, K fül) etc/inetd.conf (Netzwerkeinrichtungen) /export directories exported using NFS, root + SWAP Bereiche der Clients /export/home users' home directory /home used by NIS /devices vorhandene hardware /tmp dort Verstautes wird beim erneuten booten gelöt /sbin (/bin) binaries /proc laufende Prozesse, werden bei jedem Start neu erstellt (nicht kopierbar) /kernel (/usr/kernel) Wird beim booten geladen /kernel/genunix Acroread -> /opt/overhead/acroread ALOM Vorhanden auf: V215/V245/V445, V125, V210, V240, V250, V440. Netra 210, 240 & 440 >bootmode skipdiag (Maschine springt nach einem reset sofort ins OPB) Mit #. springt man vom OBP oder Solaris ins ALOM. Mit ~. verlä man den ALOM (bzw. das OBP/Solaris) Sc> setupsc (script zum konfigurieren) Mit crtl + d aus dem Alom oder einem Program des Aloms rausspringen Sc> console -f (forces other console user to exit) Alom Firmware upgrade: (EIS-CD: /sun/patch/LOM/ALOM) Alom Upgrade mußvon der Solarisoberfläe ausgefüerden (oder üie SUE-CD): #Mkdir images #cd images Place this file in the images directory: ALOM_1.6.6_fw_hw8.tar.gz Unpack the tar file: #gzcat ALOM_1.6.6_fw_hw8.tar.gz | tar xf - The following files will be created: README (this file) Legal/ (directory containing Licence, Entitlement and Third Party Readmes) copyright alomfw (firmware image file) Load the firmware image file alomfw into the System Controller hardware: # /usr/platform/'uname -i'/sbin/scadm download alomfw Approximately 120 seconds after the scadm utility completes, ALOM is available for use. Delete the tar file: # rm ALOM_1.6.6_fw_hw8.tar.gz Batterie Tausch Bei einer A1000: (>probe-scsi.-all (zeigt alle luns)) # raidutil -c c1t0d0 -B (check Battery age., zeigt auch die Menge der Luns) #raidutil -c c1t0d0 -w off 0,1.. (Cache fü Luns abschalten) Batterie tauschen, im laufenden Betrieb rausziehen und neue reinstecken. #raidutil -c c1t0d0 -w on 0,1,.. #raidutil -c c1t0d0 -R (Battery Age auf Null zurüzen) Befehle #grep showrev /var/sadm/install/contents (Einen Befehl suchen) # pgrep -f service (Use the pgrep command to verify whether the service has been stopped or started) Displaying System Informations: prtconf -V (Firmware Version) uname -rv (Operating System nr.) uname -a ((Systeminformation) uname -m (Kernel Architecture) uname -i (Hardware Platform) cat /proc/meminfo (memory usage) isainfo -b (Kernel Bit Rate (32 or 64)) man -k (alle files ,die word enthalten, suchen) iostat -xn 5 (zeigt Schreibvorgäe auf allen Platten alle 5 Sekunden an) iostat -xtc 5 more /etc/release zeigt Hardware Release showrev Hostname, hostID, release, kernel & appl. architecture, hardware provider, domain, kernel version psrinfo -V (cpu Information) hostid Id-number of host prstat (since Sol. 8, replaces top) df -k (Plattenbenutzung) du (disk usage) dfshares (was ist freigegeben) file /* (zeigt directories) dmesg (boot messages) hostinfo -t (Temperatur der CPU´s) who -r (runlevel ausgeben) who -a (wer ist eingelogged) who -T Wer ist eingelogged? logger (add entries to the system log) whodo -l (who is doing what) ps fu Anzeige eines Passworts eines Users ptree 12345 Anzeige der Unterprozesse eines Prozesses cfgadm Configuration Administration runsecfg quot (Platzbedarf von usern) crontab -l (Prozesse werden angezeigt) crontab -e (Prozesse editieren) rm -R (komplettes directoy entfernen), rm -rf (löt directory mit allen Unterverzeichnissen) rm -i asks for permission cp -r * /tmp (alles, in der Dir., in der man steht, wird in tmp kopiert) prtfru -x > /tmp/prtfru.out (Kopiert CPU Informationen in prtfru.out) truss (zeigt Probleme mit abnormal beendeten Prozessen an, die zu Ghostprozessen werden köen) truss-p PID (hät truss an einen momentan laufenden Prozess mit Hilfe des PID an) ls -al (alle Dateien und in Langformat) m (durch Komma getrennte Liste) ln (Name und Benutzer der jeweiligen UID/GID) lt (Sortierung nach letzter Äderung) ltu (Sortierung nach letzter Benutzung) R (Rekursives Anzeigen der Unterverzeichnisse) S (Sortierung nach Grö) X (Sortierung nach Dateiendung) reported to root) Der Pipe-Mechanismus cat dat1 dat2 dat3 dat4 > dat5; lp dat5 (oder: cat dat[1-4] | lp ) ps -ef | wc -l (Zahl der momentan laufenden Prozesse) ls -F /etc | grep / (Auflistung nur der Subdirs des Verzeichnisses /etc) cat /etc/inetd.conf |grep ftp | wc -l (Anzahl von ftp in inetd.conf) eeprom (zeigt und setzt OBP Parameters, Beispiel: eeprom boot-device=disk2) ok> .version (Firmware) ok> .asr (System Status) ok> .post (post results) ok> banner (Systemanzeige (Memo Füen letzten Befehl erneut aus !nummer Befehl mit Nummer aus History wird ausgefü!?zeichenfolge Befehl mit Zeichenfolge wird ausgefü Mit Befehlen arbeiten: touch (file (Datei) erstellen) man ls>test (kopiert man pages in test file) Get DATE from another unix box: rdate pluto Finden und kopieren: find ./ file-name | cpio -pdm /opt/sun find startverzeichnis -name dateiname -print (sucht nach dateiname) find /etc * -exec grep - | `xyz' {}\; (files in /etc suchen, in denen xyz steht) find / -name (nach datei ab root suchen) find . -name "dbmslogmnr.sql" -print (Datei in momentaner und unterliegenden Dirs finden) find ./ -name (sucht ab Verzeichnis und allen Unterverzeichnissen) Finding and removing old or inactive files: find /var/adm type f atime +60 -print /var/tmp/deadfiles & (deletes files in /var/tmp that have not been accesses for the last 60 days) # find . -size +10000c (Find file sizes >10000) # find . -exec grep -ls pkzip {} \; (Find command to find a word in the directory and sub directory) arp -a (auch: netstat -m) (findet IP Adressen, die doppelt belegt sind) set -o vi (vi Befehle in die Shell ühmen (vorher ksh starten)) PSI="'uname -n' #" ; export PSI (Name vor den Gartenzaun setzen) stty erase ^H (backspace Probleme eliminieren) fsck -m (prüb ein file check nö ist) shutdown -i0 -g30 -y (init 0 mit 30 Sekunden Wartezeit, ohne irgendwelche Abfragen) Text Scan more,page browse through a text file view view a file without changing it using the vi visual editor head display first few lines of specified files tail display the last part of a file od octal, decimal, hex, or ascii dump a file wc count and report the lines, words, and characters in a file or files cmp compare two files diff,diff3 show differences between the contents of files or directories diff -r / /a compares / with /a and all subdirectories sdiff side-by-side difference program Filters lwf,enscript,mp convert plain text to postscript sort sort and/or merge files grep,egrep,fgrep search for a pattern in a file spell,spellin,spel find spelling errors out look find lines iadm Replace a failed or removed disk Let the vxdiskadm command guide you through the process. You do not need to physically replace the drive again if it prompts you to do so, because it has already been replaced. 7. Verify in volume manager that the failed mirrors are beingresynchronized, or that they were previously reconstructed by the vxrelocd command: # vxprint -g grpname # vxtask list 8. Remove any submirrors (plexes) that might "look wrong" (mirrored in the same array because of hot relocation, and remirror correctly: # vxunreloc repaired-diskname Creating a Global nfs File System Perform the following steps on Node 1 to create and mount a demonstration file system on the rootdg disk group volume: 1. On Node 1, create a file system on nfsvol in the rootdg disk group. # newfs /dev/vx/rdsk/rootdg/nfsvol 2. On all nodes, create a global mount point for the new file system. # mkdir /global/nfs On all nodes, add a mount entry in the /etc/vfstab file for the new file system with the global and logging mount options. /dev/vx/dsk/rootdg/nfsvol /dev/vx/rdsk/rootdg/nfsvol \ /global/nfs ufs 2 yes global,logging 3. On Node 1, mount the /global/nfs file system. # mount /global/nfs Nafo Groups (Network failover interfaces) Cluster patchen: uname -a (kontrolle) scstat (kontrolle) scshutdown -y -g 0 ok> boot -sx patchadd -M patch-dir patch-id (dir of patch and patch-number (Apply the patch on one node at a time)) patchadd -p | grep patch-id (Test) scstat, df -k, less /var/adm/messages Reboot Cluster patchen mit einem Non-Cluster Patch: scswitch -S -h node (alle Resourcen werden auf die andere Node geswitched) shutdown -y -g0 -i0 boot -sx patchadd -M patch-dir patch-id reboot patchadd -p | grep patch-id (verify) scswitch -z -h node -D \ devgrp1[,devgrp2,... ] (switch back) Clusterswitch: scstat -g (welche resourcen mügeswitched werden?) scswitch -z -g iDTAK -h dtcux037 (es wird auf die dtcux037 umgeschaltet - dauert bis zu einer Minute) (auf der anderen Node kann dies nachverfolgt werden: tail -f /var/adm/messages) scswitch -e -j -rs uDTAK (falls einzelne Resourcen nicht mitgeswitched wurden) Disks aus beiden Clusternodes entfernen: cfgadm -la | grep fc-faa File System (hsfs) are supported. The Sun Cluster software makes a file system global with a global mount option. This is normally in the /etc/vfstab file but can be put on the command line of a standard mount command: # mount -o global,logging /dev/vx/dsk/nfs-dg/vol-01 /global/nfs The equivalent mount entry in the /etc/vfstab file is: /dev/vx/dsk/nfs-dg/vol-01 /dev/vx/rdsk/nfs-dg/vol-01 /global/nfs ufs 2 yes global,logging The global file system works on the same principle as the global device feature. That is, only one node at a time is the primary and actually talks to the underlying file system. All other nodes use normal file semantics but actually communicate with the primary over the cluster transport. The primary for a global file system built on a global device is always the same as the primary for the global device. Quorum Votes and Quorum Devices The cluster membership subsystem of the Sun Cluster 3.1 software framework operates on a "voting system": Each node is assigned exactly one vote. Certain disks can be identified as "quorum devices" and are assigned votes. There must be majority (more than 50 percent of all possible votes present) to form a cluster or remain in the cluster. Why Have Quorum Voting at All? Given the rules present in the bullet items listed in the previous section, it is clear by looking at a simple two-node cluster why you would need extra quorum disk votes. If a two-node cluster had only "node votes," then you would need to have both nodes booted to run the cluster. This would defeat one of the major goals of the cluster, which is to be able to survive node failure. But why have quorum voting at all? If there were no quorum rules, you could happily run as many nodes in the cluster as were able to boot at any point in time. However, the quorum vote and quorum devices solve two major problems: Failure fencing Amnesia prevention These are two distinct problems and it is actually quite clever that they are solved by the same quorum mechanism in the Sun Cluster 3.x software. Quorum Device Rules The general rules for quorum devices are: A quorum device must be available to both nodes in a two-node cluster. Quorum device informatiois shut down. 4. You try to boot Node 2 to form a new cluster. In this simple scenario, the problem is that is you boot Node 2 at the end; it does not have the "correct" copy of the cluster configuration (CCR). But, if it were allowed to boot, it would have to use the copy it has (as there is no other copy available) and you would "lose" the changes to the cluster configuration made in Step 2. The Sun Cluster software quorum involves persistent reservations that prevent Node 2 from booting into the cluster. It is not able to count the quorum device as a vote. It will, therefore, wait until the other node boots to achieve the correct number of quorum votes. Configuring the Network Time Protocol Perform the following steps on all nodes to complete the NTP configuration: 1. On all nodes, edit the /etc/inet/ntp.conf.cluster file and remove configuration entries for node instances that are not configured. In a two-node cluster, you should remove the following lines: peer clusternode3-priv peer clusternode4-priv .. peer clusternode16-priv 2. On all nodes, type the scstat -q command. You should see three quorum votes present and a quorum device. 3. On all nodes, type the scdidadm -L command. Each shared (dual-ported) DID device should show a logical path from each cluster node. 4. On either node, type the scconf -p command. The cluster status, node names, transport configuration, and quorum device information should be complete. Configuring Host Name Resolution Perform the following step on all nodes to ensure local host name resolution: On all nodes edit the /etc/nsswitch.conf file, and make sure local files are consulted before a naming service when trying to resolve host names. The following are correct entries for an environment using NIS (YP): hosts: cluster files nis netmasks: cluster files nis Do not add nis if you are not using it. Creating a Global web File System Perform the following steps on Node 2 to create and mount a demonstration file system on the webdg disk group volume: 1. On Node 2, create a file system on webvol in the webdg disk group. # newfs /dev/vx/rdsk/webdg/webvol 2. On all nodes, create a global mount point for the new file system. # mkdir /gldump: Stop A, sync, boot Core dump in /var/crash/ # dumpadm (shows parameters) Crontab /usr/bin/crontab (Programm) /etc/cron.d (Daemon) # crontab -l | grep explo (zeigt Einträ) Daemons Configuration files neu einlesen: /etc/init.d/inetsvc stop (start) /etc/inet.d/syslog stop (start) tail -f /var/adm/daemons (test) Datensicherung Mit ufsdump slice(c1t0d0s0 von host01) üas Netz auf ein anderes System (admin01)unter backup1(file) sichern Mit Hilfe von nfs: admin01# vi /etc/dfs/dfstab (share -F nfs /var/tmp (share anlegen, es sollte genug Platz vorhanden sein)) admin01# shareall host01# mount -F nfs 192.10.10.100:/var/tmp /mnt host01# ufsdump 0cf /mnt/backup1 /dev/rdsk/c1t0d0s0 (das file backup1 wird von ufsdump angelegt) Üer IP-Adresse des admin01: admin01# vi .rhosts (host01 (hostname (nicht die IP) des anderen Rechners hier eintragen)) host01# ufsdump 0cf 192.10.10.100:/backup1 /dev/rdsk/c1t0d0s0 (hierbei mußein file backup1 existieren) Hardware: 0 (rmt/0) entspricht SCSI ID 4 1 entspricht SCSI ID 5 Software Settings: (in /dev/rmt/) l low density, m medium density, h high density, c/u compressed ultra density, n no rewind, keine Angabe max. Schreibdichte Various Backup Commands: ufsdump Backup files to tapes fssnap Creates a snapshot of directories/slices for use by ufsdump ufsrestore restores fs from tapes pax, tar, cpio transports files to another system dd copies files or file systems (and book blocks) between disks TAR Nur füinere Datenmengen geeignet: c create, -x extract, -t table of contents, -f wohin die Sicherung geht tar -cvf Creates and stores the files in this archive tar -xpvf Extracts the files from the archive tar -tf | less hows the contents of an archive tar -zxf compresses and Extracts the files tar -M -cvf /dev/fd0h1440 Creates a Multi-Volume-Archive (for floppy discs) tar -M -xpvf /dev/fd0h1440 extracts a Multi-Volume-Archive #tar -cvf /dev/rmt/0 /etc/default (sichert /etc/default auf Band 0) #tar tv (zeigt die tar-Dateien auf dem Magnetband ) #tar cvf /dev/diskette /usr2 (sichert /urestore> verbose ufsrestore> extract (Specify next volume >1) ufsrestore> quit Andere Beispiele: #ufsdump 0uf /dev/rmt/0 /usr (/usr Partition wird auf Band gesichert) (in /etc/dumpdates wird eine Gesamtsicherung eines Dateisystems protokoliert) #cat /etc/dumpdates #ufsrestore -i #ufsrestore > ls (zeigt den Inhalt der Sicherungsdatei an) #ufsrestore > what (gibt Infos zur vorliegenden Sicherung aus) #ufsrestore -ivf /dev/rmt/0hn #ufsrestore xvf /dev/rmt/0 restoriert files sowohl den Inhalt von directories #ufsrestore rf pluto:/dev/rmt/0 restoriert alles vom Band Beispiele #uncompress xxx.tar.Z ( diesen file type auspacken) dann: #tar xxx.tar #unzip xxx.zip (gezipptes file wird in eine xxx directory kopiert und entpackt) #gzcat xxx.z (gleiches, nur unter gzcat Bedinungen) gzip can only compress one file, so you'll have to archive the files with tar and then gzip them. #gzcat xxx.tar.zip | tar xvf - (unzip und tar in einer Zeile ausfü CPIO veräert nicht das Erzeugungsdatum oder sonstige Eigenschaften Alle Dateien im aktuellen Verzeichnis werden auf Band kopiert: #find . -print |cpio -ocvd > dev/rmt/0m Anschauen: #cpio -ivt < /dev/rmt/0m Beispiel: (etc/default Dateien im kurs-archiv speichern) #cd /etc/default #ls / cpio -o > /tmp/kurs-archive/ #cpio -it < /tmp/kurs-archiv/ (anschauen) Daten des Verzeichnisses, in dem man steht, werden auf Diskette kopiert: #cpio -ocvdumB > /dev/diskette (Daten in /usr/restore/ kopieren:) #mkdir /usr/restore/ #cd /usr/restore/ #cpio -iv < /tmp/kurs-archiv/ Copying directories between file systems: #cd /data #find - -print -depth|cpio -pdm /data2 (check: ls /data2 ) #rm -rf /data1 How to list files on a tape: #cpio -civt /dev/rmt/0 How to copy all files from a tape: #cpio -civd < /dev/rmt/0 #at 19:15 (Zeitbedingte Kopie) at> tar -cvf /dev/rmt/0 /home/body (dann: CTRL + d) #at -l Alte Platte auf neue Platte kopieren: (c1t0d0s2 auf c1t1d0s2) #dd if=c1t0d0s2 of=c1t1d0s2 bs=128k (funktioniert nicht bei defekten Platten) #dd if=/tmp/kopie of=/dev/diskette (Kopie wird auf Diskette üagen) Copy a master disk (cdann dasselbe mit den anderen slices, ausser SWAP und Backup (s2)) Zum Schluss den Bootblock auf der neuen Platte kreieren , wenn es eine (alternative) Bootplatte sein soll: # /mnt/usr/bin/installboot /mnt/usr/platform/sun4u/lib/fs/ufs/bootblk /dev/rdsk/c0t2d0s0 (sol7) Sicherung üNetz (host sichert slice auf Servers Backupsystem): Auf dem Server:.rhosts auf root anlegen (rw r r) (der die IP 192.168.100.10 hat) (.rhosts ist nö, da ufsdump üNetz auf rlogin zugreift und dieses die Einträ benöt) hostname des hosts und login name eintragen: ( z.B.) eshoes root #ufsdump 0cfu 192.168.100.10:/dev/rmt/0 /test (auf eshoes) Zurüelen: #ufsrestore rf 192.168.100.10:/dev/rmt/0 (auf eshoes) Solstice Backup 6.1 /usr/sbin/nsr/nsradmin (cli-tool) #/kernel/drv/st.conf (Quantum DLT8000 ... eintragen) (boot -r) #/usr/sbin/nsr/nsrjb -HE (jukebox resetten) #mt -f /dev/rmt/0cbn status (test) /etc/LGTOuscsi/inquire (zeigt alle scsi Laufwerke) #od -xv c /dev/rmt/0cb (read back tape contents) 40 Tapes labeln: # ./nsrjb -v -L -b Default -S 1-40 Inventory: # ./nsrjb -v -I ls -l /dev/rmt/?obn (zeigt Pfade aller Tape LW mit obn Endung an) Rewinding a Stuck DLT 7000 tape: | <--- | | o | | Bottom view | ----´ | Diagnostic Tools Clock -T (cpu test) /opt/SUNWvts/bin/sunvts (umfangreiches Testprogramm; findet man auf der Easy Access Server CD (Products) oder auf der Software Supplement CD (pkgadd -d .)) Logs files von sunvts sind in: /var/opt/SUNWvts/logs zu finden. Log files werden dort immer von vts abgespeichert, wenn man keinen anderen Pfad angibt. /cd /cdrom/cdrom0/SMCC pkgadd -d . -s /usr/packages SUNWvts (ebenso: SUNWTSdocs + 64bit Version) psrinfo (cpu activity) /usr/platform/sun4u/sbin/prtdiag -v |more (-l (sends output to /var/adm) /var/adm/messages (auch: tail 20 messages (zeigt die letzten 20 Zeilen)) /usr/bin/showrev -p (revision information for current hardware and software, patches) psradm (ab 2sted is right at the top, so using the head command helps: /usr/ucb/ps-aux | head-10" You might like to put the whole command as an alisas, something like "cpuload", in your .cshrc file (in your home directory) to save you from typing this long command time and again. Adding this line to your .cshrc will do it: alias cpuload"/usr/ucb/ps-aux | head-10" Display Externer Monitor als grafische Konsole verwenden (display variable setzen): telnet 127.10.10.1 DISPLAY=127.0.0.1:0.0 (oder: DISPLAY=hostname:0.0) (das 0.0 mit env (bzw. setenv) rausfinden) export DISPLAY xhost + (auf eigenem Rechner zwecks Zugriffsrechte ausfü admintool (auf fremdem Rechner mit telnet ausfü OBP output auf terminal (z.B. WYSE) (normal: keyboard, screen): ok> setenv input-device ttya (serial port a) ok> output-device ttya pci-graphic-config: /usr/sbin/m64config GFXconfig crashdumps sichern und verschicken: cd /var/crash/rechnername tar cvf datei datei.tar compress datei.tar uuencode datei.tar.Z dateiname>dateiname.uu cat dateiname.uu |mailx -s xxx@xxx.com LCD-Monitore einstellen: # m64config -depth 24 res 1152x900x66 Um grafische Oberfläe aufzurufen: #openwin (oder: #xwin32 oder: # dtlogin) Textausgabe der Fenstergröanpassen: /usr/openwin/resize kdmconfig (füstellungen) Bildschirmumleitung: Umleitung von anderem Rechner auf den gewäigen: #xhost Einloggen mit telnet: #setenv DISPLAY :0 #netscape & (oder anderes grafisches Programm starten) Display umleiten Display von Maschine B auf Maschine A umleiten. Rechner A #> xhost + (/usr/openwin/bin) Rechner A #>telnet Rechner B login(evtl. Su - fütrechte) Rechner B #> csh Rechner B #> setenv DISPLAY=100.101.102.103:0.0 (IP von Rechner A) oder Rechner B #> set DISPLAY= 100.101.102.103:0.0 (IP von Rechner A) Rechner B #> export DISPLAY Grafische Oberfläe starten und stoppen: Login Manager (CDE) automatisches starten /usr/dt/bin/dtconfig -e automatisches stoppen, CDE wird beim Neuboot nicht geladen: dtc> --- Prints a file #lpstat -t (zeigt status an) #lp /etc/passwd (druckt passwd auf def. Drucker) #lp -d lpjet /etc/shadow (Ausdruck auf anderen Drucker) #lpq display spool queue entries #lpr -Pps007 'ls~' gibt die Namen aller Dateien im aktuellen Verzeichnis auf den Drucker ps007 aus. #lprm remove jobs from the line printer spooling queue #prtconf Display Printer Configuration #/etc/init.d/lp stop (Drucken stoppen) How to print from a Solaris 2 system to a SunOS4.x (or any other BSD) system The easiest way would be using the GUI-based Admintool which has a Printer Manager that is supposed to be able to do all this and more. Here's a very quick guide-see the man pages for each of these commands for the details. Let's say your Solaris2 workstation is called "sol" and the 4.1.x server is called "bertha" and you want the printer name to be "printer" (imaginative, eh?). sol# lpsystem -t bsd bertha # says bertha is a bsd system sol# lpadmin -p printer -s bertha -T unknown -I any # creates "printer" on "sol" to be printed on "bertha" Finally, if that's your only printer, make it the default: sol# lpadmin -d printer On some systems you may have to turn on the port monitor. How to print to a non-Postscript/non-ascii printer The cheapest way to do this is using a printer setup based on Ghostscript. When installing Ghostscript, make sure that it supports your printer and make sure that you include support for your specific printer in Ghostscript. Then go to "Setting up a GS printer under Solaris", and follow the instructions there. (http://cfauvcs5.harvard.edu/SetGSprinter4Solaris.html) How to print to a networked printer Starting with Solaris 2.6, there's a new lp "model" script, "netstandard". This script allows you to print to remote BSD type printers as well as over raw TCP/IP connections. It's used like this: # Raw TCP lpadmin -p -m netstandard -o protocol=tcp -o dest=host:port -v /dev/null # BSD lpadmin -p -m netstandard -oog nach Reboots durchsuchen: #more install_log | grep Reboot |wc -l Sollte ein Reboot nö sein, das /tmp/10 Verzeichnis woanders hin legen (/var/tmp/10), denn beim reboot wird der Inhalt von /tmp gelöt. Vor dem erneuten Install_all_patches install_log löen, da sonst die neuen Informationen nur angehät werden. Alle Patches füaris 10 auf Maschine kopieren Beispiel: cd /eis-cd/sun/patch/ cp -r 10 /tmp cd tmp bzip2 -d 10_Recommmended.tar.gzip2 tar -xf 10_Recommended.tar (bei console kein v verwenden, daßdauert zu lange) init 1 cd /tmp/10_Recommended ./install_cluster (ein reboot und erneutes ./install_cluster kann nö sein. Man wird dazu aufgefordert) Log File: /var/sadm/install_data/_log # grep -c "reconfigure reboot" * (mußdie Maschine gebootet (-r) und nocheinmal ./install_cluster ausgefüerden?) Use '/usr/bin/showrev -p' to verify installed patch-ids. Errors (Error-Messages in /var/adm/messages und /var/log/syslog) Probleme mit backspace und erase: stty erase ^H (backspace Probleme eliminieren, oder wäend des löen CTRL gedrüalten) fsck -m (prüb ein file check nö ist) #vi .xinitrc (fün: xmodmap -e "keysym BackSpace = Delete") oder: #stty erase ^H (in .chrc einfüstty erase "^H") Um läere, häig benutzte Commandos zu vereinfachen: (z.b. du -k)# vi .cshrc (fün "alias du du -k") Falsches Terminal: # TERM=vt100 # export TERM (nur export zeigt Zustand der Variablen) sendmail-error beseitigen: vi /etc/hosts -> IP name name.domain.de (z.B.: 194.245.1.1 (IP bereits vorgegeben) sun www.sun123.com) oder: 192.168.124.100 U1 loghost sun.de ) vi Anzeige nicht richtig sh und ksh # TERM = vt100 # export TERM csh--- # setenv TERM = vt100 Mit boot -a wird neues pathtoinst file erstellt (vorher altes pathtoinst umbenennen) (file * - zeigt, was fü file type es ist) "INIT: failed write of utmpx entry" When the system shuts down, init updates /var/adm/utmp to refect that fact. If /var is mounted separatedly, /var will be unmounted before init can write to systems or CD-Roms Filesystem Superblock äern ! Feststellen welche Superblö verfüsind: # newfs -Nv /dev/dsk/... Anzeigen der Superblö #fsck -F ufs -o b=32 [Superblock ] /dev/rdsk/... Firmware / Flashprom Patching Sun UE 2 Flash Prom Update Neueste Version auf der Gold CD unter: # cd /cdrom/cdrom0/sun/patch/flashprom # cp 104169-8.tar.gz /tmp (oder:109926-04) # cd /tmp # gzcat 104169-8.tar.gz > 104169-8.tar # cd 104169 # cp flash*latest / # chmod 755 /flash-update* # halt >ok Ausschalten und den Jumper J2003 von 1-2 auf 2-3 stecken. Der Jumper befindet sich unter der sbus Karte. Einschalten ok boot disk /flash-update-Ultra2-latest Folgende Beantwortungen: Standalone Flash Prom Update.............continue This untility allows........... continue Firmware Release (s) .......... sa Firmware Release (s)........... cont The Flash programming process is about to begin... cont Resetting.... Neueste Firmware ist zu üü.B. mit prtdiag -v Jumper 2003 ist wieder auf 1-2 zu setzen FTP #vi /etc/ftpd/ftpusers (wenn man einfach mit root auf die andere Maschine zugreifen möe, dort in dieser Datei das root rauslöen, mehr mußnicht gemacht werden, da ein ftp-Dän immer lät) #ps -waux | grep ftp (zeigt, ob ftp aktiv ist) help Gibt eine Liste mit ftp Kommandos aus. open [hostname] Stellt eine Verbindung zu dem angegebenen Rechner her. close Eine aufgebaute Verbingung wird beendet. quit,bye Beendet das ftp Programm. cd Wechselt auf dem Zielrechner in das angegebene Verzeichnis. lcd Wechselt auf dem lokalen Rechner in das angegebene Verzeichnis. ls,dir Zeigt den Inhalt des entfernten Verzeichnisses an. mkdir,rmdir Hiermit kön Verzeichnisse auf dem entfernten Rechner angelegt oder gelöt werden. ascii Die zu üagende Datei hat das Format einer Textdatei. bin Die zu üagende Datei hat Binäormat, d.h. Programm oder Datendatei in einem speziellen Format. get [Datei] Die angegebene Datei wird vom entfernten Rechner auf den lokalen Rechner ins aktuelle Verzeichnis kopiert. mget [Datei*ftp-server aufzusetzen muss folgendes in der /etc/passwd und im /etc/shadow file angepaß werden: In der /etc/password ftp:x:30000:30000:Anonymous FTP:/export/ftp:/nosuchshell In der /etc/shadow ftp:NP:6445:::::: #chmod 777 ftp* #./ftp.setup /etc/hosts.allow ftpd, telnetd: ALL:(finger @%h|mail -s "ftp, bzw telnet von %h" root) >ftp und telnet ist allen erlaubt, aber es wird mitportokoliert, woher die Anfrge kommt: /etc/hosts.deny All:All (niemand hat unerlaubten Zugang zum Rechner) Anderes Beispiel: #vi /etc/hosts.allow (in.proftpd: 10.225.16.24) (Erlaubt üroftp und der Ip-Adresse eine Verbindung) #cat /etc/inetd.conf | grep proftp (ist proftp freigeschaltet?) HD Disk Information df -k df -F nfs (oder: ufs, tmpfs) zeigt mounted remote(local, temporary) file systeme iostat -E shows HD´s with serial numbers iostat -xn 5 (shows write activities every 5 seconds) drvconfig von CDROM (ab Solaris 8: devfsadm) devlinks und disks Einträ erzeugen nach boot cdrom: boot cdrom mkdir /tmp/a mount /dev/dsk/c0t0d0s0 /tmp/a drvconfig -r /tmp/a devlinks -r /tmp/a anstatt devlinks geht auch disks -r /tmp/a um Platten einzubinden. ufsdump Solaris 2.x Backup auf Tape: # ufsdump 0f /dev/rmt/0 /dev/dsk/c0t3d0s0 Backup auf andere HD: # ufsdump -f0 - / | (cd / ; ufsrestore -rf -) zielverzeichnis muss gemountet sein und ein Filesystem haben. (newfs ...) remote ufs # ufsdump 0f match: /dev/rmt/0 / # ufsrestore -rvf match: /dev/rmt/0 rsh match mt -f /dev/rmt/0 # ufsrestore if : /dev/rmt/1 Kontrolle, ob Daten da sind Neue Platte einbauen und einrichten: ok> probe-scsi-all (schauen) ok> boot -rv (wenn Fehlermeldung mit bad-magic-label, ignorieren) format (nr., p , p, ...,m , q) newfs -m -i 8192 -c 64 /dev/rdsk/c0t0d0s0 (dann 1,6,..) mkdir /Verzeichnis vi /etc/vfstab (automount einrichten) mount /dev/dsk/c0t0d0s0 (dann 1,6,..) /Verzeichnis (entsprechendes) Displaying a disk´s volume table # prtvtoc /dev/rdsk/c0t3d0s0 Defektes Filesystem: ok> boot cdrom -sw fsck /dev/rdsk/c0t1d0s0 mount /dev/dsk/c0tc/net/ticots/hosts /etc/net/ticotsord/hosts sendmail-error beseitigen: vi /etc/hosts -> IP name name.domain.de (z.B.: 194.245.1.1 (IP bereits vorgegeben) sun sun123. loghost Ebenso in: /etc/inet/ipnodes How do I get my Sun to request a specific hostname from a DHCP server? You can't. If your DHCP server can be configured to assign a hostname, then you can get it to do that, and the Solaris machine will accept it. I personally configure my DHCP server to assign names (but not IP addresses) based on hardware addresses for my Sun clients. If your DHCP server can't assign names (like many broadband gateways currently on the market), then you'll have to change the default "unknown" hostname to something more palatable. There's no configuration file to do this. You actually have to modify the startup scripts. In Solaris 8, change /etc/init.d/inetsvc, line 168, and /etc/init.d/network, line 298, to use whatever hostname you desire. You could also write a little configuration file àa the /etc/default files and use that to configure the hostname in the startup scripts instead of re-hardcoding it. If someone does that, feel free to send me a patch and I'll post it. Hitachi Alle Hardware- und Software-Installationen sind in Dokumenten von Hitachi ausfühst beschrieben. Fü Techniker ist vor allem die 07rep.pdf Datei wichtig. Dort sind alle Teile beschrieben, die man tauschen kann. Zum Verbinden normales Ethernet-Kabel verwenden. Die 9985/90 hat zwar kein eigenes Laptop mehr, aber dennoch ein Diskettenlaufwerk und CD-Rom. Bei Register-Abfrage irgendwelche Daten eingeben (z.B. sun1, oder einfach die "History" aktivieren) SVP kann mit einem reboot-svp.dat Icon neu gebootet werden. Dauert 2-3 Minuten. Mit Remote-Desktop kann man sich dann auf die 9985/90 einloggen. Es mußnur die IP-Adresse und Netmask angepasst werden. Service IP: 126.21.151.15 (IP von der 9990) (oder: 126.118.20.15, (9985V Testgerä 126.214.226.15)) Laptop: 126.255.255.13 Netmask:255.0.0.0 Login: Administrator Passwd: raid-login Sollte der Kunde die IP-Adresse nily Call auslö (Tranfer Type -> Daily -> Tranfer Now), dann unter General (Reiter) -> Cite Manager Log öen und Daten beobachten. Hitachi Battery Tausch (einfach bei 9970 und grö): >Modify Mode 9980/90 -> Maintenance - >DKC (bei 9970 - Maintenance - Controller - Cluster1 (2)) Erst ->Cluster 1, dann ->Cluster 2, dort jeweils Battery anklicken und ->replace (Procedure folgen) Am Schluß >Install -> Setting Battery life -> Set -> ok SIMs completen ILOM (z.B. T52x0, Doku: Huron - T52x0) Login: root (password: changeme) start /SP/console (springt auf die Solaris-Oberfläe, zurüt #.) cd /SP/network set pendingipaddress=1.1.1.1 (Bei falschen Eingaben werden die Werte nicht gespeichert, z.b. eine Gatewayip aus einem anderen Segment) set commitpending=true (speichert alle Werte) Ist die Ethernet IP einmal gesetzt, kann man dann Testweise üin Crossover-Kabel sich mit dem Laptop verbinden und üttps://1.1.1.1 auf eine grafische Oberfläe umsteigen. Sollte ein Raid verwendet werden, dies zuerst aktivieren, dann Solaris installieren (Raidutil -c). Dafü CD booten. set /HOST/bootmode script="setenv auto-boot? false" inetd Daemon füeiüagung, Fernwartung, Zeitabfrage The Internet deamon provides services for many network protocols including the telnet protocol and FTP. inetd only sends messages at the deamon facility and notice message level. The -t option is used as an argument to inetd to enable TCP tracing. Tracing must be enabled for syslog messaging. You must edit /etc/init.d/inetsvc and add the -t option (/usr/sbin/inetd -s -t &) The inetd process is than restarted. Telnet is controlled by the deamon facility entry in the /etc/syslog.conf file. Inodes An inode contains all the information about a file except its name, which is kept in a directory. An inode is 128 bytes. The inode is kept in the cylinder information block. Internet Linux on the Internet: #route add gw IP (from Router over Gateway) #vi resolv.conf (nameserver IP (from Router) (look into /etc/nsswitch.conf for DNS entries under hosts) IPM broadcast + group ipmp1 up Other example: 1. Put all logical interfaces (IP Adresses) into /etc/hosts and /etc/inet/ipnodes 2. Add you network to the /etc/netmasks file. Note: Don't forget to add the netmask for the test-addresses. 3. Modify the /etc/hostname.ce0 file.This file should contain the hostname of your box. Change it to: [IP- address] + netmask + broadcast group [IPMP-group] up 4. Plumb the second interface ifconfig ce1 plumb 5. Add a testaddress to your primary NIC. Add to /etc/hostname.ce0 "addif 192.168.50.2 + netmask + broadcast + deprecated -failover up" 6. Configure your second interface with a testaddress: Add to /etc/hostname.ce1 "192.168.50.3 netmask + broadcast + deprecated group [IPMP-group]\ -failover standby up" Note: If you want to use your second interface for additional logical interfaces, don't use the "standby" option. 7. Reboot your box Ich gehe bei diesem HowTo davon aus, dass bisher nur ein Interface (eine IP- Adresse) auf ce0 und ce1 gar nicht konfiguriert wurde. Fuer die Testadressen zum Ueberpruefen des Links kann man private, nicht routbare IP Adressen verwenden. In diesem Beispiel verwende ich dazu 192.168.50.2 und 192.168.50.3 mit Netmask 255.255.255.0 ACHTUNG!: Viele professionelle Switches bieten die Moeglichkeit, private Adressen auszusperren. Durch eine solche Konfiguration hatte ich einmal den Fall, dass die beiden Testadressen nicht miteinander kommunizieren konnten und das Failover so nicht funktionierte. Hinweis: Der Name der IPMP- Gruppe ist frei waehlbar. Er muss nur fuer alle Mitglieder der Gruppe gleich sein. 1. Alle logischen Interfaces (IP Adressen) in /etc/hosts und /etc/inet/ipnodes eintragen 2. Das Netzwerk in /etc/netmasks eintragen Hinweis: Auch das Netzwerk der Testadressen (in diesem Fall 192.168.50.0) eintragen. 3. /etc/hostname.ce0 anpassen Im Moment sollte diese Datei den hostnamen der Maschine beinhalten. Aendern auf: [IP- address] + netmask + broadcast group [IPMP-group] up 4. Das zweite Interface plumben (aktivieren)ifconfig ce1 plumb 5. Zur ersten Netzwerkkarte eine Testadrs.server zuletzt wieder starten) #/usr/lib/nfs/nfsd #rpcinfo -p Auf der zu installierenden Maschine: ok> boot net - install ok> local-mac Flar archive nicht gefunden: IP von Jumpstart Server üüError: Diff. Ethernet number found in the local ethers file -> vi /etc/hosts (auf Master und Slave) #more /etc/dfs/dfstab (Eintrag vorhanden?) share stoppen und starten: unshareall, shareall Üerprüetc/nsswitch.conf Beispiel fü großs Netz: Zuerst ein Flar-archiv von einem anderen Server (dns7) mit gleicher Konfiguration anlegen. #flarcreate -n "dns8.prd" -c -R / /var/tmp/dns8.flar Archiv auf Jet Master und Slave in /opt/SP/jet/export/archives/v210/ kopieren. Als naechstes die IP-Adressen von den zu installieren Systemen raussuchen, ebenso die MAC-Adressen (Banner), die DNS-Aufloesung des Netzes (prd.it1.sp.vodafone.com) -> auf der DNS7 /etc/resolv.conf #ssh ssh1 #ssh jetm1.prd #sudo su - Das Template wird auf dem Master erzeugt. Bei Bedarf, vorhandenes Template mit IPMP suchen und dann daraus das dns8.prd neu kreieren. #cd /opt/jet/Template #make_template -T web1.prdit dns8.prd beim 2ten Versuch: #make_template -f -T web1.prdit dns8.prd Nun den Master (und - am Schluß- den Slave) fü Installation vorbereiten: Auf dem Jetm1.prd: #vi /opt/jet/Templates/dns8.prd (folgendes üfen: Master und Slave IP, Client MAC Adresse, erste IP von der Ethernet Card, netmask, default route, ntp-server, flash-archive-location, dns domain, dns nameserver, dns search path, ?) base_config_ClientEther=0:3:ba:c4:86:fd .... base_config_sysidcfg_nameservice=NONE base_config_sysidcfg_network_interface=PRIMARY base_config_sysidcfg_ip_address=85.205.200.24 (IP Adresse des zu installierenden Systems) base_config_sysidcfg_netmask=255.255.255.240 (Netmask des zu install. Systems) base_config_sysidcfg_root_password=TIVGF1BnKCgfM base_config_sysidcfg_system_locale=en_US.ISO8859-15 base_config_sysidcfg_timeserver= base_config_sysidcfg_timezone="MET" base_config_sysidcfg_terminal=vt100 base_config_sysidcfg_security_policy=NONE base_config_sysidcfg_p05.200.27/opt/SP/jet/export/install/pkgs" (IP der auf dem Jetm1 konfiguerierten Adresse) base_config_patchdir="nfs://85.205.200.27/opt/SP/jet/export/install/patches" (Ip auf dem Jetm1 konfig Adresse) ... flash_archive_locations="nfs://85.205.200.27/opt/SP/jet/export/archives/v210/dns8.prd.flar" (IP auf dem Jet1 ...) ... flash_skip_recommended_patches="yes" ... alom_product_version="1.5" ... alom_users="admin:cuar:sun123 test:cuar:begin123" ... sds_product_version="default" ... sds_database_locations="c0t0d0s7:3 c0t1d0s7:3" ... sds_database_partition="c0t0d0s7:100 c0t1d0s7:100" ... sds_root_mirror="c0t1d0" sds_use_fmthard="yes" ... sds_root_mirror_devalias_name="rootmirror" ... sds_device_numbers="/:d0:d1:d2 swap:d10:d11:d12 /var:d30:d31:d32 /opt/SP:d40:d41:d42 /var/SP:d50:d51:d52 /var/crash:d60:d61:d62" ... custom_files="sysedge_4.2pl1_sol.pkg:o:/var/tmp/sysedge_4.2pl1_sol.pkg sysedge_agent_install.sh:o:/var/tmp/ sysedge_agent_install.sh ovo_agent_install.sh:o:/var/tmp/ovo_agent_install.sh admin:o:/var/tmp/admin sysedge_ resp_file:o:/var/tmp/sysedge_resp_file automAgent_25.tar:o:/var/tmp/automAgent_25.tar passwd:a:/etc/passwd shadow:a:/etc/shadow shadow:a:/etc/shadow.orig group:a:/etc/group cst_copy:o:/opt/sun/bin/cst_copy" ... custom_files_1="crontab_root:o:/var/spool/cron/crontabs/root" custom_files_n="" ... #make_client dns8.prd (beim zweiten Mal der Ausfuehrung mit -F) Auf dem Slave: #ssh ssh1.prd #ssh ssh3 #ssh user@jets3.prd #cd /opt/jet/etc #vi server_interfaces 85.205.200.0 255.255.255.240 85.205.200.4 85.205.200.64 255.255.255.192 85.205.200.126 85.205.203.192 255.255.255.224 85.205.203.219 85.205.200.36 255.255.255.224 85.205.200.27 # vi masters (ip des jetm3) 85.205.144.38 secret #vi /etc/nsswitch.conf hosts: files dns #more bootparams (nur ueberpruefen) Wieder auf dem Master (jetm1.prd) Viruelle NetzIP erstellen, damit die Rechner ueber das 200er Netz kommunizieren. #ifconfig bge506:000 85.205.200.27 netmask 255.255.255.240 broadcast + up (Vlanid:0 (interface bge0)) Test auf default gateway: #ping 85.205"erc2 255.255.255.0 erc2 85.205.181.70" ?. base_config_ipmp_networkifs="bg0_bge3" base_config_ipmp_networkif_bge0_bge3="erc1_group s 85.205.216.149 85.205.216.154 24 erc2 85.205.181.70" .... flash_archive_locations="nfs//85.205.181.251/opt/SP/jet/export/archives/v210/erc1.prd.flar" ... #make_client erc2.prdes (beim zweiten Mal der Ausfuehrung mit -F) Kernel /kernel/drv/st.conf (bestimmte devices kön hier im laufendem Betrieb neu aktiviert werden) man st (zeigt Möchkeiten) Soll ein Tapedrive neu eingebunden werden: Schau in st.conf nach : modinfo st (scsi) modunload -i 99 (device mit der Id 99 wird aus dem Kernel rausgeworfen) modload st (Tapedrive driver wird neu installiert) mt -f /dev/mt/Onbc stat (status anzeigen lassen) Link anlegen #ln -s /etc/init.d/smb /etc/rc2.d/S20smb (das Script smb wird dann beim Booten als Startscript ausgefü Loghost Fehlermeldung: loghost could not be resolved vi /etc/inet/hosts (change to: IP loghost kill -HUP syslogd (man inetd.conf) login - Vorgang # telnet 10.0.0.10 # setenv TERM=vt100 # tset -Q (TERM resetten) # stty rows 40 (um Textlinienanzahl zu erhö - bei dump-terminals manchmal nö) Lom setup network showsc -v showboards -p version (oder: proms) flashupdate -f rtos scapp resetsc Luns Sichtbar machen: #more /kernel/drv/sd.conf #lad (zeigt die LUNS) #drvconfig; disks #format (prü#df -k (anzeigen) Luxadm Luxadm -e port (welches Gerähat welche Verbindung?) Luxadm fcode -p (zeigt die Fiberchannel devices) Luxadm -e dump_map /device/pci?/.. (zeigt detailiete Infos üas Device mit den doppelten Pfaden) Luxadm probe -e (alle physikalischen Pfade) MAIL Um Explorer-Output fürschicken per email vorzubereiten: uuencode explo....tar.gz (nochmal denselben Namen) >dateiname mailx (zeigt gespeicherte e-mails) >d (löen) >q (quit) mailx user@IP (oder hostnamen) (mail senden) >Text schreiben >. (beenden) Netstat -r (zeigt Routing Tabelle) -ra (ausfüher) -i (Status der Netzwerkkarte nach einer Benutzung) Send mail with login nameen (bei degraded volume) mußein Recover auf dem Volume (recover degraded disks) durchgefüerden. Controller Tausch Sind zwei Controller vorhanden, kann einer im laufenden Betrieb getauscht werden. Keine Maßahmen sind nö. Nachher Battery Age zurüzen (Sccli> show battery-status -u) Bei einem Controller File-Systeme unmounten, Maschine ausschalten (Netzteile auschalten), Controller tauschen, Maschine wieder einschalten. Man kann auch den Controller, den man tauschen möe, manuell failen: sccli> fail primary (oder: secondary) Batterietausch (3310 / 3510): Batterien sind auf dem Com- und Netzcontroller, beide Steckkarten kön ohne Konfigurationen gezogen werden und neue Karten gesteckt werden)) (sccli) show battery-status -u (reset der dates) (Befehl gibt es auf den alten Firmwares nicht) Soll eine Batterie und eine Festplatte getauscht werden, erst die Batterie tauschen, da man sonst den Sync der HD abwarten muß Sun StorEdge 3310 SCSI Array Controller Replacement 1.) Link fü-File (Sun StorEdge 3310 SCSI Array Controller Module Replacement Guide) http://docs.sun.com/app/docs/doc/819-2181-14?l=en 2.) Firmware fü0 Ist nicht mehr auf der EIS-DVD vorhanden ! Dowload http://sunsolve.sun.com - FW 3.25W -> 113722-09 (Downgrading 3.66 nach 3.25) - FW 4.21E -> 113722-17 (letzte FW fü0 !) 3.) Vor dem Austausch von Single-Controller und Volumes mit VXVM VXVM Konfiguration sichern vxdisk list > vxdisk-list-output vxprint -htg > vxprint-output 4.) Austausch Single-Controller nach Sun StorEdge 3310 SCSI Array Controller Module Replacement Guide - Single-Controller FW updaten - LUNS mappen (From the Main Menu, select view and edit Host luns.) Nach dem Austausch vom Single-Controller hat sich der Diskname füM bei meinem Einsatz geäert ! 5.) Wiederherstellen von VXVM-Diskname NEW-DISK-NAME ist der Diskname von VXVM vor dem Austausch vom Single-Controller ! vxedit -g rename Firmwareupdate: Sccli:> show frus Sccli:> show ses-devices (Rev.) Sccli:unt /dev/dsk/c0t0d0s0 / Making a cdrom available as a cached /docs directory # mount -F cachefs -o backfstype=hsfs,cachedir=/local/mycache,ro backpath= /cdrom/cdrom_name /cdrom/cdrom_name /docs Damaged or Missing Password ok> boot cdrom -s #mount /dev/dsk/c0t0d0s0 /a (oder: /mnt) (#mount /dev/dsk/c0d0p0:c /a (bei einem Intel PC) #cd /a #set TERM=vt100 #export TERM #vi /etc/shadow (bestimmte Einträ löen, Password ist nie deutlich sichtbar, durch Zeichen erkennbar) #reboot The virtual File System Table (/etc/vfstab) vfstab lists all the disk slices and file systems available to the system. It specifies the mount point and options for each file system. Only use the tab key to separate between entries. device device mount FS fsck mount mount to mount to fsck point type pass at boot options (block device) (raw device (default (special (- not checked) (yes, mount) (see the (resource name) or no device) directory) field ) (0 on nfs, and) (/ and /usr, no) mount-file- (1,2,.. on ufs, checked) system-type manual ) /dev/dsk/c1t0d0s3 /dev/rdsk/c1t0d0s3 /usr ufs 1 no - /dev/dsk/c0t3d0s7 /dev/rdsk/c0t3d0s7 /files1 ufs 2 yes - oak:/export/home - /usr/man nfs - yes ro,bg,soft /devdsk/c0t6d0s5 - /hsfiles hsfs - no ro /dev/diskette - /pcfiles pcfs - no rw einstein:/export/home/epcs - /export/epcs nfs - yes dg,intr Zugriff auf Cdrom üNetz ermöchen: In dem /etc/rmmount.conf kann man das CDROM automatisch sharen. am Ende eintragen : action cdrom share cdrom * -o ro anon=0 Per Hand: share -F nfs -o ro,anon=0 /cdrom/cdrom0 (muss auf dem Rechner mit der Cdrom ausgefüerden) Zeigt exportierte Directories vom entfernten Rechner-Namen: #showmount -e #showmount -a Mozilla Mozilla lä sich nicht mehr starten: #cd .mozilla (vom User) #cd default/09u4c7m2.slt/ #rm lock MPXIO (wird eingeschaltet, wenn mehrere Controller im System anzeige) ok> show-devs (devices anschauen) Cli: In /etc/path_to_inst kann man sich den Namen der neuen Karte anschauen. more /etc/services (zeigt, was am Netz lät) wall -a (gibt textfile auf anderen Rechnern aus) rup (zeigt alle Sunrechner am Netz) ping -s IP-Nr. (Broadcast) arp -a | pg (zeigt IP-Adressen vom eigenen und anderen Rechnern (Tabelle con hosts (Net to Media table))) rarp (Reverse address resolution protocol) rusers (sending boadcast) rcp (remote copy) dfshares (was ist freigegeben) unshare (nimmt die Freigabe von Directories (Resourcen) zurühare -o rw=system1 /usr/dist (Rechner system1 erhä read-write Zugriffsrechte auf das Directory /usr/dist) who -a (wer ist eingelogged) finger (wer ist seit wann eingelogged) nslookup (linux?) ndd (füzwerkkarten und Einstellungen) last (most recent entries first) snoop -d hme0 (Netzwerktraffic) ifconfig -a (eigene Konfigurationen der Netzwerkkarte) .rhosts (Freigabe von usern auf dem System) whodo (zeigt users) netstat -rn (Netzwerkstatistik) netstat -i gibt die Input- Output Statistik von allen aktiven Interfaces aus mit test net auf der OBP Ebene kann nach internen und externen Üertragungsfehlern gefandet werden mit spay -l (z.B. spray -l 1000 -c 10000 mars) kann eine Netzlast erzeugt werden. wall (gleichzeitiges Verschicken von Nachrichten an alle Angemeldeten) write (Nachricht an einen aktiven Benutzer schicken) mesg -n verhindert, dass Benutzer write benutzen (mesg -y erlaubt es) talk (verbessertes write Kommando, mit zweiteiligem Bildschirm) news (in /var/news kön Dateien abgelegt werden) Netzwerkdienste rlogin (braucht host.equiv) -> trusted domains (Rechner müsich kennen (IP mußin /etc/hosts vorhanden sein, keine Passwd-abfrage darf erfolgen)) portscan Communications telnet user interface to the TELNET protocol for logging on to a network host rlogin remote login access to other netchseln: #ndd -set /dev/ce interne 2 #ndd get /dev/ce adv-1000dbx_cap 0 Link test: #kstat -p | grep -I link-up Netzwerkkarte nach CD-ROM boot aktivieren: Platte ist neu eingerichtet, formatiert und bootfäg gemacht worden. Allerdings sind keine Daten auf der Platte. Üer das Netz soll ein Backup eingespielt werden. #mount /dev/dsk/c0t0d0s0 /a #cd /a/etc #vi hostname.hme0 (IP Adresse des Rechners hier eintragen) # ifconfig hme0 plumb # ifconfig hme0 192.168.1.1 255.255.255.0 192.168.1.49 up (Beispiel) (oder): #ifconfig hme0 192.168.86.32 netmask 255.255.255.240 up # route add default 192.128.2.27 # netstat -r (mit ping Netzverbindung testen) Äderung der IP-Adresse und host Namen #sys-unconfig (löt alle Einträ, die beim nästen booten wieder abgefragt werden) per Hand: /etc/hosts the main file to change IP adresses and host names /etc/hostname.e0 (or hme0) Update, if the IP changed /etc/defaultdomain Set the default NIS domain name, if any, if it changed /etc/defaultrouter Set the default router´s IP address, if it changed /etc/nsswitch.conf Update, if your name resolution method/order changed /etc/nodename Update, if the hostname changed /etc/resolv.conf Update, if your name servers/domain changed (DNS only) /etc/inet/hosts Make sure your IP Address is updated or added here /etc/inet/ipnodes Ipv6 version of hosts file /etc/inet/netmasks Set your network number & netmask, if it changed /etc/inet/networks Set your network name, if it changed /etc/net/ticlts/hosts For the streams-level loopback interface (and: etc/net/ticots/hosts) Um Äderungen zu üü# find /etc -type f -print/xargs grep 'hostname' Zugriffsrechte von anderen Rechnern ermöchen: in /etc/default/login folgende Zeile auskommentieren (mit #): console=/dev/console Cdrom üNetz von anderen Rechnern mitbenutzen: share -F nfs -o ro,anon=0 /cdrom/cdrom0 (auf dem Cdrom Rechner mit IP 192.168.124.100) mount 192.168.124.100 /cdrom/cdrom0 /mnt (auf den anderen Rechnern, die Cdrom nutzen wollen) Share the file systems listed in the /etc/dfs/dfstab File /etc/rc2.d/S72inetsvc noch einmal die Netzmaske und die Broadcastadresse gesetzt, die jetzt auch von einem Nameservice stammen köen. Netzwerkkarte im single user mode nach außn öen: S69inet start S72inetsvc start Networking Files /etc/nodename hat Relevanz bei Maschine mit mehreren Interfaces /etc/host.equiv d.h. das sich der Benutzer otto vom Rechner buche auf meiner Maschine ohne Password anmelden kann ! /etc/.rhost adäat zu host.equiv Der rlogin und rshell Mechanismus kann durch Auskommentieren der Zeile rlogin auth sufficient ..... in /etc/pam.conf abgeschaltet werden. Dann ist Angabe eines Passwords nö. /etc/ftpusers hier stehen all user drin, die kein ftp zu meiner Maschine machen dü! Netzwerk - Startup beim Booten Zunäst werden beim Singleuserstartup im file /etc/rcS.d/S30rootusr.sh alle Interfaces konfiguriert, fü ein File /etc/hostname. existiert. Sie enthalten normalerweise den Hostnamen, der die IP-Adresse fü entsprechende Interface referenziert. Die Netzmaske wird mit + auf den Default bzw. auf den Wert aus /etc/netmasks gesetzt, die Broadcast-Adresse mit + entsprechend. Beim Startup zum Multiuser werden im File /etc/rc2.d/S72inetsvc noch einmal die Netzmaske und die Broadcastadresse gesetzt, die jetzt auch von einem Nameservice stammen köen. What is /etc/nsswitch.conf? An idea whose time has come (it came to Ultrix a few years ago). You can control which of the "resolver" services are read from NIS (formerly YP), which from NIS+, which from the files in /etc, and which are from DNS (only "hosts" can come from DNS). A common example would be: hosts: nis files which means ask NIS for host info and, if it's not found, try the local machine's host table as a fallback. Advice: if you're not using NIS or DNS, SunInstall probably put the right version in. If you are, ensure that hosts and passwd come from the network. However, many of the other services seldom if ever change. When was that last time you added a line in /etc/protocols? If your workstation has a locas cdrom2 /pci@f,4000/scsi@3,1/disk@6,0:f (externes CD-ROM anschliessen) oder: nvalias test /sbus/espdma@?/sd@3,0 dann: setenv boot-device test Im CLI mode: # ls -la /dev/dsk/c0t2d0s0 (zeigt echten Pfad zur Platte) nvstore (kopiert den Inhalt des temporän Buffers des NVRAM und löt diesen) nvunalias test (um es wieder rügig zu machen, sieht man erst nach reset-all) setenv boot-device disk reset-all printenv (zeigt System Parameter an) probe-scsi-all (zeigt alles angeschlossenen SCSI-devices) boot net:dhcp boot :speed=100,duplex=full (OPB Net Speed Äderung) .version (Firmware) .asr (System Status) .post (post results) show-post-results (zeigt Hardware Resultate nach einem extended Post (diag-level = max)) banner (Systemanzeige (Memory, CPU's,hostinfos)) watch-net-all) (Üerprüdes Netzwerkes) test-net (testet Netzwerkkarte) show-sbus .enet-addr (displays ethernet address) .speed (displays CPU and bus speeds) show-tapes (displays the physical device path for tape controllers) Bootvorgang auf Drucker ausgeben: setenv output-device ttya setenv input-device keyboard (9800,8,n,1) setenv output-device screen (rüzen auf Monitorausgabe, ebenso: input-device keyboard) boot -a (erstellt neues path_to_inst, vorher altes (in /etc) löen. Oder umbenennen) boot -v (zeigt alle boot Vorgäe) Auf der cli-Ebene Environment-Variablen äern: # eeprom auto-boot\?\=false Oracle #su - oracle #export ORACLE_sio=arbit #scrmgt #connect internal #startup #shutdown immediate #select * from ? (Suche nach einem Element in einer Datenbank, um es auf "unlocked" zu setzen) #lsnrctl reload (als oracle user, wenn nach einem HW-Fehler die Datenbank nicht mehr erreichbar ist) Pfade # vi .profile-EIS (hinter "PATH=${PATH}:/usr/platform/`uname -i`/sbin" hinzufübei einer EIS_Installation)) (man page-Pfade hinter "MANPATH=${MANPATH}:/usr/share/man" einfü # export PATH=$PATH:/opt/SUNvtsbin (Pfade setzen (geht nach logout verloren (löt nicht vorhandenen Pfad)) #more /etc/default/loglot #6 /pci@4,2000/@1 PCI Slot #7 /pci@4,4000/@4 PCI Slot #8 /pci@4,4000/@3 PCI Slot #9 /pci@4,4000/@2 PCI Slot #10 /pci@1f,4000/@4 Internal CDROM /pci@1f,4000/scsi@2/sd@6,0 External SCSI Port /pci@1f,4000/scsi@2/ Internal 4 disk backplane /pc1@1f,4000/scsi@3 Serengeti 3800 Boot Platte ssm@0,0/pci@1e,700000/pci@1/SUNW,ispwo@4/sd@0,0 SunBlade 1000 Boot Platte /pci@8,600000/SUNW,qlc@4 CD-ROM /pci@8,700000/scsi@6 880 interne Platten /pci@8,600000,qlc@2 Cdrom + Tape /pci@8,700000, ok> prtconf -vp Name zs@ serieller port fas fast/wide scsi contr. le@ 10/100Mbit@hme0 hme fast Ethernet es@ on board scsi isp differential scsi contr. sd@3,0 scsidisk@t3,offset0 SCSI Driver glm ultra wide scsi contr. (68 pins) sbus@1f,0 sbus@adress1f,offset0 scsi small computer serial interface fas@3,0 fast, wide scsi contr. sf socal Fiber Channel Arbitrated Loop (FCAL) st@ Tape soc Sparc Storage Array Contr. nf@ fddi socal serial optical contr. for FCAL qlgs@ qlogic scsi contr. ses qlc Fiber Channel Adapter Dr. ce0 ce0 SwiftKarten (gigabit) glc SCSI Controller Driver pci@ p? controller interface eri0 ssd@ FC-AL Disk Driver fd Floppy Diskette Driver st@ scsi tape contr. sunpm Power Management Framework Driver sf@ fiber channel contr. us_drv CPU Power Management Driver esp@ schppm Schizo Power Management Framwork Dr. sd@ disk Pkgadd und Patches showrev -p |grep 111222 (zeigt Zustand des Patches 111222) pkginfo -x 111222 (zeigt Versionsnummer des Packetes 111222) pkginfo -l SUNWbash Auf der Sunsolve CD: patchinstall (installiert alle notwendigen Patches).Sollte Veritas vorhanden sein, sicherheitshalber vxdctl disable ausfü Beim reboot aktiviert sich Veritas wieder von selber. Beachte: Beim umkopieren werden Schreib-Leserechte veräert! Patchstand abfragen (von xauth): #which xauth #cd /var/sadm/install #more contents Packen & Entpacken File mit der Endung {file}.tar.Z.uu auspacken # uudecode {file}.tar.Z.uu # uncompress{file}.tar.Z #ozesses) #ps -x (Prozesse, die stäig laufen) -ef (full listing) #ps -elf (zeigt alles) -aux | grep smbd (zeigt, ob Samba lät) #kill -9 xxxx (beendet xxxx, ohne abfrage) How to grow a UFS filesystem You can grow but not shrink a UFS filesystem if you manage to increase the size of the partition it lives in, with the following command: #usr/lib/fs/ufs/mkfs -G -M /current/mount /dev/rdsk/cXtYdZsA newsize Specifying the current mount point and raw device as well as the new size in 512 byte blocks. You can do this even when the filesystem is mounted and in use. .profile (PATH mit vi in .profile setzen, z.B.:) PATH=/usr/opt/SUNWesm/sbin:$PATH (in .dtprofile letzte Zeile Auskommentierung wegtun: export ...) RAID mit SRC/P (x6605A) (Hardware RAID controller in einer E450) cd /cdrom/hwraid_2_0/Solaris_7/Packages (mitgelieferte CD) pkgadd -d . (am besten alle auswäen) init 0 (oder: shutdown -i 0 -g 0 -y) boot -rv pkginfo | grep SUNWhwrd (sind alle patches da?) modinfo |grep dpti20 (erfolgreiche Installation?) /opt/SUNWhwrdg/dptmgr (graphisches Tool, um die Platten unter die Kontrolle des Controllers zu stellen. Relativ einfach zu benutzen, da nur wenige Optionen) format (disk mit DPT-RAID-5.... auswäen. Falls nicht vorhanden, graphisches Tool nocheinmal aufrufen und schauen, was vergessen wurde). (entsprechende Partition(en) anlegen) newfs -f 2048 /dev/rdsk/c4t1d0s6 (kann lange dauern, da eine Partition mehrere Platten umfasst) mkdir mount /dev/dsk/c4t1d0s6 / df -k (mountpoints anschauen) vi /etc/vfstab (mountpoints eintragen) (telefonische Hilfe kann man auch unter: 089/46008-2171 kriegen, doch müsich die SUN Techniker dort selber ersteinmal in die Software einarbeiten) Raid Manager 6 /usr/lib/osa/bin/rm6 #lad (zeigt die LUNS) Raidctl Bei einer T5220 vorhanden. Raidctl -c c1t0d0 c1t1d0 (spiegelt zwei Platten, c1t1d0 verschwindet dann aus dem Format, auf der Root-Platte gehen alle Daten verloren) Raidctl -l c1t0d0 (zeigt Status an) Remote Login: find and remove all .rhosts files (to disallynonym default, der Typ kann unterdrüerden, als Metrix wät man normalerweise 1. #route add default [gateway] 1 Eintragen von statischen Routen beim Booten Sollen default Router eingetragen werden, so ist die Datei /etc/defaultrouter zu erstellen. Diese Datei enthä die Namen sälicher default Router. Um zusäliche statische Routen beim Booten zu definieren, kön die entsprechenden route add Kommandos direkt in das File /etc/rc2.d/S69inet eingetragen werden. Dynamische Einträ Prozesse fuer dynamisches Routing werden standardmäig im Runlevel 2 im Skript /etc/rc2.d/S69inet gestartet. Routersysteme starten im Gegensatz zu den Hostsystemen diese Prozesse aktive. Als Router zäen dabei Systeme, die mehr als ein pysikalisches Interface haben und damit die Funktionalitäeines Gateways ühmen kön. Sollen dynamische Routen eingetragen werden so ist die Datei /etc/gateways zu erstellen. Die Datei /etc/gateways wird vom Daemon in.routed ausgewertet. Der Aufbau der Datei ist in den Manpages des Daemon nachzulesen. Existiert die Datei /etc/defaultrouter oder /etc/notrouter wird die Datei /etc/gateways nicht mehr ausgewertet, d.h. der Routing Daemen in.routed wird nicht gestartet. SUN als Router einrichten: (etc/norouter darf nicht vorhanden sein, ebenso defaultrauter) (IP Adresse auf dem Interface konfigurieren, nach reboot prüob route-deamon lät:) # ps -efa | grep in.r RSC Eine neue RSC-Karte mußimmer zuerst üolaris konfiguriert werden (usr/platform/sun4u/sbin/sc-config) Dort wird auch dann ein Flashupdate durchgefüMit Crossover-Kabel kann man sich dann auf den Net-Management-Port mit Telnet einloggen. Passwort wird auch beim sc-config gesetzt. run-levels /sbin/rc1 runs the /etc/rc1.d scripts to perform the following tasks: stops system deamons and services, terminates all running processes, unmounts all file systems, brings the system to single user level /sbin/rc2 mounts all file systems, enables disk quotas (if neccessary), saves temporary editor files in /usr, preserves directories, removes any files in /tm" hinzufübei einer EIS_Installation)) ("/opt/samba/man" hinter "MANPATH=${MANPATH}:/usr/share/man" einfü #groupadd users # useradd -c wolf -m -g users -p samba wolf #smbpasswd -a wolf (Passwort: samba) # mkdir /share # chmod u+rwx,g+rx,o+rx /export # chown wolf /share #chgrp users /share Configure Samba: Samba is controlled by means of the configuration file /usr/local/samba/lib/smb.conf Create a basic configuration file containing the following lines: (was in den [xx] Klammern steht, ist der Verbindungspunkt (Ordner) unter Windows) workgroup = ARBEITSGRUPPE netbios name= TEST security = share hosts allow = localhost, local-machine-name, 192.1.1. hosts deny = All [export] comment = Daten path = /export force user = wolf read only = Yes (oder: No, sollte der User auch Schreibrechte erhalten) Replace local-machine-name with the name of your Solaris system so that it can connect to the swat Web server and replace 192.168.1 with the first three components of the IP addresses used on your local network. The range 192.168.1.1 to 192.168.1.254 is reserved for private use and is a good choice to use for a local network. The effect of this basic configuration file is to allow access to your Solaris system from Windows machines on the local network only (those with IP addresses starting 192.168.1) and a password is not required to browse the Solaris system. The root file system is shared but is read-only and the /share directory is shared with both read and write access. Incoming connections to the Solaris system have a User and Group identity (uid and gid) of the "nobody" user by default. # ./testparm (test) and this should display the following: Load smb config files from /usr/local/samba/lib/smb.conf Processing section "[root]" Processing section "[share]" Loaded services file OK. Press enter to see a dump of your service definitions #/etc/samba/smbd start (in /etc/rc2.d ein S99samba anlegen und dort den Deamon eintragen) # pkill -HUP inetd (inet-Daemon neu starten) Nach Äderung von Rechten eines Users mußsich der User neu anmelden. Swat is a Web server which runs on your local m.0.6/docs/faq/Samba-meta-FAQ-1.html /opt/source/samba/samba-2.0.6/docs/faq/Samba-Server-FAQ-1.html /opt/source/samba/samba-2.0.6/docs/faq/sambafaq-1.html If you make further changes to the Samba configuration file smb.conf, note that the two Samba daemons should be told to re-read the file by issuing the commands: # pkill -HUP smbd # pkill -HUP nmbd Samba unter Cluster: #scinstall (dort kann Samba mitinstalliert werden) # cd /cdrom/cdrom0/components/SunCluster_HA_Samba_3.1 #./installer #more /var/sadm/install/logs # ls -l /usr/local samba -> /global/samba # ls -l /global/samba # more /etc/vfstab /dev/md/dg_d6/dsk/d63 /dev/md/dg_d6/rdsk/d63 /global/samba ufs 4 yes logging,global # cd /opt/SUNWscsmb # ls -l samba/util -rwxr-xr-x 1 root sys 1526 Dec 20 14:44 samba_config -rwxr-xr-x 1 root sys 736 Dec 20 14:44 samba_register # ls -l winbind/util -rwxr-xr-x 1 root sys 1006 Dec 20 14:44 winbind_config -rwxr-xr-x 1 root sys 613 Dec 20 14:44 winbind_register # more samba/util/samba_config # more winbind/util/winbind_config #ps -eaf | egrep ´(smbd|nmbd)´ (Prüob Samba lät) #testparm Path_To_smb.conf (check for errors) #scstat -I (Status of public network (ipmp groups)) #scstat -p (status of cluster components) SAN SAN-Manager (SUNWsmgr2) unzippen, pkgadd und unter /usr/opt/SUNWsmgr2/bin/SANbox_Manager ausfü Um andere Platten-Arrays einzubinden, unter Solaris mit cfgadm configure arbeiten. Sollten die Platten nicht sichtbar werdedn, mit SAN-Manager nachschauen, ob alte Configured Zones vorhanden sind, diese löen. Beispiel T3: Wenn nach cfgadm configure sichtbar, newfs auf die eingerichtete Partition laufen lassen (newfs /dev/rdsk/c5t5000?s1, dann mounten (mount /dev/dsk/c5t500?s1 /mnt). Passwör: Qlogic (Sanbox2 - 16 port switch):Login: admin Ps.: password (show setup system) (SANsurfer_Switch_Manager) Brocade: Login: root Ps.: password (sehr umfangreiche Befehle (help)) (üeb-browser einloggen) Sanbox (Sun 1 - 8 port switch): Login: root Ps.: eichzeitig ansprechen: for i in 1 2 3 4 5 6 7 do ping host$i done nach jeder Scripterstellung: chmod 755 fühte: useradd passwd su user (exit, um wieder auf root zu gelanden) Bedingungen abfragen: #!/bin/csh if ($?DISPLAY) then setenv TERM xterm else setenv TERM vt100 endif (mit exit Script beenden) Spielereien: #until false; do clear; date; sleep; done (oder: until [1=0]; ...) Creates file rights for default user for all domain on a starcat: # for i in [A B C .... R] (16 Domains) >do >/opt/SUNWSMS/bin/smsconfig -a -u sms-svc -6 admn $i >done System beschäigen: while sync; do; echo "hallo"; sleep 20; done Setting the scsi-initiator-id on PCI systems Necessary, when connecting dual-hosted Multipacks on a SUN-Cluster system. Leave the scsi-initiator for both nodes at 7. Then, set the scsi-initiator-id for ONLY the adapters that are connected to the dual-hosted disk to 6 on one of the nodes (second node). Do not change the id of the CD-ROM or tape-backup. Use probe-scsi-all to identify the controllers connected to shared storage and those connected to private storage. Use the nvedit to create the nvramrc to set the scsi-initator-id to 6 on one machine: ok> nvedit 0: probe-all install-console banner 1: cd /pci@6,4000/scsi@3 (mittels probe-scsi-all richtige Controller Pfade ermitteln) 2: 6 " scsi-initiator-id" integer-property 3: device-end 4: cd /pci@6,4000/scsi@2,1 (2. Port) 5: 6 " scsi-initiator-id" integer-property 6: device-end 7: banner (control C) Do a ctrl-c, and store the nvramrc ok> nvstore ok> setenv use-nvramrc? true ok> setenv auto-boot? true ok> reset-all # vi /etc/system (on both nodes) set scsi_options=0x3f8 Boot both systems and verify that you can see the multi-hosted disks from both nodes. On an E450: Set the global scsi-initiator-id to 6: ok> setenv scsi-initiator-id 6 ok> nvedit (you will set three controllers scsi-initiator-ids to 7) 0: probe-all 1: cd /sbus@70,0/SUNW,fas@1,8800000 2: 7 encode-int " scsi-initiator-id" property 3: device-end 4: cd /sbus@70,0/QLGC,is-s - /dev/rdsk/c1t1d0s2 metadb -a -c3 -f c1t0d0s7 (ebenso c1t1d0s7) metadb -i cp /etc/vfstab /etc/vfstab.old metainit -f d11 1 1 c1t0d0s0 (ebenso d21 1 1 c1t0d0s1, d31, d41) metainit d10 -m d11 (ebenso d20 -m d21, d30 -m d31, d40 -m d41) metaroot d10 vi /etc/vfstab /dev/md/dsk/d20 - - swap no - - /dev/md/dsk/d30 /dev/md/rdsk/d30 /export/home ufs 2 yes - /dev/md/dsk/d40 ?? (vi verlassen) init 6 metainit d12 1 1 c1t1d0s0 (ebenso mit d22, d32, d42) metattach d10 d12 (ebenso mit d20 d22, d30 d32, d40 d42) metastat (auf Fehler üümetastat -p >> /etc/lvm/md.tab while metastat | grep % >do >sleep 20 >echo xxxxxxxxx >done SDS mit nur zwei gespiegelten Platten c0t0d0 und c0t1d0(mirror): Zuerst freien Platz auf den Platten füadb´s ( Slice 7) erzeugen (10 - 15 Mb). Im Falle einer vorhandenen Partition Speicherplatz von swap wegnehmen: swap -l swap -d /dev/dsk/c0t0d0s1 format (Slice 7 wird erstellt und Partitionen der ersten Platte werden auf die zweite kopiert. Hierbei auch nicht vergessen, sich den phykalischen Pfad der beiden Platten fü Veräerungen im OBP aufzuschreiben. Dann: 0 , p , p , 1 (swap verkleinern (slice 1), ungefä 4 Zylinder wegnehmen), p, 7, ..., 10c, unassigned (slice 7 erstellen (slices dünicht üppen)), q ,l (label), q , name (z.B. SDS),q, di, 1 , p , select (SDS (um selbe Partition auf zweite Platte zu ühmen), l , q)) dann: newfs /dev/dsk/c0t1d0s0 (ebenso s6, nicht s1 (SWAP), oder s7 (replica location)) cd /cdrom/products/Disk_Suite_4.2/sparc (auf der Easy Access CD zu finden) (bei Solaris 8): Software CD 2: /cdrom0/EA/products/DiskSuite pkgadd -d . cd /cdrom/sun/patch/sds patchadd (füuellen Patch von der Gold CD)) Wenn möch, .profile von der EIS CD ühmen, sonst PATH per Hand eintragen. (PATH=.../usr/opt/SUNWmd/sbin MANPATH= ..../SUNWmd/man) init 6 Die /etc/vfstab in vfstab.org umkopieren nicht vergessen! (cp vfstab vfstab.org) (SDS-Befehle befinden sich in /usr/sbin/) cd /etc/lvm/md.tab vi md.tab (folgendes am Ende dieser Datei einfü) # Metadichts gespiegelt) ausgefüurde. Nun von CD-ROM booten (ok> boot cdrom -sw). Dann Festplatte mounten (mount /dev/dsk/c0t0d0s0 /mnt), dann vi /mnt/etc/vfstab aufrufen, Korrekturen vornehmen und neu booten (reboot). metainit d12 (ebenso mit d22 und dann d32) metattach d10 d12 (ebenso mit d20 d22, und dann d30 d32) Um diesen Vorgang zu beobachten (kann ein bis zwei Stunde dauern), sollte man nun ein kleines Script ausfü # while metastat | grep % >do >sleep 20 >echo xxxxxxxxx >done Andere Script Variante: # while true; do >echo 'date' 'metastat|grep %´ ; sleep 30 >done Wenn alles fertig ist, gespiegelte Platte bootfäg machen: installboot /usr/platform/sun4u/lib/fs/ufs/bootblk dev/rdsk/c0t1d0s0 (siehe auch man pages) init 6 (oder reboot) Nun kommt der grosse Moment. Startet das System nur im Single User Mode, muss man sich (wie oben beschrieben) die vfstab anschauen. Sollte es passieren, dass die Äderungen, die man nun vornimmt, beim erneuten booten nicht beibehalten werden, kann man sich auch mit dem mount-Befehl die gespiegelte Platte anschauen (mount /dev/dsk/c0t1d0s0 /a), denn eine dort vorhandende falsche Konfiguration ühreibt die korrigierte Konfiguration auf der anderen Platte. Dann muss auf beiden Spiegeln die falschen Einträ geäert werden. Zu guter Letzt muss dem OBP mitgeteilt werden, dass eine zweite Bootplatte vorhanden ist: ok> show-disks (zuerst die Bootplatte wäen) ok> nvalias sds-disk /sbus/? (mit ^Y einfüund am Ende der Zeile @x,0 anfüwobei die richtige Zahl (x) von der Format Anzeige oder devalias (OBP) erschaubar ist. Das gleiche wird nun mit der Spiegelplatte gemacht, wobei wir sie mit nvalias sds-mirror nennen.) ok> setenv boot-device sds-disk sds-mirror ok> printenv (zur Kontrolle) ok> boot sds-mirror (um zu testen, dass der Spiegel auch wirklich bootet) Wenn spär neue Platten physikalisch zu SDS dazukommen, folgendes ausfü drvconfig disks (schreibt neue drives aufs Plattenverzeichnis) devlinks SDS - soft partitioning (ab Solaris 9) #metainit d5 -p c1t3d0s3 20.tab d50 2 1 /dev/dsk/c0t0d0s6 1 /dev/dsk/c0t1d0s6 (dann:) metainit d50 newfs /dev/md/rdsk/d50 mount /dev/md/dsk/d50 / reboot (um zu sehen, ob man sich nicht vertippt hat) Disk Striping (Aufteilung bestimmter Platten in Streifen, um höe Lese- und Schreibzugriffe zu erreichen (nur bei mehreren Controllern möch)): vi /etc/opt/SUNWmd.tab (Striping von drei Platten) d50 1 3 /dev/dsk/c0t2d0s5 /dev/dsk/c1t2d0s5 /dev/dsk/c2d0s5 -i 32k (dann:) metainit d50 newfs /dev/md/rdsk/d50 (löt alle Daten auf den drei Slices!) RAID5 mit SDS (3 Komponenten, 32k segment Grö): vi /etc/opt/SUNWmd/md.tab d15 -r /dev/dsk/c0t0d0s1 /dev/dsk/c0td0s1 /dev/dsk/c0t2d0s1 -i 32k (dann:) metainit d15 newfs /dev/md/rdsk/d15 mount /dev/md/dsk/d15 / Hot Spares (Ersatzplatten, die füe kaputte Platte einspringen): vi /etc/opt/SNWmd/md.tab # hot spares hsp001 /dev/dsk/c0t0d0s2 /dev/dsk/c1t0d0s2 /dev/dsk/c2t0d0s2 hsp002 /dev/dsk/c2t0d0s2 /dev/dsk/c0t0d0s2 /dev/dsk/c1t0d0s2 # Spiegel mit hot spares d1 -m d1 d1 1 1 /dev/dsk/c0t3d0s2 -h hsp001 d2 1 1 /dev/dsk/c0t1d0s2 -h hsp002 (dann:) metainit hsp001 metainit hsp002 metainit d2 metainit -f d1 metainit d0 vi /etc/vfstab /dev/md/dsk/d1 /dev/md/rdsk/d1 backup ufs 2 yes - init 6 metattach d0 d2 (kann, je nach Grö der Platte, bis zu einer Stunde dauern) metahs -a hsp001 /dev/dsk/c3t0d0s2 (addiert neues Laufwerk zum Hot Spare Pool ) metahs -d hsp002 /dev/dsk/c2t0d0s2 (löt ein device) metahs -i (status) Example hot spare metainit hsp001 /dev/dsk/c1t2d0s2 /dev/dsk/c2t2d0s2 (creating a collection of hot spares) metahs -a hsp001 c1t2d0s2 c2t2d0s2 metainit d13 1 1 c1t0d0s3 -h hsp001 (assign hsp to first mirror) metainit d23 1 1 c2t0d0s3 metaparam -h hsp001 d23 metaparam -h hsp001 d13 (connects the hsp to the second mirror) metainit d12 -m d13 metainit d12 d23 Enableling a hsp is necessary, when it has been replaced : metahs -e Beispiel: Nicht defekte Platte in Raid 5 wird getauscht, mit HSP im Hintergrund (Hauptspiegel d0). Im Raid 5 kann eine Platte problemlos gezren / Rekonfigurieren des Hot-Spare-Pools metahs -a hsp00x cxtxd0sx Addiert neue HD zum hsp metahs -d hsp00x cxtxd0sx Abhäen von Hotsparepartitionen deleting a hsp: metahs -d hsp001 c0t0d0s7 replacing a hsp: metahs -r hsp001 c0t1d0s0 c0t3d0s0 Fehlerhaftes Hot Spare Laufwerk ersetzen : metahs -e /dev/dsk/c0t6d0s2 metareplace -e d0 /dev/dsk/md/d2 Kaputte Platte (c5t0d0s0) ist getauscht, Hot Spare ist eingesprungen, nun alles wieder rügig machen: metareplace -e d30 c5t0d0s0 (hot spare wird danach automatisch auf available gesetzt) (d30 = Hauptspiegel) yes Kaputte Platte unter SDS mit Hot Spare Hot Spare ist eingesprungen (hsp001 ist auf : use) z.B. c2t4d1 fü3d1 (metastat) Somit ist das Ausfüeines metadetach nicht nö. #metadb -d c0t3d1s3 (mit metadb -i üü(dann mit ssaadm display c0 nachschauen, welche Platte betroffen ist, in diesem Falle ist es 3,1 , also die vierte Platte im mittleren Array Kasten, von vorne betrachtet) #init 0 (Platte tauschen, System im single user mode starten, neue Platte wie alte partitionieren, dann formatieren (in unserem Falle: newfs auf s0 und s3)) Ein metastat im single user mode wird alles auf Need Maintenance anzeigen, soetwas nicht beachten. Mit Control d oder init 3 die Maschine komplett hochzufahren. #metadb -a c0t3d0s3 (metadbs wieder auf der Platte anlegen) #sssaadm fast_write -se c0 (falls die alte Platte auf (fw) stand (ssaadm display c0)) #metareplace -e d50 c0t3d1s0 (resyncronisiert den Spiegel wieder neu) (Hot Spare wird automatisch wieder zurüetzt (auf : available)) Removing a hsp from a mirror: metaparam -h none d30 metaparam -h none d31 metahs -d hsp001 Defekte Bootplatte (Mirror) tauschen: Platte c0t0d0s0 hat Schreibfehler. Zuerst Replicas dieser Platte löen (mit metadb -i feststellen, welche) #metadb -d c0t0d0s5 (in unserem Falle auf s5) Platte kann gezogen werden, neue Platte einbauen (im laufendem Betrieb bei einer 450) #prtvtoc c2t0d0s2 | fmthard -s - c0t0d0s2 (Partition der anderen Spiegelhäte ühmen) #metadb -a c0t0d0s5 (replicas Platte mit dem Formatbefehl zu löen, damit ein anderer Spiegel / Raid 5 (der sich auch mit auf der Platte befindet) mitbekommt, dass ein Fehler vorliegt. Beim Spiegel geht das ev. auch mit dem Befehl "metaoffline". Ist auf der Platte ein ungespiegelter Stripe / Concat vorhanden, sind die Daten natü hin ! Vorher Backup machen / Kunden informieren. Masch. in Single user Mode booten mit "prtvtoc /dev/dsk/cxtxd0s2 >/var/label/platte.txt" Label speichern (falls bei Install.nicht schon geschehen ) mit "metadb -d /dev/dsk/cxtxd0s7" die unknown Replicas löen init 5 neue Platte einbauen booten mit "fmthard -s /var/label/platte.txt /dev/rdsk/cxtxd0s7" Label auf neue Platte zurüreiben (kann auch mit "format" gemacht werden) mit "metadb -a -f -cx /dev/dsk/cxtxd0s7 Replicas erzeugen x=Anzahl der Replicas mit "metareplace -e ........." Spiegel oder Raid5 resyncen "metastat |grep done" zeigt Syncstatus an. Festplatte tauschen: metadb -i (zeigt kaputte Platte und Anzahl der Controllers) metastat |more (generelle Anzeige des Zustandes von SDS) format (Partitionierung der guten Platte speichern (bei Mirror)) (prüwelche slices auf der kaputen Platte gelöt werden mü metadb -d -f /dev/dsk/c0t1d0s7 (database von der zu ersetzenden Platte löen) init 5 (Platten tauschen) (bei A5000 im laufenden Betrieb tauschen) boot format (neue Platte einrichten (x, p ,p), gespeicherte Partitionstabellen ühmen) metastat metadb -a -f /dev/dsk/c0t1d0s7 (metadb´s anlegen) metareplace -e d10 c0t1d0s0 (dann s1, s2 , s6 und was immer nö) installboot /usr/?/ /dev/rdsk/c0t1d0s0 (steht in: man installboot) Wenn es nur noch möch ist im Single User Mode zu booten: metastat | more (welche Aktion wird von SDS vorgeschlagen) metasync d10 (dann d20, d30, usw) fsck (Üerprü mount -o remount, rw / metadb -d -f c0t1d0s7 reboot SDS bootet nicht - Boot Platte allerdings nicht defekt Ein Zugriff auf diese Platte ist nicht möch, es kann auch nicht im Single User Mode gebootet werden. Der Mirror hat aus bestimmten Grünicht funktioniert. Der Spiegel lä sich nicht ebenfalls nicht hochfahren, da Probleme mit veralteten Firmware Patchen vorhanden ist.Es muss von CD-Rom gebootet werden. Die Kontrolle von SDS üiese Platte mußgestoppt werden. # boot cdrom -s #mount /dev/dsk/c0t0d0s0 /a (oder /mnt) #TERM=vt100, export TERM ren) #metadb -a c0t0d0s7 (sollen z.B drei Replicas erstellt werden, -c3 hinzufü#metainit -f d1 1 1 c0t0d0s0 (erzeugt concat/stripe) #metainit d2 1 1 c1t4d0s0 (erzeugt den anderen Sub-Mirror) #meatinit d0 -m d1 (setzt einen Einweg-Mirror auf (sicherste Weg)) #metaroot d0 (Erzeugt die Einträ in /etc/system und /etc/vfstab) #cp /etc/vfstab.save vfstab (gesicherte vfstab wieder auf die Originalposition zurüieren) # init 0 und Bootplatte wieder hochfahren #metattach d0 d2 (zweiten Spiegel nun einhäen und syncronisieren) Von SDS nicht angemeckerte Platte (c1t0d0 = d11) tauschen mit luxadm (bei optical interfaces z.B. 880): #metadb -d c1t0d0s7 (Root-Platte) #metadetach d10 d11 (d11 ist der Unterspiegel von d10, d12 ist der Mirror (c1t3d0)) #metadetach d20 d21 u.s.w. #metaclear d11 d21 u.s.w. (nicht unbedingt nö, kann aber erforderlich sein, falls die neue Platte nicht anerkannt wird) #luxadm remove_device /dev/rdsk/c1t0d0s2 (so werden auch doppelte Pfade gelöt) (Sollte dies nicht funktionieren, gibt es noch :luxadm -e offline /dev/rdsk/c1t0d0s2) (dann Platte ziehen und ENTER drü Neue Platte einbauen) #luxadm insert_device /dev/dsk/c1t0d0s2 #prtvtoc /dev/rdsk/c1t3d0s2|fmthard -s - /dev/rdsk/c1t0d0s2 #metadb -a -f -c3 /dev/dsk/c1t0d0s7 (um vorhandene Metadb Kopien wieder anzulegen) #metainit d11 /dev/dsk/c1t0d0s0 (wenn metaclear verwendet wurde) #metainit d21 /dev/dsk/c1t0d0s1 (u.s.w.) #metattach d10 d11 #metattach d20 d21 (u.s.w.) SDS - How to recover from insufficient state database replicas: (in single user mode): # metadb -i (statistics) M means, the system cannot detect state database replicas in the slice in this line. # metadb -d -f c0t3d0s3 (for example) # metadb -i ( verify) # halt (change defective disk, reboot and use format to create the correct partition table) # metadb -a -c2 c0t3d0s3 (add back the state database) # metadb -i (verify) How to replace a failed SCSI-disk: # metastat (identify the failed disks (look into the /var/adm/messages too)) # metadb (locate any failed local metadevice state me slice infos as the failed one) # metadb -a c3 c0t3d0s3 # metattach d20 d10 # metareplace d0 c0t3d0s3 (when a RAID5 metadevice has failed) # metahs -a hsp000 c0 t3d0s6 (with the failed hot spare) Recover from a SPARCstorage Array power loss: # metastat (check for errors) # metareplace -e metadevice slice (whatever metastat tells you to do) (Metareplace hot spare disks first) # metadb (schows affected slices) # metadb -d slice (deletes failed replica) # metadb -a slice (recreates failed replica, make shure, you put enough replicas back) Diskfailure on Striped Metadevices with data under SDS (z.B. d8) #umount /data #ufsdump 0f /dev/rmt/0 /dev/md/dsk/d8 #metaclear d8 (clears the faulty metadevice of state database replica) replace faulty drive #metainit d8 #newfs /dev/md/rdsk/d8 #ufsrestore rf /dev/rmt/0 Removing a Submirror #metadetach /dev/dsk/md/d4 /dev/dsk/md/d2 (submirror d2 will be removed) #metaclear -r /dev/dsk/md/d2 (clears the submirror) Other excample: c0t1d0s0 is bad: (Identify failed disk: /var/adm/messages + metastat) Locate stale replicas (metadb -i) and delete them (-d). Add more replicas, if less than 3 are left. Locate any sudmirrors that uses slices on the the failed disk and detach them. d10 is using c0t1d0s4 (Mirror is d20): #metadetach d20 d10 Delete any hot spares on the disk: #metahs -d hsp000 c0t1d0s6 #halt Replace disk, boot in single user mode, partition new disk, replace replicas and hot spares: #metahs -a hsp000 c0t1d0s6 (dann:# metareplace -e d...) Kaputte Platte im Multipack tauschen: z.B. WARNING: /pci@1f,4000/scsi@4,1/sd@2,0(sd47) c1t2d0 (2.Platte im Multipack, die gespiegelt ist) (c1t2d0s0 d7 /u1 und c1t2d0s1 d82 /u8 ) #metadetach -f d70 d72 (Spiegel wird aufgelö #metadetach -f d80 d82 #metadb -d /dev/dsk/c1t2d0s7 (replicas auf der kaputten Platte auflö) (Maschine runterfahren, Multipack rausziehen, Platte austauschen, System wieder starten, am besten im single user mode, Partitionen wieder einrichten) #metattach d70 d72 #metattach d80 d82 #metadb -a -f c1t2d0s7 Kaputte Pauschen #format (Platte c1t5d0 wie alte (oder wie der andere Spiegel) einrichten - alte Partition ühmen: name auf andere Platte schreiben: select)) #metattach d70 d71 (ebenso d80 d81, d90 d91) #metareplace -e d70 c1t5d0s0 (ebenso s5, s6) (dauert bis zu einer Stunde) Problem: Bootplatte und Bootspiegel unter SDS und Photon unter VM Kontrolle (Auf Boot und Boot-Spiegel ist je eine Partition (10Mb) freizulassen, die nicht unter SDS Kontrolle steht. Folgendes Script erzeugt die notwendige rootdg:) #vxdctl -k stop #vxconfigd -m disable #vxdctl init #vxdg init rootdg #vxdctl add disk disk c0t0d0s7 type=simple #vxdisk -f init c0t0d0s7 type=simple #vxdg -g rootdg adddisk c0t0d0s7 #vxdctl add disk c1t0d0s7 type=simple #vxdisk -f init c1t0d0s7 type=simple #vxdg -g rootdg adddisk c1t0d0s7 #vxdctl enable #rm /etc/vx/reconfig.d/state.d/install-db Label der HD (partition) von t0 auf t1 kopieren: # prtvtoc /dev/rdsk/c0t0d0s2 > vtocdisk0 # fmthard -s vtocdisk0 /dev/rdsk/c0t1d0s2 oder: prtvtoc /dev/rdsk/c0t0d0s2|fmthard -s - /dev/rdsk/c0t1d0s2 SDS entfernen System von CD in single user mode booten root mounten und gesicherte vfstab und system zurüieren Slizes mit Replicas löen (metadb -f -d /dev/dsk/c0t0d0s7,..) - Reboot System ev. Pakete und Deviceeinträ löen (metadb -d c0t0d0s7, usw.) (pkgrm SUNWmdg SUNWmdr SUNW...) (mit pkginfo | grep DISK nachschauen) Beispiel einer Datenmigration mit Spiegelung unter SDS: Jetziger Bestand: Eine interne Platte: c0t0d0, zwei externe Platten: c1t2d0 und c1t3d0 Ziel: Eine neue Platte soll die rad* -Slices der alten Platten ühmen. Außerdem soll die neue Platte gespielt werden. Neue Platten werden zunäst als c1t4d0 und c1t5d0 angeschlossen. c1t4d0 wird partitioniert und formatiert: c1t4d0s3 = 17 GB (füdb) c1t4d0s4 = 12 GB (füdb0) c1t4d0s5 = 4,5 GB (fühome) c1t4d0s7 = 0,5 GB (füadbs) newfs /dev/c1t4d0s3 (ebenso s4 und s5) mount /dev/dsk/c1t4d0s3 /mnt/raddb mount /dev/dsk/c1t4d0s4 /mnt/raddb0 mount /dev/dsk/c1t4d0s5 /mnt/radhome Slices von alten Platten auf eine un die alten Platten entfernt werden kön und die neuen ihre Position einnehmen, muß /etc/vfstab geäert werden: c0t0d0s7 nach c1t2d0s5 ....... c1t2d0s2 nach c1t2s0s3 ....... c1t3d0s2 nach c1t2d0s4 ...... Nach Neuboot und Umbau die Partition der ersten neuen Platte auf zweite kopieren prtvtoc /dev/rdsk/c1t2d0s2 | fmthard -s - /dev/rdsk/c1t3d0s2 Spiegelung einrichten: (unter csh) setenv /usr/opt/SUNWmd/sbin:$PATH (um SDS Befehle ausfüzu kön) oder: PATH=/ usr/opt/SUNWmd/sbin in .profile eintragen (falls .profile nicht vorhanden, mit touch erzeugen) /etc/opt/SUNWmd/md.tab einrichten: mddb01 /dev/dsk/c1t2d0s7 /dev/dsk/c1t3d0s7 # raddb Spiegel d10 -m d11 d11 1 1 /dev/dsk/c1t2d0s3 d12 1 1 /dev/dsk/c1t3d0s3 # raddb01 Spiegel d20 -m d21 d21 1 1 /dev/dsk/c1t2d0s4 d22 1 1 /dev/dsk/c1t3d0s4 # radhome Spiegel d30 -m d31 d31 1 1 /dev/dsk/c1t2d0s5 d32 1 1 /dev/dsk/c1t3d0s5 Um Platten ohne SDS zu kopieren (z.B. c0t0d0s2 auf c0t1d0s2): dd if=/dev/rdsk/c0t0d0s2 of=/dev/rdsk/c0t1d0s2 bs=128k Security netstat -tap|grep LISTEN (zeigt Liste aller zur Zeit laufender Services, die mit LISTEN zu tun haben, die also bei mir aktiv sind) rlogin, rsh, rexec, telnet, ftp und BIND (named) sollten gemieden werden. Besser: ssh, rsp, http, Bei einem Single-Computer sind Pogramme wie: sendmail, exim, postfix, qmail unnö. Nur sinnvoll, wenn man Mails direkt beziehen möe, also nicht üinen POP-Account geht. /etc/services zeigt die Services und Portnummern an, die angeboten werden Um laufende Prozesse anzeigen zu lassen: ls -l /etc/init.d | less Um bestimmte Prozesse zu stoppen: /etc/init.d/ stop inetd ist ein "Super-deamon", da er viele Sub-Deamons startet. Es lauscht auf verschiedenen Ports, um services zu üüwie sie in /etc/inetd.conf festgelegt sind (z.B. pop3). # grep -v ,^#' /etc/inetd.conf (zeigt die momentan laufenden Services) #ps -ef | grep tcpgate (zeigt u.a. die PID Nummer des Prozesses tcpgate) #ls -l /proc/234/exe (zeigt den Pfad des Prozesses an) #/usr/aset/aset Programm starten: zeigt Sicherheitslörd bind wird durch aktuelle Versionen ersetzt Verwendung von chroot zum "Einsperren" von Diensten Securing Solaris Secure the inetd Remove unnecessary services from the inetd.conf file. This can be done by placing a pound sign (#) in front of the line that is not needed. It is ideal to comment out everything in the inetd.conf file and add them back as needed. Telnet and FTP will be replaced with SSH. Ideally, comment out ftp, tftp, systat, rexd, ypupdated, netstat, rstatd, rusersd, sprayd, walld, exec, talk, comsat, rquotad, name, uucp, sadmind, login, finger, chargen, echo, time, daytime, discard, telnet, imap, pop3, dtspc, fs, kcms, and all rpc services. Secure the startup scripts The startup scripts reside in /etc/rc2.d and /etc/rc3.d. Many of the services here are not needed and pose potential security vulnerabilities. To stop a script from starting, replace the capital S with a lowercase s (or K with a lowercase k). Some example services that should be disabled are: Automounter /etc/rc2.d/S74autofs Sendmail /etc/rc2.d/S88sendmail and /etc/rc1.d/K57sendmail RPC /etc/rc2.d/S71rpc SNMP /etc/rc2.d/S76snmpdx NFS server /etc/rc3.d/S15nfs.server NFS client /etc/rc2.d/S73nfs.client Enable logging The default Solaris system logging occurs in /var/adm. Enable additional logging by creating two additional logging files, /var/adm/sulog and /var/adm/loginlog. The sulog will log successful and unsuccessful su attempts. The loginlog will catch consecutive failed login attempts. Enable the files by: #touch /var/adm/sulog #touch /var/adm/loginlog #chmod 600 /var/adm/sulog #chmod 600 /var/adm/loginlog #chown root /var/adm/sulog #chown root /var/adm/loginlog #chgrp sys /var/adm/sulog #chgrp sys /var/adm/loginlog Uncomment the following line in /etc/syslog.conf to log authentication messages: #auth.notice ifdef('LOGHOST', /var/log/authlog, @loghost) Then perform the following to create the proper authlog file: #touch /var/log/authlog #chmod 600 /var/log/authlog #chown root /var/log/authlog Miscellaneous security tasks Set the TCP initial sequence numbmove, lock or comment out unnecessary accounts, including "sys", "uucp", "nuucp", "smtp" and "listen". The best way to disable them is to put "*LK*" in the password field of the /etc/shadow file. The following command line options can also be used to remove or lock accounts: Remove - #passmgmt -d account Lock - #passwd -l account Change the /etc/motd to contain warnings about inappropriate and unauthorized use of the system. Remove sendmail packages - SUNWsndmr and SUNWsndmu Remove group write permission of the /etc directory by performing the following: chmod -R g-w /etc Disable routing by performing the following: #touch /etc/notrouter Remove /etc/hosts.equiv, /.rhosts Disable the Stop-A abort sequence by changing the following in /etc/default/kbd: KEYBOARD_ABORT=disabled Enable EEPROM security: #eeprom security-mode=full New password: password Retype new password: password Do not make this password the same as root. Setting the security level to full requires a password to boot the system. "Command", instead of "full", may be used to provide protection without the need of a boot password. Installing SSH SSH is used for secure communications to the Solaris system. It encrypts all communications to the system. SSH has its own logging and access control, like TCP Wrapper, but is more secure since traffic cannot be sniffed. SSH can be obtained from http://www.ssh.com or http://openssh.com. YASSP Another resource to consider using is YASSP - Yet Another Secure Solaris Package. It automates some of the changes above and incorporates additional functionality such as Tripwire, TCP Wrappers, and a version of SSH. It can be found at http://yassp.parc.xeorx.com. It is recommended to install YASSP, then perform steps 3 through 7 as a safety check. Eliminating Services By default, Solaris is a powerful operating system that executes many useful services. However, most of these services are unneeded and pose a potential security risk for a firewall. The first place to start is /etc/inetd.conf. This file specifies which services the /usr/sbin/inetd daemon will listen for. By default, /etc/inetd.conf is configured fscript again just by replacing the small s with a capital S. The following scripts are not needed and pose serious security threats to your system. /etc/rc2.d S73nfs.client - used for NFS mounting a system. A firewall should never mount another file system. S74autofs - used for automounting, once again, a firewall should never mount another file system. S80lp - used for printing, your firewall should never need to print. S88sendmail - listens for incoming email. Your system can still send mail (such as alerts) with this disabled. S71rpc - portmapper daemon, a highly insecure service (required if you are running CDE). S99dtlogin - CDE daemon, starts CDE by default /etc/rc3.d S15nfs.server - used to share file systems, a bad idea for firewalls. S76snmpdx - snmp daemon Running any GUI (CDE or OpenWindows) is not a good idea. Only run a GUI when it is absolutely required. You can disable CDE, the default GUI in Solaris 2.6, with the S99dtlogin startup script (replace the capital S with a small s). To get an idea of how many ports and services CDE requires, type the following command when it is running. ps -aef | wc - l Once you are done with the installation and have turned off S99dtlogin and S71rpc (required to run CDE), type the command again and compare how the number of services have decreased. The fewer services running, the better. For those of you who installed the Core installation, this is not an issue, as the GUI is not installed. Logging and Tweaking Once you have eliminated as many services as possible, we want to enable logging. Most system logging occurs in /var/adm. We want to add two additional log files there, sulog and loginlog. /var/adm/sulog logs all su attempts, both successful and failed. This allows you to monitor who is attempting to gain root access on your system. /var/adm/loginlog logs consecutive failed login attempts. When a user attempts to login 5 times, and all 5 attempts fail, this is logged. To enable the files, just touch the files /var/adm/loginlog and /var/adm/sulog. Ensure both files are chmod 6rs will NOT protect your network traffic from sniffing. Users can still capture all of your keystrokes (including passwords) on the network. If you are concerned about users capturing communications to your firewall, I recommend you replace telnet/ftp with SSH. SSH will encrypt all communications to your firewall, allowing you both to upload files and administer the firewall in a secure manner. SSH is similar to TCP wrappers in that it has its own layer of logging, and can limit what systems can connect to it. For more information on SSH for Solaris, check out OpenSSH for Solaris. For 95/NT users, I highly recommend SecureCRT as a SSH client. TCP Wrappers, while it does not encrypt, it does log and control who can access your system. It is a binary that wraps itself around inetd services, such as telnet or ftp. With TCP Wrappers, the system launches the wrapper for inetd connections, logs all attempts and then verifies the attempt against a access control list. If the connection is permitted, TCP Wrappers hands the connection to the proper binary, such as telnet. If the connection is rejected by the access control list, then the connection is dropped. Many of you may be wondering why would a firewall need TCP Wrappers, the firewall does all that for you. The answers are simple. First, in case the firewall is compromised or crashes, TCP Wrappers offer a second layer of defense. Second, and just as important, TCP Wrappers protect against Firewall misconfigurations. I have often seen firewalls misconfigured, especially in VPN situations, allowing unauthorized users access to the firewall. Third, TCP Wrappers add a second layer of logging, verifying other system logs. You can get TCP Wrappers from Wietse Venema's Website. Once again, be sure to use your go between system to retrieve and compile TCP Wrappers. We do not want any compilers on the Firewall and we want to protect the armored Solaris box within its isolated network. Once downloaded, be sure to review the README file first, it is an excellent introduction to TCP Wrappers. Two options rectory. Second, the file /etc/inetd.conf must be configured for which services are to be wrapped (example D). Third, /etc/syslog.conf must be edited for logging tcpd (example E), be sure to touch the file /var/adm/tcpdlog . Last, the access control lists must be created, /etc/hosts.allow and /etc/hosts.deny (example F). Once all the proper files have been edited and are in place, restart /usr/bin/inetd with kill -HUP. This will restart the daemon with TCP Wrappers in place. Be sure to verify both your ACLs and logging before finishing. For the Truly Paranoid I consider the measures discussed above absolutely essential. By following these steps, you have greatly improved your system's security, congratulations! Unfortunately, your system is not 100% secure, nor will it ever be. So, for the truly paranoid, I have added some additional steps you can take. First we will create the wheel group. The wheel group is a group of select individuals that can execute powerful commands, such as /usr/bin/su. By limiting the people the can access these commands, you enhance the system security. To create the group, vi the file /etc/group, create the group wheel, and add the system admins to the group. Then identify critical system binaries, such as /usr/bin/su. Change the group ownership to wheel, and the permissions to owner and group executable only (be sure to maintain the suid or guid bit for specific binaries). For /usr/bin/su, the commands would be: /usr/bin/chgrp wheel /usr/bin/su /usr/bin/chmod 4750 /usr/bin/su Note: (Don't forget, for su there is actually another binary in /sbin. For 2.6, this is called /sbin/su.static This is the same thing as /usr/bin/su, however the libaries are statically linked, hence the larger file size. Don't forget to change this file also ). Second, we will lock down the files .rhosts, .netrc, and /etc/hosts.equiv. The r commands use these files to access systems. To lock them down, touch the files, then change the permissions to zero, locking them down. This way no one can create or alter the files. For example, lt/inetinit (example G). By default, the system installs with a setting of 1, which is not as secure. To protect against possible buffer overflow (or stack smashing) attacks, add the following to lines to /etc/system. set noexec_user_stack=1 set noexec_user_stack_log=1 Next, we make some modifications to the IP module. Add these commands to one of your start up scripts. For detailed information on ndd and tuneing ip modules for security, check out Network Settings for Security. ### Set kernel parameters for /dev/ip ndd -set /dev/ip ip_respond_to_echo_broadcast 0 ndd -set /dev/ip ip_forward_directed_broadcasts 0 ndd -set /dev/ip ip_respond_to_timestamp 0 ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0 ndd -set /dev/ip ip_forward_src_routed 0 ndd -set /dev/ip ip_ignore_redirect 1 Last thing I like to do is eliminate as many suid root binaries as possible. suid root binaries pose a high risk, as vulnerable versions can be used to gain root. Since this is a dedicated system with few accounts, most of the suid binaries can be disabled or removed. To find all suid root binaries, run the following command on your system. find / -type f -perm -4000 -exec ls -lL {} \; | tee -a /var/tmp/suid.txt Once you have identifed all of the suid root binaries, you can remove most of them by changing the permissions to '555', or deleting the binaries entirely. For example, I eliminated the suid bit on the following binaries from a Core installation of Solaris 2.7. For more information on how to better armor your Solaris system, check out Sun Microsystems Security blueprint pages located at http://www.sun.com/security/blueprints. There are also a variety of tools you can use to automate the armoring of your system, including Brad Powell's armoring script Titan, Sun Microsystems's JASS , and YASSP, Yet Another Security Solaris Package. Password Settings Entries in both of the following files affect the use of passwords. The first two are particularly critical to forcing good password discipline on a system. /etc/default/login (Make sure the entry PASSREQ=YES exists and is not commented out) /etc/default/passwd (Set PASSLENGTH=8 to establish a safer minimum length for user passwords. Set to a greater length as required by your security policy) Consider setting MAXWEEKS to implement a password aging scheme Unnecessary Accounts The general rule is to minimiing account is for backward compatibility and should be deleted unless you must support access from SunOS (Solaris 1.x) systems. nobody4 Give disabled accounts an invalid shell The operating system will prevent log in for an account that is assigned an invalid shell. This is a good "defense in depth" strategy to prevent crackers from using default accounts to gain access to your host. Assign the shell /bin/true or /bin/false as the shell for accounts that should never be allowed to log in. A better solution is to use a locally compiled version of the noshell program. Prevent ftp Access With Disabled userids Create the file /etc/ftpusers and add the following default Solaris accounts to the file. adm bin daemon listen uucp .............. Final Checks Verify that all who have accounts have a valid need to access the system Verify that access to the root account is restricted We recommend that no more than 3 to 4 people have access to the root password. Further, all authorized users should be forced to log in with their non-privileged userid and use su to access the root account. Make sure all accounts have an x in the password field in /etc/passwd to force the use of Solaris' shadow password file Check /etc/shadowto make sure disabled accounts have either NP or LK in the password field Check that no accounts other than root and smtp have the user id (UID) of 0 (zero) Use the command logins -p to check for accounts that do not require a password to log in Check /etc/group for the presence of a wheel group (group 0). If supported, the list of users for this group should not be null Note that only those users shown in the user list for the wheel group will be allowed to su to root. All other users will be denied access, even if they enter the correct password. Run COPS or Tiger to verify that all default passwords have been changed Force the use of su to gain root access Restrict Root's Search Path A common method used by crackers is to copy modified versions of system commands, called Trojan Horses into a hacked system's directory structure. In a properly configured file system, they should only beost from displaying the operating system name and level when someone telnets to your system: BANNER="" Shell - Umgebungen #vi /etc/passwd (root:x:0:1:Super-User:/:/usr/bin/bash (um eine bash-Umgebung beim einloggen zu haben)) #ksh -o emacs (bessere Shellbenutzung einrichten) #stty erase ^H (verhindert Probleme mit der Backspace Taste) #set -o vi (Üergibt vi Befehle an die Shell) # PSI="'uname -n' #" ; export PSI (Name vor den Gartenzaun setzen) Bourne $HOME/.profile Defines user's environment at login C $HOME/.cshrc Defines user's environment for all C shells; invoked after login shell $HOME/.login Defines user's environment at login Korn $HOME/.profile Defines user's environment at login $HOME/$ENV Defines user's environment at login in the file Die Sonderzeichen der Korn-Shell cd ~ (springt ins eigene home-Verzeichnis), cd ~+ (sprint ins letzte Verz.), cd ~- (springt ins aktuelle Verz.), cd - (macht hin- und herspringen möch), ; (mehrere Kommandos in der selben Zeile), $ (Variablenausgabe, z.B. echo $SHELL), \ (Sonderzeichen als normale Zeichen interpretieren),"..." (maskiert die meisten Sonderzeichen), ´...´ (maskiert alle Sonderzeichen), ,..' (Kommandosubstitution, ebenso $(...)), ls >dat (Ausgabe wird in dat umgeleitet (dat wird erzeugt), ls >>dat (hät Ausgabe an dat an), Variablen der Korn-Shell set (Variablen anzeigen lassen) export (zeigt alle exportierten Variablen), dazu auch: typeset löen von Variablen: unset typest +x (exportierte Variable zurümen) PS1="$LOGNAME@ ,hostname'$" (Äderung der Prompt Variable) echo $PATH (zeigt den Pfad) Die History Funktion history (zeigt bereits getägte Einträ) PS1="(!)$ " (gibt im Prompt aktuelle History Nummer aus) Korn-Shell functions alias =<"Kommando1;Kommando2;.."> (Reduzierung von Schreibarbeit) z.B.: alias h=history (alias rm="rm -i" (Einschaltung von interaktivem Löen)) alias ll="ls -l|more" (löen: unalias ...) alias dir=/bin/ls Konfiguration der Korn-Shell_Umgebung #set -o (zeigt aktuelle Liste der Korn-Shell the /sbin/init process, which starts other processes by reading the /etc/inittab file. The /sbin/init process starts the run control (rc) scripts, which execute a series of other scripts. These scripts (/sbin/rc*) check and mount file systems, start various processes, and perform system maintenance tasks. It the file pathtoinst ist missing, the devices will be configured again (like boot -r).The file /etc/system tells the boot process with kernel to load. Than it will go through the run control scripts. Runs the /etc/rc2.d scripts to perform the following tasks: Mounts all local file systems Enables disk quotas if at least one file system was mounted with the quota option Saves editor temporary files in /usr/preserve Removes any files in the /tmp directory Configures system accounting Configures default router Sets NIS domain and ifconfig netmask Reboots the system from the installation media or a boot server if either /.PREINSTALL or /AUTOINSTALL exists Starts inetd and rpcbind and named, if appropriate Starts Kerberos client-side daemon, kerbd Starts NIS daemons (ypbind) and NIS+ daemons (rpc.nisd), depending on whether the system is configured for NIS or NIS+, and whether the system is a client or a server Starts keyserv, statd, lockd, xntpd, and utmpd Mounts all NFS entries Starts nscd (name service cache daemon) Starts automount, cron, LP print service, sendmail, utmpd, and vold daemons Note - Many of the system services and applications that are started at run level 2 depend on what software is installed on the system. /sbin/rc3 Runs the /etc/rc3.d scripts to perform the following tasks: Cleans up sharetab Starts nfsd Starts mountd If the system is a boot server, starts rarpd, rpc.bootparamd, and rpld Starts snmpdx (Solstice Enterprise Agents? process). /sbin/rc5 and /sbin/rc6 Runs the /etc/rc0.d/K* scripts to perform the following tasks: Kills all active processes Unmounts the file systems /sbin/rcS Runs the /etc/rcS.d scripts to bring the system up to run level S. The following tasks are performed from these scripts: Establishetall w Solaris 10 dtrace -l (understanding the behavior of the system) dtrace -l | wc -l (zeigt an, wieviele "Proben" entnommen wurden) dtrace -s new.d (ein D-Script wird gestartet) zoneadm (extra geschüPartionen einrichten - application container) zonecfg (setup zone coniguration) zlogin -C (Consolenlogin) svcadm svcadm milestone all kstat (examines the available kernel statistics) svcs -a (displays the current state of the system) svcs * network * rpc * (zeigt den rpc process) svcs -d * bind * (zeigt Infos üind) svcs -D * bind * (wer greift auf bind zu?) SSA ssaadm display c1 (controller number) zeigt Zustand des Arrays Disk tauschen unter Veritas 1.) Feststellen welche HD defekt ist. (vxdisk list, /var/adm/messages, etc...) z.B. c1t3d0 # vxdisk list | grep c1t3d0 c1t3d0s2 sliced disk01 rootdg online Der Disk media name ist im dritten Feld der Ausgabe. (hier disk01) 2.) Alle Zugriffe auf die volumes (objects) dieser Disk stoppen. 3.) Vxdiskadm starten um die Disk zu tauschen #> vxdiskadm 4.) Menuepunkt "Remove a disk for replacement" auswäen. Bei der Abfrage des Disknamens den in Pkt.1 ermittelten Namen eingeben. Vxdiskadm speichert nun alle Subdisk Informationen fü Wiederherstellung. (man vxdiskadm) 5.) vxdiskadm beenden: "Quit" SSA 100 Family Herunterfahren der Disks im gleichen Tray mit ssaadm z.B.: Disk c1t3d0 defekt, alle Disks im Tray 3 herunterfahren. #> ssaadm stop -t 3 c1 Ît 3 = Tray 3, c1 = controller 1 Disk Tray herausnehmen defekte HD ausbauen neue HD einbauen Disk Tray wieder einbauen Starten des Disk Trays > ssaadm start -t 3 c1 SSA 200 Family mit RSM trays (SSA 214 RSM) Herunterfahren der defekten Disk im Tray ssaadm stop /dev/rdsk/c0t3d0s2 Defekte HD ausbauen Neue HD einbauen Disk wieder hochfahren ssaadm start /dev/rdsk/c0t3d0s2 weiter bei Punkt 7 SSA 200 Family mit 5 ¼" Disks Achtung !. Da der Austausch einer def. Disk in einem Tray läere Zeit in Anspruch nimmt sollte eine Downtime vereinbart werden. Herunterfahren der Disks im gleichen Disk Tray z.B. Defekte Disk = c1t3d0s2 ssaadm stop -t 3 cst 4 Digits new Controller) abc3 (z. Bsp.) Achtung !!!!! Die WWN mußgeäert werden, da Systeme wie Veritas Platten üie WWN des SSA´s ansprechen etc. Es kann bei nicht beachten zu Problemen kommen, d.h. Filesysteme werden nicht mehr gefunden, online - offline Meldungen etc. Enable FW (im single user mode) Beispiel: ssaadm fast_write -e /dev/dsk/c0t1d0s0 saadm display (nachschauen) ssaadm fast_write -e c0 (Komplettes Array) ssaadm display c0 (nachschauen) Slot Tray1 Tray2 Tray3 Back 1 0,0 2,0 4,0 z.B.: ssd@2,0 (Tray2, hinterste Platte) 2 0,1 2,1 4,1 ......????. 9 1,3 3,3 5,3 10 1,4 3,4 5,4 Front SSH SSH-Daemon starten: tcsh SNMP check: netstat -a | egrep '161|162|199|1161|1162' Oracle SNMP check: su - oracle (dann:) .oraenv Crash Dump: dumpadm (kernel/pages/c0t0d0s1) Replaces rlogin and rsh. Provides secure encrypted communication between two untrusted hosts over the network. ssh protocol version 1: user logs in, if listed in /etc/hosts.equiv or /etc/rhosts.equiv on the remote machine, and when user names are the same on both sides, usr is permitted to log in. #ssh-keygen (erzeugt öntlichen Schlü im Unterverzeichnis: ssh muss identity und identity.pub zu finden sein) #~/.ssh > cat identity.pub >> authorized_keys (Schlüauf anderen Rechner kopieren) #slogin (hiermit logt man sich ein) Stortools # stormenu -s (short - fü00 und T3 (recht langsam)) Neue Installation: (/var/opt/stortools/logs/..) - check revisions (1), - snapshot file (2) (ist ein ARRAY weggebrochen?) Storage Monitor (5) (checks messages und automatisiert Status Ausgabe) run installation verification (7) (welcher ist der primä und sekundä Pfad?) (auf der T3:/etc/syslog.conf) Falls Storetools vorhanden erst "alte" Version löen. pkgrm (steht wahrscheinlich unter /var/sadm/) Storetools TAR-File nach /tmp und entpacken #pkgadd -d . vi .dtprofile (.profile) PATH=$PATH:/opt/STORtools/bin MANPATH=$MANPATH:/opt/STORtools/man export PATH MANPATH # stormenu Start der Stonnection to each domain. Platform Administration: Setting passwords, monitoring, controlling power of components, configuring system controllers, network, loghosts, SNMP, defining numbers of domains and access control of CPU/Memory, I/O assemblies. # echo §TERM (shows type of connection) getting to platform shell: telnet (from any workstation) getting to platform console: serial connection (from a terminal or laptop) Operating System wenn OS aktiv ?telnet Verbindung ^] (dann) send br ______________________________________________|_______________ Open Boot Prom ^] (dann) send brk __________________________|______________________________ Domain Shell (setkey off (on)) | | resume --- break---- disco ______________________|__________________________________ Platform Shell | console (-d) a (or: b,c,d) _________________________________________________________ | connect with: telnet or console (tip hardwire) to exit telnet: quit, to exit tip: ~. Von Solaris oder ObP auf Domain-Shell: ~# bei Hyperterminal: Strg + Untbr #echo $TERM (zeigt, wie ich verbunden bin) Beispiele : 6800 mit 2 Domains Dual Partition Mode ? Domain A + C verwenden. A alle geraden Boards, C alle ungeraden Boards. 6800 mit 4 Domains Dual Partition Mode ? Domains A,B,C,D verwenden. A + B alle geraden Boards (falls möch), C + D alle ungeraden Boards. 4800 mit 2 Domains Dual Partition Mode ? A + C verwenden. siehe hierzu auch Konfigurationsmatrixen oben. Power Grid 0 fät aus ist defekt. Domain A or B fallen aus SB0, SB2, SB4, IB6, or IB8 werden nicht mehr mit Spannung versorgt und fallen aus. Power Grid 1 fät aus / ist defekt (gilt nur fü Fire 6800) . Domain C or D fallen aus. SB1, SB3, SB5, IB7, or IB9 werden nicht mehr mit Spannung versorgt und fallen aus. SBx and IBx kann man jeder Domain in jedem Segment zuordnen: Das hat zur Folge, daßwenn man eine Domain mit Boards eines anderen Power Grid´s kreiert,die Verfüeit und die Zuverläigkeit sich reduzts you to the telnet> prompt (ok> ^] (than type) send break) 3 types of serial connection: ASCII terminal: on the Main Menu type o or p Network terminal server (NTS): telnet NTShostname/IPadress Workstation: Domain console prompt: send break Navigation: to return to original shell: disconnect to connect do domain console: resume (from the domain shell) to connect to domain shell: console (from the platform shell) to change from domain shell to OBP: break to change back: ^] (and) send break (at the telnet prompt) to enter an inactive domain from the domain shell: setkeyswitch on System controller syntax examples: showlogs (Fehlermeldungen) addboard -d a sb2; deleteboard sb3 break (will be ignored, if keyswitch is set to secure) console -db disablecomponent sb2/p3/b0 (oder: disablecomp ib9/p0/b1 ib8/c2) disconnect dumpconfig -f ftp://hostname/path-name (used after initial configuration of platform and domains, saves system informations to a server) enable component (deletes a component from the black list) flashupgrade -f ftp://host/path all (system has to be in single user mode) help history poweroff sb2 poweron all reboot (reboots the system controller) reset (resets the domain) restoreconfig -f ftp://host/path resume (exits domain shell and resumes access to the domain console) setdate 04201852001.10 (oder: setdate -t GMT+9) setdefaults (domains have to be inactive (not running OBP, POST or Solaris and the virtual keyswitch is off)) setkeyswitch on (domain will go through POST and OBP) off (all boards belonging to the domain are places in low power mode - (remove)) standby (boards will not be initialized at system power on) diag (similar to setkeyswitch on (diag level on max)) secure (break and reset are ignored) setupdomain (sets up domain specific parameter values and configures the domain) showcomponent sb4 showdomain -p bootparams Disabling Components (Blacklinsting) disablecomp /NO/SB0/P2 (the same way with enablecomp) showcomp (reboot domain to integrate changes) System controllewo partitions, using half of the total repeater boards each. The Sun Fire 6800 system has a set of two repeater boards in each partition in dual partition mode.The 3800 - 4810 systems have one repeater board in each partition in dual partition mode. In all systems in a single partition mode all repeater boards are used in the partition. Domains A domain is an instance of the Solaris operating environment that is independent of other domains. Domains do not interact with each other. They have their own host ID and OS environment. Loghost The system controller has permanent storage. It stores errors, warnings, and other messsages in a message buffer. To enhance accountablity messages can be sent to a loghost (showlogs). Hard Hung Domain If you cannot log into the Solaris operating environment (with break), you still can get a status of the domain: showplatform -p status (from the platform shell) or: showdomain -p status (from the domain shell) Use: reset (domain shell) or reset button on system controller to restart controller. Recovery: (depends on the error-reset-recovery in OBP) none: domain returns to OBP syc: domain generates a Solaris OS environment corefile and reboots domain boot: domain will reboot In case of failing to reboot: use the setkeyswitch to force the domain off and to reboot Removing a CPU/Memory Board, I/O Assembly or CompactPCI Card: # init 0 (wait a while) ok> ^ ] telnet> send break scname:A> setkeyswitch off (turns off boards connected to domain A, board can be removed or changed now) scname:A> setkeyswitch on ( Turning board back on) ok> boot Turning off one board at a time: poweroff sb0? (than: poweron sb0..) Replacing a Repeater Board: You must halt and power off the domains that the repeater board is connected to scname:sc> showplatform -p (determines which domains are active) # init 0 (has to be done on each Domain connected to the repeater boards) ok> ^ ] telnet>> send break scname:A> poweroff board_name (repeater board can be replaced. Turning everything back on) telnet scname setkeyswitch on ok> boun Fire 6800, benöt im Single Partition Mode 4 Fireplane Switches (Repeater Boards); und im dual-partition-mode werden 2 Fireplane Switches(RepeaterBoards)/Segment benöt. Die anderen Platformen benöen im single-partition-mode 2 Fireplane Switches; und im dual-partition-mode 1 Fireplane Switch/Segment. Effekte bei Dual Partion Mode Datenbandbreite bei der Fireplaneplane reduziert sich auf die Häte (4.8GB/s to 2.4GBs). Jedes Segment ist logisch unabhäig vom anderen. Die Ressourcen eines Segment beeinträtigen das andere Segment nicht. 2 Domains in einem Segment: Domain Snooping Bandbreite reduziert sich auf die Häte (9.6GB/s to 4.8GB/s). 2 Domains in einem Segment teile sich Repeater Boards. Ein Fehler auf einer Domain kann einen Fehler auf der anderen Domain verursachen. Wenn Fireplane Switches ausfallen Assoziierte Domains fallen aus bzw. kön nicht weiterlaufen . From our point of view, redundant Fireplane Switches means the system can be reconfigured to avoid using the failed Fireplane Switch. Komponenten wie system clocks, power and cooling sind voll redundant ausgelegt. Der system interconnect ist redundant konfigurierbar. Empfehlungen Konfiguriere das System so, daßDomain Resourcen (Boards etc.) an ein Power Grid gebunden sind. Versuche die Konfiguration so zu wäen das man 100% Domain Snooping Bandbreite hat. Wenn man 2 Domains kreiert betreibe das System im Dual Partition Mode d.h. 1 Domain / Segment; das Erhödie Verfüeit und die Zuverläigkeit. Platform und Domain Configuration. Platform verkabeln und Komponenten einschalten System zuerst redundant an Strom anschließn Serielle Verbindung zu Systemcontroller SC0 herstellen. Serielles Kabel und Tip Connect. Platform Shell ( 0 ) auswäen Zuerste mittels Befehl setdate -v -t ECT mmddHHMMYYYY.SS Datum und Uhrzeit setzen. Mittels Befehl setupplatform Platform Parameter und Konfigurationen eingeben. Punkte durchgehen : SC on a network :yes Use DHCP ??? :static . . Config for SINGLE or DUAL Partition Mode :dual / single Dann reboot des Syste Boards der Domain A bereits zugewiesen sind. Bei der 1. Auslieferung sind in der Regel säliche oards der Domain A zugeordnet. Man mußdann Boards die anderer Domain zugeordnet werden soll mittels deleteboard sbx ibx ersteinmal der Domain A wegnehmen. testsystem_sc0:A>setupdomain # Domain Setup selbsterkländ ! testsystem_sc0:A>addboard sbx ibx ?? # Boards werden Domain zugefüestsystem_sc0:A>disconnect # zurür Platform Shell testsystem_sc0:SC>cons c # Connect zur Domainshell Domain C testsystem_sc0:C> setupdomain # Domain Setup selbsterkländ ! testsystem_sc0:C>addboard ...... # gewüe Boards Domain C zuweisen testsystem_sc0:C>disco # zurür Platform Shell testsystem_sc0:SC>poweron all # Einschalten aller Komponenten der Platform Note : Manchmal gibt es Probleme mit dem Einschalten von Komponenten. Es ist dann ratsam die GRIDS (poweron grid0 grid1) zuerst einzuschalten und dann poweron all abzusetzen !! testsystem_sc0:SC>cons a testsystem_sc0:A>setkeyswitch on # Bringup der Domain testsystem_sc0:A>ok # nach bringup im ok prompt testsystem_sc0:A>disco testsystem_sc0:SC>cons c testsystem_sc0:C>setk on # Bringup der Domain testsystem_sc0:C>ok Mittels probe-scsi-all die Bootdevices ermitteln und installieren wie gehabt !!! Verbindungsmöchkeiten zum Systemcontroller Serielle Verbindung COM - Port Laptop etc. ? Serial A Systemcontroller Serielles Kabel vom Laptop zum SC verwenden. Tip Session starten. Platform Shell oder Domain Shell auwäen. mittels Eingabe von disconnect kann man die entsprechende Shell wieder verlassen bzw eine Shell nach obenen springen. Wenn die Domain geboot ist oder im ok Prompt steht, kommt man mit der Kombination ~# auf Domain-Shell Ebene. Mit disconnect auf die Platform Shell. Beispiel : Domain gebootet ? connected üip Session: Tip hardwire ? platform shell ? cons ? domain shell ? Betriebssystemconsole bzw. Loginprompt ? ~# ? domain shell ? disconnect ? platform shell ? disconnect ? Eingangsmenü ? Tip session verlassen. telnet ? Menünn PlaSignal fü noch laufenden Domains. Die Konfigurationsdaten der Platform liegen nicht als Spiegel im 2. SC. Das bedeutet, daßdie Konfigurationsdaten wie nachher beschrieben gesichert werden mü da ansonsten im Fehlerfalle die Konfiguration verloren gehen kann. setdefaults Kommando sc_hostname:SC>setdefaults füu einem Rüzen auf Factoryparams. Wird durch reboot des SC gü dumpconfig Kommando Voraussetzung hierfü ein Netzwerkconnect zu einem Solaris/Unixrechner auf dem man mittels ftp-FunktionalitäDateien laden kann. sc_hostname:SC>dumpconfig -f ftp://root:passwort@/path_name restoreconfig Kommando sc_hostname:SC>restoreconfig -f ftp://userid:password@/path_name sc_hostname:SC>restoreconfig -f http://userid:password@/path_name Flashupdate des Systemcontrollers #cd /export/ftp #mkdir pub #cd pub #mkdir build5.11.xx (xx = Revision) #ls build5.11.xx Serengeti Patches installieren/entpacken und nach build5.11.xx kopieren. Mittels tip hardwire connect zum Systemcontroller. #tip hardwire System Controller ´sc0-4800b´ Type 0 for Platform Shell Type 1 for Domain A console Type 2 ????. ???????. Input : 0 sc0-4800b:SC>showb -p proms Damit Prom Versionen anschauen. sc0-4800b:SC>flashupdate -f ftp:///pub/build5.11.xx all rtos Das Gleiche dann fü Spare SC. Nicht Parameter all verwenden. Mittels help flashupdate den entsprechenden Parameter füraussuchen. Mit Passwort: flashupdate -f ftp://[userid:passwort@]hostname/path Beispiel: flashupdate -f ftp://root:sun@10.30.0.139/flash scapp rtos (hier nur die Controller) Firmware update: (help flashupdate (normal oder anonymous)) scname:sc> flashupdate -f ftp://IP-address//path ib8 (files can be on any machine) Neue Firmware von einem board auf das andere kopieren: ..SC>flashupdate -c SB0 SB4 (SBO enthä schon die neueste Firmware) Flashupdate nur vom SCCO-Controller (Beispiel - dauert ~5 Minuten): ..SC>flashupdate -f ftp://server:xxx@129.26.160.7//home/sos/MARINA/ 112494-04 sght away, but it'll take about 10 seconds for these messages to show up: Clearing SC Platform password... Done. Reboot System Controller. 7. After the above messages are displayed, restore the bootflags to the original value using the setBootFlags() command. > setBootFlags(0xC) Use the value returned from #3 above. 8. Reboot the System Controller using CONTROL-X or the reboot command. Once rebooted, the platform administrator's password will be cleared. This procedure works with firmware version 5.11.3 and higher. Storagetek 5320 NAS Vorgehensweise beim Tausch einer Flachkarte in einem 5320 Cluster: Wenn eine Karte ausfät, gibt es ein Fail-over auf den anderen Head (das andere System). Somit kann man erst einmal problemlos mit dem defekten System arbeiten. Zuerst sicherstellen, dass man sowohl üGA-Monitor-Anschlußmit USB-Keyboard, als auch üinen Web-Browser eine Verbindung auf die defekte Maschine hat. Maschine ausschalten (Vorne den entsprechenden Knopf drü. 1) Tausche Flashkarte (die neue Karte enthä bereits ein Betriebssystem) 2) System wieder anschalten (vorne auf dem Display sieht man, dass das System versucht üHCP sich eine IP zu holen, dass kann man dort auch abbrechen). Das System bootet soweit, bis das Menu erscheint. Ansonsten Menu eintippen. Dort im Menu: Configuration -> A. Host Name & Network ( Install Server Name & Network Address ) - IP-Adresse und Broadcast eingeben (meist ganz rechts z.B. 192.168.60.32). 3) Mit NAS-Head üinen Web-Browser verbinden und die IP im Display des Servers setzen: http://temp-IP/.BUILT-IN/upgrade/ (bei neuen Karten ist kein Passwort gesetzt). Evtl. Firefox statt Microsoft nehmen, wenn das Fenster fü FW-Upgrade nicht erscheint. Daten eingeben: Modell: 5320C NAS Seriennummer: ST5320C2006082101-H1 (endet auf -H1 oder -H2 (füd 1 oder 2)) In: > System Operations > Update Software Firmware: 119352-06.img starten (Release 421m0) 4) Warten auf FW-Transfer; anschliessend reboot auslö. Dies kann zehn Minuten dauern. Dann üonsole ein reboot auslö (ür die IP eingeben (192.168.160.32). Java mußvorhanden sein. Bei einer neuen Karte ist kein Passwort gesetzt. Lizenz-Key steht in einem NAS Extract (z.B. nasxtr.192.168.10.2 -> Licenses.out (key von dort rauskopieren, bzw. manuell üagen)). - >Systems Operation -> Active Operations - >Module : Sun StorageTek NAS Gateway - >Organisation: 20061018 - >Expiration: 00000000 - >Key: 762017F1-1972-xxxx-xxxxxxxF1AF Falls es einen "invalid license key" Meldung gibt, Eingabe der Seriennummer nocheinmal üüFalls es dort einen falschen Eintrag gab, mußmeist die Flashkarte erneut getauscht werden. 7) failover im Menu einschalten 8) Auf 2. Head üMenu einloggen und Recover anstossen (damit updaten sich die beiden Karten, daßkann eine Weile dauern und sollte nur gemacht werden, wenn keine Last auf den Systemen ist). Firmwareupdate (als Beispiel gab es NTP-Probleme) Die Prozedur kann im laufenden Betrieb gemacht werden. Üer einen Webbrowser auf Head1 einloggen. ?System Operation -> Update Software -> Path (suche nach NE421B2M2.img) Update starten ->Reboot this head (dauert bis zu 10 Minuten - failover wird automatisch aktiv, kann man am Display der beiden Maschinen verfolgen). Auf den zweiten Head üWebbrowser einloggen. Sollte die GUI blockiert sein (blocked), entweder 45 Minuten auf einen Time-Out warten, oder üelnet/ssh sich auf diese Maschine einloggen und nach dem User suchen, der die GUI blockiert (ist man meistens selber von einem frü einloggen). >datalog show (zeigt meist irgendwo einen User mit der Nummer eins) >datalock reset 1 Dann wieder üie Web-Console auf Head2 einloggen, sollte nun nicht mehr blockiert sein. Dort mußein Recover angestoßn werden: -> High Availability -> recover (dauert meist nur ein paar Minuten). Auf "Normal" warten (wird im Display angezeigt). Als Nästes den Head2 updaten, gleiche Prozedur wie Head1. Nun wieder auf Head1 üeb-browser einloggen, und ein Recover anstoßn. Wenn Head1 blockiert ist, nach dem User suchen und ein >datalock reset 1 ausfü(wie oben beschrieben).ausgesetzt, ein altes Image ist vorhanden). Somit wird das alte Images geladen. System neu booten SunFire 12k/15K/25K (Star Cat) Auf der SVC-Ebene: SB10 wurde eingebaut: Svc> Befehle anzeigen lassen: cfgadm Flashupdate: Alle Boards in einer Domain (io-boards benöen kein Flashupdate): flashupdate -d A -f /opt/SUNWSMS/hostobjs/sgcpu.flash (Patch 112829 (5.13.4)) (dauert bei 18 Boards zwei bis drei Stunden, bevor das Update anfät, wird der Zustand der aktuellen und neuen Firmware gezeigt und man mußyes eingeben) Systemcontroller 0: flashupdate -f /opt/SUNWSMS/firmware/SCOBPimg.di SC0/FP0 (dann: ../SSCPOST.di SC0/FP1) ebenso fütroller 1 (SC1/FP0 und SC1/FP1) Boards und andere HW üomain Zugriff ausschalten: cfgadm -c disconnect SB12 Boards und andere HW üMScontroller an- und auschalten: rcfgadm, poweroff, poweron .... Beispiel eines Austauschs eines Boards (SB7) im laufenden Betrieb (Platformebene): # showboards (status anschauen) #deleteboard -c unconfigure sb7 (Nimmt das Board aus Solaris raus.) Sollten nicht genug Memory Resources zur Verfüstehen (mit: /usr/local/bin/top nachschauen), mußdas SWAP vergröt werden, damit die Programme, die die Memory des Boards verwenden, dorthin ausgelagert werden kön. Allerdings braucht man dafüien Plattenspeicher: Sollte z.B. /dev/dsk/c1t1d0s6 frei sein, dann: swap -a /dev/dsk/c1t1d0s6. Dadurch wird s6 dem swap hinzugefüit swap - l nachprüEbenso kann ein Verzeichnis zum swap zugeordnet werden, mußallerdings leer sein: # swap -a /files/swap (ein Poweroff sb7 geht nur, wenn die Domain unten ist). #deleteboard -c unassign sb7 Board tauschen, dann: # addboard -d a -c connect sb7 (sollte es Fehlermeldungen geben, Flashpromversion üü#flashupdate -f /opt/SUNWSMS/hostobjs/sgcpu.flash sb7 (kann abgebrochen werden, zeigt zuerst den Flashzustand des Systems und des neuen Boards an, fordert dann zum Weitermachen auf) #addboard -d a -c configure sb7 (damit wird das Board füaris aktiviert) Mit showboards unter der Platform -Shell prümit prtdiaboard - c unconfigure SB10 deleteboard -c unassign SB10 Board tauschen poweron SB10 addboard -d a -c connect SB10 addboard -d a -c configure SB10 (bei failure flashupdate durchfü addboard -d a -c assign SB10 Von Solaris auf Platformebene schalten füshupdate: ^] send break flashupdate -f /opt/SUNWSMS/hostobjs/sgcpu.flash SB10 (zeigt zuerst den Flashzustand des Systems und des neuen Boards an, fordert dann zum Weitermachen auf) Star Cat Installation: Fast der gesamte Installationsprozess ist in der EIS-Checkliste beschrieben. Dennoch mußeiniges beachtet werden. Idproms: Install Solaris Install SMS1.1 Setup /etc/hosts IPfailover IPsc0 IPsc0-hmeo-test IPsc0-eri1-test IPsc1 IPsc1-hme0-test IPsc1-eri1-test smsconfig -m interactive - platform - setup community C1 (sms-failoverIP/sc´s IP on *:1/ testIPs on hme:0 + er1:0) I1-network - I2 -network reboot restore idproms smsconfig -a -u sms-svc -G admn platform smsconfig -a -u sms-svc -G oper platform for i in A .. R do smsconfig -a -u sms-svc -G admn $i done edit /etc/opt/SUNWsms/config/platform/.postrc add "allow_us3_cpus" (power on domains) SK15K Installations-Beispiel: Üer Annex einloggen: telnet 10.1.180.79 5002 (sc0) telnet 10.1.180.79 5003 (sc1) (auf sc0 einloggen (üerielles Kabel), ebenso dann auch sc1) ok boot (vorinstalllierte Version wird ausgefüTerminal auf dtterm setzen)) EIS-cd nach der Checkliste installieren, ebenso update der Firmware (check der Version: more /var/sun/E*) DNS Einträ nachträich einrichten. Üer Nacht hpost laufen lassen (level 127) Am nästen Tag eine Domain auf der gesamten Maschine einrichten (ünternen Jumpstart) setupplatform addboard -d a sb0 sb1 sb2 ...sb17 io0 io1 io2 ... io17 setkeyswitch -d a standby Aktiven System Controller (SC) anzeigen lassen: showfailover -r Domain configuration (mußfüe Domain durchgefüerden) addtag -d R sm (Domain R mit dem Namen sm wird eingerichtet) setupplatform -d sm sb17 io17 showplatform -d sm -p acls (anzeigen lassen) showobpparams -d sm (anzeigen) addboard -d sm asign sb17 iy in syslog.conf file consists of two tab-separated fields:selector and action. Selector= facility.level Action=where to send the message All messages send to /var/adm/messages: *.err /var/adm/messages Log all messages from one syslog facility into one place (/var/adm/messages) vi /etc/syslog.conf (use only the tab key) kern.emerg;kern.alert;kern.crit;kern.err;kern.warning /var/adm/messages kern.notice;kern.info;kern.debug /var/adm/messages If two output logs are specified neither will be written to. ps -aux shows syslogd processes How to log "normal" mail activity into a logfile: (vi /etc/syslog) mail.info ifdef('LOGHOST', /var/log/maillog, @loghost) (syslog deamon neu starten mit: syslogd stop (und start)) tail -f /var/adm/messages (monitors the syslog file in real time) T3 (Wichtig: auf richtige Schreibweise bei der T3 achten, am besten mit mittlerer Maustaste kopieren!) Raid 5 und eine LUN pro Einheit am sinvollsten in der T3, letzte Platte fü spare aufheben. Bei zwei LUNS geht eine zusäliche Platte füD5 verloren. Simple Setup (REOS durch 0180 2000 722 aktivieren): Üer serielles Kabel Box mit tip hardwire ansprechen. (login:root, kein Password) Dann: set (nur set zeigt Konfiguration) (telnet (üthernet)) sys (configures system (block size, cache off/on ..) boot -i u1b1(u1b2) refresh -s (testet den Zustand der Batterien) help (zeigt Befehle) vol list (was wurde gemacht, bzw wie weit is vol add ...?) proc list (was lät) fru list (zeigt Platten) fru -s (ausfühe Informationen üie Platten) in.rarpd -a (startetdeamon) Creating Volumes: vol add VOL1 data u1d1-8 raid 5 standby u1d9 vol stat (Anzeige) vol init VOL1 data (rate 16) (erzeugt Volume) Configuration auf der T3: Auf der Sunsolve Infodoc 14838 füuelle Patchmatrix aufrufen. Siehe auch: http://katze.germany/T3/Install ationen/install_tasks.txt Patche mit : ./.t3.sh installieren. Date und Network infos vorne am Gerätzset +0100 (europa) >date 200008301550.00 set p 129.42.40.106 > suen) auf der T3: ver (um Stand anzuzeigen) (patch 110760 fü cluster 2.2) ping t3 (oder: telnet t3, oder: ftp t3) (transfer patch contents to t3(no docs) wird auch von t3.sh ausgefüdann: ./t3.sh (vom Server aus ausfü-kopiert entsprechende files automatisch auf die T3) auf der T3: (Zugriff vom Server unterbinden, z.B. in single user mode üchseln) lpc version (verify correct version) boot -i nb213.bin (installs boot code) (lpc download u1l1 lpc_05.02) ep download ep2_10.bin (download new EPROM code) set bootmode auto (verify system boot mode) reset Verify Status: port list (verifies ports) vol list (verify volumes) vol stat (drive state must be 0) Disk firmware upgrade: With ftp, transfer approriate disk firmware to T3 root-directory (in binary mode) z.B. Model: ST316304FSUN Filename = S318304-A726 vol unmount V0 (Beispiel) (unmount all T3 volumes) disk download uld1-9 FILENAME fru list (Status anzeigen lassen) reset vol stat vol mount V0 In the optimal state all devices should report a drive state of zero. Check with proc list, if processes are in operation. Check with refresh -s, if battery refresh is in progress. fru list (successful download ?) fru stat (confirms, that all disks are ready) T3 Neu-Installation tip hardwire (login:root, kein Passwort (Standard Passwort setzen: sun1)) >set (settings anschauen - wenn falsch, neue setzen, dann reset) (mp-support muss bei zwei T3(ES Konfiguration) auf rw gesetzt werden ) >fru list (firmwares anzeigen lassen) >tzset 0100 (wenn nö) >date xxxxxxxx.xx Sollten Volumes bereits vorhanden sein: >vol unmount >vol remove ) >sys blocksize 32k (falls keine anderen Vorgaben gegeben) >vol add V0 (oder anderen Namen) data u1d1-8 raid 5 standby u1d9 (vol init v0 sysarea (dann:) volinit v0 data (writes correct private labels to disks)) (sollte ein kaputtes Volume gerettet werden: vol init V0 fast (only RAID 0)) >vol mount V0 (Sollte das Fiberkabel falsch angeschlossen gewesen sein, Kabel richtig anschliessen und devfsadm ausfü) # format -e 0 vol remove v0 vol add v0 data u1d1-8 raid 5 standby u1d9 vol init v0 fast (keeps old data) vol mount v0 * Component Manager: Datei editieren: /usr/opt/SUNWesm/mo/hosts (T3-IP von /etc/hosts ühmen) (Um init script vom Component Manager zu ühmen): #cd /usr/opt/SUNWesm/SUNWesmru-*/sbin #./esm_noboot -v start; ./esm_mcboot -v start; ./esm_em_noboot start; ./esm_em_mcboot start (wird auch durch ein reboot des Rechners (nicht T3) erreicht). #/usr/opt/SUNWesm/esm-gui T3 mit Bootplatte: #vi /etc/ethers MAC IP einfüvi /etc/hosts hostname #vi /etc/sswitch.conf files #touch /etc/hostname.interface #vi /etcinetd.conf (tftp mit # auskommentieren) (prüob in in.rarpd daemon lät (usr/sbin/in.rarpd), (wenn ping auf T3 nicht geht, dann auf die boot Adresse pingen) #tip hardwire >set bootmode tftp (>set ip ...) (>set netmask ...) (>set tftphost) (>set tftp file (z.B. nb096.bin)) (>set hostname (eigener Name, nicht den IP Host Namen)) Vertias auf T3 (nur concatenated volumes sollten erstellt werden (nach uninitialized disks schauen)) #vxdg import (Name der Plattensammlung der T3) Volumes anlegen: New, , VOL1, Size:100mb (oder Maxsize), concatenated, add file system, mount points:/ #mkdir # man tunefs (nach minfree schauen) #man newfs (inode-size kleiner setzen (bei grossen Platten) sonst zu grosser Plattenplatzverlust) #umount (wenn es wieder gelöt werden soll, und) #vxedit -y -rf rm vol01 Grundsäliches Hardware RAID , Raid 0, 1, (1+0), 5 0+1 not suported. Fibre Channel System Dual Ported Disks 256 MB Cache 32 MB RAM 2 x UIC Unit Interface Controller (1 per Loop) 2 x PCU Power Cooling Unit (PS + Fan´s + Cache Battery (UPS)) Power PC Controller - Nur zum Managen der Box HW Parity - Kalkulation (Filter), dadurch keine Parity-Calc.-time. 1-9 FCAL-Disks (8 x Data + 1 x HotSpare) Empfohlene Konfiguration RAID 5 disk 1-8 + disk 9 HS) Maximal 2 LUN´s per Box Workgroup / Partnergroup Konfiguration Access to T3 Box Direct Access via Console (Tip Sessrt sein. Wird normalerweise durch /etc/rc3.d/S15nfs.server Script gestartet. Dazu mußaber ein share in /etc/dfs/dfstab (share -F nfs /tftpboot) sowie Einträ in der /etc/ethers vorhanden sein. Ist dem so wird der in.rarpd beim booten gestartet. Falls nicht ist der tftp-Service in der /etc/services oder in der /etc/inetd.conf disabled. Er mußin beiden Files enabled sein !!!!!!!!! Nachdem man alle Einträ gemacht hat inetd stoppen ( kill -1 ) danach inetd starten. Wichtige T3 Kommandos OBP Ebene help - zeigt verfü Kommando´s an. set - zeigt Settings an. set passwd - zeigt passwort an. Nur möch beim Tip-Access üonsole. set help - zeigt alle verfün set Variationen an. set -z - setzt alle T3 Box Parameter auf Default zurüOS Ebene help - zeigt verfü Kommando´s nach Boot an. fru list - zeigt FRU´s in Box an. fru stat - zeigt FRU Status an. fru help - s.o. sys - Kommando zum setzen von Systemparametern. help - zeigt alle Möchkeiten des jeweiligen Kommando´s an. vol ? - Kommandos zum kreieren, anzeigen der Volumes etc. etc. !!! Manche Kommandos kön nicht mehrmals zur gleichen Zeit ausgefüerden !!! Ädern von Files auf T3 Box Funktioniert erst einmal nicht !!!! Die zu äernden Files mümittels FTP auf den Host geladen werden, dort dann editiert werden und dann zurüaden werden. Vorgehensweise : ftp ? get File (von T3) ? change File mit vi etc. auf Host ? put (zur T3). Logging auf Loghost Loghosteinträ /etc/syslog.conf z.B. : local7.info /var/adm/messages.t300 local5.warn /var/adm/messages.t300 Dies bedeutet, daßsäliche Meldungen der Kategorie info & warn die vom T300 an den loghost geschickt werden, in das file /var/adm/messages.t300 geschrieben werden. Mittels touch /var/adm/messages.t300 mußdies file natü vorher angelegt werden. Das syslog.conf - File auf der T3 /etc/syslog.conf ? mittels ftp auf Host transferieren ? dann wie folgt editieren : *info ? /syslog d.h. Info´s der Kategorie inf werden auf der T300 unter /syslog gespeichert. *warninghysical Path /devices/pci@f,0/pci@1/SUNW,ifp@3/ssd@??wwn,0:c pci@1f,0 PCI HA pci@1 channel ifp@3 Device Class, HBA Driver Name (FCAL, SCSI, etc.) ssd@?? Drive Name FCAL Disk 0:c LUN:SLICE Nr. a=0, b=1, c=2, ????..h=7 # modinfo | grep ssd ??..118,18???? 118 major Nr. Device N /etc/name_to_major 18 minor Nr. Instance Nr. /etc/path_to_inst welches Device aus der Gruppe ssd. Volumes erzeugen #:> vol help vol add (create) vol init (Initialize) vol mount (in the box) #:> vol add < Volume name > data # standby (Hot Spare) + disk angeben. Siehe vol help dann ist alles selbsterkländ. Letzte Aktion des Controllers speichern: (auf der T3): logger -dmprstlog (dann der T3extractor auf dem Host ausfü loop set Telnet Enable/disable (Solaris 10) If "svcs ftp" reports that the ftp service is in the "disabled" state, then you should be able to run "svcadm enable ftp" to enable it. Same thing for telnet. I believe that after a default install of Solaris 10, though, these services will already be enabled. # svcs -vx #svcs -x telnet #svcs -x inetd # svcs -xv dns/client Um aus einem Telnet-login auszusteigen: CTRL + d Deaktivieren: #vi /etc/inetd.conf (telnet auskonfigurieren) #ps -ef | grep inetd (um PID zu ermittlen) #pkill -HUP ": co:234:respawn:/usr/lib/saf/ttymon -g -h -p "'uname -n' console login: " -T sun \ d /dev/console -l console -m ldterm,ttcompat If I login over the network, my terminal type is set to "sun"/"AT386" How can I change that? In SunOS 4.x the type would have been "network" If no terminal type is specified in the network (telnet/rlogin) protocol, the standard startup scripts (/etc/profile, /etc/.login) will set the terminal type to the default console type (sun for SPARCs, AT386 for x86). To get the SunOS 4.x. behaviour back, all you need to do is set the type to "network", if not previously set. Tests dd if=/dev/sda1 of=/dev0 bs=16k (Lesetest ins Nirvana) USB Ab Solaris 10 (Generp other file1 chmod 645 file1 (absolute mode) chgrp 14 file1 file2 chmod u-x, g+w, o+x file1 (symbolic mode) chgrp -R staff How to share a user´s home directory: Verify, that the mountd deamon is running: ps -ef|grep mountd If not, start it: #/etc/init.d/nfs.server start List the file systems, that are shared: # share Edit the /etc/dfs/dfstab file to share the system containing the users home directory Add: #share -F nfs /file-system (z.B. /export/home) Share the file systems listed in the /etc/dfs/dfstab: # shareall -F nfs (no reboot neccessary than) #share (to verify) How to mount a user´s home directory: Make shure the user's home directory is shared. Edit the /etc/vfstab and create an entry for the user's home directory: (system-name:/export/home/user-name - /export/home/user-name nfs yes rw) Create the mount point for the user´s home directory: #mkdir -p /export/home/user-name #mountall How to restart Solaris user Registration: #cd $HOME/.solregis #rm uprops #/usr/dt/solregis & (restart the registration process) Unter LDAP: #ldap_lusers | grep i OKU0039 (ist er bereits vorhanden?) V245 Sc>setcsn -c xxxTLxxx (bei Tausch des Boards die neue Serial-Nummer setzen) Veritas Volumemanager Veritas Volume Manager License Key (vxlicinst): 3.5: 8EZU-WDZF-2WIJ-ZAP6-DEP3-PRRP-ORCP-P3 4.0: 8ZPU-PY2T-F2TH-RPPP-6POR-PN3P-3RNC vea (grafische Oberfläe von Veritas 3.5) vxtrace -t1 (zeigt Aktionen von Veritas) Veritas - zwei Platten spiegeln: # format (root ab cylinder 1, 2 cylinder am Schluss freilassen (-10 mb) # /cdrom/volume_manager_3.0.4/pkgadd -d . (patches von der GOLD-CD: /cdrom/cdrom0/sun/patch/veritas-vm) # cp 109687-01.zip /tp # unzip /tmp/*.zip # /tmp/patchadd 109687-01 # init 6 # vxinstall (licence key auf der GOLD-CD) custom-install / encapsulate boot disk / leave others alone # reboot # vmsa & uninitialized disks (recht Maustaste -> add) disks (Bootplatte wäen -> rechte Maus -> Mirror -> Target Disk (browse), andere Platte wäen) Basic setup (/cdrom/cdrom0/Solaris_2.6/scripts/pkgs/pkgadd -d .) #vxinstall (zwei der Gruppe löen) vxdisk offline c1t1d0s2 (offline setzen) vxdisk rm c1t1d0s2 (entfernen) dumpadm (kontrolle) luxadm remove_device /dev/rdsk/c1t1d0s2 vxdctl enable vxdiskadm (Spiegel wieder aufbauen) vxbootsetup c1t1d0 touch configure reboot Anderes Beispiel iostat -ne (welche Platte hat die meisten Fehler?) iostat -E (rausfinden der seriellen Nummer) vxdisk list (gleiche Platte defekt?) luxadm remove_device -F /dev/rdsk/c1t4d0s2 (da Platte noch unter Solaris bekannt ist) Platte ziehen (Enter drü Luxadm insert_device /dev/rdsk/c1t4d0s2 Neue Platte einbauen Vxdctl enable Vxdiskadm Defekte Platte in A50v00 (Photon) tauschen: luxadm probe (zeigt Controller und WWN) luxadm disp C (anschauen) (C fünamen) (oder: luxadm disp d ) xvdiskadm (4 und 11) (dasselbe wie; vxdg -g -k rmdisk ) luxadm led_blink /dev/rdsk/c0t0d0s2 (logischer Pfad - zur Sicherheit) luxadm remove (warten, bis Aufforderung da ist, dann kann Platte, ohne runterfahren, rausgenommen werden, Return betägen.(Beispiel: luxadm remove d,f9 ) luxadm insert ( dann neue Platte reinstecken) Sollte Platte nicht mehr ansprechbar sein und von der Photon schon auf offline gesetzt sein, muss nur Punkt 4 von vxdiskadm ausgefüerden, dann kann sie im laufenden Betrieb gezogen und getauscht werden. vxdctl enable (immer gut anzuwenden, addiert neue Platten wieder zu Veritas, mit format schauen, ob neue Platte auch da ist) vxdiskadm (5) (Platte kann offline sein (dann xvdctl enable), wenn auf Error, kein Problem mit Punkt 5) (encapsulate: no ; initialize: yes (wenn nö) drvconfig; disks; devlinks scadmin vxprint -ht Falls Probleme auftreten: luxadm remove (oder: remove_device) -F A,f5 (Name der A5000, front disk Nr.5) Sollte es nö sein, die Platte neu zu initialiseren, Punkt 1 in vxdiskadm ausfü dann encapsulate=no , initialize=yes. Sollte Veritas noch glauben, dass die alte Platte vorhanden ist, diese Platte mit 4 rausschmeissen und 5 nocheinmal durchfü Anderes Beispiel: vxdiskadm (4 + 11)eiter zu booten bis in die Inst. Routine. Beim "Customizing Disk-Partitions" dann unter Optionen (F4) den Menupunkt "Load existing Partitiontable" auswäen. Im GUI sind die Optionen unter dem Icon mit dem Plattenstapel oben links. Solaris Inst. wie ü fortsetzen. VxVM Packages mit pkgadd installieren. /etc/vx/cntrls.exclude anlegen Controller eintragen die bei vxinstall nicht abgefragt werden sollen: z.B.: c1 c2 /etc/vx/disks.exclude anlegen Disks eintragen die bei vxinstall nicht abgefragt werden sollen: z.B.: c0t2d0 c0t3d0 vxinstall aufrufen und vorerst nur die disk fü root Spiegel als new disk zum anlegen der rootdg angeben. Bei use default diskname? "N" eingeben und eigenen diskname "bootmirr" eingeben. rebooten Dateien sichern: cp /etc/system /etc/system.no.vxvm cp /etc/vfstab /etc/vfstab.no.vxvm Bootdisk encapsulieren mit vxdiskadm. Bei use default diskname? "N" eingeben und eigenen Disknamen "bootdisk" eingeben. Nach der Encapsulierung muss rebootet werden. Es werden automatisch 2 Bootvorgäe durchgefüAlle Subdisknamen nach der Reihenfolge der Partitions Nummern äern, dadurch wird nach einem Ersetzen der system disk die Reihenfolge wieder so sein, wie sie ursprüh war: vxedit -g rootdg -s rename oldname newname vxedit -g rootdg - s rename bootdisk-02 bootdisk-02t (t = temporä vxedit -g rootdg - s rename bootdisk-01 bootdisk-01t vxedit -g rootdg - s rename bootdisk-04 bootdisk-04t vxedit -g rootdg - s rename bootdisk-03 bootdisk-03t vxedit -g rootdg - s rename bootdisk-05 bootdisk-05t vxedit -g rootdg - s rename bootdisk-02t bootdisk-01 (root) vxedit -g rootdg - s rename bootdisk-01t bootdisk-02 (swap) vxedit -g rootdg - s rename bootdisk-04t bootdisk-03 (var) vxedit -g rootdg - s rename bootdisk-03t bootdisk-04 (opt) vxedit -g rootdg - s rename bootdisk-05t bootdisk-05 (usr) Bei Bedarf wird nachträich der Spiegeldisk der Name "bootmirr" gegeben: vxedit -g rootdg rename disk02 bootmirr Mirror root on specified disk (Rootpartition spiegeln) vxrootmir bootmirr Mirror swap var opt und usr (Restliche Partitionetdg muss vorhanden sein) Auflisten aller Disks vxdisk list Anzeigen der Partitionen prtvtoc /dev/dsk/cxtxdxs2 Subdisks der Bootplatten in /etc/vx/bin/vxbootsetup Solaris-Partitionen umwandeln /etc/vx/bin/vxmksdpart Anlegen einer Diskgroup vxdg init =cxtxdx Disk zu einer Diskgroup hinzufüxdg -g adddisk =cxtxdx Disk aus einer Diskgroup entfernen vxdg -g rmdisk .... Auflisten der Disks in einer dg vxdg -g list [diskname] Deportieren einer Diskgroup vxdg deport Importieren einer Diskgroup vxdg import evtl. zusälich um Volumes zu starten: vxrecover -g -sb Löen einer Diskgroup vxdg destroy bis Version 2.x: alle Disks bis auf d. letzte entfernen: vxdg -f rmdisk vxdg deport HD dieser dg löen vxdiskunsetup Freien Speicherplatz in einer Diskgroup anzeigen vxassist -g maxsize [layout=...] Liste freien Diskspace vxdg free Disk umbenennen vxedit -g rename subdisk umbenennen vxedit -g -s rename set failing state off vxedit -g set failing=off Disk online setzen vxdisk online ; vxdctl enable Definieren einer Hotspare Disk vxedit -g set spare=on|off Volume Operationen Volume anlegen vxassist -g make [layout=...] diskname1 diskname2 ... oder: (Ausfühe Version) 1) init VM Disks: vxdisksetup -i c1t0d0 bei > 50 Disks: vxdisksetup -i c1t0d0 privlen=2048 2) init diskgroup: vxdg init diskname=c0t0d0 3) add disks to diskgroup: vxdg -g adddisk diskname=c0t0d0 4) create volume: vxassist -g -U fsgen make layout=nostripe,nolog create striped volume: vxassist -g -U fsgen make layout=stripe,nolog nstripe=2 stripeunit=128 diskname1 diskname2 ..... 5) mirror a volume on specified Disk: vxassist -g mirror oder: vxassist -g mirror assoc Subdisk einem Plex wegnehmen: vxsd -g dis Subdisks zusammenfassen: vxsd -g join Recovery Konfigurationsdaten sichern: vxprint -g -hvspm > filename Konfiguration ansehen: vxprint | more oder | grep ..... Konfiguration wiederherstellen: vxmake -g -d filename Plex enablen, resyncen: vxrecover -g oder: vxplex -g att Volume starten: vxvol [-f] start oder: vxvol -f -g start Plex in definierten Status bringen vxmend -g fix clean/active/stale/empty Volume initialisieren: vxvol -g init Volume von detached auf enabled: vxvol init active Fehlerhafte Disk wieder enablen: vxdctl enable vxdg -g -k adddisk =cxtxdx vxrecover -g -s vxbootsetup vxdg -fC import diskgroup (importiert verlorengegangene diskgroup) vxrecover -s -a diskgroup (starts volume) zus. Nühe Befehle sar -b 1 10 Neuaufsetzen eines OS auf eine nicht VxVm gespiegelte Disk Disk austauschen. OS installieren, VxVm installation, nicht ! vxinstall sondern: Lizenzen eingeben rm /etc/vx/reconfig.d/state.d/install-db vxio set 10 vxconfigd -d (disabled Mode) vxdctl init (/etc/vx/volboot wird upgedated !) vxdctl enable reboot Neuaufsetzen eines OS, wenn die Bootdisk unter Veritas Kontrolle war. Disk austauschen OS installieren VxVm installation vxinstall und nur root encapsulieren reboot Diskgroups ühmen host1: vxdg deport host2: vxdg import bei Problemen: vxdg -fC import (force,Clear) vxrecover -g -sb (volumes im Background starten) oder: vxvol -g startall re-add existing Disks to existing diskgroup, resync der Spiegel (bei verlorengegangenem Spiegel, um Plexes wieder einzuhäen) z.B. nach einem Power Fail von einem SSA vxdctl enable vxreattach (-c checks, if it is possible to reattach) vxrecover -sb (volume recover operation) vxeditp, schrink, delete and move volumes Vxdctl controls the volume configuration daemon (vxconfigd) Vxdg Manages VxVM disk groups Vxdisk defines + manages VM disks Vxdiskadd Adds physical disks vxtast monitor (zeigt, ab Vesion 3.0 Veritas, Aktivitän) Veritas entfernen, so daßweitergebootet werden kann: # vi /etc/system (veritas Einträ entfernen) # vi /etc/vfstab (vx entfernen und Pfade umbenennen) # format (nachschauen, wie Platten eingerichtet waren) # fsck /dev/dsk/c0t0d0s5 (möcherweise nachschauen, wie das Volume gemountet war) disable Probleme bei vxprint -th z.B. v oracle disable ... pl oracle-oi disable ... sd datadg01-01 disable ... #vxvol -f start oracle #vxtask list (zeigt systemaktiven Zustand von Veritas (neuere Versionen)) Beispiel Auflög und Neuerstellung eines Plexes fü (failover)bei falschgesetztem Flag vxprint -g ora2_dg -v (zeigt Volume mit zugehöen Plexes) vxdg list (zeigt volume names) vxprint -v (volumes und plexes anzeigen lassen) vxprint -Vl (Status der Replicator-Group) vxdisk list (zeigt disks und groups) vxtrace -g ora"_dg -o vol (Zugriffe anzeigen lassen) vxplex -g ora1_dg dis sybase_04 (vxplex -g diskgroup det Name_of_Plex) vxedit -g ora1_dg -rf rm sybase_04(vxedit -g diskgroup -r vm name_of_plex) vxassist -g ora1_dg addlog sybase_04 logtype=dcm alloc=ora1_dg_02 (vxassist -g diskgroup addlog name_of_plex logtype=cdm alloc=name_of_vol) vxstat -g ora2_dg -r (history buffer löen) vxstat -g ora2_dg -vp (anzeigen lassen) vradmin -g inf1dg set inf1 -rv srlprot=dcm Pathfailover auf primary setzen: for i in c6*s2 ; do ; luxadm display $i ; done Fehlerhaft gespiegeltes Volume korrigieren (dtcuxp145) #vxprint -htg oraPRUV_ARC1 #vxdg -g rootdg free (Anzeige) #vxdg -g oraPRUW_ARC1 free (Anzeige) #vxdisk -o alldgs list | grep error #vxdisksetup -i HDS9980V0-42 (freie Platte hinzufü#vxdisksetup -i HDS9980V1-42 #vxmake -g oraPRUW_ARC1 sd oraPRUW_ARC1_temp_01 disk=temp_01 len=28445760 comment="SD-temp-01" (temp. Subdisk auf Plex1 anlegen) #vxsd -g oraPRUW_ARC1 mv oraPRUW_ARC1_010_01 oraPRUW_ARCtz } näster Absatz Navigation Strg + F Seite vorwäs Strg + B Seite rüts Regulä Ausdrüfühe und Ersetzen): /muster Suchen nach Muster (weitersuchen mit n, zurühen mit M) ?muster Suchen rüts % Suche nach zugehöer Klammer (z.Bsp. füuelltext) :s/t1/t2/ Ersetzen von t1 durch t2 . Wiederholt letzte Kommandosequenz Dateibefehle: :[b]w [datei] Bereich in Datei speichern :r datei Eifües Ihalts der Datei in den akt. Text :r!befehl Einfüer Ergebnisse des Befehls in akt. Text :r file Fütei file unter Curso ein :S,$d Zeile S bis Ende löen .g/string/d Alle Zeilen löen, die string enthalten Verschiedenes: +zeilennr Sprung zur Zeile Nr. +/suchmuster Sprung zum Suchmuster u Undo mzeichen markiert akt. Position mit zeichen (Kleinbuschstabe) z.Bsp: y'a kopiert Text bis zur Marke a ~ Äderung Groß/Kleinschreibung des akt. Zeichens J Akt. Zeile mit folgender verbinden STRG+R Auffrischen des Bildschirms !befehl Ausfüeines Befehls vnc on solaris (www.sun.com/solaris/freeware) change xterm to dtterm in / type .vnc/xstartup (z.B. in /export/home/user/) vi inetd.conf window manager: ctwn /usr/dt/bin/Xsession (startet den Desktop) Xfree Video Driver Installation: #bunzip2 xf86-4.4.0-videopkg.bz2 #pkgadd -d xf86-4.4.0-video.pkg SUNxxf8u SUNxf86r #patchadd . 108653-56 (only necessary, if problems with "..pixmaps corrupted ..) #kdmconfig Harddrive entfernen (Platte nicht gespeigelt): # cfgadm -al (get the Ap_Id) # cfgadm -c unconfigure c1::dsk/c1t1d0 # cfgadm -al (is device unconfigured ?) # format (check) Change drives Insert: # cfgadm -c configure c1::dsk/c1t1d0 # cfgadm -al # fmthard -s oldtable /dev/rdsk/c1t1d0s2 (label auf neue Platte schreiben) # newfs /dev/rdsk/c1t1d0s0 # mount /data V245 Note ? After replacing the power distribution board and powering on the system, you must run the setcsn command on an ALOM console to electronically input the chassis Lesen der betroffenen Blö hat den Pool wieder geheilt. Fazit: Je billiger das Storage, desto mehr Redundanz ist erforderlich. In diesem Fall wä also RAID-Z2 besser gewesen. Zweite grafische Oberfläe starten: startx -- :1