Posted by Ceri Davies
Fri, 16 May 2008 21:09:00 GMT
Some years ago I ported tcpdrop to Solaris from the FreeBSD version. I did it very quickly as a proof of concept and never got round to quite getting the error handling right or worrying about Solaris 10 privileges.
After spending the required 14 seconds looking at the privileges stuff, it became pretty clear that the required privilege for using tcpdrop was PRIV_SYS_IP_CONFIG. This cannot be asserted in a non-global zone, so if you are one of the many people who have emailed me asking if it can work in a non-global zone, the answer is “no, it can’t”. Not only that, but there’s nothing I can do about it.
Also in this release, I fixed up the error messages so that they are at least correct :)
The next release will feature a manpage in man format, rather than the current mdoc one which can’t actually be formatted on Solaris. Anyone who knows an automated method to convert from mdoc to man, please shout.
Anyway, the new release is available for download, knock yourselves out.
Posted in Software, Solaris | no comments
Posted by Ceri Davies
Wed, 12 Dec 2007 21:47:00 GMT
I’ve been using zsh for ages now, and the lack of a pfzsh implementation has been a minor annoyance for some of that time.
I happened to be looking at the csh source code and noticed how trivial the pfcsh implementation was and so, using the SFW code as a base, I threw pfzsh together yesterday afternoon.
Now, it turns out that the OpenSolaris FGAP project will be solving this in a different way, so a putback to SFW is unlikely. However, I’m going to find this useful in the meantime, so if you will too, download either the patch or an x86 package if they are useful to you.
Posted in Software, Solaris | no comments
Posted by Ceri Davies
Sun, 26 Aug 2007 21:11:00 GMT
Warren at Planet SysAdmin pointed out that my RSS feed was 404’ing.
In fact, everything under Rails was 404’ing since I upgraded to lighttpd 1.4.16; this is now fixed. Lighttpd bug 1270 refers.
Posted in Software | no comments
Posted by Ceri Davies
Fri, 13 Jul 2007 21:36:00 GMT
Quick recipe for getting NetBeans running on FreeBSD.
Not that it’s difficult, but just so that I remember.
Download and unpack the NetBeans 5.5.1 tgz archive from http://dlc.sun.com/netbeans/download/551/fcs/200704122300/netbeans-551.tar.gz.
# fetch http://dlc.sun.com/netbeans/download/551/fcs/200704122300/netbeans-551.tar.gz
# tar xf netbeans-551.tar.gz[1]
Install a JDK. The native one at java/diablo-jdk15 is a good bet.
# cd /usr/ports/java/diablo-jkd15; make install clean
Run it, passing it the jdkhome option just to be sure.
# ./netbeans/bin/netbeans --jdkhome=/usr/local/diablo-jdk1.5.0
[1] With lesser tars, you will need to perform the “gzip -dc netbeans-551.tar.gz | tar xf -” dance, but bsdtar does automatic format detection and does the right thing. Even with .iso files.
Posted in FreeBSD, Software, Sun | 2 comments
Posted by Ceri Davies
Tue, 05 Jun 2007 12:26:00 GMT
No, not another blog post opining after the last time I posted.
Like most folk who have to get a variety of jobs done, I have a Windows partition squirreled away on one of my desktops, and had occasion to use it just now. Unfortunately, according to the Event Viewer, the last time I did this was on June 15th 2006, so now I have to suffer applying a year’s worth of updates first. Arrgh.
Update, 20 minutes later: Wow, that was quick, my system is unbootable.
Posted in General, Software | 1 comment
Posted by Ceri Davies
Tue, 13 Mar 2007 14:50:00 GMT
From the installation notes of a popular high availability solution:
# mkdir /.ssh
# chmod go-w /
# chmod 700 /.ssh
# chmod go-rwx /.ssh
They’re thorough, at least.
Posted in Clustering, Software, Veritas | no comments
Posted by Ceri Davies
Sat, 03 Mar 2007 15:52:00 GMT
Where I work, I look after three highly available clusters running Veritas Cluster Services on Solaris. The hardware is old enough that maintenance is becoming prohibitively expensive and we’re therefore planning to buy new hardware over the next six months or so. Veritas tried to hold us over a barrel over support costs not so long ago, and so this seemed to be a good time to investigate moving to a different HA system.
The obvious choice for me was Solaris Cluster 3.2 (or Sun Cluster 3.2 as it was called at release). It had originally seemed that what I wanted to do would be suboptimal, although the release of 3.2 completely fixed all of the issues that existed with the setup that I had wanted to implement.
Mmm, free
Additionally good is that Solaris Cluster is free to run, even in production, although it must be relicensed (at a reasonably rate) if you wish to buy support. It also supports a large variety of server and storage hardware. Therefore it was no hassle to just download the software and crack on with testing; one barrier to adoption nipped in the bud.
What, no host-based packet filter?
After testing out the design that I had envisioned, it seemed that everything that I had wanted the software to do was in there; the only fly in the ointment was that the IP Filter packet filter was not supported. It worked for some scenarios, but the lack of official support would have been a problem for us.
At around this time, the QA manager for Solaris Cluster, John Blair, happened to post a blog entry introducing himself on the Sun Cluster Oasis[1]. So I asked him about the IP Filter situation.
Ask, and ye shall receive
Less than six weeks later, IP Filter is officially supported for failover services. That’s an amazing response time. I’m not even a paying customer.
Professional services
Even before discovering this little nugget, I proceeded to obtain quotes for the licensing and support costs for Solaris Cluster 3.2. As I mentioned above, they’re quite reasonable.
However, I was told at this point that there was a requirement for Sun Professional Services to come in perform the installation and configuration of the cluster before support could be obtained, and this was far from reasonably priced. At this point I was pretty angry and a little disappointed; I’m a big fan of Sun and couldn’t see why they would throw away customers like this.
I went far enough to complain about it publicly, although it was later pointed out that there was an option for a simple installation validation which is much more reasonable and by pointing this out I hereby absolve myself from the FUD-spreading.
You coming or what?
At this point it’s still not clear that we’ll end up running Solaris Cluster on these platforms, but I’m hopeful that we will. The design that I want to implement slots right in to the Solaris Cluster design and the implementation is therefore very simple and easy to understand (and, by extension, it’s easier to document, which is more the point for me!).
The title of this post is a small admission that I may be starting to sound like this around the office, sorry guys :)
[1] Note to Sun Marketing; there’s some rebranding to be done here :)
Posted in Clustering, Software, Solaris, Sun, Veritas | Tags cluster, ha, solaris, sun | 2 comments
Posted by Ceri Davies
Sat, 24 Feb 2007 13:27:00 GMT
I wrote an article for Sun’s BigAdmin a few months ago.
Due to a backlog of articles, it was only published a couple of weeks ago, but Sun gave me double the usual number of free stuff points in compensation for the delay.
What’s extra nice is that my article has been up on the front page of Sun Developer Network for a couple of days now. Not because it’s particularly brilliant, I think it’s just “put a BigAdmin article on SDN” week.
Still cool though :)
Posted in Software, Solaris, Sun | Tags sun | no comments
Posted by Ceri Davies
Mon, 29 Jan 2007 19:37:00 GMT
With the help of Dick's instructions, I finally got round to upgrading typo. Things may look weird until I get around to updating my theme for the new framework.
Hmm, looks like viewing articles was broken. Fixed that. All of the caching, theming and general whole point in running typo is broken though. Misery :)
Posted in Software | no comments
Posted by Ceri Davies
Fri, 15 Dec 2006 19:46:00 GMT
Patching Solaris is difficult
Patching Solaris is historically hard work involving cross referencing the installed patches (showrev -p) with the installed release (cat /etc/release) and the latest Recommended patch cluster and patch report at SunSolve.
Sun tools actually make it harder
Since this is such a nightmare, Sun have offered a huge number of methods for patching Solaris systems. Some are no longer properly maintained or don’t support recent releases, some are heavy X based monsters, some have a huge dependency list (33 packages for smpatch in Solaris 10 6/06, and that’s not only the ‘light’ version, but is also incomplete). The one thing they have in common is that they suck.
smpatch is the worst of the lot
After a recent experience where smpatch not only rendered a production machine unbootable, but required three reboots to do so and then had failed to even offer all of the available patches, I’ve had enough.
From now on we’ll be using Patch Check Advanced (PCA) from http://www.par.univie.ac.at/solaris/pca/.
Read more...
Posted in Software, Solaris, Sun
