ZFS – It’s that Easy

trainsignalI did another article for Train Signal… 

In the Solaris world, we have had access to the ZFS file system for quite a few years. It’s incredibly simple to use and incredibly powerful and flexible. It replaced the need for Solaris DiskSuite and Veritas Volume Manager, and even the UFS and VxFS file systems. Let’s get started with ZFS!

Continue reading on the Train Signal site…

Train Signal was bought out by Plural Sight.
The article is now at the Plural Signal website.


SSH Jumpbox

trainsignalI wrote an article for Train Signal showing how to build an SSH Jumpbox to facilitate your job as a sys-admin.

If you are a UNIX sysadmin for any number of servers, you need to build yourself a Linux secure shell (SSH) jumpbox. Do it now! Having a centralized location that you can use to quickly “jump” to any box saves a whole bunch of time. Not only that, it opens opportunities for speeding up repetitive chores, and even automating tasks.

Continue reading at Train Signal Website…

Train Signal was bought out by Plural Sight.
The article is now at the Plural Signal website.


SunFreeWare and SunSolve


For the longest of time, Sunfreeware (http://sunfreeware.mirrors.tds.net/) was my main source for pre-compiled Solaris packages. But they stopped updating it at the end of 2011. And the site that’s left doesn’t always work for me.

The official replacement site is http://unixpackages.com/, but as you’ll quickly discover, it is not free…

They have left the original FTP servers up and going. And they’ve saved the day a couple of times when looking for older versions of OpenSSL for example.

Sparc: ftp://sunfreeware.mirrors.tds.net/pub/sunfreeware/sparc/

Intel: ftp://sunfreeware.mirrors.tds.net/pub/sunfreeware/intel/

Here is hoping they don’t shut those down.


And who remembers looking for patches in SunSolve… Since it’s replacement with “My Oracle Support” (aka MOS), it’s never been quite the same.

I’ve recently discovered WeSunSolve.  It has tonnes of info on Solaris Packages and Patches and BugID’s. You’ll still need your MOS credentials to download the patches, but I find this site a lot easier to use than MOS.


Netbackup Client Uninstall in Solaris

As far as I can tell, Veritas does not provide an uninstall script to remove the Netbackup 6.0 Client from Solaris 10 Servers…

I went looking to see what files the client installed, and what  services were started up, and based on that here is my best guess as to how to cleanly remove the client.

svcadm disable network/bpcd/tcp
svccfg delete network/bpcd/tcp

svcadm disable network/vnetd/tcp
svccfg delete network/vnetd/tcp

svcadm disable network/vopied/tcp
svccfg delete network/vopied/tcp

svcadm disable network/bpjava-msvc/tcp
svccfg delete network/bpjava-msvc/tcp

cd /var/svc/manifest/network
rm bpcd-tcp.xml vnetd-tcp.xml vopied-tcp.xml

vi /etc/inetd.conf
(Remove bpcd vnetd vopied & bpjava-msvc)

vi /etc/services
(Remove bprd bpcd vnetd vopied & bpjava-msvc)

pkill –HUP inetd

rm –rf /usr/openv
(Make sure you're not dealing with file system first..)


Who’s listening on that port? (Linux vs Solaris)

You install a new application… You try to start it up…

But it fails to bind to the port it needs…

Now – what in the world has tied up that port?

In Linux, netstat provides you that info…

# netstat -lnp | egrep "Local Address|^tcp|^udp"
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0        *                   LISTEN      2983/sshd
tcp        0      0    *                   LISTEN      3266/0

But in Solaris, it’s not quite so easy… You’re going to have to work for it…

The following script gives you more or less the same thing…

# printf " PORT | INTERFACE       |   PID | FILEn"
printf "------+-----------------+-------+-------------------------------n"
for PID in `ps -ef | grep -v PID | awk '{print $2}' |  grep -v "^0$"`
  pfiles $PID 2> /dev/null | nawk '
  NR==1 {sub(/:/,"",$1); PID=$1; PROC=$2}
  /sockname:.*port:.*[0-9][0-9]/  { P2=$NF; IF2=$3; getline;
  if (!/peername/) {PORT=P2;IF=(IF2=="::"?"ALL":IF2)}}
  END { if (PORT != 0) printf ("%5d | %-15s | %5d | %sn",PORT,IF,PID,PROC) }'
done | sort -n
22 |    |   329 | /usr/lib/ssh/sshd
80 | ALL             |   604 | /usr/local/apache2/bin/httpd
80 | ALL             |   608 | /usr/local/apache2/bin/httpd
80 | ALL             |   609 | /usr/local/apache2/bin/httpd
80 | ALL             |   610 | /usr/local/apache2/bin/httpd
80 | ALL             |   611 | /usr/local/apache2/bin/httpd
80 | ALL             |   612 | /usr/local/apache2/bin/httpd
6010 |       |   625 | /usr/lib/ssh/sshd

Looping in the shell… “for” is your friend.

Why repeat the same command 10 times when you can put it in a loop??

Put “for” to use… Here are a few examples:

* Kill off all processes for a specific application..

for PID in  `ps -ef | grep app_name | grep -v grep | awk '{print $2}'`
  kill -9 ${PID}

* Lock out out all the users in a specific group…

GROUP=`grep group_id /etc/group | awk -F":" '{print $3}'`
for USER in `grep ":${GROUP}:" /etc/passwd | awk -F":" '{print $1}'`
  passwd -l ${USER}

* Untar a bunch of files…

gunzip *.tar.gz
for TARBALL in `ls -1 *.tar`
  tar xf ${TARBALL}

I could go on…

Out of date boot_archive

Seems that every time I try to do a reconfiguration reboot of a
new Sparc Solaris 10 Update 6 box, I end up having to take a trip
to the console.

Update 6 includes the concept of a boot_archive, and for some
reason it’s not getting properly updated as the box goes down.

The fix is to get on the console and… (Output below)

But if you’re not near the physical box, and your console isn’t
readily available on the network, you may be in trouble.
Something to consider before starting the reboot…

{0} ok boot -F failsafe
Boot device: /pci@780/pci@0/pci@9/scsi@0/disk@0,0:a  File and args: -F failsafe
SunOS Release 5.10 Version Generic_137137-09 64-bit
Copyright 1983-2008 Sun Microsystems, Inc.  All rights reserved.
Use is subject to license terms.
Configuring devices.
Searching for installed OS instances...
An out of sync boot archive was detected on /dev/dsk/c0t0d0s0.
The boot archive is a cache of files used during boot and
should be kept in sync to ensure proper system operation.
Do you wish to automatically update this boot archive? [y,n,?] y
Updating boot archive on /dev/dsk/c0t0d0s0.
The boot archive on /dev/dsk/c0t0d0s0 was updated successfully.
Solaris 10 10/08 s10s_u6wos_07b SPARC was found on /dev/dsk/c0t0d0s0.
Do you wish to have it mounted read-write on /a? [y,n,?] n
Starting shell.
# init 0
# syncing file systems... done
Program terminated
{0} ok boot

Testing Server Connectivity with Netcat

How many times have we been asked to troubleshoot a server connectivity problem?
Sooner or later, you end up in a three way call between yourself, the firewall folks,
and the admin of the server on the other end, so that everyone can snoop/filter or
otherwise capture an attempted connection. Unfortunately, getting that three way
call going can be difficult, especially when the folks required are not readily available.

Wouldn’t it be nice, if you could just set something up to try the connection over and
over, so that you don’t have to type “telnet {ip} {port}” yourself a million times ?

That’s where netcat (a.k.a nc) comes into play… Available pre-compiled from
Sunfreeware – this little tool will save you some time. The following shell script will
call on netcat to try the connection once a minute until  it is successful.
Then it will send an email, and be done.



while [ ${DONE} -gt 0 ]
   /local/bin/nc -z -w ${WAIT_TIME} ${HOST} ${PORT}
   [ ${DONE} -gt 0 ] && sleep ${SLEEP_TIME}

mailx -s "Connection to Host ${HOST} Port ${PORT} succeeded." ${NOTIFY} < /dev/null

You could easily extend the functionality of this… Let’s say you have to maintenance
window where you shut down your application for a while because the database it talks
to in  the back end is unavailable… This script could easily “listen” for that database
to be available again, and instead of sending you an email at the end, it could be triggered
to start up your application.

Give it a try.

Is that zone running?

On a number of occasions, I have had zones just disappear for no good reason.
Until I get to the bottom of that, here is a small script that I have cron’ed that
notifies me that there is trouble.

# zone-check.sh, v.1.0, Nov 10,2008
# Written by Nuno Paixao
ZONE_LIST=`/usr/sbin/zoneadm list -cp | cut -d":" -f2 | grep -v global`
for ZONE in ${ZONE_LIST}
  STATUS=`/usr/sbin/zoneadm -z ${ZONE} list -p 2> /dev/null | cut -d":" -f3'`
  if [ "$STATUS" != "running" ]; then
    for EMAIL in ${NOTIFY_LIST}
      mailx -s "ERROR: Zone ${ZONE} is not running on `uname -n`." 
             $EMAIL < /dev/null
exit 0