Recent Posts

Who’s listening on that port? (Linux vs Solaris)

You install a new application… You try to start it up…

But it fails to bind to the port it needs…

Now – what in the world has tied up that port?

In Linux, netstat provides you that info…

# netstat -lnp | egrep "Local Address|^tcp|^udp"
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2983/sshd
tcp        0      0 127.0.0.1:6010              0.0.0.0:*                   LISTEN      3266/0

But in Solaris, it’s not quite so easy… You’re going to have to work for it…

The following script gives you more or less the same thing…

# printf " PORT | INTERFACE       |   PID | FILEn"
printf "------+-----------------+-------+-------------------------------n"
for PID in `ps -ef | grep -v PID | awk '{print $2}' |  grep -v "^0$"`
do
  pfiles $PID 2> /dev/null | nawk '
  NR==1 {sub(/:/,"",$1); PID=$1; PROC=$2}
  /sockname:.*port:.*[0-9][0-9]/  { P2=$NF; IF2=$3; getline;
  if (!/peername/) {PORT=P2;IF=(IF2=="::"?"ALL":IF2)}}
  END { if (PORT != 0) printf ("%5d | %-15s | %5d | %sn",PORT,IF,PID,PROC) }'
done | sort -n
PORT | INTERFACE       |   PID | FILE
------+-----------------+-------+-------------------------------
22 | 172.16.200.2    |   329 | /usr/lib/ssh/sshd
80 | ALL             |   604 | /usr/local/apache2/bin/httpd
80 | ALL             |   608 | /usr/local/apache2/bin/httpd
80 | ALL             |   609 | /usr/local/apache2/bin/httpd
80 | ALL             |   610 | /usr/local/apache2/bin/httpd
80 | ALL             |   611 | /usr/local/apache2/bin/httpd
80 | ALL             |   612 | /usr/local/apache2/bin/httpd
6010 | 127.0.0.1       |   625 | /usr/lib/ssh/sshd

Looping in the shell… “for” is your friend.

Why repeat the same command 10 times when you can put it in a loop??

Put “for” to use… Here are a few examples:

* Kill off all processes for a specific application..

for PID in  `ps -ef | grep app_name | grep -v grep | awk '{print $2}'`
do
  kill -9 ${PID}
done

* Lock out out all the users in a specific group…

GROUP=`grep group_id /etc/group | awk -F":" '{print $3}'`
for USER in `grep ":${GROUP}:" /etc/passwd | awk -F":" '{print $1}'`
do
  passwd -l ${USER}
done

* Untar a bunch of files…

gunzip *.tar.gz
for TARBALL in `ls -1 *.tar`
do
  tar xf ${TARBALL}
done

I could go on…

Out of date boot_archive

Seems that every time I try to do a reconfiguration reboot of a
new Sparc Solaris 10 Update 6 box, I end up having to take a trip
to the console.

Update 6 includes the concept of a boot_archive, and for some
reason it’s not getting properly updated as the box goes down.

The fix is to get on the console and… (Output below)

But if you’re not near the physical box, and your console isn’t
readily available on the network, you may be in trouble.
Something to consider before starting the reboot…

{0} ok boot -F failsafe
Boot device: /pci@780/pci@0/pci@9/scsi@0/disk@0,0:a  File and args: -F failsafe
SunOS Release 5.10 Version Generic_137137-09 64-bit
Copyright 1983-2008 Sun Microsystems, Inc.  All rights reserved.
Use is subject to license terms.
Configuring devices.
Searching for installed OS instances...
An out of sync boot archive was detected on /dev/dsk/c0t0d0s0.
The boot archive is a cache of files used during boot and
should be kept in sync to ensure proper system operation.
Do you wish to automatically update this boot archive? [y,n,?] y
Updating boot archive on /dev/dsk/c0t0d0s0.
The boot archive on /dev/dsk/c0t0d0s0 was updated successfully.
Solaris 10 10/08 s10s_u6wos_07b SPARC was found on /dev/dsk/c0t0d0s0.
Do you wish to have it mounted read-write on /a? [y,n,?] n
Starting shell.
# init 0
# syncing file systems... done
Program terminated
{0} ok boot

Testing Server Connectivity with Netcat

How many times have we been asked to troubleshoot a server connectivity problem?
Sooner or later, you end up in a three way call between yourself, the firewall folks,
and the admin of the server on the other end, so that everyone can snoop/filter or
otherwise capture an attempted connection. Unfortunately, getting that three way
call going can be difficult, especially when the folks required are not readily available.

Wouldn’t it be nice, if you could just set something up to try the connection over and
over, so that you don’t have to type “telnet {ip} {port}” yourself a million times ?

That’s where netcat (a.k.a nc) comes into play… Available pre-compiled from
Sunfreeware – this little tool will save you some time. The following shell script will
call on netcat to try the connection once a minute until  it is successful.
Then it will send an email, and be done.

#!/bin/ksh

HOST=1.2.3.4; PORT=567
NOTIFY=someone@somewhere.com
WAIT_TIME=5; SLEEP_TIME=55

DONE=1
while [ ${DONE} -gt 0 ]
do
   /local/bin/nc -z -w ${WAIT_TIME} ${HOST} ${PORT}
   DONE=$?
   [ ${DONE} -gt 0 ] && sleep ${SLEEP_TIME}
done

mailx -s "Connection to Host ${HOST} Port ${PORT} succeeded." ${NOTIFY} < /dev/null

You could easily extend the functionality of this… Let’s say you have to maintenance
window where you shut down your application for a while because the database it talks
to in  the back end is unavailable… This script could easily “listen” for that database
to be available again, and instead of sending you an email at the end, it could be triggered
to start up your application.

Give it a try.

Is that zone running?

On a number of occasions, I have had zones just disappear for no good reason.
Until I get to the bottom of that, here is a small script that I have cron’ed that
notifies me that there is trouble.

#!/bin/ksh
############################################
# zone-check.sh, v.1.0, Nov 10,2008
# Written by Nuno Paixao
#############################################
NOTIFY_LIST="someone@somewhere.com"
ZONE_LIST=`/usr/sbin/zoneadm list -cp | cut -d":" -f2 | grep -v global`
for ZONE in ${ZONE_LIST}
do
  STATUS=`/usr/sbin/zoneadm -z ${ZONE} list -p 2> /dev/null | cut -d":" -f3'`
  if [ "$STATUS" != "running" ]; then
    for EMAIL in ${NOTIFY_LIST}
    do
      mailx -s "ERROR: Zone ${ZONE} is not running on `uname -n`." 
             $EMAIL < /dev/null
    done
  fi
done
exit 0