################################################################################ # # Stupid pulse audio. kill it. play wow and ventrilo sudo apt-get update sudo killall pulseaudio sudo apt-get purge pulesaudio sudo autoremove sudo apt-get install -y esound esound-clients esound-common libesd-alsa0 sudo reboot # ################################################################################ ################################################################################ # # Check on sound cards ls /dev/snd more /proc/asound/cards more /proc/asound/devices # ################################################################################ ################################################################################ # Qlogic cards # single ported HBAs: 21-00-00-E0-8B-9*-**-** # dual ported HBAs: 21-00-00-E0-8B-9*-**-** 21-01-00-E0-8B-B*-**-** # ################################################################################ ################################################################################ # Screen tricks # start screen screen # show running screens screen -ls # show running screens from a screen session C-a " # detatch from current screen session C-a d # reattach to existing screen screen -R # see more goodness at http://gentoo-wiki.com/TIP_Using_screen ################################################################################ ################################################################################ # Netapp Tricks # find out what disks are spare sysconfig -r # see every disk shelf attached to the filer with loops fcstat device_map # see the paths do the disks storage show disk -p # remove disk ownership from a disk (in this case 0b.65) disk assign -s unowned 0b.65 # assign the disk to the default pool disk assign 0b.65 # find out problems with the storage appliance's connection to DFM dfm host diag HOSTNAME # ################################################################################ ################################################################################ # MS Excel tricks color every even line with conditional formatting =MOD(ROW(),2)=0 color every odd line with conditional formatting =MOD(ROW(),2)=1 # ################################################################################ ################################################################################ # Perl bits # Get rid of leading spaces. sub rm_ws_head { my $str = shift; $str =~ s/^\s+//; return $str; } # Get rid of trailing spaces sub rm_ws_tail { my $str = shift; $str =~ s/\s+$//; return $str; } # Get rid of both. sub rm_ws_all { my $str = shift; $str =~ s/\s+//g; return $str; } # calling them $str = &rm_ws_head($str); $str = &rm_ws_tail($str); $str = &rm_ws_all($str); # end perl bits ################################################################################ ################################################################################ # Raid goodness Raid-0: block level striping with no redundancy Raid-1: Mirroring with not striping Raid-10: Block level striping plus mirroring (Stripe of two or more mirrored arrays) Mirror disks first than strip. Raid-0+1: Block level striping plus mirroring (Mirror of two striped arrays) Stripe first, then mirror. Raid-3: Striping with a dedicated parity disk. (data split on a byte level) Raid-4: Striping with a dedicated parity disk. (data split on block level) Raid-5: Block level striping with distrubuted parity information Raid-6: Block level striping with double distrubuted parity information # ################################################################################ ################################################################################ # Sed goodness # substitute a matched pattern inline /usr/bin/sed -e 's/some stuff \(.*\) more stuff/Matched: \1 yes./' # ################################################################################ ################################################################################ # Oracle goodness # # Find out the processes associated with various oracle containers # Note that if you put a '-l' on the end, you'll get even more details! # $ opmnctl status Processes in Instance: MNHCMCS2AS.mncs1.epredix.com -------------------+--------------------+-------+--------- ias-component | process-type | pid | status -------------------+--------------------+-------+--------- HTTP_Server | HTTP_Server | 23289 | Alive OC4J | alpha-dev | 25306 | Alive OC4J | alpha | 23374 | Alive OC4J | beta | 23331 | Alive OC4J | gamma | 23339 | Alive OC4J | delta | 23311 | Alive dcm-daemon | dcm-daemon | 881 | Alive LogLoader | logloaderd | N/A | Down # End Oracle goodness ################################################################################ ################################################################################ # Solaris 8 force CE and BGE device speed at boot time After doing a number of system upgrades over the weekend, I became quickly frustrated by the fact that the standard settings in the /etc/system file, normally used to lock the Ethernet interface to 100 / Full Duplex don.t seem to work if your server is using a "ce" or "bge" Ethernet card. Normally, the settings in /etc/system would look something like this: set ce:adv_100hdx_cap=0 set ce:adv_10fdx_cap=0 set ce:adv_10hdx_cap=0 set ce:adv_autoneg_cap=0 set ce:adv_100fdx_cap=1 Unfortunately, if you are using a "ce" or "bge" Ethernet adaptor, this tried and true method does not work, and the kernel gives the following errors at boot: Feb 6 08:10:02 hostname genunix: [ID 492708 kern.notice] sorry, variable .adv_100fdx_cap. is not defined in the .ce. Feb 6 08:10:02 hostname genunix: [ID 492708 kern.notice] sorry, variable .adv_100hdx_cap. is not defined in the .ce. Feb 6 08:10:02 hostname genunix: [ID 492708 kern.notice] sorry, variable .adv_10fdx_cap. is not defined in the .ce. Feb 6 08:10:02 hostname genunix: [ID 492708 kern.notice] sorry, variable .adv_10hdx_cap. is not defined in the .ce. Feb 6 08:10:02 hostname genunix: [ID 492708 kern.notice] sorry, variable .adv_autoneg_cap. is not defined in the .ce. After doing a little poking around, I learned that the method for forcing Ethernet interfaces on the newer (ce & bge) cards has changed, and it is now necessary to create a driver configuration file in /platform/sun4u/kernel/drv. First, so that you don.t have to reboot again, force the interface using the ndd commands. Remember to change all instances of "ce" to "bge" if that is your card type. ndd -set /dev/ce instance 0 ndd -set /dev/ce adv_100T4_cap 0 ndd -set /dev/ce adv_100fdx_cap 1 ndd -set /dev/ce adv_100hdx_cap 0 ndd -set /dev/ce adv_10fdx_cap 0 ndd -set /dev/ce adv_10hdx_cap 0 ndd -set /dev/ce adv_1000fdx_cap 0 ndd -set /dev/ce adv_1000hdx_cap 0 ndd -set /dev/ce adv_autoneg_cap 0 Now, create a /platform/sun4u/kernel/drv/ce.conf (or bge.conf) file with the following line, and reboot the system whenever you get around to it. adv_autoneg_cap=0 adv_1000fdx_cap=0 adv_1000hdx_cap=0 adv_100fdx_cap=1 adv_100hdx_cap=0 adv_10fdx_cap=0 adv_10hdx_cap=0; Make sure this is all one long string of text. There should be no tabs, and their needs to be a semicolon at then end. There should also be no more than this one line of text in the file. Occasionally, carriage returns get added by various text editors in different ways, so make sure to use a predictable editor like vi. # ################################################################################ ################################################################################ # Make a test file with dd dd uses a default block size of 512. You can make a 10 gb file with the following command: dd if=/dev/zero of=big_file count=20971520 A 2 gb file would use a count of 4194304 A 1 gb file would use a cound of 2097152 use /dev/random for something other than zero filled file. # ################################################################################ ################################################################################ # SharePlex stuff queue viewing -- see what read and write queues you have along with where they are pointing to. Useful if you've moved hardware and have old queues lying around. First one is if your sp_cop is down. $ qview -i qview> qsetup 2100 qview> list The following queues exist: o.SCHEMA1+C WRITER +PA+o.SCHEMA1+sp_ocap+o.SCHEMA1 READER +PR+o.SCHEMA1+sp_ordr+o.SCHEMA1 srchost+X WRITER +PR+o.SCHEMA1+sp_ordr+o.SCHEMA1 READER +PX+srchost+sp_xport+0x40498977 (10.0.1.42) READER +PX+srchost+sp_xport+0x45191acb (10.0.5.69) you can use deluser to remove a queue, but be sure to talk to support before doing this! You can only delete a queue when sp_cop is stopped. In the example below, we want to delete the routing to 10.0.1.42. qview> deluser srchost+X +PX+vsrchost+sp_xport+0x40498977 Simplier case if sp_cop is running. $ qview -i qview> qinit qview> list The following queues exist: o.SCHEMA1+C WRITER +PA+o.SCHEMA1+sp_ocap+o.SCHEMA1 READER +PR+o.SCHEMA1+sp_ordr+o.SCHEMA1 srchost+X WRITER +PR+o.SCHEMA1+sp_ordr+o.SCHEMA1 READER +PX+srchost+sp_xport+0x40498977 (10.0.1.42) READER +PX+srchost+sp_xport+0x45191acb (10.0.5.69) # ################################################################################ ################################################################################ # Some oracle stuff First you need to log into the database with many rights. Run this as oracle. $ sqlplus '/ as sysdba' setup some formatting for tablespace report SQL> col FILE_NAME for a50 SQL> col BYTES for 999,999,999,999,999 SQL> set pages 999 SQL> set linesize 130 Replace PLOVER_DATA with the name of the tablespace you want to look at. SQL> select file_name, bytes from dba_data_files where tablespace_name = 'PLOVER_DATA'; This will return something that looks like FILE_NAME BYTES -------------------------------------------- ------------- /oradata01/XYZZY/data/plover_data_01.dbf 6,442,450,944 or FILE_NAME BYTES -------------------------------------------- ------------- /oradata01/XYZZY/data/plover_data_01.dbf 6,442,450,944 /oradata01/XYZZY/data/plover_data_02.dbf 6,442,450,944 /oradata01/XYZZY/data/plover_data_03.dbf 6,442,450,944 You've two ways to proceed, you can either add space to an existing file, or add an additional file. Add space to an existing file: Say you want to increase the tablespace file size from what it is above to 7GB. First off, how big is 7G in MB? SQL> select 1024 * 7 from dual; 1024*7 ---------- 7168 Cool, now resize the file for the tablespace. SQL> alter database datafile '/oradata01/XYZZY/data/plover_data_01.dbf' resize 7168M; Now what if you want to add a file? Generally I add a new datafile to a tablespace in 2GB (2048M) sizes. You can always grow it later. SQL> alter tablespace PLOVER_DATA add datafile '/oradata01/XYZZY/data/plover_data_04.dbf' size 2048M; # End some oracle stuff ################################################################################ ################################################################################ # How to set up a netapp to relay e-mail through a sun system. On the sun to do the relaying: 1) edit /etc/mail/relay-domains (with sudo!) and add the ip ipaddress for your netapp. This is really important, without this step, you'll be setting the sun system to be an open smtp relay. 2) edit /etc/mail/sendmail.cf (with sudo!) and find the line that looks like: O DaemonPortOptions=Port=smtp,Addr=127.0.0.1,Name=MTA O DaemonPortOptions=Port=587, Name=MSA, M=E add in O DaemonPortOptions=Port=smtp,Addr=XXX.YYY.ZZZ.TTT,Name=MTA Where XXX.YYY.ZZZ.TTT is the ip address of the solaris system that you are currentlly logged into. 3) restart the sendmail daemon. $ sudo /etc/init.d/sendmail stop $ sudo /etc/init.d/sendmail start 4) telnet and log into the netapp. 5) type: "options autosupport" to see all of the options for autosupport. 6) type "options autosupport.support.to autosupport@netapp.com" to set auto support address. 7) type "options autosupport.mailhost XXX.YYY.ZZZ.TTT" to set the relay host to the chosen sun. 8) type "options autosupport.doit TEST MESSAGE GOES HERE" to send a test message. # ################################################################################ ################################################################################ # Useful security tools nmap: http://www.insecure.org/nmap/ # ################################################################################ ################################################################################ # Change the solaris default gateway # route delete default 192.168.1.1 # route add default 192.168.1.32 # ################################################################################ ################################################################################ # Set hme1 to 100/full/no autonegotion ndd -set /dev/hme instance 1 ndd -set /dev/hme adv_100T4_cap 0 ndd -set /dev/hme adv_100fdx_cap 1 ndd -set /dev/hme adv_100hdx_cap 0 ndd -set /dev/hme adv_10fdx_cap 0 ndd -set /dev/hme adv_10hdx_cap 0 ndd -set /dev/hme adv_autoneg_cap 0 # ################################################################################ ################################################################################ # Process tracing # Show process relationships. ptree # Show what a process is doing. truss # Follow all children. truss -f -p # Show open files fuser -cu / # ################################################################################ ################################################################################ # F5 coolness (OLD STYLE) Show if the current box is the primary or slave. # b failover Show the status of a node # b node show Remove Servers from a Pool # b node disable Add Servers from a Pool # b node enable # ################################################################################ ################################################################################ # F5 coolness (NEW STYLE) Show if the current box is the primary or slave. # b failover Show the status of a node # b node show Remove Servers from a Pool # b node session disable Add Servers from a Pool # b node session enable # ################################################################################ ################################################################################ # Pass-phrase changes ssh: ssh-keygen -p gnupg: gpg --list-keys gpg --edit-key # ################################################################################ ################################################################################ # Make Magic CMDS = cat dd echo date cc cmp comm ar ld chown ${CMDS}: $$#.c ${CC} -O $? -o $@ # ################################################################################ ################################################################################ # Fun with Tivoli Backups Demon is dsm, when it is running should look like: "root 468 1 0 18:31:22 ? 0:00 /usr/bin/dsmc sched" If it is killed, then it will respawn. Killing it will fix most problems with the demon. Binaries live in: /opt/tivoli/tsm/client/ba/bin Control files are: /usr/bin/dsm.opt /usr/bin/dsm.sys Log file is: /var/adm/tsm.log # ################################################################################ ################################################################################ # nvramrc/openboot commands # # Show the contents of the nvramrc ok printenv nvramrc nvramrc = devalias net /pci@1f,0/ethernet@5 ok show-nets # doesn't make it permant ok devalias jumpstart /pci@1f,0/ethernet@5 # survives resets ok nvalias jumpstart /pci@1f,0/ethernet@5 # get rid of aliases nvunalias jumpstart # ################################################################################ ################################################################################ # Setting the correct dump device with dumpadm /usr/sbin/dumpadm -c all -d DUMP-DEVICE -r ROOT-DIR # ################################################################################ ################################################################################ # Fun with Oracle If you see: SQL> drop table goldman; and then: SQL> select table_name from user_tables; TABLE_NAME ------------------------------ LONGSCAN BIN$6ACNrl/EEW3gNAADugC/Mg==$0 CLASS_INFO ITEMS MASS_POINTS It is the Oracle 10g keeping you safe. Remove the table with: SQL> purge table "BIN$6ACNrl/EEW3gNAADugC/Mg==$0"; SQL> commit; Or look at what is was with: SQL> select OBJECT_NAME, ORIGINAL_NAME, TYPE from user_recyclebin; OBJECT_NAME ORIGINAL_NAME TYPE ------------------------------ ----------------- ------------------------- BIN$6ACNrl/EEW3gNAADugC/Mg==$0 GOLDMAN TABLE # ################################################################################ ################################################################################ # Sun Boot 1. AUTOMATIC SYSTEM RECOVERY (ASR) - Sun Fire V880 (OBP version 4.5.x, 4.6.x and Above) The automatic system recovery feature for the Sun Fire v880 enables the system to resume operation in the event a NON-Fatal Error has occurred. When ASR is enabled, the system's firmware diagnostics automatically detects failed hardware components. The OpenBoot firmware will deconfigure the failed components and restore system operation as long as the system is capable of operating without the failed component. The ASR feature enables the system to reboot automatically, without operatord intervention. How to activate ASR: The following variable's must be set at the OBP: AUTOMATIC SYSTEM RECOVERY (ASR) for OBP Versions 4.5.x and Below ok setenv auto-boot? true ok setenv auto-boot-on-error? true ok setenv diag-switch? true ok setenv diag-level max ok setenv diag-device disk ok setenv diag-trigger soft-reset diag-trigger variable settings that can be used: power-reset (default): Runs firmware diagnostics only on power-on resets, including RSC-initiated power on resets. error-reset: Runs firmware diagnostics only on power-on resets and resets triggered by hardware errors, including operating system panics, and watchdog reset events. This DOES NOT include software resets. soft-reset (recommended): Runs firmware diagnostics on all reset events (including software resets). none: Disables the automatic triggering of firmware diagnostics by any reset event. You can still invoke firmware diagnostics manually by turning the front panel keyswitch to the Diagnostics position prior to powering on the system. ok reset-all AUTOMATIC SYSTEM RECOVERY (ASR) for OBP Versions 4.6.x and Above ok setenv auto-boot? true ok setenv auto-boot-on-error? true ok setenv diag-switch? true ok setenv diag-level max ok setenv diag-device disk ok setenv odiag-trigger all-resets ok setenv post-trigger all-resets There are several odiag-trigger and post-trigger variable settings that can be used: power-on-reset(default): Runs firmware diagnostics only on power-on resets, including RSC-initiated power on resets. error-reset: Runs firmware diagnostics only on power-on resets and resets triggered by hardware errors, including operating system panics, and watchdog reset events. (This DOES NOT include software resets). user-reset: Runs firmware diagnostics on user initiated rest events. all-resets (recommended): Runs firmware diagnostics on all reset events (including software resets). This is the recommended setting. none: Disables the automatic triggering of firmware diagnostics by any reset event. You can still invoke firmware diagnostics manually by turning the front panel keyswitch to the diagnostics position prior to powering on the system. Note: the post-trigger and obdiag-trigger variables have no effect unless diag-switch? is set to true. Note: By setting diag-level to max the system will run through more in-depth diagnostic testing giving the system its best chance to ASR out the defective hardware. ASR will not function to its fullest without max being set. ok reset-all ASR falls into 3 different categories: No Error's If no errors are detected by POST or OpenBoot Diagnostics, the system attempts to boot if auto-boot? is true. Non-Fatal Error's If only non-fatal errors are detected by POST and/or OBP (errors that will not necessarily prevent the system from booting Solaris) the system attempts to boot if auto-boot? is true and auto-boot-on-error? is true. Non-fatal errors include the following: SCSI bus failure FC-AL subsystem failure - A working alternate path to the boot disk is required Gigabit Ethernet or Fast Ethernet interface failure USB interface failure Serial interface failure PCI card failure CPU failure - A single CPU failure causes the entire CPU/Memory board to be deconfigured. Another non-failing CPU/Memory board must be present in the system for the system to attempt a degraded boot. Memory failure - The firmware will deconfigure the entire logical bank associated with the failed memory module. Another non-failing logical memory bank must be present in the system. Fatal Error's If a fatal error is detected by POST and/or OBP, the system will not boot regardless of the settings of auto-boot? or auto-boot-on-error?. The system will not attempt to boot, and may not get to the ok prompt. Fatal non-recoverable errors include the following: Switch ASIC Failure (DAR, DCDS, MDR, BBC) PCI Bridge Failure RIO Failure CPU Failure (All CPUs present failed.) Memory Failure (All memory banks present failed.) Flash RAM cyclical redundancy check (CRC) Failure Critical FRUPROM configuration data (CRC, consistency) Failure To view a list of components that can be manually enabled or disabled by ASR, type the following at the ok prompt: ok .asr To enable or disable components under asr: ok asr-enable ok asr-disable Where is an absolute device path, a device alias, or a device label. Valid device labels include: cpu7-bank3 cpu7-bank2 cpu7-bank1 cpu7-bank0 cpu6-bank3 cpu6-bank2 cpu6-bank1 cpu6-bank0 cpu5-bank3 cpu5-bank2 cpu5-bank1 cpu5-bank0 cpu4-bank3 cpu4-bank2 cpu4-bank1 cpu4-bank0 cpu3-bank3 cpu3-bank2 cpu3-bank1 cpu3-bank0 cpu2-bank3 cpu2-bank2 cpu2-bank1 cpu2-bank0 cpu1-bank3 cpu1-bank2 cpu1-bank1 cpu1-bank0 cpu0-bank3 cpu0-bank2 cpu0-bank1 cpu0-bank0 pci-slot8 pci-slot7 pci-slot6 pci-slot5 pci-slot4 pci-slot3 pci-slot2 pci-slot1 pci-slot0 gptwo-slotd gptwo-slotc gptwo-slotb gptwo-slota ob-gem ob-fcal ob-scsi hba9 hba8 cpu7 cpu6 cpu5 cpu4 cpu3 cpu2 cpu1 cpu0 # ################################################################################ ################################################################################ # Fun Disk commands # Show disk info, such as size and type. Disk identified by sdXX iostat -E # Show disk info, such as size and type. Disk identified by cXtYdZ iostat -En # ################################################################################ ################################################################################ # SSH Tunnels # # Open port 9999 from localhost to gonzo.pocket.com's port 1521 # All traffic will be encripted. ssh -f -L 9999:gonzo.pocket.com:1521 gonzo.pocket.com sleep 15000 # ################################################################################ ################################################################################ # SSH Fun times # # First build a key and put the output in some file. ssh-keygen -t dfs # # Next put the key in place on the server you want to run a # command remotely on, goes in ~${TARGET_USER}/.ssh/authorized_keys # on ${TARGET_HOST} format looks like the following: COMMAND="/bin/df" ssh-dss LONG_KEY comment # # Now on the source machine start the ssh-agent to hold keys # Note that this doesn't actually add keys, it just gets ready # to hold keys. eval "`/usr/bin/ssh-agent -s 2>&1`" >>/dev/null # # Now add a key to the agent. Obviously ${KEYFILE} will have # to point to the key file you generated earlier, give the # base name, not the .pub version of the file! (/usr/bin/ssh-add ${KEYFILE} 2>&1) >>/dev/null # # Now run ssh, the remote end will run a df for you. That's # all that you'll be able to do. /usr/bin/ssh ${TARGET_USER}@${TARGET_HOST} # # Do some clean up afterwards the variables are set above in # the eval statement. (/usr/bin/ssh-add -D 2>&1) >>/dev/null /usr/bin/kill -9 ${SSH_AGENT_PID} 2>&1 >>/dev/null /usr/bin/rm -rf ${SSH_AUTH_SOCK%/*} 2>&1 >>/dev/null # ################################################################################ ################################################################################ # KSH function example with scope of variables # # Sample code segment TEST() { GONZO="XYZZY" typeset POCKET="XYZZY" return } GONZO="PLOVER" POCKET="PLUGH" TEST echo ${GONZO} ${POCKET} # # Run it! $ ./Log_Rotation XYZZY PLUGH # ################################################################################ ################################################################################ # KSH shameless variable manulipation datapath=/data/public/project/trials/set1/datafile.dat filename=${datapath##*/} filename is set to "datafile.dat" since the longest prefix pattern matching "*/" is the leading directory path (compare basename) path=${datapath%/*} path is set to "/data/public/project/trials/set1" since the shortest suffix pattern matching "/*" is the filename in the last directory (compare dirname) ################################################################################ # CPU commands # get the state of the cpus psrinfo # change the state of the cpus (see man page!) psradmin ################################################################################ # auto patching tools # Generate list of Patches needed (just for info) pprosvc -l # Download needed Patches (includes a -l) pprosvc -d # Install the needed patches (includes everything -d does) pprosvc -i # Download specific patches that may not be in your patch group. pprosvc -d -p 114641-02,111711-08,111712-08,111722-04 # Applies patches that may not be in your patch group. pprosvc -i -p 114641-02,111711-08,111712-08,111722-04 ################################################################################ # Proactivenet interesting commands pw system status pw remote list pw remote status pw admin pw edit 12.167.172.6 12.167.172.5 pw device addmon mnap2hcmpd.epredix.com pw system stop pw system start ################################################################################ # Mount a USB memory device on a Sun Solaris box mount -F pcfs /dev/dsk/c3t0d0s0:c /tmp/x # Don't forget to to the "devfsadm" ################################################################################ # RSM Drive utilities # live in /usr/sbin/osa drivutil fwutil healthck lad raidutil rm6 storutil ################################################################################ # OBP static name defination nvalias name devicepath nvunalias ??? ### at the OBP prompt ### much useful debugging information, such as which memory ### bank is hosed! setenv diag-switch? true reset-all # as it says show-post-results ################################################################################ # A little sun disk suite stuff # # V240 machine with three disks. Mirror to one and then have a spair. # # Three disk are nice, then you can have 3 sets of meta databases. # Your system won't boot if you've less than 51% of the metadatabases. SRC=/dev/dsk/c1t0d0s2 RSRC=/dev/rdsk/c1t0d0s2 DEST1=/dev/dsk/c1t1d0s2 RDEST1=/dev/rdsk/c1t1d0s2 DEST2=/dev/dsk/c1t2d0s2 RDEST2=/dev/rdsk/c1t2d0s2 # # Set up the disks so that everyone has # the correct disk labels on them. # /usr/sbin/prtvtoc -h ${SRC} | /usr/sbin/fmthard -s - -n ALT ${RDEST1} /usr/sbin/prtvtoc -h ${SRC} | /usr/sbin/fmthard -s - -n MIRROR ${RDEST2} # # Initialize the meta databases # Use slice s6 on all three disks. # /usr/sbin/metadb -c 3 -af c1t0d0s6 c1t1d0s6 c1t2d0s6 # # Verify the work # /usr/sbin/metadb ################################################################################ # Make a hot spair pool, and then a raid-5 device using that pool. # # Note that hsp and d are required parts of the name. In fact # that's all that identifies hsp001 a a hot spair metainit hsp001 c3t13d0s0 metainit d100 -r c3t0d0s0 c3t1d0s0 c3t2d0s0 c3t3d0s0 c3t12d0s0 -h hsp001 ################################################################################ mount -n -o remount,rw / Remounts root read/write. inq Shows EMC information for a host. route add -net 10.102.64.0 10.123.10.10 -netmask 255.255.252.0 put it in init.d from rc2.d after 73 or so. find / ! -local -prune -o -mode -4 -ls watch-net-all probe-scsi-all show-nets show-disks limit-ecache-size ./add_install_client -s 10.123.35.20:/export-2.6 approd0 sun4u1 share -F nfs -o ro,anon=0 /export-2.6 patchadd -C /export-2.6/Solaris_2.6/Tools/Boot 106429-02 patchadd -C /export-2.6/Solaris_2.6/Tools/Boot 106429-02 patchadd -C /export-2.6/Solaris_2.6/Tools/Boot 105181-32 109334 106381 Import a group forcefully vxdg -C import GROUP If you want to use imported disks vxvol -g GROUP startall Remove the volumes vxedit -g GROUP -rf rm VOLUME_NAME Remove the disks vxdg -g GROUP rmdisk DISK_NAME Deport the disk group vxdg deport GROUP DMP Stuff # Check State of DMP vxdmpadm listctlr all # Turn on DMP vxdctl init vxdctl enable vxdctl initdmp # Rebuilding Veritas devices vxdctl init vxdctl enable devfsadm # or the old way drvconfig devalias disks ################################################################# # Used to create data vxassist -g userdata01 make localvol 25g layout=log,stripe ncol=3 vxassist -g userdata01 mirror localvol mkfs -F vxfs -o largefiles /dev/vx/rdsk/userdata01/localvol # # change group ownership for this vxedit -g eaiprd03 set user=egate group=eai archive01 # # Ready a group for cluster sharing if created with vxdiskadm vxdg deport testdg vxdg -s import testdg # # Once fun thing cfscluster config # # CFS things cfsmntadm add testdg test1_vol /usr/local/test all=rw cfsmount /usr/local/test # # umount /usr/local/test # on slaves umount /usr/local/test # on master cfsmntadm delete /usr/local/test # on master vxdg deport testdg # on master vxdg import testdg # on master ##### Destroy as normal from here. # # More very bad stuff to wreck your day. hastop -all -force gabconfig -U lltconfig -U lltconfig: this will attempt to stop and reset LLT. Confirm (y/n)? y modinfo | egrep gab 243 78426000 44f05 257 1 gab (GAB device 3.5) modunload -i 243 modinfo | egrep llt 242 7840e000 1ce65 256 1 llt (LowLatencyTransport 3.5) modunload -i 242 # # do the above on both machines, then edit any configuration files # that need to be adjusted, such as /etc/llttab. /etc/rc2.d/S70llt start /etc/rc2.d/S92gab start hastart The boot device now is: /pci@7,4000/SUNW,isptwo@3/sd@2,0:a which may be different from the machine's default boot device. Please write it down now and use it as the boot device in the next reboot operation. ################################################################# Clearing the error state from a HA group. CLUSTERING, HA First do a: /opt/VRTSvcs/bin/hastatus -summ and look for the group in trouble. Then clear the error condition with: /opt/VRTSvcs/bin/hares -clear svwapp_app check to see that the error really goes away with: /opt/VRTSvcs/bin/hastatus -summary Then once it does, bring the resource back online with: /opt/VRTSvcs/bin/hares -online svwapp_app -sys star10 ################################################################# Initial Setup of ControlM stuff on a new server Make sure that the ctmagen directory exists and is empty. mkdir -p /opt/controlm/ctmagent rm -f ~ctmagent/* ~/ctmagent/.* Grab the archives from ~goldman/work/Controlm Base packages: ctmagent-3585.tar.gz Patches to it: CTMAg-3637-sun.tar.gz Go to ctmagent's home directory: CHOST is ctmagsrv for production. CHOST is star10 fro dev/test. Run the contents of the base package: /var/tmp/a/controlm/cd_inst \ -A -i N -u ctmagent -f fd3585 \ -c ${CHOST} -b star10 \ -a 7005 -s 7006 Run the contents of the patch as ctmagent: su - ctmagent -c "/var/tmp/a/CTMAg-3637-inst/cd_inst" Cleanup: chown -R ctmagent:controlm ~ctmagent kill -1 Installing a Tivoli End Point rlogin MASTER Production: tmrprod03 Test/Dev: tmrdev21 Firewall: tmrprod25 cd /opt/Tivoli/DHC/bin sudo ./createunixep.sh HOST Verify with: ps -aef | egrep lcf F12 stuff host: sf4-sc user: sms-svc pw: ttc showplatform Gives hostname/mac address showboards -d b Shows the boards connnected to domain 'b' showkeyswitch -d b Shows the state of the keyboard switch for domain 'b' console -d b Connect ot the console for domain 'b' boot net -s - install Go to single user mode before installing. FRAME Controler COntroler Hosts sf4 sf5-sc sf5-sc1, sf5-sc2 sf5 sf4-sc sf4-sc1, sf4-sc2 remove power to an io boat with: poweroff io6 later do: setkeyswitch -d b standby setkeyswitch -d b on Jumpstart example /dtsdata/boot/Solaris_8/Tools/add_install_client \ -s 10.116.160.33:/export/jumpstart/ben \ -c 10.116.160.33:/export/jumpstart/ben \ -p 10.116.160.33:/export/jumpstart/ben \ sf4ux101 sun4u Here were the issues with using a flash created from a non-F12K image. 1) No dman network(private SC to Domain network over the centerplane.) Create a /etc/hostname.dman0 file with the correct IP for the domain. You can get the correct IP out of the /etc/hosts file on the system controller. 2) DR not working Added domain patches 110820-xx 111332-xx 111335-xx 108813-xx Uncommented sun-dr lines from domains /etc/inetd.conf Set up /etc/inet/ipsecinit.conf on SC's and domains. You can also manually create the file, and make sure it has the following lines in it: { dport sun-dr } permit { auth_algs md5 } { sport sun-dr } apply {auth_algs md5 sa unique } { dport cvc_hostd } permit { auth_algs md5 } { sport cvc_hostd } apply {auth_algs md5 sa unique } Matt, Here is what I used on the E10K reconfigs. We can tailor this for e10k5. We won't need to do all of the steps that are in this document. You would be starting with section "I. Reconfigure the Domains.". Jeff PROCEDURES TO RECONFIGURE SWING E10ks I. Reconfigure the SSPs. 1) Complete any hardware changes, plug in and cable up everything, but leave the E10K, and the backup SSP powered off. Note: Install 8 new airfilters in E10k. 2) Power on the primary SSP. a. As root, run /opt/SUNWssp/bin/ssp_unconfig In order to unconfigure the SSP, you will need to know the domainname that has the E10K serial number in it. Choose from this list. e10k1 - 80a6566a star1-d (new E10k4 dbprod0) e10k2 - 80a6566b star11-d e10k3 - 80a65c37 wendy-d (new E10k1 star1) e10k4 - 80a701bc star25-d (new E10k3 wendy) b. Edit /etc/ethers and input the MAC address and the names of the 2 E10K control boards. Also input the MAC addresses/names for both SSPs. c. Save a copy of /etc/inet/hosts, and run sys-unconfig to wipe out the SSP hostname/IP address information. You will then reboot the SSP, and on boot-up, supply the new SSP hostname/IP address information. You will also supply the E10K platform name, the CPU speed information, and the control board information. d. Edit /etc/inet/hosts, and add back the floating SSP, both physical SSPs, and any other machines, like ntpserver, from the saved hosts file. e. Run "/opt/SUNWssp/bin/ssp_config float" to configure the floating SSP IP info. f. Create /etc/hostname.??? files that correspond to this sequence. hostname.eri0 = SSP name for control board 0 net hostname.qfe0 = SSP name for public net hostname.qfe1 = SSP name for control board 1 net g. Create: /etc/defaultrouter /etc/resolv.conf /etc/nsswitch.conf (add "dns") /export/home/ssp/.rhosts (Add all 'SSP2 hostnames' ssp) h. As the user "ssp", run "autoconfig", and then reboot the SSP. i. Power on the AC and Circuit breakers in the E10k, and issue a "power -on -all" from the SSP, as user "ssp". Verify that the SSP is now in control of the E10K platform, before proceeding. Note: Testing of the E10K Dual power grid can be completed at this time. I. Reconfigure the Domains. a. On the SSP, create the domain keys as user "ssp", ie. sys_id \ -f /var/opt/SUNWssp/.ssp_private/eeprom_save/eeprom.image. \ -h 0x -k 6DA1C5010A37D6130219 Note: -k string of numbers/letters is case sensitive. b. Create the domains(as the user SSP). domain_create -d 'domain_name' -b ? ? ? -o 5.? -p e10k? c. As the root user, "add_install_client" the new domain names. Note: It is simpler to first add the MAC addresses of each domain to /etc/ethers, and the IP/hostname to /etc/inet/hosts instead of supplying this info in the add_install_client command. To get the domain MAC numbers, cd to, /var/opt/SUNWssp/.ssp_private/eeprom_save sys_id -d -f star1 (or whatever domainname you need) d. As the user "ssp", open windows on the SSP for each domain, and proceed with the following steps in each window, domain_switch 'domain-name' bringup -A off (First domain will ask to configure the centerplane) netcon setenv-dr dr-max-mem 1 e. Create boot aliases at the OK> prompt for "disk" and "net", using either "show-disks", or "show-nets". f. For each domain, type "boot net -s". Note: Do not have any disks plugged in at this time other than the two D1000 boot disks(No EMC disks). g. Using "format", repartition each domain boot disk(18g) to the below specifications, TAG SLICE STARTING CYL ENDING CYL root 0 1 4834 swap 1 4835 7502 Leave 2 unused cylinders at the end of the disk, and wipe out all other slices except for slice 2. h. Restore the ufsdump files onto each domain boot disk. newfs /dev/rdsk/c0t0d0s0 mount /dev/dsk/c0t0d0s0 /a cd /a ufsrestore rf daffy:/flar/ufsdumps/domainname/\\ installboot /usr/platform/sun4u/lib/fs/ufs/bootblk /dev/rdsk/c0t0d0s0 Note: Will need to supply the IP address of daffy, and the ufsdump filename is a special character "\", thus the extra "\" preceeding it. i. Prepare the domain for booting. vi /a/etc/shadow and zero out root password.(if necessary) vi /a/etc/init.d/ndd script, and add qfe0 vi /a/etc/hostname.qfe0 and add new domainname(remove hostname.qfe1) vi /a/etc/defaultrouter, and add the new router IP(10.116.160.1) vi /a/etc/inet/hosts, and add new domain/IP and floating SSP/IP touch /a/etc/vx/reconfig.d/state.d/install-db cp /a/etc/vfstab /a/etc/vfstab.`date` vi /a/etc/system and comment out(*), rootdev:/pseudo/vxio@0:0 set vxio:vol_rootdev_is_volume=1 j. Create a new device tree for each domain. cp /a/etc/path_to_inst /a/etc/path_to_inst.`date` cd /a/dev/dsk ls -l c0t0d0s0 (One at a time, select c0, c1, c2... and use the output for the next command.) rm -r ../../devices/sbus@40,0/QLGC,isp@1,10000/sd* rm c?t* (Remove one controller at a time after completing the above step.) cd /a/dev/rdsk rm c* drvconfig -p /a/etc/path_to_inst (Ignore warning about read only filesystem) vi /a/etc/path_to_inst Remove all occurences of "pci", and renumber qfe devices by subtracting 4 from each one. This is a bug with booting over the net and having a Netra as an SSP. The way to remove all lines with "pci" in them in vi is to do this, :g/pci/d That should leave qfe 0, 1, 2, 3 and qfe 4, 5, 6, 7. drvconfig -R /a drvconfig -r /a disks -r /a devlinks -r /a rm -r /a/sbus* (I think that this can be avoided by doing a "drvconfig -R /a/devices" but I didn't get the chance to verify this. It all works with the above steps though.) halt boot -rv III. Reconfigure Veritas. a. vxinstall (Select to only encapsulate the boot disk, and add target 8 on controller one, named "rootmirror". Say "yes" to reboot.) b. After the encapsulation(2 boots), mirror the boot disk. /usr/lib/vxvm/bin/vxrootmir rootmirror& (mirrors only "/" and makes bootable) /usr/lib/vxvm/bin/vxmirror rootdisk rootmirror& (mirrors swap) eeprom boot-device="rootdisk rootmirror" eeprom diag-device="rootdisk rootmirror" IV. Reconfigure the backup SSP. a. Pull the public and control board networks, and access the backup SSP via the terminal server.(tsv-ttc-03 ESC+SHIFT+B = break) Power on the backup SSP. b. Login, save a copy of /etc/inet/hosts, and run sys-unconfig to wipe out the old SSP/IP info. Plug back in the network cables. When the SSP reboots, supply the new hostname/IP, and add back into /etc/inet/hosts the floating SSP/IP, and the primary SSP/IP. Edit or copy over from the primary SSP the /etc/ethers file, and the /etc/defaultrouter file. Create the /etc/hostname.??? files for the 2 control board interfaces. Edit /export/home/ssp/.rhosts, and add the names for the primary SSP. Edit /etc/resolv.conf Edit /etc/nsswitch.conf (add "dns") Reboot the backup SSP. c. On the primary SSP, turn failover back on and verify that you can talk to the backup SSP over all 3 networks.(As the user "ssp") ping e10k?-ssp2 ping e10k?-ssp2-eri0 ping e10k?-ssp2-qfe1 setfailover on (as the user "ssp") showfailover (Everything should show "GOOD" within a minute or so., if not, log on to the backup SSP, and run /etc/init.d/ssp stop;/etc/init.d/ssp start ) Verify that you can do an "rsh" to the backup SSP before copying over the domain specific files. (Things to check would be an expired password for the user "ssp", or incorrect /export/home/ssp/.rhosts file.) rsh e10k?-ssp2 ls -al rsh e10k?-ssp2-eri0 ls -al rsh e10k?-ssp2-qfe1 ls -al setdatasync backup showdatasync (should show one file ACTIVE) d. Test SSP failover. As the user "ssp" on the primary SSP, type, setfailover force On the backup SSP, run, tail -f /var/opt/SUNWssp/adm/messages to watch the backup SSP take over. Verify that failover has worked by typing, showfailover setfailover on (turn SSP failover back on) showfailover domain_switch `domainname` netcon Fail back if required. pre-built solaris packages for openssh are available at the http://www.unixpeople.com web-site NOTE: The version of ssh that comes with Solaris 9 uses the same authentication as openssh - in other words, use ssh-keygen then populate the $HOME/.ssh/authorized_keys file. Automating logins with openssh ------------------------------ When using ssh version 2 protocol (recommended) *********************************************** Generate an rsa key on the host that will be initiating the connection $ ssh-keygen -t rsa (just accept the defaults for the questions it asks) You should either enter nothing as the pass-phrase or see the section at the bottom of this document on ssh-agent. Copy the public part of the key from the host where the keypair was generated over to the destination host. Create the authorized_keys2 file on the host where we will be logging into $ cd .ssh $ cp id_dsa.pub authorized_keys2 Permissions must be restrictive enough $ chmod 755 $HOME $HOME/.ssh -rw-r--r-- 1 abarclay wheel 224 Dec 8 23:35 authorized_keys2 -rw------- 1 abarclay users 668 Feb 13 21:06 id_dsa -rw-r--r-- 1 abarclay users 606 Feb 13 21:06 id_dsa.pub To automate logins ON commercial SSH version 1.2.x ----------------------------------------------------------- Assume we have a user called bvuser who needs to ssh without supplying a password from host "pluto" to host "mars". First, generate a key pair on host pluto *********************************** bvuser@pluto$ ssh-keygen Initializing random number generator... Generating p: ..........................++ (distance 382) Generating q: ................++ (distance 254) Computing the keys... Testing the keys... Key generation complete. Enter file in which to save the key (/home/bvuser/.ssh/identity): Your public key is: 1024 37 10516359229421917113127705539478811879024498618426995803874534444 9945585988140096363802304628177693619418269871760392433499372348462869326 6646739162315779703799898551312046155191269923057968062945587691489139800 2932736577837917690970915466994613481217933907543219365668158001138849551 0768330121196117806139671 bvuser@pluto Your public key has been saved in /home/bvuser/.ssh/identity.pub *********************************** Accept the defaults for the file to save the key in Do NOT use a pass phrase (just press enter) Now, ftp the file /home/bvuser/.ssh/identity.pub over to host "mars" and add it to the bottom of the file /home/bvuser/.ssh/authorized_keys (You may have to create this file if it does not exist) MUST ensure permissions are correct on both machines: $ chmod 755 $HOME $HOME/.ssh $ chmod 600 $HOME/.ssh/identity $HOME/.ssh/authorized_keys Try it! **************************************** bvuser@pluto$ ssh mars Last login: Fri Jun 9 17:32:08 2000 from ushqseng99 No mail. Sun Microsystems Inc. SunOS 5.6 Generic August 1997 Using Terminal type: xterm bvuser@mars$ **************************************** NOTE: This only gives bvuser access from pluto to mars. In order to have the reverse be true, you would need to generate keys on mars and ftp the public key to pluto. Alternatively, you could simply copy over the entire .ssh directory from pluto to mars. That would preserve the same key. Of course, this would not be necessary if the home directories are automounted. Automating logins with commercial ssh 2.4 ----------------------------------------- generate a dsa key $ ssh-keygen -t DSS (just accept the defaults for the questions is asks) create the .ssh2/identification file (on the source host) with the following contents ----------------------------- IdKey id_dss_1024_a ----------------------------- Copy the keys from the host where the keys were generated over to the host where we will be logging into, placing them into the directory $HOME/.ssh2 create the .ssh2/authorization file (on the destination host) with the following contents ----------------------------- Key id_dss_1024_a.pub ----------------------------- MUST ENSURE THE PERMISSIONS ARE CORRECT $ chmod 755 $HOME $HOME/.ssh2 $ chmod 600 $HOME/.ssh2/id_dss_1024_a Automating logins from openssh to commercial ssh 2.4 ------------------------------------------------------- generate a dsa key (no need to do this if you already have one) $ ssh-keygen -d convert the openssh dsa PRIVATE key to commercial ssh2 public key format $ cd .ssh $ ssh-keygen -x -f id_dsa >commercialSSH2key.pub now move this file to the destination machine and put it in the $HOME/.ssh2 directory. Then put an entry in the .ssh2/authorization file -------------------------------------- Key commercialSSH2key.pub -------------------------------------- MUST ENSURE THE PERMISSIONS ARE CORRECT $ chmod 755 $HOME $HOME/.ssh2 $ chmod 755 $HOME $HOME/.ssh $ chmod 600 $HOME/.ssh2/commercialSSH2key.pub NOTE: If you want scp to work from openssh to commercial ssh, then you will need to copy the binary /usr/local/bin/scp to the commercial ssh machine, placing it at /usr/local/bin/scp1 Automating logins from commercial ssh 2.4 to openssh ----------------------------------------------------- generate a keypair ON the commercial ssh host: $ ssh-keygen -t DSS create the .ssh2/identification file with the following contents ----------------------------- IdKey id_dss_1024_a ----------------------------- copy the key pair back to the openssh host, placing the key pair in $HOME/.ssh On the openssh host, convert the commercial ssh keys into openssh format $ ssh-keygen -X -f id_dss_1024_a >id_dsa $ ssh-keygen -X -f id_dss_1024_a.pub >id_dsa.pub create the authorized_keys2 file $ cp id_dsa.pub authorized_keys2 MUST ENSURE CORRECT PERMISSIONS $ chmod 755 $HOME $HOME/.ssh2 $ chmod 755 $HOME $HOME/.ssh $ chmod 600 $HOME/.ssh/id_dsa $ chmod 600 $HOME/.ssh/authorized_keys2 ===================================================== Automating bidirectional connections between commercial ssh 2.4 and openssh --------------------------------------------------------------------------- Follow the steps above "from commercial ssh to openssh" Additionally, do the following: ON the commercial ssh box, create the .ssh2/authorization file with the following contents: ----------------------------- Key id_dss_1024_a.pub ----------------------------- The largest issue with this bi-directional communication is that scp version 2 is proprietary to the commercial ssh version, so in order to scp files from the openssh box to the commercial ssh box, you must install the openssh version of scp as /usr/local/bin/scp1 on the commercial box. In order to scp files from the commercial ssh box to the openssh box, you must use "scp1" rather than plain "scp" (plain scp will hang). When using ssh version 1 protocol ********************************* Generate a key for the user that will be automatically logging in: $ ssh-keygen (just accept the defaults for the questions it asks) You should either enter nothing as the pass-phrase or see the section at the bottom of this document on ssh-agent. Copy the public part of the key (identity.pub) from the host where the key was generated over to the destination host (placing it in $HOME/.ssh/identity.pub). Add identity.pub to the file authorized_keys (create the file if it doesn't exist). Permissions must be restrictive enough $ chmod 755 $HOME $HOME/.ssh $ ls -l $HOME/.ssh -rw------- 1 abarclay wheel 338 Jul 24 2000 authorized_keys -rw------- 1 abarclay users 534 Jun 23 2000 identity -rw-r--r-- 1 abarclay users 338 Jun 23 2000 identity.pub What if you have assigned a pass-phrase to the private part of your key pair? ============================================================================== Well, its a good idea to do this because if you don't, whomever has root or sudo access on any machine where this key exists can read the private key and hence masquerade as you. In addition, if some hacker compromises your machine, then you will essentially have to scrap all your keys. Ok, but it sucks to have a pass-phrase, because then you are prompted for it every time you ssh to another machine! Ah, there is a solution. If you run ssh-agent, on the machine where you are ssh'ing FROM, you can use ssh-add to decrypt your private key, and store it in the running program. When you initiate an ssh transaction with another system, the ssh-agent intercepts the request from the remote system for your private key and provides it. You only have to start ssh-agent and call ssh-agent and provide your pass-phrase once after each system reboot. Here is the snippet of code that I use in my .profile to handle this for me: -------------------------------------------- if [ -f /tmp/ssh-agent.$USER.sh ] then . /tmp/ssh-agent.$USER.sh else # changing to /tmp first avoids the problem of nfs busy cd /tmp ssh-agent |grep -v "echo" >ssh-agent.$$ . ./ssh-agent.$$ # only create the special file if ssh-add works [ -f $HOME/.ssh/identity ] && ssh-add $HOME/.ssh/identity && result=TRUE [ -f $HOME/.ssh/id_rsa ] && ssh-add $HOME/.ssh/id_rsa && result=TRUE [ -f $HOME/.ssh/id_dsa ] && ssh-add $HOME/.ssh/id_dsa && result=TRUE [ "$result" = "TRUE" ] && mv ssh-agent.$$ ssh-agent.$USER.sh cd $HOME fi -------------------------------------------- Its a little complex in case I need to use ssh version 1 (identity), or ssh version 2 with either an RSA or DSA key.