Tuesday, December 30, 2008

Script to set up syslog-ng on Solaris 10 hosts



#!/bin/sh
# This script is for Solaris 10

echo Creating syslog-ng.conf
mkdir /etc/syslog-ng 2>/dev/null
cat << END > /etc/syslog-ng/syslog-ng.conf
options {
stats(0);
sync(0);
time_reopen(1);
log_fifo_size(4096);
long_hostnames(off);
use_dns(no);
use_fqdn(no);
create_dirs(yes);
keep_hostname(yes);
};

source sys {
sun-streams("/dev/log" door("/etc/.syslog_door"));
internal();
udp();
tcp(ip("0.0.0.0") port(5150) max-connections(300));
};

filter notdebug {
level(info...emerg);
};
destination perhost {
file("/var/log/perhost/$HOST.log.$YEAR$MONTH$DAY");
};
log {
source(sys);
filter(notdebug);
destination(perhost);
};

destination syslog-ng-server {
tcp("10.10.10.10" port(5150));
};
log {
source(sys);
filter(notdebug);
destination(syslog-ng-server);
};
END
chown root:sys /etc/syslog-ng/syslog-ng.conf
chmod 644 /etc/syslog-ng/syslog-ng.conf

echo Removing old init script links if they exist
rm -f /etc/init.d/syslog /etc/rc2.d/S74syslog /etc/init.d/syslog /etc/rc0.d/K40syslog /etc/init.d/syslog /etc/rc1.d/K40syslog /etc/init.d/syslog /etc/rcS.d/K40syslog

echo Disabling stock syslog
svcadm disable system-log

echo Setting up syslog-ng method script
cat </lib/svc/method/svc-syslog-ng
#!/bin/sh
. /lib/svc/share/smf_include.sh

# Start processes required for syslog-ng

# Required for certain libgcc and eventlog libraries
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib:/usr/sfw/lib
export LD_LIBRARY_PATH

if [ -x /usr/local/sbin/syslog-ng ]; then
/usr/local/sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf
else
echo "syslog-ng is missing or not executable."
exit $SMF_EXIT_ERR_CONFIG
fi

exit $SMF_EXIT_OK
E0F
chown root:bin /lib/svc/method/svc-syslog-ng
chmod 755 /lib/svc/method/svc-syslog-ng

echo Setting up SMF manifest
cat </var/svc/manifest/system/syslog-ng.xml




name='system/syslog-ng'
type='service'
version='1'>





name='milestone'
grouping='require_all'
restart_on='none'
type='service'>




name='filesystem'
grouping='require_all'
restart_on='none'
type='service'>




name='autofs'
grouping='optional_all'
restart_on='none'
type='service'>




name='name-services'
grouping='require_all'
restart_on='none'
type='service'>



name='syslog-ng_single-user'
grouping='optional_all'
restart_on='none'>




type='method'
name='start'
exec='/lib/svc/method/svc-syslog-ng'
timeout_seconds='60' />

type='method'
name='stop'
exec=':kill'
timeout_seconds='60' />

type='method'
name='refresh'
exec=':kill -HUP'
timeout_seconds='60' />



value='solaris.smf.manage.syslog-ng' />








E0F
chown root:sys /var/svc/manifest/system/syslog-ng.xml
chmod 444 /var/svc/manifest/system/syslog-ng.xml

echo Validating manifest
svccfg validate /var/svc/manifest/system/syslog-ng.xml

echo Importing manifest
svccfg import /var/svc/manifest/system/syslog-ng.xml

echo Starting syslog-ng
svcadm enable syslog-ng
root@maass> more /etc/syslog-ng/syslog-ng.conf
options {
stats(0);
sync(0);
time_reopen(1);
log_fifo_size(4096);
long_hostnames(off);
use_dns(no);
use_fqdn(no);
create_dirs(yes);
keep_hostname(yes);
};

source sys {
sun-streams("/dev/log" door("/etc/.syslog_door"));
internal();
udp();
tcp(ip("0.0.0.0") port(5150) max-connections(300));
};

filter notdebug {
level(info...emerg);
};
destination perhost {
file("/var/log/perhost/$HOST.log.$YEAR$MONTH$DAY");
};
log {
source(sys);
filter(notdebug);
destination(perhost);
};

destination florey {
tcp("144.83.19.28" port(5150));
};
log {
source(sys);
filter(notdebug);
destination(florey);
};


Syslog-ng log evacuation

#!/bin/sh

#calculate yesterday's date
YESTERDAY=`env TZ=EST29EDT date +%Y%m%d`

#find the logs associated with yesterday
LOGS=`/usr/bin/find /var/log/perhost -name "*.$YESTERDAY"`
PROXYLOGS=`/usr/bin/find /var/log/proxy -name "*.$YESTERDAY"`

#compress the logs
/usr/bin/gzip $LOGS
/usr/bin/gzip $PROXYLOGS

#now select the logs.gz
GZLOGS=`/usr/bin/find /var/log/perhost -name "*.$YESTERDAY.gz"`
PROXYGZ=`/usr/bin/find /var/log/proxy -name "*.$YESTERDAY.gz"`

#change ownership of the files so the remote sawmill process can read them
/usr/bin/chmod 644 /var/log/perhost/*


#cp the files to sawmill ~logevac
/usr/bin/cp $GZLOGS /nfsserver/servers/sawmill/evacuated-logs
/usr/bin/cp $PROXYGZ /nfsserver/servers/sawmill/proxy-logs-to-be-processed
#
/usr/bin/chmod 644 /nfsserver/servers/sawmill/evacuated-logs/*
/usr/bin/chown 55555:55555 /nfsserver/servers/sawmill/evacuated-logs/*

# remove the local syslog-ng server files after 7 days
oldlogs=`/usr/bin/find /var/log -mtime +7`
/usr/bin/rm $oldlogs

# clear out the logfiles older than 21 days
/usr/bin/find /hjfnfs/servers/sawmill/evacuated-logs -name "*log*.gz" -mtime +21 -exec /usr/bin/rm -f {} \;

Script to clear out Solaris corefiles

Run this from the global zone...




#!/bin/sh
#
# clear out corefiles
# miw 9/1/06
#
/usr/bin/rm /var/core/core*
/usr/bin/rm /zones/*/root/var/core/core*


Script to email basic system info



#!/bin/sh

#
# This script emails basic system info to sysadmin
#
#
SERVERNAME=`uname -n`
file=/usr/local/scripts/safe
#
uname -a > $file
#
/usr/bin/df -F ufs -o i >>$file
#
for i in /etc/passwd /etc/group /etc/vfstab
do
echo "">>$file
echo "***********************************************************************" >
> $file
ls -l $i >> $file
cat $i >> $file
done
#
#for a in "swap -l" "df -k" "prtvtoc /dev/dsk/c1t0d0s0" /usr/sbin/metastat "/usr
/sbin/metadb -i"
#do
#echo "***********************************************************************"
>>$file
#echo "$a" >> $file
#$a >> $file
#done
#
cat $file|mailx -s recovery_info_$SERVERNAME me@myhost.com


Script to manage syslog-ng files

#!/bin/sh
#
# miw 9/20/07
#
# gzip any syslog-ng logfiles older than 7 days
find /var/log/perhost -name "*.log*" -mtime +7 -exec /bin/gzip {} \;

# clear out the syslog-ng logfiles older than 21 days
find /var/log/perhost -name "*log*.gz" -mtime +21 -exec /bin/rm -f {} \;

Script to check for expiring passwords

/usr/local/scripts/account-exp


#!/bin/sh
#
# This script checks to see if an acount's password is expired and
# then sends me an email
#
#

##############
# Variables
##############
SERVERNAME=`uname -n`
file=/var/tmp/accounts
LOGFILE=/var/cron/log
WORD=expire


#########################################
# Check to see if there are
# any expired accounts
#########################################

EXPIRED=`grep ${WORD} ${LOGFILE} | wc -l`

#########################################
# If an expired account has
# been detected, email the administrator
#########################################

if [ ${EXPIRED} -ne 0 ]; then

# Attach a header
uname -a >$file
echo "">>$file
echo "**************************************************************" >> $fil
e
#

# Also attach expired info
grep expire ${LOGFILE} >> $file
#

# Now email the administrator
cat $file|mailx -s expired_accounts_$SERVERNAME me@myhost.com
#

# Clean up
rm $file
#

fi

Script to remove Staroffice from Solaris

Not fancy, but it works...

#!/bin/sh
#
pkgrm SUNWstaroffice-xsltfilter
pkgrm SUNWstaroffice-writer
pkgrm SUNWstaroffice-w4wfilter
pkgrm SUNWstaroffice-sunsearchtoolbar
pkgrm SUNWstaroffice-ooofonts
pkgrm SUNWstaroffice-menuintegration
pkgrm SUNWstaroffice-math
pkgrm SUNWstaroffice-lngutils
pkgrm SUNWstaroffice-javafilter
pkgrm SUNWstaroffice-impress
pkgrm SUNWstaroffice-graphicfilter
pkgrm SUNWstaroffice-gnome-integration
pkgrm SUNWstaroffice-gallery
pkgrm SUNWstaroffice-base
pkgrm SUNWstaroffice-calc
pkgrm SUNWstaroffice-core01
pkgrm SUNWstaroffice-core02
pkgrm SUNWstaroffice-core03
pkgrm SUNWstaroffice-core04
pkgrm SUNWstaroffice-core05
pkgrm SUNWstaroffice-core06
pkgrm SUNWstaroffice-core07
pkgrm SUNWstaroffice-core08
pkgrm SUNWstaroffice-core09
pkgrm SUNWstaroffice-draw



Someone pointed out that this one liner would work as well -- I like it for it's simplicity:


# yes | pkgrm `pkginfo | grep staroffice | awk '{print $2}'`

Solaris ssh


Best way to start/initialize ssh:

/lib/svc/method/sshd -c
svcadm enable network/ssh

Other stuff:

svcs -l sshd
svcadm enable ssh
svcadm restart ssh
svcadm enable svc:/network/ssh:default
/usr/sbin/ssh-keygen -t rsa1 -b 1024 -f
/usr/sbin/ssh-keygen -t rsa -b 1024 -f
/usr/sbin/ssh-keygen -t dsa -b 1024 -f

Solaris 10 /devices

/devices is now dynamic and managed by the devfs filesystem, if necessary, new devices can be configured using /usr/sbin/cfgadm. Generate /dev/dsk, /dev/rdsk links using
/usr/sbin/devfsadm

Solaris JASS / VNC problem

If you ever need to run VNC with inetd on a server after applying SUNWjass's secure.driver, make sure to change the following file that JASS creates - /etc/dt/config/Xaccess (do not confuse this with /usr/dt/config/Xaccess or /usr/openwin/lib/X11/xdm/Xaccess):

(before)

##
## ex.
## !xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
## bambi.ogi.edu # allow access from this particular display
## *.lcs.mit.edu # allow access from any display in LCS

## Deny all remote access (direct/broadcast) to this X server.

!*


(after)

##
## ex.
## !xtra.lcs.mit.edu # disallow direct/broadcast service for xtra
## bambi.ogi.edu # allow access from this particular display
## *.lcs.mit.edu # allow access from any display in LCS

## All remote access (direct/broadcast) to this X server.

*


This combined with /etc/hosts.allow and /etc/hosts.deny will provide the necessary security.

Auto-ftp script

One of our Peoplesoft developers needed a script to ftp encrypted files to a vendor. Here's what I came up with:


#!/usr/bin/ksh
cd /tmp/ww
HOST='ftp.somehost.com'
USER='myusername'
PASSWD='mypassword'
FILE='somefilename.PGP'
LOCATION='remotefolder'
exec 4>&1
ftp -nv >&4 2>&4 |&
print -p open $HOST
print -p user $USER $PASSWD
print -p cd $LOCATION
print -p binary
print -p put $FILE
exit 0

Monday, December 29, 2008

VMware RCLI commands for ESXi

[I didn't write this, but it's a nice summary]

Using the RCLI to configure a VMware ESXi server.... These tasks can be
accomplished via the Virtual Infrastructure client but with a little
scripting you can easily configure, audit and manage multiple ESX i hosts.

To help identify what command does you can use the --help switch with any
of the perl scripts.


* vicfg-advcfg.pl - allows for the modification of any of the
advanced configuraiton options.

# vicfg-advcfg.pl --server 10.10.1.104 --get Cpu.MigratePeriod
- returns the value of the Cpu.MigrationPeriod

* vicfg-cfgbackup.pl - can backup and restore ESX settings

# vicfg-cfgbackup.pl --server 10.10.1.104 --save rwgood

* vicfg-cfgbackup.pl can also restore the file

# vicfg-cfgbackup.pl --server 10.10.1.104 --load rwgood --force

* vicfg-dns.pl allows you to change the DNS settings of a host

* vicfg-dumppart.pl > helps with the support files

* vicfg-module.pl > allows you to manged the loaded modules

* vicfg-mpath.pl - all sorts of info on the VMFS paths

# vicfg-mpath.pl --server 10.10.1.104 --list

* vicfg-nas.pl
* vicfg-nics.pl > configure the phsical NICs in the host
* vicfg-ntp.pl > managed the NTP settings

# vicfg-ntp.pl --server 10.10.1.104 --list
- Lists the configured NTP servers on the host

# vicfg-ntp.pl --server 10.10.1.104 --add time.gov
- Adds time.gov to the ntp configuration

# vicfg-ntp.pl --server 10.10.1.104 --delete time.gov
- Removes the time.gov from the ntp configuration

# vicfg-ntp.pl --server 10.10.1.104 --start
- Starts the NTP service on the host

# vicfg-ntp.pl --server 10.10.1.104 --stop
- Stops the NTP service on the host

* vicfg-rescan.pl > rescanning for VMFS and storage

* vicfg-route.pl

* vicfg-snmp.pl > configure your SNMP settings

* vicfg-syslog.pl > configure the ESX host syslog target

* vicfg-user.pl > local ESXi user management

* vicfg-vmhbadevs.pl > all about the HBAs

* vicfg-vmknic.pl > more and same infor for you nics

* vicfg-vswitch.pl > configuring the vSwitches

# vicfg-vswitch.pl --server 10.10.1.104 --add mine
- adds new vSwitch called mine

# vicfg-vswitch.pl --server 10.10.1.104 --add-pg public mine
- adds a port group called public to the vSwitch mine

# vicfg-vswitch.pl --server nhqesx036 vSwitch1 --pg mine --vlan 100
- adds a vlan tag of 100 to the port goup mine.

# vicfg-vswitch.pl --server 10.10.1.104 --link vmnic1 mine
- adds the vmnic1 to the vSwitch called mine

* vifs.pl > used to move files to and from the ESX host

* vihostupdate.pl > updating and patching the ESX i

# vihostupdate.pl --server 10.10.1.104 /
--bundle --install ESXe350-200807812-O-BG.zip
- installs the ESXi patch on server 10.10.1.104

# vihostupdate.pl --server 10.10.1.104 -q
- shows the version of the ESXi host

* vmkfstools.pl > same as alway managing disk
* vmkuptime.pl - does nothing yet
* vms.pl
* vmware-cmd.pl > same as always managing the VMs on the host

ISO Mounting on Solaris

# lofiadm -a /export/temp/software.iso /dev/lofi/1
# mount -F hsfs -o ro /dev/lofi/1 /mnt


or


# mkdir /iso ; mount -F hsfs -o ro `lofiadm -a /tmp/software.iso` /iso

Tuesday, November 25, 2008

Description of each Solaris service using svcs

Read the svcs manpage for troubleshooting tips, but here's a nice one to list the description of what each service does: 

# svcs -o FMRI,DESC
FMRI DESC
lrc:/etc/rcS_d/S29wrsmcfg -
lrc:/etc/rc2_d/S00set-tmp-permissions -
lrc:/etc/rc2_d/S07set-tmp-permissions -
[...]
svc:/system/webconsole:console java web console
svc:/milestone/multi-user-server:default multi-user plus exports milestone
svc:/system/zones:default Zones autoboot and graceful shutdown
svc:/system/basicreg:default -

[Note that the rc scripts don't have a description]

Solaris upgrade / install logs

After performing an upgrade or installation of Solaris 10 you should review the logfiles.

Once the system has been rebooted and is running, the complete transcript of the upgrade and all messages printed to the screen are saved in the file:

/var/sadm/system/logs/upgrade_log

Also of note is the file:

/var/sadm/system/data/upgrade_cleanup

It contains a list of actions that may need to be performed to complete the upgrade.

Friday, October 3, 2008

HP ProCurve Switch Tips

All these commands need to be performed while in CONFigure Terminal mode (CONF T) at the console command line:

To turn off port security:

no port-security port-#

ex: no port-security b10

To reapply port security:

port-security port-# learn-mode static address-limit 1

ex: port-security b10 learn-mode static address-limit 1


If a user has a need for more than one network device (like a printer or an extra PC using a mini hub), you can increase the number of allowable devices on the port with this command:

port-security port-# address-limit X [where X is a number from 1 to 8]

ex: port-security b10 address-limit 3

These commands can also be applied to multiple ports at the same time using a range of port numbers. Use the syntax b1-b6,c2-c7,f10-f18 for multiple ports on multiple blades. As an example to turn off port security on ports b2-b19 and g6-g11 use this command:

no port-security b2-b19,g6-g11

When done EXIT configure terminal mode, then LOGOUT to leave and YES (if asked) to save the configuration.

--------------------------------



To change banner:

conf t
banner motd 0
[enter banner and end with a "0"]


--------------------

To control Power Over Ethernet (POE):


show power-management brief


switch(config)# interface c22 power
switch(config)#
show power-management brief c22

Status and Counters - Port Power Status

| Power Configured Detection Power
Port | Enable Priority Type Status Class
----- + ------- -------- ---------------- ----------- ------
C22 | Yes Low Searching 0


switch(config)# no interface c22 power
switch(config)# show power-management brief c22

Status and Counters - Port Power Status

| Power Configured Detection Power
Port | Enable Priority Type Status Class
----- + ------- -------- ---------------- ----------- ------
C22 | No Low Disabled 0

Friday, September 19, 2008

VMWare ESX Server error: An invalid snapshot configuration was detected


While trying to create a snapshot on a host I received an error: 
An invalid snapshot configuration error occurred. 

Tech support was good and walked me through the resolution:

#
vmware-cmd -l

[gets a listing of hosts and filesystem paths and combine the host that you are getting the error on with the
vmware-cmd command:

#
vmware-cmd /vmfs/volumes/45j2fdb8-42a8bc40-dd01-0019bbca5388/host.com/host.com.vmx hassnapshot

[if there are no snapshots you will see this output]

hassnapshot() = 1

#
ls -la *vmsd
-rw------- 1 root root 477 Sep 19 19:49 host.com.vmsd

#
mv host.com.vmsd host.com.vmsd.bak

then issue the snapshot command.

Tuesday, September 2, 2008

How to change Solaris hostname


# hostname newhostname

edit these files as well:

/etc/hosts
/etc/nodename
/etc/hostname.xxxn

Look in these files, but chances are you won't need to make changes:

/etc/net/ticlts/hosts
/etc/net/ticots/hosts
/etc/net/ticotsord/hosts
/etc/inet/ipnodes (if this file exists and if a hostname entry exists)

[don't forget to change /etc/defaultrouter if need be]
[don't forget to change /etc/netmasks if need be]

How to reset the SUN ALOM to default settings

at the sc> prompt type:
set-defaults

How to add a Solaris Virtual Interface

To add virtual interface as root:

ifconfig ce0:1 plumb
ifconfig ce0:1 10.1.1.50 up

edit /etc/hosts and add ip address information
edit /etc/hostname.ce0:1 and add in name of the server

SUN memory

Here's a simple way to get all of the information about the memory on your SUN system:

/usr/platform/`uname -i`/sbin/prtdiag -v > /tmp/systeminfo.txt

More than you ever wanted to know about the memory in your system...

SUN t5120 Server

For some reason SUN has multiple types of ILO, SC, XSCF management adapters. The t5120 uses the ILO and here are some commands that I've found useful. [Update 10/1/08 -- SUN has a compatibility Shell for the ILO to make it look like the more familiar sc!!]

SETUP the ILO Network:

-> set /SP/network pendingipdiscovery=static
-> set /SP/network pendingipaddress=10.1.1.50
-> set /SP/network pendingipgateway=10.1.1.1
-> set /SP/network pendingipnetmask=255.255.255.0
-> show /SP/network

-> set /SP/network commitpending=true
-> set /SP/network state=enabled
-> set /SP/services/ssh state=enabled

-> show /HOST macaddress
-> show /HOST obp_version
-> show /HOST post_version
-> show /HOST status

Start the system:

-> start /SYS [to start the system]
Are you sure you want to start /SYS (y/n)? y
Starting /SYS


Connect to the console:

-> start /SP/console [to start the console]
Are you sure you want to start /SP/console (y/n)? y
Serial console started. To stop, type #.

Shutdown the system:

# shutdown -g0 -i6 -y [shutdown]
# shutdown -g0 -i0 -y [power cycle]

[get back to ilo and power off]

ok #.

-> stop /SYS
Are you sure you want to stop /SYS (y/n)? y
Stopping /SYS

Send break:

-> set /HOST send_break_action=break

[Update: 10/1/08]

SUN, made me very happy when I noticed they have an ALOM Compatibility Shell -- here's how to enable it:

Log onto your server's ILO and modify your account:

-> set /SP/users/xxxxx role=Administrator cli_mode=alom
Set 'role' to 'Administrator'
Set 'cli_mode' to 'alom'

then log out of the server and back in. You will now have the more familiar sc> prompt:

SUNSPxxxx login: xxxxx
Password:
Waiting for daemons to initialize...

Daemons ready

Sun(TM) Integrated Lights Out Manager

Version 2.0.4.20.c

Copyright 2007 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.

sc>


Configure the onboard Hardware Disk Raid:


# raidctl
No RAID volumes found

format> # raidctl -c c1t0d0 c1t1d0
Creating RAID volume will destroy all data on spare space of member disks, proceed (yes/no)? y
/pci@0/pci@0/pci@2/scsi@0 (mpt0):
Physical disk 0 created.
/pci@0/pci@0/pci@2/scsi@0 (mpt0):
Physical disk 1 created.
/pci@0/pci@0/pci@2/scsi@0 (mpt0):
Volume 0 is |enabled||optimal|
/pci@0/pci@0/pci@2/scsi@0 (mpt0):
Volume 0 is |enabled||optimal|
/pci@0/pci@0/pci@2/scsi@0 (mpt0):
Volume 0 created.
/pci@0/pci@0/pci@2/scsi@0 (mpt0):
Physical disk (target 1) is |out of sync||online|
/pci@0/pci@0/pci@2/scsi@0 (mpt0):
Volume 0 is |enabled||degraded|
/pci@0/pci@0/pci@2/scsi@0 (mpt0):
Volume 0 is |enabled||resyncing||degraded|
Volume c1t0d0 is created successfully!

# raidctl -l c1t0d0
Volume Size Stripe Status Cache RAID
Sub Size Level
Disk
----------------------------------------------------------------
c1t0d0 136.6G N/A OPTIMAL N/A RAID1
0.1.0 136.6G GOOD
0.0.0 136.6G GOOD


Failed disk mirror is in degraded mode due to a failure with disk c0t2d0:

# raidctl

RAID Volume RAID RAID Disk
Volume Type Status Disk Status
--------------------------------------------------------
c0t1d0 IM DEGRADED c0t1d0 OK
c0t2d0 FAILED




To recover, remove the hard drive -- when it fails it goes offline, so it's not necessary to issue any commands to bring the failed drive offline.

When you receive the spare drive, install it into the disk bay and the on-board RAID utility will automatically recover the raid set.

Use the raidctl command to check the status of a RAID rebuild:

# raidctl

RAID Volume RAID RAID Disk
Volume Type Status Disk Status
--------------------------------------------------------
c0t1d0 IM RESYNCING c0t1d0 OK
c0t2d0 OK

If you issue the command again once synchronization has completed, it indicates that the RAID mirror is back online:

# raidctl

RAID Volume RAID RAID Disk
Volume Type Status Disk Status
--------------------------------------------------------
c0t1d0 IM OK c0t1d0 OK
c0t2d0 OK


I modified a script found online to email me when there is a potential problem:

As root, add this command to the crontab:

0 * * * * /usr/local/scripts/check-raidctl


#!/bin/bash
#
# Checks the output of Solaris raidctl command and alerts if possible error
# Michael Wilson
# 08-19-2008
#

PATH=/bin:/usr/bin:/sbin:/usr/sbin
export PATH

ADMIN="someone@yourhost.com"

RAID_STATUS=`raidctl -l c1t0d0 | nawk '$1 ~ /c1t0d0/ { if ( $4 ~ /OPTIMAL/ ) {print "OK" } else { print "FAULT" } }'`

if [ "${RAID_STATUS}" = "FAULT" ]
then
# syslog-ng and the logfile cruncher should pick these lines up
logger -p daemon.notice "ERROR: The RAID controller detected a fault"
logger -p daemon.notice "ERROR: Run /usr/sbin/raidctl to check the RAID controller status"

# Send an email to let someone know
echo "" | mailx -s "$HOSTNAME : RAID controller fault detected, run /usr/sbin/raidctl -l c1t0d0" ${ADMIN}
exit 1
fi

exit 0

Thursday, August 28, 2008

Solaris Zone Global Hardware Identification

How do you tell what physical hardware a zone resides on?

After creating zones on more than one or two physical hosts I lose track of what zones were on what physical hardware. My solution is to create a file on the global zone, suppose the physical server is called "sun-server":

echo sun-server >> /usr/local/global


The file /usr/local/global now contains the name of the physical host that the zone resides on.

For sparse zones the file on the global zone is visible so you don't have to create one there, but for whole zones you will need to run the command in the zone.

Simple and easy to check when you are on a host:

cat /usr/local/global
sun-server


Friday, August 22, 2008

SUN M5000 server

SUN's M500 server has a new management interface card called XSCF -- it's vastly different from the sc interface of the other ilo products.

Here are my notes from setting up our system. Note that ip and MAC addresses are bogus -- I've changed them from my system settings...

rebootxscf
- reboots the xscf system

XSCF> console -d 0
XSCF> showstatus
XSCF> showversion -c xcp -v [shows xcp firmware, version, openboot prom version
XSCF> showenvironment
XSCF> showenvironment temp
XSCF> showenvironment volt
XSCF> showhardconf
XSCF> showdcl -va [check domain id...]
XSCF> showdomainstatus -a
XSCF> showboards -a
XSCF> poweron -a [powers up all domains]
XSCF> poweroff -a [powers off all domains]
XSCF> poweron -d 0 [powers on domain 0]
XSCF> poweroff -d 0 [powers off domain 0]
XSCF> poweroff -f -d 0 [forces a power off domain 0]
XSCF> reset -d 0 por [resets domain 0]
XSCF> reset -d 0 xir [resets domain 0 with XIR reset]
XSCF> sendbreak -d 0 [sends break command to domain 0]
XSCF> setautologout -s 60 [sets autologout to 60 minutes]
XSCF> showautologout
XSCF> shownetwork -a
XSCF> setnetwork xscf#0-lan#0 -m 255.255.255.0 10.10.10.5
XSCF> sethostname xscf#0 fire-xscf
XSCF> sethostname -h host.org
XSCF> setroute -h host.org
XSCF> setnameserver 10.10.10.2 10.10.10.3
XSCF> setroute -c add -n 10.10.10.1 -m 255.255.255.0 xscf#0-lan#0

--------------------

I boot from a SAN, so here are the SAN FC disks:

{8} ok show-disks
a) /pci@2,600000/QLGC,qlc@0,1/fp@0,0/disk
b) /pci@2,600000/QLGC,qlc@0/fp@0,0/disk
q) NO SELECTION
Enter Selection, q to quit:

ok nvalias mydev /pci@2,600000/QLGC,qlc@0,1/fp@0,0/disk

{8} ok show-disks
a) /pci@2,600000/QLGC,qlc@0,1/fp@0,0/disk
b) /pci@2,600000/QLGC,qlc@0/fp@0,0/disk
q) NO SELECTION
Enter Selection, q to quit: b
/pci@2,600000/QLGC,qlc@0/fp@0,0/disk has been selected.
Type ^Y ( Control-Y ) to insert it in the command line.
e.g. ok nvalias mydev ^Y
for creating devalias mydev for /pci@2,600000/QLGC,qlc@0/fp@0,0/disk
{8} ok nvalias mydev /pci@2,600000/QLGC,qlc@0/fp@0,0/disk
{8} ok boot mydev - install
Boot device: /pci@2,600000/QLGC,qlc@0/fp@0,0/disk File and args: - install
QLogic QLE2462 Host Adapter Driver(SPARC): 1.17 03/31/06


-------------------------

Need to make a system snapshot for diagnostic purposes? Use this command:

snapshot -l -v -p xxxxxxxxx -t me@myhost.host.org:/tmp

-----------------

ok> boot mydev - install

ok> watch-net-all

ok> show-nets

XSCF> showhardconf

-----------------------

{8} ok devalias net /pci@3,700000/network@0,1
{8} ok devalias
net /pci@3,700000/network@0,1
san /pci@2,600000/QLGC,qlc@0,1/fp@0,0/disk
name aliases
{8} ok boot net - install
Boot device: /pci@3,700000/network@0,1 File and args: - install
1000 Mbps full duplex Link up
Requesting Internet Address for 0:15:36:3c:b7:65
Requesting Internet Address for
0:15:36:3c:b7:65
Requesting Internet Address for 0:15:36:3c:b7:65
1000 Mbps full duplex Link up
Requesting Internet Address for
0:15:36:3c:b7:65
1000 Mbps full duplex Link up
Requesting Internet Address for
0:15:36:3c:b7:65
Requesting Internet Address for 0:15:36:3c:b7:65

{8} ok nvunalias net
{8} ok nvunalias net1
{8} ok set-defaults
Setting NVRAM parameters to default values.

{8} ok reset-all
Resetting...

{8} ok devalias net /pci@3,700000/network@0
{8} ok boot net - install
Boot device: /pci@3,700000/network@0 File and args: - install
1000 Mbps full duplex Link up
Requesting Internet Address for
0:15:36:3c:b7:65
Requesting Internet Address for 0:15:36:3c:b7:65
Requesting Internet Address for 0:15:36:3c:b7:65
1000 Mbps full duplex Link up
Requesting Internet Address for
0:15:36:3c:b7:65
Requesting Internet Address for 0:15:36:3c:b7:65
Requesting Internet Address for 0:15:36:3c:b7:65
Requesting Internet Address for 0:15:36:3c:b7:65
Requesting Internet Address for 0:15:36:3c:b7:65
Requesting Internet Address for 0:15:36:3c:b7:65

XSCF> sendbreak -d 1
Send break signal to DomainID 1?[y|n] :y
XSCF> reset -d 1 xir
DomainID to reset:01
Continue? [y|n] :y
01 :Reset

*Note*
This command only issues the instruction to reset.
The result of the instruction can be checked by the "showlogs power".

=----------------------

{8} ok cd /pci@3,700000/network@0
{8} ok ./properties
./properties ?
{8} ok .properties
status okay
assigned-addresses
00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
phy-type mif
board-model 501-7289
version Sun PCI-E 1G Ethernet UTP Adapter FCode 1.10 06/11/02
model SUNW,pcie-northstar
d-fru-len
00000000
d-fru-off 00000000
d-fru-dev eeprom
s-fru-len
00000000
s-fru-off 00000000
s-fru-dev eeprom
compatible pciex8086,105e.108e.125e.6
pciex8086,105e.108e.125e
pciex108e,125e
pciex8086,105e.6
pciex8086,105e
pciexclass,020000
pciexclass,0200
reg
00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
max-frame-size 00010000
address-bits 00000030
device_type network
name network
local-mac-address
0:15:36:3c:b7:65
fcode-rom-offset 0000e000
interrupts 00000001
cache-line-size 00000010
class-code 00020000
subsystem-id 0000125e
subsystem-vendor-id 0000108e
revision-id 00000006
device-id 0000105e
vendor-id 00008086

{8} ok nvalias net /pci@3,700000/network@0
{8} ok devalias
net /pci@3,700000/network@0
disk /pci@2,600000/QLGC,qlc@0,1/fp@0,0/disk
name aliases

{8} ok boot net - install
Boot device: /pci@3,700000/network@0 File and args: - install
1000 Mbps full duplex Link up
Requesting Internet Address for
0:15:36:3c:b7:65
Requesting Internet Address for 0:15:36:3c:b7:65
Requesting Internet Address for 0:15:36:3c:b7:65
1000 Mbps full duplex Link up
Requesting Internet Address for
0:15:36:3c:b7:65
Requesting Internet Address for 0:15:36:3c:b7:65
1000 Mbps full duplex Link up
1000 Mbps full duplex Link up

Requesting Internet address for
0:15:36:3c:b7:65
SunOS Release 5.10 Version Generic_120011-14 64-bit
Copyright 1983-2007 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.



------------
Need to turn off the IP filter firewall?

# svcs | grep ip
online Nov_21 svc:/network/ipfilter:default
# svcadm disable ipfilter
# svcs | grep ip

---------------

added 2 additional memory boards:

XSCF> addboard -c assign -d 0 00-2
XSCF> addboard -c assign -d 1 00-3

XSCF> showboards -va

-----------------

To disable secure mode in the console (which disables the break command):

XSCF> setdomainmode -d 0 -m secure=off
Diagnostic Level :min -> -
Secure Mode :on -> off
Autoboot :on -> -
The specified modes will be changed.
Continue? [y|n] :y
configured.
Diagnostic Level :min
Secure Mode :off (host watchdog: unavailable Break-signal:receive)
Autoboot :on (autoboot:on)

XSCF> sendbreak -y -d 0
Send break signal to DomainID 0?[y|n] :y

System now sits at the OK prompt:

Type 'go' to resume
{0} ok boot cdrom
Resetting...
POST Sequence 01
[.]
POST Sequence Complete.

Sun SPARC Enterprise M4000 Server, using Domain console
Copyright 2007 Sun Microsystems, Inc. All rights reserved.
Copyright 2007 Sun Microsystems, Inc. and Fujitsu Limited. All rights reserved.
OpenBoot 4.24.4, 32768 MB memory installed, Serial #3333333.
Ethernet address
0:15:36:3c:b7:65, Host ID: 99999999.

Rebooting with command: boot cdrom
Boot device: /pci@0,600000/pci@0/pci@8/pci@0/scsi@1/disk@3,0:f File and args:
SunOS Release 5.10 Version Generic_120011-14 64-bit
Copyright 1983-2007 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
[.]

Virtual Interfaces (Solaris)

add virtual interface:

ifconfig ce0:1 plumb
ifconfig ce0:1 10.10.10.5 up

edit /etc/hosts and add ip address information
edit /etc/hostname.ce0:1 and add in name of the server

Copy a CDROM to an ISO (Solaris)

to copy a cdrom to an iso:

mkisofs -r -o /tmp/disk1.iso /media/disk1

CDROM mounting into a Solaris Zone

To make the cdrom available to a zone, first mount it in the
global zone, then reconfigure the non-global zone:

[curie/mnt/cdrom] zonecfg -z computezone
zonecfg:computezone> add fs
zonecfg:computezone:fs> set dir=/cdrom
zonecfg:computezone:fs> set special=/cdrom
zonecfg:computezone:fs> set type=lofs
zonecfg:computezone:fs> add options [ro,nodevices]
zonecfg:computezone:fs> end
zonecfg:computezone> commit
zonecfg:computezone> exit

reboot the zone and it will be available

CDROM mounting (Solaris)

To mount a cdrom:
----------------------

# iostat -En

Determine the name of the device by entering the following command:

ls -al /dev/sr* |awk '{print "/" $11}'

This command returns the name of the CD-ROM device.
In this example, the command returns the string /dev/dsk/c0t6d0s2.

Enter the following commands to mount the CD-ROM:

mkdir -p /cdrom/unnamed_cdrom
mount -F hsfs -o ro /dev/dsk/c0t6d0s2 /cdrom/unnamed_cdrom

where /dev/dsk/c0t6d0s2 represents the name of the device that was returned in the preceding step and /cdrom/unnamed_cdrom represents the CD-ROM mount directory.

Thursday, August 21, 2008

VMware Notes

Enable root login:
----------------------
vi /etc/ssh/sshd_config PermitRootLogin yes

service sshd restart

vdf -h

vmware-cmd -l [to list the locations of the sever config files]

vmware-cmd [path to configfile] removesnapshots

# vdf -h
Filesystem Size Used Avail Use% Mounted on /dev/cciss/c0d0p2 4.9G 1.5G 3.2G 31% / /dev/cciss/c0d0p1 99M 30M 64M 32% /boot none 131M 0 131M 0% /dev/shm /dev/cciss/c0d0p6 2.0G 79M 1.8G 5% /var/log /vmfs/devices 812G 0 812G 0% /vmfs/devices /vmfs/volumes/45ae0d3f-918a774d-c934-0018fe7f5524 402G 151G 250G 37% /vmfs/volumes/45ae0d3f-918a774d-c934-0018fe7f5524 /vmfs/volumes/dd5fb8f1-41086e80 17G 14G 2.8G 83% /vmfs/volumes/dist


# vmware-cmd -l
/vmfs/volumes/45ae0d3f-918a774d-c934-0018fe7f5524/host1.host.org/host1.host.org.vmx
/vmfs/volumes/45ae0d3f-918a774d-c934-0018fe7f5524/host2.host.org/host2.host.org.vmx

# vmware-cmd ./host2.host.org.vmx removesnapshots



try doing the following:
ntpdate -q 65.17.128.4

If you get failures saying operation not permitted, check your firewall config a
gain:

esxcfg-firewall -q | grep 123

If ntp is enabled then you should see a line ending with

udp dpt:123

If you don't see this then check try running your

esxcfg-firewall -e ntpClient


edit /etc/ntp.conf -- add in "server pool.ntp.org"
ntpdate pool.ntp.org
hwclock --systohc
chkconfig --level 3 ntpd on
chkconfig --list ntpd
/etc/init.d/ntpd start


---------

esxcfg-firewall --AllowOutgoing
esxcfg-firewall --blockOutgoing

To scan a patch bundle depot:
esxupdate -d http://www.host.org/esx35/ scan

To install the patch bundle:
esxupdate -d http://www.host.org/esx35/ update

To query the installed patch bundle:
esxupdate query


To summarize a patch bundle:
esxupdate -d http://www.host.org/esx35 info

To run a test patch install:
esxupdate -d http://www.host.org/esx35 --test update

-this will speed up the actual patching because
it will create the patch cache

To run from the VIC, click on the Update Manager, select/configure
the baseline and select the server and remediate.
It does the following:

python /usr/sbin/esxupdate --HA --flushcache -d
http://192.168.1.1:80/vci/hostupdates/hostupdate/esx/esx-3.5.0 scan

python /usr/sbin/esxupdate --HA -d
http://192.168.1.1:80/vci/hostupdates/hostupdate/esx/esx-3.5.0
-b ESX350-200806201-UG --maintenancemode=1 --noreboot update


-----------------------

Linux VMWare Tools:
-------------------
-install the rpm
-as root run: vmware-config-tools.pl
-reboot
-then when you want to run the tools: vmware-toolbox &


---------------------------------

How to manage maintenance mode by the command line/through a
script/enter maintenance mode from the service console?

vimsh -n -e /hostsvc/maintenance_mode_enter
vimsh -n -e /hostsvc/maintenance_mode_exit


Remove BigFix:

# rpm -ev BESAgent-7.1.1.315