Category Archives: Tips

Solaris 10 network installation/网络安装提要

Server side
1. Find the mac address of client
2. Edit /etc/ethers, to add the MAC address into the file:
0:14:4f:79:b4:56        Meno
3. Add hostname and IP to /etc/hosts
10.10.10.101    Meno
4. Download the ISO files and mount
a. lofiadm -a /data/sol10-u11.iso

b.  lofiadm —–check result
c.  mount -F hsfs -o ro /dev/lofi/1 /a
5. Add client
cd /a/Solaris_10/Tools
./add_install_client Meno sun4u
6. Check NFS/RPC bind and NFS share
svcs -a | grep nfs
svcs -a | grep rpc/bind

online 21:46:22 svc:/network/rpc/bind:default
online 21:46:23 svc:/network/nfs/server:default
online 21:46:23 svc:/network/nfs/mapid:default
online 21:46:22 svc:/network/nfs/rquota:default
online 21:46:23 svc:/network/nfs/status:default
online 21:46:23 svc:/network/nfs/nlockmgr:default
online 21:46:22 svc:/network/rpc/bootparams:default
online 21:45:18 svc:/network/rarp:default
# share
–               /a   ro,anon=0   “”
Client:
{0} ok boot net – install

openboot prom下查看mac address

{0} ok devalias
cdrom /pci@0,600000/pci@0/pci@0/scsi@0/disk@4,0:f
net /pci@0,600000/pci@0/pci@1/pci@0/network@4
disk /pci@0,600000/pci@0/pci@0/scsi@0/disk@0
name aliases

{0} ok cd /pci@0,600000/pci@0/pci@1/pci@0
{0} ok ls
f00cdd30 network@4,1
f00c68e0 network@4
{0} ok cd network@4
{0} ok .properties
status okay
assigned-addresses 82062010 00000000 00800000 00000000 00200000
82062018 00000000 00610000 00000000 00010000
compatible pci14e4,1678.10cf.147a.a3
pci14e4,1678.10cf.147a
pci10cf,147a
pci14e4,1678.a3
pci14e4,1678
pciclass,020000
pciclass,0200
reg 00062000 00000000 00000000 00000000 00000000
03062010 00000000 00000000 00000000 00200000
03062018 00000000 00000000 00000000 00010000
local-mac-address 00 0b 5d e5 bb 72
max-frame-size 00010000
address-bits 00000030
network-interface-type ethernet
device_type network
name network
66mhz-capable
fast-back-to-back
devsel-speed 00000001

Solaris 10 x86上编译Apache HTTPD 2.2.24 with SSL

Apache HTTPD 2.2.24 在Solaris 10 x86上编译,使用命令是:
./configure –enable-proxy –enable-ssl

只要求SSL和proxy,遇到很多问题,现记录2个:
1.  No recognized SSL/TLS toolkit detected
Solution: 加上了–with-ssl=dir,命令成为
./configure –with-ssl=/usr/local/ssl –enable-proxy –enable-ssl

2.  Error, SSL/TLS libraries were missing or unusable
Solution: 安装了openssl 1.0.0j,1.0.0e都不行

 

Solaris 10 Patch Issues Summary

1. If you removed /var/sadm/pkg/*, you’ll not be able to maintenance the normal patch process. Maybe you get an error:

Target boot environment not identified as solaris 10

The reason is missing of SUNWcsr and SUNWcsu

Solution: if you have the same OS with the same patch level, duplicate the /var/sadm/pkg/* to this server. Then install the recommended patch

2. Don’t put the unzipped patch cluster in a directory that the “nobody” cannot read. Otherwise you’ll not be able to install any patch.

3. If you want to save disk space of /var, you can remove /var/sadm/pkg/*/save. You’ll not be able to revert to previous patch version but doesn’t impact next patch

mesg: cannot change mode

如果profile里加了mesg n 这句话,在使用su – 的时候会得到mesg: cannot change mode的提示,这是因为su – 的用户不能改变登陆用户的mesg的mode,事实上不影响tty或者terminal的状况,所以可以忽略

DNS失效导致CSS disable service IP

现象:app服务正常,进程正常,可以telnet private IP,但是telnet service IP不通,CSS看到端口是down的,实际上服务器上是up的
问题原因:由于DNS服务器down掉,导致CSS在bind app服务器的时候,app server反解CSS IP地址需要很长时间才能timeout,但是CSS没有得到response就timeout了,所以导致CSS认为端口是down的,所以就disable了service IP
解决方案:把CSS的IP地址加入hosts

另外一个现象:把CSS的IP加入hosts之后,service IP不down了,但是ADS服务器出问题的时候,客户连接进来还是会反解超时,导致服务中断
解决方案:把resolv.conf配置加一个options rotate,使用round-robin模式

vxfs corrupt导致cluster file system不能online

在移除CFS节点的时候,由于没有运行cfsumount再进行cfscluster stop操作,导致vxfs文件系统损坏,这样文件系统资源挂不上,并且有如下报错:
/dev/vx/dsk/ShareDG/Mainvol1 is corrupted. needs checking
Google了一下,是因为文件系统需要修复,按如下操作:
root@Rhada # /opt/VRTS/bin/fsck -F vxfs /dev/vx/dsk/ShareDG/Mainvol1
log replay in progress
log replay failed to clean file system
file system is not clean, full fsck required
full file system check required, exiting …
root@Rhada # /opt/VRTS/bin/fsck -F vxfs -y -o full /dev/vx/dsk/ShareDG/Mainvol1
log replay in progress
pass0 – checking structural files
pass1 – checking inode sanity and blocks
pass2 – checking directory linkage
pass3 – checking reference counts
pass4 – checking resource maps
au 5286 emap incorrect – fix? (ynq)y
au 5286 summary incorrect – fix? (ynq)y
free block count incorrect 94503896 expected 94536664 fix? (ynq)y
free extent vector incorrect fix? (ynq)y
OK to clear log? (ynq)y
flush fileset headers? (ynq)y
set state to CLEAN? (ynq)y
root@Rhada # hastatus -sum

Login got slow with NFS on Solaris / Solaris 在mount了NFS时login变慢

现象:登陆变得很慢,su到普通用户很慢,但是root不受影响
Issue: Login got slow, su to normal user slow, but su to root not effected

检查:在/etc/profile添加检查点,发现原因是执行 /usr/sbin/quota 这一步时很慢,但是系统没有启用quota,只是挂接了NFS
Check: Add checkpoint to /etc/profile and found the step “/usr/sbin/quota” is very slow, but the system hasn’t quota set up, only mounted NFS

原因:一般来说没有防火墙的情况下,其实rquotad也会反应很快不至于变慢,但是在防火墙未打开rquotad时,这一步会耗去很长时间去连接rquotad
Reason: Normally, it’s ok without firewall, but it’s slow when the firewall blocks the rquotad packages

解决方案:启用noquota选项来重新挂载NFS,例如:
Solution: use noquota option to mount NFS, for example:
# mount -F nfs -o noquota server1:/dir1

Done!
登陆慢的另外一个原因也可能是你的DNS server没办法解析你的地址,把ip地址加入/etc/hosts即可

CentOS上开启samba配置/Enable samba with selinux/iptables on CentOS

在CentOS 6.3上开启Samba服务,其中涉及到安装samba包,编写配置文件,开启iptables,配置selinux。
1. Install samba
# yum search samba
# yum install samba.x86_64

2. Configure a simple samba,
编辑/etc/samba/smb.conf,配置你想要的内容,我只是简单的开启共享:
[global]
workgroup = workgroup
netbios name = whatever
server string = whatever
security = share
log file = /var/log/samba/%m.log
max log size = 50
[packets]
path = /data1/dir1
writeable = no
browseable = yes
guest ok = yes
public = yes

启动samba服务:
# service smb start
但是这时候你会发现能显示有个目录但是进不去

3. 配置iptables
编辑/etc/sysconfig/iptables,在REJECT那一条之前加上如下clause:
-A INPUT -m state –state NEW -m tcp -p tcp –dport 139 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 445 -j ACCEPT
-A INPUT -p udp -m udp –dport 137 -j ACCEPT
-A INPUT -p udp -m udp –dport 138 -j ACCEPT
然后重启iptables
# service iptables restart

4. 配置selinux
必须开启selinux,否则很多内容访问不了。
先查询selinux配置:
# getsebool -a | grep samba
samba_create_home_dirs –> off
samba_domain_controller –> off
samba_enable_home_dirs –> off
samba_export_all_ro –> off
samba_export_all_rw –> off
samba_run_unconfined –> off
samba_share_fusefs –> off
samba_share_nfs –> off
sanlock_use_samba –> off
use_samba_home_dirs –> off
virt_use_samba –> off
# getsebool -a | grep smb
allow_smbd_anon_write –> off

我只要简单的开启目录共享即可即可,所以只打开了一项:
# setsebool -P samba_export_all_ro on

这一段参考了:http://wiki.centos.org/HowTos/SetUpSamba
5. 完工!