« Previous month (Nov 2005) | Main | Next month (Jan 2006) »
20060127 Friday January 27, 2006

Scotts Photo's

Scott Macdonald has created a small gallery with some of his photography. The macro stuff is particularly good IMHO. He's going to update the site with comments and annotations to the photo's soon. Looks like Adrian finally has some competition. ( Jan 27 2006, 02:52:30 PM GMT ) Permalink Comments [0]
20060126 Thursday January 26, 2006

Don't bogart that file my friend...

I spent yesterday at the Sun office in the City of London at a sort of open day for our customers. We were demonstrating the new features in Solaris 10, and someone asked us how they could detect that a user had *attempted* to delete a file (though the same holds true for read, write etc). So, even though the attempt to delete a file will fail, due to permissions (either legacy or RBAC) they wanted to know that it had been attempted. Such a feat *is* achievable using auditting (aka BSM) but is more fun, and flexible from dtrace. In the script below, we log a message to the messages file, and for fun kill the process! I'm no expert in Dtrace, but it was pretty simple thanks in large part to Chris' blog earlier this month. Anyhow, the interesting thing was that the request from the customer was pretty random, but on the spot we were able to tell them how to achieve their aim with a few lines of 'D'. In the example below, the file is /tmp/fred. 
#!/usr/sbin/dtrace -s

#pragma D option destructive
#pragma D option quiet

syscall::unlink:entry
 / ((self->path = copyinstr(arg0)) == "fred" && cwd =="/tmp") || (self->path == "/tmp/fred")
 /
 
 {
  self->prot=1;
  self->path = copyinstr(arg0);
  raise(9);
} 

syscall::unlink:return

/ self->prot==1
/
{
  system("logger -p user.err Deletion attempted of %s by user %d",self->path,uid);
  }
( Jan 26 2006, 03:55:58 PM GMT ) Permalink Comments [0]
20060123 Monday January 23, 2006

Converting a ZFS pool to be mirrored

So, the ZFS syntax is quite different to that of SVM which can lead to confusion. Ben Rockwood does a good job of explaning the difference, but does not show how to convert an un-mirrored ZFS pool into mirrored one. So, here's how to do it 

o We start with a pool called realzfs (because it's made out of real devices rather than files)
# zpool list
NAME                    SIZE    USED   AVAIL    CAP  HEALTH     ALTROOT
realzfs                 544G   1.17G    543G     0%  ONLINE     -

o We can see that it is made up of 4 disks
# zpool status
  pool: realzfs
 state: ONLINE
 scrub: none requested
config:

        NAME        STATE     READ WRITE CKSUM
        realzfs     ONLINE       0     0     0
          c3t0d0    ONLINE       0     0     0
          c3t1d0    ONLINE       0     0     0
          c3t2d0    ONLINE       0     0     0
          c3t5d0    ONLINE       0     0     0


o The correct way is to attach a new device to each existing ldev e.g.

# zpool attach -f realzfs c3t0d0 c3t8d0


# zpool status
  pool: realzfs
 state: ONLINE
status: One or more devices is currently being resilvered.  The pool will
        continue to function, possibly in a degraded state.
action: Wait for the resilver to complete.
 scrub: resilver in progress, 99.99% done, 0h0m to go
config:

        NAME        STATE     READ WRITE CKSUM
        realzfs     ONLINE       0     0     0
          mirror    ONLINE       0     0     0
            c3t0d0  ONLINE       0     0     0
            c3t8d0  ONLINE       0     0     0  178.3 resilvered
          c3t1d0    ONLINE       0     0     0
          c3t2d0    ONLINE       0     0     0
          c3t5d0    ONLINE       0     0     0

# zpool attach -f realzfs c3t1d0 c3t9d0
# zpool attach -f realzfs c3t2d0 c3t10d0
# zpool attach -f realzfs c3t5d0 c3t11d0

o Finally we see all our ldevs mirrored.

# zpool status
  pool: realzfs
 state: ONLINE
 scrub: resilver completed with 0 errors on Mon Jan 23 15:26:16 2006
config:

        NAME         STATE     READ WRITE CKSUM
        realzfs      ONLINE       0     0     0
          mirror     ONLINE       0     0     0
            c3t0d0   ONLINE       0     0     0
            c3t8d0   ONLINE       0     0     0
          mirror     ONLINE       0     0     0
            c3t1d0   ONLINE       0     0     0
            c3t9d0   ONLINE       0     0     0
          mirror     ONLINE       0     0     0
            c3t2d0   ONLINE       0     0     0
            c3t10d0  ONLINE       0     0     0
          mirror     ONLINE       0     0     0
            c3t5d0   ONLINE       0     0     0
            c3t11d0  ONLINE       0     0     0

o The WRONG way to do it is as follows:-

# zpool add -f realzfs mirror  c3t8d0  c3t9d0 c3t10d0 c3t11d0


# zpool status
  pool: realzfs
 state: ONLINE
 scrub: resilver completed with 0 errors on Mon Jan 23 15:26:16 2006
config:

        NAME         STATE     READ WRITE CKSUM
        realzfs      ONLINE       0     0     0
          c3t0d0     ONLINE       0     0     0
          c3t1d0     ONLINE       0     0     0
          c3t2d0     ONLINE       0     0     0
          c3t5d0     ONLINE       0     0     0
          mirror     ONLINE       0     0     0
            c3t8d0   ONLINE       0     0     0
            c3t9d0   ONLINE       0     0     0
            c3t10d0  ONLINE       0     0     0
            c3t11d0  ONLINE       0     0     0

Which is 4 single disk ldevs and one 4way mirrored ldev.  NOT 4 mirrored ldev's which is what we actually wanted.

 
        (     Jan 23 2006, 04:13:50 PM GMT     )
      Permalink
20060104 Wednesday January 04, 2006

Allow dtrace for a regular user. (RBAC)

Here's the magic command to allow a regular user to run dtrace. Ideal for your own laptop/workstation. The username here, is garyli 
# usermod -K defaultpriv=basic,dtrace_kernel,dtrace_proc,dtrace_user garyli
( Jan 04 2006, 11:18:44 AM GMT ) Permalink