Thursday Oct 18, 2007
Some network services (sendmail, ftpd, etc) are disabled or restricted to local only on a newly installed Nevada box. We need to modify or enable them through SMF(5).
- Enable sendmail
# svccfg -s svc:/network/smtp:sendmail setprop config/local_only=false
# svcadm restart svc:/network/smtp:sendmail
- Enable ftpd
# inetadm -e svc:/network/ftp:default
- Enable nfs.server (this is actually enabled by default, but can be disabled by 'netservices limited')
#### list all nfs services
# svcs -p |grep nfs
# svcadm disable svc:/network/nfs/server:default
# svcadm enable svc:/network/nfs/server:default
#
References
Tuesday Jul 10, 2007
The default MySQL (4.0.24) shipped in Solaris Nevada (build 59) doesn't support UTF-8 encoding. Following are the steps to install a new MySQL on Solaris environment.
- download latest pkgs from www.sunfreeware.com
mysql-5.0.41-sol10-sparc-local.gz
openssl-0.9.8e-sol10-sparc-local.gz
libgcc-3.4.6-sol10-sparc-local.gz
- with root privilege, pkgadd all pkgs
- setup environment for mysql
# groupadd mysql
# useradd -g mysql mysql
# cd /usr/local/mysql
# chown -R mysql .
# chgrp -R mysql .
# bin/mysql_install_db --user=mysql
# bin/mysqld_safe --user=mysql &
- create root passwd (optional), add new account 'mysql'
# bin/mysql mysql
> UPDATE user SET password=password("newpasswd") WHERE user="root";
> GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost'
> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
> GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'%'
> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
> exit
# pkill -9 mysql
# bin/mysqld_safe --user=mysql &
- Import database from backup
create backup in source mysql env
# mysqldump -u mysql -p --opt lunch > lunch.sql
import backup into new mysql env
# mysql -u mysql -p
> create database lunch;
> exit
# mysql -u mysql -p < lunch.sql
Here are the steps to install and deploy Tomcat.
- download latest version of tomcat binaries from tomcat.apache.org
http://archive.apache.org/dist/tomcat/tomcat-5/v5.5.23/bin/apache-tomcat-5.5.23.tar.gz
- install
# cd /usr/local
# gunzip < [path]/apache-tomcat-5.5.23.tar.gz | tar xvf -
# ln -s apache-tomcat-5.5.23 tomcat
- install jdbc mysql connector
# cp [path]/mysql-connector-java-5.0.3-bin.jar /usr/local/tomcat/common/lib
- start
# export JAVA_HOME=/usr/java
# /usr/local/tomcat/bin/startup.sh
Add MySQL and Tomcat in the startup scripts of apache2:
- append following lines in /usr/apache2/bin/envvars
MYSQL=/usr/local/mysql/bin/mysqld_safe
[ -x $MYSQL ] && $MYSQL --user=mysql &
TOMCAT=/usr/local/tomcat/bin/startup.sh
[ -x $TOMCAT ] && $TOMCAT
Saturday Apr 28, 2007
OS: Solaris Nevada (build 59, sparc)
Mercurial: 0.9.3
Due to the lack of 'diffstat' tool on Solaris, the notification extension (hgext.notify) doesn't work well on Solaris. After several trying, I finally made it work.
Here is the setup steps:
- vi .hg/hgrc
[web]
contact = {your name}
description = Docking Workspace for Solaris WOS, SunSolve (Patch) and JES
style = gitweb
allow_archive = gz zip bz2
[extensions]
hgext.patchbomb =
hgext.notify =
[hooks]
# send one email per change
#incoming.notify = python:hgext.notify.hook
# send one email per group of changes
changegroup.notify = python:hgext.notify.hook
[email]
from = svnroot@agc163.prc.sun.com
method = /usr/sbin/sendmail
[web]
baseurl = http://agc163.prc.sun.com/hg/
[notify]
# multiple sources can be specified as a whitespace separated list
sources = serve push pull bundle
# set this to False when you're ready for mail to start sending
test = false
config =
# repos live in /workspace/scm/hg/hgroot on server, so strip 5 "/" chars
strip = 5
# you can override the changeset template here, if you want.
# If it doesn't start with \n it may confuse the email parser.
# here's an example that makes the changeset template look more like hg log:
template = \ndetails: {baseurl}{webroot}/rev/{node|short}\nchangeset: {rev}:{node|short}\nuser: {author}\ndate: {date|date}\ndescription:\n{desc}\n
[reposubs]
# key is glob pattern, value is comma-separated list of subscriber emails
* = {email address}
- When tried to push back, it failed
[gbuild@agc141 s11]$ hg push
Enter passphrase for key '/export/home/gbuild/.ssh/id_dsa':
pushing to ssh://hgroot@agc163.prc.sun.com/docking
searching for changes
remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: added 1 changesets with 76 changes to 76 files
remote: /bin/sh: diffstat: not found
remote: error: changegroup.notify hook raised an exception: [Errno 32] Broken pipe
[gbuild@agc141 s11]$
- After searching on Internet, I found the patch for Solaris
http://www.selenic.com/mercurial/bts/file270/diffstat.patch
diff -r 730cbd26552c -r 79639a44dd23 mercurial/patch.py
--- a/mercurial/patch.py Wed Apr 04 02:28:29 2007 -0300
+++ b/mercurial/patch.py Wed Apr 04 03:09:26 2007 -0300
@@ -635,6 +635,8 @@ def export(repo, revs, template='hg-%h.p
single(rev, seqno+1, fp)
def diffstat(patchlines):
+ if not util.find_in_path('diffstat', os.environ.get('PATH', '')):
+ return
fd, name = tempfile.mkstemp(prefix="hg-patchbomb-", suffix=".txt")
try:
p = popen2.Popen3('diffstat -p1 -w79 2>/dev/null > ' + name)
- But it still failed when push back
[gbuild@agc141 s10u3]$ hg --traceback push
Enter passphrase for key '/export/home/gbuild/.ssh/id_dsa':
pushing to ssh://hgroot@agc163.prc.sun.com/docking
searching for changes
remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: added 1 changesets with 8 changes to 8 files
remote: # /usr/lib/python2.4/vendor-packages/mercurial/patch.pyc has bad mtime 1177746898 vs 1172046709
remote: error: changegroup.notify hook raised an exception: cannot concatenate 'str' and 'NoneType' objects
[gbuild@agc141 s10u3]$
- After rename /usr/lib/python2.4/vendor-packages/mercurial/patch.pyc, the error still existed.
- I finally found following patch after several trying:
--- /usr/lib/python2.4/vendor-packages/mercurial/patch.py.old Sat Apr 28 19:02:05 2007
+++ /usr/lib/python2.4/vendor-packages/mercurial/patch.py Sat Apr 28 16:29:14 2007
@@ -659,6 +659,8 @@
single(repo.lookup(rev), seqno+1, fp)
def diffstat(patchlines):
+ if not util.find_in_path('diffstat', os.environ.get('PATH', '')):
+ return ""
fd, name = tempfile.mkstemp(prefix="hg-patchbomb-", suffix=".txt")
try:
p = popen2.Popen3('diffstat -p1 -w79 2>/dev/null > ' + name)
Monday Apr 09, 2007
Accessing Mercurial through http/apache is handy, but it requests the workspace is owned by the same user with httpd (webservd:webservd on solaris). So accessing Mercurial over ssh tunnel is a better choice (this is also the way http://www.opensolaris.org/ chose).
Client side:
- $
ssh-keygen -b 1024 -t dsa
[ create id_dsa.pub for server side ]
[ui]
username = User Name <user.name@example.com>
Server side:
- $ cat <<EOF > $HOME/.ssh/authorized_keys
command="cd /workspace/scm/hg/hgroot; /usr/demo/mercurial/hg-ssh g11n",\ no-port-forwarding,no-X11-forwarding,no-agent-forwarding
ssh-[type] [key]
EOF
Client side:
- $ hg clone ssh://agc163.prc.sun.com/g11n
- [play with it]
- $ hg ci
- $ hg push
Monday Apr 09, 2007
Solaris Nevada build 59 shipped with Mercurial 0.9.3:
$ hg --version
Mercurial Distributed SCM (version 0.9.3)
Setup Mercurial server on it is pretty easy.
- $ mkdir -p /workspace/scm/hg/hgroot/g11n
- $ cd /workspace/scm/hg/hgroot/g11n
- $ hg init
- $ cat <<EOF > .hg/hgrc
[web]
contact = Simford Dong
description = G11N Internal CWS
style = gitweb
allow_archive = gz zip bz2
allow_push = *
- $ cp /usr/demo/mercurial/hgwebdir.cgi /workspace/scm/hg/hgroot
- $ chmod a+x /workspace/scm/hg/hgroot/hgwebdir.cgi
- $ cat <<EOF > /workspace/scm/hg/hgroot/hgweb.config
[paths]
g11n = g11n
- Append following lines into /etc/apache2/httpd.conf
ScriptAliasMatch ^/hg(.*) /workspace/scm/hg/hgroot/hgwebdir.cgi$1
<Directory "/workspace/scm/hg/hgroot">
Order allow,deny
Allow from all
AllowOverride All
Options ExecCGI
AddHandler cgi-script .cgi
<Limit POST>
AuthType Basic
AuthName "Mercurial Repository"
AuthUserFile /workspace/scm/hg/auth/hgpasswd
Require valid-user
</Limit>
</Directory>
- # svcadm refresh svc:/network/http:apache2
- # chown -R webservd:webservd /workspace/scm/hg/hgroot/g11n
- Done.
NOTE: following part will enable push back over http, if you don't like this feature, you can skip them.
- 'allow_push = *' part of step 4
- '<Limit POST> ... </Limit>' part of step 8
- step 10
Sunday Apr 08, 2007
Do following as root privilege.
- Download cvs pkg from sunfreeware.com, and install it
http://www.sunfreeware.com/programlistsparc10.html#cvs - # vi /etc/services
append one new line: cvspserver 2401/tcp # CVS pserver daemon - # vi /etc/inetd.conf
append one new line: cvspserver stream tcp nowait root /workspace/scm/cvs/bin/cvs.inetd - # cat <<EOF >/workspace/scm/cvs/bin/cvs.inetdcvs.inetd
> #!/bin/bash
>
> REPOS="--allow-root=/workspace/scm/cvs/cvsroot/test"
>
> /workspace/scm/cvs/bin/cvs -f $REPOS pserver
> EOF
- # chmod a+x /workspace/scm/cvs/bin/cvs.inetdcvs.inetd
- # mkdir -p /workspace/scm/cvs/cvsroot/test
- # cvs -d /workspace/scm/cvs/cvsroot/test init
- # reboot
- Done.
It seems that this is bug that we need to reboot the OS to make cvs server work.
Believe me, I tried many ways to avoid this but failed
- # svcs -p |grep inetd
online Apr_06 svc:/network/inetd:default - # svcs restart svc:/network/inetd:default
- # inetadm | grep cvs
- [no out put, failed #1]
- # init S
- # init 3
- # inetadm | grep cvs
- [no out put, failed #2]
- # reboot
- # inetadm | grep cvs
enabled online svc:/network/cvspserver/tcp:default - [works now :( ]
Thursday Apr 05, 2007
Do following in root privilege.
- # ## install svn pkg from Solaris build 61
- # ## if you're using snv_61 or later, skip this step
- # ## svn version 1.4.0 (r21228)
- # pkgadd -d . SUNWneon SUNWsvn SUNWsvnS
- #
- # cd /etc/apache2
- # cp httpd.conf-example httpd.conf
- # vi httpd.conf
- add two lines in LoadModule session
- LoadModule dav_svn_module libexec/mod_dav_svn.so
LoadModule authz_svn_module libexec/mod_authz_svn.so
- add follow at the end of httpd.conf
- RedirectMatch ^(/svn)$ $1/
<IfModule dav_svn_module>
<Location /svn/>
DAV svn
SVNParentPath /workspace/scm/svn/svnroot
SVNListParentPath on
SVNIndexXSLT "/svnindex.xsl"
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /workspace/scm/svn/auth/svn_passwd
<IfModule authz_svn_module>
AuthzSVNAccessFile /workspace/scm/svn/auth/svn_access.conf
</IFModule>
# For any operations other than these, require an authenticated user.
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
</IfModule>
- #
- # cp /usr/share/src/subversion/tools/xslt/svnindex.xsl /var/apache2/htdocs/
- # cp /usr/share/src/subversion/tools/xslt/svnindex.css /var/apache2/htdocs/
- # cp /usr/share/src/subversion/www/favicon.ico /var/apache2/htdocs/
- # /usr/apache2/bin/htpasswd -cm /workspace/scm/svn/auth/svn_passwd [username]
New password:
Re-type new password:
Adding password for user [username] - # cat <<EOF > /workspace/scm/svn/auth/svn_access.conf
> [groups]
> g1 = [username]
>
> [/]
> * = r
>
> [test:/]
> @g1 = rw
>
> EOF - #
- # cd /workspace/scm/svn/svnroot
- # svnadmin create test
- #
- # svcs -a |grep apache2
disabled 12:36:52 svc:/network/http:apache2 - # svcadm enable svc:/network/http:apache2
- #
That's it! You should be able to browse the svn tree from:
http://www.example.com/svn/
Or check out source tree by:
$ svn co http://www.example.com/svn/test
- $ ##
- $ ## to create notifications for commit
- $ ## as normal user privilege
- $ ##
- $ cd /workspace/scm/svn/svnroot/test/hooks
- $ cp /usr/share/src/subversion/tools/hook-scripts/commit-email.pl.in commit-email.pl
- $ vi commit-email.pl
replace "@SVN_BINDIR@/svnlook" with "/usr/bin/svnlook" in line 54 - $ cp post-commit.tmpl post-commit
- $ vi post-commit
add full path to commit-email.pl, replace the email address with the real one,
add '-s "test project"' before email address,
comment out line 'log-commit.py ...'
- $
Thursday Mar 29, 2007
My v240 server has 4 disks: 73G x 2, 140G x2. So I decided to create RAID1 to keep my data safer.
I used following partition layout to install Solaris Nevada build 59:
- /c1t0d0s0 / 30G
- /c1t0d0s1 swap 2G
- /c1t0d0s6 100M
- /c1t0d0s7 /export 38G
- /c1t2d0s6 100M
- /c1t2d0s7 /workspace 140G
Steps to create RAID1 for all partitions (as root account):
- prtvtoc /dev/rdsk/c1t0d0s2 | fmthard -s - /dev/rdsk/c1t1d0s2
- metadb -afc 2 c1t0d0s6 c1t1d0s6
- metainit -f d10 1 1 c1t0d0s0
- metainit -f d20 1 1 c1t1d0s0
- metainit d0 -m d10
- metaroot d0
- metainit -f d11 1 1 c1t0d0s1
- metainit -f d21 1 1 c1t1d0s1
- metainit d1 -m d11
- metainit -f d17 1 1 c1t0d0s7
- metainit -f d27 1 1 c1t1d0s7
- metainit d7 -m d17
- prtvtoc /dev/rdsk/c1t2d0s2 | fmthard -s - /dev/rdsk/c1t3d0s2
- metadb -afc 2 c1t2d0s6 c1t3d0s6
- metainit -f d18 1 1 c1t2d0s7
- metainit -f d28 1 1 c1t3d0s7
- metainit d8 -m d18
Change /etc/vsftab from:
/dev/dsk/c1t0d0s1 - - swap - no -
/dev/dsk/c1t0d0s0 /dev/rdsk/c1t0d0s0 / ufs 1 no -
/dev/dsk/c1t0d0s7 /dev/rdsk/c1t0d0s7 /export ufs 2 yes -
/dev/dsk/c1t2d0s7 /dev/rdsk/c1t2d0s7 /workspace ufs 2 yes -
to
/dev/md/dsk/d1 - - swap - no -
/dev/md/dsk/d0 /dev/md/rdsk/d0 / ufs 1 no -
/dev/md/dsk/d7 /dev/md/rdsk/d7 /export ufs 2 yes -
/dev/md/dsk/d8 /dev/md/rdsk/d8 /workspace ufs 2 yes -
24. lockfs -fa
25. reboot
After reboot,
- metattach d0 d20
- metattach d1 d21
- metattach d7 d27
- metattach d8 d28
- metastat ## check the status of all mirrors
- installboot /usr/platform/`uname -i`/lib/fs/ufs/bootblk /dev/rdsk/c1t1d0s0 ## install bootblk to c1t1d0s0
- ls -l /dev/dsk/c1t0d0s0 ## get the symbol link
- lrwxrwxrwx 1 root root 43 Mar 29 21:32 /dev/dsk/c1t0d0s0 -> ../../devices/pci@1c,600000/scsi@2/sd@0,0:a
- init 0
- ok> devalias ## check device
rootmirror /pci@1c,600000/scsi@2/disk@1,0
rootdisk /pci@1c,600000/scsi@2/disk@0,0
16. ok> boot rootmirror ## test bootblk in mirror partition
If everything is okey, then that's it.
Thursday Mar 29, 2007
Today I tried to setup raid1 for my v240 server, but failed. The whole system hung after 'Hardware watchdog enabled'. SysAdmin told me that v240 have ALOM port. So I think it might help. After google'ed for a while I got following simple answer.
- telnet to ALOM, login with 'admin' account
- <sc> break
- answer yes when prompt
- <sc> console
- <ok> boot net
Then I can reboot and re-install the system.
Monday Nov 27, 2006
It's quite easy to setup ssh tunnel for Mercurial workspace:
$ mkdir -p .ssh
$ cat <<EOF > .ssh/authorized_keys
command="/usr/demo/mercurial/hg-ssh /export/scm/hgroot/repos/g11n-cws",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-[type] [key]
EOF
Please be sure to put above contents into one line (though very long).
More details can be found at selenic.com
Wednesday Oct 18, 2006
For a centralized workspace with multiple committers, it's important to make sure the write access to the workspace works fine. At the beginning we try to use push back over http, described in selenic.com.
- create .htaccess
- create htpasswd
- put 'allow_push = *' in .hg/hgrc
- put 'push_ssl = false' in .hg/hgrc
...
But it just don't work.
:(
I found the same problem as Georg encountered:
http://marc.theaimsgroup.com/?l=mercurial&m=115438570707603&w=2
Any one who has the workaround for it please feel free to let me know.
:)
Wednesday Oct 18, 2006
The server hosting the centralized workspace is Solaris Nevada snv_45 SPARC.
- enable apache2 server in Nevada:
-bash-3.00# cd /etc/apache2
-bash-3.00# cp httpd.conf-example httpd.conf
Add following settings in /etc/apache2/httpd.conf:
Alias /hg /var/apache2/cgi-hg
<Directory "/var/apache2/cgi-hg">
DirectoryIndex index.cgi
AddHandler cgi-script .cgi
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
-bash-3.00# svcs -a |grep apache2
online 9:41:50 svc:/network/http:apache2
-bash-3.00# svcadm enable svc:/network/http:apache2
-bash-3.00#
- create an account hg, with home at /export/home/hg, as user hg
[hg@agc108 ~]$ mkdir hgroot
[hg@agc108 ~]$ cd hgroot
[hg@agc108 ~]$ hg init g11n
[hg@agc108 ~]$ cd g11n
[hg@agc108 ~]$ chmod g+w .hg .hg/*
[hg@agc108 ~]$ chmod g+s .hg .hg/data
[hg@agc108 ~]$ cat << EOF > .hg/hgrc
[web]
contact = Simford Dong
description = G11N Common Workspace (g11n-cws)
style = gitweb
allow_archive = gz zip bz2
[hooks]
commmit = /net/agc108.prc.sun.com/export/home/hg/bin/commithook.sh
incoming = /net/agc108.prc.sun.com/export/home/hg/bin/commithook.sh
EOF
[hg@agc108 ~]$ cat <<EOF > /net/agc108.prc.sun.com/export/home/hg/bin/commithook.sh
#!/bin/sh
SUBJECT=`hg log -r $NODE | grep "^summary:" | cut -b 14-`
hg log -vpr $NODE | mail -s "commit: $SUBJECT" [notification email]
EOF
[hg@agc108 ~]$ chmod a+x /net/agc108.prc.sun.com/export/home/hg/bin/commithook.sh
[hg@agc108 ~]$
-bash-3.00# cd /var/apache2/
-bash-3.00# mkdir cgi-hg
-bash-3.00# cd cgi-hg
-bash-3.00# cp [hg install path]/hgwebdir.cgi index.cgi
-bash-3.00# chmod a+x index.cgi
-bash-3.00# cat <<EOF >hgweb.config
[paths]
/g11n = /export/home/hg/hgroot/g11n
EOF
-bash-3.00# mkdir g11n
-bash-3.00# cd g11n
-bash-3.00# cp [hg install path]/hgweb.cgi index.cgi
-bash-3.00# chmod a+x index.cgi
change 'make_web_app' function in index.cgi as below
def make_web_app():
return hgweb("/export/home/hg/hgroot/g11n", "g11n cws")
-bash-3.00# /usr/apache2/bin/apachectl restart
you should be able to browse the workspace in firefox: http://agc108.prc.sun.com/hg/g11n.
you can also clone it and push back freely:
[simford@agc130 tmp]$ hg clone /net/agc108.prc.sun.com/export/home/hg/hgroot/g11n
...
play with it
...
[simford@agc130 tmp]$ umask 0002
[simford@agc130 tmp]$ hg push
- Last but not the least, 'umask 0002' is very important, especially in NFS environment.
All users should be able to push back to the centranlized workspace, so make sure the users in the same group have the +w rights to all files in the workspace.
|
|
|
|
Whats able ftpd?