Tuesday Sep 25, 2007
Today's Page Hits: 76
Tuesday Sep 25, 2007
I'm back to running, getting ready for the next Dallas White Rock Marathon this December. More on that later.
But first, before I forget, I had a great hill run that I want to tell others about.
Yesterday, another sun colleague, Dave Smith, and I wanted a hill workout while traveling in the San Jose area. Over a year ago, another Sun colleague, Derrick Harcey, had run the hills in the East Bay in Pleasanton, CA. If you are out in the East Bay and looking for a great scenic workout, out in nature, away from the roads and traffic, you need to check out the Pleasanton Ridge Regional Park.
Due to the late start (6:30pm) we were only able to get a couple of miles in, but that couple of miles turned out being over a 1000 ft climb and back down. Not the same as the hills in Dallas, maybe a 100 ft climb.
Monday Aug 06, 2007
Meet Ollie! He's a new addition to our family, mostly black lab with something else mixed in.
We adopted Ollie from the SPCA Animal Shelter of McKinney, TX last week and he's been great. Depending on who you talk to he's anywhere from 8 moths to 2 years. During the weekend, we took him to the dog part in Plano, TX and he had a blast playing and running with the other dogs.
It is our first dog, so we've got a lot to learn from Ollie.
Monday Mar 05, 2007
Tonight, I found out an easy way to allow a non-root user to bind to a privileged port (<1024) on Solaris 10. I've done this before with RBAC (i.e. exec_attr, prof_attr), but knew there was an easy one line command to provide this privilege to a non-root user.
Here's the simple command. You must run it as root.
# usermod -K defaultpriv=basic,net_privaddr tomcat
Now the user tomcat can run applications that need to bind to privileged ports (i.e. port 80). For those taking notes, this addes a line into the /etc/user_attr file:
tomcat::::type=normal;defaultpriv=basic,net_privaddr
Hope this might help another basic Solaris user out there like me. If an expert Solaris user has a different opinion, please comment.
Friday Mar 02, 2007
When was the last time someone sent your newspaper clipping in the postal mail? I had this happen to me last week. While reading a New York Times article about SSN's and peoples identities, a Sun colleague (past manager) took the time to cut out an article, fold it up, stick it on an envelope, address the envelope, put a stamp on it and send it to me over the Postal Mail. First of all, it's nice to see that there are others out there that still read traditional print media.
But more importantly, when I received this, it had a much higher level of importance. It wasn't just another forward of a URL that I filed away in some mail folder. This person had made an effort to send me some info and that effort increased the level of importance on that information.
For those interested in the article, here's the URL. ;-)
Monday Feb 19, 2007
Last week, I traveled to LinuxWorld in New York to sit on a panel on Identity and Web Services Federation in a Linux Environment. As for the panel, the participation was light due to a) the weather in the NorthEast last week (see pic below) b) change to our conference room and c) we were the last session of the day. I'd estimate we had only 12 attendees in our session. As expected, many of the participants hadn't embarked on any Identity/Federation projects.
I did get the opportunity to speak with 3 journalists prior to the panel on Identity and Access Management at Sun. I also had a great Reuben sandwich at Junior's, just South and across the street from the Marriott Marquis.
Prior to the event, I was interviewed with Jack Loftus of SearchOpenSource.com.
The morning of the event, I also had the opportunity to speak with Amy Wohl of Amy Wohl's Opinions. We had a great discussion around Identity and Access Management at Sun as well as some of Sun's OpenSource initiatives in this area. I'm looking forward to her article. As her and other articles are posted, I'll try to create a Blog entry with my comments.
btw, travel to this event was not fun. My plane arrived in NYC at Noon in the middle of 40 knot gusts and blowing snow/ice. I was very happy to set down. Luckily, I was in the Marriott Marquis, same place as LinuxWorld. I did have a great view of Times Square. Checkout the pic below:
Snowshoing at North Star Mountain, CO
Last week, I took a day and went up to a friends house near Hoosier Pass in Summit County, CO (near Breckenridge Ski Area). I had gone snowshoeing for the first time! I always spend all my days skiing when I head to CO for the winter, but now I've found another winter activity.
We left my friends house at around 11,500 ft. There was probably 3-4 ft of fresh snow near his cabin. However, as we got up to 12,000 ft, just at the treeline, we were in 4-6 ft of fresh powder. Thanks to the snowshoes we rented, we had no problem. It took us about 45 min to hike a little over a mile up to a small lake (Crystal Lake) at the foot of North Star Mountain (just shy of a fourteener). It is near Hoosier Pass and just South of Quandry Peak (a true fourteener). For those interested, a good link to hiking North Star Mountain, go to:
Hiking North Star Mountain, CO
As we approach Crystal Lake. NorthStar Mountain Ridge is at the top of the horizon.
I had mentioned to my friend that I never had any interest in walking on a frozen over lake. Much to my surprise, I had found myself smack dab in the middle of Crystal Lake. I was comforted to know that the lake is only 6 ft deep and was entirely frozen solid this time of year.
Here I am standing in the middle of Crystal Lake
Just another fun shot from skiing the trees in Breckenridge
Thanks to my good friend Barry and local guide, Tom for making this experience possible! Can't wait to hit this same mountain in the Summer!
Sunday Feb 18, 2007
This blog entry discusses the steps that I went through to get a combination of RAID and ZFS to run on a SunFire X2100. My goal is to have a simple web/mail server with 2 mirrored disks. This way, the unit is self contained with a complete mirror of everything. This way if a disk goes bad, it's a simple trip to Fry's and $150 later, the machine is running fine, with no lost data. At least that's my theory. This blog admits that I'm not taking a larger disaster recovery into account. That's performed with other data backups to an offsite location.
I would love to have used only ZFS to perform this task, however the current version of Solaris (update 3) won't allow for the root filesystem to be part of a ZFS pool. When this does occur, ZFS will be responsible for all the RAID and metadbs, etc... So, I'm using a combination of Solaris RAID and ZFS.
RAID will mirror the root, swap and a couple of metadb partitions. The larger data partition will be mirrored using ZFS. Below are the high level steps that used. They aren't intended to be 100% complete, but should offer a brief set of steps for others to use.
- Setting up partition scheme to use (Performed during my Solaris installation)
I used a Seagate 500GB SATA drive. The partition table looks like:Partition Tag Size Description 0 root 20 GB / partition. Solaris 10 install 1 swap 4 GB Normal swap 2 backup 465 GB Entire Drive Not Used 3 unassigned 40 MB meta-db 4 unassigned 422 GB Data Partition (used by ZFS later) 5 unassigned 20 GB / partition. Used for future live update 6 unassigned 40 MB meta-db 7
A few comments about this scheme. It's been recommended from a few resources to seperate the two meta-db's from each other in case of bad drive blocks forming. We don't want to have both corrupted in the case that the machine needs to reboot to the other drive. - Format the 2nd drive with the same partition layout as the first
$ prtvtoc /dev/rdsk/c1d0s2 | fmthard -s - /dev/rdsk/c2d0s2
If you are runnig this on an x86 machine, first ensure that the fdisk partitions on the second disk match the first. You can get the fdisk info with the command:
$ fdisk /dev/rdsk/c1d0p0 # first disk
$ fdisk /dev/rdsk/c2d0p0 # second disk - Setup the metadb's on the disks
$ metadb -af -c 2 c1d0s3 c1d0s6
$ metadb -af -c 2 c2d0s3 c2d0s6 - Initialize the metadb's on the disks
Next step is to initialize the metadb's created from the previous step. This setups the mirror from the root partition over to each metadb. For the purposes, the RAID 1 mirrored volumes in this example will be setup as:RAID Volume Partition Description d0 / mirror d10 c1d0s0 / d20 c2d0s0 / d1 swap mirror d11 d1d0s1 swap d21 c2d0s1 swap
$ metainit -f d10 1 1 c1d0s0
$ metainit -f d20 1 1 c2d0s0
$ metainit d0 -m d10
$ metainit -f d11 1 1 c1d0s1
$ metainit -f d21 1 1 c2d0s1
$ metainit d1 -m d11 - Setup /etc/vfstab with new mirror mount point
Use a helpful Solaris script to setup your root filesystem in vfstab.
$ metaroot d0
Then, edit your /etc/vfstab and make similar changes to your swap partition. - Reboot your system to use new vfstab definition
$ reboot - Attach the 2nd drive RAID to the first
$ metattach d0 d20
$ metattach d1 d21
You can view the status of the syncing of d10 to d20 and d11 to d21
$ metastat -c - Install grub on 2nd drive
Install grub on the second drive in case the first one fails. This will allow the system to boot up. It's important to note that it will boot up in single user mode. You must use metadb to fix the meta database for the lost disk. See notes down below.
$ installgrub /boot/grub/stage1 /boot/grub/stage2 /dev/rdsk/c2d0s0 - Create the ZFS Pool
Now, we want to create a zfs pool with mirroring on the two partitions designated for zfs.
$ zpool create pool mirror /dev/dsk/c1d0s4 /dev/dsk/c2d0s4
- Create the ZFS Mount Point
Create whatever mountpoints and customize zfs to your hearts content. An example of creating a mountpoint for /foo might look like:
$ zfs create pool/foo
$ zfs set mountpoint=/foo pool/foo - Done!
A couple of other notes:
- During some testing, I pulled out drive 2 while the server was up and running. I believe the SunFire X2100 doesn't support hot swapping, as the OS started to send errors to console. I ended up rebooting the box just to see what would happen. Upon reboot, the metastat -c command told me that d20 was in maint mode, meaning there was a problem. I ran the command to rebuild that mirror:
$ metareplace -e d0 c2d0s0
- If a drive fails, upon reboot the system should boot up into single user mode. It's up to the system administrator to delete any meta mirrors off of the bad drive from the metadb. This is done with a combination of metadb -d commands. See the Sun doc notes at:
Recovering from failed disk
Monday Feb 05, 2007
I was amazed to see a report today on FLOSS (Free/Libre/Open Source Software) and the impact it is having on businesses in Europe. The report also discusses case studies around the use of FLOSS and cost savings.
Check out page 51 of the report where it estimates the FLOSS code contributed by firms. Out of 986 firms and 31.2 million lines of code the estimated effort is 16,444 person years or a cost of 1.2 billion Euro.
I was especially pleased to see that Sun Microsystems, Inc. topped the list of contributing firms at:
51,372 person months or 4,281 person years
And this more tripled the contributions of the 2nd place firm.
Thursday Feb 01, 2007
The devices that promoted the Boston bomb scares yesterday reminded me of a story that happened just about month ago in Murphy, TX. A colleague of mine blogged about a similiar incident a month ago when a Geocache article was termed as a "Suspecious Device".
As I listen to all the flap about this latest incident, it's hard to determine where the line is in all of this. One one hand I'm hearing numbers like, 1/2 million was spent on this latest scare and the person planting the devices is responsible. Are they going overboard on this? Some would say, no way, especially in light of 9/11. Others would argue that we are going a bit overboad.
Back to Geocaching. The premise of geocaching is to hide some items, record the location with GPS coordinates, post that information at Geocaching.com and allow weekend warriors to find the items. It's a healthy fun activity for families to do on a weekend day. Our family will take a picnic and make a great day out of it. The kids get exercise and lean some new things. A lot of times, these items are hidden in ammo containers (to keep out the elements), often with cammo aound it to help hide it. To the unsuspecting individual, it may appear threatning. That's why it's important to always follow the rules if you ever decide to hide or re-hide a geocache.
With more of these incidents happening, I'm getting concerned about something like a fun harmless Geocache object implying the wrong thing and landing someone in jail or with a hefty fine. Hopefully Geocachine doesn't become a thing of the past.
Monday Jan 22, 2007
Today, a new open source initiative was announced, OpenLiberty.
This will allow openSource developers to incorporate security and privacy capabilities from the Liberty Alliance Project and Web Services into Identity appliations.
This is great news. See you on the OpenLiberty Wiki and discussion groups!
Thursday Jan 18, 2007
What does privacy mean to you?
Send your definition, example use to me at tls@sun.com. I'll put together everyone's comments and create a little article about it.
Monday Jan 08, 2007
After writing my previous blog, I've found there are a few IPMITool commands that I run often. Here is a list of those commands. IPMItool allows for many options, most of which I haven't used. But here are a few that I've used quite a bit. In my case, I've simply put these aliases in my /etc/profile, but you can put them anywhere. I'm also performing all the remote access from a Solaris box.
Generic ipmitool command
Represents the common parameters used by all ipmitool commads.
ipmitool allows for the powering on, off and cycling the server.
If anyone has recommendations of other IPMI tools for Mac, I'd be interested, as most of my work is done on a iMac.
The options/assumptions that I'm sending the ipmitool in these alias shortcuts are:
| ipmitool parameter | Description and Example | -A password | Forces authtype to be password | -H foo.example.com | Hostname of the SMDC card | -U Admin | Use the Admin account on the SMDC card | -I lan | Use the LAN interface to access the SMDC card |
|---|
Represents the common parameters used by all ipmitool commads.
alias ipmi=”/opt/ipmitool/bin/ipmitool \ -A password \ -H foo.example.com \ -U Admin \ -I lan”Powering ON/OFF X2100
ipmitool allows for the powering on, off and cycling the server.
alias impi-power=”ipmi power”
Console in the X2100
alias impi-console=”ipmi tsol”
Status of the X2100
alias impi-status=”ipmi chassis status”
Wednesday Jan 03, 2007
This blog entry provides the basic steps I had to complete to get the sever setup to use the SMDC card. This will enable the server to be managed remotely for such items as: Powering OFF/ON and access via the console. There are many other features, however I won't discuss them at this time. These steps also assume that you are working with a system installing Solaris 10 update 3 from scratch. Also, these are the steps that worked for me. I'm sure that I missed a few minor things, as I've documented this after I've completed the entire process. If you see any issues, please provide me feedback and I'll try to make corrections to this entry.
Step 1 – Installing the SMDC Card
Upon receiving the SMDC (also known as the IPMI 1.5 Service Processor), I followed the installation instructions in the SunFire X2100 Server User Guide, section 4.5.2.
Step 2 – Updating the System BIOS
After installing, I upgraded the system BIOS using the latest SunFire X2100 Supplemental 1.5 CD. Just follow the instructions to update the BIOS to version 1.5.
Step 3 – Updating the SMDC Firmware and Setting up SMDC
Using the same supplimental CD, update the SMDC Firmware using the supplied instruction release notes. In addition, you will need to setup the network and user/password information on the SMDC card to access it from IPMItool later on.
Step 4 – Redirecting the console to the SMDC card
This is done via the BIOS screens:
Advanced BIOS Features --> Console Redirection --> Enabled over SMDC
Step 5 – Download the IPMItool
In order to access the SMDC interface, an IPMI application must be used (I don't know enough about IPMI to go into detail). Following the release notes, you can get a recent version at http://ipmitool.sourceforge.net
This tool will be used to power on/off the server as well as get console access. For my purposes, I installed this tool onto another Solaris box that I had. I believe you can also get this tool for Linux.
Step 6 – Use IPMItool to verify SMDC console access
Verify that you can access the SMDC by using sample commands like:
$ ipmitool {ipmi options} chassis status
Note: You will need to provide the proper IPMItool options like IP address of the SMDC network interface and User/Password.
Step 7 – Startup and IPMI console session
Run a command similar to:
$ ipmitool {ipmi options} tsol
This will connect you to the ttya port of the server (i.e. console)
Step 8 – Begin Solaris Install
Place the Solaris 10 update 3 DVD into the DVD drive and reboot the server. Be sure to choose the install options over ttya and an Interactive Text (console session) for the Solaris 10 install. Proceed with a typical Solaris 10 install.
Step 9 – Reboot Solaris and verify SMDC access
After the install, you can either use ipmitool to reboot the server with a command like:
$ ipmitool {ipmi options} power cycle
As the release notes indicate, console into the server and run the command “eeprom console=ttya” to verify that the console is set to ttya. After that, you should be complete. There are more steps in the release notes, however I didn't need to complete them as Solaris 10 update 3 seemed to function just fine.
What I did on my winter break...SunFire X2100, Solaris, RAID and ZFS
Trials and tribulations of using RAID and ZFS on a SunFire X2100 with Solaris 10 update 3.
First a bit of history. Last April, 2006, I purchased a SunFire X2100 box, barebones (no CD-ROM or drives). At the time I got by ok, as I purchased a nice little Seagate 500GB SATA drive from Fry's. Popped that in there and installed Solaris 10 update 1 from a USB CD-ROM drive. Have been running just fine with Solaris 10 zones/containers.
Recently, I purchased the internal DVD-ROM drive and SMDC Service Processor to be installed over the holidays. At the same time, I've purchased an identical Seagate 500GB SATA drive to allow me to mirror my drives and also use ZFS to mirror my data partitions.
Next, I've been using Solaris/SunOS/Unix for over 15 years, however I haven't done much with metadb's, Sun Volume Manager, ZFS, etc... I did receive a lot of help from the web in setting this up. Instead of creating one large blog with all the details, I'll document my steps as I go over the next few days. The references to the sites that helped me through this process are:
References
Matt Ingenthron's Blog – X2100 SMDC best practices...
Daniel Markle's Blog – Solaris 10 Partitioning, RAID, and ZFS
Friday Dec 15, 2006
This morning (8am), my daughter and I went to a local (Allen, TX) Starbucks Coffee to get a couple of gift cards for teachers. Got to the counter to find out that their gift card system (or sub-system) was down. What? For how long we asked? They are saying until 11am or 3 hours. I asked, they? She explained that the system was down for all Starbucks, and it wouldn't help to go to another Starbucks until after 11am.
Wow! I couldn't believe this was the case. Imagine how much lost business that would be. The worker didn't seem to understand the ramification of a system wide outage of their gift card system.
So, we proceeded to another Starbucks located in the local Kroger store. I knew they used a different gift card system, since it was a little more manual there, or not a part of Starbucks retail system. They were up and running with no issues. They had no idea the other Starbucks was having problems.
So I did a quick Google this morning to see if there was news about this, but saw nothing. Maybe it was just an isolated incident at the local Starbucks.
View My Stats