Saturday May 23, 2009

VirtualBox USB Ports

Running CentOS as my host OS and using VirtualBox to run "everything else", it didn't take long before I was running into USB problems. In my case I had a Windows 2000 guest on a CentOS 5 host (same for RedHat EL) and I wanted to use ActiveSync to connect to my WM5 Windows Mobile device.

I'm diverting for a sec, but this is the big reason why I like VirtualBox so much. I do software development for the Windows Mobile platform (http://www.locatea.net/) which requires a lot of software installation for Visual Studio and then even more for the various Windows Mobile SDKs. It is quite a job to get it all installed correctly. Previously that whole install could (and would) easily be screwed up because some completely unrelated application would mess up the registry, forcing you to reinstall the server and start from scratch.

Now, by virtualizing my desktop, I have an instance that I solely use for Windows Mobile software development. If I need Microsoft Office I do it in another Windows guest. And if I want to tryout a new software package that I don't really trust, I simply clone my base image and install it in there. If the app doesn't work out or behaves badly, I can simply blow the whole image.

So, where many people think that desktop virtualization is just great for running different types of OSes on a single host, IMHO it is even more important because it allows you to create multiple environments, that have very dissimilar functionality, but can have the same platform requirements. Of course I also use it to run OpenSolaris on my Mac. :-)

Back to USB in Windows guests. Out of the box it doesn't work, at least not on my platform. A little googling provides a lot of recommendations to add an entry to /etc/fstab (none /proc/bus/usb usbfs devgid=501,devmode=0664 0 0). It seems that for Ubuntu this fixes the problem, but not for RedHat / CentOS. It took me a lot of searching, but finally I found in an obscure corner of some forum a solution. You have to modify your /etc/rc.d/rc/sysinit file.

if [ ! -d /proc/bus/usb ]; then
        modprobe usbcore >/dev/null 2>&1 && mount -n -t usbfs \
                        /proc/bus/usb /proc/bus/usb -o devgid=501,devmode=664
else
        mount -n -t usbfs /proc/bus/usb /proc/bus/usb -o devgid=501,devmode=664
fi

This piece is mainly already there, but you need to add the "-o" parameters. In here "501" is the GID you have specified in your /etc/group for the vboxusers group.

After having done this, the Windows guest recognizes USB sticks, external hard drives and nicely connects to my mobile phone.

Wednesday May 20, 2009

Bizarre ftp Behaviour

After spending couple of hours editing a webpage, I lost all that effort when copying the file to my webserver. And of course before the automatic backup had been made. :-(

As always, there is a lesson to be learned.

Try this yourself:

$ ftp webserver

ftp> prompt
Interactive mode off.

ftp> mput *
local: img_2.gif remote: img_2.gif
227 Entering Passive Mode (192,168,32,72,126,33)
150 Opening BINARY mode data connection for img_2.gif.
226 Transfer complete.
12980 bytes sent in 4.2e-05 seconds (3e+05 Kbytes/s)
local: img_3.jpg remote: img_3.jpg
227 Entering Passive Mode (192,168,32,72,126,33)
150 Opening BINARY mode data connection for img_3.jpg.
226 Transfer complete.
28488 bytes sent in 0.017 seconds (1.6e+03 Kbytes/s)
local: webpage.html remote: webpage.html
227 Entering Passive Mode (192,168,32,72,164,239)
150 Opening BINARY mode data connection for webpage.html.
226 Transfer complete.
12498 bytes sent in 4.5e-05 seconds (2.7e+05 Kbytes/s)

ftp> ls *
227 Entering Passive Mode (192,168,32,72,219,226)
150 Opening ASCII mode data connection for /bin/ls.
total 268
-rw-r--r--    1 wwwillem wwwillem    12980 May 20 09:08 img_2.gif
-rw-r--r--    1 wwwillem wwwillem    28488 May 20 09:08 img_3.jpg
-rw-r--r--    1 wwwillem wwwillem    12498 May 20 09:08 webpage.html
226 Transfer complete.

ftp> ls -l
227 Entering Passive Mode (192,168,32,72,207,63)
150 Opening ASCII mode data connection for /bin/ls.
total 268
-rw-r--r--    1 wwwillem wwwillem    12980 May 20 09:08 img_2.gif
-rw-r--r--    1 wwwillem wwwillem    28488 May 20 09:08 img_3.jpg
-rw-r--r--    1 wwwillem wwwillem    12498 May 20 09:08 webpage.html
226 Transfer complete.

So far all has gone well. Notice the file-size of webpage.html, 12 kB.

Now comes the problem:

ftp> ls -l *html
227 Entering Passive Mode (192,168,32,72,142,146)
150 Opening ASCII mode data connection for /bin/ls.
226 Transfer complete.

ftp> quit
221-Thank you for using the FTP service on webserver.
221 Goodbye.

$ ls -l webpage.html
total 62
-rw-r--r-- 1 willem willem   209 May 20 09:07 webpage.html

Notice how the file has shrunk from 12 kB to only couple of hundred bytes? Let's have a look at the (new) content.

$ cat webpage.html
total 123
-rw-r--r-- 1 willem willem 12980 May 20 09:01 img_2.gif
-rw-r--r-- 1 willem willem 28488 May 20 09:01 img_3.jpg
-rw-r--r-- 1 willem willem   209 May 20 09:07 webpage.html

What happened here? The 'ls *' ftp command was ok, same for 'ls -l'. However when we did 'ls -l *html', the result of the 'ls -l' command was written to the local html file, in this case webpage.html. That's definitely not what I would have expected to happen. Very weird behaviour!!

Finally, the client was ftp on CentOS 5 and the server was an ancient RedHat 6.2 server. And no, 6.2 is not the successor of EL5. :-)

Saturday July 26, 2008

VirtualBox on Solaris

To implement a SunRay demo with a Windows Terminal Server back-end, normally we use two separate servers. But now, with virtualization all around us, why not put those two components on a single box. Of course, there are many ways to skin the cat. I decided to take the X4100 that I had in the lab, put Solaris 10u4 on it, then install Sun Ray Server Software (SRSS) and finally install VirtualBox with a Windows 2003 Enterprise Edition guest server for the backend.

However, this entry is not about Sun Ray or Windows, but about VirtualBox. When selecting the correct download, it was a bit unclear if there were separate versions for Open Solaris versus normal Solaris, or that it was all "one and the same". To jump couple of steps ahead, there is only one version, but it is clear that the developers of VirtualBox are doing their work with OpenSolaris and then expect it to work with regular Solaris as well.

Well, as I discovered, and with me many others, that doesn't always work out. The pkgadd is straight forward and without problems. At the end you will have VirtualBox in your path and you're ready to fire it up. But then I got the following error

bash-3.00# VirtualBox
ld.so.1: VirtualBox: fatal: libGL.so: open failed: No such file or directory

Things like this have happened before, and my usual solution is "let's Google". In this case that was the wrong thing to do, :) because I got soooo many wrong suggestions. In some forum I read that something is wrong with the service "svc:/application/opengl/ogl-select:default" or that you have to install the package "sunwcslr". In my case, none of this was true.

I'm sure that most of the problem is related to the difference between 32 and 64 bit systems. Not only the CPU, but also the OS and therefore the libraries must be matching. With my X4100, I was running a 64 bit AMD Opteron. I had installed Solaris running in 64 bit mode and I hadn't made the mistake of downloading the 32 bit version of VirtualBox.

Here's some commands you can use to verify your own configuration regarding these issues.

bash-3.00# uname -a
SunOS java3 5.10 Generic_120012-14 i86pc i386 i86pc

bash-3.00# ls VirtualBox*
VirtualBox-1.6.2-SunOS-amd64-r31466.pkg
VirtualBox-1.6.2-SunOS_amd64.tar.gz
VirtualBoxKern-1.6.2-SunOS-r31466.pkg

bash-3.00# isainfo -k
amd64

bash-3.00# which VirtualBox
/usr/bin/VirtualBox

This looks good, 64 bits all where it matters. But why are things still going wrong when you start VirtualBox. No matter what all the other forum messages are saying, in my case it was in the end simply a matter of not finding the 64 bit version of libGL.so. I tried many other things first, but what solved it was setting LD_LIBRARY_PATH to include "/usr/X11/lib/mesa/64".

bash-3.00# VirtualBox
ld.so.1: VirtualBox: fatal: libGL.so: open failed: No such file or directory
Killed
bash-3.00# echo $LD_LIBRARY_PATH

bash-3.00# export LD_LIBRARY_PATH=/lib:/usr/lib/64:/usr/X11/lib/mesa/64
bash-3.00# echo $LD_LIBRARY_PATH
/lib:/usr/lib/64:/usr/X11/lib/mesa/64

bash-3.00# VirtualBox
^C
bash-3.00#

Which shows what went wrong and how it can be fixed.

Friday July 18, 2008

Silence and Pavlov

Today I got my SunRay@Home. For those of you not working at Sun, that's a Sun Ray attached to your home network that directly VPNs (from the firmware) into SWAN, the corporate network. It allows for hot-desking from your cubicle to your study and vice versa. Pretty cool stuff.

Reason I wanted to have one at home was mainly eco driven. When I do things like software development I need a full blown desktop. But in the morning, between alarm clock and shower, I'm only drinking my first coffee and checking my email. Why should I fire-up the big desktop to only use a browser and an email client. And that was my background to sign up for the SunRay@Home program.

I got my unit today, installation was a jiffy. Everything fine, Sun Ray on my left display, PC on the right LCD. Around 10 PM I decided to shutdown the desktop PC. And then came the big surprise: For the first time in many, many years (probably twenty) I was using again a computer with zero background noise. No, not just the "nearly silent" that laptops give you, but simply absolute nothing!! It was lovely, but at the same time even weird, I guess a kind of reverse Pavlov effect (in this case I got the food but there was no bell). It appears that browsing the web and the noise of fans are by now in our minds tightly intertwined.

I do use a Sun Ray in the office, but of course modern offices can't be called noiseless. I have to go back 15 years, when I used my trusty VT220 and a modem into the office, for the last time I worked with a computer that didn't make noise. And then 20-25 years back when my desktop system consisted of a 6502 based BBC-micro computer. That one also without fans, but you still had the rattling sound of the floppy drives. :-) For the rest, it seems I've always had fans around me when I was doing my computer stuff.

So, this SunRay@Home is a keeper. I can hear the wall clock ticking again. The only thing I need to do is to replace the green power LED of my SR2 with a blue or a white one. That green is too ugly with the brushed aluminum.

Monday July 14, 2008

ILOM and DHCP

It happens too often that at customer sites there are issues around the IP address for the Service Processor. The proper way to handle this is IMHO simple: For each server, add an entry to the DHCP server, where based on the MAC address of the SP, a known IP address will be assigned. This way, everything is controlled by a centralized DHCP configuration but still each server gets a "semi static" IP address.

Unfortunately, in many situations customers can not implement this, or they simply don't want to. The "can not" is most likely not based on technical arguments, but has mainly to do with organizational and responsibility issues.

Your second option is to set the Service Processor IP address from the BIOS. Which works fine, but sometimes it can be hard to find a monitor and keyboard in a Data Center. Or nobody is willing to give you a free static IP address. Third option is to let the SP do a DHCP request and monitor the logfiles on the DHCP server to see what address was handed out. Which won't work if the person who needs to use the SP has no access to the DHCP server.

The end result is that you can easily end up in a Catch 22. In the old days of V20/40z servers, we had those tiny LCD screens and you could even set the IP address using a few buttons on the front of the server. But the newer generation doesn't have those features anymore.

Last week, I was again confronted with this problem (on a corporate network, where I had zero privileges) and I solved it in a different way. What I did was write a little script that tries to ping every IP address in the subnet, or better in the range that is available to the DHCP server. Kind of "poor man's port scanner". The script (let's call it "pingscan.sh") is pretty primitive and looks like this.

#!/bin.sh
for i in 13 14 15 16 17 18 19 20 21 22 23 24; do
for j in 0 1 2 3 4 5 6 7 8 9; do
ping -n -t 1 192.168.1.$i$j 1
done
done

This will scan addresses from 192.168.1.130 to 192.168.1.249, adjust the values for your network. The "-t 1" and the "1" at the end (this is Solaris ping) will take care that with one second gaps, each address in the subnet will be tried. So, the script will take a few minutes to complete, depending on the range.

Fire up your server and let the SP do a DHCP request. Then run "pingscan.sh > before". And here comes the trick! Disconnect the network cable to the SP and run "pingscan.sh > after". A simple diff of the two files will show which IP address was given to the SP.

# diff before after
57c57
< 192.168.1.186 is alive
---
> no answer from 192.168.1.186

The script could be made much fancier, but this one only uses /bin/sh and can be typed in a couple of minutes. On a large and busy network it could happen that you will get multiple candidates. And of course this is not a preferred solution, because it isn't guaranteed that a week later the DHCP server won't give a different IP address. But this trick can help when you find yourself in a nasty corner. At least, it did that for me.

Wednesday November 21, 2007

Solaris Security

It's already dark when I leave the hotel, dragging my carry-on behind me. I can turn left, to the pub where the rest of the troops is probably already behind their second beer, but I decide to make a little detour to the right. I walk to the front of the 18-wheeler to see if Dan, the driver of our Project Blackbox rig, is still around. I find him, with big gloves on, between the power generator and the water chiller. He is working hard to make the Blackbox transport ready again. We shake hands to say goodbye.

I met Dan for the first time in Calgary a month or so ago, great guy, not only the driver of our Blackbox demo roadshow unit, but also the one who took the most fabulous pictures of the box in between the high-rise of Calgary's downtown core. Today we are in Vancouver. Different bussiness drivers, but the same crowd that gets inspired by Project Blackbox and sees how it can open new avenues for datacenter expension, consolidation and "going green".

After my goodbye to Dan, who's now off to Mexico City, I join my colleagues and then it's off to the airport. For those of you who are "frequent flying" as well, you know the drill. Empty your pockets, get all your keys and stuff into the grey plastic bin, your laptop in the second bin, your coat in the third, etc.

But now it comes....

One of the security folks, I would guess around 60 years old, sees my Sun badge in the bin next to my coins, my keys and phone. He asks me out of the blue, "but is Solaris free" .... and it is clear he means it in the "free as in beer" sense. It catches me a little off guard, but my reply is "you can just download it, no problem". His counter "yeah, but do I get source code and am I then able to change it?" I try to assure him with "of course, that is what open source is all about". Next question: "but do I need assembler code to do this?" (now you understand why he was at least 50+ :-). I hope I was correct, but my answer was "no problem, it's all C code, you will be fine".

And this all happened within 20 seconds, five times the speed of an elevator pitch, while at the same time I was emptying my backpack to get my laptop into the gray plastic bin, etc. Time was flying way too fast!! I would have loved to talk with this guy about what project he was working on. He was a really interesting person. As a day job checking our bags for stupid things like bottles of shampoo, but in the end really interested in how he could modify and improve Solaris.

That's special !!

Thursday June 28, 2007

Half Baked User Friendly

I guess since Windows 98 or so, it's the default in Explorer not to show you file extensions. Probably Microsoft hoped they could beat Apple in user-friendliness and thought that the icon would be good enough to show you the filetype. And maybe that would have been OK, if it had been implemented correctly (as a set of meta-data) like on my good-old NeXT.

It can't be that I'm the only one who completes every Windows install by: a) go to 'Folder Options' -> 'View' and unselect the 'Hide File Extensions', then b) take care that Explorer and the MS-DOS box are not hidden deep down in the 'Accessories', but are icons on the Desktop, part of the toolbar, and in the main of the Start menu. I guess I've done that now a hundred times. And it annoys me that with each and every newer Windows version, this stupid UI design is still there.

Tonight, this whole thing went a step further, and even more bizar. On a latest-greatest Windows Mobile phone, an application failed and wrote its results to a logfile (let's call it abc-xyz) in the root directory. I tried to open the file by double clicking it, but I got a pop-up that I had to open the application first and then open the file. OK, so I started 'Mobile Word', clicked 'Menu', then 'File' and found a wide range of options (like New, Save, etc.) but not 'Open'. Duh ....

In the options screen I discovered that there is a feature to select what types of files Word Mobile will show me, which even includes 'All Known FileTypes'. Mmmm, that sounded good, but still no luck. Finally I discovered that my file was in reality called abc-xyz.log, but the extension was, as explained above, not shown and secondly a .log file is appearently not a "known filetype" for Windows Mobile. When downsizing Explorer to the Mobile platform, it seems they had to drop the option 'Show All Files'. As if there is not enough memory for all the other bloatware.

But OK, I got closer to a solution. Let's simply rename the file to 'abc-xyz.txt', or even '.doc' and then all will be fine. Ehhh, not so!! Word still couldn't see the file. That was when I discovered that the rename in Explorer had rebaptized my file into 'abc-xyz.txt.log'. Which makes sense when you keep the .log part hidden, but it is absolute BS if the result is that you can't open a simple log file anymore. All in the sake of user friendliness.

You start to wonder how much usability testing has been done on a feature like this. And even more what audience the Windows developers had invited for these sessions. It's my guess that these were not a group of power-users and that the software developers were thinking that if the UI was good enough for them, it would be more than good enough for more sophisticated people. WRONG!!!

Long story short, in the end the only way to open my logfile in any application was to copy it from the phone to my desktop and use some editor to open the file and see its five lines of content.

Sunday June 17, 2007

External Display at Boot

My notebook — a Fujitsu P7010D — is light and small, therefore, when not on the road, I use it with an external display and keyboard. Solaris 10 being my main OS, some careful timing is needed for when to press the Fn-F10 key while booting. It has to happen when X-Windows hasn't started yet. The display of the grub boot menu is always a good moment.

However, couple of days ago I discovered another method. I guess it's also valid for other notebooks and although I didn't test it yet, this little trick should work the same way when you run Linux. This is what I do: First of all connect all external devices, then open the laptop, press the power button, and now immediately close the laptop again. Result is that the BIOS detects this and will select the external display straight away. No need to press any function key anymore.

Friday May 11, 2007

Network Speed with Zones

A little time back I was preparing for a big benchmark project where our customer wanted to compare a single large system using many zones with a more horizontally scaled infrastructure, consisting of a number of smaller servers, like V490 and V890. I immediately thought that replacing a number of servers, being chatty over the network, with a single server, carved up into zones, would give a big benefit in network performance. Zone-to-zone network traffic should be faster than server-to-server. So I fired off some emails to people that I thought would give me the final answer, but the responses were very mixed.

Therefore it was time to do some of my own experiments. Doing a big benchmark in one of the Sun Solution Centers, I had the availability of some serious hardware for these tests. On the other hand, as is usual with these types of projects, there was a lot going on at the same time, therefore in the end time was limited for this little exercise.

This was my test platform:

This is the environment I built:

This provided us with three test scenario's: a) network traffic from one virtual interface to another, both on the same physical interface, b) two zones talking with each other, each with their own physical interface and c) two independent servers, or in this case domains.

I used ftp to send files of three different sizes: 1M, 3M and 1G bytes. All files were created in /tmp and sent to /tmp. I repeated each test three times. Here are the results (all times in secs):

So, from this we can see clearly that zone-to-zone traffic doesn't "hit the copper" and probably gets shortcutted somewhere in the IP layer of the TCP/IP stack. I would think that with slower interfaces, like 100 mbps, the speed advantage will be even higher than the 1.5-2x we see here.

Monday March 26, 2007

Wireless Activate on Boot

Last night I finally found the time to upgrade my laptop from a "too much patched" Solaris 10 5/03 to a latest-greatest "Solaris eXpress Developer Edition". Before we dig into wireless, I've to do a little plug for SXDE. I think it's a great idea. Many users want on their desktop or laptop something that is up-to-date, must have a decent stability, but doesn't have to be as rock-solid as a normal Solaris release. Problem with using standard S10 on a laptop is that drivers can be "way behind". Which is then normally already fixed in Nevada, but running that on the system that my email is depending on is not my piece of cake. Nevada is great, but please on my second system.

SXDE is the sweet spot in-between: Once every 3 months a snapshot is taken of the Nevada code (the bi-weekly release of that is now also called Solaris eXpress, Community Edition, SXCE), which gets then a couple of "fixes only, no new features" debug cycles, is then bundled with Studio 11 and released to us, the Solaris end-users and developer crowd. I think this is great, it's more stable than S11 Nevada, which is really beta code, and still you get all the latest bug-fixes and drivers.

So, I moved over, and everything went very, very smooth. I also rebooted a couple of times, started to customize the system, configured NTP, noticed that SXDE knows about my Artheros WiFi chipset, configured that, and all was great. One of the biggest features for me was that it decided NOT to overwrite my MBR. So, even while my system is running RH and XP in parallel to Solaris, I didn't have to do any of that 'grub' stuff to reinstall the Master Boot Record. Cool.....

For whatever reason, I did a reboot and my system hang with an absolutely black screen. I rebooted in FailSafe mode, but couldn't see anything wrong. So I reinstalled from scratch. And again the first half hour all was OK, but then it would hang like hell. I couldn't even ping the box. I guess that in total I reinstalled 4 times over the weekend, got quite a routine for it :-), but finally I figured out what went wrong.

As usual it was a combination of a mistake by me, and a system that's not foolproof enough. In this case, my mistake was that when I configured Wireless I told it to "Activate on Boot". Made sense. But I don't have an access point, and was simply testing on what my neighbours provided on the 2.4 GHz band. :-) What is the problem, is that if you click "Activate on Boot" and then, when booting, you don't have a proper access point, the system is not properly timing out. At least that is my theory. It simply waits and waits and waits. With the result that the system simply hangs and you have to reinstall from DVD.

I guess that alternatively you can figure out how to reverse that "Active on Boot", while in FailSafe mode. I kept life more simple and from then on didn't touch that checkbox anymore. Which, so far, works pretty fine.

Saturday December 30, 2006

Solaris 10 printer setup

Last time that I had to setup a printer in Solaris, it was an experience straight out of hell. It was 2-3 years ago, on a system running Solaris 9, and I finally got it working, using the Common Unix Printing System (CUPS), but my experience was bad enough that since then I avoided, as well as I could, to get ever involved with printer setup again.

But setting up a Solaris 10 based system recently, to be used as a home PC, I faced the topic again. I read some man-pages and did some Googling. After some erroneous first attempts, I checked out docs.sun.com and was pointed to "printmgr". Which has improved hugely since two years ago.

The printer I had to setup was a cheap HP Deskjet 812C. And to my surprise, the list of printers preconfigured in printmgr is biiiiggg, also including my little Deskjet. Because this is a parallel port connected printer, the device it resides at is "/dev/printers/0". So far so good! See here is what I had to do to seup.

click for full-size

After this I tested with "lp -d deskjet /etc/nodename" and the textual printout was fine. Then it was time to start Mozilla and print a page with graphics and color. Also this worked out-of-the-box.

The last thing to do was to configure the printer in StarOffice. Because StarOffice runs on Windows, Linux, Solaris, OS-X and a couple of other systems, it doesn't make use of the underlying printer subsystem, but has its own. Which is a hassle, but from a software development point of view, I understand why they did it like that. To configure the new printer in StarOffice 8, go to Launch -> Applications -> Office -> Printer Administration. And then I ran out of luck. StarOffice knows only about one HP Deskjet printer and that was of course not the model I had. I still configured using that driver, and I got printouts, but there were white bands every inch and couple of other formatting issues. So, that was not the way to go.

Time to pull out of my bag of tricks a goldie-oldie, I've used for years with success. When setting up a PC, I always configure a HP LaserJet III and an Apple LaserWriter II printer. The first driver can be used for any printer that uses PCL, while the latter is the lowest common denominator for PostScript based printers. OK, you won't get the use of features like two-sided printing or using other paper bins, but for basic printing these two configs are good enough.

Back to StarOffice, I selected the driver for the "HP LasterJet III PostScript Plus" and printed a test page. All was fine, including color. Which was a bonus, knowing that the LJ III was a B&W laser printer.

Thursday December 28, 2006

Solaris install + USB ... a no-no

Last night ... mmm, more early this morning :-) ... I was installing OpenSolaris SDX beta (Nevada build #55) and forgot that my USB external drive was still plugged in. This happened because I had downloaded on that drive the 4 Gig ISO image and then burnt it to a DVD.

The install went well, with the only muddy thing that my bootdisk had become c2d0 and not c0d0, what I'm used to. But still: so far, so good. After login I noticed the USB partition being auto-mounted, which is good, and I suddenly understood what had happened. The USB device has one way or another a higher priority over the ATA harddisk and therefore the bootdisk becomes c2d0. Which is of course not what you want to happen.

You can imagine that when I unmounted the USB disk and rebooted, the system needed some deep hard thinking – read "long timeouts" – before it understood where to find its MBR. In short: don't do this!! I took the easy way out and reinstalled everything from scratch, which was not too bad but could have been avoided. Lesson to learn: unplug every USB stick or device before you install an OS.

1-888-THUMPER

A while back I attended Immersion Week in St Charles near Chicago, which is a Sun internal conference / training session "for the techies" to learn about the latest products and technologies. After a morning session on Thumper (now officially Sun Fire X4500) and Honeycomb (StorageTek 5800), I decided to skip lunch and get some fresh air instead.

I walked into town, which is pretty small, and after a brisk walk, my eye suddenly fell on this truck. Not so much because of the shape or color, but of course because of the phone number. What kind of coincidence was this? The truck seemed to belong to some kind of utility repair company. And I guess the ladder will come in handy if you need to replace a disk in a "top of the rack" Thumper system. :-)

Thumper, a server/storage combination with 24TB of disk and dual AMD Opteron processors, got its code-name from John Fowler. Which was last July C|Net's "Quote of the Day" with the phrase "and from now on I'm not allowed to name anything". The summary and details of that story are still online. If it is completely true, I don't know. But it's as funny as this 1-888-THUMPER telephone number.

Monday July 24, 2006

adding a network card with Solaris X86

It's the kind of thing you don't have to do very often, because the Operating System install takes care of it so well. Even to the extend that you are tempted to just reinstall the OS when adding some new hardware to your system. In this case I needed to add two 3Com network cards to an Ultra-20 that was already configured for the onboard Ethernet. I know how to do it under Linux: just start the GUI config tool. With Solaris, it's a bit more of a manual process. But, in the end not too tough, and when you get stuck, Google is your friend.

I first checked the Solaris FAQ at www.sun.drydog.com. It was not 100% accurate (probably based on an older Solaris version), but a very good starting point. Manually configuring a network with ifconfig is something I've done often enough. But the issue for me is that I don't know which device/driver name to use. In Linux this is simple, it's always "eth0", but in Solaris it depends on the driver.

After adding the network cards and rebooting I did a PCI scan:

bash-3.00# /usr/X11/bin/scanpci
pci bus 0x0000 cardnum 0x0a function 0x00: vendor 0x10de device 0x0057
 nVidia Corporation CK804 Ethernet Controller
pci bus 0x0001 cardnum 0x09 function 0x00: vendor 0x10b7 device 0x9050
 3Com Corporation 3c905 100BaseTX [Boomerang]
pci bus 0x0001 cardnum 0x0a function 0x00: vendor 0x10b7 device 0x9050
 3Com Corporation 3c905 100BaseTX [Boomerang]

You see the onboard Ethernet Controller and then the two 3Com cards. The important part is the vendor and device numbers. With these two, we now have a look at:

bash-3.00# grep 9050 /etc/driver_aliases
elxl "pci10b7,9050"

This gives us the "elxl" driver name I was looking for. Alternatively, you can have a look at:

bash-3.00# grep 9050 /boot/solaris/devicedb/master
pci10b7,9050 pci10b7,9050 net pci elxl.bef "3Com 3C905-TX Fast Etherlink XL 10/100"

To take care that Solaris "picks up" the card, you need to do a "touch /reconfigure" and then restart your system with "reboot" or "init 6". The FAQ says that you then have to press 'Esc' during the driver configuration, but that's not the case (anymore). After rebooting, it's time to configure the network interface. First by hand:

bash-3.00# ifconfig elxl0 plumb
bash-3.00# ifconfig elxl0 netmask 255.255.255.0 192.168.1.2
bash-3.00# ifconfig elxl0 up
bash-3.00# ifconfig elxl0
bash-3.00# ping 192.168.1.1
bash-3.00# ifconfig elxl0 down
bash-3.00# ifconfig elxl0 unplumb

And when that works fine, (assuming "moon" is the hostname) make it permanent with:

bash-3.00# echo "moon" > /etc/hostname.elxl0
bash-3.00# echo "192.168.1.2 moon" >> /etc/hosts
bash-3.00# svcadm restart network/physical

Saturday June 03, 2006

Apache Virtual Host

If you're like me and over the years you've collected a couple of domain names because at the time they were "way too cool", or when you're serving out of your basement the vacation pictures of a couple of friends, then Apache's "Virtual Host" is what you're looking for. What this web server option allows you to do is to have a single web server handle the traffic for multiple domains.

For this example let's assume you got (long time ago, when still available :) the domain name "www.myself.com". And now you claimed for your buddy the domain "www.myfriend.com". And let's also assume that you either have a static IP (probably not) or that your ISP is changing their DHCP leases very infrequently (probably yes). So you've managed to configure (with your registrar) your domain name to point to your current IP address '12.34.56.70'. Now go to the registrars web site for "myfriend.com" and (in the DNS section) let it point similarly to '12.34.56.70'.

In the following I'm configuring an Apache server on a Cobalt Qube. However, this works exactly the same on any other Apache server (on Linux). To start, create with the Cobalt's web interface a new user called 'friend'. If that worked as it should, you will be able to browse to your buddy's website by pointing your browser at http://12.34.56.70/~friend/. Probably you will just see the boring standard template page. To help with debugging create a different webpage by editing "/home/users/friend/web/index.html".

Now we're going to edit '/etc/httpd/conf/httpd.conf' (better save a copy first!!). At the bottom there is a VirtualHost section, but (at least with a Cobalt) it's all commented out. Leave that as it is, but add the following seven lines:

# VirtualHost: Allows the daemon to respond to requests for more than one
# server address, if your server machine is configured to accept IP packets
# for multiple addresses. This can be accomplished with the ifconfig
# alias flag, or through kernel patches like VIF.

<VirtualHost www.myfriend.com>
ServerName www.myfriend.com
ServerAdmin my.friend@his.email.com
DocumentRoot /home/users/friend/web
TransferLog logs/myfriend-access_log
ErrorLog logs/myfriend-error_log
</VirtualHost>

The only important piece here is the 'DocumentRoot' parameter. You can point it to any place in your directory tree, but to make it the same as '.../~friend' does make sense. On some other platforms this will be '/home/friend/public_html/'. If you omit the two lines for logfiles, the logs for your friend will go to the same files as the rest of the web-server.

Now restart the web-server with "/etc/rc.d/init.d/httpd restart" (on some other platforms this is "/etc/init.d/apache restart" or similar variants) or simply restart your computer. That done, point your browser to http://www.myfriend.com/ and you should see the page that you edited as '/home/users/friend/web/index.html'.

OK, you're ready to become a mini ISP. But be aware, if you've a standard residential fast Internet line, your ISP probably doesn't allow you to have a web-server in your basement!! On the other hand, they probably don't mind, as long as you keep it small-and-personal. Just a couple of pictures showing off the new house or baby, and probably nobody cares.

Friday May 26, 2006

Xinerama

Last weekend I was installing a Xinerama system using a Matrox G450 dual-head card. Hey, $15 at TigerDirect, what do you want more. But it's not the price that this topic is about, it's probably even not Xinerama that it's about. When you install a dual-screen system – doesn't matter if it's Windows, Linux or Solaris based – you simply get a display twice as wide, with the result that among all other problems the pop-up window appears in the center. Oops, that center is where you have those two chunks of beige plastic, which is called the case of your monitor :-).

In some situations this concept of an extra-wide screen is maybe useful, but IMHO in most it is not very apropriate. I've noticed that more recent Xinerama versions have become more intelligent when it comes to pop-up's, but still I think that taking two screens as just a single extra-wide one is not the right choice.

Let's take a step back. Having a second display is not so much having a bigger screen, but much more similar to the multi-window feature X-Windows display managers have since a couple of years. It's also more like what in the old days you could do on a 80x24 display with Alt-F1, F2, F3 or F4, just switching from one screen to other. I think it is even very similar to what a tabbed browser like Mozilla / FireFox provides you. So yes, it is a second screen, but that doesn't automagically make it into a wider screen.

Now I know that I can solve the "popup in the middle" problem by having a third screen, or maybe five <g>. The popup then again appears centered, but that's beyond the point. Many desktop users like multiple screens, but most don't use them as one large canvas. It's most often something like "let's keep my email open on the right, while I keep working on the main screen". Notice the phrase "main screen"!! It's time to have an alternative to Xinerama, very similar to the multi display feature in X-Windows, controlled by the bar/panel at the bottom. I think the display needs to be more distinct, the mouse will not move "out of bounds", but still you can drag a window to another display.

For me, that would be a much more natural user interface. And maybe it does exist already (most things do :-) and I just haven't found out how to configure it in X-Windows. If not, it's probably time for me to start a little X-Windows hacking project ... ehhh, probably not so 'little'.

Thursday May 11, 2006

Solaris X86 real-time clock

Having enough Unix blood in my veins – be it Solaris, BSD, Linux, AIX, Ultrix, Xenix, SCO, whatever – when I install Linux on a PC I always configure the CMOS clock to be running in GMT. When that system runs Windows too, it's maybe not too wise a choice, but the purist in me likes the Unix method of having a UTC based real-time clock.

Here I have to side step for a bit and give air to a personal rant: Why on earth (very literally in this case) are calendar systems, especially on PDAs, not able to schedule meetings in a different timezone than where you are. And in addition keep track of the timezone you're in. Even if you're not a road warrior, con-calls are attended from many zones. It gets worse, let's say you are in EST when you schedule the con-call, and after travelling from EST to CST you attend. By now your calender has become a complete mess. That's why PDAs should use the Unix method for storing dates and times. And the applications of course need to change.

Back to our notebook with that combo of Windows, Linux and Solaris. With two-out-of-three winning here :-), I always configure the real-time clock to run in UTC. Of course you have to be careful that Windows isn't syncing with an NTP server. Still I had problems with the time on my system and I must admit that I blamed that fully on Windows. Which is not true ... but also true.

Investigating this a bit more systematically and reading the appropriate man pages, I discovered that Solaris X86 assumes your real-time clock to run in local time. This, because Solaris also assumes that it has to co-exist with Windows. Therefore, if you read the manpage for /usr/sbin/rtc and look in the file /etc/rtc_config, you will see that it stores the seconds between the local clock and UTC to take care that when the CMOS clock runs local-time, the Unix kernel can run in UTC and then the normal Unix TZ mechanism is used so that date/time info gets displayed again in local time. In my opinion this is really to Take The Long Way Home, but that's how it is.

#
#       This file (/etc/rtc_config) contains information used to manage the 
#       x86 real time clock hardware.  The hardware is kept in the machine's 
#       local time for compatibility with other x86 operating systems.  This 
#       file is read by the kernel at boot time.  It is set and updated by
#       the /usr/sbin/rtc command.  The 'zone_info' field designates the local 
#       time zone.  The 'zone_lag' field indicates the number of seconds 
#       between local time and Greenwich Mean Time.
#
zone_info=Canada/Mountain
zone_lag=21600

I didn't test it, but I presume this gets updated on-the-fly at the start and end of Daylight Savings Time. Bottomline is that whether you like it or not, the CMOS clock must run in local time and that you must configure your Linux installs accordingly.

Tuesday May 09, 2006

NVIDIA nForce 3 Ethernet

At home, I'm using those little black Shuttle SN85G4 systems. One as my desktop and one as a MythTV project under way, which has to be ready by the time the soccer championship hits us in June. These Shuttles are running AMD64 (socket 754, no Opteron's :-). They're small, pretty silent and because Shuttle is coming up with new stuff, you get them pretty cheap, if you're still able to find them.

This weekend I was installing Solaris 10 and stumbled on the nForce 3 chipset not being supported. Also no download available from NVIDIA (for Linux yes, not for Solaris). That gives you a system with no working NIC, and that's no good. Checking the HCL, they clearly took the "easy way out" by installing a separate PCI network card, by-passing the onboard NIC.

A little browsing brought me to Masa Murayama's website which brings a whole set of unusual and therefore so useful NIC drivers. Among those, one called "nfo" for the nForce chipset. Masa labels the driver alpha-code, but I've had no problems. If you're going to use this driver, here are some tips. The tarball contains the source, but also ready-to-go modules for i386 and amd64. You can try to build, but if possible, better don't. Forget about "make", jump straight to "make install". I'm saying this, because building with gcc needed a little hacking and compiling with Studio 11 wasn't successful at all.

Next, follow his README carefully. It includes an "install", then an "uninstall" and then again an "install". This sounds weird, but if you follow it strictly, it all works. If you try to make shortcuts, like I did :-), you better know what you're doing, I didn't :-).

I stumbled on one problem. Part of the install is running a script called "adddrv.sh". In my case that gave a message about a library already being installed. I took that as a warning, but it really was an error. You have to solve that (by commenting out a line in the script, in my case two lines) before you can continue. If you ignore it, you're in trouble, it won't work.

When I later emailed about this with Masa Murayama, he mentioned that the likely cause was an nForce GbE driver recently added to Solaris. I guess he is right about that, but for me he is "1 - 0" ahead of the game (we're back to soccer here :), because the standard install didn't give me any networking at all and his "nfo" driver is doing fine.

Tuesday May 02, 2006

Sun Desktop Manager 1.0

May 1st, Labour Day. Isn't that a nice date for my first article on BigAdmin. A small part of today's Network Computing Event, was the release of Sun Ray Software 4. Which includes Sun Desktop Manager 1.0, formerly aka APOC. The latter originated in Sun's JDS on Linux, but the current SDTM is targeting SunRay and Secure Global Desktop.

With Sun Desktop Manager you can store and manage the configuration of a user's desktop (his Gnome preferences, his proxy server, his Mozilla's home-page) in a central directory. The cool thing about this is that because a directory has an hierarchical structure, you can enter these settings not just for the individual, but for whole departments at a time. Or the hierarchy can be based on your network topology, or even both. Desktop Manager will also allow you to lock down desktops by disabling entries in the Gnome start-menu.

I could go on and on about the cool features of this system, but that's not the topic. In the last two years I helped quite some customers with setting up POC's. A stumbling block for many of them was always the lack of knowledge on how to configure the LDAP server. The folks that created SDTM always assumed that people would know that, but working in the field you realize quickly that that isn't always the case. I did some beta-testing of SDTM 1.0 and converted my ldif files from the old APOC to the new SDTM. And then decided to "finally" figure out how this could be done without some magic ldif files, but just with the available Directory Server console tools.

While doing so, I captured screenshots and glued the whole thing together into a step-by-step guide on how to set this up. And that resulted in this BidAdmin Feature Article with the name "Sun Desktop Manager Tutorial". It will be referenced from the SDTM product documentation, when that's released on May 16th.

Sunday April 30, 2006

Video projectors and Xorg

Recently, setting up at a customer site, I had problems hooking up my notebook, running Solaris 10, to the video projector. Not the best timing of course. :-) Playing around with this lateron, I discovered the following. If the function key to switch video (F5, F10, whatever it is on your laptop) doesn't work to switch from LCD to projector, there is a trick.

Logout, and with the Solaris 10 login screen in front of you press <ctrl><alt><backspace>. This restarts the X-Windows server. While it is doing this (so immediately after your three-finger salute) press <Fn><F10>. The trick seems to be that switching video only works when the X-Server is not running.

It will depend on your notebook of course, but it is my experience that where Windows normally allows you three video modes – LCD, external or both – with X-Windows it is either one or the other. However, this could be because my LCD is a 16:9 widescreen afair, while the video projector (or monitor) is the traditional 4:3.

Now we're on this subject: If you create an xorg.conf file with "/usr/X11/bin/Xorg -config", you better add (manually) to the Monitor section some "HorizSync 20-80" and "VertRefresh 50-90" entries. If you don't, Xorg will use the default modes, which are only good for 640x480. This is not specific for notebooks, in the past I noticed the same on a V40z.

(2006-04-30 12:12:22.0) Permalink Comments [3]