For several reasons we have migrated our DHCP infrastructure from Sun’s DHCP service to ISC dhcp here at work. To aide in the process I created a little perl script to generate the Host declarations for a given network.

dhcp_migration.pl
I’ve also created a manifest so that isc dhcp services can be integrated into Solaris 10’s SMF.

/lib/svc/method/isc-dhcp-server
/var/svc/manifest/system/isc-dhcp-server.xml
Copy both files into the locations show above, then run

svccfg import /var/svc/manifest/system/isc-dhcp-server.xml

Beta Testing Solaris 10 update 3 (11/06)

Trusted Extensions

Wow!, I’ve never used trusted solaris before and I can tell you this is a beast. Set up and the learning curve for Administration is a little steep but you will be able to control user operation and auditing to the tiniest minut detail.

Upgrading the Company Web Farm to Solaris 10 update 1 (1/06)

This by far has occupied the majority of my 8-5 time during the past weeks. I’ve managed to streamline the install process so that we go from bare metal to fulling running in about 20mins. Thanks in large part to flash archives and derived profiles. We have about 180+ servers spanning 3 different x86 models of hardware in use for our Web Farm so by using derived profiles I am able to prob a little deeper and setup before the install takes place.

Derived Jumpstart Profiles

I have had to use derived profiles to overcome the limitation of the profile keywoard “metadb”. If it would only take the “rootdisk” keyword, I wouldn’t even need a begin script Here’s the simple but much needed workaround. Since we are using Soft partitioning the metadb is a much needed item during the installation.

#!/bin/sh
#
# begin script 10/30/2006 shane
#
# This script creates a derived profile to overcome the limitations of rules.ok
#
#
#
echo “# # # # # # # #”
echo ” # # # # # # #”
echo ” BEGIN ”
echo “# # # # # # # #”
echo ” # # # # # # #”
#
#
#
# Print the values that we have detected
#
echo “Physical memory detected: ${SI_MEMSIZE}”
echo “Root disk detected: ${SI_ROOTDISK}”
echo “Root disk size detected: ${SI_ROOTDISKSIZE}”
sleep 5
#
#
# Set METADB Slice
DISK=`echo “${SI_ROOTDISK}” | sed ’s/0$//’`
echo “DISK is ${DISK}”
#
#
# Create derived profile
#
echo “install_type flash_install” > ${SI_PROFILE}
echo “archive_location nfs 10.x.x.x:/vol/flar/s10u1.flar” >> ${SI_PROFILE}
echo “partitioning explicit” >> ${SI_PROFILE}
echo “filesys ${DISK}0 4096 /” >> ${SI_PROFILE}
echo “filesys ${DISK}1 4096 swap” >> ${SI_PROFILE}
echo “filesys ${DISK}3 4096 /var” >> ${SI_PROFILE}
echo “filesys ${DISK}6 free” >> ${SI_PROFILE}
echo “metadb ${DISK}7 size 8192 count 3″ >> ${SI_PROFILE}
#
#
#

System/Service monitoring

We have “some” Enterprise monitoring in place but due to cough some ball dropping and fat fingering we needed to put in place some additional steps to check that our DNS services are functioning properly. Basically forward and reverse lookups for some of our key network segments. I went round and round with a few methods of implementation but the problem is that I needed to use the hosts derived method of name resoltion. AHA: /etc/nsswitch.conf. The easiest way I found was to use perl and the gethost* functions.

#!/bin/env perl
#
## Shane Milton 10/16/2006 (Autotrader.com, LLC)
## DNS fwd/rev checking for Failure points in Colo Farms
# note: this script is intended to use the local operating system facilities for name resolution.
#
#
#
use strict;
use warnings;
use Socket;

## Hosts are evaluated according to the This Map
my %map = ( “host_k” => “10.x.x.11″,
“host_a.domain.com” => “10.x.x.1″,
“host_b.domain.com” => “10.x.x.2″,
“host_c.domain.com” => “10.x.x.3″,
“host_d.domain.com” => “10.x.x.4″,
“host_e.domain.com” => “10.x.x.5″,
“host_f.domain.com” => “10.x.x.6″,
“host_g.domain.com” => “10.x.x.7″,
“host_h.domain.com” => “10.x.x.8″,
“host_i.domain.com” => “10.x.x.9″,
“host_j.domain.com” => “10.x.x.10″
);

my $a_email = qw(alertemail@domain.com);
my $curr_host = `uname -n`;
my $msg = “Contact Unix On Call\nHost :: $curr_host :: is having DNS resolution problems”;

sub chkforward_lookup ($) {
my $input = $_[0];
my ($name, $aliases, $addrtype, $length, @addrs) = gethostbyname($input);
my $ip = inet_ntoa($addrs[0]);
return $ip;
}

sub chkreverse_lookup ($){
my $input = $_[0];
my $ipaddr = inet_aton($input);
my ($name, $aliases, $addrtype, $length, @addrs) = gethostbyaddr($ipaddr, AF_INET );
return $name;
}

# Main
while ( my ($host, $ip) = each(%map)) {
if ( !(&chkforward_lookup($host) eq $ip) ){
my $ferror_msg = “FWD LOOKUP FAILURE: Host: $host did NOT resolve to expected ipaddress: $ip\n”;
system(`/usr/bin/printf “$msg” | mailx -s “FWD LOOKUP FAILURE $host” $a_email`);
}

if ( !(&chkreverse_lookup($ip) eq $host) ){
my $rerror_msg = “REV LOOKUP FAILURE: IPaddress: $ip did NOT resolve to expected host: $host\n”;
system(`/usr/bin/printf “$msg” | mailx -s “REV LOOKUP FAILURE $ip” $a_email`);
}

}

Max Number of Processes support by Solaris Out of the Box.

Thanks to help from the folliwing link
http://spiralbound.net/2006/03/31/how-to-increase-the-maximum-number-of-processes-per-uid-in-solaris/

It looks like 30K process limit for Sparc:

30000 maximum number of processes (v.v_proc)

29995 maximum processes per user id (v.v_maxup)

and 16K process limit for x86:

16362 maximum number of processes (v.v_proc)

16357 maximum processes per user id (v.v_maxup)

From my quick eval this seems to hold true across Solaris 8, 9, and 10.

I’ve been working quite heavily with ZFS as of lately. So far, I’m loving most every aspect of it except for a few quirks.

Most importantly being the lack of performance on 32bit systems.

Recently I found a defect in zfs recieve that allows the creation of an invalid named snapshot.

This rogue snapshot then causes the other zfs and zpool commands to core dump. It’s quite fun. You can’t rename it, you can’t destroy it, you can’t list it .. .you can’t do anything to it. Eventually You’ll need to boot into single user and just forcefully create a new pool ontop of the old one. (yes . . .we’re talking serious data loss). However .. good news is you can still snapshot and backup and restore all of the other filesystems. (provided you have the space to do so) .. .took me about 700Gb and several days .. .AAARRGHH.

ISCSI target support has been working out pretty well as well. I have found a few more quirks that has cause initiator systems to hang and even once crash. (yes it’s bad to delete a static-config when the system is still using the filesystem)

Killing some time in the office.. so I thought I’d download and try out Build 39 in a vmware container.

I’ve been meaning to download it for a while …but (fill in excuse here). Last time I took Open Solaris for a spin was build 27 or 28 and on my primary laptop. It was ok, just seemed to be lacking the stability I had with GA. Since then I’ve been using 1/06 on most everything but my desktop at the office. There I’m giving a Beta of 6/06 a spin.

So far I haven’t had much exposure to Veritas . ..(i’m just waiting for one of our systems using Veritas to blow up while I’m on call … )

I haven’t had any Test systems to screw around on and learn with .. . .and learning on a production box is not exactly the way I want to go about it.

At least now I can download it for free and mess around with some older spare hardware at work or home.
Note, Cuddletech has some nice documentation on Veritas i’m using to ramp up. Thank you Ben!