Beta Testing Solaris 10 update 3 (11/06)

Trusted Extensions

Wow!, I’ve never used trusted solaris before and I can tell you this is a beast. Set up and the learning curve for Administration is a little steep but you will be able to control user operation and auditing to the tiniest minut detail.

Upgrading the Company Web Farm to Solaris 10 update 1 (1/06)

This by far has occupied the majority of my 8-5 time during the past weeks. I’ve managed to streamline the install process so that we go from bare metal to fulling running in about 20mins. Thanks in large part to flash archives and derived profiles. We have about 180+ servers spanning 3 different x86 models of hardware in use for our Web Farm so by using derived profiles I am able to prob a little deeper and setup before the install takes place.

Derived Jumpstart Profiles

I have had to use derived profiles to overcome the limitation of the profile keywoard “metadb”. If it would only take the “rootdisk” keyword, I wouldn’t even need a begin script Here’s the simple but much needed workaround. Since we are using Soft partitioning the metadb is a much needed item during the installation.

#!/bin/sh
#
# begin script 10/30/2006 shane
#
# This script creates a derived profile to overcome the limitations of rules.ok
#
#
#
echo “# # # # # # # #”
echo ” # # # # # # #”
echo ” BEGIN ”
echo “# # # # # # # #”
echo ” # # # # # # #”
#
#
#
# Print the values that we have detected
#
echo “Physical memory detected: ${SI_MEMSIZE}”
echo “Root disk detected: ${SI_ROOTDISK}”
echo “Root disk size detected: ${SI_ROOTDISKSIZE}”
sleep 5
#
#
# Set METADB Slice
DISK=`echo “${SI_ROOTDISK}” | sed ’s/0$//’`
echo “DISK is ${DISK}”
#
#
# Create derived profile
#
echo “install_type flash_install” > ${SI_PROFILE}
echo “archive_location nfs 10.x.x.x:/vol/flar/s10u1.flar” >> ${SI_PROFILE}
echo “partitioning explicit” >> ${SI_PROFILE}
echo “filesys ${DISK}0 4096 /” >> ${SI_PROFILE}
echo “filesys ${DISK}1 4096 swap” >> ${SI_PROFILE}
echo “filesys ${DISK}3 4096 /var” >> ${SI_PROFILE}
echo “filesys ${DISK}6 free” >> ${SI_PROFILE}
echo “metadb ${DISK}7 size 8192 count 3″ >> ${SI_PROFILE}
#
#
#

System/Service monitoring

We have “some” Enterprise monitoring in place but due to cough some ball dropping and fat fingering we needed to put in place some additional steps to check that our DNS services are functioning properly. Basically forward and reverse lookups for some of our key network segments. I went round and round with a few methods of implementation but the problem is that I needed to use the hosts derived method of name resoltion. AHA: /etc/nsswitch.conf. The easiest way I found was to use perl and the gethost* functions.

#!/bin/env perl
#
## Shane Milton 10/16/2006 (Autotrader.com, LLC)
## DNS fwd/rev checking for Failure points in Colo Farms
# note: this script is intended to use the local operating system facilities for name resolution.
#
#
#
use strict;
use warnings;
use Socket;

## Hosts are evaluated according to the This Map
my %map = ( “host_k” => “10.x.x.11″,
“host_a.domain.com” => “10.x.x.1″,
“host_b.domain.com” => “10.x.x.2″,
“host_c.domain.com” => “10.x.x.3″,
“host_d.domain.com” => “10.x.x.4″,
“host_e.domain.com” => “10.x.x.5″,
“host_f.domain.com” => “10.x.x.6″,
“host_g.domain.com” => “10.x.x.7″,
“host_h.domain.com” => “10.x.x.8″,
“host_i.domain.com” => “10.x.x.9″,
“host_j.domain.com” => “10.x.x.10″
);

my $a_email = qw(alertemail@domain.com);
my $curr_host = `uname -n`;
my $msg = “Contact Unix On Call\nHost :: $curr_host :: is having DNS resolution problems”;

sub chkforward_lookup ($) {
my $input = $_[0];
my ($name, $aliases, $addrtype, $length, @addrs) = gethostbyname($input);
my $ip = inet_ntoa($addrs[0]);
return $ip;
}

sub chkreverse_lookup ($){
my $input = $_[0];
my $ipaddr = inet_aton($input);
my ($name, $aliases, $addrtype, $length, @addrs) = gethostbyaddr($ipaddr, AF_INET );
return $name;
}

# Main
while ( my ($host, $ip) = each(%map)) {
if ( !(&chkforward_lookup($host) eq $ip) ){
my $ferror_msg = “FWD LOOKUP FAILURE: Host: $host did NOT resolve to expected ipaddress: $ip\n”;
system(`/usr/bin/printf “$msg” | mailx -s “FWD LOOKUP FAILURE $host” $a_email`);
}

if ( !(&chkreverse_lookup($ip) eq $host) ){
my $rerror_msg = “REV LOOKUP FAILURE: IPaddress: $ip did NOT resolve to expected host: $host\n”;
system(`/usr/bin/printf “$msg” | mailx -s “REV LOOKUP FAILURE $ip” $a_email`);
}

}

Max Number of Processes support by Solaris Out of the Box.

Thanks to help from the folliwing link
http://spiralbound.net/2006/03/31/how-to-increase-the-maximum-number-of-processes-per-uid-in-solaris/

It looks like 30K process limit for Sparc:

30000 maximum number of processes (v.v_proc)

29995 maximum processes per user id (v.v_maxup)

and 16K process limit for x86:

16362 maximum number of processes (v.v_proc)

16357 maximum processes per user id (v.v_maxup)

From my quick eval this seems to hold true across Solaris 8, 9, and 10.