Friday Nov 27, 2009

Was Microsoft über Sun Ray Clients sagt

(This blog entry is my German translation of my original blog entry on Microsoft using Sun Ray at the EEC)

Kürzlich bin ich auf eine interessante Internetseite gestoßen sowie auf einen Blog-Eintrag des EEC (das Enterprise Engineering Center von Microsoft in Redmond im US-Bundestaat Washington). Dort werden bei Bedarf Kundenumgebungen aufgebaut und aktuelle Microsoft-Software-Lösungen sowie deren Interoperabilität getestet. Es ist beeindruckend zu lesen, wie die Sun Ray-Technologie genau auf diese Anforderungen zugeschnitten zu sein scheint. Ein Microsoft-Dokument (in englischer Sprache) beschreibt den Ablauf und die dafür eingesetzte Technik: Bevor der Kunde in das EEC kommt, wird die Kundenumgebung mit Hilfe von virtuellen Maschinen reproduziert. Wenn die Mitarbeiter des Kunden schließlich im EEC eintreffen, erhalten sie Sun Ray-Karten, können sich damit auf beliebigen Sun Ray-Terminals anmelden (bekommen daraufhin ihre eigene Windows-Umgebung angezeigt) und können testen, wie sich eine neue Microsoft-Lösung in der bisherigen Kundenumgebung verhält.

Wie üblich, können die Anwender natürlich jederzeit ihre Karte aus dem Terminal herausnehmen und zu einer anderen Zeit in ein anderes Terminal wieder einstecken und die Arbeit mit denselben Daten, demselben Desktop und denselben Programmen fortsetzen - weil die Sitzung komplett auf dem zentralen Server läuft. Die Sun Ray-Terminals sind nicht viel mehr als eine Grafikkarte und ein Monitor und dienen ausschließlich zur Anzeige der auf dem Server ablaufenden Benutzerumgebung. Außerdem kann kein Kunde auf die Daten eines anderen Kunden zugreifen - selbst der Diebstahl eines Terminals bedeutet keinerlei Sicherheitsrisiko für den Kunden oder für Microsoft. In den Worten von Microsoft (Übersetzung von mir): "Sun Ray thin clients sind von Grund auf für sicheren Betrieb entwickelt worden (was einer der Gründe dafür ist, dass diese in Regierungs- und Militärdienststellen so weit verbreitet sind)".

Hinzu kommt, dass Microsoft durch die im ECC eingesetzte Sun Ray-Lösung Zeit für die Vorbereitung der Kundebesuche und auch Energie einspart (da keine PCs konfiguriert und benutzt werden müssen). Außerdem sind die Sun Ray-Terminals weniger komplex als PCs und sind daher auch deutlich zuverlässiger.

Weitere Informationen über die Sun Ray-Technologie kann man z.B. hier nachlesen.

Tuesday Nov 24, 2009

Read what Microsoft says about Sun Ray thin clients

Just recently, I read on this web page and also in this EEC blog entry (both published in July 2009) about Microsoft using Sun Ray thin clients in their Enterprise Engineering Center (EEC) in Redmond, WA, where Microsoft is reproducing customer environments and performing product validation. It is absolutely stunning how the specific advantages of our Sun Ray technology fit perfectly into this environment. A Microsoft white paper describes how it all works: In preparation of a customer visit, Microsoft engineers set up virtual machines to rebuild a certain customer setup. When the customer arrives, they just get the Sun Ray smart cards, log in at any Sun Ray client and get their specific (Windows) environment displayed.

As always with Sun Ray, users can take their smart card off one Sun Ray station at any time, plug it into any other one, and continue their work from the new seat, with their data, their desktop contents, and their applications unchanged - because all is stored and running on the remote server. No data of one customer is stored on any client (the client is not much more than a graphics card and a monitor), so no customer will be able to access data from any other customer. As the Microsoft white paper says, "Sun Ray thin clients are designed for secure operation from the ground up (which is one reason they are so widely deployed in government and military agencies)".

Besides that, the Sun Ray solution saves time for the preparation and also electrical energy (as no PC clients have to be configured or used). And because the Sun Ray clients are less complex than PCs, they are also more reliable.

For more information on the Sun Ray technology, please visit this web page. I suggest that you also watch the videos so you can see how it all works in real life.

Monday Nov 02, 2009

Copying directory trees, continued

As mentioned earlier, I am using rsync to copy complete directory trees:

$ cd /source_dir
$ rsync -avz . /dest_dir

It will copy all files, including hidden ones, in directory /source_dir, into the destination directory /dest_dir. In case /dest_dir does not already exist, rsync will create it (at least on my Nevada 72 system).

There may be cases where rsync does not work correctly, for example when there are very long file names. Good to know that there's another easy way to do it:

$ cd /source_dir
$ find . -print -depth | cpio -pdm /dest_dir

The -depth parameter makes find print file names first, and -pdm with cpio means (from man cpio):
-p: reads a list of file path names from stdio and copies those files to the destination tree.
-d: creates directories if necessary
-m: keep file modification times

Destination directory /dest_dir must exist before starting the above commands.

Firefox 3.6b1, 3.5.5, and 3.0.15, Thunderbird 3.0b4 and 2.0.0.23, Seamonkey 2.0b1 available for download!

The following OpenSolaris page contains all download links for Firefox 3.6b1, 3.5.5, and 3.0.15, Thunderbird 3.0b4 and 2.0.0.23, and Seamonkey 2.0b1 on OpenSolaris and Solaris 10:

http://hub.opensolaris.org/bin/view/Community+Group+desktop/development

You can still find Firefox 2.0.0.20 linked here:

http://blogs.sun.com/blogfinger/entry/firefox_for_solaris_latest_versions2

You can also browse all Firefox versions for all platforms here:

http://releases.mozilla.org/pub/mozilla.org/firefox/releases/

And the latest Acrobat Reader (current version is 9.2) for OpenSolaris is - as always - available via the following page:

http://get.adobe.com/reader/otherversions/


Friday Jul 10, 2009

Firefox 3.5 for Solaris!

These are the direct links for downloading Firefox 3.5 for Solaris:
Version x86 SPARC
Firefox 3.5 OpenSolaris pkg  |  tar pkg  |  tar
Firefox 3.5 Solaris 10 pkg  |  tar pkg  |  tar

You can still find the links to the latest Firefox 2 version (2.0.0.20) in this blog entry, and to Firefox 3.0 in this blog entry.

If you are visiting the Mozilla web site from a Solaris system, your system will be automatically detected, and you can a see link which shows "Download Firefox - Free" and "3.5 for SunOS". That link directs you to the Mozilla development page on OpenSolaris.org. Unfortunately, the Solaris versions are not yet mentioned on the "Other Systems and Languages" web page (actually, that's why I am maintaining the Firefox for Solaris links in my blog), but who knows - maybe we'll see it there in a while.


Firefox 3 for Solaris - latest versions as of June 2009

These are the direct links for downloading the latest versions of Firefox 3 for Solaris:
Version x86 SPARC
Firefox 3.0.11 OpenSolaris pkg  |  tar pkg  |  tar
Firefox 3.0.11 Solaris 10 pkg  |  tar pkg  |  tar

You can still find the links to the latest Firefox 2 version (2.0.0.20) in this blog entry.

If you would like to install multiple versions of Firefox on your Solaris system, you can use the tarballs or my script for renaming a Firefox package.

Oh - and if you are running Solaris or OpenSolaris on x86, I suggest to install the recently released Adobe Reader 9.1 for Solaris x86!

Wednesday Apr 01, 2009

Firefox 3 for Solaris - latest versions as of Apr. 2009

These are the direct links for downloading the latest versions of Firefox 3 for Solaris:

Version x86 SPARC
Firefox 3.0.8 OpenSolaris pkg  |  tar pkg  |  tar
Firefox 3.0.8 Solaris 10 pkg  |  tar pkg  |  tar

You can still find the links to the latest Firefox 2 version (2.0.0.20) in this blog entry.

If you would like to install multiple versions of Firefox on your Solaris system, you can use the tarballs or my script for renaming a Firefox package.

Oh - and if you are running Solaris or OpenSolaris on x86, I suggest to install the recently released Adobe Reader 9.1 for Solaris x86!

Thursday Mar 05, 2009

Firefox 3 for Solaris - latest versions as of Mar. 2009

These are the direct links for downloading the latest versions of Firefox 3 for Solaris. Because there are several security bug fixes implemented in 3.0.7, I strongly recommend to install them soon:

Version x86 SPARC
Firefox 3.0.7 OpenSolaris pkg  |  tar pkg  |  tar
Firefox 3.0.7 Solaris 10 pkg  |  tar pkg  |  tar

You can still find the links to the latest Firefox 2 version (2.0.0.20) in my previous blog entry on Firefox versions for Solaris.

If you would like to install multiple versions of Firefox on your Solaris system, you can use the tarballs or my script for renaming a Firefox package.

Monday Feb 09, 2009

Firefox for Solaris - latest versions as of Feb. 2009

These are the direct links for downloading the latest versions of Firefox for Solaris:

Version x86 SPARC
Firefox 3.0.6 OpenSolaris pkg  |  tar pkg  |  tar
Firefox 3.0.6 Solaris 10 pkg  |  tar pkg  |  tar
Firefox 2.0.0.20 Solaris 10 pkg  |  tar pkg  |  tar
Firefox 2.0.0.20 Solaris 8 pkg  |  tar pkg  |  tar

Note that you can easily install multiple version of Firefox on Solaris, using either the tarballs or my script for renaming a Firefox package.

Tuesday Jan 27, 2009

Using ZFS as (an iSCSI) target for Mac OS X Time Machine

Inspired by this and then this blog entry, I thought it was now time for me to get my own experience with iSCSI.

Here's the result:

  1. On my eco-friendly server running OpenSolaris 2008.11, I created a new ZFS volume (not a ZFS file system!) with iSCSI sharing switched on:
    $ zfs create -o shareiscsi=on -V 180G pool2/mac-tm
    cannot share 'pool2/mac-tm': iscsitgtd failed request to share
    filesystem successfully created, but not shared
  2. Well, that did not work well. Better search and install the iSCSI packages first:
    $ pkg search -rl iscsi | nawk '{print $NF}' | \\
    nawk 'BEGIN{FS="@"}{print $1}' | sort -u
    PACKAGE
    pkg:/SUNWiscsi
    pkg:/SUNWiscsitgt
    $ pkg install SUNWiscsi SUNWiscsitgt
    DOWNLOAD                                    PKGS       FILES     XFER (MB)
    Completed                                    2/2       18/18     0.86/0.86
    
    PHASE                                        ACTIONS
    Install Phase                                  74/74
    PHASE                                          ITEMS
    Reading Existing Index                           9/9
    Indexing Packages                                2/2
    
  3. Then, I wanted to delete (destroy, in ZFS speak) and create the zvol again:
    $ zfs destroy pool2/mac-tm
    cannot destroy 'pool2/mac-tm': volume has children
    use '-r' to destroy the following datasets:
    pool2/mac-tm@zfs-auto-snap:frequent-2009-01-23-12:15#
  4. OK, I understand that an automated snapshot had already been created in the meantime. Destroy the zvol with its snapshots, and create the zvol again:
    $ zfs destroy -r pool2/mac-tm
    $ zfs create -o shareiscsi=on -V 180G pool2/mac-tm
    
  5. Check if the shareiscsi property is on for our volume:
    $ zfs get shareiscsi pool2/mac-tm
    NAME          PROPERTY    VALUE         SOURCE
    pool2/mac-tm  shareiscsi  on            local
  6. List all defined iSCSI targets:
    $ iscsitadm list target
    Target: pool2/mac-tm
        iSCSI Name: iqn.1986-03.com.sun:02:3f4f551a-41ab-4a3a-adf9-ea3ce5c2789c
        Connections: 0
  7. Looks great! On the MacBook Pro running Mac OS X 10.5.6, I installed the globalSAN iSCSI initiator software (version 3.3.0.43) from Studio Network Solutions, after downloading from this link.

  8. Then I rebooted the Mac (as required by the globalSAN iSCSI software).

  9. Next step was to mount the iSCSI drive:
    Mac OS X System Preferences
    a) Click on the globalSAN iSCSI icon to display its control panel:
    GlobalSAN iSCSI control panel #1
    b) Click on the + symbol in the lower left corner to get the following popup:
    GlobalSAN iSCSI control panel #2
    c) Enter the IP address or host name of the OpenSolaris server, leave the port number as it is, and enter the target name (the last column in the line starting with iSCSI Name: in the output of the iscsitadm list target command on your OpenSolaris server - in our case, it's iqn.1986-03.com.sun:02:3f4f551a-41ab-4a3a-adf9-ea3ce5c2789c ), and press the OK button. The iSCSI control panel will then look like:
    GlobalSAN iSCSI control panel #3
    d) Click the Connected switch at the end of the iSCSI target line (the line which starts with iqn) to get the following popup:
    GlobalSAN iSCSI control panel #4
    e) Press the Connect button to connect to that iSCSI target. As we did not specify CHAP or Kerberos authentication, the connect will work without user and password. For a walkthrough and more on CHAP authentication, click this link.
    After pressing the Connect button, the control panel will look like:
    GlobalSAN iSCSI control panel #5
    At this time, the newly created volume will show up in Disk Utility. Note that I clicked on the Persistent button to build the connection again after a reboot - I didn't try rebooting to check, but believe it will work.

  10. Then, I created a Mac OS X volume in Disk Utility.
    Disk Utility #1
    a) Click on the disk drive and then on the Erase tab, enter a new name for the volume (or leave it as it is), and press the Erase... button. The following screen will displayed to show the progesss:
    Disk Utility #2
    After the erase is completed, the new volume will show up in the left part of the Disk Utility (For this screen shot, I created the volume again after providing the name ZFS-180GB for the volume. Not sure if it's possible to rename a volume without formatting it):
    Disk Utility #3
  11. Now the volume is usable in Time Machine.
    a) Click on the Time Machine icon in System Preferences to start its control panel:
    TM control panel #1
    b) Click on Change Disk to change the destination volume for Time Machine (the lock in the lower left corner has to be unlocked first to allow for the change):
    TM control panel #2
    c) Select the new volume and press Use for Backup. Then, just start the backup (or wait 120 seconds until it starts automatically):
    TM control panel #3
    Mac OS X Time Machine has started its first backup on a ZFS volume!

However, as always in my blog entries, this is no guarantee that it will always work as described, or that the backup and restore will also work after your next Mac OS X upgrade, or that there will be no errors or problems with such a setup. What I can tell you is that a simple restore attempt worked for me just as if I had done it from a USB disk!

Up to now, I have always disconnected the USB disk drive before closing the Mac's lid so that a Time Machine backup would not be interrupted in the middle. Not sure what would happen if a Time Machine backup is running while you close the lid, so better read the docs and test it, or just always unmount Time Machine's active volume before letting your Mac sleep.

And I discovered that if an iSCSI volume is mounted before closing the lid, the Mac Book Pro cannot transition into deep sleep mode with a power consumption similar to the switched off state. It somehow sleeps, but with rotating fan and a steady front LED. And in order to wake it up, I had to open and close the lid several times. So the steps to do before closing the Mac's lid are:

  1. Eject (unmount) the volume (use the eject menu item after right-clicking on the volume's icon on the desktop).
  2. Disconnect the iSCSI target (and all others) in the globalSAN iSCSI control panel in the Mac OS X System Preferences, by unmarking the tick in column Connected for all targets. A confirmation popup will be shown when unmarking the Connected tick.

After waking up your Mac next time, just tick the Connected mark in the globalSAN iSCSI control panel again and confirm the popup that will be shown. If you did not choose another destination disk for Time Machine in the meantime, Time Machine will recognize the iSCSI drive as a valid destination volume automatically and use it for its next scheduled backup.

BTW For an interesting article on how to use ZFS iSCSI sharing with a Linux client, please click here.

Friday Jan 23, 2009

DTrace at its best!

Using DTrace's destructive actions, you can perform actions on your operating system you never thought of before, like backup files with a zfs snapshot right before a user deletes them, or halt any process before it is ended.

With the help of the files in directory /usr/demo/dtrace, the DTrace Toolkit, and my colleagues who showed me the best probe for intervening before a process is really ended, I wrote and tested the following short DTrace script to halt certain processes before they are ended. It can be very useful if you encounter a large number of short-lived processes which you could not analyze otherwise. In the following example, we are looking only for processes running with userid 4 (username adm) and with the executable name date. I saved it as file name stopper.d.

#!/usr/sbin/dtrace -ws

syscall::rexit:entry
/(execname == "date") && uid == 4/
{
   printf ("%d(%d): %d %d %d %d, %s, >%s<: %Y", pid, ppid, uid,
     curpsinfo->pr_projid, curpsinfo->pr_zoneid,
     curpsinfo->pr_dmodel, cwd, curpsinfo->pr_psargs, walltimestamp);
/\*   stack(); \*/
/\*   ustack(); \*/
/\*   system ("pmap -x %d", pid); \*/
   printf ("\\nStopping Process %d ...", pid);
   stop();
   printf (" done.");
   system ("ps -eo user,pid,ppid,s,zone,projid,pri,class,nice,args | nawk '$2==\\"%d\\"{print}'", pid);
}

Be warned! Adapt the filter rules carefully on a test system before using the script on the system on which you want to halt processes! Use the script on your own risk - I cannot guarantee for anything!

For listing the stopped processes, you can use the following command:

$ ps -eo user,pid,ppid,s,zone,projid,pri,class,nice,args | \\
   nawk '$4=="T" && /date/{print}'

And for ending these stopped processes, you can use that one: 

$ ps -eo user,pid,ppid,s,zone,projid,pri,class,nice,args | \\
   nawk '$4=="T" && /date/{system ("kill -9 "$2)}'

For testing, I created a script named start-50-date-processes.ksh to start 50 date processes roughly at the same time, then started the DTrace script above as user root:

./stopper.d
and afterwards started the test script as user adm:
./start-50-date-processes.ksh

A sample output looks like:

$ ./stopper.d 
dtrace: script './stopper.d' matched 1 probe
dtrace: allowing destructive actions
CPU     ID  FUNCTION:NAME
  1   3413  rexit:entry 21922(5058): 4 3 0 1, /var/adm/bin, >date<: 2009 Jan 23 13:47:37
Stopping Process 21922 ... done.
     adm 21922  5058 T   global     3  57   IA 24 date

  1   3413  rexit:entry 22005(5058): 4 3 0 1, /var/adm/bin, >date<: 2009 Jan 23 13:47:41
Stopping Process 22005 ... done.
     adm 22005  5058 T   global     3  47   IA 24 date

  0   3413  rexit:entry 22090(22089): 4 3 0 1, /var/adm/bin, >date<: 2009 Jan 23 13:47:56
Stopping Process 22090 ... done.
     adm 22090     1 T   global     3  44   IA 20 date
... (some more lines)

For stopping the DTrace script, just press <ctrl>c in the window where you started it. Stopping the script will not let the stopped processes continue - they remain in the "T" (for Trace) status until they are killed.

The DTrace script will run faster if you comment out its last line (where it executes the ps command for each stopped process).

And here's the test script (for starting 50 date processes) which I executed as user adm:

$ cat start-50-date-processes.ksh
#!/bin/ksh
i=50
while [[ i -gt 0 ]]; do
   date &
   (( i = i - 1 ))
# or (( i-- )) with ksh93 on Solaris 10, or OpenSolaris
done

Wednesday Jan 21, 2009

(n)awk: print matching lines and some more

I think some of you will find the following (n)awk one-liner useful. I am using it from time to time and thought I should document it so that I do not have to think about where to place the "a++" part, for example.

It will print out lines of a file that match a certain pattern, plus some more lines that follow. In this example, I am searching for lines that contain the string "usb" in /var/adm/messages, and print that line plus 4 more (for more lines, decrement the number in the first curly brackets accordingly). A line number will also be printed out for each line:

$ nawk '/usb/{a=-5}{if (a<0){print NR, $0};a++}' /var/adm/messages

How to collect relevant data for application core analysis

Not sure if you knew already - there is a tool available which collects all relevant data for analyzing application cores, for example by Sun's service and support engineers. It's called pkgapp (not pkgadd ;-) ) and can be directly downloaded by clicking this link.

When started (after extracting in a directory like /opt/pkgapp) using:
$ /opt/pkgapp/pkgapp -c /path_to_core_file -p /path_to_executable

it collects all libraries for that executable, several proc tool outputs, and more, and packs it into a tar file in a new directory below the current directory.

If you would like to test it, you can just create a core with the gcore command:

$ gcore PID

Where PID is the process ID of a currently running process for which you would like to create the core file. The process will not be killed; it will continue running.

A sample session looks like the following (hostname and hostid replaced by dummy entries):

$ id
uid=0(root) gid=0(root)
$ /usr/bin/sleep 30&
[1]     17825
$ gcore 17825
gcore: core.17825 dumped
$ /opt/pkgapp/pkgapp -c core.17825 /usr/bin/sleep 
\* ----------------------------------------------------------------------------------
\* Sun Microsystems RSD pkgapp 3.0 Solaris                               [01/21/2009]
\* ----------------------------------------------------------------------------------
\* OS release                            [5.11]
\* Platform                              [SUNW,Sun-Blade-1000]
\* Checking [-c] is a core or pid        [using core /var/tmp/pkgapp/core.17825]
\* Checking corefile for a valid pldd    [pldd is good with 4 elements]
\* Process root                          [/usr/bin/sleep]
\* Databin parameter [-s] checks         [reset to /var/tmp/pkgapp]
\* Databin found                         [/var/tmp/pkgapp]
\* Databin writable check                [success]
\* Databin used/created is               [/var/tmp/pkgapp/pkgapp-012109-02]
\* Creating temp area                    [/tmp/pkgapp.18627/]
\* Checking if corefile is truncated     [core seems truncated - may not be useful]
\* Checking if corefile cksum = filesz   [core cksum matches file size, may be fine]
\* Process binary                        [sleep]
\* Checking usage history                [not recently run]
\* sleep binary bit version              [32]
\* Checking path [-p] to binary name     [failed, path includes binary name]
\* Resetting path [-p] parameter         [/usr/bin]
\* Checking path [-p] is a directory     [success]
\* Locating sleep                        [success]
\* Checking located sleep is 32 bit      [success]
\* Binary located                        [/usr/bin/sleep]
\* Adding binary to pkgapp.pldd          [success]
\* Grabbing pldd                         [success]
\* Grabbing pstack                       [success]
\* Grabbing pmap                         [success]
\* Grabbing pcred                        [success]
\* Grabbing pflags                       [success]
\* Grabbing pargs                        [success]
\* Not Including the core/gcore
\* Javatools [-j] not set                [skipped]
\* Grabbing /var/adm/messages            [success]
\* Grabbing uname -a                     [success]
\* Grabbing date/time                    [success]
\* Grabbing showrev -p                   [success]
\* Grabbing pkginfo -l                   [success]
\* Grabbing /etc/release                 [success]
\* Grabbing coreadm                      [success]
\* Grabbing ulimit                       [success]
\* Grabbing libs                         [success]
\* Making lib paths app/                 [success]
\* Making lib paths libs/                [success]
\* Processing file 1 of 48
\* Processing file 2 of 48
\* Processing file 3 of 48
...
\* Processing file 46 of 48
\* Processing file 47 of 48
\* Processing file 48 of 48
\* Linking libraries                     [success]
\* Libraries linked                      [48 ttl]
\* 
\* Using hostid for naming .tar.gz       [12345678]
\* Writing file                          [pkgapp-12345678-sol01-090121-094026.tar.gz]
\* 
\* Done gathering files
\* Writing dbxrc & opencore.sh files     [success]
\* Writing manifest-090121-094026.log    [success]
\* Writing pkgapp-args-090121-094026     [success]
\* Creating final tarfile                [success]
\* Compressing tarfile                   [success]
\* End of runtime logging
\* Saving history info                   [/var/tmp/pkgapp-history/history-090121-094026.log]
\* Saving runtime log                    [/var/tmp/pkgapp-history/runtime-090121-094026.log]
\* Removing [-r] temp area/files         [left alone]
\* 
\* Operations Complete
----------------------------------------------------------------------------------
Upload the following file(s) to your supportfiles.sun.com Cores Directory at Sun

1) File(s) located in directory /var/tmp/pkgapp/pkgapp-012109-02

                [ pkgapp-12345678-sol01-090121-094026.tar.gz ]

2) File(s) located in directory /var/tmp/pkgapp/

                [ core.17825 ]


Note: pkgapp has not included the core.17825 with the above pkgapp tar
Please rename the file appropriately and upload to the same location

                                Thank you.
                                Sun Software Technology Service Center (STSC)
...

Thursday Jan 15, 2009

Solaris booting from ZFS, explained by Lori Alt

Lori Alt, project lead for the ZFS boot project, explains in this video how booting Solaris from ZFS works.

The first 5 minutes covers the main feaures of ZFS. At about 05:45, Lori starts describing the Solaris boot process (SPARC and x86) and the special considerationg when using ZFS for booting, including some remarks on grub. A great primer if you want to know what happens when Solaris is booting. The video is also available in m4v format for viewing on an iPod, for example.

Monday Jan 05, 2009

A compact primer on RBAC

A nice and compact primer on RBAC (Role-Based Access Control), with some examples for a quick start, is available here.

Friday Jan 02, 2009

ZFS on external disks: Why free disk space might not increase when deleting files...

Interesting: After copying about 30,000 files from an internal disk (OpenSolaris 2008.11) to a new directory of an external USB disk and later removing a similar number of files, the free disk space as reported by zpool status or in the column "Available" of df -k did not increase! And the df -k output showed that the number of total blocks of the only file system on that disk had decreased! What had happened?

Here's the explanation:

For backup purposes, I wanted to use an external 2.5" USB disk with a capacity of about 186GB. On that USB disk, I had created a zpool, using:
$ zpool create -f dpool-2 c5t0d0

For a first backup, I copied the mentioned 30,000 files with a total size of about 75GB from one system to a USB disk connected to another server (running OpenSolaris 2008.11 as well) via the network. I used a simple scp -pr which preserves modes and times but not uids and gids. One possible procedude for preserving file ownership as well, as mentioned here, for example, would be:
cd source_dir; tar -cf - .|ssh user@targethost "cd target_dir; tar -xvf -".

Anyway, I thought it would be a good idea to export that USB disk and import it on another server (also on OpenSolaris 2008.11) to check if there were any problems. I also wanted to run a
$ zpool scrub dpool-2
to verify the data integrity. Everything went smoothly.

OK. So I exported the zpool again, connected the disk to the server on which the original data is located, imported the zpool and started copying the same data which I had copied before (via the network) locally, using
$ tar -cf - | ( cd /dpool-2; tar -xpf - )

As this finished without errors as well, and a comparison using /usr/bin/diff or the default /usr/gnu/bin/diff only showed a problem with one of the files that had an interesting character in its file name (the problem went away after changing LANG from en_US.UTF-8 to C), I decided to remove the old 30,000 files (the ones which I had copied via the network). I had removed files on ZFS before, using rm -rf, and it always was amazingly fast, compared to PCFS or UFS. But this time, removing those files took quite a while, with some disk activity.

After all the "old" files were removed, I discovered the following:

  • Free space as in df -k or zpool status dropped from 112GB to 36GB!
  • Used space as in zpool status increased from 75GB to 150GB!
  • df -k reported a total size of the only file system on that zpool of just 108GB, compared to 183GB as it was reported before!

The solution was to execute the following command:
$ zfs list -t snapshot
The output showed several snapshots, taken during the time the disk was connected to the second server (on which I had set up time slider for creating automated snapshots). When I connected the disk to the final server, the snapshots were still there, and when removing files, the snapshots were still valid so it would have been possible to create the deleted files again. So the easy solution for recreating the free space again was just to remove all those snapshots, using zfs destroy, as in the following example:
$ zfs destroy dpool-2@zfs-auto-snap:frequent-2009-01-02-18:45
After the final snapshot for dpool-2 was removed, things showed up in df -k and zpool status as expected. "Problem" solved!

Tuesday Dec 30, 2008

More on multiple Firefox packages on Solaris

After Alfred mentioned my blog entry on installing multiple versions of Firefox on Solaris using pkgadd instead of tar, I tested the package renaming script with Firefox 3.1b2 and found that I cannot extract the version number just from the pkginfo output. Instead, I had to use the VERSION line of the pkginfo -l output.

So I uploaded a changed version of the rename-firefox-pkg script (under its old name, as I only changed one line, and the script still works as before with older packages like Firefox 3.0.5 and Firefox 2.0.0.19).

Thursday Dec 25, 2008

Multiple versions of Firefox packages on one Solaris system

Up to now, in cases where I had to use multiple versions of Firefox on the same Solaris system, I installed the latest version as pkgadd, and the other versions as tar, for example in /usr/local. This is because the Solaris contributed builds always are published under the same name (which is probably OK for most users).

But it is also possible to install multiple versions of Firefox (3.0.5, 3.0.4, 2.0.0.19, and so forth) on the same system, after extracting and then changing each package before installation. Here's how it works:

  1. Expand the pkg.bz2 file to pkg, using bzip2 -dc.
  2. Create a temporary directory where the package content will be stored.
  3. Using the -s pkgadd option, spool (extract) the package into this directory.
  4. In the spool directory, rename the old Firefox directory to a new name (for example firefox to firefox-305).
  5. Change the pkginfo file to the new package name (e.g. MOZfirefox to MOZfirefox-305).
  6. Change the pkgmap file to match the new directoy name and the new size and checksum of the pkginfo file.
  7. Install the renamed package, using pkgadd -d . MOZfirefox-305, for example.
Here's how it looks like after the installation:
/tmp# ls -ald extr\*
drwxr-xr-x 3 root root 188 2008-12-23 22:11 extracted-firefox-20081223-221103
drwxr-xr-x 3 root root 188 2008-12-23 22:15 extracted-firefox-20081223-221529
drwxr-xr-x 3 root root 190 2008-12-24 12:02 extracted-firefox-20081224-120152
/opt/sfw/lib# pkginfo | grep MOZ
application MOZfirefox-20019                firefox 2.0.0.19 for Solaris 10
application MOZfirefox-304                  firefox 3.0.4 for Solaris 11
application MOZfirefox-305                  firefox 3.0.5 for Solaris 11
/opt/sfw/lib# ls -l
drwxr-xr-x 13 root bin 46 2008-12-24 12:02 firefox-20019
drwxr-xr-x 13 root bin 47 2008-12-23 22:15 firefox-304
drwxr-xr-x 13 root bin 47 2008-12-23 22:15 firefox-305

I wrote a script which performs all these steps (except installation). I have tested it on various Solaris releases from Solaris 10 to OpenSolaris. So far, I have not seen any errors.

As always: No guarantee or similar. Please back up your files before using the script.

Tuesday Dec 23, 2008

Firefox for Solaris - latest versions as of Dec. 2008

These are the direct links for downloading the latest versions of Firefox for Solaris (thanks to everyone involved for making them avaiable!):

Versionx86SPARC
Firefox 3.0.5 OpenSolaris pkg  |  tar pkg  |  tar
Firefox 3.0.5 Solaris 10 pkg pkg
Firefox 2.0.0.19 Solaris 10 pkg  |  tar pkg  |  tar
Firefox 2.0.0.19 Solaris 8 pkg  |  tar pkg  |  tar

Note: Firefox 2.0.0.20 was only made available for Windows (an important Firefox fix for Windows was missing in 2.0.0.19).

Sunday Dec 14, 2008

Installing OpenSolaris 2008.11 on a USB stick

For installing OpenSolaris 2008.11 on a USB stick (installation on a 250 GB USB drive worked fine for me), please be aware of bug 4755 which leads to a GRUB> prompt after attempting to boot from a newly installed OpenSolaris 2008.11 USB stick.

Here's how it worked for me, on a Intel D201GLY2A system with 1 GB RAM:

  1. Change your BIOS so that it will boot from USB or CD, if present
  2. Boot from the OpenSolaris 2008.11 CD
  3. After the system as booted, plug in a USB stick with at least 4 GB (in my case 8 GB) capacity and wait until a new symbol shows up on the desktop
  4. Double click on the "Install Solaris" icon, select the USB stick, use the "use whole disk" setting, proceed through the rest of the installation customizing and press the appropriate button to start the installation.
  5. Wait until the installation has completed, but do not press the "Reboot" button!
  6. Follow this advice:
    1. Download this file (76.8 kB)
    2. unzip and untar it to /tmp, using command
      cd /tmp
      gzip -d grub_zfs_devid.tar.gz | tar -xf -

      (will create two files: stage1 and stage2)
    3. run
      zpool status
      to find out the device name of the newly created pool on the USB stick. Let's assume the device name shown is /dev/rdsk/c4t0d0s0.
    4. and install the two files from the tar file on that device:
      installgrub /tmp/stage1 /tmp/stage2 /dev/rdsk/c4t0d0s0
  7. Then, press the reboot button. Take out the OpenSolaris CD when the system starts booting, so that it will boot from the USB stick. According to the bug, booting might fail if the boot order is changed in the BIOS, so until the bug is fixed, you should keep the boot order as it was during the installation.
About

blogfinger

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today