Wednesday Feb 04, 2009

How to find the parent global zone

A few nights ago I encountered a problem which required me to find the host name of my parent zone. Solaris Zones (a.k.a. Solaris Containers) intentionally isolate zones from each other and from the root hardware which hosts the zone. But if the zones and the host are on the same network, there is a way. All zones which are hosted by a particular global zone will typically share the physical hardware address as the global zone. So:

ping the broadcast address of your local network.

arp -a | grep {the hostname of your zone}
Now arp -a | grep {the physical address you found}
This gives the list of the global zone and all of the hosted zones with the same physical network address.

Thursday Jan 08, 2009

Anti-destruction destructive dtrace script and y2k9

A while ago I kludged up this ugly, ugly hack which demonstrates a destructive dtrace script which snapshots the filesystem whenever a destructive command is run (e.g. /usr/bin/rm). It isn't useful except maybe for demos, but the idea could be used for something else. For example, you could snapshot every keystroke on Monday mornings or after a particularly happy New Years Eve especially when transitioning to or from years containing a leap day or leap second...1

#!/usr/sbin/dtrace -s
#pragma D option quiet
#pragma D option destructive

  self->interested =0;

/(execname =="rm") && (self->interested == 0) && (dirname(curpsinfo->pr_psargs) != ".")/
  self->interested = 1 ;
  printf("Someone is trying to delete %s\\n",dirname(curpsinfo->pr_psargs +3));
  printf("%s %d",dirname(curpsinfo->pr_psargs+3),timestamp);
  printf("Snapshotting  %s %d",dirname(curpsinfo->pr_psargs+3),timestamp);
  system("/usr/sbin/zfs snapshot rpool%s@%d",dirname(curpsinfo->pr_psargs+3),timestamp);
  system("prun %d", pid);

1Sun's JDS 2 Linux distribution was based on a Linux 2.4 kernel and the following version (JDS3 beta) was to be based on a 2.6.19 kernel before Sun decided to drop the Linux kernel and focus on products based around the Solaris kernel. AFAIK the leap second bug appeared in the 2.6.22 Linux kernel. The 5000 year old time keeper at Newgrange also failed to work properly because of a bug caused by the presence of clouds between itself and the sun.

P.S. Don't ask me why we seem to get reoccurring bugs every decade, millennium, leap year and leap-second in what should have been a few score lines of date related code some of which could have been implemented a couple of thousand years ago Maybe Ptolomy's code was refined over a few hundred years without fear of patent reprisals or maybe he just spent more money on development and QA.

Thursday Apr 03, 2008

Serving Sun Rays from inside a VirtualBox

Imagine you have some Sun Ray[tm] clients and you'd like to use them with some hardware which doesn't support Solaris. Or maybe you're running OSX, Windows or Ubuntu on some hardware which has some spare cycles but isn't running an OS which is supported by SRSS.

  1. Download a copy of VirtualBox for your operating system.
  2. Download a copy of Solaris 10 which is supported by SRSS3 and SRSS4.
  3. Download a copy of Sun Ray Server Software. I used SRSS 4.0 09/07. Note:Some GNU/Linux distributions are also supported, and SRSS can be forced to work with some unsupported Linux distributions and versions of OpenSolaris. But I'll stick with Solaris 10u5, it's reasonably lightweight and solid. [Read More]

Published OpenSolaris desktop FAQ

I gathered questions and answers from the OpenSolaris desktop mailing list, other forums and other places and people and published the first version of an OpenSolaris Nevada Desktop FAQ here:

This FAQ is focused on the GNOME and other desktop components which are available in recent Solaris Nevada distributions. Though it should be noted that "Indiana" shares most of these components. I would appreciate any help in keeping the document accurate, up to date and complete. Once the default desktops on other distributions become as well defined and well used, I plan to publish additional FAQs. I also hope to move the document onto an opensolaris hosted twiki once such a twiki goes online. Thanks to everyone who contributed questions and answers!

Wednesday Dec 14, 2005

GNOME, gaim and Sun Ray utactions

GNOME on on Sun Ray has been my primary work desktop since 2001. I love the fact that I can remove my Java card, pop into a quiet room, a coworker's office, or a Sun office in the U.K., put in the card and everything is exactly as I left it. But when I pull out my card I don't always remember to set my status to "away" on GAIM. It would be nice to have this happen automatically.

Fortunately, Sun Ray software has the utaction command. Utaction allows shell commands to be run automatically on card insertion and removal. So all I need is a command line interface to my instant messaging client. I found a gaim command line tool called gaim-remote. Gaim-remote was recently modified to use DBUS but it still has very limited functionality. Gaim-remote can tell your AOL users that you're offline but as far as I know, it can't tell IRC users you are offline.

Here is how you would enable gaim here/away messages on card insertion and removal:

1) In Gaim, Tools->Preferences-Plugins, enable the "Remote Control" plugin.
2)  /opt/SUNWut/bin/utaction -i -d "gaim-remote away" -c "gaim-remote back"

Alan and Bob had some clever ideas for dtactions and for other users of away/here hooks (e.g. when gnome-screensaver) Others have used dtactions to enable "follow me" printing and automatic resource management. If anyone else has ideas for GNOME hooks which would be useful in this or similar environments I'd appreciate hearing from you.

Wednesday Oct 19, 2005

So you want to shutdown? How to add the shutdown option to JDS on opensolaris.

Newcomers to opensolaris might be surprised that the option to shutdown the machine isn't available to a desktop user by default. This makes perfect sense on a server which may run for months without requiring a reboot. It also makes sense in a Sun Ray environment where you don't want to allow an individual user to shutdown a system which may be shared with many others. But if you've installed opensolaris on an ordinary single user desktop P.C. or one of these nifty X86/X64 based Sun workstations, chances are you're going to want to shut it down eventually.

The simplest way of accomplishing this is to use an option in the GNOME Display Manager (GDM). But by default, Solaris uses dtlogin for its display manager. So the first step is to disable dtlogin and enable gdm.

Disable dtlogin:

Login via a remote shell or a console terminal session.
/usr/dt/bin/dtconfig -d
svcadm enable -s gdm 
pkill dtlogin

GDM should appear as your display manager.

Now enable GDM's shutdown menu:

Edit /etc/X11/gdm/gdm.conf and change the following line:
to this:

Another method would be to use Role Based Access Control (RBAC) to enable shutdown only for specific users and create pfexec launchers for these users. Ben Rockwood's blog has a good introduction to RBAC. To allow a user to run the shutdown command, you would do something like this:

Edit /etc/security/exec_attr and add the following profile:

Add this profile to /etc/user_attr
yourusername :::: profiles=Shutdown

Then your user can shutdown with /usr/bin/pfexec /usr/sbin/shutdown

Update:User reboot of Solaris Containers (a.k.a. zones)! I almost forgot, Ghee suggested that it would be safer to only allow users to reboot their zone. This method has some interesting possibilities, especially in university or development environments. Follow Gleb's excellent example to create a zone, give it an ip adress and hostname. Change the RBAC steps above to allow your user access to /usr/sbin/reboot and create a pfexec reboot launcher. Now use your global zone's dtlogin chooser to xdmcp login to the zone. (Note: if you've configured gdm in your global zone, you'll have to enable its xdmcp chooser by editing /etc/X11/gdm.conf and uncommenting the "chooser=true" line.) The cool thing about this is that when you reboot the zone, it drops you immediately to the global zone's login. Your zone will reboot in just a few seconds and you can use the global zone's chooser to login again!

Correction:If you are using Solaris 10, the gdm service name is gdm2-login:

$ svcs -a | grep -i gdm
disabled       Aug_29   svc:/application/gdm2-login:default




« April 2014