Sunday Jan 17, 2010

More Sun Ray on OpenSolaris build 130 workarounds

One more thing for the Sun Ray on build 130. Whether this is the last remains to be seen.

Now that gdm is run via smf gnome-session is now run via ctrun(1) so that it gets it's own contract and therefore any problems it has do not result in gdm being restarted.

However the Sun Ray sessions are not started that way. Hence I was seeing all users logged out if just one session had a problem:

So a rather trivial failure such as this:

Jan 16 11:10:47 pearson genunix: [ID 603404 kern.notice] NOTICE: core_log: metacity[7448] core dumped: /var/cores/core.metacity.7448 

would result in gdm restarted:

[ Jan 16 00:06:08 Method "start" exited with status 0. ]
[ Jan 16 11:10:47 Stopping because process dumped core. ]
[ Jan 16 11:10:47 Executing stop method ("/lib/svc/method/svc-gdm stop"). ]
[ Jan 16 11:10:47 Method "stop" exited with status 0. ]

which in turn means all the users were logged out. Ooops.

The solution was simple but like the previous workarounds leaves your warranty in tatters!

# mv /usr/bin/gnome-session /usr/bin/gnome-session.orig
# cat > /usr/bin/gnome-session << EOF
> #!/bin/ksh -p
> exec ctrun -l child \\$0.orig \\$@
# chmod 755 /usr/bin/gnome-session

This results in all your gnome sessions having their own contract as their parent is ctrun:

: pearson FSS 33 $; ptree $(pgrep -o -u gdm gnome-session)
22433 /usr/sbin/gdm-binary
  22440 /usr/lib/gdm-simple-slave --display-id /org/gnome/DisplayManager/Displa
    22965 ctrun -l child /usr/bin/gnome-session.orig --autostart=/usr/share/gdm
      22967 /usr/bin/gnome-session.orig --autostart=/usr/share/gdm/autostart/Lo
        23062 /usr/lib/gdm-simple-greeter
        23063 gnome-power-manager
: pearson FSS 34 $; 

and means that any failures are now ring-fenced to just that session.

Monday Jan 11, 2010

More Sun Ray on OpenSolaris build 130

As I have previously mentioned I have Sun Ray "working" on OpenSolaris build 130 at home. There are some minor tweaks required to get things working close to perfectly.

If you are doing this you are already running OpenSolaris build 130 and Sun Ray which is completely unsupported. These changes are also completely unsupported. There was not warranty but if there was one you will void it.

First take a back up. Since you are running OpenSolaris and therefore have ZFS take snapshot of the file system that contains /opt/SUNWut and also use beadm to create a snapshot of the boot environment.

Now to get to a point where you can login on a Sun Ray DTU you need to do this:

ln -s /usr/lib/xorg/ /opt/SUNWut/lib
ln -s /usr/lib/xorg/ /opt/SUNWut/lib
rm /usr/lib/xorg/modules/extensions/GL
ln -s ../../../../../var/run/opengl/server \\
mkdir /etc/opt/SUNWut/X11
echo "catalogue:/etc/X11/fontpath.d" > /etc/opt/SUNWut/X11/fontpath
usermod -d /var/lib/gdm gdm

However the utwho command won't work and if you want to use utaction as root you need to follow the instructions in my last post.

Now utwho is extremely useful and for me a requirement as it is used by my access hours script so I wanted to get that working. As with the issues with utaction the first problem is that the script that sets this up expects to run as root but now everything is running as the user "gdm". Again the solution is RBAC.

Follow the instructions from my last post to set up a GDM profile and make the user gdm use it. Then add these lines to /etc/security/exec_attr:


and then edit the two file listed above to add in the bold lines below. The example is /etc/opt/SUNWut/gdm/SunRayInit/Default:

# iterate over the helpers directory
# ident "@(#)     1.5 09/07/31 SMI"
# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.


if [[ "$_" != "/usr/bin/pfexec" ]] && [[ -x /usr/bin/pfexec ]]


        exec /usr/bin/pfexec $0 $@


for i in /etc/opt/SUNWut/gdm/SunRayInit/helpers/\*
        if [ -x $i ]; then
            . $i

exit 0

Finally, and quite whether this is required I'm not sure, but the reset-dpy script will not work properly either so make these changes to fix it:

\*\*\* /opt/SUNWut/.zfs/snapshot/month_2009-12-01-01:02/lib/xmgr/gdm/reset-dpy     Tue Oct 20 01:32:31 2009
--- ./reset-dpy Mon Jan 11 13:59:30 2010
\*\*\* 65,70 \*\*\*\*
--- 65,71 ----
        dpys=`gdmdynamic -l | /bin/sed -e 's/:\\([\^,]\*\\),[\^;]\*/\\1/g' -e 's/;/ /g' `
        for dpy in $dpys
+         dpy=${dpy#:}
            if [[ $dpy -ge $MINDISP && $dpy -le $MAXDISP ]]; then
            rm "$PRESESSION_DIR/:$dpy"
              rm "$POSTSESSION_DIR/:$dpy"

Now all will work:

: pearson FSS 2 $; utwho -c 
 12.0 Payflex.500a094f00130100         user2   P8.00144f57a46f
: pearson FSS 3 $; utwho
 12 Payflex.500a094f00130100             user2     
 14 Payflex.500a094d00130100             user1     
 18 Payflex.500a094c00130100             user3     
 19 Payflex.500a094e00130100             user4     
: pearson FSS 4 $; 

However you have voided your warranty!

Update: 12/1/2010 These problems should be fixed in build 132 so the workarounds should not be needed then.

Sunday Jan 10, 2010

Sometimes being on the bleeding edge you get cut.

While Sun Ray and OpenSolaris build 130 are functional they are not happy. In particular the changes to gdm have resulted in many of the functions of the Sun Ray software not working. Small things like utwho(1) no longer work.

More importantly the login scripts running as the user "gdm" have stopped my scripts that adjust the user shares and stop firefox when users disconnect from working. Since this results in the system being 100% busy all the time an urgent workaround was required.

The workaround uses lots of undocumented features, so I don't expect it to keep working long term but at least it will keep me going until the next upgrade.

The problem of not running as root is trivially solved by using RBAC and then calling utaction via pfexec(1) adding these lines to each of the files:

root@pearson:/root# egrep /etc/security/\*_attr
/etc/security/prof_attr:GDM:::Do not assign to users. Profile for GDM so it can run utaction as

Then using usermod to add the GDM profile to the gdm user:

root@pearson:/root# usermod -P GDM gdm

The now the utaction you call from your PostLogin script will be run as root. However instead of passing in the user name, which when the PostLogin script runs you don't know, pass in the name of the Sun Ray session_proc file and read the UID out of there. I have:

function read_session_proc
        typeset IFS="="
        typeset key val
        while read key val
                if [[ "$key"="uid" ]]
                        typeset IFS=:
                        typeset u spam
                        getent passwd $val | read u spam
                        print $u
if [[ "${1#/}" != $1 ]] && [[ -f $1 ]]
        USER=$(read_session_proc < $1)

In the adjust shares scripts and this in the PostLogin script (/etc/opt/SUNWut/gdm/SunRayPostLogin/Default):

# ident "@(#)        1.1 04/05/06 SMI"

/usr/bin/ctrun -l child -i none /usr/bin/pfexec /opt/SUNWut/bin/utaction -i -c "$AD $LOGNAME 50" -d "$AD $LOGNAME" &

Update: I have added the ctrun otherwise if any of the actions called by utaction dump core then everyone gets logged out. Clearly the core dumps need to be resolved but there is no reason to log everyone out.

Sunday Nov 08, 2009

Access hour by day of the week

At the request of the users the access hours for Sun Ray users in the house have been relaxed so that on Friday and Saturday nights the Sun Ray's in bedrooms can be used later.

This required that the access hour script be updated to understand the day of the week and hence the access_hour file also is updated in an incompatible way. There is now an extra column representing the days of the week when the rule is applied as the first column after the name of the user. The day of the week field will take a wild card '\*' or ranges (1-5) for Monday to Friday, or lists (1,3,5). Sunday is day 0 as any self respecting geek would have it.

The new access_file I have looks something like this:


The script is still here:

Tuesday Sep 15, 2009

Moving to an OpenSolaris Sun Ray

Today I took the plunge and moved from working on our Nevada based Sun Ray Servers to one running OpenSolaris. So that I could get the full OpenSolaris look and feel I first purged my home directory of a number of configuration files and directories using a script like1 this:

#!/bin/ksh -p
test -d $HOME/$TARGET || mkdir $HOME/$TARGET
mv $HOME/.ICEauthority $HOME/$TARGET
mv $HOME/.cache $HOME/$TARGET
mv $HOME/.chewing $HOME/$TARGET
mv $HOME/.config $HOME/$TARGET
mv $HOME/.dbus $HOME/$TARGET
mv $HOME/.dmrc $HOME/$TARGET
mv $HOME/.gconf $HOME/$TARGET
mv $HOME/.gconfd $HOME/$TARGET
mv $HOME/.gksu.lock $HOME/$TARGET
mv $HOME/.gnome2 $HOME/$TARGET
mv $HOME/.gnome2_private $HOME/$TARGET
mv $HOME/.gstreamer-0.10 $HOME/$TARGET
mv $HOME/.gtk-bookmarks $HOME/$TARGET
mv $HOME/.iiim $HOME/$TARGET
mv $HOME/.local $HOME/$TARGET
mv $HOME/.nautilus $HOME/$TARGET
mv $HOME/.printer-groups.xml $HOME/$TARGET
mv $HOME/.sunstudio $HOME/$TARGET
mv $HOME/.sunw $HOME/$TARGET
mv $HOME/.updatemanager $HOME/$TARGET
mv $HOME/.xesam $HOME/$TARGET
mv $HOME/.xsession-errors $HOME/$TARGET

I generated the list by installing OpenSolaris in a VirtualBox and then logging in and doing a bit of browsing and general usage and then seeing was was created. Additionally “.mozilla” was created but I chose to retain that so that I can keep all the history that is in my browser.

Once logged in I have removed the update-manager icon as I am not the administrator. I have also removed the power notification and network monitor as they provide no useful data on a Sun Ray server.

Using “System->Preferences->Startup Applications” I unchecked the codeina update notifier and added my script for updating my IM status.

So far so good but it is taking a while to get used to the menu being a the top and the window list at the bottom of the screen.

1Like as in similar to and not this exact script as mine had my home directory hard coded into it.

Thursday Aug 06, 2009

Monitoring mounts

Sometimes in the course of being a system administrator it is useful to know what file systems are being mounted and when and what mounts fail and why. While you can turn on automounter verbose mode that only answers the question for the automounter.

Dtrace makes answering the general question a snip:

: FSS 24 $; cat mount_monitor.d                         
#!/usr/sbin/dtrace -qs

/ args[1]->dir /
        self->dir = args[1]->flags & 0x8 ? args[1]->dir : 
/ self->dir != 0 /
        printf("%Y domount ppid %d, %s %s pid %d -> %s", walltimestamp, 
              ppid, execname, self->dir, pid, arg1 == 0 ? "OK" : "failed");
/ self->dir != 0 && arg1 == 0/
        self->dir = 0;
/ self->dir != 0 && arg1 != 0/
        printf("errno %d\\n", arg1);
        self->dir = 0;
: FSS 25 $; pfexec /usr/sbin/dtrace -qs  mount_monitor.d
2009 Aug  6 12:57:57 domount ppid 0, sched /share/consoles pid 0 -> OK
2009 Aug  6 12:57:59 domount ppid 0, sched /share/chroot pid 0 -> OK
2009 Aug  6 12:58:00 domount ppid 0, sched /share/newsrc pid 0 -> OK
2009 Aug  6 12:58:00 domount ppid 0, sched /share/build2 pid 0 -> OK
2009 Aug  6 12:58:00 domount ppid 0, sched /share/chris_at_play pid 0 -> OK
2009 Aug  6 12:58:00 domount ppid 0, sched /share/ws_eng pid 0 -> OK
2009 Aug  6 12:58:00 domount ppid 0, sched /share/ws pid 0 -> OK
2009 Aug  6 12:58:03 domount ppid 0, sched /home/tx pid 0 -> OK
2009 Aug  6 12:58:04 domount ppid 0, sched /home/fl pid 0 -> OK
2009 Aug  6 12:58:05 domount ppid 0, sched /home/socal pid 0 -> OK
2009 Aug  6 12:58:07 domount ppid 0, sched /home/bur pid 0 -> OK
2009 Aug  6 12:58:23 domount ppid 0, sched /net/ pid 0 -> OK
2009 Aug  6 12:58:23 domount ppid 0, sched /net/ pid 0 -> OK
2009 Aug  6 12:58:23 domount ppid 0, sched /net/ pid 0 -> OK
2009 Aug  6 12:59:45 domount ppid 8929, Xnewt /tmp/.X11-pipe/X6 pid 8935 -> OK

In particular that last line if repeated often can give you a clue to things not being right.

Monday Jul 13, 2009

Cycling route from Farnborough Main to the Sun Office

In case anyone wanted to cycle from Farnborough Main railway station to the Sun Microsystems offices at Guillemont Park here is the route I take.

View Larger Map

Sunday May 10, 2009

Another update to Sun Ray access hours script

I have made a change to up access hours script for my Sun Rays. Now the access file can also contain a comma separated list of Sun Ray DTUs so that the control is only applied to those DTUs:

: pearson FSS 3 $; cat /etc/opt/local/access_hours 
: pearson FSS 4 $; 

The practical reason for this is that it allows control of DTUs that are in bedrooms but if the computer is really needed another DTU can be used for homework.

Now that bug 6791062 is fixed the script is safe to use in nevada.

The script is where it always was.

Monday Apr 20, 2009

Off to Newcastle for the mash up

This is worse than being on a mobile, but I'm on the train o.k.?

Tomorrow I will be a the System Admin Mash up event at Newcastle. If you are going to be there I suggest you don't bother asking us about Sun/Oracle and instead go straight to then you will know as much as us.

Sunday Feb 15, 2009

Build 108

I've managed to upgrade my home server to build 108 which is an important mile-stone for me as it has the fix for:

6763600: nautilus becomes unusable on a system with 39000 snapshots.

Which was rendering nautilus close to unusable for any users who moved out of their lofs automounted home directories. In partilcular any attempt to use it to manage the photo directories was painful.

However all was not smooth as again I hit this bug:

6795892: Sun Ray X servers (both Xsun and Xorg) suffer network problems in snv_106

but since I was expecting this I tried the workaround from bug 6799655 which is the same as the one for 6763600:

In /etc/sock2path change the following lines:

    2   2   0   tcp
    2   2   6   tcp

    26  2   0   tcp
    26  2   6   tcp

    2   1   0   udp
    2   1   17  udp

    26  1   0   udp
    26  1   17  udp


    2   2   0   /dev/tcp
    2   2   6   /dev/tcp

    26  2   0   /dev/tcp6
    26  2   6   /dev/tcp6

    2   1   0   /dev/udp
    2   1   17  /dev/udp

    26   1  0   /dev/udp6
    26   1  17  /dev/udp6

While this got the Sun Rays up it also stopped named from working, spewing errors like this:

Feb 15 15:10:39 pearson named[15558]: [ID 873579 daemon.error] 71/Protocol error
Feb 15 15:10:39 pearson named[15558]: [ID 873579 daemon.error] socket.c:4315: unexpected error:

So have had to revert to some internal to Sun binaries that work around this while the underlying bug is fixed. It is slighly worring as I'm left wondering what other victims are out there. One I have already found is ntp, which is a known bug:

6796948: NTP completely broken by I_SETSIG semantics change in snv_106

I suspect that the system will have to revert to build 105 soon.

Wednesday Feb 04, 2009

40" Sun Ray Display

I managed to buy 2 Sun Ray 2's off Ebay and one of them was is now in place in the living room driving our 40” TV.

Combine this with a KeySonic wireless mini keyboard and the DTU does not only act as a photo frame. The Sun Ray unit is attached to the underside of the shelf as the top unit in the pile is a Virgin cable TV recorder which does not like having anything on top blocking the air flow. Thanks to the Sun Ray 2 being so light 5 strips of sticky back velcro do the trick so well that it really is going nowhere to the point that I could not remove it to plug the USB keyboard adapter directly in the back of the unit. The keyboard adapter has a button you have to press once plugged in to pair it with the keyboard. Alas with the Sun Ray in this configuration the button faces upwards. So there is a short USB cable hidden back there.

Networking is provided via Ethenet over mains.

The keyboard has impressive range and a really nice touch pad that pretends to have a scroll wheel down one side. However I've not yet got the keyboard map for it right but it only arrived an hour ago so there is time.

Friday Jan 23, 2009

Update to Sun Ray access hours script

I have just uploaded and update to my script that controls the access hours of users to Sun Ray DTUs. The change is to not block the DTU if the user accepts the warning and disconnects voluntarily.

With that test in place the number of forced disconnects has fallen to zero which is good as the warning about bug 6791062 still applies so this reduces the chances of hitting the bug (if it is indeed triggered by the change of the ipfilter rules).

Wednesday Jan 07, 2009

Access hours for Sun Ray users

Having installed a Sun Ray in my daughters bedroom I am now faced with the inevitable problem of her being online all night not getting any sleep and then being generally grumpy. The irony here is that I was sent an email asking how I handle access control to the DTUs and I said I just trusted the children to be sensible (what was I thinking!).

So a solution was required that gave access to the systems only between certain hours. The hours would depend on the user and would have to not loose all their “work” in case this was a late night finishing their homework session.

After asking around no one came back to me and said how it can be done so I wrote my own script. It works by having a file that contains lines with a format


The times are specified in 24 hour format and only accurate to the minute.

# cat /etc/opt/local/access_hours             

The top line is just really for testing only not allowing access from 1900 to 1915. Then you need a user who has system admin privs which does not have a crontab file. Since I already have a kroot role I'm overloading this. Running the script as with the -c flag and the name of the user will write the crontab file. Note it also writes an entry to keep the crontab file uptodate on an hourly basis.

# /usr/local/sbin/check_access_hours -c kroot
# crontab -l kroot
46 \* \* \* \* /usr/local/sbin/check_access_hours -c kroot
00 19 \* \* \* /usr/local/sbin/check_access_hours user1
00 23 \* \* \* /usr/local/sbin/check_access_hours user2
30 22 \* \* \* /usr/local/sbin/check_access_hours user3
00 20 \* \* \* /usr/local/sbin/check_access_hours user4

Finally I added a line to the utaction script that is already run for every user when they connect to a Sun Ray DTU:

if ! /usr/local/sbin/check_access_hours -t 0 $1
        exit 1

The way it disallows access is that it adds the DTU's IP address to the ipfilter, which you have to have configured, so that all traffic from the DTU is blocked. It also submits an at(1) job to run 2 minutes in the future to remove the block so that the Sun Ray can burst back into life. The effect is that the user can no longer use any Sun Ray outside of the defined hours. But after about 2 minutes the DTU is usable again by others or indeed as a photo frame.

A word of warning. Having got all this running the system has paniced twice which is disappointing on one level, that it panics, but pleasing on another, I've found a bug that can now be fixed. The bug is:

6791062: System panic in ip_tcp_input when a rule is added to ipfilter

I look forward to the fix!

The script is here but check that that bug has been fixed before you use it.

Sunday Dec 07, 2008

VirtualBox on home Sun Ray server

I'm after best practices for VirtualBox on a home Sun Ray server. My solution is to have a “vbox” role and create a VirtualBox named after each user contianing the OS that they need. For most users this there is no need as everything they need is available natively on Solaris but there are some apps that only work on Windows so for that user they get those apps.

The upside of this is that I get to manage the images (and since I will have to fix them that is good). Plus I can pause and VM when the user removes their card by having my utdetach script do:

su - vbox -c "pfexec VBoxManage controlvm $1 pause" > /dev/null

and then the utattach script do:

su - vbox -c "pfexec VBoxManage controlvm $1 resume" > /dev/null

So that the Virtual Machines are not burning resources when they need not be. The temptation to also do:

su - vbox -c "pfexec VBoxManage snapshot $1 take $(date '+%F-%T')”

in the detach is strong but I need to better understand the disk space implications of that and whether letting ZFS handle that would be better.

Thursday Dec 04, 2008

Doing more with less

As I have mentioned before I have an ancient Sun Ray 1 that drives the TV in our kitchen to look like a photo frame. The network is provided my an ethernet over mains bridge that is rated at 85Mbit/sec and the network drop from the server is a 1Gbit/sec. Since the switch I have is very cheap this results in a significant packet drop to that DTU with the result that the picture transition is less than ideal and can stutter somewhat.

So last night after reading an email on an internal list I finally got around to reading the documentation so I could set a bandwidth limit on this one DTU to see if things could be improved, With no bandwidth limit the very excellent utbw gives:

 lost      0/00% pkts     62 cpu   0% kbytes     53 0.021 Mbps 4.3(4.2) ms
 lost   1243/46% pkts   2652 cpu  11% kbytes   1614 0.631 Mbps 4.9(4.6) ms
 lost      0/00% pkts     60 cpu   3% kbytes     51 0.020 Mbps 4.1(4.3) ms
 lost      0/00% pkts     64 cpu   2% kbytes     55 0.022 Mbps 4.8(4.6) ms
 lost      0/00% pkts     64 cpu   2% kbytes     56 0.022 Mbps 4.2(4.7) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.3(4.5) ms
 lost      0/00% pkts     62 cpu   3% kbytes     53 0.021 Mbps 4.9(4.7) ms
 lost    266/11% pkts   2393 cpu   6% kbytes   2314 0.904 Mbps 4.4(4.6) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.4(4.5) ms
 lost      0/00% pkts     62 cpu   2% kbytes     53 0.021 Mbps 4.7(4.6) ms
 lost      0/00% pkts     64 cpu   3% kbytes     56 0.022 Mbps 4.1(4.3) ms
 lost      0/00% pkts     58 cpu   0% kbytes     48 0.019 Mbps 4.4(4.4) ms
 lost      0/00% pkts     62 cpu   2% kbytes     53 0.021 Mbps 6.0(5.2) ms
 lost    229/09% pkts   2377 cpu   8% kbytes   2320 0.907 Mbps 4.7(4.9) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.1(4.5) ms
 lost      0/00% pkts     62 cpu   0% kbytes     53 0.021 Mbps 4.1(4.3) ms
 lost      0/00% pkts     64 cpu   2% kbytes     56 0.022 Mbps 4.2(4.2) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.2(4.2) ms
 lost      0/00% pkts     62 cpu   0% kbytes     53 0.021 Mbps 4.4(4.3) ms
 lost    597/23% pkts   2532 cpu   9% kbytes   2123 0.830 Mbps 4.2(4.3) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.1(4.2) ms
 lost      0/00% pkts     62 cpu   3% kbytes     53 0.021 Mbps 4.1(4.1) ms
 lost      0/00% pkts     64 cpu   0% kbytes     56 0.022 Mbps 5.1(4.6) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.1(4.4) ms
 lost      0/00% pkts     62 cpu   2% kbytes     53 0.021 Mbps 4.3(4.4) ms
 lost      0/00% pkts   2133 cpu   8% kbytes   2322 0.907 Mbps 4.1(4.2) ms
 lost      0/00% pkts     60 cpu   0% kbytes     51 0.020 Mbps 7.3(5.7) ms
 lost      0/00% pkts     62 cpu   2% kbytes     53 0.021 Mbps 4.2(5.0) ms
 lost      0/00% pkts     64 cpu   2% kbytes     56 0.022 Mbps 4.2(4.6) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 6.5(5.6) ms
 lost      0/00% pkts     62 cpu   0% kbytes     53 0.021 Mbps 4.1(4.9) ms
 lost    462/18% pkts   2509 cpu   9% kbytes   2251 0.879 Mbps 4.2(4.5) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.2(4.3) ms

What is more the transition that is observed often jumps or will have one block of the picture updated after all the others. Having tuned the bandwidth down to 20Mb/sec:

 lost    114/04% pkts   2295 cpu   4% kbytes   2344 0.916 Mbps 4.4(4.7) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.2(4.5) ms
 lost      0/00% pkts     62 cpu   2% kbytes     53 0.021 Mbps 7.2(5.8) ms
 lost      0/00% pkts     63 cpu   2% kbytes     53 0.021 Mbps 4.2(5.0) ms
 lost      0/00% pkts     60 cpu   0% kbytes     51 0.020 Mbps 4.4(4.7) ms
 lost      0/00% pkts     62 cpu   3% kbytes     53 0.021 Mbps 4.1(4.4) ms
 lost    216/09% pkts   2304 cpu   7% kbytes   2295 0.897 Mbps 4.4(4.4) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.2(4.3) ms
 lost      0/00% pkts     63 cpu   0% kbytes     55 0.022 Mbps 4.4(4.4) ms
 lost      0/00% pkts     63 cpu   2% kbytes     53 0.021 Mbps 4.4(4.4) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.1(4.2) ms
 lost      0/00% pkts     63 cpu   2% kbytes     55 0.022 Mbps 5.0(4.6) ms
 lost    168/07% pkts   2174 cpu   6% kbytes   2230 0.871 Mbps 7.0(5.8) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.9(5.3) ms
 lost      0/00% pkts     62 cpu   2% kbytes     53 0.021 Mbps 5.9(5.6) ms
 lost      0/00% pkts     63 cpu   2% kbytes     56 0.022 Mbps 4.1(4.9) ms
 lost      0/00% pkts     60 cpu   0% kbytes     51 0.020 Mbps 4.5(4.7) ms
 lost      0/00% pkts     62 cpu   2% kbytes     53 0.021 Mbps 4.2(4.5) ms
 lost      0/00% pkts   1938 cpu   8% kbytes   2118 0.827 Mbps 4.3(4.4) ms
 lost      0/00% pkts     60 cpu   0% kbytes     50 0.020 Mbps 8.4(6.4) ms
 lost      0/00% pkts     62 cpu   2% kbytes     52 0.021 Mbps 17.7(12.1) ms
 lost      0/00% pkts     64 cpu   2% kbytes     55 0.022 Mbps 4.2(8.1) ms
 lost      0/00% pkts     60 cpu   2% kbytes     50 0.020 Mbps 6.3(7.2) ms
 lost      0/00% pkts     62 cpu   0% kbytes     52 0.021 Mbps 4.4(5.8) ms
 lost    214/09% pkts   2224 cpu   7% kbytes   2170 0.848 Mbps 4.0(4.9) ms
 lost      0/00% pkts     60 cpu   2% kbytes     50 0.020 Mbps 4.1(4.5) ms
 lost      0/00% pkts     62 cpu   2% kbytes     52 0.021 Mbps 4.6(4.6) ms
 lost      0/00% pkts     64 cpu   0% kbytes     55 0.022 Mbps 5.7(5.1) ms
 lost      0/00% pkts     60 cpu   2% kbytes     50 0.020 Mbps 4.6(4.8) ms
 lost      0/00% pkts     64 cpu   2% kbytes     55 0.022 Mbps 5.8(5.3) ms
 lost    194/08% pkts   2278 cpu   9% kbytes   2274 0.888 Mbps 4.2(4.8) ms
 lost      0/00% pkts     60 cpu   0% kbytes     50 0.020 Mbps 4.2(4.5) ms
 lost      0/00% pkts     63 cpu   2% kbytes     53 0.021 Mbps 4.2(4.3) ms
 lost      0/00% pkts     63 cpu   3% kbytes     53 0.021 Mbps 4.2(4.3) ms
 lost      0/00% pkts     60 cpu   1% kbytes     50 0.020 Mbps 4.9(4.6) ms
 lost      0/00% pkts     62 cpu   1% kbytes     52 0.021 Mbps 4.1(4.3) ms
 lost      0/00% pkts   2149 cpu   6% kbytes   2319 0.906 Mbps 4.3(4.3) ms
 lost      0/00% pkts     60 cpu   2% kbytes     50 0.020 Mbps 4.2(4.3) ms

The numbers improve greatly however they hide the truth somewhat. Since the operation of the picture frame is that except for the clock that updates every second there are no updates at all for most of the time then every 2 minutes a new photo is displayed. So those averages which appear to be every 20 seconds hide the very high burst of data that happens.

You can see the difference here:



Friday Oct 10, 2008

Login to sunsolve just once a day

Go on. 7 ½ hours before you need to use SunSolve login and then just leave that tab alone until you need it. Why? Because you can!

As promised the horribly short idle time out has been increased from 30 minutes to 8 hours and the session time from 2 hours to 24.

Also I as have just been reminded it effects too, sweet.

Tuesday Sep 30, 2008

Sunsolve et al Session timeouts increasing.

The hot news around here is that the session timeouts for Sunsolve and the other tools that use the authentication system on are going to be increased to something approaching reasonable timeouts. The current 30 minute idle and 2 hour session timeout will be increased to 8 hours idle and 24 hours for the session. Not quite the 14 days and 90 days I would have but none the less a welcome step in the right direction.

If all goes well the change should happen on October 9th. I wish it was sooner but none the less the prospect is exciting enough for me to pre-announce it here, not that anyone will read it!

A big thank you to those who are making it happen.

Tuesday Mar 25, 2008

Automatic opening a USB disk on Sun Ray

One of my users today had a bit of a hissy fit today when she plugged in her USB thumb drive into the Sun Ray and it did nothing. That is it did nothing visible. Behind the scenes the drive had been mounted somewhere but there was no realistic way she could know this.

So I need a way to get the file browser to open when the drive is inserted. A quick google finds " "USB Drive" daemon for Sun Ray sessions" which looks like the answer. The problem I have with this is that it polls to see if there is something mounted. Given my users never log out this would mean this running on average every second. Also the 5 second delay just does not take into account the attention span of a teenager.

There has to be a better way.

My solution is to use dtrace to see when the file system has been mounted and then run nautilus with that directory.

The great thing about Solaris 10 and later is that I can give the script just the privilege that allows it to run dtrace without handing out access to the world. Then of course you can then give that privilege away.

So I came up with this script. Save it. Mine is in /usr/local which in turn is a symbolic link to /tank/fs/local. Then add an entry to /etc/security/exec_attr, subsisting the correct absolute (ie one with no symbolic links in it) path in the line.

Basic Solaris User:solaris:cmd:::/tank/fs/local/bin/utmountd:privs=dtrace_kernel

This gives the script just enough privileges to allow it to work. It then drops the extra privilege so that when it runs nautilus it has no extra privileges.

Then you just have to arrange for users to run the script when they login using:

pfexec /usr/local/bin/utmountd

I have done this by creating a file called /etc/dt/config/Xsession.d/utmountd that contains these lines:

pfexec /usr/local/bin/utmountd &
trap "kill $!" EXIT

I leave making this work for uses of CDE as an exercise for the reader.

Friday Feb 15, 2008

20 years.....

Twenty reasons, in no particular order, why working at Sun has been and still is a blast.1

  1. NFS. No really it is better then rcp. Which is saying something as rcp is much better than uucp and uucp seemed much better than sneakernet.

  2. YP NIS. Actually I hate NIS but the simplicity of it for solving a problem was in it's time fantastic. That it is still in use is amazing or depressing depending on the time of day2.

  3. Mailtool. A graphical tool for reading your email. It made giving up on getting a vt220 worthwhile.

  4. The Network is the Computer”. Now that is a slogan I could then and still do really get.

  5. The Systems3:

    1. 3/160. I blagged one of these as my workstation as it had 12 meg of memory. It was being returned as upgrade residue I only got rid of it when I was offered a:

    2. 4/110. A workstation capable of running NeWS, well if you had the floating point unit. My one was a lemon, if ever any one heavy walked past my desk it would reset. However when it was running it was fast!

    3. SparcStation 1. Audio as standard on a workstation. How cool was that.

    4. The 386i. Look what happens when you take a slightly different approach to system management. Yes all your hosts are called “oak”.

    5. The SPARCstation 10. Four CPUs on the desktop, fab, ISDN on the back, not so fab.

    6. The SPARCcentre 2000. Have some more CPUs. You know you want them. (Then for laughs naming the upgrade the 2000E, dooming our lab system to be known as Cortina.)

    7. The E10000, have some more CPUs and DR.

    8. The T2000. Go on put all those CPUs on one chip.

  6. The SPARC Storage array. Put all those disks in one box. Attach two fibres.

  7. NeWS. A window system that made a virtue of being able to program in PostScript, allowing those of us who were intimate with the printers to be the experts!

  8. TFS. The translucent file system. It had more subtleties than just being translucent but you could build some brilliant technologies4 on top of it. I wanted to smoke some of the stuff whoever thought it up was smoking.

  9. The automounter. Even when it used symbolic links and /tmp_mnt to mount things it was cool. Since it has had autofs it is positively sub zero, don't start me on the things you can do with executable maps.

  10. Threads in user land. Not those light weight processes we had in 4.x real fully fledged threading in a single process. Now my mail search program could consume the whole SC2000, briefly, very briefly.

  11. OpenLook. You gotta love those push pins.

  12. Solaris5

    1. Solaris 2.3. An OS capable of getting the most out of the SC2000.

    2. Solaris 7. How much address space would you like sir?

  13. Email attachments. Obviously we were completely happy using uuencode and uudecode the arguments just slipped from your fingers but attachments seem to have caught on anyway.

  14. Sun Ray. I wonder how people manage home computers without Sun Ray they are quite useful in the office too.

  15. Oak Java. The only reason anyone I know outside of IT has heard of Sun before I tell them.

  16. You allow, no, encourage your employees to write about “anything”. It's called trusting your staff. All companies should do it.

  17. OpenSolaris. Put the source out in the open and see what happens.

  18. Dtrace. Only because I can and do use it in an executable automount map.

  19. ZFS. At last we can hold our heads up and say that the file system is going to have the contract with the user that the users always thought that they had. Ie you will get back the same data as you wrote or an error.

  20. Putting up with me for 20 years!

I've not included the people which are the real stars of which there have been and are many singling them out somehow seems wrong.

1I don't claim all of these were invented by Sun although many were.

2A bit like working at the same company for 20 years.

3Yes I cheated putting all the systems in one item.

4NSE does not count as a “brilliant technology”. It could have been but was not. I know I used to support it.

5Yes another cheat.

Thursday Jan 17, 2008

Opposite's in Service

When I read the announcement about Sun's acquisition of MySQL on Jonathan's blog I too was drawn to the fact that for every employee of Sun Service there is an equal and opposite employee. Check out the picture:

I'm left wondering what my opposite would be like. Clearly they would not ride a bike. I hesitate to suggest asking what other characteristics they would have but no one reads this anyway.


This is the old blog of Chris Gerhard. It has mostly moved to


« October 2016