Sunday Jan 17, 2010

More Sun Ray on OpenSolaris build 130 workarounds

One more thing for the Sun Ray on build 130. Whether this is the last remains to be seen.

Now that gdm is run via smf gnome-session is now run via ctrun(1) so that it gets it's own contract and therefore any problems it has do not result in gdm being restarted.

However the Sun Ray sessions are not started that way. Hence I was seeing all users logged out if just one session had a problem:

So a rather trivial failure such as this:

Jan 16 11:10:47 pearson genunix: [ID 603404 kern.notice] NOTICE: core_log: metacity[7448] core dumped: /var/cores/core.metacity.7448 

would result in gdm restarted:


[ Jan 16 00:06:08 Method "start" exited with status 0. ]
[ Jan 16 11:10:47 Stopping because process dumped core. ]
[ Jan 16 11:10:47 Executing stop method ("/lib/svc/method/svc-gdm stop"). ]
[ Jan 16 11:10:47 Method "stop" exited with status 0. ]

which in turn means all the users were logged out. Ooops.

The solution was simple but like the previous workarounds leaves your warranty in tatters!

# mv /usr/bin/gnome-session /usr/bin/gnome-session.orig
# cat > /usr/bin/gnome-session << EOF
> #!/bin/ksh -p
> exec ctrun -l child \\$0.orig \\$@
> EOF
# chmod 755 /usr/bin/gnome-session

This results in all your gnome sessions having their own contract as their parent is ctrun:

: pearson FSS 33 $; ptree $(pgrep -o -u gdm gnome-session)
22433 /usr/sbin/gdm-binary
  22440 /usr/lib/gdm-simple-slave --display-id /org/gnome/DisplayManager/Displa
    22965 ctrun -l child /usr/bin/gnome-session.orig --autostart=/usr/share/gdm
      22967 /usr/bin/gnome-session.orig --autostart=/usr/share/gdm/autostart/Lo
        23062 /usr/lib/gdm-simple-greeter
        23063 gnome-power-manager
: pearson FSS 34 $; 

and means that any failures are now ring-fenced to just that session.

Monday Jan 11, 2010

More Sun Ray on OpenSolaris build 130

As I have previously mentioned I have Sun Ray "working" on OpenSolaris build 130 at home. There are some minor tweaks required to get things working close to perfectly.

If you are doing this you are already running OpenSolaris build 130 and Sun Ray which is completely unsupported. These changes are also completely unsupported. There was not warranty but if there was one you will void it.

First take a back up. Since you are running OpenSolaris and therefore have ZFS take snapshot of the file system that contains /opt/SUNWut and also use beadm to create a snapshot of the boot environment.

Now to get to a point where you can login on a Sun Ray DTU you need to do this:

ln -s /usr/lib/xorg/libXfont.so.1 /opt/SUNWut/lib
ln -s /usr/lib/xorg/libfontenc.so.1 /opt/SUNWut/lib
rm /usr/lib/xorg/modules/extensions/GL
ln -s ../../../../../var/run/opengl/server \\
/usr/lib/xorg/modules/extensions/GL
mkdir /etc/opt/SUNWut/X11
echo "catalogue:/etc/X11/fontpath.d" > /etc/opt/SUNWut/X11/fontpath
usermod -d /var/lib/gdm gdm

However the utwho command won't work and if you want to use utaction as root you need to follow the instructions in my last post.

Now utwho is extremely useful and for me a requirement as it is used by my access hours script so I wanted to get that working. As with the issues with utaction the first problem is that the script that sets this up expects to run as root but now everything is running as the user "gdm". Again the solution is RBAC.


Follow the instructions from my last post to set up a GDM profile and make the user gdm use it. Then add these lines to /etc/security/exec_attr:

GDM:solaris:cmd:::/etc/opt/SUNWut/gdm/SunRayInit/Default:uid=0
GDM:solaris:cmd:::/etc/opt/SUNWut/gdm/SunRayPostSession/Default:uid=0

and then edit the two file listed above to add in the bold lines below. The example is /etc/opt/SUNWut/gdm/SunRayInit/Default:

#!/bin/ksh
# iterate over the helpers directory
#
# ident "@(#)InitDefault.sh     1.5 09/07/31 SMI"
#
# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#

PATH=/usr/bin/X11:/usr/X11R6/bin:/opt/X11R6/bin:/usr/bin:$PATH

if [[ "$_" != "/usr/bin/pfexec" ]] && [[ -x /usr/bin/pfexec ]]

then

        exec /usr/bin/pfexec $0 $@

fi


for i in /etc/opt/SUNWut/gdm/SunRayInit/helpers/\*
do
        if [ -x $i ]; then
            . $i
        fi
done

exit 0

Finally, and quite whether this is required I'm not sure, but the reset-dpy script will not work properly either so make these changes to fix it:


\*\*\* /opt/SUNWut/.zfs/snapshot/month_2009-12-01-01:02/lib/xmgr/gdm/reset-dpy     Tue Oct 20 01:32:31 2009
--- ./reset-dpy Mon Jan 11 13:59:30 2010
\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
\*\*\* 65,70 \*\*\*\*
--- 65,71 ----
        dpys=`gdmdynamic -l | /bin/sed -e 's/:\\([\^,]\*\\),[\^;]\*/\\1/g' -e 's/;/ /g' `
        for dpy in $dpys
        do
+         dpy=${dpy#:}
            if [[ $dpy -ge $MINDISP && $dpy -le $MAXDISP ]]; then
            rm "$PRESESSION_DIR/:$dpy"
              rm "$POSTSESSION_DIR/:$dpy"
root@pearson:/etc/opt/SUNWut/xmgr#       

Now all will work:

: pearson FSS 2 $; utwho -c 
 12.0 Payflex.500a094f00130100         user2      192.168.1.228   P8.00144f57a46f
: pearson FSS 3 $; utwho
 12 Payflex.500a094f00130100             user2     
 14 Payflex.500a094d00130100             user1     
 18 Payflex.500a094c00130100             user3     
 19 Payflex.500a094e00130100             user4     
: pearson FSS 4 $; 

However you have voided your warranty!

Update: 12/1/2010 These problems should be fixed in build 132 so the workarounds should not be needed then.

Sunday Jan 10, 2010

Sometimes being on the bleeding edge you get cut.

While Sun Ray and OpenSolaris build 130 are functional they are not happy. In particular the changes to gdm have resulted in many of the functions of the Sun Ray software not working. Small things like utwho(1) no longer work.

More importantly the login scripts running as the user "gdm" have stopped my scripts that adjust the user shares and stop firefox when users disconnect from working. Since this results in the system being 100% busy all the time an urgent workaround was required.

The workaround uses lots of undocumented features, so I don't expect it to keep working long term but at least it will keep me going until the next upgrade.

The problem of not running as root is trivially solved by using RBAC and then calling utaction via pfexec(1) adding these lines to each of the files:

root@pearson:/root# egrep /etc/security/\*_attr
/etc/security/exec_attr:GDM:solaris:cmd:::/opt/SUNWut/bin/utaction:uid=0
/etc/security/prof_attr:GDM:::Do not assign to users. Profile for GDM so it can run utaction as root:help=Utaction.help
root@pearson:/root# 

Then using usermod to add the GDM profile to the gdm user:

root@pearson:/root# usermod -P GDM gdm

The now the utaction you call from your PostLogin script will be run as root. However instead of passing in the user name, which when the PostLogin script runs you don't know, pass in the name of the Sun Ray session_proc file and read the UID out of there. I have:


function read_session_proc
{
        typeset IFS="="
        typeset key val
        while read key val
        do
                if [[ "$key"="uid" ]]
                then
                        typeset IFS=:
                        typeset u spam
                        getent passwd $val | read u spam
                        print $u
                        break
                fi
        done
}
if [[ "${1#/}" != $1 ]] && [[ -f $1 ]]
then
        USER=$(read_session_proc < $1)
else
        USER=$1
fi

In the adjust shares scripts and this in the PostLogin script (/etc/opt/SUNWut/gdm/SunRayPostLogin/Default):

#!/bin/sh
#
# ident "@(#)PostLoginDefault.sh        1.1 04/05/06 SMI"
#
AD=/usr/local/sbin/adjustshares.workaround
.130

d=${DISPLAY#\*:}
d=${d%.\*}
LOGNAME=/tmp/SUNWut/session_proc/$d
/usr/bin/ctrun -l child -i none /usr/bin/pfexec /opt/SUNWut/bin/utaction -i -c "$AD $LOGNAME 50" -d "$AD $LOGNAME" &


Update: I have added the ctrun otherwise if any of the actions called by utaction dump core then everyone gets logged out. Clearly the core dumps need to be resolved but there is no reason to log everyone out.

Sunday Nov 08, 2009

Access hour by day of the week

At the request of the users the access hours for Sun Ray users in the house have been relaxed so that on Friday and Saturday nights the Sun Ray's in bedrooms can be used later.

This required that the access hour script be updated to understand the day of the week and hence the access_hour file also is updated in an incompatible way. There is now an extra column representing the days of the week when the rule is applied as the first column after the name of the user. The day of the week field will take a wild card '\*' or ranges (1-5) for Monday to Friday, or lists (1,3,5). Sunday is day 0 as any self respecting geek would have it.

The new access_file I have looks something like this:

    user0:0-4:0001:2300:P8.00144f7dc383
    
    user2:0-4:0630:2300
    
    user3:0-4:0630:2230
    
    user4:0-4:0630:2100
    
    user4:5-6:0630:2200
    

The script is still here: http://blogs.sun.com/chrisg/resource/check_access_hours

Tuesday Sep 15, 2009

Moving to an OpenSolaris Sun Ray

Today I took the plunge and moved from working on our Nevada based Sun Ray Servers to one running OpenSolaris. So that I could get the full OpenSolaris look and feel I first purged my home directory of a number of configuration files and directories using a script like1 this:

#!/bin/ksh -p
TARGET=b4OpenSolaris
test -d $HOME/$TARGET || mkdir $HOME/$TARGET
mv $HOME/.ICEauthority $HOME/$TARGET
mv $HOME/.cache $HOME/$TARGET
mv $HOME/.chewing $HOME/$TARGET
mv $HOME/.config $HOME/$TARGET
mv $HOME/.dbus $HOME/$TARGET
mv $HOME/.dmrc $HOME/$TARGET
mv $HOME/.gconf $HOME/$TARGET
mv $HOME/.gconfd $HOME/$TARGET
mv $HOME/.gksu.lock $HOME/$TARGET
mv $HOME/.gnome2 $HOME/$TARGET
mv $HOME/.gnome2_private $HOME/$TARGET
mv $HOME/.gstreamer-0.10 $HOME/$TARGET
mv $HOME/.gtk-bookmarks $HOME/$TARGET
mv $HOME/.iiim $HOME/$TARGET
mv $HOME/.local $HOME/$TARGET
mv $HOME/.nautilus $HOME/$TARGET
mv $HOME/.printer-groups.xml $HOME/$TARGET
mv $HOME/.rnd $HOME/$TARGET
mv $HOME/.sunstudio $HOME/$TARGET
mv $HOME/.sunw $HOME/$TARGET
mv $HOME/.updatemanager $HOME/$TARGET
mv $HOME/.xesam $HOME/$TARGET
mv $HOME/.xsession-errors $HOME/$TARGET

I generated the list by installing OpenSolaris in a VirtualBox and then logging in and doing a bit of browsing and general usage and then seeing was was created. Additionally “.mozilla” was created but I chose to retain that so that I can keep all the history that is in my browser.

Once logged in I have removed the update-manager icon as I am not the administrator. I have also removed the power notification and network monitor as they provide no useful data on a Sun Ray server.

Using “System->Preferences->Startup Applications” I unchecked the codeina update notifier and added my script for updating my IM status.

So far so good but it is taking a while to get used to the menu being a the top and the window list at the bottom of the screen.

1Like as in similar to and not this exact script as mine had my home directory hard coded into it.

Thursday Aug 06, 2009

Monitoring mounts

Sometimes in the course of being a system administrator it is useful to know what file systems are being mounted and when and what mounts fail and why. While you can turn on automounter verbose mode that only answers the question for the automounter.

Dtrace makes answering the general question a snip:

: exdev.eu FSS 24 $; cat mount_monitor.d                         
#!/usr/sbin/dtrace -qs

fbt::domount:entry
/ args[1]->dir /
{
        self->dir = args[1]->flags & 0x8 ? args[1]->dir : 
              copyinstr((intptr_t)args[1]->dir);
}
fbt::domount:return
/ self->dir != 0 /
{
        
        printf("%Y domount ppid %d, %s %s pid %d -> %s", walltimestamp, 
              ppid, execname, self->dir, pid, arg1 == 0 ? "OK" : "failed");
}
fbt::domount:return
/ self->dir != 0 && arg1 == 0/
{
        printf("\\n");
        self->dir = 0;
}
fbt::domount:return
/ self->dir != 0 && arg1 != 0/
{
        printf("errno %d\\n", arg1);
        self->dir = 0;
}
: exdev.eu FSS 25 $; pfexec /usr/sbin/dtrace -qs  mount_monitor.d
2009 Aug  6 12:57:57 domount ppid 0, sched /share/consoles pid 0 -> OK
2009 Aug  6 12:57:59 domount ppid 0, sched /share/chroot pid 0 -> OK
2009 Aug  6 12:58:00 domount ppid 0, sched /share/newsrc pid 0 -> OK
2009 Aug  6 12:58:00 domount ppid 0, sched /share/build2 pid 0 -> OK
2009 Aug  6 12:58:00 domount ppid 0, sched /share/chris_at_play pid 0 -> OK
2009 Aug  6 12:58:00 domount ppid 0, sched /share/ws_eng pid 0 -> OK
2009 Aug  6 12:58:00 domount ppid 0, sched /share/ws pid 0 -> OK
2009 Aug  6 12:58:03 domount ppid 0, sched /home/tx pid 0 -> OK
2009 Aug  6 12:58:04 domount ppid 0, sched /home/fl pid 0 -> OK
2009 Aug  6 12:58:05 domount ppid 0, sched /home/socal pid 0 -> OK
2009 Aug  6 12:58:07 domount ppid 0, sched /home/bur pid 0 -> OK
2009 Aug  6 12:58:23 domount ppid 0, sched /net/e2big.uk/export/install/docs pid 0 -> OK
2009 Aug  6 12:58:23 domount ppid 0, sched /net/e2big.uk/export/install/browser pid 0 -> OK
2009 Aug  6 12:58:23 domount ppid 0, sched /net/e2big.uk/export/install/cdroms pid 0 -> OK
2009 Aug  6 12:59:45 domount ppid 8929, Xnewt /tmp/.X11-pipe/X6 pid 8935 -> OK

In particular that last line if repeated often can give you a clue to things not being right.

Sunday May 10, 2009

Another update to Sun Ray access hours script

I have made a change to up access hours script for my Sun Rays. Now the access file can also contain a comma separated list of Sun Ray DTUs so that the control is only applied to those DTUs:

: pearson FSS 3 $; cat /etc/opt/local/access_hours 
user1:2000:2300:P8.00144f7dc383
user2:2000:2300:P8.00144f57a46f
user3:0630:2300
user4:0630:2300
: pearson FSS 4 $; 

The practical reason for this is that it allows control of DTUs that are in bedrooms but if the computer is really needed another DTU can be used for homework.

Now that bug 6791062 is fixed the script is safe to use in nevada.

The script is where it always was.

Sunday Feb 15, 2009

Build 108

I've managed to upgrade my home server to build 108 which is an important mile-stone for me as it has the fix for:

6763600: nautilus becomes unusable on a system with 39000 snapshots.

Which was rendering nautilus close to unusable for any users who moved out of their lofs automounted home directories. In partilcular any attempt to use it to manage the photo directories was painful.

However all was not smooth as again I hit this bug:

6795892: Sun Ray X servers (both Xsun and Xorg) suffer network problems in snv_106

but since I was expecting this I tried the workaround from bug 6799655 which is the same as the one for 6763600:


In /etc/sock2path change the following lines:

    2   2   0   tcp
    2   2   6   tcp

    26  2   0   tcp
    26  2   6   tcp

    2   1   0   udp
    2   1   17  udp

    26  1   0   udp
    26  1   17  udp

to:

    2   2   0   /dev/tcp
    2   2   6   /dev/tcp

    26  2   0   /dev/tcp6
    26  2   6   /dev/tcp6

    2   1   0   /dev/udp
    2   1   17  /dev/udp

    26   1  0   /dev/udp6
    26   1  17  /dev/udp6

While this got the Sun Rays up it also stopped named from working, spewing errors like this:

Feb 15 15:10:39 pearson named[15558]: [ID 873579 daemon.error] 71/Protocol error
Feb 15 15:10:39 pearson named[15558]: [ID 873579 daemon.error] socket.c:4315: unexpected error:

So have had to revert to some internal to Sun binaries that work around this while the underlying bug is fixed. It is slighly worring as I'm left wondering what other victims are out there. One I have already found is ntp, which is a known bug:

6796948: NTP completely broken by I_SETSIG semantics change in snv_106

I suspect that the system will have to revert to build 105 soon.

Wednesday Feb 04, 2009

40" Sun Ray Display

I managed to buy 2 Sun Ray 2's off Ebay and one of them was is now in place in the living room driving our 40” TV.


Combine this with a KeySonic wireless mini keyboard and the DTU does not only act as a photo frame. The Sun Ray unit is attached to the underside of the shelf as the top unit in the pile is a Virgin cable TV recorder which does not like having anything on top blocking the air flow. Thanks to the Sun Ray 2 being so light 5 strips of sticky back velcro do the trick so well that it really is going nowhere to the point that I could not remove it to plug the USB keyboard adapter directly in the back of the unit. The keyboard adapter has a button you have to press once plugged in to pair it with the keyboard. Alas with the Sun Ray in this configuration the button faces upwards. So there is a short USB cable hidden back there.

Networking is provided via Ethenet over mains.

The keyboard has impressive range and a really nice touch pad that pretends to have a scroll wheel down one side. However I've not yet got the keyboard map for it right but it only arrived an hour ago so there is time.

Friday Jan 23, 2009

Update to Sun Ray access hours script

I have just uploaded and update to my script that controls the access hours of users to Sun Ray DTUs. The change is to not block the DTU if the user accepts the warning and disconnects voluntarily.

With that test in place the number of forced disconnects has fallen to zero which is good as the warning about bug 6791062 still applies so this reduces the chances of hitting the bug (if it is indeed triggered by the change of the ipfilter rules).

Wednesday Jan 07, 2009

Access hours for Sun Ray users

Having installed a Sun Ray in my daughters bedroom I am now faced with the inevitable problem of her being online all night not getting any sleep and then being generally grumpy. The irony here is that I was sent an email asking how I handle access control to the DTUs and I said I just trusted the children to be sensible (what was I thinking!).

So a solution was required that gave access to the systems only between certain hours. The hours would depend on the user and would have to not loose all their “work” in case this was a late night finishing their homework session.

After asking around no one came back to me and said how it can be done so I wrote my own script. It works by having a file that contains lines with a format

user:starttime:endtime

The times are specified in 24 hour format and only accurate to the minute.

# cat /etc/opt/local/access_hours             
user1:1915:1900
user2:0630:2300
user3:0630:2230
user4:0630:2000
# 

The top line is just really for testing only not allowing access from 1900 to 1915. Then you need a user who has system admin privs which does not have a crontab file. Since I already have a kroot role I'm overloading this. Running the script as with the -c flag and the name of the user will write the crontab file. Note it also writes an entry to keep the crontab file uptodate on an hourly basis.


# /usr/local/sbin/check_access_hours -c kroot
# crontab -l kroot
46 \* \* \* \* /usr/local/sbin/check_access_hours -c kroot
00 19 \* \* \* /usr/local/sbin/check_access_hours user1
00 23 \* \* \* /usr/local/sbin/check_access_hours user2
30 22 \* \* \* /usr/local/sbin/check_access_hours user3
00 20 \* \* \* /usr/local/sbin/check_access_hours user4
#  

Finally I added a line to the utaction script that is already run for every user when they connect to a Sun Ray DTU:

if ! /usr/local/sbin/check_access_hours -t 0 $1
then
        exit 1
fi

The way it disallows access is that it adds the DTU's IP address to the ipfilter, which you have to have configured, so that all traffic from the DTU is blocked. It also submits an at(1) job to run 2 minutes in the future to remove the block so that the Sun Ray can burst back into life. The effect is that the user can no longer use any Sun Ray outside of the defined hours. But after about 2 minutes the DTU is usable again by others or indeed as a photo frame.


A word of warning. Having got all this running the system has paniced twice which is disappointing on one level, that it panics, but pleasing on another, I've found a bug that can now be fixed. The bug is:

6791062: System panic in ip_tcp_input when a rule is added to ipfilter

I look forward to the fix!


The script is here but check that that bug has been fixed before you use it.

Sunday Dec 07, 2008

VirtualBox on home Sun Ray server

I'm after best practices for VirtualBox on a home Sun Ray server. My solution is to have a “vbox” role and create a VirtualBox named after each user contianing the OS that they need. For most users this there is no need as everything they need is available natively on Solaris but there are some apps that only work on Windows so for that user they get those apps.

The upside of this is that I get to manage the images (and since I will have to fix them that is good). Plus I can pause and VM when the user removes their card by having my utdetach script do:

su - vbox -c "pfexec VBoxManage controlvm $1 pause" > /dev/null

and then the utattach script do:

su - vbox -c "pfexec VBoxManage controlvm $1 resume" > /dev/null

So that the Virtual Machines are not burning resources when they need not be. The temptation to also do:

su - vbox -c "pfexec VBoxManage snapshot $1 take $(date '+%F-%T')”

in the detach is strong but I need to better understand the disk space implications of that and whether letting ZFS handle that would be better.

Thursday Dec 04, 2008

Doing more with less

As I have mentioned before I have an ancient Sun Ray 1 that drives the TV in our kitchen to look like a photo frame. The network is provided my an ethernet over mains bridge that is rated at 85Mbit/sec and the network drop from the server is a 1Gbit/sec. Since the switch I have is very cheap this results in a significant packet drop to that DTU with the result that the picture transition is less than ideal and can stutter somewhat.

So last night after reading an email on an internal list I finally got around to reading the documentation so I could set a bandwidth limit on this one DTU to see if things could be improved, With no bandwidth limit the very excellent utbw gives:

 lost      0/00% pkts     62 cpu   0% kbytes     53 0.021 Mbps 4.3(4.2) ms
 lost   1243/46% pkts   2652 cpu  11% kbytes   1614 0.631 Mbps 4.9(4.6) ms
 lost      0/00% pkts     60 cpu   3% kbytes     51 0.020 Mbps 4.1(4.3) ms
 lost      0/00% pkts     64 cpu   2% kbytes     55 0.022 Mbps 4.8(4.6) ms
 lost      0/00% pkts     64 cpu   2% kbytes     56 0.022 Mbps 4.2(4.7) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.3(4.5) ms
 lost      0/00% pkts     62 cpu   3% kbytes     53 0.021 Mbps 4.9(4.7) ms
 lost    266/11% pkts   2393 cpu   6% kbytes   2314 0.904 Mbps 4.4(4.6) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.4(4.5) ms
 lost      0/00% pkts     62 cpu   2% kbytes     53 0.021 Mbps 4.7(4.6) ms
 lost      0/00% pkts     64 cpu   3% kbytes     56 0.022 Mbps 4.1(4.3) ms
 lost      0/00% pkts     58 cpu   0% kbytes     48 0.019 Mbps 4.4(4.4) ms
 lost      0/00% pkts     62 cpu   2% kbytes     53 0.021 Mbps 6.0(5.2) ms
 lost    229/09% pkts   2377 cpu   8% kbytes   2320 0.907 Mbps 4.7(4.9) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.1(4.5) ms
 lost      0/00% pkts     62 cpu   0% kbytes     53 0.021 Mbps 4.1(4.3) ms
 lost      0/00% pkts     64 cpu   2% kbytes     56 0.022 Mbps 4.2(4.2) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.2(4.2) ms
 lost      0/00% pkts     62 cpu   0% kbytes     53 0.021 Mbps 4.4(4.3) ms
 lost    597/23% pkts   2532 cpu   9% kbytes   2123 0.830 Mbps 4.2(4.3) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.1(4.2) ms
 lost      0/00% pkts     62 cpu   3% kbytes     53 0.021 Mbps 4.1(4.1) ms
 lost      0/00% pkts     64 cpu   0% kbytes     56 0.022 Mbps 5.1(4.6) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.1(4.4) ms
 lost      0/00% pkts     62 cpu   2% kbytes     53 0.021 Mbps 4.3(4.4) ms
 lost      0/00% pkts   2133 cpu   8% kbytes   2322 0.907 Mbps 4.1(4.2) ms
 lost      0/00% pkts     60 cpu   0% kbytes     51 0.020 Mbps 7.3(5.7) ms
 lost      0/00% pkts     62 cpu   2% kbytes     53 0.021 Mbps 4.2(5.0) ms
 lost      0/00% pkts     64 cpu   2% kbytes     56 0.022 Mbps 4.2(4.6) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 6.5(5.6) ms
 lost      0/00% pkts     62 cpu   0% kbytes     53 0.021 Mbps 4.1(4.9) ms
 lost    462/18% pkts   2509 cpu   9% kbytes   2251 0.879 Mbps 4.2(4.5) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.2(4.3) ms

What is more the transition that is observed often jumps or will have one block of the picture updated after all the others. Having tuned the bandwidth down to 20Mb/sec:

 lost    114/04% pkts   2295 cpu   4% kbytes   2344 0.916 Mbps 4.4(4.7) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.2(4.5) ms
 lost      0/00% pkts     62 cpu   2% kbytes     53 0.021 Mbps 7.2(5.8) ms
 lost      0/00% pkts     63 cpu   2% kbytes     53 0.021 Mbps 4.2(5.0) ms
 lost      0/00% pkts     60 cpu   0% kbytes     51 0.020 Mbps 4.4(4.7) ms
 lost      0/00% pkts     62 cpu   3% kbytes     53 0.021 Mbps 4.1(4.4) ms
 lost    216/09% pkts   2304 cpu   7% kbytes   2295 0.897 Mbps 4.4(4.4) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.2(4.3) ms
 lost      0/00% pkts     63 cpu   0% kbytes     55 0.022 Mbps 4.4(4.4) ms
 lost      0/00% pkts     63 cpu   2% kbytes     53 0.021 Mbps 4.4(4.4) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.1(4.2) ms
 lost      0/00% pkts     63 cpu   2% kbytes     55 0.022 Mbps 5.0(4.6) ms
 lost    168/07% pkts   2174 cpu   6% kbytes   2230 0.871 Mbps 7.0(5.8) ms
 lost      0/00% pkts     60 cpu   2% kbytes     51 0.020 Mbps 4.9(5.3) ms
 lost      0/00% pkts     62 cpu   2% kbytes     53 0.021 Mbps 5.9(5.6) ms
 lost      0/00% pkts     63 cpu   2% kbytes     56 0.022 Mbps 4.1(4.9) ms
 lost      0/00% pkts     60 cpu   0% kbytes     51 0.020 Mbps 4.5(4.7) ms
 lost      0/00% pkts     62 cpu   2% kbytes     53 0.021 Mbps 4.2(4.5) ms
 lost      0/00% pkts   1938 cpu   8% kbytes   2118 0.827 Mbps 4.3(4.4) ms
 lost      0/00% pkts     60 cpu   0% kbytes     50 0.020 Mbps 8.4(6.4) ms
 lost      0/00% pkts     62 cpu   2% kbytes     52 0.021 Mbps 17.7(12.1) ms
 lost      0/00% pkts     64 cpu   2% kbytes     55 0.022 Mbps 4.2(8.1) ms
 lost      0/00% pkts     60 cpu   2% kbytes     50 0.020 Mbps 6.3(7.2) ms
 lost      0/00% pkts     62 cpu   0% kbytes     52 0.021 Mbps 4.4(5.8) ms
 lost    214/09% pkts   2224 cpu   7% kbytes   2170 0.848 Mbps 4.0(4.9) ms
 lost      0/00% pkts     60 cpu   2% kbytes     50 0.020 Mbps 4.1(4.5) ms
 lost      0/00% pkts     62 cpu   2% kbytes     52 0.021 Mbps 4.6(4.6) ms
 lost      0/00% pkts     64 cpu   0% kbytes     55 0.022 Mbps 5.7(5.1) ms
 lost      0/00% pkts     60 cpu   2% kbytes     50 0.020 Mbps 4.6(4.8) ms
 lost      0/00% pkts     64 cpu   2% kbytes     55 0.022 Mbps 5.8(5.3) ms
 lost    194/08% pkts   2278 cpu   9% kbytes   2274 0.888 Mbps 4.2(4.8) ms
 lost      0/00% pkts     60 cpu   0% kbytes     50 0.020 Mbps 4.2(4.5) ms
 lost      0/00% pkts     63 cpu   2% kbytes     53 0.021 Mbps 4.2(4.3) ms
 lost      0/00% pkts     63 cpu   3% kbytes     53 0.021 Mbps 4.2(4.3) ms
 lost      0/00% pkts     60 cpu   1% kbytes     50 0.020 Mbps 4.9(4.6) ms
 lost      0/00% pkts     62 cpu   1% kbytes     52 0.021 Mbps 4.1(4.3) ms
 lost      0/00% pkts   2149 cpu   6% kbytes   2319 0.906 Mbps 4.3(4.3) ms
 lost      0/00% pkts     60 cpu   2% kbytes     50 0.020 Mbps 4.2(4.3) ms

The numbers improve greatly however they hide the truth somewhat. Since the operation of the picture frame is that except for the clock that updates every second there are no updates at all for most of the time then every 2 minutes a new photo is displayed. So those averages which appear to be every 20 seconds hide the very high burst of data that happens.


You can see the difference here:

100Mb/sec:

10Mb/sec

Tuesday Mar 25, 2008

Automatic opening a USB disk on Sun Ray

One of my users today had a bit of a hissy fit today when she plugged in her USB thumb drive into the Sun Ray and it did nothing. That is it did nothing visible. Behind the scenes the drive had been mounted somewhere but there was no realistic way she could know this.

So I need a way to get the file browser to open when the drive is inserted. A quick google finds " "USB Drive" daemon for Sun Ray sessions" which looks like the answer. The problem I have with this is that it polls to see if there is something mounted. Given my users never log out this would mean this running on average every second. Also the 5 second delay just does not take into account the attention span of a teenager.

There has to be a better way.

My solution is to use dtrace to see when the file system has been mounted and then run nautilus with that directory.

The great thing about Solaris 10 and later is that I can give the script just the privilege that allows it to run dtrace without handing out access to the world. Then of course you can then give that privilege away.

So I came up with this script. Save it. Mine is in /usr/local which in turn is a symbolic link to /tank/fs/local. Then add an entry to /etc/security/exec_attr, subsisting the correct absolute (ie one with no symbolic links in it) path in the line.

Basic Solaris User:solaris:cmd:::/tank/fs/local/bin/utmountd:privs=dtrace_kernel

This gives the script just enough privileges to allow it to work. It then drops the extra privilege so that when it runs nautilus it has no extra privileges.

Then you just have to arrange for users to run the script when they login using:

pfexec /usr/local/bin/utmountd

I have done this by creating a file called /etc/dt/config/Xsession.d/utmountd that contains these lines:


pfexec /usr/local/bin/utmountd &
trap "kill $!" EXIT

I leave making this work for uses of CDE as an exercise for the reader.

Tuesday Nov 06, 2007

17" Wide screen Sun Ray Photo Frame

I've briefly mentioned before that we have had the builders in recently and at last we are reaching the final few steps. This includes an LCD TV for the kitchen mounted on the wall. I'm sure you all know, modern LCD TV's all have an input for a computer. So I must be the last of millions to turn my LCD TV into a 17” photo frame powered by a Sun Ray 1 and some ethernet over mains plugs.

With SRSS 4.0 I can, although so far have not, have kiosk mode running just on this one Sun Ray although since everyone in the house has a smart card there is not really any need.

The “photo frame” software is no more than a proof of concept. A script that finds all my photos (about 3000) and uses display(1) to display them. Still need to confirm I have turned off he screen saver, no point in waiting for keyboard or mouse input as the Sun Ray has none and is quite well hidden. Also ideally it needs to have better transitions for the pictures and a way of controlling it. I can see a USB infra red receiver and remote control so that I can select that bike porn channel on demand.

The upgrade of the SRSS software would have been so much simpler if I had:

  1. Read the manual first.

  2. Rebooted when the documentation told me to. I hate rebooting, it is just so Windows but it really did seem to be required.

  3. Read the manual first.

There are however one issue. Kiosk mode does not seem to work with JDS on build 76, which I think is a know bug.

Given that a Sun Ray 1 on ebay is £25, this has to be a really cheap photo frame and this is a 17” wide screen photo frame. In fact the ethernet plug was more than the Sun Ray.

Tuesday Jun 12, 2007

Good Morning Build 66

Here is a change. The lab folks have added a third system to the group of Sun Ray servers we use and it is an AMD based system. So now the rolling upgrades will be every six weeks and I get to spend four weeks on SPARC and two weeks on AMD. Should flush out any problems with moving a home directory between architectures pretty quickly:


: eagain.eu FSS 1 $; uname -a
SunOS eagain 5.11 snv_66 i86pc i386 i86pc
: eagain.eu FSS 2 $; 

Tuesday May 22, 2007

Sun Ray firmware version

Peter gives an undocumented way to find out the firmware version of your Sun Ray. I have three problems with this.

  1. It uses an undocumented interface which therefore is likely to change

  2. It does not work for me.

  3. It involved Cut'n'Paste when we have nawk out there.

Here is how I would do the same. I look forward to someone from thinkthin1 to tell me the correct way:

/opt/SUNWut/bin/utwho -c | nawk '$3 == ENVIRON["LOGNAME"] { 
        system(sprintf("/opt/SUNWut/sbin/utquery %s\\n", $4)) 
}'

Should I worry that I can type this kind of thing into the command line?


1I know I am down as a thinkthin author. It is a vanity thing. I was invited to be an author and accepted the invitation before thinking it through. I use Sun Ray. I love Sun Ray but what I do day to day, or try to do day to day is write about things I am expert in, therefore following 50% of the advice I was given when I started blogging. The thing is I don't claim to be expert on Sun Ray. I know enough to be dangerous so have never felt the urge to post a “Sun Ray” specific expert article.

Tuesday May 15, 2007

One Sun Ray for home and work

At last I can talk. With the release of Sun Ray Software 4 Update 2 Open Beta I can at last tell you about the very best (well perhaps not the best but it is pretty cool) feature that you get with a Sun Ray 2 at home.

It is not that you no longer have to have some extra box that gives a VPN to the your internal network though that is very cool as that box used to generate a lot of heat. You don't as the new firmware has VPN built in, but that is not the cool part.

No the cool part is that when you set up the VPN you get to tell the Sun Ray all the details of the VPN servers, keys, login details etc. You also get to list the Sun Ray servers that you “land” on all not very exciting. However if you have a Sun Ray server at home and you add that to the list when you have the VPN up your home server clearly is not available so it connects to the internal servers. When the VPN is off the internal to Sun servers are now unavailable but my home server is so it happily connects to that.

This means I can use same Sun Ray for both servers. Very cool.

Wednesday May 09, 2007

Good Morning Build 63

Build 63 has hit our Sun Ray server, and my Sun Ray server at home:


: estale.eu FSS 1 $; uname -a
SunOS estale 5.11 snv_63 sun4u sparc SUNW,Sun-Fire
: estale.eu FSS 2 $; 

All is well, except the main menu now has a “shutdown” button on it:



Which is a bit off putting as this is a Sun Ray used by lots of other people. (It did not stop me trying though. Since it calls gnome-sys-suspend which then checks /etc/default/sys-suspend to see if you are allowed to shut the system down there is no harm apart from the wasted real estate on the screen).

More worryingly the upgrade has undone the edit of /etc/default/sys-suspend that the Sun Ray software does so that the user on the console can't shutdown the system.

Friday Jan 12, 2007

Nokia phone meets Sun Ray @ home

This just should not work but it does.

Since I now have the USB cable for the phone my Sun Ray at home as been begging me to plug it in and see if it will work:

: enoexec.eu FSS 9 $; utdiskadm -l
Device          Partition       Mount Path
------          ---------       ----------
disk1           disk1s2         /tmp/SUNWut/mnt/cg13442/mmc
: enoexec.eu FSS 10 $; ls -l    /tmp/SUNWut/mnt/cg13442/mmc
total 1158
-r-xr-xr-x 1 cg13442 staff      7 May  6  2004 ID0630896.dat
-rwxrwxrwx 1 cg13442 staff 505448 Nov 26 10:14 Image001.jpg
-rwxrwxrwx 1 cg13442 staff 440997 Dec 17 11:53 Image002.jpg
-rwxrwxrwx 1 cg13442 staff 237175 Sep 28 21:02 Video000.3gp
drwxrwxrwx 1 cg13442 staff    512 Oct 12 00:10 music
: enoexec.eu FSS 11 $; 

It did. I can even view the pictures using eog. Of course this should not amaze me as much as it does.

Tags:

About

This is the old blog of Chris Gerhard. It has mostly moved to http://chrisgerhard.wordpress.com

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today