Thursday Nov 18, 2010
Tuesday Nov 16, 2010
By Brian Leonard on Nov 16, 2010
The video also covers an important tip, which is that the root password is expired at install time and must be immediately changed. Otherwise, GUI tools prompting for the root password will not work. You can read the details in the release notes: Gksu Does Not Report Expired Password.
Monday Nov 15, 2010
By Brian Leonard on Nov 15, 2010
After a long, drawn out wait, the latest release of the OpenSolaris distribution, now called Solaris 11 Express, is finally here!
In the 17 months since the last official release of OpenSolaris a lot of new goodies have been added. Some of my favorites:
- ZFS Deduplication
- ZFS Encryption
- Boomer audio subsystem
- Interactive Text Installer
- Solaris 10 Zones
For all the details on the new features see the article What's New in Oracle Solaris 11 Express 2010.11.
- Release Notes
- Oracle Solaris 11 Express Datasheet
- Oracle Solaris 11 Express on oracle.com
- Oracle Solaris 11 Express on OTN
- Oracle Solaris 11 Express for Developers
- Oracle Solaris 11 Express for Architects and System Administrators
- Oracle Solaris 11 Express: Managing System and Application Software
- Oracle Solaris 11 Express: Virtualization
- Oracle Solaris 11 Express: Networking
- Oracle Solaris 11 Express: Data Management
- Oracle Solaris 11 Express: Security
- Getting Started with Oracle Solaris 11 Express
- Oracle Solaris 11 Express Image Packaging System (IPS) Guide
- Oracle Solaris 11 Express Automated Installer Guide
- Managing Boot Environments with Oracle Solaris 11 Express
- Oracle Solaris 11 Express Distribution Constructor Guide
- Oracle Solaris 11 Express Release and Installation Collection
- Oracle Solaris 11 Express System Administrator Collection
The Release Notes do include instructions on how to upgrade to Solaris 11 Express from OpenSolaris. If you're still running OpenSolaris 2009.06 (build 111b), you'll first need to update to the never released (until now) 2010.05 (build 134). If you're already on a development build of OpenSolaris, you should be good to go. I also recommend using the command line when running image-update. I've had mixed results when trying to use to the Image Update GUI.
Tuesday Nov 09, 2010
By Brian Leonard on Nov 09, 2010
A who's who of Solaris engineers are presenting Solaris 11 Express today at the Oracle Solaris Summit. You can watch a high-definition live stream from the following URL:
If you're unable to watch the live event, it is being recorded and I'll post a link to that when it's available.
Details on the Oracle Solaris Summit
This FREE all-day event will take deep-dives into each of the major technologies in Oracle Solaris 11 Express that you'll need to understand to deploy Oracle Solaris 11 in the enterprise. Each discussion is led by a Solaris engineering or technical expert.
Tuesday, Nov 9, 2010 in Ballroom A4/A5, San Jose Convention Center. The summit starts at 9:00 AM Pacific Standard Time. You can see what time that is for you here.
\* 9:00 am - 9:30 am - Introduction to Oracle Solaris 11 Express, - Markus Flierl
\* 9:30 am - 11:00 am - Image Packaging System - Bart Smaalders
\* 11:00 am - 12:30 pm - Deploying Oracle Solaris 11 in the Enterprise -Dave Miner
\* 12:30 pm - 1:30 pm - LUNCH BREAK
\* 1:30 pm - 2:30 pm - Advances in Solaris Networking with Crossbow and Beyond - Nicolas Droux
\* 2:30 pm - 3:00 pm - Oracle Solaris Containers in Oracle Solaris 11 Express - Dan Price
\* 3:00 pm - 3:15 pm - BREAK
\* 3:15 pm - 4:15 pm - ZFS Features in Oracle Solaris Express - Cindy Swearingen
\* 4:15 pm - 4:45 pm - New Security Features in Oracle Solaris 11 Express - Glenn Faden
\* 4:45 pm - 5:30 pm - Deploying Applications Using SMF and Other Solaris 11 Features - Liane Praza
Wednesday Nov 03, 2010
By Brian Leonard on Nov 03, 2010
We like to tout the benefits of FMA a lot, but it's often hard to demonstrate because you don't want to go around destroying CPUs and memory modules just to see FMA in action. However, by creating a ZFS pool with files as disks, it's quite easy to demonstrate and that's exactly what Bob does in his blog ZFS and FMA - Two great tastes ......
Note, there's also an FMA Demo Kit that you can use to simulate faults to other hardware components, but I haven't played with that myself yet. Other resources I found helpful:
Friday Oct 15, 2010
By Brian Leonard on Oct 15, 2010
The question of how to associate a process id with a SMF service recently came across an internal alias and I thought it was worth sharing.
Take this generic looking Java process:
bleonard@opensolaris:/system$ ps -fp 949 UID PID PPID C STIME TTY TIME CMD root 949 947 0 Oct 11 ? 3:46 /usr/jdk/jdk1.6.0_13/bin/java -Xms4M -Xmx128M -Dcom.sun.management.jmxremote -D
If I'd like to trace back to which SMF service started this process, I start by getting the process' contract ID:
bleonard@opensolaris:/system$ ps -o ctid -p 949 CTID 59
I can then use the ctstat command to cross reference the contract ID to the SMF service:
bleonard@opensolaris:/system$ ctstat -vi 59 CTID ZONEID TYPE STATE HOLDER EVENTS QTIME NTIME 59 0 process owned 7 0 - - cookie: 0x20 informative event set: none critical event set: core signal hwerr empty fatal event set: none parameter set: inherit regent member processes: 947 949 inherited contracts: none service fmri: svc:/application/management/common-agent-container-1:default service fmri ctid: 59 creator: svc.startd aux: start
And just to go full circle:
bleonard@opensolaris:/system$ svcs -lp common-agent-container-1 fmri svc:/application/management/common-agent-container-1:default name Cacao, a common Java container for JDMK/JMX based management solution enabled true state online next_state none state_time Mon Oct 11 12:54:59 2010 logfile /var/svc/log/application-management-common-agent-container-1:default.log restarter svc:/system/svc/restarter:default contract_id 59 dependency require_all/none svc:/system/filesystem/local (online) dependency require_all/none svc:/network/initial (online) process 947 /usr/lib/cacao/lib/tools/launch -w /var/run/cacao/instances/default/run -L 1638 process 949 /usr/jdk/jdk1.6.0_13/bin/java -Xms4M -Xmx128M -Dcom.sun.management.jmxremote -D
For a nice little tutorial on contracts, check out this Contract Subsystem Lab.
Wednesday Oct 06, 2010
By Brian Leonard on Oct 06, 2010
When searching for an IPS package, I usually type something quick and simple like:
bleonard@opensolaris:~$ pkg search netbeans INDEX ACTION VALUE PACKAGE description set NetBeans pkg:/email@example.com description set NetBeans pkg:/firstname.lastname@example.org description set NetBeans pkg:/email@example.com ..
And scroll through the result list hoping to find what I'm looking for. However, in my example above, that's 437 lines!
bleonard@opensolaris:~$ pkg search netbeans | wc -l 437
Often times I'll shorten the list by grepping for my build:
bleonard@opensolaris:~$ pkg search netbeans | grep 111 description set NetBeans pkg:/firstname.lastname@example.org description set NetBeans pkg:/email@example.com description set NetBeans pkg:/firstname.lastname@example.org ...
Which reduces the list down to 134 for this example:
bleonard@opensolaris:~$ pkg search netbeans | grep 111 | wc -l 134
However, I generally tend to ignore the first two columns, INDEX and ACTION. Actions, in the case of IPS, are actually nouns and not verbs as the name would lead you to expect. Actions are the things that get installed (files, directories, links, drivers, licenses, users, groups, etc). Here's a nice description of the Actions in IPS.
When you perform a search, the search string is checked against all of these actions types, which as seen above, can produce a lot of results. For example, 5 of the 134 results above all refer to the same package, pkg:/email@example.com:
bleonard@opensolaris:~$ pkg search netbeans | grep 111 | grep pkg:/firstname.lastname@example.org basename dir opt/SunStudioExpress/prod/nb-dbxtool/ide10/docs/org/netbeans pkg:/email@example.com basename dir opt/netbeans-6.5ss/ide10/docs/org/netbeans pkg:/firstname.lastname@example.org basename file opt/SunStudioExpress/prod/nb-dbxtool/bin/netbeans pkg:/email@example.com basename file opt/netbeans-6.5ss/bin/netbeans pkg:/firstname.lastname@example.org basename link opt/SunStudioExpress/netbeans pkg:/email@example.com
That's because the search results are returning 3 directories, 2 files and 1 link, all in the same package, that contain the search string "netbeans".
If you just want to see a list packages that match the search string, use the -p option.
bleonard@opensolaris:~$ pkg search -p netbeans | grep 111 pkg:/firstname.lastname@example.org (opensolaris.org) pkg:/email@example.com (opensolaris.org) pkg:/firstname.lastname@example.org (opensolaris.org) ...
This returns a much more reasonable 60 results with just the package names, making the result list much more easier to read through. I wish -p was the default option, rather than the -a (which shows the matching actions).
Wednesday Sep 29, 2010
By Brian Leonard on Sep 29, 2010
I often use the ps -ef command when looking for a running process. However, sometimes I'm frustrated by the fact that ps truncates the the CMD output. As an example:
bleonard@opensolaris:~$ ps -ef | grep evolution-data bleonard 15803 1 0 Sep 27 ? 0:00 /usr/lib/evolution-data-server-1.2/evolution-data-server-2.24 --oaf-activate-i
I habitually use "ps auxww" (note no "-" - bsd ps doesn't require it, and that triggers the BSD mode of /usr/bin/ps), which is all processes (ax) in a "user" (u) format. No w option truncates each line at 80 characters, one w option truncates each line at 132 characters, and two w options doesn't truncate it at all.
So, for my example:
bleonard@opensolaris:~$ ps auxww | grep evolution-data bleonard 15803 0.0 0.22351610840 ? S Sep 27 0:00 /usr/lib/evolution-data-server-1.2/evolution-data-server-2.24 --oaf-activate-iid=OAFIID:GNOME_Evolution_DataServer_CalFactory:1.2 --oaf-ior-fd=28
Of course, as it was also pointed out, once you know the process id you can get the same argument information, in a more readable format using, the pargs command:
bleonard@opensolaris:~$ pargs 15803 15803: /usr/lib/evolution-data-server-1.2/evolution-data-server-2.24 --oaf-activate-ii argv: /usr/lib/evolution-data-server-1.2/evolution-data-server-2.24 argv: --oaf-activate-iid=OAFIID:GNOME_Evolution_DataServer_CalFactory:1.2 argv: --oaf-ior-fd=28
Or, in single line as pointed out in the comments below:
bleonard@opensolaris:~$ pgrep evolution-data | xargs pargs 15803: /usr/lib/evolution-data-server-1.2/evolution-data-server-2.24 --oaf-activate-ii argv: /usr/lib/evolution-data-server-1.2/evolution-data-server-2.24 argv: --oaf-activate-iid=OAFIID:GNOME_Evolution_DataServer_CalFactory:1.2 argv: --oaf-ior-fd=28
Tuesday Sep 28, 2010
Monday Sep 27, 2010
By Brian Leonard on Sep 27, 2010
Two years ago we started
shortly after the first release of OpenSolaris hit the streets. Since
then we've published over 200 entries to which we've received almost
1000 comments and we've consistently been a top 20 blog at
blogs.sun.com (or what we simply call bsc).
A couple of weeks back, John Fowler, EVP of Systems here at Oracle, delivered a strategy webcast where he outlined the future of Solaris. In that webcast, John finally announced what we've all been anticipating as we've watched the evolution of OpenSolaris - Solaris 11. And just last week at Oracle OpenWorld, Solaris 11 Express, which had only been a rumor up to this point, was finally officially announced.
To that extent, we also want to evolve The Observatory as we move forward with the future of Oracle Solaris. Therefore, we are making a slight adjustment to the tagline of this blog, moving from "A Closer Look at Using OpenSolaris" to "A Closer Look at Using Oracle Solaris", which will cover all Oracle Solaris technologies, including OpenSolaris (call me crazy like a fox, but I'm still running OpenSolaris 2009.06).
So, for the most part, the song remains the same, we just have an updated album cover.
Friday Aug 06, 2010
By Brian Leonard on Aug 06, 2010
Friday Jul 16, 2010
By Brian Leonard on Jul 16, 2010
For example, NetBeans is started with a bunch of arguments. Rather than hunting through the netbeans configuration files, I can locate netbeans' process id:
Then simply run:bleonard@opensolaris:~$ ps -ef | grep netbeans bleonard 5215 1 0 17:35:16 ? 0:00 /bin/bash /usr/netbeans/bin/../platform10/lib/nbexec --userdir /export/home/ble
bleonard@opensolaris:~$ pargs 5215 5215: /bin/bash /usr/netbeans/bin/../platform10/lib/nbexec --userdir /export/home/ble argv: /bin/bash argv: /usr/netbeans/bin/../platform10/lib/nbexec argv: --userdir argv: /export/home/bleonard/.netbeans/6.7 argv: --jdkhome argv: /usr/java argv: --branding argv: nb argv: --clusters argv: /usr/netbeans/nb6.7:/usr/netbeans/ergonomics1:/usr/netbeans/ide11:/usr/netbeans/java2:/usr/netbeans/bin/../xml2:/usr/netbeans/apisupport1:/usr/netbeans/webcommon1:/usr/netbeans/websvccommon1:/usr/netbeans/enterprise5:/usr/netbeans/bin/../mobility8:/usr/netbeans/profiler3:/usr/netbeans/ruby2:/usr/netbeans/bin/../python1:/usr/netbeans/php1:/usr/netbeans/bin/../visualweb2:/usr/netbeans/bin/../soa2:/usr/netbeans/identity2:/usr/netbeans/bin/../uml6:/usr/netbeans/harness:/usr/netbeans/cnd2:/usr/netbeans/dlight1:/usr/netbeans/groovy1:/usr/netbeans/bin/../extra:/usr/netbeans/bin/../javafx2: argv: -J-Dnetbeans.importclass=org.netbeans.upgrade.AutoUpgrade argv: -J-Dnetbeans.accept_license_class=org.netbeans.license.AcceptLicense argv: -J-Xmx512m argv: -J-client argv: -J-Xss2m argv: -J-Xms32m argv: -J-XX:PermSize=32m argv: -J-XX:MaxPermSize=200m argv: -J-Xverify:none argv: -J-Dapple.laf.useScreenMenuBar=true argv: -J-Dsun.java2d.noddraw=true
To see the environment variables available to a process, use the -e option. For example, here are some of the relevant variables used by sqlplus:
bleonard@opensolaris:~$ pargs -e `pgrep sqlplus` 7114: sqlplus envp: ORACLE_HOME=/export/home/bleonard/Download/instantclient_11_2 ... envp: LD_LIBRARY_PATH=/export/home/bleonard/Download/instantclient_11_2 ... envp: _=/export/home/bleonard/Download/instantclient_11_2/sqlplus
Thursday Jul 15, 2010
By Brian Leonard on Jul 15, 2010
Continuing on the thread of who logged in last, Richard Hamilton has provided a nice little C program to dump the contents of /var/adm/lastlog. Here's what he has to say about lastlog:
/var/adm/lastlog: this file is an array of fixed-sized binary records, containing a single timestamp (time of last login), the tty name, and for remote logins, the host name or IP (in text form, but only 16 characters long). The UID of the user is the record number. That means the file may appear gigantic, but it's actually sparse on disk, not nearly as large as it appears. But most copy/backup/archive utilities do not preserve sparseness, so they would produce a copy that was as large as it appeared.
I've attached the source for a program that will dump out this file in readable form. Remember, there's only one entry per UID, so it will show only the single most recent login time (even if they're logged in more than once at a time), and it does not show logouts. But with a fixed set of users, it doesn't grow, so people tend to leave it alone and not blow it away. In other words, it may not be all the information you want, but it's more likely to be there.
To build the program, you'll need a C compiler. If you don't already have one installed, there are several to choose from, but for this small C program I'm going with The GNU C compiler.
bleonard@os200906:~$ pfexec pkg install SUNWgcc DOWNLOAD PKGS FILES XFER (MB) Completed 4/4 2100/2100 30.26/30.26 PHASE ACTIONS Install Phase 2537/2537
Once SUNWgcc is installed, download lastlog.c and compile it as follows:
bleonard@os200906:~/Downloads$ gcc lastlog.c -o lastlog
Then run it to see the contents of /var/adm/lastlog:
bleonard@os200906:~/Downloads$ ./lastlog root console Fri Dec 5 18:47:28 2008 bleonard console Wed Jul 14 11:26:48 2010 karl pts/5 Thu Jul 15 11:12:57 2010 10.0.1.9
By Brian Leonard on Jul 15, 2010
Just a quick tip as this question came across the opensolaris-help forum - "How can I (as admin) find out when a certain user e.g. "karl" most recently logged in and most recently logged out of a system?"
The simple answer is last:
bleonard@opensolaris:~$ last karl karl pts/5 10.0.1.9 Thu Jul 15 11:12 still logged in karl sshd 10.0.1.9 Thu Jul 15 11:12 still logged in karl pts/5 opensolaris Thu Jul 15 11:11 - 11:12 (00:00) karl sshd opensolaris Thu Jul 15 11:11 - 11:12 (00:00)
Thursday Jun 24, 2010
By Brian Leonard on Jun 24, 2010
- Next OTN Virtual Sysadmin Day: January 28th, 2014
- Building a "developer cloud" with Oracle Solaris 11
- Security Experts Spill the Beans on Oracle Solaris 11.1
- Oracle Solaris 11.1: Compliance Reporting with SCAP
- Oracle Solaris 10 1/13: Improved Secure File Copy Performance
- Oracle Solaris 11 pkg fix
- Oracle Solaris 11.1
- Using Ops Center to Provision Solaris using a Card-Based NIC
- Oracle Solaris Live Chat This Wednesday (June 27, 8-11A PT)
- Liveinstall Solaris 11 from Solaris 10