Tuesday Sep 17, 2013

ZFS Storage at Oracle OpenWorld 2013

Join my colleagues and myself at this year's Oracle OpenWorld. I have a session, hands-on-lab, and demo being held in and around Moscone. These are all heavily focused on 12c and ZFS analytics.

HOL10103 - Managing ZFS Storage Inside Oracle Database 12c Environments 

September 23, (Monday) 10:45 AM - Marriott Marquis - Salon 10A
CON2846 - Oracle Use and Best Practices for High-Performance Cloud Storage 

September 23, (Monday) 12:15 PM - Westin San Francisco - Franciscan II
DEMO3619 - Maintaining the Performance of Your Cloud Infrastructure

Moscone South Lower Level, SC-152

Thursday Feb 21, 2013

Configuring a Basic LDAP Server + Client in Solaris 11

Configuring the Server
Solaris 11 ships with OpenLDAP to use as an LDAP server. To configure, you're going to need a simple slapd.conf file and an LDIF schema file to populate the database. First, let's look at the slapd.conf configuration:
# cat /etc/openldap/slapd.conf
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema

pidfile         /var/openldap/run/slapd.pid
argsfile        /var/openldap/run/slapd.args

database        bdb
suffix          "dc=buford,dc=hillvalley"
rootdn          "cn=admin,dc=buford,dc=hillvalley"
rootpw          secret
directory       /var/openldap/openldap-data
index           objectClass     eq
You may want to change the lines suffix and rootdn to better represent your network naming schema. My LDAP server's hostname is buford and domain name is hillvalley. You will need to add additional domain components (dc=) if the name is longer. This schema assumes the LDAP manager will be called admin. Its password is 'secret'. This is in clear-text just as an example, but you can generate a new one using slappasswd:
[paulie@buford ~]$ slappasswd
New password: 
Re-enter new password: 
{SSHA}MlyFaZxG6YIQ0d/Vw6fIGhAXZiaogk0G
Replace 'secret' with the entire hash, {SSHA}MlyFaZxG6YIQ0d/Vw6fIGhAXZiaogk0G, for the rootpw line. Now, let's create a basic schema for my network.
# cat /etc/openldap/schema/hillvalley.ldif
dn: dc=buford,dc=hillvalley
objectClass: dcObject
objectClass: organization
o: bufford.hillvalley
dc: buford

dn: ou=groups,dc=buford,dc=hillvalley
objectCLass: top
objectClass: organizationalunit
ou: groups

dn: ou=users,dc=buford,dc=hillvalley
objectClass: top
objectClass: organizationalunit
ou: users

dn: cn=world,ou=groups,dc=buford,dc=hillvalley
objectClass: top
objectClass: posixGroup
cn: world
gidNumber: 1001

dn: uid=paulie,ou=users,dc=buford,dc=hillvalley
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: Paul Johnson
uid: paulie
uidNumber: 1001
gidNumber: 1001
homeDirectory: /paulie/
loginShell: /usr/bin/bash
userPassword: secret
I've created a single group, world, and a single user, paulie. Both share the uid and gid of 1001. LDAP supports lots of additional variables for configuring a user and group account, but I've kept it basic in this example. Once again, be sure to change the domain components to match your network. Feel free to also change the user and group details. I've left the userPassword field in clear-text as 'secret'. The same slappasswd method above applies here as well. It's time to turn on the server, but first, let's change some ownership permissions:
[paulie@buford ~]$ sudo chown -R openldap:openldap /var/openldap/
... and now ...
[paulie@buford ~]$ sudo svcadm enable ldap/server
Check that it worked:
[paulie@buford ~]$ svcs | grep ldap
online         12:13:49 svc:/network/ldap/server:openldap_24
Neat, now let's add our schema file to the database:
[paulie@buford ~]$ ldapadd -D "cn=admin,dc=buford,dc=hillvalley" -f /etc/openldap/schema/hillvalley.ldif
Enter bind password: 
adding new entry dc=buford,dc=hillvalley
adding new entry ou=groups,dc=buford,dc=hillvalley
adding new entry ou=users,dc=buford,dc=hillvalley
adding new entry cn=world,ou=groups,dc=buford,dc=hillvalley
adding new entry uid=paulie,ou=users,dc=buford,dc=hillvalley
That's it! Our LDAP server is up, populated, and ready to authenticate against.

Configuring the Client
I'm going to turn my example server, buford.hillvalley, into an LDAP client as well. To do this, we need to run the `ldapclient` command to map our new user and group data:
[paulie@buford ~]$ ldapclient manual \
-a credentialLevel=proxy \
-a authenticationMethod=simple \
-a defaultSearchBase=dc=buford,dc=hillvalley \
-a domainName=buford.hillvalley \
-a defaultServerList=192.168.1.103 \
-a proxyDN=cn=admin,dc=buford,dc=hillvalley \
-a proxyPassword=secret \
-a attributeMap=group:gidnumber=gidNumber \
-a attributeMap=passwd:gidnumber=gidNumber \
-a attributeMap=passwd:uidnumber=uidNumber \
-a attributeMap=passwd:homedirectory=homeDirectory \
-a attributeMap=passwd:loginshell=loginShell \
-a attributeMap=shadow:userpassword=userPassword \
-a objectClassMap=group:posixGroup=posixgroup \
-a objectClassMap=passwd:posixAccount=posixaccount \
-a objectClassMap=shadow:shadowAccount=posixaccount \
-a serviceSearchDescriptor=passwd:ou=users,dc=buford,dc=hillvalley \
-a serviceSearchDescriptor=group:ou=groups,dc=buford,dc=hillvalley \
-a serviceSearchDescriptor=shadow:ou=users,dc=buford,dc=hillvalley
As usual, change the host and domain names as well as the IP address held in defaultServerList and the proxyPassword. The command should respond back that the system was configured properly, however, additional changes will need to be made if you use DNS for hostname lookups (most people use DNS, so run these commands).
svccfg -s name-service/switch setprop config/host = astring: \"files dns ldap\"
svccfg -s name-service/switch:default refresh
svcadm restart name-service/cache
Now, we need to change how users login so that the client knows that there is an extra LDAP server to authenticate against. This should not lockout local worries. Examine the two files /etc/pam.d/login and /etc/pam.d/other. Change any instance of
auth required            pam_unix_auth.so.1
to
auth binding            pam_unix_auth.so.1 server_policy
After this line, add the following new line:
auth required           pam_ldap.so.1
That's it! Finally, reboot your system and see if you can login with your newly created user.

Update: Glenn Faden wrote an excellent guide to configuring OpenLDAP using the native Solaris user/group/role management system.

Monday Sep 24, 2012

ZFS Storage at Oracle OpenWorld 2012

Join my colleagues and myself at this year's Oracle OpenWorld. We'll be hosting a hands-on lab, demonstrating the ZFS Storage Appliance and its analytics features.

HOL10034 - Managing Storage in the Cloud 

October 1st (Monday) 3:15 PM - Marriott Marquis - Salon 14/15
October 2nd (Tuesday) 5:00 PM - Marriott Marquis - Salon 14/15

Wednesday Jun 09, 2010

"Cannot open device" Error

On occasion if you are trying to fdisk or mount a USB disk on Solaris 10 you may get an error that says "Cannot open device." For example:
# fdisk /dev/rdsk/c2t0d0s2
Cannot open device
Things to check:
  • 1. Make sure you are root or have the correct user privilege
  • 2. Try `devfsadm -Cv` to remove any stale disk entries
  • 3. Stop volume management `svcadm disable volfs`

Wednesday Apr 28, 2010

Packages Renamed in OpenSolaris

If you have been using the package management system in the newest builds of OpenSolaris (b133+), you may have noticed the naming scheme changes that affect new and existing packages. [Full list of changes]

For example, trying to find the usb header file package is a bit trickier. These files, namely usba.h, usbai.h, and usbdevs.h, are not installed into /usr/include/sys/usb in the default installation. To retrieve them, use this command:

$ pfexec pkg install header-usb

In previous version, these files could have been obtained from either SUNWusbu or SUNWsfwhea. The removal of the SUNW prefix is the most apparent name change for the package collection. Now you can get busy building the latest apcupsd version!

Wednesday Feb 03, 2010

Compiling libupnp on Solaris

libupnp 1.6.6 is a little tricky to compile on Solaris. After downloading the source from Source Forge, you will want to extract the bzip2 and cd to the libupnp-1.6.6 directory, then do the following.
vi upnp/src/api/upnpapi.c
On line 59, there is a bug. Change
#if defined(_sun)
to
#if defined(__sun)
The change is adding an extra underscore. Otherwise sockio.h will not be recognized properly and you will get some missing networking variables when you try to build. After that is taken care of...
$ ./configure CFLAGS="-DSPARC_SOLARIS" --disable-samples
$ gmake
# gmake install

Thursday Jan 21, 2010

OpenSolaris + Fit-PC2 + Mediasonic Pro Box 4 Bay Enclosure

After the failure of the SATA and USB ports on my Intel D945GCL Atom board, I decided to build out a new file server. Sticking to the Atom theme, I decided to go small and get the CompuLab FIT-PC2. This little toy uses the Z530 1.6Ghz CPU that apparently uses only 6 watts of power. I'm assuming that means *without* a hard drive installed.


Measuring in at around 115 x 101 x 27mm (~ 4.5"x4.0"x1.0"), it is only big enough to hold one laptop sized 2.5" SATA drive.


The drive I installed only has 80GB of space. That would run out real quick with my needs, so I decided to get a MediaSonic USB disk enclosure to link up with my server. It can hold up to 4 SATA drives.


The PC sits on top of the enclosure on my bookshelf taking up 8.5" x 5.0" x 6.5" amount of space. This is not only power efficient, but space efficient since I am using 4 x 1TB drives. 4TB total (theoretical), ~2.6TB in a ZFS raidz. If I were to have purchased the 2TB drives, it would be even better.

Doug's blog on the FIT-PC2 gives a good overview on the features of the device and what works. There is no wifi driver and Xorg doesn't work, so you may want to install OpenSolaris on another machine before installing the internal HDD. My server is headless and uses the built-in gigabit ethernet, so I don't care about those issues.


Links and prices Total = $748

Wednesday Dec 09, 2009

Can't use NumPad in OpenSolaris?

Today I thought I broke the numpad on my keyboard; none of then numbers were working. Switching on and off the Num Lock key didn't work. However, anytime I hit a number and held the key down, the mouse cursor would move across the screen. By some sort of black magic, I found a secret keyboard combo to turn on Mouse control via keypad.

Solution to turn it off
System ⇾ Preferences ⇾ Assistive Technologies ⇾ Keyboard Accessibility ⇾ Mouse Keys

Uncheck 'Pointer can be controlled using the keypad'
I must admit, however, this can be a handy feature when working with a mouse-less machine.

Wednesday Nov 25, 2009

Latex for OpenSolaris

Ever wanted to experiment with latex to write a paper or redesign your resume, but unsure how to install a latex package or compose a latex document? I'll try to explain it simply using OpenSolaris.

Install Latex

d its dependencies from our friends at sunfreeware.com
cd /tmp
wget ftp://ftp.sunfreeware.com/pub/freeware/intel/10/libgcc-3.3-sol10-intel-local.gz
wget ftp://ftp.sunfreeware.com/pub/freeware/intel/10/libiconv-1.11-sol10-x86-local.gz
wget ftp://ftp.sunfreeware.com/pub/freeware/intel/10/ncurses-5.6-sol10-x86-local.gz
wget ftp://ftp.sunfreeware.com/pub/freeware/intel/10/tetex-3.0-sol10-x86-local.gz
gzip -d \*.gz
  • Install the packages
  • pfexec pkgadd -d libgcc-3.3-sol10-intel-local
    pfexec pkgadd -d ncurses-5.6-sol10-x86-local
    pfexec pkgadd -d libiconv-1.11-sol10-x86-local
    pfexec pkgadd -d tetex-3.0-sol10-x86-local
    

    Play with Latex
    For my simple uses of latex, I use two binaries to compose my documents: latex and dvipdf. Latex requires a tex file to generate a document. For this example, I will use my favorite resume template created by David Grant.
    cd /tmp
    wget http://www.davidgrant.ca/sites/www.davidgrant.ca/files/resume.tex.txt
    wget http://www.davidgrant.ca/sites/www.davidgrant.ca/files/shading.sty.txt
    mv resume.tex.txt resume.tex
    mv shading.sty.txt shading.sty
    
    Now, let's use the binaries I mentioned earlier to create a pdf file.
    /usr/local/teTeX/bin/i386-pc-solaris2.10/latex resume.tex
    /usr/local/teTeX/bin/i386-pc-solaris2.10/dvipdft resume.dvi
    
    You should find a pdf file in /tmp called resume.pdf. View it with acroread or evince to get an idea of how awesome latex is. I won't go into too much detail on how to create the resume.tex file, but viewing and editing it will you give you a good understanding on its syntax. This is David's resume that is generated: http://www.davidgrant.ca/sites/www.davidgrant.ca/files/resume.pdf.

    Tuesday Sep 29, 2009

    Compiling Alpine on OpenSolaris 2009.06

    For Alpine 2.00, the configure file looks around in the wrong directories for the OpenSSL header files.
    ...
        \*-\*-solaris\*)
          if test -d /usr/sfw/include/openssl ; then
            alpine_SSLDIR="/usr/sfw"
          elif test -d /opt/csw/include/openssl ; then
            alpine_SSLDIR="/opt/csw"
            if test -d /opt/csw/ssl/certs ; then
              alpine_SSLCERTS="/opt/csw/ssl/certs"
            fi
          fi
    ...
    
    Unfortunately, configure never looks for the new location: /usr/include/openssl. Thankfully, there is an easy fix:
    ./configure --with-ssl-include-dir=/usr/include/openssl
    

    Thursday Dec 18, 2008

    OpenSolaris Installation Checklist

    When I reinstall OpenSolaris, I have a small checklist of things I execute to create a familiar environment between my systems. This might be helpful to others.


  • Allow NIS user (really any user) access to the root role (lets them access packagemanager)
  • # vi /etc/user_attr
    Append to end of file:
    USERNAME::::profiles=Primary Administrator;roles=root
    

  • Enable NTP
  • # vi /etc/inet/ntp.conf
    
    server 0.pool.ntp.org
    server 1.pool.ntp.org
    server 2.pool.ntp.org
    
    # svcadm enable ntp
    # svcadm restart ntp
    

  • Install OpenOffice
  • # pkg install openoffice
    

  • Install gconf-editor
  • # pkg install SUNWgnome-config-editor
    

  • Disable Audible Alert Sound
  • I hate the audible alert sound. If you wear headphones while you're computin' and use tab-completion excessively on your shell or have a mail client that beeps on every new message, you know what I'm talking about.
    However, when I click on System->Preferences->Sound, the Play Alert Sound option is grayed out. Here is the solution:
    $ gconf-editor
    /apps/metacity/general/ and decheck audible bell
    

  • Allow root user to login directly
  • Don't do this.
    # rolemod -K type=normal root
    
    About

    Hiya, my name is Paul Johnson and I'm a software engineer working on the ZFS storage appliance .

    Search

    Categories
    Archives
    « April 2014
    SunMonTueWedThuFriSat
      
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
       
           
    Today