Thursday Oct 18, 2007

Enable Network Services on Nevada

Some network services (sendmail, ftpd, etc) are disabled or restricted to local only on a newly installed Nevada box. We need to modify or enable them through SMF(5).

  • Enable sendmail
    # svccfg -s svc:/network/smtp:sendmail setprop config/local_only=false
    # svcadm restart svc:/network/smtp:sendmail
     
  • Enable ftpd
    # inetadm -e svc:/network/ftp:default
     
  • Enable nfs.server (this is actually enabled by default, but can be disabled by 'netservices limited')
    #### list all nfs services
    # svcs -p |grep nfs

    # svcadm disable svc:/network/nfs/server:default
    # svcadm enable svc:/network/nfs/server:default
    #


References

Tuesday Jul 10, 2007

Install MySQL + Tomcat on Solaris

The default MySQL (4.0.24) shipped in Solaris Nevada (build 59) doesn't support UTF-8 encoding. Following are the steps to install a new MySQL on Solaris environment.

  1. download latest pkgs from www.sunfreeware.com
    mysql-5.0.41-sol10-sparc-local.gz
    openssl-0.9.8e-sol10-sparc-local.gz
    libgcc-3.4.6-sol10-sparc-local.gz

  2. with root privilege, pkgadd all pkgs

  3. setup environment for mysql
    # groupadd mysql
    # useradd -g mysql mysql
    # cd /usr/local/mysql
    # chown -R mysql .
    # chgrp -R mysql .
    # bin/mysql_install_db --user=mysql
    # bin/mysqld_safe --user=mysql &

  4. create root passwd (optional), add new account 'mysql'
    # bin/mysql mysql
    > UPDATE user SET password=password("newpasswd") WHERE user="root";
    > GRANT ALL PRIVILEGES ON \*.\* TO 'mysql'@'localhost'
        > IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
    > GRANT ALL PRIVILEGES ON \*.\* TO 'mysql'@'%'
        > IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
    > exit
    # pkill -9 mysql
    # bin/mysqld_safe --user=mysql &

  5. Import database from backup
    create backup in source mysql env
    # mysqldump -u mysql -p --opt lunch > lunch.sql

    import backup into new mysql env
    # mysql -u mysql -p
    > create database lunch;
    > exit

    # mysql -u mysql -p < lunch.sql


Here are the steps to install and deploy Tomcat.
 

  1. download latest version of tomcat binaries from tomcat.apache.org
    http://archive.apache.org/dist/tomcat/tomcat-5/v5.5.23/bin/apache-tomcat-5.5.23.tar.gz

  2. install
    # cd /usr/local
    # gunzip < [path]/apache-tomcat-5.5.23.tar.gz | tar xvf -
    # ln -s apache-tomcat-5.5.23 tomcat

  3. install jdbc mysql connector
    # cp [path]/mysql-connector-java-5.0.3-bin.jar /usr/local/tomcat/common/lib

  4. start
    # export JAVA_HOME=/usr/java
    # /usr/local/tomcat/bin/startup.sh

 


 

Add MySQL and Tomcat in the startup scripts of apache2:

 

  1. append following lines in /usr/apache2/bin/envvars

    MYSQL=/usr/local/mysql/bin/mysqld_safe
    [ -x $MYSQL ] && $MYSQL --user=mysql &

    TOMCAT=/usr/local/tomcat/bin/startup.sh
    [ -x $TOMCAT ] && $TOMCAT

Saturday Apr 28, 2007

Enable push notification on Mercurial repository

OS: Solaris Nevada (build 59, sparc)
Mercurial: 0.9.3

Due to the lack of 'diffstat' tool on Solaris, the notification extension (hgext.notify) doesn't work well on Solaris. After several trying, I finally made it work.

Here is the setup steps:

 

  1. vi .hg/hgrc

    [web]
    contact = {your name}
    description = Docking Workspace for Solaris WOS, SunSolve (Patch) and JES
    style = gitweb
    allow_archive = gz zip bz2

    [extensions]
    hgext.patchbomb =
    hgext.notify =

    [hooks]
    # send one email per change
    #incoming.notify = python:hgext.notify.hook
    # send one email per group of changes
    changegroup.notify = python:hgext.notify.hook

    [email]
    from = svnroot@agc163.prc.sun.com
    method = /usr/sbin/sendmail

    [web]
    baseurl = http://agc163.prc.sun.com/hg/

    [notify]
    # multiple sources can be specified as a whitespace separated list
    sources = serve push pull bundle
    # set this to False when you're ready for mail to start sending
    test = false
    config =
    # repos live in /workspace/scm/hg/hgroot on server, so strip 5 "/" chars
    strip = 5

    # you can override the changeset template here, if you want.
    # If it doesn't start with \\n it may confuse the email parser.
    # here's an example that makes the changeset template look more like hg log:
    template = \\ndetails:   {baseurl}{webroot}/rev/{node|short}\\nchangeset: {rev}:{node|short}\\nuser:      {author}\\ndate:      {date|date}\\ndescription:\\n{desc}\\n

    [reposubs]
    # key is glob pattern, value is comma-separated list of subscriber emails
    \* = {email address}

  2. When tried to push back, it failed

    [gbuild@agc141 s11]$ hg push
    Enter passphrase for key '/export/home/gbuild/.ssh/id_dsa':
    pushing to ssh://hgroot@agc163.prc.sun.com/docking
    searching for changes
    remote: adding changesets
    remote: adding manifests
    remote: adding file changes
    remote: added 1 changesets with 76 changes to 76 files
    remote: /bin/sh: diffstat: not found
    remote: error: changegroup.notify hook raised an exception: [Errno 32] Broken pipe
    [gbuild@agc141 s11]$

  3. After searching on Internet, I found the patch for Solaris

    http://www.selenic.com/mercurial/bts/file270/diffstat.patch

    diff -r 730cbd26552c -r 79639a44dd23 mercurial/patch.py
    --- a/mercurial/patch.py Wed Apr 04 02:28:29 2007 -0300
    +++ b/mercurial/patch.py Wed Apr 04 03:09:26 2007 -0300
    @@ -635,6 +635,8 @@ def export(repo, revs, template='hg-%h.p
    single(rev, seqno+1, fp)

    def diffstat(patchlines):
    + if not util.find_in_path('diffstat', os.environ.get('PATH', '')):
    + return
    fd, name = tempfile.mkstemp(prefix="hg-patchbomb-", suffix=".txt")
    try:
    p = popen2.Popen3('diffstat -p1 -w79 2>/dev/null > ' + name)
  4. But it still failed when push back

    [gbuild@agc141 s10u3]$ hg --traceback push
    Enter passphrase for key '/export/home/gbuild/.ssh/id_dsa':
    pushing to ssh://hgroot@agc163.prc.sun.com/docking
    searching for changes
    remote: adding changesets
    remote: adding manifests
    remote: adding file changes
    remote: added 1 changesets with 8 changes to 8 files
    remote: # /usr/lib/python2.4/vendor-packages/mercurial/patch.pyc has bad mtime 1177746898 vs 1172046709
    remote: error: changegroup.notify hook raised an exception: cannot concatenate 'str' and 'NoneType' objects
    [gbuild@agc141 s10u3]$

  5. After rename /usr/lib/python2.4/vendor-packages/mercurial/patch.pyc, the error still existed.
  6. I finally found following patch after several trying:

    --- /usr/lib/python2.4/vendor-packages/mercurial/patch.py.old   Sat Apr 28 19:02:05 2007
    +++ /usr/lib/python2.4/vendor-packages/mercurial/patch.py       Sat Apr 28 16:29:14 2007
    @@ -659,6 +659,8 @@
             single(repo.lookup(rev), seqno+1, fp)
     
     def diffstat(patchlines):
    +    if not util.find_in_path('diffstat', os.environ.get('PATH', '')):
    +        return ""
         fd, name = tempfile.mkstemp(prefix="hg-patchbomb-", suffix=".txt")
         try:
             p = popen2.Popen3('diffstat -p1 -w79 2>/dev/null > ' + name)



 

Monday Apr 09, 2007

access Mercurial over ssh tunnel

Accessing Mercurial through http/apache is handy, but it requests the workspace is owned by the same user with httpd (webservd:webservd on solaris). So accessing Mercurial over ssh tunnel is a better choice (this is also the way http://www.opensolaris.org/ chose).

Client side:

  1. $ ssh-keygen -b 1024 -t dsa
    [ create id_dsa.pub for server side ]
  2. $ cat <<EOF > $HOME/.hgrc
    [ui]
    username = User Name <user.name@example.com>

 
Server side:

  1. $ cat <<EOF > $HOME/.ssh/authorized_keys

    command="cd /workspace/scm/hg/hgroot; /usr/demo/mercurial/hg-ssh g11n",\\ no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-[type] [key] 

    EOF

 

Client side:

  1. $ hg clone ssh://agc163.prc.sun.com/g11n
  2. [play with it]
  3. $ hg ci
  4. $ hg push

Setup Mercurial on Solaris Nevada build 59

Solaris Nevada build 59 shipped with Mercurial 0.9.3:

 $ hg --version
Mercurial Distributed SCM (version 0.9.3)

Setup Mercurial server on it is pretty easy.

  1. $ mkdir -p /workspace/scm/hg/hgroot/g11n
  2. $ cd /workspace/scm/hg/hgroot/g11n
  3. $ hg init
  4. $ cat <<EOF > .hg/hgrc
    [web]
    contact = Simford Dong
    description = G11N Internal CWS

    style = gitweb
    allow_archive = gz zip bz2
    allow_push = \*

  5. $ cp /usr/demo/mercurial/hgwebdir.cgi /workspace/scm/hg/hgroot
  6. $ chmod a+x /workspace/scm/hg/hgroot/hgwebdir.cgi
  7. $ cat <<EOF > /workspace/scm/hg/hgroot/hgweb.config
    [paths]
    g11n = g11n
  8. Append following lines into  /etc/apache2/httpd.conf
    ScriptAliasMatch  \^/hg(.\*)  /workspace/scm/hg/hgroot/hgwebdir.cgi$1
    <Directory "/workspace/scm/hg/hgroot">
        Order allow,deny
        Allow from all
        AllowOverride All
        Options ExecCGI
        AddHandler cgi-script .cgi

        <Limit POST>
        AuthType Basic
        AuthName "Mercurial Repository"
        AuthUserFile /workspace/scm/hg/auth/hgpasswd
        Require valid-user
        </Limit>
    </Directory>
  9. # svcadm refresh svc:/network/http:apache2
  10. # chown -R webservd:webservd /workspace/scm/hg/hgroot/g11n

  11. Done.


NOTE: following part will enable push back over http, if you don't like this feature, you can skip them.
             - 'allow_push = \*' part of step 4
             - '<Limit POST> ... </Limit>' part of step 8
             - step 10
 


Sunday Apr 08, 2007

Setup CVS server on Solaris Nevada build 59

Do following as root privilege.

  1. Download cvs pkg from sunfreeware.com, and install it
    http://www.sunfreeware.com/programlistsparc10.html#cvs
  2. # vi /etc/services
    append one new line: cvspserver      2401/tcp      # CVS pserver daemon
  3. # vi /etc/inetd.conf
    append one new line: cvspserver  stream  tcp  nowait  root /workspace/scm/cvs/bin/cvs.inetd
  4. # cat <<EOF >/workspace/scm/cvs/bin/cvs.inetdcvs.inetd
    > #!/bin/bash
    >
    > REPOS="--allow-root=/workspace/scm/cvs/cvsroot/test"
    >
    > /workspace/scm/cvs/bin/cvs -f $REPOS pserver
    > EOF
  5. # chmod a+x /workspace/scm/cvs/bin/cvs.inetdcvs.inetd
  6. # mkdir -p /workspace/scm/cvs/cvsroot/test
  7. # cvs -d /workspace/scm/cvs/cvsroot/test init
  8. # reboot

  9. Done.

 

It seems that this is bug that we need to reboot the OS to make cvs server work.
Believe me, I tried many ways to avoid this but failed

 

  1. # svcs -p |grep inetd
    online         Apr_06   svc:/network/inetd:default
  2. # svcs restart svc:/network/inetd:default
  3. # inetadm | grep cvs
  4. [no out put, failed #1]

  5. # init S
  6. # init 3
  7. # inetadm | grep cvs
  8. [no out put, failed #2]

  9. # reboot
  10. # inetadm | grep cvs
    enabled   online         svc:/network/cvspserver/tcp:default
  11. [works now :( ]


Thursday Apr 05, 2007

Steps to setup SVN over http on Nevada build 59

Do following in root privilege.

  1. # ## install svn pkg from Solaris build 61
  2. # ## if you're using snv_61 or later, skip this step
  3. # ## svn version 1.4.0 (r21228)
  4. # pkgadd -d . SUNWneon SUNWsvn SUNWsvnS
  5. #
  6. # cd /etc/apache2
  7. # cp httpd.conf-example httpd.conf
  8. # vi httpd.conf
  9. add two lines in LoadModule session
    1. LoadModule dav_svn_module libexec/mod_dav_svn.so
      LoadModule authz_svn_module libexec/mod_authz_svn.so
  10. add follow at the end of httpd.conf
    1. RedirectMatch \^(/svn)$ $1/
      <IfModule dav_svn_module>
          <Location /svn/>
              DAV svn
              SVNParentPath /workspace/scm/svn/svnroot
              SVNListParentPath on
              SVNIndexXSLT "/svnindex.xsl"
              AuthType Basic
              AuthName "Subversion Repository"
              AuthUserFile /workspace/scm/svn/auth/svn_passwd

              <IfModule authz_svn_module>
                  AuthzSVNAccessFile /workspace/scm/svn/auth/svn_access.conf
              </IFModule>

              # For any operations other than these, require an authenticated user.
              <LimitExcept GET PROPFIND OPTIONS REPORT>
                  Require valid-user
              </LimitExcept>
          </Location>
      </IfModule>
  11. #
  12. # cp /usr/share/src/subversion/tools/xslt/svnindex.xsl /var/apache2/htdocs/
  13. # cp /usr/share/src/subversion/tools/xslt/svnindex.css /var/apache2/htdocs/
  14. # cp /usr/share/src/subversion/www/favicon.ico /var/apache2/htdocs/
  15. # /usr/apache2/bin/htpasswd -cm /workspace/scm/svn/auth/svn_passwd [username]
    New password:
    Re-type new password:
    Adding password for user [username]
  16. # cat <<EOF > /workspace/scm/svn/auth/svn_access.conf
    > [groups]
    > g1 = [username]
    >
    > [/]
    > \* = r
    >
    > [test:/]
    > @g1 = rw
    >
    > EOF
  17. #
  18. # cd /workspace/scm/svn/svnroot
  19. # svnadmin create test
  20. #
  21. # svcs -a |grep apache2
    disabled       12:36:52 svc:/network/http:apache2
  22. # svcadm enable svc:/network/http:apache2
  23. #

    That's it! You should be able to browse the svn tree from:

    http://www.example.com/svn/

    Or check out source tree by:

    $ svn co http://www.example.com/svn/test

  24. $ ##
  25. $ ## to create notifications for commit
  26. $ ## as normal user privilege
  27. $ ##
  28. $ cd /workspace/scm/svn/svnroot/test/hooks
  29. $ cp /usr/share/src/subversion/tools/hook-scripts/commit-email.pl.in commit-email.pl
  30. $ vi commit-email.pl
    replace "@SVN_BINDIR@/svnlook" with "/usr/bin/svnlook" in line 54
  31. $ cp post-commit.tmpl post-commit
  32. $ vi post-commit
    add full path to commit-email.pl, replace the email address with the real one,
    add '-s "test project"' before email address,
    comment out line 'log-commit.py ...'
  33. $





 

Thursday Mar 29, 2007

Create RAID1 on Solaris Nevada build 59

My v240 server has 4 disks: 73G x 2, 140G x2. So I decided to create RAID1 to keep my data safer.

I used following partition layout to install Solaris Nevada build 59:

  • /c1t0d0s0   /           30G
  • /c1t0d0s1   swap        2G
  • /c1t0d0s6               100M
  • /c1t0d0s7   /export     38G
  • /c1t2d0s6               100M
  • /c1t2d0s7   /workspace  140G

Steps to create RAID1 for all partitions (as root account):

  1. prtvtoc /dev/rdsk/c1t0d0s2 | fmthard -s - /dev/rdsk/c1t1d0s2
  2. metadb -afc 2 c1t0d0s6 c1t1d0s6

  3. metainit -f d10 1 1 c1t0d0s0
  4. metainit -f d20 1 1 c1t1d0s0
  5. metainit d0 -m d10
  6. metaroot d0

  7. metainit -f d11 1 1 c1t0d0s1
  8. metainit -f d21 1 1 c1t1d0s1
  9. metainit d1 -m d11

  10. metainit -f d17 1 1 c1t0d0s7
  11. metainit -f d27 1 1 c1t1d0s7
  12. metainit d7 -m d17

  13. prtvtoc /dev/rdsk/c1t2d0s2 | fmthard -s - /dev/rdsk/c1t3d0s2
  14. metadb -afc 2 c1t2d0s6 c1t3d0s6

  15. metainit -f d18 1 1 c1t2d0s7
  16. metainit -f d28 1 1 c1t3d0s7
  17. metainit d8 -m d18

Change /etc/vsftab from:

/dev/dsk/c1t0d0s1       -       -       swap    -       no      -
/dev/dsk/c1t0d0s0       /dev/rdsk/c1t0d0s0      /       ufs     1       no      -
/dev/dsk/c1t0d0s7       /dev/rdsk/c1t0d0s7      /export ufs     2       yes     -
/dev/dsk/c1t2d0s7       /dev/rdsk/c1t2d0s7      /workspace      ufs     2       yes     -

 

to

 

/dev/md/dsk/d1  -       -       swap    -       no      -
/dev/md/dsk/d0  /dev/md/rdsk/d0 /       ufs     1       no      -
/dev/md/dsk/d7  /dev/md/rdsk/d7 /export ufs     2       yes     -
/dev/md/dsk/d8  /dev/md/rdsk/d8 /workspace      ufs     2       yes     -

 

24. lockfs -fa

25. reboot

 

After reboot, 

  1. metattach d0 d20
  2. metattach d1 d21
  3. metattach d7 d27
  4. metattach d8 d28

  5. metastat  ## check the status of all mirrors

  6. installboot /usr/platform/`uname -i`/lib/fs/ufs/bootblk /dev/rdsk/c1t1d0s0  ## install bootblk to c1t1d0s0

  7. ls -l /dev/dsk/c1t0d0s0   ## get the symbol link
  8. lrwxrwxrwx   1 root     root          43 Mar 29 21:32 /dev/dsk/c1t0d0s0 -> ../../devices/pci@1c,600000/scsi@2/sd@0,0:a

  9. init 0
  10. ok> devalias   ## check device

rootmirror               /pci@1c,600000/scsi@2/disk@1,0
rootdisk                 /pci@1c,600000/scsi@2/disk@0,0

 16. ok> boot rootmirror   ## test bootblk in mirror partition

If everything is okey, then that's it.

 

 


send out from ALOM to v240

Today I tried to setup raid1 for my v240 server, but failed. The whole system hung after 'Hardware watchdog enabled'. SysAdmin told me that v240 have ALOM port. So I think it might help. After google'ed for a while I got following simple answer.

  1. telnet to ALOM, login with 'admin' account
  2. <sc> break
  3. answer yes when prompt
  4. <sc> console
  5. <ok> boot net
Then I can reboot and re-install the system.

 

Monday Nov 27, 2006

access Mercurial workspace through ssh tunnel

It's quite easy to setup ssh tunnel for Mercurial workspace:

$ mkdir -p .ssh

$ cat <<EOF > .ssh/authorized_keys

command="/usr/demo/mercurial/hg-ssh /export/scm/hgroot/repos/g11n-cws",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-[type] [key] 

EOF

 

Please be sure to put above contents into one line (though very long).

More details can be found at selenic.com

Wednesday Oct 18, 2006

Tried to enable hg push over http, but failed

For a centralized workspace with multiple committers, it's important to make sure the write access to the workspace works fine. At the beginning we try to use push back over http, described in selenic.com.
- create .htaccess
- create htpasswd
- put 'allow_push = \*' in .hg/hgrc
- put 'push_ssl = false' in .hg/hgrc
...

But it just don't work.
:(

I found the same problem as Georg encountered:
http://marc.theaimsgroup.com/?l=mercurial&m=115438570707603&w=2

Any one who has the workaround for it please feel free to let me know.
:)

Setup centralized Mercurial (hg) workspace with http support

The server hosting the centralized workspace is Solaris Nevada snv_45 SPARC.
  • enable apache2 server in Nevada:

-bash-3.00# cd /etc/apache2
-bash-3.00# cp httpd.conf-example httpd.conf

Add following settings in /etc/apache2/httpd.conf:

Alias /hg /var/apache2/cgi-hg
<Directory "/var/apache2/cgi-hg">
    DirectoryIndex index.cgi
    AddHandler cgi-script .cgi
    Options ExecCGI
    Order allow,deny
    Allow from all
</Directory>

-bash-3.00# svcs -a |grep apache2
online          9:41:50 svc:/network/http:apache2
-bash-3.00# svcadm enable svc:/network/http:apache2
-bash-3.00#

  • create an account hg, with home at /export/home/hg, as user hg
[hg@agc108 ~]$ mkdir hgroot
[hg@agc108 ~]$ cd hgroot
[hg@agc108 ~]$ hg init g11n
[hg@agc108 ~]$ cd g11n
[hg@agc108 ~]$ chmod g+w .hg .hg/\*
[hg@agc108 ~]$ chmod g+s .hg .hg/data
[hg@agc108 ~]$ cat << EOF > .hg/hgrc
[web]
contact = Simford Dong
description = G11N Common Workspace (g11n-cws)
style = gitweb
allow_archive = gz zip bz2

[hooks]
commmit = /net/agc108.prc.sun.com/export/home/hg/bin/commithook.sh
incoming = /net/agc108.prc.sun.com/export/home/hg/bin/commithook.sh
EOF
[hg@agc108 ~]$ cat <<EOF > /net/agc108.prc.sun.com/export/home/hg/bin/commithook.sh
#!/bin/sh

SUBJECT=`hg log -r $NODE | grep "\^summary:" | cut -b 14-`
hg log -vpr $NODE | mail -s "commit: $SUBJECT" [notification email]
EOF
[hg@agc108 ~]$ chmod a+x /net/agc108.prc.sun.com/export/home/hg/bin/commithook.sh
[hg@agc108 ~]$

  • as user root

-bash-3.00# cd /var/apache2/
-bash-3.00# mkdir cgi-hg
-bash-3.00# cd cgi-hg
-bash-3.00# cp [hg install path]/hgwebdir.cgi index.cgi
-bash-3.00# chmod a+x index.cgi
-bash-3.00# cat <<EOF >hgweb.config
[paths]
/g11n = /export/home/hg/hgroot/g11n
EOF
-bash-3.00# mkdir g11n
-bash-3.00# cd g11n
-bash-3.00# cp [hg install path]/hgweb.cgi index.cgi
-bash-3.00# chmod a+x index.cgi

change 'make_web_app' function in index.cgi as below

def make_web_app():
    return hgweb("/export/home/hg/hgroot/g11n", "g11n cws")

  • restart apache2
-bash-3.00# /usr/apache2/bin/apachectl restart
  • that's it!
you should be able to browse the workspace in firefox: http://agc108.prc.sun.com/hg/g11n.
you can also clone it and push back freely:
[simford@agc130 tmp]$ hg clone /net/agc108.prc.sun.com/export/home/hg/hgroot/g11n
...
play with it
...
[simford@agc130 tmp]$ umask 0002
[simford@agc130 tmp]$ hg push

  • Last but not the least, 'umask 0002' is very important, especially in NFS environment.
All users should be able to push back to the centranlized workspace, so make sure the users in the same group have the +w rights to all files in the workspace.

About

simford

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today