Wednesday Jan 14, 2009

You Learn Something Every Day

Just learned how to save about a bazillion keystrokes over the remainder of my file-editing & programming life.

This is because I just learned that C-M-l (or Control-Meta-l, where "Meta" is the "Diamond" key on a Sun keyboard) is the (X)Emacs key sequence for "switch-to-other-buffer".

I have been doing this via Control-x, "b", Enter, or in other words, switch-buffer, then pressing Enter to accept the default, which has the same definition as "other-buffer". And I do it all the time.


By the way, I have been using (X)Emacs for approximately 20 years. I was lucky enough to find it when I first started on Unix, because I felt Vi was not powerful enough. Of course, any mention of Emacs and Vi in the same breath is likely to start a war, so I apologize to those who are not interested...

Saturday Sep 06, 2008

Installing Solaris from a USB Disk

I regularly do a full install of a Solaris Development release onto my laptop. Why full? Well, that is another story for another day, but it is not because the Solaris Upgrade software; including Live Upgrade; is lacking.

I decided I no longer see the sense of burning a DVD to do this; and I know that Solaris can boot from a USB device.

I used James C. Liu's blog as an inspiration, but the following is what I have found worked well to boot an install image located on a USB disk. You may also be interested in the Solaris Ready USB FAQ.

NOTE: This procedure only has a chance of working if you have a version of Solaris 10 or later that uses GRUB and has a USB driver that works with your drive.

  1. Set up an 8GB "Solaris2" partition on the USB drive using fdisk. Make it the active partition.
  2. Set up a UFS slice using all but the first cylinder of that 8GB as slice 0 using format. Run newfs. Mount.

    The first cylinder ends up being dedicated to a "boot" slice. I do not know what it is used for, perhaps avoidance of overwriting PC-style partition table & boot program.

  3. Mount the DVD ISO using lofiadm/mount (hint: google lofiadm solaris iso)
  4. Use cpio to copy the contents of the DVD ISO into the UFS partition on the USB drive, e.g:

    # cd <rootdir of DVD ISO>
    # find . | cpio -pdum <rootdir of USB filesystem>

  5. Run installgrub to install the stage1 & stage2 files from the DVD ISO onto the USB drive If the filesystem on your USB drive has mounted as /dev/dsk/c2t0d0s0 for example, then use:

    # cd <rootdir of DVD ISO>
    # /sbin/installgrub boot/grub/stage1 boot/grub/stage2 /dev/rdsk/c2t0d0s0

  6. Boot off the USB disk. It uses the same GRUB install that would be on a DVD.
  7. Now, I can not remember whether the next step was either:

    • Wait for the install to fail (unable to find distribution), or:

    • Exit/quit out of installation

    ...but you need to get to a shell.

  8. Manually mount the USB partition at /cdrom

    NOTE: your controller numbers are probably not as you expect at this point, so double-check what you are mounting.

  9. Re-start the install
    I used "suninstall". I think you can use "solaris-install" instead.

The install seemed to run fine from there, however it went through a sysconfig stage after the reboot.

Then I ended up with one teeny problem - my X server would not start.

I discovered some issues with fonts, and then decided to check the install log. I discovered a number of packages had reported status like:

Installation of <SUNWxwfnt> partially failed.
19997 blocks
pkgadd: ERROR: class action script did not complete successfully

Installation of <SUNWxwcft> partially failed.

Installation of <SUNW5xmft> partially failed.

Installation of <SUNW5ttf> partially failed.

Installation of <SUNWolrte> partially failed.

Installation of <SUNWhttf> partially failed.

I have since pkgrm/pkadd-ed these packages (using -R while running the laptop on an older release with the new boot environment mounted), and all is now well.

Wednesday Feb 28, 2007

SSH Cheat Sheet

This is offered for those who want to kick their telnet habit. I also offer a simple text version, which you can keep in ~/.ssh.

To create an SSH key for an account

srchost$ ssh-keygen -t rsa

This will create id_rsa and in ~/.ssh. "-t dsa" can be used instead. You will need an SSH key if you want to log in to a system without supplying a password.

To be able to log in to desthost from srchost without a password (as below)

srchost$ ssh desthost

Simply add the contents of srchost:~/.ssh/ to desthost:~/.ssh/authorized_keys in the form "ssh-rsa AAAkeystringxxx= myusername@srchost".

To enable forwarding of an X-windows session back to your $DISPLAY on srchost

Just use "-X":

srchost$ ssh -X desthost
desthost$ xterm

If I use a different account on desthost (and I want to use a short name for desthost)

Add something like this:

Host	paedata
    Hostname	paedata.sfbay
    User	tc35445
to srchost:~/.ssh/config

Still Getting Prompted For a Password

If I find that my key is not being recognised on desthost (I still get prompted for a password), I probably have a premission problem. try this as the user on desthost:

chmod g-w,o-w .
chmod g=,o= .ssh .ssh/authorized_keys

To allow root logins (but must specify password or have an authorized_key) on a host

  1. Edit /etc/ssh/sshd_config, change line to
    PermitRootLogin yes
  2. Solaris 9 & earlier:
    # /etc/init.d/sshd restart
  3. Solaris 10 & later:

    # svcadm restart ssh

Here is a patch (will save the originial config file in sshd_config.orig)

/usr/bin/patch -b /etc/ssh/sshd_config << 'EOT'
--- sshd_config.orig       Fri Feb  2 11:27:12 2007
+++ sshd_config Fri Feb 23 14:12:24 2007
@@ -129,7 +129,8 @@
 # Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
 # maybe denied access by a PAM module regardless of this setting.
 # Valid options are yes, without-password, no.
-PermitRootLogin no
+#PermitRootLogin no
+PermitRootLogin yes

 # sftp subsystem
 Subsystem      sftp    /usr/lib/ssh/sftp-server

Host Key Has Changed

Reconfigure of desthost - this happens when you (re-)install Solaris. You can avoid it by restoring /etc/ssh/ssh_host_\*_key\*. Otherwise:

bash$ ssh katie
Someone could be eavesdropping on you right now(man-in-the-middle attack)
It is also possible that the RSA host key has been changed.
The fingerprint for the RSA key sent by the remote host is
md5 8e:c4:53:93:64:5b:2d:b4:f8:e9:a8:9c:d9:95:4a:70.
Please contact your system administrator.
Add correct host key in /home/tc35445/.ssh/known_hosts
Offending key is entry 3 in /home/tc35445/.ssh/known_hosts
RSA host key for katie has changed and you have requested strict checking.

Solution - remove the "katie" entry in ~/.ssh/known_hosts and log-in again - ssh will put a new host key in for you.

Saturday Dec 16, 2006

Why CONNECT / AS SYSDBA did not work - Trap For Young Players


I have been doing some installing of Oracle databases onto system where a database and oracle account are already installed. I wanted to effect changes that could be easily cleaned up. So, I created my own oracle account/uid and group/gid.

The Problem

The problem I encountered was that when I tried to connect to the database to do DBA-type things, my experience went like this:

tora ) sqlplus / as sysdba

ORA-01031: insufficient privileges

The Solution

This mode of connection, where a bare slash (/) is used instead of oracleaccount/oraclepassword, is where you ask Oracle to authorize you via your OS credentials. What I was missing is that the Unix group specified during creation of the database (or installation of the software, I forget which) is separate from the Unix group used to automatically grant a user the SYSDBA and SYSOPER privileges - which would have allowed the "sqlplus / as sysdba" to succeed.

So the Unix group that does grant these privileges (I think they are Oracle roles, just as Solaris has roles) is "dba". I am not sure whether this can be changed, so I took the shortest route and added my "tora" user to the "dba" group, and all was well.

File this one under just-hoping-anyone-in-the-same-pain-finds-this-via-Google.

I also would like to plug Installing and Configuring Oracle Database 10g on the Solaris Platform by Roger Schrag as a useful Cheat Sheet.

Friday Oct 06, 2006

Lsync - Keeping Your Sanity by Keeping Your Home Directory Synchronised

I haver battled for a number of years on how to keep a laptop and a home directory reasonably syncronised. About a year ago I decided to solve this problem once and for all.

Below I describe Lsync, a script I wrote to do the work for me. Here is the Lsync script for download.


WARNING: Command-Line Content

Lsync is a tool to keep your home directory synchronised across multiple systems. While there are a few solutions out there for doing this automagically, such solutions are either still in a research phase, have a price tag, or are designed on a different scale.

This solution is intended to be cheap, and work with most variants of Unix. It is also intended to be used by the user who is doing updates on one or both copies of their own home directory. It should be used regularly, to minimise the work required at each operation, and to reduce the risk of data loss, or insanity.

Lsync is implemented on top of the excellent OSS program rsync.


As configured, Lsync depends on bash, ssh, and a recent version of rsync (exactly how recent I do not know). It can probably be modified to use the (far less secure) rsh/rexec protocol, but I am not going to do this work. So far, I have found it to work on Solaris 9, 10 and Express, as well as Mac OS X 10.3.9. I would fully expect it to work on any variant of Linux.

The user will need to edit the Lsync script to set the values for their "laptop" and "master" hosts.

What It Does

Lsync offers 5 basic functions:

  • Check on what needs to be synced from your "laptop" to your "master"
  • Check on vice-versa
  • Sync from your "laptop" to your "master" (make it so...)
  • Sync vice-versa
  • Edit your "rsync includes" file

The sync/check operations by default are done between the user's home directories on the "laptop" and "master" hosts, but they can instead perform the operation just on a sub-directory of the home directory.

Any operation that modifies data requires further input from the user - either editing of the "rsync includes" file, or entering a "y" to confirm that we really want to sync.

An advantage of using ssh as the remote shell protocol is that the user can leverage ~/.ssh/config to specify a different username to be used on a remote host. For example, I have the username "timc" on my laptop, but have to use the corporate standard "tc35445" on any SWAN host (yuck). The magic for this to happen without work on my behalf is to put this in ~/.ssh/config on my laptop:

	Host	\*.sfbay
	  User     tc35445


A host you designate. This can have a dynamic name, established at run-time as the host you are running Lsync on, or it can be static. If the laptop host is static, you can run Lsync on either the master or the laptop host.
A host you designate. This is static.
Host deemed to have the current authoritative version of your home directory.
Host being synchronised to the sender's version of your home directory.
rsync includes file
A file containing rules for including & excluding files and/or directories to be synchronised. The format is documented in the rsync(1) manual page. The default location for this is ~/.rsync-include.


Unless you have seen rsync before, you will be surprised how fast it can do it's work. I am currently syncing about 50,000 files, but if the metadata for these is cached on both systems, a full home directory check takes around a minute. If it is the first check of the day, it might take 5 minutes.

In either case, it is fast enough to use at least daily, which means you can easily have your full, up-to-date "working set" with you on your laptop when you are out of the office, but go back to a SunRay when you get in.

Alternatively, if you know you have been working in a sub-directory, just specify that subdirectory, and Lsync limits its update to that directory tree. For example:

	$ Lsync L ~/tools/sh/Lsync

Caveats, Warnings, Disclaimers and Other Fine Print

It is important to understand that I am using the "--delete" option to rsync, which means that rsync will delete files on the receiver that do not exist on the sender. This means if you delete something on one host, it won't come back to haunt you, but it also means you must get sync operations in the correct order with your work activity. For easy identification, rsync tells you whenever it would have deleted or is deleting something by prepending it with "deleting".

Also, all sync operations will act on files and directories at the same level under your home directory on both systems. In other words, you can not use Lsync to copy a directory to a different location on the receiver, leaving the receiver's version of the directory in place.

This is a deliberate decision - Lsync is intended to synchronise, not to replicate.


When I want to sync my home directory, if I am not sure what I have modified on what directory, I first check:

d-mpk12-65-186 ) Lsync l
-- Lsync: listing what to sync under ~
     from d-mpk12-65-186.SFBay.Sun.COM to paedata.sfbay
building file list ... done
deleting tools/sh/Lsync/tmpfile

wrote 1016147 bytes  read 28 bytes  16796.28 bytes/sec
total size is 4882980897  speedup is 4805.26
-- Use "Lsync L" to perform sync
d-mpk12-65-186 ) 

Then, noticing that the only thing to delete is something I have deleted on the sender and genuinely do not want any more, I go ahead and "make it so":

d-mpk12-65-186 ) Lsync L
-- Lsync: SYNCING everything under ~
     from d-mpk12-65-186.SFBay.Sun.COM to paedata.sfbay
Enter 'y' to confirm: y
building file list ... 
49676 files to consider
deleting tools/sh/Lsync/tmpfile
       47248 100%  780.49kB/s    0:00:00  (1, 70.8% of 49676)
       12288 100%  255.32kB/s    0:00:00  (2, 99.4% of 49676)

wrote 1075767 bytes  read 60 bytes  16942.16 bytes/sec
total size is 4882980897  speedup is 4538.82

If I want to double-check, I can now see what might be out of date with my "master":

d-mpk12-65-186 ) Lsync m
-- Lsync: listing what to sync under ~
     from paedata.sfbay to d-mpk12-65-186.SFBay.Sun.COM
receiving file list ... done

wrote 337 bytes  read 1049835 bytes  21653.03 bytes/sec
total size is 4882980897  speedup is 4649.70
-- Use "Lsync M" to perform sync

If I want to just sync a particular directory tree, I can specify this as an argument after the operation letter. This will be a lot faster than examining my whole home directory tree on both hosts. It also ignores my "rsync includes" file.

Any absolute or relative path can be specified, but it must resolve to something below my $HOME:

d-mpk12-65-186 ) pwd
d-mpk12-65-186 ) Lsync l .
-- Lsync: listing what to sync under ~/tools/sh/Lsync
     from d-mpk12-65-186.SFBay.Sun.COM to paedata.sfbay
building file list ... done

wrote 165 bytes  read 28 bytes  55.14 bytes/sec
total size is 32083  speedup is 166.23
-- Use "Lsync L" to perform sync
d-mpk12-65-186 ) Lsync l ~/tools/
-- Lsync: listing what to sync under ~/tools
     from d-mpk12-65-186.SFBay.Sun.COM to paedata.sfbay
building file list ... done

wrote 54756 bytes  read 28 bytes  9960.73 bytes/sec
total size is 84506552  speedup is 1542.54
-- Use "Lsync L" to perform sync
d-mpk12-65-186 ) Lsync l /var/tmp
Lsync: can not sync "/var/tmp", as it is not under $HOME

Wednesday Nov 16, 2005

Demonstrating ZFS Self-Healing

I'm the kind of guy who likes to tinker. To see under the bonnet. I used to have a go at "fixing" TV's by taking the back off and seeing what could be adjusted (which is kind-of anathema to one of the philosophies of ZFS).

So, when I have been presenting and demonstrating ZFS to customers, the thing I really like to show is what ZFS does when I inject "silent data corruption" into one device in a mirrored storage pool.

This is cool, because ZFS does a couple of things that are not done by any comparable product:

  • It detects the corruption by using checksums on all data and metadata.
  • It automatically repairs the damage, using data from the other mirror, assuming checksum(s) on that mirror are OK.

This all happens before the data is passed off to the process that asked for it. This is how it looks in slideware:

Self-Healing ZFS

The key to demonstrating this live is how to inject corruption, without having to apply a magnet or lightning bolt to my disk. Here is my version of such a demonstration:

  1. Create a mirrored storage pool, and filesystem

    cleek[bash]# zpool create demo mirror /export/zfs/zd0 /export/zfs/zd1
    cleek[bash]# zfs create demo/ccs

  2. Load up some data into that filesystem, see how we are doing

    cleek[bash]# cp -pr /usr/ccs/bin /demo/ccs
    cleek[bash]# zfs list
    NAME                   USED  AVAIL  REFER  MOUNTPOINT
    demo                  2.57M   231M  9.00K  /demo
    demo/ccs              2.51M   231M  2.51M  /demo/ccs

  3. Get a personal checksum of all the data in the files - the "find/cat" will output the contents of all files, then I pipe all that data into "cksum"

    cleek[bash]# cd /demo/ccs
    cleek[bash]# find . -type f -exec cat {} + | cksum
    1891695928      2416605

  4. Now for the fun part. I will inject some corruption by writing some zeroes onto the start of one of the mirrors.

    cleek[bash]# dd bs=1024k count=32 conv=notrunc if=/dev/zero of=/export/zfs/zd0
    32+0 records in
    32+0 records out

  5. Now if I re-read the data now, ZFS will not find any problems, and I can verify this at any time using "zpool status"

    cleek[bash]# find . -type f -exec cat {} + | cksum
    1891695928      2416605
    cleek[bash]# zpool status demo
      pool: demo
     state: ONLINE
     scrub: none requested
            NAME                 STATE     READ WRITE CKSUM
            demo                 ONLINE       0     0     0
              mirror             ONLINE       0     0     0
                /export/zfs/zd0  ONLINE       0     0     0
                /export/zfs/zd1  ONLINE       0     0     0

    The reason for this is that ZFS still has all the data for this filesystem cached, so it does not need to read anything from the storage pool's devices.

  6. To force ZFS' cached data to be flushed, I export and re-import my storage pool

    cleek[bash]# cd /
    cleek[bash]# zpool export -f demo
    cleek[bash]# zpool import -d /export/zfs demo
    cleek[bash]# cd -

  7. At this point, I should find that ZFS has found some corrupt metadata

    cleek[bash]# zpool status demo
      pool: demo
     state: ONLINE
    status: One or more devices has experienced an unrecoverable error.  An
            attempt was made to correct the error.  Applications are unaffected.
    action: Determine if the device needs to be replaced, and clear the errors
            using 'zpool online' or replace the device with 'zpool replace'.
     scrub: none requested
            NAME                 STATE     READ WRITE CKSUM
            demo                 ONLINE       0     0     0
              mirror             ONLINE       0     0     0
                /export/zfs/zd0  ONLINE       0     0     7
                /export/zfs/zd1  ONLINE       0     0     0

  8. Cool - Solaris Fault Manager at work. I'll bring that mirror back online, so ZFS will try using it for what I plan to do next...

    cleek[bash]# zpool online demo/export/zfs/zd0
    Bringing device /export/zfs/zd0 online

  9. Now, I can repeat my read of data to generate my checksum, and check what happens

    cleek[bash]# find . -type f -exec cat {} + | cksum
    1891695928      2416605    note that my checksum is the same
    cleek[bash]# zpool status
            NAME                 STATE     READ WRITE CKSUM
            demo                 ONLINE       0     0     0
              mirror             ONLINE       0     0     0
                /export/zfs/zd0  ONLINE       0     0    63
                /export/zfs/zd1  ONLINE       0     0     0

Of course, if I wanted to know the instant things happened, I could also use DTrace (in another window):

cleek[bash]# dtrace -n :zfs:zio_checksum_error:entry
dtrace: description ':zfs:zio_checksum_error:entry' matched 1 probe
CPU     ID                    FUNCTION:NAME
  0  40650         zio_checksum_error:entry
  0  40650         zio_checksum_error:entry
  0  40650         zio_checksum_error:entry
  0  40650         zio_checksum_error:entry

Technorati Tag:

Tuesday Nov 08, 2005

FAQ du Jour - Daylight Savings in Australia, Autumn 2006

Well, I have been asked this three times now, so it sounds worthy of a blog entry...

The beginning and end of Daylight Savings in Australia is controlled by state goverment regulation, which means it can be changed at relatively short notice (except in Queensland, where it can not be changed, as the extra daylight will fade curtains and confuse dairy cows).

Has or will Sun release Solaris patches to take account of changes to daylight savings due to happen for the Commonwealth Games in 2006?

There is an RFE (Request For Enhancement) for this, but we have not yet developed & released patches.

If you are a customer and want to be notified when the patches are released, please log a call to this effect. You can reference BugID 6282969 to identify the issue.

I got a bit wistful when researching this, because back when I was a Sun customer in 1996 (I think), I logged a call regarding the same type of issue - South Australia was extending Daylight Savings for the WOMAdelaide music festival.

Customising man(1) for more readable manual pages

This entry can be considered a test run, or it can be considered as an entry that will stop my next entry from being the first and only entry when it is released. These things are true, but I hope this entry will be of interest anyway.

I am still a habitual user of the "man" command in Solaris (and other Unixes). It has pretty good response time, and the format is familiar. I did notice a number of years ago that the format could be better. All sorts of terminals are able to display bold and underlined text, and printed man pages show some elements as bold, but man(1) on Solaris only shows underlined elements (see below).

Boring man(1)

My interest was piqued when I re-acquainted myself with Linux, and noticed that man(1) was showing bold elements. I had to investigate.

I did a few things like "truss -f" on the man program, "strings" on the binary, until I discovered that Solaris' man(1) was different in that it was using a "-u0" option to nroff(1) when formatting the text. This flag was undocumented at the time, but I discovered that if I hand-built a man page and used "-u1" instead, I got bold text.

I was obviously not firing on all cylinders that day, as I chose to customise man(1) by putting a copy of /usr/bin/man (the binary) in my ~/bin directory, then editing the binary, changing any occurence of "-u0" to "-u1".

When I next upgraded my workstation, I then had to replace the binary with a script that called a release-specific binary, as I was then using multiple releases of Solaris on different systems.

Eventually, the injector on cylinder 3 cleared, and I figured out how to do it with a script that effectively interposed on /usr/bin/man and /usr/bin/nroff. This would also work on many releases of Solaris (currently working fine on S10 and the most recent build of OpenSolaris). At the same time, I figured I could use a custom PAGER program for displaying man pages, and implement this in the same script.

If you feel envious and want this for yourself, download the script from here. Put this in a directory in your PATH that comes before /usr/bin and /bin, then link it to "nroff" in the same directory (e.g. "ln ~/bin/man ~/bin/nroff"). You will then get what I see:

Custom man(1)


Tim Cook's Weblog The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.


« July 2016