IT spending can be horribly wasteful sometimes. Companies will spend millions of dollars on the latest and greatest hardware, on which they install Windows 98! Get with the times people! In case someone bought enough hardware for multiple VCS clusters at your company, and put too many nodes in the wrong cluster, here’s how you can decommission a node safely while the cluster is online:
NOTE: I recommend you run these commands from a node that will remain active. Otherwise certain commands will not work.
If you’ve ever used roles based access control (RBAC) in Solaris you know how useful it can be in managing user accounts and access to system level functionality. Here’s a brief synopsis of how RBAC works and what you can expect to see in /etc/user_attr:
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# user attributes. see user_attr(4)
#pragma ident "@(#)user_attr.txt 1.9 07/10/17 SMI"
root::::auths=solaris.*,solaris.grant;profiles=Web Console Management,All;lock_after_retries=no;min_label=admin_low;clearance=admin_high
In this example we have a “role” called “addSoftware” and several users with access to that role. Roles available for assignment are listed in /etc/security/prof_attr and in there you will see “Software Installation” as an available role:
Software Installation:::Add application software to the system:help=RtSoftwareInstall.html;auths=solaris.admin.prodreg.read,solaris.admin.prodreg.modify,solaris.admin.prodreg.delete,solaris.admin.dcmgr.admin,
Assigning users this role allows them to use software installation and removal commands such as “pkginfo“, “pkgadd“, and “pkgrm” to name a few.
Root on the other hand has access to the “All” role. Lord knows what someone could do with that!
If every IT administrator was issued a swiss army knife full of technical tools, dig would certainly be in it. If you have ever hosted, registered, or administered a domain name or DNS server then you have likely run across this tool at some point. Here are the basics of DNS and how to use dig to get the information you need:
NOTE: Headers and footers have been removed from these queries for ease of use. In headers and footers you will see information regarding the version of dig you are using and how long your query took respectively.
Redundant interface setup in Solaris 10 is relatively simple using IPMP. Here are the basics for configuring IPMP on Solaris 10:
Verify link status for the interfaces you intended to configure in a fail-over group using IPMP:
root@localhost # dladm show-dev
nxge0 link: up speed: 1000 Mbps duplex: full
nxge7 link: unknown speed: 0 Mbps duplex: unknown
nxge4 link: up speed: 1000 Mbps duplex: full
nxge3 link: unknown speed: 0 Mbps duplex: unknown
e1000g0 link: up speed: 1000 Mbps duplex: full
e1000g1 link: up speed: 1000 Mbps duplex: full
In this example we’ll focus on interfaces nxge0 and nxge4. Next create your interface configurations files in /etc/hostname.<interface> where <interface> “nxge0” and “nxge4” in our example of dladm show-dev above. Here we’ll add the meat of the configuration as seen below:
root@localhost # cat /etc/hostname.nxge0
192.168.1.10 netmask 255.255.255.0 broadcast + group if-failover -failover deprecated up
addif 192.168.1.12 netmask 255.255.255.0 failover up
root@localhost # cat /etc/hostname.nxge4
192.168.1.11 netmask 255.255.252.0 broadcast + group if-failover -failover deprecated standby up
NOTE: All items in these files are on a single line. Ensure that if you want to wrap text you terminate the first line with a “\“. Additionally all items in these configuration files can follow the command “ifconfig” if you’re setting this interactively. You must create the configuration files in order for these settings to take affect upon reboot.
As you can see from the configuration files above – each interface has a base IP address (192.168.1.10 and 192.168.1.11 above) and “nxge0” has one additional IP address from which all traffic will source (The “deprecated” option tells ifconfig not to source traffic from this address). The “+ group” option tells ifconfig that this interface is part of the IPMP group “if-failover“. The “-failover” option tells ifconfig not to fail this interface IP if the active member of the fail-over group fails (192.168.1.10 and 192.168.1.11 in our example). The additional interface on “nxge0” (192.168.1.12 in our example) has the “failover” option telling ifconfig to fail this interface over should a member of the interface group it is operating on fails. Finally the “standby” option tells interface “nxge4” to operate in standby mode for the group “if-failover“.
Be sure and test fail-over using if_mpadm.
Real easy actually:
zonecfg -z <zone>
set special=/dev/md/dsk/<softpart> (Assumes you’re using metadb)
add options logging
Now reboot your zone and your new filesystem is mounted on /app.