Eric
Solaris 10 fails to install on EFI labeled disks
I recently came across the following error when jumpstarting a system that has 4 disks, 2 of which were previously in a zpool and were EFI labeled:
Checking rules.ok file...
awk: division by zero
record number 17
awk: division by zero
record number 15
expr: syntax error
awk: division by zero
record number 17
The error seemed harmless enough in that it didn't affect the installation.
Even still I tracked it down to the /usr/sbin/install.d/chkprobe script in the Solaris 10 mini-root.
I opened a case with Sun and they informed me it was a known issue (BugID 6457349: chkprobe cannot handle disks with EFI labels).
Sun provided me with a work-around patch to chkprobe which produced the following output:
Checking rules.ok file...
c0t8d0 doesn't have a VTOC label
c0t9d0 doesn't have a VTOC label
This was fine in a system that had at least one VTOC labeled disk as the jumpstart installation could still proceed.
When the all of the disks are EFI labeled then the installation fails with the message:
ERROR: One or more disks are found, but one of the following problems exists:
- Hardware failure
- The disk(s) available on this system cannot be used to install Solaris Software. They do not have a valid label.
If you want to use the disk(s) for the install, use format(1M) to label the disk and restart the installation.
Solaris installation program exited.
To solve this you need to run the format -e command and re-label the disks.
Note the "-e" (expert mode) option to format is required otherwise you won't be given the choice of label types.
# format -e
Searching for disks...done
AVAILABLE DISK SELECTIONS:
0. c0t0d0
/pci@1c,600000/scsi@2/sd@0,0
1. c0t1d0
/pci@1c,600000/scsi@2/sd@1,0
Specify disk (enter its number): 0
selecting c0t0d0
[disk formatted]
FORMAT MENU:
disk - select a disk
type - select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
repair - repair a defective sector
label - write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
inquiry - show vendor, product and revision
scsi - independent SCSI mode selects
cache - enable, disable or query SCSI disk cache
volname - set 8-character volume name
! - execute , then return
quit
format> label
[0] SMI Label
[1] EFI Label
Specify Label type[1]: 0
Warning: This disk has an EFI label. Changing to SMI label will erase all
current partitions.
Continue? y
Auto configuration via format.dat[no]? y
format> quit
The fix Sun provided should make it into a future Solaris 10 update and I suspect once ZFS boot is released this problem will be resolved for good.
Posted at 11:44PM nov. 16, 2009 by Éric in Solaris |
Rotation des logs sous apache
Créer les entrées sous logadm.
# logadm -C 14 -c -p 1d -t '$file-%Y-%m-%d' -z 0 -w /opt/coolstack/apache2/logs/access_log # logadm -C 14 -c -p 1d -t '$file-%Y-%m-%d' -z 0 -w /opt/coolstack/apache2/logs/error_log # logadm -C 14 -c -p 1d -t '$file-%Y-%m-%d' -z 0 -w /opt/coolstack/apache2/logs/ssl_request_log
# vi /etc/logadm.conf ### apache rotation log /opt/coolstack/apache2/logs/access_log -C 14 -c -p 1d -t '$file-%Y-%m-%d' -z 0 /opt/coolstack/apache2/logs/error_log -C 14 -c -p 1d -t '$file-%Y-%m-%d' -z 0 /opt/coolstack/apache2/logs/ssl_request_log -C 14 -c -p 1d -t '$file-%Y-%m-%d' -z 0
Posted at 05:12PM sept. 17, 2009 by Éric in Solaris |
Log sshd actif
Ajouter sous syslog.conf auth.info
# vi /etc/syslog.conf auth.info ifdef(`LOGHOST', /var/log/ssh.log, @loghost)
# vi /etc/ssh/sshd_config SyslogFacility AUTH LogLevel INFO
# touch /var/log/ssh.log
# svcadm restart svc:/system/system-log:default
Posted at 11:54AM sept. 14, 2009 by Éric in Solaris |
Solaris ufsrestore fichier et ruban
# cd /tmp # mkdir rst # cd rst # ufsrestore rf /export/home1/securite/adraste/adraste-bkp-20090826.dmp
# cd /tmp # mkdir rst # cd rst # ufsrestore ivf /dev/rmt/0
Posted at 10:08AM août 26, 2009 by Éric in Solaris |
La cache (arc) de ZFS mange toute la ram.
C'est la mémoire que ZFS utilise comme aire de cache. Le mécanisme par défaut c'est que la cache peut utiliser jusqu'à la mémoire physique - 1GB. Le problème c'est que bien que l'ARC peut rapetisser automatiquement quand les applications ont besoin de mémoire, en pratique, ça ne se fait pas assez rapidement.. Comme ZFS utilise trop de mémoire il faut le limiter.
Voici comment faire.
- Voir son utilisation.
- sous mdb
- ce qui est à vérifier
- c_min = minimum allouer
- c_max = maximum allouer
- sous mdb
# mdb -kw Loading modules: [ unix krtld genunix specfs dtrace cpu.generic uppc pcplusmp ufs ip hook neti sctp arp usba uhci fcp fctl emlxs qlc nca lofs zfs mpt md cpc random crypto fcip logindmux ptm sppp nfs ] > ::arc hits = 13475080 misses = 278175 demand_data_hits = 9197806 demand_data_misses = 19961 demand_metadata_hits = 3884809 demand_metadata_misses = 35538 prefetch_data_hits = 298657 prefetch_data_misses = 209763 prefetch_metadata_hits = 93808 prefetch_metadata_misses = 12913 mru_hits = 1093121 mru_ghost_hits = 4717 mfu_hits = 11993694 mfu_ghost_hits = 20071 deleted = 481527 recycle_miss = 8459 mutex_miss = 756 evict_skip = 12755 hash_elements = 304229 hash_elements_max = 305404 hash_collisions = 290303 hash_chains = 61527 hash_chain_max = 6 p = 15817 MB c = 15817 MB c_min = 3966 MB c_max = 31730 MB size = 15760 MB hdr_size = 51362304 l2_hits = 0 l2_misses = 0 l2_feeds = 0 l2_rw_clash = 0 l2_writes_sent = 0 l2_writes_done = 0 l2_writes_error = 0 l2_writes_hdr_miss = 0 l2_evict_lock_retry = 0 l2_evict_reading = 0 l2_free_on_write = 0 l2_abort_lowmem = 0 l2_cksum_bad = 0 l2_io_error = 0 l2_size = 0 l2_hdr_size = 0 memory_throttle_count = 0 arc_no_grow = 0 arc_tempreserve = 0 MB arc_meta_used = 366 MB arc_meta_limit = 7932 MB arc_meta_max = 366 MB
- kstat
- utilisation actuel.
# kstat zfs:0:arcstats:size module: zfs instance: 0 name: arcstats class: misc size 16526777664
- utilisation actuel.
Pour le limiter, il est conseillé de ne pas toucher à la valeur c_min. Mais on peut limiter la valeur c_max.
Dans mon cas j'ai limité a env 30% de la mémoire du système 36Go total et le ZFS arc 10Go = 10000000000 ocets = 0x2540BE400.
- Limiter le c_max sous /etc/system
- ajouter à la fin du fichier.
- Après le changement sous /etc/system un redémarrage s'impose.
- ajouter à la fin du fichier.
# vi /etc/system * zfs arc maximun utilisation 10Go set zfs:zfs_arc_max=10000000000
Posted at 04:42PM août 24, 2009 by Éric in Solaris |
vim-7.2 installation sous Solaris 10 sparc
Installation de vim 7.2 sous Solaris 10 sparc avec gcc en 64 bit.
$ wget ftp://ftp.vim.org/pub/vim/unix/vim-7.2.tar.bz2 $ bunzip2 vim-7.2.tar.bz2 $ tar xvf vim-7.2.tar $ cd vim72/ $ CC="gcc -m64" ./configure --prefix=/opt/vim72 $ make $ su # make install
$ vi ~/.vimrc
set nocp " :-) " turn these ON: set digraph ek hidden ruler sc vb wmnu " turn these OFF: set noeb noet nosol " non-toggles: set bs=2 fo=cqrt ls=2 shm=at tw=0 ww=<,>,h,l set comments=b:#,:%,fb:-,n:>,n:) set list listchars=tab:»·,trail:· set viminfo=%,'50,\"100,:100,n~/.viminfo " settings which are the default " (at least with "nocompatible" anyway): " set smd sw=8 ts=8 " mappings: map Kmap :shell map ,F :view $VIMRUNTIME/filetype.vim map ,SO :source $VIMRUNTIME/syntax/ map ,V :view $VIMRUNTIME/syntax/ " autocommands: au FileType mail set tw=70 " some colors: "white on black" hi normal ctermfg=white ctermbg=black guifg=white guibg=black hi nontext ctermfg=blue ctermbg=black guifg=blue guibg=black " syntax coloring!! :-) set encoding=utf-8 syn on
$ /opt/vim72/bin/vim
Posted at 11:04AM août 19, 2009 by Éric in Solaris |
mrtg sous Solaris avec mrtg pme
J'ai installé les packages de coolstack avant.
# cd /opt # wget http://oss.oetiker.ch/mrtg/pub/mrtg-2.16.2.tar.gz # gzip -dc mrtg-2.16.2.tar.gz | tar xvf - # cd mrtg-2.16.2 # ./configure --prefix=/opt/mrtg-2 --with-gd-inc=/opt/coolstack/include --with-gd-lib=/opt/coolstack/lib # make # make install
# cd /opt/mrtg-2 # wget http://prdownloads.sourceforge.net/mrtg-pme/mrtgpme-1.0.2.tar.gz # gunzip mrtgpme-1.0.2.tar.gz # tar xvf mrtgpme-1.0.2.tar
# cd /opt/mrtg-2/mrtgpme-1.0.2/solaris/ # vi *-solaris.pl il faut virer dans le path local #!/usr/local/bin/perl #!/usr/bin/perl `/usr/local/bin/ssh `/usr/bin/ssh
# vi solaris-*.cfg WorkDir: /export/home1/daemons/apache/mrtg #IconDir: /usr/local/mrtg/images changer les HOST par le bon hostname sur toutes les lignes. :%s/HOST/hostname/g Target[HOST-*]: `/opt/mrtg-2/mrtgpme-1.0.2/solaris/*-solaris.pl HOST`
# vi /opt/mrtg-2/mrtg.ksh
----
#!/bin/ksh
#
# cants.org
# Eric Cantin
# version 20090814
# ce script lance mrtg
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/opt/coolstack/lib
export LD_LIBRARY_PATH
/opt/mrtg-2/bin/mrtg /opt/mrtg-2/mrtgpme-1.0.2/solaris/solaris-cpu.cfg
/opt/mrtg-2/bin/mrtg /opt/mrtg-2/mrtgpme-1.0.2/solaris/solaris-mem.cfg
/opt/mrtg-2/bin/mrtg /opt/mrtg-2/mrtgpme-1.0.2/solaris/solaris-root.cfg
----
# chmod +x /opt/mrtg-2/mrtg.ksh
# vi index.php
----
<?php
function DirTri($rep,$tri)
{
$Array = array(); $dir = opendir($rep);
$i=0;
while ($File = readdir($dir)){
// liste des fichiers qui ne sont pas affich?
if($File != "." && $File != ".." && substr(strtolower($File), -3) != "log" && substr(strtolower($File), -3) != "png" && subst
r(strtolower($File), -3) != "old" && $File != "index.php" && $File != "index.html")
{
$Array[] = "$File";
}
$i++;
}
// message du top
echo "<html>";
echo "<head>";
echo "<title>Stats mrtg - Cants.org</title>";
echo "</head>";
echo 'Les stats sont produites avec <a href="http://mrtg-pme.sourceforge.net">MRTG Performance Monitoring Extensions</a>.<br>';
echo 'Et <a href="http://oss.oetiker.ch/mrtg/">MRTG</a>.<br>';
echo "<body TEXT=#000000 BGCOLOR=#CACADE LINK=#0000EF VLINK=#55188A ALINK=#FF0000>";
echo "<b>Liste des serveurs mrtg :</b><br><br>";
closedir($dir);
if($tri == 'DESC'){
rsort($Array);
}else{
sort($Array);
}
$Max = count($Array);
for($i = 0; $i != $Max; $i++){
echo "<a href=\"$Array[$i]\">$Array[$i]</a><br>";
}
// affiche le nombre de fichiers dans le répertoire
// echo "<br><br>".$Max." fichier(s)" ;
}
// utilisation de la fonction
// param.1 : chemin du répertoire ("." si il s'agit du rép. courant)
// param.2 : ASC ou DESC (A-Z ou Z-A)
DirTri(".","ASC");
// message en bas
echo '<FONT face="Cosmic" size="-3">';
echo "<!-- Champ de Copyright -->";
echo '<center>Copyright © 2004-2005, Eric Cantin (www.cants.org), tous droits réservés.<br>';
echo 'Protégé par les lois du copyright des États-Unis et du Canada et par des traités internationaux
.<br>';
echo 'Cants, Lévis, Québec 12 novembre 2005.<br></center>';
echo "<!-- Copyright -->";
echo "</FONT>";
echo "</body>";
echo "</html>";
?>
Posted at 02:33PM août 14, 2009 by Éric in Solaris |
ps -ef sous Solaris coupe l`information
Sous Solaris la commande ps -ef retourne pas l`information au complet.
# /usr/ucb/ps -auxwww donne plus d`information.
Posted at 10:13PM juil. 16, 2009 by Éric in Solaris |
coolstack version 1.3.1
Référence externe
J'ai choisi les packages de coolstack version 1.3.1 car ils sont maintenus par Sun Microsystems.
Le projet a été déménagé vers GlassFish Web Stack
Lien officiel chez Sun http://www.sun.com/software/webstack/.
http://cooltools.sunsource.net/coolstack/CoolStack1.3.pdf
Avertissements
CSKruntime Ce package contient la base commune des autres packages (devra être installé en premier).
CSKlibsbundle Ce package contient les librairies requise par les extensions PHP: CSKtds, CSKncurses, CSKlibs.
Description détaillée
Installation de la zone
Configuration de la zone
base commune
# cd /export/home1/adm/source # mkdir coolstack # cd coolstack
Télécharger tous les fichiers depuis http://cooltools.sunsource.net/coolstack/
Extraire les packages.
# bunzip2 *.bz2
- CSKruntime contient la base commune.
- Répondre all et yes
# pkgadd -d CSKruntime_1.3.1_i386.pkg
- Répondre all et yes
Apache 2.2.9 + mySQL 5.1.25 + PHP 5.2.6
- CSKlibsbundle contient les librairies requise par les extensions PHP
- Répondre all et yes
# pkgadd -d CSKlibsbundle_1.3.1_i386.pkg
- Répondre all et yes
- CSKamp contient Apache 2.2.9, mySQL 5.1.25 et PHP 5.2.6.
- Répondre all et yes
# pkgadd -d CSKamp_1.3.1_i386.pkg
- Répondre all et yes
Perl
- CSKperl perl 5.8.8
- Répondre all et yes
# pkgadd -d CSKperl_1.3.1_i386.pkg
- Répondre all et yes
Python
- CSKpython Python 2.5.2
- Répondre all et yes
# pkgadd -d CSKpython_1.3.1_i386.pkg
- Répondre all et yes
MySQL
Création d'un usager et d'un groupe mysql.
# groupadd mysql # useradd -c "mysql database" -d /var/mysql -g mysql -u 900 -s /bin/false mysql
Changer le répertoire de mysql.
# vi /opt/coolstack/lib/svc/method/svc-cskmysql32
#DB_DIR=${MYSQL_DIR}/data
DB_DIR=/var/mysql
# chmod 700 /var/mysql # chown -R mysql:mysql /var/mysql
# cp /opt/coolstack/mysql_32bit/share/mysql/my-small.cnf /var/mysql/my.cfg
Créer la DB.
# /opt/coolstack/mysql_32bit/bin/mysql_install_db --datadir=/var/mysql # chown -R mysql:mysql /var/mysql
Définir le mot de passe de root sous mysql.
# /opt/coolstack/mysql_32bit/bin/mysqld_safe --datadir=/var/mysql & # /opt/coolstack/mysql_32bit/bin/mysqladmin -u root password 'new-password' # /opt/coolstack/mysql_32bit/bin/mysqladmin -u root -h hostname password 'new-password'
# kill <PID>
pour le démarrer
# svcadm enable svc:/application/database/mysql:mysql32-csk
Vérification que le service écoute sur son port.
# netstat -an | grep -i listen | grep 3306
*.3306 *.* 0 0 49152 0 LISTEN
Création de la base de données
Ouvrir MySQL en tant que root.
# /opt/coolstack/mysql_32bit/bin/mysql -uroot -p
Pour créer une BD
mysql> create database new_site;
Créer un usager qui va être admin de la BD newbd.
mysql> grant all on new_site.* to user1@'%' identified by 'PASSWORD'; mysql> grant all on new_site.* to user1@localhost identified by 'PASSWORD';
Configuration apache 2.2
- Préparation de la configuration en vu de l'exploitation d'apache 2.
# vi /opt/coolstack/apache2/conf/httpd.conf
- Modifier l'adresse de courrier.
# # ServerAdmin: Your address, where problems with the server should be # e-mailed. This address appears on some server-generated pages, such # as error documents. e.g. admin@your-domain.com # ServerAdmin you@yourhost.com
ServerAdmin webadmin@mondomaine.com
- Définir le nom du serveur web sous ServerName
# # ServerName gives the name and port that the server uses to identify itself. # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. # # If your host doesn't have a registered DNS name, enter its IP address here. # #ServerName www.example.com:80
ServerName www.mondomaine.com:80
- Modifier le DocumentRoot (le répertoire par défaut)
# # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot "/opt/apache-2.2.10/htdocs"
DocumentRoot "/export/home1/daemons/apache/htdocs"
- Modifier le Directory.
# # This should be changed to whatever you set DocumentRoot to. # <Directory "/opt/apache-2.2.10/htdocs">
<Directory "/export/home1/daemons/apache/htdocs">
- htaccess
# # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None
AllowOverride All
- Pour avoir les log en format long avec la version du furteur et du os.
- Mettre en comentaire CustomLog logs/access_log common
- Et décommenter la ligne CustomLog logs/access_log combined
<IfModule log_config_module> # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> # # The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a <VirtualHost> # container, they will be logged here. Contrariwise, if you *do* # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # #CustomLog logs/access_log common # # If you prefer a logfile with access, agent, and referer information # (Combined Logfile Format) you can use the following directive. # CustomLog logs/access_log combined </IfModule>
Configuration php.ini
- désactiver apc (apache caching)
- The Alternative PHP Cache (APC) is a free and open opcode cache for PHP. It was conceived of to provide a free, open, and robust framework for caching and optimizing PHP intermediate code.
- http://ca3.php.net/apc
# vi /opt/coolstack/php5/lib/php.ini
extension="apc.so"
#extension="apc.so"
- activer gd
- PHP is not limited to creating just HTML output. It can also be used to create and manipulate image files in a variety of different image formats, including gif, png, jpg, wbmp, and xpm. Even more convenient, PHP can output image streams directly to a browser. You will need to compile PHP with the GD library of image functions for this to work. GD and PHP may also require other libraries, depending on which image formats you want to work with.
You can use the image functions in PHP to get the size of JPEG, GIF, PNG, SWF, TIFF and JPEG2000 images.
With the exif extension, you are able to work with information stored in headers of JPEG and TIFF images. This way you can read meta data generated by digital cameras. The exif functions do not require the GD library.
- http://ca3.php.net/gd
# vi /opt/coolstack/php5/lib/php.ini
;extension=gd.so
extension=gd.so
- activer ldap
- LDAP is the Lightweight Directory Access Protocol, and is a protocol used to access "Directory Servers". The Directory is a special kind of database that holds information in a tree structure.
- http://ca.php.net/ldap
# vi /opt/coolstack/php5/lib/php.ini
;extension=ldap.so
extension=ldap.so
- activer mbstring
- While there are many languages in which every necessary character can be represented by a one-to-one mapping to an 8-bit value, there are also several languages which require so many characters for written communication that they cannot be contained within the range a mere byte can code (A byte is made up of eight bits. Each bit can contain only two distinct values, one or zero. Because of this, a byte can only represent 256 unique values (two to the power of eight)). Multibyte character encoding schemes were developed to express more than 256 characters in the regular bytewise coding system.
When you manipulate (trim, split, splice, etc.) strings encoded in a multibyte encoding, you need to use special functions since two or more consecutive bytes may represent a single character in such encoding schemes. Otherwise, if you apply a non-multibyte-aware string function to the string, it probably fails to detect the beginning or ending of the multibyte character and ends up with a corrupted garbage string that most likely loses its original meaning.
mbstring provides multibyte specific string functions that help you deal with multibyte encodings in PHP. In addition to that, mbstring handles character encoding conversion between the possible encoding pairs. mbstring is designed to handle Unicode-based encodings such as UTF-8 and UCS-2 and many single-byte encodings for convenience (listed below).
- http://ca.php.net/mbstring
# vi /opt/coolstack/php5/lib/php.ini
;extension=mbstring.so
extension=mbstring.so
- désactiver magic_quotes_gpc
- The magic quotes option was introduced to help protect developers from SQL injection attacks. It effectively executes addslashes() on all information received over GET, POST or COOKIE. Unfortunately this protection isn't perfect: there are a series of other characters that databases interpret as special not covered by this function. In addition, data not sent direct to databases must un-escaped before it can be used.
- http://ca.php.net/manual/en/function.get-magic-quotes-gpc.php
# vi /opt/coolstack/php5/lib/php.ini
Ajouter sous la section PHP avant CSKlibs package is required.....
magic_quotes_gpc = Off
- activer curl.so
- Curl est obligatoire pour utiliser fopen
- http://www.php.net/manual/en/ref.curl.php
- http://phpsec.org/projects/phpsecinfo/tests/allow_url_fopen.html Note de sécurité sur l'utilisation de fopen.
- sous php.ini
- allow_url_fopen = On <--- valeur par défault
- engine = On <--- valeur par défault
- safe_mode = Off <--- valeur par défault
# vi /opt/coolstack/php5/lib/php.ini
;extension=curl.so
extension=curl.so
- sous php.ini
libmcrypt sous php
- mcript ajout au project Sun Web Stack
# cd /export/home1/adm/source/ # mkdir mcrypt # cd mcrypt # wget http://iweb.dl.sourceforge.net/sourceforge/mcrypt/libmcrypt-2.5.8.tar.gz # gzcat libmcrypt-2.5.8.tar.gz | /usr/sfw/bin/gtar -xf - # cd libmcrypt-2.5.8 # export CC=cc # export CC=/usr/sfw/bin/gcc # ./configure --prefix=/opt/libs/libmcrypt --enable-dynamic-loading \ --with-included-algos=cast-128,gost,rijndael-128,twofish,arcfour,cast-256,loki97,rijndael-192,saferplus,wake,blowfish-compat,des,rijndael-256,serpent,xtea,blowfish,enigma,rc2,tripledes # make # make install
# cd /export/home1/adm/source/ # mkdir mcrypt # cd mcrypt # wget http://svn.everycity.co.uk/public/solaris/packages/stable/ECsws-phpmcrypt_5-2.r02.pkg.gz # gunzip ECsws-phpmcrypt_5-2.r02.pkg.gz # pkgadd -d ECsws-phpmcrypt_5-2.r02.pkg # ln -s /opt/webstack/php/5.2/modules/mcrypt.so /opt/coolstack/php5/lib/php/extensions/no-debug-non-zts-20060613/mcrypt.so
# vi /opt/coolstack/php5/lib/php.ini
# libmcrypt extension=mcrypt.so
Démarrage apache2.2
Pour démarrer apache 2.2.
svcadm enable svc:/network/http:apache22-csk
Posted at 12:00AM mai 29, 2009 by Éric in Solaris |
statistique d'utilisation sous apache uastats.ksh
Ce script donne les stats sous apache
$ vi uastats.ksh modifier la ligne LOG="/opt/coolstack/apache2/logs" pour dire ou est le fichier access_log
#!/usr/sfw/bin/zsh
#!/usr/dt/bin/dtksh
# statistiques sur les agents utilisateurs web et les
# systèmes sur lesquels ils sont utilisés
export PATH=/usr/bin
typeset -F SCORE
TMP=/var/tmp
IP_LIST=$TMP/ip.egrep.$$
ROBOT_LIST=$TMP/robot.egrep.$$
EXTERNAL=$TMP/external.$$
UA=$TMP/useragent.$$
GECKO=$TMP/gecko.$$
NOTMSIE=$TMP/notmsie.$$
REQUESTS=$TMP/requests.$$
# Fichier egrep pour supprimer les interrogations locales Internes
cat > $IP_LIST << !EOF
^144.204
!EOF
# Fichier egrep pour supprimer aspirateurs et les indexeurs de site
cat > $ROBOT_LIST << !EOF
ANONYMOUS
ActiveBookmark
AlkalineBOT
Ask Jeeves/Teoma
asterias/
Autonomy
appie
Biglotron
BlackBerry
bot
ccubee/
cfetch/
contype
combine/
CSHttpClient
CURL_USER_AGENT
Crawler
DA 5.
DataCha0s
DataFountains
DiamondBot
DoCoMo
Dual Proxy
EARTHCOM.info
eCatch/
Egenas
Eudora
eStyleSearch 4
ExaleadDesktop
Extreme Picture Finder
FDM 1.
FavIconizer
FavOrg
FlashGet
GbPlugin
GetRight/
Go!Zilla
Goldfire
Google/
Gruppo
Harvest/
ia_archiver
IDS LinkChecker
InternetLinkAgent/
InternetSeer.com
JoeDog
larbin_
libwww-perl/
LWP::Simple
LinkLint
LinkScan/
LinkWalker
MSFrontPage/
MSProxy/
Microsoft Data Access
Microsoft Office Protocol
Microsoft URL Control
Microsoft-WebDAV-MiniRedir/
Mimetype Getinfo
Moozilla
NG/2.0
NetAnts/
NutchTestBot/
Pita
Python-urllib/
Scooter/
SpiderMan
Squid
StarDownloader/
Teleport Pro/
UdmSearch/
User-Agent: NG/
Vagabondo/
W3CLineMode/
WebIndexer/o
WinDev8
webcollage/
htdig
http://
HTTrack
ichiro
spider
slurp
!EOF
# Construction du fichier journal
# Partie à adapter en fonction du nom des logs.
#LOG="/var/apache2/logs"
LOG="/opt/coolstack/apache2/logs"
if (( $# == 0 ))
then
cat $LOG/access_log > $REQUESTS
else
# M est un mois : 01 -12
for M in $@
do
gzcat $LOG/access*log.$(date +%Y)-$M-*.gz
done > $REQUESTS
fi
# Elimination des signatures locales et internes
egrep -v -f $IP_LIST $REQUESTS > $EXTERNAL
rm -f $REQUESTS
# Extraction de la signature du navigateur et suppresion des aspirateurs
cut -d'"' -f 6 $EXTERNAL | egrep -v -f $ROBOT_LIST > $UA
rm -f $ROBOT_LIST $EXTERNAL
TOTAL=$(cat $UA | wc -l)
print "\n---- STATISTIQUES PAR AGENT UTILISATEUR ----\n"
# MicroSoft Internet Explorer
HITS=$(grep MSIE $UA | grep -v Opera | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "%-24s %12d / %-14d hits\t%% = %2.4f\n" \
"Internet Explorer" "$HITS" "$TOTAL" "$SCORE"
# Gecko
grep -i Gecko $UA > $GECKO
HITS=$(wc -l < $GECKO)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "%-24s %12d / %-14d hits\t%% = %2.4f\n" \
"Gecko" "$HITS" "$TOTAL" "$SCORE"
print
HITS=$(grep -i Netscape $GECKO | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "\t%-16s %12d / %-14d hits\t%% = %2.4f\n" \
"Netscape [678]" "$HITS" "$TOTAL" "$SCORE"
HITS=$(egrep -v 'Netscape|Firefox|Safari|Camino|Galeon|Epiphany' $GECKO | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "\t%-16s %12d / %-14d hits\t%% = %2.4f\n" \
"Mozilla" "$HITS" "$TOTAL" "$SCORE"
HITS=$(egrep -i 'Firefox|Firebird' $GECKO | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "\t%-16s %12d / %-14d hits\t%% = %2.4f\n" \
"Firefox" "$HITS" "$TOTAL" "$SCORE"
HITS=$(grep -i Safari $GECKO | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "\t%-16s %12d / %-14d hits\t%% = %2.4f\n" \
"Safari" "$HITS" "$TOTAL" "$SCORE"
HITS=$(grep -i Camino $GECKO | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "\t%-16s %12d / %-14d hits\t%% = %2.4f\n" \
"Camino" "$HITS" "$TOTAL" "$SCORE"
HITS=$(grep -i Galeon $GECKO | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "\t%-16s %12d / %-14d hits\t%% = %2.4f\n" \
"Galeon" "$HITS" "$TOTAL" "$SCORE"
HITS=$(grep -i Epiphany $GECKO | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "\t%-16s %12d / %-14d hits\t%% = %2.4f\n" \
"Epiphany" "$HITS" "$TOTAL" "$SCORE"
rm -f $GECKO
print
# Opera
HITS=$(grep -i Opera $UA | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "%-24s %12d / %-14d hits\t%% = %2.4f\n" \
"Opera" "$HITS" "$TOTAL" "$SCORE"
HITS=$(grep -i Konqueror $UA | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "%-24s %12d / %-14d hits\t%% = %2.4f\n" \
"Konqueror" "$HITS" "$TOTAL" "$SCORE"
grep -v MSIE $UA | grep -v Opera > $NOTMSIE
# Netscape Navigator 4
HITS=$(grep '^Mozilla/4\.[5678]' $NOTMSIE | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "%-24s %12d / %-14d hits\t%% = %2.4f\n" \
"Netscape 4" "$HITS" "$TOTAL" "$SCORE"
# Java
HITS=$(grep 'Java' $NOTMSIE | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "%-24s %12d / %-14d hits\t%% = %2.4f\n" \
"Java" "$HITS" "$TOTAL" "$SCORE"
# Lynx
HITS=$(grep 'Lynx' $NOTMSIE | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "%-24s %12d / %-14d hits\t%% = %2.4f\n" \
"Lynx" "$HITS" "$TOTAL" "$SCORE"
# Wget
HITS=$(grep 'Wget' $NOTMSIE | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "%-24s %12d / %-14d hits\t%% = %2.4f\n" \
"Wget" "$HITS" "$TOTAL" "$SCORE"
# Windows Media Player
HITS=$(grep Windows-Media-Player $UA | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "%-24s %12d / %-14d hits\t%% = %2.4f\n" \
"Windows-Media-Player" "$HITS" "$TOTAL" "$SCORE"
# QuickTime
HITS=$(grep QuickTime $UA | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "%-24s %12d / %-14d hits\t%% = %2.4f\n" \
"QuickTime" "$HITS" "$TOTAL" "$SCORE"
print "\n---- STATISTIQUES PAR TYPE DE SYSTÈME ----\n"
for S in Linux 'Mac[i_]' 'SunOS sun4' 'SunOS i86pc' HP-UX OSF1 AIX IRIX \
FreeBSD NetBSD OpenBSD 'Win.*95' 'Win.*98' 'Win.*NT'
do
HITS=$(grep -i "$S" $UA | wc -l)
SCORE=$(( HITS * 100.0 / TOTAL ))
print -f "%-24s %12d / %-14d hits\t%% = %2.4f\n" \
"$S" "$HITS" "$TOTAL" "$SCORE"
done
print
rm -f $UA $IP_LIST $ROBOT_LIST $NOTMSIE
$ /export/home1/adm/scripts/uastats.zsh
---- STATISTIQUES PAR AGENT UTILISATEUR ----
Internet Explorer 500 / 3839 hits % = 13.0242
Gecko 1024 / 3839 hits % = 26.6736
Netscape [678] 0 / 3839 hits % = 0.0000
Mozilla 0 / 3839 hits % = 0.0000
Firefox 1024 / 3839 hits % = 26.6736
Safari 0 / 3839 hits % = 0.0000
Camino 0 / 3839 hits % = 0.0000
Galeon 0 / 3839 hits % = 0.0000
Epiphany 0 / 3839 hits % = 0.0000
Opera 0 / 3839 hits % = 0.0000
Konqueror 0 / 3839 hits % = 0.0000
Netscape 4 0 / 3839 hits % = 0.0000
Java 0 / 3839 hits % = 0.0000
Lynx 0 / 3839 hits % = 0.0000
Wget 0 / 3839 hits % = 0.0000
Windows-Media-Player 0 / 3839 hits % = 0.0000
QuickTime 0 / 3839 hits % = 0.0000
---- STATISTIQUES PAR TYPE DE SYSTÈME ----
Linux 0 / 3839 hits % = 0.0000
Mac[i_] 0 / 3839 hits % = 0.0000
SunOS sun4 0 / 3839 hits % = 0.0000
SunOS i86pc 0 / 3839 hits % = 0.0000
HP-UX 0 / 3839 hits % = 0.0000
OSF1 0 / 3839 hits % = 0.0000
AIX 0 / 3839 hits % = 0.0000
IRIX 0 / 3839 hits % = 0.0000
FreeBSD 0 / 3839 hits % = 0.0000
NetBSD 0 / 3839 hits % = 0.0000
OpenBSD 0 / 3839 hits % = 0.0000
Win.*95 0 / 3839 hits % = 0.0000
Win.*98 0 / 3839 hits % = 0.0000
Win.*NT 1524 / 3839 hits % = 39.6978
Posted at 12:00AM mars 13, 2009 by Éric in Solaris |
Samba 3 de blastwave avec l'utilisation de LDAP (AD Ms)
Samba Tips and Trix!
Using Samba 3 from blastwave and authenticating against Windows AD using winbind.
(Step by step)
1. Install samba by 'pkg-get -i samba samba_wb'.
2. Create a /etc/krb5.conf from the template file /etc/cswkrb5.conf. (replace AD.INSERVE.SE with your AD and 192.168.0.12 with the hostname of your kdc)
exemple: /etc/krb5.conf
#v 1.01
#Template Kerberos->Windows AD integration.
#Belongs to Blastwave samba_wb package.
#20051008 Fredrik Lundholm fredrik@blastwave.org
#
#To use:
# 1. copy this file into /etc/krb5.conf.
[libdefaults]
default_realm = MTQ.MIN.INTRA
[realms]
MTQ.MIN.INTRA = {
kdc = 10.100.242.107
}
[domain_realms]
.kerberos.server = MTQ.MIN.INTRA
3. Edit /etc/nsswitch.conf and add winbind as a name service.
exemple: /etc/nsswitch.conf
# # /etc/nsswitch.dns: # # An example file that could be copied over to /etc/nsswitch.conf; it uses # DNS for hosts lookups, otherwise it does not use any other naming service. # # "hosts:" and "services:" in this file are used only if the # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports. # DNS service expects that an instance of svc:/network/dns/client be # enabled and online. passwd: files winbind group: files winbind # You must also set up the /etc/resolv.conf file for DNS name # server lookup. See resolv.conf(4). hosts: files dns wins # Note that IPv4 addresses are searched for in all of the ipnodes databases # before searching the hosts databases. ipnodes: files dns networks: files protocols: files rpc: files ethers: files netmasks: files bootparams: files publickey: files # At present there isn't a 'files' backend for netgroup; the system will # figure it out pretty quickly, and won't use netgroups at all. netgroup: files automount: files aliases: files services: files printers: user files auth_attr: files prof_attr: files project: files
4. Get either libgroups.SPARC.so or libgroups.i386.so or the SOURCE and put it in a safe place.
5. Edit the /etc/init.d/cswsamba and set an LD_PRELOAD variable to point to the libgroups.xxx.so file
6. Add the Samba server to the AD (first make sure you have a valid smb.conf).
exemple: smb.conf
# Samba config file created using SWAT
# from 10.100.225.186 (10.100.225.186)
# Date: 2006/06/21 13:49:38
[global]
workgroup = MTQ
realm = MTQ.MIN.INTRA
netbios name = SDS0000-SOL001
netbios aliases = boyce
server string = *DGIT-DS-0930 - sds0000-sol001 Samba-%v
security = ADS
password server = sdcmtq0-000001
username map = /opt/csw/etc/samba/users.map
log file = /var/samba/log/%m.log
max log size = 50
local master = No
domain master = No
dns proxy = No
wins server = 10.100.242.107
ldap ssl = no
NIS homedir = Yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = Yes
winbind nested groups = Yes
admin users = root, Administrateur
printer admin = @ntadmin
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
[homes]
comment = Home Directories
path = /home/%u/dos
read only = No
create mask = 0755
browseable = No
[tmp]
comment = ISO-Documents
path = /export/zones/lully/root/export/home1/daemons/ftpd/ISO
valid users = @U-DS0000-G-Utilisateurs
admin users = @U-ds0000-G-administration
read only = No
exemple: users.map
carole = cmontambault denisc = dchateauneuf france = flangelier
# net ads join -UAdministrator%not24get7. Check that 'getent passwd' and 'getent group' gives output similar to this:
root:x:0:1:Super-User:/:/sbin/sh
AD+Administrator:x:10000:10000:Administrator:/export/home/AD/Administrator:/bin/bash
8. Start Samba with '/etc/init.d/cswsamba start' and enjoy!
Done!
Posted at 12:00AM sept. 06, 2007 by Éric in Solaris |
Zones sous Solaris
zfs création du répertoire zones
- Création des répertoires chacune des zones.
zfs create export/home1/zones for znom in nomdelazone do zfs create sanbox/zones/$znom chmod 700 /sanbox/zones/$znom done
XML Configuration de zones
Nous allons utilisé une zone partiel. Ce type de zone est appelé "Sparse Root Model".
- Pour la création du fichier de configuration de la zone on utilise la commande zonecfg.
- vérifier l'interface réseau avec ifconfig pour avoir le bon physical.
# zonecfg -z production1 production1: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:production1> create zonecfg:production1> set autoboot=true zonecfg:production1> set zonepath=/sanbox/zones/production1 zonecfg:production1> add net zonecfg:production1:net> set address=10.53.229.240 zonecfg:production1:net> set physical=bnx0 zonecfg:production1:net> end zonecfg:production1> info zonename: acceptation zonepath: /sanbox/zones/production1 brand: native autoboot: true bootargs: pool: limitpriv: scheduling-class: ip-type: shared inherit-pkg-dir: dir: /lib inherit-pkg-dir: dir: /platform inherit-pkg-dir: dir: /sbin inherit-pkg-dir: dir: /usr net: address: 10.53.229.240 physical: bnx0 defrouter not specified zonecfg:production1> verify zonecfg:production1> commit zonecfg:production1> exit
- vérifier l'interface réseau avec ifconfig pour avoir le bon physical.
- Liste les zones active et leur état.
# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / native shared - production1 configured /sanbox/zones/production1 native shared
- Définition des localisations des zones.
# more /etc/zones/index # Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "@(#)zones-index 1.2 04/04/01 SMI" # # DO NOT EDIT: this file is automatically generated by zoneadm(1M) # and zonecfg(1M). Any manual changes will be lost. # global:installed:/ production1:configured:/sanbox/zones/production1:
- Configuration de la zone. Les modifications au niveau du fichier xml peuvent se faire quand la zone est arrêtée.
# more /etc/zones/production1.xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE zone PUBLIC "-//Sun Microsystems Inc//DTD Zones//EN" "file:///usr/share/lib/xml/dtd/zonecfg.dtd.1"> <!-- DO NOT EDIT THIS FILE. Use zonecfg(1M) instead. --> <zone name="production1" zonepath="/sanbox/zones/production1" autoboot="true"> <inherited-pkg-dir directory="/lib"/> <inherited-pkg-dir directory="/platform"/> <inherited-pkg-dir directory="/sbin"/> <inherited-pkg-dir directory="/usr"/> <network address="10.53.229.240" physical="bnx0"/> </zone>
- Pour les autres zones
- Création d'un nouveau fichier xml cp /etc/zones/production1.xml /etc/zones/production?.xml
- Modification du fichier vi /etc/zones/production?.xml
- zone name=
- zonepath=
- network address=
- Modifier le fichier vi /etc/zones/index
- Ajouter sous les entrées existantes.production?:configured:/sanbox/zones/production?:
- Vérification du fichier de configuration /etc/zones/production1.xml.
# zoneadm -z production1 verify
Ajout des packages à la zone
- Installation des pkg.
# zoneadm -z production1 install Preparing to install zone <production1>. Creating list of files to copy from the global zone. Copying <7499> files to the zone. Initializing zone product registry. Determining zone package initialization order. Preparing to initialize <1126> packages on the zone. Initialized <1126> packages on zone. Zone <production1> is initialized. The file </sanbox/zones/production1/root/var/sadm/system/logs/install_log> contains a log of the zone installation.
- Liste les zones active et leur état. (on remarque que l'état change)
# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / native shared - production1 installed /sanbox/zones/production1 native shared - production2 configured /sanbox/zones/production2 native shared
# zoneadm -z production2 install;zoneadm -z production? install
Amorçage de la zone
- Démarrage de la zones.
# zoneadm -z production1 boot
- Liste les zones active et leur état. (on remarque que l'état change)
# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / native shared 1 production1 running /sanbox/zones/production1 native shared - production2 installed /sanbox/zones/production2 native shared
- Démarrage des autres zones.
# zoneadm -z production2 boot;zoneadm -z production? boot
Configuration de Solaris sous la zone
- Connexion à la zone par la console (-C) (pour quitter la console ~.)
- Les opérations devront être reproduite sur chaque zone.
# zlogin -C production1 [Connected to zone 'production1' console]
- Les opérations devront être reproduite sur chaque zone.
Langue
Select a Language 0. English 1. es 2. fr Please make a choice (0 - 2), or press h or ? for help: 0
Localisation
Select a Locale 0. English (C - 7-bit ASCII) 1. Canada (English) (UTF-8) 2. Canada-English (ISO8859-1) 3. U.S.A. (UTF-8) 4. U.S.A. (en_US.ISO8859-1) 5. U.S.A. (en_US.ISO8859-15) 6. Go Back to Previous Screen Please make a choice (0 - 6), or press h or ? for help: 1
type de terminal
What type of terminal are you using? 1) ANSI Standard CRT 2) DEC VT52 3) DEC VT100 4) Heathkit 19 5) Lear Siegler ADM31 6) PC Console 7) Sun Command Tool 8) Sun Workstation 9) Televideo 910 10) Televideo 925 11) Wyse Model 50 12) X Terminal Emulator (xterms) 13) CDE Terminal Emulator (dtterm) 14) Other Type the number of your choice and press Return: 12
hostname
Host Name for bnx0:1
Enter the host name which identifies this system on the network. The name
must be unique within your domain; creating a duplicate host name will cause
problems on the network after you install Solaris.
A host name must have at least one character; it can contain letters,
digits, and minus signs (-).
Host name for bnx0:1 production1
F2_Continue F6_Help
Confirm Information for bnx0:1
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
Host name: production1
Esc-2_Continue Esc-4_Change Esc-6_Help
kerberos
Configure Security Policy:
Specify Yes if the system will use the Kerberos security mechanism.
Specify No if this system will use standard UNIX security.
Configure Kerberos Security
qqqqqqqqqqqqqqqqqqqqqqqqqqq
[ ] Yes
[X] No
Esc-2_Continue Esc-6_Help
Confirm Information
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
Configure Kerberos Security: No
Esc-2_Continue Esc-4_Change Esc-6_Help
resolv.conf
Name Service
On this screen you must provide name service information. Select the name
service that will be used by this system, or None if your system will either
not use a name service at all, or if it will use a name service not listed
here.
> To make a selection, use the arrow keys to highlight the option
and press Return to mark it [X].
Name service
qqqqqqqqqqqq
[ ] NIS+
[ ] NIS
[ ] DNS
[ ] LDAP
[X] None
Esc-2_Continue Esc-6_Help
Confirm Information
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
Name service: None
Esc-2_Continue Esc-4_Change Esc-6_Help
NFSD version
NFSv4 Domain Name
NFS version 4 uses a domain name that is automatically derived from the
system's naming services. The derived domain name is sufficient for most
configurations. In a few cases, mounts that cross domain boundaries might
cause files to appear to be owned by "nobody" due to the lack of a common
domain name.
The current NFSv4 default domain is: ""
NFSv4 Domain Configuration
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
[X] Use the NFSv4 domain derived by the system
[ ] Specify a different NFSv4 domain
Esc-2_Continue Esc-6_Help
Confirm Information for NFSv4 Domain
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
NFSv4 Domain Name: << Value to be derived dynamically >>
Esc-2_Continue Esc-4_Change Esc-6_Help
Fuseau horaire
Time Zone
On this screen you must specify your default time zone. You can specify a
time zone in three ways: select one of the continents or oceans from the
list, select other - offset from GMT, or other - specify time zone file.
> To make a selection, use the arrow keys to highlight the option and
press Return to mark it [X].
Continents and Oceans
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
- [ ] Africa
x [X] Americas
x [ ] Antarctica
x [ ] Arctic Ocean
x [ ] Asia
x [ ] Atlantic Ocean
x [ ] Australia
x [ ] Europe
v [ ] Indian Ocean
Esc-2_Continue Esc-6_Help
Country or Region
> To make a selection, use the arrow keys to highlight the option and
press Return to mark it [X].
Countries and Regions
qqqqqqqqqqqqqqqqqqqqqqqqqqq
- [ ] United States
x [ ] Anguilla
x [ ] Antigua & Barbuda
x [ ] Argentina
x [ ] Aruba
x [ ] Bahamas
x [ ] Barbados
x [ ] Belize
x [ ] Bolivia
x [ ] Brazil
x [X] Canada
x [ ] Cayman Islands
v [ ] Chile
Esc-2_Continue Esc-6_Help
Time Zone
> To make a selection, use the arrow keys to highlight the option and
press Return to mark it [X].
Time zones
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
- [ ] Newfoundland Time, including SE Labrador
x [ ] Atlantic Time - Nova Scotia (most places), PEI
x [ ] Atlantic Time - Nova Scotia - places that did not observe DST 1966-1
x [ ] Atlantic Time - New Brunswick
x [ ] Atlantic Time - Labrador - most locations
x [ ] Atlantic Standard Time - Quebec - Lower North Shore
x [X] Eastern Time - Quebec - most locations
x [ ] Eastern Time - Ontario - most locations
x [ ] Eastern Time - Ontario & Quebec - places that did not observe DST 19
x [ ] Eastern Time - Thunder Bay, Ontario
x [ ] Eastern Time - east Nunavut - most locations
x [ ] Eastern Time - Pangnirtung, Nunavut
v [ ] Eastern Time - Resolute, Nunavut
Esc-2_Continue Esc-6_Help
Confirm Information
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
Time zone: Eastern Time - Quebec - most locations
(America/Montreal)
Esc-2_Continue Esc-4_Change Esc-6_Help
root mot de passe
Root Password
Please enter the root password for this system.
The root password may contain alphanumeric and special characters. For
security, the password will not be displayed on the screen as you type it.
> If you do not want a root password, leave both entries blank.
Root password:
Root password:
Esc-2_Continue Esc-6_Help
redémarrage
System identification is completed. rebooting system due to change(s) in /etc/default/init [NOTICE: Zone rebooting]
Exploitation
- Les étapes qui suivent devront être reproduite sur toutes les zones créées:
- Configuration post installation
- Script qui crée l'environnement de base
- zones Crée les répertoires et copie les scripts.
# for allzones in `zoneadm list | grep -vi global`; do /export/home1/adm/scripts/env/cr_all-env.ksh zones $allzones; done
- zones Crée les répertoires et copie les scripts.
- Script qui crée l'environnement de base
- Configuration post installation
Pour un serveur unique.
# /export/home1/adm/scripts/env/cr_all-env.ksh zones <nom de la zone>
# zlogin -C production1 # zlogin -C production?
# vi /etc/hosts #### ajouter à la ligne <adresse IP> <hostname> <loghost> le hostname.domaine.com pour qu'il soit résolu avant le loghost. # /export/home1/adm/scripts/env/cr_all-env.ksh users # vi /etc/auto_home #### changer IP pour celle de la zone global. # /export/home1/adm/scripts/env/cr_all-env.ksh securities # /export/home1/adm/scripts/env/cr_all-env.ksh cfg # passwd root #### réiniscrire le même c'est pour que le mon de passe soit en MD5.
Posted at 12:00AM janv. 12, 2005 by Éric in Solaris |
Solaris /etc/vfstab
#device device mount FS fsck mount mount #to mount to fsck point type pass at boot options # fd - /dev/fd fd - no - /proc - /proc proc - no - # # --------------------------------------------------------- # DEFINE THE swap PARTITION # --------------------------------------------------------- /dev/dsk/c0t0d0s1 - - swap - no - # # --------------------------------------------------------- # MOUNT THE root PARTITION # --------------------------------------------------------- /dev/dsk/c0t0d0s0 /dev/rdsk/c0t0d0s0 / ufs 1 no - # # --------------------------------------------------------- # MOUNT THE swap PARTITION # --------------------------------------------------------- swap - /tmp tmpfs - yes - # # --------------------------------------------------------- # MOUNT /cartman VIA NFS # --------------------------------------------------------- cartman:/share2 - /cartman nfs - yes rw,soft # # --------------------------------------------------------- # MOUNT /u01 # --------------------------------------------------------- /dev/dsk/c0t2d0s7 /dev/rdsk/c0t2d0s7 /u01 ufs 2 yes - # # --------------------------------------------------------- # CONTROL 1 / REDO G1 M1 / REDO G2 M1 / REDO G3 M1 # # metainit d0 1 1 c1t0d0s7 -i 32k # --------------------------------------------------------- /dev/md/dsk/d0 /dev/md/rdsk/d0 /u03 ufs 2 yes - # # --------------------------------------------------------- # CONTROL 2 / REDO G1 M2 / REDO G2 M2 / REDO G3 M2 # # metainit d1 1 1 c2t0d0s7 -i 32k # --------------------------------------------------------- /dev/md/dsk/d1 /dev/md/rdsk/d1 /u04 ufs 2 yes - # # --------------------------------------------------------- # CONTROL 3 / REDO G1 M3 / REDO G2 M3 / REDO G3 M3 # # metainit d2 1 1 c1t1d0s7 -i 32k # --------------------------------------------------------- /dev/md/dsk/d2 /dev/md/rdsk/d2 /u05 ufs 2 yes - # # --------------------------------------------------------- # ALL ORACLE DATA FILES # # metainit d3 1 9 c2t1d0s7 c1t2d0s7 c1t3d0s7 c1t4d0s7 c1t5d0s7 c2t2d0s7 c2t3d0s7 c2t4d0s7 c2t5d0s7 -i 32k # --------------------------------------------------------- /dev/md/dsk/d3 /dev/md/rdsk/d3 /u06 ufs 2 yes - #
Posted at 05:15PM janv. 03, 2004 by Éric in Solaris |
RAID level 1
Voici la procédure pour créer un RAID level 1 sur Solaris. Il nous faut 2 disques identiques.
Dans notre cas lors de l’installation on crée le volume comme cela.
un / qui utilise tout l’espace disponible en s0
un swap de 1x à 2x la ram en s1
et une partion sans nom de 100mo pour la metadb en s7
une fois que l’installation est fini on clone les disques.
# prtvtoc -h /dev/rdsk/c0t0d0s2 | fmthard -s - /dev/rdsk/c0t0d1s2
fmthard: New volume table of contents now in place.
Maintenant on peut créé 3 bd sur les 2 disque en s7.
# metadb -f -c 3 -a c0t0d0s7 c0t0d1s7
On peut vérifier si tout c’est bien passé.
# metadb
flags first blk block count
a u 16 8192 /dev/dsk/c0t0d0s7
a u 8208 8192 /dev/dsk/c0t0d0s7
a u 16400 8192 /dev/dsk/c0t0d0s7
a u 16 8192 /dev/dsk/c0t0d1s7
a u 8208 8192 /dev/dsk/c0t0d1s7
a u 16400 8192 /dev/dsk/c0t0d1s7
Bon les BD sont ok. parfait.
Voici le début de la procédure pour créer le RAID level 1 sur le /.
Avec le premier disque on crée un metadevice d11.
# metainit -f d11 1 1 c0t0d0s0
d11: Concat/Stripe is setup
Avec le deuxième disque on fait la même chose mais en d12.
# metainit -f d12 1 1 c0t0d1s0
d12: Concat/Stripe is setup
Une fois les metadevices créé. On fait un autre metadevice qui va inclure les 2 disques.
On commance avec le premier disque.
# metainit d10 -m d11
d10: Mirror is setup
Maintenant on va dire au système que d10 est le disque root. On lock les datas. Et puis on reboot.
# metaroot d10
# lockfs -fa
# init 6
Bon on a fait un reboot du système et maintenant d10 est notre disque root. Il nous reste à finir le mirior d10 en ajoutant d12.
# metattach d10 d12
d10: submirror d12 is attached
Enfin le / en s0 est mirior sur le metadevice d10. Il faut refaire la même chose avec s1 pour avoir une swap en RAID level 1.
Mais vous devez supprimer la swap avant.Pour afficher la ou les swap.
# swap -l
swapfile dev swaplo blocks free
/dev/dsk/c0t0d0s1 85,20 16 4041584 3854048
Pour la supprimer
# swap -d /dev/dsk/c0t0d0s1
Pour constater le résultat
# swap -l
No swap devices configured
Avec le premier disque on crée un metadevice d21.
# metainit d21 1 1 c0t0d0s1
d21: Concat/Stripe is setup
Avec le deuxième disque on fait la même chose mais en d22.
# metainit d22 1 1 c0t0d1s1
d22: Concat/Stripe is setup
Comme dans le premier cas on fait un metadevice qui va inclure les 2 disques en d20.
# metainit d20 -m d21
d20: Mirror is setup
On ajout le deuxième disque à d20.
# metattach d20 d22
d20: submirror d22 is attached
Il ne reste juste la modification du vfstab
# vi /etc/vfstab
Il faut supprimer la ligne /dev/dsk/c0t0d0s1 - - swap - no -
Et la modifier pour avoir /dev/md/dsk/d20 - - swap - no -
Le procès de la création du RAID 1 se lance automatiquement, et on peut le suivre à l’aide du metastat. Il faut attendre que ce processus soit terminé, et donc que le systéme est prèt.
La préparation du système au démarrage d’un ” META ” de réserve.
Afin de diminuer le nombre de démarrages du système et du temps des travaux, cette étape peut être effectuée avant la création du massif.
Pour le démarrage du meta de rèserve (dans notre cas, c0t1d0) il est nécessaire de connaître son chemin d’accès complet. Donc, c’est :
#ls -l /dev/rdsk/c0t0d1s0
lrwxrwxrwx 1 root root 55 Mar 5 12:54 /dev/rdsk/c0t0d1s0 ->
../../devices/sbus@0,f8000000/esp@1,200000/sd@0,1:a,raw
La partie en italic est celle dont on a besoin.
Dès qu’on peut aller à OpenBoot (exemple : lors du démarrage sur l’étape de la création du massif), on crée le nom de ce meta et on lui fait la configuration du démarrage automatique en cas où le meta principal tombe en panne :
ok nvalias second_root /sbus@0,f8000000/esp@1,200000/sd@0,1:a
ok printenv boot-device
boot-device = disk net
ok setenv boot-device disk second_root net
boot-device = disk second_root net
ok nvstore
Donc, si le meta c0t0d0 est en panne, le système commence à se démarrer du c0t1d0.
On peut vérifier le démarrage du système du meta de réserve (uniquement après la création entière du massif, et après avoir effectué metattach ainsi que le processus de création du RAID 1 :
ok boot second_root
Si tout a été bien effectué, le système se démarrera sur le meta de réserve aussi bien que sur le principal. Le démarrage suivant sera effectué du meta principal.
Posted at 12:00AM nov. 24, 2003 by Éric in Solaris |
Utilisation du Tar
TAR
Information générale sur la création de fichier TAR.
Pour créer une archive TAR
EX.:
tar -c -f fichier.tar répertoire
tar -c --gzip -f fichier.tar.gz répertoire
Pour extraire une archive TAR
EX.:
tar xfv fichier.tar
tar xfvz fichier.tar.gz
Posted at 08:18PM déc. 05, 2002 by Éric in Solaris |
