i-am.ws |
Apache mod_substitute
When building my new Apache Roller system, I had quite a few challenges with the i-am.ws domain, served from a web-server in the DMZ and Roller on a Tomcat server in the backend. The mod_proxy Apache module takes care of most of it, but hardcoded URLs in the html code need to be translated as well from the internal IP to the external domain name.
A month went by and I found the solution in stumbling on the "mod_substitute" and "mod_sed" modules. With those, the proxy can fix on the fly the hard-coded URLs generated by Roller. In this scenario, substitute "http://192.168.1.23:8080/roller/" for "http://www.i-am.ws/" and you're all set. The only thing to be aware of is that you must be running a pretty recent version of Apache (2.2.7 for "mod_substitute" and even 2.3 for "mod_sed").
Now that sounds like a done deal, but it took me couple of weekends to figure out a nasty snag with "mod_substitute" and the like. I thought it was caused by mod_proxy and mod_substitute clashing with each other. So I thought I was clever :-) and moved mod_substitute to the back-end. I installed another Apache on a different port (8642) that would do a local proxy to Tomcat (on 8080). It didn't fix the problem, but by doing I discovered that when I retrieved the web-page with "wget" (one of my favorite hacking tools) instead of Firefox, string substitution worked fine. Now my suspision moved to issues with HTTP 1.0 vs. 1.1. Again, that wasn't the case.
Getting desperate, I decided to write my own proxy server. Grabbing some old bits and pieces of code still lying around :-), that wasn't too tough. At first, things went fine and then the same thing happened again. But with my own code – not running in the background – I had a much better handle on debugging. Checking the HTTP headers of the request, I suddenly noticed that Firefox sends to the server an "Accept-Encoding: gzip, deflate" http header record (BTW, same with IE). And yes, the server replied with all html code nicely compressed. Which suddenly explained why all this time mod-substitute couldn't do anything with it. It also explained why wget, not sending that header, was working fine.
For now, I'm sticking with my home-grown proxy, but the proper solution is I guess to use mod_rewrite to get rid of those compression HTTP headers. And then mod_substitute can do what it's supposed to do.
@ 2010 Apr 25 11:33 AM, entry [ apache_mod_substitute ] was posted in [ linux ]
Witte Fietsen Plan
Hopefully your Dutch is sufficient to understand the title :). In flower-power Holland – 45 years ago on my birthday – the Provo movement started an initiative in Amsterdam to provide everybody with free bicycles. Just grab one, and leave it when you're at your destination. To distinguish these bikes and prevent them from being stolen, they were painted white. The whole thing didn't work, at least not at the time in that form.
I had to think of that last week, when I came out of the office to grab my blue bike to go back home. Mmmm, not such a good plan. My bike wasn't dark blue anymore, but bright white. A sudden late afternoon snowstorm had turned my trusted piece of commute transportation into a solid piece of ice. Oh well, just a night in the garage fixed that problem.
@ 2010 Apr 17 11:44 AM, entry [ witte_fietsen_plan ] was posted in [ general ]
Alsa Microphone
While trying to install Skype on RedHat Linux, I discovered that although I thought that sound was running fine on my CentOS 5.3 box, in reality it was only doing half the job. Playing music was fine, but capturing sound from a microphone had never properly worked. Both "/usr/bin/system-config-soundcard" and "gnome-sound-properties" didn't show anything obvious (Autodetect for the three playback options and ALSA for the sound capture), but clicking the last test button didn't result in hearing the sound of the microphone on my headset.
Another way to test this is with:
# arecord -d 5 -f cd -t wav foobar.wav # aplay foobar.wav
and in my case, I didn't hear anything while doing the playback.
It took lots of googling, but here is what you need to do. First of all, you can have the problem that your system has audio ports both on the front and the back of the system. For speakers or headsets you just plug it in anywhere and it works. Typically the front plug will disable what's plugged into the back. But for mics those two ports are not the same.
# /usr/bin/amixer ... Simple mixer control 'Mic Select',0 Capabilities: enum Items: 'Mic1' 'Mic2' Item0: 'Mic1' ...
On my system Mic1 was the input on the back of my PC, so I had to switch to Mic2 to use my headset that is plugged into the front. To change, use "/usr/bin/alsamixer", which opens a clumsy GUI, then click 'right' to get to "Mic Select" and use 'up'/'down' to change the Mic. Press 'Esc' to quit.
But that's not enough. Let's go back to our 'amixer' output.
# /usr/bin/amixer ... Simple mixer control 'Mic',0 Capabilities: pvolume pvolume-joined pswitch pswitch-joined cswitch cswitch-exclusive Capture exclusive group: 0 Playback channels: Mono Capture channels: Front Left - Front Right Limits: Playback 0 - 31 Mono: Playback 22 [71%] [-1.50dB] [on] Front Left: Capture [on] Front Right: Capture [on] Simple mixer control 'Mic Boost (+20dB)',0 Capabilities: pswitch pswitch-joined Playback channels: Mono Mono: Playback [on] ...
When I was running this the first time, it showed "Front Left/Right: Capture [off]". That's no good!! But how to change, because my alsamixer didn't show this as an option that can be changed. The following command will do the job:
# amixer sset Mic Capture cap
After that, maybe you should go back to alsamixer and switch the "Mic Boost" option on. You do that by moving right with the cursor and then press the 'M' key. Another option further right is "Mono Out", which can be 'Mic' or 'Mix'. I'm not 100% sure what it should be, I settled for 'Mix'.
Finally, while you're doing all this, you should keep your 'Volume Control' window open. For example, playing test sounds with the soundcard config tool will mute the microphone. And in other cases the level gets automagically :-) set back to zero. You better watch out.
This was for me just the prologue for installing Skype. The best way to do that successfully I found on this Hackery blog. Here is the summary.
# the skype binaries are 32-bit, so if you're running a 64-bit system, you # need to make sure you have various 32-bit libraries installed in parallel yum install glib2.i386 qt4.i386 zlib.i386 alsa-lib.i386 libX11.i386 \ libXv.i386 libXScrnSaver.i386 # installing to /opt cd /tmp wget http://www.skype.com/go/getskype-linux-beta-static cd /opt tar jxvf /tmp/skype_static-2.1.0.47.tar.bz2 ln -s skype_static-2.1.0.47 skype # setup some symlinks (the first is required for sounds to work) ln -s /opt/skype /usr/share/skype ln -s /opt/skype/skype /usr/bin/skype
Other good tips can be found on this CentOS HowTo webpage.
@ 2010 Apr 07 02:13 PM, entry [ alsa_microphone ] was posted in [ linux ]
Yum Local Install
Yesterday I was trying to configure a music player on an old laptop running Fedora 8. It required some additional packages for mp3, but when I tried to do a "yum install gstreamer-plugins-ugly" it appeared that this old stuff didn't exist anymore in any of the on-line repositories.
Luckily, pbone.net came to the rescue. I downloaded the RPM package, then tried to install, but there were a whole slew of dependencies that needed to be resolved first. Damn .... normally it means that one-by-one you've to search the net to figure out which RPM includes that specific shared library and then the result is often even more unresolved dependencies.
Don't know why, but I checked the man-page for yum and found that there is a "localinstall" command. What it does is that you use yum to install an already downloaded rpm package, but it will then use the on-line repositories to resolve the dependencies. Kind of "best of both worlds" approach.
# yum localinstall gstreamer-plugins-ugly-0.10.8-1.fc8.i386.rpm
Of course you have to hope that not too many of the other packages you need has the same issue of having disappeared from the repositories. But luck was on my side yesterday. Couple of minutes later I had my Muine Music Player running and the MP3 music was flowing out of the speakers.
@ 2010 Mar 21 11:04 AM, entry [ yum_local_install ] was posted in [ linux ]
I-am.WS
All blog entries below this one were written as part of my "blogs.sun.com" weblog. But that blog comes to an end, because around Xmas 2009 I left Oracle/Sun to join Cisco. Similar role, Datacenter Architect for Cisco's new UCS platform, later more about that. As a consequence, I can't add to my old blog anymore and I presume that anyway blogs.sun.com will soon be rolled into one of Oracles blogging sites.
For me, time to figure out another venue. I decided to install my own apache-roller (the same blogging software Sun was using), on a box in my basement running Apache and Tomcat. One of the reasons for going this route was that, couple of years ago, I managed to acquire the domain name "i-am.ws". "WS" being my initials, that seemed pretty appropriate as the new name for a blogging site. The sat image in the header is West Samoa, where these domains originate from.
This not being a "what did we have for dinner" blog, but rather more "food for techies", I have to share here a few of my experiences moving my blog from Sun's IT into my basement. The laptop I'm using, is a "goldie-oldie" PII with 256 MB of RAM. That dates it pretty well and therefore it is running RedHat EL3, nothing fancier, but hey, it's doing the job. Therefore it also has an older MySQL version (3.23.58), the same for glibc, etc.
At first I tried to install latest-greatest Roller 4, which became a disaster, all kinds of dependency conflicts. And that makes sense, on top of a 5 year OS you better build a five year old software stack. However, it can be a little scramble to find all the older sw packages. In this case I "dropped down" to Roller 3.1, picked Java 1.5 SE JDK and Tomcat 5.5. Which combination seems to work pretty well together.
The bigger challenge was that my i-am.ws domain points to another webserver on my LAN, which functions as a proxy to my CMS-Made-Simple, my Myth-Web box and now this Roller instance on Tomcat. Typically I fix the fact that different domains are being served by the same webserver, by creating an Apache HTTPD "Virtual Host" with the following parameters.
ServerName ecliptic.net ServerAlias www.ecliptic.net ServerAdmin webmaster@ecliptic.net DocumentRoot /var/www/html/ecliptic.net
But in this situation, that's not enough. We've to proxy to the tomcat server on the other box. Therefore we need to add a couple of 'ProxyPass' and 'ProxyPassReverse' parameters. The following isn't perfect, but I wanted to have "/" (the root of my domain) point to "/roller/wwwillem" on the Tomcat engine. Which makes things a little trickier.
ServerName i-am.ws ServerAlias www.i-am.ws ServerAdmin webmaster@i-am.ws ProxyPass /roller/roller-ui/ http://192.168.1.23:8080/roller/roller-ui/ ProxyPassReverse /roller/roller-ui/ http://192.168.1.23:8080/roller/roller-ui/ ProxyPass /roller/theme/ http://192.168.1.23:8080/roller/theme/ ProxyPassReverse /roller/theme/ http://192.168.1.23:8080/roller/theme/ ProxyPass /roller/wwwillem/ http://192.168.1.23:8080/roller/wwwillem/ ProxyPassReverse /roller/wwwillem/ http://192.168.1.23:8080/roller/wwwillem/ ProxyPass /wwwillem/ http://192.168.1.23:80/roller/wwwillem/ ProxyPassReverse /wwwillem/ http://192.168.1.23:80/roller/wwwillem/ ProxyPass / http://www.i-am.ws/ ProxyPassReverse / http://192.168.1.23:8080/ CustomLog /var/log/httpd/i-am-ws_access.log common ErrorLog /var/log/httpd/i-am-ws_error.log
Finally, the biggest problem is that Roller generates in many spots HTML with the base URL hard baked into the code. So, if the browser finds the Tomcat application with "i-am.ws" or even "i-am.ws/roller/wwwillem" the html page will be created with hard-coded links to http://http://192.168.1.23:8080/roller/wwwillem/. These should have been relative links of course and probably Roller 4.0 fixed a lot of that, but after googling this for a long time, it seems that there are still many issues around this. I searched for an Apache module that would scrape the html returned to make the necessary corrections, but such a thing doesn't seem to exist.
Anyway, for me the most important thing is to have my WebLog up and running again. In some future I will probably upgrade the whole thing to some newer platform (likely CentOS 6 when that's out, or Fedora 12), but for now, this is good enough. As usual, it was a good learning experience.
@ 2010 Mar 15 11:41 PM, entry [ i_am_ws ] was posted in [ general ]
Oracle Sun Better Together
In some bottom drawer I found this old marketing credit card CD from Oracle and Sun. It's probably from the same era as the VOS (Veritas, Oracle, Sun) initiative.
 |
 |
 |
 |
 |
 |
@ 2009 Oct 11 12:26 PM, entry [ better_together_cd ] was posted in [ datacenter ]
VirtualBox USB Ports
Running CentOS as my host OS and using VirtualBox to run "everything else", it didn't take long before I was running into USB problems. In my case I had a Windows 2000 guest on a CentOS 5 host (same for RedHat EL) and I wanted to use ActiveSync to connect to my WM5 Windows Mobile device.
I'm diverting for a sec, but this is the big reason why I like VirtualBox so much. I do software development for the Windows Mobile platform (http://www.locatea.net/) which requires a lot of software installation for Visual Studio and then even more for the various Windows Mobile SDKs. It is quite a job to get it all installed correctly. Previously that whole install could (and would) easily be screwed up because some completely unrelated application would mess up the registry, forcing you to reinstall the server and start from scratch.
Now, by virtualizing my desktop, I have an instance that I solely use for Windows Mobile software development. If I need Microsoft Office I do it in another Windows guest. And if I want to tryout a new software package that I don't really trust, I simply clone my base image and install it in there. If the app doesn't work out or behaves badly, I can simply blow the whole image.
So, where many people think that desktop virtualization is just great for running different types of OSes on a single host, IMHO it is even more important because it allows you to create multiple environments, that have very dissimilar functionality, but can have the same platform requirements. Of course I also use it to run OpenSolaris on my Mac. :-)
Back to USB in Windows guests. Out of the box it doesn't work, at least not on my platform. A little googling provides a lot of recommendations to add an entry to /etc/fstab (none /proc/bus/usb usbfs devgid=501,devmode=0664 0 0). It seems that for Ubuntu this fixes the problem, but not for RedHat / CentOS. It took me a lot of searching, but finally I found in an obscure corner of some forum a solution. You have to modify your /etc/rc.d/rc/sysinit file.
if [ ! -d /proc/bus/usb ]; then
modprobe usbcore >/dev/null 2>&1 && mount -n -t usbfs \
/proc/bus/usb /proc/bus/usb -o devgid=501,devmode=664
else
mount -n -t usbfs /proc/bus/usb /proc/bus/usb -o devgid=501,devmode=664
fi
This piece is mainly already there, but you need to add the "-o" parameters. In here "501" is the GID you have specified in your /etc/group for the vboxusers group.
After having done this, the Windows guest recognizes USB sticks, external hard drives and nicely connects to my mobile phone.
@ 2009 May 23 11:16 AM, entry [ virtualbox_usb_ports ] was posted in [ virtual ]
Bizarre ftp Behaviour
After spending couple of hours editing a webpage, I lost all that effort when copying the file to my webserver. And of course before the automatic backup had been made. :-(
As always, there is a lesson to be learned.
Try this yourself:
$ ftp webserver ftp> prompt Interactive mode off. ftp> mput * local: img_2.gif remote: img_2.gif 227 Entering Passive Mode (192,168,32,72,126,33) 150 Opening BINARY mode data connection for img_2.gif. 226 Transfer complete. 12980 bytes sent in 4.2e-05 seconds (3e+05 Kbytes/s) local: img_3.jpg remote: img_3.jpg 227 Entering Passive Mode (192,168,32,72,126,33) 150 Opening BINARY mode data connection for img_3.jpg. 226 Transfer complete. 28488 bytes sent in 0.017 seconds (1.6e+03 Kbytes/s) local: webpage.html remote: webpage.html 227 Entering Passive Mode (192,168,32,72,164,239) 150 Opening BINARY mode data connection for webpage.html. 226 Transfer complete. 12498 bytes sent in 4.5e-05 seconds (2.7e+05 Kbytes/s) ftp> ls * 227 Entering Passive Mode (192,168,32,72,219,226) 150 Opening ASCII mode data connection for /bin/ls. total 268 -rw-r--r-- 1 wwwillem wwwillem 12980 May 20 09:08 img_2.gif -rw-r--r-- 1 wwwillem wwwillem 28488 May 20 09:08 img_3.jpg -rw-r--r-- 1 wwwillem wwwillem 12498 May 20 09:08 webpage.html 226 Transfer complete. ftp> ls -l 227 Entering Passive Mode (192,168,32,72,207,63) 150 Opening ASCII mode data connection for /bin/ls. total 268 -rw-r--r-- 1 wwwillem wwwillem 12980 May 20 09:08 img_2.gif -rw-r--r-- 1 wwwillem wwwillem 28488 May 20 09:08 img_3.jpg -rw-r--r-- 1 wwwillem wwwillem 12498 May 20 09:08 webpage.html 226 Transfer complete.
So far all has gone well. Notice the file-size of webpage.html, 12 kB.
Now comes the problem:
ftp> ls -l *html 227 Entering Passive Mode (192,168,32,72,142,146) 150 Opening ASCII mode data connection for /bin/ls. 226 Transfer complete. ftp> quit 221-Thank you for using the FTP service on webserver. 221 Goodbye. $ ls -l webpage.html total 62 -rw-r--r-- 1 willem willem 209 May 20 09:07 webpage.html
Notice how the file has shrunk from 12 kB to only couple of hundred bytes? Let's have a look at the (new) content.
$ cat webpage.html total 123 -rw-r--r-- 1 willem willem 12980 May 20 09:01 img_2.gif -rw-r--r-- 1 willem willem 28488 May 20 09:01 img_3.jpg -rw-r--r-- 1 willem willem 209 May 20 09:07 webpage.html
What happened here? The 'ls *' ftp command was ok, same for 'ls -l'. However when we did 'ls -l *html', the result of the 'ls -l' command was written to the local html file, in this case webpage.html. That's definitely not what I would have expected to happen. Very weird behaviour!!
Finally, the client was ftp on CentOS 5 and the server was an ancient RedHat 6.2 server. And no, 6.2 is not the successor of EL5. :-)
@ 2009 May 20 08:42 AM, entry [ bizarre_ftp_behaviour ] was posted in [ linux ]
VirtualBox on Solaris
To implement a SunRay demo with a Windows Terminal Server back-end, normally we use two separate servers. But now, with virtualization all around us, why not put those two components on a single box. Of course, there are many ways to skin the cat. I decided to take the X4100 that I had in the lab, put Solaris 10u4 on it, then install Sun Ray Server Software (SRSS) and finally install VirtualBox with a Windows 2003 Enterprise Edition guest server for the backend.
However, this entry is not about Sun Ray or Windows, but about VirtualBox. When selecting the correct download, it was a bit unclear if there were separate versions for Open Solaris versus normal Solaris, or that it was all "one and the same". To jump couple of steps ahead, there is only one version, but it is clear that the developers of VirtualBox are doing their work with OpenSolaris and then expect it to work with regular Solaris as well.
Well, as I discovered, and with me many others, that doesn't always work out. The pkgadd is straight forward and without problems. At the end you will have VirtualBox in your path and you're ready to fire it up. But then I got the following error
bash-3.00# VirtualBox ld.so.1: VirtualBox: fatal: libGL.so: open failed: No such file or directory
Things like this have happened before, and my usual solution is "let's Google". In this case that was the wrong thing to do, :) because I got soooo many wrong suggestions. In some forum I read that something is wrong with the service "svc:/application/opengl/ogl-select:default" or that you have to install the package "sunwcslr". In my case, none of this was true.
I'm sure that most of the problem is related to the difference between 32 and 64 bit systems. Not only the CPU, but also the OS and therefore the libraries must be matching. With my X4100, I was running a 64 bit AMD Opteron. I had installed Solaris running in 64 bit mode and I hadn't made the mistake of downloading the 32 bit version of VirtualBox.
Here's some commands you can use to verify your own configuration regarding these issues.
bash-3.00# uname -a SunOS java3 5.10 Generic_120012-14 i86pc i386 i86pc bash-3.00# ls VirtualBox* VirtualBox-1.6.2-SunOS-amd64-r31466.pkg VirtualBox-1.6.2-SunOS_amd64.tar.gz VirtualBoxKern-1.6.2-SunOS-r31466.pkg bash-3.00# isainfo -k amd64 bash-3.00# which VirtualBox /usr/bin/VirtualBox
This looks good, 64 bits all where it matters. But why are things still going wrong when you start VirtualBox. No matter what all the other forum messages are saying, in my case it was in the end simply a matter of not finding the 64 bit version of libGL.so. I tried many other things first, but what solved it was setting LD_LIBRARY_PATH to include "/usr/X11/lib/mesa/64".
bash-3.00# VirtualBox ld.so.1: VirtualBox: fatal: libGL.so: open failed: No such file or directory Killed bash-3.00# echo $LD_LIBRARY_PATH bash-3.00# export LD_LIBRARY_PATH=/lib:/usr/lib/64:/usr/X11/lib/mesa/64 bash-3.00# echo $LD_LIBRARY_PATH /lib:/usr/lib/64:/usr/X11/lib/mesa/64 bash-3.00# VirtualBox ^C bash-3.00#
Which shows what went wrong and how it can be fixed.
@ 2008 Jul 26 08:56 AM, entry [ virtualbox_on_solaris ] was posted in [ solaris ]
Silence and Pavlov
Today I got my SunRay@Home. For those of you not working at Sun, that's a Sun Ray attached to your home network that directly VPNs (from the firmware) into SWAN, the corporate network. It allows for hot-desking from your cubicle to your study and vice versa. Pretty cool stuff.
Reason I wanted to have one at home was mainly eco driven. When I do things like software development I need a full blown desktop. But in the morning, between alarm clock and shower, I'm only drinking my first coffee and checking my email. Why should I fire-up the big desktop to only use a browser and an email client. And that was my background to sign up for the SunRay@Home program.
I got my unit today, installation was a jiffy. Everything fine, Sun Ray on my left display, PC on the right LCD. Around 10 PM I decided to shutdown the desktop PC. And then came the big surprise: For the first time in many, many years (probably twenty) I was using again a computer with zero background noise. No, not just the "nearly silent" that laptops give you, but simply absolute nothing!! It was lovely, but at the same time even weird, I guess a kind of reverse Pavlov effect (in this case I got the food but there was no bell). It appears that browsing the web and the noise of fans are by now in our minds tightly intertwined.
I do use a Sun Ray in the office, but of course modern offices can't be called noiseless. I have to go back 15 years, when I used my trusty VT220 and a modem into the office, for the last time I worked with a computer that didn't make noise. And then 20-25 years back when my desktop system consisted of a 6502 based BBC-micro computer. That one also without fans, but you still had the rattling sound of the floppy drives. :-) For the rest, it seems I've always had fans around me when I was doing my computer stuff.
So, this SunRay@Home is a keeper. I can hear the wall clock ticking again. The only thing I need to do is to replace the green power LED of my SR2 with a blue or a white one. That green is too ugly with the brushed aluminum.
@ 2008 Jul 18 10:30 PM, entry [ silence_and_pavlov ] was posted in [ desktop ]
ILOM and DHCP
It happens too often that at customer sites there are issues around the IP address for the Service Processor. The proper way to handle this is IMHO simple: For each server, add an entry to the DHCP server, where based on the MAC address of the SP, a known IP address will be assigned. This way, everything is controlled by a centralized DHCP configuration but still each server gets a "semi static" IP address.
Unfortunately, in many situations customers can not implement this, or they simply don't want to. The "can not" is most likely not based on technical arguments, but has mainly to do with organizational and responsibility issues.
Your second option is to set the Service Processor IP address from the BIOS. Which works fine, but sometimes it can be hard to find a monitor and keyboard in a Data Center. Or nobody is willing to give you a free static IP address. Third option is to let the SP do a DHCP request and monitor the logfiles on the DHCP server to see what address was handed out. Which won't work if the person who needs to use the SP has no access to the DHCP server.
The end result is that you can easily end up in a Catch 22. In the old days of V20/40z servers, we had those tiny LCD screens and you could even set the IP address using a few buttons on the front of the server. But the newer generation doesn't have those features anymore.
Last week, I was again confronted with this problem (on a corporate network, where I had zero privileges) and I solved it in a different way. What I did was write a little script that tries to ping every IP address in the subnet, or better in the range that is available to the DHCP server. Kind of "poor man's port scanner". The script (let's call it "pingscan.sh") is pretty primitive and looks like this.
#!/bin/sh for i in 13 14 15 16 17 18 19 20 21 22 23 24; do for j in 0 1 2 3 4 5 6 7 8 9; do ping -n -t 1 192.168.1.$i$j 1 done done
This will scan addresses from 192.168.1.130 to 192.168.1.249, adjust the values for your network. The "-t 1" and the "1" at the end (this is Solaris ping) will take care that with one second gaps, each address in the subnet will be tried. For Linux use "-c 1" and no trailing "1". So, the script will take a few minutes to complete, depending on the range.
Fire up your server and let the SP do a DHCP request. Then run "pingscan.sh > before". And here comes the trick! Disconnect the network cable to the SP and run "pingscan.sh > after". A simple diff of the two files will show which IP address was given to the SP.
# diff before after 57c57 < 192.168.1.186 is alive --- > no answer from 192.168.1.186
The script could be made much fancier, but this one only uses /bin/sh and can be typed in a couple of minutes. On a large and busy network it could happen that you will get multiple candidates. And of course this is not a preferred solution, because it isn't guaranteed that a week later the DHCP server won't give a different IP address. But this trick can help when you find yourself in a nasty corner. At least, it did that for me.
@ 2008 Jul 14 06:53 PM, entry [ ilom_and_dhcp ] was posted in [ network ]
Solaris Security
It's already dark when I leave the hotel, dragging my carry-on behind me. I can turn left, to the pub where the rest of the troops is probably already behind their second beer, but I decide to make a little detour to the right. I walk to the front of the 18-wheeler to see if Dan, the driver of our Project Blackbox rig, is still around. I find him, with big gloves on, between the power generator and the water chiller. He is working hard to make the Blackbox transport ready again. We shake hands to say goodbye.
I met Dan for the first time in Calgary a month or so ago, great guy, not only the driver of our Blackbox demo roadshow unit, but also the one who took the most fabulous pictures of the box in between the high-rise of Calgary's downtown core. Today we are in Vancouver. Different bussiness drivers, but the same crowd that gets inspired by Project Blackbox and sees how it can open new avenues for datacenter expension, consolidation and "going green".
After my goodbye to Dan, who's now off to Mexico City, I join my colleagues and then it's off to the airport. For those of you who are "frequent flying" as well, you know the drill. Empty your pockets, get all your keys and stuff into the grey plastic bin, your laptop in the second bin, your coat in the third, etc.
But now it comes....
One of the security folks, I would guess around 60 years old, sees my Sun badge in the bin next to my coins, my keys and phone. He asks me out of the blue, "but is Solaris free" .... and it is clear he means it in the "free as in beer" sense. It catches me a little off guard, but my reply is "you can just download it, no problem". His counter "yeah, but do I get source code and am I then able to change it?" I try to assure him with "of course, that is what open source is all about". Next question: "but do I need assembler code to do this?" (now you understand why he was at least 50+ :-). I hope I was correct, but my answer was "no problem, it's all C code, you will be fine".
And this all happened within 20 seconds, five times the speed of an elevator pitch, while at the same time I was emptying my backpack to get my laptop into the gray plastic bin, etc. Time was flying way too fast!! I would have loved to talk with this guy about what project he was working on. He was a really interesting person. As a day job checking our bags for stupid things like bottles of shampoo, but in the end really interested in how he could modify and improve Solaris.
That's special !!
@ 2007 Nov 21 12:20 AM, entry [ solaris_security ] was posted in [ solaris ]
Half Baked User Friendly
I guess since Windows 98 or so, it's the default in Explorer not to show you file extensions. Probably Microsoft hoped they could beat Apple in user-friendliness and thought that the icon would be good enough to show you the filetype. And maybe that would have been OK, if it had been implemented correctly (as a set of meta-data) like on my good-old NeXT.
It can't be that I'm the only one who completes every Windows install by: a) go to 'Folder Options' -> 'View' and unselect the 'Hide File Extensions', then b) take care that Explorer and the MS-DOS box are not hidden deep down in the 'Accessories', but are icons on the Desktop, part of the toolbar, and in the main of the Start menu. I guess I've done that now a hundred times. And it annoys me that with each and every newer Windows version, this stupid UI design is still there.
Tonight, this whole thing went a step further, and even more bizar. On a latest-greatest Windows Mobile phone, an application failed and wrote its results to a logfile (let's call it abc-xyz) in the root directory. I tried to open the file by double clicking it, but I got a pop-up that I had to open the application first and then open the file. OK, so I started 'Mobile Word', clicked 'Menu', then 'File' and found a wide range of options (like New, Save, etc.) but not 'Open'. Duh ....
In the options screen I discovered that there is a feature to select what types of files Word Mobile will show me, which even includes 'All Known FileTypes'. Mmmm, that sounded good, but still no luck. Finally I discovered that my file was in reality called abc-xyz.log, but the extension was, as explained above, not shown and secondly a .log file is appearently not a "known filetype" for Windows Mobile. When downsizing Explorer to the Mobile platform, it seems they had to drop the option 'Show All Files'. As if there is not enough memory for all the other bloatware.
But OK, I got closer to a solution. Let's simply rename the file to 'abc-xyz.txt', or even '.doc' and then all will be fine. Ehhh, not so!! Word still couldn't see the file. That was when I discovered that the rename in Explorer had rebaptized my file into 'abc-xyz.txt.log'. Which makes sense when you keep the .log part hidden, but it is absolute BS if the result is that you can't open a simple log file anymore. All in the sake of user friendliness.
You start to wonder how much usability testing has been done on a feature like this. And even more what audience the Windows developers had invited for these sessions. It's my guess that these were not a group of power-users and that the software developers were thinking that if the UI was good enough for them, it would be more than good enough for more sophisticated people. WRONG!!!
Long story short, in the end the only way to open my logfile in any application was to copy it from the phone to my desktop and use some editor to open the file and see its five lines of content.
@ 2007 Jun 28 08:33 PM, entry [ half_baked_user_friendly ] was posted in [ desktop ]
External Display at Boot
My notebook — a Fujitsu P7010D — is light and small, therefore, when not on the road, I use it with an external display and keyboard. Solaris 10 being my main OS, some careful timing is needed for when to press the Fn-F10 key while booting. It has to happen when X-Windows hasn't started yet. The display of the grub boot menu is always a good moment.
However, couple of days ago I discovered another method. I guess it's also valid for other notebooks and although I didn't test it yet, this little trick should work the same way when you run Linux. This is what I do: First of all connect all external devices, then open the laptop, press the power button, and now immediately close the laptop again. Result is that the BIOS detects this and will select the external display straight away. No need to press any function key anymore.
@ 2007 Jun 17 05:33 PM, entry [ external_display_at_boot ] was posted in [ desktop ]
Network Speed with Zones
A little time back I was preparing for a big benchmark project where our customer wanted to compare a single large system using many zones with a more horizontally scaled infrastructure, consisting of a number of smaller servers, like V490 and V890. I immediately thought that replacing a number of servers, being chatty over the network, with a single server, carved up into zones, would give a big benefit in network performance. Zone-to-zone network traffic should be faster than server-to-server. So I fired off some emails to people that I thought would give me the final answer, but the responses were very mixed.
Therefore it was time to do some of my own experiments. Doing a big benchmark in one of the Sun Solution Centers, I had the availability of some serious hardware for these tests. On the other hand, as is usual with these types of projects, there was a lot going on at the same time, therefore in the end time was limited for this little exercise.
This was my test platform:
- A few 8 CPU / 16 core domains (1800 MHz US-IV+) on E25K.
- Couple of quad Gigabit Ethernet cards, connected to a SMC switch.
- We had to use the 'ce' network drivers, because there were incompatibilities with other ones.
This is the environment I built:
- domain A, zone 1, IP 10.1.1.131, interface ce2:1 - used for sending files
- domain A, zone 2, IP 10.1.1.132, interface ce2:2 - receiver, using the same physical interface, but with its own virtual interface
- domain A, zone 3, IP 10.1.1.133, interface ce3:1 - receiver, having its own network interface, but different from the one used by the sender
- domain B, zone 1, IP 10.1.1.101, interface ce4:1 - receiver, now a completely different domain, so will only communicate with sender over the copper wire
This provided us with three test scenario's: a) network traffic from one virtual interface to another, both on the same physical interface, b) two zones talking with each other, each with their own physical interface and c) two independent servers, or in this case domains.
I used ftp to send files of three different sizes: 1M, 3M and 1G bytes. All files were created in /tmp and sent to /tmp. I repeated each test three times. Here are the results (all times in secs):
| zone-to-zone same interface |
zone-to-zone other interface |
server-to-server other interface |
|
| 1 MB | 0.0072 0.0056 0.0058 |
0.0083 0.0077 0.0080 |
0.012 0.012 0.013 |
| 3 MB | 0.27 0.16 0.15 |
0.23 0.21 0.21 |
0.35 0.33 0.34 |
| 1 GB | 6.7 5.0 4.9 |
6.1 5.4 5.4 |
11.0 11.0 12.0 |
So, from this we can see clearly that zone-to-zone traffic doesn't "hit the copper" and probably gets shortcutted somewhere in the IP layer of the TCP/IP stack. I would think that with slower interfaces, like 100 mbps, the speed advantage will be even higher than the 1.5-2x we see here.
@ 2007 May 11 01:11 AM, entry [ network_speed_with_zones ] was posted in [ virtual ]
Wireless Activate on Boot
Last night I finally found the time to upgrade my laptop from a "too much patched" Solaris 10 5/03 to a latest-greatest "Solaris eXpress Developer Edition". Before we dig into wireless, I've to do a little plug for SXDE. I think it's a great idea. Many users want on their desktop or laptop something that is up-to-date, must have a decent stability, but doesn't have to be as rock-solid as a normal Solaris release. Problem with using standard S10 on a laptop is that drivers can be "way behind". Which is then normally already fixed in Nevada, but running that on the system that my email is depending on is not my piece of cake. Nevada is great, but please on my second system.
SXDE is the sweet spot in-between: Once every 3 months a snapshot is taken of the Nevada code (the bi-weekly release of that is now also called Solaris eXpress, Community Edition, SXCE), which gets then a couple of "fixes only, no new features" debug cycles, is then bundled with Studio 11 and released to us, the Solaris end-users and developer crowd. I think this is great, it's more stable than S11 Nevada, which is really beta code, and still you get all the latest bug-fixes and drivers.
So, I moved over, and everything went very, very smooth. I also rebooted a couple of times, started to customize the system, configured NTP, noticed that SXDE knows about my Artheros WiFi chipset, configured that, and all was great. One of the biggest features for me was that it decided NOT to overwrite my MBR. So, even while my system is running RH and XP in parallel to Solaris, I didn't have to do any of that 'grub' stuff to reinstall the Master Boot Record. Cool.....
For whatever reason, I did a reboot and my system hang with an absolutely black screen. I rebooted in FailSafe mode, but couldn't see anything wrong. So I reinstalled from scratch. And again the first half hour all was OK, but then it would hang like hell. I couldn't even ping the box. I guess that in total I reinstalled 4 times over the weekend, got quite a routine for it :-), but finally I figured out what went wrong.
As usual it was a combination of a mistake by me, and a system that's not foolproof enough. In this case, my mistake was that when I configured Wireless I told it to "Activate on Boot". Made sense. But I don't have an access point, and was simply testing on what my neighbours provided on the 2.4 GHz band. :-) What is the problem, is that if you click "Activate on Boot" and then, when booting, you don't have a proper access point, the system is not properly timing out. At least that is my theory. It simply waits and waits and waits. With the result that the system simply hangs and you have to reinstall from DVD.
I guess that alternatively you can figure out how to reverse that "Active on Boot", while in FailSafe mode. I kept life more simple and from then on didn't touch that checkbox anymore. Which, so far, works pretty fine.
@ 2007 Mar 25 11:01 PM, entry [ wireless_activate_on_boot ] was posted in [ solaris ]
Solaris 10 Printer Setup
Last time that I had to setup a printer in Solaris, it was an experience straight out of hell. It was 2-3 years ago, on a system running Solaris 9, and I finally got it working, using the Common Unix Printing System (CUPS), but my experience was bad enough that since then I avoided, as well as I could, to get ever involved with printer setup again.
But setting up a Solaris 10 based system recently, to be used as a home PC, I faced the topic again. I read some man-pages and did some Googling. After some erroneous first attempts, I checked out docs.sun.com and was pointed to "printmgr". Which has improved hugely since two years ago.
The printer I had to setup was a cheap HP Deskjet 812C. And to my surprise, the list of printers preconfigured in printmgr is biiiiggg, also including my little Deskjet. Because this is a parallel port connected printer, the device it resides at is "/dev/printers/0". So far so good! See here is what I had to do to seup.
click for full-size
After this I tested with "lp -d deskjet /etc/nodename" and the textual printout was fine. Then it was time to start Mozilla and print a page with graphics and color. Also this worked out-of-the-box.
The last thing to do was to configure the printer in StarOffice. Because StarOffice runs on Windows, Linux, Solaris, OS-X and a couple of other systems, it doesn't make use of the underlying printer subsystem, but has its own. Which is a hassle, but from a software development point of view, I understand why they did it like that. To configure the new printer in StarOffice 8, go to Launch -> Applications -> Office -> Printer Administration. And then I ran out of luck. StarOffice knows only about one HP Deskjet printer and that was of course not the model I had. I still configured using that driver, and I got printouts, but there were white bands every inch and couple of other formatting issues. So, that was not the way to go.
Time to pull out of my bag of tricks a goldie-oldie, I've used for years with success. When setting up a PC, I always configure a HP LaserJet III and an Apple LaserWriter II printer. The first driver can be used for any printer that uses PCL, while the latter is the lowest common denominator for PostScript based printers. OK, you won't get the use of features like two-sided printing or using other paper bins, but for basic printing these two configs are good enough.
Back to StarOffice, I selected the driver for the "HP LasterJet III PostScript Plus" and printed a test page. All was fine, including color. Which was a bonus, knowing that the LJ III was a B&W laser printer.
@ 2006 Dec 30 01:48 PM, entry [ solaris_10_printer_setup ] was posted in [ solaris ]
Solaris install + USB
Last night ... mmm, more early this morning :-) ... I was installing OpenSolaris SDX beta (Nevada build #55) and forgot that my USB external drive was still plugged in. This happened because I had downloaded on that drive the 4 Gig ISO image and then burnt it to a DVD.
The install went well, with the only muddy thing that my bootdisk had become c2d0 and not c0d0, what I'm used to. But still: so far, so good. After login I noticed the USB partition being auto-mounted, which is good, and I suddenly understood what had happened. The USB device has one way or another a higher priority over the ATA harddisk and therefore the bootdisk becomes c2d0. Which is of course not what you want to happen.
You can imagine that when I unmounted the USB disk and rebooted, the system needed some deep hard thinking – read "long timeouts" – before it understood where to find its MBR. In short: don't do this!! I took the easy way out and reinstalled everything from scratch, which was not too bad but could have been avoided. Lesson to learn: unplug every USB stick or device before you install an OS.
@ 2006 Dec 28 08:25 PM, entry [ solaris_install_usb_a_no ] was posted in [ solaris ]
1-888-THUMPER
A while back I attended Immersion Week in St Charles near Chicago, which is a Sun internal conference / training session "for the techies" to learn about the latest products and technologies. After a morning session on Thumper (now officially Sun Fire X4500) and Honeycomb (StorageTek 5800), I decided to skip lunch and get some fresh air instead.
I walked into town, which is pretty small, and after a brisk walk, my eye suddenly fell on this truck. Not so much because of the shape or color, but of course because of the phone number. What kind of coincidence was this? The truck seemed to belong to some kind of utility repair company. And I guess the ladder will come in handy if you need to replace a disk in a "top of the rack" Thumper system. :-)
Thumper, a server/storage combination with 24TB of disk and dual AMD Opteron processors, got its code-name from John Fowler. Which was last July C|Net's "Quote of the Day" with the phrase "and from now on I'm not allowed to name anything". The summary and details of that story are still online. If it is completely true, I don't know. But it's as funny as this 1-888-THUMPER telephone number.
@ 2006 Dec 28 01:03 AM, entry [ 1_888_thumper ] was posted in [ servers ]
Network Card for Solaris X86
It's the kind of thing you don't have to do very often, because the Operating System install takes care of it so well. Even to the extend that you are tempted to just reinstall the OS when adding some new hardware to your system. In this case I needed to add two 3Com network cards to an Ultra-20 that was already configured for the onboard Ethernet. I know how to do it under Linux: just start the GUI config tool. With Solaris, it's a bit more of a manual process. But, in the end not too tough, and when you get stuck, Google is your friend.
I first checked the Solaris FAQ at www.sun.drydog.com. It was not 100% accurate (probably based on an older Solaris version), but a very good starting point. Manually configuring a network with ifconfig is something I've done often enough. But the issue for me is that I don't know which device/driver name to use. In Linux this is simple, it's always "eth0", but in Solaris it depends on the driver.
After adding the network cards and rebooting I did a PCI scan:
bash-3.00# /usr/X11/bin/scanpci pci bus 0x0000 cardnum 0x0a function 0x00: vendor 0x10de device 0x0057 nVidia Corporation CK804 Ethernet Controller pci bus 0x0001 cardnum 0x09 function 0x00: vendor 0x10b7 device 0x9050 3Com Corporation 3c905 100BaseTX [Boomerang] pci bus 0x0001 cardnum 0x0a function 0x00: vendor 0x10b7 device 0x9050 3Com Corporation 3c905 100BaseTX [Boomerang]
You see the onboard Ethernet Controller and then the two 3Com cards. The important part is the vendor and device numbers. With these two, we now have a look at:
bash-3.00# grep 9050 /etc/driver_aliases elxl "pci10b7,9050"
This gives us the "elxl" driver name I was looking for. Alternatively, you can have a look at:
bash-3.00# grep 9050 /boot/solaris/devicedb/master pci10b7,9050 pci10b7,9050 net pci elxl.bef "3Com 3C905-TX Fast Etherlink XL 10/100"
To take care that Solaris "picks up" the card, you need to do a "touch /reconfigure" and then restart your system with "reboot" or "init 6". The FAQ says that you then have to press 'Esc' during the driver configuration, but that's not the case (anymore). After rebooting, it's time to configure the network interface. First by hand:
bash-3.00# ifconfig elxl0 plumb bash-3.00# ifconfig elxl0 netmask 255.255.255.0 192.168.1.2 bash-3.00# ifconfig elxl0 up bash-3.00# ifconfig elxl0 bash-3.00# ping 192.168.1.1 bash-3.00# ifconfig elxl0 down bash-3.00# ifconfig elxl0 unplumb
And when that works fine, (assuming "moon" is the hostname) make it permanent with:
bash-3.00# echo "moon" > /etc/hostname.elxl0 bash-3.00# echo "192.168.1.2 moon" >> /etc/hosts bash-3.00# svcadm restart network/physical
@ 2006 Jul 24 03:06 PM, entry [ network_card_for_solaris_x86 ] was posted in [ solaris ]
