Techhell

NTP on Solaris 10

For a NTP server …

cp /etc/inet/ntp.server /etc/inet/ntp.conf

Replace the server lines  with

server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org

touch /var/ntp/ntp.drift
svcadm enable svc:/network/ntp

For a client :

cp /etc/inet/ntp.client /etc/inet/ntp.conf
svcadm enable svc:/network/ntp

To test:
# ntpq -p
# svcs ntp

3Com Vlan to Vlan Routing / ACL’s

system-view – to enter system-view
interface vlan-interface X – to change into the VLAN to interface
ip address X.X.X.X X.X.X.X – To assign an IP address with subnet mask.

The corresponding static routes were automatically created for the VLAN interface which can be checked using.

display ip routing-table

Then I had to add routes for the subnets on my VLANs.

Finally I set up an advanced ACL filter to block the new VLANs from accessing anything on my primary VLAN 1.

from system-view
acl number (ACL # – 3000 range) match-order config
rule deny IP source X.X.X.X(Address of source) X.X.X.X(Wildcard of source) destination X.X.X.X(Address of destination) X.X.X.X(Wildcard of destination) time-range allday(My named time range.)  - This blocks the entire subnet on VLAN 1 from being access from the subnet on VLAN 3.

Then create rules to unblock specific IPs for access from the VLAN 3 subnet which are on the VLAN 1 subnet.

rule permit IP source X.X.X.X(Address of source) X.X.X.X(Wildcard of source) destination X.X.X.X(Address of destination) 0.0.0.0(Wildcard of destination 0.0.0.0 signifies a host IP) time-range allday(My named time range.)  - This allows access from the VLAN 3 subnet to one specific IP on the other subnet in my first case the Internet router(default gateway of the other subnet.)

Then I repeated that for the other few IPs that I needed to open access up for.

Finally I applied the new ACL as a packet-filter from the system view.

So quit back out the system-view.

Type
packet-filter vlan X(Mine is 3) inbound ip-group (ACL # – mine is 3000)

Can   test this and if there are problems or you need to make changes you can use the undo command in from of it to remove it.

We need to ingnore stp. and all units must have point to the vlan interface as a gateway

System Password Recovery from mirrored disks

Root password recovery from mirrored (disk suite/lvm/slvm/what ever sun marketing wants to call it today) disks

Root metadevice is D10, made up of D11 (c1t0d0s0) and D12 (c1t1d0s0).

1) boot off Solaris 10 CD into single user mode
2) mount /dev/dsk/c1t0d0s0 /a
3) cd /a/etc
4) vi shadow and remove the encrypted password
5) cd /, then umount /a
6) dd if=/dev/rdsk/c1t0d0s2 of=/dev/rdsk/c1t1d0s2 bs=512k
7) reboot (from the root disk metadevice)

PM that DC !

It is a given that a car performs better and lasts longer if you take care of routine maintenance, such as oil changes, rotating your tires, and keeping an eye on fluid levels. What isn’t so widely accepted is that similar rules apply to data center equipment.

Few data center managers know and follow best practices related to the proper maintenance of key systems. When you think about the cost of the infrastructure components and systems and the business value of the data supported, the cost of maintenance is small.
Read the rest of this entry »

Think Small

Think small. When it comes to maintenance, it is important to pay attention to the little things. Vacuuming the data center and eliminating dust buildup on fans and inside equipment are relatively simple preventive maintenance tasks that can add longevity to equipment and prevent sudden overheats.
Read the rest of this entry »

Fresh (Outside) for your data center and budget

A good way to cut costs while improving maintenance efficiency is to use outside air (downflow / upflow) economizers to reduce usage of chillers or AC units.

If a facility is well designed, and the return air is pretty hot, the outside temperature will be more favorable for energy than the return air from the hot aisles. You have the choice to switch to outside air and keep the chiller plant operating, or as the outside air temperature drops even more, you have the option to save even more money by turning off the chiller plant. Why pay to cool 120 degree air when you have much cooler make up air available.
Read the rest of this entry »

Remove Failed Package Installs

Having a package install fail in the global zone can cause issues all over the zones.

While attempting to install a Sun package this week, I encountered the following error:

$ pkgadd -d . mysqlr

## Waiting for up to <300> seconds for package administration commands to become available (another user is administering packages on zone )

^C

1 package was not processed!

After a bit of truss’ing, I noticed that the pkgadd commands were checking for the existence of files with the name .ai.pkg.zone.lock. in /tmp. Based on a cursory inspection of the package utility source code, it appears these files are used as lock files to prevent multiple package commands from running at the same time. Since this was the only package installation running on the system, I logged into the zone and removed the stale lock file:

$ zlogin zoneA

$ rm /tmp/.ai.pkg.zone.lock-afdb66cf-1dd1-11b2-a049-000d560ddc3e

Once I removed this file, the package installed like a champ! Nice!

Find how many and what kind of interfaces on a Sun system

Ok, as I keep building various intel / amd based systems in to Solaris x86 boxen, and / or can never tell who has installed what card in one of the sparcs, this little trick comes in handy.

# ifconfig -a plumb
# ifconfig -a

This brings all interfaces online, and then lists them….

Simple DNS Monitor (Simple Hack)

Simple “nsping” there’s no need to install a separate utility to run “nsping”, you have “dig” already …

This is a simple network diagnostic tool to determine the health and reachability of name servers is nsping. As the name suggests you ping a name server, not with an ICMP echo request but with a (very random) lookup. The time interval it takes to get a reply back is what you’re after. Serious lags can indicate network issues.

The tool nsping is a standalone binary, and on most UN*X systems it’s another package to install. however, almost everyone already has dig installed, part of the BIND package. Dig is a complex name server query and diagnostic tool. one useful feature of it is that it reports the amount of time it takes to perform it’s query in milliseconds … exactly what we’re after. So, let’s use dig to do exactly what nsping does and trim down the answer to look like nsping. all we have to do is a random lookup and report only the query time. this simple shell hack uses the built in random number generator from ksh (i think the tool can work in bash, too) and awk to trim down the query from dig.
Read the rest of this entry »

Data Center Temperature & Humidity Guidelines

Monitoring the environment conditions in a computer room or data center is critical to ensuring uptime and system reliability. A report from the Gartner Group in late 2003 estimated that the average hourly cost of downtime for a computer network at that time was $42,000. It has likely gone up dramatically. At these high costs, even companies with 99.9% uptime lose hundreds of thousands of dollars each year in unplanned downtime. Maintaining recommended temperature and humidity levels in the data center can reduce unplanned downtime caused by environment conditions and save companies thousands or even millions of dollars per year.
Read the rest of this entry »