Friday, September 28, 2012

Oracle Fustercluck on Solaris 11

You're trying to install Oracle Cluster? And this thing wants you to install their stuff as "root" user. Except the "root" user cannot go to the other Solaris nodes via SSH, because it is very insecure to Oracle.
In other words, Oracle Cluster is asking you to make your OS insecure first. :-)

Here are steps for you how to fix the issue (saves you a half of a day):

1. Modify /etc/user_attr file.
Before:
root::::type=role

After:
root::::

2. Comment out line CONSOLE=/dev/console in /etc/default/login file.
Why? Read the description there.

3. Allow remote login for root in SSH daemon by editing /etc/ssh/sshd_config file.
Before:
PermitRootLogin no

After:
PermitRootLogin yes

4. Restart SSH daemon by issuing the following command:
# svcadm restart /network/ssh

5. Set password for root:
# passwd root

6. Generate SSH keys:
# ssh-keygen -t rsa

Phew! Now you can put your public SSH keys elsewhere and enjoy Snorcle Fustercluck Oracle Cluster installation (as an example). :-)

Thursday, August 02, 2012

How to shut Solaris down NOW?


Instead of
$ pfexec shutdown -y -i5 -g0

...do:

$ pfexec poweroff

Monday, July 23, 2012

Fixing /usr/bin/fscked Oracle Slowlaris 11


You probably know already that for Oracle "Primary Administrator" is "too powerful", so they decided to remove it at all. If you use "System Administrator", you will not have the same privileges. And yeah, entering password all the time you're working on some box is just... lame.

Here is just put that stuff back as before:

echo 'Primary Administrator:suser:cmd:::*:uid=0;gid=0' >> /etc/security/exec_attr
echo 'Primary Administrator:::All administrative tasks:auths=solaris.*;solaris.grant;help=RtPriAdmin.html' >> /etc/security/prof_attr

Also kill that $%^# ancient sendmail so it will stop vomiting on your primary console usual garbage.

Also enable verbose booting by modifying /rpool/boot/grub/menu.lst kernel line something like (x86 systems):

kernel$ /platform/i86pc/kernel/amd64/unix -B $ZFS-BOOTFS -v -m verbose

Also setup your repositories from two full ISO files:

$ cat sol-11-1111-repo-full.iso-a sol-11-1111-repo-full.iso-b > sol-11-1111-repo-full.iso
$ pfexec zfs create rpool/export/fullrepo
$ pfexec lofiadm -a sol-11-1111-repo-full.iso
$ mkdir /tmp/fullrepo
$ pfexec mount -F hsfs /dev/lofi/1 /tmp/fullrepo
$ pfexec rsync -aP --progress /tmp/fullrepo/ /export/fullrepo/
$ pfexec umount /tmp/fullrepo
$ pfexec lofiadm -d /dev/lofi/1
$ pfexec pkg set-publisher -G '*' -M '*' -g file:///export/fullrepo/repo solaris
$ pfexec pkg refresh --full

Also, if you do need X11 and all that Gnome-2 stuff, install slim install:

pfexec pkg install slim_install

From now on you can start using Oracle Solaris properly (hating everyone there for B&W text Emacs, bad VIM and other minor things). Once you have it enough, go get something better: Illumos-based OpenIndiana :-)



Tuesday, April 03, 2012

Main problem in UI of all Google products

The main problem in the user interface of all Google products are the icons. No single icon is properly understood until one points with a mouse on it and waits for the pop-up hint to know what the heck this little thingy means.

Tuesday, March 20, 2012

Better checksum in Java

You were also pissed off by the need of writing shitcode like you can find on RoseIndia examples while striving to get a way to represent digest bytes as a hexadecimal string, right? Here is a better way:
MessageDigest digest = MessageDigest.getInstance("SHA1"); // Or MD5...
digest.update("hello world");
String hexdigest = new BigInteger(1, digesst.digest()).toString(16);
And that's it.

Wednesday, March 07, 2012

Want to reset Linux machine remotely?

Sometimes it is a good idea to completely reset the machine without shutting it down gracefully. Especially, doing it remotely via SSH, for example.

Here is how:

$ sudo -s
# echo 1 > /proc/sys/kernel/panic
# echo c > /proc/sysrq-trigger

The file "panic" by default has value "0". If you want machine actually reboot, this needs to be changed, otherwise machine will simply "hang" until hardware reset or power cycle.

The file "sysrq-trigger" has a lot of commands, where "c" is what we need at this time. Here is full list of the commands one could use in a future:
  • 'r' - Turns off keyboard raw mode and sets it to XLATE.
  • 'k' - Secure Access Key. Kills all programs on the current virtual console.
  • 'b' - Immediately reboot the system without syncing or unmounting disks.
  • 'c' - Intentionally crash the system without syncing or unmounting disks. This is most useful if the NETDUMP client package has been installed.
  • 'o' - Shut the system off (if configured and supported).
  • 's' - Attempt to sync all mounted filesystems.
  • 'u' - Attempt to remount all mounted filesystems read-only.
  • 'p' - Dump the current registers and flags to current console.
  • 't' - Dump a list of current tasks and their information to current console.
  • 'm' - Dump current memory info to current console.
  • '0'-'9' - Sets the console log level, controlling which kernel messages will be printed to current console. For example, '0' would make it so that only emergency messages like PANICs or OOPSes would make it to current console.
  • 'e' - Send a SIGTERM to all processes, except for init.
  • 'i' - Send a SIGKILL to all processes, except for init.
  • 'l' - Send a SIGKILL to all processes, INCLUDING init. This turns the system completely hosed.
Hope it helps.