mikas blog

If you are new to Solaris one of the first things you might have to adjust is the network setup. If you are coming from the Linux-way-of-live the involved steps might be a bit uncommon for you. My description is refering to default Solaris EXCE (build 87) and OpenSolaris 2008.05 (build 86_rc3) systems. I’m describing the steps for a setup that persists across reboots, for on-the-fly temporary changes check out ifconfig(1M).

Since nevada build 62 Solaris provides a service named NWAM – the “Network Auto-Magic”. NWAM is running by default and tries to simplify network setup. To see whether it’s running just invoke ‘svcs svc:/network/physical’. If you want to go from auto-magic mode (being useful for example in a DHCP setup) to manual mode (if you need statically assigned addresses for example, that’s what we are talking about here) you have to disable the NWAM service. Disabling NWAM is BTW also necessary if you want to configure network via GNOME’s graphical network administration tool ‘network-admin’. To disable NWAM just execute:

% svcadm disable svc:/network/physical:nwam

See nwamd(1M) for more details about the nwam service. Now let’s continue with the relevant steps if you want to statically assign a persistent IP address.

This first important difference compared to Linux systems is the name of the network interface card (NIC). Whereas it’s something like eth0 and wlan0 by default on Linux, Solaris uses NIC names corresponding with the according driver (BSD users might know that already). So if you are using a PC-Net based card the device will be named pcn$ID, whereas your RealTek 8139 card will become rtls$ID.

Check which device(s) we have:
# ifconfig -a | grep index | awk -F: '!/^lo0/ { print $1}'
pcn0

Check the hostname (or just execute 'hostname'):
# cat /etc/nodename
solaris

We define the NIC and the hostname as environment
variables for further configuration steps:
# INTERFACE='pcn0'
# HOSTNAME='solaris'

Configure DNS:
# cp -p /etc/nsswitch.dns /etc/nsswitch.conf
# cat >> /etc/resolv.conf << EOF
domain lan
nameserver $IP_OF_A_NAMESERVER
nameserver $IP_OF_ANOTHER_NAMESERVER
EOF

Configure hostnames and IP address (notice: /etc/inet/ipnodes and
/etc/hosts are symlinks to /etc/inet/hosts):
# perl -p -i -e 's/127\.0\.0\.1.*/127.0.0.1       localhost loghost/' /etc/inet/hosts
# cat >> /etc/inet/hosts << EOF
192.168.10.2 $HOSTNAME
EOF

# cat > /etc/defaultrouter << EOF
192.168.10.1
EOF

# cat > /etc/hostname.$INTERFACE << EOF
$HOSTNAME
EOF

# cat >> /etc/netmasks << EOF
192.168.10.0            255.255.255.0
EOF

Restart network and name services (just to make sure you don't use any old
caches) to apply changes on-the-fly (otherwise reboot):
# svcadm restart svc:/system/name-service-cache
# svcadm enable  svc:/network/physical:default
# svcadm restart svc:/network/physical:default

Well, that’s it. Problems?

Check link status:
# dladm show-dev
# dladm show-link

Check what hardware devices are present using scanpci:
# /usr/X11/bin/scanpci
[...[]
pci bus 0x0000 cardnum 0x08 function 0x00: vendor 0x1022 device 0x2000
 Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]

and/or use prtconf(1M) (print system configuration), search for
"Ethernet" or "Network" inside the output:
# prtconf -v | less

Check the driver bindings that already exist on your
system for the network interface (format: 'driver "vendor-id,device-id"'):
# grep pcn /etc/driver_aliases
pcn "pci1022,2000"
pcn "pci103c,104c"

/etc/path_to_inst provides the mappings of
physical device names to instance numbers:
# grep pcn /etc/path_to_inst
"/pci@0,0/pci1022,2000@11" 0 "pcn"

Check name service resolution:
# getent hosts solaris
192.168.10.2   solaris

Use the update_drv(1M) command to update the driver configuration, the devfsadm(1M) command to rebuild the /dev device tree and to load the driver use the modload(1M) command.

For further details check out the official documentation: “System Administration Guide: IP Services” (PDF version).

Update on 2008-05-05: the stable release of OpenSolaris (2008.05) ships the pcn driver, updated the according section in this blog entry.

% cat /etc/release
Solaris Express Community Edition snv_87 X86
Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 07 April 2008

Well, I wanted to take a look at the Release Candidate of Opensolaris 2008.05 but decided to start with Solaris Express Community Edition (SXCE) – Build 87 instead. You know: OpenSolaris -> SXCE -> SXDE -> Solaris 10 (german readers should take a look at Joerg Moellenkamps ‘Welches Solaris‘).

I’ve installed Solaris inside Virtualbox (version 1.5.6_OSE) on a grml64 system (providing 1GB RAM to the virtual machine). First impression: just a few questions in the installer. Though the first error message pops up just after a few seconds:

In the meanwhile download of OpenSolaris Developer Preview 2 finished and I booted it, again using Virtualbox:

Problem: the AMD PCnet network driver is not part of the relase. Switching to “Intel PRO/1000 MT Desktop (82540EM)” doesn’t help either because Debian’s OpenSource-Version of Virtualbox does not ship support for e1000 (see /usr/share/doc/virtualbox-ose/README.Debian and #479093).

Update: OpenSolaris 2008.05 (snv_86_rc3_X86) ships the pcn driver for the AMD PCnet32 network device. Works inVMware out-of-the-box:

No other problems so far (though I don’t like the fact to be prompted for keyboard layout during bootup), but I can verify the fact that OpenSolaris does not ship a c/c++ compiler, whereas SXCE provides the gcc 3.4.3 and Sun C 5.9 compilers. Dear sun, how about shipping a compiler instead of Mahjongg and >10 other GNOME games? 8-)

Useful resources:

• OpenSolaris – New User FAQ
• Solaris 10 – Grundkonfiguration (german)

Additionally to grml-router (set up your box as NAT-router), grml-bridge (set up your box as bridge) and grml-ap (set up your box as access point) thanks to Gebi the current grml versions provide a simple script named grml-vnet. grml-vnet is a script to create persistent tun/tap devices with integrated bridge handling.

It’s a nice feature to get a bridge setup for use with for example VirtualBox in just a few seconds. Compared to the network setup described in /usr/share/doc/virtualbox-ose/README.Debian of current VirtualBox versions it’s a more generic way to get that feature.

A comfortable way to use grml-vnet is defining it in /etc/network/interfaces (please adjust ‘mika’ with your username ;-)):

auto vnet
iface vnet inet static
post-up /usr/sbin/grml-vnet -u mika -b vnet tap{0..3}
pre-down /usr/sbin/grml-vnet -u mika -b vnet -d tap{0..3}
bridge_ports none
address 192.168.10.1
netmask 255.255.255.0

Then bring up the device and enable IP forwarding:

# ifup vnet
# echo “1” > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -o $OUTGOING_NETWORK_DEVICE -j MASQUERADE

That’s it. Now you can configure your virtual machine to use a tap-device (make sure your user is in the vboxusers group (check /etc/group) to be able to access the corresponding devices):

Statically assign an IP address like 192.168.10.2, using netmask 255.255.255.0 and gateway 192.168.10.1 inside the virtual machine to bring your system to the net. You’re really lazy? Then use a DHCP server to also automate assignment of IP addresses. Just adjust your dhcpd.conf:

subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.50 192.168.10.200;
option routers 192.168.10.1;
option domain-name-servers $IP_OF_A_NAMESERVER, IP_OF_ANOTHER_NAMESERVER;
}

Nearling

Linux has always been able to show how much I/O was going on
(the bi and bo columns of the vmstat 1 command).

iotop is a Python program with a top like UI used to show of behalf
of which process is the I/O going on. It requires Python ≥ 2.5 and
a Linux kernel >= 2.6.20.

— http://guichaz.free.fr/misc/#iotop

The iotop package is available in Debian/sid now.

Quoting the package description of Debian’s gitosis:

gitosis aims to make hosting git repos easier and safer.
It manages multiple repositories under one user account,
using SSH keys to identify users. End users do not need
shell accounts on the server, they will talk to one shared
account that will not let them run arbitrary commands.

I’m pretty happy with mercurial at grml (see our instructions if you are interested in our setup details) because we follow a linear development model (and I try to keep it that way regarding the workflow). Though I was thinking about forking an existing project for grml without losing the possibility to sync with original upstream. The project in question uses git and as I really love the way branching works in git I wanted to give it a try using my own infrastructure. An easy way of doing so is using gitosis. Gebi already blogged about that but I wrote down the setup instructions if you want to use it on Debian/etch:

First of all make sure to have a recent git-core package from backports.org:

# cat /etc/apt/sources.list
[...]
deb http://www.backports.org/debian etch-backports main contrib non-free

# cat /etc/apt/preferences
[...]
Package: git-core
Pin: release a=etch-backports
Pin-Priority: 999

# apt-get update; apt-get install git-core

Install my Debian package of gitosis being based on Debian unstable’s version 0.2+20080319-3 and adjusted for use on Debian/etch (or build your own package using python2.4 in debian/rules and adjusting build-dependency for python-setuptools or install from source):

# wget http://grml.org/git/gitosis_0.2+20080319-3_all.deb
# dpkg -i gitosis_0.2+20080319-3_all.deb

Initialise setup with your own ssh key:

# sudo -H -u gitosis gitosis-init < /path/to/your/sshkey/id_rsa.pub

And finally clone the gitosis-admin repository for administration (see resources at the end of this article for further information):

% git clone gitosis@${SERVER}:gitosis-admin.git

Now adding new repositories is as easy as putting something like the following snippet to gitosis.conf of the gitosis-admin repository (don’t forget ‘git commit -a ; git push’ :-)):

[group demo]
members = mika@foo
writable = demo

mkdir demo ; cd demo
git init
$DO_SOME_STUFF
git add .
git remote add origin gitosis@$SERVER:demo
git push --all

That’s it!

I’m not yet sure what might be the best way to provide git as an official service for grml. This needs further investigation… (gitweb stuff, permission handling, integration with mercurial,…), though gitosis seems to be a nice start.

Useful resources:

• git repository of gitosis
• /usr/share/doc/gitosis/README.rst.gz
• Hosting Git repositories, The Easy (and Secure) Way
• From subversion to git (part3 – gitosis)

At linuxdays Graz I held my talk about "Systemadministration++". I was telling my audience mainly stuff I collected for adminzen.org. It was the first time I could use the lessig method for presentation. First time, and could? Yes, because when using the lessig method to be able to use a presenter screen a dual head setup is recommended. As so many people asked me about the presentation software and the setup I used I’ll keep my promise and write some sentences about that…..

As you might know from my previous blog entry about OpenOffice’s Impress using a presenter screen on Linux isn’t that easy. Cool, we have something to make the next year the one of “Linux on the desktop” once again, right?

Alright. OO isn’t yet ready for what I need. KOffice? Doesn’t even have an idea of what dual head might be. Failed. Currently pdf-latex is my favourite way of writing slides – being able to write my slides remotely, put plain text files under version control, all the stuff you know… So I thought about a way to use my cute RandR setup where I’ve to do nothing more than execute just two commands to get the dualhead stuff on-the-fly:

% xrandr --output VGA --mode 1024x768
% xrandr --output VGA --left-of LVDS

Dual head running, what I’d need is either a PDF file splitted into two halfs and being used over both screens or two PDFs getting synchronised in two different PDF viewer instances. The first option isn’t possible due to several reasons [snip rant on pdf viewers]. But xpdf provides a -remote option, being exactly what I need. Instead of using two separate xpdf instances I can use keyjnote with the following infoscript (thanks Martin Fiedler) for the main presentation on the external screen (visible for my audience):

% cat serveradministration.pdf.info
[...]
import os

def page_enter():
    os.spawnvp(os.P_NOWAIT, "xpdf", \
    ["xpdf", "-remote", "notes", "-exec", "gotoPage(%d)" % Pcurrent])

for page in xrange(1, PageCount+1):
    SetPageProp(page, 'OnEnter', page_enter)

On the internal screen I see my notes.pdf which is being synchronised with the external screen thanks to xpdf and keyjnote scripting automatically. A simple Python-Cairo script does the job for displaying the local time on the internal screen. That’s what it looks like (older screenshot with blabla notes, but you should get the idea) – on the left side the external screen and on the right side (only the bottom of it is getting used and visible) is my laptop’s screen:

The lessig-style and automatic generation of the according slides.pdf and notes.pdf are handled through a simple and stupid framework I wrote for myself. I’m planning to improve that framework together with my colleagues from LaTeX@TUG and provide it to the public. Dig through the Keytex-page in the grml-wiki to get a first idea what I’m talking about.

The slides of my sysadmin talk (PDF, 7MB) are available now. Disclaimer: without attending to my talk the slides won’t be that useful.

Update: thanks for mentioning ethtool, Robert Fischer

A common sysadmin task is to locate a specific device and identify which driver is responsible for it. Usage examples to identify a WLAN device on Linux:

Not so well known yet – pciutils >=2.2.9. provides switch ‘-k’ for lspci:

% lspci -k
[...]
03:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)
        Kernel driver in use: ipw3945
        Kernel modules: ipw3945
[...]

Using hwinfo:

% hwinfo --netcard
  Model: "Intel PRO/Wireless 3945ABG Network Connection"
[...]
  Driver: "ipw3945"
  Driver Modules: "ipw3945"
  Device File: ipw
  Features: WLAN

Via ethtool:

% ethtool -i ipw
driver: ipw3945
version: 1.2.1dmpr
firmware-version: 14.2 1:0 ()
bus-info: 0000:03:00.0

Or using the manual approach via sysfs (being /sys/class/net/$DEVICE_NAME/device/driver/module) – recommended for scripting:

% basename $(readlink /sys/class/net/ipw/device/driver)
ipw3945

Wer die LKML nicht mitliest, aber am Workflow von Open-Source-Entwicklung interessiert ist, sollte unbedingt in den Thread "Slow DOWN, please!!!" hineinlesen. Ausgelöst von David ‘Mr. SPARC and Network’ S. Miller, geht es um die Frage, wie man die enorm vielen Patches und damit einhergehende Bugs/Regressionen im Merge-Window besser in den Begriff bekommen könnte.

Natürlich ist das teilweise sehr spezifisch für das Entwicklungsmodell “wohlwollender Diktator” (engl: benevolent dictator) beim Linux-Kernel, aber gerade wenn man den Kontext zur Entwicklung rund um OpenSolaris herstellen kann, verstecken sich einige sehr interessante Aussagen in der Diskussion.

Als Anregung ein kleines Best-Of:

Linus:

I don’t think quality and speed of development are related. In fact,
I think quality and speed often go hand-in-hand: the same way
some of the best programmers are also the most productive,
I think some of the most productive flows are likely to generate
the best code!

Al ‘code-auditor’ Viro:

On Wed, Apr 30, 2008 at 06:40:39PM -0700, Linus Torvalds wrote:

> Now, we do know that open-source code tends to be higher
> quality (along a number of metrics) than closed source code,
> and my argument is that it’s not because of bike-shedding
> (aka code review), but simply because the code is out there
> and available and visible.

Really? And how, pray tell, being out there will magically improve the
code? “With enough eyes all bugs are shallow” stuff out of ESR’s arse?

Andrew Morton:

On Wed, 30 Apr 2008 15:31:22 -0700 (PDT) Linus Torvalds wrote:

> Any suggestions on how to convince people that their code
> is not worth merging?

Raise the quality. Then the volume will automatically decrease.

Ich bin ja gespannt, ob und wie es das Thema bis in die Mainstream-IT-Medien (heise & CO) schafft…

Click for the large version:

[shot by Sven Guckes]

Musik von Ed Partyka unter Windows anhören:

21:59 < formorer> mika: pong :)
22:01 < mika> formorer: ping
22:02 < ft> ricmp? :)

My personal wishlist for the successor of Lenovo’s X300 ThinkPad:

• less noisy fan / better fan regulation
• docking station support
• stronger CPU
• firewire connector
• SD card reader
• ExpressCard/PC card slot

What I really like at the current X300:

• the overall size
• the 13.3-inch display running at 1440×900
• the builtin SSD (from Samsung)
• the keyboard (just rocking)
• the integrated camera
• the surface (yeah, it’s really awesome)
• sound quality of external boxes (being much better than on the Thinkpad X61)

Want to see the X300 in action? Visit the grml booth at Grazer Linuxdays on 19th of april 2008.

adminzen.org

Ein bisschen etwas in eigener Sache, was schon länger in den Drafts liegt: Nach über 5 Jahren als Sysadmin am Institut für Unternehmungsführung und -organisation an der TU Graz ist es Zeit für einen Tapetenwechsel. Am 14. Jänner habe ich meinem Chef meine Entscheidung mitgeteilt und mit Ende Juni 2008 läuft mein aktueller Arbeitsvertrag aus.

Ich bleibe noch mindestens ein Jahr in Graz. Im Sommer geht es – gemeinsam mit meiner Freundin – auf Wohnungssuche. Wer da was Nettes in Graz kennt: bitte melden!

Jobmäßig möchte ich weiterhin im Bereich Systemadministration und -integration tätig bleiben. Selbstständig? Angestellt? Das weiss ich noch gar nicht so recht. Wer glaubt, etwas passendes für mich zu kennen/haben: meine Mailbox steht offen.

In den nächsten Tagen und Wochen bin ich noch an “Release! Was Open-Source-Projekte erfolgreich macht” (ISBN:978-3937514604) dran und auf dem Weg zum offiziellen Debian-Developer. Am 19. April gehen wie schon erwähnt die Grazer LinuxTage (bei denen ich wie immer im Organisationsteam tätig bin) über die Bühne und am 30. Mai bin ich noch beim Linuxtag in Klagenfurt mit 2 Vorträgen anzutreffen.

Kleiner Reminder:

Am Samstag, dem 19. April findet der Grazer LinuxTag 2008 an der FH Joanneum statt!

Vortragende aus dem In- und Ausland werden in einem breit gefächertem Programm in insgesamt 28 Vorträgen versuchen, die Neugierde und den Wissensdurst der Besucher zu befriedigen.

Es besteht die Möglichkeit zur Absolvierung von LPI-Prüfungen zu besonders günstigen Konditionen. Ein Buchstand sowie 14 Infostände zu diversen Projekten (u.a. Debian, Funkfeuer Graz, Gentoo, Kubuntu, OpenOffice) sind vor Ort vertreten.

Dank der großzügigen Unterstützung der Sponsoren ist auch dieses Jahr die Teilnahme kostenlos!

Weitere Details unter linuxtage.at

Nice failure of a presentation setup (name of manufacturer blackend):

Another nice fsckup – seen at the webcam setup of an assembly line:

Three more nice failures at the same locations – though I can’t provide any pictures (first one containing too much sensible data, second one very bad picture quality and no picture captured at the third location), sorry. ;-)

Martin, sorry for calling you Madduck on the debian.ch-mailinglist. Luckily I didn’t use that name during our meeting in Zurich last week. *pfuh* ;)

To take part in the pdo-game with my own name (being Michael Prokop ;-)): as many of you might know I’m known as Mika in the community. The name was invented for me around 1999 (IIRC) by a greek flat collegue who liked to call me “Mika” – refering to Mika Häkkinen (for whatever reason). From that on several people started to call me that way. I’m signing mails “to the community” with that nick since many years as well as using it in usenet and on freenode (IRC); on OFTC (another IRC network) I’ve to use mikap instead because mika was registered by another user already. Outside “the community” I’m usually known as Michael, good friends also use Michi and the family of my girlfriend uses Michl when the sister of my girlfriend (named Michaela and known as Michi as well) is present. Oh, and during grammar school I was AKA Proke.</secret> 8-)

So calling me Mika is perfectly fine because it’s a kind of uniqueness for me. There might be just too many Michaels around and at least in Austria my nickname is everything but common. Quoting the marketing department: Great trademark! ;) Oh and my speech parser knows to handle Michael, Michi and Michl as well – though it strongly depends on the situation, place, environment,…. Oh but using Proke is like talking to /dev/null – you’ve never heard of that name, ok?

Via Otti:

Einladung zur Anytun release // party im Realraum

Freitag, 14.03.2008
Beginn: 19:30 Uhr
Ort: Realraum Graz
Vorstellung von Anytun um 20 Uhr
Anschließend Party

Anytun ist die Implementierung des Secure Anycast Tunneling Protokolls. Es bietet ein OpenVPN ähnliches Interface und erlaubt den Betrieb von redundanten VPN Clustern mit Load-Balancing. Das Hinzufügen und Entfernen von Servern wird über das Routing realisiert, daher sind keine Änderungen an den Clients nötig. Mit Hilfe von BGP kann dabei im Internet geografisches Load-Balancing auf Basis der kürzesten BGP Route realisiert werden.

Anytun ist Teil des Projekts Anycast VOIP Proxy, das von der IPA / netidee.at gefördert wurde.