 Questions
and Answers
Amy Rich
Q I've just installed Solaris
9 on one of our test bed machines to experiment with it. I really
like a number of the new features, including the integrated tcp_wrappers
functionality for /etc/inetd.conf. I think I've misconfigured
something, though, because instead of logging the service, it always
logs the blocked process as inetd:
Aug 15 11:09:29 my.host.domain inetd[11156]: refused connect from localhost
The above example should be logged as telnetd, not inetd.
What am I doing wrong? Did I miss some flag to inetd?
A This is a known bug with Solaris
9's implementation of tcp_wrappers. It's been logged under
bugid 4711482. I hope there will be a patch out soon that will change
the log messages to show the actual calling program.
Q I've just upgraded to Solaris
9 and installed OSA Raid Manager 6.22,REV=01.14. We've migrated
an A1000 array from an old machine and are now getting errors in
the log file on the new machine:
Aug 27 12:05:32 colossus /usr/lib/osa/bin/nvutil: [ID 187284 user.error]
The controller firmware version for controller c2t5d0
(module: colossus_001) is 2.05.02. The recommended firmware version
for this application is 3.00.00 or higher.
What patches do I need to fix this? I installed all of the recommended
ones and security ones already, but that doesn't seem to help.
A You need to upgrade the firmware
on the A1000, not install OS patches to fix this problem (though
you may also need OS patches for the version of OSA Raid Manager
that you're using; see the release notes). See page 121 (Appendix
A) of http://docs.sun.com/doc/805-7756-10 for information
on upgrading your controller firmware. Because you're back
at 2.05.02, you first need to upgrade to 2.5.6.32 and then to the
latest revision for the firmware. See also http://docs.sun.com/doc/806-0478-10,
pages 143-152 for information on how to download and upgrade the
firmware.
Q I tried installing Solaris 9 from
my Plextor PlexWriter 12/20/32 CDRW, which is installed in one of
our Ultra 60s. Solaris 9 installed fine, but when the machine rebooted
at the end of the installation, I received a large number of error
messages that scrolled by in the logs at many more than one per
second:
Oct 23 11:25:21 fruba genunix: [ID 349501 kern.warning] WARNING: Device sd6 failed to power up.
Oct 23 11:25:21 fruba genunix: [ID 349501 kern.warning] WARNING: Device sd6 failed to power up.
This is a brand new CDRW drive, and it worked fine under Solaris 8
and continues to work fine under Solaris 8 and FreeBSD, so I don't
think this is a hardware problem. Have you seen this error before?
Is it a hardware incompatibility that's cropped up in Solaris
9?
A This is actually a known issue
with this model CDRW drive, yes. As far as I know, there is no patch
out for this, though the bug has been reported to Sun. As a temporary
workaround, you can leave a readable CDROM in the drive to prevent
these errors from appearing at boot time. If you do not want to
leave a CDROM in the drive all of the time, you can remove the vold
init scripts or remove the CDROM lines from /etc/vold.conf.
Q We have a number of 220R servers
that must have near 24x7 uptime. We also want to upgrade all of
these servers from Solaris 2.6 to Solaris 8. What's your suggestion
for the absolute minimal downtime for doing the upgrade on these
systems?
A If your machines are supposed
to be up as close to 24x7 as possible, you likely have the boot
drives mirrored with DiskSuite. The option that will cause you the
least amount of downtime is to use Live Upgrade combined with Web
Start Flash, especially if you have a large number of similarly
installed machines or one test machine where you can create installations
to turn into flash archives.
Presumably you've designed your systems so that all of the
user data and third party software are on a separate partition from
those needed by the OS. I tend to lay out filesystems with / /usr
and /var for the OS, and one large filesystem for /usr/local, /home,
etc. This segregation makes it easy to upgrade the OS without touching
the non-Solaris parts of the machine.
See the Live Upgrade 2.0 Guide:
http://docs.sun.com/db/doc/806-7933
for more information on using Live Upgrade. Also, see the Web Start
Flash Installation Feature Topics:
http://docs.sun.com/db?p=/doc/806-7932/6jgp82jq9&a=view
for information on how to create and install flash archives.
Q I have a problem with a Netra
X1 that has Solaris 8 and DiskSuite 4.2.1 installed. When I try
to set up a two-way mirror using DiskSuite, I get an error when
trying to create the state databases on the second drive:
metadb -a -c 4 c0t2d0s7
metadb: sekrit: c0t2d0s7: overlaps with device in metadevice state database
I checked both of the disks with format to make sure there were no
errors on slice 7 of either disk, and everything looked ok. I also
tried repartitioning and re-labeling the disks. I even tried removing
and recreating the disk devices with devfsadm. Still no luck. I'm
not sure what I'm doing wrong, any clues?
A This sounds like a known issue
with IDE disks lacking unique device IDs. The early X1s shipped
with 20-GB Seagate drives with the part numbers 600-7097-02 and
F600-7097-02 are susceptible to this problem. Sun Alert 27211 addresses
this problem:
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F27211&zone_32=600-7097-02
Also relevant are Sun Bug IDs: 4513394, 4458965 and 4417686, and 4411343.
You need a Sunsolve account to access these bug IDs.
http://sunsolve.sun.com/private-cgi/retrieve.pl?doc=bug%2Fkernel%2Fdriver%2F4513394
http://sunsolve.sun.com/private-cgi/retrieve.pl?doc=bug%2Fkernel%2Fdriver%2F4458965
http://sunsolve.sun.com/private-cgi/retrieve.pl?doc=bug%2Fkernel%2Fdriver%2F4417686
http://sunsolve.sun.com/private-cgi/retrieve.pl?doc=bug%2Fkernel%2Fdriver%2F4411343
According to Sun, this issue has been fixed in Solaris 8 Update 6
or later. If you still have issues getting DiskSuite to work, Sun
has an unsupported but documented workaround: FIN I0680-1. This workaround
is not available from the public site, and you'll need to contact
your Sun service representative for the FIN. Sun will give you a tool
called rwdevid that will create unique device IDs for each
disk:
rwdevid -d /dev/rdsk/c0t2d0s2 -w
Q Our company has a large number of
jumpstart servers located throughout the world. Every time a new release
comes out, we need to either ship CDROMs to each site or have them
download and burn their own copies. Then someone has to physically
go to the machine and insert the CDROM into the jumpstart server so
that the new image can be installed. This process is slow and tedious.
There must be a better way to get the new image on all of our jumpstart
servers.
A You can install from a downloaded
ISO image instead of burning your own CDROMs and use lofiadm
(with version of Solaris greater than 7) to mount the file as a
filesystem. You can then do the installation from the filesystem
image.
To begin, make the machine think that the file is actually a device:
/usr/sbin/lofiadm -a /path/to/sol-8-u7-sparc-v1.iso
which creates /dev/lofi/1 and its associated entry in /devices, /devices/pseudo/lofi@0:1.
To mount the ISO image on /cdrom:
/sbin/mount -F hsfs -o ro /dev/lofi/1 /cdrom
Then you can cd to /cdrom/Solaris_8/Tools/ and run:
./setup_install_server /path/to/your/jumpstart/cdrom_image
When the installation of the first disk is complete, delete the loopback
mount for the first ISO image:
cd /
/sbin/umount /cdrom
/usr/sbin/lofiadm -d /path/to/sol-8-u7-sparc-v1.iso
Create a loopback interface for the second ISO image, and mount it:
/usr/sbin/lofiadm -a /path/to/sol-8-u7-sparc-2.iso
/sbin/mount -F hsfs -o ro /dev/lofi/1 /cdrom
Then, finish up the installation of the second ISO image:
cd /cdrom/Solaris_8/Tools/
./add_to_install_server /path/to/your/jumpstart/cdrom_image
Finally, after the second image has finished, unmount the image and
delete the block device:
cd /
/sbin/umount /cdrom
/usr/sbin/lofiadm -d /path/to/sol-8-u7-sparc-v2.iso
Q I heard that the StorEdge A3000 will
not be supported under Solaris 9. Is this true? I just bought a number
of A3000 arrays, and I'll be mighty upset if I have no upgrade
path.
A The Solaris 9 release notes on
docs.sun.com did in fact say that the A3000, A3500, and A3500FC
storage arrays were no longer supported under Solaris 9. The good
news for you is that this announcement was an error and the A3x00
arrays are still supported.
Q I have an issue with Solaris 8
and an Ultra 220R. I've been trying to add a user with the
following command:
/usr/sbin/useradd -c "Test User" -d /home/test -g test -G root -k -u 600 -s /bin/sh test
I get this error:
UX: /usr/sbin/useradd: ERROR: Cannot update system files - login cannot be created.
The syntax is right, and the useradd works fine if I remove
the -G flag. According to the man page, the -G should
add the user to a secondary group in /etc/group, but I can't
seem to get it to work. I also tried to use usermod to modify
the test account after creation and that also fails:
/usr/sbin/usermod -G root test
UX: /usr/sbin/usermod: ERROR: Cannot update system files - login cannot be modified.
I can never get useradd or usermod to work when I use
the -G flag. Is the -G flag just broken?
A First, double check that /etc/.pwd.lock
is not in use by any other program. If you can create the user without
the -G flag, though, this is likely not your problem. My
guess is that you're having an issue with your TMPDIR
setting. If you truss the useradd or usermod
process, you may see a line that says something to the effect of:
rename("/your/tmp/dir/gtmp.<something>", "/etc/group") Err#18 EXDEV)
If you do see this error near the end of the truss output,
then it means that your TMPDIR is not on the same physical
partition as /etc/group. EXDEV is an error that indicates that you're
trying to do an illegal cross device link. To work around this issue,
you can have your script set the TMPDIR to the same partition.
Q I am trying to install patch 112438-01
for the /dev/random and /dev/urandom drivers on a Solaris 8 10/01
release machine. I did the following:
pkgadd -d 112438-01
and rebooted the machine. The application that's trying to use
/dev/urandom, OpenSSH, dies with the error:
PRNG not seeded
I took a look in /dev, and there's no random or urandom there
at all. Is there something else needed to get this patch to work?
A You said you used pkgadd,
and not patchadd. If this is true, you'll need to add
the patch with patchadd, then remove it, then add it again
to clean up any problems:
/usr/sbin/patchadd 112438-01
/usr/sbin/patchrm 112438-01
/usr/sbin/patchadd 112438-01
After the patch is properly installed, you need to reconfigure the
devices. You can either shut down the machine and do a reconfiguration
boot (boot -r), or you can use /usr/sbin/devfsadm.
You may also have a copy of OpenSSH that was built to use prngd
instead of /dev/urandom. You can use truss to verify what
random source your binary is trying to open. You should see the
line:
open("/dev/urandom", O_RDONLY) = 3
If you have a copy that's trying to use something other than
/dev/urandom, pick up the correct package from http://www.sunfreeware.com/
or configure and build your own from source.
Q We're installing a testbed
Oracle 9i server for evaluation. I know that Solaris and Oracle
both have a number of tunable parameters that will improve performance
of our databases. Is there a decent primer on tuning for Solaris/Oracle
to get me started?
A You don't mention what version
of Solaris you're running, but Sun Blueprints has a number
of Oracle performance articles.
Sun's Oracle best practices:
http://www.sun.com/blueprints/0101/SunOracle.pdf
Tuning Oracle itself:
http://www.sun.com/blueprints/0702/816-7468-10.pdf
Clustered databases:
http://www.sun.com/blueprints/0302/suntone.pdf
A script to do fast parallel exports from Oracle databases:
http://www.sun.com/blueprints/0300/oraclescript.pdf
A search for Oracle on http://www.bigadmin.com/ will turn up
a number of results that may contain information of interest if you're
evaluating Oracle and trying to get the most out of it. If you're
looking for hardcopy, I've seen a number of DBAs suggest Oracle
Press Book's Oracle9i UNIX Administration Handbook (ISBN
0072223049).
Amy Rich, president of the Boston-based Oceanwave Consulting,
Inc. (http://www.oceanwave.com), has been a UNIX systems
administrator for more than five years. She received a BSCS at Worcester
Polytechnic Institute, and can be reached at: qna@oceanwave.com.
| 
