Joshua D. Boyd

A few months ago my co-located Solaris server was hit by a root kit that setup a IRC bot. It appeared that it got it by attacking one of the off the shelf web apps I use.

To prevent having to do a complete rebuild in the future if this happens again, I decided to put each major externally visible service in a Solaris Container (also known as a zone). So, I have a Mail zone, and a web zone, and then actually several more web zones that were proxied behind the first web zone. The global zone uses ipnat to port forward to the mail zone and web zone.

Then, when it turned out that the server was losing a hard-drive when I bought a new server, I was able to copy the zones to the new machine without having to re-install everything.

If I ever move away from Solaris/SPARC, I would probably do a similar setup with VirtualBox or VMWare, but Solaris is particularly nice in that patch management is unified across zones, and I believe the Copy-On-Write nature of ZFS makes for more efficient disk utilization. On the other hand, SATA drive in a modern PC mean that you probably don’t care about those features as much as you do when using a 73gig SCSI disk.

I guess this post will have a somewhat limited life span since Solaris Express is being retired in favor of OpenSolaris. However, some of the pages I always refereed to every time I needed to do this have disappeared, so I’m writing it up again anyway for future reference. Maybe I’ll update it again when I try out OpenSolaris finally.

This will require a Solaris 10 Solaris Express, or OpenSolaris system to be the jumpstart server, and then of course a client that you want to install Solaris Express on.

Step 1, download the Solaris Express DVD image from. Currently, a link to this image can be found here: http://hub.opensolaris.org/bin/view/Main/downloads

Step 2, loop back mount that image somewhere on the jumpstart server.

[jdboyd@u80 ~]$ sudo lofiadm -a sol-nv-b127-sparc-dvd.iso /dev/lofi/1
Password:
[jdboyd@u80 ~]$ sudo mount -F hsfs -o ro /dev/lofi/1 /mnt
[jdboyd@u80 ~]$

Step 3, run the install server script.

[jdboyd@u80 ~]$ cd /mnt/Solaris_11/Tools/
[jdboyd@u80 Tools]$ ./setup_install_server /path/to/where/you_want_it

For /path/to/where/you_want_it, I use /export/jumpstart/Solaris_11.  At this point be prepared to wait awhile.  It doesn’t ask any questions while it works, so perhaps you can head onto the next step while still waiting.  When this completes, the install server is installed, so:

[jdboyd@u80 Tools]$ sudo umount /mnt
[jdboyd@u80 Tools]$ sudo lofiadm -d /dev/lofi/1

Step 4, gather the information you need from the machine to install.  You will need the MAC address, the IP address to use, the hostname to use, and the hardware type, which will probably be sun4u or sun4v.  The IP and hostname will already need to be in DNS.

Step 5, add the client to the install server.  This will use the information from step 4.

[jdboyd@u80 ~]$ cd /export/jumpstart/Solaris_11/Solaris_11/Tools/
[jdboyd@u80 Tools]$ sudo ./add_install_client -i $IP -e $MAC $HOSTNAME sun4u

Obviously, you need to substitute the $ items in the above command with the proper values.

Step 6, finally, you are ready to install on the client.  So, on the client, get to the open boot prompt, and do this:

ok boot net - install

At the point, your install proceeds normally. If you get a small stack of “Timeout waiting for ARP/RARP packet” messages right at the beginning, don’t worry. If it does it seemingly forever (say 15+ minutes), then maybe you do need to worry.

Some of this was taken from http://www.sunmanagers.org/pipermail/summaries/2005-March/006223.html

In a quest for better performance with postgres, I’ve been looking for connection pooling tools. There are a few quirks that I tend to require be met. First, it must run on Solaris. This isn’t so much a quirk, since the server runs Solaris and is SPARC hardware, and I’m not going to install a second server in colo just to accomodate software that doesn’t work on Solaris/SPARC. Additionally, I refuse to install GCC, so it must build with Sun Studio, which is much more GCC compatible that it used to be, but still isn’t GCC. Also, I want it to be reasonably simple to install and setup. I am willing to consider prebuilt packages from sunfreeware. If I get desperate enough, maybe even blastwave. Unfortunately, none of the top choices appear to be on sunfreeware.

The top choices appear to be:

• pgpool

This is the classic choice, building and install is easy, but setup is very arcane.

• pgbouncer

This looks like it should be simple to install and setup, but the configure script refuses to find my libevent install.

• SQLRelay

Works for many databases, unlike the others, including sqlite. However, it requires the rudiments library from the same author, and this library won’t build because the autoconf stuff doesn’t understand anything but GCC.

So, I haven’t broken down to checking out blastwave yet, but so far none of the normal choices are working out for PostgreSQL connection pooling.

Then, I made a small breakthrough when I found that PHP has pg_pconnect. pg_pconnect does some background bookeeping to keep connections open after you call pg_close, and return the same connection if the arguments are the same. Practically, this means that if you use a PHP system that keeps persistant php interpreters (say, mod_php in Apache, which is what I use for PHP), then you have effectively gotten connection pooling for PHP only.

This is a big help already, but I still need a solution that helps out with python.

Yes, I am working on a little web development on vacation.

I found I had forgotten an admin password on a WordPress site I run. After figuring out how to reset it, I thought I would stick it here so that I can find it myself again in the future.


UPDATE wp_users SET user_pass=MD5('secret_password_here') WHERE user_login = 'yourself';


I have log been a fan of PostgreSQL over MySQL, believe that PostgreSQL is more feature complete and generally as fast or faster, with obvious caveats about being used appropriately, of course, and not to mention no real comparative testing. Every body gets to have an untested opinion, right?

I did end up doing some performance testing though. What I learned is that both are reasonable fast at simple queries. Great. However opening a new connection to MySQL is much faster than opening a new connection to PostgreSQL. Once the connection is open, but seem equally fast for very simple tests.

Why this matters though is that simple web development in many languages with the most common tools don’t do connection pooling. If you want to just whip up an example PHP program using mod_php, then every page load will result in a new connection. The same goes for mod_python or mod_wsgi (as well as frameworks sitting on top of those plugins). Using each of these common tools with PostgreSQL results in a slow web site. This was driven home when I upgraded from a single 550mhz UltraSPARC II to a dual 1.1Ghz UltraSPARC3 III, and still certain web apps I’ve been tinkering with writing using PostgreSQL for the database are slow.

Certainly there are ways around this. Using a database connection pooling tool for starters, would certainly cure the problem. Also, choosing something that keeps your script running (or a least your database connections open) would also help. Or even writing your application as stand alone program that keeps the database connections open and talks to the web server via JSON-RPC or XML-RPC. But, to quickly whip something out MySQL may be simpler.

Of course, for some applications Sqlite could be a contender. Certainly it is very fast, and very simple to use. For a scalable web site though, it is probably out of the question. There is a reason that Django defaults to using Sqlite first though. And there are also, those less traditional database servers like CouchDB or memcachedb which seem to generally have very fast connection times.

This is a bit disappointing though. AOLServer used to offer connection pooling built into the web server. Of course, I certainly don’t want to use TCL as my development language, but still that would be nice to have.

Meanwhile, can anyone suggest a good Solaris and PostgreSQL connection pooling library?

On Ubuntu (and possibly other linux distributions) Miro refuses to work with a secondary sound card, it will only work with the primary one despite what the ALSA default is set to, unlike most programs which offer some way to override the default.

Potentially, the second sound card in question could be a PCI card or something else, but based on other people’s experience (like my own) it is usually a USB sound card that is causing trouble. See here (note, the suggested fix didn’t work for me, just like it didn’t the original poster there) and here (they mention fixing it in the trunk, but that doesn’t help me until a new release comes out).

Some people actively want both the onboard sound and the USB or PCI device working, but if you are willing to sacrifice on-board sound, I found a work around. In my case, the on-board sound is worthless. It has some terrible humming/buzzing in the background so I never ever want to use it again.

The solution is to find what the module is that supplies your on-board sound. In my case, the on-board sound is a VT8233, so when I looked at the output from lsmod, it was obvious that the module for this sound device was the snd_via82xx module.

Then, open the /etc/modprobe.d/blacklist file to edit it:
sudo pico /etc/modprobe.d/blacklist
and add the line:
blacklist snd_via82xx
Then reboot.

Now, the USB audio device will be the first audio device.

Actually, these are primarily Solaris 11 notes, but they will probably all apply to Solaris 10 when the next release comes out, which I understand to be scheduled for sometime later this month.

First, recently a lot of SCSI hard drives I’ve gotten have been a little mysterious about being used by the Solaris installer and have looked a little odd in format. It turns out that they’ve been EFI labeled drives. Since Solaris understands EFI labelling, it doesn’t just suggest you relabel the drive and be done with it. However, despite Solaris understanding EFI, it refuses to boot or install from EFI on SPARC hardware. The trick has been to get a prompt, then use “format -e”. Then when you choose the label command, it will ask you about a SMI or a EFI label. Choose the SMI option. If you are going to choose to do a ZFS root, then the partitioning doesn’t matter.

After fixing the disk, you are ready to install. The ZFS boot option is only offered on very new copies of Solaris (2008/05 maybe, Solaris Express build 98 or maybe slightly older definately). However, you only get the choice from the text installer. If you are installing over the serial console, then no problem, you get this by default. However, from a graphical console, you will need to use a boot parameter. Thus, you boot command will look something like this: “boot cdrom – text” or “boot net – text”. Using – nowin instead may be faster.

When you get to the ZFS option, just choose it and away you go. You can choose to name the pool something other than rpool, but there is no need to.

If you want a mirrored root, it is easy to add the second disk later. First, when you install to a ZFS root, it repartitions the root drive and uses a slice (parition) instead of the whole disk (even though the slice fills the entire disk). You will need to partition the second disk identically. Just look at the partition map if the first disk in format, then copy it over to the second disk. Then from a root prompt, type something like “zpool attach rpool c0t0d0s0 c0t1d0s0″, assuming that c0t0d0 and c0t1d0 are the two disks in question (which is a good guess on a lot of two disk Sun systems). The mirror is now made, but it may take awhile to sync up in the background, and the machine may run slowly until it is done. Check the progress with “zpool status”.

To be able to do a fallback boot to the second disk will require rebooting and going back out to the OpenBoot ok prompt. But before that, you will need to make the second disk bootable with this command: “installboot -F zfs /usr/platform/`uname -i`/lib/fs/zfs/bootblk /dev/rdsk/c0t1d0s0″
Finally, before you head to the OK prompt, you will want to find the openboot device paths for each disk. Do “ls -l /dev/dsk/c0t0d0s0 /dev/dsk/c0t1d0s0″. This will show you something like:

lrwxrwxrwx 1 root root 41 Oct 1 21:02 /dev/dsk/c0t0d0s0 -> ../../devices/pci@1f,4000/scsi@3/sd@0,0:a
lrwxrwxrwx 1 root root 41 Oct 1 22:57 /dev/dsk/c0t1d0s0 -> ../../devices/pci@1f,4000/scsi@3/sd@1,0:a

Write down the target of the symlinks, the part after the ../../devices, changing the sd’s to disk’s, and get rid of the :a’s.

Now reboot and Stop-A to an ok prompt. If your second disks isn’t where the second disk normally will be, you will need to create a devalias for it. Assuming that you used the c0t0d0 and c0t1d0, then you can just do this:
setenv boot-device disk disk2

If you need to change the disk and disk2 aliases (or want to create new names), use the nvalias command from the ok prompt. See the man page for more detailed operation though.

I run Ubuntu 8.04 AM64 on a laptop at work.  I’ve been doing this since Ubuntu 6.10.  This has not been a smooth ride. Ubuntu 6.10 i386 on my old laptop (I only “upgraded” because the old one was stolen from the plane on a busines trip) worked flawlessly for me.  Things have gotten a bit better as upgrades came out, but I still can’t use the wireless  (BCM43 device of some sort, no native driver, ndiswrapper won’t play nice), for instance.

My first and biggest tip is to stay away from 64bit linux on the desktop or laptop, unless you know why you need it.  That is very unlikely to be the case on laptops.

Moving on, for the longest time Flash would not work.  When I tried to configure the nswrapper system, it would start (sometimes) then crash the plugin.  Maybe I could view one flash website before needing to restart, maybe no flash web sites.  I finally got Flash worked out, and that is the main point of this post.

The trick to make flash work was to first install the 32bit version of FF3 from the Mozilla web site.  Put it in a new location (I went with /usr/local/firefox), and put that location in your path before /usr/bin.  For this to run, you will need ia32-libs installed.

Step 2 then is to go to the Adobe web and download the Flash 9 .tar.gz.  Don’t try to use the autodiscovery/autoinstall thing that Firefox will offer to do.  Extract the Flash 9 installer to a temporary directory, then copy the file libflashplayer.so from the temporary directory to the plugins directory (/usr/local/firefox/plugins for me since that is where extracted the 32 bit firefox from the mozilla web site).  Now, when you restart firefox, you will be using the 32bit only Flash with a 32bit version of firefox, and everything will work happily.

I think that in general, Linux doesn’t handle the 64bit transition as well as Solaris or Irix did.  As far as I can tell, Flash is 32 bit only on all platforms.  However on Solaris and Irix, 32bit versions of firefox or Mozilla are supplied, even though they are running on 64bit hardware.  Also, there seems to be a lot more of defaulting to 32bit unless specified otherwise, which is often reasonable.  And the culter seems to do a better job with supplying both 32bit and 64bit versions of libraries.

ReferURL.net is a link shorting service I created. You paste in a long URL (say to an eBay auction or newpaper article) and it gives you a short URL to use (http://referurl.net/123). You also have the option of picking an alias for a referurl, something like http://referurl.net/r/xxx. Also, a common usage pattern is a bookmarklet that you drag from the page to the toolbar. Whenever you click on the bookmarklet, it runs a bit of javascript code that submits the page you are currently looking at to ReferURL.

URL shortening services are great for emailing URLs to friends. Recently they are even more important for posting URLs on twitter (with only 140 characters, every character saved counts).

A service that does similar things called TinyURL.com has been around for a long time. Personally, I do not like tinyurl.com. I think it is ugly. There is another reason I remember disliking them, but it is possible that I have two services confused, so I won’t mention it. They also didn’t offer aliases when I wrote ReferURL.

I used to use another service, but it broke repeatedly, then when it had several months of downtime I decided to write my own. That service also didn’t support aliases.

At this point when I look around the new services that are similar, I see three things that may be better than ReferURL.

1. Some services are prettier (of course, extra graphics means slower load times).
2. Some services put the new shorter url into your clipboard buffer so that you don’t have to copy it yourself. I would love to add this, but as far as I can tell it is implemented with Flash, which I don’t own.
3. With twitter, every character counts. There are now some services with names much shorter than referurl.net. TinyURL.com is one character shorter. Bit.ly is six characters shorter. If any one has an good idea for a name that is shorter than referurl.net, I would love to steal it. In my own twitter usage, I haven’t had trouble with the length of ReferURL yet though.

Anyway, those are my comments on the creation of ReferURL.net. For the time being, I plan to keep looking for ways to improve it and will keep working on it.

Also, I will be releasing the code for people who want to run/write their own service in the future. I had previously released some code, but now that it is several months old, I took it down until I had time to clean the current code for re-release. If someone were to email me asking about that, it would probably get me to do it sooner.  It is a Python project build on mod_python and PostgreSQL.

I just imported this page because I don’t want to forget the information. If you don’t know why you need to read this, then feel free to ignore it.

About

The SunPCI is a 400mhz AMD k62 card for running Windows in a PCI
Sun. Never versions of the card are the SunPCI-II and the SunPCI-III,
both of which use higher speed Celerons.

Software

The original SunPCI was dropped after version 1.3 of the SunPCI
software (both 1.3 and newer versions are obtainable from Sun’s web
site, registration required). Version 1.3 of the SunPCI software isn’t
supported on Solaris’ newer than 8. Thus this page on making it work on
Solaris 9.

I doubt that it is possible to use this card with Solaris 10.

Important Requirement (that wasn’t immediately obvious to me)

One requirement that the software has is that it can only display on
the Sun X server. This means that you need to either need a framebuffer
in the same machine as the SunPCI, or you need to be remotely displaying
the software on another Solaris machine running the Sun X server.
Thankfully, framebuffers for almost every machine are rather cheap.

Presumably if you still want remote display on a different X server
(say, Xsgi, which is what I want), you could use VNC or Remote Desktop
on the Windows system. You still would need a graphical console to
run the SunPCI, but this could be a case of attaching a monitor to a
Sun in the basement to start the software, then using RDesktop from
your office to operate the Windows session.

When I started trying to set this up, I had only headless Sun machines, and I thought I could run this on one of them.  Oops.

Procedure

Install the software as normal. It will fail trying to run the
postinstall script, complaining about “/etc/devlink.tab not updated
correctly”. The first thing to do is to:

• cd /opt/SUNWspci/drivers/solaris
• ln -s /opt/SUNWspci/drivers/solaris/sunpcidrv.280 sunpcidrv.290
• ln -s /opt/SUNWspci/drivers/solaris/sunpcidrv.280.64 sunpcidrv.290.64

You will also need to make sure your OBP is new enough. I don’t know
what is required exactly. Perhaps 3.11. 3.9 seems to be rather common
and is too old. 3.27 seems to be the latest, and likely last version.
New versions can be downloaded from sunsolve.

Additional notes

Google Groups article with some additional notes that I didn’t require.

Also, from a german site, I got this:

d) If SunPCi still gives you trouble, edit:
~/pc/SunPC.ini
and add...
[Display]
OldText

I haven’t needed it either.