Month: May 2012

ipmitool sunoem getval /SYS/product_serial_number

or

omarras01:root# sneep
PX60438194

 

You need to plumb them to see if they have link, so

x=20;dladm show-dev| awk ‘{ print $1 }’  | while read i;do ifconfig $i plumb;((x++)) ;ifconfig $i 100.100.100.$x/24 broadcast + up;done;dladm-show-dev

Initial login to XSCF is usually eis-installer / sun123

Add the super-user account

XSCF> adduser super-user
XSCF> password -e Never super-user
XSCF> password super-user
***For the next command, use the number of domains the server is setup for. Typically, M4000’s use domainadm@1, M5000’s use domainadm@1-2***
XSCF> setprivileges super-user platadm auditadm fieldeng useradm domainadm@1-2

 

For initial access or to reset a lost XSCF password, go to the below link:

http://docs.sun.com/source/819-3601-14/

Under the Access Control section, select XSCF Passwords. You will use the procedure “To Log in Initially to the XSCF Console”

Connect To A Domain’s Console

XSCF> console -d 0  

Send A Break

XSCF> sendbreak -d 0

When a sendbreak fails for a domain, the domin mode secure setting needs to be disabled:

XSCF> setdomainmode -d 0 -m secure=off

Show Hardware Configuration

XSCF> showhardconf

Power Off A Domain

XSCF> poweroff -d 0

Show System Boards And Their Mode

XSCF> showfru -a sb  

Show System Boards In A Domain

XSCF> showboards -v -a  

Configure the XSCF on the network

This assumes you are configuring the lan#0 NIC on xscf#0. Modify as necessary:

XSCF> setnetwork xscf#0-lan#0 -m NETMASK IPADDRESS
XSCF> sethostname xscf#0 HOSTNAME-xscf0
XSCF> sethostname -d DOMAINNAME
XSCF> setroute -c add -n 0.0.0.0 -g DEFAULTGATEWAY xscf#0-lan#0
XSCF> applynetwork
XSCF> rebootxscf

Configure the DSCP Network

If the boot shows DSCP errors and/or the dscp and dcs services are failed in the OS, then SUN didn’t setup the DSCP network in the XSCF like they are supposed to before turning it over to us. This is something we can setup ourselves. Here is a standard setup on an M4000 (other M-Series servers simply increment the IPs by one for the additional domains):

 

      XSCF> setdscp
      DSCP network  [0.0.0.0        ] > 192.168.224.0

      DSCP netmask  [255.255.255.0  ] >

      XSCF address  [192.168.224.1  ] > 192.168.224.1
      Domain #00 address  [192.168.224.2  ] > 192.168.224.2
      Domain #01 address  [192.168.224.3  ] > 192.168.224.3
      Commit these changes to the database? [y|n] : y

Once the setup is complete, then a reboot of the XSCF needs to be performed:

 

      XSCF> rebootxscf

Once the XSCF has rebooted, the domain(s) configured also need to be rebooted:

 

If you do not have configured multipath.conf, but youjust have
the module enabled and no lun blacklisted you can use
this script to generate a multipath.conf:

#!/bin/ksh
echo “multipaths {”
x=0
multipath -l |egrep ‘3600|size’ |gawk ‘ORS=NR%2?””:”n”‘ | awk
‘{ print $1 $2 }’ | sed ‘s/[size=/ /g’ | while read
l;do
W=`echo $l |awk ‘{ print $1 }’`
S=`echo $l |awk ‘{ print $2 }’`
echo ” multipath {”
echo ” wwid $W”
echo ” alias disk${x}_${S}Gb”
echo ” path_grouping_policy failover”
echo ” path_checker readsector0″
echo ” path_selector “round-robin0″”

echo ” failback immediate”
echo ” }”
x=`echo “$x + 1″|bc`
done
echo “}”

Display SP firmware version:

-> version

Get Serial number:

-> show /SYS

Show available CLI commands:

-> show /SP/cli/commands

Display help information about commands and targets

-> help

Connect to host serial console:

-> start /SP/console

Send a break signal:

-> set /HOST send_break_action=break

 

 

List users with open sessions to the system console (who is using the console?):

-> show /SP/sessions

Terminate a server console session started by another user:

-> stop /SP/console

Power on host:

-> start /SYS

Power off host:

-> stop /SYS

Reset host:

-> reset /SYS

Reset ILOM:

-> reset /SP

Enable locate LED:

-> set /SYS LOCATE=on

Disable locate LED:

-> set /SYS LOCATE=off

Add a local user account:

-> create /SP/users/username password=password role=[administrator|operator]

Displaying Users:

-> show /SP/users

To know what is in your queue you use
# sendmail -bp
or
#mailq
To clear a job you just might delete it from /var/spool/mqueue

Disk drive c0t0d0 was replaced, to recover from it we must rebuild the metadb, put the partition table in place and
remirror.
bash-2.05# metadb -d /dev/dsk/c0t0d0s7
bash-2.05# metadb
flags first blk block count
a p luo 16 8192 /dev/dsk/c0t1d0s7
a p luo 8208 8192 /dev/dsk/c0t1d0s7
a p luo 16400 8192 /dev/dsk/c0t1d0s7
bash-2.05# prtvtoc /dev/rdsk/c0t1d0s2 | fmthard -s – /dev/rdsk/c0t0d0s2
bash-2.05# metadb -a -c 3 c0t0d0s7
bash-2.05# metadb
flags first blk block count
a u 16 8192 /dev/dsk/c0t0d0s7
a u 8208 8192 /dev/dsk/c0t0d0s7
a u 16400 8192 /dev/dsk/c0t0d0s7
a p luo 16 8192 /dev/dsk/c0t1d0s7
a p luo 8208 8192 /dev/dsk/c0t1d0s7
a p luo 16400 8192 /dev/dsk/c0t1d0s7
bash-2.05# metastat -p
d1 -m d11 d21 1
d11 1 1 c0t0d0s1
d21 1 1 c0t1d0s1
d0 -m d10 d20 1
d10 1 1 c0t0d0s0
d20 1 1 c0t1d0s0
251/433
d53 -p d50 -o 20979296 -b 54525952
d50 2 1 c3t50060E80042AEE40d0s0 1 c3t50060E80042 AEE40d1s0
d52 -p d50 -o 8396352 -b 12582912
d51 -p d50 -o 7712 -b 8388608
bash-2.05# metareplace -e d1 /dev/dsk/c0t0d0s1
d1: device c0t0d0s1 is enabled
bash-2.05# metareplace -e d0 /dev/dsk/c0t0d0s0
d0: device c0t0d0s0 is enabled
bash-2.05# metastat -t | grep -i stat
State: Resyncing Mon Jun 12 15:50:29 2006
State: Okay Mon Jan 23 16:35:13 2006
State: Unavailable
Device Start Dbase State Reloc Hot Spare Time
State: Okay Mon Jan 23 16:35:13 2006
Device Start Dbase State Reloc Hot Spare Time
State: Resyncing Mon Jun 12 15:50:48 2006
State: Okay Mon Jan 23 18:34:19 2006
State: Unavailable
Device Start Dbase State Reloc Hot Spare Time
State: Okay Mon Jan 23 18:34:19 2006
Device Start Dbase State Reloc Hot Spare Time
State: Okay
Device Start Dbase State Reloc Hot Spare Time
Device Start Dbase State Reloc Hot Spare Time
State: Okay
State: Okay

Mhhh, it is not halloween, and i’m not a sadist.
When you see things like this on a “ps -ef”:
root 29988 29973 0 17:13 pts/1 00:00:00 <defunct>
You can kill them on solaris >=9 with the command “preap”
So in this example you would issue:
# preap 29988
And it will be dead. Note this only works in solaris

Ok, i’ve seen it elsewhere, but i made my own list of these comments inside the linux source code, that say things like:
./drivers/char/rio/rioctrl.c: /500gb /a /b /bin /boot /c /cd /cdrom /dev /done /etc /HDS /home /initrd.img /initrd.img.old /lib /lost+found /media /mnt /music /opt /proc /root /sbin /scripts /selinux /share /smb /srv /sys /tmp /usr /var /video /vmlinuz /vmlinuz.old /windows /x It’s hardware like this that really gets on my tits. POSTS/
./drivers/char/watchdog/shwdt.c: kraftek.html POSTS rescue rescued.html rescued.txt x y z brain-damage, it’s managed to fuck things up one step further..
./Documentation/DocBook/kernel-locking.tmpl: If you don’t see why, please stay the fuck away from my code.
here

If you allow someone to “sudo vi” they could obtain a shell prompt as root if they type “:shell”.
If you allow someone to “sudo less” they could also obtain a shell prompt as root if they type “! <enter>”
To avoid that you can tag “less” and “vi” with the NOEXEC tag.
This is an example sudoers that tags “more”, “less” and “vi” as noexec, and prevents the group “theusers”
from doing “sudo bash” and “sudo su -”
Cmnd_Alias NOEXEC_CMDS = /usr/bin/less, /usr/bin/more, /bin/vi
Cmnd_Alias SHELLS = /usr/bin/amuFormat.sh /usr/bin/avahi-publish /usr/bin/avahi-publish-address /usr/bin/avahi-publish-service /usr/bin/banshee /usr/bin/bashbug /usr/bin/brushtopbm /usr/bin/bsh /usr/bin/btcflash /usr/bin/chsh /usr/bin/c_rehash /usr/bin/csharp /usr/bin/debconf-show /usr/bin/dh_bash-completion /usr/bin/dh_makeshlibs /usr/bin/dh_shlibdeps /usr/bin/dpkg-shlibdeps /usr/bin/gdm-screenshot /usr/bin/gettext.sh /usr/bin/git-shell /usr/bin/glib-genmarshal /usr/bin/gnome-file-share-properties /usr/bin/gnome-panel-screenshot /usr/bin/gnome-screenshot /usr/bin/groovysh /usr/bin/gvfs-trash /usr/bin/installdbgsymbols.sh /usr/bin/instmodsh /usr/bin/kcmshell4 /usr/bin/kdeinit4_shutdown /usr/bin/ksh /usr/bin/kshell4 /usr/bin/ksplashsimple /usr/bin/ksplashx /usr/bin/ksplashx_scale /usr/bin/ktrash /usr/bin/lshal /usr/bin/lshw /usr/bin/mailshar /usr/bin/mdns-publish-vnc /usr/bin/mdns-publish-xendom /usr/bin/motd+shell /usr/bin/mshowfat /usr/bin/muinshee /usr/bin/mysqlshow /usr/bin/omshell /usr/bin/pax11publish /usr/bin/pnmshear /usr/bin/ppmflash /usr/bin/ppmshadow /usr/bin/ppmshift /usr/bin/rawshark /usr/bin/rsh /usr/bin/sha1pass /usr/bin/sha1sum /usr/bin/sha224sum /usr/bin/sha256sum /usr/bin/sha384sum /usr/bin/sha512sum /usr/bin/shar /usr/bin/shares-admin /usr/bin/shasum /usr/bin/shcomp /usr/bin/shell /usr/bin/shotwell /usr/bin/showconsolefont /usr/bin/showfont /usr/bin/showkey /usr/bin/showrgb /usr/bin/shpadd /usr/bin/shpcreate /usr/bin/shpdump /usr/bin/shprewind /usr/bin/shptest /usr/bin/shred /usr/bin/shuf /usr/bin/ssh /usr/bin/ssh-add /usr/bin/ssh-agent /usr/bin/ssh-argv0 /usr/bin/ssh-askpass /usr/bin/ssh-copy-id /usr/bin/sshfs /usr/bin/ssh-import-id /usr/bin/ssh-keygen /usr/bin/ssh-keyscan /usr/bin/ssh-vulnkey /usr/bin/tclsh /usr/bin/tclsh8.4 /usr/bin/tclsh8.5 /usr/bin/toshset /usr/bin/trash4 /usr/bin/unshar /usr/bin/unshare /usr/bin/update-xbmc-dharma-pvr.sh /usr/bin/ushare /usr/bin/wireshark /usr/bin/wish /usr/bin/wish8.4 /usr/bin/wish8.5 /usr/bin/xbsh /usr/bin/xpcshell-1.9.2 /usr/bin/xrefresh , /sbin/capsh /sbin/shadowconfig /sbin/showmount /sbin/shutdown , /bin/bash /bin/dash /bin/ksh /bin/ksh93 /bin/rbash /bin/sh /bin/sh.distrib /bin/static-sh , /bin/su
%theusers ALL=(ALL) NOPASSWD: ALL, !SHELLS, NOEXEC: NOEXEC_CMDS