setting up Solaris zones

I promised to follow up on the last article about Solaris Logical Volume Manager with one about setting up Solaris zones, so here it is.

For those of you not in the know, Solaris zones (or containers; the terms are used interchangeably) is Sun’s virtualization technology, similar to Microsoft Virtual Server or VMWare‘s products. However, the “guests” (or “non-global zones” in Solaris-speak) must also be Solaris, and effectively run the identical base system as the “host” (or “global zone”). This is quite similar to the way FreeBSD’s jails work.

Sun is pushing the zone technology very hard these days, due to virtualization technology being the hot topic in IT at the moment. Solaris Zones do have some interesting advantages over even FreeBSD jails, namely:

patches applied in global zone are automatically applied to the non-global zones (for the most part), easing maintenance;
ability to share the pkgdb from the global zone to the non-global zones;
ability to easily loopback-mount global zone filesystems from within non-global zones;
ability to do some resource control (CPU shares only) upon the non-global zones

I predict that Sun engineers are working very hard on adding more knobs to the last item, so that you’ll eventually be able to control how much swap, RAM, etc. that the non-global zones are using.

Continue reading →

oops, we didn’t QA patching on zone-enabled systems

(I’m still writing my article on setting up zones under Solaris 10. Bear with me while I assemble all the relevant details)

I just got hit by this bug:

Transition patching (-t option) is not supported in a zones environment.

Basically, you can’t patch a system with non-global zones installed without manually hacking an rc script! As the last comment in the thread says, “Hmm, the thing that most concerns me is that a bug that obvious should have been found in even the most cursory testing.”

setting up Solaris Logical Volume Manager for mirroring

Recently we purchased a Sun Fire v210 server with a pair of 73GB drives. The Sun Fire doesn’t come with a RAID controller on board and I wasn’t interested in paying Sun another $1000 to install one, since the machine is primarily for development, so I decided to set up Sun Volume Manager (a/k/a Logical Volume Manager, or LVM) to mirror the drives. Continue reading →

I don’t like M$ Windows, but…

… since I have to grudgingly administer some Windows boxes, I’m finding this site pretty valuable. For example, someone asked me this morning if we have inbound and outbound message size limits in Exchange. This article explains how to find that information!

funny spam

This is the funniest spam I’ve seen in a while:

I noticed your Internet resume and would like to send you an email .
Please let me know if that is OK ?
3dnet@drost.usÂ withYES as subject

It’s a little late to be asking me if it’s ok to be spamming me, huh?

hacking with MySQL replication

First off, I have to be honest about my biases: I am not a big fan of MySQL. It has a long list of gotchas; in many cases, it violates what I term “the principle of least surprise”. One quick example: what is the difference between this:

$ mysql -h localhost -u root mysql

and

$ mysql -h 127.0.0.1 -u root mysql

Answer: The first command will use the local domain socket (mysql.sock) to connect to the database, and the latter will actually open a TCP/IP connection to localhost.

Why this is relevant will become clear in a moment.

Continue reading →

FreeBSD and Linksys WAP54G – solved

I finally got my FreeBSD laptop to authenticate to the company’s WAP 54G wireless access point. It turns out that the problem was with the Linksys firmware! I spent two days futzing with FreeBSD and trying to figure out why the iwi card wouldn’t associate with the access point, and finally in frustration I flashed the WAP54G’s firmware to version 3.04 (from version 2.08), even though the release notes said nothing about fixing WPA association. And it worked!

I guess this is what happens when you buy consumer-grade devices.

MTA hacking

Today has been a day for hacking mail infrastructure. First, I arrived at the office at 8 a.m. to cut over our old RedHat 7.3-based SMTP gateway to a new Fedora Core 4 virtual machine. The purpose of this box (or VMWare GSX Server guest, in our case) is to act as a final sanity check before inbound e-mail hits Microsoft Virus Exchange Server. Previous admins were smart enough to realize that once a virus hits Exchange it will spread like wildfire, so there needs to be a special box placed in front of Exchange to scan for viruses.

The new setup is similar to the old setup, but with updated packages. The machine runs Postfix with amavisd-new as the content_filter, and any clean messages are passed over the internal LAN to the Exchange server. We’re using ClamAV as the antivirus scanner.

I encountered one problem while cutting this over which is that clamd likes to drop privileges right after starting, and I’d forgotten to set AllowSupplementaryGroups in the clamd configuration file. This meant ClamAV couldn’t read any of the temporary spool files written by amavis.
Continue reading →

hacking Outlook’s info line

I started subscribing to the freebsd-mobile mailing list now that I’m running FreeBSD on my ThinkPad T42. Unfortunately, we use Microsoft [Virus] Exchange at work, so I read my e-mail using Evolution using the Exchange Connector.

I was amused to see that it’s possible to hijack the status line in both Outlook for Windows (the thick client) and OWA (Outlook Web Access). Some enterprising soul has figured out that Microsoft inserts an X-message-flag pseudo-header into any e-mail that it wants to specially flag, even if that message never originally contained the header.

This has amusing results:

You can see how the culprit executes this little trick by viewing the raw message source.

giving up on SUSE Linux 10

I finally gave up on SUSE Linux 10 on my ThinkPad T42 from work.

There were a number of reasons for doing so, but in general I just found that everything was far too complicated and had too many GUI layers and layers of abstraction upon layers of abstraction, such that I couldn’t actually do anything on the box without fear of breaking it.

Continue reading →