ls /sys/class/fc_host/ | while read h;do
echo $h
echo 1 > /sys/class/fc_host/$h/issue_lip
echo “- – -” > /sys/class/scsi_host/$h/scan
done
May
18
May
18
We have a formula for shifts and a list of people, we need to fill a calendar with them.
These are the iterations for each week “formula.txt”, each row is a week, the first value is the iteration number, the other 4 values in the row are the number for a team member, these iterations are the sequence of combinations so that people are not oncall too frequently:
1 1 2 3 4
2 5 6 7 8
3 4 3 2 1
4 8 7 6 5
5 2 1 4 3
6 6 5 8 7
7 3 4 1 2
8 7 8 5 6
the numbers for the team members are in “roster.txt”:
1 FFlinstone XXJA01
2 Jdoe XXJD02
3 OOsbourne XXHR01
4 AHitchcock XXDD02
5 ARose XXAW04
6 EAPoe XXFP01
7 ACooper XXBC06
8 BJovi XXSL01
this is “oncall.ksh”
#!/bin/bash
start_date=20120604
end_date=20120902
formula_current_row=5
formula_rows=8
get_roster()
{
for p in `grep ^$1 formula.txt | awk ‘{ print $2″ “$3″ “$4″ “$5 }’`;do
echo -n “`grep ^$p roster.txt|awk ‘{ print $3″ ” }’`”
done
echo “”
}
get_weekend_roster()
{
for p in `grep ^$1 formula.txt | awk ‘{ print $2″ “$3″ “$2″ “$3 }’`;do
echo -n “`grep ^$p roster.txt|awk ‘{ print $3″ ” }’`”
done
echo “”
}
get_oncall()
{
tmpw=0
W=`date -d “$start_date $tmpw day” +”%W”`
for ((tmpw = 0; $(date -d “$start_date $tmpw day” +%s) <= $(date -d “$end_date” +%s); tmpw += 1))
do
P=$W
W=`date -d “$start_date $tmpw day” +”%W”`
if [ "$P" != "$W" ];then
let formula_current_row+=1
if [ $formula_current_row -gt $formula_rows ];then
formula_current_row=1
fi
fi
D=`date -d “$start_date $tmpw day” +”%Y-%m-%d %a%t”`
ISWEEKEND=`echo $D|egrep -i ‘sat|sun’|wc -l`
echo -n “$D ”
if [ $ISWEEKEND -gt 0 ];then
get_weekend_roster $formula_current_row
else
get_roster $formula_current_row
fi
done
}
generate_sql()
{
echo “use OnCall;”
get_oncall | while read l;do
ISWEEKEND=`echo $l|egrep -i ‘sat|sun’|wc -l`
if [ $ISWEEKEND -gt 0 ];then
echo $l | awk ‘{ print “insert into Detail (Date,Shift_C1_Pri,Shift_C1_Sec) values (\”"$1″\”,\”"$3″\”,\”"$4″\”) on DUPLICATE KEY UPDATE Shift_C1_Pri=\”"$3″\”,Shift_C1_Sec=\”"$4″\”;” }’
else
echo $l | awk ‘{ print “insert into Detail (Date,Shift_A1_Pri,Shift_A1_Sec,Shift_A2_Pri,Shift_A2_Sec) values (\”"$1″\”,\”"$3″\”,\”"$4″\”,\”"$5″\”,\”"$6″\”) on DUPLICATE KEY UPDATE Shift_A1_Pri=\”"$3″\”,Shift_A1_Sec=\”"$4″\”,Shift_A2_Pri=\”"$5″\”,Shift_A2_Sec=\”"$6″\”;” }’
fi
done
}
get_oncall
generate_sql > from_${start_date}_to_${end_date}.sql
May
18
Again another basic tivoli thing… in solaris TSM logs are at:
/var/tivoli
May
17
if an llt link shows down, you can always inject some traffic through the wire and see if you can catch it on the other side.
We first, on one side of the cluster find out the mac address of our interface, then start a “dlpiping server”
process on it.
# /opt/VRTSllt/getmac /dev/ce:0
/dev/ce:0 08:00:10:A7:1E:DC
# /opt/VRTSllt/dlpiping -s /dev/ce:0
Now, on the other side of the link, on the other server, we query for the mac address in the wire.
# /opt/VRTSllt/dlpiping -c /dev/ce:0 08:00:10:A7:1E:DC
08:00:10:A7:1E:DC is alive
if it says that the mac is alive then we have a good link.
May
17
add this to your /etc/multipath.conf:
devices {
## Device attributes for EMC SYMMETRIX
device {
vendor "EMC "
product "SYMMETRIX"
path_grouping_policy multibus
getuid_callout "/sbin/scsi_id -g -u -s /block/%n"
path_selector "round-robin 0"
features "0"
hardware_handler "0"
failback immediate
}
## Device attributes for EMC CLARiiON
device {
vendor "DGC"
product "*"
path_grouping_policy group_by_prio
getuid_callout "/sbin/scsi_id -g -u -s /block/%n"
prio_callout "/sbin/mpath_prio_emc /dev/%n"
hardware_handler "1 emc"
features "1 queue_if_no_path"
no_path_retry 300
path_checker emc_clariion
failback immediate
}
}
May
10
to capture all packets to and from “192.168.5.182″ and save the conversation in “snoopy.log”
snoop -d e1000g2 -o snoopy.log -v 192.168.5.182
to view the output
snoop -vi snoopy.log
May
4
ipmitool sunoem getval /SYS/product_serial_number
May
4
You need to plumb them to see if they have link, so
x=20;dladm show-dev| awk ‘{ print $1 }’ | while read i;do ifconfig $i plumb;((x++)) ;ifconfig $i 100.100.100.$x/24 broadcast + up;done;dladm-show-dev
May
4
Initial login to XSCF is usually eis-installer / sun123
Add the super-user account
XSCF> adduser super-user
XSCF> password -e Never super-user
XSCF> password super-user
***For the next command, use the number of domains the server is setup for. Typically, M4000′s use domainadm@1, M5000′s use domainadm@1-2***
XSCF> setprivileges super-user platadm auditadm fieldeng useradm domainadm@1-2
For initial access or to reset a lost XSCF password, go to the below link:
http://docs.sun.com/source/819-3601-14/
Under the Access Control section, select XSCF Passwords. You will use the procedure “To Log in Initially to the XSCF Console”
Connect To A Domain’s Console
XSCF> console -d 0
Send A Break
XSCF> sendbreak -d 0
When a sendbreak fails for a domain, the domin mode secure setting needs to be disabled:
XSCF> setdomainmode -d 0 -m secure=off
Show Hardware Configuration
XSCF> showhardconf
Power Off A Domain
XSCF> poweroff -d 0
Show System Boards And Their Mode
XSCF> showfru -a sb
Show System Boards In A Domain
XSCF> showboards -v -a
Configure the XSCF on the network
This assumes you are configuring the lan#0 NIC on xscf#0. Modify as necessary:
XSCF> setnetwork xscf#0-lan#0 -m NETMASK IPADDRESS
XSCF> sethostname xscf#0 HOSTNAME-xscf0
XSCF> sethostname -d DOMAINNAME
XSCF> setroute -c add -n 0.0.0.0 -g DEFAULTGATEWAY xscf#0-lan#0
XSCF> applynetwork
XSCF> rebootxscf
Configure the DSCP Network
If the boot shows DSCP errors and/or the dscp and dcs services are failed in the OS, then SUN didn’t setup the DSCP network in the XSCF like they are supposed to before turning it over to us. This is something we can setup ourselves. Here is a standard setup on an M4000 (other M-Series servers simply increment the IPs by one for the additional domains):
XSCF> setdscp
DSCP network [0.0.0.0 ] > 192.168.224.0
DSCP netmask [255.255.255.0 ] >
XSCF address [192.168.224.1 ] > 192.168.224.1
Domain #00 address [192.168.224.2 ] > 192.168.224.2
Domain #01 address [192.168.224.3 ] > 192.168.224.3
Commit these changes to the database? [y|n] : y
Once the setup is complete, then a reboot of the XSCF needs to be performed:
XSCF> rebootxscf
Once the XSCF has rebooted, the domain(s) configured also need to be rebooted:
May
4
If you do not have configured multipath.conf, but youjust have
the module enabled and no lun blacklisted you can use
this script to generate a multipath.conf:
#!/bin/ksh
echo “multipaths {”
x=0
multipath -l |egrep ’3600|size’ |gawk ‘ORS=NR%2?”":”n”‘ | awk
‘{ print $1 $2 }’ | sed ‘s/[size=/ /g’ | while read
l;do
W=`echo $l |awk ‘{ print $1 }’`
S=`echo $l |awk ‘{ print $2 }’`
echo ” multipath {”
echo ” wwid $W”
echo ” alias disk${x}_${S}Gb”
echo ” path_grouping_policy failover”
echo ” path_checker readsector0″
echo ” path_selector “round-robin0″”
echo ” failback immediate”
echo ” }”
x=`echo “$x + 1″|bc`
done
echo “}”
May
3
Display SP firmware version:
-> version
Show available CLI commands:
-> show /SP/cli/commands
Display help information about commands and targets
-> help
Connect to host serial console:
-> start /SP/console
Send a break signal:
-> set /HOST send_break_action=break
List users with open sessions to the system console (who is using the console?):
-> show /SP/sessions
Terminate a server console session started by another user:
-> stop /SP/console
Power on host:
-> start /SYS
Power off host:
-> stop /SYS
Reset host:
-> reset /SYS
Reset ILOM:
-> reset /SP
Enable locate LED:
-> set /SYS LOCATE=on
Disable locate LED:
-> set /SYS LOCATE=off
Add a local user account:
-> create /SP/users/username password=password role=[administrator|operator]
Displaying Users:
-> show /SP/users
May
1
To know what is in your queue you use
# sendmail -bp
or
#mailq
To clear a job you just might delete it from /var/spool/mqueue
May
1
Disk drive c0t0d0 was replaced, to recover from it we must rebuild the metadb, put the partition table in place and
remirror.
bash-2.05# metadb -d /dev/dsk/c0t0d0s7
bash-2.05# metadb
flags first blk block count
a p luo 16 8192 /dev/dsk/c0t1d0s7
a p luo 8208 8192 /dev/dsk/c0t1d0s7
a p luo 16400 8192 /dev/dsk/c0t1d0s7
bash-2.05# prtvtoc /dev/rdsk/c0t1d0s2 | fmthard -s – /dev/rdsk/c0t0d0s2
bash-2.05# metadb -a -c 3 c0t0d0s7
bash-2.05# metadb
flags first blk block count
a u 16 8192 /dev/dsk/c0t0d0s7
a u 8208 8192 /dev/dsk/c0t0d0s7
a u 16400 8192 /dev/dsk/c0t0d0s7
a p luo 16 8192 /dev/dsk/c0t1d0s7
a p luo 8208 8192 /dev/dsk/c0t1d0s7
a p luo 16400 8192 /dev/dsk/c0t1d0s7
bash-2.05# metastat -p
d1 -m d11 d21 1
d11 1 1 c0t0d0s1
d21 1 1 c0t1d0s1
d0 -m d10 d20 1
d10 1 1 c0t0d0s0
d20 1 1 c0t1d0s0
251/433
d53 -p d50 -o 20979296 -b 54525952
d50 2 1 c3t50060E80042AEE40d0s0 1 c3t50060E80042 AEE40d1s0
d52 -p d50 -o 8396352 -b 12582912
d51 -p d50 -o 7712 -b 8388608
bash-2.05# metareplace -e d1 /dev/dsk/c0t0d0s1
d1: device c0t0d0s1 is enabled
bash-2.05# metareplace -e d0 /dev/dsk/c0t0d0s0
d0: device c0t0d0s0 is enabled
bash-2.05# metastat -t | grep -i stat
State: Resyncing Mon Jun 12 15:50:29 2006
State: Okay Mon Jan 23 16:35:13 2006
State: Unavailable
Device Start Dbase State Reloc Hot Spare Time
State: Okay Mon Jan 23 16:35:13 2006
Device Start Dbase State Reloc Hot Spare Time
State: Resyncing Mon Jun 12 15:50:48 2006
State: Okay Mon Jan 23 18:34:19 2006
State: Unavailable
Device Start Dbase State Reloc Hot Spare Time
State: Okay Mon Jan 23 18:34:19 2006
Device Start Dbase State Reloc Hot Spare Time
State: Okay
Device Start Dbase State Reloc Hot Spare Time
Device Start Dbase State Reloc Hot Spare Time
State: Okay
State: Okay
May
1
Mhhh, it is not halloween, and i’m not a sadist.
When you see things like this on a “ps -ef”:
root 29988 29973 0 17:13 pts/1 00:00:00 <defunct>
You can kill them on solaris >=9 with the command “preap”
So in this example you would issue:
# preap 29988
And it will be dead. Note this only works in solaris 
May
1
Ok, i’ve seen it elsewhere, but i made my own list of these comments inside the linux source code, that say things like:
./drivers/char/rio/rioctrl.c: /500gb /a /b /bin /boot /c /cd /cdrom /dev /done /etc /HDS /home /initrd.img /initrd.img.old /lib /lost+found /media /mnt /music /opt /proc /root /sbin /scripts /selinux /share /smb /srv /sys /tmp /usr /var /video /vmlinuz /vmlinuz.old /windows /x It’s hardware like this that really gets on my tits. POSTS/
./drivers/char/watchdog/shwdt.c: kraftek.html POSTS rescue rescued.html rescued.txt x y z brain-damage, it’s managed to fuck things up one step further..
./Documentation/DocBook/kernel-locking.tmpl: If you don’t see why, please stay the fuck away from my code.
here
May
1
If you allow someone to “sudo vi” they could obtain a shell prompt as root if they type “:shell”.
If you allow someone to “sudo less” they could also obtain a shell prompt as root if they type “! <enter>”
To avoid that you can tag “less” and “vi” with the NOEXEC tag.
This is an example sudoers that tags “more”, “less” and “vi” as noexec, and prevents the group “theusers”
from doing “sudo bash” and “sudo su -”
Cmnd_Alias NOEXEC_CMDS = /usr/bin/less, /usr/bin/more, /bin/vi
Cmnd_Alias SHELLS = /usr/bin/amuFormat.sh /usr/bin/avahi-publish /usr/bin/avahi-publish-address /usr/bin/avahi-publish-service /usr/bin/banshee /usr/bin/bashbug /usr/bin/brushtopbm /usr/bin/bsh /usr/bin/btcflash /usr/bin/chsh /usr/bin/c_rehash /usr/bin/csharp /usr/bin/debconf-show /usr/bin/dh_bash-completion /usr/bin/dh_makeshlibs /usr/bin/dh_shlibdeps /usr/bin/dpkg-shlibdeps /usr/bin/gdm-screenshot /usr/bin/gettext.sh /usr/bin/git-shell /usr/bin/glib-genmarshal /usr/bin/gnome-file-share-properties /usr/bin/gnome-panel-screenshot /usr/bin/gnome-screenshot /usr/bin/groovysh /usr/bin/gvfs-trash /usr/bin/installdbgsymbols.sh /usr/bin/instmodsh /usr/bin/kcmshell4 /usr/bin/kdeinit4_shutdown /usr/bin/ksh /usr/bin/kshell4 /usr/bin/ksplashsimple /usr/bin/ksplashx /usr/bin/ksplashx_scale /usr/bin/ktrash /usr/bin/lshal /usr/bin/lshw /usr/bin/mailshar /usr/bin/mdns-publish-vnc /usr/bin/mdns-publish-xendom /usr/bin/motd+shell /usr/bin/mshowfat /usr/bin/muinshee /usr/bin/mysqlshow /usr/bin/omshell /usr/bin/pax11publish /usr/bin/pnmshear /usr/bin/ppmflash /usr/bin/ppmshadow /usr/bin/ppmshift /usr/bin/rawshark /usr/bin/rsh /usr/bin/sha1pass /usr/bin/sha1sum /usr/bin/sha224sum /usr/bin/sha256sum /usr/bin/sha384sum /usr/bin/sha512sum /usr/bin/shar /usr/bin/shares-admin /usr/bin/shasum /usr/bin/shcomp /usr/bin/shell /usr/bin/shotwell /usr/bin/showconsolefont /usr/bin/showfont /usr/bin/showkey /usr/bin/showrgb /usr/bin/shpadd /usr/bin/shpcreate /usr/bin/shpdump /usr/bin/shprewind /usr/bin/shptest /usr/bin/shred /usr/bin/shuf /usr/bin/ssh /usr/bin/ssh-add /usr/bin/ssh-agent /usr/bin/ssh-argv0 /usr/bin/ssh-askpass /usr/bin/ssh-copy-id /usr/bin/sshfs /usr/bin/ssh-import-id /usr/bin/ssh-keygen /usr/bin/ssh-keyscan /usr/bin/ssh-vulnkey /usr/bin/tclsh /usr/bin/tclsh8.4 /usr/bin/tclsh8.5 /usr/bin/toshset /usr/bin/trash4 /usr/bin/unshar /usr/bin/unshare /usr/bin/update-xbmc-dharma-pvr.sh /usr/bin/ushare /usr/bin/wireshark /usr/bin/wish /usr/bin/wish8.4 /usr/bin/wish8.5 /usr/bin/xbsh /usr/bin/xpcshell-1.9.2 /usr/bin/xrefresh , /sbin/capsh /sbin/shadowconfig /sbin/showmount /sbin/shutdown , /bin/bash /bin/dash /bin/ksh /bin/ksh93 /bin/rbash /bin/sh /bin/sh.distrib /bin/static-sh , /bin/su
%theusers ALL=(ALL) NOPASSWD: ALL, !SHELLS, NOEXEC: NOEXEC_CMDS
May
1
First do a dump of your config, in case you want to get it back. On the global zone:
# zonecfg -z zzzpit120b export -f zzzpit120b.txt
Now remove it from the config, and umount it, all this in the global zone.
# zonecfg -z zzzpit120b remove fs dir=/oracle/GYT/saptrace
# umount /zones/zzzpit120 b/root/oracle/GYT/saptrace
Thanks to Alejandro Siller
May
1
Ok, so your PC connects to a vpn, and there’s this one unix host that has access to the ilo’s and dracs, but your pc
doesn’t…
So our participants are, in order of connection:
PC-jumphost-console
46/433
that means PC cannot access console, but jumphost does.
If “console” is a HP-ILO, from your PC do:
ssh -C -g jumphost -L 443:console:443 -L 3389:console:3389 -L 9300:console:9300 -L 17990:console:17990
-L 17988:console:17998 -L 3002:console: 3002 -L 23:console:23
If “console” is a Dell DRAC, from your PC do:
ssh -C -g jumphost -L 443:console:443 -L 5900:console:5900 -L 5901:console:5901 -L 3668:console:3668 -L
3669:console:3669
And then, in your pc, use https://127.0.0.2 to connect to either DRAC or ILO.
Each time you do one of these redirections you’re using the ports exclusively, so only one drac or ilo can be
redirected at a time.
May
1
For those of you that have netiq as a monitoring tool in your servers and need to know the agent version, go to
# cd /usr/netiq/UnixAgent/bin
# ./nqmagt -v
nqmagt: Unix Agent Version is – 6.5.116378.1139
May
1
If you need to create a Big concat metadevice from a bunch of EMC or HITACHI disks, you can use this script:
#!/bin/ksh
( N=`format < /dev/null | egrep -i ‘emc|hit’ | wc -l| sed ‘s/ //g’`
/usr/ucb/echo -n “metainit d1 $N ”
format < /dev/null | egrep -i ‘emc|hit’ | awk ‘{ print $2 }’ | while read d;do
/usr/ucb/echo -n “1 ${d}s2 ”
done
echo “” ) > /tmp/makevol.ksh
chmod 755 /tmp/makevol.ksh
May
1
Screen is a utility to keep command line sessions in your unix
environment alive regardless of disconnects, and it can hold several
sessions inside it.
To start it run:
# screen
Once inside, you can use
Ctrl a c – Creates a new screen session so that you can use more than one screen session at once. Ctrl a n
- Switches to the
n
ext screen session (if you use more than one). Ctrl a p – Switches to the
p
revious screen
session (if you use more than one). Ctrl a d – Detaches a screen session (without killing the processes in it -
they continue).
Once you issue “ctrl a d” you are outside of screen.
To get a list of the screen sessions you have do a:
# screen -ls
There is a screen on:
9998.pts-5.myserver (Detached)
1 Socket in /tmp/uscreens/S-rdircio.
so to reconnect to it you need to do:
# screen -r 9998.pts-5.myserver
Than you use the “ctrl a ” commands listed above to use the subsessions.
May
1
This happens:
# ps -ef
oracle 31868 1 0 08:37 x y z 00:00:00 ora_p103_salerep
103 1789 1788 0 08:39 pts/2 00:00:00 -bash
103 2099 1789 0 08:39 pts/2 00:00:00 ps -ef
103 2100 1789 0 08:39 pts/2 00:00:00 grep -i 103
Notice we see “103″ in the first column instead of the username, this is because uid 103 is “siebadmin”, which
is >8 characters long. Ps has a column width of 8 on the first column, and if the username does not fit, it uses
the uid. This is not fixable, unless in source.
May
1
We had to install jetforms in an AIX machine, for development purposes, but didn’t have a license…
Figuring out it receives jobs and outputs pdfs in directories, well, we can just copy the jobs to a remote server
and retrieve the pdfs too.
The forms should also be placed somewhere to be replicated.
So we installed jetforms in a remote solaris machine, and wrote some daemon scripts in the AIX, to do the
job, form and result transfer.
The core of it all is /scripts/jf.ksh, a set of 3 daemons written in one script:
# cat /scripts/jf.ksh
#!/bin/ksh
echo “`date` starting…”
(while true;do
(for file in /usr/local/adobe/central/server/data/*.dat;do
echo “`date`: COPYING: $file TO REMOTE”
273/433
rcp $file wasdesa2:/usr/local/adobe/central/server/data
rm $file
done) >/dev/null 2>&1
sleep 4;
done ) &
(while true;do
(for file in `find /usr/local/adobe/central/server/etc/exprint/forms -type f -mtime -1`;do
echo “`date`: COPYING: $file TO REMOTE”
rcp $file wasdesa2:/usr/local/adobe/central/server/etc/exprint/forms
done) >/dev/null 2>&1
sleep 15;
done ) &
(while true;do
for file in `rsh wasdesa2 “find /usr/local/adobe/central/server/data -type f -mtime -100| grep -i pdf”`;do
if [ ! -f $file ];then
echo “`date`: COPYING: $file FROM REMOTE”
rcp wasdesa2:$file /usr/local/adobe/central/server/data
fi
done
sleep 4;
done ) &
The enclosed parentheses do the forking magic. We are using /.rhosts loose security for this, maybe we’ll use
keys on ssh later.
To keep the party going on and on, we wrote a “start” script
# cat /scripts/jetstart.ksh
#!/bin/ksh
P=`ps -ef | grep jf.ksh|grep -iv grep|wc -l`
if [ $P -eq 0 ];then
echo “jf is not running, starting..”
/scripts/jf.ksh > /scripts/jf.log &
echo “started”
fi
We also wrote a “stop” script:
# cat /scripts/jetstart.ksh
#!/bin/ksh
P=`ps -ef | grep jf.ksh|grep -iv grep|wc -l`
if [ $P -eq 0 ];then
echo “jf is not running, starting..”
/scripts/jf.ksh > /scripts/jf.log &
echo “started”
fi
And added a cron entry to keep it goin’
0,5,10,15,20,25,30,35,40,45,50,55
/scripts/jetstart.ksh > /dev/null 2>&1