!!! UNIX !!!

Sunday, January 30, 2011

Removing disk from Veritas control and taking it offline

Removing disk from veritas DG's. These two disks were part of the DG's that were destroyed.

(MyHost:/)# vxprint -g MyZone-Mydbdb -d
TY NAME         ASSOC        KSTATE   LENGTH   PLOFFS   STATE    TUTIL0 PUTIL0
dm disk         emc0_0536    -        35289088 -        -        -       -
(MyHost:/)# vxprint -g MyZone-Mydb -d
TY NAME         ASSOC        KSTATE   LENGTH   PLOFFS   STATE    TUTIL0 PUTIL0
dm disk         emc0_0535    -        35289088 -        -        -       -
(MyHost:/)#

DG's destroyed
(MyHost:/)#
(MyHost:/)# vxdg destroy MyZone-Mydbdb
(MyHost:/)# vxdg destroy MyZone-Mydb
(MyHost:/)#
(MyHost:/)#
(MyHost:/)# vxdg list | grep Mydb
(MyHost:/)#

Taking the disk out of veritas setup
(MyHost:/)#
(MyHost:/)# /etc/vx/bin/vxdiskunsetup emc0_0536
(MyHost:/)# /etc/vx/bin/vxdiskunsetup emc0_0535

Listing the disk details. Now it has removed the veritas information of the disk.
(MyHost:/)#
(MyHost:/)# vxdisk list emc0_0536
Device:    emc0_0536
devicetag: emc0_0536
type:      auto
info:      format=none
flags:     online ready private autoconfig invalid
pubpaths: block=/dev/vx/dmp/emc0_0536s2 char=/dev/vx/rdmp/emc0_0536s2
guid:      -
udid:      EMC%5FSYMMETRIX%5F000290104444%5F44536000
site:      -
Multipathing information:
numpaths:   2
c4t5006048452A91F17d63s2        state=enabled
c2t5006048452A91F18d63s2        state=enabled
(MyHost:/)# vxdisk list emc0_0535
Device:    emc0_0535
devicetag: emc0_0535
type:      auto
info:      format=none
flags:     online ready private autoconfig invalid
pubpaths: block=/dev/vx/dmp/emc0_0535s2 char=/dev/vx/rdmp/emc0_0535s2
guid:      -
udid:      EMC%5FSYMMETRIX%5F000290104444%5F44535000
site:      -
Multipathing information:
numpaths:   2
c4t5006048452A91F17d62s2        state=enabled
c2t5006048452A91F18d62s2        state=enabled
(MyHost:/)#
(MyHost:/)#

Removing the disk from veritas control
(MyHost:/)# vxdisk rm c4t5006048452A91F17d63s2
(MyHost:/)# vxdisk rm c4t5006048452A91F17d62s2
(MyHost:/)#

No more disk details in veritas database.
(MyHost:/)#
(MyHost:/)# vxdisk -o alldgs -e list | grep emc0_0536
(MyHost:/)# vxdisk -o alldgs -e list | grep emc0_0535
(MyHost:/)#
(MyHost:/)#

Take the disk offline and make sure not accessible by the system.
(MyHost:/)#
(MyHost:/)# luxadm -e offline /dev/rdsk/c4t5006048452A91F17d63s2
(MyHost:/)# luxadm -e offline /dev/rdsk/c2t5006048452A91F18d63s2
(MyHost:/)#
(MyHost:/)# luxadm -e offline /dev/rdsk/c4t5006048452A91F17d62s2
(MyHost:/)# luxadm -e offline /dev/rdsk/c2t5006048452A91F18d62s2
(MyHost:/)#
(MyHost:/)#

Destroying a DiskGroup

Destroying the Disk Group after deleting the volumes

List the DG
(MyHost:/)# vxdg list | grep Mydb
MyZone-Mydb enabled,cds 1268406643.62.MyHost
MyZone-Mydbdb enabled,cds 1268406894.68.MyHost
(MyHost:/)#

Check if there is any fs mounted inside the zone
(MyHost:/)# df -kZ 2>/dev/null | grep MyZone-Mydb
(MyHost:/)# df -kZ 2>/dev/null | grep MyZone-Mydbdb
(MyHost:/)#

List the disk & volumes in the DG
(MyHost:/)# vxprint -g MyZone-Mydb -d
TY NAME ASSOC KSTATE LENGTH PLOFFS STATE TUTIL0 PUTIL0
dm disk emc0_0535 - 35289088 - - - -
(MyHost:/)# vxprint -g MyZone-Mydb -v
TY NAME ASSOC KSTATE LENGTH PLOFFS STATE TUTIL0 PUTIL0
v Mydb fsgen ENABLED 3407872 - ACTIVE - -
v Mydbbim fsgen ENABLED 102400 - ACTIVE - -
v Mydbbo fsgen ENABLED 8388608 - ACTIVE - -
(MyHost:/)#
(MyHost:/)# vxprint -g MyZone-Mydbdb -d
TY NAME ASSOC KSTATE LENGTH PLOFFS STATE TUTIL0 PUTIL0
dm disk emc0_0536 - 35289088 - - - -
(MyHost:/)#
(MyHost:/)# vxprint -g MyZone-Mydbdb -v
TY NAME ASSOC KSTATE LENGTH PLOFFS STATE TUTIL0 PUTIL0
v Mydbdbs fsgen ENABLED 3604480 - ACTIVE - -
v Mydbdbsarch fsgen ENABLED 1024000 - ACTIVE - -
v Mydbdbsdata fsgen ENABLED 2924544 - ACTIVE - -
v Mydbdbsindex fsgen ENABLED 204800 - ACTIVE - -
(MyHost:/)#

Remove the volume
(MyHost:/)#
(MyHost:/)# vxassist -g MyZone-Mydbdb remove volume Mydbdbsindex
(MyHost:/)# vxassist -g MyZone-Mydbdb remove volume Mydbdbsdata
(MyHost:/)# vxassist -g MyZone-Mydbdb remove volume Mydbdbsarch
(MyHost:/)# vxassist -g MyZone-Mydbdb remove volume Mydbdbs
(MyHost:/)# vxprint -g MyZone-Mydbdb -v
(MyHost:/)#

Destroy the volume
(MyHost:/)#
(MyHost:/)# vxdg destroy MyZone-Mydbdb
(MyHost:/)# vxdg destroy MyZone-Mydb
(MyHost:/)#
(MyHost:/)#
(MyHost:/)# vxdg list | grep Mydb
(MyHost:/)#

Removing a filesystem from zonecfg

zonecfg to remove the filesystem added in the zone configuration fie. This will remove the fs entry from the zone.xml file.

(MyHost:/)# zonecfg -z MyZone info fs | grep Mydb

        dir: /Mydb

        special: /dev/vx/dsk/MyZone-Mydb/Mydb

        raw: /dev/vx/rdsk/MyZone-Mydb/Mydb

        dir: /Mydb/bim

        special: /dev/vx/dsk/MyZone-Mydb/Mydbbim

        raw: /dev/vx/rdsk/MyZone-Mydb/Mydbbim

        dir: /Mydb/bo

        special: /dev/vx/dsk/MyZone-Mydb/Mydbbo

        raw: /dev/vx/rdsk/MyZone-Mydb/Mydbbo

        dir: /Mydb/dbs

        special: /dev/vx/dsk/MyZone-Mydbdb/Mydbdbs

        raw: /dev/vx/rdsk/MyZone-Mydbdb/Mydbdbs

        dir: /Mydb/dbs/index

        special: /dev/vx/dsk/MyZone-Mydbdb/Mydbdbsindex

        raw: /dev/vx/rdsk/MyZone-Mydbdb/Mydbdbsindex

        dir: /Mydb/dbs/arch

        special: /dev/vx/dsk/MyZone-Mydbdb/Mydbdbsarch

        raw: /dev/vx/rdsk/MyZone-Mydbdb/Mydbdbsarch

(MyHost:/)#

(MyHost:/)# zonecfg -z MyZone

zonecfg:MyZone> remove fs dir=/Mydb/dbs/arch

zonecfg:MyZone> remove fs dir=/Mydb/dbs/index

zonecfg:MyZone> remove fs dir=/Mydb/dbs

zonecfg:MyZone> remove fs dir=/Mydb/bo

zonecfg:MyZone> remove fs dir=/Mydb/bim

zonecfg:MyZone> remove fs dir=/Mydb

zonecfg:MyZone>

zonecfg:MyZone> commit

zonecfg:MyZone> exit

(MyHost:/)#

(MyHost:/)# zonecfg -z MyZone info fs | grep Mydb

(MyHost:/)#

(MyHost:/)#

NFSv4 style ACL - Adding and Removing Permissions

ACL allows to set more finer permissions on a file or directory apart from the standard permissions(uog)

POSIX ACL's use setfacl and getfacl functions to set ACL permissions. POSIX style ACL doesn't work on ZFS filesystem.

NFSv4 style ACL is an upgrade over the old model and use chmod to set permissions. getfacl and setfacl are obsolete in ZFS. This provides more finer permissions including permission only to append on a file.

NFSv4 style ACL's are set on the directories

==================================================

zone1:/root# ls -lv /opt/slw/bea/app/ines/bulk

total 161

drwxrwxrwx+ 2 myuser slw 108 Oct 21 17:07 error

0:everyone@:delete_child/write_attributes/write_acl:deny

1:group@:delete_child/write_attributes/write_acl:deny

2:group@:read_attributes/read_acl/synchronize:allow

3:group@:write_attributes/write_acl:deny

4:user:slw9:write_attributes/write_acl:deny

5:user:slw9::deny

6:user:slw9:list_directory/read_data/add_file/write_data

/add_subdirectory/append_data/execute/delete_child/read_attributes

/read_acl/synchronize:allow

7:user:slw9:write_attributes/write_acl:deny

8:user:slw:write_attributes/write_acl:deny

9:user:slw::deny

10:user:slw:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/execute/delete_child/read_attributes/read_acl

/synchronize:allow

11:user:slw:write_attributes/write_acl:deny

12:owner@::deny

13:owner@:delete_child/read_attributes/write_attributes/read_acl

/write_acl/synchronize:allow

14:everyone@:read_attributes/read_acl/synchronize:allow

15:owner@::deny

16:owner@:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/write_xattr/execute/write_attributes/write_acl

/write_owner:allow

17:group@::deny

18:group@:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/execute:allow

19:everyone@:write_xattr/write_attributes/write_acl/write_owner:deny

20:everyone@:list_directory/read_data/add_file/write_data

/add_subdirectory/append_data/read_xattr/execute/read_attributes

/read_acl/synchronize:allow

drwxrwxrwx+ 2 myuser slw 8 Jan 25 13:39 input

0:group:slw:list_directory/read_data/add_file/write_data

/add_subdirectory/append_data:allow

1:everyone@:delete_child/write_attributes/write_acl:deny

2:group@:delete_child/write_attributes/write_acl:deny

3:group@:read_attributes/read_acl/synchronize:allow

4:group@:write_attributes/write_acl:deny

5:user:slw9:write_attributes/write_acl:deny

6:user:slw9::deny

7:user:slw9:list_directory/read_data/add_file/write_data

/add_subdirectory/append_data/execute/delete_child/read_attributes

/read_acl/synchronize:allow

8:user:slw9:write_attributes/write_acl:deny

9:user:slw:write_attributes/write_acl:deny

10:user:slw::deny

11:user:slw:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/execute/delete_child/read_attributes/read_acl

/synchronize:allow

12:user:slw:write_attributes/write_acl:deny

13:owner@::deny

14:owner@:delete_child/read_attributes/write_attributes/read_acl

/write_acl/synchronize:allow

15:everyone@:read_attributes/read_acl/synchronize:allow

16:owner@::deny

17:owner@:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/write_xattr/execute/write_attributes/write_acl

/write_owner:allow

18:group@::deny

19:group@:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/execute:allow

20:everyone@:write_xattr/write_attributes/write_acl/write_owner:deny

21:everyone@:list_directory/read_data/add_file/write_data

/add_subdirectory/append_data/read_xattr/execute/read_attributes

/read_acl/synchronize:allow

drwxrwxr-x+ 2 myuser slw 3 Jan 26 11:00 processing

<..........>

As with standard ACL, the '+' sign implies that ACL permissions are set on the directories
==============================================================================
zone1:/root# cd /opt/slw/bea/app/ines/bulk

zone1:/opt/slw/bea/app/ines/bulk# ls -l

total 161

drwxrwxrwx+ 2 myuser slw 108 Oct 21 17:07 error

drwxrwxrwx+ 2 myuser slw 8 Jan 25 13:39 input

drwxrwxr-x+ 2 myuser slw 3 Jan 26 11:00 processing

drwxrwxrwx+ 2 myuser slw 2 Jul 20 2010 retry

drwxrwxrwx+ 2 myuser slw 145 Oct 21 17:02 success

Adding an ACL entry onto a directory

============================================================

zone1:/opt/slw/bea/app/ines/bulk# mkdir TEST

zone1:/opt/slw/bea/app/ines/bulk#

zone1:/opt/slw/bea/app/ines/bulk# chown myuser:slw TEST

zone1:/opt/slw/bea/app/ines/bulk#

zone1:/opt/slw/bea/app/ines/bulk# ls -l

total 164

drwxr-xr-x 2 myuser slw 2 Jan 26 11:32 TEST

zone1:/opt/slw/bea/app/ines/bulk# chmod

A02=owner@:list_directory/read_data/add_file/write_data/add_subdirectory/append_data/write_xattr/execute/write_attributes/write_acl/write_owner:allow TEST

zone1:/opt/slw/bea/app/ines/bulk# ls -dv TEST

drwxr-xr-x+ 2 myuser slw 2 Jan 26 11:32 TEST

0:owner@::deny

1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/write_xattr/execute/write_attributes/write_acl

/write_owner:allow

2:owner@:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/write_xattr/execute/write_attributes/write_acl

/write_owner:allow

3:group@:list_directory/read_data/execute:allow

4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr

/write_attributes/write_acl/write_owner:deny

5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes

/read_acl/synchronize:allow

zone1:/opt/slw/bea/app/ines/bulk# chmod

A6=user:slw9:list_directory/read_data/add_file/write_data/add_subdirectory/append_data/execute/delete_child/read_attributes/read_acl/synchronize:allow TEST

zone1:/opt/slw/bea/app/ines/bulk# chmod A7=user:slw9:write_attributes/write_acl:deny TEST

zone1:/opt/slw/bea/app/ines/bulk# chmod A8=user:slw:write_attributes/write_acl:deny TEST

zone1:/opt/slw/bea/app/ines/bulk# chmod A9=user:slw::deny TEST

zone1:/opt/slw/bea/app/ines/bulk#

zone1:/opt/slw/bea/app/ines/bulk# ls -dv TEST

dr-xr-xr-x+ 2 myuser slw 2 Jan 26 11:32 TEST

0:everyone@:delete_child/write_attributes/write_acl:deny

1:group@:delete_child/write_attributes/write_acl:deny

2:group@:read_attributes/read_acl/synchronize:allow

3:group@:write_attributes/write_acl:deny

4:user:slw9:write_attributes/write_acl:deny

5:user:slw9::deny

6:user:slw9:list_directory/read_data/add_file/write_data

/add_subdirectory/append_data/execute/delete_child/read_attributes

/read_acl/synchronize:allow

7:user:slw9:write_attributes/write_acl:deny

8:user:slw:write_attributes/write_acl:deny

9:user:slw::deny

10:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr

/write_attributes/write_acl/write_owner:deny

11:everyone@:list_directory/read_data/read_xattr/execute/read_attributes

/read_acl/synchronize:allow

Removing the ACL entry set on a directory

=====================================================

zone1:/opt/slw/bea/app/ines/bulk# chmod A9- TEST

zone1:/opt/slw/bea/app/ines/bulk# chmod A8- TEST

zone1:/opt/slw/bea/app/ines/bulk# chmod A7- TEST

zone1:/opt/slw/bea/app/ines/bulk# chmod A6- TEST

zone1:/opt/slw/bea/app/ines/bulk#

zone1:/opt/slw/bea/app/ines/bulk# ls -dv TEST

drwxrwxr-x 2 myuser slw 2 Jan 26 11:32 TEST

0:owner@::deny

1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/write_xattr/execute/write_attributes/write_acl

/write_owner:allow

2:group@::deny

3:group@:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/execute:allow

4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr

/write_attributes/write_acl/write_owner:deny

5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes

/read_acl/synchronize:allow

=====================================================

Removing the ACL's one by one

=====================================================

zone2:/opt/slw/bea/app/ines/bulk# ls -dv retry

drwxrwxrwx+ 2 myuser slw 2 Jul 8 2010 retry

0:group:slw:list_directory/read_data/add_file/write_data

/add_subdirectory/append_data:allow

1:everyone@:delete_child/write_attributes/write_acl:deny

2:everyone@:read_attributes/read_acl/synchronize:allow

3:group@:delete_child/write_attributes/write_acl:deny

4:group@:read_attributes/read_acl/synchronize:allow

5:group@:write_attributes/write_acl:deny

6:user:slw9:write_attributes/write_acl:deny

7:user:slw9::deny

8:user:slw9:list_directory/read_data/add_file/write_data

/add_subdirectory/append_data/execute/delete_child/read_attributes

/read_acl/synchronize:allow

9:user:slw9:write_attributes/write_acl:deny

10:user:slw:write_attributes/write_acl:deny

11:user:slw::deny

12:user:slw:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/execute/delete_child/read_attributes/read_acl

/synchronize:allow

13:user:slw:write_attributes/write_acl:deny

14:owner@::deny

15:owner@:delete_child/read_attributes/write_attributes/read_acl

/write_acl/synchronize:allow

16:owner@::deny

17:owner@:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/write_xattr/execute/write_attributes/write_acl

/write_owner:allow

18:group@::deny

19:group@:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/execute:allow

20:everyone@:write_xattr/write_attributes/write_acl/write_owner:deny

21:everyone@:list_directory/read_data/add_file/write_data

/add_subdirectory/append_data/read_xattr/execute/read_attributes

/read_acl/synchronize:allow

zone2:/opt/slw/bea/app/ines/bulk#

zone2:/opt/slw/bea/app/ines/bulk# chmod A0- retry

zone2:/opt/slw/bea/app/ines/bulk# ls -dv retry

drwxrwxrwx 2 myuser slw 2 Jul 8 2010 retry

0:owner@::deny

1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/write_xattr/execute/write_attributes/write_acl

/write_owner:allow

2:group@::deny

3:group@:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/execute:allow

4:everyone@:write_xattr/write_attributes/write_acl/write_owner:deny

5:everyone@:list_directory/read_data/add_file/write_data

/add_subdirectory/append_data/read_xattr/execute/read_attributes

/read_acl/synchronize:allow

zone2:/opt/slw/bea/app/ines/bulk# chmod 775 retry

zone2:/opt/slw/bea/app/ines/bulk# ls -dv retry

drwxrwxr-x 2 myuser slw 2 Jul 8 2010 retry

0:owner@::deny

1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/write_xattr/execute/write_attributes/write_acl

/write_owner:allow

2:group@::deny

3:group@:list_directory/read_data/add_file/write_data/add_subdirectory

/append_data/execute:allow

4:everyone@:add_file/write_data/add_subdirectory/append_data/write_xattr

/write_attributes/write_acl/write_owner:deny

5:everyone@:list_directory/read_data/read_xattr/execute/read_attributes

/read_acl/synchronize:allow

zone2:/opt/slw/bea/app/ines/bulk# ls -l

total 251

drwxrwxr-x 2 myuser slw 152 Jan 21 09:30 error

drwxrwxrwx+ 2 myuser slw 152 Jan 21 09:30 error.old

drwxrwxr-x 2 myuser slw 2 Jan 21 09:30 input

drwxrwxr-x+ 2 myuser slw 2 Jan 21 09:30 input.old

drwxrwxrwx+ 2 myuser slw 2 Jan 21 09:30 processing

drwxrwxr-x 2 myuser slw 2 Jul 8 2010 retry

drwxrwxrwx+ 2 myuser slw 200 Jan 20 16:08 success

Sunday, December 12, 2010

Luxadm

luxadm utility is used to manage the Sun Enterprise Network Array (SENA) specifically the Sun StorEdge A5x00 disk array, the SPARCstorage Array (SSA), and the Sun Fire 880 internal disk arrays. The command line must contain a subcommand and options if applicable.
luxadm is used for internal SUN fibre disks as well as external disk arrays.

It has many sub-commands to do various operations on the disk or enclosure.

display, probe, start, stop, power_on, power_off, offline, online, forceclip, etc...

To display the connectivity status of the HBA ports
# luxadm -e port
Found path to 3 HBA ports
/devices/pci@8,700000/SUNW,qlc@2/fp@0,0:devctl        CONNECTED
/devices/pci@8,700000/SUNW,qlc@2,1/fp@0,0:devctl     CONNECTED
/devices/pci@8,600000/SUNW,qlc@4/fp@0,0:devctl    CONNECTED

To reinitiate the connection
# luxadm -e forcelip /devices/pci@8,700000/SUNW,qlc@2/fp@0,0:devctl

zonecfg - Adding new lofs filesystem

zonecfg is used to configure the zone configuration. It is used to add the resources in the zone1.xml file which is under /etc/zones/ directory.

(server1:/)# zonecfg -z zone1

zonecfg:zone1> add fs

zonecfg:zone1:fs> set dir=/application/ARC

zonecfg:zone1:fs> set special=/zones/zone1/applicationARC

zonecfg:zone1:fs> set type=lofs

zonecfg:zone1:fs> add options [rw,nodevices]

zonecfg:zone1:fs> end

zonecfg:zone1> commit

zonecfg:zone1> exit

(server1:/)#

Sub command 'add' is used to add a particular resource to the zone configuration.

'end' to end the resource specification.

'commit' confirms the changes and writes the content permanently to disk.

Saturday, November 13, 2010

Live Upgrade - Basic

Its a method of upgrading a Solaris box while the system is operational. It s done by creating a parallel environment that resembles the current boot environment and making the upgrade on the newly created environment. All this is done while still the old environment is completely functional.

Once the upgrade is done on the newly created environment, the system can be started on the newly created environment with just a reboot thus reducing downtime for an upgrade within the time of a reboot.

It is also possible to do a flash intallation on the alternate environment which is similar to new installation even while the system is active.

One more advantage of this is if there is an issue with the booting of new environment, we can easily fall back to the old environment where the machine was functioning well before.

Live Upgrade process:
1. Create a boot environment
2. Upgrade an inactive boot environment
3. Activate the inactive boot environment with a reboot
4. Reboot the machine to boot from the newly created and activated BE
5. (Optional) Fallback to the original boot environment if issues with new BE.

Command involved in performing Live Upgrade:-

luactivate - Activate an inactive boot environment.
lucancel - Cancel a scheduled copy or create job.
lucompare - Compare an active boot environment with an inactive boot environment.
lumake - Recopy file systems to update an inactive boot environment.
lucreate - Create a boot environment.
lucurr - Name the active boot environment.
ludelete - Delete a boot environment.
ludesc - Add a description to a boot environment name.
lufslist - List critical file systems for each boot environment.
lumount - Enable a mount of all of the file systems in a boot environment. This command enables you to modify the files in a boot environment while that boot environment is inactive.
lurename - Rename a boot environment.
lustatus - List status of all boot environments.
luumount - Enable an unmount of all the file systems in a boot environment. This command enables you to modify the files in a boot environment while that boot environment is inactive.
luupgrade - Upgrade an OS or install a flash archive on an inactive boot environment.

Before using Live Upgrade 3 packages are required. SUNWlucfg, SUNWlur, SUNWluu - These should be installed in the order specified.

# lustatus
ERROR: No boot environments are configured on this system
ERROR: cannot determine list of all boot environment names

If the following error is displayed when you run the lustatus command, it is an indication that a new installation was performed and that Solaris Live Upgrade was not used. Before any BEs can be acknowledged in the lustatus output, a new BE must be first created on the system.

# lustatus
Boot Environment           Is       Active Active    Can    Copy
Name                       Complete Now    On Reboot Delete Status
-------------------------- -------- ------ --------- ------ ----------
sol10-u6                   yes      no     no        yes    -
sol10-u8                   yes      yes    yes       no     -

This shows there are 2 BE's configured one is active.

Normally when a Live upgrade is performed, the OS critical filesystems(/,/var,/opt,/usr) are copied on to the new BE. While creating new environments, the filesytems can be either split or can be merged.

For example if in the current Environment filesystems /var,/opt are not seperate filesystems, while creating new environment, we could split these filesystems seperately or vise-versa.

Setting up New Environment:

For setting up an alternate BE, we need sufficient space. The alt-BE should have space to hold the copy of the existsing BE and the updates. Reformatting of disk might be necessary.

Prepare the disk by creating the slices necessary or creating mirrors or creating zpools necessary.
Create the BE

# lucreate -c sol10-u6 -n sol10-u8 -p rpool

# lucreate -c first_disk -m /:/dev/dsk/c0t4d0s0:ufs -n second_disk

It is also possible to detach an exsistsing mirror and using the unconfigured mirror as the alt-BE

Applying the upgrades:

Once the new BE is created, upgrades are applied onto that.

# luupgrade -n c0t15d0s0 -u -s /net/ins-svr/export/Solaris_10 \
combined.solaris_wos

All upgrades/patches are done to this alternate BE.

Activating the alt-BE:

Once the upgrades are done, we can prepare this BE to become the BE on next reboot. To achieve that, we need to activate this alt-BE.

Before luactivate:

# lustatus
Boot Environment           Is       Active Active    Can    Copy
Name                       Complete Now    On Reboot Delete Status
-------------------------- -------- ------ --------- ------ ----------
s10s_u9wos_14a             yes      yes    yes       no     -
testBE                     yes      no     no        yes    -

# luactivate testBE
A Live Upgrade Sync operation will be performed on startup of boot environment .


**********************************************************************

The target boot environment has been activated. It will be used when you
reboot. NOTE: You MUST NOT USE the reboot, halt, or uadmin commands. You
MUST USE either the init or the shutdown command when you reboot. If you
do not use either init or shutdown, the system will not boot using the
target BE.

**********************************************************************

In case of a failure while booting to the target BE, the following process
needs to be followed to fallback to the currently working boot environment:

1. Enter the PROM monitor (ok prompt).

2. Boot the machine to Single User mode using a different boot device
(like the Solaris Install CD or Network). Examples:

     At the PROM monitor (ok prompt):
     For boot to Solaris CD:  boot cdrom -s
     For boot to network:     boot net -s

3. Mount the Current boot environment root slice to some directory (like
/mnt). You can use the following commands in sequence to mount the BE:

     zpool import rpool
     zfs inherit -r mountpoint rpool/ROOT/s10s_u9wos_14a
     zfs set mountpoint= rpool/ROOT/s10s_u9wos_14a
     zfs mount rpool/ROOT/s10s_u9wos_14a

4. Run  utility with out any arguments from the Parent boot
environment root slice, as shown below:

     /sbin/luactivate

5. luactivate, activates the previous working boot environment and
indicates the result.

6. Exit Single User mode and reboot the machine.

**********************************************************************

Modifying boot archive service
Activation of boot environment  successful.
#

After activation observe the difference

# lustatus
Boot Environment           Is       Active Active    Can    Copy
Name                       Complete Now    On Reboot Delete Status
-------------------------- -------- ------ --------- ------ ----------
s10s_u9wos_14a             yes      yes    no        no     -
testBE                     yes      no     yes       no     -

Now perform the reboot for switching the BE's. Thus an ugraded system is achieved with the downtime of just a reboot.

This is the core of how Live upgrade happens. But a lot of other important details are to be taken care depending on the type of filesystems used(like SVM, VXfs, ZFS...) etc. This is just an introduction.

Saturday, November 6, 2010

To turn off password aging

To turn off password aging

(Server:/)# for i in server1 server2 server3 server4 server5

> do

> ssh $i "passwd -x -1 schweitzer"

> done

passwd: password information changed for schweitzer

passwd: password information changed for schweitzer

passwd: password information changed for schweitzer

passwd: password information changed for schweitzer

passwd: password information changed for schweitzer

Extracted from man page of passwd:

     -x max              Sets maximum field  for  name.  The  max

                         field  contains  the number of days that

                         the password  is  valid  for  name.  The

                         aging for name is turned off immediately

                         if max is set to -1.