February 11, 2009

Wrangling Solaris Zone Consoles

After running with several zones in production for a while, I wanted a better way to log things like console messages, since some things will still occasionally spit them out. For a little bit I tried using screen with a bunch of open windows running zlogin to each zone. But settled on using conserver since it's very well suited for handling access to multiple consoles.

You can download both my sample config file and SMF manifest here.

At first I looked into the method that zlogin itself uses when connecting to the zone console, which talks over a unix domain socket to zoneadmd after a short handshake. But that has a couple issues, one of which is that it's not a supported interface, and could change at some point in the future. Also if the zoneadmd is not yet running, zlogin handles starting it, which establishes the console socket:

default zlogin {
    type exec;
    host localhost;
    exec /usr/sbin/zlogin -CE &;
    execsubst &=cs;
console web { include zlogin-bigbox; }

Instead I stuck with using zlogin itself, using -E to disable being able to escape out of the zlogin command. Now conserver launches zlogin and keeps control of the zone's console as long as it is running. It does have a few extra processes around, since there's a shell forked for each zone, which then runs zlogin.

The SMF manifest supports authorizations, so a non-root user can manage the service. I've been creating my own authorizations seperate from the solaris.* namespace. The trick is adding "toplevel.*,toplevel.grant" to root's auths in /etc/user_attr:

# tail -4 /etc/security/auth_attr
seppuku.:::All Seppuku Authorizations::
seppuku.grant:::Grant All Seppuku Authorizations::
seppuku.smf.manage.conserver:::Manage Console Server Service::
seppuku.smf.modify.conserver:::Modify Console Server Properties::
# usermod -A seppuku.smf.manage.conserver ivan

One possible addition would be to run the service as a seperate user with a new RBAC profile that allows that user to run zlogin only. The default Solaris "Zone Management" profile also allows the use of zonecfg and zoneadm.

November 17, 2008

"Fixing" Cable Modem Lockups

For quite a while now, we'd been having issues with the modem for our Time Warner Business Class service locking up, and needing to be power cycled to get back online. I've tried to track down what causes it, but haven't been able to reproduce the exact same conditions. It's not related to the overall traffic load, since the modem seemed as likely to freeze in the middle of the night on a weekend as it would during normal business hours on a weekday.

By polling the SNMP counters from our switch once a minute, I can see an increase in broadcast packets around the same time the modem would freeze, but that's about as deep as I've gotten.
After going through another round of multiple calls to the help line, and eventually getting a tech sent out again to replace the modem ( the 4th in 2 years ), I figured there had to be a better way than having to run across town to pull the plug.

I did some searching and reading up, then went to ebay and picked up a couple X10 control modules. For the actual switches, I got 2 AM 466 Appliance Modules, with the second unit on hand if I wanted to control the power on something else. Then to talk to them from the servers, an X10 CM11A computer interface module. The CM11A plugs into a serial port, and is driven by a Heyu.

While Heyu provides lots of nice automation features if I wanted to control lights and such, all I really needed was just a way to command the modules on and off. I used the script from this X10 DSL page as the base for my own, which attempts to do a simple DNS lookup from the local RoadRunner DNS servers. If it fails to get a response from both DNS servers, it will cycle the power on the modem.

So far things have been up and running for almost a month, and the script has reset the cable modem about half a dozen times, and saved me a lot of annoyance and pain. I need to clean the script up and make it a smarter, along with write up a manifest file to get it running under SMF in Solaris. When that's done I'll put it up, I'm sure it'll be useful to others.

September 24, 2007

Why they don't let me do web design

I was talking to someone about doing some website work lately. While my part of the work is mainly focused on the back end ( php, some xml/xsl, and a bit of ajax ), I was trying to explain how it would be tied together on the front end to make a nice, fast loading, single page product ordering wizard. And it's kind of hard explaining how the interface will look, what parts of the html will dynamically change, and how that all ties to the structure of the HTML; and other output from the php I'll be writing. So, I got out a simple online drawing tool, and sketched this out:

Broken down, it's one large containing DIV. An upper DIV which holds a series of tabs relating to the product options. Below that, a main content area, divided into 2 sections. An options selection area on the left, and a product preview on the right.

As Kevin likes to say, "It makes sense in my head."


May 26, 2007

iPhone visits incompetech

I saw the iPhone used to browse MacRumors.com story yesterday, and figured I'd check the logs for incompetech.com, since it gets plenty of traffic.

There were several hits, and after cutting out the css and images, here's what's left:

May 2 9:19 (Apple IP #1) "Mozilla/5.0 (iPhone; U; PPC like Mac OS X; en)
AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A001a Safari/419.3"

May 18 16:26 (Apple IP #1) "Mozilla/5.0 (iPhone; U; PPC like Mac OS X; en)
AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A001a Safari/419.3"

May 18 16:35 (Apple IP #2) "Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en)
AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A530a Safari/419.3"

May 19 03:36 (Comcast IP) "Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en)
AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A530a Safari/419.3"

May 21 05:25 (Comcast IP) "Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en)
AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A533a Safari/419.3"

Interesting things that I noticed:

The very 1st request on May 2nd fetched only 1 page, no images or css.

All the 1st hits gave no referer information, but after fetching the html page, the following requests for css and images listed the right referring page. Not sure how they picked incompetech, but I guess it's good to know it's on somebody's list.

Looks like the Mobile/* string could be a build identifier, which has been advancing along as bugs are fixed and sites are retested. It could possibly be a hardware identifier, for keeping track of the prototype units.

Finally, what's the story with the "PPC like"/"CPU like" change? The iPhone was first noticed by Russell Beattie at mowser.com on May 9th, with "PPC like" in the User-agent string. But other sites posting later in May show the switch to "CPU like". I don't know if that means the iPhone is running some sort of low power/embeded PowerPC chip, and Apple's trying to obscure things a bit. Or if it was some unchanged strings left over from porting WebKit/Safari onto whatever hardware the iPhone runs?

In about a month it'll finally be available, so there may be more details coming soon. Especially how open it will be for third party application development, which would be a real sticking point for me. One thing that made my Palm Vx great was all the handy little apps and utilities which I used as often as any of the bundled PalmOS apps.

April 25, 2007

International Graph Paper Day

In an event not much heralded around the world, Kevin declared April 22nd to be "International Graph Paper Day". The reason for this declaration was the unveiling of the newly revitalized graph paper section for Incompetech.com.

I've been working on the project for quite a while, so here's my behind the scenes view of things.

Continue reading "International Graph Paper Day" »

April 23, 2007

First Post, Finally

I've been thinking off and on about putting up a blog. Ok, actually for probably closer to a year.

Finally, after much delay, I just dove into it tonight and got things running. I don't have some sort of grand plan on what will appear here, but I'll use it to keep up with various things I've been working on, especially regarding OpenSolaris, Unix, system administration and programming in general.