blog'o thnet

To content | To menu | To search

Tag - network

Entries feed - Comments feed

Tuesday 6 April 2010

Performance Problem Using The HP DP Agent

By Julien Gabel on Tuesday 6 April 2010, 09:51 - Solaris

I recently faced an interesting problem when the backup agent for HP DataProtector regularly encounter network performance problem. The problem arise on a global zone which hosts many non-global zones, each running its own instance of the HP DP agent. The network configuration is rather unusual: there are two network ports, one which connects to an administration VLAN, the other which carries the data and external customer network streams (using VLAN-tagging). Since the global zone is only use as an hypervisor of system's resources for the non-global zones, it just plumbs the data network port, but has no IP address assigned to it.

The fact is, the configuration sets the nodename as the hostname. But the usable interface of the global zone which is in the administration network use another name than the hostname: beastie-adm in the following case, assuming the hostname was set to beastie.

So, now that I briefly describe the configuration of the server, lets see what happen at the network level from the global zone point of view when firing a remote telnet on the DataProtector agent TCP port (5555):

# snoop -d aggr2 -t d port 5555
Using device /dev/aggr2 (promiscuous mode)
  0.00000 172.1.2.3 -> beastie-adm.domain.tld TCP D=5555 S=37228 Syn Seq=1117789660 Len=0 Win=65535 Options=
  0.00005 beastie-adm.domain.tld -> 172.1.2.3 TCP D=37228 S=5555 Syn Ack=1117789661 Seq=808681264 Len=0 Win=49480 Options=
  0.00500 172.1.2.3 -> beastie-adm.domain.tld TCP D=5555 S=37228 Ack=808681265 Seq=1117789661 Len=0 Win=65535
 39.36365 beastie-adm.domain.tld ->172.1.2.3 TCP D=37228 S=5555 Push Ack=1117789661 Seq=808681265 Len=87 Win=49480
  0.00014 beastie-adm.domain.tld -> 172.1.2.3 TCP D=37228 S=5555 Fin Ack=1117789661 Seq=808681352 Len=0 Win=49480
  0.00587 172.1.2.3 -> beastie-adm.domain.tld TCP D=5555 S=37228 Ack=808681353 Seq=1117789661 Len=0 Win=65448
  0.00092 172.1.2.3 -> beastie-adm.domain.tld TCP D=5555 S=37228 Fin Ack=808681353 Seq=1117789661 Len=0 Win=65448
  0.00002 beastie-adm.domain.tld -> 172.1.2.3 TCP D=37228 S=5555 Ack=1117789662 Seq=808681353 Len=0 Win=49480

Ouch. Something is clearly wrong here: as can be seen in this trace, 40 seconds have been lost before establishing the connection. Snooping more largely on the interface show these requests:

[...]
beastie-adm.domain.tld -> nameserver.domain.tld DNS C beastie.domain.tld. Internet Addr ?
nameserver.domain.tld -> beastie-adm.domain.tld DNS R  Error: 3(Name Error)
beastie-adm.domain.tld -> nameserver.domain.tld DNS C beastie. Internet Addr ?
nameserver.domain.tld -> beastie-adm.domain.tld DNS R  Error: 2(Server Fail)
beastie-adm.domain.tld -> nameserver.domain.tld DNS C beastie. Internet Addr ?
nameserver.domain.tld -> beastie-adm.domain.tld DNS R  Error: 2(Server Fail)
beastie-adm.domain.tld -> nameserver.domain.tld DNS C beastie.domain.tld. Internet Addr ?
nameserver.domain.tld -> beastie-adm.domain.tld DNS R  Error: 3(Name Error)
beastie-adm.domain.tld -> nameserver.domain.tld DNS C beastie. Internet Addr ?
nameserver.domain.tld -> beastie-adm.domain.tld DNS R  Error: 2(Server Fail)
[...]

Ok. Lets see what is the process corresponding to the HP DP agent doing during the connection tentative:

[...]
9431/1:         sysinfo(SI_HOSTNAME, "beastie", 64)         = 12
9431/1:         getuid()                                        = 0 [0]
9431/1:         getuid()                                        = 0 [0]
9431/1:         door_info(3, 0x08047900)                        = 0
9431/1:         door_call(3, 0x08047958)                        = 0
9431/1:         getuid()                                        = 0 [0]
9431/1:         getuid()                                        = 0 [0]
9431/1:         door_info(3, 0x08047900)                        = 0
9431/1:         door_call(3, 0x08047958)                        = 0
9431/1:         getuid()                                        = 0 [0]
9431/1:         getuid()                                        = 0 [0]
9431/1:         door_info(3, 0x08047900)                        = 0
9431/1:         door_call(3, 0x08047958)                        = 0
9431/1:         getuid()                                        = 0 [0]
9431/1:         getuid()                                        = 0 [0]
9431/1:         door_info(3, 0x08047900)                        = 0
9431/1:         door_call(3, 0x08047958)                        = 0
9431/1:         getuid()                                        = 0 [0]
9431/1:         getuid()                                        = 0 [0]
9431/1:         door_info(3, 0x08047900)                        = 0
9431/1:         door_call(3, 0x08047958)                        = 0
9431/1:         getuid()                                        = 0 [0]
9431/1:         getuid()                                        = 0 [0]
9431/1:         door_info(3, 0x08047900)                        = 0
9431/1:         door_call(3, 0x08047958)                        = 0
9431/1:         getpid()                                        = 9431 [473]
9431/1:         lstat64("/var/opt/omni/log/debug.log", 0x080476F8) = 0
9431/1:         open64("/var/opt/omni/log/debug.log", O_RDWR|O_APPEND|O_CREAT, 0666) = 4
9431/1:         time()                                          = 1269079436
9431/1:         fstat64(4, 0x08046F30)                          = 0
9431/1:         fstat64(4, 0x08046E70)                          = 0
9431/1:         ioctl(4, TCGETA, 0x08046F04)                    Err#25 ENOTTY
9431/1:         sigaction(SIGSEGV, 0x08047AF0, 0x08047B70)      = 0
9431/1:         sigaction(SIGSEGV, 0x08047AF0, 0x08047B70)      = 0
9431/1:         write(4, 0x08130DC4, 162)                       = 162
9431/1:           \n 0 3 / 2 0 / 1 0   1 1 : 0 3 : 5 6     I N E T . 9 4 3 1 . 0
9431/1:            [ " l i b / c m n / c o m m o n . c   / m a i n / h s l _ d p 6
9431/1:            1 / h s l _ h p i t 2 _ 2 / 9 " : 1 2 7 4 ]   A . 0 6 . 1 1   b
9431/1:            2 4 3\n g e t h o s t b y n a m e ( )   f a i l e d ,   h _ e r
9431/1:            r n o = 2   [ h o s t = h o s t n a m e ,   r e t r y = 5
9431/1:            ]\n
9431/1:         llseek(4, 0, SEEK_CUR)                          = 939002
9431/1:         close(4)
[...]

By now it is clear that most of time spent by the agent was used trying to resolve the hostname to an IP address (as logged to the /var/opt/omni/log/debug.log debug log file). Since there is no IP address declared for beastie as there is no network directly attached to the global zone, there is no mapping defined for the hostname. Bingo.

So, in this case we decided to set the hostname locally (in the /etc/hosts file) as an alias for the loopback entry. This way, the information is resolved, and the agent will not timed-out performing the gethostbyname(3NSL) syscall anyomore:

# getent hosts `beastie`
127.0.0.1       localhost loghost beastie
# snoop -d aggr2 -t d port 5555
Using device /dev/aggr2 (promiscuous mode)
  0.00000 172.1.2.3 -> beastie-adm.occ.lan TCP D=5555 S=37237 Syn Seq=978964828 Len=0 Win=65535 Options=
  0.00004 beastie-adm.occ.lan -> 172.1.2.3 TCP D=37237 S=5555 Syn Ack=978964829 Seq=1184861168 Len=0 Win=49480 Options=
  0.00128 172.1.2.3 -> beastie-adm.occ.lan TCP D=5555 S=37237 Ack=1184861169 Seq=978964829 Len=0 Win=65535
 10.00279 beastie-adm.occ.lan ->172.1.2.3 TCP D=37237 S=5555 Push Ack=978964829 Seq=1184861169 Len=87 Win=49480
  0.00012 beastie-adm.occ.lan -> 172.1.2.3 TCP D=37237 S=5555 Fin Ack=978964829 Seq=1184861256 Len=0 Win=49480
  0.00137 172.1.2.3 -> beastie-adm.occ.lan TCP D=5555 S=37237 Ack=1184861257 Seq=978964829 Len=0 Win=65448
  0.00220 172.1.2.3 -> beastie-adm.occ.lan TCP D=5555 S=37237 Fin Ack=1184861257 Seq=978964829 Len=0 Win=65448
  0.00002 beastie-adm.occ.lan -> 172.1.2.3 TCP D=37237 S=5555 Ack=978964830 Seq=1184861257 Len=0 Win=49480

So, the main question which remain is "Why need the HP DP agent to resolve specifically on the hostname, even if this name is not use apart the backup transaction?" I did not have any answer for this at this time...

no comment

Thursday 25 March 2010

Prevent A Non-Global Zone Reaching Others

By Julien Gabel on Thursday 25 March 2010, 12:18 - Solaris

When using non-global zones, the network stream didn't leave the global zone. Although very interesting when looking for performance for multi-tiers applications hosted on non-global zones from the same system, it can be a problem when it comes to segregate different networks used by the different non-global zones.

To my knowledge, IP Filter can be use from the global zone to help in this case. But a more cleaner approach would be to block (reject) the route between those non-global zones. For example, if one non-global zone has an IP address of addrX, and the second non-global zone has an address of addrY, then the following commands will prevent network traffic from passing between the two zones.

# route add addrX addrY -interface -reject
# route add addrY addrX -interface -reject

The problem is, when there is a lot of non-global zones you need to segregate, you need to add 2^n routes, which represents 32 routes for 5 non-global zones... Not very scalable, and not manageable. If someone know a better solution, please feel free to comment this post.

no comment

Wednesday 25 February 2009

Problem Querying ru. Name Servers

By Julien Gabel on Wednesday 25 February 2009, 19:21 - General

In a previous position, I encounter a rather strange problem I would like to share here. It has to do with DNS resolution. From the internal network of a company it was not possible to get the IP address of the www.banks2ifrs.ru. host name.

We determined that the name servers which manage the banks2ifrs.ru. domain are ns3.nic.ru. and ns4.nic.ru.. In the same time, we saw that for the fbk.ru. domain name, the managing name servers are ns3.nic.ru. and gw.fbk.ru.. Interestingly, it was possible to resolve www.fbk.ru. using gw.fbk.ru., but not from ns3.nic.ru.. More, we noted that the reverse resolution for the name servers ns3.nic.ru. and ns4.nic.ru. are not correct, translated to ns3.ripn.net. and ns4.ripn.net., respectively. So, it is worth to mention that nothing was wrong when querying the name server gw.fbk.ru..

# host -t a ns3.nic.ru.
ns3.nic.ru has address 194.85.61.20
# host -t a ns4.nic.ru.
ns4.nic.ru has address 194.226.96.8
# host -t ptr 194.85.61.20
20.61.85.194.in-addr.arpa domain name pointer ns3.ripn.net.
# host -t ptr 194.226.96.8
8.96.226.194.in-addr.arpa domain name pointer ns4.ripn.net.

The error from the DNS query seems to be related to an incomplete answer from the server (the truncated flag was set to 1 in the network trace) when the query is made over UDP. In this case, an automatic fallback over TCP must be used, certainly prohibited from the company's network security policy. This may say that the answer is larger than 512 bytes long, too. So, we tried to advertise different sizes of the UDP message buffer, but without being confident that this message went through network devices properly. Nonetheless it would seem curious to get an answer larger that 120 bytes long.

Last, we can note that the complexity of the network layout (DMZ, firewalls, NAT, etc.) may badly interact and hamper DNS queries, at least in certain circumstances.

After more investigation from the network team, they decided to permit TCP DNS queries. And it worked. It worked letting the internal DNS servers doing their job themselves...

# dig +trace -t a www.banks2ifrs.ru.
; <<>> DiG 9.3.4-P1 <<>> +trace www.banks2ifrs.ru.
;; global options:  printcmd
.                       449798  IN   NS   L.ROOT-SERVERS.NET.
.                       449798  IN   NS   M.ROOT-SERVERS.NET.
.                       449798  IN   NS   A.ROOT-SERVERS.NET.
.                       449798  IN   NS   B.ROOT-SERVERS.NET.
.                       449798  IN   NS   C.ROOT-SERVERS.NET.
.                       449798  IN   NS   D.ROOT-SERVERS.NET.
.                       449798  IN   NS   E.ROOT-SERVERS.NET.
.                       449798  IN   NS   F.ROOT-SERVERS.NET.
.                       449798  IN   NS   G.ROOT-SERVERS.NET.
.                       449798  IN   NS   H.ROOT-SERVERS.NET.
.                       449798  IN   NS   I.ROOT-SERVERS.NET.
.                       449798  IN   NS   J.ROOT-SERVERS.NET.
.                       449798  IN   NS   K.ROOT-SERVERS.NET.
;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

ru.                   172800  IN   NS   ns.ripn.net.
ru.                   172800  IN   NS   ns2.nic.fr.
ru.                   172800  IN   NS   ns2.ripn.net.
ru.                   172800  IN   NS   ns5.msk-ix.net.
ru.                   172800  IN   NS   ns9.ripn.net.
ru.                   172800  IN   NS   sunic.sunet.se.
;; Received 297 bytes from 199.7.83.42#53(L.ROOT-SERVERS.NET) in 125 ms

banks2ifrs.ru.   345600  IN   NS   ns4.nic.ru.
banks2ifrs.ru.   345600  IN   NS   ns3.nic.ru.
;; Received 107 bytes from 194.85.105.17#53(ns.ripn.net) in 66 ms

www.banks2ifrs.ru.   86400   IN   A     83.222.6.194
banks2ifrs.ru.            86400   IN   NS   ns4.nic.ru.
banks2ifrs.ru.            86400   IN   NS   ns3.nic.ru.
;; Received 91 bytes from 194.226.96.8#53(ns4.nic.ru) in 65 ms

... and it worked when querying directly the name servers responsible for the wanted domain:

# dig @ns4.nic.ru. -t a www.banks2ifrs.ru.
; <<>> DiG 9.3.4-P1 <<>> @ns4.nic.ru. -t a www.banks2ifrs.ru.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1530
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;www.banks2ifrs.ru.             IN   A

;; ANSWER SECTION:
www.banks2ifrs.ru.      86400   IN   A   83.222.6.194

;; AUTHORITY SECTION:
banks2ifrs.ru.          86400   IN   NS   ns4.nic.ru.
banks2ifrs.ru.          86400   IN   NS   ns3.nic.ru.

;; Query time: 65 msec
;; SERVER: 194.226.96.8#53(194.226.96.8)
;; WHEN: Tue Apr 15 21:05:12 2008
;; MSG SIZE  rcvd: 91

Note: The size of the answer is 91 bytes long, so nothing wrong from this side.

I think we will never know what was going wrong here, even if the heart of the problem seems related specifically only to the two same name servers.

one comment

Monday 5 January 2009

Quick Reference Guides For Network Technologies

By Julien Gabel on Monday 5 January 2009, 08:06 - General

I am always looking for some good IT cheat sheets, and for a lots of thing. Here is one of my favorite web site around network technologies. Interestingly, this site propose some regularly updated quick reference guides for the network, and are classified under the following categories (at the time of this writing):

  • Protocols
  • Applications
  • Reference
  • Syntax
  • Technologies
  • Miscellaneous

You can find them all at the Cheat Sheets Library section.

As the author wrote on his blog, if you notice an error or would like to see a new cheat sheet on a specific topic, don't hesitate and drop him a line.

no comment

Tuesday 13 March 2007

Adding a Specific Logical Interface with the Solaris 10

By Julien Gabel on Tuesday 13 March 2007, 19:21 - Solaris

Under Solaris 10, there is no /etc/init.d/inetsvc network script anymore. You must use the new SMF to manage your network services, even special initialization ones. In order to plumb and up a new logical interface, you can now use the service instance named svc:/network/physical:default.

Here is quick example on how to use it:

# ifconfig -au4
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
nge0: flags=201004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 2
        inet 192.168.1.101 netmask ffffff00 broadcast 192.168.1.255
        ether 0:e0:81:58:88:ae 
# 
# cat /etc/hostname.nge0:1
192.168.1.50
# 
# svcadm restart network/physical
#
# ifconfig -au4
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
nge0: flags=201004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 2
        inet 192.168.1.101 netmask ffffff00 broadcast 192.168.1.255
        ether 0:e0:81:58:88:ae 
nge0:1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 2
        inet 192.168.1.50 netmask ffffff00 broadcast 192.168.1.255
# 
# ifconfig nge0:1 down unplumb
#
# ifconfig -a4
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
nge0: flags=201004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 2
        inet 192.168.1.101 netmask ffffff00 broadcast 192.168.1.255
        ether 0:e0:81:58:88:ae

no comment

Friday 23 February 2007

EtherChannel and NIB on IBM AIX

By Julien Gabel on Friday 23 February 2007, 20:45 - AIX

Recently, while adding availability features to some of our AIX DLPARs (Dynamic Logical PARtitions), i went through this very interesting (and well written) reading which explain why and how to use, deploy and configure properly some of the very nice network features on the AIX operating system: EtherChannel and Network Interface Backup. In short, EtherChannel represent a network port aggregation technology that allow multiple Ethernet adapters to create a single pseudo-Ethernet device. In its second form, known as Network Interface Backup, it protects against network-SPOF by providing failure detection and failover mechanism.

no comment

Wednesday 31 August 2005

Use the NIS and NFS Infrastructure on Red Hat Advanced Server 2.1

By Julien Gabel on Wednesday 31 August 2005, 22:20 - GNU/Linux

Here are the steps to be able to use the current NIS and NFS infrastructure from a Linux server.

NIS

Be sure to resolve the NIS servers (slave and/or master) for the int domain name:

# egrep "nasty|bigup" /etc/hosts
192.168.4.74           nasty
192.168.4.23           bigup

Configure the NIS client:

# cat << EOF >> /etc/yp.conf
domain int server nasty
domain int server nasty
EOF
# grep NIS /etc/sysconfig/authconfig /etc/sysconfig/network
/etc/sysconfig/authconfig:USENIS=yes
/etc/sysconfig/network:NISDOMAIN=int

NFS

The NFS part is relatively simple since the autofs maps is looked up in the NIS maps (already managed by the corresponding boot script's service).

So, it is just needed to modify the automountd service to add some arguments that must be passed to the program. This is a necessary step to be able to automount the correct remote path using our customized autofs server. Here is how to do so.

Check the configuration of the run-level informations for the autofs service:

# chkconfig --list autofs
autofs          0:off   1:off   2:off   3:on    4:on    5:on    6:off

Modify the initial service configuration and reload it:

# diff -u /etc/init.d/autofs.orig /etc/init.d/autofs
--- /etc/init.d/autofs.orig     Thu Aug 25 13:12:38 2005
+++ /etc/init.d/autofs  Thu Aug 25 17:25:47 2005
@@ -67,7 +67,10 @@
 # We can add local options here
 # e.g. localoptions='rsize=8192,wsize=8192'
 #
-localoptions=''
+localoptions="-DOSNAME=`uname -s` \
+              -DCPU=x86 \
+              -DNATISA=32 \
+              -DOSREL=`uname -r | awk -F\. '{print $1\".\"$2}'`"
 
 # Daemon options
 # e.g. --timeout 60
# service autofs restart

Verify if all is ok:

# service autofs status
Configured Mount Points:
------------------------
/usr/sbin/automount /Soft yp auto.soft -ro,hard,bg,intr -DOSNAME=Linux        -DCPU=x86        -DNATISA=32        -DOSREL=2.4
/usr/sbin/automount /NTFS yp auto.nt  -DOSNAME=Linux        -DCPU=x86        -DNATISA=32        -DOSREL=2.4
/usr/sbin/automount /Home yp auto.home -rw,hard,bg,intr -DOSNAME=Linux        -DCPU=x86        -DNATISA=32        -DOSREL=2.4
/usr/sbin/automount /Apps yp auto.apps -ro,hard,bg,intr -DOSNAME=Linux        -DCPU=x86        -DNATISA=32        -DOSREL=2.4
/usr/sbin/automount /- yp auto.direct  -DOSNAME=Linux        -DCPU=x86        -DNATISA=32        -DOSREL=2.4

Active Mount Points:
--------------------
/usr/sbin/automount /Soft yp auto.soft -ro,hard,bg,intr -DOSNAME=Linux -DCPU=x86 -DNATISA=32 -DOSREL=2.4
/usr/sbin/automount /NTFS yp auto.nt -DOSNAME=Linux -DCPU=x86 -DNATISA=32 -DOSREL=2.4
/usr/sbin/automount /Home yp auto.home -rw,hard,bg,intr -DOSNAME=Linux -DCPU=x86 -DNATISA=32 -DOSREL=2.4
/usr/sbin/automount /Apps yp auto.apps -ro,hard,bg,intr -DOSNAME=Linux -DCPU=x86 -DNATISA=32 -DOSREL=2.4
/usr/sbin/automount /- yp auto.direct -DOSNAME=Linux -DCPU=x86 -DNATISA=32 -DOSREL=2.4

no comment

Monday 29 August 2005

How to Set Up the NFS Server, for the Use of the Automounter Capability

By Julien Gabel on Monday 29 August 2005, 22:26 - Solaris

  1. soul is the hostname of the master NIS server for a given domain
  2. kitchen is the hostname of the slave NIS server for a given domain
  3. bento is the hostname of the NFS server
  4. nfs is an alias (CNAME) for the NFS server

NFS configuration, logged on bento

Just add the wanted share in the export list on server bento. On Sun Solaris, it is done as follow:

# cat << EOF >> /etc/dfs/dfstab
share -F nfs -o rw -d "Applications repository, NFS shared" /export/bento/apps
EOF

The file system /export/bento/apps must already be available.

Start the nfsd service (and associated daemons: mountd, statd and lockd) if necessary:

# /etc/init.d/nfs.server start

Or simply export the new share:

# shareall

NIS configuration, logged on soul

Because all of the automounted NFS clients (in particular Solaris, AIX and GNU/Linux) know how to use automount maps shared via the NIS protocol, the centralized auto_apps (SYSV style) map resides on the master NIS server, soul.

Since this is a new map to add, there is a little more to do here.

Create the map in the DIR (in NIS parlance) directory:

# touch /etc/ivyp/auto_apps
# ci -i /etc/ivyp/auto_apps
/*
 * Description message: "Automounter map for the applications repository,
 * NFS shared.".
 */
# co -l /etc/yp/auto_apps
# cat << EOF > /etc/ivyp/auto_apps
* -rw,hard,bg,intr nfs:/export/bento/apps/${OSNAME}/${CPU}/${NATISA}/${OSREL}/?
EOF
# ci -u /etc/ivyp/auto_apps

The RCS commands may (and must) be used through the ivv.sh wrapper script.

Teach the customized NIS infrastructure (based on GNU tools, not the native ones) about the new map:

# diff -u /var/yp/GNUmakefile.2005-08-25 /var/yp/GNUmakefile
--- /var/yp/GNUmakefile.2005-08-25      Thu Aug 25 13:18:31 2005
+++ /var/yp/GNUmakefile Thu Aug 25 14:30:04 2005
@@ -76,6 +76,7 @@
 AUTONT=auto_nt
 AUTOALT=auto_alt
 AUTODIRECT=auto_direct
+AUTOAPPS=auto_apps
 else
 AUTOMASTER=auto.master
 AUTOHOME=auto.home
@@ -83,6 +84,7 @@
 AUTONT=auto.nt
 AUTOALT=auto.alt
 AUTODIRECT=auto.direct
+AUTOAPPS=auto.apps
 endif
 GNUGREP=/usr/local/bin/ggrep
 MALIASES=$(YPDBDIR)/$(DOM)/mail.aliases
@@ -96,7 +98,7 @@
 
 all:: passwd group hosts ethers networks rpc services protocols \
        netgroup bootparams aliases publickey netid netmasks c2secure \
-       timezone auto.master auto.home auto.soft auto.nt auto.alt auto.direct \
+       timezone auto.master auto.home auto.soft auto.nt auto.alt auto.apps auto.direct \
        printcap dmmo printers.conf virtualip
 
 diams: dmmo_applis dmmo_sites dmmo_users ypservers
@@ -424,6 +426,22 @@
                echo "couldn't find $(DIR)/auto.alt"; \
        fi
 
+auto.apps.time:  $(DIR)/$(AUTOAPPS)
+       -@if [ -f $(DIR)/$(AUTOAPPS) ]; then \
+               sed -e "/^#/d" -e s/#.*$$// $(DIR)/$(AUTOAPPS) \
+               | $(MAKEDBM) - $(YPDBDIR)/$(DOM)/auto.apps; \
+               touch auto.apps.time; \
+               echo "updated auto.apps"; \
+               if [ ! $(NOPUSH) ]; then \
+                       $(YPPUSH) auto.apps; \
+                       echo "pushed auto.apps"; \
+               else \
+               : ; \
+               fi \
+       else \
+               echo "couldn't find $(DIR)/auto.apps"; \
+       fi
+
 printcap.time: $(DIR)/ypprintcap
        -@if [ -f $(DIR)/yp$(@:.time=) ]; then \
                sed < $(DIR)/yp$(@:.time=) \
@@ -686,6 +704,7 @@
 auto.soft: auto.soft.time
 auto.nt: auto.nt.time
 auto.alt: auto.alt.time
+auto.apps: auto.apps.time
 auto.direct: auto.direct.time
 printcap: printcap.time
 printers.conf: printers.conf.time
@@ -710,6 +729,7 @@
 $(DIR)/$(AUTOSOFT):
 $(DIR)/$(AUTONT):
 $(DIR)/$(AUTOALT):
+$(DIR)/$(AUTOAPPS):
 $(DIR)/$(AUTODIRECT):
 $(DIR)/ypprintcap:
 $(DIR)/printers.conf:

At this stage, the new map must be first manually transferred on the slave NIS server.

Create the corresponding map files (*.dir and *.pag ) only, using:

# cd /etc/ivyp
# gmake -C /var/yp NOPUSH="YES"

Log in on the slave server (a Sun system), for example kitchen :

# /usr/lib/netsvc/yp/ypxfr -h soul auto.apps
# ls -l /var/yp/`domainname`/auto.apps.*
-rw-r--r--   1 root     root           0 Aug 25 18:10 /var/yp/`domainname`/auto.apps.dir
-rw-r--r--   1 root     root        1024 Aug 25 18:10 /var/yp/`domainname`/auto.apps.pag

Note: You can know which hostname is(are) currently set up as slave server(s) using:

# cd /var/yp/`domainname`
# makedbm -u ypservers
YP_LAST_MODIFIED 1072719185
YP_MASTER_NAME soul
kitchen
timal

Then, on the master server, really push the map this time:

# cd /etc/ivyp
# gmake -C /var/yp

Now, the new mount point and sub-tree must be ready and available to all your properly configured clients, as found in the following online documents:

  1. Use the NIS and NFS Infrastructure on AIX 5L
  2. Use the NIS and NFS Infrastructure on Red Hat Advanced Server 2.1

no comment

Thursday 18 August 2005

Update the Notebook to FreeBSD 6.0-BETA2

By Julien Gabel on Thursday 18 August 2005, 23:31 - BSD Unix

I decided to take advantage of this three days week-end (at least in France) to upgrade the Notebook to FreeBSD 6.0-BETA2 and follow the RELENG_6 branch testing the upcoming FreeBSD release.

In fact, i hope this one may help me in two areas... more precisely: fix a very annoying bug resulting in a USB interrupt storm and help on the wifi side, based on the work done to incorporate the wpa_supplicant code from ports(7).

The installation went smooth and well, although there is no package yet (it is a beta release, not a release candidate) and all third party need to be compile from sources. So, i installed the minimum required. In the same time, update (one more time) the installation notes, notably regarding the DHCP part (this branch switched from the ISC DHCP client v3.x to the OpenBSD DHCP client which was based on ISC DHCP v2.x). The biggest problem was to figure how to set it up in order to be able to update its DNS records obtained from the DHCP server. The solution is very simple: don't let the client do this setting (as in RELENG_5 with ISC DHCP) but do it on the server side level. It has the other advantage not to care how to do this on multiple heterogeneous clients (UNIX, Unix-like, Windows, etc.).

On the other side, there is one problem though. Because this release needs testing, the default kernel comes with debugging options enable (INVARIANTS and WITNESS(4) in particular) which have the side effect of slowing down the machine, really. These options help debugging and lightning some problems that may appeared in the development process. One of this is called a LOR and i encountered two of them. They are already known to the developers, but we don't know yet the real impact of these: harmless or not. Here is the thread about this on current@.

Go testing. I will try to reproduce the panic i encountered before to know the code path where this happens.

no comment

Monday 15 August 2005

Upgrade the 3366-ENT ADSL Gateway

By Julien Gabel on Monday 15 August 2005, 23:31 - thnet

Decided to upgrade the Cayman 3366-ENT ADSL Gateway from Netopia, currently hosting the public link for the Thilelli.NET Project. All went smooth and well. The gateway is now at the latest firmware level available (8.5.0 at the time of this writing).

At the same time, try to avoid some recurrent problem on the link (seems ok but doesn't let real traffic to pass through it) helped by the 24-Hour Scheduled Connection procedure. Waiting to see if it really works for our site... thanks to our ISP for providing a nice administration and status page.

no comment

- page 1 of 2