Building a NIS User Add Script

I have an environment where Solaris provides NIS for all the Solaris and Linux systems.  Every time I add a user I’ve had to alter a number of files and that’s pretty lame.

If you have any questions please ask.

#!/bin/bash
###################
# NewUser.sh creates a new user in the NIS environment and pushes that
# user information out to the server systems.
#
# NewUser.sh v1.0 - jay@zidea.com
#
###################
### Declarations
declare -rx SCRIPT=${0##*/}
declare USERNAME
declare FULLNAME
declare PASSWORD
declare USER_HOME
declare LASTID
declare USERID
### Checks if you have the right privileges
if [ "$USER" = "root" ]
then
#### Collect the variables
echo "" ;echo "" ;echo "" ;echo ""
 printf "%s\n" "Enter the user's name (firstname lastname): "
 echo "" ;echo "" ;echo "" ;echo ""
 read -e FULLNAME
printf "%s\n" "Enter the USERNAME (8 characters or less): "
 echo "" ;echo "" ;echo "" ;echo ""
 read -e USERNAME
# Other variables
USER_HOME="/home/$USERNAME"
 LASTID=`tail -1 /etc/passwd |cut -f3 -d:`
 USERID=`expr $LASTID + 1`
# Checks if the user already exists
 cut -d: -f1 /etc/passwd | grep "$USERNAME" > /dev/null
 OUT=$?
# Test for the account and build the files
 if [ $OUT -eq 0 ];then
 echo >&2 "ERROR: User account: \"$USERNAME\" already exists."
 echo >&2 "ERROR: User account: \"$USERNAME\" already exists." >> "$LOGFILE"
 else
 # Create a new user /usr/sbin/useradd
 /usr/sbin/useradd -u $USERID -d $USER_HOME -g staff -s /bin/bash -c "$FULLNAME" -m $USERNAME
 passwd $USERNAME
 PASSWORD=`grep $USERNAME /etc/shadow | cut -f2 -d:`
 echo $USERNAME:x::::: >> /etc/nis_etc/security/passwd.adjunct
 echo $USERNAME:$PASSWORD:$USERID:10:"$FULLNAME":$USER_HOME:/bin/bash >> /etc/nis_etc/passwd
 echo $USERNAME:$PASSWORD:14785:::::: >> /etc/nis_etc/shadow
# Restart the Yellow Pages (NIS)
 pushd /var/yp
 make
 popd
# Setup the $HOME Directory on svnfiles
 ssh root@home.server.com mkdir -pv /files/$USERNAME
 ssh root@home.server.com chown -R $USERID /files/$USERNAME
 ssh root@home.server.com chgrp -R wheel /files/$USERNAME
echo "The user \"$USERNAME\" has been created."
 fi
 exit 0
else
 echo >&2 "ERROR: You must be a root user to execute this script."
 exit 1
fi

Working with ILOM on a Sun/Oracle System

Sun(now Oracle) and Fujitsu put together a new remote management system (ILOM) that provides a mild improvement over the older ALOM systems.  This guide will get you started.

#### STARTING STOPPING
The ILOM allows you to manage the system (SYS) with a few simple commands:

-> start /SYS
-> stop /SYS
-> reset /SYS

#### MANAGING AUTO BOOT MODE
-> set /HOST/bootmode script=”setenv auto-boot? false”
-> reset /SYS

#### FORCING A BREAK COMMAND
-> set /HOST send_break_action=break command
-> start /SP/console

#### GRAB A CONSOLE CONNECTION
-> start /SP/console

#### CREATE ILOM USER
-> create /SP/users/<username>
Creating user…
Enter new password: ********
Enter new password again: ********
Created /SP/users/<username>

#However, I want my team to be able to use this system just like they did the old ALOM systems
because it simplifies management for me when I’m on vacation.  Create the user as shown below
to have an old school ALOM experience.

-> create /SP/users/admin role=aucro cli_mode=alom
Creating user…
Enter new password: ********
Enter new password again: ********
Created /SP/users/admin

#### SET A PASSWORD
set /SP/users/root password

#### CHANGING THE IP
-> cd /SP/Network
-> set pendingipaddress=<ip_address>
-> set pendingipdiscovery=static
-> set pendingipnetmask=255.255.255.0
-> set pendingipgateway=<ip_address>
-> set commitpending=true

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value.

Remote Access in Solaris with the ALOM

Resetting the ALOM’s network setting is a little un-intuitive, but it not that hard if you remember that Solaris Sunfire systems (v210, v240, v250, etc.) use the scadm interface to address the eeprom/NVRAM.

cd /usr/platform/`uname -i`/sbin
./scadm set netsc_ipaddr 172.16.3.27
./scadm set netsc_ipnetmask 255.255.0.0
./scadm set netsc_ipgateway 172.16.0.8

# Check your work

./scadm show | grep netsc
netsc_tpelinktest="true”
netsc_dhcp="false”
netsc_ipaddr="172.16.3.27″
netsc_ipnetmask="255.255.0.0″
netsc_ipgateway="172.16.0.8″

You really need to have tpelinktest=”true” before proceeding.

# Reset the interface and then look at the settings.

./scadm resetrsc
./scadm shownetwork

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value.

TCPDUMP – Fast and Easy

TCPDump is a fine way to find out what a system is doing with another system, but generally you will see so much noise unless you limit the traffic that it will be difficult to see what’s happening.  This command did the trick for me when analyzing a problem with FTP

tcpdump src net 10.1.1.73 or dst net 10.1.1.73 -e -vv -w FTP_from_73.cap

Sometimes you may just want to look at dhcp information.

tcpdump -lenx -i eth0 -s 1500 port bootps or port bootpc

I ran this on the FTP server to capture the bare minimum of frames.  We wanted to get both sides of the conversation, the source (src) and the destination (dst) so that we have all the communication between the two systems.  One thing that you may be missing in this scenario is when one or both of these system call out to a third server, like a DNS server.  If you need to do that, just tcpdump everything.

So how do you view this.  Well, I creates a .cap file that is visible and filterable in wireshark which you can load with yum or apt-get.

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value.

Duping a Solaris Disk “Disk-to-Disk Copy”

SUMMARY

We need to make a complete and accurate copy of all data and binaries on one system to another system so that we can test without messing up the original. So we will mount a second drive in the original system… build the second drive to match block-for-block the original… and then mount these and use ufsdump to copy data to the secondary.

Finally, we will remount the new drive in the new system.. run ’sys-unconfig’ and rebuild the physical interfaces completely. :P

There is a command dd (disk duplicate) but that only works if you are 100% successful in getting the partitions correctly build. And if you are doing that… which this document covers, you may as well go ahead and run ufsdump/ufsrecover. ufsdump and recover is more reliable

Continue reading

How to Remove a Solaris Zone Completely

Do you have a virtual machine that you need to completely remove.  I’ve always found the commands to be a bit confusing.  This is the order or removal.

In this example ceng52 has to go:

TERM=xterm; export $TERM
zoneadm -z ceng52 halt
zoneadm -z ceng52 uninstall
zoneadm list -civ
zonecfg -z ceng52 delete

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value.

ZFS Cheatsheet

For those of us who orbit around the sun rather than live there:

There are two main commands for ZFS, “zfs” and “zpool”

"zpool list" - Show current usage on zfs pools
"zpool iostat 5" - Display I/O stats for zfs pools
"zpool vdevs" - Shows current mirror/pool device properties
"zpool create pool c0t3d0 c1t1d0 c4t4d0 c5t2d0" - Creates a pool consisting of c0t3d0 c1t1d0, c4t4d0, c5t2d0
"zpool create -fv pool slice1 slice2" - Creates a pool consisting of slice1 and slice2
"zpool create pool mirror c1t0d0 c2t0d0" - Creates a mirror consisting of c2t0d0 and c2t0d0
"zpool add -f pool mirror c0t1d0s3 c0t1d0s4" - Adds mirror to pool
"zfs list" - Show current zfs filesystems
"zfs create pool/filesystem" - Creates filesystem under pool
"zfs create pool/filesystem /mountpoint" - Creates filesystem under pool and mounts it to mountpoint
"zfs snapshot pool/filesystem@snapshotname" - Takes snapshot of filesystem
"zfs mount pool/filesystem /mountpoint" - Mounts a zfs filesystem to mountpoint
"zfs destroy pool/filesystem" - Deletes filesystem from pool
"zfs destroy pool" - Deletes pool

Package Name: SUNWzfs
Older Solaris 10 u6 and below you cannot export and import the disks. So moving them to new hardware is not possible :(
There is never a need to fsck a ZFS filesystem.

NOTE BENE: I get a lot of traffic on this page and I’m sure some of you guys have cheatsheets and crib notes of your own for zfs. Please feel free to leave a comment with your favorite commands.  We can all learn from each other.

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value

Dealing with ZFS Boot Problems

As a Sys Admin who gives his user’s plenty of power to sometimes things get messed up in the boot process so that the system cannot boot properly.  No prob0lem you say, boot from CDROM into single-user mode and mount partition, find and fix the problem……. ummmm, wait.  How do I do that?  This article covers how to mount ZFS in single-user mode.  Fixing the problem is up to you.

STEPS

  1. First get an OK prompt.   With a Fujitsu-based system this is accomplished by logging into the contol interface and issuing a sendbreak -d 0.  Refer to your manual, or drop me a comment if you need a hand with this.
  2. Insert the CDROM and issue a “boot cdrom -s”
  3. “zfs list” is going to show you all of the available zpools.
    NAME                        USED  AVAIL  REFER  MOUNTPOINT
    rpool                      12.5G  54.4G    97K  /rpool
    rpool/ROOT                 6.97G  54.4G    21K  legacy
    rpool/ROOT/s10s_u8wos_08a  6.97G  54.4G  6.97G  /
    rpool/dump                 1.00G  54.4G  1.00G  -
    rpool/export               2.53G  54.4G  23.5K  /export
    rpool/export/home          2.53G  54.4G  2.53G  /export/home
    rpool/swap                    2G  56.4G    16K  -
  4. zfs get mountpoint rpool/ROOT/s10s_u8wos_08a is going to show you that the mountpoint is / and we know that is already in use.
    NAME                       PROPERTY    VALUE       SOURCE
    rpool/ROOT/s10s_u8wos_08a  mountpoint  /           local
  5. Change that mount point temporarily with the command “zfs set mountpoint=/mnt rpool/ROOT/s10s_u8wos_08a”
  6. “zfs mount rpool/ROOT/s10s_u8wos_08a”

At this point simply cd on over to the problem file and fix it.  In my case the user had modified the /etc/vsftab file so that it could no longer boot so I had to edit /mnt/etc/vfstab.

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value

Solaris M3000 Hard Drive the inexpensive way

A couple of years ago we purchased an M3000 with 2 X 146GB hard drives installed.  Is SUN/Oracle proud of their hardware or what?  The price on a replacement hard drive is exorbitant.  Oracle thinks the “G” in GB stands for grand, as in $1,000.

So I go the the two empty bays (the M3000 has a total of 4-bays) and discover fake plastic ‘FILLER” trays that are not suitable for mounting a hard drive.  Searching on the Interwebs you won’t find the part number for the drive bay that works, but I’ll give it to you here:

Part No. MBB2147RC – 147GB 10K SAS SFF 2.5 Inch HD – $170
Part No. 541-0239 – Sun SPUD Hard Drive Mounting Bracket – $35

You will find this part number associated with other SUN/Oracle hardware, but not the M-Series systems.  I’m telling you they work just fine.  I also included the original part number of my original drives.  I happen to have purchased mine from http://www.serversupply.com/ because they are brilliant, inexpensive and reliable.

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value

Notes on Hard Drive Recovery

If your hard drive just stopped working, did not make any funny screeching, clicking, popping dying sounds…. just quit, this is a good starting place for finding a resolution.

BASIC STEPS

  1. Remove the hard drive from the computer or device.
  2. Examine it carefully for ‘hot spots’ or other damage on the external controller board.
  3. Check if there are broken parts – A ) Move it gently from side to side and then front to back. Listen for metallic rattling noises. – B ) Don’t be too rough when you shake the drive. The drive’s heads are probably loose if there is a rattling sound. – C ) Stop if there is rattling and decide how important the data is. Data recovery is expensive. If you need your data regardless of the cost, contact a data-recovery specialist. If not, warranty or replace the hard disk.
  4. Switch drive pin settings if you have a PATA (IDE/EIDE) drive. – A ) If it was ’slave’ or ‘cable select’, set it to ‘master’. – B ) Plug it in alone without any other device on that port and try again. – C ) Plug it into an external drive adapter or external drive case (i.e. US if you have one.
  5. Plug the hard drive into a different port with a new cable that you know works and try again
  6. Try other IDs and/or another PCI controller and try again. If you don’t have another controller, a PCI card that adds ports to your computer, just change the ID.
  7. Connect the drive into another computer and try again. If this works, it is possible that the motherboard is at fault and not your hard disk.

Continue reading