Kinh Nghiệm Việt Nam - Thủ Thuật PC

how to install memcached

noreply@blogger.com (vitec) — Wed, 15 Feb 2012 04:29:00 +0000

Install memcached

Cách 1: Cài và chạy bằng tay

Here's a quick recipe for installing memcached on EC2 Amazon Linux AMI 1.0.

yum install gcc libevent libevent-devel
cd /usr/local/src
wget http://memcached.org/latest
tar -xf memcached-*.tar.gz
cd memcached-*
./configure
make && make install

Memcached will be installed to /usr/local/bin. Let's make sure everything went well by running memcached:

/usr/local/bin/memcached -u root -d

Then we'll make sure it's running

ps aux | grep memcached

netstat -anp | grep 11211

And finally kill it.

pkill memcached

Cách 2: Cài và chạy service

Going all out - building a memcached rpm

If you're installing memcached on multiple machines then having an RPM handy is preferred. Make sure to run this as the ec2-user and not root.

cd ~
sudo yum install gcc libevent libevent-devel rpm-build perl-Test-Base
echo "%_topdir /home/ec2-user/rpmbuild" >> ~/.rpmmacros
mkdir -p /home/ec2-user/rpmbuild/{SPECS,BUILD,SRPMS,RPMS,SOURCES}
wget http://memcached.org/latest
rpmbuild -ta memcached-*.tar.gz

The RPM will be created in ~/rpmbuild/RPMS/x86_64/ or ~/rpmbuild/RPMS/i386/ depending on whether you chose a 32 or 64 bit AMI. Copy the rpm to your home directory and run the command below to install memcached to /usr/bin/memcache

sudo yum localinstall memcached-*.rpm --nogpgcheck

The beauty of this approach is that you can now do the following to start or stop memcached

service memcached status
service memcached start
service memcached stop

And finally you can enable memcached at startup with this simple command:

chkconfig memcached on

Install php-pecl-memcache

#if apt-get, rpm, or yum doesn't work

cd /usr/src/
wget http://pecl.php.net/get/memcache-2.2.4.tgz
tar -zxvf memcached-2.2.4.tgz
cd memcached-2.2.4
phpize && ./configure --enable-memcache && make
cp modules/memcache.so /usr/lib/php/modules/

# Note: packaged extension modules are now loaded via the .ini files
# found in the directory php.ini

php -i | grep php.ini

vi /etc/sysconfig/memcached

PORT=”11211″                #define on which port to urn
USER=”nobody”           #same as apache user
MAXCONN=”1024″     #maximum number of connections allowed
CACHESIZE=”64″         #memory used for caching
OPTIONS=”"                   #use for any custom options

add php.ini

extension="memcache.so"

restart service https

/etc/init.d/httpd restart

Note: Neu bi loi can install cac goi

yum install php-devel
yum install zlib-devel
yum install zlib zlib-devel

Check memcache

php -i | grep memcache

[root@dedi94125 ~]# more testmemcach.php
$memcache = new Memcache;
$memcache->connect('127.0.0.1', 11211);
print_r($memcache);
?>

[root@dedi94125 ~]# php testmemcach.php
Memcache Object
(
[connection] => Resource id #5
)

[root@dedi94125 ~]#

Learn how to Sniff Wireless Passwords with Pirni (Man in the Middle Attack)

noreply@blogger.com (vitec) — Fri, 03 Feb 2012 06:50:00 +0000

The thing about the iPod Touch and the iPhone is that they are great portable hacking devices. To the naked eye the iPod Touch/iPhone looks like nothing more than an ordinary mp3 player/cellphone however that is just an understatement to its full potential. Once your iPod Touch/iPhone is jailbroken you have access to your whole file system meaning that applications generally associated with laptop/desktop hacking can be ported and used on the iPod Touch/iPhone. This opens up a whole lot of possibilities for network sniffing, port scanning and much much more! In this tutorial we are going to take a look at one of these programs called Pirni.

What is Pirni?

Pirni is an application that was ported to The Ipod Touch/iPhone to be used as a native network sniffer. Pirni is so useful because it gets past the iPod Touch’s/iPhone’s wifi hardware limitation of not being able to be set into promiscious mode (a mode that allows a network device to intercept and read each network packet that arrives in its entirety). To get past this limitation Pirni comes with an ARP spoofer that successfully routes all the network traffic through your iPod Touch/iPhone, records it to a dump file and then uses packet forwarding to send it to it’s normal recipent (ie. the router). What this basically means in simpler terms is that all the traffic on a specific network comes through your iPod Touch/iPhone before it reaches the router. This meaning that if we sniff the network long enough, another user connected to the network could enter in an unencrypted password and you could then retrieve that password after looking through your dump file.

Using Pirni

Pirni is an application that does not have a GUI (Graphical User Interface) and it requires a program called Terminal to run and be used. Terminal is basically an application that allows you to give your iPod Touch/iPhone simple commands. Below I am going to go through the steps of installing and using Pirni… **Note this is a technical tutorial and is not recommended for users new to computers. Please also note that this tutorial is for educational purposes only. It is illegal to sniff a wireless network that is not your own. Use and Follow this Tutorial at your own Risk.
Step 1) - The first thing you are going to need to do is install a program called Mobile Terminal on your iPod Touch/iPhone. This program is available through cydia, so open up cydia and type in terminal into the search tab. Once you find Mobile Terminal on your search Results install it to your iPod Touch/iPhone.

Step 2) - Once you have installed terminal the next application you are going to install is Pirni. Type pirni into the search tab and once it appears on your search results click it and install it to your iPod Touch/iPhone. Once Pirni installs you will have installed everything you need to begin sniffing wireless networks…

Step 3) - Before you launch terminal and begin sniffing you will need a few pieces of information on your wireless network; the network’s ip address and the router’s ip address. You can find out this information by launching Settings and clicking Wifi then clicking on the arrow next to Your wireless network’s Name. Once you find the information you are looking for which is the IP Address and the Router IP Address write it down on a piece of paper so you remember it.

Step 4) - Now that you have the required information you are ready to begin the process of sniffing with Pirni. The first thing you need to do is open up Terminal; so do this now by finding Terminal on your springboard and clicking it to launch it. **Note Terminal sometimes takes a few times to actually load. If you click the Terminal application and it opens and closes then simply click it again until it fully launches. Once you get Terminal up and Running you are going to need to login as a a root user to gain full access to your iPod Touch/iPhone. Type in the following commands and please note they are all case sensitive so copy them exactly as shown…

su
alpine (alpine is the default password. If you have not changed your password then use alpine)

Once you have gained root access continue to step 5…
Step 5) - Once you are logged in as the root user you can begin using Pirni. To initiate Pirni you are going to need to enter in a line of commands replacing whats in red with your network specific information.
-s: Specifies the IP-adress you want to spoof, this is where the Router IP Address goes.
-d: Specifies the target you want to perform MITM on, this is where the IP Address of your network goes.
-f: Specifies the Berkley Packet Filter so that pirni only collects interesting packets. This is very good if you want to filter out specific packets – such as FTP, SMTP or HTTP. If no -f options is supplied, all packets will be captured.
-o: Specifies the dumpfile where all the collected packets end up. This is a pcap dump format, that most traffic analyzers can handle.

iphone4s:~ root# more get.sh
pirni -s 192.168.1.1 -o log.pcap
pirni -s 192.168.1.1 -d 192.168.1.189 -f "tcp dst port 80" -o log.pcap
pirni -i en1 -s 192.168.1.1 -d 255.255.255.0 -o log.pcap

iphone4s:~ root#

Once you enter the Commands Pirni will initiate and begin collecting packets. A packet is a formatted unit of data carried by a packet mode computer network. For example, every Web page that you receive comes as a series of packets, and every e-mail you send leaves as a series of packets. Pirni collects these packets and records them into a readable dump file that can be analyized at a later date on your computer. In order for Pirni to collect something interesting you are going to need to visit a website that doesnt use an ssl encrypted connection. Leave your iPod Touch or iPhone alone collecting packets and go to a website that doesn’t use an ssl encrypted connection and login to that website. An example of this kind of website would be Hawkee.com this website does not use an ssl encrypted connection while handling logins. If you want to test out Pirni to see if you can get a password register an account up with Hawkee.com and login to your account while you are sniffing your network. Once you are done scanning the network drag your finger across the screen in a diagnol direction and this will stop pirni correctly. **Note it is important to close pirni this way to avoid errors while analyzing your dump file later on.

Analyzing your Dump File

Now that you have sniffed the packets on your network you now have to analyze the dump file created by Pirni. To do this you will need to get the dump file off your iPodTouch/iPhone by using a program called Winscp. This program allows you to access the files on your iPodTouch/iPhone. To use this program you will need two things; open ssh installed on your iPodTouch/iPhone and Winscp installed on your computer…
Step 1) - Download openssh to your iPodTouch/iPhone by going into Cydia and typing in openssh into the search panel. Once you see openssh on the search results click it and install open ssh. Once open ssh has been installed exit cydia and continue to step 2…

Step 2) - The next thing you need to do is install a program called winscp to your computer. This program will allow you to take files off your iPod Touch/iPhone with an easy to use GUI (Graphical User Interface).

Download Winscp Here

Once Winscp Downloads to your computer install it by following the easy to use steps of the installer…
Step 3) - Once Winscp has finished installing double click the winscp.exe to launch the program. You will be presented with a window like the one depicted below…

Once you get Winscp up and running you are going to need to enter in some information into Winscp. The first thing you need to enter is the Host name which is your networks IP Address. This is the Address that you wrote down earlier you can find it inside Settings > Wifi >Your Network Name Tab. The next thing you need to enter is the Username this is always left as root. The last piece of information you need to enter in is the password the default password if you haven’t changed it is alpine. If you have changed your password then enter your current password in the password field now.

Once you enter in the required information click the Login Button. The first time you login it will take awhile to load just be patient and wait it can take up to five minutes. The first time you login you will also get a warning message that will appear simply hit the ok button to the warning message. When you succesfully login click the / button on the top right hand corner of the screen…

Once you click the / Button (Which is the Root Directory Shortcut) the next thing you are going to do is click the User file directory as shown below. This is where all your dump files are saved and stored through Pirni…

Once you are inside the User File Directory you should now see your log file. Drag the Log file to your Desktop and then Exit Winscp as you are now done using the program. Winscp is a useful program if you need to access your iPod Touch/iPhones internal File Structure. Now that you know how to use Winscp you can use this useful program anytime you want.

Step 4) - Now that your Log File has been successfully transferred to your computer you are now going to need to download an application that will analyze the dump file called WireShark.

Download WireShark Here

With WireShark successfully downloaded to your computer double click the setup.exe and install it to your computer. When it asks you if you want to install WinPcap click no because you will not need this functionality while analyzing your dump file.
Step 5) - Now that WireShark is installed double click the WireShark.exe on your Desktop to start the program. Once the Program is up and running you are going to need to open your log file. Click the Open Button in the middle of the screen and then locate your log file which should be on your Desktop.

Once you locate your Dump file and load it into WireShark you will now see a screen with a bunch of packets displayed. These are all the Packets that you captured while you were sniffing your network. If you have never seen packets before all of this information will mean nothing to you and seem confusing. If you research a little bit online about packets you will find these packets are a lot more interesting however if you are new to this whole thing then the search tool will be your friend. Click the Magnifying glass on the top of the screen and it will bring up a search window.

Once the Search window comes up you will be presented with three options Display Filter, Hex Value and String. Click the String Option and then type in password into the search field and click the Find Button. The Search Tool is a great tool to find interesting information in your dump file. With the search tool it will quickly scan through all your packets and will find a match to what you are searching for. It defiantly beats looking through hundreds of packets till you find something interesting. With the search tool you can simply type in keywords that would be of interest to you like password,username,login,email and it will try to find a match. **Note not all dump files will contain interesting information like passwords,usernames etc… It all depends on what users connected to the network you are scanning are doing.

Once you click the find button you will be directed to the packet that contains the password string or the string that you typed into the search field. If you look at what is highlight you can see that you have successfully found the username and password to your hawkee.com account. If this was performed on an unknown network you would have successfully sniffed a password that you can then do what you want with. WireShark is a very powerful tool for analyzing packets if you go to their Website you can learn a lot about packets and other analyzing techniques not discussed on this tutorial.

As you can see your iPod Touch or iPhone can be transformed into a powerful password sniffing device. With Pirni you can have a powerful password sniffing program hidden within your iPod Touch/iPhone. You can have your morning coffee at starbucks while sniffing its wireless network without anyone knowing or suspecting a thing. There are many other useful hacking programs on the iPod Touch/iPhone, and I will write more tutorials for programs like Ngrep and TCP Dump in the future if enough interest is given. As always if you require any help with this tutorial please feel free to post your questions/comments in the comments section below.

UDIDFaker – fake udid for your iPhone IOS device

noreply@blogger.com (vitec) — Mon, 30 Jan 2012 14:33:00 +0000

UDIDFaker is a jailbreak tweak that can fake udid to let you try some charges app, these are prevent you re-use by the only udid on your device, with udidfaker fake a udid for an app, this app will think this is a new device, so you can continue to use a free trial app.
UDIDFaker has updated version 2.3-3.

Follow these steps to spoof Your Device’s UDID

1.) Download UDID Faker(my repo )

2.) Download this .plist file
3.) Download NotePad++ and open .plist file
<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “ http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>com.app.bundle</key>
<string>Enter Valid UDID</string>
</dict>
</plist>
Ok now enter a Valid Fake UDID and app bundle name to find the bundle name go into the .app folder you want to spoof for Info.plist open it until you find Bundle Identifier
Ok now Save the .plist file to your desktop. Then SSH into your device to

/private/var/mobile/Library/Preferences/

If you would like to spoof more than 1 app for example 3 apps it’s gona look like this
<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “ http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>com.app.bundle</key>
<string>Change this for valid-fake UUID</string>
<key>com.app.bundle2</key>
<string>Change this for valid-fake UUID</string>
<key>com.app.bundle3</key>
<string>Change this for valid-fake UUID</string>
</dict>
</plist>

Create random HEX for linux

noreply@blogger.com (vitec) — Mon, 30 Jan 2012 14:26:00 +0000

echo `< /dev/urandom tr -dc a-f0-9 | head -c40`

Pirni comes with an ARP spoofer network traffic

noreply@blogger.com (vitec) — Sun, 29 Jan 2012 05:58:00 +0000

Pirni is the worlds first native network sniffer for iPhone. The iPhone's Wi-Fi has some major drawbacks in its hardware design, thus we can not properly set the device in promiscuous mode.

This is why Pirni comes with an ARP spoofer that successfully routes all the network traffic through your device and then uses packet forwarding to send it to it's normal recipient (ie. the router).

pirni -s 192.168.1.5 -f "tcp dst port 80" -o log.pcap

After a successful network sniffing, you can transfer the dumpfile to your computer and open it up with Wireshark (or any other traffic analyzer that supports pcap) to analyze the traffic.

BPF filters allow you to select which packets to be dumped. This allows you to "filter" packets, so that only "interesting" packets can be supplied to the software using BPF; this can avoid copying "uninteresting" packets from the operating system kernel to software running in user mode, reducing the CPU requirement to capture packets and the buffer space required to avoid dropping packets.

Sniff Your iPhone's Network Traffic

noreply@blogger.com (vitec) — Sun, 29 Jan 2012 05:57:00 +0000

Ever wanted (or needed) to see your iPhone's network traffic? All you need is a wireless LAN and the cross-platform proxy application, Paros. There are other proxy server's that can be used, but Paros was built for web application security assessments, so it provides an intimate hook into the HTTP request/response flow. Let's get started!

1) Download and Install Paros

Grab the download from the Paros site. Your install process will differ depending on your O/S, but they've provided some install instructions here. Everybody will need the Java Runtime Environment 1.4 or above.

2) Configure Paros

Once installed, launch Paros and find the configuration options (on OS X they are under Tools -> Options). Paros is configured by default to listen on localhost only, but we are going to route our iPhone's traffic through Paros, so we need to set it to listen on the IP address of the interface connected to the same LAN as the iPhone.
My LAN's network is 1.1.1.0/16, so I'll configure the Local Proxy address accordingly:

That should be the only setting that we need to fuss with. Paros is all set and listening on port 8080, let's configure the iPhone to route its traffic through our proxy!

3) Configure iPhone

On the iPhone, open the "Settings" app and navigate to the Wi-Fi page. Once there, edit the settings for the wireless network you are currently connected to (this needs to be the same network where your proxy is running). To do this, click the little blue arrow on the right side of the screen.

Now, scroll all the way to the bottom of the settings page and change the "HTTP Proxy" setting to manual. Enter the IP address and port number of your Paros Proxy.

All set! Now all web traffic to and from the iPhone is routed through Paros. Let's go see what we can see.

4) Using Paros

The main section of Paros is the "Request/Response/Trap." As the iPhone talks through Paros to Internet sites, it will display the iPhone's request and the server's response. The "trap" functionality allows you to stop either the request or the response and view/modify it before sending it along to the recipient. Trapping is very cool, and why Paros is used for security auditing, but for our purposes we just want to see what is going on, so I won't explain it any further.
For now, let's see what happens when we fire up my iPhone's "App Store" app:
In the bottom section of the screen is the history viewer. There we can see that my iPhone made 4 requests to different servers ( 3 GETs and 1 POST):

Highlighting the first GET in the history list shows its details. The iPhone's HTTP request header looked like this:

One noteworthy tidbit is that the iPhone is sending a custom header (X-Apple-Connection-Type) which tells the server that it is connected to WiFi. Next, let's take a look at the server's response:

Notice that in the response we see both the headers that the server returned AND the response data itself, in this case an xml plist file.
Sniffing traffic like this can help you understand how different iPhone apps work behind the scenes or it can help debug interaction for an app that you're writing. Hope this helps you get started!

On-iPhone Development Environment

noreply@blogger.com (vitec) — Sun, 29 Jan 2012 05:23:00 +0000

On-iPhone Development Environment

On-iPhone Development Environment

Often, for some of the trickier packages to build (like Emacs or most Python-based programs), it is easier to have a development environment on the device than to deal with a cross-compiler. The method I outline here is one way to get one. It takes up room, and it’s outdated, but it works for almost anything you’d want to do, if you put up with it.
I’m not going to pretend that this is the best way to do this. I developed this method by changing the one I used for OS 1.0 a little at a time when a new OS came out. It’s a bit of a hack right now, but it works. I point out where I think an improvement could be made.
I’m going to assume you have a freshly jailbroken iPhone or iPad. Feel free to skip steps if you think you can.
I’ve tried to write this as accurately as possible, but errors do happen. Feel free to contact me to work things out. Worst case scenario? You have to do a full restore of your device, which is annoying but not hard. Be sure to have backups, but it shouldn’t come to that!
(Also, standard disclaimer: I claim no responsibility if somehow you make your device blow up, or otherwise fail, while using this guide.)
For this guide, I’m going to assume at least passing familiarity with the unix shell. After all, you’re here for a development environment! Above that, I’ll try to explain what I feel is needed to continue.
Finally, this guide was written for iOS 3.2 on the iPad. It shouldn’t be significantly different for similar versions on both the iPhone and iPad, though. Particularly, it seems to still work on a jailbroken iPad running iOS 4.2.1.
Special thanks must go to Børre Ludvigsen, who patiently worked through this guide on his own and helped me iron out most of the bigger issues.
Let’s get started!

Getting Shell Access

More than likely, since you’re here at all, you’ve already done this. It’s included here for completeness. Feel free to skip ahead!
If you’ve just jailbroken, install the OpenSSH package. Also, installing the OpenSSH reconnect helper and Insomnia is a good idea. The helper will reconnect you automatically if you lose your shell connection, and Insomnia keeps that from happening at all. Nothing is more annoying that having to fidget with your device just to keep the Wifi up!
You will also need to install “APT 0.7 Strict” and “Core Utilities” from Cydia. The first will let us easily install Cydia packages from the command line, which is a lot more convenient, and the second is handy for working on the command line.
SSH in to your device with the username root and the password alpine. We’re going to change this now, for security, and then we’ll give the user mobile a password so we can log in without being root.

iphone:~ root# passwd
Changing password for root.
New password: [type a password here]
Retype new password: [repeat it here]
iphone:~ root# passwd mobile
Changing password for mobile.
New password: [type a different or same password here]
Retype new password: [again...]
iphone:~ root#

Getting an Editor

Right now we have no way of editing files. For now, I recommend installing nano. It’s lightweight and easy to wrap your head around. If you’ve never used it before, look around the web for a GNU nano tutorial. If nano‘s not your thing, you could also install vim or even emacs (though for emacs, you need my Cydia repository).

iphone:~ root# apt-get install nano # or 'vim', or 'emacs', or...

(Note: I usually run nano as nano -w, which keeps nano from automatically wrapping lines, which can ruin most configuration files.)

Setting Up `sudo`

Working as root is bad, very bad. I’ve accidentaly deleted my /usr once, bricking my iPad. However, it gets annoying to have to su into root every time you want to install something. So let’s install sudo!

iphone:~ root# apt-get install sudo

Now we need to edit the sudoers file to make sudo useful. We set the EDITOR environment variable to keep visudo from complaining that vi isn’t there. If you’le using vim, you can leave it out.

iphone:~ root# EDITOR=nano visudo

Right below the line that says “root ALL=(ALL) ALL“, write the similar line “mobile ALL=(ALL) ALL“, then save and exit.
(Note: when you run sudo as mobile, it will ask you for a password sometimes. This is mobile‘s password, not root‘s.)

Logging In as `mobile`

Before we continue, we’re going to drop our superuser privelege. Log out and log back in as mobile. As a test, make sure sudo is working fine. It’ll give you a nice scary administration notice when you run it the first time, as a bonus!

iphone:~ mobile$ sudo whoami

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password: [type in mobile's password]
root
iphone:~ mobile$

The last line saying root is the key: it means sudo is set up right and correctly giving you root access.

Installing GCC and Friends

Finally, we get to the fun part. First off, let’s install some general utilities for our development environment:

iphone:~ mobile$ sudo apt-get install ldid make wget patch gawk

Some explanation: ldid modifies programs to fake iPhone OS into running them like official binaries. make is the standard GNU build tool. We’ll use wget to fetch tarballs from the internet right in the terminal, and then patch to patch them. Autotools, which just about every package uses, needs gawk to run.
Next, we’re going to install gcc itself, but if we just go and do it, we’ll run into a problem with the libgcc offered on Telesphoreo: it refuses to install, because it breaks the system. Instead, we’ll install the dummy package found here, and trick APT into thinking it’s already installed.

iphone:~ mobile$ wget http://gammalevel.com/forever/fake-libgcc_1.0_iphoneos-arm.deb
iphone:~ mobile$ sudo dpkg -i fake-libgcc_1.0_iphoneos-arm.deb

Now we’re prepared to install gcc and some development headers. Note that these headers are compatibility headers, meant to ease the transition from iOS 1.0 to 2.0. That is, they are old. I only trust them for the standard POSIX headers, and even for that they fail in some parts. This is one place that could probably be improved: more on that later.

iphone:~ mobile$ sudo apt-get install iphone-gcc com.bigboss.20toolchain

If you’re anything like me, you’ll be itching to write a little “Hello, world!” program right now and try out your shiny new gcc. Well, you’d be dissappointed. These packages are so old that they need fixing first.

Fixing What’s Broken

Libraries

Unfortunately, you have some downloading to do. Go fetch the iPhone Developer SDK. Once you have it, on a Mac, simply install it. If you’re not on a Mac, you’ll need an archive tool that reads DMGs and Mac packages. I know that 7zip works well on Windows, and probably works fine through Wine on other systems.
We’ll be looking in the iPhoneOS3.2.sdk directory, but by all means change this version number if you need to. On a Mac with the installed official SDK, this is at “/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.2.sdk“. If you’re using 7zip, open the Xcode DMG, then the 5.hfs partition, which will take a while. Then, open up “iPhoneSDK/Packages/iPhoneSDKHeadersAndLibs.pkg” for the most recent version, or “.../iPhoneSDKXXX.pkg” for a different version. Inside that package, open Payload, then Payload~, then “.“. The directory we are looking for is then at “Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.2.sdk“.
We need to copy libraries from the official SDK on to the device. scp works really well, if you have it: it transfers files over SSH. However, anything that gets files from your computer to your device will work.
(Note for the interested: iPhoneOS is missing libraries to link against, so we’ll be copying them over. Later on, we’ll be editing system headers. Also, none of the frameworks on the device come with headers, so you’ll need to copy those over as you need them. It occurs to me that we might be able to just copy over the entire official SDK, and skip doing this by hand. It might work, but I haven’t tried it. For now, I just copy over whatever’s missing as I run into it. I would like to look into this, though.)
In the directory iPhoneOS3.2.sdk/usr/lib, you will find the following files:

libgcc_s.1.dylib
libSystem.B.dylib
libstdc++.6.0.9.dylib
libiconv.2.dylib

We need to copy these files to mobile‘s home directory, /var/mobile, on the device. Once there, reopen your shell on your device and move them to /usr/lib:

iphone:~ mobile$ sudo mv *.dylib /usr/lib/

We also need to reconstruct a few symlinks:

iphone:~ mobile$ sudo ln -s /usr/lib/libSystem.B.dylib /usr/lib/libSystem.dylib
iphone:~ mobile$ sudo ln -s /usr/lib/libSystem.dylib /usr/lib/libc.dylib
iphone:~ mobile$ sudo ln -s /usr/lib/libSystem.dylib /usr/lib/libm.dylib

iphone:~ mobile$ sudo ln -s /usr/lib/libstdc++.6.0.9.dylib /usr/lib/libstdc++.6.dylib
iphone:~ mobile$ sudo ln -s /usr/lib/libstdc++.6.dylib /usr/lib/libstdc++.dylib

iphone:~ mobile$ sudo ln -s /usr/lib/libiconv.2.dylib /usr/lib/libiconv.2.4.0.dylib

Headers

We also need to copy over some key C++ headers. In iPhoneOS3.2.sdk/usr/include/c++/4.0.0/arm-apple-darwin9, there is a directory named bits. Copy that directory and all it contains to your device, then install it:

iphone:~ mobile$ sudo mkdir /var/include/c++/4.0.0/arm-apple-darwin9
iphone:~ mobile$ sudo mv bits /var/include/c++/4.0.0/arm-apple-darwin9/
iphone:~ mobile$ sudo ln -s /var/include/c++/4.0.0/arm-apple-darwin9/{,v6}
iphone:~ mobile$ sudo ln -s /var/include/c++/4.0.0/arm-apple-darwin{9,8}
iphone:~ mobile$ sudo ln -s {/var,/usr}/include/c++

Manual Header Modifications

Not only are there critical system libraries missing, but some of the headers are just plain wrong, too. It seems that somewhere along the line, iPhone OS moved from a 32 bit inode to a 64 bit inode, so there are a lot of structures defined in these headers that have the wrong size.
(Note for the interested: Beleive me when I say that hunting down bugs in system headers is a nightmare. Just keep in mind, if you seem to be getting random segfaults for no reason, or some extremely subtle bug that has no reason to exist, it’s probably a system header error I haven’t found yet! Compare the given headers with the ones from Apple, with __DARWIN_64_BIT_INO_T defined.)
First off, we’re going to edit “/private/var/include/sys/stat.h“. Make sure to edit with sudo, so you have write permissions! In struct stat, remove the line that says:

ino_t           st_ino;         /* [XSI] File serial number */

Between the entries for st_nlink and st_uid, add this line:

__uint64_t      st_ino;         /* [XSI] File serial number */

After the entry for st_ctimespec, add this line:

struct timespec st_birthtimespec;       /* time of file creation */

Finally, after the entries for st_ctime and st_ctimensec, add these lines:

time_t          st_birthtime;           /* [XSI] Time of file creation */
long            st_birthtimensec;       /* nsec of file creation */

We’re also going to edit “/private/var/include/sys/dirent.h“. First, we’re going to change the definition of __DARWIN_MAXNAMLEN:

#define __DARWIN_MAXNAMLEN      1023

In the definition of struct dirent, remove the line at the top that says

ino_t d_ino;            /* file number of entry */

In its place, write in:

__uint64_t d_ino;       /* file number of entry */
__uint64_t d_seekoff;

Between the entries for d_reclen and d_type, write in:

__uint16_t d_namlen;    /* length of string in d_name */

Finally, between the entries for d_type and d_name, remove the line that says:

__uint8_t d_namlen;     /* length of string in d_name */

That’s it!

Minor Details

Some configure scripts and Makefiles (like Emacs’s) looks for the C compiler under cc, which is supposed to exist on standard setups. Since we emphatically don’t have a standard setup, we have to make a link.

iphone:~ mobile$ sudo ln -s /usr/bin/gcc /usr/bin/cc

Apparently sometimes the GCC you get won’t search /var/include, which is where all the standard C headers are located. To fix this, add the following lines to ~/.profile:

export C_INCLUDE_PATH=/var/include
export CPLUS_INCLUDE_PATH=/var/include
export OBJC_INCLUDE_PATH=/var/include

Make sure to log out and log back in for these changes to take effect.

Testing your GCC

If you feel so inclined, now would be the time to test out your build environment. GCC works exactly as it does on Mac OS X, that is, exactly like on other systems, but with added options for linking with frameworks. Keep in mind, you may need to sign your programs before they’ll run. I have found that I don’t, but you may need to. If your program crashes for no reason when you start it, you need to run

iphone:~ mobile$ ldid -S program_name

There’s some way to change the system so you don’t ever need to do this, but last I heard there were some long-term side-effects.

You’re Done!

Congratulations!

Cách tốt nhất cập nhật lại ngày giờ cho Centos

noreply@blogger.com (vitec) — Sun, 22 Jan 2012 14:48:00 +0000

# yum install ntp
# chkconfig ntpd on
# ntpdate 0.asia.pool.ntp.org
# /etc/init.d/ntpd start

How To Fix PHP Error Notice: Undefined variable: index

noreply@blogger.com (vitec) — Wed, 18 Jan 2012 02:11:00 +0000

Notice: Undefined index:

Change php.ini

NOTE: you may have something different set for the error_reporting , just make sure you make the changes on the line without a semi-colon because a semi-colon at the begining of the line mean its a comment

So now change it to:

Code:

error_reporting = E_ALL & ~E_NOTICE

Save your changes and then restart you Apache server for the changes to take affect witht his command:
Code:

/etc/init.d/httpd restart

Remove IP Spamhaus

noreply@blogger.com (vitec) — Fri, 13 Jan 2012 03:56:00 +0000

Check at server
[root@dedi25 ~]# telnet mx1.mail.sg1.yahoo.com 25
Trying 124.108.116.109...
Connected to mx1.mail.sg1.yahoo.com (124.108.116.109).
Escape character is '^]'.
553 5.7.1 [BL21] Connections will not be accepted from 112.213.94.125, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html
Connection closed by foreign host.
[root@dedi25 ~]#

Remove IP Spamhaus
http://cbl.abuseat.org/lookup.cgi?ip=125.23.9.125

Check
http://www.spamhaus.org/query/bl?ip=125.23.9.125

Hướng dẫn cấu hình crontab not send email

noreply@blogger.com (vitec) — Wed, 11 Jan 2012 07:00:00 +0000

[root@dedi94125 ~]# vi /etc/crontab

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly

01 01 * * * root /var/qmail/bin/dh_key 2>&1 > /dev/null

Chú ý: nếu muốn không send email thì MAILTO = rỗng

Cách 2: thêm vào thông số /dev/null 2>&1

#Before
* * * * * php /path/to/script#After
* * * * * php /path/to/script > /dev/null 2>&1

How To scp, ssh and rsync without prompting for password

noreply@blogger.com (vitec) — Tue, 10 Jan 2012 04:05:00 +0000

Lets say you want to copy between two hosts host_src and host_dest. host_src is the host where you would run the scp, ssh or rsyn command, irrespective of the direction of the file copy!

On host_src, run this command as the user that runs scp/ssh/rsync
$ ssh-keygen -t rsa

Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 82:c6:21:5b:9e:07:6e:6d:3b:66:47:eb:9e:ff:6a:bd root@localhost
Chú ý: Nếu không muốn hiện bản nhập key thì Enter passphrase bằng rỗng
This will prompt for a passphrase. Just press the enter key. It'll then generate an identification (private key) and a public key. Do not ever share the private key with anyone! ssh-keygen shows where it saved the public key. This is by default ~/.ssh/id_rsa.pub:
Your public key has been saved in /.ssh/id_rsa.pub

Transfer the id_rsa.pub file to host_dest by either ftp, scp, rsync or any other method.

On host_dest, login as the remote user which you plan to use when you run scp, ssh or rsync on host_src.
Copy the contents of id_rsa.pub to ~/.ssh/authorized_keys

$ cat id_rsa.pub >> ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh/authorized_keys

Cần copy nội dung id_rsa.pub ghi vào file ~/.ssh/authorized_keys

Nếu có nhiều key thì copy vào bên dưới file

~/.ssh/authorized_keys

If this file does not exists, then the above command will create it. Make sure you remove permission for others to read this file. If its a public key, why prevent others from reading this file? Probably, the owner of the key has distributed it to a few trusted users and has not placed any additional security measures to check if its really a trusted user.

Note that ssh by default does not allow root to log in. This has to be explicitly enabled on host_dest. This can be done by editing /etc/ssh/sshd_config and changing the option of PermitRootLogin from no to yes. Don't forget to restart sshd so that it reads the modified config file. Do this only if you want to use the root login.

Well, thats it. Now you can run scp, ssh and rsync on host_src connecting to host_dest and it won't prompt for the password. Note that this will still prompt for the password if you are running the commands on host_dest connecting to host_src. You can reverse the steps above (generate the public key on host_dest and copy it to host_src) and you have a two way setup ready!

Hướng dẫn install mtop cho centos 32bit

noreply@blogger.com (vitec) — Wed, 04 Jan 2012 04:20:00 +0000

wget http://dag.wieers.com/rpm/packages/m....rf.noarch.rpm

[root@dedi94125 ~]# rpm -ivh mtop-0.6.6-1.2.el5.rf.noarch.rpm
warning: mtop-0.6.6-1.2.el5.rf.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
error: Failed dependencies:
perl(Curses) is needed by mtop-0.6.6-1.2.el5.rf.noarch

-- cần phải cài gói perl-Curses-1.28-1.el5.rf.i386.rpm
[root@dedi94125 ~]# wget http://pkgs.repoforge.org/perl-Curse...l5.rf.i386.rpm
[root@dedi94125 ~]# rpm -ivh perl-Curses-1.28-1.el5.rf.i386.rpm

[root@dedi94125 ~]# mtop --help

mtop ver 0.6.6/20120104

Copyright (C) 2002 Marc Prewitt/Chelsea Networks
mtop comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under certain conditions; see the COPYING file
for details.

Usage: mtop [OPTIONS]

--version Show version number and exit
--help Show this screen and exit
--host={mysql_host} Connect to the MySQL server on {mysql_host}
--dbuser={mysql_user} Connect to the MySQL server as {mysql_user}
--password={mysqluser_pw} Use {mysqluser_pw} when connecting
--seconds={refresh} Refresh the screen each {refresh} seconds
--[no]idle Display/don't display idle threads
--filter-user={regex} Filter display based on user regular expression
--filter-host={regex} Filter display based on host regular expression
--filter-db={regex} Filter display based on db regular expression
--filter-command={regex} Filter display based on command regular expression
--filter-state={regex} Filter display based on state regular expression
--filter-info={regex} Filter display based on info regular expression
--user={user} Display threads for only {user}
--manualrefresh Wait for user input between refreshes

All options can be truncated to their shortest unique abbreviation.

See 'man mtop' or 'perldoc mtop' for more information.

[root@dedi94125 ~]# mtop --dbuser=databasname

Setup Oracle 11g 11.0.2.1 for Solaris 10 - 64bit

noreply@blogger.com (vitec) — Thu, 22 Dec 2011 07:52:00 +0000

setup vnc
svccfg -s application/x11/x11-server add display1
svccfg -s application/x11/x11-server:display1 addpg options application
svccfg -s application/x11/x11-server:display1 addpropvalue options/server astring: "/usr/X11/bin/Xvnc"
svccfg -s application/x11/x11-server:display1 addpropvalue options/server_args astring: '"SecurityTypes=None"'

vncserver

mount iso for Solaris
root@TT4-BCCLML1-S # lofiadm -a /u01/sol-10-u10-ga2-sparc-dvd.iso
/dev/lofi/1

mkdir /dvd_iso
root@TT4-BCCLML1-S # mount -F hsfs -o ro /dev/lofi/1 /dvd_iso

root@TT4-BCCLML1-S # cd /dvd_iso/

Use umount command to unmount image:
# umount /mnt

Now remove/free block device:
# lofiadm -d /dev/lofi/1

/usr/sbin/prtconf | grep "Memory size"

/usr/sbin/swap -l

#check 64bit
/bin/isainfo -kv

uname -r

cat /etc/release

df -k /tmp

pkginfo -i SUNWarc SUNWbtool SUNWhea SUNWlibC SUNWlibms SUNWsprot \
SUNWtoo SUNWi1of SUNWi1cs SUNWi15cs SUNWxwfnt

#cai goi
pkgadd -d /dvd_iso/Solaris_10/Product SUNWi1cs SUNWi15cs

nếu cài oracle trước đó
more /var/opt/oracle/oraInst.loc

root@kinhnghiem # more /var/opt/oracle/oraInst.loc
inventory_loc=/u02/app/oraInventory
inst_group=oinstall

prtconf | grep Mem
Memory size: 32760 Megabytes
groupadd oinstall
groupadd dba
groupadd oper

useradd -g oinstall -G dba -d /export/home/oracle oracle
mkdir /export/home/oracle
chown oracle:oinstall /export/home/oracle
passwd -r files oracle

$ id -p
uid=59008(oracle) gid=10001(dba) projid=3(default)

By default, Oracle 10 will allocate 40% of the total system physical memory to create SGA and PGA. So for 32G system memory, the shmmax for Oracle 10 will be 0.4*32G = 12.8G.

40% 13105
50% 16442
75% 24536
100% 32764

# cat /etc/project
projmod -sK "project.max-shm-memory=(privileged,10G,deny)" oracle
projmod -p 100 -c 'lptrung add' -U oracle -G dba -K 'project.max-shm-memory=(privileged,21G,deny)' oracle

projadd -p 100 -c 'lptrung add' -U oracle -G dba -K 'project.max-shm-memory=(privileged,21G,deny)' projoracle

usermod -K project=projoracle oracle

projects -l

mkdir -p /u01/app/oracle/product/11.2.0.2/db_1
chown -R oracle:oinstall /u01

vi .profile

TMP=/tmp; export TMP
TMPDIR=$TMP; export TMPDIR
# Select the appropriate ORACLE_BASE
ORACLE_HOSTNAME=KINHNGHIEM-S; export ORACLE_HOSTNAME
ORACLE_UNQNAME=bcclml; export ORACLE_UNQNAME
ORACLE_BASE=/u01/app/oracle; export ORACLE_BASE
ORACLE_HOME=$ORACLE_BASE/product/11.2.0.2/db_1; export ORACLE_HOME
ORACLE_SID=bcclml; export ORACLE_SID
PATH=$ORACLE_HOME/bin:$PATH; export PATH

solaris
the following command displays a summary of I/O activity ten times, at ten-second intervals:
sar -b 10 10

update 11.2.0.2
Fix error tcp_largest_anon_port ....

bash-3.00# ndd -set /dev/tcp tcp_largest_anon_port 65535
bash-3.00# ndd -set /dev/udp udp_smallest_anon_port 9000
bash-3.00# ndd -set /dev/udp udp_largest_anon_port 65500
bash-3.00# ndd -set /dev/tcp tcp_smallest_anon_port 9000
bash-3.00# ndd -set /dev/tcp tcp_largest_anon_port 65500

Map san xuống server solaris sử dụng UFS

noreply@blogger.com (vitec) — Wed, 21 Dec 2011 04:07:00 +0000

-- Kiểm tra ổ dĩa hiện tại
root@c4is-standby-s # echo |format

AVAILABLE DISK SELECTIONS:
       0. c1t0d0
          /pci@1f,700000/scsi@2/sd@0,0
       1. c1t1d0
          /pci@1f,700000/scsi@2/sd@1,0
       2. c1t2d0
          /pci@1f,700000/scsi@2/sd@2,0
       3. c1t3d0
          /pci@1f,700000/scsi@2/sd@3,0
       4. c5t600A0B8000330D0A0000054748BF696Bd0
          /scsi_vhci/ssd@g600a0b8000330d0a0000054748bf696b
       5. c5t600A0B80004700CE0000057348BF6846d0
          /scsi_vhci/ssd@g600a0b80004700ce0000057348bf6846
       6. c5t600A0B80004700CE0000057748BF6AD0d0
          /scsi_vhci/ssd@g600a0b80004700ce0000057748bf6ad0
Specify disk (enter its number): Specify disk (enter its number):

-- Vào SAN tạo volumn sau đó map xuống host
--Sau khi map xuống xong kiểm tra ổ đĩa mới

root@c4is-standby-s # echo |format

AVAILABLE DISK SELECTIONS:
       0. c1t0d0
          /pci@1f,700000/scsi@2/sd@0,0
       1. c1t1d0
          /pci@1f,700000/scsi@2/sd@1,0
       2. c1t2d0
          /pci@1f,700000/scsi@2/sd@2,0
       3. c1t3d0
          /pci@1f,700000/scsi@2/sd@3,0
       4. c5t600A0B8000330D0A0000054748BF696Bd0
          /scsi_vhci/ssd@g600a0b8000330d0a0000054748bf696b
       5. c5t600A0B80004700CE00001D8C4EF0CD9Cd0
          /scsi_vhci/ssd@g600a0b80004700ce00001d8c4ef0cd9c
       6. c5t600A0B80004700CE0000057348BF6846d0
          /scsi_vhci/ssd@g600a0b80004700ce0000057348bf6846
       7. c5t600A0B80004700CE0000057748BF6AD0d0
          /scsi_vhci/ssd@g600a0b80004700ce0000057748bf6ad0
Specify disk (enter its number): Specify disk (enter its number):

-- Ổ đĩa hiện tại đc map xuống là
5. c5t600A0B80004700CE00001D8C4EF0CD9Cd0

-- Xác định lại silde của partition cần format để chọn newfs

root@c4is-standby-s # format
Searching for disks...done

c5t600A0B80004700CE00001D8C4EF0CD9Cd0: configured with capacity of 1024.00GB

AVAILABLE DISK SELECTIONS:
       0. c1t0d0
          /pci@1f,700000/scsi@2/sd@0,0
       1. c1t1d0
          /pci@1f,700000/scsi@2/sd@1,0
       2. c1t2d0
          /pci@1f,700000/scsi@2/sd@2,0
       3. c1t3d0
          /pci@1f,700000/scsi@2/sd@3,0
       4. c5t600A0B8000330D0A0000054748BF696Bd0
          /scsi_vhci/ssd@g600a0b8000330d0a0000054748bf696b
       5. c5t600A0B80004700CE00001D8C4EF0CD9Cd0
          /scsi_vhci/ssd@g600a0b80004700ce00001d8c4ef0cd9c
       6. c5t600A0B80004700CE0000057348BF6846d0
          /scsi_vhci/ssd@g600a0b80004700ce0000057348bf6846
       7. c5t600A0B80004700CE0000057748BF6AD0d0
          /scsi_vhci/ssd@g600a0b80004700ce0000057748bf6ad0

--- chọn ổ đĩa mới thứ 5 mới gắn vào

Specify disk (enter its number): 5
selecting c5t600A0B80004700CE00001D8C4EF0CD9Cd0
[disk formatted]
Disk not labeled. Label it now? yes

FORMAT MENU:
        disk       - select a disk
        type       - select (define) a disk type
        partition - select (define) a partition table
        current    - describe the current disk
        format     - format and analyze the disk
        repair     - repair a defective sector
        label      - write label to the disk
        analyze    - surface analysis
        defect     - defect list management
        backup     - search for backup labels
        verify     - read and display labels
        inquiry    - show vendor, product and revision
        volname    - set 8-character volume name
        !     - execute , then return
        quit
format> p

PARTITION MENU:
        0      - change `0' partition
        1      - change `1' partition
        2      - change `2' partition
        3      - change `3' partition
        4      - change `4' partition
        5      - change `5' partition
        6      - change `6' partition
        select - select a predefined table
        modify - modify a predefined partition table
        name   - name the current table
        print - display the current table
        label - write partition map and label to the disk
        ! - execute , then return
        quit
partition> p
Current partition table (original):
Total disk sectors available: 2147467230 + 16384 (reserved sectors)

Part      Tag    Flag     First Sector          Size          Last Sector
0       root    wm                34       128.00MB           262177
1       swap    wu            262178       128.00MB           524321
2 unassigned    wu                 0            0                0
3 unassigned    wm                 0            0                0
4 unassigned    wm                 0            0                0
5 unassigned    wm                 0            0                0
6        usr    wm            524322      1023.74GB           2147467229
8   reserved    wm        2147467230         8.00MB           2147483613

partition> q

==> chú ý thấy vị trí thứ 6 dung lượng là 1G => chính là s6

Tạo newfs

newfs /dev/rdsk/c5t600A0B80004700CE00001D8C4EF0CD9Cd0s6

-- Tạo một thư mục tên u04, sao đó mount vào
mount -F ufs /dev/dsk/c5t600A0B80004700CE00001D8C4EF0CD9Cd0s6 /u04

Chú ý: thay thế rdsk bằng dsk

=====================

Lệnh để clean cache device

devfsadm -Cv

kloxo 500 - Internal Server Error

noreply@blogger.com (vitec) — Sat, 17 Dec 2011 12:17:00 +0000

There are still have a problem when update Kloxo to version 6.1.10 (especially from 6.1.7) with using 'auto update' or 'update home' on kloxo.

Solution, run this commands:

# for sure to using latest version for certain packages
yum update
# shell command version for update
sh /script/upcp
# cleanup process for certain settings
sh /script/cleanup
# restart some services
service xinetd restart
# fix web config to make sure using latest
sh /script/fixweb --server=all
# Better reboot after that
reboot

Reset password root MYSQL với quyền root

noreply@blogger.com (vitec) — Sat, 17 Dec 2011 06:19:00 +0000

[root@servert1 ~]# /etc/init.d/mysqld stop

Stopping MySQL: [ OK ]

[root@servert1 ~]# mysqld_safe --skip-grant-tables &

[1] 13694

[root@servert1 ~]# Starting mysqld daemon with databases from /var/lib/mysql

[root@servert1 ~]# mysql -u root

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 1

Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use mysql;

mysql> update user set password=PASSWORD("testpass") where User='root';

Query OK, 3 rows affected (0.05 sec)

Rows matched: 3 Changed: 3 Warnings: 0

mysql> flush privileges;

Query OK, 0 rows affected (0.04 sec)

mysql> quit

ORA-27102: out of memory - Set the kernel parameters

noreply@blogger.com (vitec) — Fri, 16 Dec 2011 01:34:00 +0000

When trying to increase the SGA to approach half available RAM with an Oracle 64-bit version on a Linux 64-bit operating system, even though shmmax is set to match half the amount of RAM, you get the following error when trying to start the instance:

SQL> startup nomount ORA-27102: out of memory Linux-x86_64 Error: 28: No space left on device

Changes

shmall is too small, most likely is set to the default setting of 2097152

$ cat /proc/sys/kernel/shmall
2097152

Cause

shmall is the total amount of shared memory, in pages, that the system can use at one time.

Solution

Set shmall equal to the sum of all the SGAs on the system, divided by the page size.
The page size can be determined using the following command:

$ getconf PAGE_SIZE 
4096

For example, if the sum of all the SGAs on the system is 16Gb and the result of '$ getconf PAGE_SIZE' is 4096 (4Kb) then set shmall to 4194304 pages
As the root user set the shmall to 4194304 in the /etc/sysctl.conf file:

kernel.shmall = 4194304

then run the following command:

$ sysctl -p
$ cat /proc/sys/kernel/shmall
4194304

NOTE:
The above command loads the new value and a reboot is not necessary.
Switch back to being the oracle user and retry the startup command.
Modifying /etc/sysctl.conf is a permanent workaround (applies at boot time). If for some reason you DO NOT want to change the system wide configuration, you can do it on the fly by directly changing the kernel pseudo FS AKA procfs.

e.g. echo "4194304" > /proc/sys/kernel/shmall

Using HUGEPAGES does not alter the calculation for configuring shmall.

Set the kernel parameters
Add the following the lines in the file /etc/sysctl.conf

kernel.shmall = physical RAM size / pagesize For most systems, this will be the value 2097152. See Note 301830.1 for more information. 
kernel.shmmax = 1/2 of physical RAM. This would be the value 2147483648 for a system with 4Gb of physical RAM. 
kernel.shmmni = 4096 
kernel.sem = 250 32000 100 128 
fs.file-max = 512 x processes (for example 65536 for 128 processes) 
Development recommends a minimum of 327679 for active systems. 
net.ipv4.ip_local_port_range = 9000 65500 
(The runInstaller (OUI) checks may expect this to be the old guidance of 1024 65000. 
The new guidance from Oracle development is 9000 65500. 
Please allow the runInstaller (OUI) to proceed with the new guidance from Oracle development.) 
net.core.rmem_default = 262144 
net.core.rmem_max = 2097152 
net.core.wmem_default = 262144 
net.core.wmem_max = 1048576

To place these changes into effect, execute the command

# sysctl -p

Linux Add a Swap File – Howto

noreply@blogger.com (vitec) — Thu, 15 Dec 2011 07:43:00 +0000

Procedure To Add a Swap File

You need to use the dd command to create swap file. The mkswap command is used to set up a Linux swap area on a device or in a file.
a) Login as the root user.
b) Type following command to create 512MB swap file (1024 * 512MB = 524288 block size):
# dd if=/dev/zero of=/swapfile1 bs=1024 count=524288
c) Set up a Linux swap area:
# mkswap /swapfile1
d) Activate /swapfile1 swap space immediately:
# swapon /swapfile1
e) To activate /swapfile1 after Linux system reboot, add entry to /etc/fstab file. Open this file using a text editor such as vi:
# vi /etc/fstab
Append the following line:
/swapfile1 swap swap defaults 0 0
So next time Linux comes up after reboot, it enables the new swap file for you automatically.
g) How do I verify swap is activated or not?
Simply use the free command:
$ free -m

free command

Display free memory size in MB:
$ free -m

Output:

             total       used       free     shared    buffers     cached
Mem:           750        625        125          0         35        335
-/+ buffers/cache:        254        496
Swap:          956          0        956

Displays a line containing the totals memory in MB:

$ free -t -m

Output:

       total       used       free     shared    buffers     cached
Mem:           750        625        125          0         35        335
-/+ buffers/cache:        253        496
Swap:          956          0        956
Total:        1707        625       1082

vmstat command

Type vmstat command at shell prompt:
$ vmstat

Output:

procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy id wa
1  0      0 131620  35432 341496    0    0    42    82  737  1364 15  3 81  1

top command

Type top command at the shell prompt:

$ top
Sample outputs:

ORA-27102: out of memory on Solaris 10

noreply@blogger.com (vitec) — Tue, 06 Dec 2011 10:28:00 +0000

Monday, September 14, 2009 5:12:10 PM

This problem is due to insufficient shared memory from system while Oracle tries to create shared memory segment(depends on the size and SGA and PGA). Unlike earlier releases of Solaris (Solaris 8 and 9), most of the system parameters needed to run Oracle are already set properly, so the only one parameter to be set is the maximum shared memory. In earlier versions this was called shmsys:shminfo_shmmax and was set by editing the /etc/system file and rebooting. With Solaris 10 the parameter is set by modifying a "Resource Control Value". You can do this temporarily by using prctl, but that is lost at reboot so you will need to add the command to the oracle user. The other option is to create a default project for the oracle user:

$ projadd -U oracle -K "project.max-shm-memory=(priv,13G,deny)" user.oracle

How large shared memory should be set for Oracle depends on the physical memory size. For Solaris , 8M is the default value on Solaris 9 and prior versions where as 1/4th of the physical memory is the default on Solaris 10 and later. Verifying the default setting of os is shown as the following

$ prtconf | grep Mem
Memory size: 32760 Megabytes

$ id -p
uid=59008(oracle) gid=10001(dba) projid=3(default)

$ prctl -n project.max-shm-memory -i project 3
project: 3: default
NAME    PRIVILEGE       VALUE    FLAG   ACTION                       RECIPIENT
project.max-shm-memory
        privileged      7.84GB      -   deny                                 -
        system          16.0EB    max   deny                                 -

By default, Oracle 10 will allocate 40% of the total system physical memory to create SGA and PGA. So for 32G system memory, the shmmax for Oracle 10 will be 0.4*32G = 12.8G.

(Temporary method)
$ prctl -n project.max-shm-memory -r -v 10G -i project 3

(No need to reboot)
$ projadd -p 100  -c 'test shmmax' -U oracle -G dba  -K 'project.max-shm-memory=(privileged,13G,deny)' user.oracle

$ projects -l
...
user.oracle
        projid : 100
        comment: "test shmmax"
        users  : oracle
        groups : dba
        attribs: project.max-shm-memory=(privileged,13958643712,deny)

$ cat /etc/project
user.oracle:100:test shmmax:oracle:dba:project.max-shm-memory=(privileged,13958643712,deny)

Command Solaris

noreply@blogger.com (vitec) — Mon, 05 Dec 2011 06:26:00 +0000

	Akadia Information Technology
SUN Free Software PCNFS installieren Installation Solaris mit Openwindows (Grafikkarte) How to Backup a System Packages (Software die installiert wurde) Monitor Mode (OK Prompt) Kernel Analyse Defaults einstellen Wichtige Konfigurationsfiles Admin Kommandos LAN konfigurieren IP-Routing konfigurieren DNS konfigurieren Anonymous FTP aufsetzen NFS-Client Konfiguration NFS-Server Konfiguration Automounter Modem konfigurieren SCSI-Harddisk an SUN Hardware anschliessen List Solaris Hardware Configuration Show Swap Space currently installed Show Operating System Patch Level How to install a Sun Solaris Jumbo Patch ? Tracing System Calls Troubleshooting Solaris Device Files Short Tips to maintain Sun Solaris IP-Aliasing for SUN Solaris Solaris automounter installs filesystems by default in /net Solaris keyboard utility Monitoring Performance Enable file system journaling on Solaris 7 and 8 Solaris Syslog Daemon Debugging Does each Oracle Process use more than 100M memory ? Sizing up Solaris Memory with the RMCmem Package Using Sun Solaris Manuals directly from CD-ROM Why is the Sun Solaris System Corefile helpful ? DLT-TAPE UNIT INSTALLATION on Solaris 7/8/9 Reconfigure Devices on Solaris OpenBoot Diagnostics Why doesn't my .forward file work Simple Shell Script to backup your Files

SUN Free Software

Unter http://www.sunfreeware.com findet man "ready to use" Software für SUN Solaris, wie beispielsweise TOP, AMANDA, GCC, GDB etc. Download via FTP von: «ftp://nce.sun.ch/pub/freeware/sparc/7»

PCNFS installieren

CD-ROM Solaris Intranet Extension (siehe auch Solaris Server Intranet Extension Installation)

$ su
$ cd /cdrom/cdrom0/nfsc/sparc
$ pkgadd -d `pwd`

Installation Solaris mit Openwindows (Grafikkarte)

Hostname

$ uname -u

Network Interface

$ ifconfig -a

/etc/hosts, /etc/netmasks definieren

Static IP-routes definieren

/etc/rc2.d/S79staticroutes

CD-ROM rausnehmen

$ eject cdrom

Disklayout kontrollieren

$ prtvtoc /dev/rdsk/....

Automounter konfigurieren

/etc/auto_master, /etc/auto_home

Device File für DAT

/dev/rmt/0l (tar cvf /dev/rmt/0l)

/etc/system definieren konfigurieren (Prestoserve, Oracle, Transtec)

Logfile der Installation: /var/sadm/system/logs/install_log

Installation über serielles Terminal an Nullmodem Kabel

OK boot cdrom - w (Terminal an ttya)

How to Backup a System

$ init 0
OK boot -s
$ fsck -m /dev/dsk/c0t0d0s0 (und übrige Filesysteme)
$ tar cvf /dev/rmt/0l

Packages (Software die installiert wurde)

Anzeige der installierten Packages

$ pkginfo

Check ob Package SUNWpcnfd correct installiert ist

$ pkgchk -v SUNWpcnfd

Package installieren (Path ist meistens /cdrom/cdrom0/....)

$ pkgadd -d SUNWpcnfd

Das Package SUNWpcnfd entfernen

$ pkgrm SUNWpcnfd

Monitor Mode (OK Prompt)

In single user mode booten

OK boot -s

Kernel zwingen /devices neu aufzubauen nach dem Anschluss von neuer Hardware

OK boot -r

Detaillierter Bootvorgang

OK boot -v

Vom CD-ROM aus booten: Notboot !

OK boot cdrom

Angeschlossene SCSI-Geräte testen

OK probe-scsi

List System Devices, e.g. SUNW,hme = Sun Fast Ethernet PCI Adapter

OK show-devs

List Network Devices

OK show-nets

Monitoring Network Activity

OK apply watch-net

Monitor Variablen ändern, anzeigen

OK eeprom
OK eeprom ttya-mode=38400,8,n,1,h

Kernel Analyse

Welche Kernel-Module sind geladen ?

$ modinfo

Kernel Konfiguration

/etc/system

Logfile von syslog

/var/adm/messages

Konfiguration des syslog Daemon

/etc/syslog.conf

Defaults einstellen

Directory mit Default files

/etc/default

Remote root logins erlauben

/etc/default/login

Timezone setzen

/etc/default/init

Wichtige Konfigurationsfiles

Master-File beim Booten

/etc/inittab

Run-Level Start/Stop Files

/etc/rc?.d

Scripts für Run-Levels

/etc/init.d

Admin Kommandos

$ shutdown -g0 -i0
$ reboot (entspricht init 6)

LAN konfigurieren

Konfiguration der LAN-Interfaces

$ ifconfig -a

Netmask setzen: siehe /etc/netmasks

Jedes LAN-Interface hat /etc/hostname.le0 mit Hostnamen

LAN-Setup: /etc/rcS.d/S30rootusr.sh (Interfaces konfigurieren)
/etc/rc2.d/S72inetsvc (LAN konfigurieren)

Phys Addressen nachschauen

$ arp -a

Net to Media Table

Device IP Address           Mask            Flags Phys Addr
------ -------------------- --------------- ----- ---------------
le0    rabbit               255.255.255.255       00:60:08:57:17:86
le0    quorum               255.255.255.255 SP    08:00:20:89:27:03
le0    arkum                255.255.255.255       00:a0:24:4b:60:1c

IP-Routing konfigurieren

Alle hosts im Netz 193.72.239.0 werden über den Router 193.72.194.201 erreicht.

$ route add net 193.72.239.0 193.72.194.201 1

Der host 146.228.14.10 wird über den Router 193.72.194.100 erreicht. Siehe File /etc/rc2.d/S79staticroutes.

$ route add host 146.228.14.10 193.72.194.100 1

Routing Tabelle kontrollieren

$ netstat -nr

DNS konfigurieren

Angabe des DNS Nameservers

/etc/resolv.conf

Reihenfolge definieren

/etc/nsswitch.conf

Anonymous FTP aufsetzen

Siehe Solris2 Administration Seite 103 und ff

NFS-Client Konfiguration

/etc/vfstab (Soll) --> /etc/mnttab (Ist)
mount -F nfs -o bg,ro,soft gondwana:/usr/software /software

NFS-Server wird in /etc/init.d/nfs.client start gestartet.

Anzeige welche Directories gondwana zum mounten freigegeben hat

dfshares gondwana

RESOURCE SERVER ACCESS TRANSPORT
gondwana:/export/home/zahn gondwana - -
gondwana:/export/home/steiner gondwana - -

NFS-Server Konfiguration

/etc/dfs/dfstab (Soll) --> /etc/dfs/sharetab

Directory read-only freigeben

$ share -o ro /usr/software

Alle Directories in /etc/dfs/dfstab freigeben

$ shareall

Alle Directories in /etc/dfs/dfstab zurücknehmen

$ unshareall

NFS-Server wird gestartet in

/etc/init.d/nfs.server

Anzeige der freigegbenen lokalen Direcories

$ share

Anzeige welche Clients nutzen welche Directories eines NFS-Servers

$ dfmounts -F nfs gondwana

RESOURCE SERVER PATHNAME CLIENTS
gondwana /export/home/zahn paragon.glue.ch,rabbit.glue.ch

Automounter

- /etc/auto_master (Master Map konfigurieren)
- /etc/auto_home (Home Direcories verwalten)
- autofs ist ein spezielles Filesystem
- automount -v (Nach einer Aenderung an einer Map ausführen)

Modem konfigurieren

Siehe spezielles Dokument

SCSI-Harddisk an SUN Hardware anschliessen

Beispiel: SCSI-Disk Seagate ST150176L, 50MB an SUN Ultra Enterprise 1

Eintrag in /etc/format.dat vornehmen (Angaben von Lieferanten)

disk_type = "Seagate ST150176L" \
: ctlr = "SCSI" \
: ncyl = 12022 : acyl = 2 : pcyl = 12024 : nhead = 22 : nsect = 369 \
: rpm = 7200 : bpt = 188928

Eintrag /etc/system für Solaris-2 Kernel, System booten

*
* SCSI-Disc Konfiguration
*
set scsi_options=0x20

Disk anschliessen, SCSI-Adresse kontrollieren, Terminierung

Unbedingt kontrolieren, dass eine SCSI-Adresse nicht mehrfach belegt ist. Dazu kann meistens hinten am Gerät ein Tippschalter eingestellt werden. Man beacht, dass in der Regel das letzte Gerät terminiert werden muss.

Disk formatieren (nur wenn notwendig !)

In der Regel muss eine Disk nicht neu formatiert werden, ist dies jedoch notwendig so steht unter Solaris das Utility format zur Verfügung.

format

AVAILABLE DISK SELECTIONS:

0. c0t0d0
   /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@0,0
1. c0t1d0
   /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@1,0
2. c0t2d0
   /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@2,0
3. c0t4d0
   /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@4,0
4. c0t5d0
   /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@5,0

Specify disk (enter its number): 4

format> type

AVAILABLE DRIVE TYPES:
0. Auto configure
1. DDRS-39130
2. Seagate ST118273
3. Seagate ST150176L
4. Quantum ProDrive 80S
5. Quantum ProDrive 105S
6. CDC Wren IV 94171-344
7. SUN0104
8. SUN0207
9. SUN0327
10. SUN0340
11. SUN0424
12. SUN0535
13. SUN0669
14. SUN1.0G
15. SUN1.05
16. SUN1.3G
17. SUN2.1G
18. SUN2.9G
19. IBM-DDRS-39130-S71D
20. SEAGATE-ST118273N-5764
21. SEAGATE-ST150176LW-0002
22. other
Specify disk type (enter its number)[21]: 21
format> format (confirm with "yes")

Disk partitionieren

Dadurch wird die Disk in logische Teile unterteilt. Jeder teil enthält ein eigenes Filesystem.

format> part

Nun die Partitionierungsdaten eingeben, zB

partition> print

Current partition table (original):
Total disk cylinders available: 2733 + 2 (reserved cylinders)

Part Tag Flag Cylinders Size Blocks
0 root wm 0 - 204 152.15MB (205/0/0) 311600
1 swap wu 205 - 377 128.40MB (173/0/0) 262960
2 backup wm 0 - 2732 1.98GB (2733/0/0) 4154160
3 home wm 378 - 1017 475.00MB (640/0/0) 972800
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 1018 - 1928 676.13MB (911/0/0) 1384720
6 usr wm 1929 - 2732 596.72MB (804/0/0) 1222080
7 unassigned wm 0 0 (0/0/0) 0

Label erzeugen (aktuelle Partitionierung speichern)

partition> label
partition> y
partition> quit
format> quit

Filesystem erstellen

newfs -v -m 0 /dev/rdsk/c0t5d0s0

Damit wird ein Filesystem mit 0 % Min-Free auf der Partition 0 der Disk an der SCSI-Adresse 5 erstellt.

Filesystem mounten

Dazu den folgenden Eintrag in /etc/vfstab vornehmen

#device           device              mount FS     fsck mount    mount
#to mount         to fsck             point type pass at boot options

/dev/dsk/c0t5d0s0 /dev/rdsk/c0t5d0s0 /u02   ufs    6     yes      -

List Solaris Hardware Configuration

$ /usr/sbin/prtconf

Show Swap Space currently installed

Multiply the Blocks column by 512

$ swap -l

swapfile dev swaplo blocks free
/dev/dsk/c0t0d0s1 32,1 16 262944 262944

262944 * 512 = 134 MB

Show Operating System Patch Level

$ showrev -p

Patch: 105181-16

Note, that Patchlevel 105181-15 is minimal needed for Oracle 8.1.6

How to install a Sun Solaris Jumbo Patch ?

- Download the Patch from: http://sunsolve.sun.com
- Read the README File included in the Patch
- Usually the only thing you have to do is:

$ cd
$ ./install_custer $ cat /var/sadm/install_data/_log $ showrev -p

Reboot the system

Tracing System Calls

You can trace system calls with truss on Solaris an strace on Linux

$ truss svrmgrl

Troubleshooting Solaris Device Files

If you suspect troubles with your Solaris device files, e.g. system doesn't boot after a filesystem check, you may repair the solaris system using the following commands.

Halt the system immediately with the keys STOP-A, you will now see the boot prompt: OK

STOP-A

Reset the machine with

OK reset

Boot the machine with

OK boot -r

The command boot -r will rebuild all devices files according to your attached hardware. If you cannot boot the machine, you can try the following commands: drvconfig, disks, tapes

drvconfig - configure the /devices directory

The default operation of drvconfig is to create the /devices directory tree that describes, in the filesystem namespace, the hardware layout of a particular machine. Hardware devices present on the machine and powered on as well as pseudo-drivers are represented under /devices. Normally this command is run automatically after a new driver has been installed (with add_drv(1M)) and the system has been rebooted.

disks - creates /dev entries for hard disks attached to the system

Disks creates symbolic links in the /dev/dsk and /dev/rdsk directories pointing to the actual disk device special files under the /devices directory tree.

tapes - creates /dev entries for tape drives attached to the system

Tapes creates symbolic links in the /dev/rmt directory to the actual tape device special files under the /devices directory tree. Tapes searches the kernel device tree to see what tape devices are attached to the system.

Short Tips to maintain Sun Solaris

Here are some short tips for common tasks on SUN Solaris 2.6, 7 and 8

Important SUN Solaris Commands

$ who -r            # Show Run Level
$ /usr/sbin/prtconf # Print the complete system configuration
$ /sbin/mountall -l # Mount all local filesystems.
$ /sbin/init S      # Changing to single user mode

Show currently mounted filesystems

# /etc/mnttab: Contains information about devices that
# are currently mounted. If there are mounted filesystems
# with quotas enabled, display them

if /usr/bin/cut -f 4 /etc/mnttab | \
/usr/bin/egrep '^quota|,quota' >/dev/null 2>&1; then
echo 'There are mounted filesystems with quotas enabled'
fi

How to enable system activity data gathering

# You will also need to uncomment the sa entries in
# the system crontab /var/spool/cron/crontabs/sys.
# Refer to the sar(1) and sadc(1m) man pages
# for more information.

$ /usr/bin/su sys -c "/usr/lib/sa/sadc /var/adm/sa/sa`date +%d`"

How a new, unused Solaris system is setup ?

# sysidtool is a suite of five programs that configure a new
# system, or one that has been unconfigured with sys-
# unconfig(1M). The sysidtool programs run automatically at
# system installation, or during the first boot after a
# machine has been successfully unconfigured.
#
# These programs have no effect except at such times, and
# should never be run manually.

# System Files are

cat /etc/nodename
cat /etc/hostname.*
cat /etc/default/init
cat /etc/defaultdomain
cat /etc/inet/hosts
cat /etc/inet/netmasks

How to configure Asynchronous PPP ?

Configure /etc/asppp.cf for the aspppd daemon

$ /usr/sbin/aspppd -d 1

How to get and set TCP/IP driver configuration parameters ?

# Getting Parameters Supported By The TCP Driver
# To see which parameters are supported by the TCP driver,
# use the following command:

$ ndd /dev/tcp \?

# The following command sets the value of the parameter
# ip_forwarding in the IP driver to zero. This disables IP
# packet forwarding.

Disable IP Forwarding

$ /usr/sbin/ndd -set /dev/ip ip_forwarding 0

Enable IP Forwarding (Machine acting as a Router)

$ /usr/sbin/ndd -set /dev/ip ip_forwarding 1

How to set Default Route on Solaris ?

# Configure default routers using the local "/etc/defaultrouter"
# configuration file. The file can contain the hostnames or IP
# addresses of one or more default routers.
#
# The default routes listed in the "/etc/defaultrouter" file will
# replace those added by the kernel during diskless booting. An
# empty "/etc/defaultrouter" file will cause the default route
# added by the kernel to be deleted.
#
# Note that the default router file is ignored if we received routes
# from a DHCP server. Our policy is to always trust DHCP over local
# administration.

# Set Default Route

$ route -n add default

# Show Default Route

$ /usr/sbin/route -fn
default 128.128.128.11 done

How to set NIS domainname if locally configured ?

if [ -f /etc/defaultdomain ]; then
/usr/bin/domainname `cat /etc/defaultdomain`
echo "NIS domainname is `/usr/bin/domainname`"
fi

RPC (Remote Procedure Call) Configuration

# rpcbind - universal addresses to RPC program number mapper
# rpcinfo - report RPC information

Solaris Keyserv Daemon

# keyserv is a daemon that is used for storing the private
# encryption keys of each user logged into the system. These
# encryption keys are used for accessing secure network ser-
# vices such as secure NFS and NIS+.

$ /usr/sbin/keyserv

How to start the Solaris DNS server "in.named"

# If this machine is configured to be an Internet
# Domain Name System (DNS) server, run the name daemon.
# Start named prior to: route add net host,
# to avoid dns gethostbyname timout delay for
# nameserver during boot.

if [ -f /usr/sbin/in.named -a -f /etc/named.conf ]; then
echo 'starting internet domain name server.'
/usr/sbin/in.named &
fi

Where to find syslogd messages ?

Configuration File: /etc/syslog.conf
Message File:       /var/adm/messages

IP-Aliasing for SUN Solaris

# How to setup IP-Alias on SUN Solaris

1. Setup File /etc/hostname.hme0:1 for the second IP-Address

   cat /etc/hostname.hme0:1

   ldap

2. Insert IP-Address in /etc/hosts

   #
   # Internet host table
   #
   128.128.128.11      ux-portal1       # IP-address on hme0:0
   128.128.128.20      ldap             # IP-alias on hme0:1

3. Start alias IP-Address on Interface in /etc/rc2.d

   S99ipalias -> ../init.d/ipalias

   #!/bin/sh
   # Akadia AG, Arvenweg 4, CH-3604 Thun
   # ----------------------------------------------------------------------
   # File:       ipalias
   #
   # Autor:      Martin Zahn / 10.05.2000
   #
   # Purpose:    Setup second IP address on hme0:1
   # ----------------------------------------------------------------------

   if [ -f /etc/hostname.hme0:1 ]
   then
     case "$1" in

       'start') # Start second IP address on hme0:1

                 echo "Start multi-homed server for UX-ALIAS1 on hme0:1"
                 ifconfig hme0:1 128.128.128.20 up
                 ;;

        'stop') # Stop second IP address on hme0:1

                 echo "Stop multi-homed server for UX-ALIAS1 on hme0:1"
                 ifconfig hme0:1 128.128.128.20 down
                 ;;
     esac
   fi

4. Check IP-Address on second Interface

   ifconfig -a

Solaris automounter installs filesystems by default in /net

The Solaris automount utility installs autofs mount points and associates an automount map with each mount point. The autofs file system monitors attempts to access directories within it and notifies the automountd daemon. The daemon uses the map to locate a file system, which it then mounts at the point of reference within the autofs file system. You can assign a map to an autofs mount using an entry in the /etc/auto_master map or a direct map in /etc/auto_direct. If the file system is not accessed within an appropriate interval (five minutes by default), the automountd daemon unmounts the file system.

Default Mapping under /net

The mount point /net is by default the location, where automountd mounts NFS filesystems, which are exported on other machines. Lets suppose, that you have the filesystem /home exported on the NFS server saphir, then the (Solaris) NFS client with an active automounter will automatically mount this NFS filesystem under /net/saphir/.

Mapping using /etc/auto_direct

You probably doesn't want this default behavior. If you insert the following entry in /etc/auto_direct ....

/opt/local -rw remote_machine:/local

.... then, the directory /local on the remote machine "remote_machine" will be mounted on the local machine under /opt/local.

Solaris keyboard utility

The Solaris utility kbd manipulates the state of the keyboard or display the type of keyboard or change the default keyboard abort sequence effect. Suppose, that you do not want that everybody can halt the the system you must change the default value. We also noticed, that the Solaris machines attached to a switch box, using a character terminal on a serial line, may halt when you switch from one machine to the other.

SYNOPSIS

kbd [ -r ] [ -t ] [ -c on|off ]
[ -a enable|disable ] [ -d keyboard device ]
kbd -i [ -d keyboard device ]

DESCRIPTION

kbd manipulates the state of the keyboard, or displays the keyboard type or allows the default keyboard abort sequence effect to be changed. The default keyboard device being set is /dev/kbd.

The -i option reads and processes default values for the keyclick and keyboard abort settings from the keyboard default file, /etc/default/kbd. Only keyboards that support a clicker respond to the -c option. If you want to turn clicking on by default, add or change the current value of the KEYCLICK variable to the value on in the keyboard default file, /etc/default/kbd, as shown here.

KEYCLICK=on

Then, run the command 'kbd -i' to change the current setting. Valid settings for this variable are the values on and off. Other values are ignored. If the variable is not specified in the default file, the setting is unchanged.

The keyboard abort sequence (L1-A or STOP-A) on the keyboard and BREAK on the serial console input device on most systems) effect may only be changed by the superuser, using the
-a option. On most systems, the default effect of the keyboard abort sequence is to suspend the operating system and enter the debugger or the monitor.

If you want to permanently change the software default effect of the keyboard abort sequence, you can add or change the current value of the KEYBOARD_ABORT variable to the
value disable in the keyboard default file, /etc/default/kbd, as shown here.

KEYBOARD_ABORT=disable

Then, run the command 'kbd -i' to change the current setting. Valid settings for this value are the values enable and disable. Other values are ignored. If the variable is not specified in the default file, the setting is unchanged.

OPTIONS

-i

Set keyboard defaults from the keyboard default file. This option is mutually exclusive with all other options except for the -d keyboard device option. This option instructs the keyboard command to read and process keyclick and keyboard abort default values from the /etc/default/kbd file. This option can only be used by the superuser.

-r

Reset the keyboard as if power-up.

-t
Return the type of the keyboard being used.

-c
On/Off state Turn the clicking of the keyboard on or off.

-a
Enable/Disable state; Enable or disable the keyboard abort sequence effect.

Monitoring Performance

This chapter describes procedures for monitoring system performance by using the vmstat, iostat, df, and sar commands. This is a list of the step-by-step instructions in this chapter.

How to Display Virtual Memory Statistics (vmstat)

The following example shows the vmstat display of statistics gathered at five-second intervals.

$ vmstat 5

procs    memory            page             disk      faults     cpu
r b w swap free re mf pi po fr de sr f0 s3 -- -- in sy cs us sy id
0 0 8 28312 668 0   9   2   0   1 0 0 0 1 0 0 10 61 82 1 2 97
0 0 3 31940 248 0 10 20   0 26 0 27 0 4 0 0 53 189 191 6 6 88
0 0 3 32080 288 3 19 49   6 26 0 15 0 9 0 0 75 415 277 6 15 79
0 0 3 32080 256 0 26 20   6 21 0 12 1 6 0 0 163 110 138 1 3 96
0 1 3 32060 256 3 45 52 28 61 0 27 5 12 0 0 195 191 223 7 11 82
0 0 3 32056 260 0   1   0   0   0 0 0 0 0 0 0   4 52 84 0 1 99

Category

Field Name

Description

procs



Reports the following states:

r

The number of kernel threads in the dispatch queue

b

Blocked kernel threads waiting for resources

w

Swapped out LWPs waiting for processing resources to finish

memory

Reports on usage of real and virtual memory:

swap

Available swap space

free

Size of the free list

page

Reports on page faults and paging activity, in units per second:

re

Pages reclaimed

mf

Minor and major faults

pi

Kbytes paged in

po

Kbytes paged out

fr

Kbytes freed

de

Anticipated memory needed by recently swapped-in processes

sr

Pages scanned by page daemon (not currently in use). If sr does not equal zero, the page daemon has been running.

disk

Reports the number of disk operations per second, showing data on up to four disks

faults

Reports the trap/interrupt rates (per second):

in

Interrupts per second

sy

System calls per second

cs

CPU context switch rate

cpu

Reports on the use of CPU time:

us

User time

sy

System time

id

Idle time

How to Display System Event Information

Run vmstat -s to show the total of various system events that have taken place since the system was last booted.

        0 swap ins
        0 swap outs
        0 pages swapped in
        0 pages swapped out
409376480 total address trans. faults taken
3075036 page ins
2601555 page outs
3812452 pages paged in
6525552 pages paged out
11007609 total reclaims
10927650 reclaims from free list
        0 micro (hat) faults
409376480 minor (as) faults
2957386 major faults
102738273 copy-on-write faults
61711047 zero fill page faults
1002562077 pages examined by the clock daemon
     7881 revolutions of the clock hand
16716370 pages freed by the clock daemon
4999048 forks
1138206 vforks
5747009 execs
741660225 cpu context switches
736047593 device interrupts
528054538 traps
2496638575 system calls
430283487 total name lookups (cache hits 95%)
    81727 toolong
10484677 user   cpu
9528364 system cpu
443762786 idle   cpu
16281790 wait   cpu

How to Display Swapping Statistics

Run vmstat -S to show swapping statistics.

procs     memory            page            disk          faults      cpu
r b w   swap free si so pi po fr de sr m1 m3 m4 m5   in   sy   cs us sy id
0 0 0   8512   888   0   0 12 21 55 0 417 1 0 0 0 206 1040 308 2 2 96

si = Average number of LWPs swapped in per second
so = Number of whole processes swapped out

How to Display Disk Utilization Information (iostat)

You can display disk activity information by using the iostat command with a time interval. The following example shows disk statistics gathered every five seconds.

iostat 5

      tty          md1           md3           md4           md5          cpu
tin tout kps tps serv kps tps serv kps tps serv kps tps serv us sy wt id
   0    2 10   1   28    2   0   22    0   0    0    1   0   10   2 2 3 92
   0   47 58   7   39   16   2   34    0   0    0    0   0    0   0 2 19 78
   0   16   0   0    0    0   0    0    0   0    0    0   0    0   0 1 0 98
   0   16   0   0    0    0   0    0    0   0    0    0   0    0   0 0 1 99
   0   16   2   0   22    0   0    0    0   0    0    0   0    0   2 3 1 95
   0   24   0   0    0    0   0    0    0   0    0    0   0    0   0 1 1 98

For Each ...

Field Name

Description

Terminal

tin

Number of characters in the terminal input queue

tout

Number of characters in the terminal output queue

Disk

bps

Blocks per second

tps

Transactions per second

serv

Average service time, in milliseconds

CPU

us

In user mode

sy

In system mode

wt

Waiting for I/O

id

Idle

How to Display Extended Disk Statistics

Run iostat -xtc to get extended disk statistics. This command displays a line of output for each disk.

                               extended device statistics      tty         cpu
device    r/s w/s   kr/s   kw/s wait actv svc_t %w %b tin tout us sy wt id
md1       0.4 0.9    3.6    6.9 0.0 0.0   27.7   1   1    0    2 2 2 3 92
md3       0.1 0.2    1.0    1.3 0.0 0.0   21.7   0   0
md4       0.0 0.0    0.0    0.0 0.0 0.0    0.0   0   0
md5       0.0 0.0    0.7    0.0 0.0 0.0    9.9   0   0
md8       0.8 0.3    6.7   14.2 0.0 0.0   13.1   0   1
md10      0.2 0.9    1.8    6.8 0.0 0.0   15.5   0   1
md11      0.2 0.9    1.8    6.8 0.0 0.0   14.8   0   1
md30      0.0 0.2    0.5    1.3 0.0 0.0   11.4   0   0
md31      0.0 0.2    0.5    1.3 0.0 0.0   10.2   0   0
md40      0.0 0.0    0.0    0.0 0.0 0.0    0.0   0   0
md41      0.0 0.0    0.0    0.0 0.0 0.0    0.0   0   0
md50      0.0 0.0    0.4    0.0 0.0 0.0    9.4   0   0
md51      0.0 0.0    0.4    0.0 0.0 0.0    7.3   0   0
md80      0.4 0.3    3.3   14.2 0.0 0.0   10.3   0   0
md81      0.4 0.3    3.3   14.2 0.0 0.0   11.7   0   1
sd0       0.6 2.1    6.0   22.8 0.0 0.0   16.3   0   3
sd1       0.6 2.1    6.0   22.8 0.0 0.0   15.2   0   2

Field Name

Description

r/s

Reads per second

w/s

Writes per second

Kr/s

Kbytes read per second

Kw/s

Kbytes written per second

wait

Average number of transactions waiting for service (queue length)

actv

Average number of transactions actively being serviced

svc_t

Average service time, in milliseconds

%w

Percentage of time the queue is not empty

%b

Percentage of time the disk is busy

How to Check CPU Utilization (sar)

Display CPU utilization with the sar -u command. (The sar command without any options is equivalent to sar -u.) At any given moment, the processor is either busy or idle. When busy, the processor is in either user or system mode. When idle, the processor is either waiting for I/O completion or "sitting still" with no work to do.

Measure CPU utilization during 5 secs one time.

sar -u 5 1

Measure CPU utilization during 60 secs 1440 times and write result in file sar.log.

sar -u -o sar.log 60 1440

To later review disk and tape activity from that period:

sar -d -f sar.log

Field Name

Description

%sys

Lists the percentage of time that the processor is in system mode

%user

Lists the percentage of time that the processor is in user mode

%wio

Lists the percentage of time the processor is idle and waiting for I/O completion

%idle

Lists the percentage of time the processor is idle and is not waiting for I/O

A high %wio generally means a disk slowdown has occurred.

Enable file system journaling on Solaris 7 and 8

Solaris 7 and 8 include a native implementation of file system journaling. This feature, known as "intent logging" or just "logging" enables FASTER file system operation and FASTER system boot.

It's trivial to implement and safe to use. The new logging feature is an option to the Unix File System (UFS), which is the standard file system for all disk partitions on SUN servers, except for partitions holding swap space. By default, the journaling option is disabled. Logging is enabled on a per file system basis, and it can even be enabled on / (root file system) and other operating system partitions.

Background

Solaris UFS logging works by allocating space from the file system's free blocks. Within that space, all metadata changes to the file system are written. Metadata includes directory and I-node information but not file data blocks, essentially everything but the actual data within the file. So, for example, a "file create" modifies the directory structure and allocates a new I-node, and those activities are written to the logging space. Once the metadata changes are made to the logging area, the system is free to perform other operations to the file system. In the background, the information in the log is flushed to the file system and updates the appropriate directory and I-node structures, completing the file system operations.

The logging data is written sequentially within the log space. It's therefore much faster for the operating system to complete metadata changes via logging and background flushing than by directly modifying the metadata (via random I/O) spread across the disk. The size of the logging space is based on the size of the file system, and equals 1 MB per 1 GB of file system space, up to 64 MB. The space is used as a circular log: if the log space is about to fill up, new metadata change requests are paused while the log is emptied. As changes are moved from the log to the file system, that log space is made available, and new metadata changes can be written to the logging space.

Usually with UFS, if the system crashes during any file system operation, the entire system must have its consistency checked via the fsck command. That command can take several minutes per file system because it checks all metadata and file data to ensure the structures are correct, free, and used, and that the I-node block counts are correct. It also confirms that the free space available is current, repairs inconsistencies, and occasionally requires manual intervention to fix large problems. Files and even directories can be lost, depending on the operations occurring at the time of the crash.

Because metadata changes are made first to the log space rather than to the file system, the consistency check for a logged file system after a crash is a simple and fast operation. The system evaluates the logging data and determines which changes had completed against the underlying file system, which had yet to start, and which were in progress. Those completed or not yet started are removed from the log, and those partly completed are either undone or completed. If there's sufficient data in the log to complete the operation, it's completed. Otherwise, the changes made are removed from the underlying file system.

People familiar with database operation will recognize the similarity between database transaction processing and the activities here. The end result is that the underlying file system is consistent, and no thorough consistency checking is needed. That operation completes in a few seconds per file system.

Using logging

Starting with Solaris 7, there's a new logging option to the mount command and in the /etc/vfstab system configuration file. Logging only appears in a couple other places within Solaris. The mount command shows which partitions are mounted and lists logging in the options fields for each partition on which logging is enabled. Finally, at system boot time, the fsck phase reports per partition whether each is stable, logging, or being checked. There are no other status commands available to determine the state of logging.

A = Device to mount
B = Device to fsck
C = Mount point
D = Filesystem Type
E = Fsck pass (unimportatnt with logging)
F = Mount at boot
G = Mount options

# ------------------------------------------------------------------
# A                B                   C       D     E   F   G
# ------------------------------------------------------------------
fd                 -                   /dev/fd fd    -   no -
/proc              -                   /proc   proc -   no -
/dev/dsk/c0t0d0s3 -                   -       swap -   no -
/dev/dsk/c0t0d0s0 /dev/rdsk/c0t0d0s0 /       ufs   1   no logging
/dev/dsk/c0t0d0s6 /dev/rdsk/c0t0d0s6 /usr    ufs   2   no logging
/dev/dsk/c0t0d0s1 /dev/rdsk/c0t0d0s1 /var    ufs   3   no logging
/dev/dsk/c0t0d0s7 /dev/rdsk/c0t0d0s7 /home   ufs   4   yes logging
/dev/dsk/c0t0d0s5 /dev/rdsk/c0t0d0s5 /opt    ufs   5   yes logging
/dev/dsk/c0t8d0s0 /dev/rdsk/c0t8d0s0 /u01    ufs   6   yes logging
/dev/dsk/c0t9d0s0 /dev/rdsk/c0t9d0s0 /u02    ufs   7   yes logging
/dev/dsk/c0t10d0s0 /dev/rdsk/c0t10d0s0 /u03    ufs   8   yes logging
/dev/dsk/c0t11d0s0 /dev/rdsk/c0t11d0s0 /u04    ufs   9   yes logging
/dev/dsk/c0t12d0s0 /dev/rdsk/c0t12d0s0 /u05    ufs   10 yes logging
/dev/dsk/c1t13d0s0 /dev/rdsk/c1t13d0s0 /app    ufs   11 yes logging
/dev/dsk/c1t14d0s0 /dev/rdsk/c1t14d0s0 /users ufs   12 yes logging
swap                 -                 /tmp    tmpfs - yes -

Logging increases performance, decreases fsck time, removes the risk of a file system corruption, can be used on all UFS partitions (including root), and is free.

Solaris Syslog Daemon Debugging

The log system messages daemon syslogd reads and forwards system messages to the appropriate log files and/or users, depending upon the priority of a message and the system facility from which it originates. The configuration file /etc/syslog.conf controls where messages are forwarded. The syslogd daemon ignores any faulty entry in /etc/syslog.conf, specially spaces instead of tabs are not recognized by syslogd. Therefore always check the entries in /etc/syslog.conf in the debugging mode of syslogd.

How to check /etc/syslog.conf

# /etc/init.d/syslog stop # /usr/sbin/syslogd -d

getnets() found 1 addresses, they are: 0.0.0.0.2.2
amiloghost() testing 193.247.121.196.2.2
cfline(*.err;kern.notice;auth.notice      /dev/sysmsg)
cfline(*.err;kern.debug;daemon.notice     /var/adm/messages)
cfline(mail.info;mail.debug               /var/log/maillog)

syslogd: line 14: unknown priority name "debug    /var/log/maillog"

cfline(*.alert;kern.err;daemon.err        operator)
cfline(*.alert                            root)
cfline(*.emerg                            *)
cfline(user.err                           /dev/sysmsg)
cfline(user.err                           /var/adm/messages)
cfline(user.alert                         root, operator)
cfline(user.emerg                         *)

syslogd: version 1.70
Started: Sat Jan 6 10:11:47 2001
Input message count: system 0, network 0
# Outputs: 10

5 3 3 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/sysmsg
7 3 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X FILE: /var/adm/messages
X X 6 X X X X X X X X X X X X X X X X X X X X X X UNUSED:
3 1 1 3 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: operator
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: root
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL:
X 3 X X X X X X X X X X X X X X X X X X X X X X X CONSOLE: /dev/sysmsg
X 3 X X X X X X X X X X X X X X X X X X X X X X X FILE: /var/adm/messages
X 1 X X X X X X X X X X X X X X X X X X X X X X X USERS: root, operator
X 0 X X X X X X X X X X X X X X X X X X X X X X X WALL:

                Per File Statistics
File                            Tot     Dups    Nofwd   Errs
----                            ---     ----    -----   ----
/dev/sysmsg                     0       0       0       0
/var/adm/messages               0       0       0       0
        0       0       0       0
operator                        0       0       0       0
root                            0       0       0       0
WALL                            0       0       0       0
/dev/sysmsg                     0       0       0       0
/var/adm/messages               0       0       0       0
root,operator                   0       0       0       0
WALL                            0       0       0       0

syslogd: restarted
off & running....
sys_poll blocking, init_cnt=0

# ^D
# /etc/init.d/syslog start

Line 14 in /etc/syslog.conf are filled up with spaces instead of tabs. Replace the spaces with tabs and syslogd will accept the new entry in Line 14.

Does each Oracle Process use more than 100M memory ?

If you check the oracle process with the OS comand "pmap" or "top", you can see that each oracle process use more than 100M memory. Is this a problem on the Oracle installation or something else? It seems that pmap counts the SGA size as the private memory segment of each oracle process, but we believe the SGA size should be shared.

Output from "top" on our Solaris System with Orcale 8.1.7.0

PID USERNAME THR PRI NICE SIZE   RES STATE   TIME    CPU COMMAND
-----------------------------------------------------------------
361 oracle   258 59    0 124M   88M sleep   0:01 0.00% oracle
373 oracle    11 59    0 122M   88M sleep 41:50 0.00% oracle
363 oracle    11 59    0 119M   88M sleep   0:01 0.00% oracle
365 oracle    11 58    0 119M   88M sleep   0:17 0.02% oracle
359 oracle     1 59    0 119M   89M sleep   0:00 0.00% oracle
377 oracle     1 59    0 119M   88M sleep   0:00 0.00% oracle
375 oracle     1 58    0 119M   88M sleep   0:00 0.00% oracle
367 oracle     1 58    0 118M   89M sleep   0:00 0.00% oracle
371 oracle     1 58    0 118M   89M sleep   0:00 0.00% oracle
369 oracle     1 58    0 118M   88M sleep   0:00 0.00% oracle

Memory Allocation for Oracle Processes

On many UNIX platforms and specially on Sun platforms, the text of the Oracle binary and shared libraries are actually shared between background processes if these instances share the same ORACLE_HOME. So you need to subtract the shared text of the oracle binary and the shared libraries in the result of the OS commands.

Even pmap and pmen utilities make mistakes between these memory divisions, and sometimes SGA and text executable are often added incorrectly.

Determine the memory used by each Oracle background process on a Solaris

This can be used by anyone who has privleges for the pmap, which can be found in /usr/proc/bin/. First, we need to find the process id (PID) of the Oracle background process you wish to determine the memory size for. This is done by issueing the following command:

# ps -u oracle -f

   UID   PID PPID C    STIME TTY      TIME CMD
oracle   359     1 0 12:26:17 ?        0:00 ora_pmon_DIA3
oracle   361     1 0 12:26:17 ?        0:01 ora_dbw0_DIA3
oracle   363     1 0 12:26:17 ?        0:01 ora_lgwr_DIA3
oracle   365     1 0 12:26:17 ?        0:18 ora_ckpt_DIA3
oracle   367     1 0 12:26:17 ?        0:01 ora_smon_DIA3
oracle   369     1 0 12:26:17 ?        0:00 ora_reco_DIA3
oracle   371     1 0 12:26:17 ?        0:00 ora_snp0_DIA3
oracle   373     1 0 12:26:17 ?       41:50 ora_s000_DIA3
oracle   375     1 0 12:26:17 ?        0:00 ora_d000_DIA3
oracle   377     1 0 12:26:18 ?        0:00 ora_d001_DIA3

Second, you then enter the following commands for the DB Writer process (ora_dbw0_DIA3) with process id = 361 as an example.

# /usr/proc/bin/pmap 361 | grep "shmid" 80000000 82992K read/write/exec/shared [ shmid=0x2 ]

# /usr/proc/bin/pmap 361 | grep "total"
total 124232K

Then you take the total size: 124232K and subtract the SGA size which the line marked with "shmid=" above, in this case it is 82992K. So, 124232K minus 82992K is 41240K. So, the DBWR background process is approximately 41.2 MB. Repeat this steps for all the background processes.

Sizing up Solaris Memory with the RMCmem Package

How much memory is needed on SUN Solaris? Explaining memory in Solaris by reviewing the different types of memory and introducing a set of tools, the RMCmem package.

Install RMCmem Package

Download the RMCmem tools available from ftp://playground.sun.com/pub/memtool. The package includes a kernel module that provides extra instrumentation.

# cd /tmp
# zcat RMCmem3.8.2.tar.gz | tar xvf -
# pkgadd -d .

The package is installed in /opt/RMCmem (see README in this directory)

Virtual / Physical Memory Usage

Solaris is a virtual memory system. The total amount of memory that you can use is increased by adding swap space to the system. If you ever see "out of memory" messages, adding swap space is the usual fix. Performance of the system is very dependent on how much physical memory (RAM) you have. If you don't have enough RAM to run your workload, performance degrades rapidly.

Physical memory usage can be classified into four groups:

Kernel memory mapped into kernel address space

Process memory is mapped into a process address space

Filesystem cache memory that is not mapped into any address space

Free memory that is not mapped into any address space

RMCmem includes a simple command to summarize this:

# /opt/RMCmem/bin/prtmem

Total memory:             989 Megabytes
Kernel Memory:             60 Megabytes
Application:              110 Megabytes
Executable & libs:         42 Megabytes
File Cache:               757 Megabytes
Free, file cache:          11 Megabytes
Free, free:                 6 Megabytes

Total physical memory

The total physical memory can be seen using prtconf. Memory is allocated in units called pages, and you can use the 'pagesize' command to see the size in bytes per page:

# /usr/sbin/prtconf | grep Memory
Memory size: 1024 Megabytes

# /usr/bin/pagesize
8192

Kernel memory

Kernel memory is allocated to hold the initial kernel code at boot time, then grows dynamically as new device drivers and kernel modules are used. Kernel tables also grow dynamically, unlike some older versions of Unix. As you add hardware and processes to a system, the kernel will grow. In particular, to keep track of all the memory in a system, the kernel allocates a page table structure.

If you have several gigabytes of RAM this table gets quite large. The dynamic kernel memory allocator grabs memory in large "slabs," then allocates smaller blocks more efficiently. This means that the kernel tends to grab a bit more memory than it's really using. If there is a severe memory shortage, the kernel unloads unused kernel modules and devices and frees unused slabs. The simplest summary of kernel memory usage comes from sar. To show the kernel memory allocation (KMA) activities use (see man sar for more details).

# sar -k 1

SunOS diamond 5.7 Generic_106541-12 sun4u    04/28/01

sml_mem   alloc fail   lg_mem    alloc fail ovsz_alloc fail
6873088 6044236     0 44818432 43761720     0    11231232     0

Application process memory

Application processes consist of an address space divided into segments, where each segment maps either to a file, anonymous memory (the swap space), System V shared memory, or a memory mapped device. The mapped files include the code and initialized data for the command and all its shared libraries.

What we really want to know, is the amount of RAM used by each segment. This is shown by the pmem command in the RMCmem package.

# /opt/RMCmem/bin/pmem 361

361:    ora_dbw0_DIA3
Kbytes Resident Shared Private Permissions       Mapped File
   82992   82992   82992       - read/write/exec   [shmid=0x2]
      16      16       8       8 read/exec         libc_psr.so.1
      16      16       8       8 read/exec         libmp.so.2
       8       8       8       - read/write/exec   libmp.so.2
........      ..      ..       . ...............   ...........
     112      80      72       8 read/exec         libelf.so.1
       8       8       8       - read/write/exec   libelf.so.1
      16      16       8       8 read/exec         libkvm.so.1
       8       8       8       - read/write/exec   libkvm.so.1
-------- ------ ------ ------ ------
124232   93040   92728     312

Now we can see that the process address space size is 124232 kilobytes; 93040 kilobytes of that are currently resident in main memory, wherein 92728 kilobytes are shared with other processes while 312 kilobytes are private. When this command started only the 312 kilobytes of private memory were taken from the free list.

If we now go through all the processes on the system, add up how much private memory they use, and also add in the shared memory for each mapped file, we'll know how much application memory is in use. This summary is shown by prtmem as we saw in the beginning, and the detail is listed by the memps command in RMCmem.

# /opt/RMCmem/bin/memps

PID     Size Resident   Shared Private Process
... .......   ......   ......     .... .............
359 118904k   93608k   92800k     808k ora_pmon_DIA3
367 118184k   93152k   92704k     448k ora_smon_DIA3
369 117928k   93120k   92704k     416k ora_reco_DIA3
371 118040k   93136k   92720k     416k ora_snp0_DIA3
365 119040k   93120k   92712k     408k ora_ckpt_DIA3
377 118344k   93080k   92720k     360k ora_d001_DIA3
363 119088k   93056k   92720k     336k ora_lgwr_DIA3
375 118344k   93048k   92720k     328k ora_d000_DIA3
361 124232k   93040k   92728k     312k ora_dbw0_DIA3
373 121608k   93032k   92728k     304k ora_s000_DIA3

Filesystem cache memory

This is the part of memory that is most confusing, as it is invisible. You can only tell it's there if you access the same file twice and it is quicker the second time.

The RMCmem package adds kernel instrumentation that counts up all the pages for each cached file. The memps -m command lists the files that are cached in order of the amount of memory they're consuming.

One problem is that within the kernel, the file is only known by its inode number and filesystem mount point. The directory pathname for the file may not be known.

The RMCmem package tries to solve this problem by catching file names as files are opened (by interposing on the vnode open code) and making an inode-to-name lookup cache in the kernel. This cache size is limited (to 8192 entries by default), and the file may have been opened before the kernel module was loaded, so it can't always find the name.

# memps -m

   Size   InUse E/F Filename

21064k 21064k F   /usr (inode   540488)
8184k    824k F   /usr (inode   260922)
7752k   7752k F   /usr (inode   540429)
7480k   7480k F   /usr (inode   540428)
7480k   7480k F   /usr (inode   540427)
6896k   6896k F   /usr (inode   540450)
....    .... .   .... ......   ......

... and so on down to lots of files ...

# cd /usr
# find . -inum 540488
./local/jdbc/ora817/old/libserver8.a

More infos about the RMCmem package can be found here as PDF

Using Sun Solaris Manuals directly from CD-ROM

Solaris 8:

cd /cdrom/sol_8_doc
./ab2cd                      (Start)
http://quorum:8888           (Using the Doc online)
./ab2cd stop                 (Stop)

Solaris 7:

cd /cdrom/sol_7_1199_doc
./ab2cd                      (Start)
http://diamond:8888          (Using the Doc online)
./ab2cd stop                 (Stop)

DLT-TAPE UNIT INSTALLATION on Solaris 7/8/9

Installation Instructions will cover the installation of the DLT tape peripheral hardware and configuration of the system to communicate with the DLT tape peripheral. In this example we use a «QUANTUM DLT7000».

The Solaris system must have the appropriate SCSI interface for DLT drive to attached to, a SCSI single-ended DLT drive can be attached only to a SCSI single-ended interface. The same is true for SCSI differential attachment. Solaris includes a driver to efficiently communicate with SCSI tape drives, such as the DLT tape peripheral.

Perform the installation as follows:

Shut down your Sun workstation/server and power off the machine and all scsi-devices. Connect the DLT to the scsi-bus using good cables and make sure the bus is terminated correctly. Set the scsi-id; id 4 or 5 are the most common to use.
If possible use a separate or underutilized SCSI bus for the DLT. Running the tape drive on the same bus as the disk drives will never let you achieve any good throughput. You bought the DLT because of performance didn't you ?

1. STOP-A (L1-A) Power on the devices/machine again and halt the boot process with.

(or press the BREAK key if you have an ASCII console).

2. probe-scsi-all Verify that the drive is connected properly.

Note: output from probe-scsi will not always be correct if you enter the PROM monitor by breaking the boot process!

3.
boot -rv
Boot the system and log in as root. When booting you should see a message similar to these: "st1: ".

4.
cd /kernel/drv

Change directory to /kernel/drv. Edit the st.conf file by adding the following:

tape-config-list="QUANTUM DLT7000","Quantum DLT7000","DLT7-data";
DLT7-data = 1,0x38,0,0x8639,4,0x82,0x83,0x84,0x85,3;

tape-config-list=" tape unit>"," reference name>",""

tape-config-list is a variable defined by a series of tape configuration parameters listed below:

is the vendor and product ID string for the DLT device.

Depending on the DLT tape peripheral you are installing, you must insert the appropriate vendor and product ID for
as described in the following table:

DLT Tape Product

DLT7000 QUANTUM DLT7000 (Total string character count, including spaces, must equal 15).

is a name you select that the system will use to identify the DLT device. This reference does not change the DLT product ID. When the system boots, the reference name will be displayed in the list of peripheral devices recognized by the system.

-data> is a variable containing a series of additional DLT device configuration information. You select a name in place of the string. You will continue editing the st.conf file by defining the name you selected for . The definition depends on the DLT tape peripheral you are installing. For a DLT7000 series unit add the following line:
1,0x38,0,0x8639,4,0x82,0x83,0x84,0x85,3;

contains 10 parameters and are described following:

1
The first parameter, is the version number and should not change.

0x38
The second parameter, designates the DLT tape type as defined in /usr/include/sys/mtio.h.

#define MT_ISOTHER 0x36 /* generic other type of tape drive */
#define MT_ISDLT 0x38 /* sun: SCSI DLT tape drive */

0
The third parameter is the block size. Since the DLT tape drive uses variable block size, this value should be zero.

0x8639
The fourth parameter, 0x8639, is a summation of values that represent selected device options. The table below lists the options and the corresponding value: Option                       Value
ST_VARIABLE                  0x0001
ST_BSF                       0x0008
ST_BSR                       0x0010 ST_LONG_ERASE                0x0020 ST_NOWS_EOD                  0x0200 ST_NLOADABLE                 0x0400 ST_NO_RECSIZE_LIMIT          0x8000
The man st page has more information about these and other possible device options. For certain applications, it may be necessary to consider adding or removing one or more of the device options.

4
The fifth parameter, 4, defines the number of densities. The maximum definable number of densities is 4.

0x82
0x83
0x84
0x85
The sixth, seventh, eighth and ninth parameter are used for system selection of tape densities. Use these values for a DLT 7000 Tape Drive.

3
The tenth parameter defines which density the system will use as the default density. The sixth, seventh, eighth and ninth parameters in the string are referenced by the system as 0, 1, 2 and 3, respectively. The 3 value for the tenth parameter selects the 0x85 density code as the system default density.

After editing the st.conf file, reboot the system:

5.
shutdown-i0-g0 boot -rv
Reboot the System
The -r switch in the boot command enables a kernel compile and includes the creation of device special files used for communication with the DLT device. The -v switch enables verbose mode display of system bootup. With verbose mode, the system should indicate that the DLT tape peripheral is attached by displaying the string you selected.

6.
mt -t /dev/rmt/0 status
Enter the following command to verify the installation: Vendor 'TANDBERG' Product 'DLT7000 ' tape drive:
sense key(0x0)= No Additional Sense residual= 0
retries= 0 file no= 0 block no= 0

The target drive designations assigned by Solaris may take on values higher than already established in the /dev/rmt/ path. This is not a problem but during a boot -rv, Solaris does not remove tape device files for drives that are no longer attached to the system. This can increase the effort in locating the device file for the configured drive, however, this can be minimized by first deleting the tape device files:

rm /dev/rmt/*

then either boot the system with a:

boot -rv

or issue the following at the command line prompt:

drvconfig -i st; tapes

If the DLTtape is the only drive on the system, it's target assignment should be zero. The Solaris man pages have more information on drvconfig and tapes.

Reconfigure Devices on Solaris

If you remove or add a device on Solaris then the devices files must be recreated, either with boot -rv or devfsadm. For example to renumber the logical tape drive devices do the following: Tape drives were numbered beginning with /dev/rmt/3 instead of /dev/rmt/0. The physical devices pointed to by the logical /dev/rmt/[012] devices no longer existed, and we wanted to renumber the valid devices beginning at /dev/rmt/0.

Cleanup non-existent tape drive devices with devfsadm.

# devfsadm -C -c tape -v

Remove all /dev/rmt logical links.

# rm -f /dev/rmt/*

Recreate all /dev/rmt logical links with devfsadm

# devfsadm -c tape -v

devfsadm(1M) maintains the /dev and /devices namespaces. It replaces the previous suite of devfs administration tools including drvconfig(1M), disks(1M), tapes(1M), ports(1M), audlinks(1M), and devlinks(1M).
OPTIONS
The following options are supported:

-C
Cleanup mode. Prompt devfsadm to cleanup dangling /dev links that are not normally removed. If the -c option is also used, devfsadm only cleans up for the listed devices' classes.

-c device_class
Restrict operations to devices of class device_class. Solaris defines the following values for device_class: disk, tape, port, audio, and pseudo. This option may be specified more than once to specify multiple device classes.

OpenBoot Diagnostics

The Solaris operating system gets the jumpstart for its booting from a hardware-level interface called the OpenBoot PROM or OBP for short. OpenBoot at its heart has an interactive command interpreter with a varied set of functions. OBP is a firmware which is stored in the socketed startup PROM of the computer and consists of two parts, the PROM and the NVRAM.
As stated earlier while the PROM acts as the interface for access to diagnostics and drivers, the NVRAM consists of some editable user defined parameters. Non Volatile information like the system identification information, device aliases etc are stored in the NVRAM.The OpenBoot PROM is programmable and can be programmed based on Forth, which is an interactive
programming language much like shell scripting.
The main tasks performed by the OpenBoot firmware are:

Initializing and Testing system hardware ( POST , power on self test)

Interactive Debugging

Management of NVRAM Parameters

Start the Operating System boot

Useful commands at OK prompt.

Dignostics : boot General

banner

this command shows the following systems hardware informatiion : Model, architecture, processor,keyboard, openboot version, Serial no. ethernet address & host id.

test floppy - test floppy disk drive
test net - test network loopbacks
test scsi - test scsi interface
test-all    test for all devices with selftest method

watch-clock

Show ticks of real-time clock

watch-net

Monitor network broadcast packets

watch-net-all

Monitor broadcast packets on all net interfaces

probe-scsi

Show attached SCSI devices

probe-scsi-all

Show attached SCSI devices for all host adapters- internal & external.

boot - boot kernel from default device.
Factory default is to boot
from DISK if present, otherwise from NET.

boot net - boot kernel from network
boot cdrom - boot kernel from CD-ROM
boot disk1:h - boot from disk1 partition h
boot tape - boot default file from tape
boot disk myunix -as - boot myunix from disk with flags "-as" DEVALIAS

ok>show-devs

ok cd /pci@1f,4000/scsi@3

ok .properties

ok ls

f00809d8 tape

f007ecdc disk

ok .speed

CPU Speed : 200.00MHz

UPA Speed : 100.00MHz

PCI Bus A : 66Mhz

PCI Bus B : 33Mhz

printenv Display all variables and current values.

setenv
Set variable to the given   value.

set-default

Reset the value of variable to the factory default.

set-defaults

Reset variable values to the factory defaults.

Key Sequences

These commands are disabled if the PROM security is on. Also, if your system has full security enabled, you cannot apply any of the suggested commands unless you have the password to get to the ok prompt.

Stop - Bypass POST. This command does not depend on security-mode. (Note: some systems bypass POST as a default; in such cases, use Stop-D to start POST.)

Stop-A Abort.

Stop-D - Enter diagnostic mode (set diag-switch? to true).

Stop-F - Enter Forth on TTYA instead of probing. Use exit to continue with the initialization sequence. Useful if hardware is broken.

Stop-N Reset NVRAM contents to default values.

Start an OpenBoot Diagnostics

OK setenv diag-switch? true OK setenv auto-boot? false OK reset-all
OK test-all or obdiag

Configure Graphics Console (e.g. Sun XVR-100 Graphics Accelerator) instead of serial TTYA

OK show-displays
Select the graphics accelerator, e.g. b

OK nvalias mydev
OK setenv output-device mydev OK setenv use-nvramrc? true OK reset-all

Why doesn't my .forward file work?

If you are having problems where you have created a $HOME/.forward file in your home directory to forward e-mails from one account to another and it just won't forward them?

First make sure the file isn't group or world writable.

-rwxrwxr-x 1 zahn dba 0 Jan 9 12:17 .forward   # wrong
-rwxr-xr-x 1 zahn dba 0 Jan 9 12:17 .forward   # OK
Lastly, make sure your home directory isn't group or world writable.

drwxrwxr-x 14 zahn dba 4096 Jan 9 12:20 zahn   # wrong drwxr-xr-x 14 zahn dba 4096 Jan 9 12:20 zahn   # OK

Simple Shell Script to backup your Files

Overview

A backup strategy is more complex than creating a redundant copy of disk storage and considering the strategy a success. A successful backup strategy must detail how the backup media are rotated, how the media are archived, how the system will be recovered, and what the backup software will do to create the backup. Although all parts of the backup strategy are equally important, this tip will focus on the backup script and will detail a flexible backup script that uses built-in Solaris software tools which create a reliable local backup of a Solaris machine.

Introduction

The backup script will accomplish the following goals:

Create a backup archive that is as easy to restore a single file as it is to restore an entire file system.

The backup script will run autonomously. The only human intervention will be to swap media and review output.

The filesystems or directories to backup can be specified in the script. Using automounter you can even specify remote filesystems.

The script will create a detailed log of the backup.

The script will send an abbreviated email summary of the backup to the administrator.

After a successful backup, the script will verify to some extent the contents of the backup media.

The backup script will be able to run on any Solaris 2.6 or greater machine without modification.

Tools used

We use the well known utilities TAR, GZIP and DD, because they are available on any Unix system. They are very well tested and simple to use. In case of an emergency it is important to have a simple way to restore, independent of complex tools and incompatible software releases.

Magnetic Tape Control

The utility MT sends commands to a tape drive. Many of these commands are familiar, but some are not. The script will use these mt commands.

rewind – rewind the tape

rewoffl – rewind the tape and eject it (go offline)

eom – space to end of recorded media on tape

weof – write count EOF marks at current position on tape

status – display current status of tape

Script

Click here for the Shell Script

Mounting an Existing ISO CD-ROM Image under Solaris UNIX

noreply@blogger.com (vitec) — Fri, 02 Dec 2011 08:14:00 +0000

Mounting an Existing ISO CD-ROM Image under Solaris UNIX

If your image name is cd.iso, you can type command:
# lofiadm -a /path/to/cd.iso
Output:

/dev/lofi/1

Please note that the file name argument on lofiadm must be fully qualified and the path must be absolute not relative (thanks to mike for tip).
/dev/lofi/1 is the device, use the same to mount iso image with mount command:

# mount -o ro -F hsfs /dev/lofi/1 /mnt
 # cd /mnt
 # ls -l
 # df -k /mnt

Mount the loopback device as a randomly accessible file system with
mount -F hsfs -o ro /dev/lofi/X /mnt

Alternatively, use this combined format:
mount -F hsfs -o ro `lofiadm -a /path/to/image.iso` /mnt

Unmount and detach the images

Use umount command to unmount image:
# umount /mnt
Now remove/free block device:
# lofiadm -d /dev/lofi/1
For more information read lofiadm and lofi man pages by typing the following command:
man lofiadm

CSF: Config Server Firewall Installation

noreply@blogger.com (vitec) — Tue, 15 Nov 2011 16:04:00 +0000

Filed under: Technical Support
An alternative firewall to APF is the Config Server Firewall, or CSF.
CSF is generally considered a more advanced firewall as there are more configuration options compared to other firewalls, while still being simple enough to install and configure that even novice administrators can use it. This article will give you a simple overview about how to install and configure CSF and its security plugin LFD (Login Failure Daemon).

Note: This post assumes that you are familiar with SSH and basic command line navigation. These instructions apply primarily to customers who have VPS or Dedicated servers. If you do not have root-level access to your server account you will not be able to make these changes.

Removing Your Current Firewall

To prevent any conflicts in operation we will need to remove your current firewall. The most common software firewalls on our dedicated servers are APF and CSF, so we have provided instructions on how to remove APF below. If you are using a different software firewall be sure to follow that programs uninstall directions before continuing. After completing the uninstall continue with the CSF installation below.

Using Yum to Remove APF

If it was installed via yum, which is most likely, you will first need to identify the name of your APF package:
rpm -qa |grep -i apf
In this case:

[root@host ~]# rpm -qa | grep apf

apf-9.6_5-1

In order to remove that package, and get your server ready for CSF installation, run the following command:
[root@host ~]# rpm -e apf-9.6_5-1
If you see this:

[root@host ~ ]# rpm -e apf-9.6_5-1

error: Failed dependencies:

 apf >= 9.6_5-1 is needed by (installed) bfd-1.2-1.noarch

It means you have BFD installed, and it will need to be removed before you can proceed to removing APF:
[root@host ~ ]# rpm -e bfd-1.2-1.noarch
Then attempt to remove apf again:
[root@host ~ ]# rpm -e apf-9.6_5-1
Any further dependency errors can be handled in the same way as long as you are aware of what you are removing. If you have any questions or get stuck at any point feel free to open up a support request with us by logging in to PIMS.

Removing Source Installed APF

This can be a bit trickier, and if you are not sure what you’re doing you may want to submit a ticket to our support team. If you are confident and wish to proceed you will find a list of commands below that you can use to remove APF if it is installed in the most common CentOS directories.
Stopping APF and iptables clears all of the rules from your firewall and ensures that removing the APF installation won’t cause access problems:
[root@host ~ ]# /etc/init.d/iptables stop
[root@host ~ ]# /etc/init.d/apf stop
Remove all of the APF related files:

[root@host ~ ]#  rm -Rfv /etc/apf

[root@host ~ ]#  rm -fv /etc/cron.daily/fw

[root@host ~ ]#  rm -fv /etc/init.d/apf

Remove APF from the list of programs that start at boot:
[root@host ~ ]# chkconfig apf off
If you get an error on any of those commands that you don’t understand please open a ticket with our support team and we will do everything we can to assist you.

Installing CSF

Installing CSF should be as simple as downloading the source file to your server and installing it. All commands below should be executed on your server via SSH, not on your local computer.
The first few steps of the installation are the same whether it is a cPanel server or a non-cPanel server.

Retrieving the Package

Best practice when installing any software from source: Use a temporary directory on a partition with plenty of space.
On our dedicated cPanel servers you will already have a directory that we generally use for such things called ‘temp’ on the home partition:
[root@host ~ ]# cd /home/temp/
It is a good idea to check your disk space usage before proceeding, just to be sure there is plenty available:
[root@host ~ ]# df -h
Use ‘wget’ to retrieve CSF install code:
[root@host ~ ]# wget http://www.configserver.com/free/csf.tgz
Once the download is complete, you will see something similar to the following, and be given a command prompt again:
14:53:02 (410.05 KB/s) - `csf.tgz' saved [487272/487272]
Next: Decompress the CSF install files and change directories to the newly created ‘csf’ directory:

[root@host ~ ]#  tar zxvf csf.tgz

[root@host ~ ]#  cd csf

This is where the paths diverge: cPanel server, or non-cPanel server.
[root@host /home/temp/csf/ ]# ./install.cpanel.sh
If you are running a non-cpanel redhat server:
[root@host /home/temp/csf/ ]# ./install.sh
Either way you can look through the output of the script as it is running and it will tell you everything it has done. At the end, you will see something similar to the following:

TCP ports currently listening for incoming connections:
21,22,25,53,80,110,143,443,465,993,995,2077,2078,2082,2083,2086,
2087,2095,2096,3306

UDP ports currently listening for incoming connections:
53,123

Note: The port details above are for information only, csf hasn't
been auto-configured.

Don't forget to:
1. Configure the TCP_IN, TCP_OUT, UDP_IN and UDP_OUT options in
the csf configuration to suite your server
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall

Adding current SSH session IP address to the csf whitelist in csf.allow:
Adding 10.30.6.17 to csf.allow only while in TESTING
mode (not iptables ACCEPT)
*WARNING* TESTING mode is enabled
- do not forget to disable it in the configuration

Installation Completed

To start testing CSF, start it up:
[root@host ~ ]# /etc/init.d/csf restart
Once you have completed your testing be sure to take CSF out of testing mode by changing the flag in the csf.conf:
Edit the configuration with your favorite editor, in this case we will use vi:
[root@host ~ ]# vi /etc/csf/csf.conf
Find this block of text near the top of the configuration file:

# Testing flag - enables a CRON job that clears iptables incase of

# configuration problems when you start csf. This should be enabled until you

# are sure that the firewall works - i.e. incase you get locked out of your

# server! Then do remember to set it to 0 and restart csf when you're sure

# everything is OK. Stopping csf will remove the line from /etc/crontab

TESTING = "1"

Edit the last line of that block of text so that it reflects testing being disabled:
TESTING = "0"
Finally, restart CSF:
[root@host ~ ]# /etc/init.d/csf restart
Your CSF firewall is up and running! Congratulations!

Common Installation Errors

If you see an error about libwww not being installed you can install it with yum or cpan:
yum install perl-libwww-perl
OR
perl -MCPAN -e 'install Bundle::LWP'

Beginning CSF: Making Changes Using the Command Line.

Updating CSF using the command line interface is simple by design!
Here are the most common commands you will be using:
csf -d IPADDRESS will deny an IP.
csf -a IPADDRESS will allow an IP.
csf -r will reload all rules.
If you forget the command you are looking for just type 'csf' on the command line and you will receive an list of all of your options:


[root@host ~ ]#  csf
ConfigServer Security & Firewall (http://www.configserver.com/cp/csf/)
csf: v4.17
(c)2006, Way to the Web Limited (http://www.waytotheweb.com)

Usage: /usr/sbin/csf [option] [value]

Option              Meaning
-h, --help          Show this message
-l, --status        List/Show iptables configuration
-s, --start         Start firewall rules
-f, --stop          Flush/Stop firewall rules
-r, --restart       Restart firewall rules
-a, --add ip        Add an IP address to be whitelisted to /etc/csf.allow
-d, --deny ip       Add an IP address to be blocked to /etc/csf.deny
-dr, --denyrm ip    Remove and unblock an IP address in /etc/csf.deny
-c, --check         Checks for updates to csf+lfd but does not perform an upgrade
-g, --grep ip       Search the iptables rules for an IP match (incl. CIDR)
-t, --temp          Displays the current list of temporary IP bans and their TTL
-tr, --temprm ip    Remove an IP address from the temporary IP ban list
-td, --tempdeny ip ttl [-p port] [-d direction]
                    Add an IP address to the temporary IP ban list. ttl is how
                    long to blocks for in seconds. Optional port. Optional
                    direction of block can be one of in, out or inout. Default
                    is in
-tf, --tempf        Flush all IP addresses from the temporary IP ban list
-u, --update        Checks for updates to csf+lfd and performs an upgrade if
                    available
-x, --disable       Disable csf and lfd
-e, --enable        Enable csf and lfd if previously disabled
-v, --version       Show csf version

CSF is an increasingly popular alternative to the stock firewalls on some servers. Should you require any other help or have any questions about CSF please open a ticket with our support team by logging in to your PIMS account, or you can also visit the CSF home page where you can find other documentation and FAQs.

Copy Recursive with command line ftp

noreply@blogger.com (vitec) — Sat, 12 Nov 2011 03:14:00 +0000

Ftp command line linux copy Recursive (for mget, get, ...)

wget -r 'ftp://user:pass@domain/public_html/download/'

Đồng bộ dữ liệu trên 2 Database Server sử dụng MySQL Server

noreply@blogger.com (vitec) — Sat, 05 Nov 2011 09:12:00 +0000

Trong bài viết này, mình sẽ tiếp tục trình bày các để đồng bộ dữ liệu giữa 2 Database Server sử dụng MySQL Server (MySQL Replication), thực hiện trên hệ điều hành CentOS 5.6
Trong mô hình này. Một Server sẽ đóng vai trò là MASTER, Server kia đóng vai trò là SLAVE.

Yêu cầu 2 Server:

Đã cài đặt MySQL

Cấu hình chung:

Server 1 có địa chỉ IP là: 192.168.1.131
Server 2 có địa chỉ IP là: 192.168.1.137
Database trên 2 Server cần đồng bộ có tên: dulieumau

1) Cấu hình MASTER (Server1):

Đánh lệnh để sửa lại nội dung file my.cnf
vi /etc/my.cnf

Đầu tiên bạn cần chắc chắn rằng 2 dòng sau của file my.cnf đã được commnet hoặc được xóa bỏ
#skip-networking
#bind-address = 127.0.0.1

Tiếp đó, trong thẻ [mysqld] thêm vào nội dung sau:
log-bin
binlog-do-db=dulieumau
server-id=1

Trong đó binlog-do-db ta cho biết dữ liệu cần đồng bộ.

Sau đó ta khởi động lại MySQL. Gõ lệnh:
service mysqld restart

Tiếp theo, đăng nhập vào MySQL trên Server 1 bằng tài khoản root
mysqld -u root -p

Tạo một user để Server 2 đăng nhập và có thể Replicate
GRANT REPLICATION SLAVE ON *.* TO 'slave'@'%' IDENTIFIED BY '123456';

Trong dòng lệnh trên thì Username là slave và mật khẩu là 123456

Để đảm bảo tính nhất quán dữ liệu giữa 2 database trên Server1 và Server2. Ta tiến hành ngưng các tác động làm thay đổi cơ sở dữ liệu.
FLUSH TABLES WITH READ LOCK;

Tiếp tục, Xem file log của cơ sỡ dữ liệu "dulieumau" hiện tại để slave biết bắt đầu replicate tại thời điểm nào.
SHOW MASTER STATUS;
Ví dụ ở đây ta có kết quả như hình dưới đây.

Chúng ta cần lưu lại 2 tham số của cột File và Position để cấu hình cho SLAVE.

2) Cấu hình SLAVE (Server 2):

Chú ý: Nếu như trước khi bạn thiết lập Replication này mà database cần Replicate của bạn đã có sẵn dữ liệu trên Server 1 thì bạn cần sao chép database này sang Server 2!
Bạn có thể thực hiện việc này bằng cách sao lưu và backup bằng tay từ server 1 sang server 2 hoặc có thể đánh lệnh sau trong server 2
LOAD DATA FROM MASTER;
==> Đảm bảo trước khi cấu hình đồng bộ hóa thì database ở 2 server là giống nhau!

Trên SLAVE mở và thêm đoạn sau vào nội dung file my.cnf
server-id=2
master-host=192.168.1.155
master-user=slave1
master-password=123456
master-port=3306
master-connect-retry=60
replicate-do-db= dulieumau

Trong đó:
master-host= IP hoặc domain của MASTER
master-user= Tài khoản để SLAVE đăng nhập vào MASTER được tạo ở bước trên
master-password= là mật khẩu của User đó

Sau đó khởi động lại MySQL
service mysqld restart

Đăng nhập vào MySQL bằng quyền root
mysql -u root -p

Nếu Server 2 hiện đang là 1 SLAVE đang hoạt động thì ta tạm dừng nó lại
SLAVE STOP;

Cấu hình những thông tin cần thiết để SLAVE giao tiếp được với MASTER:
CHANGE MASTER TO
-> MASTER_HOST='192.168.1.155',
-> MASTER_USER='slave1',
-> MASTER_PASSWORD='123456',
-> MASTER_LOG_FILE='mysqld-bin.000001',
-> MASTER_LOG_POS=98;

với MASTER_LOG_FILE và MASTER_LOG_POS là hai tham số có giá trị được ta lưu lại ở bước phía trên!

Khởi động lại SLAVE:
SLAVE START;

Giải phóng các Tables trên MASTER (Server 1).
UNLOCK TABLES;

3) Testing:
Khi ta tiến hành thay đổi dữ liệu trên dulieumau ở Server 1 thì dulieumau trên Server 2 cũng thay đổi theo y như vậy! ==> Thành công!

* Một số lệnh để xem logs và kiểm tra hoạt động trên MASTER và SLAVE:
-------- MASTER:
mysql> SHOW GRANTS FOR repl;
mysql> SHOW MASTER LOGS \G
mysql> SHOW BINARY LOGS;
mysql> SHOW MASTER STATUS;
mysql> RESET MASTER ---> ( CAUTON !!! )
-------- SLAVE:
mysql> SHOW SLAVE STATUS;
mysql> STOP SLAVE;
mysql> START SLAVE;
mysql> RESET SLAVE;

4) MySQL Replication theo 2 chiều:
Các bước cấu hình mình đã trình bày ở trên sẽ giúp đồng bộ dữ liệu mỗi khi Database trên Server 1 được thay đổi. Tuy nhiên nếu dữ liệu ở trên Server 2 thay đổi thì Server 1 không có được những thay đổi này! Đó là replication một chiều (MASTER --> SLAVE)
Để có thể replication chiều (MASTER <--> MASTER) ta tiến hành cấu hình 2 mô hình MASTER-SLAVE replication lồng vào nhau:
Bước 1: Server 1 là MASTER, server 2 là SLAVE
Bước 2: Server 1 là SLAVE, server 2 là MASTER

2 bước này cấu hình hoàn toàn tương tự như mình đã trình bày ở bên trên!

Sưu tầm (Theo Ngô Duy Khánh - Kenhgiaiphap.Vn)

Kinh Nghiệm Việt Nam - Thủ Thuật PC

how to install memcached

Install memcached

Cách 1: Cài và chạy bằng tay

Cách 2: Cài và chạy service

Going all out - building a memcached rpm

Install php-pecl-memcache

Learn how to Sniff Wireless Passwords with Pirni (Man in the Middle Attack)

What is Pirni?

Using Pirni

Analyzing your Dump File

UDIDFaker – fake udid for your iPhone IOS device

Follow these steps to spoof Your Device’s UDID

Create random HEX for linux

Pirni comes with an ARP spoofer network traffic

Sniff Your iPhone's Network Traffic

1) Download and Install Paros

2) Configure Paros

3) Configure iPhone

4) Using Paros

On-iPhone Development Environment

On-iPhone Development Environment

Getting Shell Access

Getting an Editor

Setting Up sudo

Logging In as mobile

Installing GCC and Friends

Fixing What’s Broken

Libraries

Headers

Manual Header Modifications

Minor Details

Testing your GCC

You’re Done!

Cách tốt nhất cập nhật lại ngày giờ cho Centos

How To Fix PHP Error Notice: Undefined variable: index

Remove IP Spamhaus

Hướng dẫn cấu hình crontab not send email

How To scp, ssh and rsync without prompting for password

Hướng dẫn install mtop cho centos 32bit

Setup Oracle 11g 11.0.2.1 for Solaris 10 - 64bit

Map san xuống server solaris sử dụng UFS

kloxo 500 - Internal Server Error

Reset password root MYSQL với quyền root

ORA-27102: out of memory - Set the kernel parameters

Changes

Cause

Solution

Linux Add a Swap File – Howto

Procedure To Add a Swap File

See also:

free command

vmstat command

top command

ORA-27102: out of memory on Solaris 10

Command Solaris

Akadia Information Technology

How to install a Sun Solaris Jumbo Patch ?

Does each Oracle Process use more than 100M memory ?

Why doesn't my .forward file work?

Mounting an Existing ISO CD-ROM Image under Solaris UNIX

Mounting an Existing ISO CD-ROM Image under Solaris UNIX

Unmount and detach the images

CSF: Config Server Firewall Installation

Removing Your Current Firewall

Using Yum to Remove APF

Removing Source Installed APF

Installing CSF

Retrieving the Package

Common Installation Errors

Beginning CSF: Making Changes Using the Command Line.

Copy Recursive with command line ftp

Đồng bộ dữ liệu trên 2 Database Server sử dụng MySQL Server

Setting Up `sudo`

Logging In as `mobile`