0.....FURTHER INFO
1.....NETWORK TROUBLESHOOTING
1.1..... Using route command
1.2..... Using netstat to show state of interfaces
1.3..... Using ifconfig to change hardware address
1.4..... Using eeprom to make unique quad mac addresses
1.5..... Setting and checking speeds on ethernet cards
1.6..... Security issues with TCP initial sequencing numbers
1.7..... Useful routing commands
2.....SYSTEM TROUBLESHOOTING
2.1..... Reporting on swap and memory
2.2..... Making large files
2.3..... Process checking
2.4..... Identifying hardware
2.5..... Checking cpu's
2.6..... Checking kernel
2.7..... Checking firmware revision
2.8..... Checking what instance a tape drive is on
2.9..... Removing a scsi device from a live server
2.10.... Probe scsi devices from the OS
2.11.... System stats using gui
2.12.... Installation of generic scsi cdwriter
2.13.... Obtaining instruction set size
2.14.... Changing a machines identity
2.15.... Photon drivers
2.16.... Abitrary ports
2.17.... Adding extra devices on a system
2.18.... Disk scematics
2.19.... SCSI and tagged command queueing problems
2.20.... Viewing eeprom settings
2.21.... Find out which processes are writing to a dir
3.....SNMP
3.1..... Getting info via snmpwalk
3.2..... Config file example
4.....NETWORK AUTO FAILOVER
4.1..... nafo Description
5.....THE BOOT PROM
5.1..... Checking the OBP revision
5.2..... Adjusting settings from eeprom
6.....SQUID ACCELERATOR
6.1..... squid.conf
6.2..... Cache dir construction
6.3..... Initial startup
6.4..... Forwarding Web Requests to the same machine
6.5..... PURGE files from squid's cache
6.6..... Problem recognising virtual hosts
6.7..... Squid signals
7.....DNS
7.1..... Give private TTLs to hostnames
8.....GENERAL COMMANDS
8.1..... SCCS checking
8.2..... Hardwire
8.3..... Basic Calculator
9.....APACHE
9.1..... RewriteRule
9.2..... HTTP error codes
9.3..... V 1.3.19 changes
9.4..... Increasing max server limit
9.5..... Veiwing ssl certificate info
9.6..... Apache proxy config
9.7..... Compiling apache + ssl + php
9.8..... Non caching tags and HEAD
10....VERITAS VOLUME MANAGER
10.1.... Installation
10.2.... Checking on disks
10.3.... Reattaching disks
11....HARDWARE
11.1.... Storage tape capacities
12....SENDMAIL
12.1.... Telnet to port 25
12.2.... Process the mail queue
=======================================================
0.....FURTHER INFO
http://www.solaris4you.dk/menuside.html
-------------------------------------------------------
1.....NETWORK TROUBLESHOOTING
1.1..... Using route command
See what interface a server uses to get to an ip addr.
# route -n get [ip addr]
1.2..... Using netstat to show state of interfaces
# netstat -ni
1.3..... Using ifconfig to change hardware address
# ifconfig qfe1 ether 8:0:20:a2:bb:14
1.4..... Using eeprom to make unique quad mac addresses
Switches often have problems not picking up the MAC addresses from
the quad cards on Solaris. The reason for this is that Solaris
by default only uses the system's MAC address so all the interfaces
advertise the same MAC address, this can be a problem if more than
one interface is connected to the same switch. The problem is
corrected by making the quad card use it's own MAC address:
# eeprom local-mac-address?=true
And then reboot.
1.5..... Setting and checking speeds on ethernet cards
To examine parameter values, use a ndd -get command. In particular
link_speed reveals whether the interface is operating on 10Mbs or
100Mbs mode (settings of 0 and 1 respectively), and link mode
reveals whether it is running at half or full duplex (0 and 1,
respectively)
# ndd -get /dev/hme link_speed
# ndd -get /dev/hme link_mode
To perform the hard set of the link_spedd and link_mode parameters
for hme#, several lther parameters must be set with the ndd -set
command. In these paramter name, 10 or 100 refers to the link_speed,
fdx or hdx refers to link_mode, and autoneg refers to autonegotiation.
The setting corresponding to the desired mode should be set to "1"
and all other pararmeters should be set to "0" (adv_autoneg_cap=1 is
the default) eg. to set hme# to 100/full duplex:
# ndd -set /dev/hme instance #
# ndd -set /dev/hme adv_100T4_cap 0
# ndd -set /dev/hme adv_100fdx_cap 1
# ndd -set /dev/hme adv_100hdx_cap 0
# ndd -set /dev/hme adv_10fdx_cap 0
# ndd -set /dev/hme adv_10hdx_cap 0
# ndd -set /dev/hme adv_autoneg_cap 0
ndd -set commands can be used in the /etc/rc2/dS69inet initialisation
script.
1.6..... Security issues with TCP initial sequencing numbers
CERT raised an issue with TCP initial sequencing numbers on their
packets. The sequencing numbers used in the initial handshake were
guessable and therefore security risk. This was changed on solaris
via editing /etc/default/initinet and changing the value to 2 and
doing the following on running systems:
# ndd -set /dev/tcp tcp_strong_iss 2
1.7..... Useful routing commands
# route add 143.252.0.0/16
-private RTF_PRIVATE do not adveritse this route
-blackhole RTF_BLACKHOLE silently discard pkts (during
updates)
-reject RTF_REJECT emit an ICMP unreachable when
matched
-------------------------------------------------------
2.....SYSTEM TROUBLESHOOTING
2.1..... Reporting on swap and memory
Reporting on system io, virtual memory and swap space:
# vmstat
# iostat
You can also check on how busy a disk is using the following:
# iostat -npd 2
2.2..... Making files
To make a file of a certain size:
# mkfile 100m /var/tmp/100megfile
2.3..... Process checking
Reporting on processes, like pstree
/usr/proc/bin/ptree
2.4..... Identifying hardware
Got a warning in /var/adm/messages
"WARNING: /pci@1f,4000/scsi@2/st@4,0 (st11):..."
How do we identify the hardware device?
Check out /etc/path_to_inst and you'll find somthing like the
following: "/pci@1f,4000/scsi@2/st@4,0" 11 "st"
- the first entry in quotes corresponds to the scsi device on
the motherboard
- the second entry without quotes is the instance number
- the last part in double quotes is the driver name
To break it down further:
- In the device path name, the last component after the last /
character and before the @ character is the device name.
- The path name before the last component is the parent name.
- The comma separated numbers after the @ character at the end
represent the device and function numbers, which are together
referred to as unit-address.
- the st means driver for "scsi tape" device
- if it were sd it would mean "scsi disk"
- check out the following for a list of errors and their meanings:
# man -s 7D st
# man -s 7D sd
2.5..... Checking cpu's
To check what cpu's you have on board and identify what they are:
# psrinfo -v
2.6..... Checking kernel
To check on kernel information:
# modinfo
2.7..... Checking firmware revision
# /usr/sbin/prtconf -V
or
# /usr/platform/sun4u/sbin/prtdiag -v | grep OBP
2.8..... Checking what instance a tape drive is on:
# ls -l /dev/rmt/? | sed 's/.*rmt\///'
This will return something like the following:
0 -> ../../devices/pci@1f,4000/scsi@3,1/st@4,0:
The 0 at the start is what instance the drive is on. Check it by:
# mt -f /dev/rmt/0 status
2.9..... Removing a scsi device from a live server
This should not cause the machine to panic if it is not on the
same scsi bus as any disks. If it is, you may lose those disks.
Firsly check what bus it is on either via dmesg if its a disk or
if a tape drive, via the tape instance command in 2.8 above. If
not on the same device, remove it, then reconfigure the bus via
drvconfig.
2.10.... Probe scsi devices from the OS
You can download a programe called scsiinfo-[os ver] and do a
probe on the system. Handy in determining what is on your scsi
device exactly eg what make and model of tape device:
# scsiinfo-4.6-sunos5.6 -p
fas0: st4,0 tgt 4 lun 0:
Synchronous(20.000MB/sec) Clean NoTaggedQueuing Wide
Removable Tape: SUN DLT7000 1E48 [SL]
2.11.... System stats using gui
If you want to get a gui graph on desktop showing such things as
collisions, cpu, disk, swap etc... you can use the following. Note
however, it does require the use of rpc and rstatd:
# /usr/dt/bin/sdtperfmeter -H -t cpu -t colls -s 1
Or alternatively:
# /usr/openwin/bin/perfmeter -a
2.12.... Installation of generic scsi cdwriter
cd writing and such stuff requires use of a generic scsi driver - which
doesnt come with solaris, there's a chappy who's done a lot of the work
for you though and here how you install the kernel module.
URL: ftp://ftp.fokus.gmd.de/pub/unix/kernel/scg/
Get SCHILYscg.sparc.tar.Z package plus the appropriate kernel module for
the OS, ie: sparcv9 for Sol 5.7 and 5.8
# zcat SCHILYscg.sparc.tar.Z | tar xvf -
# pkgadd -d .
Install package, this installs a really old driver into /kernel/drv/
Copy in the new module
# cp scg-sparcv9-sol2.7.beta /kernel/drv/scg
Check to see if you're already got the module loaded
# modinfo | grep scg
Try loading the module and then create the devices etc:-
# modload /kernel/drv/scg
# modinfo | grep scg
218 784a2000 4a71 204 1 scg (SCSI General Driver)
# drvconfig && devlinks
(drvconfig is deprecated in 5.8 and devfsadm replaces it)
# ls -la odev/sg*
lrwxrwxrwx 1 root other 41 Apr 17 10:56 /dev/scg0 ->
../devices/pci@1f,0/pci@1/scsi@1/scg@0,0:
lrwxrwxrwx 1 root other 43 Apr 17 10:56 /dev/scg1 ->
../devices/pci@1f,0/pci@1/scsi@1,1/scg@0,0:
# tail /var/adm/messages
Apr 17 10:56:10 wsit038 scsi: [ID 193665 kern.info] scg0 at glm0: target 0 lun 0
Apr 17 10:56:10 wsit038 genunix: [ID 936769 kern.info] scg0 is
/pci@1f,0/pci@1/scsi@1/scg@0,0
Apr 17 10:56:10 wsit038 scsi: [ID 193665 kern.info] scg1 at glm1: target 0 lun 0
Apr 17 10:56:10 wsit038 genunix: [ID 936769 kern.info] scg1 is
/pci@1f,0/pci@1/scsi@1,1/scg@0,0
2.13.... Obtaining instruction set size
Answers questions about whether 64-bit or 32-bit applications are
supported:
# isainfo -v
2.14.... Changing a machines identity
If you want to change a systems hostname, ip addr, domain name, etc...
use the following command: NOTE: THIS COMMAND HALTS THE SYSTEM.
# sys-unconfig
This removes the hostname, ip addr, netmask, domain name etc... ,
and halts the machine. Reboot the machine and it prompts for the
information again before rebooting and coming back up again with
its changed hostname and identity.
2.15.... Photon drivers
Had some real issues with the disks on the Photon unable to be seen
by the OS. When a format command was run, the only disks it would
turn up was the E450's. Turned out the following packages were missing:
SUNWifp
SUNWifph
SUNWvtsfp
These were bundled on 2.5.1 and 2.7, but not on 2.6 We located the
drivers disk - has FC100 on the cover - and installed the drivers
from there. There was no need to reboot, the E450 could see the
disks in the Photon straight away.
# luxadm probe -p gives their location
lux packages also need to be installed. These are usually on the 2.6 cd
2.16.... Abitrary ports
Ports that can be used for local system programming are in a range
that can be found from the following:
# ndd -get /dev/tcp tcp_largest_anon_port
65535
# ndd -get /dev/tcp tcp_smallest_anon_port
32768
An example is ORACLE processes who try connections continually.
2.17.... Adding extra devices on a system
After installing a system and later adding a scsi device. To ensure
the system can see the newly added device, do the following:
# drvconfig - configures the /devices directory
# disks - if the device is a disk
or
# tapes - if the device is a tape, use of these commands creates
/dev entries for hard disks attached to the system
# devlinks - adds /dev entries for miscellaneous devices and
pseudo-devices
2.18.... Disk scematics
When cheking out individual disks, even photons:
# prtvtoc /dev/rdsk/c1t0d0s2
* /dev/rdsk/c1t0d0s2 partition map
*
* Dimensions:
* 512 bytes/sector
* 64 sectors/track
* 64 tracks/cylinder
* 4096 sectors/cylinder
* 4298 cylinders
* 4296 accessible cylinders
Disk size = 512x64x64x4298 /1024 /1024 = 8596 MB
2.19.... SCSI and tagged command queueing problems
While doing a dump to a scsi tape drive and tape stacker, the following
error kept on turning up in logs on a Solaris 2.6 box:
DUMP: Warning - cannot read sector 2854226644 of `/dev/vx/rdsk/datadg/vol06'
DUMP: bread: DEV_LSEEK2 error
DUMP: Warning - cannot read sector 2854226645 of `/dev/vx/rdsk/datadg/vol06'
DUMP: bread: dev_seek error
etc....
Turns out that this is a result Tagged Command Queueing (TCQ) which is an
optional part of SCSI-2. TCQ permits a drive to accept multiple I/O requests
for execution later. These requests are "tagged" by a reusable id so that
the drive and the OS can keep track of them. The drive can reorder these
requests to optimize seeks.
SunsOS 4.x and earlier never used tagged queueing. However, Solaris 2.x
will make use of tagged queuing if the drive claims to support it.
Unfortunately, some drive manufacturers have found it hard to design
their drives to do tagged queueing properly, and this particular area
has been a common source of bugs in drive firmware. If it isn't possible
to turn off tagged queueing in the drive that is causing the problem,
Solaris 2.x can be told not to use tagged queueing at all, by putting
the following line in /etc/system:
set scsi_options & ~0x80
The "scsi_options" kernel variable contains a number of bit flags which
are defined in /usr/include/sys/scsi/conf/autoconf.h 0x80 corresponds
corresponds to tagged queueing.
However, this turns off tagged queueing for the entire machine, not just
the problematic drive. Because tagged queueing can provide a significant
performance enhancement for busy drives, this may not always be desirable.
It is possible to disable tagged queueing and set or clear other scsi
options on a per-controller or per-drive bases. Check esp(7) and isp(7)
man pages.
2.20.... Viewing eeprom settings
# ./prtconf -vp
2.21.... Find out which processes are writing to a dir
Had the problem where /proc fs was filling up disk. This usually happens
where a process was writing a large file and didn't finish before it died.
To check what files were open to which process in /proc, did the following.
# fuser /proc
this returned...
/proc: 11816c 11735o 4794c 4784c 4550c 1720o 1660o 1600o 1182o 179o 11816c 4794c 4550c
all the files with a "o" next to them state they are open by the pid of the preceeding
number. So a ps -eaf | grep 11735 will tell us what is writing to /proc/11735o
BTW. Couldn't clear the problem until I rebooted.
-------------------------------------------------------
3.......SNMP
3.1..... Getting info via snmpwalk
*nb cri2ic is the community string.
-for process information:
# /usr/local/bin/snmpwalk -v 1 localhost cri2ic .1.3.6.1.4.1.2021.2
-for disk information:
# /usr/local/bin/snmpwalk -v 1 localhost cri2ic .1.3.6.1.4.1.2021.9
-to check if the snmp daemon is responding correctly:
# /usr/local/bin/snmpwalk -v 1 localhost cri2ic system
3.2..... Config file example
com2sec local localhost knobby
com2sec mynetwork 212.187.235.0/24 cri2ic
com2sec ninetwork 192.168.111.74/32 knobby
com2sec mynetwork 192.168.111.62/32 cri2ic
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
group MyROGroup v1 mynetwork
group MyROGroup v2c mynetwork
group MyROGroup usm mynetwork
group MyROGroup v1 ninetwork
group MyROGroup v2c ninetwork
group MyROGroup usm ninetwork
view all included .1 80
access MyROGroup "" any noauth exact all none none
access MyRWGroup "" any noauth exact all all none
syslocation Level3
syscontact kevin.doherty@dexterus.com
proc sshd1 10 1
# exec shelltest /bin/sh /var/tmp/shtest
disk /
disk /var
disk /u02
disk /u01
disk /web-db1-arch1
disk /web-db1-arch1/u02/arch1
disk /etc/opt/SUNWcluster/conf/ccdssa
load 12 14 14
-------------------------------------------------------
4.0..... NETWORK AUTO FAILOVER
4.1..... nafo Description
A point of interest is that the 192.168.112 interface on the boxes was
on qfe4 but there was no /etc/hostname.qfe4 file.
Enter /etc/pnmconfig
-------------
nafo0 qfe0 qfe4
nafo1 qfe1 qfe5
nafo2 qfe2
-------------
The nafo stands for "network auto failover" and the file is used in conjunction with
the package SUNWpnm - Sun Cluster Public Network Management. Basically once qfe0
fails, qfe4 takes over. Then if qfe4 fails, qfe0 takes over etc... the same with
qfe1 and qfe5
This can be viewed in /var/adm/messages:
Nov 8 15:16:44 dbvlive1 unix: SUNW,qfe0: Link Down - cable problem?
Nov 8 15:16:48 dbvlive1 last message repeated 2 times
Nov 8 15:16:49 dbvlive1 unix: SUNW,qfe0: Using Internal Transceiver
Nov 8 15:16:49 dbvlive1 unix: SUNW,qfe0: 100 Mbps half-duplex Link Up
Nov 8 15:17:01 dbvlive1 ID[SUNWcluster.pnm.pnmd.5001]: Bk_gp (nafo0) Status (DOUBT); Adp (qfe0) Status (DOUBT)
Nov 8 15:17:22 dbvlive1 ID[SUNWcluster.pnm.pnmd.4502]: Bk_gp (nafo0) Status (DOUBT); Adp (qfe0) Status (DOWN)
Nov 8 15:17:22 dbvlive1 ID[SUNWcluster.pnm.pnmd.6003]: failover in nafo0 from qfe0 to qfe4
Nov 8 15:17:22 dbvlive1 ID[SUNWcluster.pnm.pnmd.XXXX]: kstat_chk(): kstat_named_value returned 0
Nov 8 15:17:28 dbvlive1 ID[SUNWcluster.pnm.pnmd.6001]: Bk_gp (nafo0) Status (OK); Adp (qfe4) Status (OK)
-------------------------------------------------------
5.....THE BOOT PROM
5.1..... Checking the OBP revision
ok .version
5.2..... Adjusting settings from eeprom
# eeprom use-nvramrc?=true
# eeprom nvramrc='devalias secondary /sbus@b,0/SUNW,fas@3,8800000/sd@e,0'
-------------------------------------------------------
6.....SQUID
6.1..... squid.conf
The following was taken from Level3 squid.conf for an accelerator
residing on the same hardware as the web server:
http_port 80
httpd_accel_host 127.0.0.1
httpd_accel_port 8080
httpd_accel_uses_host_header on
httpd_accel_single_host on
emulate_httpd_log on
cache_effective_user nobody
cache_effective_group nogroup
cache_dir ufs -1 /export/home/cache 500 32 10
cache_access_log /export/home/cache/access.log
cache_log /export/home/cache/cache.log
cache_store_log none
positive_dns_ttl 5 minutes
redirect_children 5
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT
acl ftp url_regex ^ftp://
acl banned url_regex 101cd
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
icp_access allow all
logfile_rotate 1
miss_access allow all
cachemgr_passwd disable all
store_avg_object_size 9 KB
6.2..... Cache dir construction
# mkdir /usr/local/squid/cache
Although not good security-wise, had to give full permissions to allow
the squid command to create the cache dir structure. Better to give the
dir a userid and userid with permissions 770
# chmod 777 /usr/local/squid/cache
# /usr/local/squid/bin/squid -z
6.3..... Troubleshooting configuration
The following entries were required to be added to get squid to run and
connect:
Got the following error:
Unknown cache_dir type '/var/squid/cache'
Solution: the cache_dir option changed with version 2.3. It now takes a
type argument. Insert ufs into the line, like this:
cache_dir ufs /var/squid/cache ...
6.4..... Initial startup
# /usr/local/squid/bin/squid -N -d 1 -D
-N No daemon mode.
-d level Write debugging to stderr also.
-D Disable initial DNS tests.
6.5..... PURGE files from squids cache
There are two ways you can do this. Either run squids client program with
the PURGE option:
# /usr/local/squid/bin/client -m PURGE -p 80 http://wsit033/dir/filename
Or you can telnet to the port squid is listening on and use PURGE instead
of GET:
# telnet wsit033 80
Trying 143.252.91.112...
Connected to wsit033.
Escape character is '^]'.
PURGE / HTTP/1.0 [ENTER][ENTER]
6.6..... Problem recognising virtual hosts
After installing an accelerator, squid would not return a specific virtual
host configured in apache, falling through to the default instead. This
was a known bug in earlier releases of squid and fixed in later versions.
The following configs had to be added to the squid.conf file after a newer
binary was copied over:
httpd_accel_uses_host_header on
httpd_accel_single_host on
emulate_httpd_log on
6.7..... Squid signals
Use any of the following with the squid binary and -k switch:
-k reconfigure
Sends a HUP signal, which causes Squid to re-read its
configuration files.
-k rotate
Sends an USR1 signal, which causes Squid to rotate its log
files. Note, if logfile_rotate is set to zero, Squid still
closes and re-opens all log files.
-k shutdown
Sends a TERM signal, which causes Squid to wait briefly for
current connections to finish and then exit. The amount of time
to wait is specified with shutdown_lifetime.
-k interrupt
Sends an INT signal, which causes Squid to shutdown immediately,
without waiting for current connections.
-k kill
Sends a KILL signal, which causes the Squid process to exit
immediately, without closing any connections or log files. Use
this only as a last resort.
-k debug
Sends an USR2 signal, which causes Squid to generate full
debugging messages until the next USR2 signal is recieved.
Obviously very useful for debugging problems.
-k check
Sends a ``ZERO'' signal to the Squid process. This simply
checks whether or not the process is actually running.
-------------------------------------------------------
7.....DNS
7.1..... Give private TTLs to hostnames
Its possible to have a TTL for both the db file and a private address
within the same db file. Add the TTL for the host BEFORE the IN A
record. eg.
cujo 3600 IN A 192.253.253.5 ; explicit TTL of 1 hour
Or alternatively in the same file:
$TTL 900
www IN CNAME live.tes.co.uk.
scotland IN A 62.189.42.19
prod IN A 194.200.153.107
$TTL 86400
secure CNAME ntfm147.facility.pipex.com.
dev.prod IN A 212.187.180.47
-------------------------------------------------------
8.....GENERAL COMMANDS
8.1..... SCCS checking
To check what particular changes were done on a file:
# sccs prs tesjobs | more
To see the differences between the old file and the new file:
# sccsdiff -r1.10 -r1.11 SCCS/s.tesjobs
To place a file under SCCS control after creating it:
# sccs create [filename]
8.2..... Hardwire
machine was an E220R, with no graphics card so therefore could only
use either (i)serial terminal (ii)connect on another machine with a
serial port and use tip. Normal screens cannot be used without a
graphics card and when it is installed it is only of one of 2 types.
Managed to get a null-modem cable and connect to my machine via serial
port a on both machines. First of all we had to edit /etc/remote
and make sure the following line was in there:
hardwirea:\
:dv=/dev/term/a:br#9600:el=^C^S^Q^U^D:ie=%$:oe=^D:
Then at the command prompt type: tip hardwirea
This didn't work initially, but after rebooting the E220R, it came up
ok. You can break out of a tip session with shift-tilda fullstop,
simulate a "break" sequence at the boot prom by shift-tilda hash and
get a list of all tip commands by shift-tilda question mark.
8.3..... Basic Calculator
# bc
-------------------------------------------------------
9.....APACHE
9.1..... RewriteRule
This is used where say, a dir under a webserver doesn't exist,
and you want to create a pseudo name so once it is typed into
the browsers URL, apache will be able to direct the request to
the correct place. Common in complex server applications with
database backends such as Vignette (Storyserver).
eg. say you wanted http://www.websitename.whatever/sport to
point to a particular section in the database. The following
would have to go into httpd.conf WITHIN the virtual host
configuration (if its a virtualhost):
NOTE: there is a ceiling of 256 rewrites on an individual server
#
# Rewrites go here NOT Redirects.
#
RewriteEngine on
# sport added 12/04/01, no expire - new section [sdavis]
RewriteRule ^/sport$ /sport/ [R]
RewriteRule ^/sport/$ /section/0,,4,00.html [PT]
# end of sport rewrite
If you wanted to add a subdir of a dir, say /features/foodanddrink
you would add it into the section between "end of sport rewrite" and
"/IfModule" above
eg. http://www.websitename.whatever/features/foodanddrink
# foodanddrink added 12/04/01, no expire - new section [sdavis]
RewriteRule ^/features/foodanddrink$ /features/foodanddrink/ [R]
RewriteRule ^/features/foodanddrink/$ /section/0,,73,00.html [PT]
# end of foodanddrink rewrite
9.2..... HTTP error codes
100 Continue
101 Switching Protocols
200 OK
201 Created
202 Accepted
203 Non-Authoritative Information
204 No Content
205 Reset Content
206 Partial Content
300 Multiple Choices
301 Moved Permanently
302 Moved Temporarily
303 See Other
304 Not Modified
305 Use Proxy
400 Bad Request
401 Unauthorized
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable
407 Proxy Authentication Required
408 Request Time-Out
409 Conflict
410 Gone
411 Length Required
412 Precondition Failed
413 Request Entity Too Large
414 Request-URL Too Large
415 Unsupported Media Type
500 Server Error
501 Not Implemented
502 Bad Gateway
503 Out of Resources
504 Gateway Time-Out
505 HTTP Version not supported
9.3..... V 1.3.19 changes
In eons passed you could do the following:-
ScriptAlias /cgi-bin /usr/local/apache/cgi-bin
Proxy / http://${host}:${port}/
Unfortunately this no longer works in 1.3.19, to get around this
we do some magic with mod_rewrite (option module)
RewriteEngine on
RewriteRule !^/cgi-bin http://db2:8083%{REQUEST_URI} [proxy]
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/thesun/"
9.4..... Increasing max server limit
Apache by defaults has a hard max server limit of 256, if this is easily
reached - you need to add the following to either the httpd.h
or in src/Configuration:
HARD_SERVER_LIMIT 2048
9.5..... Veiwing ssl certificate info
# openssl x509 -noout -text -in [name].crt
9.6..... Apache proxy config
ServerName webmail.newsint.co.uk
Redirect / http://webmail2.newsint.co.uk
ServerName webmail2.newsint.co.uk
ProxyRequests Off
ProxyPass / http://webmail2/
ErrorLog /var/log/apache/log/error_log
TransferLog /var/log/apache/log/access_log
ScriptAlias /cgi-bin "/usr/local/apache/cgi-bin/"
SetHandler default-handler
Options -ExecCGI
9.7..... Compiling apache + ssl + php
Will need the following tar files or equivelent:
mod_ssl-2.8.4-1.3.20.tar
openssl-engine-0.9.6a.tar
apache_1.3.20.tar
perl-5.005_03-sol7-sparc-local
php-4.0.5.tar
After untarring in your /usr/local/src, get about compiling and installing:
-compile up openssl as per instructions in INSTALL
# cd /usr/local/src/mod_ssl-2.8.4-1.3.20
# ./configure --with-apache=/usr/local/src/apache_1.3.20
# cd /usr/local/src/apache_1.3.20
# ./configure
# cd /usr/local/src/php-4.0.5
# CFLAGS='-O2 -I/usr/local/ssl/include' \
> ./configure \
> --with-apache=/usr/local/src/apache_1.3.20
# make
# make install
# cd /usr/local/src/apache_1.3.20
# SSL_BASE=/usr/local/ssl \
> ./configure \
> --enable-module=ssl --enable-shared=ssl\
> --activate-module=src/modules/php4/libphp4.a \
> --enable-module=php4 --enable-shared=php4 \
> --enable-module=headers --enable-shared=headers \
> --enable-module=expires --enable-shared=expires \
> --enable-module=rewrite --enable-shared=rewrite \
> --enable-module=speling --enable-shared=speling
# make
# make certificate TYPE=test CRT=/usr/local/apache KEY=/usr/local/apache
# make install
apache_1.3.20/ at time of writing, the latest version
mod_ssl-2.8.4-1.3.20/ The Mod_ssl apache module
php-4.0.5/
Php is just too useful not to use
patch-2.5.4/ Required for mod_ssl to patch against
apache
openssl-engine-0.9.6a/
openssl-0.9.6a/
OpenSSL - so mod_ssl can link against it
Firstly compile up both the openssl directories, basically doing the usual
./configure && make
Then compile up mod_ssl with the following:-
./configure --with-apache=../apache_1.3.20 \
--with-ssl \
--enable-shared=ssl
This will pull in the locations of the openssl stuff as well as tell mod_ssl
where to patch against apache.
Now compile and install apache with the following mystical commands:-
SSL_BASE=../openssl-0.9.6a ./configure \
--enable-module=most \
--enable-shared=max && make
This should make and install apache into /usr/local/apache - giving you
most of the modules as DSO (Dynamic Shared Objects) which makes it quite
easy to upgrade individual objects later - then we compile up php as another
DSO object.
cd php-4.0.5/
./configure --with-oci8=/u01/app/oracle/product/8.1.6 \
--with-apxs=/usr/local/apache/bin/apxs \
--enable-track-vars
make && make install
Now you should just need to do final config of apache and create a few
test files in the docroot - the following works quite well with php
# cat index.php
#
then start apache (to generate test ssl keys - follow mod_ssl's docs)
Now edit httpd.conf and add the following:
LoadModule speling_module libexec/mod_speling.so
LoadModule rewrite_module libexec/mod_rewrite.so
LoadModule expires_module libexec/mod_expires.so
LoadModule headers_module libexec/mod_headers.so
LoadModule ssl_module libexec/libssl.so
LoadModule php4_module libexec/libphp4.so
ClearModuleList
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
AddModule mod_speling.c
AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_expires.c
AddModule mod_headers.c
AddModule mod_so.c
AddModule mod_setenvif.c
AddModule mod_ssl.c
AddModule mod_php4.c
9.8..... Non caching tags and HEAD
To ensure private data is not cached, place the following in head:
You can view the head via telnetting to port 80:
# telnet vig-times 80
Trying 172.24.35.235...
Connected to vignette2.
Escape character is '^]'.
HEAD /crosswordClub/1,,63,00.html http/1.1
host: vig-times
HTTP/1.1 200 OK
Date: Wed, 27 Jun 2001 14:46:21 GMT
Server: Apache/1.3.9 (Unix) PHP/4.0.4pl1
Cache-Control: no-cache, no-store, private
Pragma: No-cache
Expires: Tue, 20 Jun 1995 04:13:09 GMT
Cache-Control: no-cache, private, max-age=0
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Connection: close
Content-Type: text/html
Connection closed by foreign host.
-------------------------------------------------------
10....VERITAS VOLUME MANAGER
10.1.... Installation
Had to install a E420R with a Photon StorEdge 5200
Firstly install the software from the cd as per instructions
vxinstall will do the honours after the cd install.
When the system comes back up, run the following command to
ensure that Veritas can see all the disks:
# /usr/sbin/vxdisk list
If it cannot, check your photon configuration and see if the
fibre cables are plugged into the correct channels at the back
of the Photon. BTW, you can run vxinstall over the top a
previous vxinstall, despite warnings.
In most cases, the mirrored disks will be in a group outside
rootdg which is the default. You can create the groups on the
fly using vxdiskadm. Mine held an Oracle db, so called the
group oradg.
Next mirror the disks. In my config, the disks in the array
were in a split loop and the fibre cables in the back were plugged
into the wrong channel. As a result, during the vxinstall the
backend disks weren't initialised, so had to do this manually
while mirroring.
First of all, enable vxdctl. This is the Volume Configuration
Daemon and interfaces between Volume Manager Commands and the
Kernel device drivers
# vxdctl enable
Next, we need to get VM to see the disk
# /etc/vx/bin/vxdisksetup -i [cxtxdx]
We then use vxdiskadm to initialise the disk and then add it to
its appropriate group
# vxdiskadm (select initialise, and then add to a group)
Then, make the primary volume/filesystem which you will mirror on
to your newly initialised disk. Note the disk name below is the
PRIMARY disk, ie the disk to BE mirrored.
# vxassist maxsize [cxtxdx] (gives us the max size for the next cmd)
Make the primary Volume/FS, the 35362816 is the max size result and
u01 is the name of the volume, it is also to be the name of the
partition to be mounted
# vxassist make u01 35362816 [cxtxdx]
Newfs the primary disk. The oradg was the name of our VM disk group,
as opposed to rootdg which was the default
# newfs -i 16384 -m 5 /dev/vx/rdsk/oradg/u01
Now mirror the second disk (the one previously initialised) onto the
primary disk (the disk in brackets is the secondary disk). Note,
you do not newfs the second disk. A straight up mirror of the first
disk is good enough. Alternatively you could make the primary disk,
mirror and then newfs u01
# vxassist mirror u01 [cxtxdx]
Make the directory to be mounted
# mkdir /u01
Mount the directory
# mount /dev/vx/dsk/oradg/u01 /u01
Just edit /etc/vfstab, reboot to be sure everything mounts ok
and you're done.
10.2.... Checking on disks
To check to see what the disks are doing:
# vxprint -Ath | more
or
# vxtask list -l
Show all disks within the groups
# vxdisk list
See if a group has come online
# vxdg list
Display the volume, plex and subdisk for all volumes
# vxprint -ht
Show unstartable volumes
# vxinfo
Print stats about VM objects and block devs under VM control
# vxstat
Display general information about all subdisks
# vxprint -st
Display complete information about a subdisk
# vxprint -l [subdisk namd]
Display detailed information about all plexes in the system
# vxprint -lp
List any free plexes
# vxprint -pt
List information on all volumes
# vxprint -vt
Show current tasks in Volume manager
# vxtask list
10.3.... Reattaching disks
If vxprint -ht shows disks as disabled or stale reporting no device
run the following and monitor from vxtask list
# vxreattach -rb
10.4.... Restarting vxrelocd and vxsparecheck
These often die in Volume Manager. The commands to restart them are
in the startup script /etc/rc2.d/S95vxvm-recover. Before you start
them up however, you'll have to ensure that they won't die when you
exit the shell. Basically, you have to tell the shell to ignore any
SIGHUP signals first. Do this by the following:
# trap '' 1
If you now type "trap", you'll see SIGHUP's are ignored
Then restart the daemons:
# export PATH=$PATH:/usr/lib/vxvm/bin:/sbin:/usr/sbin:/usr/bin
# vxrelocd volmgr_customers@it.newsint.co.uk &
# vxsparecheck root &
-------------------------------------------------------
11....HARDWARE
11.1.... Storage tape capacities
Tape Native Storage Compressed Storage
DLT4000 20 GB 40 GB
DLT7000 35 GB 80 GB
DDS-3 12 GB 24 GB
DDS-4 20 GB 40 GB
8MM STANDARD 7 GB 14 GB
8MM MAMMOTH 20 GB 40 GB
11.2.... Hardware
E4500 - db1 dbvlive1 dbvlive2
E3500 - int-srv1, int-srv2 db2 int-fir1 int-fir2
E420R - dtdb1 dtdb2
E220R - dtapp1 dtapp2
Ultra 5 - bvlfir1 bvlftp devproxy
Netra-t1 - dtweb1 dtweb2
-------------------------------------------------------
12....SENDMAIL
12.1.... Telnet to port 25
# telnet mta.excite.com 25
>>> HELO mta.excite.com
>>> MAIL From:
>>> RCPT To:
>>> DATA
>>> .
>>> QUIT
12.2.... Process the mail queue
# /usr/lib/sendmail -v -q