re-ip on solaris server howto – change ip netmask defaultrouter gateway

May 18th, 2012 4 views  No comments

To change ip/netmask/defaultrouter/gateway on solaris 10 or solaris 9 server permanently, you need care for files below:

/etc/hosts -> /etc/inet/hosts
/etc/hostname.<tags of your interface>
/etc/inet/netmasks
/etc/defaultrouter

Let’s assume that the new ip address is 101.139.1.151, new netmask is 255.255.254.0, new gateway is 101.139.1.254, new broadcast address is 101.139.1.255, here goes the steps:
1)change /etc/hosts(or /etc/inet/hosts which of them are the same file)
101.139.1.151 <tag for your server’s ip address>

2)change defaultrouter in /etc/defaultrouter:
101.139.1.254 /etc/defaultrouter

3)change /etc/hostname.<tags of your interface>(this step may not needed):

4)change netmask in /etc/inet/netmasks:
You’ll need first calculate network address from the given ipaddress(101.139.1.151) and netmask address(255.255.254.0). You can calculate it by hand(refer to this article http://www.doxer.org/learn-linux/basic-knowledge-for-netmask-hexadecimal-decimal-binary-netmask-cidr-calculator/), but I would prefer to use ipcalc:
[root@doxer~]# ipcalc -pnbm 101.139.1.151 255.255.254.0
NETMASK=255.255.254.0
PREFIX=23
BROADCAST=101.139.1.255
NETWORK=101.139.0.0

So from the output, you’d know that the network address is 101.139.0.0. Then add a line to /etc/inet/netmasks with format <network address> <netmask address>:
101.139.0.0 255.255.254.0

PS:
If you need change ip/netmask using ifconfig temporarily on solaris, use the following command:
ifconfig qfe1 101.139.1.151 netmask 255.255.254.0 broadcast + up

5)Now reboot your server and then use ifconfig -a and netstat -rnv to confirm everything is working as expected.

PS:
If you encounter errors below when booting solaris, then there may be some problem with network configuration on your host. Consider going to single user mode and change networking configuration detailed in this article.

Setting /dev/arp arp_cleanup_interval to 60000
Setting /dev/ip ip_forward_directed_broadcasts to 0
Setting /dev/ip ip_forward_src_routed to 0
Setting /dev/ip ip_ignore_redirect to 1
Setting /dev/ip ip_respond_to_address_mask_broadcast to 0
Setting /dev/ip ip_respond_to_echo_broadcast to 0
Setting /dev/ip ip_respond_to_timestamp to 0
Setting /dev/ip ip_respond_to_timestamp_broadcast to 0
Setting /dev/ip ip_send_redirects to 0
Setting /dev/ip ip_strict_dst_multihoming to 1
Setting /dev/ip ip_def_ttl to 255
Setting /dev/tcp tcp_conn_req_max_q0 to 4096
Setting /dev/tcp tcp_conn_req_max_q to 1024
Setting /dev/tcp tcp_smallest_anon_port to 32768
Setting /dev/tcp tcp_largest_anon_port to 65535
Setting /dev/udp udp_smallest_anon_port to 32768
Setting /dev/udp udp_largest_anon_port to 65535
Setting /dev/tcp tcp_smallest_nonpriv_port to 1024
Setting /dev/udp udp_smallest_nonpriv_port to 1024
Setting /dev/ip ip_ire_arp_interval to 60000
Setting /dev/tcp tcp_extra_priv_ports_add to 6112
Setting /dev/tcp tcp_rev_src_routes to 0

Categories: Networking, Networking Security, Unix Tags:

what is fence or fencing device

May 16th, 2012 17 views  No comments

To understand what is fencing device, you need first know something about split-brian condition. read here for info: http://linux-ha.org/wiki/Split_Brain

Here’s is something about what fence device is:

Fencing is the disconnection of a node from shared storage. Fencing cuts off I/O from shared storage, thus ensuring data integrity. A fence device is a hardware device that can be used to cut a node off from shared storage. This can be accomplished in a variety of ways: powering off the node via a remote power switch, disabling a Fibre Channel switch port, or revoking a host’s SCSI 3 reservations. A fence agent is a software program that connects to a fence device in order to ask the fence device to cut off access to a node’s shared storage (via powering off the node or removing access to the shared storage by other means).

And here’s an article about I/O fencing using SCSI-3 Persistent Reservations in the configuration of SF Oracle RAC: http://sfdoccentral.symantec.com/sf/5.0/solaris64/html/sf_rac_install/sfrac_intro13.html

Categories: HA & HP, Hardware, Storage Tags:

differences between freezing vcs system and freezing service group

May 16th, 2012 16 views  No comments

In veritas vcs, freezing a system prevents service groups from coming online on the system if they failover from another node in the cluster. But this does not prevent faults from failing any service group already online on the system.

To prevent veritas intervention on faults caused by expected changes (even if the symptoms are unexpected) we would usually freeze the service group. This prevents any online/clean or restart operation kicking in on detection of faults.

After your modification on vcs, you need check that resources are not autodisabled and make sure that the config is made ro again.

Here’s the step to freeze service group(s) in vcs:
/opt/VRTS/bin/haconf -makerw
mkdir /var/tmp/veritas_config_backup_`date +%F`
cp -R /etc/VRTSvcs /var/tmp/veritas_config_backup_`date +%F`
/opt/VRTS/bin/hagrp -freeze $i -persistent
/opt/VRTS/bin/haconf -dump -makero

Categories: HA & HP Tags: ,

change ldap client to bind to another ldap server

May 10th, 2012 30 views  No comments

If you want to change ldap client(linux) to bind to another ldap server, here’s the basic steps for you:

1.update /etc/ldap.conf to change where sudoers is authenticating(note that /etc/ldap.conf will only control sudoers)
From:
uri ldap://ldapserver1/ ldap://ldapserver2/
To:
uri ldap://ldapserver2/ ldap://ldapserver1/

2.update /etc/openldap/ldap.conf to change where logins are authenticating
From:
uri ldap://ldapserver1/ ldap://ldapserver2/
To:
uri ldap://ldapserver2/ ldap://ldapserver1/

3.restart nscd
/etc/init.d/nscd restart

NB:

For ldap client which is running solaris, you’ll need to know something about commands ldap_cachemgr, ldapclient and their mechanism.

Categories: Security Tags:

basic knowledge for netmask hexadecimal decimal binary netmask cidr calculator

May 3rd, 2012 68 views  No comments

Firstly, let’s get familiar with hexadecimal/decimal/binary in netmask linux/windows netmask like FF.FF.FF.FE or 255.255.255.254 or 11111111.11111111.11111111.11111110 which of them are identical.

F(hexadecimal) equals 15(decimal) and 1111(binary), E(hexadecimal) equals 14(decimal) and 1110(binary). Converts every F to 1111 and E to 1110, so FF.FF.FF.FE will turn out to be 11111111.11111111.11111111.11111110. As 11111111(binary) equals 255(decimal) and 11111110(binary) equals 254(decimal) so 11111111.11111111.11111111.11111110 will be 255.255.255.254. As there’s only 1 bit for host and there’s 31 bits for network, so CIDR for FF.FF.FF.FE will be xxx.xxx.xxx.xxx/31.

Then, let’s talk about relationship between ip address/netmask/network address/broadcast address/max hosts in one subnet

Given ip address and netmask address, we can calculate this ip’s network address, broadcast address, max hosts in this network with the same netmask in this specified subnet. For example, if ip is 192.168.1.28, netmask is 255.255.255.240, then 256-240=16(means there’ll be at most 16 hosts), as 192.168.1.28 belongs to ip range of 192.168.1.16 ~ 192.168.1.32, so it means that 192.168.1.28 has network address 192.168.1.16 and broadcast address 192.168.1.31.(network address must be the first address in the available subnet address and must in whole number multiples which is 16, 256-240=16)
NB:
  • We can confirm example above with the help of ipcalc(which is installed by default under RHEL / CentOS / Fedora Linux using initscripts package):

doxer@doxer ~ $ ipcalc -c 192.168.1.28/255.255.255.240 #or you can use ipcalc -pnbm 192.168.1.28 255.255.255.240
Address: 192.168.1.28 11000000.10101000.00000001.0001 1100
Netmask: 255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard: 0.0.0.15 00000000.00000000.00000000.0000 1111
=>
Network: 192.168.1.16/28 11000000.10101000.00000001.0001 0000
HostMin: 192.168.1.17 11000000.10101000.00000001.0001 0001
HostMax: 192.168.1.30 11000000.10101000.00000001.0001 1110
Broadcast: 192.168.1.31 11000000.10101000.00000001.0001 1111
Hosts/Net: 14 Class C, Private Internet

  • here’s a url which has some common SubNet Mask <-> Hex SubNet Mask <-> CIDR <-> Bit Mask <-> Quantity in Range

http://www.shorewall.com.au/contrib/IPSubNetMask.html

Categories: Life, Networking, Networking Security Tags:

ilom or alom ip address reassignment howto

May 3rd, 2012 45 views  No comments

Here’s steps to reassign ip address for ilom or alom system console(out of band access):

  • log on destination host’s system console through the system’s console port address or jump from KVM which connects the host
  • after log on system console, run showsc to confirm before starting, for example on my host:

doxer_con> showsc
Advanced Lights Out Manager CMT v1.1.8

parameter value
——— —–
if_network true
if_modem false
if_emailalerts true
netsc_dhcp false
netsc_ipaddr 192,168.52.164
netsc_ipnetmask 255.255.255.0
netsc_ipgateway 192,168.52.254
mgt_mailhost 172.20.2.231
mgt_mailalert(1) systemsadminlogs@doxer.org 2
sc_customerinfo doxer
sc_escapechars #.
sc_powerondelay true
sc_powerstatememory false
sc_clipasswdecho true
sc_cliprompt doxer_con
sc_clitimeout 0
sc_clieventlevel 3
sc_backupuserdata true
diag_trigger power-on-reset error-reset
diag_verbosity normal
diag_level min
diag_mode normal
sys_autorunonerror false
ser_baudrate 9600
ser_parity none
ser_stopbits 1
ser_data 8
netsc_enetaddr 00:14:4f:7e:24:59
sys_enetaddr 00:14:4f:7e:24:50
doxer_con>

  • Now do the actual setting according to your need:

setsc netsc_ipaddr
setsc netsc_ipnetmask
setsc netsc_ipgateway
setsc if_connection ssh

  • confirm everything is what you want with showsc
  • Now reset the system controller with resetsc -y to make it take effect
  • Once the ILO has rebooted check that you can ssh to it and login as usual

NB:

For more info about alom/ilom/openboot prom commands, please read here alom/ilom/openboot prom commands help

Categories: Hardware, Servers, Unix Tags: , ,