change mysql proxy agent max-open-files

September 24th, 2012

Change Step details
==============
1. Stop both the mysql service and mysql proxy agent on the SLAVE mysql host  using the startup script command:
sudo /etc/init.d/mysql stop
2. Change the user context to mysql user with the command:
sudo su - mysql
3. Update the mysql proxy agent configuration file "/apps/mysql/agent/etc/mysql-monitor-agent.ini", add a new line like below at the end of the file:
max-open-files = 8192
4. Under ROOT user context, update the mysql stratup script file "/etc/init.d/mysql", replace all the existing content there with the content below:
#!/bin/ksh
# chkconfig: 345 90 02
# description: MySQL startup
/apps/mysql/install/support-files/mysql.server $*
/apps/mysql/agent/etc/init.d/mysql-monitor-agent $*

5. Under ROOT user context, execute the command:
chkconfig --add mysql
6. Start both the mysql service and mysql proxy agent on the SLAVE mysql host using the startup script command:
sudo /etc/init.d/mysql start
7. Repeat the step#1 to #7 on the other MASTER mysql host

Categories: Databases, IT Architecture, MySQL DB Tags:

lvm snapshot backup

September 20th, 2012

Here are the updated steps for LVM snapshot backup.

# determine available space.

sudo vgs | awk '/VolGroup/ {print $NF}'

# create snapshots, 1Gb should be enough but if you really struggle you can try even smaller cause it will only have to hold the delta between now and when you destroy them.

sudo lvcreate -L 1G -s -n rootLVsnap VolGroup00/rootLV

sudo lvcreate -L 1G -s -n varLVsnap VolGroup00/varLV

# create the FS for backups. allocate as much space as you have. last-resort: use NFS.

sudo lvcreate -n OSbackup -L 5G VolGroup00

sudo mkfs -t ext3 /dev/VolGroup00/OSbackup

sudo mkdir /OSbackup

sudo mount /dev/VolGroup00/OSbackup /OSbackup

# create a backup of root

# gzip is important. if you are really tight on space, try gzip -9 or even bzip2

sudo dd if=/dev/VolGroup00/rootLVsnap bs=1M | sudo sh -c 'gzip -c > /OSbackup/root.dd.gz'

# now, remove root snapshot and extend backup fs

sudo lvremove VolGroup00/rootLVsnap

sudo lvextend -L +1G VolGroup00/OSbackup

sudo resize2fs /dev/VolGroup00/OSbackup

# backup var

sudo dd if=/dev/VolGroup00/varLVsnap bs=1M | sudo sh -c 'gzip -c > /OSbackup/var.dd.gz'

sudo lvremove VolGroup00/varLVsnap

# backup boot

cd /boot; sudo tar -pczf /OSbackup/boot.tar.gz .

# unmount the fs and destroy mountpoint

sudo umount /OSbackup

sudo rmdir /OSbackup

PS: Here's more info http://www.howtoforge.com/linux_lvm_snapshots

Categories: Hardware, Storage Tags:

resolved – bnx2i dev eth0 does not support iscsi

September 19th, 2012

There's a weird incident occurred on a linux box. The linux box turned not responsible to ping or ssh, although from ifconfig and /proc/net/bonding/bond0 file, the system said it's running ok. After some google work, I found that the issue may related to the NIC driver. I tried bring down/bring up NICs one by one, but got error:

Bringing up loopback interface bond0: bnx2i: dev eth0 does not support iscsi

bnx2i: iSCSI not supported, dev=eth0

bonding: no command found in slaves file for bond bond0. Use +ifname or -ifname

At last, I tried restart the whole network i.e. /etc/init.d/network restart. And that did the trick, the networking was then running ok and can ping/ssh to it without problem.

resolved – how to check nfs version in linux

September 11th, 2012

To know nfs version in linux/solaris:

  • On the nfs server side, you can run a nfsstat -s to check. The used version of nfs will have data summary other than 0% ones, as the following:

root@doxer.org# nfsstat -s
Server rpc stats:
calls badcalls badauth badclnt xdrcall
28 0 0 0 0

Server nfs v3:
null getattr setattr lookup access readlink
3 11% 4 14% 0 0% 1 3% 4 14% 0 0%
read write create mkdir symlink mknod
0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
remove rmdir rename link readdir readdirplus
0 0% 0 0% 0 0% 0 0% 0 0% 2 7%
fsstat fsinfo pathconf commit
9 33% 4 14% 0 0% 0 0%

  • On the nfs server, we can also have a checking on what versions(2/3/4) and transport protocols(tcp/udp) the nfs supported with the command "rpcinfo -p localhost|grep nfs":

 

root@doxer# rpcinfo -p localhost|grep nfs
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs

 

  • On the nfs client hosts, you can run a nfsstat -c to check the version the client is using. As always, the used version of nfs will have data summary other than 0% ones, as the following:

root@doxer.org# nfsstat -c

Client rpc:
Connection oriented:
calls badcalls badxids timeouts newcreds badverfs
1219760 322812 0 0 0 0
timers cantconn nomem interrupts
0 322808 0 0
Connectionless:
calls badcalls retrans badxids timeouts newcreds
0 0 0 0 0 0
badverfs timers nomem cantsend
0 0 0 0

Client nfs:
calls badcalls clgets cltoomany
753081 28 753081 0
Version 2: (0 calls)
null getattr setattr root lookup readlink
0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
read wrcache write create remove rename
0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
link symlink mkdir rmdir readdir statfs
0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
Version 3: (748700 calls)
null getattr setattr lookup access readlink
0 0% 140588 18% 61939 8% 184611 24% 150266 20% 8 0%
read write create mkdir symlink mknod
35415 4% 58540 7% 11703 1% 562 0% 248 0% 0 0%
remove rmdir rename link readdir readdirplus
3264 0% 0 0% 9 0% 0 0% 1165 0% 1219 0%
fsstat fsinfo pathconf commit
33435 4% 7160 0% 3309 0% 55259 7%

Client nfs_acl:
Version 2: (0 calls)
null getacl setacl getattr access
0 0% 0 0% 0 0% 0 0% 0 0%
Version 3: (4382 calls)
null getacl setacl
0 0% 4382 100% 0 0%

  • Also, you can run nfsstat -m on nfs client hosts to print information about each of the mounted NFS file systems(the output info has nfs version indicated also):

root@doxer.org # nfsstat -m
/apps/uriman/tmp from doxer:/export/was/trncsc_cell_urimantmp
Flags: vers=3,proto=tcp,sec=none,hard,intr,link,symlink,acl,rsize=32768,wsize=32768,retrans=5,timeo=600
Attr cache: acregmin=3,acregmax=60,acdirmin=30,acdirmax=60

PS:

  • Here's more about output analytic of nfsstat:

The client- and server-side implementations of NFS compile per-call statistics of NFS service usage at both the RPC and application layers. nfsstat -c displays the client-side statistics while nfsstat -s shows the server tallies. With no arguments, nfsstat prints out both sets of statistics:

Code View: Scroll / Show All

% nfsstat -s
Server rpc:
Connection oriented:
calls badcalls nullrecv badlen xdrcall dupchecks
10733943 0 0 0 0 1935861
dupreqs
0
Connectionless:
calls badcalls nullrecv badlen xdrcall dupchecks
136499 0 0 0 0 0
dupreqs
0

Server nfs:
calls badcalls
10870161 14
Version 2: (1716 calls)
null getattr setattr root lookup readlink
48 2% 0 0% 0 0% 0 0% 1537 89% 13 0%
read wrcache write create remove rename
0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
link symlink mkdir rmdir readdir statfs
0 0% 0 0% 0 0% 0 0% 111 6% 7 0%
Version 3: (10856042 calls)
null getattr setattr lookup access readlink
136447 1% 4245200 39% 95412 0% 1430880 13% 2436623 22% 74093 0%
read write create mkdir symlink mknod
376522 3% 277812 2% 165838 1% 25497 0% 24480 0% 0 0%
remove rmdir rename link readdir readdirplus
359460 3% 33293 0% 8211 0% 69484 0% 69898 0% 876367 8%
fsstat fsinfo pathconf commit
1579 0% 7698 0% 4253 0% 136995 1%
Server nfs_acl:
Version 2: (2357 calls)
null getacl setacl getattr access
0 0% 5 0% 0 0% 2170 92% 182 7%
Version 3: (10046 calls)
null getacl setacl
0 0% 10039 99% 7 0%

 

The server-side RPC fields indicate if there are problems removing the packets from the NFS service end point. The kernel reports statistics on connection-oriented RPC and connectionless RPC separately. The fields detail each kind of problem:

calls
The NFS calls value represents the total number of NFS Version 2, NFS Version 3, NFS ACL Version 2 and NFS ACL Version 3 RPC calls made to this server from all clients. The RPC calls value represents the total number of NFS, NFS ACL, and NLM RPC calls made to this server from all clients. RPC calls made for other services, such as NIS, are not included in this count.
badcalls
These are RPC requests that were rejected out of hand by the server's RPC mechanism, before the request was passed to the NFS service routines in the kernel. An RPC call will be rejected if there is an authentication failure, where the calling client does not present valid credentials.
nullrecv
Not used in Solaris. Its value is always 0.
badlen/xdrcall
The RPC request received by the server was too short (badlen) or the XDR headers in the packet are malformed (xdrcall ). Most likely this is due to a malfunctioning client. It is rare, but possible, that the packet could have been truncated or damaged by a network problem. On a local area network, it's rare to have XDR headers damaged, but running NFS over a wide-area network could result in malformed requests. We'll look at ways of detecting and correcting packet damage on wide-area networks in Section 18.4.
dupchecks/dupreqs
The dupchecksfield indicates the number of RPC calls that were looked up in the duplicate request cache. The dupreqs field indicates the number of RPC calls that were actually found to be duplicates. Duplicate requests occur as a result of client retransmissions. A large number of dupreqs usually indicates that the server is not replying fast enough to its clients. Idempotent requests can be replayed without ill effects, therefore not all RPCs have to be looked up on the duplicate request cache. This explains why the dupchecks field does not match the calls field.

The statistics for each NFS version are reported independently, showing the total number of NFS calls made to this server using each version of the protocol. A version-specific breakdown by procedure of the calls handled is also provided. Each of the call types corresponds to a procedure within the NFS RPC and NFS_ACL RPC services.

The null procedure is included in every RPC program for pinging the RPC server. The null procedure returns no value, but a successful return from a call to null ensures that the network is operational and that the server host is alive. rpcinfo calls the null procedure to check RPC server health. The automounter (see Chapter 9) calls the null procedure of all NFS servers in parallel when multiple machines are listed for a single mount point. The automounter and rpcinfo should account for the total null calls reported by nfsstat.

Client-side RPC statistics include the number of calls of each type made to all servers, while the client NFS statistics indicate how successful the client machine is in reaching NFS servers:

Code View: Scroll / Show All

% nfsstat -c
Client rpc:
Connection oriented:
calls badcalls badxids timeouts newcreds badverfs
1753584 1412 18 64 0 0
timers cantconn nomem interrupts
0 1317 0 18
Connectionless:
calls badcalls retrans badxids timeouts newcreds
12443 41 334 80 166 0
badverfs timers nomem cantsend
0 4321 0 206

Client nfs:
calls badcalls clgets cltoomany
1661217 23 1661217 3521
Version 2: (234258 calls)
null getattr setattr root lookup readlink
0 0% 37 0% 0 0% 0 0% 184504 78% 811 0%
read wrcache write create remove rename
49 0% 0 0% 24301 10% 3 0% 2 0% 0 0%
link symlink mkdir rmdir readdir statfs
0 0% 0 0% 12 0% 12 0% 24500 10% 27 0%
Version 3: (1011525 calls)
null getattr setattr lookup access readlink
0 0% 417691 41% 14598 1% 223609 22% 47438 4% 695 0%
read write create mkdir symlink mknod
56347 5% 221334 21% 1565 0% 106 0% 48 0% 0 0%
remove rmdir rename link readdir readdirplus
807 0% 14 0% 676 0% 24 0% 475 0% 5204 0%
fsstat fsinfo pathconf commit
8 0% 10612 1% 95 0% 10179 1%

Client nfs_acl:
Version 2: (411477 calls)
null getacl setacl getattr access
0 0% 181399 44% 0 0% 185858 45% 44220 10%
Version 3: (3957 calls)
null getacl setacl
0 0% 3957 100% 0 0%

 

In addition to the total number of NFS calls made and the number of rejected NFS calls (badcalls), the client-side statistics indicate if NFS calls are being delayed due to a lack of client RPC handles. Client RPC handles are opaque pointers used by the kernel to hold server connection information. In SunOS 4.x, the number of client handles was fixed, causing the NFS call to block until client handles became available. In Solaris, client handles are allocated dynamically. The kernel maintains a cache of up to 16 client handles, which are reused to speed up communication with the server. The clgets count indicates the number of times a client handle has been requested. If the NFS call cannot find an unused client handle in the cache, it will not block until one frees up. Instead, it will create a brand new client handle and proceed. This count is reflected by cltoomany. The client handle is destroyed when the reply to the NFS call arrives. This count is of little use to system administrators since nothing can be done to increase the cache size and reduce the number of misses.

Included in the client RPC statistics are counts for various failures experienced while trying to send NFS requests to a server:

calls
Total number of calls made to all NFS servers.
badcalls
Number of RPC calls that returned an error. The two most common RPC failures are timeouts and interruptions, both of which increment the badcalls counter. The connection-oriented RPC statistics also increment the interrupts counter. There is no equivalent counter for connectionless RPC statistics. If a server reply is not received within the RPC timeout period, an RPC error occurs. If the RPC call is interrupted, as it may be if a filesystem is mounted with the intr option, then an RPC interrupt code is returned to the caller. nfsstat also reports the badcalls count in the NFS statistics. NFS call failures do not include RPC timeouts or interruptions, but do include other RPC failures such as authentication errors (which will be counted in both the NFS and RPC level statistics).
badxids
The number of bad XIDs. The XID in an NFS request is a serial number that uniquely identifies the request. When a request is retransmitted, it retains the same XID through the entire timeout and retransmission cycle. With the Solaris multithreaded kernel, it is possible for the NFS client to have several RPC requests outstanding at any time, to any number of NFS servers. When a response is received from an NFS server, the client matches the XID in the response to an RPC call in progress. If an XID is seen for which there is no active RPC call — because the client already received a response for that XID — then the client increments badxid. A high badxid count, therefore, indicates that the server is receiving some retransmitted requests, but is taking a long time to reply to all NFS requests. This scenario is explored in Section 18.1.
timeouts
Number of calls that timed out waiting for a server's response. For hard-mounted filesystems, calls that time out are retransmitted, with a new timeout period that may be longer than the previous one. However, calls made on soft-mounted filesystems may eventually fail if the retransmission count is exceeded, so that the call counts obey the relationship:

timeout + badcalls >= retrans

 

The final retransmission of a request on a soft-mounted filesystem increments badcalls (as previously explained). For example, if a filesystem is mounted with retrans=5, the client reissues the same request five times before noting an RPC failure. All five requests are counted in timeout, since no replies are received. Of the failed attempts, four are counted in the retrans statistic and the last shows up in badcalls.

newcreds
Number of times client authentication information had to be refreshed. This statistic only applies if a secure RPC mechanism has been integrated with the NFS service.
badverfs
Number of times server replies could not be authenticated. The number of times the client could not guarantee that the server was who it says it was. These are likely due to packet retransmissions more than security breaches, as explained later in this section.
timers
Number of times the starting RPC call timeout value was greater than or equal to the minimum specified timeout value for the call. Solaris attempts to dynamically tune the initial timeout based on the history of calls to the specific server. If the server has been sluggish in its reponse to this type of RPC call, the timeout will be greater than if the server had been replying normally. It makes sense to wait longer before retransmitting for the first time, since history indicates that this server is slow to reply. Most client implementations use an exponential back-off strategy that doubles or quadruples the timeout after each retransmission up to an implementation-specific limit.
cantconn
Number of times a connection-oriented RPC call failed due to a failure to establish a connection to the server. The reasons why connections cannot be created are varied; one example is the server may not be running the nfsd daemon.
nomem
Number of times a call failed due to lack of resources. The host is low in memory and cannot allocate enough temporary memory to handle the request.
interrupts
Number of times a connection-oriented RPC call was interrupted by a signal before completing. This counter applies to connection-oriented RPC calls only. Interrupted connection and connectionless RPC calls also increment badcalls.
retrans
Number of calls that were retransmitted because no response was received from the NFS server within the timeout period. This is only reported for RPC over connectionless transports. An NFS client that is experiencing poor server response will have a large number of retransmitted calls.

cantsend
Number of times a request could not be sent. This counter is incremented when network plumbing problems occur. This will mostly occur when no memory is available to allocate buffers in the various network layer modules, or the request is interrupted while the client is waiting to queue the request downstream. Thenomem and interrupts counters report statistics encountered in the RPC software layer, while the cantsend counter reports statistics gathered in the kernel TLI layer.

The statistics shown by nfsstat are cumulative from the time the machine was booted, or the last time they were zeroed using nfsstat -z:

nfsstat -z Resets all counters.
nfsstat -sz Zeros server-side RPC and NFS statistics.
nfsstat -cz Zeros client-side RPC and NFS statistics.

nfsstat -crz Zeros client-side RPC statistics only.

 

Only the superuser can reset the counters.

nfsstat provides a very coarse look at NFS activity and is limited in its usefulness for resolving performance problems. Server statistics are collected for all clients, while in many cases it is important to know the distribution of calls from each client. Similarly, client-side statistics are aggregated for all NFS servers.

However, you can still glean useful information from nfsstat. Consider the case where a client reports a high number of bad verifiers. The high badverfs count is most likely an indication that the client is having to retransmit its secure RPC requests. As explained in Section 12.1, every secure RPC call has a unique credential and verifier with a unique timestamp (in the case of AUTH_DES) or a unique sequence number (in the case of RPCSEC_GSS). The client expects the server to include this verifier (or some form of it) in its reply, so that the client can verify that it is indeed obtaining the reply from the server it called.

Consider the scenario where the client makes a secure RPC call using AUTH_DES, using timestamp T1 to generate its verifier. If no reply is received within the timeout period, the client retransmits the request, using timestamp T1+delta to generate its verifier (bumping up the retrans count). In the meantime, the server replies to the original request using timestamp T1 to generate its verifier:

Code View: Scroll / Show All

RPC call (T1) --->
** time out **
RPC call (retry: T1+delta) --->
<--- Server reply to first RPC call (T1 verifier)

 

The reply to the client's original request will cause the verifier check to fail because the client now expects T1+delta in the verifier, not T1. This consequently bumps up thebadverf count. Fortunately, the Solaris client will wait for more replies to its retransmissions and, if the reply passes the verifier test, an NFS authentication error will be avoided. Bad verifiers are not a big problem, unless the count gets too high, especially when the system starts experiencing NFS authentication errors. Increasing the NFS timeoon the mount or automounter map may help alleviate this problem. Note also that this is less of a problem with TCP than UDP. Analysis of situations such as this will be the focus of Section 16.1Chapter 17, and Chapter 18.

For completeness, we should mention that verifier failures can also be caused when the security content expires before the response is received. This is rare but possible. It usually occurs when you have a network partition that is longer than the lifetime of the security context. Another cause might be a significant time skew between the client and server, as well as a router with a ghost packet stored, that fires after being delayed for a very long time. Note that this is not a problem with TCP.

solaris ipmp bonding experiment

August 17th, 2012

root@doxer.org ~ # cat /etc/hosts
#
# Internet host table
#
::1 localhost
127.0.0.1 localhost
10.240.3.221 host1-e1000g2
10.240.3.223 host1-e1000g3
10.240.3.222 host1

root@doxer.org ~ # cat /etc/hostname.e1000g2
host1-e1000g2 group bak deprecated -failover netmask + broadcast + up
addif host1 netmask + broadcast + up
root@doxer.org ~ #
root@doxer.org ~ # cat /etc/hostname.e1000g3
host1-e1000g3 group bak deprecated -failover standby netmask + broadcast + up
root@doxer.org ~ #
root@doxer.org ~ # cat /etc/default/mpathd
#
#pragma ident "@(#)mpathd.dfl 1.2 00/07/17 SMI"
#
# Time taken by mpathd to detect a NIC failure in ms. The minimum time
# that can be specified is 100 ms.
#
FAILURE_DETECTION_TIME=10000
#
# Failback is enabled by default. To disable failback turn off this option
#
FAILBACK=yes
#
# By default only interfaces configured as part of multipathing groups
# are tracked. Turn off this option to track all network interfaces
# on the system
#
TRACK_INTERFACES_ONLY_WITH_GROUPS=yes

 

After this, reboot host(ensure /usr/lib/inet/in.mpathd is running)

root@doxer.org ~ # ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.240.3.206 netmask ffffff00 broadcast 10.240.3.255
ether 0:c:29:d3:d1:68
e1000g2: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER > mtu 1500 index 3
inet 10.240.3.221 netmask ff000000 broadcast 10.255.255.255
groupname bak
ether 0:c:29:d3:d1:86
e1000g2:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 10.240.3.222 netmask ff000000 broadcast 10.255.255.255
e1000g3: flags=69040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVE R,STANDBY,INACTIVE> mtu 1500 index 4
inet 10.240.3.223 netmask ff000000 broadcast 10.255.255.255
groupname bak
ether 0:c:29:d3:d1:90
root@doxer.org ~ # if_mpadm -d e1000g2 #(detach or offline an interface. a networking blip will occur here, but soon recover itself)
root@doxer.org ~ #
root@doxer.org ~ # ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.240.3.206 netmask ffffff00 broadcast 10.240.3.255
ether 0:c:29:d3:d1:68
e1000g2: flags=89040842<BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,OFFLINE> mtu 1500 index 3
inet 10.240.3.221 netmask ff000000 broadcast 10.255.255.255
groupname bak
ether 0:c:29:d3:d1:86
e1000g3: flags=29040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,STANDBY> mtu 1500 index 4
inet 10.240.3.223 netmask ff000000 broadcast 10.255.255.255
groupname bak
ether 0:c:29:d3:d1:90
e1000g3:1: flags=21000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,STANDBY> mtu 1500 index 4
inet 10.240.3.222 netmask ff000000 broadcast 10.255.255.255
root@doxer.org ~ # if_mpadm -r e1000g2 #(reattach or online an interface that has been offlined with -d)
root@doxer.org ~ # tail /var/adm/messages
Aug 17 03:31:11 doxer.org at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
Aug 17 03:31:11 doxer.org ... 34 more
Aug 17 03:31:11 doxer.org root: [ID 702911 user.crit] => com.sun.patchpro.cli.PatchServices@910040 <=Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Aug 17 03:31:11 doxer.org at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
Aug 17 03:31:11 doxer.org at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
Aug 17 03:31:11 doxer.org at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
Aug 17 03:31:11 doxer.org ... 34 more
Aug 17 03:44:57 doxer.org snmpXdmid: [ID 290637 daemon.error] Unable to connect to snmpdx
Aug 17 04:17:19 doxer.org in.mpathd[188]: [ID 832587 daemon.error] Successfully failed over from NIC e1000g2 to NIC e1000g3
Aug 17 04:17:48 doxer.org in.mpathd[188]: [ID 620804 daemon.error] Successfully failed back to NIC e1000g2
root@doxer.org ~ # ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.240.3.206 netmask ffffff00 broadcast 10.240.3.255
ether 0:c:29:d3:d1:68
e1000g2: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 3
inet 10.240.3.221 netmask ff000000 broadcast 10.255.255.255
groupname bak
ether 0:c:29:d3:d1:86
e1000g2:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 10.240.3.222 netmask ff000000 broadcast 10.255.255.255
e1000g3: flags=69040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,STANDBY,INACTIVE> mtu 1500 index 4
inet 10.240.3.223 netmask ff000000 broadcast 10.255.255.255
groupname bak
ether 0:c:29:d3:d1:90
root@doxer.org ~ # ifconfig e1000g2 down
root@doxer.org ~ # ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.240.3.206 netmask ffffff00 broadcast 10.240.3.255
ether 0:c:29:d3:d1:68
e1000g2: flags=9040842<BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 3
inet 10.240.3.221 netmask ff000000 broadcast 10.255.255.255
groupname bak
ether 0:c:29:d3:d1:86
e1000g2:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 10.240.3.222 netmask ff000000 broadcast 10.255.255.255
e1000g3: flags=69040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,STANDBY,INACTIVE> mtu 1500 index 4
inet 10.240.3.223 netmask ff000000 broadcast 10.255.255.255
groupname bak
ether 0:c:29:d3:d1:90
root@doxer.org ~ # ping 10.240.3.221
^C
root@doxer.org ~ # ping 10.240.3.223
10.240.3.223 is alive
root@doxer.org ~ # ifconfig e1000g2 up
root@doxer.org ~ #
root@doxer.org ~ #
root@doxer.org ~ # tail /var/adm/messages
Aug 17 03:31:11 doxer.org ... 34 more
Aug 17 03:31:11 doxer.org root: [ID 702911 user.crit] => com.sun.patchpro.cli.PatchServices@910040 <=Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Aug 17 03:31:11 doxer.org at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
Aug 17 03:31:11 doxer.org at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
Aug 17 03:31:11 doxer.org at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
Aug 17 03:31:11 doxer.org ... 34 more
Aug 17 03:44:57 doxer.org snmpXdmid: [ID 290637 daemon.error] Unable to connect to snmpdx
Aug 17 04:17:19 doxer.org in.mpathd[188]: [ID 832587 daemon.error] Successfully failed over from NIC e1000g2 to NIC e1000g3
Aug 17 04:17:48 doxer.org in.mpathd[188]: [ID 620804 daemon.error] Successfully failed back to NIC e1000g2
Aug 17 04:18:51 doxer.org in.mpathd[188]: [ID 975029 daemon.error] No test address configured on interface e1000g2; disabling probe-based failure detection on it

PS:

1.IPMP(bonding) and Link aggregation(LACP) are different things. Link aggregations(or trunk) provide high availability and higher throughput by aggregating multiple interfaces at the MAC layer. IP Multipathing (IPMP, or bonding) provides features such as higher availability at the IP layer. If you have 4 NICs, you can aggregate 2 nics and bonded them. This way you'll have 2 gig throughput and protect switch and nic level failures. (ipmp or bonding works at IP layer. LACP also needs support on switch side)

2.For more infomation about solaris IPMP, you may refer to the following pdf file solaris IPMP bonding.pdf

Resolved – change ldap expiration policy how to

August 15th, 2012

If you want to change the default expiration time to 90 days, here's the steps:

  1. Find subject DN cn=posix_account_password_policy,ou=People, dc=doxer,dc=org(search parameters,  objectClass=ldapsubentry under ou=People, dc=doxer,dc=org)
  2. Change passwordMaxAge parameter to '7776000'  (value mentioned in seconds equals to 90 days)
  3. If your ldap server has replication, have a check of whether the replication syncs the modification.
  4. Create a new account, and test it through ldapsearch. For example:

[root@doxer ~]# ldapsearch -x -W -D cn="Directory Manager" -h ldap.doxer.org -b ou=people,dc=doxer,dc=org uid=testme passwordexpirationtime
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=people,dc=doxer,dc=org> with scope subtree
# filter: uid=testme
# requesting: passwordexpirationtime
#

# testme, People, doxer.org
dn: uid=testme,ou=People,dc=doxer,dc=org
passwordexpirationtime: 20121113011623Z #(today is 20120815, meaning that it's the result we want!)

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Categories: IT Architecture Tags: