If you are interested in learning more about all the cool things you can do with OpenSSL, you might be interested in my article Real world uses for OpenSSL. The article covers encryption, decryption, digital signatures, and provides an overview to ssl-site-check and ssl-cert-check.
In addition to providing volume management capabilities, the Veritas volume manager can manage multiple paths to a disk device. This allows I/O to be load-balanced across multiple paths, and ensures that I/O is transparently routed around failed paths. To print path information for a specific disk, you can use the “vxdisk” or “vxdmpadm” utilities:
$ vxdisk list c2t21d36
[ ... ]
Multipathing information:
numpaths: 4
c2t21d36s2 state=enabled
c2t23d36s2 state=enabled
c3t20d36s2 state=disabled
c3t22d36s2 state=disabled
$ vxdmpadm getdmpnode nodename=c2t21d36s2
NAME STATE ENCLR-TYPE PATHS ENBL DSBL ENCLR-NAME
=========================================================================
c2t21d36s2 ENABLED EMC 4 2 2 EMC0
$ vxdmpadm getsubpaths dmpnodename=c2t21d36
NAME STATE PATH-TYPE CTLR-NAME ENCLR-TYPE ENCLR-NAME
====================================================================
c2t21d36s2 ENABLED - c2 EMC EMC0
c2t23d36s2 ENABLED - c2 EMC EMC0
c3t20d36s2 DISABLED - c3 EMC EMC0
c3t22d36s2 DISABLED - c3 EMC EMC0
The vxdisk(1m) and vxdmpadm(1m) output shows the number of paths to a disk device, and the current state of each path (e.g., enabled or disabled).
The GNU privacy guard provides a command line tool (gpg) to encrypt data and manage digital signatures. GPG supports the OpenPGP standard, and provides easy access to a variety of key distribution servers. To view the full list of options available to gpg, you can run gpg with the “-h” option:
$ gpg -h | head -20
gpg (GnuPG) 1.2.4
Copyright (C) 2003 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Syntax: gpg [options] [files]
sign, check, encrypt or decrypt
default operation depends on the input data
[ ... ]
To use the gpg utility to encrypt a text file, we can invoke gpg with the “-c” option:
$ gpg -c --cipher-algo AES256 services
$ ls -l service
-rw-r--r-- 1 matty matty 572576 11 Feb 12:50 services
-rw-r--r-- 1 matty matty 168375 11 Feb 12:50 services.gpg
The “-c” option instructs gpg to encrypt the file with a symmetric key algorithm. The “–cipher-algo” option picks the algorithm to use, and the file to encrypt is passed to gpg as an argument. The full list of algorithms is included in the header of the help screen.
To decrypt a file encrypted with gpg, we can use the “-d” option:
$ gpg --output services -d services.gpg
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
The “–output” option is passed to gpg to control where the decrypted file contents are written. By default, gpg will print the decrypted contents to standard out. For sensitive or binary data, this is probably not what you want.
The Veritas File System (VxFS) allows file systems to be grown and shrunk with the fsadm(1m) utility. This activity can occur while a file system is online, and is relatively safe ( I have personally grown dozens of file systems, and have yet to have a single problem). To display the current size of a file system in blocks, we can use the df(1m) utility:
$ df -t /u05
/u05 (/dev/vx/dsk/oradg/oravol05): 209158736 blocks 3268092 files
total: 209698816 blocks 3268096 files
To shrink /u05 to 50000000 blocks, we can invoke fsadm with the desired block count, and the file system to shrink:
$ /usr/lib/fs/vxfs/fsadm -b 50000000 /u05
UX:vxfs fsadm: INFO: V-3-23586: /dev/vx/rdsk/oradg/oravol05 is
currently 209698816 sectors - size will be reduced
We can verify that volume was shrunk with the df(1m) utility:
$ df -t /u05
/u05 (/dev/vx/dsk/oradg/oravol05): 49464784 blocks 772859 files
total: 50000000 blocks 772864 files
We could have grown this file system instead of shrinking it by adjusting the number of blocks passed to the “-b” option. As with all operations that modify the structure of storage, you should test this on a non-production system prior to implementing this on production servers.
I recently needed to grow a Solaris UFS file system, and accomplished this with the growfs(1m) utility. The growfs(1m) utility takes two arguments. The first argument to growfs ( the value passed to “-M” ) is the mount point of the file system to grow. The second argument is the raw device that backs this mount point. The following example will grow “/test” to the maximum size available on the meta device d100:
$ growfs -M /test /dev/md/rdsk/d100
To see how many sectors will be available on d100 after the grow operation completes, you can run newfs with the “-N” option, and compare that with the current value of df (1m):
$ newfs -N /dev/md/dsk/d100
/dev/md/rdsk/d0: 232331520 sectors in 56944 cylinders of 16 tracks, 255
sectors
113443.1MB in 2191 cyl groups (26 c/g, 51.80MB/g, 6400 i/g)
This will report the number of sectors, cylinders and MBs that would be allocated if a new file system was created on meta device d100. As always, test everything on a non critical system prior to making changes to critical boxen.