Locating firewalled hosts with arping
One of my friends pinged me last week and asked me how I would go about locating all hosts on a layer-2 network. Typically I would use fping with the "-g' option, but he wanted to find all hosts including ones that were running host-based firewalls. For this specific case, I would use the Linux arping utility. This nifty utility allows you to locate hosts using ARP requests and responses, which hosts running host-based firewalls would still respond to: In the sample session above, I was able to locate a host that was running iptables with a drop all incoming traffic policy…
$ read more →Deploying highly available zones with Solaris Cluster 3.2
I discussed my first impressions of Solaris Cluster 3.2 a while back, and have been using it in various capacities ever since. One thing that I really like about Solaris Cluster is its ability to manage resources running in zones, and fail these resources over to other zones running on the same host, or a zone running on a secondary host. Additionally, Solaris Cluster allows you to migrate zones between nodes, which can be quite handy when resources are tied to a zone and can't be managed as a scalable services. Configuring zone failover is a piece of cake, and I will describe how to do it in this blog post…
$ read more →Displaying hardware data on CentOS Linux hosts
I was reviewing the hardware configuration on one of my Centos Linux 5.3 hosts this past weekend, and was curious which chipset was in use and if the host supported the AMD virtualization extensions. To get a high level overview of the devices installed in the system, I looked through /etc/sysconfig/hwconf ( this file is populated at boot time with the current hardware configuration): To see if the CPUs supported the AMD virtualization extensions, I poked around /proc/cpuinfo: After reviewing the processor details, I use lspci to extract some additional details from the PCI buses: Once I looked through the lspci output, I ran dmidecode to gather the SMBIOS data (this has the chipset information): I like the fact that dmidecode breaks down the processor flags for you, since it saved me a round-trip to the kernel source code. I found exactly what I needed in the output above, and am now off to purchase another machine (one that has 2 PCI-X slots and virtualization extensions) for my lab.
$ read more →Patching zones when they are attached to hosts
I recently patched one of my Solaris 10 hosts, and decided to test out the zone update on attach functionality that is now part of Solaris 10 update 6. The update on attach feature allows detached zones to get patched when they are attached to a host, which can be rather handy if you are moving zones around your infrastructure. To test this functionality, I first detached a zone from the host I was going to patch: Once the zone was detached, I applied the latest Solaris patch bundle and rebooted the server. When the system came back up, I tried to attach the zone: As you can see in the above output, the zone refused to attach because the zone patch database differed from the global zone patch database…
$ read more →Renaming network interfaces on OpenSolaris hosts
While preparing my presentation for the Atlanta UNIX users group this past weekend, I accidentally created a VNIC with the wrong name. Instead of removing it and recreating it, I decided to test out the "rename-link" subcommand that was introduced as part of project Clearview. The rename feature worked swimmingly, and with a single dladm command I was able to rename the vnic6 interface to vnic5: I am super impressed with the work that the Sun networking team has done to simplify network interface management!
$ read more →