Alexander Leidinger

Just another weblog


Happy Birth­day” from Google

In case you haven’t noticed yet:

In case you use a Browser which “is reg­is­tered with Google” (cookie, Chrome sync, Hang­outs plu­gin …) in a way that Google knows who you are when you enter the search page, and you have your birth­day entered in this account, then Google presents you a “Happy Birth­day” Google-Doodle on that day. If you are not on Google+ and you klick on the pic­ture, you get a page which offers you to upgrade to Goolge+.

Funny/scary? Up to you. For me it just visu­alises what I knew already (you can do a lot with per­sonal info, and Google get’s a lot of this) and I say “Thank you Google” (but I don’t upgrade to Google+).

GD Star Rat­ing
GD Star Rat­ing


Why I don’t need Google

This is why I don’t need Google:

"I don't need Google, my wife knows everything!" T-Shirt

I don’t need Google, my wife knows every­thing!” T-Shirt

I found this T-Shirt in the old part of Rho­dos city, while descend­ing the Socrates road. I bought it off course. :-)

GD Star Rat­ing
GD Star Rat­ing


New users in Solaris 10 branded zones on Solaris 11 not han­dled automatically

A col­league noticed that on a Solaris 11 sys­tem a Solaris 10 branded zone “gains” two new dae­mons which are run­ning with UID 16 and 17. Those users are not auto­mat­i­cally added to /etc/passwd, /etc/shadow (and /etc/group)… at least not when the zones are imported from an exist­ing Solaris 10 zone.

I added the two users (netadm, netcfg) and the group (netadm) to the Solaris 10 branded zones by hand (copy&paste of the lines in /etc/passwd, /etc/shadow, /etc/group + run pwconv) for our few Solaris 10 branded zones on Solaris 11.

GD Star Rat­ing
GD Star Rat­ing


Increase of DNS requests after a crit­i­cal patch update of Solaris 10

Some weeks ago we installed crit­i­cal patch updates (CPU) on a Solaris 10 sys­tem (inter­nal sys­tem, a year of CPU to install, noth­ing in it affect­ing us or was con­sid­ered a secu­rity risk, we decided to apply this one regard­less to not fall behind too much). After­wards we noticed that two zones are doing a lot of DNS requests. We noticed this already before the zones went into pro­duc­tion and we con­fig­ured a pos­i­tive time to live in nscd.conf for “hosts”. Addi­tion­ally we noticed a lot of DNS requests for IPv6 addresses (AAAA lookups), while absolutely no IPv6 address is con­fig­ured in the zones (not even for local­host… and those are exclu­sive IP zones). Appar­ently with one of the patches in the CPU the behav­iour changed regard­ing the caching, I am not sure if we had the AAAA lookups before.

Today I got some time to debug this. After adding caching of “ipn­odes” in addi­tion to “hosts” (and I con­fig­ured a neg­a­tive time to live for both at the same time), the DNS requests came down to a sane amount.

For the AAAA lookups I have not found a solu­tion. By my read­ing of the doc­u­men­ta­tion I would assume there are not IPv6 DNS lookups if there is not IPv6 address configured.

GD Star Rat­ing
GD Star Rat­ing


Updat­ing FreeBSD 8.2 (or 9.x) to 10 (beta4)

This is a lit­tle descrip­tion how I remotely (no con­sole, booted into multi-user dur­ing update, no exter­nal ser­vices like jails/httpd/… run­ning) updated a FreeBSD 8.2 to 10 (beta4) from source. This should also work when updat­ing from FreeBSD 9.x. Note, I had already switched to ATA_CAM on 8.2, so not instruc­tions for the name change of the ata devices. No IPv6, WLAN or CARP is in use here, so changes which are needed in this area are not cov­ered. Read UPDATING care­fully, there are a lot of changes between major releases.

What I did:

  • update /usr/src
  • make build­world
  • replace “make ” in /usr/src/Makefile.inc1 with ${MAKE} (two times, one for “VERSION”, one for “BRANCH”)
  • ver­ify ker­nel con­fig for changes needed (run­ning “con­fig MyK­er­nel” in /usr/src/sys/YourArch/conf/ helps to iden­tify syn­tax prob­lems), sorry I didn’t take notes, but I diffed the old and the new GENERIC con­fig and added/removed accord­ing to my interests
  • /usr/obj/…/src/usr.bin/bmake/make build­ker­nel KERNCONF=MyKernel
  • /usr/obj/…/src/usr.bin/bmake/make instal­lk­er­nel KERNCONF=MyKernel KODIR=/boot/kernel.10
  • merge­mas­ter –p
  • /usr/obj/…/src/usr.bin/bmake/make install­world DESTDIR=/somewhere/test
  • mkdir /root/net10; cp /somewhere/test/rescue/ifconfig /somewhere/test/rescue/route /root/net10
  • cre­ate the file /etc/rc.10update with:
    case $(uname –r) in
    export MYIFCONFIG
    export MYROUTE
  • change the files (stu­pid approach: grep for “ifcon­fig” and “route” in /etc/rc.d to iden­tify files which need to change, I skipped files which I iden­ti­fied as not needed in my case, if you use pf/IPv6/bridge/…, you may have to change some more files) /etc/rc.d/auto_linklocal /etc/rc.d/defaultroute /etc/rc.d/netif /etc/rc.d/netwait /etc/rc.d/routing: add “. /etc/rc.10update” at the end of the block with “. /etc/rc.subr”, change the “ifconfig”-command to ${MYIFCONFIG}, change the “route”-command to ${MYROUTE}
  • change /etc/net­work.subr: add “. /etc/rc.10update” before the first func­tion, change the “ifconfig”-command to ${MYIFCONFIG}, change the “route”-command to ${MYROUTE}
  • make sure that the changes you made are 100% cor­rect, rather triple-check than to not check at all (you will be locked out if they are not 100% OK)
  • stop any jails and make sure they do not restart at boot
  • deac­ti­vate the gmir­ror of the root-fs, if there is one (it is maybe eas­ier to ask a remote hand to swap the boot order in case of problems)
  • here you could just a reboot of the server to come back to your cur­rent OS ver­sion, so make sure that the mod­i­fi­ca­tions in /etc did not cause any prob­lems with the old ver­sion (in case you see prob­lems with the v10 ker­nel), but if you do not have a remote con­sole to single-user mode you have no chance to directly fix the prob­lem (risk mit­i­ga­tion described above), no mat­ter which ver­sion of the ker­nel you boot
  • next­boot –k kernel.10
  • shut­down –r now
  • login
  • check dmesg
  • optional: mv /boot/kernel /boot/kernel.8
  • make instal­lk­er­nel KERNCONF=MyKernel
    to have a v10 /boot/kernel
  • make install­world
  • merge­mas­ter
  • make delete-old
  • rm –r /etc/rc.10update /root/net10
  • change rc.conf: add “inet” in ifconfig-aliases
  • review sysctl.conf for out­dated entries
  • shut­down –r now
  • optional: rm –r /boot/kernel.10
  • enable jails again (or later… updat­ing jails is not described here)
  • activate/resync mirror(s)
  • rebuild all ports (atten­tion: new pkg system)
  • make delete-old-libs
  • reboot again to make sure every­thing is OK after the port-rebuild and removal of old libs (a console.log (syslog.conf) helps here
GD Star Rat­ing
GD Star Rat­ing