The Fei's Tech Notes: October 2017

Tuesday, October 31, 2017

Linux 7: polkit-agent-helper-1: pam_authenticate failed: Authentication failure

Problem:

[feijiangnan@server01 ~]$ systemctl stop crond.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to stop 'crond.service'.
Authenticating as: root
Password:
polkit-agent-helper-1: pam_authenticate failed: Authentication failure

Investigation:

# grep feijiangnan /etc/passwd
feijiangnan:x:1024:1025::/home/feijiangnan:/bin/bash

# usermod -u 500 feijiangnan

[root@server01 pam.d]# id feijiangnan
uid=500(feijiangnan) gid=1025(feijiangnan) groups=1025(feijiangnan),1024(sysadmin)

Verification:

[feijiangnan@server01 ~]$ sudo systemctl restart crond.service
[sudo] password for feijiangnan:

Monday, October 30, 2017

ZFS: Remove all non-trivial ACEs from a file

Removing all non-trivial ACEs from a file

% chmod A- filename

Apache2: List Directoy Contents

Create .htaccess in the folder which will be controlled.

# cat .htaccess
order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
allow from all
Options +Indexes

Tuesday, October 24, 2017

Oracle LDOM and ASM Best Practice

http://www.oracle.com/technetwork/server-storage/vm/overview/index.html

1.) Running Oracle Real Application Clusters on Oracle VM Server for SPARC (PDF)

http://www.oracle.com/technetwork/server-storage/vm/overview/index.html
Under
Oracle VM Server for SPARC Technical White Papers

Which is a very through White Paper.
This suggests direct I/O and defines domain types and how you can
create an I/O domain or root domain and assign a pcie bus directly to that
guest domain It's fairly detailed.

The number of I/O domains is dependent on the system type and hba's need to
be supported hba's as well.

2.)
Next I also review
Oracle VM Server for SPARC Best Practices
http://www.oracle.com/technetwork/server-storage/vm/ovmsparc-best-practices-2334546.pdf

Specifically you may want to review the sections on I/O.

3.)
Make sure HBA's are supported for Direct I/O.

Review:
1325454.1 Oracle VM Server for SPARC PCIe Direct I/O and SR-IOV Features

4.) if needed
There are also other Best Practice Documents for Oracle VM for Sparc
http://www.oracle.com/technetwork/server-storage/vm/overview/index.html

5.) Be sure that you also go over any best practices for ASM disks. I've seen several customers not follow ASM best practices and
overwrite their disk labels

Oracle Solaris logging "primary label corrupt; using backup" or "Corrupt Label; wrong magic number" in Oracle ASM environment ( Doc ID 1532506.1 )
and

ASM Technical Best Practices For 10g and 11gR1 Release ( Doc ID 265633.1 )

Monday, October 23, 2017

GRID: Create New Disk Group

Shutdown Database

Create A New LUN at Storage Side

Discover new LUN

# format
format> disk
AVAILABLE DISK SELECTIONS:
       0. c0t5000CCA0562C310Cd0 <HITACHI-H109060SESUN600G-A690-558.91GB>
          /scsi_vhci/disk@g5000cca0562c310c
          /dev/chassis/SYS/SASBP/HDD0/disk
       1. c0t5000CCA0562C3070d0 <HITACHI-H109060SESUN600G-A690 cyl 64986 alt 2 hd 27 sec 668> solaris
          /scsi_vhci/disk@g5000cca0562c3070
          /dev/chassis/SYS/SASBP/HDD1/disk
       2. c0t60080E500036B7F800000C0C55B86E3Ad0 <SUN-LCSM100_F-0784 cyl 15358 alt 2 hd 64 sec 64>
          /scsi_vhci/ssd@g60080e500036b7f800000c0c55b86e3a
       3. c0t60080E500036B7F800000C0E55B86ED1d0 <SUN-LCSM100_F-0784 cyl 30718 alt 2 hd 64 sec 64>
          /scsi_vhci/ssd@g60080e500036b7f800000c0e55b86ed1
       4. c0t60080E500036B7F800000C0955B86D60d0 <SUN-LCSM100_F-0784 cyl 40958 alt 2 hd 128 sec 64>
          /scsi_vhci/ssd@g60080e500036b7f800000c0955b86d60
       5. c0t60080E500036B7F800000E00566FCC76d0 <SUN-LCSM100_F-0784 cyl 25598 alt 2 hd 64 sec 64>
          /scsi_vhci/ssd@g60080e500036b7f800000e00566fcc76
       6. c7t5d31 <SUN-Universal Xport-0784 cyl 8 alt 2 hd 64 sec 64>
          /pci@400/pci@2/pci@0/pci@8/SUNW,qlc@0/fp@0,0/ssd@w20660080e53683c6,1f
       7. c8t10d31 <SUN-Universal Xport-0784 cyl 8 alt 2 hd 64 sec 64>
          /pci@400/pci@2/pci@0/pci@8/SUNW,qlc@0,1/fp@0,0/ssd@w20570080e53683c6,1f
Specify disk (enter its number)[3]: 5
selecting c0t60080E500036B7F800000E00566FCC76d0
[disk formatted]
Disk not labeled. Label it now? yes
format> p
PARTITION MENU:
        0      - change `0' partition
        1      - change `1' partition
        2      - change `2' partition
        3      - change `3' partition
        4      - change `4' partition
        5      - change `5' partition
        6      - change `6' partition
        7      - change `7' partition
        select - select a predefined table
        modify - modify a predefined partition table
        name   - name the current table
        print - display the current table
        label - write partition map and label to the disk
        !<cmd> - execute <cmd>, then return
        quit
partition> p
Current partition table (default):
Total disk cylinders available: 25598 + 2 (reserved cylinders)

Part      Tag    Flag     Cylinders         Size            Blocks
0       root    wm       0 -    63      128.00MB    (64/0/0)       262144
1       swap    wu      64 -   127      128.00MB    (64/0/0)       262144
2     backup    wu       0 - 25597       50.00GB    (25598/0/0) 104849408
3 unassigned    wm       0                0         (0/0/0)             0
4 unassigned    wm       0                0         (0/0/0)             0
5 unassigned    wm       0                0         (0/0/0)             0
6        usr    wm     128 - 25597       49.75GB    (25470/0/0) 104325120
7 unassigned    wm       0                0         (0/0/0)             0
partition> quit
FORMAT MENU:
        disk       - select a disk
        type       - select (define) a disk type
        partition - select (define) a partition table
        current    - describe the current disk
        format     - format and analyze the disk
        repair     - repair a defective sector
        label      - write label to the disk
        analyze    - surface analysis
        defect     - defect list management
        backup     - search for backup labels
        verify     - read and display labels
        save       - save new disk/partition definitions
        inquiry    - show disk ID
        volname    - set 8-character volume name
        !<cmd>     - execute <cmd>, then return
        quit
format> quit

Change new disk owner and permission

(This step must be done on all nodes, otherwise, you won't be able to see it in asmca)

# ls -l /dev/rdsk/c0t60080E500036B7F800000E00566FCC76d0s6
lrwxrwxrwx   1 root     root          67 Dec 15 10:21 /dev/rdsk/c0t60080E500036B7F800000E00566FCC76d0s6 -> ../../devices/scsi_vhci/ssd@g60080e500036b7f800000e00566fcc76:g,raw
# chown grid:asmadmin ../../devices/scsi_vhci/ssd@g60080e500036b7f800000e00566fcc76:g,raw
# chmod g+w ssd@g60080e500036b7f800000e00566fcc76:g,raw
# ls -l ../../devices/scsi_vhci/ssd@g60080e500036b7f800000e00566fcc76:g,raw
crw-rw----   1 grid     asmadmin 237, 334 Dec 18 09:02 ../../devices/scsi_vhci/ssd@g60080e500036b7f800000e00566fcc76:g,raw

Add New LUN to existing ASM diskgroup with asmca

Tuesday, October 17, 2017

Solaris ZFS: Compress ZFS

It is not possible to compress an existing boot enviroment, i suggest to delete old files and snapshot that are no longer needed.I have attached a guide on How To Delete Files on a ZFS Filesystem that is 100% Full ( Doc ID 1537335.1 ) .
For the futher take in consideration activating compression rate option while creating the new boot environment.
# beadm create -p rpool2 -o compression=on BE

Also you can enable compression of zfs.
Disabling and Enabling File System Compression

# zfs set compression=off pool/home
# zfs set compression=on pool/home/anne

Note: This only affects the data that is written after setting the parameter .