I’m learning Ruby, and as an early project, I thought I’d write a little SOAP server for exposing Solaris “kstat” output to the network.

It’s embryonic, but it works. I’d like to do a little more input sanitation, since it’s certainly possible to really hurt your server by requesting a kstat value of “::” (which returns all stats).

Here’s the server code:


require 'soap/rpc/standaloneServer'

class StatServ < SOAP::RPC::StandaloneServer
        def initialize(*args)
          super
          add_method(self, 'kstat', 'stat')
        end
        def kstat(stat)
                stat.gsub!(/[^a-zA-z0-9_:+]/i,'%');
                f = IO.popen("kstat -p #{stat}")
                return f.readlines
        end
end

server = StatServ.new('StatServ,'urn:StatServ','0.0.0.0',8888)
trap('INT') { server.shutdown ; puts "Server shutdown."}
trap('TERM') { server.shutdown ; puts "Server shutdown."}
puts "Starting server..."
server.start

…and the client code:


require 'soap/rpc/driver'
def usage
        puts "Usage: #{$0} hostname kstatvalue"
        puts "   Retrieves a kstat value from a remote machine's StatServ SOAP Server."
end

hostname = ARGV[0]
value    = ARGV[1];


if ! value
        usage;
        exit 1;
end

driver = SOAP::RPC::Driver.new("http://#{hostname}:8888/", 'urn:StatServ')
driver.add_method('kstat', 'stat')

val = driver.kstat("#{value}")

val.each do |s|
puts "#{s}"
end

Solaris patching is, frankly, a pain.

Patch Check Advanced makes it less painful– even pleasant.

It’ll automatically download the patch list from Sun, correlate it against what you have on your system, and present you with a list of what needs to happen. You can tell it to install all recommended patches, all security patches, or all the patches that don’t require a reboot (saving those for special occasions).

Extremely cool tool.

X4100s have a pretty cool integrated lights-out management card, but it doesn’t have an easily integrate with Conserver.

To fix, I created an expect script named “ilom-connect” like this:

#!/usr/bin/expect -f
expect { 
"(yes/no)?"    {exp_send "yes\r"; exp_continue; }
"password: " {exp_send "\r"; }
}
expect "\\-> "
send "cd /SP/console\r"
send "start\r"
expect "(y/n)?"
exp_send "y\r"

Then, in conserver:

console x4100 {
include sun-ilom;
exec ssh -l admin x4100-m;
type exec;
initcmd "/usr/local/sbin/ilom-connect";
}

I spent the weekend loading Nexenta on my two home PCs.

Nexenta is basically Ubuntu on an OpenSolaris kernel.  This gives you all the awesomenes of Ubuntu (apt-get, gnome, kde, GNU tools), with all the awesomeness of OpenSolaris (zones, ZFS, DTrace).

Some cool things:
  • The opensolaris packages are available via apt-get.  I wanted to set up some zones, so I did an “apt-get install sunwzoner sunwzoneu”.
  • “zoneadm -z zone1 install” fires off debootstrap and creates a Nexenta Zone.
  • The install is super-easy.  Just boot off the CD and answer a few questions.
So, now I have two Nexenta boxen, with about 1TB of storage online.  Which brings me to why I did this in the first place:  ZFS.

I really hate Linux Software RAID.  I hate it so much that I don’t use it.  This meant that my home storage was more or less unprotected, which sucks.  I don’t have anything irreplacable on these servers, but still, it’s good form to RAID.

Creating a mirror is as easy as:
# zpool create -m /storage zstorage mirror c1d0p0 c2d0p0

Adding another mirrorset to this pool is as easy as:
# zpool add zstorage mirror c3d0p0 c4d0p0

..Which gives me 560GB of RAID10 storage with two commands.   Now I have room for a complete nightly backup of my laptop, including incrementals (thanks, ZFS snapshots!), plus a backup of my “every photo I’ve ever taken” directory.

So, I wanted to play with a python package, but I didn’t want to install it into my primary python distribution tree just yet. I couldn’t find out how to override “site-packages”, though.

Finally, I found this:

Create a file called “setup.cfg” in the directory that has your “setup.py”. In it, put:
[install]
install_lib = /var/tmp/test-blort/lib
install_scripts = /var/tmp/test-blort/bin

Run your setup.py, and away you go.

Okay, valuable things when learning ruby:
* ri – This is like “perldoc”. Use it to view the live ruby documentation.
* irb – Interactive Ruby. This is like the perl debugger.
** IRB Tab Completion — Use this to view every available method on every object.
* gems – A packaging system and source code repository (kinda like CPAN)
** RubyGems

Here’s the build flags I used for building a 64-bit GCC for Solaris 9 (using Sun’s Forte C compiler). This uses the GNU binutils ld and as.

export GCC_EXEC_PREFIX=
export LD_LIBRARY_PATH=

 cd build;
        test -d gcc-4.0.2 || gtar -jxvf ../src/gcc-4.0.2.tar.bz2
        test -d objdir && rm -rf objdir 
        mkdir objdir
        cd objdir
                CC="cc -xarch=v9" ../gcc-4.0.2/configure  \
                        --prefix=/apps/gcc/4.0.2 \
                        --enable-languages=c,c++ \
                        --with-ld=/apps/binutils/stable/bin/ld \
                        --with-as=/apps/binutils/stable//bin/as \
                        --enable-threads=posix \
                        --disable-shared \
                        --enable-multilib
                while ! gmake -j16 bootstrap MAKE=gmake BOOT_CFLAGS="-g -O2 -m64"; do
                        true;
                done

Since this isn’t documented anywhere in the ruby install docs that I can find… If you want your Ruby build to have openssl support, you’ll need to compile with –with-openssl-dir=, pointing at your OpenSSL build.

It seems kind of basic, but it doesn’t show up in a ./configure –help, and it’s not anywhere in the docs that I can find.

The trick to sysadminning is doing the most with the least amount of home-written code. That’s how you make it a fun challenge. Anyone can brute force a problem. The skill– and the fun– is in solving it with style.

Sysadmin Thought Challenge –
Here’s a theoretical problem. How do you solve it?
“Let’s say you have 500 machines, and 5000 users. How do you do authentication?”

Why not take it a step farther? Heck, set up challenges, and provide the machines (UMLs) to do them.