Solaris and Linux Runlevel

Default Linux Run Level: Total 7 Run Level

RunLevel 0: Halt System – To shutdown the system
RunLevel 1: Single user mode
RunLevel 2: Basic multi user mode without NFS
RunLevel 3: Full multi user mode (text based)
RunLevel 4: unused
RunLevel 5: Multi user mode with Graphical User Interface
RunLevel 6: Reboot System

Default Solaris Run Level: Total 8 Run Level

RunLevel S: Single user state (useful for recovery)

RunLevel 0: Access Sun Firmware (ok> prompt)

RunLevel 1: System administrator mode

RunLevel 2: Multi-user w/o NFS

RunLevel 3: Multi-user with NFS

RunLevel 4: Unused

RunLevel 5: Completely shutdown the host (like performing a power-off)

RunLevel 6: Reboot but depend upon initdefault entry in /etc/inittab

Setup pkgutil in Solaris

 Step 1 - Install pkgutil

 

 Solaris 8 & 9 Users : You need to fetch the correct pkgutil package from Network.com thus : 

•     Sparc users : http://blastwave.network.com/csw/pkgutil_sparc.pkg

      md5 = 7263f7010b15899bcf9bb7014c43ff7b
      sha1 = 0e9b56018796718b824de0c4a1cdf4fccb4a4087
      sha256 = d5d3746c0e981b69a102862352b1db7510281a94c2b82c1003a2f0a15f3b1e61

•     INTEL users : http://blastwave.network.com/csw/pkgutil_i386.pkg

      md5 = 029b42a0dc9653959bf29b6f68dec8d4
      sha1 = b67bf038ca4b33a18e11e7bf7dee48f62b4b6ce9
      sha256 = 862513f65d143fd87e8d0dc2db611a2f7a587d94d00f2e3b25b04d958666ab27

#pkgadd -d pkgutil_i386.pkg

# mkdir /etc/opt/csw

# cp -p /opt/csw/etc/pkgutil.conf.CSW /etc/opt/csw/pkgutil.conf

 

Solaris 10 & Nevada or OpenSolaris™ Users : 

#pkgadd -d http://blastwave.network.com/csw/pkgutil_`/sbin/uname -p`.pkg

# mkdir /etc/opt/csw

# cp -p /opt/csw/etc/pkgutil.conf.CSW /etc/opt/csw/pkgutil.conf

 

Step 2 - Fetch the Software catalog

#/opt/csw/bin/pkgutil –catalog 

 

 Step 3 - Security First !

#/opt/csw/bin/pkgutil –install gnupg textutils 

## cd /tmp

#/opt/csw/libexec/pkgutil/wgethttp://www.blastwave.org/gpg_key.txt

# /opt/csw/bin/gpg –import gpg_key.txt

1) Verify that you have the key. Use the gpg –list-keys command :

# /opt/csw/bin/gpg –list-keys.

2 ) Mark the key as being trusted for a given purpose. In this case you want to trust the signed software catalogs from Blastwave. To do this you need to edit the key and mark it as being trusted thus : 

# /opt/csw/bin/gpg –edit-key A1999E90

Command> Trust

Your decision? 5

Do you really want to set this key to ultimate trust? (y/N) y

Command> quit

3) Lastly you need to modify the pkgutil configuration to actually use this GPG key as well as to verify the MD5 hashes of the software packages. Edit the pkgutil.conf file that you copied into /etc/opt/csw such that the lines related to GPG and MD5 are not commented out. Your pkgutil.conf should look like so : 

use_gpg=true

use_md5=true

# /opt/csw/bin/pkgutil –catalog 

#export PATH=/opt/csw/bin:/usr/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin

 

#pkgutil -a                                         list available package

#pkgutil -i     packagename    install package

 

If you find any difficutly then refer below link

http://www.blastwave.org/howto.html

I switched from Squid to Sun Java System Web Proxy Server

I’ve been running Squid Web Proxy Cache for quite a while and also documented some basic setup in another article. But the last time we set up a server I decided to try Sun Java System Web Proxy Server. Since then, I switched the remaining Squid servers to Sun’s proxy and lived happily ever after. 

Why? Well, Squid was giving me no problem but sometimes setting it up and managing it was boring and error prone. Sun’s Web Proxy Server has got the (familiar) administrator’s web interface and I practically never touch a configuration file by hand. Creating a basic setup it’s really a question of clicking a couple of button and the proxy’s up and running.

Installation.
Installation is pretty straightforward. I downloaded the Sun Java Enterprise System and launched the installer. Once launched, I just checked the Sun Java System Web Proxy Server and the installer did it all. The installer also gives you the possibility of automatically creating a proxy server with the default configuration values and if you need a good starting point that’s a good hint.

Creating a server.
This was easy too. I had to create two different web proxies because we’re serving two subnets with different requirements. Once the installer finishes its work, you can connect to the administration console using the configuration values you provided during the installation:

• administration port
• admin password

Open your favorite browser and launch the console. Once you’re in, you’ll find yourserlf in the Server/Manage Server section:

Adding a server is pretty easy, it just asks you for (very) basic information:

Inspecting default configuration.
Once you’re done with creating your server(s), you can inspect the default configuration with the Manage Servers/Preferences/View server settings option:

Configuring system preferences.
Using the Manage Servers/Preferences/Configure system preferencestab you can modify basic preferences for your proxy:

In this page you can set:

• server user: by default, it’s nobody, and it’s a value I usually don’t need to change.
• processes: the number of the background processes used to serve incoming requests.
• listen queue size: the maximum number of pending connections on a socket.
• request throttle: the number of concurrent transactions that the proxy can handle.
• enable DNS: this is useful mostly for logging and for managing access control. If you enable DNS, the proxy will resolve IP into host names.

There are other configurable options, many of which are useful if you plan to implement distributed caching, whic I’ll not cover in this post.

Adding listen sockets.
The next thing you’ll probably want to do is setting up listen sockets, which are the endpoints of the proxy to which your clients will connect. If during the installation a default server was created for you, you’ll probably want to edit the default port value for the listen socket:

Setting up cache properties.
The last thing you’ll probably do to set this basic web proxy server is configuring the cache. You can start in the Manage servers/Cachesection of the admin application. The first panel is Set cache specificswhere you can set the most common properties for you cache.

The first thing I usually do is changing the cache working directory. Remember that when you change the cache directory you must pay attention that the proxy user (in my case nobody) can write into that directory, otherwise the cache won’t work.

One chosen your favorite directory, you can set up the cache capacity either with the provided drop down list or via the Cache capacity configurator.

In this page you can also configure basic caching behavior for HTTP, FTP and Gopher protocols. As far as it concerns the HTTP protocol:

• Always check if the document is up to date: this option does exactly what it says: every time a document is requested to the proxy, the proxy will check that the version it is caching is up to date. This may be useful in some circumstances but will rise the number of outgoing connection from the proxy server.
• Check only if last check more than: if you choose this option, the proxy server will open a connection to check if the document is up to date only if the last time it did was more than what you specify. The default is two hours and depending on the situation I use to rise it up to one entire day.
• Using: this option controls how the proxy server checks if the document is up to date. You can choose either using the last-modification factor, which is the set of headers that the web server sends along with the document, or the explicit expiration information, which are the internal headers used by the proxy server.
• Never report accesses to remote server: this option tells the proxy server not to report a cache hit to remote servers.
• Report cache hits to remote server: this option tells the proxy server to report to the remote server the number of times a document has been hit in the cache and accessed from there. This option rises the number of outgoing connection from the proxy server and may hit latencies and performance.

Cache partitions.
The cache partitions are the parts of disk reserved for caching purposes by the proxy server. You’ll need to edit the cache partitions properties in the case, for example, you rise the cache capacity and you need to reserve more space on disk by adding a new cache partition.

In the previous screenshot the cache partition is 1.6 GB, which is the cache capacity I set up for this server. Adding a cache partition is trivial, you’re only asked about the directory which will host the partition.

Set garbage collection.
As long as you use the proxy server, it will cache documents you request and the cache will keep growing up maintaining the allocated space in the range specified by the caching configuration. The garbage collection is the process that cleans up documents from the proxy cache and must be performed periodically. By default, this property is set as Automatic. I observed in my proxy server instances that if the cache hits are high and you are caching big documents, even if the garbage collection is automatic, it seems to never take place and the cache keeps growing up. For this reason I suggest you plan and schedule regular gargabe collection cycles. You may schedule them via the system cron or via the internal proxy scheduler. I usually use the system cron. Once chosen the manual configuration option, explicit garbage collection cycles can be scheduled in the Schedule garbage collection panel.

Caching configuration.
Other useful options you may want to set up can be found on the Set caching configuration panel. By default, the caching default is thederived configuration. If you want to explicitely set up every option, you can then set cache as the caching default value. Once done that and pushed the OK button, a new form will appear:

 

The options you’ll find usually are:

• The cache default
• How to cache pages that require authentication
• How to cache queries
• The minimum and maximum cache file sizes
• When to refresh a cached document
• The cache expiration policy
• The caching behavior for client interruptions
• The caching behavior for failed connections to origin servers

An option which is often overlooked and might be pretty important for your proxy performance are the last two which rule what happens when a proxy connection is broken. This may happen if, for example, your user exits the browser or cancel a connection: the proxy may continue downloading the entire file even if the client is not retrieving it any more and this effect may sum up when many client are connected leading to proxy saturation and lost of performance. I saw this happen many times, even if with multimedia content such as flash-based solutions which deliver content, like YouTube. For this reason, I usually set 100% for the caching behavior for client interruptions which in effect has the proxy close the remote connection whenever a client disconnects.

Conclusion.
With just few and simple steps you’ve set up an enterprise grade web proxy server. I suggest you to check the official documentation at Sun documentation center to fine tune your setup and read about more advanced configurations such as connecting to an LDAP to authenticate users, setting up SOCKS and setting up proxy arrays for distributed caching.

Now, enjoy your new proxy server!

Configuring NTP server and client on Solaris 10

One of the task which is often performed during the setup of a machine it’s the setup of the NTP daemon.

NTP is one of the oldest internet protocol still in use and it allows the synchronization of computer clocks distributing UTC (Coordinated Universal Time) over the network. NTP design is focused on compensating the variable latency of the network.

A machine may be an NTP client or an NTP server. Roughly, an NTP client it’s a machine that uses the NTP protocol to synchronize its clock and an NTP server it’s a machine that provides NTP client the information needed to set their clocks and itself uses other NTP server to keep in sync.

NTP on Solaris 10
Solaris 10 ships with an NTP daemon, ntpd, configured via SMF (svc:/network/ntp:default) and a bunch of sample ntp.conffiles to quickly configure a machine as a client or as a server.

# svcs ntp
# svcs ntp
STATE STIME FMRI online 0:43:33 svc:/network/ntp:default

Configuring a client
If your machine is just a client, you can just pick the/etc/inet/ntp.client and copy it to /etc/inet/ntp.conf. The default client configuration it’s just a one-liner:

multicastclient 224.0.0.1

This configuration, as explained in the same file, it’s a passive configuration for a host that just listens for NTP server putting packets on the NTP multicast network, 224.0.0.1. Obviously, if your machine it’s in a LAN without an NTP server, you’re probably never going to receive such a packet, and you should use some public NTP server instead. 

Using a server from a pool
I personally recommend using random servers from an NTP pool such as pool.ntp.org. In the official website of the NTP Pool Projectyou can find instruction about using the pool or picking up some server from the list they maintain. Pools maintained by the NTP Pool Project are organized in geographical hierarchy so that, for example, you can use server from a continent-level pool or, where available, from a country-level pool. The recipe is always the same: the nearer, the quicker, the better. In my case, I’m using the European pooleurope.pool.ntp.org and my configuration file contains:

server 0.europe.pool.ntp.org
server 1.europe.pool.ntp.org
server 2.europe.pool.ntp.org
server 3.europe.pool.ntp.org

Setting up the drift file
The only thing left to set up it’s just the drift file location, which in my case it’s:

driftfile /var/ntp/ntp.drift

Starting the service
Once your ntp.conf is set up, you can start (or restart) the ntp service:

# svcadm restart ntp
# svcs ntp
STATE STIME FMRI online 0:43:33 svc:/network/ntp:default

Querying the service
Once the service is running, you can check which server you’re using with ntpq:

# ntpq -p
remote refid st t when poll reach delay offset disp
==============================================================================
NTP.MCAST.NET 0.0.0.0 16 u – 64 0 0.00 0.000 16000.0 +fnutt.net
Time2.Stupi.SE 2 u 45 64 377 76.74 10.285 0.73 -sip1.viatel.ee
ntp.eenet.ee 3 u 430 1024 377 79.47 -0.988 1.05*ntp1.net.edu.ie
ntp0.esat.net 2 u 28 64 377 63.45 4.104 0.78+ns.airbites.bg
ntp2.gbg.netnod 2 u 27 64 377 85.13 1.723 1.05

You’ll get a similar output. After a while, your query will output similar results. The server prefixed with an asterisk is the server you’re synchronizing with. If you don’t get an asterisk after a while, probably no NTP server is reachable, which is probably due to a firewall which is blocking UDP port 123. The difference between your clock and the data provided by NTP servers can be examined by catting the drift file:

# cat /var/ntp/ntp.drift -50.645

Setting up an NTP server
Now that you have an NTP client running, you’ll probably want to setup all of your machines. If you’re in a LAN, you can setup an internal NTP server which will provide data to other clients on your LAN. As before, you can take inspiration from the server configuration file shipped with Solaris 10, /etc/inet/ntp.server. After setting up the drift file and the clients you’re going to use, you can examine the other options and fine-tune them at your taste. Let’s give a quick look at it.

server 127.127.XType.0

This line sets up the server type and the XType value must be substituted with the correct value from the provided table:

# XType Device RefID Description
# ——————————————————-
# 1 local LCL Undisciplined Local Clock
# 2 trak GPS TRAK 8820 GPS Receiver
# 3 pst WWV PSTI/Traconex WWV/WWVH Receiver
# 4 wwvb WWVB Spectracom WWVB Receiver
# 5 true TRUE TrueTime GPS/GOES Receivers
# 6 irig IRIG IRIG Audio Decoder
# 7 chu CHU Scratchbuilt CHU Receiver
# 8 parse —- Generic Reference Clock Driver
# 9 mx4200 GPS Magnavox MX4200 GPS Receiver
# 10 as2201 GPS Austron 2201A GPS Receiver
# 11 arbiter GPS Arbiter 1088A/B GPS Receiver
# 12 tpro IRIG KSI/Odetics TPRO/S IRIG Interface
# 13 leitch ATOM Leitch CSD 5300 Master Clock Controller
# 15 * * TrueTime GPS/TM-TMD Receiver
# 17 datum DATM Datum Precision Time System
# 18 acts ACTS NIST Automated Computer Time Service
# 19 heath WWV Heath WWV/WWVH Receiver
# 20 nmea GPS Generic NMEA GPS Receiver
# 22 atom PPS PPS Clock Discipline
# 23 ptb TPTB PTB Automated Computer Time Service
# 24 usno USNO USNO Modem Time Service
# 25 * * TrueTime generic receivers
# 26 hpgps GPS Hewlett Packard 58503A GPS Receiver
# 27 arc MSFa Arcron MSF Receiver

In my case, it’s just a (very) plain 1: an undiscilplined local clock.

broadcast 224.0.1.1 ttl 4

This line is the server equivalent of the multicast line seen in the default client configuration: it tells the NTP server to broadcast on the NTP multicast network.

Further readings
Complete documentation about ntp.conf syntax can be found on the xntpd man page:

# man xntpd