[OpenIndiana-discuss] 13 days to anniversary: why i love Solaris
system# uptime 1:26pm up 1082 day(s), 22:50, 1 user, load average: 12.32, 12.37, 12.48 system# uname -a SunOS X4140 5.10 Generic_142901-11 i86pc i386 i86pc system# who -b . system boot Jun 25 14:36 System is already 10 years old, running on 3x 146GB SAS drives. Last reboot was because of rearrangement of the power connections in the datacenter. ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] arp response tuning for IP Source Guard
Are you or the technicians SURE that this technique is still valid for current world with a lot of virtual servers attached to one switch port? This technique was invented in a time that every switchport was connected to at most one MAC address, so when the switch detects more than one MAC address at a port there was something illegal happening. (or the switchport was connected to a switch) -Oorspronkelijk bericht- Van: Tim Mooney [mailto:tim.moo...@ndsu.edu] Verzonden: vrijdag 6 januari 2017 0:50 Aan: openindiana-discuss@openindiana.org Onderwerp: Re: [OpenIndiana-discuss] arp response tuning for IP Source Guard In regard to: Re: [OpenIndiana-discuss] arp response tuning for IP Source...: > On 01/05/17 15:37, Tim Mooney wrote: >> When that was enabled for the subnet I'm on, my hipster workstation >> and the hipster VirtualBox VM I have both started experiencing packet loss. >> Talking with the network engineers, the Cisco switch is sending >> batches of 3 ARP probes periodically, and both my workstation and the >> VM appear to be periodically not responding to the ARP probes. That >> causes the switch to temporarily ban/block packets from either >> system, which is what's causing the intermittent packet loss. >> >> Anyone have any suggestions for what tuning I should be looking at >> that would tell the Illumos network stack that it's OK to respond to >> semi-frequent batches of ARP probes? > > It would be great to see the syslog messages and (if possible) a > packet trace showing what's going on. In general, if the system > itself is directly responsible for these outages, it will at least log > something about the event. At the log level I've been running at, there hasn't been anything useful logged related to this. If necessary, I can definitely dial up the logging. > Are these ARP requests or responses? There are subtle differences > between the two. According to our principal network engineer, the Cisco switch was defaulting to sending 3 ARP probes (in quick succession) every 60 seconds. He has since dialed that back to just 1 per 60 seconds for this particular switch, to see if that had any impact on the issue, but it did not. He's done a bunch more research since I sent my initial question to this list, and right now he thinks the issue may be that the ARP probe from the Cisco switch is unicast, but Solaris apparently may be issuing ARP responses as *broadcast*, which the switch may not be expecting. The reference he found related to broadcast ARP responses is here: http://seclists.org/nmap-dev/2009/q1/176 http://unix.derkeiler.com/Mailing-Lists/SunManagers/2009-01/msg00015.html He's also suggested that I might be able to set 'arp_defend_interval' to something like 20 seconds, so that my workstation just periodically sends unsolicited ARPs for itself, to essentially preempt the switch's probes. Based on the docs he found: http://docs.oracle.com/cd/E36784_01/html/E36845/gnogz.html Since the docs say "Never" in answer to the "When to change" for any of these settings, I haven't actually tried setting arp_defend_interval. The way I read the docs, it seems like arp_publish_interval might be better, but I know better than to argue with our principal network engineer about anything network related. :-) > Based on what I remember from working on this code many years ago, one > of the really confusing bits to deal with is Ethernet bridge > ("switch") behavior itself. Many bridges (I think at least Extreme, > and probably > others) have special mechanisms built-in to protect against ARP > storms, and they rate-limit based on the number of broadcasts. This > is (I > believe!) independent of any sort of "Source Guard" feature. I ran > into this issue numerous times when testing Solaris IP Duplicate > Address Detection. Thanks much for the response! Tim -- Tim Mooney tim.moo...@ndsu.edu Enterprise Computing & Infrastructure 701-231-1076 (Voice) Room 242-J6, Quentin Burdick Building 701-231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Cisco IPSec VPN
Not a single problem. I am using it 24/7 in the same setup. Just put your OI server in the network and set the gateway to the cisco VPN device.. -Oorspronkelijk bericht- Van: Jim Klimov [mailto:jimkli...@cos.ru] Verzonden: maandag 14 november 2016 13:35 Aan: OI-Discuss Onderwerp: [OpenIndiana-discuss] Cisco IPSec VPN Hi all, I am faced with a prospect of connecting to a remote network behind Cisco IPSec VPN (the one with user, password, group and shared keys; will be practically trying sometime soon this week). Should I expect it to work in OI Hipster out of the box? Are there docs/blogs on it, or would Oracle docs I found so far (some hints about conf files and then ipadm tun commands) be relevant here? Or should I try some other OS right away? TIA, Jim -- Typos courtesy of K-9 Mail on my Samsung Android ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Is there a handy way to add users?
Does useradd fail at creating the user? Or is the user directory not created? Otherwise: mkdir -p /home/{username} useradd -G {staff} {username} passwd { username} chown -R {username} : { staff} /home/{username} -Oorspronkelijk bericht- Van: Harry Putnam [mailto:rea...@newsguy.com] Verzonden: maandag 31 oktober 2016 20:04 Aan: openindiana-discuss@openindiana.org Onderwerp: [OpenIndiana-discuss] Is there a handy way to add users? The useradd tool seem not to be able to add users when a home dir is stipulated. I know there has been a bug filed some time back. Am I likely to end in a mess if I just edit /etc/passwd/group to add a user? Are there other things to edit beyond the two mentioned above? ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana Drivers For My Wireless Network Device
Ouch.. No insult intended, i apologize mr. Tribble. I shouldn't read and respond during business meetings ;-) -Oorspronkelijk bericht- Van: Peter Tribble [mailto:peter.trib...@gmail.com] Verzonden: vrijdag 19 augustus 2016 13:57 Aan: Discussion list for OpenIndiana Onderwerp: Re: [OpenIndiana-discuss] OpenIndiana Drivers For My Wireless Network Device On Fri, Aug 19, 2016 at 12:46 PM, the outsider wrote: > And this one seems to have it working too: > http://www.renatomorano.net/?p=291 > > Funny thing is that Peter dribble is mentioned in that page. He's on > this list too? > Tribble. Ahem. The NDIS stuff is, in general, *really* old. My experience was mixed at best. I think it got me through an OpenSolaris summit, but it never worked in the office, and was pretty unstable in busy environments (eg the airport, where it would kernel panic in under a minute). > And I found this: > https://thestaticvoid.com/post/2011/06/09/wireless-802- > 1x-support-in-solaris > / > > ( I can remember that I had a laptop once where I installed OI on. It > worked with WPA out of the box for as far as I can remember) > > -Oorspronkelijk bericht- > Van: Carsten Grzemba [mailto:grze...@contac-dt.de] > Verzonden: vrijdag 19 augustus 2016 13:17 > Aan: Discussion list for OpenIndiana > >; > openindiana-discuss@openindiana.org > Onderwerp: Re: [OpenIndiana-discuss] OpenIndiana Drivers For My > Wireless Network Device > > > > On 19.08.16 12:20, Jean-Pierre André > wrote: > > > > Aurélien Larcher wrote: > > >On Fri, Aug 19, 2016 at 11:13 AM, jay wrote: > > >> > > >>Esteemed Colleagues, > > >> > > >>Yesterday I booted my new laptop (well, new to me) from the latest > > >>hipster iso, intending to proceed immediately therefrom to an > > >>installation. I noticed, alas, that the system had no knowledge of > > >>my wireless network device. This makes the system useless for my > > >>computer, it is, after all, a laptop, it is a portable device that > > >>on occasion literally sits atop my lap, it has to be able to > > >>connect to a network without there being an Ethernet cable stuck into it. > > >>The Device Driver Utility (or whatever it's called, I don't have > > >>it on the screen anymore, otherwise I would be running OpenIndiana > > >>and would therefore be unable to send this e-mail) noted, > > >>correctly, the existence of a > > >> > > >> Broadcom Corporation BCM4312 802.11b/g LP-PHY > > >> > > >>but it had no driver for it. > > > > > >There has been some work to user NDIS wrapper: > > > > > >https://www.illumos.org/issues/3367 > > > > > > > This can only use WEP encryption, because the interface to NDIS5 is > > not compatible with the WPA four-step handshake (some user level > > replies from the access point have to be redirected to the > > supplicant). > > > > I would volunteer to interface to the Broadcom supplied driver > > (hybrid-port) for which an unterface to Linux is available, or to a > > more recent open source driver for Linux (which supports newer > > Broadcom hardware, though the BCM4312 is said to be poorly supported). > > > > But I have (again) to ask for help for doing that. The relations > > between net80211, mac, dladm and wpad are opaque. > > There has been a Google summer of code about WPA2, but I could not > > get anything useful from it (apparently WPA Enterprise requires a > > significant reworking of the relations between these modules). > > > > Jean-Pierre > > > > > > > > > > ___ > > openindiana-discuss mailing list > > openindiana-discuss@openindiana.org > > https://openindiana.org/mailman/listinfo/openindiana-discuss > > > I tried to merge the GSoC WPA-Enterprise stuff in illumos but it did > not work. Because I couldn't contact the maintainer I stopped my effort. > > https://github.com/cgrzemba/illumos-gate > ___ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > https://openindiana.org/mailman/listinfo/openindiana-discuss > > > ___ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > https://openindiana.org/mailman/listinfo/openindiana-discuss > -- -Peter Tribble http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/ ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana Drivers For My Wireless Network Device
And this one seems to have it working too: http://www.renatomorano.net/?p=291 Funny thing is that Peter dribble is mentioned in that page. He's on this list too? And I found this: https://thestaticvoid.com/post/2011/06/09/wireless-802-1x-support-in-solaris / ( I can remember that I had a laptop once where I installed OI on. It worked with WPA out of the box for as far as I can remember) -Oorspronkelijk bericht- Van: Carsten Grzemba [mailto:grze...@contac-dt.de] Verzonden: vrijdag 19 augustus 2016 13:17 Aan: Discussion list for OpenIndiana ; openindiana-discuss@openindiana.org Onderwerp: Re: [OpenIndiana-discuss] OpenIndiana Drivers For My Wireless Network Device On 19.08.16 12:20, Jean-Pierre André wrote: > > Aurélien Larcher wrote: > >On Fri, Aug 19, 2016 at 11:13 AM, jay wrote: > >> > >>Esteemed Colleagues, > >> > >>Yesterday I booted my new laptop (well, new to me) from the latest > >>hipster iso, intending to proceed immediately therefrom to an > >>installation. I noticed, alas, that the system had no knowledge of > >>my wireless network device. This makes the system useless for my > >>computer, it is, after all, a laptop, it is a portable device that > >>on occasion literally sits atop my lap, it has to be able to connect > >>to a network without there being an Ethernet cable stuck into it. > >>The Device Driver Utility (or whatever it's called, I don't have it > >>on the screen anymore, otherwise I would be running OpenIndiana and > >>would therefore be unable to send this e-mail) noted, correctly, the > >>existence of a > >> > >> Broadcom Corporation BCM4312 802.11b/g LP-PHY > >> > >>but it had no driver for it. > > > >There has been some work to user NDIS wrapper: > > > >https://www.illumos.org/issues/3367 > > > > This can only use WEP encryption, because the interface to NDIS5 is > not compatible with the WPA four-step handshake (some user level > replies from the access point have to be redirected to the > supplicant). > > I would volunteer to interface to the Broadcom supplied driver > (hybrid-port) for which an unterface to Linux is available, or to a > more recent open source driver for Linux (which supports newer > Broadcom hardware, though the BCM4312 is said to be poorly supported). > > But I have (again) to ask for help for doing that. The relations > between net80211, mac, dladm and wpad are opaque. > There has been a Google summer of code about WPA2, but I could not get > anything useful from it (apparently WPA Enterprise requires a > significant reworking of the relations between these modules). > > Jean-Pierre > > > > > ___ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > https://openindiana.org/mailman/listinfo/openindiana-discuss > I tried to merge the GSoC WPA-Enterprise stuff in illumos but it did not work. Because I couldn't contact the maintainer I stopped my effort. https://github.com/cgrzemba/illumos-gate ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana Drivers For My Wireless Network Device
http://forum2.kingofcoders.com/archiver/?tid-854.html Seems someone had it running? -Oorspronkelijk bericht- Van: Carsten Grzemba [mailto:grze...@contac-dt.de] Verzonden: vrijdag 19 augustus 2016 13:17 Aan: Discussion list for OpenIndiana ; openindiana-discuss@openindiana.org Onderwerp: Re: [OpenIndiana-discuss] OpenIndiana Drivers For My Wireless Network Device On 19.08.16 12:20, Jean-Pierre André wrote: > > Aurélien Larcher wrote: > >On Fri, Aug 19, 2016 at 11:13 AM, jay wrote: > >> > >>Esteemed Colleagues, > >> > >>Yesterday I booted my new laptop (well, new to me) from the latest > >>hipster iso, intending to proceed immediately therefrom to an > >>installation. I noticed, alas, that the system had no knowledge of > >>my wireless network device. This makes the system useless for my > >>computer, it is, after all, a laptop, it is a portable device that > >>on occasion literally sits atop my lap, it has to be able to connect > >>to a network without there being an Ethernet cable stuck into it. > >>The Device Driver Utility (or whatever it's called, I don't have it > >>on the screen anymore, otherwise I would be running OpenIndiana and > >>would therefore be unable to send this e-mail) noted, correctly, the > >>existence of a > >> > >> Broadcom Corporation BCM4312 802.11b/g LP-PHY > >> > >>but it had no driver for it. > > > >There has been some work to user NDIS wrapper: > > > >https://www.illumos.org/issues/3367 > > > > This can only use WEP encryption, because the interface to NDIS5 is > not compatible with the WPA four-step handshake (some user level > replies from the access point have to be redirected to the > supplicant). > > I would volunteer to interface to the Broadcom supplied driver > (hybrid-port) for which an unterface to Linux is available, or to a > more recent open source driver for Linux (which supports newer > Broadcom hardware, though the BCM4312 is said to be poorly supported). > > But I have (again) to ask for help for doing that. The relations > between net80211, mac, dladm and wpad are opaque. > There has been a Google summer of code about WPA2, but I could not get > anything useful from it (apparently WPA Enterprise requires a > significant reworking of the relations between these modules). > > Jean-Pierre > > > > > ___ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > https://openindiana.org/mailman/listinfo/openindiana-discuss > I tried to merge the GSoC WPA-Enterprise stuff in illumos but it did not work. Because I couldn't contact the maintainer I stopped my effort. https://github.com/cgrzemba/illumos-gate ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss
[OpenIndiana-discuss] Patience
Hi, We are running a 24/7 business with several OI servers and zones. Today I am in our datacentre suite and I discovered that I forgot my laptop. Because I am waiting for replacement parts of one of our servers I thought I could play a game of patience on one of the servers. The server is a dual 8 core with 128GB RAM and 48 SSD drives, so that should do it. But I discovered now that it has an Intel graphics card.. Is there any chance that I could play patience on this machine? ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org https://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] struct msghdr and _XPG4_2
http://stackoverflow.com/questions/1034587/how-does-xpg4-2-and-other-defines -work-on-solaris -Oorspronkelijk bericht- Van: Alexander Pyhalov [mailto:a...@rsu.ru] Verzonden: woensdag 25 mei 2016 9:16 Aan: Discussion list for OpenIndiana Onderwerp: [OpenIndiana-discuss] struct msghdr and _XPG4_2 Hi. It seems illumos/Solaris is the only OS which doesn't have msg_control and msg_controllen in struct msghdr by default. So, code like this (this time taken from scrren), fails. struct sockaddr_un a; struct msghdr msg; struct iovec iov; char control[1024]; len = sizeof(a); debug("Ha, there was someone knocking on my socket??\n"); if ((ns = accept(ns, (struct sockaddr *) &a, (void *)&len)) < 0) { Msg(errno, "accept"); return; } p = (char *) &m; left = sizeof(m); bzero(&msg, sizeof(msg)); iov.iov_base = &m; iov.iov_len = left; msg.msg_iov = &iov; msg.msg_iovlen = 1; msg.msg_controllen = sizeof(control); msg.msg_control = &control; I know I can define _XPG4_2 or experiment with _XOPEN_SOURCE, but it seems ugly. Is it because of some standard requirements or just historical artifact? Can we somehow alleviate this issue? -- Best regards, Alexander Pyhalov, system administrator of Southern Federal University IT department ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] struct msghdr and _XPG4_2
Interesting topic! A quick search brought me this: https://bugs.php.net/bug.php?id=66013 (but it seems you found it too) It seems you are bound to XPG4_2... http://docs.oracle.com/cd/E19253-01/817-4415/sockets-27/index.html http://linux.die.net/man/2/recvmsg http://pubs.opengroup.org/onlinepubs/7908799/xns/syssocket.h.html I read: "The field msg_control, which has length msg_controllen, points to a buffer for other protocol control-related messages or miscellaneous ancillary data. When recvmsg() is called, msg_controllen should contain the length of the available buffer in msg_control; upon return from a successful call it will contain the length of the control message sequence." So the use of msg_control is optional if I read it correctly. -Oorspronkelijk bericht- Van: Alexander Pyhalov [mailto:a...@rsu.ru] Verzonden: woensdag 25 mei 2016 9:16 Aan: Discussion list for OpenIndiana Onderwerp: [OpenIndiana-discuss] struct msghdr and _XPG4_2 Hi. It seems illumos/Solaris is the only OS which doesn't have msg_control and msg_controllen in struct msghdr by default. So, code like this (this time taken from scrren), fails. struct sockaddr_un a; struct msghdr msg; struct iovec iov; char control[1024]; len = sizeof(a); debug("Ha, there was someone knocking on my socket??\n"); if ((ns = accept(ns, (struct sockaddr *) &a, (void *)&len)) < 0) { Msg(errno, "accept"); return; } p = (char *) &m; left = sizeof(m); bzero(&msg, sizeof(msg)); iov.iov_base = &m; iov.iov_len = left; msg.msg_iov = &iov; msg.msg_iovlen = 1; msg.msg_controllen = sizeof(control); msg.msg_control = &control; I know I can define _XPG4_2 or experiment with _XOPEN_SOURCE, but it seems ugly. Is it because of some standard requirements or just historical artifact? Can we somehow alleviate this issue? -- Best regards, Alexander Pyhalov, system administrator of Southern Federal University IT department ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] More recent modsecurity pkg
-Oorspronkelijk bericht- Van: Nikola M [mailto:minik...@gmail.com] Verzonden: donderdag 5 mei 2016 10:02 Aan: Discussion list for OpenIndiana Onderwerp: Re: [OpenIndiana-discuss] More recent modsecurity pkg On 05/ 5/16 09:48 AM, the outsider wrote: > I also have a Solaris 11.3 machine with contract. > But what are the legal consequences if I compile anything on it? Your code, your binaries. plus you have a contract. Even if you don't I know they (Orcl) makes OS releases (without support/updates) available fo your use and for development. Openindiana can be used for production use without a contract, but it suppose you are active in tresting and making it better :) > The costs of a contract are not as high as many people think. I think they are 1K USD per 1 socket server? But it's sort of off-topic on this list to advocate proprietary products support contracts. I do not advocate anything, but it costs ~ € 750,- for any SUN hardware server per year. Dual or single processor same price. And you get hard- and software support, even on X4140 and X4150 servers. It is a bargain if you compare it with Windows server datacentre. The price you mention is for non-sun/oracle hardware There are nice second hand systems available on Ebay. Speaking of proprietary, Orcl Solaris is not as proprietary as one might think, since there are open parts of Solaris: https://solaris.java.net/ where Openindiana uses a part of it (IPS, parts of X etc hg.openindiana.org) OmniTI and Joyent as I know sell support for their illumos-based distros. (And Nexenta but with pool size limitation and weren't following it lately.) ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] More recent modsecurity pkg
I also have a Solaris 11.3 machine with contract. But what are the legal consequences if I compile anything on it? The costs of a contract are not as high as many people think. -Oorspronkelijk bericht- Van: Nikola M [mailto:minik...@gmail.com] Verzonden: donderdag 5 mei 2016 8:24 Aan: Discussion list for OpenIndiana Onderwerp: Re: [OpenIndiana-discuss] More recent modsecurity pkg On 05/ 3/16 11:25 PM, Stefan Müller-Wilken wrote: > Dear all, > > could anyone with access to the Sun Studio environment do me a great favor and lift the mod_security package from its current IPS incarnation to the 2.9.1 available from modsecurity.org? I tried to compile it with 'gcc' but that will crash Apache httpd under oi_151a9 when loading the module. It is not easy to get older patched Studio releases today. I also tried to install newest Studio on newest OI hipster, but Orcl is making Studio only Solaris-aware and it doesn't regularly install, because of a linker depending on Solaris 11. If anyone of you have support contract with Oracle and wnat Solaris studio to support building on illumos, please ask them via regular channel. Studio that used to be used to compile illumos and OI, before moving to GCC, with md5sums is named: 43ecac9ceecf0dbe8297ae8caacce457 sunstudio12-patched-ii-2009Sep-sol-x86.tar.bz2 1490e3a8eddd972d7467a36afdf88a5a sunstudio12u1-patched-ii-2010Feb-sol-x86.tar.gz (Hash: d08486a68dda65b045b9cd887559fb771da4852c ) Patched SPARC Studio is also not easy to find, (Hash: dde33b1801b8148df06b6980da750c4294f9afdc ) if someone has older,patched Studio for SPARC, please report. ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OpenIndiana Docs (proof of concept) - What is it all about?
Hi Michael, I admire your dedication, knowledge and your love for OpenIndiana. But imho I think you are too late. OpenIndiana is almost near extinction. I have been on the mailing lists quite some time and questions and responses are declining rapidly. In my opinion this is caused by the separation of OI users in 2 groups: the PC/laptop OS users and the server users. Too many times there have been devastating discussions about getting Firefox ready on OI and if or not one should bake pizza's to create the code. While on the other hand updates for every day used server programs are not available. For server usage in a professional way OI is lacking more and more security updates, only if you use the hipster or hipster2 or no wait the hipster-hipster version. (I lost track of it) I have long tried to use OI as a professional server but in December I installed SmartOS and I went from hell to heaven. I went from 7 days half-baked "make" "configure" "install" search and destroy deployment nightmares to 15 minutes deployment. There is only one big problem with SmartOS and that it has opensource sourced by a commercial company. So there can always be a point in time where the opensource will be closed or unreachable. But at this moment Joyent flows there advantages back to the Illumos core. (http://mail-index.netbsd.org/pkgsrc-users/2016/04/29/msg023314.html) so even OI should benefit from it. So IMHO someone (preferable more than one) should build the bridge between documentation scattered over illumos, solaris, smartos and Openindiana websites and creators. This is my opinion, no insults intended. Br, Roel -Oorspronkelijk bericht- Van: Michael Kruger [mailto:makruger2...@gmail.com] Verzonden: woensdag 4 mei 2016 7:00 Aan: OpenIndiana Developer mailing list ; Discussion list for OpenIndiana Onderwerp: [OpenIndiana-discuss] OpenIndiana Docs (proof of concept) - What is it all about? Now that the dust has settled a little bit after my initial presentation, perhaps I should elaborate a bit about my motivations and intentions in creating this little proof of concept. In the responses and discussions that followed, some feathers were ruffled, and a number of points where raised, many of which could be distilled into at least 3 distinct themes. I'll start by talking about the first theme as everything else hinges upon it. * Community conduct * Project visibility * Proof of concepts * Version control * Hosting infrastructure * Project marketing, SEO * Existing docs (OSOL Docs) * Viability/Usability of Wiki * dlc.openindiana.org/docs * Documentation Standards (media types, etc.) * Licensing/Contributer agreements/copyrights, branding etc. It's now been about 3 months since I volunteered to help the project with documentation. I have learned quite a bit and overall it's been very interesting. I chose this project because it was very small, needed people, and I thought I might be able to make a meaningful difference. I still believe that. So, this is my creative outlet. This is a place where I can express myself, learn, try new things, and explore new ideas. It's a place where I can (hopefully) make a difference. Having a creative outlet is very important to me, because in my day job I work for a government bureaucracy. There each department is it's own little kingdom where nobody shares information or works together. As a result, innovation is stifled and dysfunction is pervasive. Even worse, most people are unhappy, and everyone complains. But the money is good and my commute is very short, so I put up with it all. Here however, we're all volunteering our time. So I think having an atmosphere of acceptance, civility, and respect is extremely important. If not, the project will eventually curl up and die. However, before any of that happens, people may find themselves needing to work alone or in small groups specifically and intentionally excluding individuals with problematic behaviors. This will occur because it's simply not possible to get anything done in an atmosphere of hostility, jumping to premature conclusions, or where kvetching is the rule of the day. This leads me to suggest there should be an OpenIndiana 'Code of Conduct' to help reign in people with troublesome behaviors. After all, such individuals effectively prevent others from achieving anything meaningful. The future of the project may very well depend on it. Having said all of that, let me turn the discussion back to my little docs website proof of concept. For starters, it's not a submarine project, nor do I intend to apply any kind of licensing which may restrict it's reuse in any way. Frankly I could care less how it's licensed. I wrote it all for the pure joy of writing. And in the spirit of community, it's free and available to all. As for how it evolved the way it did, there are a number of reasons. As soon as I joined the project I began looking at the OSOL docs, the web
Re: [OpenIndiana-discuss] Looking for experienced user input on specific Machine purchase
The Specs are quite good indeed. I don't know where you want to use the machine for, but keep in mind: 1. type of disk controller, only a few are supported by OI 2. number of attachable devices on the harddisk controller, most only accept 2 drives which is too low IMHO 3. I have a ML350G6 server, bought it for the same price. It has low power consumption, but if i put something in a PCIe slot the fans start to run at 60% which creates a lot of sound. So I need to stick to the embedded P410i controller. 4. Xeon's X5460 are fast, but consume a awful lot of energy. That is why i choose the Xeon L5630 (http://cpuboss.com/cpus/Intel-Xeon-X5460-vs-Intel-Xeon-L5630) 5. I searched the internet several weeks for a good second hand server. In Holland there is a nice second hand server shop: serverhome.nl Br, Roel -Oorspronkelijk bericht- Van: Harry Putnam [mailto:rea...@newsguy.com] Verzonden: zondag 24 januari 2016 1:53 Aan: openindiana-discuss@openindiana.org Onderwerp: [OpenIndiana-discuss] Looking for experienced user input on specific Machine purchase Hoping a few here may have experience with this hardware and can speak from experience about installing OI and using as a home NAS. My skill level is weak but I have done something very similar on one previous occasion. (With plenty of help from this list) Am I likely to be walking into known headaches? And finally, I'd like to know if stated specs and price are something of a bargain? ---- ---=--- - HP XW8600 Workstation 2x Xeon Quad Core X5460 Price is $660 ---- ---=--- - Condition: Seller refurbished: [...] Brand: HPxw8600 workstation Processors: 2x Xeon (5460) Processor Speed: 3.1 GHz Product Line:Workstation Graphics Processing Type:Dedicated Graphics Memory: 32GB Operating System:Windows 7 Hard Drive Capacity: 2TB Processor Type: Xeon Quad Core ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
[OpenIndiana-discuss] [informational] HyperX Predator PCIe SSD usable as ZFS cache device
Just to inform everyone, i tested the HyperX Predator PCIe SSD 240GB in a HP ML350G6 server yesterday and it was detected by the OS as a new drive. I must say I that the OS was SmartOS, but I am almost certain that the device will work on OI also. I have attached it as a cache device to my ZFS mirror and it worked very well. Unfortunality HP made a crapy bios for the ML350G6 which detects the PCIe device and adjusts the ventilatorspeeds to 70% without any need. Since I use the ML as a home/office server the increased acoustics of the vents made me crazy and I removed the Predator. When I have time I will install it in a server in the datacentre where we have a 16x 300GB ZFS storage and I can run different benchmarks. Format detected the device without any troubles as c1t0d0 and I could partition it. It would be nice to create some partitions for cache and ZIL on the device, but I don't know if ZFS needs a whole drive or just a partition? ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] [HEADSUP] serious security issue in sysding
Which OI versions are impacted? Only Hipster or also 1.59? -Oorspronkelijk bericht- Van: Alexander Pyhalov [mailto:a...@rsu.ru] Verzonden: dinsdag 22 december 2015 23:58 Aan: Discussion list for OpenIndiana Onderwerp: [OpenIndiana-discuss] [HEADSUP] serious security issue in sysding If you followed, we've just replaced sysidtool with sysding. This could have serious consequences for OI zones. sysding has logic which checks on the first run if zone's root password was set in sysding.conf. If it wasn't set, it is set to 'NP'. This is necessary for zlogin to work correctly. The issue is that until last version it didn't check if root password in /etc/shadow is non-empty. It is aggravated by the fact, that service/management/sysidtool was renamed to service/management/sysding. So, on zone update sysding thinks that it is run for the first time and resets root password to 'NP'. The issue is resolved in pkg://openindiana.org/service/management/sysding@0.5.11,5.11-2015.0.2.12 So, if you update system, ensure that this version is installed in your zones. If you have earlier version installed, please, check you root password's hash in /etc/shadow. The scope of the issue is decreased by the fact that package with sysidtool => sysding renaming existed only several hours until updated sysding landed to the repository. -- System Administrator of Southern Federal University Computer Center ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Mailservers and clients that work on OI
Ok, but OCUCS is the top of the bill I played with it in SUN time and it was already impressive at that time! Just like the SUN java webserver, which has now split into iPlanet and Liferay. Like all SUN products they were invented and created by the best and most creative people. I still think that Steve Jobs was sleeping when Oracle wanted to buy SUN. Apple could have ruled the world on desktop and server level. (although it wouldn't be good for the world) The product I use costs ~€ 1300,- for the first year and a 25 user license. The next year you pay approx. € 250,- each year. Pricing is beyond home server usage, but for institutional usage it is very good and a good alternative for Exchange online. And it runs on OI 100%. -Oorspronkelijk bericht- Van: Jim Klimov [mailto:jimkli...@cos.ru] Verzonden: vrijdag 18 december 2015 12:42 Aan: Discussion list for OpenIndiana ; the outsider ; 'Discussion list for OpenIndiana' Onderwerp: Re: [OpenIndiana-discuss] Mailservers and clients that work on OI 18 декабря 2015 г. 10:52:20 CET, the outsider пишет: >I just want to share this because I see a lot of people moving to >office365 >and google because they are tiered of all problems with hosting their >own mailserver and to keep it up to date and running. > >I use a commercial product that works out of the box on Openindiana. >But it >is free for 5 users. (although you lose 1 for the "postmaster") It >supports SMTP, POP3, RPOP, AIRSYNC, SIP, XMPP, WEBCAL, Webmail and >more. > >With RPOP you can fetch email from different mail accounts into 1 mail >account on this server. So I fetch my mail from several accounts with a >pop3 >box every 2 minutes and store it in 1 user account on my server. My >phone and mailclient connect via IMAP with my server and I can read all >mail with >1 account and 1 password. > >I searched the internet for weeks for a good Solaris ready mailserver >and this was the best I could find. Even Oracle doesn't offer >mailserver solutions for Solaris. > >Since I don't want to be called a spammer I will not post the name of >the program. >If you are interested please DM me, I have 0.0 connections with this >mail program but I hate it when people discard OpenIndiana as a >server-OS because they think they can do more with something else. > > > >___ >openindiana-discuss mailing list >openindiana-discuss@openindiana.org >http://openindiana.org/mailman/listinfo/openindiana-discuss > > >___ >openindiana-discuss mailing list >openindiana-discuss@openindiana.org >http://openindiana.org/mailman/listinfo/openindiana-discuss > Even Oracle doesn't offer mailserversolutions for Solaris. Not quite true, the last I checked, Sun Mail Server (nee Netscape mail, then Java CommSuite, now OCUCS) lives on and produces new versions. My old job supported it for a number of ccustomers with my hands, a pretty good product. Although in Oracle hands it is now only paid-for, and with a minimal purchase baseline so it is aimed at providers or very large organizations. Things are negotiatable but it is difficult. Jim -- Typos courtesy of K-9 Mail on my Samsung Android ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Mailservers and clients that work on OI
I just want to share this because I see a lot of people moving to office365 and google because they are tiered of all problems with hosting their own mailserver and to keep it up to date and running. I use a commercial product that works out of the box on Openindiana. But it is free for 5 users. (although you lose 1 for the "postmaster") It supports SMTP, POP3, RPOP, AIRSYNC, SIP, XMPP, WEBCAL, Webmail and more. With RPOP you can fetch email from different mail accounts into 1 mail account on this server. So I fetch my mail from several accounts with a pop3 box every 2 minutes and store it in 1 user account on my server. My phone and mailclient connect via IMAP with my server and I can read all mail with 1 account and 1 password. I searched the internet for weeks for a good Solaris ready mailserver and this was the best I could find. Even Oracle doesn't offer mailserver solutions for Solaris. Since I don't want to be called a spammer I will not post the name of the program. If you are interested please DM me, I have 0.0 connections with this mail program but I hate it when people discard OpenIndiana as a server-OS because they think they can do more with something else. ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
[OpenIndiana-discuss] ML350G6 What to do?
I already use OI 151a9 on a HP N54L server since 2013 but I build it poorly, with 2x2TB in basic ZFS mirror and 1 very old 250GB for OI itself. To prevent myself from disaster I searched for a bargain and found something nicely second hand, so I bought an HP ML350G6 with the (infamous) P410i RAID card with 512MB RAM and battery backup. Server has 1 Xeon L5630, 6x 3,5" SAS/SATA bays and 32 GB RAM. It should consume low power due to the 40W processor. it is just a little bit bigger then the HP microserver ;-) But now I have a battery backupped HD controller, 32GB RAM and 6 3,5" bays and it was cheaper than a new Microserver. The server is for home use. I would appreciate suggestions based on the following needs: 1. the server needs to run several Solaris zones for testing and separating different jobs 2. the server needs to have SATA drives (WD RED series) 2,3 or 4 TB each 3. idea is to create a ZFS RAID Z2 pool with 4 or more drives The questions I have: 1. What should I install: OI Hipster or OI 151a8 or ?? 2. What is the current limit for OI and WD RED series SATA drive sizes? 3. I could create a RAID1 config on the P410i with 2x 500GB for the OI OS, then I am a bit safer regarding disk failure. But would it work? 4. Because the P410i doesn't have JBOD function I want to set all disks as RAID0 single disk and create a ZFS pool around them, or ? Br, Roel ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OI roadmap (for production)
Or see these articles: http://www.oracle.com/technetwork/topics/security/alerts-086861.html#ThirdPa rtyBulletin http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.ht ml -Oorspronkelijk bericht- Van: Peter Tribble [mailto:peter.trib...@gmail.com] Verzonden: dinsdag 8 december 2015 16:25 Aan: Discussion list for OpenIndiana Onderwerp: Re: [OpenIndiana-discuss] OI roadmap (for production) On Tue, Dec 8, 2015 at 11:14 AM, Jim Klimov wrote: > > >From: Tim Mooney [mailto:tim.moo...@ndsu.edu] > > > > >I'm trying to find a way to verify component security that doesn't > >rely on more work from the few people that are already doing the > >security work, but it's not clear what a good method is to perform > >that verification. > > > >Tim > > Might it make sense to use some pkg(5) metadata to list the cve's > known covered by a particular release+patch recipe used in the build? > I know i'd quickly stop maintaining such data though, but there may be > even pedantical people than mysekf out there ;) And for a > commercialized or otherwise paid effort, someone could be doing this > sysiphus task. Anyhow, someone has to revise if a cve applies to our > code and write down the inspection results somewhere - might as well accompany the relevant code snapshot. > > reminds me sort of like sun's patch readmes with lists of changelogs > and bugids and errata... > You mean like the way Oracle Solaris has additional IPS metadata to track CVEs? https://blogs.oracle.com/darren/entry/cve_metadata_in_solaris_ips -- -Peter Tribble http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/ ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] OI roadmap (for production)
How far is the foundation of this foundation? Would it be an idea to create an international pool of students to work on OI? In Holland companies have trainee possibilities for polytechnic students, it would be possible to let them work on OI (partially). Personally i would like to focus on a secure(=patched) server environment of OI and that will take lots of work. In this new digital world borders are gone and people can work together easily around the world. With SVN, Git, skype, irc and so on there are no limits. I hope OI will survive in the next coming years. Br, Roelof -Oorspronkelijk bericht- Van: Private openbabel [mailto:openba...@gmail.com] Verzonden: zondag 6 december 2015 22:00 Aan: openindiana-discuss@openindiana.org Onderwerp: Re: [OpenIndiana-discuss] OI roadmap (for production) On 05/12/2015 21:16, Bob Friesenhahn wrote: > On Fri, 4 Dec 2015, Predrag Zečević - Unix Systems Administrator wrote: >> >> Also, number of people involved in OS maintenance made me suggest >> SmartOS or OmniIT... > > OmniOS succeeds due to its quite limited scope rather than a large > number of maintainers. It leaves the responsibility for providing > common server applications (e.g. Apache) to others. SFE is in a > fledgling state for OmniOS, but might prove to be a significant future > source of applications (in addition to Joyent-supported pkgsrc and > third parties who have provided public access to their IPS packages). > > SmartOS does not likely have a large number of maintainers either, but > Joyent has bet its future on it. SmartOS also succeeds by limiting > its scope. > > OpenIndiana has a much larger scope given how many packages it offers > by default. > > Bob Dear Bob, I would like to see a foundation registered in the UK in early 2016 to receive donations and sponsorship similar to Libre Office.This will help with some of the development objectives outlined. Regards Robert Jones ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
[OpenIndiana-discuss] Moving zone
I tried to move a zone from the basic rpool ZFS system to a larger ZFS system on the same machine. (The name of my zone is "zonegate", the large ZFS system is called largetank ) Since there are many different "manuals" on the internet and I tried one which told to do "zoneadm -z zonegate move. But this resulted in a partially moved zone. Which states: ZFS list rpool/zones/zonegate 9.90G 19.9G33K /largetank/zones/zonegate rpool/zones/zonegate/ROOT 9.90G 19.9G31K legacy rpool/zones/zonegate/ROOT/zbe 9.90G 19.9G 3.11G legacy rpool/zones/zonegate/ROOT/zbe-1 85.5K 19.9G 1.96G legacy So i messed up bigtime. And this zone is very important for its data, so I can't afford to make mistakes. What is the best thing to do? ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] network errors
zonecfg -z gls3 info zonename: gl3 zonepath: /zones/gls3 brand: ipkg autoboot: true bootargs: pool: limitpriv: scheduling-class: ip-type: shared hostid: fs-allowed: net: address: 192.168.132.173/24 allowed-address not specified physical: nge0 defrouter: 192.168.132.1 I have multiple zones that share nics over net0, net1 and net2. I come from the dark lands of solaris 10 and never used crossbow or vnics because it was never needed. Today I tried to use a vnic setup for a zone to test with it, but Oi documentation is very limited and new solaris11 documentation uses instructions that are not incorporated in OI. "Ipadm create-ip" is for example a solaris 11 instruction which is not available in OI. There is a ipadm create-if in OI, but I don't know if it is the same. When I finally had a zone running with a vnic it couldn't reach the network, so I moved the complete webserver to solaris 11 and there it runs without problems with the same ip-address. Roel -Oorspronkelijk bericht- Van: Jonathan Adams [mailto:t12nsloo...@gmail.com] Verzonden: vrijdag 19 juni 2015 18:04 Aan: Discussion list for OpenIndiana Onderwerp: Re: [OpenIndiana-discuss] network errors just to start, are these ip-type=shared, or ip-type=exclusive? If they are shared, can you show us a limited "net" only section of your svccfg -z info ? Is there any reason that you are using separate cards for each zone, and not just virtualizing the cards? Jon On 19 June 2015 at 16:56, the outsider wrote: > I have a server with 3 networkports connected to the local network > (1GB) > > On my server I run multiple zones all within the same range. > (192.168.132.x) > > > > > I have several OI and solaris 11 servers and have never seen these > problems before, they seem to be related: > > Problem 1: > > When I try pkg update from the global zone I get only error messages > like > > URL: 'http://pkg.openindiana.org/sfe'. (happened 4 times) > > 3: Framework error: code: 7 reason: Failed to connect to 91.194.74.133: > Cannot assign requested address > > URL: 'http://pkg.openindiana.org/legacy'. (happened 4 times) > > > > This "Cannot assign requested address" can be caused by a limit on > free sockets, but I tried "netstat -s |fgrep -i listendrop" and it reports: > > netstat -s |fgrep -i listendrop > > tcpListenDrop = 0 tcpListenDropQ0 = 0 > > sctpListenDrop = 0 sctpInClosed= 0 > > > > so no packets seem to get dropped > > > > Problem 2: > > From the within the zones I get ping and other connection errors like > DNS to all IP-adresses outside the server. This happens randomly it > seems. > > root@GF03:~# traceroute openindiana.org > > traceroute to openindiana.org (95.131.249.92), 30 hops max, 40 byte > packets > > 1 * * * > > 2 * * * > > 3 ^C > > > > But 2 minutes later: > > root@GF03:~# traceroute openindiana.org > > traceroute: unknown host openindiana.org > > root@GF03:~# traceroute openindiana.org > > traceroute: unknown host openindiana.org > > > > a couple of weeks ago the problems were even bigger and I stumbled > upon a helpfile on the internet suggesting to turn on > svc:/network/location:default > > svcadm enable svc:/network/location:default > > It cured a lot of connection problems, but it was the first time that > I had to enable it within zones and there a still strange connection errors. > > > > OS is : SunOS PSK-OI 5.11 oi_151a9 i86pc i386 i86pc Solaris > > > > The server is connected to a 24 port Gigabit switch, together with > another Solaris 11 box and a windows server. These 2 servers don't > have any problem. > > > > > > > > > ___ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss > ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
[OpenIndiana-discuss] network errors
I have a server with 3 networkports connected to the local network (1GB) On my server I run multiple zones all within the same range. (192.168.132.x) I have several OI and solaris 11 servers and have never seen these problems before, they seem to be related: Problem 1: When I try pkg update from the global zone I get only error messages like URL: 'http://pkg.openindiana.org/sfe'. (happened 4 times) 3: Framework error: code: 7 reason: Failed to connect to 91.194.74.133: Cannot assign requested address URL: 'http://pkg.openindiana.org/legacy'. (happened 4 times) This "Cannot assign requested address" can be caused by a limit on free sockets, but I tried "netstat -s |fgrep -i listendrop" and it reports: netstat -s |fgrep -i listendrop tcpListenDrop = 0 tcpListenDropQ0 = 0 sctpListenDrop = 0 sctpInClosed= 0 so no packets seem to get dropped Problem 2: >From the within the zones I get ping and other connection errors like DNS to all IP-adresses outside the server. This happens randomly it seems. root@GF03:~# traceroute openindiana.org traceroute to openindiana.org (95.131.249.92), 30 hops max, 40 byte packets 1 * * * 2 * * * 3 ^C But 2 minutes later: root@GF03:~# traceroute openindiana.org traceroute: unknown host openindiana.org root@GF03:~# traceroute openindiana.org traceroute: unknown host openindiana.org a couple of weeks ago the problems were even bigger and I stumbled upon a helpfile on the internet suggesting to turn on svc:/network/location:default svcadm enable svc:/network/location:default It cured a lot of connection problems, but it was the first time that I had to enable it within zones and there a still strange connection errors. OS is : SunOS PSK-OI 5.11 oi_151a9 i86pc i386 i86pc Solaris The server is connected to a 24 port Gigabit switch, together with another Solaris 11 box and a windows server. These 2 servers don't have any problem. ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Postfix
Try communigate. Works out of the box on oi and has very nice features. This not spam, i just think it is the best mail solution i ever tried. On 6 april 2015 21:57:00 j...@m5.chicago.il.us wrote: Centuries ago, Nostradamus predicted that Dmitry Kozhinov would write on Sun, 29 Mar 2015 20:37:00 +0500: > > As far as I know, Postfix resides in SFE repository. Before installing > Postfix, add SFE repository (if not have added yet): > > pkg set-publisher -p http://pkg.openindiana.org/sfe > Thank you for telling me this. I would not otherwise have had any way of knowing it. Using your information, I did successfully install postfix. It did not work right away, because my postfix configuration file refers to hash: databases, and the OpenIndiana postfix does not support hash: databases. The error message produced by postfix was completely useless; it was "Temporary lookup failure" on the recipient address, an error message that persisted even after the alias database had been changed from a hash: database to a dbm: database. I eventually figured out that I had to rename all of the hash: databases in my configuration file to dbm: databases, and I had to recreate all of them with the makedbm program (I have not yet tested whether the dir and .pag files that were thus created are recognized on the other operating systems that share the hardware). But that is to be expected. Open-source software never works correctly on Solaris-derived systems the first time you install it. It is working now. Thank you again for your help. Jay F. Shachter 6424 North Whipple Street Chicago IL 60645-4111 (1-773)7613784 landline (1-410)9964737 GoogleVoice http://m5.chicago.il.us j...@m5.chicago.il.us "But when she traced the killer's IP address ... it was in the 192.168/16 block!" ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Device driver utility source
Sometimes the answer is so close you can't imagine to look there... http://wiki.openindiana.org/oi/Package+Repositories On 15 oktober 2014 22:56:00 Aurélien Larcher wrote: Hi, thank you, I have already checked several times in the past (including 2 days ago) it seems that tarballs and source repositories are not archived (or at least the few I have checked). Best regards Aurelien On Wed, Oct 15, 2014 at 10:35 PM, Bruce Lilly wrote: > Given some formerly working URI which has vanished, one way is to go to > https://archive.org and enter the URI there. > E.g.: doing so for "opensolaris.org" yields the saved archives at > https://web.archive.org/web/*/http://opensolaris.org > > On Wed, Oct 15, 2014 at 3:23 PM, Aurélien Larcher < > aurelien.larc...@gmail.com> wrote: > > > Hi, > > since Nikola brought up the topic of resurrection attempts, I wonder if > > someone has a tarball of the source hosted by the DDU project on (now > > defunct) opensolaris.org ? > > > > Aside from some old 1.1 version that I patched with some 1.3.1 webrev > > leftovers in an attempt to setup a git repository and fix some issues, I > > could not find it on the web. > > > > Same applies in general to projects hosted on opensolaris.org (like > > SAM-QFS). > > Best regards > > > > Aurelien > > ___ > > openindiana-discuss mailing list > > openindiana-discuss@openindiana.org > > http://openindiana.org/mailman/listinfo/openindiana-discuss > > > ___ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss > -- --- LARCHER Aurélien | KTH, School of Computer Science and Communication Work: +46 (0) 8 790 71 42 | Lindstedtsvägen 5, Plan 4, 100 44 Stockholm, SWEDEN --- ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Device driver utility source
A year or so ago there were people on the list that claimed they copied the whole tree for backup. Maybe they are still on this list or google might point to these shadow copies. On 15 oktober 2014 22:56:00 Aurélien Larcher wrote: Hi, thank you, I have already checked several times in the past (including 2 days ago) it seems that tarballs and source repositories are not archived (or at least the few I have checked). Best regards Aurelien On Wed, Oct 15, 2014 at 10:35 PM, Bruce Lilly wrote: > Given some formerly working URI which has vanished, one way is to go to > https://archive.org and enter the URI there. > E.g.: doing so for "opensolaris.org" yields the saved archives at > https://web.archive.org/web/*/http://opensolaris.org > > On Wed, Oct 15, 2014 at 3:23 PM, Aurélien Larcher < > aurelien.larc...@gmail.com> wrote: > > > Hi, > > since Nikola brought up the topic of resurrection attempts, I wonder if > > someone has a tarball of the source hosted by the DDU project on (now > > defunct) opensolaris.org ? > > > > Aside from some old 1.1 version that I patched with some 1.3.1 webrev > > leftovers in an attempt to setup a git repository and fix some issues, I > > could not find it on the web. > > > > Same applies in general to projects hosted on opensolaris.org (like > > SAM-QFS). > > Best regards > > > > Aurelien > > ___ > > openindiana-discuss mailing list > > openindiana-discuss@openindiana.org > > http://openindiana.org/mailman/listinfo/openindiana-discuss > > > ___ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss > -- --- LARCHER Aurélien | KTH, School of Computer Science and Communication Work: +46 (0) 8 790 71 42 | Lindstedtsvägen 5, Plan 4, 100 44 Stockholm, SWEDEN --- ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Sendmail on oi 151_a9
Is that really true? I mean even Sun's solaris 10 were not-redistributable. I have a lot of solaris 10 documents that i don't dare to share because of the disclaimers at the first pages. Even Sun solaris 10 had a line in the disclaimer that is was not allowed to post any benchmark results without written permission of Sun. So therefor my question, has it really changed? On 15 oktober 2014 07:16:00 Alan Coopersmith wrote: On 10/14/14 09:47 PM, Nikola M. wrote: > On 10/13/14 07:05 PM, Alan Coopersmith wrote: >> On 10/13/14 08:30 AM, Harry Putnam wrote: >>> You mentioned docs for solaris 11. How do I know when I'm looking at >>> solaris 11 and not something a bit older? >> >> Solaris 11 docs have a new style with "Oracle Solaris 11 Information Library" > And licensing for Oracle docs is also changed from Opensolaris days? > Like they are owned and controlled by Oracle and non- contributable and > non-redistributable? Yes, just like for most other IP Oracle owns in Solaris. -alan- ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Sendmail on oi 151_a9
I am curious what you want to change to sendmail? It still would suggest the use of webmin, since it will let you set and change 85% of the sendmail setting in 5 minutes. On 13 oktober 2014 20:08:00 Gary Mills wrote: On Mon, Oct 13, 2014 at 12:48:53PM -0500, Bob Friesenhahn wrote: > > The best information available may be found on your system in the > file /etc/mail/cf/README, which is provided by the sendmail package. The other place to look is the documents site: http://www.sendmail.com/sm/open_source/docs/ The release notes and the operation guide are useful. > It is advised to have a good 'm4' program available since the .mc > file gets converted to a .cf file using m4. > > For example: > > cd /etc/mail > vi myconfig.mc > m4 /usr/lib/mail/m4/cf.m4 myconfig.mc > sendmail.cf There's a Makefile that does that for you. > You should save your original .mc file in a safe place (e.g. on > several systems) so that it does not get lost. Putting it under > version control is a good idea. -- -Gary Mills--refurb--Winnipeg, Manitoba, Canada- ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] is this project still active
I have no knowledge of programming. But i am willing to help on the website, testsystems, hosting or other needs. Unfortunality i have little to zero free time. It would be nice if we could find students that have interest in developing OI. But a roadmap would be nice for the above. On 11 oktober 2014 13:38:00 Alexander Pyhalov wrote: Mark Stephens писал 11.10.2014 00:22: > I am trying to decide if I should go with Omnios or OpenIndiana for my > storage needs. So I would like to ask is this project still under > active > development? I do not see much activity on the website or any other > medium > such a twitter. Hello. The project is still alive. Perhaps, it's not evident, looking at our site, but it is. If someone wants to update it, he is welcome. There are sufficient problems, as OI developer is a more and more extinct kind of beast. If you want just basic storage (i.e., fresh base and ~ Solaris 11 level of userland software (I mean, a bit outdated)), you can look at OI Hipster. We are trying to deliver at least most urgent security fixes. On other hand, illumos-gate provided packages is rebuilt every day, which may be not so convenient in server environment - pkg update will always want to update all base packages. You can try to stick to Hipster snapshots. We are going to prepare them once per several months. The current one is cooking now. --- System Administrator of Southern Federal University Computer Center ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Future of OI (was Bash Bug issue)
True! That's why i pay for hard&software support on solaris 11.2. (Prices are reasonable when you have Sun hardware) But 11.2 != openindiana. On 10 oktober 2014 02:08:00 Dave Pooser wrote: On 10/9/14 5:13 PM, "The Outsider" wrote: >Hmm i am sorry. I seem to have missed that. >Last time i installed and tested it i needed to get a registrationkey and >wasn't allowed to use nexenta for business without paying a quite high >amount of euros. > >But that was 3 years ago. Open source != free-as-in-beer -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Future of OI (was Bash Bug issue)
Hmm i am sorry. I seem to have missed that. Last time i installed and tested it i needed to get a registrationkey and wasn't allowed to use nexenta for business without paying a quite high amount of euros. But that was 3 years ago. On 9 oktober 2014 23:18:03 Bayard Bell wrote: On 9 October 2014 20:41, openindi...@out-side.nl wrote: > From my limited tunnelview: > > Nexenta: closed source, no real root, no zones. IF you want storage with > support this is the best option. > Please define closed source while accounting for this fundamental fact: https://github.com/nexenta/illumos-nexenta ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Join to AD Domain with HA kpasswd server
I think " joining domain failed (c001)" might give you a clue. When the NAT translates you computers ip-address to a new local, no dns reference will exist for that IP. At least that is what came up in google.. On 8 oktober 2014 21:00:00 Andrew Martin wrote: Hello, I am attempting to join an OpenIndiana server to an Active Directory domain for authenticating smb/server following this guide: http://docs.oracle.com/cd/E19120-01/open.solaris/820-2429/configuredomainmodetask/index.html However, I do not want to specify just a single domain controller in the kdc, admin_server, and kpasswd_server fields since that would be a single point of failure. I have a pair of forwarding servers that host a VIP (ad.example.com) and NAT traffic to any of the available DCs, so I'd prefer to put the hostname of this VIP in these fields instead: [libdefaults] default_realm = EXAMPLE.COM [realms] EXAMPLE.COM = { kdc = ad.example.com admin_server = ad.example.com kpasswd_server = ad.example.com kpasswd_protocol = SET_CHANGE } [domain_realm] .example.com = EXAMPLE.COM However, this doesn't work when I run "smbadm join": Tree Connection SUCCEEDED (0) Authentication SUCCEEDED (0) for administra...@example.com by dc0 Using ad.example.com (dc0) as DC for domain example.com (example) Tree Connection SUCCEEDED (0) Authentication SUCCEEDED (0) for administra...@example.com by dc0 getting initial credentials (Incorrect net address) getting initial credentials (Incorrect net address) Joining domain to alter computer account FAILED (1) using administra...@example.com credentials. Failed to connect to an Active Directory server. Joining domain failed (c001) I think this "Incorrect net address" error is occurring because the address list provided to Kerberos contains the IP addresses of the OpenIndiana server, not the NAT server (ad.example.com). According to the manpage, I should be able to add no_addresses to the [appdefaults] section to request an address-less ticket: [libdefaults] default_realm = EXAMPLE.COM [realms] EXAMPLE.COM = { kdc = ad.example.com admin_server = ad.example.com kpasswd_server = ad.example.com kpasswd_protocol = SET_CHANGE } [domain_realm] .example.com = EXAMPLE.COM [appdefaults] kinit = { renewable = true forwardable = true no_addresses = true } However, doing this does not improve the situation when running "smbadm join". This DOES work when running "kinit" manually. Changing the kdc, admin_server, and kpasswd_server to use one of the DCs directly, e.g dc0.example.com, makes "smbadm join" work successfully. What can I do to successfully join the domain using this NAT server for HA? Thanks, Andrew Martin ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Bash bug issue
Search q-nap & shellshock and you see how deep this goes... On 6 oktober 2014 19:28:00 David Brodbeck wrote: On Thu, Oct 2, 2014 at 8:12 AM, Alan Coopersmith < alan.coopersm...@oracle.com> wrote: > On 10/ 2/14 07:00 AM, Brandon Hume wrote: > >> On many (most? all?) Linuxes, /bin/sh *is* /bin/bash. >> > > Many, but not all - the Debian family and some others use a lighter weight, > POSIX compatible shell instead, dash, the Debian Almquist Shell; and many > embedded distros use BusyBox instead. > > https://en.wikipedia.org/wiki/Almquist_shell > http://lwn.net/Articles/343924/ A big driver of this was faster boot, since boot scripts run on /bin/sh. On some systems the startup time for all those bash processes was a considerable portion of the total boot time. Note: It's not enough to make sure no CGI scripts are being run with /bin/bash. You also need to make sure no bash processes are being launched by other scripts, since many scripting languages launch a shell to run external commands. Unless the environment is explicitly cleared these are likely to inherit the environment of the calling process, with all the nasties in it. -- D. Brodbeck System Administrator, Linguistics University of Washington GPG key fingerprint: 0DB7 4B50 8910 DBC5 B510 79C4 3970 2BC3 2078 D875 ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] TUN driver for AMD64 machine running Openidiana
The SFE version isn't the latest version. But it works out-of-the-box. Compiling the latest version from openvpn sources should be possible. You can then copy the new version over the SFE version i guess. This shouldn't break the SMF paths. On 6 oktober 2014 14:38:00 Jonathan Adams wrote: root@jadlaptop:~# pkg publisher PUBLISHER TYPE STATUS P LOCATION openindiana.org origin online F http://pkg.openindiana.org/hipster-2014.1/ jds.openindiana.org (non-sticky, disabled) origin online F http://opensolaris.cz:1/ sfe-encumbered origin online F http://pkg.openindiana.org/sfe-encumbered/ sfe(non-sticky) origin online F http://pkg.openindiana.org/sfe/ localhost (non-sticky, disabled) origin online F http://localhost:1/ root@jadlaptop:~# pkg list | grep tuntap system/network/tuntap (sfe) 1.3.2.0.0.1-0.151.1.9 i-- On 6 October 2014 12:48, Marc Lobelle wrote: > On 06/10/14 13:03, Jonathan Adams wrote: > >> I have the OpenVPN package installed from the sfe repository, that >> includes >> the tuntap from sfe ... >> >> works fine on hipster. >> >> Jon >> > I had installed the opencsw version but apparently no tuntap in there. > What is the url to get the sfe package ? > > Thanks > > Marc > > >> >> On 6 October 2014 11:42, Marc Lobelle wrote: >> >> Hi, >>> I would like to connect an openindiana machine (AMD64) with openvpn over >>> TUN. Does anybody of you know were i can get a precompiled TUN driver for >>> openindiana ? I'm certainly not the first needing this. >>> >>> Thanks >>> >>> Marc >>> >>> >>> ___ >>> openindiana-discuss mailing list >>> openindiana-discuss@openindiana.org >>> http://openindiana.org/mailman/listinfo/openindiana-discuss >>> >>> ___ >> openindiana-discuss mailing list >> openindiana-discuss@openindiana.org >> http://openindiana.org/mailman/listinfo/openindiana-discuss >> > > > ___ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss > ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Bash bug issue
There are a lot of tools depending on bash. Including virusscanners and spamfilters. The openCSW bash installs into another directory then the "real"/old bash. How can you change the old bash with the openCSW bash? I saw that solaris 11.2 supports a lot of (old) sparc hardware. And most of the ever produced X86 servers. Supportcontracts are reasonable priced i think. Aspecialy in this situation... On 6 oktober 2014 19:28:00 David Brodbeck wrote: On Thu, Oct 2, 2014 at 8:12 AM, Alan Coopersmith < alan.coopersm...@oracle.com> wrote: > On 10/ 2/14 07:00 AM, Brandon Hume wrote: > >> On many (most? all?) Linuxes, /bin/sh *is* /bin/bash. >> > > Many, but not all - the Debian family and some others use a lighter weight, > POSIX compatible shell instead, dash, the Debian Almquist Shell; and many > embedded distros use BusyBox instead. > > https://en.wikipedia.org/wiki/Almquist_shell > http://lwn.net/Articles/343924/ A big driver of this was faster boot, since boot scripts run on /bin/sh. On some systems the startup time for all those bash processes was a considerable portion of the total boot time. Note: It's not enough to make sure no CGI scripts are being run with /bin/bash. You also need to make sure no bash processes are being launched by other scripts, since many scripting languages launch a shell to run external commands. Unless the environment is explicitly cleared these are likely to inherit the environment of the calling process, with all the nasties in it. -- D. Brodbeck System Administrator, Linguistics University of Washington GPG key fingerprint: 0DB7 4B50 8910 DBC5 B510 79C4 3970 2BC3 2078 D875 ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss