Category Archives: OpenIndiana

Updating iLO3 firmware on an HP ML110 G7

Hewlett Packard’s website is an embarrassing mess. Don’t go looking for an easy-to-find page for the iLO3 with a one-click firmware download, because you won’t find one. The state of HP’s site is a rant for a future post, but for now here’s a quick guide to getting your hands on the latest iLO3 revision. The sole catch is that you’ll need a Microsoft Windows-based PC at some stage, irrespective of which OS you have installed on the server itself (OpenIndiana in my case).

First, go to HP’s product page for the ML110 G7. Next, we’ll choose “Microsoft Windows Server 2008 R2” (blech…) as our OS:

HP ML110 G7 product page

Look for the Lights Out Management Firmware section, and click the relevant link to start the download (we’ll go for a 64-bit Windows target OS):

Download the iLO3 installation file

Now, run the downloaded executable file (named “cp022549.exe” in this example) on a Windows-based system (Windows 7 or Windows 8 will do just fine) and extract (not install) the file contents to disk:

Extract the downloaded file contents

Look for the .bin file in the extracted files – this is the one we need:

Look for the firmware BIN file

Now, go to the iLO3 admin BUI, upload the .bin file, and wait for the update to complete. Once the LOM reboots, verify the firmware version:

Prepare to upload the BIN file

Firmware file is uploading

Updating to the latest firmware

Before:

Compare the old firmware version to the newest

After:

iLO3 firmware is now at the latest version

Advertisements

Apache OpenOffice for OpenIndiana (Hipster)

It’s been a long while since I’ve blogged anything on the OpenIndiana front – just a quick update regarding the recent announcement of an Apache OpenOffice package for the OpenIndiana rapid development branch, a.k.a. Hipster.

Installation from the current Hipster repository is straightforward, and aside from a rather long launch time (in the order of tens of seconds, something which definitely needs to be looked at), it opens an existing LibreOffice Writer document with absolutely no problems, retaining the customised footers, background images, and the proprietary PostScript fonts (once installed):

OpenOffice running on OpenIndiana

OpenOffice running on OpenIndiana

Great work from the various contributing developers to make this happen, and an important component of building a Nuxeo DM server based on illumos.

(EDIT: It appears there are issues with being able to save newly-created ODT-format files, whereas editing and saving existing files appears to be okay. Stay tuned.)

SmartMachine SSH public key authentication from a non-root account

This has been documented for Joyent SmartMachines, in particular for allowing users other than root to use SSH public key authentication, but is just as applicable for getting SSH public key authentication to work in general. SmartMachine reference: http://wiki.joyent.com/wiki/display/jpc2/Managing+SSH+Keys#ManagingSSHKeys-MultipleSSHKeys

 

First create the Unix account on the server, e.g.

[root@im ~]# useradd -g staff -d /home/davek -m davek
128 blocks
[root@im ~]# passwd davek
New Password: 
Re-enter new Password: 
passwd: password successfully changed for davek

On the server, create the authorized_keys file in the user’s ~/.ssh directory.

On the client, generate an SSH public/private key pair in the ~/.ssh directory of the user you wish to connect as:

davek@mymachine:~/.ssh$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/davek/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/davek/.ssh/id_rsa.
Your public key has been saved in /home/davek/.ssh/id_rsa.pub.
The key fingerprint is:
davek@mymachine:~/.ssh$ 

Copy the SSH public key up to the server:

davek@mymachine:~/.ssh# scp id_rsa.pub root@xxx.xxx.xxx.xxx:/home/davek/.ssh
id_rsa.pub           100% |*****************************************************************************************************|   401       00:00    
davek@mymachine:~/.ssh# 

On the server, copy the public key into the target user’s ~/.ssh/authorized_keys file:

[davek@im /home/davek/.ssh]$ cat id_rsa.pub > authorized_keys 

On server, change file modes for ~/.ssh/authorized_keys to 600, and to the ~/.ssh directory to 700.

On the client, change file modes for the ~/.ssh directory to 700, and check that file modes on the private key are set to 600.

Test SSH public key authentication:

davek@mymachine:~/.ssh$ ssh davek@xxx.xxx.xxx.xxx
Last login: Mon Dec 10 02:41:18 2012 from xxx.xxx.xxx.xxx
   __        .                   .
 _|  |_      | .-. .  . .-. :--. |-
|_    _|     ;|   ||  |(.-' |  | |
  |__|   `--'  `-' `;-| `-' '  ' `-'
                   /  ; SmartMachine base 1.8.1
                   `-'  http://wiki.joyent.com/jpc2/SmartMachine+Base

heliod web server: fast then, still fast today

Quick post – as an update to my post here, Jyri Virkki has published a comprehensive set of benchmarks, comparing heliod’s out-of-the-box performance to all the other current popular HTTP servers out there. Considering the last public comparison I could find of what was then Sun Java System Web server vs Apache was in 2007, these new results are highly interesting:

“heliod had the highest throughput at every point tested in these runs. It is slightly faster than nginx at sequential requests (one client) and then pulls away.

“heliod is also quite efficient in CPU consumption. Up to four concurrent clients it is the lightest user of CPU cycles even though it produced higher throughput than all the others. At higher concurrencies, it used slightly more CPU than nginx/lighttpd although it makes up for it with far higher throughput.

“heliod was also the only server able to saturate the gigabit connection (at over 97% utilization). Given that there is 62% idle CPU left at that point, I suspect if I had more bandwidth heliod might be able to score even higher on this machine.

“These results should not be much of a surprise… after all heliod is not new, it is the same code that has been setting benchmark records for over ten years (it just wasn’t open source back then). Fast then, still fast today.

You can read the total run of tests plus information graphs at Jyri’s blog entry: http://173.255.252.27/jyri/articles/.

 

Incidentally, I came across a blog post from someone who was also apparently on the Sun Java System Web Server group at Sun, who states:

“Since Oracle no longer offers updates to individual users, and refuses to respond to requests for information about how an individual can acquire the updates, I have elected to stop writing about the server. If the moribund Open Web Server gets branched I will happily contribute to the pool of knowledge that exists for it.”

Hmm, maybe someone should give him a heads-up about heliod…

System hard freezes with the AMD FX-8350

As an update to my post here, I observed seemingly random freezes on my system upgraded with the AMD FX-8350. The behaviour encountered was a total freeze of the desktop environment, no response to local keyboard nor mouse, no response to attempting to launch a virtual console, no reponse to pings over the network, and no ability to log in remotely. The only way to restore system operation was to perform a hard reset. Interestingly I could also consistently crash the system running a GraphicsMagick benchmark. Additionally, the freezes were OS-agnostic, occurring under both OpenIndiana and Ubuntu Linux.

Looking around online you can find several posts from folks on AMD Bulldozer rigs with very similar issues (such as detailed here), including a few from people who have rather alarmingly downgraded to a Phenom or Intel CPU as a “fix”, after having received advice to alternately update the motherboard BIOS, faff around with multiple BIOS settings, test and replace the RAM, power supply and hard disk, RMA-ing the new CPU (!?), and on and on and on. Most of this didn’t really add up, and similarly my problems were encountered on a system that was hitherto generally stable using an older-generation CPU (the Phenom II X6 in my case).

To cut a long story short, this quite simply turned out to be the motherboard not stably supporting the FX-8350. Although the ASRock 870iCafe 2.0 is an AM3+ compatible part and advertised as being “8 Core Ready” (to the point of specifically claiming compatibility with the FX-8350), the reality is that the latest BIOS release was in December of 2011 – a major red flag. After upgrading my motherboard to a Gigabyte GA-990FXA-UD3 with the recent F9 BIOS, the system is now stable. And yes, this is using the original PSU, RAM, graphics card etc.

For the OpenIndiana readers, the GA-990FXA-UD3 works fine, although don’t expect USB3.0 support:

Gigabyte GA-990FX-UD3 driver support on OpenIndiana

AMD “Piledriver” FX-8350 on OpenIndiana

FX-8350 unboxed

I’ve recently acquired a brand-spanking-new AMD FX-8350 CPU as an upgrade to my Phenom II X6 box. All the recent benchmarks of this CPU seem to fairly consistently point to it being a multithreaded monster. Plus, AMD has dropped the price of the new FX CPUs compared to the original Bulldozer architecture parts – and the icing on the cake is that the upgrade path is as simple as performing a BIOS update on my budget ASRock motherboard, and swapping out the old CPU for the new. Bliss!

So, given that AMD’s Piledriver archtecture might be a bit of an unknown as far as compatibility with Illumos and OpenIndiana goes, how does it fare? Well, the system seems to boot fine and run: here is the CPU as detected by Peter Tribble’s Solview app:

FX-8350 detected by Solview

8 cores, running at 4.0GHz – good. Let’s throw half a dozen VMs its way and see what happens:

VirtualBox VMs and the FX-8350

CPU utilization as measured by Solview is in the foreground. I should mention that this is also with a couple of OpenIndiana Zones running: GlassFish serving up a wiki, and a local BIND resolver.

In the time since I’ve installed the CPU I’ve experienced a couple of system freezes, so I’ve disabled core power saving features in BIOS to see if that changes anything. Yes, this is a new CPU architecture on a development build of an OS, but all in all, it’s working fairly well. Assuming I can iron out any stability issues, the FX-8350 is easily an incredible bargain.

Update 1: After further investigating the system hanging issues, it’s not limited to OpenIndiana, and is also encountered with Ubuntu Linux installed. Further updates to happen as I get to the bottom of this 🙂

Update 2: See here.

HP ProLiant ML110 G7 server – a short review

I’ve recently acquired an HP ProLiant ML110 G7 tower server for evaluating for use in a small business environment, specifically running OpenIndiana. Following are a few short notes regarding my impressions of the box.

Pros:

Price-wise, for the base spec model, in my case with the Intel Xeon E3-1220 CPU, it’s an incredible bargain (and even more so bearing in the mind the below pros). Consider that even with an 8GB RAM upgrade and dual 1TB drives it’s not that much more than say a well-specced Dell business desktop PC.

It’s built like a tank. Nothing chintzy about the materials, nothing flexes, wobbles, rattles. In short, it oozes build quality.

Access to user-expandable options is super easy, as you’d expect.

There is ECC RAM support – ideal for extra peace of mind when using ZFS storage arrays. On that note, OpenIndiana oi_151a7 installs and runs just fine, with no driver nor hardware issues out of the box. Installing KVM on OpenIndiana, and installing and booting guest VMs poses no problem – it “just works”.

Dual Gigabit Ethernet ports are standard.

A Lights Out Manager is also included as standard. Sadly, the remote console functionality is a paid extra, but the included remote power management and monitoring functionality is quite impressive.

HP Lights Out Management interface

Cons:

Remote console, remote virtual media and other LOM options are sadly licensed extras. Unless you pay extra for this expect to potentially be making site visits from time to time. Kinda wish HP would just throw this in with the LOM as standard – Sun did, for instance.

There is nothing much in the way of physical redundancy for the server in its base spec.

One review made mention of the ML110’s quiet operation and how it would not be noticed in an office environment. Well, unless your office happens to be on the factory floor of an air conditioning manufacturing plant, you’re going to notice this thing…

Maximum physical RAM capacity is 16GB, which is a tad on the small size.

And although I haven’t checked, extending the warranty out from the standard one year period would probably cost a fair bit.

heliod – Oracle iPlanet Web Server forked as open source

Prior to the Oracle acquisition, I used to be a fan of Sun Microsystems’ web server product, Sun Java System Web Server. It had serious enterprise lineage, a terrific web admin BUI which beat the pants off Apache, and was free, free, freeeee. Needless to say, that all changed once Oracle bungled onto the scene, along with a whole bunch of other stuff.

A little known fact however is that Sun had open-sourced the core of their web server prior to Oracle taking over, releasing it as the Sun Open Web Server. But other than a few headlines at the time of the announcement (such as here) everything went very quiet shortly after – and no doubt I am sure due to Oracle not wanting to advertise the zero-cost availability of the guts of their “re-branded” megabucks flagship web server, now known as Oracle iPlanet Web Server.

So, imagine my surprise to find that one of the original engineers behind Sun Open Web Server (Jyri Virkki) has forked the code open-sourced those three or so years ago and is now actively developing it. Yes, it lives, and is known as heliod web server:

http://173.255.252.27/jyri/articles/index.php/web-server/

Francois Dion has a great write-up here as well:

http://solarisdesktop.blogspot.co.nz/2012/09/netscape-sun-oracle-no-heliod-web-server.html

Attempting to launch heliod on OpenIndiana oi_151a x86, I was met with the following error:

$ ./bin/startserv 
ld.so.1: parsexml: fatal: libicui18n.so.3: open failed: No such file or directory
./bin/startserv: line 63: 12686: Killed
failure: temporary directory  is not writable by user root

This is due to the library/icu package not being present – so install it if it’s missing and it’ll start up fine:

Installing the ICU package on OpenIndiana

$ ./bin/startserv &
[1]	3692
dave@mymachine:/opt/heliod/https-testserver$ heliod Web Server 0.1 B03/08/2011 21:59
info: CORE3016: daemon is running
info: HTTP3072: http-listener-1: http://mymachine:80 ready to accept requests
info: CORE3274: successful server startup

Mac OS X killed the Linux desktop? I must have missed the memo (and so did Google)…

Bizarre little opinion piece by Miguel de Icaza proclaiming the death of the Linux desktop. A little excerpt:

True story.

The hard disk that hosted my /home directory on my Linux machine failed so I had to replace it with a new one. Since this machine lives under my desk, I had to unplug all the cables, get it out, swap the hard drives and plug everything back again.

Pretty standard stuff. Plug AC, plug keyboard, plug mouse but when I got to the speakers cable, I just skipped it.

Why bother setting up the audio?

It will likely break again and will force me to go on a hunting expedition to find out more than I ever wanted to know about the new audio system and the driver technology we are using….”

Here’s my true story. I have a number of Ubuntu Linux desktops, and all are a joy to use. Ubuntu Linux has been fast and stable. The Unity interface is quite lovely (after some initial reservations). Software package installation is incredibly slick (and has been for years), and I couldn’t be happier with the quality of desktop applications. And I’ve never had a problem with audio support either for that matter. I switched from Mac OS late in 2007, partly because the money I was paying for the privilege wasn’t delivering in the areas where Ubuntu excels – and its ties to proprietary hardware (or beyond proprietary as Scott McNealy would say) generally make it a proposition for the well moneyed.

I’ve maintained hundreds and hundreds of desktop Windows and Mac OS computers in my time, so I’ve got a fairly good handle on the pros and cons of each, especially with regard to stability and ease of use. Is Ubuntu a superior desktop OS to Windows? No question. Even if Microsoft were to drop the price of Windows to zero (as if) it would still be an average product. Is Ubuntu comparable to Mac OS X, for common productivity and entertainment activities? Absolutely, especially in its current LTS incarnation.

So: I’m not sure where I’m going wrong, but Ubuntu has been nothing short of a fantastic desktop OS for me. The irony is that I don’t use it on the server, preferring Illumos/OpenIndiana due to a number of compelling advantages from its OpenSolaris roots. Why does the author feel the need to make negative comparisons to Mac OS? Why even bring up the old bugbear of Linux on the desktop at all?

I think I hear an axe being ground.

Incidentally, Google apparently didn’t get the author’s memo either…

http://www.zdnet.com/the-truth-about-goobuntu-googles-in-house-desktop-ubuntu-linux-7000003462/

LDAP secondary group memberships with OpenDJ and Ubuntu 12.04

As a follow-up to this post, let’s now configure OpenDJ and Ubuntu to use LDAP for assigning secondary groups to user accounts.

This is a quick guide intended for testing only, and we are assuming the setup here has been followed. One change is that we are using Ubuntu 12.04 x86 as the client system.

 

First, let’s create a new test group in OpenDJ. We assign it the structural object class namedObject, and the auxiliary object class posixGroup. The group GID number is 130, and we add a memberUid entry, with the UID of an existing LDAP account:

Adding a new group in OpenDJ

Now, on our test Ubuntu 12.04 x86 client, we modify /etc/ldap.conf, adding the following entry:

nss_schema rfc2307bis

This enables rfc2307bis LDAP schema support for PAM (OpenDJ uses the rfc2307bis schema by default).

 

Next, again in /etc/ldap.conf we uncomment the nss_base_group setting in the section headed with the comment “RFC2307bis naming contexts”, and give it the value as shown:

nss_base_group ou=Groups,dc=example,dc=co,dc=nz

Obviously you would modify the domain components to suit.

 

We now restart the nscd service, and verify that the secondary group information can be retrieved for an LDAP user:

itadmin@turrican2:/etc$ sudo /etc/init.d/nscd restart
 * Restarting Name Service Cache Daemon nscd                             [ OK ] 
itadmin@turrican2:/etc$ 
itadmin@turrican2:/etc$ id davek
uid=1004(davek) gid=50(staff) groups=130(testgroup),50(staff)

We can see that the secondary group testgroup with the GID number of 130 is successfully retrieved from LDAP for this user.