Thursday, October 11, 2012

Make Firefox load ILOM pages

I had this issue where Firefox wouldn't load ILOM pages right. I've also noticed that I'm not the only one with this issue. So I'm posting this little how-to for people who are still struggling with this. Basically the content section of the ILOM webpage will not display.

For those who don't know ILOM stands for Integrated Lights Out Manager. It is a web interface that helps you remotely manage servers. This interface is good for monitoring hardware issues and can can send out SNMP traffic. The ILOM can also give you console access. Meaning that you get a console or window that stays connected even during a reboot. Basically it is as if you are physically standing in front of the server with a keyboard and monitor.

Each user will have to add the following file to their home directory.
In ~/.mozilla/firefox/profile_id.default/chrome add a file called userContent.css@media print {
}

@namespace url(http:www.w3.org/1999/xhtml);
#mainpage { visibility: visible !important; }

Note - The profile_id.default will be the only file with .default at the end in the firefox directory. You may have to create the chrome directory.

I originally posted this fix at the forum linked to below, under the user name cyberninja.
https://forums.oracle.com/forums/thread.jspa?messageID=10283552
I also provided this fix to Oracle tech support and if you put in a trouble ticket to My Oracle Support this is the solution they will provide you. So in other words, this is the Oracle supported fix.

I have a second part to this post, where I fix a connection issue between the chassis and their blades.

Tuesday, October 2, 2012

Run Commands Remotely on Multiple Servers

Have you ever had to run the same command on several servers? It takes a lot of time to login to each server and then run a command or group of commands. There is also the possibility for errors, so I wrote this note to remind myself how to do this, if ever I need it. To get the most from this post you need to have your SSH agent working. If your SSH agent is not working don't worry the script below will still work, but you will have to login to each server on your list as the script moves along.

I'm going to use a real world example to explain how to run commands on many servers. I often have to do security checks on my servers. Many of the checks I do consist of checking file permissions and ownership. An easy enough check, but it can take time if you have to check more then 10 servers. So with that being said, we are going to check ownership and permissions on the /etc/resolve.conf file. I will using a space theme for the terminal examples in this guide. The user account is man and the servers are earth, moon, mars and saturn

Lets get started by testing the command we are going to use.
man@earth> ssh moon ls -l /etc/resolve.conf
-rwxr-xr-x  1 root  root  20 Oct  6  2011 /etc/resolv.conf
man@earth>

Ok above I logged into moon and ran the ls -l command and the result was printed to the screen. After the command executed the connection to moon was disconnected and you are returned to earth.
Test the in a script.man@earth>for s in moon
> do
> ssh -q $s ls -l /etc/resolve.conf
> done
-rwxr-xr-x  1 root  root  20 Oct  6  2011 /etc/resolv.conf
man@earth>

Let me explain what is going on in the script above. The line for s in `moon` makes s a variable. So when the 3rd line says ssh -q $s it is seen as ssh -q moon, by the computer. The -q option for ssh stops any ssh banner from displaying. Which will make seeing the out put from several servers much easier to see.

Open your favorite text editor and create the file below and call it check.
#!/bin/bash
servers="moon mars saturn"
for s in $servers
do
ssh -q $s uname -n
ssh -q $s ls -l /etc/resolve.conf
done

Now lets test the check script.
man@earth> bash check
moon
-rwxr-xr-x  1 root  root  20 Oct  6  2011 /etc/resolv.conf
mars
-rwxr-xr-x  1 root  root  20 Oct  6  2011 /etc/resolv.conf
saturn
-rwxr-xr-x  1 root  root  20 Oct  6  2011 /etc/resolv.conf
man@earth

Now the output shows the script logging into moon 2 times and running uname -n and then the ls command. Then followed by output from mars and saturn.

Note - By typing bash in front of a BASH script you can execute the script without making it executable.

To make the script a little more useful I'm adding a server list file called servers. I will also append the output of the commands to a file called result, on the server (earth). The final script is below.

Example of the servers file
moon
mars
saturn


The final script
#!/bin/bash
for s in `cat servers`
do
ssh -q $s uname -n >> result
ssh -q $s ls -l /etc/resolve.conf >> result
done



I hope this helps someone

Monday, October 1, 2012

Overview of the ldapclient command

I have seen a lot of forum posts on the web asking for help on with this command. So I writing this post so I can help people understand the basic process of getting a Solaris server to authenticate to a LDAP server, using the ldapclient command. This post is not a "how to" for ldapclient command.


Synopsis
/var/sbin/ldapclient [-v | -q] [init | manual | mod | list | uninit | genprofile]

ldapclient sub-commands
The init sub-command for the ldapclient utility is used to initialize the client server, using a profile stored on an LDAP server.
The manual sub-command for the ldapclient utility is used to manually setup the LDAP client.
The mod  sub-command for the ldapclient utility is used to modify the configuration of the LDAP client that was setup manually.
The list  sub-command for the ldapclient utility shows the current LDAP client configuration.
The uninit sub-command for the ldapclient utility basically blows away your setup so you can start again.
The genprofile sub-command is used to generate  a LDIF file that can then be loaded into the LDAP server.

Any files modified during setup will backed up to /var/ldap/restore. Theses files are typically modified during setup are:
/etc/nsswitch.conf
/etc/defaultdomain (if it exists)
/var/ldap/ldap_client_file
/var/ldap/ldap_client_cred

The last to files above are created by ldapclient.

Steps to getting a Solaris client to work with a LDAP server.
1) Gather information that will be used, like IP addresses and host names.
 Note - You should capture the variables for the command before you run it. You will need it later.
2) Run ldapclient manual
3) If needed ldapclient mod

4) Test LDAP user accounts. this means login as the user.
5) If accounts works, then run the ldapclient genprofile command witch will create a ldif file. If you kept the full command from steps 1 or 2, just replace the word manual and/or mod with genprofile and run the command. Load the ldif in the LDAP server. This ldif file creates the the profile and agent entries.
6) If the proxy agent and profile are working, then all you need to do is run ldapclient init on all new Solaris clients.

Now as I said earlier this not a how to. This just a simple overview of the ldapclient command.
I hope this helps someone.