Riaan's SysAdmin Blog

Sep 27

ORA-01031 ERROR when Using Sqlplus

Normally when you install the Oracle database software you should not have any problems like this but this happened to me because I cloned a system and it happens that we use different "dba" groups on different servers.

As I understand it the install binaries are linked to the "oinstall" or "dba" or your equivalent group specific to your environment used at the time of the install. So if you run the same binaries on a different server you lose the luxury of doing an un-authenticated login with sqlplus. This was difficult to track down so I documented my fix.

You can simulate this error very easily by taking your user out of the "dba" group or removing the group completely.

Error message ORA-01031: insufficient privileges as follow:

$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Thu Sep 26 11:28:33 2013
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name: ^C

Temporarily you can fix it by adding your user to the group you know worked on the source system:

# grep ag /etc/group
agprd::313:agprd_o
agdev1::305:agprd_o

$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Thu Sep 26 11:28:58 2013
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
Connected to an idle instance.

Permanent fix as follow. Update the config.s file and relink.

$ tail -1 /etc/group
#agdev1::305:agprd_o

$ pwd
/u01/app/oracle/product/11.2.0/dbhome_1/rdbms/lib
$ diff config.s /tmp/config.s
23c23
< .ascii "agprd\0"
---
> .ascii "agdev1\0"

$ relink as_installed

$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.3.0 Production on Thu Sep 26 11:55:29 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Connected to an idle instance.

Comments Off on ORA-01031 ERROR when Using Sqlplus
comments

Posted in Oracle

Sep 23

Solaris 11 Firewall

While trying to clone a production stack for development I got a little paranoid and added some firewall rules to avoid some accidental communication between the stacks. Mainly my concern was about the poorly documented process for cloning as well as the poor use of VLAN's in the client's environment. Below is a quick and dirty way to add some IPF rules to Solaris 11.

Check current rules:

# ipfstat -io
empty list for ipfilter(out)
empty list for ipfilter(in)

Enable a custom policy:

# svccfg -s ipfilter:default setprop firewall_config_default/policy = astring: "custom"
# svccfg -s ipfilter:default listprop firewall_config_default/policy
firewall_config_default/policy astring     custom

Custom policy file:

# svccfg -s ipfilter:default setprop firewall_config_default/custom_policy_file = astring: "/etc/ipf/ipf.conf"
# svccfg -s ipfilter:default listprop firewall_config_default/custom_policy_file
firewall_config_default/custom_policy_file astring /etc/ipf/ipf.conf

Run the firewall service:

# svcadm refresh ipfilter:default
# svcs -a | grep ipfilter
disabled Sep_20 svc:/network/ipfilter:default

# svcs -xv svc:/network/ipfilter:default
svc:/network/ipfilter:default (IP Filter)
 State: disabled since September 20, 2013 12:21:20 PM PDT
Reason: Disabled by an administrator.
 See: http://support.oracle.com/msg/SMF-8000-05
 See: man -M /usr/share/man -s 5 ipfilter
Impact: This service is not running.

# svcadm enable svc:/network/ipfilter:default

# svcs -xv svc:/network/ipfilter:default
svc:/network/ipfilter:default (IP Filter)
 State: online since September 23, 2013 05:46:51 AM PDT
 See: man -M /usr/share/man -s 5 ipfilter
 See: /var/svc/log/network-ipfilter:default.log
Impact: None.

Some commands to check with:

# ipfstat |grep blocked
 input packets: blocked 0 passed 176 nomatch 176 counted 0 short 0
output packets: blocked 0 passed 161 nomatch 161 counted 0 short 0
 input packets logged: blocked 0 passed 0
output packets logged: blocked 0 passed 0

# ipfstat -io |head
empty list for ipfilter(out)
empty list for ipfilter(in)

Try adding a rule:

# echo "block in on ipmp1 proto tcp from 10.200.0.0/32 to any" | ipf -f -

# ipfstat -io
empty list for ipfilter(out)
block in on ipmp1 proto tcp from 10.200.0.0/32 to any

Ok that did nothing. Lets try a better mask.

# echo "block in on ipmp1 proto tcp from 10.200.0.0/16 to any" | ipf -f -
# Timeout, server usli-dsdb-ag11.dev.asg.ad not responding.

Hmm that worked. I dropped myself out. Nice.

Get in through the LDOM console and flush the rules:

 # ipf -F a
# ipfstat -io
empty list for ipfilter(out)
empty list for ipfilter(in)

Trying a more realistic rule:

# echo "block in quick from 10.200.53.110/31 to any" | ipf -f -
# ipfstat -io
block in quick from 10.200.43.70/31 to any

Yep that worked as my ping failed...

# ping 10.200.53.110

Persistency:

# ipf -f /etc/ipf/ipf.conf

# tail /etc/ipf/ipf.conf
#
# ipf.conf
#
# IP Filter rules to be loaded during startup
#
# See ipf(4) manpage for more information on
# IP Filter rules syntax.

I thought ipf -f should add it to the file but it did not. So I added manually and that worked after a reboot.

# tail -2 /etc/ipf/ipf.conf
block in quick from 10.200.43.70/31 to any
block in quick from 10.200.53.110/31 to any

References:
http://docs.oracle.com/cd/E23824_01/html/821-1453/eubbd.html

http://docs.oracle.com/cd/E19253-01/816-4554/ezecx/index.html

http://docs.oracle.com/cd/E23824_01/html/821-1453/ipfilter-admin-2.html#scrolltoc

Comments Off on Solaris 11 Firewall
comments

Posted in Firewall, Solaris

Sep 22

Solaris Server Graphics

Mostly I try to install the absolute minimum graphics software on a server. Most installs should be possible without graphics. For instance installing an Oracle database you can use silent mode and a response file.

Now and then you can't get around this. If you have the luxury of just remotely displaying a xterm back to your Unix desktop (or Windows with X-Window software like Xming etc) then that should be enough. If you have a slow link over a WAN then displaying X remotely becomes quite impossible. This is because of the way the X-Window system updates pixels, keyboard and mouse clicks. In this case you can try VNC.

Note since you have installed minimal graphics software on the server you should not expect a nice GNOME type desktop awaiting you upon a successful VNC connection.

This is an example of using VNC to connect to a Solaris 11 LDOM.

Install VNC server:

# pkg search vncserver
INDEX ACTION VALUE PACKAGE
basename file usr/bin/vncserver pkg:/x11/server/xvnc@1.1.0-0.175.1.0.0.24.1317

root@host11:~# pkg install pkg:/x11/server/xvnc@1.1.0-0.175.1.0.0.24.1317

Run VNC Server as the user you need to use:

dev1_a@host11:~$ vncserver
You will require a password to access your desktops.
Password:
Verify:
New 'host11:2 (dev1)' desktop is host11:2

Creating default startup script /export/home/dev1/.vnc/xstartup
Starting applications specified in /export/home/dev1/.vnc/xstartup
Log file is /export/home/dev1/.vnc/host11:2.log

Now connect with your VNC client to host11:2.

Comments Off on Solaris Server Graphics
comments

Posted in Solaris, VNC

Aug 30

Growing a Solaris LDOM rpool

This is a procedure that might be useful if you ever have to grow a Solaris VTOC /SMI partition containing a rpool.

Change zfs volume from 20G to 25G

# zfs set volsize=25G rpool/ldoms/sol11_gold/disk0
# zfs get volsize rpool/ldoms/sol11_gold/disk0
NAME PROPERTY VALUE SOURCE
rpool/ldoms/sol11_gold/disk0 volsize 25G local

Procedure if existing label is a VTOC / SMI

Inside the guest record the current VTOC. You could possibly recover using fmthard.

root@solaris:/root# prtvtoc /dev/rdsk/c2d1s0

* /dev/rdsk/c2d1s0 partition map
*
* Dimensions:
* 512 bytes/sector
* 768 sectors/track
* 96 tracks/cylinder
* 73728 sectors/cylinder
* 568 cylinders
* 566 accessible cylinders
*
* Flags:
* 1: unmountable
* 10: read-only
*
* Unallocated space:
* First Sector Last
* Sector Count Sector
* 0 73728 73727
*
* First Sector Last
* Partition Tag Flags Sector Count Sector Mount Directory
0 2 00 73728 41656320 41730047
2 5 01 0 41730048 41730047

Use format > verify and record the output

Primary label contents:

Volume name = <        >
ascii name  =
pcyl        =  568
ncyl        =  566
acyl        =    2
nhead       =   96
nsect       =  768
Part      Tag    Flag     Cylinders       Size            Blocks
  0       root    wm       1 - 565       19.86GB    (565/0/0) 41656320
  1 unassigned    wm       0              0         (0/0/0)          0
  2     backup    wu       0 - 565       19.90GB    (566/0/0) 41730048
  3 unassigned    wm       0              0         (0/0/0)          0
  4 unassigned    wm       0              0         (0/0/0)          0
  5 unassigned    wm       0              0         (0/0/0)          0
  6 unassigned    wm       0              0         (0/0/0)          0
  7 unassigned    wm       0              0         (0/0/0)          0

Change label to EFI using format -e

root@solaris:/root# format -e
format> label
[0] SMI Label
[1] EFI Label
Specify Label type[0]: 1
Warning: This disk has an SMI label. Changing to EFI label will erase all
current partitions.
Continue? y

Change label back using format -e

format> label
[0] SMI Label
[1] EFI Label
Specify Label type[1]: 0

Next recreate the initial partitions. Check that the cylinder size of the disk geometry hasn't changed. If it has changed then you will be unable to recreate the initial partitions.

Run format > verify and check that "nhead" and "nsect" are the same as before the geometry was changed (from the format > verify output that was initially saved)

Partition table before fixing it

format> verify
Warning: Primary label on disk appears to be different from
current label.

Warning: Check the current partitioning and 'label' the disk or use the
         'backup' command.

Primary label contents:

Volume name = <        >
ascii name  =
pcyl        =  711
ncyl        =  709
acyl        =    2
nhead       =   96
nsect       =  768
Part      Tag    Flag     Cylinders       Size            Blocks
  0       root    wm       0 -   3      144.00MB    (4/0/0)     294912
  1       swap    wu       4 -   7      144.00MB    (4/0/0)     294912
  2     backup    wu       0 - 708       24.93GB    (709/0/0) 52273152
  3 unassigned    wm       0              0         (0/0/0)          0
  4 unassigned    wm       0              0         (0/0/0)          0
  5 unassigned    wm       0              0         (0/0/0)          0
  6        usr    wm       8 - 708       24.64GB    (701/0/0) 51683328
  7 unassigned    wm       0              0         (0/0/0)          0

Recreate the partition table based on your original verify. Leave slice 2 as is.

partition > pr

Current partition table (unnamed):
Total disk cylinders available: 709 + 2 (reserved cylinders)

Part Tag Flag Cylinders Size Blocks
0 root wm 1 - 565 19.86GB (565/0/0) 41656320
1 unassigned wu 0 0 (0/0/0) 0
2 backup wu 0 - 708 24.93GB (709/0/0) 52273152
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 0 0 (0/0/0) 0
6 unassigned wm 0 0 (0/0/0) 0
7 unassigned wm 0 0 (0/0/0) 0

partition > label
Ready to label disk, continue? y
partition > q

**** I think I should have made slice the full 24G not the original 19G. I will verify his is a future test.

root@solaris:/root# sync
root@solaris:/root# reboot

**** Could not get the rpool to see the larger slice. Booted DVD and changed slice to the full size 24GB of the disk. That still did not fix it so lets try booting a Solaris 11 DVD and import/export the rpool.

root@solaris:/root# zpool import rpool
root@solaris:/root# zpool status
pool: rpool
state: ONLINE
scan: none requested
config:

NAME STATE READ WRITE CKSUM
rpool ONLINE 0 0 0
c2d1s0 ONLINE 0 0 0

errors: No known data errors

root@solaris:/root# zpool list
NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT
rpool 24.9G 5.32G 19.6G 21% 1.00x ONLINE -

root@solaris:/root# zpool export rpool

Reboot and guest is seeing larger rpool

root@solaris:~# zpool list
NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT
rpool 24.9G 5.32G 19.6G 21% 1.00x ONLINE -

Comments Off on Growing a Solaris LDOM rpool
comments

Posted in Solaris

Aug 23

IPMP on Solaris 10

Solaris has built-in IP Multi Pathing. IPMP can be setup with either IP tracking or link based. This is my notes on setting up link based IPMP on a LDOM with two virtual interfaces.

Setup the two interfaces:

# more /etc/hostname.vnet*
::::::::::::::
/etc/hostname.vnet0
::::::::::::::
myhostname netmask + broadcast + group sol10-ipmp up
::::::::::::::
/etc/hostname.vnet1
::::::::::::::
group sol10-ipmp up

After reboot ifconfig output:

# ifconfig -a
lo0: flags=2001000849&lt;UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL&gt; mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
vnet0: flags=1000843&lt;UP,BROADCAST,RUNNING,MULTICAST,IPv4&gt; mtu 1500 index 2
inet 10.2.14.53 netmask fffff800 broadcast 10.2.15.255
groupname sol10-ipmp
ether 0:14:4f:fa:b5:34
vnet1: flags=1000843&lt;UP,BROADCAST,RUNNING,MULTICAST,IPv4&gt; mtu 1500 index 3
inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
groupname sol10-ipmp
ether 0:14:4f:fa:42:b5

Down the main interface:

# if_mpadm -d vnet0
# tail -1 /var/adm/messages
Aug 22 14:46:07 myhostname in.mpathd[285]: [ID 832587 daemon.error] Successfully failed over from NIC vnet0 to NIC vnet1

Ifconfig output:

# ifconfig -a
lo0: flags=2001000849&lt;UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL&gt; mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
vnet0: flags=89000842&lt;BROADCAST,RUNNING,MULTICAST,IPv4,NOFAILOVER,OFFLINE&gt; mtu 0 index 2
inet 0.0.0.0 netmask 0
groupname sol10-ipmp
ether 0:14:4f:fa:b5:34
vnet1: flags=1000843&lt;UP,BROADCAST,RUNNING,MULTICAST,IPv4&gt; mtu 1500 index 3
inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
groupname sol10-ipmp
ether 0:14:4f:fa:42:b5
vnet1:1: flags=1000843&lt;UP,BROADCAST,RUNNING,MULTICAST,IPv4&gt; mtu 1500 index 3
inet 10.2.14.53 netmask fffff800 broadcast 10.2.15.255

Recover the main interface:

# if_mpadm -r vnet0

# tail -3 /var/adm/messages
Aug 22 14:46:30 myhostname in.mpathd[285]: [ID 620804 daemon.error] Successfully failed back to NIC vnet0
Aug 22 14:46:30 myhostname in.routed[656]: [ID 417587 daemon.error] IP_ADD_MEMBERSHIP ALLHOSTS: Address already in use
Aug 22 14:46:30 myhostname in.routed[656]: [ID 537788 daemon.warning] Could not join 224.0.0.9 on interface vnet0: Address already in use

# ifconfig -a
lo0: flags=2001000849&lt;UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL&gt; mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
vnet0: flags=1000843&lt;UP,BROADCAST,RUNNING,MULTICAST,IPv4&gt; mtu 1500 index 2
inet 10.2.14.53 netmask fffff800 broadcast 10.2.15.255
groupname sol10-ipmp
ether 0:14:4f:fa:b5:34
vnet1: flags=1000843&lt;UP,BROADCAST,RUNNING,MULTICAST,IPv4&gt; mtu 1500 index 3
inet 0.0.0.0 netmask ff000000 broadcast 0.255.255.255
groupname sol10-ipmp
ether 0:14:4f:fa:42:b5

Comments Off on IPMP on Solaris 10
comments

Posted in Solaris

Jul 29

Disown and background a Unix process

Ever run a very large job and regretting not starting it in the excellent screen utility? If you don't have something like reptyr or retty, you can do the following.

Push the running job into the background using Control-Z and then background it. Then disown that job from the terminal. At least it will keep running. And if you want to kick off another job when the disowned process finish you can run a little script in a new terminal and checking for the disowned job to finish. Running the new script in screen first off course.

Background and disown process:

# rsync -av /zfsapp/u06/* /backup/u06/
sending incremental file list
temp01.dbf
^Z
[1]+  Stopped                 rsync -av /zfsapp/u06/* /backup/u06/

# bg
[1]+ rsync -av /zfsapp/u06/* /backup/u06/ &

# disown %1

# ps -ef | grep u06
    root 23903 23902   1 07:05:07 pts/5       0:01 rsync -av /zfsapp/u06/temp01.dbf
    root 23901  2656   1 07:05:07 pts/5       0:01 rsync -av /zfsapp/u06/temp01.dbf
    root 23902 23901   0 07:05:07 pts/5       0:00 rsync -av /zfsapp/u06/temp01.dbf

Check for a process id to finish before starting a new job:

# more cp_u06.sh
#!/bin/bash
while ps -p 23903 > /dev/null;
do
 printf "."
 sleep 60;
done
echo
echo "last rsync finished starting new"
rsync -av /zfsapp/u07/* /backup/u07/

Comments Off on Disown and background a Unix process
comments

Posted in Bash, Linux

Jul 24

Auto Login and Sudo Security Cheat

Sometimes you have a VM that you just don't care about security. I do the following to cheat a little on login and sudo.

Update shadow password file will enable tools like gksudo to work. gksudo is what is used for prompts you get when using System Administration etc... You don't have to type your password just hit enter.

It has to be this specific string "U6aMy0wojraho" you set.


# grep rrossouw /etc/shadow
rrossouw:U6aMy0wojraho:15910:0:99999:7:::

Give yourself some sudo privileges. For instance sudo -s won't need a password. Use visudo tool to update sudo policies.


# grep rrossouw /etc/sudoers
rrossouw ALL=(ALL) NOPASSWD:ALL

Enable Auto Login: System Settings -> User Accounts -> Unlock -> Authenticate (No need for password now) -> Click Automatic Login

I also disable my screensaver and password lock on the VM since my host has that enabled through an Active Directory policy already.

Comments Off on Auto Login and Sudo Security Cheat
comments

Posted in Gnome, Ubuntu Gnome

Jul 17

Using Unix TAR for data moves

I haven't tried this yet in a real world example. In some instances you might be moving large amounts of data and network is not an option (speed), you might have incompatible file systems so you can't just re-use disk (LUN), and more traditional backup devices like tapes are not available.

Tar to raw disk is one option.

Tar without using multiple volumes:

$ md5sum /media/sf_DATA/isos/V36284-01.iso
aeb36d1f087a1fbf5e62723d2f7e0b9e  /media/sf_DATA/isos/V36284-01.iso

# tar cpf /dev/sdb /media/sf_DATA/isos/V36284-01.iso
tar: Removing leading `/' from member names

# tar tvf /dev/sdb
-rwxrwx--- root/vboxsf 252258304 2013-05-01 10:43 media/sf_DATA/isos/V36284-01.iso

# tar rpf /dev/sdb /media/sf_DATA/isos/FreeBSD-Live.iso
tar: Removing leading `/' from member names

# tar tvf /dev/sdb
-rwxrwx--- root/vboxsf 252258304 2013-05-01 10:43 media/sf_DATA/isos/V36284-01.iso
-rwxrwx--- root/vboxsf 179044352 2013-05-14 23:10 media/sf_DATA/isos/FreeBSD-Live.iso

# md5sum media/sf_DATA/isos/V36284-01.iso
aeb36d1f087a1fbf5e62723d2f7e0b9e  media/sf_DATA/isos/V36284-01.iso

Tar with using multiple volumes:

# tar -cMf /dev/sdb V36284-01.iso fd11src.iso
Prepare volume #2 for `/dev/sdb' and hit return: n /dev/sdc
Prepare volume #3 for `/dev/sdc' and hit return: n /dev/sdd

# tar -tvMf /dev/sdb
-rwxrwx--- root/vboxsf 252258304 2013-05-01 10:43 V36284-01.iso
Prepare volume #2 for `/dev/sdb' and hit return: n /dev/sdc
Prepare volume #3 for `/dev/sdc' and hit return: n /dev/sdd
-rwxrwx--- root/vboxsf  40828928 2013-04-22 07:50 fd11src.iso

# tar -xvMf /dev/sdb
V36284-01.iso
Prepare volume #2 for `/dev/sdb' and hit return: n /dev/sdc
Prepare volume #3 for `/dev/sdc' and hit return: n /dev/sdd
fd11src.iso

# ls -lh V36284-01.iso fd11src.iso
-rwxrwx--- 1 root vboxsf  39M Apr 22 07:50 fd11src.iso
-rwxrwx--- 1 root vboxsf 241M May  1 10:43 V36284-01.iso

Comments Off on Using Unix TAR for data moves
comments

Posted in Backups

Jul 17

AIX with no human readable ls

I recently had to touch a pretty old AIX OS and it frustrated me not to have human readable output for ls. This function helped a little. An alias did not want to work because of all the quoting going on. Of course as you can notice I changed my shell prior to bash.

> oslevel -g
Fileset                                 Actual Level        Maintenance Level
-----------------------------------------------------------------------------
bos.rte                                 5.3.7.0             5.3.0.0

> more .profile
...
function ls-h() {
  /usr/bin/ls -l "$@" | awk "{\$5=sprintf(\"%.2f GB\", \$5/1024^3)} 1";
}
...
PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:$HOME/bin:/usr/bin/X11:/sbin:.
export PATH

# alias has to many """ chars to work trying function ls-h
#alias lsh "ls -l \$@ | awk '{$5=sprintf("%.2f GB", $5/1024^3)} 1'"

> ls-h /u28/oracle/uat2data/
total 830472432   0.00 GB
-rw-r----- 1 ora dba 31.00 GB Jul 14 00:46 a_ora_file.dbf

Comments Off on AIX with no human readable ls
comments

Posted in AIX

Jul 15

Solaris SMF Not Updating resolv.conf

I recently had an issue where the Solaris SMF did not want to update my /etc/resolv.conf file. Even though "svccfg -s network/dns/client listprop config" showed the entries for my DNS client correctly and also trying the export the SMF simply refused to update the resolv.conf. I dug around in the scripts a little bit and saw the "delcust" option. AFter clearing everything out I could add my entries back in SMF DNS client and resolv.conf automatically updated when doing a refresh.

Found the delcust line here:

root@t41:/lib/svc/method# more dns-client
...
'unconfigure')
 # Permanently shutdown service
 svcadm disable $SMF_FMRI
 # Unroll any admin customization
 svccfg -s svc:/network/dns/client delcust
...

Try deleting customization:

root@t41:/lib/svc/method# svccfg -s svc:/network/dns/client delcust
Deleting customizations for service: network/dns/client

root@t41:/lib/svc/method# svcs -a | grep dns/client
online 14:21:02 svc:/network/dns/client:default

root@t41:/lib/svc/method# svcadm disable svc:/network/dns/client

root@t41:/lib/svc/method# svcs -a | grep dns/client
disabled 14:17:40 svc:/network/dns/client:default

root@t41:/lib/svc/method# svccfg -s network/dns/client listprop config
config application
config/value_authorization astring solaris.smf.value.name-service.dns.client

Add values for DNS:

root@t41:/lib/svc/method# svccfg -s network/dns/client setprop config/nameserver = net_address: "(10.200.10.10)"
root@t41:/lib/svc/method# svccfg -s network/dns/client setprop config/domain = astring: domain1.com
root@t41:/lib/svc/method# svccfg -s network/dns/client setprop config/search = astring: '("domain1.com" "domain2.com")'

root@t41:/lib/svc/method# svccfg -s network/dns/client listprop config
config application
config/value_authorization astring solaris.smf.value.name-service.dns.client
config/nameserver net_address 10.200.10.10
config/domain astring domain1.com
config/search astring "domain1.com" "domain2.com"

root@t41:/lib/svc/method# svcadm refresh network/dns/client
root@t41:/lib/svc/method# more /etc/resolv.conf
...
domain domain1.com
search domain1.com domain2.com
nameserver 10.200.10.10

Check nsswitch also:

root@t41:/lib/svc/method# svccfg -s name-service/switch listprop config
config application
config/default astring files
config/value_authorization astring solaris.smf.value.name-service.switch
config/printer astring "user files"
config/host astring "files dns"

root@t41:/lib/svc/method# grep host /etc/nsswitch.conf
hosts: files dns

Comments Off on Solaris SMF Not Updating resolv.conf
comments

Posted in Solaris

Procedure if existing label is a VTOC / SMI

Recent Posts

Tags