January 2011

Speaking of ugly code

The following violates many coding principals that I normally hold true to, but it was actually cool to code using the string variables as a stack.


# print hostlets
# 192.168.$i.0
$titan = "";
for ($i = 0; $i < 11; $i++) {
        $j = 0;
        $l = 0;
        $m = 0;
        $n = 0;
        $monster = "";
        $groupzilla = "";
        while ($j < 256) {
                $monster .= " hostlet_" . $i . "_" . $l;

                print "hostlet_" . $i . "_" . $l . " ";
                for ($k = 0; $k < 10 && $j < 256; $k++) {
                        print "(192.168.$i.$j,,) ";
                print "\n";

                if (($l % 5 == 0) || $j >= 255) {
                        $groupzilla .= " monster_" . $i . "_" . $m;
                        print "monster_" . $i . "_" . $m . $monster . "\n";
                        $monster = "";

        $titan .= " groupzilla_" . $i;
        print "groupzilla_" . $i . $groupzilla . "\n";

print "titan" . $titan . "\n";

Allowing root ssh logins to Solaris machines

I’ve been away from Solaris for 5 months, but I need some VMs for NFSv4 testing, which means beating my head against modernization such as RBAC, pfexec, and NWAM.

I prefer to treat my lab Unix machines as inter-changable boxes and do all of my configuration up front. I want to be able to do an SSH root login, especially if the system goes out of the way to make that hard.

There are currently 3 things you have to do to violate this security truism on either OpenSolaris or Solaris 11:

1) Modify PermitRootLogin to yes in /etc/ssh/sshd_config.

2) Comment out the “CONSOLE=/dev/console” line in /etc/default/login.

3) Remove “;type=role” from the root entry in /etc/user_attr.

Really nasty Solaris 11 install

I just installed two VMs with the Solaris 11 express (snv_151a) and when I turned off nwam, one worked and the second did not:

svcadm disable svc:/network/physical:nwam
svcadm enable svc:/network/physical:default

The network would come up, both ifconfig and netstat -rn showed reasonable values, but the machine would only ping iff nwam were turned on.

It turned out to be ipfiltering:

root@snarf:~# ping
ping: sendto Network is unreachable
root@snarf:~# ipfstat -io
block out log all
pass out quick on lo0 all
pass out quick proto udp from any to any port = bootps
block in log all
pass in quick on lo0 all
pass in quick proto udp from any to any port = bootpc
root@snarf:~# svcadm disable svc:/network/ipfilter
root@snarf:~# ping is alive
root@snarf:~# ipfstat -io
empty list for ipfilter(out)
empty list for ipfilter(in)

It was not enabled on the first machine, but was on the second. I have no clue what I did differently in the first install.

Configuring Fedora Core 14 network interfaces in a dual-hosted VM

I’ve got several VMs running with eth0 being bridged and eth1 being host only. I see the routes:

[thomas@mage ~]$ ip route dev eth0  proto kernel  scope link  src dev eth1  proto kernel  scope link  src 
default via dev eth1

The problem being that is flipped from what I want for the default route. I suspect the issue is that eth0 is set up to be configured via DHCP.

I read a bit and it was suggested that not only does /etc/sysconfig/network-scripts/ifcfg-eth0 have to have:


But /etc/sysconfig/network-scripts/ifcfg-eth1 should have:


I made that change and cleared that hurdle:

[thomas@mage ~]$ ip route dev eth0  proto kernel  scope link  src dev eth1  proto kernel  scope link  src 
default via dev eth0 

FWIW, here are my config files:

[thomas@mage ~]$ more /etc/sysconfig/network-scripts/ifcfg-eth?

How to edit DHCP server for Fusion

Crap, I am mixing versions of Fusion down below and it is partly because I do not have a clean install of Fusion on my laptop! I do on the iMac and that is what is telling me I have different systems!

Re: Scripts to manage Fusion network settings is a good place to see the differences.

See Controlling DHCP for VMWare Fusion VMs!

Note: I had to edit

/Library/Application Support/VMware Fusion/networking

and also reboot the MacBook to get this to work.

VMware Fusion Virtual Network Configuration, 27 August 2010 has a different approach.

To actually change the domain-name, you will want to edit vmnet-dhcpd.conf:

KinMage:VMware Fusion thomas$ grep domain-name vmnet-dhcpd.conf
# We set domain-name-servers to make some DHCP clients happy
    option domain-name-servers %hostaddr%;
    option domain-name "loghyr.com";
KinMage:VMware Fusion thomas$ sudo ./vmnet-cli -c
KinMage:VMware Fusion thomas$ sudo ./vmnet-cli --start