Szerkesztő:Gyu

A HupWiki-ből...

Lásd weblapom.



A Firkapapírom:

Tartalomjegyzék

Egyéb

  • Bűnös rsyslog-ok keresése:
root@r2d2:~# for i in $(pidof rsyslogd) ; do ls -l /proc/$i/fd | grep -q kmsg && cat /proc/$i/cgroup ; done
  • syslog-ng.conf részletek:
options {
...
        use_dns(persist-only);
        dns_cache_hosts(/etc/hosts);
...
};
source smcast { udp(ip(225.0.0.1)); };
source s_udp { udp(); };
destination dp_tty24 { program("/usr/bin/lwatch -i- -o/dev/tty24"); };
destination df_netlog { file("/var/log/net/$HOST/$YEAR-$MONTH.log"); };
filter f_myhosts { netmask(ip.cim.vala.hol/nm); };
log { source(s_all); filter(f_myhosts); destination(df_netlog); };
  • mailq takarítás feladó alapján:
mailq | grep -E '^[a-fA-F0-9]+\*?.*johndacosta.*\@yahoo.com.hk' \
| cut -c 1-11 | while read x ; do postsuper -d $x ; done
  • mailq takarítás címzett alapján:
mailq | perl -e 'while (<>) { chop ; if ( ($n)= ($_ =~ m/^([0-9A-F]+)\*?\s*/) ) { $qid=$n ; } \
elsif ( defined($qid) and $_ =~ m/^\s+([a-zA-Z0-9+-]+)\@aol.com/ ) { print $qid."\n" ; undef $qid; } \
elsif ( $_ =~ m/^$/ and defined($qid) ) { undef $qid ; } } ' \
| while read qid ; do postsuper -d $qid ; done
  • mailq takarítás címzett és feladó egyezés egyszerre megkövetelésekor:
mailq | perl -e 'while (<>) { chop ; if ( ($n,$m)= ($_ =~ m/^([0-9A-F]+)\*?\s* .* (\S+\@\S+)\s*/) ) { $qid=$n ; $from=$m; } 
elsif ( defined($qid) and $_ =~ m/^\s+foo\@bar\.hu/ ) { print $qid."\n" if ( $from =~ m/^foo2\@bar2\.hu$/) ; undef $qid; } 
elsif ( $_ =~ m/^$/ and defined($qid) ) { undef $qid ; } } ' \
| while read qid ; do postsuper -d $qid ; done
  • mailq legelső hold-os levél megnézése, és esetleg törlése:
decide_hold () {
local x
local a
x="$(find /var/spool/postfix/hold -type f | head -1)"
postcat "$x" | less
echo -n 'Toroljem? '
read a
[ "$a" == "y" ] && postsuper -d "${x##*/}"
}

v2:

decide_hold () {
local x
local a
x="$(find /var/spool/postfix/hold -type f | head -1)"
if postcat "$x" | grep "^X-Originating-IP: 180.74.202.9$" ;
then
postsuper -d "${x##*/}"
else
postcat "$x" | less
echo -n 'Toroljem? '
read a
[ "$a" == "y" ] && postsuper -d "${x##*/}"
fi
}
  • ha kiderül egy mailcímről, hogy spamot toltak a queue-ba általa:
find /var/spool/postfix/{active,deferred,incoming,hold} -type f | \
while read x ; do postcat $x | \
grep -q '^named_attribute: sasl_username=iparcikkbolt@onozoagro.hu$' >/dev/null && \
postsuper -d ${x##*/} ; done
  • vírusos levelek törlése hold queue-ból:
find /var/spool/postfix/hold -type f | while read x
do postcat $x | grep -q '^X-Virus-Status: Infected' && \
postsuper -d ${x##*/} ; done
#!/bin/bash
user="$1"
if [ -e /var/lib/cyrus/user/${user:0:1}/${user}.seen ] ;
then
skiplist.py /var/lib/cyrus/user/${user:0:1}/${user}.seen >/var/lib/cyrus/user/${user:0:1}/${user}.seen.txt
mv /var/lib/cyrus/user/${user:0:1}/${user}.seen /var/lib/cyrus/user/${user:0:1}/${user}.seen.old
cvt_cyrusdb /var/lib/cyrus/user/${user:0:1}/${user}.seen.txt flat /var/lib/cyrus/user/${user:0:1}/${user}.seen skiplist
chown cyrus:mail /var/lib/cyrus/user/${user:0:1}/${user}.seen
else
echo "Nincs ilyen mbox.seen" >&2
exit 1
fi
  • deliver.db -be belenézés:
db4.8_dump /var/lib/cyrus/deliver.db  | \
perl -e 'while (<>) {
if (@a=(m/^ (([0-9a-f][0-9a-f])+)00$/)) {
next if "$a[1]" eq "00" ;
$a[0]=~s/([0-9a-f][0-9a-f])/pack("c",hex($1))/ge ;
print $a[0]."\n"; }
else { print $_ ; } } ' |less
  • postfix, syslog vizsgalat: melyik hostrol, milyen from:
egrep '(client=|from=)' mail.log | \
grep -v 'NOQUEUE:' | \
perl -e 'while (<>) {
if (m/ ([A-F0-9]{11}): client=(.*)(,.*| .*|)$/ )
{ $mail{$1}=$2; }
elsif ( m/ ([A-F0-9]{11}):.* from=(.*?>)/)
{ print $1.": ".$mail{$1}." - ".$2."\n"; undef $mail{$1}; }
else { print "gebasz:".$_; } } ' |less
  • VIM regexp:
:s/^\(\d\+\)/\=eval(submatch(1)-128)/
:s/\.1\.\(\d\+\)\( \|$\)/\=".2.".eval(submatch(1)-128).submatch(2)/g
  • sftp-only ssh server:
#Subsystem sftp /usr/lib/openssh/sftp-server
ForceCommand internal-sftp
ChrootDirectory %h
Subsystem sftp internal-sftp

SSL

  • certifikát megtekintése:
openssl x509 -in file.pem -noout -text
  • csr megtekintése:
openssql req -noout -text -in file.csr
  • certifikátról leszedni a jelszót (apache, cyrus, postfix, stb. miatt):
openssl rsa -in newreq.pem -out wwwkeyunsecure.pem
  • Szervernek certifikát készítése:
openssl req -config /etc/ssl/openssl.cnf -new -keyout ronnie.key -out ronnie.csr -days 730
openssl rsa -in ronnie.key -out ronnie_npw.key
  • symlinkek hash-ekre:
for i in *.crt ; do ln -s "${i}" "$(openssl x509 -noout -hash -in $i)".0 ; done

SQL

  • Unique constraint hozzáadás
   CREATE UNIQUE INDEX name ON table (column [, ...]);
  • Foreign key hozzáadás
   ALTER TABLE table ADD CONSTRAINT constraintname FOREIGN KEY (key) REFERENCES table(column) ;
  • NOT NULL constraint hozzáadás

psql:

   ALTER TABLE table ALTER COLUMN column SET/DROP NOT NULL ;

Orákel:

   ALTER TABLE table MODIFY (column [NOT] NULL) ;
  • DEFAULT érték hozzáadás
   ALTER TABLE table ALTER COLUMN column SET/DROP DEFAULT expr ;
  • Duplikátum rekordok kitörlése
   DELETE FROM tabla where exists ( SELECT id FROM tabla tm WHERE tm.id=tabla.id AND tm.oid>tabla.oid) ;

3Ware

//opal> info c0 u0 status
/c0/u0 status = DEGRADED

//opal> /c0/p1 show

Port   Status           Unit   Size        Blocks        Serial
---------------------------------------------------------------
p1     DEGRADED         u0     298.08 GB   625134827     3QF00NLR      

//opal> /c0/p2 show

Port   Status           Unit   Size        Blocks        Serial
---------------------------------------------------------------
p2     OK               u0     298.08 GB   625134827     3QF00NP4      

//opal> maint remove c0 p1 
Exporting port /c0/p1 ... Done.

//opal> rescan
Rescanning controller /c0 for units and drives ...Done.
Found the following unit(s): [none].
Found the following drive(s): [/c0/p1].

//opal> maint rebuild c0 u0 p1
Sending Rebuild-Start request to /c0/u0 on 1 disk(s) [1] ... Done.

//opal> info c0 u0

Unit     UnitType  Status         %Cmpl  Port  Stripe  Size(GB)  Blocks
-----------------------------------------------------------------------
u0       RAID-5    REBUILDING     5      -     64K     894.038   1874933760  
u0-0     DISK      OK             -      p0    -       298.013   624977920   
u0-1     DISK      DEGRADED       -      p1    -       298.013   624977920   
u0-2     DISK      OK             -      p2    -       298.013   624977920   
u0-3     DISK      OK             -      p3    -       298.013   624977920   

IBM Blade

SOL-os "Soros portra" csatlakozni:

ssh amm
console -T system:blade[x]
...
Esc (

Debian EFI@VBox

http://forums.debian.net/viewtopic.php?f=16&t=81120

Java Daemon

1. Lépés: Java Daemon Wrapper:

  • $1 logfile
  • $* a többi
cat <<'END' >$(which java)dw
#!/bin/bash

exec 2>>$1 >>$1
shift
exec ${0%/*}/java $*
END

chmod +x $(which java)dw

2. lépés: Feltételezett értékek

LOGFILE=PATH_TO_USER_WRITEABLE_LOGFILE
PIDFILE=PATH_TO_USER_WRITEABLE_PIDFILE
DAEMON_ARGS="args to java daemon"
USER=USERNAME_TO_RUN_DAEMON
GROUP=GROUPNAME_TO_RUN_DAEMON
DESC="Service DESCRIPTION"
NAME=SERVICENAME

3. lépés: Az initscript elkészítése, az izlésünknek megfelelően

cp /etc/init.d/skeleton /etc/init.d/$NAME
cat <<END | ed /etc/init.d/$NAME
/^DESC
d
i
DESC="$DESC"
.
w
1
/^NAME
d
i
NAME=$NAME
.
w
1
/^DAEMON=
d
i
DAEMON=$(which javadw)
EXEC=$(which java)
.
w
1
/^DAEMON_ARGS=
d
i
DAEMON_ARGS="$LOGFILE $DAEMON_ARGS"
RUSER=$USER
RGROUP=$GROUP
.
w
1
/^PIDFILE=
d
i
PIDFILE=$PIDFILE
.
/start-stop-daemon --start.*--test
s/--quiet.*--test/--quiet --group \$RGROUP --chuid \$RUSER --pidfile \$PIDFILE --exec \$EXEC --test/
w
/start-stop-daemon --start
s/--quiet.*/--quiet --group \$RGROUP --chuid \$RUSER --make-pidfile --background --pidfile \$PIDFILE --exec \$EXEC -- \\\\/
w
/start-stop-daemon --stop.*--oknodo
.,+s/^/#/
w
/rm -f .PIDFILE
s/rm/[ -d \/proc\/\$(cat \$PIDFILE) ] || rm/
w
END

OI

Saját OI kisérletezések, admin doksi hiánypótlások...

Bind

Referenciák:

 root@sb:~# pkg install pkg:/service/network/dns/bind
 root@sb:~# groupadd -g 98 named
 UX: groupadd: WARNING: gid 98 is reserved.
 root@sb:~# useradd -u 98 -g 98 -d /var/named -A solaris.smf.manage.bind named
 UX: useradd: WARNING: uid 98 is reserved.
 root@sb:~# install -d -m 775 -u named -g named /etc/bind
 new owner is named
 directory /etc/bind created
 root@sb:~# install -d -m 775 -u named -g named /var/named
 new owner is named
 directory /var/named created
 root@sb:~# install -d -m 755 -u named -g named /var/log/bind9
 new owner is named
 directory /var/log/bind9 created
 root@sb:~# svccfg -s network/dns/server:default setprop start/user=named
 root@sb:~# svccfg -s network/dns/server:default setprop start/group=named
 root@sb:~# svccfg -s network/dns/server:default setprop options/configuration_file = /etc/bind/named.conf 
 root@sb:~# rndc-confgen -u named -a -c /etc/bind/rndc.key
 wrote key file "/etc/bind/rndc.key"
 root@sb:~# ln -s bind/rndc.key /etc
 root@sb:~# cat <<'END' >/etc/bind/named.conf
 > include "/etc/bind/named.conf.options";
 > include "/etc/bind/named.conf.local";
 > include "/etc/bind/named.conf.default-zones";
 > END
 root@sb:~# cat <<'END' >/etc/bind/named.conf.options
 > options {
 >   directory "/var/named";
 >   pid-file "/var/named/named.pid";
 >   auth-nxdomain no;
 >   listen-on-v6 { any; };
 >   allow-recursion { clients ; } ;
 >   allow-transfer { peers ; } ;
 > };
 > 
 > acl peers {
 >   10.1.1.2/30;
 > };
 > 
 > acl clients {
 >   10.0.0.0/8;
 >   172.16.0.0/12;
 > };
 > 
 > // Logging configuration for munin-node data collection
 > logging {
 >   channel b_log {
 >     file "/var/log/bind9/bind.log" versions 30 size 1m;
 >     print-time yes;
 >     print-category yes;
 >     print-severity yes;
 >     severity info;
 >   };
 >   channel b_debug {
 >     file "/var/log/bind9/debug.log" versions 2 size 1m;
 >     print-time yes;
 >     print-category yes;
 >     print-severity yes;
 >     severity dynamic;
 >   };
 >   channel b_query {
 >     file "/var/log/bind9/query.log" versions 2 size 1m;
 >     print-time yes;
 >     severity info;
 >   };
 >   category default { b_log; b_debug; };
 >   category config { b_log; b_debug; };
 >   category queries { b_query; };
 > };
 > END
 root@sb:~# cat <<'END' >/etc/bind/named.conf.local
 > zone "home.intra" {
 >   type master;
 >   file "db.home.intra";
 > };
 > 
 > zone "1.10.in-addr.arpa" {
 >   type master;
 >   file "db.1.10";
 > };
 > 
 > include "/etc/bind/zones.rfc1918";
 > END
 root@sb:~# cat <<'END' >/etc/bind/named.conf.default-zones
 > zone "." {
 >   type hint;
 >   file "/etc/bind/db.root";
 > };
 > 
 > zone "localhost" {
 >   type master;
 >   file "/etc/bind/db.local";
 > };
 > 
 > zone "127.in-addr.arpa" {
 >   type master;
 >   file "/etc/bind/db.127";
 > };
 > 
 > zone "0.in-addr.arpa" {
 >   type master;
 >   file "/etc/bind/db.0";
 > };
 > 
 > zone "255.in-addr.arpa" {
 >   type master;
 >   file "/etc/bind/db.255";
 > };
 > END
 root@sb:~# cat <<'END' >/etc/bind/zones.rfc1918
 > zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
 >  
 > zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
 > 
 > zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
 > END
 root@sb:~# wget -q -O /etc/bind/db.root ftp://ftp.internic.net/domain/named.root
 root@sb:~# cat <<'END' >/etc/bind/db.0
 > ;
 > ; BIND reverse data file for broadcast zone
 > ;
 > $TTL 604800
 > @ IN SOA localhost. root.localhost. ( 1 604800 86400 2419200 604800 )
 > @ IN NS localhost.
 > END
 root@sb:~# cp -a /etc/bind/db.{0,255}
 root@sb:~# cat <<'END' >/etc/bind/db.127
 > ;
 > ; BIND reverse data file for local loopback interface
 > ;
 > $TTL 604800
 > @ IN SOA localhost. root.localhost. ( 1 604800 86400 2419200 604800 )
 > @ IN NS localhost.
 > 1.0.0 IN PTR localhost.
 > END
 root@sb:~# cat <<'END' >/etc/bind/db.local
 > ;
 > ; BIND data file for local loopback interface
 > ;
 > $TTL 604800
 > @ IN SOA localhost. root.localhost. ( 2 604800 86400 2419200 604800 )
 > @ IN NS localhost.
 > @ IN A 127.0.0.1
 > @ IN AAAA ::1
 > END
 root@sb:~# cat <<'END' >/etc/bind/db.empty
 > ; BIND reverse data file for empty rfc1918 zone
 > ;
 > ; DO NOT EDIT THIS FILE - it is used for multiple zones.
 > ; Instead, copy it, edit named.conf, and use that copy.
 > ;
 > $TTL 86400
 > @ IN SOA localhost. root.localhost. ( 1 604800 86400 2419200 86400 )
 > @ IN NS localhost.
 > END
 root@sb:~# chown -R named:named /etc/bind   
 root@sb:~# named-checkconf /etc/bind/named.conf && echo OK
 OK
 root@sb:~# for i in 0 127 255 ; do named-checkzone ${i}.in-addr.arpa /etc/bind/db.$i ; done
 zone 0.in-addr.arpa/IN: loaded serial 1
 OK
 zone 127.in-addr.arpa/IN: loaded serial 1
 OK
 zone 255.in-addr.arpa/IN: loaded serial 1
 OK
 root@sb:~# named-checkzone 10.in-addr.arpa /etc/bind/db.empty 
 zone 10.in-addr.arpa/IN: loaded serial 1
 OK
 root@sb:~# named-checkzone localhost /etc/bind/db.local 
 zone localhost/IN: loaded serial 2
 OK
 root@sb:~# cat <<'END' >/var/named/db.home.intra
 > ;
 > ; BIND data file for my home intranet
 > ;
 > $TTL    604800
 > @      IN SOA home.intra. pasztor.home.intra. (
 >  2014061201         ; Serial
 >      604800         ; Refresh
 >       86400         ; Retry
 >     2419200         ; Expire
 >      604800 )       ; Negative Cache TTL
 > ;
 > @      IN NS sb.home.intra.
 >        IN NS chapai.home.intra.
 > chapai IN A 10.1.0.1
 > sb     IN A 10.1.0.2
 > END
 root@sb:~# cat <<'END' >/var/named/db.1.10
 > ;
 > ; BIND reverse data file for my home intranet
 > ;
 > $TTL    604800
 > @       IN SOA sb.home.intra. pasztor.home.intra. (
 >  2014061201         ; Serial
 >      604800         ; Refresh
 >       86400         ; Retry
 >     2419200         ; Expire
 >      604800 )       ; Negative Cache TTL
 > ;
 > @      IN NS sb.home.intra.
 >        IN NS chapai.home.intra.
 > 1.0    IN PTR chapai.home.intra.
 > 2.0    IN PTR sb.home.intra.
 > END
 root@sb:~# chown named:named /var/named/db.*
 root@sb:~# named-checkzone home.intra. /var/named/db.home.intra 
 zone home.intra/IN: loaded serial 2014061201
 OK
 root@sb:~# named-checkzone 1.10.in-addr.arpa. /var/named/db.1.10 
 zone 1.10.in-addr.arpa/IN: loaded serial 2014061201
 OK
 root@sb:~# svccfg -s network/dns/server:default refresh
 root@sb:~# svcadm enable network/dns/server
 root@sb:~# svcs network/dns/server
 STATE          STIME    FMRI
 online         23:34:45 svc:/network/dns/server:default


NIS

 root@oi:~# pkg install pkg:/service/network/nis
            Packages to install:  1     
        Create boot environment: No
 Create backup boot environment: No
             Services to change:  1
 
 DOWNLOAD                                  PKGS       FILES    XFER (MB)
 Completed                                  1/1       41/41      0.2/0.2
 
 PHASE                                        ACTIONS
 Install Phase                                  78/78 
 
 PHASE                                          ITEMS
 Package State Update Phase                       1/1 
 Image State Update Phase                         2/2
 root@oi:~# cd /var/yp
 root@oi:/var/yp# cp -a Makefile Makefile.orig
 root@oi:/var/yp# domainname 
 home.intra
 root@oi:/var/yp# mkdir $(domainname)
 ... [FOLYT KÖV]...

Zóna kreálás

Egyéb olvasnivaló:

root@omni:~# dladm show-phys
LINK         MEDIA                STATE      SPEED  DUPLEX    DEVICE
e1000g0      Ethernet             up         1000   full      e1000g0
root@omni:~# dladm create-vnic -l e1000g0 zn_omnitemp0
root@omni:~# dladm show-vnic
LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE         VID
zn_omnitemp0 e1000g0      1000   2:8:20:da:15:1c   random              0
root@omni:~# zfs create rpool/zones
root@omni:~# zonecfg -z template
template: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:template> create
zonecfg:template> set zonepath=/zones/template
zonecfg:template> set brand=ipkg
zonecfg:template> set autoboot=false
zonecfg:template> set ip-type=exclusive
zonecfg:template> add net
zonecfg:template:net> set physical=zn_template0
zonecfg:template:net> end
zonecfg:template> verify
zonecfg:template> commit
zonecfg:template> exit
root@omni:~# zfs umount rpool/zones
root@omni:~# zfs set mountpoint=/zones rpool/zones
root@omni:~# zfs mount rpool/zones
root@omni:~# df -h /zones
Filesystem      Size  Used Avail Use% Mounted on
rpool/zones      13G   31K   13G   1% /zones
root@omni:~# zfs create rpool/zones/template
root@omni:~# zoneadm list -icv
  ID NAME             STATUS     PATH                           BRAND    IP    
   0 global           running    /                              ipkg     shared
   - template         configured /zones/template                ipkg     excl  
root@omni:~# zoneadm -z template install
/zones/template must not be group readable.
/zones/template must not be group executable.
/zones/template must not be world readable.
/zones/template must not be world executable.
could not verify zonepath /zones/template because of the above errors.
WARNING: skipping network interface 'zn_template0': object not found
zoneadm: zone template failed to verify
root@omni:~# echo F4ck the geek diary\!
F4ck the geek diary!
root@omni:~# zfs destroy rpool/zones/template
root@omni:~# zoneadm -z template install
WARNING: skipping network interface 'zn_template0': object not found
A ZFS file system has been created for this zone.
   Publisher: Using omnios (http://pkg.omniti.com/omnios/release/ ).
       Image: Preparing at /zones/template/root.
       Cache: Using /var/pkg/publisher.
Sanity Check: Looking for 'entire' incorporation.
  Installing: Packages (output follows)
           Packages to install: 379
       Create boot environment:  No
Create backup boot environment:  No
            Services to change:   5

DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                              379/379 39410/39410  251.1/251.1

PHASE                                        ACTIONS
Install Phase                            57120/57120 

PHASE                                          ITEMS
Package State Update Phase                   379/379 
Image State Update Phase                         2/2 

        Note: Man pages can be obtained by installing pkg:/system/manual
 Postinstall: Copying SMF seed repository ... done.
        Done: Installation completed in 650,070 seconds.

  Next Steps: Boot the zone, then log into the zone console (zlogin -C)
              to complete the configuration process.
root@omni:~# zonecfg -z template 
zonecfg:template> remove net physical=zn_template0
zonecfg:template> add net
zonecfg:template:net> set physical=zn_omnitemp0
zonecfg:template:net> end
zonecfg:template> verify
zonecfg:template> commit
zonecfg:template> exit
root@omni:~# cd /zones/template/root/etc/
root@omni:/zones/template~/etc# echo "terminal=xterm" >sysidcfg
root@omni:/zones/template~/etc# echo "network_interface=PRIMARY {hostname=template" >>sysidcfg
root@omni:/zones/template~/etc# echo "ip_address=172.28.33.45" >>sysidcfg 
root@omni:/zones/template~/etc# echo "netmask=255.255.255.0" >>sysidcfg 
root@omni:/zones/template~/etc# echo "protocol_ipv6=no" >>sysidcfg 
root@omni:/zones/template~/etc# echo "default_route=172.28.33.80" >>sysidcfg 
root@omni:/zones/template~/etc# echo "security_policy=none" >>sysidcfg 
root@omni:/zones/template~/etc# echo "name_service=DNS" >>sysidcfg 
root@omni:/zones/template~/etc# echo "{domain_name=home.intra" >>sysidcfg 
root@omni:/zones/template~/etc# echo "name_server=172.28.33.80,172.28.33.35" >>sysidcfg 
root@omni:/zones/template~/etc# echo "search=home.intra,iovpn}" >>sysidcfg 
root@omni:/zones/template~/etc# echo "nfs4_domain=dynamic" >>sysidcfg 
root@omni:/zones/template~/etc# echo "timezone=Europe/Budapest" >>sysidcfg 
root@omni:/zones/template~/etc# echo "root_password=$(echo asdf.123 | openssl passwd -crypt -stdin)" >>sysidcfg 
root@omni:/zones/template~/etc# cd
root@omni:~# cat /zones/template/root/etc/sysidcfg 
terminal=xterm
network_interface=PRIMARY {hostname=template
ip_address=172.28.33.45
netmask=255.255.255.0
protocol_ipv6=no
default_route=172.28.33.80
security_policy=none
name_service=DNS
{domain_name=home.intra
name_server=172.28.33.80,172.28.33.35
search=home.intra,iovpn}
nfs4_domain=dynamic
timezone=Europe/Budapest
root_password=NC9RM51HoQJAw
root@omni:~# echo 'F4ck! Ezt is elb@xtam!'
F4ck! Ezt is elb@xtam!
root@omni:~# echo -e '/default_route\ns/$/}/\nw' | ed /zones/template/root/etc/sysidcfg 
348
default_route=172.28.33.80
349
root@omni:~# zoneadm -z template boot
root@omni:~# zlogin -C template
[Connected to zone 'template' console]

template console login: root
Password: <asdf.123>
Mar 23 23:43:42 template login: Solaris_audit getaddrinfo(template) failed[node name or service name not known]: Error 0
Mar 23 23:43:42 template login: Solaris_audit adt_get_local_address failed, no Audit IP address available, faking loopback and error: Network is down
Login incorrect
template console login: root
Password: <semmi/enter/nyista>
Mar 23 23:49:59 template login: Solaris_audit getaddrinfo(template) failed[node name or service name not known]: Error 0
Mar 23 23:49:59 template login: Solaris_audit adt_get_local_address failed, no Audit IP address available, faking loopback and error: Network is down
Mar 23 23:49:59 template login: pam_unix_cred: cannot load ttyname: Network is down, continuing.
Mar 23 23:49:59 template login: ROOT LOGIN /dev/console
OmniOS 5.11     006     June 2014
root@template:~# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
        inet6 ::1/128 
root@template:~# ipadm show-addr
ADDROBJ           TYPE     STATE        ADDR
lo0/v4            static   ok           127.0.0.1/8
lo0/v6            static   ok           ::1/128
root@template:~# ipadm create-addr -T static -a 172.28.33.45 zn_omnitemp0/v4
root@template:~# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
zn_omnitemp0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 172.28.33.45 netmask ffff0000 broadcast 172.28.255.255
        ether 2:8:20:da:15:1c 
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
        inet6 ::1/128 
zn_omnitemp0: flags=20002000840<RUNNING,MULTICAST,IPv6> mtu 1500 index 2
        inet6 ::/0 
        ether 2:8:20:da:15:1c 
root@template:~# echo 'Hat hova tud meg az az egy mellenyulas tovabbgyuruznie?!
'
Hat hova tud meg az az egy mellenyulas tovabbgyuruznie?!
root@template:~# route -p add -net default 172.28.33.80
add net default: gateway 172.28.33.80
add persistent net default: gateway 172.28.33.80
root@template:~# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
zn_omnitemp0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 172.28.33.45 netmask ffff0000 broadcast 172.28.255.255
        ether 2:8:20:da:15:1c 
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
        inet6 ::1/128 
zn_omnitemp0: flags=20002000840<RUNNING,MULTICAST,IPv6> mtu 1500 index 2
        inet6 ::/0 
        ether 2:8:20:da:15:1c 
root@template:~# ipadm show-addr
ADDROBJ           TYPE     STATE        ADDR
lo0/v4            static   ok           127.0.0.1/8
zn_omnitemp0/v4   static   ok           172.28.33.45/16
lo0/v6            static   ok           ::1/128
root@template:~# ipadm set-addrprop -p prefixlen=24 zn_omnitemp0/v4
root@template:~# ipadm show-addr
ADDROBJ           TYPE     STATE        ADDR
lo0/v4            static   ok           127.0.0.1/8
zn_omnitemp0/v4   static   ok           172.28.33.45/24
lo0/v6            static   ok           ::1/128
root@template:~# netstat -nr 

Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface 
-------------------- -------------------- ----- ----- ---------- --------- 
default              172.28.33.80         UG        1          0           
127.0.0.1            127.0.0.1            UH        2          0 lo0       
172.28.33.0          172.28.33.45         U         2          0 zn_omnitemp0 

Routing Table: IPv6
  Destination/Mask            Gateway                   Flags Ref   Use    If   
--------------------------- --------------------------- ----- --- ------- ----- 
::1                         ::1                         UH      2       0 lo0   
root@template:~# reboot
## kifogytam az ötletekből
## reboot után is gáz volt
## halt
root@omni:~# cp /zones/template/root/etc/sysidcfg template.sysidcfg
root@omni:~# zoneadm -z template uninstall
Are you sure you want to uninstall zone template (y/[n])? y
root@omni:~# zfs list rpool/zones
NAME          USED  AVAIL  REFER  MOUNTPOINT
rpool/zones    31K  11,9G    31K  /zones
root@omni:~# ls -l /zones/
total 0
root@omni:~# zoneadm -z template install
A ZFS file system has been created for this zone.
   Publisher: Using omnios (http://pkg.omniti.com/omnios/release/ ).
       Image: Preparing at /zones/template/root.
       Cache: Using /var/pkg/publisher.
Sanity Check: Looking for 'entire' incorporation.
  Installing: Packages (output follows)
           Packages to install: 379
       Create boot environment:  No
Create backup boot environment:  No
            Services to change:   5

DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                              379/379 39410/39410  251.1/251.1

PHASE                                        ACTIONS
Install Phase                            57120/57120 

PHASE                                          ITEMS
Package State Update Phase                   379/379 
Image State Update Phase                         2/2 

        Note: Man pages can be obtained by installing pkg:/system/manual
 Postinstall: Copying SMF seed repository ... done.
        Done: Installation completed in 107,174 seconds.

  Next Steps: Boot the zone, then log into the zone console (zlogin -C)
              to complete the configuration process.
## Azért, 650 sec vs. 107 sec... Szépen cache-el! ;-)
root@omni:~# zoneadm -z template boot ; zlogin -C template
[Connected to zone 'template' console]
108/108
Hostname: template

template console login: 

Megvan a megfejtés: Omni-n nincs sysidcfg. Még nem döntöttem el, hogy ezért mérges-e vagyok: http://zero-knowledge.org/post/98

Etc.

Apróságok, amiket mindig elfelejtek. Vagyis a hogyan hívják a print parancsot a héten A'la Slowaris:

root@oi:~# grep ^root /etc/user_attr
root::::min_label=admin_low;lock_after_retries=no;auths=solaris.*,solaris.grant;audit_flags=lo\:no;profiles=All;clearance=admin_high;type=role
...
root@db04:~# rolemod -K type=normal root
Személyes eszközök