Tuesday, November 27, 2007

I saw opiums in Kuimin

Mom and I got up early for airport. The city of Beijing was still asleep. By 11:00am, we are at Kuimin, a south China city that only has one season year round -- spring. Here is a park for international flower show.



Since childhood, I have always been taught to associate the opium with negative conotations.
Karl Marx uses opium to desibe religion. "Opium War" was the beginning of a hundred year's of national humilation for my motherland China. But here in Kumin, in the year of 2007, opium poppy is openly displayed for everyone to appreciate. They are truly elegant, are'nt they?




Let's get some more detailed pictures.





Mom is reporting what she is seeing back to my step father who refused to come with us.

Posted by at No comments:
Labels:

Wednesday, October 24, 2007

ssh keys -- how to setup trust relations

Seting up trust relationship between UNIX hosts is one of the routine requests we get. Here is a brief procedure:

Case I: OpenSSH -> OpenSSH (Simplist)

Steps:
1. Generate SSH Keys

LinuxHostLocal# /usr/bin/ssh-keygen -t dsa

2. Copy Public Key to the Remote Machine

LinuxHostLocal# scp .ssh/id_dsa.pub LinuxHostRemote:/tmp

3. Add Public Key to the list of keys

LinuxHostRemote# cat /tmp/id_dsa.pub >> ~/.ssh/authorized_keys
LinuxHostRemote# rm /tmp/id_dsa.pub

4. Set up permissions

LinuxHostRemote# chmod 640 ~/.ssh/authorized_keys

We can now ssh from LinuxHostLocal to LinuxHostRemote without a password. Make sure never to let anyone get your private key file (keep permissions at 600). Public keys can (and should) be publicly available.


Case II: OpenSSH -> SSH2 (Key conversion will be needed)

From OpenSSH (LinuxLocalHost), to SSH2 (SolarisRemoteHost)

Do the 4 steps in Case I. Since SSH2 cannot directly read an OpenSSH key, we have to do a key conversion here.

1. Convert SSH Public Key to SSH2 Key

LinuxLocalHost# cd ~/.ssh
LinuxLocalHost# /usr/bin/ssh-keygen -e -f id_dsa_pub > id_dsa_ssh2.pub

2. Create the public key file on the Remote Machine that runs SSH2

LinuxLocalHost# scp id_dsa_ssh2.pub SolarisRemoteHost:~/.ssh2/remotehostname.pub

* you will have to supply a passwd at this time; otherwisie use root id to do the scp

2. Add Public Key to the list of keys

SolarisRemoteHost#cd ~/.ssh2
SolarisRemoteHost# echo "key remotehostname.pub" >> ~/.ssh2/authorization


Case III: SSH2 -> OpenSSH ((Again, key converstion is needed)

Now, we'll need to generate a new set of keys on the SSH2 machine, and send its public key to the openssh machine. Again, we will need to convert the public key. This time from SSH2 to OpenSSH form.
* note that the key conversion can only be done on the open ssh side. SSH2, as far as I know now, has not implemented a routine to convert OpenSSH keys.


1. Create SSH2 Keys

SolarisLocalHost# /opt/ssh2/bin/ssh-keygen

example screen:

$ /opt/ssh2/bin/ssh-keygen
Generating 1024-bit dsa key pair
2 Oo.oOo.oOoo.
Key generated.
1024-bit dsa, fsbsc@evitaprod, Wed Oct 24 2007 20:40:27
Passphrase : <<>
$
2. Tell SSH2 who it is

SolarisLocalHost# cd ~/.ssh2
SolarisLocalHost# echo "idkey id_dsa_1024_a" >> .ssh2/identification


3. Set permissions

SolarisLocalHost# chmod 600 idkey id_dsa_1024_a.pub identification

4. Copy the public key to the OpenSSH machine

SolarisLocalHost# scp .ssh/id_dsa_1024_a.pub LinuxRemoteHost:/tmp

5. Convert the public key, and add it authorized_keys2
*note the file name is "authorized_keys2"

LinuxRemoteHost:/usr/bin/ssh-keygen -i -f /tmp/id_dsa_1024_a.pub >> ~/.ssh/authorized_keys2
LinuxRemoteHost:rm /tmp/id_dsa_1024_a.pub
Cheers.
Posted by at No comments:
Labels:

Thursday, May 24, 2007

Solaris fibre channel management

In Solaris 10, storage management is now integrated into the base OS. The leadville driver has been expanded to include HBAs from Emulex, JNI and Qlogic, and the fcinfo utility as well as several mdb DCMDS were added to view fibre channel connectivity information. 'fcinfo' is an useful tool to view HBA and connectivity information.

usage examples are here:

pbeqcmpdb1-h# fcinfo hba-port
HBA Port WWN: 10000000c943458a
OS Device Name: /devices/pci@8,700000/lpfc@2
Manufacturer: Emulex Corporation
Model: LP9002
Type: N-port
State: online
Supported Speeds: 2Gb
Current Speed: 2Gb
Node WWN: 20000000c943458a
HBA Port WWN: 10000000c943944b
OS Device Name: /devices/pci@8,700000/lpfc@3
Manufacturer: Emulex Corporation
Model: LP9002
Type: N-port
State: online
Supported Speeds: 2Gb
Current Speed: 2Gb
Node WWN: 20000000c943944b
HBA Port WWN: 210000144f23cfc4
OS Device Name: /dev/cfg/c1
Manufacturer: QLogic Corp.
Model: 2200
Type: L-port
State: online
Supported Speeds: 1Gb
Current Speed: 1Gb
Node WWN: 200000144f23cfc4
pbeqcmpdb1-h#
pbeqcmpdb2-h# fcinfo hba-port
HBA Port WWN: 10000000c952efec
OS Device Name: /devices/pci@8,700000/lpfc@2
Manufacturer: Emulex Corporation
Model: LP9002
Type: N-port
State: online
Supported Speeds: 2Gb
Current Speed: 2Gb
Node WWN: 20000000c952efec
HBA Port WWN: 10000000c952ee53
OS Device Name: /devices/pci@8,700000/lpfc@3
Manufacturer: Emulex Corporation
Model: LP9002
Type: N-port
State: online
Supported Speeds: 2Gb
Current Speed: 2Gb
Node WWN: 20000000c952ee53
HBA Port WWN: 210000144f00fe72
OS Device Name: /dev/cfg/c1
Manufacturer: QLogic Corp.
Model: 2200
Type: L-port
State: online
Supported Speeds: 1Gb
Current Speed: 1Gb
Node WWN: 200000144f00fe72
pbeqcmpdb2-h#

Further usage information can be found in man page.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)