Synchronization of common agent container security files

Solaris Cluster uses common agent container as part of its management infrastructure. The common agent container (CAC) uses public key mechanisms for encryption and authentication. Here is the complete guide that explains CAC in lot more detail.

In Solaris Cluster, the CAC keys must be the same on all the nodes of the cluster, so that the management infrastructure can communicate with all the cluster nodes. Cluster software ensures that these keys are same on all the cluster nodes. However there could be scenarios when these keys go out of sync. When that happens, you will start seeing errors like below,

             ERROR: Unable to connect to the common agent container on node
             pneta1. Ensure that the common agent container is running and you
             have the required authorizations to connect to the common agent
             container on this node.

    Press RETURN to continue

 

 Here are the steps to correct this situation.

1. Stop CAC on all the cluster nodes

   #/usr/sbin/cacaoadm stop 

 

2. Copy the CAC security files from one node of the cluster to all the other nodes of the cluster.

    On any one node do, 

   cd /etc/cacao/instances/default/

   tar cf /tmp/SECURITY.tar security

   then transfer the SECURITY.tar to all the nodes and do,

   cd /etc/cacao/instances/default/

   tar xf /tmp/SECURITY.tar

   You can now remove all the copies of SECURITY.tar

 

3. Restart the CAC on all the cluster nodes

    /usr/sbin/cacaoadm start

 This procedure is explained in detail here. Join our communities around CAC and Solaris Cluster for more.

Advertisements

Mepco Schlenk College Visit and a Moral Dilemma

I went on a trip to India recently. During that time, I got a chance to visit the college where I studied for four years to get my engineering degree. My professors were thrilled to see me. It was nice to get introduced as one of their best students to my wife. I gave a lecture to the computer science engineering students about the concepts of open source and the mutual benefits involved. I talked about opensolaris and about some of the technologies that are present there. The students were interested to know about Sun as a company, the way projects work at Sun, and about the culture. Overall, it was a rewarding experience for everyone. 
Mepco Schlenk Visit – 2008

It has been more than 10 years since I last visited the place. There are lot of changes in the college since last time. There are lot more courses offered now and therefore many new buildings have sprung up. It is good to see the college growing in this way. I got to visit the new mathematics lab. This lab is very interesting. The lab contains many puzzles, analytical problems, and tools to solve them in a practical manner. The lab is a very good idea.

Mepco Schlenk Engineering College is also known for its very strict rules and for its severe punishments for breaking the rules. The rules of the college have gotten stricter, since the time I studied there. A more recent rule in the college hostels is, a girl can leave the college hostel to go out, if and only if, one of the girl’s parent is physically present with the girl. The stated purpose of its rule is to prevent dating and for the girl’s protection. This rule does not exist for the boys in the college hostels.

The effect of this rule is that girls cannot go to technical conferences or present papers outside the college campus, unless a parent comes over to the college to take them there. This rule is discriminative based on sex. It is very sad and I can understand the frustrations of the students.

I did get a chance to talk to the Principal of the college and give my feedback, but  I think there is very little chance of this changing anytime soon.  All this puts me in the horns of a moral dilemma. Should I support my alma mater, share my experiences and help the students studying there ? Wouldn’t it indirectly endorse the rules of the college ? If I do not ever go there because I do not like certain rules of the college, then who loses ? What is lost ? How does the voice of dissent get heard ? I do not know the answers.

Economics of altruism?

If you like behavioral economics, this article titled, "What Makes People Give?" is a nice read. I wish I had read some of these reports before I tried my hand at fund-raising last year. My only peeve with the article is that there are no links to the formalized studies by John List and Dean Karlan. It would be nice to look into the research studies in more detail.

Freakonomics by Steven D. Levitt and Stephen J. Dubner is another good read on behavioral economics. I read this book last year based on James’s recommendation.

By the way, what is it between apples and these economists!

5k/10k spring run for 2008

I participated in a 10k race organized by Team Asha last spring.  It was my first long distance race and it took me 1 hour and 30 minutes to run those 6.2 miles. I ended up training for a marathon with Team Asha and I ran the Chicago marathon and the Silicon Valley marathon during the fall season the same year. It is amazing what a little bit of training and a bunch of motivated people can do. Later that year in November, the fitness center at the Sun Campus in Menlo Park conducted a 10k race and I was able to run the same 6.2 miles in 53 min 28 sec.

This year the Team Asha spring run is this coming weekend, the 16th of March. They are planning a carnival this time with more activities, games and food too. I plan to run this 10k race again as the first race for 2008. Wish me luck.

If you are around the bay area this weekend, this race would be a fun place to drop-by. 

Changing Sun Cluster Manager port, 6789

There have been requests from people who want to change the port through which Sun Cluster Manager(SCM) is accessed. SCM, like many other web applications from Sun, is accessed through the Sun Java Web Console. By default, Sun Java Web Console is accessed via a secure HTTP port 6789. In fact, the port numbers 6786 to 6789 are assigned for Sun Java Web Console and no other application should use these ports.

Here is a procedure, that I used recently, that changes these ports, if necessary. Maybe this will be useful for others as well.

1. Find out the version of the Sun Java Web Console that you currently have.

    /usr/sbin/smcwebserver -V

2. If the version is 3.0.2, then do the following.

   smcwebserver stop

   cd /var/webconsole/domains

   rm -rf console

   cd /etc/webconsole/console

   rm status.properties

   rm regcache/registry.properties

   edit config.properties

       Replace values for console_httpsport and console_httpport
       // If on Solaris 10, clear the service:

      svcadm clear system/webconsole:console

   smcwebserver start

3.   If the version is greater than 3.0.2, then do the following.

   smcwebserver stop

   /usr/share/webconsole/bin/wcswap -t tomcat -s <nnnn> -p <nnnn>
       // If on Solaris 10, clear the service:

      svcadm clear system/webconsole:console

   smcwebserver start