Monday, February 27, 2006

Solaris 10 bootcamp

http://avata.central/workshop/bootcamp/

#1 Solaris 10 platform Site for Container and DTrace

Next to the admin guide, we recently started releasing short how to guides on sun.com:
http://www.sun.com/software/solaris/reference_resources.jsp
and
http://www.sun.com/software/solaris/howtoguides/containersLowRes.jsp
talks about pools and zones.

Niagara Emlxs(7D) fibre channel Panic for stopping CPU context switch

It seems the fibre channel nexus driver with SCSA interface for the emlxs(7D) fibre channel adapter is doing auto request sense and tagged queueing which raises packet timeout. As the first thread to initiat a system panic records and renders the system quiescent by stopping other processors.

In turns cause Sun4v specific xt_sync to wait for x-trap to finish. In addition, due to the panic uts forces other processors o trap into panic idle so they will no not receive cross-calls.

If we should do detach and attach again to see how system react to the HW interrupts.


A email from mailing list

>
> Did anyone else see something similar to this on Solaris 10 3/05 HW2 s10s_hw2wos_05 SPARC on T2000?
> Any suggestions?
>
> Regards,
> Jignesh
>
> Feb 25 01:31:59 bcu3510-1 emlxs: [ID 349649 kern.info] [1.0126]emlxs0: NOTICE: 910: Packet timeout. (chip a
> bort: sbp=60015d1e858 iotag=1e42 tmo=60)
> Feb 25 01:31:59 bcu3510-1 scsi: [ID 107833 kern.warning] WARNING: /pci@7c0/pci@0/pci@1/pci@0,2/SUNW,emlxs@1
> /fp@0,0/ssd@w226000c0ffa98fc0,1 (ssd10):
> Feb 25 01:31:59 bcu3510-1 SCSI transport failed: reason 'timeout': retrying command
> Feb 25 01:56:14 bcu3510-1 emlxs: [ID 349649 kern.info] [1.0126]emlxs0: NOTICE: 910: Packet timeout. (chip a
> bort: sbp=600154995e8 iotag=34a7 tmo=60)
> Feb 25 02:00:24 bcu3510-1 emlxs: [ID 349649 kern.info] [1.0126]emlxs0: NOTICE: 910: Packet timeout. (chip a
> bort: sbp=3003f4cd168 iotag=3328 tmo=60)
> Feb 25 06:31:09 bcu3510-1 unix: [ID 547063 kern.notice] Cross trap sync timeout at cpu_sync.xword[0]: 0x100
> 000000000000
> Feb 25 06:31:09 bcu3510-1 unix: [ID 350512 kern.notice] panic: failed to stop cpu0
> Feb 25 06:31:09 bcu3510-1 unix: [ID 836849 kern.notice]
> Feb 25 06:31:09 bcu3510-1 ^Mpanic[cpu23]/thread=30001f4a6c0:
> Feb 25 06:31:09 bcu3510-1 unix: [ID 990398 kern.notice] xt_sync: timeout
> Feb 25 06:31:09 bcu3510-1 unix: [ID 100000 kern.notice]
> Feb 25 06:31:09 bcu3510-1 genunix: [ID 723222 kern.notice] 000002a101c461d0 unix:xt_sync+17c (d8e29fb05044,
> 2a101c46280, 0, 0, d8e29dd37a18, d8e29dd37a20)
> Feb 25 06:31:09 bcu3510-1 genunix: [ID 179002 kern.notice] %l0-3: 0000000000000001 8000000000000000 00000
> 00000000000 000002a101c46280
> Feb 25 06:31:09 bcu3510-1 %l4-7: 000000000184d800 0000000001038800 0100000000000000 0000000001dcd650
> Feb 25 06:31:09 bcu3510-1 genunix: [ID 723222 kern.notice] 000002a101c462c0 unix:hat_unload_callback+808 (7
> 0000000000, 2a101c465f0, 0, 0, 0, 300005b9e08)
>
>

Saturday, February 25, 2006

Grid Data Management

Virtual data abstraction

(1) data model federation
(2) data transformation
(3) replication
(4) data mediation

Archiving, Annotation, Meta data service

Friday, February 24, 2006

AM 6.x DIT

----------Role Management-----------------


(1) Add static service role with no permission


cn=ITStaticRole,o=ITOrg,dc=jesswitch,dc=com
persistentSearch-changeType=add
iplanet-am-role-aci-description=No Permission Description
iplanet-am-role-type=3
cn=ITStaticRole
objectClass=top
objectClass=iplanet-am-managed-role
objectClass=ldapsubentry
objectClass=nssimpleroledefinition
objectClass=nsmanagedroledefinition
objectClass=nsroledefinition


(2) ITStatic Administrative Role with no permission


cn=ITStaticAdminRole,o=ITOrg,dc=jesswitch,dc=com
persistentSearch-changeType=add
iplanet-am-role-aci-description=No Permission Description
iplanet-am-role-managed-container-dn=o=ITOrg,dc=jesswitch,dc=com
iplanet-am-role-type=2
cn=ITStaticAdminRole
objectClass=top
objectClass=iplanet-am-managed-role
objectClass=ldapsubentry
objectClass=nssimpleroledefinition
objectClass=nsmanagedroledefinition
objectClass=nsroledefinition


(3) add static service role with admin permission


cn=ITStaticServiceAdminPermissionRole,o=ITOrg,dc=jesswitch,dc=com
persistentSearch-changeType=add
iplanet-am-role-aci-description=Organization Policy Admin Description
iplanet-am-role-type=3
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///ou=services,*o=ITOrg,dc=jesswitch,dc=com")(targetattr = "*") (version 3.0; acl "Organization Policy Admin Role access allow"; allow (all) roledn = "ldap:///cn=ITStaticServiceAdminPermissionRole,o=ITOrg,dc=jesswitch,dc=com";)
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///o=ITOrg,dc=jesswitch,dc=com")(targetfilter="(objectclass=sunismanagedorganization)")(targetattr = "sunRegisteredServiceName") (version 3.0; acl "Organization Policy Admin Role access allow"; allow (read,write,search) roledn = "ldap:///cn=ITStaticServiceAdminPermissionRole,o=ITOrg,dc=jesswitch,dc=com";)
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///ou=iPlanetAMAuthService,ou=services,*o=ITOrg,dc=jesswitch,dc=com")(targetattr = "*") (version 3.0; acl "Organization Policy Admin Role access Auth Service deny"; deny (add,write,delete) roledn = "ldap:///cn=ITStaticServiceAdminPermissionRole,o=ITOrg,dc=jesswitch,dc=com";)
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///o=ITOrg,dc=jesswitch,dc=com")(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,dc=jesswitch,dc=com)(nsroledn=cn=Top-level Help Desk Admin Role,dc=jesswitch,dc=com)(nsroledn=cn=Organization Admin Role,o=ITOrg,dc=jesswitch,dc=com))))(targetattr = "*")(version 3.0; acl "Organization Policy Admin access allow"; allow (read,search) roledn = "ldap:///cn=ITStaticServiceAdminPermissionRole,o=ITOrg,dc=jesswitch,dc=com";)
cn=ITStaticServiceAdminPermissionRole
objectClass=top
objectClass=iplanet-am-managed-role
objectClass=ldapsubentry
objectClass=nssimpleroledefinition
objectClass=nsmanagedroledefinition
objectClass=nsroledefinition

o=ITOrg,dc=jesswitch,dc=com
persistentSearch-changeType=modify
inetDomainStatus=Active
o=ITOrg
objectClass=sunISManagedOrganization
objectClass=sunNameSpace
objectClass=top
objectClass=sunManagedOrganization
objectClass=organization

cn=ITStaticServiceAdminPermissionRole,o=ITOrg,dc=jesswitch,dc=com
persistentSearch-changeType=modify
iplanet-am-role-aci-description=Organization Policy Admin Description
iplanet-am-role-type=3
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///ou=services,*o=ITOrg,dc=jesswitch,dc=com")(targetattr = "*") (version 3.0; acl "Organization Policy Admin Role access allow"; allow (all) roledn = "ldap:///cn=ITStaticServiceAdminPermissionRole,o=ITOrg,dc=jesswitch,dc=com";)
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///o=ITOrg,dc=jesswitch,dc=com")(targetfilter="(objectclass=sunismanagedorganization)")(targetattr = "sunRegisteredServiceName") (version 3.0; acl "Organization Policy Admin Role access allow"; allow (read,write,search) roledn = "ldap:///cn=ITStaticServiceAdminPermissionRole,o=ITOrg,dc=jesswitch,dc=com";)
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///ou=iPlanetAMAuthService,ou=services,*o=ITOrg,dc=jesswitch,dc=com")(targetattr = "*") (version 3.0; acl "Organization Policy Admin Role access Auth Service deny"; deny (add,write,delete) roledn = "ldap:///cn=ITStaticServiceAdminPermissionRole,o=ITOrg,dc=jesswitch,dc=com";)
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///o=ITOrg,dc=jesswitch,dc=com")(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,dc=jesswitch,dc=com)(nsroledn=cn=Top-level Help Desk Admin Role,dc=jesswitch,dc=com)(nsroledn=cn=Organization Admin Role,o=ITOrg,dc=jesswitch,dc=com))))(targetattr = "*")(version 3.0; acl "Organization Policy Admin access allow"; allow (read,search) roledn = "ldap:///cn=ITStaticServiceAdminPermissionRole,o=ITOrg,dc=jesswitch,dc=com";)
cn=ITStaticServiceAdminPermissionRole
objectClass=top
objectClass=iplanet-am-managed-role
objectClass=ldapsubentry
objectClass=nssimpleroledefinition
objectClass=nsmanagedroledefinition
objectClass=nsroledefinition
iplanet-am-role-display-options=actionpeoplecontainerproperties=viewproperties
iplanet-am-role-display-options=actionroleproperties=viewproperties
iplanet-am-role-display-options=actiongroupproperties=viewproperties
iplanet-am-role-display-options=actiongroupcontainerproperties=viewproperties
iplanet-am-role-display-options=actionorganizationalunitproperties=viewproperties
iplanet-am-role-display-options=actionpolicyproperties=fullaccessobject
iplanet-am-role-display-options=actionentityproperties=viewproperties
iplanet-am-role-display-options=actionserviceproperties=fullaccessobject
iplanet-am-role-display-options=actionorganizationproperties=viewproperties
iplanet-am-role-display-options=actionuserproperties=modifyproperties


(4) Add Service Filtered Role with no admin permission


cn=ITFilteredRole,o=ITOrg,dc=jesswitch,dc=com
persistentSearch-changeType=add
iplanet-am-role-aci-description=No Permission Description
iplanet-am-role-type=3
nsRoleFilter=(&(uid=*)(uid=inetuser))
cn=ITFilteredRole
objectClass=nsfilteredroledefinition
objectClass=nscomplexroledefinition
objectClass=top
objectClass=ldapsubentry
objectClass=iplanet-am-managed-filtered-role
objectClass=nsroledefinition
objectClass=iplanet-am-managed-role

(5) Add filtered admin permission service role

cn=ITFilteredServiceAdminRole,o=ITOrg,dc=jesswitch,dc=com
persistentSearch-changeType=add
iplanet-am-role-aci-description=Organization Admin Description
iplanet-am-role-type=3
nsRoleFilter=(&(uid=*)(objectclass=inetuser))
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///cn=ITFilteredServiceAdminRole,o=ITOrg,dc=jesswitch,dc=com")(targetattr="*")(version 3.0; acl "S1IS Organization Admin Role access deny"; deny (write,add,delete,compare,proxy) roledn = "ldap:///cn=ITFilteredServiceAdminRole,o=ITOrg,dc=jesswitch,dc=com";)
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///o=ITOrg,dc=jesswitch,dc=com")(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,dc=jesswitch,dc=com)(nsroledn=cn=Top-level Help Desk Admin Role,dc=jesswitch,dc=com))))(targetattr = "nsroledn")(targattrfilters="add=nsroledn:(nsroledn=*,o=ITOrg,dc=jesswitch,dc=com),del=nsroledn:(nsroledn=*,o=ITOrg,dc=jesswitch,dc=com)")(version 3.0; acl "S1IS Organization Admin Role access allow"; allow (all) roledn = "ldap:///cn=ITFilteredServiceAdminRole,o=ITOrg,dc=jesswitch,dc=com";)
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///o=ITOrg,dc=jesswitch,dc=com")(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,dc=jesswitch,dc=com)(nsroledn=cn=Top-level Help Desk Admin Role,dc=jesswitch,dc=com))))(targetattr != "nsroledn")(version 3.0; acl "S1IS Organization Admin Role access allow all"; allow (all) roledn = "ldap:///cn=ITFilteredServiceAdminRole,o=ITOrg,dc=jesswitch,dc=com";)
cn=ITFilteredServiceAdminRole
objectClass=nsfilteredroledefinition
objectClass=nscomplexroledefinition
objectClass=top
objectClass=ldapsubentry
objectClass=iplanet-am-managed-filtered-role
objectClass=nsroledefinition
objectClass=iplanet-am-managed-role

o=ITOrg,dc=jesswitch,dc=com
persistentSearch-changeType=modify
inetDomainStatus=Active
o=ITOrg
objectClass=sunISManagedOrganization
objectClass=sunNameSpace
objectClass=top
objectClass=sunManagedOrganization
objectClass=organization


(6) add filtered administrative role

cn=ITFilteredAdminRole,o=ITOrg,dc=jesswitch,dc=com
persistentSearch-changeType=add
iplanet-am-role-aci-description=Organization Policy Admin Description
iplanet-am-role-managed-container-dn=o=ITOrg,dc=jesswitch,dc=com
iplanet-am-role-type=2
nsRoleFilter=(&(uid=*)(objectclass=inetuser))
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///o=ITOrg,dc=jesswitch,dc=com")(targetfilter="(objectclass=sunismanagedorganization)")(targetattr = "sunRegisteredServiceName") (version 3.0; acl "Organization Policy Admin Role access allow"; allow (read,write,search) roledn = "ldap:///cn=ITFilteredAdminRole,o=ITOrg,dc=jesswitch,dc=com";)
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///o=ITOrg,dc=jesswitch,dc=com")(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,dc=jesswitch,dc=com)(nsroledn=cn=Top-level Help Desk Admin Role,dc=jesswitch,dc=com)(nsroledn=cn=Organization Admin Role,o=ITOrg,dc=jesswitch,dc=com))))(targetattr = "*")(version 3.0; acl "Organization Policy Admin access allow"; allow (read,search) roledn = "ldap:///cn=ITFilteredAdminRole,o=ITOrg,dc=jesswitch,dc=com";)
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///ou=iPlanetAMAuthService,ou=services,*o=ITOrg,dc=jesswitch,dc=com")(targetattr = "*") (version 3.0; acl "Organization Policy Admin Role access Auth Service deny"; deny (add,write,delete) roledn = "ldap:///cn=ITFilteredAdminRole,o=ITOrg,dc=jesswitch,dc=com";)
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///ou=services,*o=ITOrg,dc=jesswitch,dc=com")(targetattr = "*") (version 3.0; acl "Organization Policy Admin Role access allow"; allow (all) roledn = "ldap:///cn=ITFilteredAdminRole,o=ITOrg,dc=jesswitch,dc=com";)
cn=ITFilteredAdminRole
objectClass=nsfilteredroledefinition
objectClass=nscomplexroledefinition
objectClass=top
objectClass=ldapsubentry
objectClass=iplanet-am-managed-filtered-role
objectClass=nsroledefinition
objectClass=iplanet-am-managed-role

o=ITOrg,dc=jesswitch,dc=com
persistentSearch-changeType=modify
inetDomainStatus=Active
o=ITOrg
objectClass=sunISManagedOrganization
objectClass=sunNameSpace
objectClass=top
objectClass=sunManagedOrganization
objectClass=organization

cn=ITFilteredAdminRole,o=ITOrg,dc=jesswitch,dc=com
persistentSearch-changeType=modify
iplanet-am-role-aci-description=Organization Policy Admin Description
iplanet-am-role-managed-container-dn=o=ITOrg,dc=jesswitch,dc=com
iplanet-am-role-type=2
nsRoleFilter=(&(uid=*)(objectclass=inetuser))
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///o=ITOrg,dc=jesswitch,dc=com")(targetfilter="(objectclass=sunismanagedorganization)")(targetattr = "sunRegisteredServiceName") (version 3.0; acl "Organization Policy Admin Role access allow"; allow (read,write,search) roledn = "ldap:///cn=ITFilteredAdminRole,o=ITOrg,dc=jesswitch,dc=com";)
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///o=ITOrg,dc=jesswitch,dc=com")(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,dc=jesswitch,dc=com)(nsroledn=cn=Top-level Help Desk Admin Role,dc=jesswitch,dc=com)(nsroledn=cn=Organization Admin Role,o=ITOrg,dc=jesswitch,dc=com))))(targetattr = "*")(version 3.0; acl "Organization Policy Admin access allow"; allow (read,search) roledn = "ldap:///cn=ITFilteredAdminRole,o=ITOrg,dc=jesswitch,dc=com";)
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///ou=iPlanetAMAuthService,ou=services,*o=ITOrg,dc=jesswitch,dc=com")(targetattr = "*") (version 3.0; acl "Organization Policy Admin Role access Auth Service deny"; deny (add,write,delete) roledn = "ldap:///cn=ITFilteredAdminRole,o=ITOrg,dc=jesswitch,dc=com";)
iplanet-am-role-aci-list=o=ITOrg,dc=jesswitch,dc=com:aci: (target="ldap:///ou=services,*o=ITOrg,dc=jesswitch,dc=com")(targetattr = "*") (version 3.0; acl "Organization Policy Admin Role access allow"; allow (all) roledn = "ldap:///cn=ITFilteredAdminRole,o=ITOrg,dc=jesswitch,dc=com";)
cn=ITFilteredAdminRole
objectClass=nsfilteredroledefinition
objectClass=nscomplexroledefinition
objectClass=top
objectClass=ldapsubentry
objectClass=iplanet-am-managed-filtered-role
objectClass=nsroledefinition
objectClass=iplanet-am-managed-role
iplanet-am-role-display-options=actionpeoplecontainerproperties=viewproperties
iplanet-am-role-display-options=actionroleproperties=viewproperties
iplanet-am-role-display-options=actiongroupproperties=viewproperties
iplanet-am-role-display-options=actiongroupcontainerproperties=viewproperties
iplanet-am-role-display-options=actionorganizationalunitproperties=viewproperties
iplanet-am-role-display-options=actionpolicyproperties=fullaccessobject
iplanet-am-role-display-options=actionentityproperties=viewproperties
iplanet-am-role-display-options=actionserviceproperties=fullaccessobject
iplanet-am-role-display-options=actionorganizationproperties=viewproperties
iplanet-am-role-display-options=actionuserproperties=modifyproperties


(7) assign service to role

Niagara PICe bus initalization error

As S10 FMA trace reports, Fire Fabric ereport as a leaf PCIe device sends
an error message to root complex, the nexus driver publishes this ereport.

(1) A faulty PCI device off of a pci-pci bridge could see ereport.io.pci.mdpe
and ereport.io.pci.target-mdpe

(2) Faulty PCI device could see ereport.io.pci.sec-rserr

(3) A defective PCI device driver may cause ereport.io.pci.sec-dpe

In general, it seems the above HW issue raises interrupt for handler
of PCIE fabric block and dump the "Fatal PCIe Fabric Error has occurred"


Thanks

Lei
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> Configuring devices.
>>> >>> SUNW-MSG-ID: SUNOS-8000-0G, TYPE: Error, VER: 1, SEVERITY: Major
>>> EVENT-TIME: 0x43ebc150.0x1dcd5ca8 (0x333e1920bc)
>>> PLATFORM: SUNW,Sun-Fire-T200, CSN: -, HOSTNAME:
>>> SOURCE: SunOS, REV: 5.10 Generic_118822-25
>>> DESC: Errors have been detected that require a reboot to ensure system
>>> integrity. See http://www.sun.com/msg/SUNOS-8000-0G for more information.
>>> AUTO-RESPONSE: Solaris will attempt to save and diagnose the error telemetry
>>> IMPACT: The system will sync files, save a crash dump if needed, and reboot
>>> REC-ACTION: Save the error summary below in case telemetry cannot be saved
>>>
>>> ereport.io.fire.fabric ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>> device-path="/pci@7c0" ] msg_code=31 req_id=402 cap_off=44 aer_off=100
>>> sts_reg=4110 sts_sreg=0 dev_sts_reg=6 aer_ce=0 aer_ue=0 aer_sev=60010 aer_h1=
>>> 4000001 aer_h2=3 aer_h3=4010000 aer_h4=40100 saer_ue=1080 saer_sev=1340
>>> saer_h1=1f061030 saer_h2=f0 saer_h3=ff114040 saer_h4=0 severity=9
>>>
>>> ereport.io.pci.mdpe ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>> device-path="/pci@7c0/pci@0" ] pci-status=110 pci-command=547
>>>
>>> ereport.io.pci.target-mdpe ena=333e08995805c01 detector=[ version=0 scheme=
>>> "dev" device-path="/pci@7c0" ]
>>>
>>> ereport.io.pci.sec-dpe ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>> device-path="/pci@7c0/pci@0" ] pci-sec-status=c000 pci-bdg-ctrl=3
>>>
>>> ereport.io.pci.sec-rserr ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>> device-path="/pci@7c0/pci@0" ] pci-sec-status=c000 pci-bdg-ctrl=3
>>>
>>> ereport.io.pci.mdpe ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>> device-path="/pci@7c0/pci@0/pci@1" ] pci-status=110 pci-command=547
>>>
>>> ereport.io.pci.target-mdpe ena=333e08995805c01 detector=[ version=0 scheme=
>>> "dev" device-path="/pci@7c0/pci@0" ]
>>>
>>> ereport.io.pci.sec-dpe ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>> device-path="/pci@7c0/pci@0/pci@1" ] pci-sec-status=c000 pci-bdg-ctrl=3
>>>
>>> ereport.io.pci.sec-rserr ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>> device-path="/pci@7c0/pci@0/pci@1" ] pci-sec-status=c000 pci-bdg-ctrl=3
>>>
>>> ereport.io.pci.sec-dpe ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>> device-path="/pci@7c0/pci@0/pci@1/pci@0,2" ] pci-sec-status=c2a0 pci-bdg-ctrl=
>>> 23
>>>
>>> ereport.io.pci.sec-rserr ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>> device-path="/pci@7c0/pci@0/pci@1/pci@0,2" ] pci-sec-status=c2a0 pci-bdg-ctrl=
>>> 23
>>> ereport.io.fire.fabric ena=333e2133d405c01 detector=[ version=0 scheme="dev"
>>> device-path="/pci@7c0" ] msg_code=33 req_id=402 cap_off=44 aer_off=100
>>> sts_reg=10 sts_sreg=0 dev_sts_reg=0 aer_ce=0 aer_ue=0 aer_sev=60010 aer_h1=
>>> 4000001 aer_h2=3 aer_h3=4010000 aer_h4=40100 saer_ue=1000 saer_sev=1340
>>> saer_h1=1f061030 saer_h2=f0 saer_h3=ff114040 saer_h4=0 severity=9
>>>
>>>
>>> panic[cpu23]/thread=2a100f1dcc0: Fatal PCIe Fabric Error has occurred
>>>
>>>
>>> 000002a100f85d70 px:px_err_fabric_intr+c0 (300005afe00, 31, 300008c42e0, 402, 300008d8f20, 402000000000000)
>>> %l0-3: 00000300008c1bd8 00000000ffffffff fffffffffffffffe 0000000000000000
>>> %l4-7: 000000000183e800 0000000001271800 0000000000000000 00000300008c42f0
>>> 000002a100f85e50 px:px_msiq_intr+1a4 (300008e9da8, 0, 1269f54, 0, 300005afe00, 300008d8f20)
>>> %l0-3: 00000300008c1bd8 00000300005bd7a0 0000000000000000 000002a100f85f10
>>> %l4-7: 000002a100f85f40 00000300008d8f20 0000000000000000 0000000000000031
>>> 000002a100f85f50 unix:current_thread+140 (16, 800000, 7fffe7, 7fffe7, 0, 12)
>>> %l0-3: 000000000100994c 000002a100f1d021 000000000000000e 00000000000007f9
>>> %l4-7: 0000000000000000 0000000000000000 0000000000000000 000002a100f1d8d0
>>> 000002a100f1d970 unix:cpu_halt+c0 (0, 17, 30001a68000, 16, 30001a68000, 1)
>>> %l0-3: 00000000018450f8 0000000000000001 0000000000000002 0000000000000000
>>> %l4-7: 0000000000000000 0000000000000000 0000000000000000 000000000103735c
>>> 000002a100f1da20 unix:idle+128 (1814800, 0, 30001a68000, ffffffffffffffff, 17, 1813400)
>>> %l0-3: 0000060001d4f600 000000000000001b 0000000000000000 ffffffffffffffff
>>> %l4-7: 0000000000000000 0000000000000000 0000000000000000 000000000103735c
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> Subject:
>>> [Fwd: RE: Sun Niagara System problem]
>>> From:
>>> Prameet Chhabra
>>> Date:
>>> Tue, 21 Feb 2006 13:35:50 -0800
>>> To:
>>> Steve Katzman
>>>
>>> To:
>>> Steve Katzman
>>>
>>>
>>> Steve,
>>>
>>> looks like it is the newest version that they are using, can you get me help on this one.
>>>
>>> thanks
>>> Prameet
>>>
>>> -------- Original Message --------
>>> Subject: RE: Sun Niagara System problem
>>> Date: Tue, 21 Feb 2006 16:24:00 -0500
>>> From: Eddie Ng
>>> To: Prameet.Chhabra@Sun.COM , pete salerno
>>>
>>> Yes, we did use the latest version which is 01/06.
>>> I found out the requirement o/s version on Sun site.
>>> Yes, we know that there was a preinstalled version of Solaris 10 on one of the disk, we didn't use that disk, because we normally have a special configuration of file systems and tools for our test system.
>>> I had initial success of installing the o/s at first, but after a reboot, the error message started to appear, I also tried to use the preinstalled version, but same problem occurs, I couldn't get far enough for the installation wizard to come up.
>>>
>>> Thank you,
>>>
>>> Edward Ng
>>> Ulticom, Inc.
>>> System Administrator
>>> 1020 Briggs Rd
>>> Mount Laurel, NJ 08054
>>> 856-638-2608
>>> eddie.ng@ulticom.com
>>>
>>> -----Original Message-----
>>> From: Prameet Chhabra [mailto:Prameet.Chhabra@Sun.COM]
>>> Sent: Tuesday, February 21, 2006 4:12 PM
>>> To: Eddie Ng; pete salerno
>>> Subject: Re: Sun Niagara System problem
>>>
>>>
>>> Eddie,
>>>
>>> Did the box come up with any Solaris preloaded it should and why did you need to
>>> install Solaris?....Just out of curiosity what version of Solaris are you
>>> using....? the reason I ask you is because some older version of Solaris 10
>>> (i.e. not the hardware-specific release HW2) doesn't have the sun4v components
>>> and won't work for the T2000. so that could be the reason.
>>>
>>> thanks
>>> Prameet
>>>
>>> Eddie Ng wrote:
>>>
>>>> Sun Niagara System Hostid: 83d936ca
>>>> Good day Prameet, thank you for your information.
>>>> we were trying to install the latest version of Solaris 10 on this system, we had success at first, but when we rebooted the system, the os won't come up, we tried to reinstalled the os but was unsuccessful due to error message from the console. I've unplug the system and then tried again, no success.
>>>> I've attached the error message from the console, please investigate and let us know our course of action.
>>>>
>>>> Thank you,
>>>>
>>>> Edward Ng
>>>> Ulticom, Inc.
>>>> System Administrator
>>>> 1020 Briggs Rd
>>>> Mount Laurel, NJ 08054
>>>> 856-638-2608
>>>> eddie.ng@ulticom.com
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> Configuring devices.
>>>> >>>> SUNW-MSG-ID: SUNOS-8000-0G, TYPE: Error, VER: 1, SEVERITY: Major
>>>> EVENT-TIME: 0x43ebc150.0x1dcd5ca8 (0x333e1920bc)
>>>> PLATFORM: SUNW,Sun-Fire-T200, CSN: -, HOSTNAME:
>>>> SOURCE: SunOS, REV: 5.10 Generic_118822-25
>>>> DESC: Errors have been detected that require a reboot to ensure system
>>>> integrity. See http://www.sun.com/msg/SUNOS-8000-0G for more information.
>>>> AUTO-RESPONSE: Solaris will attempt to save and diagnose the error telemetry
>>>> IMPACT: The system will sync files, save a crash dump if needed, and reboot
>>>> REC-ACTION: Save the error summary below in case telemetry cannot be saved
>>>>
>>>> ereport.io.fire.fabric ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>>> device-path="/pci@7c0" ] msg_code=31 req_id=402 cap_off=44 aer_off=100
>>>> sts_reg=4110 sts_sreg=0 dev_sts_reg=6 aer_ce=0 aer_ue=0 aer_sev=60010 aer_h1=
>>>> 4000001 aer_h2=3 aer_h3=4010000 aer_h4=40100 saer_ue=1080 saer_sev=1340
>>>> saer_h1=1f061030 saer_h2=f0 saer_h3=ff114040 saer_h4=0 severity=9
>>>>
>>>> ereport.io.pci.mdpe ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>>> device-path="/pci@7c0/pci@0" ] pci-status=110 pci-command=547
>>>>
>>>> ereport.io.pci.target-mdpe ena=333e08995805c01 detector=[ version=0 scheme=
>>>> "dev" device-path="/pci@7c0" ]
>>>>
>>>> ereport.io.pci.sec-dpe ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>>> device-path="/pci@7c0/pci@0" ] pci-sec-status=c000 pci-bdg-ctrl=3
>>>>
>>>> ereport.io.pci.sec-rserr ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>>> device-path="/pci@7c0/pci@0" ] pci-sec-status=c000 pci-bdg-ctrl=3
>>>>
>>>> ereport.io.pci.mdpe ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>>> device-path="/pci@7c0/pci@0/pci@1" ] pci-status=110 pci-command=547
>>>>
>>>> ereport.io.pci.target-mdpe ena=333e08995805c01 detector=[ version=0 scheme=
>>>> "dev" device-path="/pci@7c0/pci@0" ]
>>>>
>>>> ereport.io.pci.sec-dpe ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>>> device-path="/pci@7c0/pci@0/pci@1" ] pci-sec-status=c000 pci-bdg-ctrl=3
>>>>
>>>> ereport.io.pci.sec-rserr ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>>> device-path="/pci@7c0/pci@0/pci@1" ] pci-sec-status=c000 pci-bdg-ctrl=3
>>>>
>>>> ereport.io.pci.sec-dpe ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>>> device-path="/pci@7c0/pci@0/pci@1/pci@0,2" ] pci-sec-status=c2a0 pci-bdg-ctrl=
>>>> 23
>>>>
>>>> ereport.io.pci.sec-rserr ena=333e08995805c01 detector=[ version=0 scheme="dev"
>>>> device-path="/pci@7c0/pci@0/pci@1/pci@0,2" ] pci-sec-status=c2a0 pci-bdg-ctrl=
>>>> 23
>>>> ereport.io.fire.fabric ena=333e2133d405c01 detector=[ version=0 scheme="dev"
>>>> device-path="/pci@7c0" ] msg_code=33 req_id=402 cap_off=44 aer_off=100
>>>> sts_reg=10 sts_sreg=0 dev_sts_reg=0 aer_ce=0 aer_ue=0 aer_sev=60010 aer_h1=
>>>> 4000001 aer_h2=3 aer_h3=4010000 aer_h4=40100 saer_ue=1000 saer_sev=1340
>>>> saer_h1=1f061030 saer_h2=f0 saer_h3=ff114040 saer_h4=0 severity=9
>>>>
>>>>
>>>> panic[cpu23]/thread=2a100f1dcc0: Fatal PCIe Fabric Error has occurred
>>>>
>>>>
>>>> 000002a100f85d70 px:px_err_fabric_intr+c0 (300005afe00, 31, 300008c42e0, 402, 300008d8f20, 402000000000000)
>>>> %l0-3: 00000300008c1bd8 00000000ffffffff fffffffffffffffe 0000000000000000
>>>> %l4-7: 000000000183e800 0000000001271800 0000000000000000 00000300008c42f0
>>>> 000002a100f85e50 px:px_msiq_intr+1a4 (300008e9da8, 0, 1269f54, 0, 300005afe00, 300008d8f20)
>>>> %l0-3: 00000300008c1bd8 00000300005bd7a0 0000000000000000 000002a100f85f10
>>>> %l4-7: 000002a100f85f40 00000300008d8f20 0000000000000000 0000000000000031
>>>> 000002a100f85f50 unix:current_thread+140 (16, 800000, 7fffe7, 7fffe7, 0, 12)
>>>> %l0-3: 000000000100994c 000002a100f1d021 000000000000000e 00000000000007f9
>>>> %l4-7: 0000000000000000 0000000000000000 0000000000000000 000002a100f1d8d0
>>>> 000002a100f1d970 unix:cpu_halt+c0 (0, 17, 30001a68000, 16, 30001a68000, 1)
>>>> %l0-3: 00000000018450f8 0000000000000001 0000000000000002 0000000000000000
>>>> %l4-7: 0000000000000000 0000000000000000 0000000000000000 000000000103735c
>>>> 000002a100f1da20 unix:idle+128 (1814800, 0, 30001a68000, ffffffffffffffff, 17, 1813400)
>>>> %l0-3: 0000060001d4f600 000000000000001b 0000000000000000 ffffffffffffffff
>>>> %l4-7: 0000000000000000 0000000000000000 0000000000000000 000000000103735c
>>>
>>>
>>>
>>>
>>
>

Wednesday, February 22, 2006

Solaris Porcess management & Process Virtual Address Space

Solaris process
stack --- local variable
=================================
heap --- dynamic allocated
data section --- global variable
Binary(text section)

Data Grid & Data Access Grid Service

Structured Data in RDBMS, XML and structured assemblied binary.

Data manipulation, processing and analysis --- large scale, distribute data

requires data integration need for accessing, movement and computation

Data generation, postporcessing and analysis

(1) Data Mining
(2) Integrated Data Access
Current data federation is not enough
(3) structure is required for data sharing

Collaboration data, grid service data and profile data

Saturday, February 18, 2006

Reliable Delivery

Direct output

(1) every system call executed by a job is sent home for execution at the shadow
(2) job's responsibility to commit before exit

All the above are the direct ouput

Need indirect output to resolve the issue

(3) grid console does not interactive

console---> agent ----> server

It allows execution continuing even after console and agent disconnected


More flexible coupling is for p-p network

Delivery Tx and Half Tx

File system: fsync


Delivery transaction (ordinary two phase commit)

f1---> f1.t--->f1.p--->f1

(1) Begin delivery transaction f1-->f1.t
(2) write data to f1.t
(3) run fsync, f1.t --> f1.p
(4) commit tx, f1.p --> f1

Half transaction to ensure the series of operations commited once only
There is no abort but carried forward. They are idempotent operation

fsync issued by client and client receive ack for the commit then
the half transaction is completed

remote execution output reliability

Operation fault-free

execution node ---> file system ----> storage
remote execution requires reliable protocols such as two phase commit

Friday, February 17, 2006

Ontario CPC

Niagara performance counter back endd
defines the event0 and event 1 pertaining
to pic0 and pic1

104 static const struct nametable Niagara_names0[] = {
105 {0x0, "SB_full"},
106 {0x1, "FP_instr_cnt"},
107 {0x2, "IC_miss"},
108 {0x3, "DC_miss"},
109 {0x4, "ITLB_miss"},
110 {0x5, "DTLB_miss"},
111 {0x6, "L2_imiss"},
112 {0x7, "L2_dmiss_ld"},
113 {NT_END, ""}
114 };
115
116 static const struct nametable *Niagara_names[2] = {
117 Niagara_names0,
118 Niagara_names1
119 };
120

job/task parallel and layer of grid computing

Job parallel

job is graphy hirerically

(1) early binding
(2) mid binding
(3) late binding

Task parallel is

(1) fault tolerant

(2) TCP connection with send/Ack protocols

(3) Worker autonmously pulls work

Seperate the allocation and assignment

Ontario Fan and Sensor with SC and traitional PICL tree model

Traditional, SPARC ships SUNWpiclr,PICL owns the uts common and ontario
specific PICL classes of tree model. Both plugins and library PICL property
mutation and accessing are controlled by picld(1M). In addition, life cycle is also
managed by picld(1M) via S10 fm. For a general report, prtpicl(1M) does the work.
Following the env model, they are published as a collection of system fans and cpu fans. It is a completed event driven publishing and event registration model to notify the events.

In Ontario, SC console, showenvironment,showfru does print the system env model.
Please note that the level of fan and sensor tree node does separate the system fans,
cpu fans etc. and published with associated fan slots.

Thursday, February 16, 2006

AM Fun

remote-auth.dtd specifies the authentication
protcols between client and server

(1) Should customized app SSOTokenListener
do the AuthContext clean up for AM in case of
SSO timeout and destroy events or AM instance
does the work

(2) if we communicate with /amserver/authservice
and follow the remote-auth.dtd, how to deal with
encided ir encrypted data such as if we
succeeded for the authentication. I mean without
SDK

(3) AM group only for policy now. Does not with services

(4) readm service schema change, for instance load
customized login module, sample does not work

This impacts the loginModule and post authentication registration
to realm, policy etc.

Extended Accounting and DTrace

The current challenge is how to provide the billing
strategy. Each customer will be operating in it's own Solaris
Container, but there is no obvious way to measure the utilisation by
container.

DTRACE is the obvious choice to enable the customer
to create such a billing infrastructure. Simple calculation of the number of CPU-Seconds and read/write IO's by container over a period of time is the desired result.

The uts core exacct usage and recording routines(exacct) and associated
D fbt probes (fbt:genunix::entry) requires getacct(2), putacct(2), and
wracct(2) system calls which is on top of exacctsys to trap into kernel
instead of call back.

Specifically, the fbt provider will do the work
to probe the uts structure such as proc_usage_t,task_usage_t
and flow_usage_t.

Wednesday, February 15, 2006

programmtically login

(1) From AuthContext

new AuthContext("orgname").login("authtype.indextype","auth name");


(2) token vaildation for login request


(3) From service point of view without API

http://:/authservice

But it requires remote-auth.dtd

programmtically logout

AM Authentication service and session mgt does provide
the logout

(1) From SSO session management API


SSOTokenManager.destroy(token)


(2) From Authentication Context State Mgt API

To clean up all authentication state management infor
AuthContext(token).logout()

(3) Service point of view

http://:/amserver/Logout

Tuesday, February 14, 2006

Post Authentication and AM previliged query user ? amadmin or proxy account

Writing a Post Authentication class for a customer with AM 7.0
I need to obtain an admin-level connection to AMStore to
manipulate AMUser object instances. To reuse existing AM SDK
configuration files to get the amadmin dn and password,
instead of providing my own config file.

How to programmatically get the amadmin DN and password ?
DN is easy to retrieve in AMConfig.properties. But what
about password ? Is there a public or private API for doing this ?

Although you can get the user name and password and generate the admin SSOToken,
the recommended way to get the admin SSOToken is as follows:

SSOToken token = (SSOToken) AccessController.doPrivileged(
com.sun.identity.security.AdminTokenAction.getInstance());


However why not to have API for proxy authentication and authorization instead of
querying amadmin identity for identity management ?

Need Answer
Writing a Post Authentication class for a customer with AM 7.0
I need to obtain an admin-level connection to AMStore to
manipulate AMUser object instances. To reuse existing AM SDK
configuration files to get the amadmin dn and password,
instead of providing my own config file.

How to programmatically get the amadmin DN and password ?
DN is easy to retrieve in AMConfig.properties. But what
about password ? Is there a public or private API for doing this ?

Although you can get the user name and password and generate the admin SSOToken,
the recommended way to get the admin SSOToken is as follows:

SSOToken token = (SSOToken) AccessController.doPrivileged(
com.sun.identity.security.AdminTokenAction.getInstance());


However why not to have API for proxy authentication and authorization instead of
querying amadmin identity for identity management ?

Need Answer

Monday, February 13, 2006

ndd(1M) and uts network driver link speed

ndd(1M) does support uts implementation for

hme(7D), bge(7D), dmfg(7D), eri(7D), rge

Besides functions defined to support ndd(1M),
there are variables are defined to use for
configuring link-operation for all the above
interfaces in the system. These parameters
may be changed per interface using ndd (1M)

However, only rge and bge does create kstats(1M)
corresponding functions and structures to
NDD parameters.

Evenmore, all these parameters may also be specified
as properties using the .conf file mechanism f
or each interface.

Therefore, for e1000g(7D) interface


/kernel/drv/e1000g.conf

32–bit driver configuration file.
/kernel/drv/sparcv9/e1000g

SPARC e1000g driver binary.
/kernel/drv/amd64/e1000g

64-bit x86 e1000g driver binary.
/kernel/drv/e1000g

32-bit x86 e1000g driver binary.


For e1000g(7D)

kernel/drv/e1000g.conf

32–bit driver configuration file.
/kernel/drv/sparcv9/e1000g

SPARC e1000g driver binary.
/kernel/drv/amd64/e1000g

64-bit x86 e1000g driver binary.
/kernel/drv/e1000g

32-bit x86 e1000g driver binary.

Grid Resource Discovery

Query the distributed state of the Grid and identify the resource characteristics and state matching the selection

Determine the distribute resource state

Seperate the resource discovery and resource allocation

Grid Resource Management

Resource Mgt is mutual agreement between a resource provider and a resource consumer
by provider agrees to supply caps for a specific task on half of consumer

What, How , When,

via a specialized QoS interface

(1) Task Submission: What task to do

Commit to to perform but
not Commit when, how and what other works

(2) Workload Mgt: How task to be done

Commit to a agreement of QoS by Provisioning
(3) On Demand Accessing: Advanced Reservation

(4) Coscheduling: make resource available by co-ordinatingm on-demand requirement


(5) Resource Brokering:

Friday, February 10, 2006

AM7 role management

(1) Static Role Creation






PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
"jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>










(2) create filtered role







PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
"jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>








(|(objectclass=inetOrgPerson)(uid=*))





(2) Realm Role Service Registration







PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI
DTD//EN"
"jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>





iceName="iPlanetAMSessionService" >


125



35




3



5






(3) add user to role






PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
"jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>







uid=ituser1,ou=people,dc=jesswitch,dc=com





(1) user service registration to role






PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
"jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>









en_US



PST




en



Active







(2) admin service to realm role







PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
"jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>









false



5




100



25






(2) assign auth config service to realm






PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
"jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>





"iPlanetAMAuthConfiguration" >



ldapService






(3) assign disco service to realm role






PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
"jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>





"sunIdentityServerDiscoveryService" >






(8) service registration, there will no diff from
static role and filtered role.







PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
"jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>








125



35




3



5



amadmin realm role service registration

(1) Case Sensitiveness may need to be enforced
by underline IdRepo instead of AM layer

Not iplanetAMSessionService but iPlanetAMSessionService

(2) There may be one bug in the code for sub realm role service
registration. If the service is not registered under
the sub-realm, the service registration to the role
under the sub realm will show no error from amadmin
console and amadmin.error log.
(3) There may be another bug is that the amadmin writes
to the IdRepo and creates the role based CoS template
for the service registration.


But the corrected thing is that the service should be
registered under realm before the service is registered
under the role. The good thing is that both amadmin.error
and amadmin console output can be used to troubleshooting




>



>>
>>
>>
>>
>>
>>
>> >> PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI
>> DTD//EN"
>> "jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>> >
>>
>>
>>
>>
>>
>> >> iceName="iPlanetAMSessionService" >
>>
>>
>> 125
>>

>>
>>
>> 35
>>

>>
>>
>>
>> 3
>>

>>
>>
>> 5
>>

>>

>>

>>

>>
>> (2) amadmin error output
>> # /opt/SUNWam/bin/amadmin --runasdn amadmin --verbose --password ll51>
>> Info 107: Calling XML PARSER
>> Info 108: XML file to parse:jesswitchAssignSessionServiceToRealmRole.xml
>> Info 101: Processing jesswitchAssignSessionServiceToRealmRole.xml
>> Info 111: Requests generated by amadmin
>> Request Description: Assign Service to Identity in Realm /itrealm
>> iplanet-am-session-max-idle-time =
>> 35
>> iplanet-am-session-max-session-time =
>> 125
>> iplanet-am-session-quota-limit =
>> 5
>> iplanet-am-session-max-caching-time =
>> 3
>>
>> Identity Request:
>> Assign Service iplanetAMSessionService to itrole of IdType: role in
>> Realm /itrealm
>> iplanet-am-session-max-idle-time = [35]
>> iplanet-am-session-max-session-time = [125]
>> iplanet-am-session-quota-limit = [5]
>> iplanet-am-session-max-caching-time = [3]
>> Error 10: Cannot process requests:
>> Service iplanetAMSessionService not registered.
>>
>>
>> (3) amadmin.error log
>>
>> mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm"2006-02-09
>> 21:22:06" "IdentityRequests|Service iplanetAMSessionService not
>> registered." amAdmin.error AMADMIN-2
>> dc=jesswitch,dc=com "Not Available" INFO
>> "cn=dsameuser,ou=DSAME Users,dc=jesswitch,dc=com"
>> 10.6.137.48 "cn=dsameuser,ou=DSAME
>> Users,dc=jesswitch,dc=com" v1280-137-08 "2006-02-09
>> 21:22:06" "Error 10: Cannot process requests:
>> com.iplanet.am.admin.cli.AdminException: Service
>> iplanetAMSessionService not registered." amAdmin.error "Not
>> Available" dc=jesswitch,dc=com "Not Available" INFO
>> "cn=dsameuser,ou=DSAME Users,dc=jesswitch,dc=com"
>> 10.6.137.48 "cn=dsameuser,ou=DSAME
>> Users,dc=jesswitch,dc=com" 10.6.137.48
>>


--


Lei Liu (Larry)
Member of Technical Staff
Horizontal Technology
Software MAX
Mailstop: UNWK 12-209
Address: 7777 Gateway Boulevard, Bldg 12 Newark, CA 94560
Phone: (510) 574-7187 (x37187)
Email: lei.liu@sun.com, ttoulliu2002@gmail.com
Fax: (510) 574-6074
Blog:http://ttoulliu2002.blogspot.com
Skype: ttoulliu2002

Dennis:

Thanks for the reply. Hope you do not mind if
I have questions below for you.

(1) Case Sensitiveness may need to be enforced
by underline IdRepo instead of AM layer
(2) There may be one bug in the code for sub realm role service
registration. If the service is not registered under
the sub-realm, the service registration to the role
under the sub realm will show no error from amadmin
console and amadmin.error log.
(3) There may be another bug is that the amadmin writes
to the IdRepo and creates the role based CoS template
for the service registration.

Thanks

Lei



Dennis Seah wrote:

> in your XML, can you replace iplanetAMSessionService
> with iPlanetAMSessionService
>
> and try again?
>
> THANK YOU !
>
>
> Lei Liu wrote:
>
>> Hi:
>>
>> I have amadmin data file below for service registration.
>> I have the session service registered under sub realm.
>> But it can not be registered for the sub realm role.
>>
>>
>> (1) It does not work. amAdmin error is attached too.
>>
>>
>>
>>
>>
>>
>> >> PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI
>> DTD//EN"
>> "jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>> >
>>
>>
>>
>>
>>
>> >> iceName="iplanetAMSessionService" >
>>
>>
>> 125
>>

>>
>>
>> 35
>>

>>
>>
>>
>> 3
>>

>>
>>
>> 5
>>

>>

>>

>>

>>
>> (2) amadmin error output
>> # /opt/SUNWam/bin/amadmin --runasdn amadmin --verbose --password ll51>
>> Info 107: Calling XML PARSER
>> Info 108: XML file to parse:jesswitchAssignSessionServiceToRealmRole.xml
>> Info 101: Processing jesswitchAssignSessionServiceToRealmRole.xml
>> Info 111: Requests generated by amadmin
>> Request Description: Assign Service to Identity in Realm /itrealm
>> iplanet-am-session-max-idle-time =
>> 35
>> iplanet-am-session-max-session-time =
>> 125
>> iplanet-am-session-quota-limit =
>> 5
>> iplanet-am-session-max-caching-time =
>> 3
>>
>> Identity Request:
>> Assign Service iplanetAMSessionService to itrole of IdType: role in Realm /itrealm
>> iplanet-am-session-max-idle-time = [35]
>> iplanet-am-session-max-session-time = [125]
>> iplanet-am-session-quota-limit = [5]
>> iplanet-am-session-max-caching-time = [3]
>> Error 10: Cannot process requests:
>> Service iplanetAMSessionService not registered.
>>
>>
>> (3) amadmin.error log
>>
>> mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm"2006-02-09 21:22:06" "IdentityRequests|Service iplanetAMSessionService not registered." amAdmin.error AMADMIN-2 dc=jesswitch,dc=com "Not Available" INFO "cn=dsameuser,ou=DSAME Users,dc=jesswitch,dc=com" 10.6.137.48 "cn=dsameuser,ou=DSAME Users,dc=jesswitch,dc=com" v1280-137-08 "2006-02-09 21:22:06" "Error 10: Cannot process requests: com.iplanet.am.admin.cli.AdminException: Service iplanetAMSessionService not registered." amAdmin.error "Not Available" dc=jesswitch,dc=com "Not Available" INFO "cn=dsameuser,ou=DSAME Users,dc=jesswitch,dc=com" 10.6.137.48 "cn=dsameuser,ou=DSAME Users,dc=jesswitch,dc=com" 10.6.137.48
>>

Thursday, February 09, 2006

prsadm on Niagara platforms

For processor resource management, better practice would be
applying SRM model to create processor pool in order to better
control the resource. S10 kernel abstracts the platform specifics
which it should be transparent to user land and system mangement.





> > our psradm -n/-f commands are woefully inadequate ... someone needs to
> > expand them to include simple things like ranges "psradm -f 1..15",
> > "psradm -f 1..3 5..7 9..11 13..15" ... this would make up for a lot
> > of the nuisance of these tools with large numbers of virtual
> > processors
>
> psradm has ranges. Try "psradm -f 1-31" on a Niagara.

Java EE and .Net

There several important messages draw for the survey data

(1) It seems the top 2 driven factors which has dramatic impact of the success
of both Java and Enterprise Java:

Th success of the conventional RDBMS
The success of Traditional Internet Computing Model

(2) A big attention to Java EE connector and JMS which indicates
catch less than 40% usage. Event worse for WS-technology.
In addition, Java Messaging Model was not compelling againist
.Net


It indicates Enterprise Java is still considered as traditional
multi-tiered application development technology. There is still
a chance to loose the leadership from integration point of view which
could result in further slip in the multi-tiered application domain itself.
Microsoft owns large market share in integration domains. This
also count in IBM's mainframe integration strategy.


(3) How to maintain the endorsement on Java EE from RDBMS vendors ?
How to keep the hype on the Internet Computing Model and Deliver
highly performed platforms to the Internet world ?
How to get market share from WS and Integration domain ?

is where could be the turning point for Java and Enterprise Java Technology.

Wednesday, February 08, 2006

Autonomous Policy Neogotiations

With the autonomy of the policy negotiation, it requires one participant
to understand access control requirements restricted by counter party.
Therefore, there is an interactive process of policy disclosure underneath.
However, the mutual trust limits by the sensitive of the policy to
authorized disclosure which includes public and private ones as asset of
the parties needs to be protected as common resource. The policy expression
would require more flexibilities for the policy automation management. This
includes the authorization and obligation policies. There are also high level
abstract human readable policies and low level detailed machine readable policies.


In addition, service consumer and provider do not have existing relationship on
the policy constraints as the protected resources are initially accessed.
It means it requires a discovery scheme for policy negotiation to be
initiated.


Moreover, traditional CA signed certificate based disclosure requires third party
authorities for establish the trust. In order to eliminate the external
dependencies, the designated policy agreement is to built on a robust bilateral
negotiation protocol with finer grained control over the separated sequence
of actions to incrementally solving the coalition which results in partial
acceptance and counter offers. It should cover both explicit and constructive
negotiation use cases.


Furthermore, traditional access control does requires
user registration with predefined access control policies to local PDP
and identity is authorized by SP which may protected by different PDPs.
Therefore, traditional centralized identity management approaches give less or zero
negotiation for service consumer privacy polices. Even it address the
common needs of enterprise computing but it is less sufficient to
policy simplification and co-ordinating across multiple PDPs. More important,
for those entities without existing relationship, access control does not
applied to identity. In general, we need to define the protocol for
conjunct policy agreements not only for service providers but also consumers.


In spite of the above considerations, a wide range of mobile devices
gradually become popular consumer service accessing apparatus. However,
with the relative limited processing power and memory space on the mobile
client devices, the zero-less overheated elite policy management entities
are demanded to represent the each party for handshaking. Due to the nature
of wireless transport and readability of the data transferring, the accuracy of the
data communications is one of the concerns. Hence, the efficient, reliable
and secured protocol is demanded for the broad based mobile communication
service provider and consumer trust authorization and access control with
policy negotiation.


On the another hand, different hardware, software and device vendors provide
different hardware platform architecture, operating environments from OS kernel,
programming platforms to device drivers. This requires a cross platform policy
negotiation framework employed with industrial standards. However, it means
heavy loaded enterprise policy languages and standards should be translated
to cater to the wide range of usage.

In the large distributed computing environment, administrative policies
are created and persistented in different policy repositories.
Policy conflicts arised from the conflicted requirements or errors.
And constraint satisfaction are the normal scenoior during the real work policy
negotiation.It is up to a proper protocol of disagreement solving to refine
the agreement in order to derive the conclusion to grant or deny the requests.

Even more, with the shift of the computing paradigm from traditional
hosting computation to usage based utility computing such as grid computing,
the policy negotiation does not depends on service consumer and provider but also
the dynamic usage of the resources. In addition the content applied to policies
could be generated at run time. It requires the policy management should be
dynamic replaceable and enabled. In addition, in the open distributed systems,
there is no security domain to applied without existing relationship. This
includes the release of both known resources and dynamic generated resources.



In general, an automous policy negotiation utility in purpose of an adaptive
policy automation management framework is proposed for a serial inventions
and publications with a blueprint of specific interoperability with efficient,
portable and reliable protocol for policy discovery, policy and credential delivery,
lightweight policy presentation footprint,policy automated component and entities,
policy protection, conflict detection and resolution (both specification time
and run time),constraint meta policy,policy prioritization, policy decomposition,
failure handling, industry standard integration,dynamic policy computation,dynamic
content classification, policy mapping, policy verification and policy analyzer.

cpu time for page fault, the modified page numbers

MMU page fault exception does address major, minor and protection
faults as it requires interrupted in order for a process to
trap in kernel. DTrace built-in probe offers a high level overview
on the latency and count metrics such as maj_fault probe, as_fault probe.
If you want to aggregate the all latency caused by page in not only because of
page fault, try pagin probe.

However, if you want have grained level instrumentation, Please consider
instrument unix module function calls such as pagefault entry, as_fault_* entry,
anon_map_privatepages,anon_private etc. and also segement driver fault in case.
Dtrace fbt provider does address the need.

Monday, February 06, 2006

Performance Counter and Core

Since SPARC III, HW counter, High resoluation timer and virtual clock address the most
efficient to deliver the most accurate performance data. However, it will be a major limitation
to access performance within NG-Zone with the introduction of the S10 container technology.
Therefore, the traditional counter approach may be challenged by the latest virtualization and
partition service requirements.

However, system monitoring is driven by serveral major factors:
status check, performance tunning, debugging and troubleshooting

Majority system management is not required by debugging and tunning level performance resolutions.

In addition, all HW counter requires kernel based accessing. libcpc(3LIB) is one of the performance coutner library for uts cpu_t structure. The same issues as libkstat(3LIB), cpustat(1M) , cputrack(1M) CLI call routines and realetd user land structure associated with chip_id, cpuid, status which lacks of core support. Moreover, the same libkstat(3LIB) kstat_data_lookup for kstat_t and kstat_named_t are required to be handled.

I could not see the major gain for libcpc(3LIB) either in terms of the limitation of performance counter,core support, and dependency on libkstat(3LIB).

Just for sharing, libkstat(3LIB) requires execute Kernel
static library call routines as /on/usr/src/cmd to
open /dev/kstat and kstat_lookup to uses existing
common user land kstat_t strcutre Afterwards,
kstat_data_lookup should be invoked to downcast
to kstat_named_t in order to retrieve the exported
templated cpu_info structure for "core_id" and
KSTAT_DATA_LONE value.

It just reinvent the same call routines as any (1M) CLI at user
lande. I did not see any value of doing so. In addition, HP and
BMC will have their own user lander structure and object model
to abstract and management objects.

The major work for HP OV and BMC patrol should focus on is to
design the object class to redegin the object model for MIB II
in order to fit the architecture needs.

Sunday, February 05, 2006

realm and services

AM does have CoS role based template services are global services which across
different realms such as user, session and discovery services

However, amadmin console service, policy configuration, globalization and password reset service are realm specific services

Saturday, February 04, 2006

System Boot

(1) bootstrap code is stored in firmware ROM and EPROM.
(2) bootstrap runs post test and run a bit code to read
a single block at a fix location (block 0, boot sector)
from disk into memory and begin it's execute the code
from boot block.
this code is very simple only lnow the addresas on disk
and length of reminder of the bootstrap program
(4) full bootstrap, it will traverse the file system to find
the OS kernel, load it into memory and start it's execution

Friday, February 03, 2006

Virtualization

It is to mitigate workload management problems by reintroducing a single co-hesive system view onto the distributed IT infrastructure

(1) it is more than just LB
(2) Trends of applications and infrastructure
a. Serial apps: openMP, MainFrames, DAS
b. Client server: Java EE, open system, DAS
c. P2P, reliable messaging, Cluster, DAS
d. service virtualization service registration, discovery, Grid
(3) In SV, applications are encapsulated as services, distributed framwork to disseminate the work across service instances. It allows developers to assemble
building blocks from different application domains
SV decouples apps from HW
(4) In IV, is to infrastrcure to deliver JIT compute and storage capacity
automation, finer control at end-user service level-- utility

Wednesday, February 01, 2006

amadmin.template vs amadmin on AM7

On a fresh deployed AM instance
I could not find amadmin shell
but only found amadmin.template
What can cause the issue ? wrong
deployment ?