I recently had cause to pass on an article that I wrote for the now defunct Australian Sun Customer magazine (On#Sun) on the subject of doors. It occurred to me that I really should put this on the blog. Hopefully this will give some insight as to why I think doors are really cool.

Where does this door go?

If you have had a glance through /etc you may have come across some files with door in their name. You may also have noticed calls to door functions if you have run truss over commands that interact with the name resolver routines or password entry lookup.

The Basic Idea (an example)

Imagine that you have an application that does two things. First, it provides lookup function into a potentially slow database (e.g. the DNS). Second, it caches the results to minimise having to make the slower calls.

There are already a number of ways that we could call the cached lookup function from a client (e.g. RPCs & sockets), but these require that we give up the cpu and wait for a response from another process. Even for a potentially fast operation, it could be some time
before the client is next scheduled. Wouldn’t it be nice if we could complete the operation within our time slice? Well, this is what the door interface accomplishes.

The Server

When you initialise a door server, a number of threads are made available to run a particular function within the server. I’ll call this function the door function. These threads are created as if they had made a call to door_return() from within the door function. The server will associate a file and an open file descriptor with this function.

The Client

When the client initialises, it opens the door file and specifies the file descriptor when it calls door_call(), along with some buffers for arguments and return values. The kernel uses this file descriptor to work out how to call the door function in the server.

At this point the kernel gets a little clever. Execution is transferred directly to an idle door thread in the server process, which runs as if the door function had been called with the arguments that the client specified. As it runs in the server context, it has access to all of the
global variables and other functions available to that process. When the door function is complete, instead of using return(), it calls door_return(). Execution is transferred back to the client with the result returned in a buffer we passed door_call(). The server thread is left sleeping in door_return().

If we did not have to give up the CPU in the door function, then we have just gained a major speed increase. If we did have to give it up, then we didn’t really lose anything, as the overhead is only small.

This is how services such as the name service cache daemon (nscd) work. Library functions such as gethostbyname(), getpwent() and indeed any call whose behaviour is defined in /etc/nsswitch.conf are implemented with door calls to nscd. Syslog also uses this interface so that processes are not slowed down substantially because of syslog calls. The door function simply places the request in a queue (a fast operation) for another syslog thread to look after and then calls door_return()
(that’s actually not how syslog uses it).

For further information see the section 9 man pages on door_create, door_info, door_return and door_call.

I upgraded my internal Solaris 11 build last night and this morning noticed that I was getting error popups from thunderbird like:

SSL received a record that exceeded the maximum permissible length.

Searching the web didn’t help me a lot except for this one which suggested that I try telneting to port 993 on the server to see what it looked like.

When I did this and saw a complaint about imapd not being able to open libssl.so.0.9.8 that I twigged that this must have been the build that we went to openssl 1.0 on.

This meant that I needed to rebuild imapd. Well I already have done most of the work here here.

The sad thing was it looks like something else changed and some structure elements have names different to what imapd was expecting in a (DIR *).

Adding -D__USE_LEGACY_PROTOTYPES__ to the EXTRACFLAGS macro in the top level Makefile allowed the build to complete. After putting the new binary into place, thunderbird is happy talking to this server again.

Update #1

I also needed to rebuild proxytunnel. I think that’s all that I had that linked against libssl.0.9.8.

After an experience I had yesterday, I need to say a little more than I did at Nevada to OpenSolaris Sun Ray on SPARC (part 5 – Sun Ray Server 4.2).

It seems that I missed something.

Part of the configuration that is done at install time sets up a small LDAP server, but instead of pointing at localhost, it points at the machine name. In general this is not a problem. Unfortunately as I moved the disk image from one machine to another, changing the host information, I didn’t realise that it was still talking to the server on my lab machine that I had used to build the image.

This was not a problem until the other night when someone else booked that machine and installed something else on it. All of a sudden I could no longer get access to my Sun Ray sessions.

I spent a while trying to address the problem, but didn’t get very far (probably because I don’t have a lot of skills in the Sun Ray area).

I had noticed some blog postings about a new release of Sun Ray software out (5.2) that includes the 4.3 Sun Ray Server software in it that I had been hearing some good things about with regards to Solaris 11.

I figured it was time to bite the bullet.

The first thing to do was to clone myself another boot environment so that if it did go really badly wrong I could go back and attempt to recover from the current broken point.

# beadm create Solaris11-sr5.2
# beadm activate Solaris11-sr5.2

Have to love ZFS root for instant clones.

I then rebooted into that new boot environment and removed the 4.2 software (I found the instructions for this are in the installation guide for 4.2).

# cd /opt/SUNWut/sbin
# ./utconfig -u
# cd /
# /opt/SUNWut/sbin/utinstall -u

Well that was pretty painless.

I had previously downloaded and unzipped the software so all I needed to do now was to run

# ./utsetup

and pretty much accept the defaults. This was an incredibly painless install in comparison to installing the previous version (well done folks), although in hindsight I should have stuck to the defaults a little more closely than I did as I found that I couldn’t get the DTU to connect, indeed it would either hang actually reboot the DTU.

Looking in /var/opt/SUNWut/log/messages, I saw the following

May 26 22:29:23 vesvi utauthd: [ID 355619 user.info] WatchIO UNEXPECTED: Connection from 10.191.128.12 is not allowed
May 26 22:29:23 vesvi utauthd: [ID 572381 user.info] WatchIO UNEXPECTED: 10.191.128.12 protocolError: networkNotAllowed
May 26 22:29:23 vesvi utauthd: [ID 303596 user.info] WatchIO UNEXPECTED: WatchIO.doRemove(null)

and it suddenly twigged that I’d answered the allow LAN connections question wrong.

Unfortunately I found that I can’t use utadm to fix this as I don’t have the DHCP packages installed on this machine (I have to see if there is a bug logged on that), but if you look at my previous writeup I had to address exactly this before. You have to make allowLANConnections true in /etc/opt/SUNWut/auth.props

# Allow LAN Connections
#       This parameter enforces the policy that only terminals on the
#       private Sunray interconnect can attach to the server. Connection
#       attempts from other network interfaces, including the local loopback
#       interface, will be rejected.
#
allowLANConnections = true

Doing a cold restart of the software allowed me to start using my Sun Ray at home again

# /opt/SUNWut/sbin/utrestart -c

It finally got to me. I’ve got a nice USB audio adapter that I use at home on my Tecra M11, but I was only ever able to get firefox to use the builtin audio on Solaris 11. I could make it work under Virtual Box by importing it, but I have a nice sound setup in my office and I really wanted to use the Roland/Cakewalk UA-1G natively.

Searching the web found me lots of people asking the question and nothing in the way of answers.

I’d already tried

# cd /dev
# rm audio audioctl
# ln -s sound/1 audio
# ln -s sound/1ctl audioctl

but flash was still playing through the internal speakers.

The answer came when I ran pfiles on the firefox-bin process, I noticed that it had the dsp device for the internal audio controller open.

What I had forgotten was

# rm dsp
# ln -s dsp1 dsp

I went and started a youtube video and had to immediately halt it as the volume through the other device had been set WAY too high, but yea that’s all it took.

The creation of a script called audio that takes an argument of the device is then trivial, and left as an exercise for the reader (yes I’ve already written one).

It’s been a long path to get here, including a little experimenting with having an Ultra45 as the final destination box (the fact that it only had 1gb memory in it turned out to be a show stopper for any kind of desktop work).

And yes I know it’s not called OpenSolaris anymore, but I really wanted to stick with the title to keep these articles together.

Last Wednesday I bit the bullet and migrated back to my original hardware which was slightly better specced than what I had been using in the lab.

I did learn some things in this final step which hopefully if anyone ever has to do something like this again will be beneficial.

Cloning the boot disk

While I could have moved the 72gb disk I had in the lab machine directly into the target box, I was reluctant to do so as I did not have another 72gb disk to use as a mirror and I was under the (mistaken – see later) impression that the target had a pair of 36 gb disks in it.

As we had trouble sourcing a pair of 72gb disks, I sourced a pair of 142gb ones and put one of them into the second disk slot in the lab box.

Lesson #1

You cannot hot swap disks in a Sun Blade 2000. There is a microswitch that powers down the machine when you take the side off. I discovered this by watching the fans spin down on side removal. Sigh.

After powering up and booting again we need to add this disk as a mirror. It’s not important that it is larger than the disk I am mirroring, ZFS will only use what it needs on this larger disk to mirror the smaller. I also didn’t want to partition it to match sizes as once I was done I wanted to grow the zpool to the entire available size.

Well actually I did adjust the partition tables, but only to give me the full disk on slice 0 (yes I could have used slice 2, but neatness counts).

OK we add c6t2d0s0 as a mirror to rpool

# zpool attach rpool c6t1d0s0 c6t2d0s0

and then we wait for it to resilver.

I also updated hosts so that it also had the address of the machine that I was going to move the disk to.

I was not sure about whether or not I could boot a detached zpool mirror or if I had to simply pull the disk and move it to the new machine.

Lesson #2

Don’t detach the mirror before removing it from teh source system to the target. You will get a Failed to boot with a message like “Failed to boot detached mirror”.

Move the disk back to the source machine and re-attach:

zpool attach rpool c6t2d0s0 c6t2d0s0

and wait another few hours for resilvering.

This time on putting this disk into slot 1, the machine booted.

Brought it up single user and modified /etc/hostname.eri0 and /etc/nodename. Rebooted to be sure everything took. Why was it still coming up with the source machine name, and why can it not contact the local NIS server?

Lesson #3

Current builds of Solaris 11 development have moved the nodename to be a property in SMF.

Looking at /lib/svc/method/identity-node we see both how to set this AND why /etc/nodename was not helpful.

/etc/nodename is only used if there is no SMF property for config/nodename in svc:/system/identity:node. When it is used here the startup method removes the file after using it. If the property exists, it will never look at that file again. To change this property you need to use svccfg.

# svccfg -s svc:/system/identity:node setpropconfig/nodename = astring: vesvi

Where vesvi was the name of my target machine.

The method also does a:

svcadm refresh svc:/system/identity:node

Which I did and then rebooted again for good measure to make sure the interfaces came up correctly.

Hmmmm, it still isn’t seeing the NIS servers. DOH! In our lab we have our routers advertise themselves. On the normal network, router addresses are handed out with DHCP. As I have a static address, …

Booted back to single user and added the router address to /etc/defaultrouter and things looked much better. Indeed it looks like Sun Ray had come up. I was worried that I would need to dig into the guts of that configuration as well, but it appears not (though at a later time I will go through my notes to verify this).

I mentioned earlier that I thought that the target machine only had a pair of 36gb disks in it. When I took them out I noticed that they were actually 72gb disks. *CLICK* when I originally migrated to this machine from my old Ultra 80 when it died, I had 36gb disks, I must have done the mirror trick there too. What I had forgotten to do was to grow the zpool.

# zpool set autoexpand=on rpool

and we now have a 142gb non-mirrored rpool.

The last major step was to put the other 142gb disk in the machine and set up the mirror. Before I did so I checked the current configuration:

  pool: rpool
 state: ONLINE
config:

	NAME          STATE     READ WRITE CKSUM
	rpool         ONLINE       0     0     0
	  c6t2d0s0    ONLINE       0     0     0

errors: No known data errors

Hang on, I said that I had put the disk into slot 1. Oh yes, c6t2d0s0 is the label on the disk. It just happened to not reflect the actually installed location. This could have made putting the other disk into c6t2d0s0 interesting.

On powering the machine down, I moved that disk into slot 2 and put the new disk into slot 1. It’s nice how ZFS really doesn’t care where you put the disks.

This time I booted from disk2 at OBP and it came up properly. Instead of working standing up at a vdu attached to the serial port of this machine, I went back to my desk and logged into a Sun Ray session on it.

Adding the other side of the mirror:

# zpool attach rpool c6t2d0s0 c6t1d0s0

and wait for the resilvering (which only took 44 minutes this time).

  pool: rpool
 state: ONLINE
 scan: resilvered 34.6G in 0h44m with 0 errors on Wed Mar  9 21:46:45 2011
config:

	NAME          STATE     READ WRITE CKSUM
	rpool         ONLINE       0     0     0
	  mirror-0    ONLINE       0     0     0
	    c6t1d0s0  ONLINE       0     0     0
	    c6t2d0s0  ONLINE       0     0     0

errors: No known data errors

I’m now running on the original hardware with something much lighter than the old nevada build I had on it and it looks like I have all the services that I need.

I will say that after putting up with swapping whenever I wanted to do something on the Ultra45, the SB2000 with 4gb feels so much better.