OpenSolaris: Difference between revisions

From CSCWiki
Jump to navigation Jump to search
m (added to Software category)
 
(262 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Networking ==
First, Solaris is drugs. Avoid it at all cost.


Create /etc/defaultroute with contents:
== pkg-get ==
129.97.134.1


Modify /etc/netmasks and add to the end:
129.97.134.1 255.255.255.0

Create /etc/hostname.e1000g0 (where e1000g0 is the interface name):
ginseng

Modify /etc/hosts so that it contains at least the following:
127.0.0.1 localhost loghost
129.97.134.89 ginseng.csclub.uwaterloo.ca ginseng

Run the following:
svcadm enable physical:default
/lib/svc/methods/net-physical:default

== OpenSolaris Packages ==

You should install the following build-related packages:
pkg install SUNWarc SUNWsfwhea SUNWhea SUNWtoo

If you want gcc and Sun Studio:
pkg install gcc-dev sunstudio

== Blastwave/CSW Packages ==

Install pkg-get:
pkgadd -d http://www.blastwave.org/pkg_get.pkg
pkgadd -d http://www.blastwave.org/pkg_get.pkg
* In /opt/csw/etc/pkg-get.conf, set the primary url to http://mirror.csclub.uwaterloo.ca/blastwave/unstable.


Install various packages:
pkg-get -i gnupg
/opt/csw/bin/pkg-get -i gnupg screen bash_completion bison gawk gsed puppet top iftop wireshark
pkg-get -i vim


We want certain config files to be in /etc, rather than /opt/csw:
== LDAP ==
rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf
rm -f /etc/krb5/krb5.conf && ln -s /etc/krb5.conf /etc/krb5/krb5.conf
rm -f /etc/krb5/krb5.keytab && ln -s /etc/krb5.keytab /etc/krb5/krb5.keytab


== Environment variables ==

In /etc/default/login, change PATH and SUPATH:

PATH=/usr/local/bin:/usr/gnu/bin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/bin:/bin:/usr/sfw/bin
SUPATH=/usr/local/sbin:/usr/local/bin:/usr/gnu/bin:/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin

Near the top of /etc/profile, add:

export PAGER=less

== nss_ldap ==

The native nss_ldap library doesn't support rfc2307bis, so we need to build padl's nss_ldap from source:
LDFLAGS=-L/opt/csw/lib CFLAGS=-I/opt/csw/include ./configure --with-ldap-conf-file=/etc/libnss-ldap.conf --prefix=/usr/local
LDADD=-L/opt/csw/lib\ -R/opt/csw/lib make; make install
ln -s /usr/local/lib/nss_ldap.so.1 /lib/nss_ldap.so.1

Modify /etc/nsswitch.ldap to your liking. You should also copy /etc/libnss-ldap.conf from caffeine. Despite the fact that we link against csw's openldap libraries, we need to configure the native ldap library.
ldapclient manual -a credentialLevel=anonymous \
ldapclient manual -a credentialLevel=anonymous \
-a authenticationMethod=none \
-a authenticationMethod=none \
-a domainName=csclub.uwaterloo.ca \
-a defaultSearchBase=dc=csclub,dc=uwaterloo,dc=ca \
-a defaultSearchBase=dc=csclub,dc=uwaterloo,dc=ca \
-a defaultSearchScope=sub \
-a defaultSearchScope=sub \
-a domainName=csclub.uwaterloo.ca \
-a preferredServerList=ldap1.csclub.uwaterloo.ca,ldap2.csclub.uwaterloo.ca \
-a defaultServerList=ldap1.csclub.uwaterloo.ca,ldap2.csclub.uwaterloo.ca
-a defaultServerList=ldap1.csclub.uwaterloo.ca,ldap2.csclub.uwaterloo.ca

In /etc/group, add the following to the bottom:
users::100:

== PAM ==

In /etc/pam.conf, after
other auth required pam_unix_cred.so.1
add
other auth sufficient pam_krb5.so.1

You should also do this for 'login'.

You need to create /etc/krb5/krb5.keytab containing host/fqdn@CSCLUB.UWATERLOO.CA where fqdn is the fully qualified domain name of the host.

== sudo ==

The sudo in blastwave/csw does not inclue the '--secure-path' configure option or ldap support, so you should build sudo from source:
./configure --prefix=/usr/local --with-all-insults --with-exempt=sudo --with-pam --with-fqdn --with-logging=syslog --with-logfac=auth \
--with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/gnu/bin:/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin \
--with-env-editor --with-timeout=15 --with-password-timeout=0 --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail \
--with-ldap --with-ldap-conf-file=/etc/ldap/ldap.conf
* In config.h, change '#define HAVE_DGETTEXT 1' to '#undef HAVE_DGETTEXT'
make; make install

== ZFS ==

When you add new disks you need to have Solaris rescan for disks. You can do this by adding '-r' as a kernel option (via grub).

To view a list of disks:
format

To create a mirrored "zpool" (basically lvm/mdadm/fs all rolled into one):
zpool create users mirror c2t0d0 c2t1d0
This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0.

To enable Kerberos security, modify /etc/nfssec.conf and uncomment the krb5 lines.

Also see [[User-data#ZFS]].

== SNMP ==

The snmp daemon in Solaris doesn't support 64-bit counters, so you should compile net-snmp:
./configure --prefix=/usr/local --enable-mfd-rewrites '--with-mib-modules=host ucd-snmp/diskio' \
--disable-embedded-perl --with-sys-contact="syscom@csclub.uwaterloo.ca" --with-sys-location="MC 3015" \
--with-default-snmp-version=3 --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp"
* In include/net-snmp/system/solaris.h add '#define NEW_MIB_COMPLIANT 1' to the bottom.
make; make install

Create /tmp/net-snmp.xml:
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type='manifest' name='net-snmp'>
<service name='system/net-snmp' type='service' version='1'>
<create_default_instance enabled='false' />
<single_instance/>
<dependency name='milestone' grouping='require_all' restart_on='none' type='service'>
<service_fmri value='svc:/milestone/sysconfig' />
</dependency>
<dependency name='filesystem' grouping='require_all' restart_on='none' type='service'>
<service_fmri value='svc:/system/filesystem/local' />
</dependency>
<!--
net-snmp needs nameservice resolution to connect to hosts.
-->
<dependency name='name-services' grouping='require_all' restart_on='none' type='service'>
<service_fmri value='svc:/milestone/name-services' />
</dependency>
<dependent name='net-snmp_single-user' grouping='optional_all' restart_on='none'>
<service_fmri value='svc:/milestone/multi-user' />
</dependent>
<exec_method type='method' name='start' exec='/lib/svc/method/svc-net-snmp' timeout_seconds='60' />
<exec_method type='method' name='stop' exec=':kill' timeout_seconds='60' />
<exec_method type='method' name='refresh' exec=':kill -HUP' timeout_seconds='60' />
<property_group name='general' type='framework'>
<!--
to start stop syslog daemon
-->
<propval name='action_authorization' type='astring' value='solaris.smf.manage.net-snmp' />
</property_group>
<stability value='Unstable' />
<template>
<common_name>
<loctext xml:lang='C'>net-snmp</loctext>
</common_name>
<documentation>
<manpage title='net-snmp' section='1M' manpath='/usr/share/man' />
</documentation>
</template>
</service>
</service_bundle>

Import the manifest:
svccfg import /tmp/net-snmp.xml

Create /lib/svc/method/svc-net-snmp:
#!/bin/sh
. /lib/svc/share/smf_include.sh
# Start processes required for snmpd
if [ -x /usr/local/sbin/snmpd ]; then
/usr/local/sbin/snmpd
else
echo "snmpd is missing or not executable."
exit $SMF_EXIT_ERR_CONFIG
fi
exit $SMF_EXIT_OK

== rsyncd ==

Install SUNWrsync.

Create /tmp/rsync.xml:
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="manifest" name="rsync">
<service name="network/rsync" type="service" version="4">
<create_default_instance enabled="false"/>
<single_instance/>
<!--
If there's no network, then there's no point in running
-->
<dependency name="loopback" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/network/loopback:default"/>
</dependency>
<dependency name="physical" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/network/physical:default"/>
</dependency>
<dependency name="fs-local" grouping="require_all" restart_on="none" type="service">
<service_fmri value="svc:/system/filesystem/local"/>
</dependency>
<exec_method type="method" name="start" exec="/opt/csw/bin/rsync --daemon" timeout_seconds="60"/>
<exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>
<exec_method type="method" name="refresh" exec=":kill -HUP" timeout_seconds="60"/>
<stability value="Unstable"/>
<template>
<common_name>
<loctext xml:lang="C">RSYNC daemon</loctext>
</common_name>
<documentation>
<manpage title="rsync" section="7"/>
<doc_link name="rsync.org" uri="http://www.rsync.org/docs/"/>
</documentation>
</template>
</service>
</service_bundle>

Import the manifest:
svccfg import /tmp/rsync.xml

== Service Management ==

To control services, use svcadm:
svcadm enable ssh
svcadm disable ssh
svcadm restart ssh

To install/delete services, use svccfg.

To see why services failed to start:
svcs -xv


== External Links ==
== External Links ==
* http://docs.sun.com/app/docs/doc/819-5461
https://www.cs.uwaterloo.ca/twiki/view/CF/ADAddSolaris10
* http://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guide
* https://www.cs.uwaterloo.ca/twiki/view/CF/ADAddSolaris10

[[Category:Software]]

Latest revision as of 21:33, 22 November 2009

Networking

Create /etc/defaultroute with contents:

129.97.134.1

Modify /etc/netmasks and add to the end:

129.97.134.1 255.255.255.0

Create /etc/hostname.e1000g0 (where e1000g0 is the interface name):

ginseng

Modify /etc/hosts so that it contains at least the following:

127.0.0.1 localhost loghost
129.97.134.89 ginseng.csclub.uwaterloo.ca ginseng

Run the following:

svcadm enable physical:default
/lib/svc/methods/net-physical:default

OpenSolaris Packages

You should install the following build-related packages:

pkg install SUNWarc SUNWsfwhea SUNWhea SUNWtoo

If you want gcc and Sun Studio:

pkg install gcc-dev sunstudio

Blastwave/CSW Packages

Install pkg-get:

pkgadd -d http://www.blastwave.org/pkg_get.pkg
* In /opt/csw/etc/pkg-get.conf, set the primary url to http://mirror.csclub.uwaterloo.ca/blastwave/unstable.

Install various packages:

/opt/csw/bin/pkg-get -i gnupg screen bash_completion bison gawk gsed puppet top iftop wireshark

We want certain config files to be in /etc, rather than /opt/csw:

rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf
rm -f /etc/krb5/krb5.conf && ln -s /etc/krb5.conf /etc/krb5/krb5.conf
rm -f /etc/krb5/krb5.keytab && ln -s /etc/krb5.keytab /etc/krb5/krb5.keytab

Environment variables

In /etc/default/login, change PATH and SUPATH:

PATH=/usr/local/bin:/usr/gnu/bin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/bin:/bin:/usr/sfw/bin
SUPATH=/usr/local/sbin:/usr/local/bin:/usr/gnu/bin:/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin

Near the top of /etc/profile, add:

export PAGER=less

nss_ldap

The native nss_ldap library doesn't support rfc2307bis, so we need to build padl's nss_ldap from source:

LDFLAGS=-L/opt/csw/lib CFLAGS=-I/opt/csw/include ./configure --with-ldap-conf-file=/etc/libnss-ldap.conf --prefix=/usr/local
LDADD=-L/opt/csw/lib\ -R/opt/csw/lib make; make install
ln -s /usr/local/lib/nss_ldap.so.1 /lib/nss_ldap.so.1

Modify /etc/nsswitch.ldap to your liking. You should also copy /etc/libnss-ldap.conf from caffeine. Despite the fact that we link against csw's openldap libraries, we need to configure the native ldap library.

ldapclient manual -a credentialLevel=anonymous \
    -a authenticationMethod=none \
    -a domainName=csclub.uwaterloo.ca \
    -a defaultSearchBase=dc=csclub,dc=uwaterloo,dc=ca \
    -a defaultSearchScope=sub \
    -a defaultServerList=ldap1.csclub.uwaterloo.ca,ldap2.csclub.uwaterloo.ca

In /etc/group, add the following to the bottom:

users::100:

PAM

In /etc/pam.conf, after

other auth required   pam_unix_cred.so.1

add

other auth sufficient   pam_krb5.so.1

You should also do this for 'login'.

You need to create /etc/krb5/krb5.keytab containing host/fqdn@CSCLUB.UWATERLOO.CA where fqdn is the fully qualified domain name of the host.

sudo

The sudo in blastwave/csw does not inclue the '--secure-path' configure option or ldap support, so you should build sudo from source:

./configure --prefix=/usr/local --with-all-insults --with-exempt=sudo --with-pam --with-fqdn --with-logging=syslog --with-logfac=auth \
  --with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/gnu/bin:/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin \
  --with-env-editor --with-timeout=15 --with-password-timeout=0 --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail \
  --with-ldap --with-ldap-conf-file=/etc/ldap/ldap.conf
* In config.h, change '#define HAVE_DGETTEXT 1' to '#undef HAVE_DGETTEXT'
make; make install

ZFS

When you add new disks you need to have Solaris rescan for disks. You can do this by adding '-r' as a kernel option (via grub).

To view a list of disks:

format

To create a mirrored "zpool" (basically lvm/mdadm/fs all rolled into one):

zpool create users mirror c2t0d0 c2t1d0

This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0.

To enable Kerberos security, modify /etc/nfssec.conf and uncomment the krb5 lines.

Also see User-data#ZFS.

SNMP

The snmp daemon in Solaris doesn't support 64-bit counters, so you should compile net-snmp:

./configure --prefix=/usr/local --enable-mfd-rewrites '--with-mib-modules=host ucd-snmp/diskio' \
  --disable-embedded-perl --with-sys-contact="syscom@csclub.uwaterloo.ca" --with-sys-location="MC 3015" \
  --with-default-snmp-version=3 --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp"
* In include/net-snmp/system/solaris.h add '#define NEW_MIB_COMPLIANT 1' to the bottom.
make; make install

Create /tmp/net-snmp.xml:

<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type='manifest' name='net-snmp'>
  <service name='system/net-snmp' type='service' version='1'>
    <create_default_instance enabled='false' />
    <single_instance/>
    <dependency name='milestone' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/milestone/sysconfig' />
    </dependency>
    <dependency name='filesystem' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/system/filesystem/local' />
    </dependency>
    <dependency name='name-services' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/milestone/name-services' />
    </dependency>
    <dependent name='net-snmp_single-user' grouping='optional_all' restart_on='none'>
      <service_fmri value='svc:/milestone/multi-user' />
    </dependent>
    <exec_method type='method' name='start' exec='/lib/svc/method/svc-net-snmp' timeout_seconds='60' />
    <exec_method type='method' name='stop' exec=':kill' timeout_seconds='60' />
    <exec_method type='method' name='refresh' exec=':kill -HUP' timeout_seconds='60' />
    <property_group name='general' type='framework'>
      <propval name='action_authorization' type='astring' value='solaris.smf.manage.net-snmp' />
    </property_group>
    <stability value='Unstable' />
    <template>
      <common_name>
        <loctext xml:lang='C'>net-snmp</loctext>
      </common_name>
      <documentation>
        <manpage title='net-snmp' section='1M' manpath='/usr/share/man' />
      </documentation>
    </template>
  </service>
</service_bundle>

Import the manifest:

svccfg import /tmp/net-snmp.xml

Create /lib/svc/method/svc-net-snmp:

#!/bin/sh
. /lib/svc/share/smf_include.sh

# Start processes required for snmpd

if [ -x /usr/local/sbin/snmpd ]; then
  /usr/local/sbin/snmpd
else
  echo "snmpd is missing or not executable."
  exit $SMF_EXIT_ERR_CONFIG
fi

exit $SMF_EXIT_OK

rsyncd

Install SUNWrsync.

Create /tmp/rsync.xml:

<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="manifest" name="rsync">
  <service name="network/rsync" type="service" version="4">
    <create_default_instance enabled="false"/>
    <single_instance/>
    <dependency name="loopback" grouping="require_all" restart_on="error" type="service">
      <service_fmri value="svc:/network/loopback:default"/>
    </dependency>
    <dependency name="physical" grouping="require_all" restart_on="error" type="service">
      <service_fmri value="svc:/network/physical:default"/>
    </dependency>
    <dependency name="fs-local" grouping="require_all" restart_on="none" type="service">
      <service_fmri value="svc:/system/filesystem/local"/>
    </dependency>
    <exec_method type="method" name="start" exec="/opt/csw/bin/rsync --daemon" timeout_seconds="60"/>
    <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>
    <exec_method type="method" name="refresh" exec=":kill -HUP" timeout_seconds="60"/>
    <stability value="Unstable"/>
    <template>
      <common_name>
        <loctext xml:lang="C">RSYNC daemon</loctext>
      </common_name>
      <documentation>
        <manpage title="rsync" section="7"/>
        <doc_link name="rsync.org" uri="http://www.rsync.org/docs/"/>
      </documentation>
    </template>
  </service>
</service_bundle>

Import the manifest:

svccfg import /tmp/rsync.xml

Service Management

To control services, use svcadm:

svcadm enable ssh
svcadm disable ssh
svcadm restart ssh

To install/delete services, use svccfg.

To see why services failed to start:

svcs -xv

External Links