OpenSolaris: Difference between revisions
Line 20: | Line 20: | ||
pkgadd -d . SUNWsmagt SUNWsmmgr |
pkgadd -d . SUNWsmagt SUNWsmmgr |
||
sudo svccfg import /var/svc/manifest/application/management/sma.xml |
sudo svccfg import /var/svc/manifest/application/management/sma.xml |
||
You should reboot to make sure all services are configured (there's probably a way to do this that doesn't require rebooting). |
|||
== Blastwave/CSW Packages == |
== Blastwave/CSW Packages == |
Revision as of 07:28, 18 February 2008
Solaris is drugs; avoid it at all cost.
Solaris 10 Packages
If you choose to only install "core" packages, make sure you also select "GNU wget" and "Volume Manager". You can then install additional packages later from the Solaris 10 DVD. To do so, insert the DVD and it should get auto-mounted in /cdrom/sol*. Then ls to /cdrom/sol*/Solaris\ 10/Products and install packages:
pkgadd -d . PKGNAME
You should install the patch manager and update manager:
pkgadd -d . SUNWctpls SUNWmfrun SUNWccccrr SUNWccccr SUNWccsign SUNWppror SUNWpprou SUNWj5rt SUNWj5dev SUNWjdmk-base \ SUNWcacaort SUNWscn-base-r SUNWscn-base SUNWsamr SUNWsam SUNWscnprmr SUNWscnprm SUNWscnsom SUNWsensor SUNWbrg \ SUNWzoner SUNWpoolr SUNWpool SUNWadmfr SUNWadmfw SUNWlucfg SUNWlur SUNWluu SUNWluzone SUNWzoneu \ SUNWccfw SUNWcctpx SUNWccfw SUNWccinv SUNWcsmauth SUNWupdatemgru SUNWupdatemgrr \ SUNWxcu4 SUNWcacaort
You should install the following build-related packages:
pkgadd -d . SUNWdoc SUNWman SUNWarc SUNsfwhea SUNhea
If you want ssh:
pkgadd -d . SUNWsshc SUNWsshr SUNWsshu SUNWsshdr SUNWsshdu
If you want X applications to work:
pkadd -d . SUNWxwfnt SUNWxwice SUNWxwrtl SUNWxwplr SUNWxwplt
If wyou want the SNMP daemon:
pkgadd -d . SUNWsmagt SUNWsmmgr sudo svccfg import /var/svc/manifest/application/management/sma.xml
You should reboot to make sure all services are configured (there's probably a way to do this that doesn't require rebooting).
Blastwave/CSW Packages
Install pkg-get:
pkgadd -d http://www.blastwave.org/pkg_get.pkg * In /opt/csw/edit/pkg-get.conf, and set the primary url to http://mirror.csclub.uwaterloo.ca/blastwave/unstable.
Install various packages:
/opt/csw/bin/pkg-get -i gnupg screen less vim bash_completion openldap_client openldap_devel \ sasl_gssapi ntp nrpe gcc3core gcc3g++ gmake puppet wget top iftop wireshark
We want certain config files to be in /etc, rather than /opt/csw:
rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf rm -f /etc/krb5.conf && ln -s /etc/krb5/krb5.conf /etc/krb5.conf rm -f /etc/krb5.keytab && ln -s /etc/krb5/krb5.keytab /etc/krb5.keytab mv /opt/csw/etc/ssh /etc && ln -s /etc/ssh /opt/csw/etc/ssh
It's usefull to have some binaries symlinked:
ln -s gmake /opt/csw/bin/make ln -s /opt/csw/bin/bash /bin/bash
Solaris Patching/Updating
To update blastwave:
pkg-get -U; pkg-get -u
Note that pkg-get will ask to remove a package and then ask to install the same package; this is normal and this is how pkg-get upgrades packages.
To configure the Solaris patch manager, you first have to create a Sun Online Account which you can create at https://reg.sun.com/register?program=sdn.
Create a file /tmp/reg.properties:
userName=syscom@csclub.uwaterloo.ca password=[see ~sysadmin/passwords/sun-online-account] hostName= subscriptionKey= portalEnabled= proxyHostName= proxyPort= proxyUserName= proxyPassword=
Register the system:
sconadm register -a -r /tmp/reg.properties
PATH
Near the top of /etc/profile, add:
if [ "`id | cut -d= -f2 | cut -d\( -f1`" -eq 0 ]; then PATH="/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin" else PATH="/opt/csw/bin:/opt/csw/gcc3/bin:/usr/local/bin:/usr/bin:/bin:/usr/sfw/bin" fi
nss_ldap
The native nss_ldap library doesn't support rfc2307bis, so we need to build padl's nss_ldap from source:
./configure --with-ldap-conf-file=/etc/libnss-ldap.conf --prefix=/usr/local LDADD=-L/opt/csw/lib\ -R/opt/csw/lib make; make install rm /usr/lib/nss_ldap.so.1 && ln -s /usr/local/lib/nss_ldap.so /usr/lib/nss_ldap.so.1
Despite the fact that we link against csw's openldap libraries, we need to configure the native ldap library:
ldapclient manual -a credentialLevel=anonymous \ -a authenticationMethod=none \ -a domainName=csclub.uwaterloo.ca \ -a defaultSearchBase=dc=csclub,dc=uwaterloo,dc=ca \ -a defaultSearchScope=sub \ -a defaultServerList=ldap1.csclub.uwaterloo.ca,ldap2.csclub.uwaterloo.ca
PAM
In /etc/pam.conf, after
other auth required pam_unix_cred.so.1
add
other auth sufficient pam_krb5.so.1
You should also do this for 'login'.
You need to create /etc/krb5/krb5.keytab containing host/fqdn@CSCLUB.UWATERLOO.CA where fqdn is the fully qualified domain name of the host.
sudo
The sudo in blastwave/csw does not inclue the '--secure-path' configure option or ldap support, so you should build sudo from source:
./configure --prefix=/usr/local --with-all-insults --with-exempt=sudo --with-pam --with-fqdn --with-logging=syslog --with-logfac=auth \ --with-secure-path=/opt/csw/sbin:/opt/csw/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin --with-env-editor \ --with-timeout=15 --with-password-timeout=0 --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail \ --with-ldap --with-ldap-conf-file=/etc/ldap/ldap.conf * In config.h, change '#define HAVE_DGETTEXT 1' to '#undef HAVE_DGETTEXT' make; make install
ZFS
When you add new disks you need to have Solaris rescan for disks. You can do this by adding '-r' as a kernel option (via grub).
To view a list of disks:
format
To create a mirrored "zpool" (basically lvm/mdadm/fs all rolled into one):
zpool create users mirror c2t0d0 c2t1d0
This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0.
To create datasets (basically mountpoints within a zpool):
zpool create users/dtbartle
To disable atime, devices, and setuid:
zpool set atime=off users zpool set devices=off users zpool set setuid=off users
Quota can be managed via 'zfs get' and 'zfs set'. To query quota:
zfs get quota
To set quota for a user:
zfs set quota=2G users/dtbartle
To disable quota for a user:
zfs set quota=none users/dtbartle
To export over NFS:
zfs set sharenfs="sec=sys,rw=$ACCESS_LIST,nosuid" users
ACCESS_LIST may be as a colon-separated list of any of the following:
- hostname (e.g. glucose-fructose.csclub.uwaterloo.ca)
- netgroup (e.g. in LDAP)
- domain name suffix (e.g. .csclub.uwaterloo.ca)
- network (e.g. @129.97.134.0/24)
A minus sign (-) may prefix one of the above to indicate that access is to be denied.
Snapshots are viewable at /users/$USER/.zfs/snapshot/
SNMP
An SNMP daemon can be enabled via:
svcadm enable sma
It can be configured via /etc/snmpd/conf/snmpd.conf.
Puppet
Make sure that your .cshrc file is empty, as running 'which' invoke csh.