OpenSolaris: Difference between revisions
m (Solaris 10 moved to OpenSolaris) |
No edit summary |
||
Line 1: | Line 1: | ||
== |
== OpenSolaris Packages == |
||
You can use packagemanger to install and update packages. |
|||
You can then install additional packages from the Solaris 10 DVD by inserting the DVD; it should get auto-mounted in /cdrom/sol*. If this isn't the case, you can manually mount the disc via: |
|||
mount -F hsfs /dev/dsk/c1t0d0s0 /mnt |
|||
Then ls to /cdrom/sol*/Solaris\ 10/Products and install packages: |
|||
pkgadd -d . PKGNAME |
|||
Install wget, volume management, and bash: |
|||
pkgadd -d . SUNWvolr SUNWvolu SUNWgcmn SUNWwgetr SUNWwgetu SUNWbash |
|||
You should install the patch manager and update manager (see http://forum.java.sun.com/thread.jspa?threadID=5195959&messageID=9784141): |
|||
pkgadd -d . SUNWzoner SUNWmfrun SUNWj5rt SUNWxcu4 SUNWjdmk-base SUNWcacaort SUNWccccrr SUNWccccr SUNWscn-base-r SUNWscn-base \ |
|||
SUNWsamr SUNWsam SUNWcsmauth SUNWpoolr SUNWpool SUNWadmc SUNWadmfr SUNWadmfw SUNWlucfg SUNWlur SUNWluu SUNWluzone SUNWzoneu \ |
|||
SUNWccsign SUNWccfw SUNWscnprmr SUNWscnprm SUNWscnsomr SUNWscnsom SUNWsensor SUNWcctpx SUNWbrg SUNWccccfg SUNWccfwctrl \ |
|||
SUNWccinv SUNWppror SUNWpprou SUNWppro-plugin-sunos-base SUNWctpls SUNWupdatemgru |
|||
If you want krb5 to work with NFS: |
|||
pkgadd -d . SUNWrsg |
|||
⚫ | |||
⚫ | |||
If you want ssh: |
|||
pkgadd -d . SUNWsshcu SUNWsshr SUNWsshu SUNWsshdr SUNWsshdu |
|||
/lib/svc/method/sshd -c |
|||
svcadm enable ssh |
|||
If you want X applications to work: |
|||
pkgadd -d . SUNWxwfnt SUNWxwice SUNWxwrtl SUNWxwplr SUNWxwplt |
|||
If you want the NTP daemon: |
|||
pkgadd -d . SUNWntpr SUNWntpu |
|||
svcadm enable ntp |
|||
Create /etc/inet/ntp.conf: |
|||
server time.nist.gov |
|||
⚫ | |||
You should reboot to make sure all services are configured (there's probably a way to do this that doesn't require rebooting). |
|||
⚫ | |||
== Blastwave/CSW Packages == |
== Blastwave/CSW Packages == |
||
Line 42: | Line 18: | ||
We want certain config files to be in /etc, rather than /opt/csw: |
We want certain config files to be in /etc, rather than /opt/csw: |
||
rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf |
rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf |
||
rm -f /etc/krb5.conf && ln -s /etc |
rm -f /etc/krb5/krb5.conf && ln -s /etc/krb5.conf /etc/krb5/krb5.conf |
||
rm -f /etc/krb5.keytab && ln -s /etc |
rm -f /etc/krb5/krb5.keytab && ln -s /etc/krb5.keytab /etc/krb5/krb5.keytab |
||
It's usefull to have some binaries symlinked: |
It's usefull to have some binaries symlinked: |
||
Line 49: | Line 25: | ||
ln -s gld /opt/csw/bin/ld |
ln -s gld /opt/csw/bin/ld |
||
⚫ | |||
== Solaris Patching/Updating == |
|||
In /etc/default/login, change PATH and SUPATH: |
|||
To update blastwave: |
|||
pkg-get -U |
|||
pkg-get -u |
|||
⚫ | |||
Note that pkg-get will ask to remove a package and then ask to install the same package; this is normal and this is how pkg-get upgrades packages. |
|||
SUPATH=/usr/local/sbin:/usr/local/bin:/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:\ |
|||
⚫ | |||
To configure the Solaris patch manager, you first have to create a Sun Online Account which you can create at https://reg.sun.com/register?program=sdn. |
|||
Create a file /tmp/reg.properties: |
|||
userName=syscom@csclub.uwaterloo.ca |
|||
password=[see ~sysadmin/passwords/sun-online-account] |
|||
hostName= |
|||
subscriptionKey= |
|||
portalEnabled=false |
|||
proxyHostName= |
|||
proxyPort= |
|||
proxyUserName= |
|||
proxyPassword= |
|||
Register the system: |
|||
cacaoadm enable |
|||
sconadm register -a -r /tmp/reg.properties |
|||
When I tried the above, it hung. After investigating, I discovered that cacao wasn't configured properly (see http://forum.java.sun.com/thread.jspa?threadID=5104038). The mentioned thread has a solution (svccfg export/import). |
|||
To install available patches: |
|||
smpatch update |
|||
If it is suggested that you shutdown the system to apply patches, use "shutdown -i 6". The system will appear to start rebooting, however it will eventually return to the prompt. <b>DO NOT REBOOT AT THIS POINT!!!</b>; the system is installing updates that could only be installed in single-user mode (run 'ps -ef | grep sbin\/patchadd' for details). |
|||
⚫ | |||
Near the top of /etc/profile, add: |
Near the top of /etc/profile, add: |
||
⚫ | |||
if [ "`id | cut -d= -f2 | cut -d\( -f1`" -eq 0 ]; then |
|||
⚫ | |||
else |
|||
⚫ | |||
fi |
|||
⚫ | |||
== nss_ldap == |
== nss_ldap == |
||
Line 141: | Line 86: | ||
zpool create users mirror c2t0d0 c2t1d0 |
zpool create users mirror c2t0d0 c2t1d0 |
||
This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0. |
This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0. |
||
To enable Kerberos security, modify /etc/nfssec.conf and uncomment the krb5 lines. |
|||
Also see [[User-data#ZFS]]. |
Also see [[User-data#ZFS]]. |
Revision as of 21:25, 15 May 2008
OpenSolaris Packages
You can use packagemanger to install and update packages.
You should install the following build-related packages:
SUNWarc SUNWsfwhea SUNWhea SUNWtoo
Blastwave/CSW Packages
Install pkg-get:
pkgadd -d http://www.blastwave.org/pkg_get.pkg * In /opt/csw/etc/pkg-get.conf, set the primary url to http://mirror.csclub.uwaterloo.ca/blastwave/unstable.
Install various packages:
/opt/csw/bin/pkg-get -i gnupg screen less vim bash bash_completion openldap_client openldap_devel \ sasl_gssapi gcc3core gcc3g++ gmake flex bison ggrep gawk gsed puppet top iftop wireshark
We want certain config files to be in /etc, rather than /opt/csw:
rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf rm -f /etc/krb5/krb5.conf && ln -s /etc/krb5.conf /etc/krb5/krb5.conf rm -f /etc/krb5/krb5.keytab && ln -s /etc/krb5.keytab /etc/krb5/krb5.keytab
It's usefull to have some binaries symlinked:
ln -s gmake /opt/csw/bin/make ln -s gld /opt/csw/bin/ld
Environment variables
In /etc/default/login, change PATH and SUPATH:
PATH=/usr/local/bin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/gnu/bin:/usr/bin:/bin:/usr/sfw/bin SUPATH=/usr/local/sbin:/usr/local/bin:/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:\ /usr/gnu/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin
Near the top of /etc/profile, add:
export PAGER=less
nss_ldap
The native nss_ldap library doesn't support rfc2307bis, so we need to build padl's nss_ldap from source:
LDFLAGS=-L/opt/csw/lib ./configure --with-ldap-conf-file=/etc/libnss-ldap.conf --prefix=/usr/local LDADD=-L/opt/csw/lib\ -R/opt/csw/lib make; make install ln -s /usr/local/lib/nss_ldap.so.1 /lib/nss_ldap.so.1
Modify /etc/nsswitch.ldap to your liking. You should also copy /etc/libnss-ldap.conf from caffeine. Despite the fact that we link against csw's openldap libraries, we need to configure the native ldap library.
ldapclient manual -a credentialLevel=anonymous \ -a authenticationMethod=none \ -a domainName=csclub.uwaterloo.ca \ -a defaultSearchBase=dc=csclub,dc=uwaterloo,dc=ca \ -a defaultSearchScope=sub \ -a defaultServerList=ldap1.csclub.uwaterloo.ca,ldap2.csclub.uwaterloo.ca
In /etc/group, add the following to the bottom:
users::100:
PAM
In /etc/pam.conf, after
other auth required pam_unix_cred.so.1
add
other auth sufficient pam_krb5.so.1
You should also do this for 'login'.
You need to create /etc/krb5/krb5.keytab containing host/fqdn@CSCLUB.UWATERLOO.CA where fqdn is the fully qualified domain name of the host.
sudo
The sudo in blastwave/csw does not inclue the '--secure-path' configure option or ldap support, so you should build sudo from source:
./configure --prefix=/usr/local --with-all-insults --with-exempt=sudo --with-pam --with-fqdn --with-logging=syslog --with-logfac=auth \ --with-secure-path=/opt/csw/sbin:/opt/csw/bin:/usr/gnu/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin --with-env-editor \ --with-timeout=15 --with-password-timeout=0 --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail \ --with-ldap --with-ldap-conf-file=/etc/ldap/ldap.conf * In config.h, change '#define HAVE_DGETTEXT 1' to '#undef HAVE_DGETTEXT' make; make install
ZFS
When you add new disks you need to have Solaris rescan for disks. You can do this by adding '-r' as a kernel option (via grub).
To view a list of disks:
format
To create a mirrored "zpool" (basically lvm/mdadm/fs all rolled into one):
zpool create users mirror c2t0d0 c2t1d0
This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0.
To enable Kerberos security, modify /etc/nfssec.conf and uncomment the krb5 lines.
Also see User-data#ZFS.
SNMP
The snmp daemon in Solaris doesn't support 64-bit counters, so you should compile net-snmp:
./configure --prefix=/usr/local --enable-mfd-rewrites '--with-mib-modules=host ucd-snmp/diskio' * In include/net-snmp/system/solaris.h add NEW_MIB_COMPLIANT to the bottom make; make install
Create /var/svc/manifest/network/net-snmp.xml:
<?xml version="1.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type='manifest' name='net-snmp'> <service name='system/net-snmp' type='service' version='1'> <create_default_instance enabled='false' /> <single_instance/> <dependency name='milestone' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/milestone/sysconfig' /> </dependency> <dependency name='filesystem' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/system/filesystem/local' /> </dependency> <dependency name='name-services' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/milestone/name-services' /> </dependency> <dependent name='net-snmp_single-user' grouping='optional_all' restart_on='none'> <service_fmri value='svc:/milestone/multi-user' /> </dependent> <exec_method type='method' name='start' exec='/lib/svc/method/svc-net-snmp' timeout_seconds='60' /> <exec_method type='method' name='stop' exec=':kill' timeout_seconds='60' /> <exec_method type='method' name='refresh' exec=':kill -HUP' timeout_seconds='60' /> <property_group name='general' type='framework'> <propval name='action_authorization' type='astring' value='solaris.smf.manage.net-snmp' /> </property_group> <stability value='Unstable' /> <template> <common_name> <loctext xml:lang='C'> net-snmp </loctext> </common_name> <documentation> <manpage title='net-snmp' section='1M' manpath='/usr/share/man' /> </documentation> </template> </service> </service_bundle>
Create /var/svc/manifest/network/net-snmp.xml:
#!/bin/sh . /lib/svc/share/smf_include.sh # Start processes required for snmpd if [ -x /usr/local/sbin/snmpd ]; then /usr/local/sbin/snmpd else echo "snmpd is missing or not executable." exit $SMF_EXIT_ERR_CONFIG fi exit $SMF_EXIT_OK
Service Management
To control services, use svcadm:
svcadm enable ssh svcadm disable ssh svcadm restart ssh
To install/delete services, use svccfg.
To see why services failed to start:
svcs -xv