OpenSolaris
Solaris 10 Packages
You can then install additional packages from the Solaris 10 DVD by inserting the DVD; it should get auto-mounted in /cdrom/sol*. If this isn't the case, you can manually mount the disc via:
mount -F hsfs /dev/dsk/c1t0d0s0 /mnt
Then ls to /cdrom/sol*/Solaris\ 10/Products and install packages:
pkgadd -d . PKGNAME
Install wget, volume management, and bash:
pkgadd -d . SUNWvolr SUNWvolu SUNWgcmn SUNWwgetr SUNWwgetu SUNWbash
You should install the patch manager and update manager (see http://forum.java.sun.com/thread.jspa?threadID=5195959&messageID=9784141):
pkgadd -d . SUNWzoner SUNWmfrun SUNWj5rt SUNWxcu4 SUNWjdmk-base SUNWcacaort SUNWccccrr SUNWccccr SUNWscn-base-r SUNWscn-base \ SUNWsamr SUNWsam SUNWcsmauth SUNWpoolr SUNWpool SUNWadmc SUNWadmfr SUNWadmfw SUNWlucfg SUNWlur SUNWluu SUNWluzone SUNWzoneu \ SUNWccsign SUNWccfw SUNWscnprmr SUNWscnprm SUNWscnsomr SUNWscnsom SUNWsensor SUNWcctpx SUNWbrg SUNWccccfg SUNWccfwctrl \ SUNWccinv SUNWppror SUNWpprou SUNWppro-plugin-sunos-base SUNWctpls SUNWupdatemgru
If you want krb5 to work with NFS:
pkgadd -d . SUNWrsg
You should install the following build-related packages:
pkgadd -d . SUNWdoc SUNWman SUNWarc SUNWsfwhea SUNWhea SUNWtoo SUNWlibmr SUNWlibm
If you want ssh:
pkgadd -d . SUNWsshcu SUNWsshr SUNWsshu SUNWsshdr SUNWsshdu /lib/svc/method/sshd -c svcadm enable ssh
If you want X applications to work:
pkgadd -d . SUNWxwfnt SUNWxwice SUNWxwrtl SUNWxwplr SUNWxwplt
If you want the NTP daemon:
pkgadd -d . SUNWntpr SUNWntpu svcadm enable ntp
Create /etc/inet/ntp.conf:
server time.nist.gov
You should reboot to make sure all services are configured (there's probably a way to do this that doesn't require rebooting).
Blastwave/CSW Packages
Install pkg-get:
pkgadd -d http://www.blastwave.org/pkg_get.pkg * In /opt/csw/etc/pkg-get.conf, set the primary url to http://mirror.csclub.uwaterloo.ca/blastwave/unstable.
Install various packages:
/opt/csw/bin/pkg-get -i gnupg screen less vim bash bash_completion openldap_client openldap_devel \ sasl_gssapi gcc3core gcc3g++ gmake flex bison ggrep gawk gsed puppet top iftop wireshark sudo_ldap
We want certain config files to be in /etc, rather than /opt/csw:
rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf rm -f /etc/krb5.conf && ln -s /etc/krb5/krb5.conf /etc/krb5.conf rm -f /etc/krb5.keytab && ln -s /etc/krb5/krb5.keytab /etc/krb5.keytab rm -f /opt/csw/etc/sudoers && ln -s /etc/sudoers /opt/csw/etc/sudoers rm -f /opt/csw/etc/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/ldap.conf
It's usefull to have some binaries symlinked:
ln -s gmake /opt/csw/bin/make ln -s gld /opt/csw/bin/ld
Solaris Patching/Updating
To update blastwave:
pkg-get -U pkg-get -u
Note that pkg-get will ask to remove a package and then ask to install the same package; this is normal and this is how pkg-get upgrades packages.
To configure the Solaris patch manager, you first have to create a Sun Online Account which you can create at https://reg.sun.com/register?program=sdn.
Create a file /tmp/reg.properties:
userName=syscom@csclub.uwaterloo.ca password=[see ~sysadmin/passwords/sun-online-account] hostName= subscriptionKey= portalEnabled=false proxyHostName= proxyPort= proxyUserName= proxyPassword=
Register the system:
cacaoadm enable sconadm register -a -r /tmp/reg.properties
When I tried the above, it hung. After investigating, I discovered that cacao wasn't configured properly (see http://forum.java.sun.com/thread.jspa?threadID=5104038). The mentioned thread has a solution (svccfg export/import).
To install available patches:
smpatch update
If it is suggested that you shutdown the system to apply patches, use "shutdown -i 6". The system will appear to start rebooting, however it will eventually return to the prompt. DO NOT REBOOT AT THIS POINT!!!; the system is installing updates that could only be installed in single-user mode (run 'ps -ef | grep sbin\/patchadd' for details).
PATH
Near the top of /etc/profile, add:
if [ "`id | cut -d= -f2 | cut -d\( -f1`" -eq 0 ]; then PATH="/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin" else PATH="/opt/csw/bin:/opt/csw/gcc3/bin:/usr/local/bin:/usr/bin:/bin:/usr/sfw/bin" fi PAGER=less
nss_ldap
The native nss_ldap library doesn't support rfc2307bis, so we need to build padl's nss_ldap from source:
LDFLAGS=-L/opt/csw/lib ./configure --with-ldap-conf-file=/etc/libnss-ldap.conf --prefix=/usr/local LDADD=-L/opt/csw/lib\ -R/opt/csw/lib make; make install ln -s /usr/local/lib/nss_ldap.so.1 /lib/nss_ldap.so.1
Modify /etc/nsswitch.ldap to your liking. You should also copy /etc/libnss-ldap.conf from caffeine. Despite the fact that we link against csw's openldap libraries, we need to configure the native ldap library.
ldapclient manual -a credentialLevel=anonymous \
-a authenticationMethod=none \
-a domainName=csclub.uwaterloo.ca \
-a defaultSearchBase=dc=csclub,dc=uwaterloo,dc=ca \
-a defaultSearchScope=sub \
-a defaultServerList=ldap1.csclub.uwaterloo.ca,ldap2.csclub.uwaterloo.ca
In /etc/group, add the following to the bottom:
users::100:
PAM
In /etc/pam.conf, after
other auth required pam_unix_cred.so.1
add
other auth sufficient pam_krb5.so.1
You should also do this for 'login'.
You need to create /etc/krb5/krb5.keytab containing host/fqdn@CSCLUB.UWATERLOO.CA where fqdn is the fully qualified domain name of the host.
ZFS
When you add new disks you need to have Solaris rescan for disks. You can do this by adding '-r' as a kernel option (via grub).
To view a list of disks:
format
To create a mirrored "zpool" (basically lvm/mdadm/fs all rolled into one):
zpool create users mirror c2t0d0 c2t1d0
This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0.
Also see User-data#ZFS.
Puppet
SNMP
The snmp daemon in Solaris doesn't support 64-bit counters, so you should compile net-snmp:
./configure --prefix=/usr/local --enable-mfd-rewrites '--with-mib-modules=host ucd-snmp/diskio' * In include/net-snmp/system/solaris.h add NEW_MIB_COMPLIANT to the bottom make; make install
Create /var/svc/manifest/network/net-snmp.xml:
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type='manifest' name='net-snmp'>
<service
name='system/net-snmp'
type='service'
version='1'>
<create_default_instance enabled='false' />
<single_instance/>
<dependency
name='milestone'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/milestone/sysconfig' />
</dependency>
<dependency
name='filesystem'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/filesystem/local' />
</dependency>
<dependency
name='name-services'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/milestone/name-services' />
</dependency>
<dependent
name='net-snmp_single-user'
grouping='optional_all'
restart_on='none'>
<service_fmri value='svc:/milestone/multi-user' />
</dependent>
<exec_method
type='method'
name='start'
exec='/lib/svc/method/svc-net-snmp'
timeout_seconds='60' />
<exec_method
type='method'
name='stop'
exec=':kill'
timeout_seconds='60' />
<exec_method
type='method'
name='refresh'
exec=':kill -HUP'
timeout_seconds='60' />
<property_group name='general' type='framework'>
<propval name='action_authorization' type='astring'
value='solaris.smf.manage.net-snmp' />
</property_group>
<stability value='Unstable' />
<template>
<common_name>
<loctext xml:lang='C'> net-snmp
</loctext>
</common_name>
<documentation>
<manpage title='net-snmp' section='1M'
manpath='/usr/share/man' />
</documentation>
</template>
</service>
</service_bundle>
Create /var/svc/manifest/network/net-snmp.xml:
#!/bin/sh . /lib/svc/share/smf_include.sh # Start processes required for snmpd if [ -x /usr/local/sbin/snmpd ]; then /usr/local/sbin/snmpd else echo "snmpd is missing or not executable." exit $SMF_EXIT_ERR_CONFIG fi exit $SMF_EXIT_OK
Service Management
To control services, use svcadm:
svcadm enable ssh svcadm disable ssh svcadm restart ssh
To install/delete services, use svccfg.
To see why services failed to start:
svcs -xv