OpenSolaris: Difference between revisions

Solaris is drugs; avoid it at all cost.

Solaris 10 Packages

You can then install additional packages from the Solaris 10 DVD by inserting the DVD; it should get auto-mounted in /cdrom/sol*. If this isn't the case, you can manually mount the disc via:

mount -F hsfs /dev/dsk/c1t0d0s0 /mnt

Then ls to /cdrom/sol*/Solaris\ 10/Products and install packages:

pkgadd -d . PKGNAME

Install wget, volume management, and bash:

pkgadd -d . SUNWvolr SUNWvolu SUNwgetr SUNWgcmn SUNWwgetu SUNWbash

You should install the patch manager and update manager (see http://forum.java.sun.com/thread.jspa?threadID=5195959&messageID=9784141):

pkgadd -d . SUNWzoner SUNWj5rt SUNWsamr SUNWsam SUNWcsmauth SUNWpoolr SUNWpool SUNWadmc SUNWadmfr SUNWadmfw SUNWlur SUNWluu \
  SUNWluzone SUNWzoneu SUNWbrg SUNWccccfg SUNWccccr SUNWccccrr SUNWccfw SUNWccfwctrl SUNWccinv SUNWccsign SUNWcctpx SUNWcsr \
  SUNWcsu SUNWppro-plugin-sunos-base SUNWppror SUNWpprou SUNWxcu4 SUNWctpls SUNWmfrun SUNWscn-base-r SUNWscn-base SUNWscnprmr \
  SUNWscnprm SUNWscnsomr SUNWscnsom SUNWupdatemgru

You should install the following build-related packages:

pkgadd -d . SUNWdoc SUNWman SUNWarc SUNWsfwhea SUNWhea

If you want ssh:

pkgadd -d . SUNWsshcu SUNWsshr SUNWsshu SUNWsshdr SUNWsshdu

If you want X applications to work:

pkadd -d . SUNWxwfnt SUNWxwice SUNWxwrtl SUNWxwplr SUNWxwplt

If wyou want the SNMP daemon:

pkgadd -d . SUNWsmagt SUNWsmmgr

You should reboot to make sure all services are configured (there's probably a way to do this that doesn't require rebooting).

Blastwave/CSW Packages

Install pkg-get:

pkgadd -d http://www.blastwave.org/pkg_get.pkg
* In /opt/csw/etc/pkg-get.conf, set the primary url to http://mirror.csclub.uwaterloo.ca/blastwave/unstable.

Install various packages:

/opt/csw/bin/pkg-get -i gnupg screen less vim bash_completion openldap_client openldap_devel \
  sasl_gssapi ntp nrpe gcc3core gcc3g++ gmake puppet wget top iftop wireshark

We want certain config files to be in /etc, rather than /opt/csw:

rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf
rm -f /etc/krb5.conf && ln -s /etc/krb5/krb5.conf /etc/krb5.conf
rm -f /etc/krb5.keytab && ln -s /etc/krb5/krb5.keytab /etc/krb5.keytab

It's usefull to have some binaries symlinked:

ln -s gmake /opt/csw/bin/make

Solaris Patching/Updating

To update blastwave:

pkg-get -U; pkg-get -u

Note that pkg-get will ask to remove a package and then ask to install the same package; this is normal and this is how pkg-get upgrades packages.

To configure the Solaris patch manager, you first have to create a Sun Online Account which you can create at https://reg.sun.com/register?program=sdn.

Create a file /tmp/reg.properties:

userName=syscom@csclub.uwaterloo.ca
password=[see ~sysadmin/passwords/sun-online-account]
hostName=
subscriptionKey=
portalEnabled=false
proxyHostName=
proxyPort=
proxyUserName=
proxyPassword=

Register the system:

sconadm register -a -r /tmp/reg.properties

When I tried the above, it hung. After investigating, I discovered that cacao wasn't configured properly (see http://forum.java.sun.com/thread.jspa?threadID=5104038). The mentioned thread has a solution (svccfg export/import).

To show what patches should be installed:

smpatch analyze

To install available patches:

smpatch update

PATH

Near the top of /etc/profile, add:

if [ "`id | cut -d= -f2 | cut -d\( -f1`" -eq 0 ]; then
 PATH="/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin"
else
 PATH="/opt/csw/bin:/opt/csw/gcc3/bin:/usr/local/bin:/usr/bin:/bin:/usr/sfw/bin"
fi

nss_ldap

The native nss_ldap library doesn't support rfc2307bis, so we need to build padl's nss_ldap from source:

./configure --with-ldap-conf-file=/etc/libnss-ldap.conf --prefix=/usr/local
LDADD=-L/opt/csw/lib\ -R/opt/csw/lib make; make install
rm /usr/lib/nss_ldap.so.1 && ln -s /usr/local/lib/nss_ldap.so /usr/lib/nss_ldap.so.1

Despite the fact that we link against csw's openldap libraries, we need to configure the native ldap library:

ldapclient manual -a credentialLevel=anonymous \
    -a authenticationMethod=none \
    -a domainName=csclub.uwaterloo.ca \
    -a defaultSearchBase=dc=csclub,dc=uwaterloo,dc=ca \
    -a defaultSearchScope=sub \
    -a defaultServerList=ldap1.csclub.uwaterloo.ca,ldap2.csclub.uwaterloo.ca

PAM

In /etc/pam.conf, after

other auth required   pam_unix_cred.so.1

add

other auth sufficient   pam_krb5.so.1

You should also do this for 'login'.

You need to create /etc/krb5/krb5.keytab containing host/fqdn@CSCLUB.UWATERLOO.CA where fqdn is the fully qualified domain name of the host.

sudo

The sudo in blastwave/csw does not inclue the '--secure-path' configure option or ldap support, so you should build sudo from source:

./configure --prefix=/usr/local --with-all-insults --with-exempt=sudo --with-pam --with-fqdn --with-logging=syslog --with-logfac=auth \
  --with-secure-path=/opt/csw/sbin:/opt/csw/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin --with-env-editor \
  --with-timeout=15 --with-password-timeout=0 --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail \
  --with-ldap --with-ldap-conf-file=/etc/ldap/ldap.conf
* In config.h, change '#define HAVE_DGETTEXT 1' to '#undef HAVE_DGETTEXT'
make; make install

ZFS

When you add new disks you need to have Solaris rescan for disks. You can do this by adding '-r' as a kernel option (via grub).

To view a list of disks:

format

To create a mirrored "zpool" (basically lvm/mdadm/fs all rolled into one):

zpool create users mirror c2t0d0 c2t1d0

This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0.

To create datasets (basically mountpoints within a zpool):

zpool create users/dtbartle

To disable atime, devices, and setuid:

zpool set atime=off users
zpool set devices=off users
zpool set setuid=off users

Quota can be managed via 'zfs get' and 'zfs set'. To query quota:

zfs get quota

To set quota for a user:

zfs set quota=2G users/dtbartle

To disable quota for a user:

zfs set quota=none users/dtbartle

To export over NFS:

zfs set sharenfs="sec=sys,rw=$ACCESS_LIST,nosuid" users

ACCESS_LIST may be as a colon-separated list of any of the following:

• hostname (e.g. glucose-fructose.csclub.uwaterloo.ca)
• netgroup (e.g. in LDAP)
• domain name suffix (e.g. .csclub.uwaterloo.ca)
• network (e.g. @129.97.134.0/24)

A minus sign (-) may prefix one of the above to indicate that access is to be denied.

Snapshots are viewable at /users/$USER/.zfs/snapshot/

SNMP

An SNMP daemon can be enabled via:

svcadm enable sma

It can be configured via /etc/snmpd/conf/snmpd.conf.

Puppet

Make sure that your .cshrc file is empty, as running 'which' invoke csh.

svcadm/svccfg

To control services, use svcadm:

svcadm enable ssh
svcadm disable ssh
svcadm restart ssh

To install/delete services, use svccfg.

External Links

• http://docs.sun.com/app/docs/doc/819-5461
• http://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guide
• https://www.cs.uwaterloo.ca/twiki/view/CF/ADAddSolaris10