OpenSolaris: Difference between revisions

Revision as of 21:33, 6 May 2008

Solaris 10 Packages

You can then install additional packages from the Solaris 10 DVD by inserting the DVD; it should get auto-mounted in /cdrom/sol*. If this isn't the case, you can manually mount the disc via:

mount -F hsfs /dev/dsk/c1t0d0s0 /mnt

Then ls to /cdrom/sol*/Solaris\ 10/Products and install packages:

pkgadd -d . PKGNAME

Install wget, volume management, and bash:

pkgadd -d . SUNWvolr SUNWvolu SUNWgcmn SUNWwgetr SUNWwgetu SUNWbash

You should install the patch manager and update manager (see http://forum.java.sun.com/thread.jspa?threadID=5195959&messageID=9784141):

pkgadd -d . SUNWzoner SUNWmfrun SUNWj5rt SUNWxcu4 SUNWjdmk-base SUNWcacaort SUNWccccrr SUNWccccr SUNWscn-base-r SUNWscn-base \
  SUNWsamr SUNWsam SUNWcsmauth SUNWpoolr SUNWpool SUNWadmc SUNWadmfr SUNWadmfw SUNWlucfg SUNWlur SUNWluu SUNWluzone SUNWzoneu \
  SUNWccsign SUNWccfw SUNWscnprmr SUNWscnprm SUNWscnsomr SUNWscnsom SUNWsensor SUNWcctpx SUNWbrg SUNWccccfg SUNWccfwctrl \
  SUNWccinv SUNWppror SUNWpprou SUNWppro-plugin-sunos-base SUNWctpls SUNWupdatemgru

If you want krb5 to work with NFS:

pkgadd -d . SUNWrsg

You should install the following build-related packages:

pkgadd -d . SUNWdoc SUNWman SUNWarc SUNWsfwhea SUNWhea SUNWtoo SUNWlibmr SUNWlibm

If you want ssh:

pkgadd -d . SUNWsshcu SUNWsshr SUNWsshu SUNWsshdr SUNWsshdu
/lib/svc/method/sshd -c
svcadm enable ssh

If you want X applications to work:

pkgadd -d . SUNWxwfnt SUNWxwice SUNWxwrtl SUNWxwplr SUNWxwplt

If you want the NTP daemon:

pkgadd -d . SUNWntpr SUNWntpu
svcadm enable ntp

Create /etc/inet/ntp.conf:

server time.nist.gov

You should reboot to make sure all services are configured (there's probably a way to do this that doesn't require rebooting).

Blastwave/CSW Packages

Install pkg-get:

pkgadd -d http://www.blastwave.org/pkg_get.pkg
* In /opt/csw/etc/pkg-get.conf, set the primary url to http://mirror.csclub.uwaterloo.ca/blastwave/unstable.

Install various packages:

/opt/csw/bin/pkg-get -i gnupg screen less vim bash bash_completion openldap_client openldap_devel \
  sasl_gssapi gcc3core gcc3g++ gmake flex bison ggrep gawk gsed puppet top iftop wireshark sudo_ldap

We want certain config files to be in /etc, rather than /opt/csw:

rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf
rm -f /etc/krb5.conf && ln -s /etc/krb5/krb5.conf /etc/krb5.conf
rm -f /etc/krb5.keytab && ln -s /etc/krb5/krb5.keytab /etc/krb5.keytab
rm -f /opt/csw/etc/sudoers && ln -s /etc/sudoers /opt/csw/etc/sudoers
rm -f /opt/csw/etc/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/ldap.conf

It's usefull to have some binaries symlinked:

ln -s gmake /opt/csw/bin/make
ln -s gld /opt/csw/bin/ld

Solaris Patching/Updating

To update blastwave:

pkg-get -U
pkg-get -u

Note that pkg-get will ask to remove a package and then ask to install the same package; this is normal and this is how pkg-get upgrades packages.

To configure the Solaris patch manager, you first have to create a Sun Online Account which you can create at https://reg.sun.com/register?program=sdn.

Create a file /tmp/reg.properties:

userName=syscom@csclub.uwaterloo.ca
password=[see ~sysadmin/passwords/sun-online-account]
hostName=
subscriptionKey=
portalEnabled=false
proxyHostName=
proxyPort=
proxyUserName=
proxyPassword=

Register the system:

cacaoadm enable
sconadm register -a -r /tmp/reg.properties

When I tried the above, it hung. After investigating, I discovered that cacao wasn't configured properly (see http://forum.java.sun.com/thread.jspa?threadID=5104038). The mentioned thread has a solution (svccfg export/import).

To install available patches:

smpatch update

If it is suggested that you shutdown the system to apply patches, use "shutdown -i 6". The system will appear to start rebooting, however it will eventually return to the prompt. DO NOT REBOOT AT THIS POINT!!!; the system is installing updates that could only be installed in single-user mode (run 'ps -ef | grep sbin\/patchadd' for details).

PATH

Near the top of /etc/profile, add:

if [ "`id | cut -d= -f2 | cut -d\( -f1`" -eq 0 ]; then
 PATH="/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin"
else
 PATH="/opt/csw/bin:/opt/csw/gcc3/bin:/usr/local/bin:/usr/bin:/bin:/usr/sfw/bin"
fi
PAGER=less

nss_ldap

The native nss_ldap library doesn't support rfc2307bis, so we need to build padl's nss_ldap from source:

LDFLAGS=-L/opt/csw/lib ./configure --with-ldap-conf-file=/etc/libnss-ldap.conf --prefix=/usr/local
LDADD=-L/opt/csw/lib\ -R/opt/csw/lib make; make install
ln -s /usr/local/lib/nss_ldap.so.1 /lib/nss_ldap.so.1

Modify /etc/nsswitch.ldap to your liking. You should also copy /etc/libnss-ldap.conf from caffeine. Despite the fact that we link against csw's openldap libraries, we need to configure the native ldap library.

ldapclient manual -a credentialLevel=anonymous \
    -a authenticationMethod=none \
    -a domainName=csclub.uwaterloo.ca \
    -a defaultSearchBase=dc=csclub,dc=uwaterloo,dc=ca \
    -a defaultSearchScope=sub \
    -a defaultServerList=ldap1.csclub.uwaterloo.ca,ldap2.csclub.uwaterloo.ca

In /etc/group, add the following to the bottom:

users::100:

PAM

In /etc/pam.conf, after

other auth required   pam_unix_cred.so.1

add

other auth sufficient   pam_krb5.so.1

You should also do this for 'login'.

You need to create /etc/krb5/krb5.keytab containing host/fqdn@CSCLUB.UWATERLOO.CA where fqdn is the fully qualified domain name of the host.

ZFS

When you add new disks you need to have Solaris rescan for disks. You can do this by adding '-r' as a kernel option (via grub).

To view a list of disks:

format

To create a mirrored "zpool" (basically lvm/mdadm/fs all rolled into one):

zpool create users mirror c2t0d0 c2t1d0

This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0.

Also see User-data#ZFS.

Puppet

SNMP

The snmp daemon in Solaris doesn't support 64-bit counters, so you should compile net-snmp:

./configure --prefix=/usr/local --enable-mfd-rewrites '--with-mib-modules=host ucd-snmp/diskio'
* In include/net-snmp/system/solaris.h add NEW_MIB_COMPLIANT to the bottom
make; make install

Create /var/svc/manifest/network/net-snmp.xml:

<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">

<service_bundle type='manifest' name='net-snmp'>

<service
        name='system/net-snmp'
        type='service'
        version='1'>

        <create_default_instance enabled='false' />

        <single_instance/>

        <dependency
                name='milestone'
                grouping='require_all'
                restart_on='none'
                type='service'>
                <service_fmri value='svc:/milestone/sysconfig' />
        </dependency>

        <dependency
                name='filesystem'
                grouping='require_all'
                restart_on='none'
                type='service'>
                <service_fmri value='svc:/system/filesystem/local' />
        </dependency>

        <dependency
                name='name-services'
                grouping='require_all'
                restart_on='none'
                type='service'>
                <service_fmri value='svc:/milestone/name-services' />
        </dependency>

        <dependent
                name='net-snmp_single-user'
                grouping='optional_all'
                restart_on='none'>
                <service_fmri value='svc:/milestone/multi-user' />
        </dependent>

        <exec_method
                type='method'
                name='start'
                exec='/lib/svc/method/svc-net-snmp'
                timeout_seconds='60' />

        <exec_method
                type='method'
                name='stop'
                exec=':kill'
                timeout_seconds='60' />

        <exec_method
                type='method'
                name='refresh'
                exec=':kill -HUP'
                timeout_seconds='60' />

        <property_group name='general' type='framework'>
                <propval name='action_authorization' type='astring'
                        value='solaris.smf.manage.net-snmp' />
        </property_group>

        <stability value='Unstable' />

        <template>
                <common_name>
                        <loctext xml:lang='C'> net-snmp
                        </loctext>
                </common_name>
                <documentation>
                        <manpage title='net-snmp' section='1M'
                                manpath='/usr/share/man' />
                </documentation>
        </template>
</service>

</service_bundle>

Create /var/svc/manifest/network/net-snmp.xml:

#!/bin/sh
. /lib/svc/share/smf_include.sh

# Start processes required for snmpd

if [ -x /usr/local/sbin/snmpd ]; then
  /usr/local/sbin/snmpd
else
  echo "snmpd is missing or not executable."
  exit $SMF_EXIT_ERR_CONFIG
fi

exit $SMF_EXIT_OK

Service Management

To control services, use svcadm:

svcadm enable ssh
svcadm disable ssh
svcadm restart ssh

To install/delete services, use svccfg.

To see why services failed to start:

svcs -xv

@@ Line 122: / Line 122: @@
 You need to create /etc/krb5/krb5.keytab containing host/fqdn@CSCLUB.UWATERLOO.CA where fqdn is the fully qualified domain name of the host.
-== sudo ==
-The sudo in blastwave/csw does not inclue the '--secure-path' configure option or ldap support, so you should build sudo from source:
- ./configure --prefix=/usr/local --with-all-insults --with-exempt=sudo --with-pam --with-fqdn --with-logging=syslog --with-logfac=auth \
-   --with-secure-path=/opt/csw/sbin:/opt/csw/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin --with-env-editor \
-   --with-timeout=15 --with-password-timeout=0 --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail \
-   --with-ldap --with-ldap-conf-file=/etc/ldap/ldap.conf
- * In config.h, change '#define HAVE_DGETTEXT 1' to '#undef HAVE_DGETTEXT'
- make; make install
 == ZFS ==