OpenSolaris: Difference between revisions

From CSCWiki
Jump to navigation Jump to search
m (added to Software category)
 
(206 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Networking ==
Solaris is drugs; avoid it at all cost.


Create /etc/defaultroute with contents:
== pkg-get ==
129.97.134.1


Modify /etc/netmasks and add to the end:
129.97.134.1 255.255.255.0

Create /etc/hostname.e1000g0 (where e1000g0 is the interface name):
ginseng

Modify /etc/hosts so that it contains at least the following:
127.0.0.1 localhost loghost
129.97.134.89 ginseng.csclub.uwaterloo.ca ginseng

Run the following:
svcadm enable physical:default
/lib/svc/methods/net-physical:default

== OpenSolaris Packages ==

You should install the following build-related packages:
pkg install SUNWarc SUNWsfwhea SUNWhea SUNWtoo

If you want gcc and Sun Studio:
pkg install gcc-dev sunstudio

== Blastwave/CSW Packages ==

Install pkg-get:
pkgadd -d http://www.blastwave.org/pkg_get.pkg
pkgadd -d http://www.blastwave.org/pkg_get.pkg
* In /opt/csw/etc/pkg-get.conf, set the primary url to http://mirror.csclub.uwaterloo.ca/blastwave/unstable.


Install various packages:
/opt/csw/bin/pkg-get -i gnupg vim
/opt/csw/bin/pkg-get -i gnupg screen bash_completion bison gawk gsed puppet top iftop wireshark


We want certain config files to be in /etc, rather than /opt/csw:
== PATH ==
rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf
rm -f /etc/krb5/krb5.conf && ln -s /etc/krb5.conf /etc/krb5/krb5.conf
rm -f /etc/krb5/krb5.keytab && ln -s /etc/krb5.keytab /etc/krb5/krb5.keytab


== Environment variables ==
export PATH=/opt/csw/bin:/usr/sfw/bin:$PATH


In /etc/default/login, change PATH and SUPATH:
== Build Tools ==


PATH=/usr/local/bin:/usr/gnu/bin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/bin:/bin:/usr/sfw/bin
You need to insert the Solaris 10 DVD; it should get auto-mounted in /cdrom/sol*. Then ls to /cdrom/sol*/Solaris\ 10/Products and install some packages:
SUPATH=/usr/local/sbin:/usr/local/bin:/usr/gnu/bin:/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin
pkgadd -d . SUNWgcc SUNWbinutils SUNWgmake


Near the top of /etc/profile, add:
== LDAP ==


export PAGER=less
Build openldap:
./configure --disable-slapd --prefix=/opt/csc/openldap --sysconfdir=/etc/ldap
make depend; make; make install


Build nss_ldap:
== nss_ldap ==
CFLAGS=-I/opt/csc/openldap/include LDFLAGS=-L/opt/csc/openldap/lib\ -R/opt/csc/openldap/lib \
./configure --with-ldap-conf-file=/etc/libnss-ldap.conf --prefix=/opt/csc/nss_ldap
Comment out the '#define HAVE_SASL_SASL_H' line in config.h.<br/>
In Makefile, change 'LIBS = -lldap...' to 'LIBS = $(LDFLAGS) -lldap...'.
make; make install


The native nss_ldap library doesn't support rfc2307bis, so we need to build padl's nss_ldap from source:
Install nss_ldap.so:
LDFLAGS=-L/opt/csw/lib CFLAGS=-I/opt/csw/include ./configure --with-ldap-conf-file=/etc/libnss-ldap.conf --prefix=/usr/local
rm /usr/lib/nss_ldap.so.1
LDADD=-L/opt/csw/lib\ -R/opt/csw/lib make; make install
ln -s /opt/csc/nss_ldap/lib/nss_ldap.so /usr/lib/nss_ldap.so.1
ln -s /usr/local/lib/nss_ldap.so.1 /lib/nss_ldap.so.1


Modify /etc/nsswitch.conf to use ldap and then install libnss-ldap.conf and ldap.conf:
Modify /etc/nsswitch.ldap to your liking. You should also copy /etc/libnss-ldap.conf from caffeine. Despite the fact that we link against csw's openldap libraries, we need to configure the native ldap library.
ldapclient manual -a credentialLevel=anonymous \
scp caffeine:/etc/ldap/ldap.conf /etc/ldap/ldap.conf
-a authenticationMethod=none \
scp caffeine:/etc/libnss-ldap.conf /etc/libnss-ldap.conf
-a domainName=csclub.uwaterloo.ca \
-a defaultSearchBase=dc=csclub,dc=uwaterloo,dc=ca \
-a defaultSearchScope=sub \
-a defaultServerList=ldap1.csclub.uwaterloo.ca,ldap2.csclub.uwaterloo.ca


In /etc/group, add the following to the bottom:
== Kerberos ==
users::100:


== PAM ==
scp caffeine:/etc/krb5.conf /etc/krb5/krb5.conf


In /etc/pam.conf, after
In /etc/pam.conf, after
Line 46: Line 76:
other auth sufficient pam_krb5.so.1
other auth sufficient pam_krb5.so.1


You might want to also do this for 'login'.
You should also do this for 'login'.


You need to create /etc/krb5/krb5.keytab containing host/FQDN@CSCLUB.UWATERLOO.CA where FQDN = the fully qualified domain name of the host.
You need to create /etc/krb5/krb5.keytab containing host/fqdn@CSCLUB.UWATERLOO.CA where fqdn is the fully qualified domain name of the host.


== sudo ==
== sudo ==


The sudo in blastwave/csw does not inclue the '--secure-path' configure option. This means that commands such as 'sudo mount' will result in 'command not found' errors, as is not in the callee's path. Here's the suggested configure script for building sudo from source;
The sudo in blastwave/csw does not inclue the '--secure-path' configure option or ldap support, so you should build sudo from source:
./configure --prefix=/usr/local --with-all-insults --with-exempt=sudo --with-pam --with-fqdn --with-logging=syslog --with-logfac=auth \

./configure --prefix=/usr --with-secure-path=/opt/csw/sbin:/opt/csw/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
--with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/gnu/bin:/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin \
--with-all-insults --with-exempt=sudo --with-pam --with-fqdn --with-logging=syslog --with-logfac=auth --with-env-editor \
--with-env-editor --with-timeout=15 --with-password-timeout=0 --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail \
--with-ldap --with-ldap-conf-file=/etc/ldap/ldap.conf
--with-timeout=15 --with-password-timeout=0 --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail --with-ldap \
* In config.h, change '#define HAVE_DGETTEXT 1' to '#undef HAVE_DGETTEXT'
--with-ldap-conf-file=/etc/ldap/ldap.conf
make; make install


== ZFS ==
== ZFS ==
Line 63: Line 94:
When you add new disks you need to have Solaris rescan for disks. You can do this by adding '-r' as a kernel option (via grub).
When you add new disks you need to have Solaris rescan for disks. You can do this by adding '-r' as a kernel option (via grub).


You can view a list of disks by typing
To view a list of disks:
format
format


Line 70: Line 101:
This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0.
This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0.


To enable Kerberos security, modify /etc/nfssec.conf and uncomment the krb5 lines.
To create datasets (basically mountpoints within a zpool):
zpool create users/dtbartle


Also see [[User-data#ZFS]].
Quota can be managed via 'zfs get' and 'zfs set'. To query quota:
zfs get quota
To set quota for a user:
zfs set quota=2G users/dtbartle


== SNMP ==
To export over NFS:
zfs set sharenfs="sec=sys,rw=caffeine,suagr,..." users


The snmp daemon in Solaris doesn't support 64-bit counters, so you should compile net-snmp:
Snapshots are viewable at /users/dtbartle/.zfs/snapshot/
./configure --prefix=/usr/local --enable-mfd-rewrites '--with-mib-modules=host ucd-snmp/diskio' \
--disable-embedded-perl --with-sys-contact="syscom@csclub.uwaterloo.ca" --with-sys-location="MC 3015" \
--with-default-snmp-version=3 --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp"
* In include/net-snmp/system/solaris.h add '#define NEW_MIB_COMPLIANT 1' to the bottom.
make; make install


Create /tmp/net-snmp.xml:
== SNMP ==
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type='manifest' name='net-snmp'>
<service name='system/net-snmp' type='service' version='1'>
<create_default_instance enabled='false' />
<single_instance/>
<dependency name='milestone' grouping='require_all' restart_on='none' type='service'>
<service_fmri value='svc:/milestone/sysconfig' />
</dependency>
<dependency name='filesystem' grouping='require_all' restart_on='none' type='service'>
<service_fmri value='svc:/system/filesystem/local' />
</dependency>
<!--
net-snmp needs nameservice resolution to connect to hosts.
-->
<dependency name='name-services' grouping='require_all' restart_on='none' type='service'>
<service_fmri value='svc:/milestone/name-services' />
</dependency>
<dependent name='net-snmp_single-user' grouping='optional_all' restart_on='none'>
<service_fmri value='svc:/milestone/multi-user' />
</dependent>
<exec_method type='method' name='start' exec='/lib/svc/method/svc-net-snmp' timeout_seconds='60' />
<exec_method type='method' name='stop' exec=':kill' timeout_seconds='60' />
<exec_method type='method' name='refresh' exec=':kill -HUP' timeout_seconds='60' />
<property_group name='general' type='framework'>
<!--
to start stop syslog daemon
-->
<propval name='action_authorization' type='astring' value='solaris.smf.manage.net-snmp' />
</property_group>
<stability value='Unstable' />
<template>
<common_name>
<loctext xml:lang='C'>net-snmp</loctext>
</common_name>
<documentation>
<manpage title='net-snmp' section='1M' manpath='/usr/share/man' />
</documentation>
</template>
</service>
</service_bundle>


Import the manifest:
An SNMP daemon can be enabled via:
svccfg import /tmp/net-snmp.xml
svcadm enable sma

It can be configured via /etc/snmpd/conf/snmpd.conf
Create /lib/svc/method/svc-net-snmp:
#!/bin/sh
. /lib/svc/share/smf_include.sh
# Start processes required for snmpd
if [ -x /usr/local/sbin/snmpd ]; then
/usr/local/sbin/snmpd
else
echo "snmpd is missing or not executable."
exit $SMF_EXIT_ERR_CONFIG
fi
exit $SMF_EXIT_OK

== rsyncd ==

Install SUNWrsync.

Create /tmp/rsync.xml:
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="manifest" name="rsync">
<service name="network/rsync" type="service" version="4">
<create_default_instance enabled="false"/>
<single_instance/>
<!--
If there's no network, then there's no point in running
-->
<dependency name="loopback" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/network/loopback:default"/>
</dependency>
<dependency name="physical" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/network/physical:default"/>
</dependency>
<dependency name="fs-local" grouping="require_all" restart_on="none" type="service">
<service_fmri value="svc:/system/filesystem/local"/>
</dependency>
<exec_method type="method" name="start" exec="/opt/csw/bin/rsync --daemon" timeout_seconds="60"/>
<exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>
<exec_method type="method" name="refresh" exec=":kill -HUP" timeout_seconds="60"/>
<stability value="Unstable"/>
<template>
<common_name>
<loctext xml:lang="C">RSYNC daemon</loctext>
</common_name>
<documentation>
<manpage title="rsync" section="7"/>
<doc_link name="rsync.org" uri="http://www.rsync.org/docs/"/>
</documentation>
</template>
</service>
</service_bundle>

Import the manifest:
svccfg import /tmp/rsync.xml

== Service Management ==

To control services, use svcadm:
svcadm enable ssh
svcadm disable ssh
svcadm restart ssh

To install/delete services, use svccfg.

To see why services failed to start:
svcs -xv


== External Links ==
== External Links ==
* http://docs.sun.com/app/docs/doc/819-5461
https://www.cs.uwaterloo.ca/twiki/view/CF/ADAddSolaris10
* http://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_Guide
http://ashtech.net/~syntax/blog/archives/50-Solaris-10-Partitioning,-RAID,-and-ZFS.html
* https://www.cs.uwaterloo.ca/twiki/view/CF/ADAddSolaris10

[[Category:Software]]

Latest revision as of 21:33, 22 November 2009

Networking

Create /etc/defaultroute with contents: 

129.97.134.1

Modify /etc/netmasks and add to the end: 

129.97.134.1 255.255.255.0

Create /etc/hostname.e1000g0 (where e1000g0 is the interface name): 

ginseng

Modify /etc/hosts so that it contains at least the following: 

127.0.0.1 localhost loghost
129.97.134.89 ginseng.csclub.uwaterloo.ca ginseng

Run the following: 

svcadm enable physical:default
/lib/svc/methods/net-physical:default

OpenSolaris Packages

You should install the following build-related packages: 

pkg install SUNWarc SUNWsfwhea SUNWhea SUNWtoo

If you want gcc and Sun Studio: 

pkg install gcc-dev sunstudio

Blastwave/CSW Packages

Install pkg-get: 

pkgadd -d http://www.blastwave.org/pkg_get.pkg
* In /opt/csw/etc/pkg-get.conf, set the primary url to http://mirror.csclub.uwaterloo.ca/blastwave/unstable.

Install various packages: 

/opt/csw/bin/pkg-get -i gnupg screen bash_completion bison gawk gsed puppet top iftop wireshark

We want certain config files to be in /etc, rather than /opt/csw: 

rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf
rm -f /etc/krb5/krb5.conf && ln -s /etc/krb5.conf /etc/krb5/krb5.conf
rm -f /etc/krb5/krb5.keytab && ln -s /etc/krb5.keytab /etc/krb5/krb5.keytab

Environment variables

In /etc/default/login, change PATH and SUPATH: 

PATH=/usr/local/bin:/usr/gnu/bin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/bin:/bin:/usr/sfw/bin
SUPATH=/usr/local/sbin:/usr/local/bin:/usr/gnu/bin:/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin

Near the top of /etc/profile, add: 

export PAGER=less

nss_ldap

The native nss_ldap library doesn't support rfc2307bis, so we need to build padl's nss_ldap from source: 

LDFLAGS=-L/opt/csw/lib CFLAGS=-I/opt/csw/include ./configure --with-ldap-conf-file=/etc/libnss-ldap.conf --prefix=/usr/local
LDADD=-L/opt/csw/lib\ -R/opt/csw/lib make; make install
ln -s /usr/local/lib/nss_ldap.so.1 /lib/nss_ldap.so.1

Modify /etc/nsswitch.ldap to your liking. You should also copy /etc/libnss-ldap.conf from caffeine. Despite the fact that we link against csw's openldap libraries, we need to configure the native ldap library. 

ldapclient manual -a credentialLevel=anonymous \
    -a authenticationMethod=none \
    -a domainName=csclub.uwaterloo.ca \
    -a defaultSearchBase=dc=csclub,dc=uwaterloo,dc=ca \
    -a defaultSearchScope=sub \
    -a defaultServerList=ldap1.csclub.uwaterloo.ca,ldap2.csclub.uwaterloo.ca

In /etc/group, add the following to the bottom: 

users::100:

PAM

In /etc/pam.conf, after 

other auth required   pam_unix_cred.so.1

add 

other auth sufficient   pam_krb5.so.1

You should also do this for 'login'.

You need to create /etc/krb5/krb5.keytab containing host/fqdn@CSCLUB.UWATERLOO.CA where fqdn is the fully qualified domain name of the host.

sudo

The sudo in blastwave/csw does not inclue the '--secure-path' configure option or ldap support, so you should build sudo from source: 

./configure --prefix=/usr/local --with-all-insults --with-exempt=sudo --with-pam --with-fqdn --with-logging=syslog --with-logfac=auth \
  --with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/gnu/bin:/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin \
  --with-env-editor --with-timeout=15 --with-password-timeout=0 --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail \
  --with-ldap --with-ldap-conf-file=/etc/ldap/ldap.conf
* In config.h, change '#define HAVE_DGETTEXT 1' to '#undef HAVE_DGETTEXT'
make; make install

ZFS

When you add new disks you need to have Solaris rescan for disks. You can do this by adding '-r' as a kernel option (via grub).

To view a list of disks: 

format

To create a mirrored "zpool" (basically lvm/mdadm/fs all rolled into one): 

zpool create users mirror c2t0d0 c2t1d0

This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0.

To enable Kerberos security, modify /etc/nfssec.conf and uncomment the krb5 lines.

Also see User-data#ZFS.

SNMP

The snmp daemon in Solaris doesn't support 64-bit counters, so you should compile net-snmp: 

./configure --prefix=/usr/local --enable-mfd-rewrites '--with-mib-modules=host ucd-snmp/diskio' \
  --disable-embedded-perl --with-sys-contact="syscom@csclub.uwaterloo.ca" --with-sys-location="MC 3015" \
  --with-default-snmp-version=3 --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp"
* In include/net-snmp/system/solaris.h add '#define NEW_MIB_COMPLIANT 1' to the bottom.
make; make install

Create /tmp/net-snmp.xml: 

<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type='manifest' name='net-snmp'>
  <service name='system/net-snmp' type='service' version='1'>
    <create_default_instance enabled='false' />
    <single_instance/>
    <dependency name='milestone' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/milestone/sysconfig' />
    </dependency>
    <dependency name='filesystem' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/system/filesystem/local' />
    </dependency>
    <dependency name='name-services' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/milestone/name-services' />
    </dependency>
    <dependent name='net-snmp_single-user' grouping='optional_all' restart_on='none'>
      <service_fmri value='svc:/milestone/multi-user' />
    </dependent>
    <exec_method type='method' name='start' exec='/lib/svc/method/svc-net-snmp' timeout_seconds='60' />
    <exec_method type='method' name='stop' exec=':kill' timeout_seconds='60' />
    <exec_method type='method' name='refresh' exec=':kill -HUP' timeout_seconds='60' />
    <property_group name='general' type='framework'>
      <propval name='action_authorization' type='astring' value='solaris.smf.manage.net-snmp' />
    </property_group>
    <stability value='Unstable' />
    <template>
      <common_name>
        <loctext xml:lang='C'>net-snmp</loctext>
      </common_name>
      <documentation>
        <manpage title='net-snmp' section='1M' manpath='/usr/share/man' />
      </documentation>
    </template>
  </service>
</service_bundle>

Import the manifest: 

svccfg import /tmp/net-snmp.xml

Create /lib/svc/method/svc-net-snmp: 

#!/bin/sh
. /lib/svc/share/smf_include.sh

# Start processes required for snmpd

if [ -x /usr/local/sbin/snmpd ]; then
  /usr/local/sbin/snmpd
else
  echo "snmpd is missing or not executable."
  exit $SMF_EXIT_ERR_CONFIG
fi

exit $SMF_EXIT_OK

rsyncd

Install SUNWrsync.

Create /tmp/rsync.xml: 

<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="manifest" name="rsync">
  <service name="network/rsync" type="service" version="4">
    <create_default_instance enabled="false"/>
    <single_instance/>
    <dependency name="loopback" grouping="require_all" restart_on="error" type="service">
      <service_fmri value="svc:/network/loopback:default"/>
    </dependency>
    <dependency name="physical" grouping="require_all" restart_on="error" type="service">
      <service_fmri value="svc:/network/physical:default"/>
    </dependency>
    <dependency name="fs-local" grouping="require_all" restart_on="none" type="service">
      <service_fmri value="svc:/system/filesystem/local"/>
    </dependency>
    <exec_method type="method" name="start" exec="/opt/csw/bin/rsync --daemon" timeout_seconds="60"/>
    <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>
    <exec_method type="method" name="refresh" exec=":kill -HUP" timeout_seconds="60"/>
    <stability value="Unstable"/>
    <template>
      <common_name>
        <loctext xml:lang="C">RSYNC daemon</loctext>
      </common_name>
      <documentation>
        <manpage title="rsync" section="7"/>
        <doc_link name="rsync.org" uri="http://www.rsync.org/docs/"/>
      </documentation>
    </template>
  </service>
</service_bundle>

Import the manifest: 

svccfg import /tmp/rsync.xml

Service Management

To control services, use svcadm: 

svcadm enable ssh
svcadm disable ssh
svcadm restart ssh

To install/delete services, use svccfg.

To see why services failed to start: 

svcs -xv

External Links

Retrieved from "https://wiki.csclub.uwaterloo.ca/index.php?title=OpenSolaris&oldid=2256"