OpenSolaris
Solaris is drugs; avoid it at all cost.
Blastwave/CSW Packages
Install pkg-get:
pkgadd -d http://www.blastwave.org/pkg_get.pkg * In /opt/csw/edit/pkg-get.conf, and set the primary url to http://mirror.csclub.uwaterloo.ca/blastwave/unstable.
Install various packages:
/opt/csw/bin/pkg-get -i gnupg screen less vim bash_completion openldap_client openldap_devel sasl_gssapi nrpe \ gcc3core gcc3g++ gmake puppet
We want certain config files to be in /etc, rather than /opt/csw:
rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf rm -f /opt/csw/etc/krb5.conf && ln -s /etc/krb5/krb5.conf /opt/csw/etc/krb5.conf
Solaris 10 Packages
If you need to install additional packages from the Solaris 10 DVD, insert the DVD and it should get auto-mounted in /cdrom/sol*. Then ls to /cdrom/sol*/Solaris\ 10/Products and install packages:
pkgadd -d . SUNWpkg
PATH
Near the top of /etc/profile, add:
if [ "`id | cut -d= -f2 | cut -d\( -f1`" -eq 0 ]; then PATH="/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin" else PATH="/opt/csw/bin:/opt/csw/gcc3/bin:/usr/local/bin:/usr/bin:/bin:/usr/sfw/bin" fi
nss_ldap
The native nss_ldap library doesn't support rfc2307bis, so we need to build padl's nss_ldap from source:
./configure --with-ldap-conf-file=/etc/libnss-ldap.conf --prefix=/usr/local LDADD=-L/opt/csw/lib\ -R/opt/csw/lib make; make install rm /usr/lib/nss_ldap.so.1 && ln -s /usr/local/lib/nss_ldap.so /usr/lib/nss_ldap.so.1
PAM
In /etc/pam.conf, after
other auth required pam_unix_cred.so.1
add
other auth sufficient pam_krb5.so.1
You should also do this for 'login'.
You need to create /etc/krb5/krb5.keytab containing host/fqdn@CSCLUB.UWATERLOO.CA where fqdn is the fully qualified domain name of the host.
sudo
The sudo in blastwave/csw does not inclue the '--secure-path' configure option or ldap support, so you should build sudo from source:
./configure --prefix=/usr/local --with-all-insults --with-exempt=sudo --with-pam --with-fqdn --with-logging=syslog --with-logfac=auth \ --with-secure-path=/opt/csw/sbin:/opt/csw/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin --with-env-editor \ --with-timeout=15 --with-password-timeout=0 --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail \ --with-ldap --with-ldap-conf-file=/etc/ldap/ldap.conf * In config.h, change '#define HAVE_DGETTEXT 1' to '#undef HAVE_GETTEXT' make; make install
ZFS
When you add new disks you need to have Solaris rescan for disks. You can do this by adding '-r' as a kernel option (via grub).
You can view a list of disks by typing
format
To create a mirrored "zpool" (basically lvm/mdadm/fs all rolled into one):
zpool create users mirror c2t0d0 c2t1d0
This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0.
To create datasets (basically mountpoints within a zpool):
zpool create users/dtbartle
To disable atime, devices, and setuid:
zpool set atime=off users zpool set devices=off users zpool set setuid=off users
Quota can be managed via 'zfs get' and 'zfs set'. To query quota:
zfs get quota
To set quota for a user:
zfs set quota=2G users/dtbartle
To disable quota for a user:
zfs set quota=none users/dtbartle
To export over NFS:
zfs set sharenfs="sec=sys,rw=$ACCESS_LIST" users
ACCESS_LIST may be as a colon-separated list of any of the following:
- hostname (e.g. glucose-fructose.csclub.uwaterloo.ca)
- netgroup (e.g. in LDAP)
- domain name suffix (e.g. .csclub.uwaterloo.ca)
- network (e.g. @129.97.134.0/24)
A minus sign (-) may prefix one of the above to indicate that access is to be denied.
Snapshots are viewable at /users/$USER/.zfs/snapshot/
SNMP
An SNMP daemon can be enabled via:
svcadm enable sma
It can be configured via /etc/snmpd/conf/snmpd.conf.
Puppet
Make sure that your .cshrc file is empty, as running 'which' invoke csh.