OpenSolaris

From CSCWiki
Jump to navigation Jump to search

Solaris 10 Packages

You can then install additional packages from the Solaris 10 DVD by inserting the DVD; it should get auto-mounted in /cdrom/sol*. If this isn't the case, you can manually mount the disc via:

mount -F hsfs /dev/dsk/c1t0d0s0 /mnt

Then ls to /cdrom/sol*/Solaris\ 10/Products and install packages:

pkgadd -d . PKGNAME

Install wget, volume management, and bash:

pkgadd -d . SUNWvolr SUNWvolu SUNWgcmn SUNWwgetr SUNWwgetu SUNWbash

You should install the patch manager and update manager (see http://forum.java.sun.com/thread.jspa?threadID=5195959&messageID=9784141):

pkgadd -d . SUNWzoner SUNWmfrun SUNWj5rt SUNWxcu4 SUNWjdmk-base SUNWcacaort SUNWccccrr SUNWccccr SUNWscn-base-r SUNWscn-base \
  SUNWsamr SUNWsam SUNWcsmauth SUNWpoolr SUNWpool SUNWadmc SUNWadmfr SUNWadmfw SUNWlucfg SUNWlur SUNWluu SUNWluzone SUNWzoneu \
  SUNWccsign SUNWccfw SUNWscnprmr SUNWscnprm SUNWscnsomr SUNWscnsom SUNWsensor SUNWcctpx SUNWbrg SUNWccccfg SUNWccfwctrl \
  SUNWccinv SUNWppror SUNWpprou SUNWppro-plugin-sunos-base SUNWctpls SUNWupdatemgru

If you want krb5 to work with NFS:

pkgadd -d . SUNWrsg

You should install the following build-related packages:

pkgadd -d . SUNWdoc SUNWman SUNWarc SUNWsfwhea SUNWhea SUNWtoo SUNWlibmr SUNWlibm

If you want ssh:

pkgadd -d . SUNWsshcu SUNWsshr SUNWsshu SUNWsshdr SUNWsshdu
/lib/svc/method/sshd -c
svcadm enable ssh

If you want X applications to work:

pkgadd -d . SUNWxwfnt SUNWxwice SUNWxwrtl SUNWxwplr SUNWxwplt

If you want the NTP daemon:

pkgadd -d . SUNWntpr SUNWntpu
svcadm enable ntp

Create /etc/inet/ntp.conf:

server time.nist.gov

You should reboot to make sure all services are configured (there's probably a way to do this that doesn't require rebooting).

Blastwave/CSW Packages

Install pkg-get:

pkgadd -d http://www.blastwave.org/pkg_get.pkg
* In /opt/csw/etc/pkg-get.conf, set the primary url to http://mirror.csclub.uwaterloo.ca/blastwave/unstable.

Install various packages:

/opt/csw/bin/pkg-get -i gnupg screen less vim bash bash_completion openldap_client openldap_devel \
  sasl_gssapi gcc3core gcc3g++ gmake flex bison ggrep gawk gsed puppet top iftop wireshark

We want certain config files to be in /etc, rather than /opt/csw:

rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf
rm -f /etc/krb5.conf && ln -s /etc/krb5/krb5.conf /etc/krb5.conf
rm -f /etc/krb5.keytab && ln -s /etc/krb5/krb5.keytab /etc/krb5.keytab

It's usefull to have some binaries symlinked:

ln -s gmake /opt/csw/bin/make
ln -s gld /opt/csw/bin/ld

Solaris Patching/Updating

To update blastwave:

pkg-get -U
pkg-get -u

Note that pkg-get will ask to remove a package and then ask to install the same package; this is normal and this is how pkg-get upgrades packages.

To configure the Solaris patch manager, you first have to create a Sun Online Account which you can create at https://reg.sun.com/register?program=sdn.

Create a file /tmp/reg.properties:

userName=syscom@csclub.uwaterloo.ca
password=[see ~sysadmin/passwords/sun-online-account]
hostName=
subscriptionKey=
portalEnabled=false
proxyHostName=
proxyPort=
proxyUserName=
proxyPassword=

Register the system:

cacaoadm enable
sconadm register -a -r /tmp/reg.properties

When I tried the above, it hung. After investigating, I discovered that cacao wasn't configured properly (see http://forum.java.sun.com/thread.jspa?threadID=5104038). The mentioned thread has a solution (svccfg export/import).

To install available patches:

smpatch update

If it is suggested that you shutdown the system to apply patches, use "shutdown -i 6". The system will appear to start rebooting, however it will eventually return to the prompt. DO NOT REBOOT AT THIS POINT!!!; the system is installing updates that could only be installed in single-user mode (run 'ps -ef | grep sbin\/patchadd' for details).

Environment variables

Near the top of /etc/profile, add:

if [ "`id | cut -d= -f2 | cut -d\( -f1`" -eq 0 ]; then
 PATH="/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin"
else
 PATH="/opt/csw/bin:/opt/csw/gcc3/bin:/usr/local/bin:/usr/bin:/bin:/usr/sfw/bin"
fi
PAGER=less

nss_ldap

The native nss_ldap library doesn't support rfc2307bis, so we need to build padl's nss_ldap from source:

LDFLAGS=-L/opt/csw/lib ./configure --with-ldap-conf-file=/etc/libnss-ldap.conf --prefix=/usr/local
LDADD=-L/opt/csw/lib\ -R/opt/csw/lib make; make install
ln -s /usr/local/lib/nss_ldap.so.1 /lib/nss_ldap.so.1

Modify /etc/nsswitch.ldap to your liking. You should also copy /etc/libnss-ldap.conf from caffeine. Despite the fact that we link against csw's openldap libraries, we need to configure the native ldap library.

ldapclient manual -a credentialLevel=anonymous \
    -a authenticationMethod=none \
    -a domainName=csclub.uwaterloo.ca \
    -a defaultSearchBase=dc=csclub,dc=uwaterloo,dc=ca \
    -a defaultSearchScope=sub \
    -a defaultServerList=ldap1.csclub.uwaterloo.ca,ldap2.csclub.uwaterloo.ca

In /etc/group, add the following to the bottom:

users::100:

PAM

In /etc/pam.conf, after

other auth required   pam_unix_cred.so.1

add

other auth sufficient   pam_krb5.so.1

You should also do this for 'login'.

You need to create /etc/krb5/krb5.keytab containing host/fqdn@CSCLUB.UWATERLOO.CA where fqdn is the fully qualified domain name of the host.

sudo

The sudo in blastwave/csw does not inclue the '--secure-path' configure option or ldap support, so you should build sudo from source:

./configure --prefix=/usr/local --with-all-insults --with-exempt=sudo --with-pam --with-fqdn --with-logging=syslog --with-logfac=auth \
  --with-secure-path=/opt/csw/sbin:/opt/csw/bin:/usr/gnu/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin --with-env-editor \
  --with-timeout=15 --with-password-timeout=0 --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail \
  --with-ldap --with-ldap-conf-file=/etc/ldap/ldap.conf
* In config.h, change '#define HAVE_DGETTEXT 1' to '#undef HAVE_DGETTEXT'
make; make install

ZFS

When you add new disks you need to have Solaris rescan for disks. You can do this by adding '-r' as a kernel option (via grub).

To view a list of disks:

format

To create a mirrored "zpool" (basically lvm/mdadm/fs all rolled into one):

zpool create users mirror c2t0d0 c2t1d0

This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0.

Also see User-data#ZFS.

SNMP

The snmp daemon in Solaris doesn't support 64-bit counters, so you should compile net-snmp:

./configure --prefix=/usr/local --enable-mfd-rewrites '--with-mib-modules=host ucd-snmp/diskio'
* In include/net-snmp/system/solaris.h add NEW_MIB_COMPLIANT to the bottom
make; make install

Create /var/svc/manifest/network/net-snmp.xml:

<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">

<service_bundle type='manifest' name='net-snmp'>

<service
        name='system/net-snmp'
        type='service'
        version='1'>

        <create_default_instance enabled='false' />

        <single_instance/>

        <dependency
                name='milestone'
                grouping='require_all'
                restart_on='none'
                type='service'>
                <service_fmri value='svc:/milestone/sysconfig' />
        </dependency>

        <dependency
                name='filesystem'
                grouping='require_all'
                restart_on='none'
                type='service'>
                <service_fmri value='svc:/system/filesystem/local' />
        </dependency>

        <dependency
                name='name-services'
                grouping='require_all'
                restart_on='none'
                type='service'>
                <service_fmri value='svc:/milestone/name-services' />
        </dependency>

        <dependent
                name='net-snmp_single-user'
                grouping='optional_all'
                restart_on='none'>
                <service_fmri value='svc:/milestone/multi-user' />
        </dependent>

        <exec_method
                type='method'
                name='start'
                exec='/lib/svc/method/svc-net-snmp'
                timeout_seconds='60' />

        <exec_method
                type='method'
                name='stop'
                exec=':kill'
                timeout_seconds='60' />

        <exec_method
                type='method'
                name='refresh'
                exec=':kill -HUP'
                timeout_seconds='60' />

        <property_group name='general' type='framework'>
                <propval name='action_authorization' type='astring'
                        value='solaris.smf.manage.net-snmp' />
        </property_group>

        <stability value='Unstable' />

        <template>
                <common_name>
                        <loctext xml:lang='C'> net-snmp
                        </loctext>
                </common_name>
                <documentation>
                        <manpage title='net-snmp' section='1M'
                                manpath='/usr/share/man' />
                </documentation>
        </template>
</service>

</service_bundle>

Create /var/svc/manifest/network/net-snmp.xml:

#!/bin/sh
. /lib/svc/share/smf_include.sh

# Start processes required for snmpd

if [ -x /usr/local/sbin/snmpd ]; then
  /usr/local/sbin/snmpd
else
  echo "snmpd is missing or not executable."
  exit $SMF_EXIT_ERR_CONFIG
fi

exit $SMF_EXIT_OK

Service Management

To control services, use svcadm:

svcadm enable ssh
svcadm disable ssh
svcadm restart ssh

To install/delete services, use svccfg.

To see why services failed to start:

svcs -xv

External Links