OpenSolaris

From CSCWiki
Revision as of 21:25, 15 May 2008 by Dtbartle (talk | contribs)
Jump to navigation Jump to search

OpenSolaris Packages

You can use packagemanger to install and update packages.

You should install the following build-related packages:

SUNWarc SUNWsfwhea SUNWhea SUNWtoo

Blastwave/CSW Packages

Install pkg-get:

pkgadd -d http://www.blastwave.org/pkg_get.pkg
* In /opt/csw/etc/pkg-get.conf, set the primary url to http://mirror.csclub.uwaterloo.ca/blastwave/unstable.

Install various packages:

/opt/csw/bin/pkg-get -i gnupg screen less vim bash bash_completion openldap_client openldap_devel \
  sasl_gssapi gcc3core gcc3g++ gmake flex bison ggrep gawk gsed puppet top iftop wireshark

We want certain config files to be in /etc, rather than /opt/csw:

rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf
rm -f /etc/krb5/krb5.conf && ln -s /etc/krb5.conf /etc/krb5/krb5.conf
rm -f /etc/krb5/krb5.keytab && ln -s /etc/krb5.keytab /etc/krb5/krb5.keytab

It's usefull to have some binaries symlinked:

ln -s gmake /opt/csw/bin/make
ln -s gld /opt/csw/bin/ld

Environment variables

In /etc/default/login, change PATH and SUPATH:

PATH=/usr/local/bin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/gnu/bin:/usr/bin:/bin:/usr/sfw/bin
SUPATH=/usr/local/sbin:/usr/local/bin:/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:\
  /usr/gnu/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin

Near the top of /etc/profile, add:

export PAGER=less

nss_ldap

The native nss_ldap library doesn't support rfc2307bis, so we need to build padl's nss_ldap from source:

LDFLAGS=-L/opt/csw/lib ./configure --with-ldap-conf-file=/etc/libnss-ldap.conf --prefix=/usr/local
LDADD=-L/opt/csw/lib\ -R/opt/csw/lib make; make install
ln -s /usr/local/lib/nss_ldap.so.1 /lib/nss_ldap.so.1

Modify /etc/nsswitch.ldap to your liking. You should also copy /etc/libnss-ldap.conf from caffeine. Despite the fact that we link against csw's openldap libraries, we need to configure the native ldap library.

ldapclient manual -a credentialLevel=anonymous \
    -a authenticationMethod=none \
    -a domainName=csclub.uwaterloo.ca \
    -a defaultSearchBase=dc=csclub,dc=uwaterloo,dc=ca \
    -a defaultSearchScope=sub \
    -a defaultServerList=ldap1.csclub.uwaterloo.ca,ldap2.csclub.uwaterloo.ca

In /etc/group, add the following to the bottom:

users::100:

PAM

In /etc/pam.conf, after

other auth required   pam_unix_cred.so.1

add

other auth sufficient   pam_krb5.so.1

You should also do this for 'login'.

You need to create /etc/krb5/krb5.keytab containing host/fqdn@CSCLUB.UWATERLOO.CA where fqdn is the fully qualified domain name of the host.

sudo

The sudo in blastwave/csw does not inclue the '--secure-path' configure option or ldap support, so you should build sudo from source:

./configure --prefix=/usr/local --with-all-insults --with-exempt=sudo --with-pam --with-fqdn --with-logging=syslog --with-logfac=auth \
  --with-secure-path=/opt/csw/sbin:/opt/csw/bin:/usr/gnu/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin --with-env-editor \
  --with-timeout=15 --with-password-timeout=0 --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail \
  --with-ldap --with-ldap-conf-file=/etc/ldap/ldap.conf
* In config.h, change '#define HAVE_DGETTEXT 1' to '#undef HAVE_DGETTEXT'
make; make install

ZFS

When you add new disks you need to have Solaris rescan for disks. You can do this by adding '-r' as a kernel option (via grub).

To view a list of disks:

format

To create a mirrored "zpool" (basically lvm/mdadm/fs all rolled into one):

zpool create users mirror c2t0d0 c2t1d0

This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0.

To enable Kerberos security, modify /etc/nfssec.conf and uncomment the krb5 lines.

Also see User-data#ZFS.

SNMP

The snmp daemon in Solaris doesn't support 64-bit counters, so you should compile net-snmp:

./configure --prefix=/usr/local --enable-mfd-rewrites '--with-mib-modules=host ucd-snmp/diskio'
* In include/net-snmp/system/solaris.h add NEW_MIB_COMPLIANT to the bottom
make; make install

Create /var/svc/manifest/network/net-snmp.xml:

<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">

<service_bundle type='manifest' name='net-snmp'>

<service
        name='system/net-snmp'
        type='service'
        version='1'>

        <create_default_instance enabled='false' />

        <single_instance/>

        <dependency
                name='milestone'
                grouping='require_all'
                restart_on='none'
                type='service'>
                <service_fmri value='svc:/milestone/sysconfig' />
        </dependency>

        <dependency
                name='filesystem'
                grouping='require_all'
                restart_on='none'
                type='service'>
                <service_fmri value='svc:/system/filesystem/local' />
        </dependency>

        <dependency
                name='name-services'
                grouping='require_all'
                restart_on='none'
                type='service'>
                <service_fmri value='svc:/milestone/name-services' />
        </dependency>

        <dependent
                name='net-snmp_single-user'
                grouping='optional_all'
                restart_on='none'>
                <service_fmri value='svc:/milestone/multi-user' />
        </dependent>

        <exec_method
                type='method'
                name='start'
                exec='/lib/svc/method/svc-net-snmp'
                timeout_seconds='60' />

        <exec_method
                type='method'
                name='stop'
                exec=':kill'
                timeout_seconds='60' />

        <exec_method
                type='method'
                name='refresh'
                exec=':kill -HUP'
                timeout_seconds='60' />

        <property_group name='general' type='framework'>
                <propval name='action_authorization' type='astring'
                        value='solaris.smf.manage.net-snmp' />
        </property_group>

        <stability value='Unstable' />

        <template>
                <common_name>
                        <loctext xml:lang='C'> net-snmp
                        </loctext>
                </common_name>
                <documentation>
                        <manpage title='net-snmp' section='1M'
                                manpath='/usr/share/man' />
                </documentation>
        </template>
</service>

</service_bundle>

Create /var/svc/manifest/network/net-snmp.xml:

#!/bin/sh
. /lib/svc/share/smf_include.sh

# Start processes required for snmpd

if [ -x /usr/local/sbin/snmpd ]; then
  /usr/local/sbin/snmpd
else
  echo "snmpd is missing or not executable."
  exit $SMF_EXIT_ERR_CONFIG
fi

exit $SMF_EXIT_OK

Service Management

To control services, use svcadm:

svcadm enable ssh
svcadm disable ssh
svcadm restart ssh

To install/delete services, use svccfg.

To see why services failed to start:

svcs -xv

External Links