OpenSolaris
Networking
Create /etc/defaultroute with contents:
129.97.134.1
Modify /etc/netmasks and add to the end:
129.97.134.1 255.255.255.0
Create /etc/hostname.e1000g0 (where e1000g0 is the interface name):
ginseng
Modify /etc/hosts so that it contains at least the following:
127.0.0.1 localhost loghost 129.97.134.89 ginseng.csclub.uwaterloo.ca ginseng
Run the following:
svcadm enable physical:default /lib/svc/methods/net-physical:default
OpenSolaris Packages
You should install the following build-related packages:
pkg install SUNWarc SUNWsfwhea SUNWhea SUNWtoo
If you want gcc and Sun Studio:
pkg install gcc-dev sunstudio
Blastwave/CSW Packages
Install pkg-get:
pkgadd -d http://www.blastwave.org/pkg_get.pkg * In /opt/csw/etc/pkg-get.conf, set the primary url to http://mirror.csclub.uwaterloo.ca/blastwave/unstable.
Install various packages:
/opt/csw/bin/pkg-get -i gnupg screen bash_completion bison gawk gsed puppet top iftop wireshark
We want certain config files to be in /etc, rather than /opt/csw:
rm -f /opt/csw/etc/openldap/ldap.conf && ln -s /etc/ldap/ldap.conf /opt/csw/etc/openldap/ldap.conf rm -f /etc/krb5/krb5.conf && ln -s /etc/krb5.conf /etc/krb5/krb5.conf rm -f /etc/krb5/krb5.keytab && ln -s /etc/krb5.keytab /etc/krb5/krb5.keytab
Environment variables
In /etc/default/login, change PATH and SUPATH:
PATH=/usr/local/bin:/usr/gnu/bin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/bin:/bin:/usr/sfw/bin SUPATH=/usr/local/sbin:/usr/local/bin:/usr/gnu/bin:/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin
Near the top of /etc/profile, add:
export PAGER=less
nss_ldap
The native nss_ldap library doesn't support rfc2307bis, so we need to build padl's nss_ldap from source:
LDFLAGS=-L/opt/csw/lib CFLAGS=-I/opt/csw/include ./configure --with-ldap-conf-file=/etc/libnss-ldap.conf --prefix=/usr/local LDADD=-L/opt/csw/lib\ -R/opt/csw/lib make; make install ln -s /usr/local/lib/nss_ldap.so.1 /lib/nss_ldap.so.1
Modify /etc/nsswitch.ldap to your liking. You should also copy /etc/libnss-ldap.conf from caffeine. Despite the fact that we link against csw's openldap libraries, we need to configure the native ldap library.
ldapclient manual -a credentialLevel=anonymous \
-a authenticationMethod=none \
-a domainName=csclub.uwaterloo.ca \
-a defaultSearchBase=dc=csclub,dc=uwaterloo,dc=ca \
-a defaultSearchScope=sub \
-a defaultServerList=ldap1.csclub.uwaterloo.ca,ldap2.csclub.uwaterloo.ca
In /etc/group, add the following to the bottom:
users::100:
PAM
In /etc/pam.conf, after
other auth required pam_unix_cred.so.1
add
other auth sufficient pam_krb5.so.1
You should also do this for 'login'.
You need to create /etc/krb5/krb5.keytab containing host/fqdn@CSCLUB.UWATERLOO.CA where fqdn is the fully qualified domain name of the host.
sudo
The sudo in blastwave/csw does not inclue the '--secure-path' configure option or ldap support, so you should build sudo from source:
./configure --prefix=/usr/local --with-all-insults --with-exempt=sudo --with-pam --with-fqdn --with-logging=syslog --with-logfac=auth \ --with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/gnu/bin:/opt/csw/sbin:/opt/csw/bin:/opt/csw/gcc3/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/sfw/bin \ --with-env-editor --with-timeout=15 --with-password-timeout=0 --disable-root-mailer --disable-setresuid --with-sendmail=/usr/sbin/sendmail \ --with-ldap --with-ldap-conf-file=/etc/ldap/ldap.conf * In config.h, change '#define HAVE_DGETTEXT 1' to '#undef HAVE_DGETTEXT' make; make install
ZFS
When you add new disks you need to have Solaris rescan for disks. You can do this by adding '-r' as a kernel option (via grub).
To view a list of disks:
format
To create a mirrored "zpool" (basically lvm/mdadm/fs all rolled into one):
zpool create users mirror c2t0d0 c2t1d0
This creates a RAID 1 zpool with component disks c2t0d0 and c2t1d0.
To enable Kerberos security, modify /etc/nfssec.conf and uncomment the krb5 lines.
Also see User-data#ZFS.
SNMP
The snmp daemon in Solaris doesn't support 64-bit counters, so you should compile net-snmp:
./configure --prefix=/usr/local --enable-mfd-rewrites '--with-mib-modules=host ucd-snmp/diskio' \ --disable-embedded-perl --with-sys-contact="syscom@csclub.uwaterloo.ca" --with-sys-location="MC 3015" \ --with-default-snmp-version=3 --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp" * In include/net-snmp/system/solaris.h add '#define NEW_MIB_COMPLIANT 1' to the bottom. make; make install
Create /tmp/net-snmp.xml:
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type='manifest' name='net-snmp'>
<service name='system/net-snmp' type='service' version='1'>
<create_default_instance enabled='false' />
<single_instance/>
<dependency name='milestone' grouping='require_all' restart_on='none' type='service'>
<service_fmri value='svc:/milestone/sysconfig' />
</dependency>
<dependency name='filesystem' grouping='require_all' restart_on='none' type='service'>
<service_fmri value='svc:/system/filesystem/local' />
</dependency>
<dependency name='name-services' grouping='require_all' restart_on='none' type='service'>
<service_fmri value='svc:/milestone/name-services' />
</dependency>
<dependent name='net-snmp_single-user' grouping='optional_all' restart_on='none'>
<service_fmri value='svc:/milestone/multi-user' />
</dependent>
<exec_method type='method' name='start' exec='/lib/svc/method/svc-net-snmp' timeout_seconds='60' />
<exec_method type='method' name='stop' exec=':kill' timeout_seconds='60' />
<exec_method type='method' name='refresh' exec=':kill -HUP' timeout_seconds='60' />
<property_group name='general' type='framework'>
<propval name='action_authorization' type='astring' value='solaris.smf.manage.net-snmp' />
</property_group>
<stability value='Unstable' />
<template>
<common_name>
<loctext xml:lang='C'>net-snmp</loctext>
</common_name>
<documentation>
<manpage title='net-snmp' section='1M' manpath='/usr/share/man' />
</documentation>
</template>
</service>
</service_bundle>
Import the manifest:
svccfg import /tmp/net-snmp.xml
Create /lib/svc/method/svc-net-snmp:
#!/bin/sh . /lib/svc/share/smf_include.sh # Start processes required for snmpd if [ -x /usr/local/sbin/snmpd ]; then /usr/local/sbin/snmpd else echo "snmpd is missing or not executable." exit $SMF_EXIT_ERR_CONFIG fi exit $SMF_EXIT_OK
rsyncd
Install SUNWrsync.
Create /tmp/rsync.xml:
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="manifest" name="rsync">
<service name="network/rsync" type="service" version="4">
<create_default_instance enabled="false"/>
<single_instance/>
<dependency name="loopback" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/network/loopback:default"/>
</dependency>
<dependency name="physical" grouping="require_all" restart_on="error" type="service">
<service_fmri value="svc:/network/physical:default"/>
</dependency>
<dependency name="fs-local" grouping="require_all" restart_on="none" type="service">
<service_fmri value="svc:/system/filesystem/local"/>
</dependency>
<exec_method type="method" name="start" exec="/opt/csw/bin/rsync --daemon" timeout_seconds="60"/>
<exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>
<exec_method type="method" name="refresh" exec=":kill -HUP" timeout_seconds="60"/>
<stability value="Unstable"/>
<template>
<common_name>
<loctext xml:lang="C">RSYNC daemon</loctext>
</common_name>
<documentation>
<manpage title="rsync" section="7"/>
<doc_link name="rsync.org" uri="http://www.rsync.org/docs/"/>
</documentation>
</template>
</service>
</service_bundle>
Import the manifest:
svccfg import /tmp/rsync.xml
Service Management
To control services, use svcadm:
svcadm enable ssh svcadm disable ssh svcadm restart ssh
To install/delete services, use svccfg.
To see why services failed to start:
svcs -xv