Solaris
//Note: This is work in progress//
Notes on Solaris 10
Managing Volumes
New hard drives
Procedure for adding a new drive to a system and formatting the disk as UFS
- install disk - halt system (reboot with reconfiguration: **reboot -- -r**) - attach drive to system interface (SATA,IDE,etc) - format disk - type format - if your system did not find the new disk, reload dev filesystem with **devfsadm -C** (this re-creates ///etc/devlink.tab//) - now you can use **format** to partition your disk Searching for disks...done
AVAILABLE DISK SELECTIONS:
0. c1d0 <DEFAULT cyl 19454 alt 2 hd 255 sec 63>
/pci@0,0/pci-ide@5/ide@0/cmdk@0,0
1. c2d0 <DEFAULT cyl 60798 alt 2 hd 255 sec 63>
/pci@0,0/pci-ide@5/ide@1/cmdk@0,0
Specify disk (enter its number): 1
selecting c2d0 Controller working list found [[disk|formatted, defect list found]]
FORMAT MENU:
disk - select a disk
type - select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
fdisk - run the fdisk program
repair - repair a defective sector
show - translate a disk address
label - write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
save - save new disk/partition definitions
volname - set 8-character volume name
!<cmd> - execute <cmd>, then return
quit
format> p
Please run fdisk first.
format> fdisk
No fdisk table exists. The default partition for the disk is:
a 100% "SOLARIS System" partition
Type "y" to accept the default partition, otherwise type "n" to edit the
partition table.
y
format> p
PARTITION MENU:
0 - change `0' partition
1 - change `1' partition
2 - change `2' partition
3 - change `3' partition
4 - change `4' partition
5 - change `5' partition
6 - change `6' partition
7 - change `7' partition
select - select a predefined table
modify - modify a predefined partition table
name - name the current table
print - display the current table
label - write partition map and label to the disk
!<cmd> - execute <cmd>, then return
quit
partition> p
Current partition table (original):
Total disk cylinders available: 60797 + 2 (reserved cylinders)
Part Tag Flag Cylinders Size Blocks
0 unassigned wm 0 0 (0/0/0) 0
1 unassigned wm 0 0 (0/0/0) 0
2 backup wu 0 - 60797 465.74GB (60798/0/0) 976719870
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 0 0 (0/0/0) 0
6 unassigned wm 0 0 (0/0/0) 0
7 unassigned wm 0 0 (0/0/0) 0
8 boot wu 0 - 0 7.84MB (1/0/0) 16065
9 alternates wm 1 - 2 15.69MB (2/0/0) 32130
partition> 6
Part Tag Flag Cylinders Size Blocks
6 unassigned wm 0 0 (0/0/0) 0
Enter partition id tag[[unassigned]]: usr Enter partition permission flags[[wm]]: Enter new starting cyl[[3]]: Enter partition size[[0b,|0c, 3e, 0.00mb, 0.00gb]]: 465.70gb partition> p Current partition table (unnamed): Total disk cylinders available: 60797 + 2 (reserved cylinders)
Part Tag Flag Cylinders Size Blocks
0 unassigned wm 0 0 (0/0/0) 0
1 unassigned wm 0 0 (0/0/0) 0
2 backup wu 0 - 60797 465.74GB (60798/0/0) 976719870
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 0 0 (0/0/0) 0
6 usr wm 3 - 60796 465.71GB (60794/0/0) 976655610
7 unassigned wm 0 0 (0/0/0) 0
8 boot wu 0 - 0 7.84MB (1/0/0) 16065
9 alternates wm 1 - 2 15.69MB (2/0/0) 32130
partition> label Ready to label disk, continue? y
format> volname Enter 8-character volume name (remember quotes)[[""]]:"datvol" Ready to label disk, continue? y
format> q
Essentially we did:
* Use fdisk for ix86 systems * Select the proper slice (number 6) * Assign all available space to the slice selected * label the disk * and assign a volume name
Now you need to make a new filesystem
cat /etc/default/fs LOCAL=ufs
This shows that our preferred locale filesystem is UFS. Therefore, **newfs** would do the right thing for us:
newfs /dev/rdsk/c2d0s6
newfs: construct a new file system /dev/rdsk/c2d0s6: (y/n)? y
Warning: 774 sector(s) in last cylinder unallocated
/dev/rdsk/c2d0s6: 976655610 sectors in 158961 cylinders of 48 tracks, 128 sectors
476882.6MB in 9936 cyl groups (16 c/g, 48.00MB/g, 5824 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 98464, 196896, 295328, 393760, 492192, 590624, 689056, 787488, 885920,
Initializing cylinder groups:
...............................................................................
...............................................................................
........................................
super-block backups for last 10 cylinder groups at:
975766304, 975864736, 975963168, 976061600, 976160032, 976258464, 976356896,
976455328, 976553760, 976652192
And now you need to mount our newly created volume. We chose **/export** as mount point:
1. edit **/etc/vfstab**
/dev/dsk/c2d0s6 /dev/rdsk/c2d0s6 /export ufs 2 yes -
2. mount **/export**\ 3. use **df -h** to verify\
/dev/dsk/c2d0s6 459G 65M 454G 1% /export
And we are done
RAID controllers
To show all drives:
- From the ok prompt type 'select (disk controller path)' - show-volumes - (volume #) activate-volume - unselect-dev - Then probe-scsi-all should see the drives
RAID software
# raidctl
Controller: 1
Volume:c1t0d0
Disk: 0.0.0
Disk: 0.1.0
# raidctl -d c1t0d0
Deleting RAID volume c1t0d0 will destroy all data it contains, proceed (yes/no)? yes
Volume c1t0d0 is deleted successfully!
# raidctl -C <disk 1> <disk 2>
That will create a RAID 1 volume with 2 disks. If you need 3 disks or a different RAID level, use **-r <LEVEL>**. **1E** requires 3 disks (2 mirror. 1 spare)
Multipath
Display Properties
luxadm display /path/to/rdsk/device
Network Filesystem
Note that jumpstart uses NFSv4 by default
ZFS
Creating Volumes
create a new volume mounted on /mypool/myvolume
zfs create mypool/myvolume
create a new volume mounted on /myvolume
zfs create -o mountpoint=/myvolume [-o sharenfs=on] mypool/myvolume
Sharing Volumes
zfs set sharenfs=on mypool/myvolume
Network Configuration
DHCP
http://docsun.cites.uiuc.edu/sun_docs/C/solaris_9/SUNWaadm/SYSADV3/p13.html#IPCONFIG-64
- Create empty files for **/etc/hostname.INTERFACE** and **/etc/dhcp.INTERFACE** - //rm /etc/hostname.INTERFACE; touch /etc/hostname.INTERFACE//. Where INTERFACE is something like nge0 - //rm /etc/dhcp.INTERFACE; touch /etc/dhcp.INTERFACE// - //reboot//
Static
- remove **/etc/dhcp.INTERFACE**. Where INTERFACE is something line nge0 - put static IP number in ///etc/hostname.INTERFACE// - put hostname in ///etc/nodename// - put domain name in ///etc/defaultdomain// - put netmask in ///etc/inet/netmasks// - put router/gateway in ///etc/defaultrouter// (or use something like **route -p add 192.168.20.0/22 192.168.0.1**) - put fully-qualified hostname in ///etc/inet/hosts//. i.e.: hostname+defaultdomain. Example: **127.0.0.1 hostname.example.com hostname** - //reboot//
http://docsun.cites.uiuc.edu/sun_docs/C/solaris_9/SUNWaadm/SYSADV3/p13.html#IPCONFIG-64
Static IPv6
- remove file **/etc/dhcp6.INTERFACE**. Where INTERFACE is something like **nge0** - put **addif AAAA::A/64 up** in ///etc/hostname6.INTERFACE// - put hostname plus static IP information in ///etc/inet/ipnodes//: **AAAA::A myhost.example.com myhost myhost-v6** - do **/sbin/ifconfig INTERFACE inet6 plumb; /sbin/ifconfig INTERFACE inet6 addif AAAA::A/64 up** or **reboot** to activate
Wireless
WPA configuration on OpenSolaris/Nexenta
dladm create-secobj -c wpa mykey # enter your psk twice dladm connect-wifi -e "<essid>” -k mykey <interface>
To disconnect
dladm disconnect-wifi
Managing Services
Introduction
Solaris 10 has a new service management system that augments the traditional UNIX //rc.d// scripts and //init// run levels. At first, this might feel like just another thing to have to learn. But in all honesty, this new system is fantastic and addresses most (if not all) common shortcomings of the traditional //rc.d// system. The system is called //SMF//, or Service Management Facility. (Yeah, the acronyms are about as generic and boring as possible).
Most if not all of the features that SMF brings to the table can be implemented through shell scripts and other enhancements to the traditional //rc.d// system... however, these enhancements are not standard in Linux distributions and would take a lot of time to create, maintain, and deploy in a data center. Not to mention that custom deployment of these enhancements are prone to bugs and need to be tested thoroughly. This is simply too much to ask of every system administrator. How many of us recreate the wheel with things such as:
1) notification of a service that has gone down,
2) creating listeners or wrappers that restart a service if it crashes,
3) placing **descriptive** logs of problems in //syslog// when a service won't start,
4) backing up, restoring, and undoing changes made to service configurations, etc.
After you get used to this system, you will not want to be without it.
Existing //rc.d// scripts and //inittab// entries are still run. After the SMF services have been started, the //rc.d// entries are run just as a user would expect.
Overview
For people new to SMF, there is a lot to learn. Definitely check out http://docs.sun.com/app/docs/doc/817-1985/6mhm8o5rq?a=view for a detailed overview of the system. I'll give a basic overview here, plus any interesting technical notes I might come across.
When learning SMF, there are terms you will need to know. Obviously, The SMF framework manages services. However it is not always obvious what a service is as Sun has generalized most system services as SMF services. For example, not only is Apache considered a service, but reaching init state 3, or S (or any other init state) is also a service, called a //milestone//. This seems a little strange at first, but makes plenty of sense when you start to think about things like service dependancies.
To identify a service you use what Sun calls a Fault Management Resource Identifier (or FMRI)... which is pretty much like a URI whose protocol is 'svc' and that can have certain convenient shorthands. Examples are:
svc://localhost/system/system-log:default svc:/system/system-log:default system/system-log:default
As you may have guessed from seeing //localhost// in the full form of the above example FMRI, SMF was designed to be used in conjunction with a network directory service, allowing service configuration and run-time data to be shared across multple OS instances. At the time of writing the network directory service is unavailable... but this is really exciting.
Something else important is that each service can have multiple instances. In the above FMRI examples, //system/system-log// is the service and //default// is the instance. Any given system can have multiple instances of the same service running, and even multiple versions of the same service running. The //system// is simply a category. There are other categories such as //application// and //milestone//.
SMF provides a lot more features, such as regular snapshots of working service configuration data, regular backups of the service repository, creation and application of profiles to ease batch service enabling or disabling, and more. To learn about the commands to interface with SMF, keep reading.
Commands
If you wish to see the currently configured services on your system, run the //svcs// command with no arguments. A listing will be provided of currently configured services, their current state, and their start time. If you run this command, you may also notice services with a different FMRI syntax, e.g., //lrc:/etc/rc3_d/S50/apache//. These are special FMRI's that identify services in the legacy //rc.d// system. You can monitor these services with the SMF framework, however you cannot administer them using SMF. You may have also noticed that no disabled services are shown in this list. If you wish to see all services, including those that are disabled, run the //svcs// command with the //-a// option. If you wish to see more detailed information about a service, run the //svcs// command with the //-l// argument followed by the FMRI of the service you wish to know more about. Here is an example I have run on my machine with it's output:
svcs -l system/system-log:default fmri svc:/system/system-log:default name system log enabled true state online next_state none state_time Fri Jul 20 17:20:27 2007 logfile /var/svc/log/system-system-log:default.log restarter svc:/system/svc/restarter:default contract_id 57 dependency require_all/none svc:/milestone/sysconfig (online) dependency require_all/none svc:/system/filesystem/local (online) dependency optional_all/none svc:/system/filesystem/autofs (online) dependency require_all/none svc:/milestone/name-services (online)
Note that the //svcs// command is very flexible with FMRIs. For example, if I had specified //svcs -l system-log//, I would have received the same output. If you wish to know more about the //svcs// command, then run the //svcs// command with the //-?// option or see its man page.
Currently all service configuration and run time data is stored locally in the //Service Configuration Repository// (yet another boring yet literal and descriptive component name.) You interact and manipulate this data using the //svccfg// and //svcprop// commands, which in turn interact with the //svc.configd// daemon.
SMF keeps a plethora of backups of your service configuration data stored in ///etc/svc/// which you can restore with the ///lib/svc/bin/restore_repository// command. For more info about restoring a corrupt repository, go to http://docs.sun.com/app/docs/doc/817-1985/6mhm8o5tf?a=view.
Other SMF commands are //inetadm// and //svcadm//. //inetadm// gives administrative control over inetd services. Running the //inetadm// command by itself lists available inetd services and their current state. Passing the //-l// option followed by a FMRI will give more detailed inforamtion about a given service. You can also enable and disable an inetd service by passing the //-e// and //-d// arguments to //inetadm//, respectfully, followed by the FMRI. For more information about //inetadm//, pass the command the //-?// option or see its man page.
//Make sure to look through your list of running inetd services and to disable the services you do not need.//
The //svcadm// command gives common administrative control over service instances. The most common subcommands to //svcadm// are //enable//, //disable//, //restart//, and //refresh//. Enabling and disabling a service is persistent across reboots. To enable or disable a service only temporarily, pass the //-t// option. Passing the //-r// option to the //enable// subcommand enables an FMRI and all services it depends on.
SMF keeps regular snapshots of service configurations. If a service configuration is incorrect, you can revert the service's configuration back to a previous snapshot. In summary, use the //svccfg// command to grab a list if available snapshots and to revert to a chosen snapshot, then use the //svcadm// command to refresh and restart the service. Here is an example I got from Sun's website that revert's the //console-login// service to the last successful configuration snapshot (called //start//):
# svccfg svc:> select system/console-login:default svc:/system/console-login:default> listsnap initial running start svc:/system/console-login:default> revert start svc:/system/console-login:default> quit # svcadm refresh system/console-login # svcadm restart system/console-login
As mentioned above, you may create //profiles// for the purpose of enabling and disabling a batch of services at once. A profile is an XML file the lists a number of services and whether or not they should be enabled. You can choose what services are to be listed in the profile and what should be enabled. For some profile examples, check out the XML files in the ///var/svc/profiles// directory. To create your own profile, use the //svccfg// command to extract your current setup into an XML file that you can rename and edit. First, extract the current profile and save it to //profile.xml//.
# svccfg extract > profile.xml
Then edit the profile to include only the services you want and what state they should be in (//enabled=true// or //enabled=false//). You can then apply a profile at any time with the //svccfg apply <profile>// command. So for our example:
# svccfg apply profile.xml
If you want to create a new service from a given XML file, all you need to do is:
# svccfg import /var/svc/manifest/application/management/sma.xml
This will attempt to "refresh" the service once it's loaded into the database.
Configuring Services
Up until now we've been looking at commands that give us service status and allow us to enable/disable services and so on. But the work horse of the SMF system is the //svccfg// command. Browsing through the command page gives around 30 subcommands. We've already seen that we can use the //svccfg// command to list and revert to previous snapshots. However, this is only scratching the surface. I will not reproduce the manual here... Sun's documentation is clearly written. But we'll go through a couple examples so that you can see what the //svccfg// command may be used for.
In this example, we are setting the environment variable //UMEM_DEBUG// to the value //default// for the //system/cron// service:
# svccfg -s system/cron:default setenv UMEM_DEBUG default
For the change to be made to the running service, you will need to //refresh// and //restart// the service with the //svcadm// command.
You can view a processes environment variables with the //pargs// command. First, we'll need to know the PID of the process we wish to know more about. We can use the //svcs -p// command to find out the PIDs of processes running in a given service. So for our //system/cron:default// example, we can get the PID of the running cron daemon and then pass this PID to the //pargs// command:
# svcs -p system/cron:default
STATE STIME FMRI
online Jul_20 svc:/system/cron:default
Jul_20 227 cron
- pargs -e 227
227: /usr/sbin/cron
envp[[0]]: LOGNAME=root
envp[[1]]: LANG=C
envp[[2]]: PATH=/usr/sbin:/usr/bin
envp[[3]]: SMF_FMRI=svc:/system/cron:default
envp[[4]]: SMF_METHOD=/lib/svc/method/svc-cron
envp[[5]]: SMF_RESTARTER=svc:/system/svc/restarter:default
envp[[6]]: TZ=America/Louisville
In addition, you will be using the //inetadm// command to configure your inetd controlled services. Use the //-l// option followed by an FMRI to show the current properties set for a service. Use the //-m// option to set properties.
Reviewing Service Configuration
svcprop svc:/network/http:apache2
Some Extra Details
If the above overview wasn't enough for you then keep reading.
Most of the backend to SMF is located in the ///lib/svc// directory. The methods that actually start and stop services are stored in ///lib/svc/method//. Important programs that manage the services are stored in ///lib/svc/bin//. However, most users will never need to interact with the contents of these directories directly.
The rest of SMF's data is stored in the ///var/svc// directory. The //manifests//, which are XML files which store important information about each service, such as dependancies on other services and what to do in case of an error, are all stored in the ///var/svc/manifest// directory. You will find startup and error logs in ///var/svc/log//. And finally, the ///var/svc/profile// directory contains a collection of XML files called profiles that are templates giving a good base of defaults for what services to run in different situations. For example, there is a ///var/svc/profile/generic_open.xml// which by default starts a lot of network services, and there is ///var/svc/profile/generic_limited_net.xml// which by default does NOT start most network services. You can create your own profile by creating ///var/svc/profile/site.xml// which will be read and incorporated with any other profiles being loaded by the system.
The //svc.startd// daemon is responsible for starting and restarting services in Solaris. It manages all service dependancies, and is pretty much a replacement for //init//, although //init// initially starts the //svc.startd// daemon.
When installing Solaris 10, you are asked if you wish to enable remote services (which is insecure), or if you wish to only run minimal network services. Whichever option you chose, you can change this at any time later with the //netservices// command. To run in limited network mode run ///usr/sbin/netservices limited//. To run in open network mode, run ///usr/sbin/netservices open//.
Solaris Zones
Install the needed Sun packages: SUNWpoolr SUNWpool SUNWluzone SUNWzoner SUNWzoneu
First, check to see if the //zones// service has been started. If not, enable it so that zones will be started after a system reboot.
svcs svc:/system/zones:default # is service disabled? If so... svcadm enable svc:/system/zones:default # enable it
Now that the //zones// service has been started, let's create a zone. But first, let's setup a directory where we can install all non-global zones. I'll use ///export/home/zones// for these examples.
mkdir -pm 0700 /export/home/zones
Now let's create a zone that hosts only one application: a VPN daemon. In this setup, the hostname will be set to //vpn// and we'll use ///export/home/zones/vpn// as the //zonepath//. We'll make it set it up to boot automatically at system boot with the default privileges. We'll give it an IP of 192.168.0.200 and give it access to the //pts//, //random//, and //zero// devices. Here's the complete command line session:
zonecfg -z vpn zonecfg:vpn> create zonecfg:vpn> set zonepath=/export/home/zones/vpn zonecfg:vpn> set autoboot=true # Need svc:/system/zones:default to be started zonecfg:vpn> set limitpriv="default" zonecfg:vpn> add net zonecfg:vpn:net> set address=192.168.0.200 zonecfg:vpn:net> set physical=vmxnet0 # Solaris is running in vmware zonecfg:vpn:net> end zonecfg:vpn> add device zonecfg:vpn:device> set match=/dev/pts/* zonecfg:vpn:device> end zonecfg:vpn> add device zonecfg:vpn:device> set match=/dev/*random zonecfg:vpn:device> end zonecfg:vpn> add device zonecfg:vpn:device> set match=/dev/zero zonecfg:vpn:device> end zonecfg:vpn> add attr zonecfg:vpn:attr> set name=comment zonecfg:vpn:attr> set type=string zonecfg:vpn:attr> set value="Virtual Private Network daemon" zonecfg:vpn:attr> end zonecfg:vpn> verify zonecfg:vpn> commit zonecfg:vpn> exit zonecfg -z vpn info # double check everything
Now, we make a decision. If we wish to enable security auditing in any non-global zones, then we must add the following line to the ///etc/security/audit_startup// file:
/usr/sbin/auditconfig -setpolicy +zonename
And then execute the same line in the shell:
auditconfig -setpolicy +zonename
Let the fun begin! Run the zoneadm tool to install our newly configured zone. Give it some time, as it will be copying a lot of files and installing packages into the new zone.
zoneadm -z vpn install
After finishing, we can see the //installed// status of our new zone with the //zoneadm list// command:
zoneadm list -iv
And then place the zone in the //ready// state (so that we can attach a console before booting):
zoneadm -z vpn ready
And now for the time of truth: we boot the zone. First, make sure to have two terminals running. In the first terminal, attach a console so that you can answer the initial configuration questions upon boot:
zlogin -C vpn
And now boot the zone in the other terminal.
zoneadm -z vpn boot
Now, answer the questions in the attached console to finish the initial configuration.
Voila! You are now in your new zone. You can also login without the //-C// option to //zlogin// which opens a new psuedo terminal. To exit a console session, enter the tilde character followed by a period: //~.//
By default, zones are installed wide open with the //generic_open.xml// profile. Let's set this to limited for a more secure installation.
zlogin vpn vpn# /usr/sbin/netservices limited
Modifying and Enhancing the User Environment
This section contains various notes I've taken while trying to make my environment a little more usable. Coming from a Linux background, I quickly realized the importance of having an environment I feel comfortable in. Upon logging into Solaris right after installation, I went into shock. First thing I noticed is that I was using the Bourne Shell. Not having tab completion was simply torturous. Being an avid //zsh// user, I felt myself panicking as most of my expressive power was gone. //zsh// comes installed in a default install of Solaris, but it was jacked for me. I've had to use //bash// instead. Also, there was no //nano// or //emacs//, and I was forced to remember //vi// commands that I had suppressed from my memory years ago. Sometimes I found myself simply using //sed// and //heredoc//s to avoid using //vi//. Also, having a bare minimum //PATH// by default didn't help. E.g., //wget// was already installed, but you would never know that unless you ran something like //find /usr -name wget//. Yep... there is no //locate// or //slocate//.
So, I set out to resolve my agonies and I've made the following notes along the way. Hopefully they are helpful to you.
Setting A More Liberal PATH Variable
By default, your //PATH// variable will contain something like ///usr/bin:/usr/openwin/bin//. On Solaris, binaries are split up all over the place, which means having to type ///usr/sadm/sysadm/smc// to start the //System Management Console// when really we should just be able to type //smc//. Let's edit ///etc/default/login// and ///etc/default/su// and set the //PATH// and //SUPATH// to something more helpful. You may need to make the files writable first:
chmod o+w /etc/default/{login,su}
Now edit ///etc/default/login// and ///etc/default/su// and set the //PATH// and //SUPATH// variables to something like:
PATH=/opt/csw/bin:/usr/sfw/bin:/usr/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin:/usr/local/bin:/usr/sfw/bin SUPATH=/opt/csw/bin:/usr/sfw/bin:/usr/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin:/usr/local/bin:/usr/sfw/bin
You may notice that the ///opt/csw/// doesn't exist on your system. This directory will be created after following the instructions below for adding software from [[http://blastwave.com]]. If you will not be installing software from http://blastwave.com then feel free to leave out ///opt/csw/bin// from the //PATH// and //SUPATH// variables above.
Compiling Software
- download Solaris ISO - [[solaris#mounting_isos|Mount ISO]] - install the following packages from Solaris_10/Product inside the ISO pkgadd -d . SUNWhea SUNWbinutils SUNWarc SUNWlibmr SUNWlibm SUNWgccruntime SUNWgcc
Additional info (might be deprecated):
http://www.science.uva.nl/pub/solaris/solaris2.html#q6.2
for tools (sccs, lex, yacc, make, nm, truss, ld, as):
SUNWbtool, SUNWsprot, SUNWtoo, SUNWcpp
for libraries & headers:
SUNWhea, SUNWarc, SUNWlibm, SUNWlibms
SUNWdfbh, SUNWcg6h, SUNWxwinc, SUNWolinc,
SUNWxglh, SUNWlibC, SUNWzlib, SUNWscpu
for 64 bit development (in S10 these have all been merged into
the non-x versions):
SUNWarcx, SUNWbtoox, SUNWdplx, SUNWscpux, SUNWsprox,
SUNWtoox, SUNWlmsx, SUNWlmx, SUNWlibCx, SUNWzlibx
for ucb compat:
SUNWsra, SUNWsrh
Compiling Cfengine
Here is a quick example on how to compile Cfengine and install on /opt/local/cfengine with all the needed libraries self-contained within this directory
- create a directory called ~/utilities/cfengine - download all the necessary software there - create a Makefile like the example below - run "make build_bdb build_openssl; sudo make install_bdb install_openssl; make build_cf; sudo make install_cf"
Makefile cfengine-3.0.2.tar.gz db-4.7.25.tar.gz openssl-0.9.8k.tar.gz
- *Makefile**
CF:=cfengine-3.0.2 DB:=db-4.7.25 OSSL:=openssl-0.9.8k CFROOT:=/opt/local/cfengine
# /opt/csw/gnu (gnu make)
# /usr/ccs/bin (ar, ranlib)
PATH:=/usr/sfw/bin:/opt/csw/gnu:/usr/ccs/bin:${PATH}
export PATH
CC:=gcc export CC CXX:=g++ export CXX
# debug # -xc99 -xtarget=native64 -xcode=pic32 -g -O0 CFLAGS:=-O2 -m64 export CFLAGS CXXFLAGS:=$(CFLAGS) export CXXFLAGS
CPPFLAGS:=-I$(CFROOT)/include export CPPFLAGS
LDFLAGS:=-L/usr/sfw/lib/64 -R/usr/sfw/lib/64 export LDFLAGS
# we only need 32-bit version, if 64-bit wanted use solaris64...
ARCH := $(shell uname -m)
ifeq ($(strip ${ARCH}),i86pc)
OSSLTARGET := solaris64-x86_64-gcc
else
OSSLTARGET := solaris64-sparcv9-gcc
endif
help:
@echo make all
@echo make build_bdb
@echo make build_cf
@echo make build_openssl
@echo
@echo make install_bdb
@echo make install_cf
@echo make install_openssl
@echo
@echo make clean
@echo make clean_cf
@echo make clean_bdb
@echo make clean_openssl
all: build_cf install_cf
install_cf:
sudo make -C $(CF) install
install_bdb:
sudo make -C $(DB)/build_unix install
build_cf: $(CF)/Makefile
make -j 4 -C $(CF)
build_bdb: $(DB)/Makefile
make -j 4 -C $(DB)/build_unix
$(CF)/Makefile: $(CF)
cd $(CF) && ./configure --prefix=$(CFROOT) --with-berkeleydb=$(CFROOT) --with-openssl=$(CFROOT)
$(DB)/Makefile: $(DB)
cd $(DB)/build_unix && ../dist/configure --prefix=$(CFROOT)
$(CF): $(CF).tar.gz
gtar -xzvf $<
touch $@
$(DB): $(DB).tar.gz
gtar -xzvf $<
touch $@
clean: clean_bdb clean_cf clean_openssl
clean_cf:
rm -rf $(CF)
clean_bdb:
rm -rf $(DB)
install_openssl:
sudo make -C $(OSSL) install
# openssl does not like -j 4
build_openssl: $(OSSL)/Makefile
make -C $(OSSL)
$(OSSL)/Makefile: $(OSSL)
cd $(OSSL) && ./Configure --prefix=$(CFROOT) $(OSSLTARGET) shared
$(OSSL): $(OSSL).tar.gz
gtar -xzvf $<
touch $@
clean_openssl:
rm -rf $(OSSL)
Managing Software
Tracking Packages
To figure out the name of the package that contains a given file, use:
pkgchk -lp /path/to/file
Removing Software
pkginfo -x | cut -f1 -d " " | grep gnome > /tmp/rmpackages pkgrm -n `cat /tmp/rmpackages`
You might need to drop the **-n** to make **pkgrm** interactively. Or if you are sure that you want to reply "yes" to all:
yes | pkgrm `cat /tmp/rmpackages`
Getting Extra Software
After installing Solaris and blundering around for a little while, I realized that I would go crazy if I couldn't use my normal tools (e.g., nano, emacs, screen, etc.) There are two popular sites where you can install free software: http://sunfreeware.com and http://blastwave.com. Both sites are excellent, but there are some differences. One major difference is that on http://sunfreeware.com you will need to install package dependencies yourself. However, on http://blastwave.com, the //pkg-get// package will install package dependencies automatically for you. On a lot of packages, I find that http://sunfreeware.com has more recent versions of software packages whereas http://blastwave.com allows you to choose from //stable// and //unstable//, which might be more attractive for System Administrators looking for stability. We'll focus on http://blastwave.com first. For more in-depth instructions, read [[http://www.blastwave.org/howto.html]].
First, install //pkg-get// from http://blastwave.com.
/usr/sbin/pkgadd -d http://www.blastwave.org/pkg_get.pkg
Edit the /opt/csw/etc/pkg-get.conf file and change the default [[http://www.blastwave.org/mirrors.php|mirror]] to something more appropriate. I used [[http://www.gtlib.gatech.edu/pub/blastwave/stable]]
vi /opt/csw/etc/pkg-get.conf
When using //pkg-get// to install packages from http://blastwave.com, you will be asked to confirm certain questions. This gets annoying quickly, especially if you are installing a package with many dependencies. To turn this off, type the command:
cp -p /var/pkg-get/admin-fullauto /var/pkg-get/admin
You can edit the ///var/pkg-get/admin// file to customize what types of confirmations to be asked by the //pkg-get// utility.
To get started check out the listing of available packages at [[http://www.blastwave.org/packages.php]]. Install packages using the //pkg-get install <pkgname>// syntax or //pkg-get -i <pkgname>//. To find out all available options, run //pkg-get// with no arguments.
Enabling and Setting Up GDM
I pulled these instructions from [[http://www.gnome.org/learn/access-guide/latest/sysadmin-27.html]].
* Open the file ///etc/X11/gdm/gdm.conf// and uncomment the following line and set it to //true//: #AddGtkModules=false
This step enables the GtkModules. Next, uncomment the line:
#GtkModulesList=gail:atk-bridge:dwellmouselistener:keymouselistener
This step loads all of the GtkModules to enable assistive technologies such as On-Screen Keyboard and Screen Reader and Magnifier. You can edit the line above further to load only the GtkModules that you require to support the user base. For optimum accessibility, include gail and atk-bridge.
* Enter the following command to stop the dtlogin manager: /usr/dt/bin/dtconfig -d * Enter the following commands to configure GDM as the login manager: # svccfg import /var/svc/manifest/application/gdm2-login.xml # svcadm enable application/gdm2-login
* Edit the file ///etc/passwd// to append the following to the end of the gdm line:
/etc/X11/gdm/home
* Create the ///etc/X11/gdm/home// directory and assign ownership of the directory to the gdm user. * Restart your system.
//(Note: after enabling gdm with the //svcadm enable application/gdm2-login// command, my X display went foobar. I had to ssh into the machine to finish the commands and reboot. YMMV)//
There is a lot more information at [[http://library.gnome.org/admin/gdm/unstable/solaris.html.en]].
//TODO: provide instructions for reverting back to dt if desired//
Enabling and Setting Up Synergy with GDM
//Note: These instructions assume that this is a system that's being used using X11 for a single person.//
- enable GDM as described above - pkg-get install synergy - edit **/etc/X11/gdm/Init** `/opt/csw/bin/synergyc HOSTNAME_or_IP; sysmodmap=/etc/X11/Xmodmap` - edit **/etc/X11/gdm/PreSession/Default** `/opt/csw/bin/synergyc HOSTNAME_or_IP; XSETROOT=\`gdmwhich xsetroot\`` - edit or create a new file **/etc/X11/gdm/PostLogin/Default** `/usr/bin/pkill synergyc` - edit **/etc/X11/gdm/PostSession/Default** `/usr/bin/pkill synergyc; SESSREG=\`gdmwhich sessreg\``
Setting Up Alternative Window Managers
If you have installed any alternative window managers from http://blastwave.com or elsewhere, you may be wondering how to get them to show up as options in the GDM session list. For example, I installed fluxbox (//pkg-get -i fluxbox//) and want to make it my default window manager after logging into GDM. The directory ///usr/share/xsessions// holds a number of //.desktop// files that contain information about the available sessions that GDM is configured for. To add a session to GDM, we simply need to create our own //.desktop// file and add it to this directory. For my fluxbox example, create a file called ///usr/share/xsessions/fluxbox.desktop// with the following contents:
[[Desktop|Entry]] Encoding=UTF-8 Name=Fluxbox Comment=Fluxbox Exec=/opt/csw/bin/fluxbox Type=Application
For a different window manager, simply change the //Name// and //Comment// field with whatever you like, then update the //Exec// field to be the command that launches your window manager. Now the next time you login to GDM, you will see your entry in the Sessions menu.
Upon entering Fluxbox, I noticed that the default //PATH// had been changed. So I changed the //DefaultPath// option in the ///etc/X11/gdm/gdm.conf// file... but this still didn't help. I'm not sure why as the GDM documentation says that either the //DefaultPath// option will be used or the environment from ///etc/default/login// will be used. I ended up explicitly setting the //PATH// variable in the ///usr/share/xsessions/fluxbox.desktop// file:
[[Desktop|Entry]] Encoding=UTF-8 Name=Fluxbox Comment=Fluxbox Exec=env PATH=/opt/csw/bin:/bin:/sbin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/ccs/bin:/usr/ucb:/usr/openwin/bin:/usr/dt/bin /opt/csw/bin/fluxbox Type=Application
Hint: If you want to run //fluxbox-generate_menu//, open the file ///opt/csw/bin/fluxbox-generate_menu// in your favorite editor and changing the top line to read //#!/bin/bash// instead of //#!/bin/sh//.
Using Live Upgrade
Upgrading to a new Solaris release with Live Upgrade is done by:
* Patching current system [[Sunsolve|#72099 [[http://sunsolve.sun.com/search/document.do?assetkey=1-9-72099-1]] * Using lu* commands [[http://www.sun.com/software/solaris/howtoguides/liveupgradehowto.jsp]]
Mounting ISOs
Use lofiadmin to create a loopback device associated with a given .iso file:
lofiadm -a /Users/Shared/Software/centos/CentOS-4.5-i386-binDVD.iso mount -F hsfs /dev/lofi/1 /Users/Shared/Software/centos/cd
When done undo with the following:
umount /Users/Shared/Software/centos/cd lofiadmin -d /dev/lofi/1
Patching
Get a cluster of patches unzipped into /var/spool/patch/10_x86_Recommended
cd /var/spool/patch/10_x86_Recommended ./install_cluster
For more installation messages refer to the installation logfile:
/var/sadm/install_data/Solaris_10_x86_Recommended_Patch_Cluster_log
Use '/usr/bin/showrev -p' to verify installed patch-ids.
Jumpstart
Step-by-Step
First we setup the jumpstart server (stuff that you should type is in bold)
- **ssh jumpserver**
- edit /etc/hosts with hostname and IP of server
- create /export/install/jumpstart/sys/HOSTNAME/sysidcfg
- run **/export/install/jumpstart/bin/add-client sun4{v,u} MAC**. sun4v is T1000's, sun4u is v210z's
- edit /etc/ethers with MAC, FQDN and hostname of server
Now we boot from the network and send the install command to net boot
- connect cable to serial console - type **#.** (shift + 3 + .) after a new-line character. You need to do this fast as soon as you press **ENTER** - on ALOM/ELOM set the password to the "admin" user - send "break" to the console (hint: type **break**) - type **console** to go back to the console. it should be on the "ok" prompt - type **boot net - install**
Hardware Information
^ command ^ notes ^ ^ prtdiag -d | get information on fans | ^ ndd | get information on ethernet cards | ^ psrinfo -v | get information on CPU |
Examples:
**ndd /dev/nge0 \?**
? (read only)
autoneg_cap (read only)
pause_cap (read only)
asym_pause_cap (read only)
1000fdx_cap (read only)
1000hdx_cap (read only)
100T4_cap (read only)
100fdx_cap (read only)
100hdx_cap (read only)
10fdx_cap (read only)
10hdx_cap (read only)
adv_autoneg_cap (read only)
adv_pause_cap (read and write)
adv_asym_pause_cap (read and write)
adv_1000fdx_cap (read and write)
adv_1000hdx_cap (read and write)
adv_100T4_cap (read only)
adv_100fdx_cap (read and write)
adv_100hdx_cap (read and write)
adv_10fdx_cap (read and write)
adv_10hdx_cap (read and write)
lp_autoneg_cap (read only)
lp_pause_cap (read only)
lp_asym_pause_cap (read only)
lp_1000fdx_cap (read only)
lp_1000hdx_cap (read only)
lp_100T4_cap (read only)
lp_100fdx_cap (read only)
lp_100hdx_cap (read only)
lp_10fdx_cap (read only)
lp_10hdx_cap (read only)
link_status (read only)
link_speed (read only)
link_duplex (read only)
link_autoneg (read only)
link_rx_pause (read only)
link_tx_pause (read only)
loop_mode (read only)
**ndd /dev/nge0 link_speed**
100
Troubleshooting
Autofs
- edit /etc/syslog.conf and ensure you can see all entries in /var/adm/messages `*.debug /var/adm/messages` - edit /etc/default/autofs and ensure that you have the following values # Verbose mode. Notifies of autofs mounts, unmounts, or other # non-essential events. This equivalent to the "-v" argument. AUTOMOUNT_VERBOSE=TRUE
# Verbose. Log status messagess to the console. # This is equivalent to the "-v" argument. AUTOMOUNTD_VERBOSE=TRUE
# Trace. Expand each RPC call and display it on standard output. # This is equivalent to the "-T" argument. AUTOMOUNTD_TRACE=1 - on Solaris 10 you can check the service log also svcs -l autofs /var/svc/log/system-filesystem-autofs:default.log - if you are using LDAP to configure your autofs, enable logging at that level cat /etc/ldap/slapd.conf loglevel=256 - also, on LDAP, ensure that you can query the entry that you are looking for ldapsearch -x -h myserver -b "automountMapName=auto_home,dc=example,dc=com" "(&(objectclass=automount)(automountKey=myuser))"
If your server is not returning anything, you might need to redo your index
SLAPD_INIT="/etc/init.d/slapd"
$SLAPD_INIT stop
sleep 1
if pgrep slapd > /dev/null; then
/usr/sbin/slapindex
chown -R openldap:openldap /var/lib/ldap/
$SLAPD_INIT start
else
echo "Could not stop slapd" 1>&2
fi
Single User Mode
Insert the CD/DVD for Solaris 10 and choose "Single user shell", or boot your SPARC based system with: **reboot -- -s**. Then your / (root) tree will be mounted in /a and you can do:
cat /a/etc/vfstab umount /etc/mnttab /sbin/mount -F mntfs mnttab /etc/mnttab ... mount each drive from vfstab inside /a ... chroot /a /bin/bash ... then perform your changes ...
Simple uh?
commands
truss /sbin/foo # same as strace in Linux
Sun Studio
# download Sun Studio software wget 'http://link' -O Sun-Studio-SunOS.tar.bz2 bunzip2 Sun-Studio-SunOS.tar.bz2 tar xf Sun-Studio-SunOS.tar cd SunStudio12u1-SunOS-SPARC-pkgs sudo ./SunStudio12u1-SunOS-SPARC-pkgs.sh --non-interactive-accept-license --current-zone-only
Using SAR
Report all available data from start time (-s) to end time (-e) using the named file by (-f) (this sa21 represents the 21st day of this month):
sar -A -e 17:00 -s 12:30 -f /var/adm/sa/sa21 | more
Sun Hardware
Serial Console
serial consoles on Sun hardware
Working with the SP
You can use the SP directly without using ALOM. ALOM interface is more user-friendly though.
- connect a serial cable to the SER CONSOLE port - login as **root** / **changeme** - type **help**
To reboot a system you can do:
- **stop /SYS** - **start /SYS**
To start the console you can do:
- **start /SP/console** (or **start /SP/AgentInfo/console**)
Use **ESC + (** to exit back to the SP.
You can use **cd** to change to different targets and you can use **show** to show all properties under a target tree. This is very intuitive once you know UNIX.
Setting ALOM
- connect serial cable to SER CONSOLE port - login as **root** / **changeme** - **create /SP/users/admin password=secret** - **set /SP/users/admin role=Administrator** (on other systems: **set /SP/users/admin permission=administrator**) - **set /SP/users/admin cli_mode=alom** (Sparc CPUS only)
serial consoles on Sun hardware
Say you need to get to the console that manages www.example.com (on a serial console device like administration:lsi):
- '''dig www.example.com TXT''' to get the record on DNS that tells what console server manages '''www''' - www.example.com. 3600 IN TXT "0:14:4f:8x:xx:xx, FOOBAR13" - '''sudo ssh foobar''' to get to the box in question, in this case managed by '''foobar''' - '''connect 13''' - '''#.''' to login as admin to the ALOM - '''help''' to see what you can do (see list below)
^ Command ^ Note ^ | ESC + Shift + B | Takes you to the "ok" prompt where you can type boot -r to reboot a system | | ESC + Shift + A | Ends the console session | | Shift + # + . | drops to the ALOM prompt |
ALOM commands
^ Command ^ Note ^ | console | connects to the console | | help | shows list of commands | | poweron | powers on the machine (boot or reset) | | powercycle | reboots the machine |
Status Monitoring
IO Stat
iostat -xtnp 2
Firmware Upgrade
Local Upgrade (Solaris)
- download firmware patch from SunSolve (sunsolve.sun.com)
- unzip to /tmp/$PATCH
- cd /tmp/$PATCH; /tmp/$PATCH/sysfwdownload Sun_System_Firmware-VERSION-Sun_Fire_SERVER.bin (this takes 10 - 15 min)
- # init 0 (go into Ok promt (ALOM))
- {0} ok #. (go into serial console)
- sc> poweroff
- sc> setkeyswitch -y normal
- sc> flashupdate -s 127.0.0.1
- sc> resetsc
Now login to the serial console, poweron the system and boot
- sc> poweron - sc> console -f
Network Upgarde (tftp. No Solaris)
sc> setupsc Entering Interactive setup mode. To exit and discard changes to that point, use Ctrl-C or to exit and save changes to that point, use Ctrl-Z. Do you wish to configure the enabled interfaces [y]? y
Should the SC network interface be enabled [y]? y
Should the SC interface connection type be set [ssh]? ssh Should the SC email alerts be enabled [y]? n
Do you wish to configure the network interface [y]? y
Should the SC use DHCP to obtain its network configuration [y]? n
Enter the SC IP address [100.100.100.100]? 192.168.1.203
Enter the SC IP netmask [255.255.255.0]? 255.255.255.0 Enter the SC IP gateway address [100.100.100.100]? 192.168.1.1
Do you wish to configure the network management interfaces [y]? y
Enter the number of mail servers to configure [0]? 0 Do you wish to configure the SC parameters [y]? n
Do you wish to configure the platform diagnostic parameters [y]? n
Your ALOM configuration profile has been successfully completed. To activate your network configuration, please enter 'setsc netsc_commit true' at sc prompt. sc> setsc netsc_commit true sc> flashupdate -s 192.168.0.33 -f firmware/T5120-7_2_7_d-SPARC.pkg sc> resetsc
