Note: This is work in progress
Procedure for adding a new drive to a system and formatting the disk as UFS
Searching for disks...done
AVAILABLE DISK SELECTIONS:
0. c1d0 <DEFAULT cyl 19454 alt 2 hd 255 sec 63>
/pci@0,0/pci-ide@5/ide@0/cmdk@0,0
1. c2d0 <DEFAULT cyl 60798 alt 2 hd 255 sec 63>
/pci@0,0/pci-ide@5/ide@1/cmdk@0,0
Specify disk (enter its number): 1
selecting c2d0
Controller working list found
[[disk|formatted, defect list found]]
FORMAT MENU:
disk - select a disk
type - select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
fdisk - run the fdisk program
repair - repair a defective sector
show - translate a disk address
label - write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
save - save new disk/partition definitions
volname - set 8-character volume name
!<cmd> - execute <cmd>, then return
quit
format> p
Please run fdisk first.
format> fdisk
No fdisk table exists. The default partition for the disk is:
a 100% "SOLARIS System" partition
Type "y" to accept the default partition, otherwise type "n" to edit the
partition table.
y
format> p
PARTITION MENU:
0 - change `0' partition
1 - change `1' partition
2 - change `2' partition
3 - change `3' partition
4 - change `4' partition
5 - change `5' partition
6 - change `6' partition
7 - change `7' partition
select - select a predefined table
modify - modify a predefined partition table
name - name the current table
print - display the current table
label - write partition map and label to the disk
!<cmd> - execute <cmd>, then return
quit
partition> p
Current partition table (original):
Total disk cylinders available: 60797 + 2 (reserved cylinders)
Part Tag Flag Cylinders Size Blocks
0 unassigned wm 0 0 (0/0/0) 0
1 unassigned wm 0 0 (0/0/0) 0
2 backup wu 0 - 60797 465.74GB (60798/0/0) 976719870
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 0 0 (0/0/0) 0
6 unassigned wm 0 0 (0/0/0) 0
7 unassigned wm 0 0 (0/0/0) 0
8 boot wu 0 - 0 7.84MB (1/0/0) 16065
9 alternates wm 1 - 2 15.69MB (2/0/0) 32130
partition> 6
Part Tag Flag Cylinders Size Blocks
6 unassigned wm 0 0 (0/0/0) 0
Enter partition id tag[[unassigned]]: usr
Enter partition permission flags[[wm]]:
Enter new starting cyl[[3]]:
Enter partition size[[0b,|0c, 3e, 0.00mb, 0.00gb]]: 465.70gb
partition> p
Current partition table (unnamed):
Total disk cylinders available: 60797 + 2 (reserved cylinders)
Part Tag Flag Cylinders Size Blocks
0 unassigned wm 0 0 (0/0/0) 0
1 unassigned wm 0 0 (0/0/0) 0
2 backup wu 0 - 60797 465.74GB (60798/0/0) 976719870
3 unassigned wm 0 0 (0/0/0) 0
4 unassigned wm 0 0 (0/0/0) 0
5 unassigned wm 0 0 (0/0/0) 0
6 usr wm 3 - 60796 465.71GB (60794/0/0) 976655610
7 unassigned wm 0 0 (0/0/0) 0
8 boot wu 0 - 0 7.84MB (1/0/0) 16065
9 alternates wm 1 - 2 15.69MB (2/0/0) 32130
partition> label
Ready to label disk, continue? y
format> volname
Enter 8-character volume name (remember quotes)[[""]]:"datvol"
Ready to label disk, continue? y
format> q
Essentially we did:
Now you need to make a new filesystem
cat /etc/default/fs LOCAL=ufs
This shows that our preferred locale filesystem is UFS. Therefore, newfs would do the right thing for us:
newfs /dev/rdsk/c2d0s6
newfs: construct a new file system /dev/rdsk/c2d0s6: (y/n)? y
Warning: 774 sector(s) in last cylinder unallocated
/dev/rdsk/c2d0s6: 976655610 sectors in 158961 cylinders of 48 tracks, 128 sectors
476882.6MB in 9936 cyl groups (16 c/g, 48.00MB/g, 5824 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 98464, 196896, 295328, 393760, 492192, 590624, 689056, 787488, 885920,
Initializing cylinder groups:
...............................................................................
...............................................................................
........................................
super-block backups for last 10 cylinder groups at:
975766304, 975864736, 975963168, 976061600, 976160032, 976258464, 976356896,
976455328, 976553760, 976652192
And now you need to mount our newly created volume. We chose /export as mount point:
1. edit /etc/vfstab
/dev/dsk/c2d0s6 /dev/rdsk/c2d0s6 /export ufs 2 yes -
2. mount /export\ 3. use df -h to verify\
/dev/dsk/c2d0s6 459G 65M 454G 1% /export
And we are done
To show all drives:
# raidctl Controller: 1 Volume:c1t0d0 Disk: 0.0.0 Disk: 0.1.0 # raidctl -d c1t0d0 Deleting RAID volume c1t0d0 will destroy all data it contains, proceed (yes/no)? yes Volume c1t0d0 is deleted successfully! # raidctl -C <disk 1> <disk 2>
That will create a RAID 1 volume with 2 disks. If you need 3 disks or a different RAID level, use -r <LEVEL>. 1E requires 3 disks (2 mirror. 1 spare)
luxadm display /path/to/rdsk/device
Note that jumpstart uses NFSv4 by default
create a new volume mounted on /mypool/myvolume
zfs create mypool/myvolume
create a new volume mounted on /myvolume
zfs create -o mountpoint=/myvolume [-o sharenfs=on] mypool/myvolume
zfs set sharenfs=on mypool/myvolume
http://docsun.cites.uiuc.edu/sun_docs/C/solaris_9/SUNWaadm/SYSADV3/p13.html#IPCONFIG-64
http://docsun.cites.uiuc.edu/sun_docs/C/solaris_9/SUNWaadm/SYSADV3/p13.html#IPCONFIG-64
WPA configuration on OpenSolaris/Nexenta
dladm create-secobj -c wpa mykey # enter your psk twice dladm connect-wifi -e "<essid>” -k mykey <interface>
To disconnect
dladm disconnect-wifi
Solaris 10 has a new service management system that augments the traditional UNIX rc.d scripts and init run levels. At first, this might feel like just another thing to have to learn. But in all honesty, this new system is fantastic and addresses most (if not all) common shortcomings of the traditional rc.d system. The system is called SMF, or Service Management Facility. (Yeah, the acronyms are about as generic and boring as possible).
Most if not all of the features that SMF brings to the table can be implemented through shell scripts and other enhancements to the traditional rc.d system... however, these enhancements are not standard in Linux distributions and would take a lot of time to create, maintain, and deploy in a data center. Not to mention that custom deployment of these enhancements are prone to bugs and need to be tested thoroughly. This is simply too much to ask of every system administrator. How many of us recreate the wheel with things such as:
1) notification of a service that has gone down,
2) creating listeners or wrappers that restart a service if it crashes,
3) placing descriptive logs of problems in syslog when a service won’t start,
4) backing up, restoring, and undoing changes made to service configurations, etc.
After you get used to this system, you will not want to be without it.
Existing rc.d scripts and inittab entries are still run. After the SMF services have been started, the rc.d entries are run just as a user would expect.
For people new to SMF, there is a lot to learn. Definitely check out http://docs.sun.com/app/docs/doc/817-1985/6mhm8o5rq?a=view for a detailed overview of the system. I’ll give a basic overview here, plus any interesting technical notes I might come across.
When learning SMF, there are terms you will need to know. Obviously, The SMF framework manages services. However it is not always obvious what a service is as Sun has generalized most system services as SMF services. For example, not only is Apache considered a service, but reaching init state 3, or S (or any other init state) is also a service, called a milestone. This seems a little strange at first, but makes plenty of sense when you start to think about things like service dependancies.
To identify a service you use what Sun calls a Fault Management Resource Identifier (or FMRI)... which is pretty much like a URI whose protocol is ‘svc’ and that can have certain convenient shorthands. Examples are:
svc://localhost/system/system-log:default svc:/system/system-log:default system/system-log:default
As you may have guessed from seeing localhost in the full form of the above example FMRI, SMF was designed to be used in conjunction with a network directory service, allowing service configuration and run-time data to be shared across multple OS instances. At the time of writing the network directory service is unavailable... but this is really exciting.
Something else important is that each service can have multiple instances. In the above FMRI examples, system/system-log is the service and default is the instance. Any given system can have multiple instances of the same service running, and even multiple versions of the same service running. The system is simply a category. There are other categories such as application and milestone.
SMF provides a lot more features, such as regular snapshots of working service configuration data, regular backups of the service repository, creation and application of profiles to ease batch service enabling or disabling, and more. To learn about the commands to interface with SMF, keep reading.
If you wish to see the currently configured services on your system, run the svcs command with no arguments. A listing will be provided of currently configured services, their current state, and their start time. If you run this command, you may also notice services with a different FMRI syntax, e.g., lrc:/etc/rc3_d/S50/apache. These are special FMRI’s that identify services in the legacy rc.d system. You can monitor these services with the SMF framework, however you cannot administer them using SMF. You may have also noticed that no disabled services are shown in this list. If you wish to see all services, including those that are disabled, run the svcs command with the -a option. If you wish to see more detailed information about a service, run the svcs command with the -l argument followed by the FMRI of the service you wish to know more about. Here is an example I have run on my machine with it’s output:
svcs -l system/system-log:default fmri svc:/system/system-log:default name system log enabled true state online next_state none state_time Fri Jul 20 17:20:27 2007 logfile /var/svc/log/system-system-log:default.log restarter svc:/system/svc/restarter:default contract_id 57 dependency require_all/none svc:/milestone/sysconfig (online) dependency require_all/none svc:/system/filesystem/local (online) dependency optional_all/none svc:/system/filesystem/autofs (online) dependency require_all/none svc:/milestone/name-services (online)
Note that the svcs command is very flexible with FMRIs. For example, if I had specified svcs -l system-log, I would have received the same output. If you wish to know more about the svcs command, then run the svcs command with the -? option or see its man page.
Currently all service configuration and run time data is stored locally in the Service Configuration Repository (yet another boring yet literal and descriptive component name.) You interact and manipulate this data using the svccfg and svcprop commands, which in turn interact with the svc.configd daemon.
SMF keeps a plethora of backups of your service configuration data stored in /etc/svc/ which you can restore with the /lib/svc/bin/restore_repository command. For more info about restoring a corrupt repository, go to http://docs.sun.com/app/docs/doc/817-1985/6mhm8o5tf?a=view.
Other SMF commands are inetadm and svcadm. inetadm gives administrative control over inetd services. Running the inetadm command by itself lists available inetd services and their current state. Passing the -l option followed by a FMRI will give more detailed inforamtion about a given service. You can also enable and disable an inetd service by passing the -e and -d arguments to inetadm, respectfully, followed by the FMRI. For more information about inetadm, pass the command the -? option or see its man page.
Make sure to look through your list of running inetd services and to disable the services you do not need.
The svcadm command gives common administrative control over service instances. The most common subcommands to svcadm are enable, disable, restart, and refresh. Enabling and disabling a service is persistent across reboots. To enable or disable a service only temporarily, pass the -t option. Passing the -r option to the enable subcommand enables an FMRI and all services it depends on.
SMF keeps regular snapshots of service configurations. If a service configuration is incorrect, you can revert the service’s configuration back to a previous snapshot. In summary, use the svccfg command to grab a list if available snapshots and to revert to a chosen snapshot, then use the svcadm command to refresh and restart the service. Here is an example I got from Sun’s website that revert’s the console-login service to the last successful configuration snapshot (called start):
# svccfg svc:> select system/console-login:default svc:/system/console-login:default> listsnap initial running start svc:/system/console-login:default> revert start svc:/system/console-login:default> quit # svcadm refresh system/console-login # svcadm restart system/console-login
As mentioned above, you may create profiles for the purpose of enabling and disabling a batch of services at once. A profile is an XML file the lists a number of services and whether or not they should be enabled. You can choose what services are to be listed in the profile and what should be enabled. For some profile examples, check out the XML files in the /var/svc/profiles directory. To create your own profile, use the svccfg command to extract your current setup into an XML file that you can rename and edit. First, extract the current profile and save it to profile.xml.
# svccfg extract > profile.xml
Then edit the profile to include only the services you want and what state they should be in (enabled=true or enabled=false). You can then apply a profile at any time with the svccfg apply <profile> command. So for our example:
# svccfg apply profile.xml
If you want to create a new service from a given XML file, all you need to do is:
# svccfg import /var/svc/manifest/application/management/sma.xml
This will attempt to “refresh” the service once it’s loaded into the database.
Up until now we’ve been looking at commands that give us service status and allow us to enable/disable services and so on. But the work horse of the SMF system is the svccfg command. Browsing through the command page gives around 30 subcommands. We’ve already seen that we can use the svccfg command to list and revert to previous snapshots. However, this is only scratching the surface. I will not reproduce the manual here... Sun’s documentation is clearly written. But we’ll go through a couple examples so that you can see what the svccfg command may be used for.
In this example, we are setting the environment variable UMEM_DEBUG to the value default for the system/cron service:
# svccfg -s system/cron:default setenv UMEM_DEBUG default
For the change to be made to the running service, you will need to refresh and restart the service with the svcadm command.
You can view a processes environment variables with the pargs command. First, we’ll need to know the PID of the process we wish to know more about. We can use the svcs -p command to find out the PIDs of processes running in a given service. So for our system/cron:default example, we can get the PID of the running cron daemon and then pass this PID to the pargs command:
- svcs -p system/cron:default
STATE STIME FMRI
online Jul_20 svc:/system/cron:default
Jul_20 227 cron
- pargs -e 227
227: /usr/sbin/cron
envp[[0]]: LOGNAME=root
envp[[1]]: LANG=C
envp[[2]]: PATH=/usr/sbin:/usr/bin
envp[[3]]: SMF_FMRI=svc:/system/cron:default
envp[[4]]: SMF_METHOD=/lib/svc/method/svc-cron
envp[[5]]: SMF_RESTARTER=svc:/system/svc/restarter:default
envp[[6]]: TZ=America/Louisville
In addition, you will be using the inetadm command to configure your inetd controlled services. Use the -l option followed by an FMRI to show the current properties set for a service. Use the -m option to set properties.
svcprop svc:/network/http:apache2
If the above overview wasn’t enough for you then keep reading.
Most of the backend to SMF is located in the /lib/svc directory. The methods that actually start and stop services are stored in /lib/svc/method. Important programs that manage the services are stored in /lib/svc/bin. However, most users will never need to interact with the contents of these directories directly.
The rest of SMF’s data is stored in the /var/svc directory. The manifests, which are XML files which store important information about each service, such as dependancies on other services and what to do in case of an error, are all stored in the /var/svc/manifest directory. You will find startup and error logs in /var/svc/log. And finally, the /var/svc/profile directory contains a collection of XML files called profiles that are templates giving a good base of defaults for what services to run in different situations. For example, there is a /var/svc/profile/generic_open.xml which by default starts a lot of network services, and there is /var/svc/profile/generic_limited_net.xml which by default does NOT start most network services. You can create your own profile by creating /var/svc/profile/site.xml which will be read and incorporated with any other profiles being loaded by the system.
The svc.startd daemon is responsible for starting and restarting services in Solaris. It manages all service dependancies, and is pretty much a replacement for init, although init initially starts the svc.startd daemon.
When installing Solaris 10, you are asked if you wish to enable remote services (which is insecure), or if you wish to only run minimal network services. Whichever option you chose, you can change this at any time later with the netservices command. To run in limited network mode run /usr/sbin/netservices limited. To run in open network mode, run /usr/sbin/netservices open.
Install the needed Sun packages: SUNWpoolr SUNWpool SUNWluzone SUNWzoner SUNWzoneu
First, check to see if the zones service has been started. If not, enable it so that zones will be started after a system reboot.
svcs svc:/system/zones:default # is service disabled? If so... svcadm enable svc:/system/zones:default # enable it
Now that the zones service has been started, let’s create a zone. But first, let’s setup a directory where we can install all non-global zones. I’ll use /export/home/zones for these examples.
mkdir -pm 0700 /export/home/zones
Now let’s create a zone that hosts only one application: a VPN daemon. In this setup, the hostname will be set to vpn and we’ll use /export/home/zones/vpn as the zonepath. We’ll make it set it up to boot automatically at system boot with the default privileges. We’ll give it an IP of 192.168.0.200 and give it access to the pts, random, and zero devices. Here’s the complete command line session:
zonecfg -z vpn zonecfg:vpn> create zonecfg:vpn> set zonepath=/export/home/zones/vpn zonecfg:vpn> set autoboot=true # Need svc:/system/zones:default to be started zonecfg:vpn> set limitpriv="default" zonecfg:vpn> add net zonecfg:vpn:net> set address=192.168.0.200 zonecfg:vpn:net> set physical=vmxnet0 # Solaris is running in vmware zonecfg:vpn:net> end zonecfg:vpn> add device zonecfg:vpn:device> set match=/dev/pts/* zonecfg:vpn:device> end zonecfg:vpn> add device zonecfg:vpn:device> set match=/dev/*random zonecfg:vpn:device> end zonecfg:vpn> add device zonecfg:vpn:device> set match=/dev/zero zonecfg:vpn:device> end zonecfg:vpn> add attr zonecfg:vpn:attr> set name=comment zonecfg:vpn:attr> set type=string zonecfg:vpn:attr> set value="Virtual Private Network daemon" zonecfg:vpn:attr> end zonecfg:vpn> verify zonecfg:vpn> commit zonecfg:vpn> exit zonecfg -z vpn info # double check everything
Now, we make a decision. If we wish to enable security auditing in any non-global zones, then we must add the following line to the /etc/security/audit_startup file:
/usr/sbin/auditconfig -setpolicy +zonename
And then execute the same line in the shell:
auditconfig -setpolicy +zonename
Let the fun begin! Run the zoneadm tool to install our newly configured zone. Give it some time, as it will be copying a lot of files and installing packages into the new zone.
zoneadm -z vpn install
After finishing, we can see the installed status of our new zone with the zoneadm list command:
zoneadm list -iv
And then place the zone in the ready state (so that we can attach a console before booting):
zoneadm -z vpn ready
And now for the time of truth: we boot the zone. First, make sure to have two terminals running. In the first terminal, attach a console so that you can answer the initial configuration questions upon boot:
zlogin -C vpn
And now boot the zone in the other terminal.
zoneadm -z vpn boot
Now, answer the questions in the attached console to finish the initial configuration.
Voila! You are now in your new zone. You can also login without the -C option to zlogin which opens a new psuedo terminal. To exit a console session, enter the tilde character followed by a period: ~.
By default, zones are installed wide open with the generic_open.xml profile. Let’s set this to limited for a more secure installation.
zlogin vpn vpn# /usr/sbin/netservices limited
This section contains various notes I’ve taken while trying to make my environment a little more usable. Coming from a Linux background, I quickly realized the importance of having an environment I feel comfortable in. Upon logging into Solaris right after installation, I went into shock. First thing I noticed is that I was using the Bourne Shell. Not having tab completion was simply torturous. Being an avid zsh user, I felt myself panicking as most of my expressive power was gone. zsh comes installed in a default install of Solaris, but it was jacked for me. I’ve had to use bash instead. Also, there was no nano or emacs, and I was forced to remember vi commands that I had suppressed from my memory years ago. Sometimes I found myself simply using sed and heredocs to avoid using vi. Also, having a bare minimum PATH by default didn’t help. E.g., wget was already installed, but you would never know that unless you ran something like find /usr -name wget. Yep... there is no locate or slocate.
So, I set out to resolve my agonies and I’ve made the following notes along the way. Hopefully they are helpful to you.
By default, your PATH variable will contain something like /usr/bin:/usr/openwin/bin. On Solaris, binaries are split up all over the place, which means having to type /usr/sadm/sysadm/smc to start the System Management Console when really we should just be able to type smc. Let’s edit /etc/default/login and /etc/default/su and set the PATH and SUPATH to something more helpful. You may need to make the files writable first:
chmod o+w /etc/default/{login,su}
Now edit /etc/default/login and /etc/default/su and set the PATH and SUPATH variables to something like:
PATH=/opt/csw/bin:/usr/sfw/bin:/usr/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin:/usr/local/bin:/usr/sfw/bin SUPATH=/opt/csw/bin:/usr/sfw/bin:/usr/sbin:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin:/usr/local/bin:/usr/sfw/bin
You may notice that the /opt/csw/ doesn’t exist on your system. This directory will be created after following the instructions below for adding software from http://blastwave.com. If you will not be installing software from http://blastwave.com then feel free to leave out /opt/csw/bin from the PATH and SUPATH variables above.
pkgadd -d . SUNWhea SUNWbinutils SUNWarc SUNWlibmr SUNWlibm SUNWgccruntime SUNWgcc
Additional info (might be deprecated):
http://www.science.uva.nl/pub/solaris/solaris2.html#q6.2
for tools (sccs, lex, yacc, make, nm, truss, ld, as):
SUNWbtool, SUNWsprot, SUNWtoo, SUNWcpp
for libraries & headers:
SUNWhea, SUNWarc, SUNWlibm, SUNWlibms
SUNWdfbh, SUNWcg6h, SUNWxwinc, SUNWolinc,
SUNWxglh, SUNWlibC, SUNWzlib, SUNWscpu
for 64 bit development (in S10 these have all been merged into
the non-x versions):
SUNWarcx, SUNWbtoox, SUNWdplx, SUNWscpux, SUNWsprox,
SUNWtoox, SUNWlmsx, SUNWlmx, SUNWlibCx, SUNWzlibx
for ucb compat:
SUNWsra, SUNWsrh
Here is a quick example on how to compile Cfengine and install on /opt/local/cfengine with all the needed libraries self-contained within this directory
Makefile cfengine-3.0.2.tar.gz db-4.7.25.tar.gz openssl-0.9.8k.tar.gz
Makefile
CF:=cfengine-3.0.2
DB:=db-4.7.25
OSSL:=openssl-0.9.8k
CFROOT:=/opt/local/cfengine
# /opt/csw/gnu (gnu make)
# /usr/ccs/bin (ar, ranlib)
PATH:=/usr/sfw/bin:/opt/csw/gnu:/usr/ccs/bin:${PATH}
export PATH
CC:=gcc
export CC
CXX:=g++
export CXX
# debug # -xc99 -xtarget=native64 -xcode=pic32 -g -O0
CFLAGS:=-O2 -m64
export CFLAGS
CXXFLAGS:=$(CFLAGS)
export CXXFLAGS
CPPFLAGS:=-I$(CFROOT)/include
export CPPFLAGS
LDFLAGS:=-L/usr/sfw/lib/64 -R/usr/sfw/lib/64
export LDFLAGS
# we only need 32-bit version, if 64-bit wanted use solaris64...
ARCH := $(shell uname -m)
ifeq ($(strip ${ARCH}),i86pc)
OSSLTARGET := solaris64-x86_64-gcc
else
OSSLTARGET := solaris64-sparcv9-gcc
endif
help:
@echo make all
@echo make build_bdb
@echo make build_cf
@echo make build_openssl
@echo
@echo make install_bdb
@echo make install_cf
@echo make install_openssl
@echo
@echo make clean
@echo make clean_cf
@echo make clean_bdb
@echo make clean_openssl
all: build_cf install_cf
install_cf:
sudo make -C $(CF) install
install_bdb:
sudo make -C $(DB)/build_unix install
build_cf: $(CF)/Makefile
make -j 4 -C $(CF)
build_bdb: $(DB)/Makefile
make -j 4 -C $(DB)/build_unix
$(CF)/Makefile: $(CF)
cd $(CF) && ./configure --prefix=$(CFROOT) --with-berkeleydb=$(CFROOT) --with-openssl=$(CFROOT)
$(DB)/Makefile: $(DB)
cd $(DB)/build_unix && ../dist/configure --prefix=$(CFROOT)
$(CF): $(CF).tar.gz
gtar -xzvf $<
touch $@
$(DB): $(DB).tar.gz
gtar -xzvf $<
touch $@
clean: clean_bdb clean_cf clean_openssl
clean_cf:
rm -rf $(CF)
clean_bdb:
rm -rf $(DB)
install_openssl:
sudo make -C $(OSSL) install
# openssl does not like -j 4
build_openssl: $(OSSL)/Makefile
make -C $(OSSL)
$(OSSL)/Makefile: $(OSSL)
cd $(OSSL) && ./Configure --prefix=$(CFROOT) $(OSSLTARGET) shared
$(OSSL): $(OSSL).tar.gz
gtar -xzvf $<
touch $@
clean_openssl:
rm -rf $(OSSL)
To figure out the name of the package that contains a given file, use:
pkgchk -lp /path/to/file
pkginfo -x | cut -f1 -d " " | grep gnome > /tmp/rmpackages pkgrm -n `cat /tmp/rmpackages`
You might need to drop the -n to make pkgrm interactively. Or if you are sure that you want to reply “yes” to all:
yes | pkgrm `cat /tmp/rmpackages`
After installing Solaris and blundering around for a little while, I realized that I would go crazy if I couldn’t use my normal tools (e.g., nano, emacs, screen, etc.) There are two popular sites where you can install free software: http://sunfreeware.com and http://blastwave.com. Both sites are excellent, but there are some differences. One major difference is that on http://sunfreeware.com you will need to install package dependencies yourself. However, on http://blastwave.com, the pkg-get package will install package dependencies automatically for you. On a lot of packages, I find that http://sunfreeware.com has more recent versions of software packages whereas http://blastwave.com allows you to choose from stable and unstable, which might be more attractive for System Administrators looking for stability. We’ll focus on http://blastwave.com first. For more in-depth instructions, read http://www.blastwave.org/howto.html.
First, install pkg-get from http://blastwave.com.
/usr/sbin/pkgadd -d http://www.blastwave.org/pkg_get.pkg
Edit the /opt/csw/etc/pkg-get.conf file and change the default mirror to something more appropriate. I used http://www.gtlib.gatech.edu/pub/blastwave/stable
vi /opt/csw/etc/pkg-get.conf
When using pkg-get to install packages from http://blastwave.com, you will be asked to confirm certain questions. This gets annoying quickly, especially if you are installing a package with many dependencies. To turn this off, type the command:
cp -p /var/pkg-get/admin-fullauto /var/pkg-get/admin
You can edit the /var/pkg-get/admin file to customize what types of confirmations to be asked by the pkg-get utility.
To get started check out the listing of available packages at http://www.blastwave.org/packages.php. Install packages using the pkg-get install <pkgname> syntax or pkg-get -i <pkgname>. To find out all available options, run pkg-get with no arguments.
I pulled these instructions from http://www.gnome.org/learn/access-guide/latest/sysadmin-27.html.
#AddGtkModules=false
This step enables the GtkModules. Next, uncomment the line:
#GtkModulesList=gail:atk-bridge:dwellmouselistener:keymouselistener
This step loads all of the GtkModules to enable assistive technologies such as On-Screen Keyboard and Screen Reader and Magnifier. You can edit the line above further to load only the GtkModules that you require to support the user base. For optimum accessibility, include gail and atk-bridge.
/usr/dt/bin/dtconfig -d
# svccfg import /var/svc/manifest/application/gdm2-login.xml
# svcadm enable application/gdm2-login
>/etc/X11/gdm/home
(Note: after enabling gdm with the svcadm enable application/gdm2-login command, my X display went foobar. I had to ssh into the machine to finish the commands and reboot. YMMV)
There is a lot more information at http://library.gnome.org/admin/gdm/unstable/solaris.html.en.
TODO: provide instructions for reverting back to dt if desired
Note: These instructions assume that this is a system that’s being used using X11 for a single person.
/opt/csw/bin/synergyc HOSTNAME_or_IP; sysmodmap=/etc/X11/Xmodmap
/opt/csw/bin/synergyc HOSTNAME_or_IP; XSETROOT=`gdmwhich xsetroot`
/usr/bin/pkill synergyc
/usr/bin/pkill synergyc; SESSREG=`gdmwhich sessreg`
If you have installed any alternative window managers from http://blastwave.com or elsewhere, you may be wondering how to get them to show up as options in the GDM session list. For example, I installed fluxbox (pkg-get -i fluxbox) and want to make it my default window manager after logging into GDM. The directory /usr/share/xsessions holds a number of .desktop files that contain information about the available sessions that GDM is configured for. To add a session to GDM, we simply need to create our own .desktop file and add it to this directory. For my fluxbox example, create a file called /usr/share/xsessions/fluxbox.desktop with the following contents:
[[Desktop|Entry]] Encoding=UTF-8 Name=Fluxbox Comment=Fluxbox Exec=/opt/csw/bin/fluxbox Type=Application
For a different window manager, simply change the Name and Comment field with whatever you like, then update the Exec field to be the command that launches your window manager. Now the next time you login to GDM, you will see your entry in the Sessions menu.
Upon entering Fluxbox, I noticed that the default PATH had been changed. So I changed the DefaultPath option in the /etc/X11/gdm/gdm.conf file... but this still didn’t help. I’m not sure why as the GDM documentation says that either the DefaultPath option will be used or the environment from /etc/default/login will be used. I ended up explicitly setting the PATH variable in the /usr/share/xsessions/fluxbox.desktop file:
[[Desktop|Entry]] Encoding=UTF-8 Name=Fluxbox Comment=Fluxbox Exec=env PATH=/opt/csw/bin:/bin:/sbin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/ccs/bin:/usr/ucb:/usr/openwin/bin:/usr/dt/bin /opt/csw/bin/fluxbox Type=Application
Hint: If you want to run fluxbox-generate_menu, open the file /opt/csw/bin/fluxbox-generate_menu in your favorite editor and changing the top line to read #!/bin/bash instead of #!/bin/sh.
Upgrading to a new Solaris release with Live Upgrade is done by:
Use lofiadmin to create a loopback device associated with a given .iso file:
lofiadm -a /Users/Shared/Software/centos/CentOS-4.5-i386-binDVD.iso mount -F hsfs /dev/lofi/1 /Users/Shared/Software/centos/cd
When done undo with the following:
umount /Users/Shared/Software/centos/cd lofiadmin -d /dev/lofi/1
Get a cluster of patches unzipped into /var/spool/patch/10_x86_Recommended
cd /var/spool/patch/10_x86_Recommended ./install_cluster
For more installation messages refer to the installation logfile:
/var/sadm/install_data/Solaris_10_x86_Recommended_Patch_Cluster_log
Use ‘/usr/bin/showrev -p’ to verify installed patch-ids.
Step-by-Step
First we setup the jumpstart server (stuff that you should type is in bold)
Now we boot from the network and send the install command to net boot
| command | notes |
|---|---|
| prtdiag -d | get information on fans |
| ndd | get information on ethernet cards |
| psrinfo -v | get information on CPU |
Examples:
**ndd /dev/nge0 \?** ? (read only) autoneg_cap (read only) pause_cap (read only) asym_pause_cap (read only) 1000fdx_cap (read only) 1000hdx_cap (read only) 100T4_cap (read only) 100fdx_cap (read only) 100hdx_cap (read only) 10fdx_cap (read only) 10hdx_cap (read only) adv_autoneg_cap (read only) adv_pause_cap (read and write) adv_asym_pause_cap (read and write) adv_1000fdx_cap (read and write) adv_1000hdx_cap (read and write) adv_100T4_cap (read only) adv_100fdx_cap (read and write) adv_100hdx_cap (read and write) adv_10fdx_cap (read and write) adv_10hdx_cap (read and write) lp_autoneg_cap (read only) lp_pause_cap (read only) lp_asym_pause_cap (read only) lp_1000fdx_cap (read only) lp_1000hdx_cap (read only) lp_100T4_cap (read only) lp_100fdx_cap (read only) lp_100hdx_cap (read only) lp_10fdx_cap (read only) lp_10hdx_cap (read only) link_status (read only) link_speed (read only) link_duplex (read only) link_autoneg (read only) link_rx_pause (read only) link_tx_pause (read only) loop_mode (read only)
**ndd /dev/nge0 link_speed** 100
*.debug /var/adm/messages</coede> - edit /etc/default/autofs and ensure that you have the following values <code># Verbose mode. Notifies of autofs mounts, unmounts, or other # non-essential events. This equivalent to the "-v" argument. AUTOMOUNT_VERBOSE=TRUE # Verbose. Log status messagess to the console. # This is equivalent to the "-v" argument. AUTOMOUNTD_VERBOSE=TRUE # Trace. Expand each RPC call and display it on standard output. # This is equivalent to the "-T" argument. AUTOMOUNTD_TRACE=1
svcs -l autofs /var/svc/log/system-filesystem-autofs:default.log
cat /etc/ldap/slapd.conf loglevel=256
ldapsearch -x -h myserver -b "automountMapName=auto_home,dc=example,dc=com" "(&(objectclass=automount)(automountKey=myuser))"
. If your server is not returning anything, you might need to redo your index
SLAPD_INIT="/etc/init.d/slapd"
$SLAPD_INIT stop
sleep 1
if pgrep slapd > /dev/null; then
/usr/sbin/slapindex
chown -R openldap:openldap /var/lib/ldap/
$SLAPD_INIT start
else
echo "Could not stop slapd" 1>&2
fi
Insert the CD/DVD for Solaris 10 and choose “Single user shell”, or boot your SPARC based system with: reboot – -s. Then your / (root) tree will be mounted in /a and you can do:
cat /a/etc/vfstab umount /etc/mnttab /sbin/mount -F mntfs mnttab /etc/mnttab ... mount each drive from vfstab inside /a ... chroot /a /bin/bash ... then perform your changes ...
Simple uh?
truss /sbin/foo # same as strace in Linux
# download Sun Studio software wget 'http://link' -O Sun-Studio-SunOS.tar.bz2 bunzip2 Sun-Studio-SunOS.tar.bz2 tar xf Sun-Studio-SunOS.tar cd SunStudio12u1-SunOS-SPARC-pkgs sudo ./SunStudio12u1-SunOS-SPARC-pkgs.sh --non-interactive-accept-license --current-zone-only
Report all available data from start time (-s) to end time (-e) using the named file by (-f) (this sa21 represents the 21st day of this month):
sar -A -e 17:00 -s 12:30 -f /var/adm/sa/sa21 | more
You can use the SP directly without using ALOM. ALOM interface is more user-friendly though.
To reboot a system you can do:
To start the console you can do:
Use ESC + ( to exit back to the SP.
You can use cd to change to different targets and you can use show to show all properties under a target tree. This is very intuitive once you know UNIX.
Say you need to get to the console that manages www.example.com (on a serial console device like lsi):
‘dig www.example.com TXT’ to get the record on DNS that tells what console server manages ‘www’‘sudo ssh foobar’ to get to the box in question, in this case managed by ‘foobar’‘connect 13’ ‘#.’ to login as admin to the ALOM‘help’ to see what you can do (see list below)| Command | Note |
|---|---|
| ESC + Shift + B | Takes you to the “ok” prompt where you can type ‘boot -r’ to reboot a system |
| ESC + Shift + A | Ends the console session |
| Shift + # + . | drops to the ALOM prompt |
| Command | Note |
|---|---|
| console | connects to the console |
| help | shows list of commands |
| poweron | powers on the machine (boot or reset) |
| powercycle | reboots the machine |
iostat -xtnp 2
Now login to the serial console, poweron the system and boot
sc> setupsc Entering Interactive setup mode. To exit and discard changes to that point, use Ctrl-C or to exit and save changes to that point, use Ctrl-Z. Do you wish to configure the enabled interfaces [y]? y Should the SC network interface be enabled [y]? y Should the SC interface connection type be set [ssh]? ssh Should the SC email alerts be enabled [y]? n Do you wish to configure the network interface [y]? y Should the SC use DHCP to obtain its network configuration [y]? n Enter the SC IP address [100.100.100.100]? 192.168.1.203 Enter the SC IP netmask [255.255.255.0]? 255.255.255.0 Enter the SC IP gateway address [100.100.100.100]? 192.168.1.1 Do you wish to configure the network management interfaces [y]? y Enter the number of mail servers to configure [0]? 0 Do you wish to configure the SC parameters [y]? n Do you wish to configure the platform diagnostic parameters [y]? n Your ALOM configuration profile has been successfully completed. To activate your network configuration, please enter 'setsc netsc_commit true' at sc prompt. sc> setsc netsc_commit true sc> flashupdate -s 192.168.0.33 -f firmware/T5120-7_2_7_d-SPARC.pkg sc> resetsc