20081127

Core system support - the journey begins

OK, I've installed 'core system support' software group. Solaris has started.
What now? There's for ex. no ssh service, no bash or zsh shell.
So I've decided to mount dvd image and install additional packages.

But... which dsk device is the right one?
No mounted device, no vfstab entry, no cdrom life marks on planet Solaris.

I've found it finally with:

for d in `ls /dev/dsk/*s2`; do prtvtoc $d; sleep 2; done

The right one is that with only one slice, with sector count of 4509440 (dvd image size):

* First Sector Last
* Partition Tag Flags Sector Count Sector Mount Directory
0 5 01 0 4509440 4509439
2 5 01 0 4509440 4509439

Mount:

mount -F hsfs -o ro /dev/dsk/c1t0d0s2 /cdrom

and install desired software:

pkgadd -R /a -d /cdrom/Solaris_10/Product
[...]

Select package(s) you wish to process (or 'all' to process all packages).
(default: all) [?,??,q]: SUNWsshcu,SUNWsshr,SUNWsshu,SUNWsshdr,SUNWsshdu,SUNWbash,SUNWzsh

I've used the -R switch because I've done the work inside the shell session invoked from the Installation menu.
The root system has been mounted at /a directory.

20081117

libcrypt_d.so.1: open failed: No such file or directory

During the rubygems installation process I've encountered the following problem:

thumper [/export/install/sources/rubygems-1.3.1]# ruby setup.rb
ld.so.1: ruby: fatal: libcrypt_d.so.1: open failed: No such file or directory
Killed


Because of a cryptographic technology export restrictions there's no build-in support for some of the algorithms.

To accomplish the task you should download and install 'Solaris 10 Encryption Kit for Sparc / x86'.
Enjoy the screener:


thumper [/export/install]# unzip sol-10-encrypt-GA-iso.zip
thumper [/export/install]# lofiadm -a /export/install/sol-10-encrypt-GA.iso
/dev/lofi/1
thumper [/export/install]# mount -F hsfs -o ro /dev/lofi/1 /mnt
thumper [/export/install]# mount -p | tail -1
/dev/lofi/1 - /mnt hsfs - no ro,noglobal,maplcase,rr,traildot
thumper [/export/install]# pkgadd -d /mnt/Encryption_10/i386/Packages

The following packages are available:
1 SUNWcrman Encryption Kit On-Line Manual Pages
(i386) 10.0,REV=52.0
2 SUNWcry Crypt Utilities
(i386) 11.10.0,REV=2005.01.21.16.34
3 SUNWcryr Solaris Root Crypto
(i386) 11.10.0,REV=2005.01.21.16.34

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all
[...]

thumper [/export/install]# umount /mnt
thumper [/export/install]# lofiadm -d /dev/lofi/1
thumper [/export/install]# find /usr/lib -name libcrypt_d*
/usr/lib/amd64/libcrypt_d.so
/usr/lib/amd64/libcrypt_d.so.1
/usr/lib/libcrypt_d.so
/usr/lib/libcrypt_d.so.1


To make your ruby/gem environment fully usable don't forget to install coreutils and make sunfreeware packages.
I've also linked the ginstall to install command:

thumper [/usr/local/bin]# ln -s install ginstall

It's a solution for the gem package builder error messages.

20081108

On which partition?

Last time I wrote the script for Messaging Server backups I faced the problem with proper partition selection. It's easy to achieve with a mboxutil utility... but I only need the names of the account and a corresponding partition.

Up to today I've used the solution with sed & awk. But I hate using many tools where the swiss army knife is available.
So...

# mboxutil -l -x| sed 's/.*user\/\(.*\)\/INBOX.*partition\/\(.*\)\/\=user\/.*/\1 \2/p;d'
admin primary
marcin.wisnios@somedomain.com secondary

20080925

disable solaris services

Solaris installation comes with wide range of exposed net services. You could reduce it by using netservices limited command or by applying Generic Limited Networking profile of services.

# cd /var/svc/profile
# mv generic.xml _generic.xml
# ln -s generic_limited_net.xml generic.xml
# svccfg apply /var/svc/profile/generic_limited_net.xml


Unfortunately there are still some of them left, ex. webconsole, rpc/bind.
I like plain environment, with only ssh service exposed. It could be simply done with this litte piece of code:


#!/bin/bash

SERVICES='autofs cde fc-cache ktkt_warn management ogl-select print rpc sendmail stfsloader stosreg webconsole'

netservices limited

for S in $SERVICES; do
for SVC in `svcs |sed "/$S/!d;s/.*\ svc/svc/"`; do
svcadm disable $SVC
done
done

20080924

Sun Web Server autostart

To disable - modify /etc/init.d/webserver7-4cfd5aeb.

-WS_START_ONBOOT=1
+WS_START_ONBOOT=0

20080915

primary label corrupt

During the ZFS testing process I've used dd command to erase the disk fragment with /dev/urandom (testing the ability of raidz crash handling). After resilvering there was still information on my console and dmesg log:

Sep 15 07:42:00 thumper scsi: [ID 107833 kern.warning] WARNING: /pci@0,0/pci1022,7458@1/pci11ab,11ab@1/disk@0,0 (sd2):
Sep 15 07:42:00 thumper primary label corrupt; using backup


I've resolved this with a format command.
It could be done in the following way.

thumper [/]# format
Searching for disks...done


AVAILABLE DISK SELECTIONS:
0. c0t0d0
/pci@0,0/pci1022,7458@1/pci11ab,11ab@1/disk@0,0
[...]

Specify disk (enter its number): 0
selecting c0t0d0
[disk formatted]
Reading the primary EFI GPT label failed. Using backup label.
Use the 'backup' command to restore the primary label.

format> backup
Restoring primary label.
format> label
Ready to label disk, continue? y

format> quit

20080704

init_htent: error parsing IP address for host


# imsimta run tcp_intranet
init_htent: error parsing IP address for host #1


You have to check your /etc/inet/hosts entries.
At the first line (#1), ignoring the comment lines, there was IPv6 entry for localhost.

::1 localhost


After removal the problem has gone.

20080630

oneliner

I use sed delete negation to remove lines that do not match the pattern.
In the following example I want to delete the improper ssh-key entries from an authorized_keys file.
Ex.

sed -e '/^environment.*USER.*/!d' .ssh/authorized_keys

I do not allow usage of ssh session without set USER environment variable.

20080627

Registering Solaris System from the command line


bladerunner [/usr/lib/breg/data]# cp RegistrationProfile.properties /tmp/
bladerunner [/usr/lib/breg/data]# cd /tmp
bladerunner [/tmp]# vim RegistrationProfile.properties
[...]
#
# Sun Online account information. A new account can be created by visiting
# http://updates.sun.com
#
userName=wisnios
password=MySunOnlinePassword

#
# Name (label) of this machine as you would like it to appear on the Sun Connection
# portal. If left blank hostname will be used
#
hostName=bladerunner

[...]
:wq

bladerunner [/tmp]# /usr/sbin/sconadm register -a -r /tmp/RegistrationProfile.properties
sconadm is running
Authenticating user ...
finish registration!

20080626

How to determine the Sun Java System Directory Server version

Ex.

# /opt/SUNWdsee/ds6/lib/ns-slapd -v
Sun Microsystems, Inc.
Sun-Java(tm)-System-Directory/6.0 B2007.025.1834 32-bit
[...]


ver. 6.0

It could also be accomplished by:

# dsadm --version
[dsadm]
dsadm : 6.0 B2007.025.1834

[slapd 32-bit]
Sun Microsystems, Inc.
Sun-Java(tm)-System-Directory/6.0 B2007.025.1834 32-bit
ns-slapd : 6.0 B2007.025.1834
Slapd Library : 6.0 B2007.025.1834
Front-End Library : 6.0 B2007.025.1834

[slapd 64-bit]
Sun Microsystems, Inc.
Sun-Java(tm)-System-Directory/6.0 B2007.025.1834 64-bit
ns-slapd : 6.0 B2007.025.1834
Slapd Library : 6.0 B2007.025.1834
Front-End Library : 6.0 B2007.025.1834

20080522

Call to undefined function pg_connect()

When using coolstack and trying to connect to postgresql database from php script the following error appear:

Call to undefined function pg_connect() in somescript.php on line XX

The reason is default php configuration; php.ini doesn't know anything about postgresql extension, only mysql (finally, it's Solaris AMP - Apache MySQL PHP). To resolve the undesirable behaviour add:

extension="pgsql.so"

to php.ini configuration.


Cool Stack 1.2
Default file location:
/opt/coolstack/php5/lib/php.ini
/opt/coolstack/php5/lib/php/extensions/no-debug-non-zts-20060613/pgsql.so

20080504

ZFS dataset inside a non-global zone

To achieve the usage of global ZFS dataset inside a non-global zone you have to set the zoned attribute to on. It could be done during the dataset creation (zfs create -o zoned=on DATASET) or after the creation process:

zfs set zoned=on DATASET


Without this option the zone startup process will fail, ex.

sunflower [/]# zoneadm -z samba boot
zoneadm: zone 'samba': These file-systems are mounted on subdirectories of /export/zones/samba/root:
zoneadm: zone 'samba': /export/zones/samba/root/export/vol1
zoneadm: zone 'samba': call to zoneadmd failed

20080420

Disable Solaris GUI

It could be done by using one of the two methods.
The first one does its job immediate.

# svcadm disable cde-login

(You could also use the full FMRI, svc:/application/graphical-login/cde-login:default)

The second one takes place during the next startup.

# /usr/dt/bin/dtconfig -d

(Use -e switch to enable auto-start)

20080413

OpenSolaris on MacBook Pro

The purpose of this post is not to give the recipe for an overall installation.
I've written down a few notes about the network configuration.

I've used the Parallels virtualization and OpenSolaris b79b. Parallels emulates the Realtek 8029(AS) network card but there's no support inside the OS.
To complete this task perform the following steps:

1. Mount vmtools.iso as CD/DVD-ROM (/Library/Parallels/Tools/vmtools.iso)
2. Turn off the eeprom DMA property (atapi-cd-dma-enabled) - before the boot process edit the grub menu list (press 'e') and add the following to the kernel line:

grub edit> kernel$ /platform/i86pc/kernel/$ISADIR/unix -B atapi-cd-dma-enabled=0

Boot with a 'b' key.
3. Install the requested driver:

# cd /cdrom/prltools/Drivers/Network/RTL8029/SOLARIS
# ./network.sh
[...]
Will you receive IP address from DHCP server (Y/N)


If you've chosen the answer 'N', enter the requested values:

Enter IP address of the virtual machine:
Enter network address:
Enter network mask:
Enter default gateway IP address:


The script will modify the following files:
/etc/inet/hosts
/etc/hostname.ni0
/etc/netmasks
/etc/defaultrouter
or
/etc/dhcp.ni0
/etc/hostname.ni0
(if the 'Y' have been chosen)

Now, reboot the system.

During the boot process you could see the information:

WARNING: ni0: niattach: SA_eeprom is funny, assuming byte-mode

but everything should be just fine.