Core system support - the journey begins

OK, I've installed 'core system support' software group. Solaris has started.
What now? There's for ex. no ssh service, no bash or zsh shell.
So I've decided to mount dvd image and install additional packages.

But... which dsk device is the right one?
No mounted device, no vfstab entry, no cdrom life marks on planet Solaris.

I've found it finally with:

for d in `ls /dev/dsk/*s2`; do prtvtoc $d; sleep 2; done

The right one is that with only one slice, with sector count of 4509440 (dvd image size):

* First Sector Last
* Partition Tag Flags Sector Count Sector Mount Directory
0 5 01 0 4509440 4509439
2 5 01 0 4509440 4509439


mount -F hsfs -o ro /dev/dsk/c1t0d0s2 /cdrom

and install desired software:

pkgadd -R /a -d /cdrom/Solaris_10/Product

Select package(s) you wish to process (or 'all' to process all packages).
(default: all) [?,??,q]: SUNWsshcu,SUNWsshr,SUNWsshu,SUNWsshdr,SUNWsshdu,SUNWbash,SUNWzsh

I've used the -R switch because I've done the work inside the shell session invoked from the Installation menu.
The root system has been mounted at /a directory.


libcrypt_d.so.1: open failed: No such file or directory

During the rubygems installation process I've encountered the following problem:

thumper [/export/install/sources/rubygems-1.3.1]# ruby setup.rb
ld.so.1: ruby: fatal: libcrypt_d.so.1: open failed: No such file or directory

Because of a cryptographic technology export restrictions there's no build-in support for some of the algorithms.

To accomplish the task you should download and install 'Solaris 10 Encryption Kit for Sparc / x86'.
Enjoy the screener:

thumper [/export/install]# unzip sol-10-encrypt-GA-iso.zip
thumper [/export/install]# lofiadm -a /export/install/sol-10-encrypt-GA.iso
thumper [/export/install]# mount -F hsfs -o ro /dev/lofi/1 /mnt
thumper [/export/install]# mount -p | tail -1
/dev/lofi/1 - /mnt hsfs - no ro,noglobal,maplcase,rr,traildot
thumper [/export/install]# pkgadd -d /mnt/Encryption_10/i386/Packages

The following packages are available:
1 SUNWcrman Encryption Kit On-Line Manual Pages
(i386) 10.0,REV=52.0
2 SUNWcry Crypt Utilities
(i386) 11.10.0,REV=2005.
3 SUNWcryr Solaris Root Crypto
(i386) 11.10.0,REV=2005.

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all

thumper [/export/install]# umount /mnt
thumper [/export/install]# lofiadm -d /dev/lofi/1
thumper [/export/install]# find /usr/lib -name libcrypt_d*

To make your ruby/gem environment fully usable don't forget to install coreutils and make sunfreeware packages.
I've also linked the ginstall to install command:

thumper [/usr/local/bin]# ln -s install ginstall

It's a solution for the gem package builder error messages.


On which partition?

Last time I wrote the script for Messaging Server backups I faced the problem with proper partition selection. It's easy to achieve with a mboxutil utility... but I only need the names of the account and a corresponding partition.

Up to today I've used the solution with sed & awk. But I hate using many tools where the swiss army knife is available.

# mboxutil -l -x| sed 's/.*user\/\(.*\)\/INBOX.*partition\/\(.*\)\/\=user\/.*/\1 \2/p;d'
admin primary
marcin.wisnios@somedomain.com secondary


disable solaris services

Solaris installation comes with wide range of exposed net services. You could reduce it by using netservices limited command or by applying Generic Limited Networking profile of services.

# cd /var/svc/profile
# mv generic.xml _generic.xml
# ln -s generic_limited_net.xml generic.xml
# svccfg apply /var/svc/profile/generic_limited_net.xml

Unfortunately there are still some of them left, ex. webconsole, rpc/bind.
I like plain environment, with only ssh service exposed. It could be simply done with this litte piece of code:


SERVICES='autofs cde fc-cache ktkt_warn management ogl-select print rpc sendmail stfsloader stosreg webconsole'

netservices limited

for S in $SERVICES; do
for SVC in `svcs |sed "/$S/!d;s/.*\ svc/svc/"`; do
svcadm disable $SVC


Sun Web Server autostart

To disable - modify /etc/init.d/webserver7-4cfd5aeb.



primary label corrupt

During the ZFS testing process I've used dd command to erase the disk fragment with /dev/urandom (testing the ability of raidz crash handling). After resilvering there was still information on my console and dmesg log:

Sep 15 07:42:00 thumper scsi: [ID 107833 kern.warning] WARNING: /pci@0,0/pci1022,7458@1/pci11ab,11ab@1/disk@0,0 (sd2):
Sep 15 07:42:00 thumper primary label corrupt; using backup

I've resolved this with a format command.
It could be done in the following way.

thumper [/]# format
Searching for disks...done

0. c0t0d0

Specify disk (enter its number): 0
selecting c0t0d0
[disk formatted]
Reading the primary EFI GPT label failed. Using backup label.
Use the 'backup' command to restore the primary label.

format> backup
Restoring primary label.
format> label
Ready to label disk, continue? y

format> quit


init_htent: error parsing IP address for host

# imsimta run tcp_intranet
init_htent: error parsing IP address for host #1

You have to check your /etc/inet/hosts entries.
At the first line (#1), ignoring the comment lines, there was IPv6 entry for localhost.

::1 localhost

After removal the problem has gone.



I use sed delete negation to remove lines that do not match the pattern.
In the following example I want to delete the improper ssh-key entries from an authorized_keys file.

sed -e '/^environment.*USER.*/!d' .ssh/authorized_keys

I do not allow usage of ssh session without set USER environment variable.


Registering Solaris System from the command line

bladerunner [/usr/lib/breg/data]# cp RegistrationProfile.properties /tmp/
bladerunner [/usr/lib/breg/data]# cd /tmp
bladerunner [/tmp]# vim RegistrationProfile.properties
# Sun Online account information. A new account can be created by visiting
# http://updates.sun.com

# Name (label) of this machine as you would like it to appear on the Sun Connection
# portal. If left blank hostname will be used


bladerunner [/tmp]# /usr/sbin/sconadm register -a -r /tmp/RegistrationProfile.properties
sconadm is running
Authenticating user ...
finish registration!


How to determine the Sun Java System Directory Server version


# /opt/SUNWdsee/ds6/lib/ns-slapd -v
Sun Microsystems, Inc.
Sun-Java(tm)-System-Directory/6.0 B2007.025.1834 32-bit

ver. 6.0

It could also be accomplished by:

# dsadm --version
dsadm : 6.0 B2007.025.1834

[slapd 32-bit]
Sun Microsystems, Inc.
Sun-Java(tm)-System-Directory/6.0 B2007.025.1834 32-bit
ns-slapd : 6.0 B2007.025.1834
Slapd Library : 6.0 B2007.025.1834
Front-End Library : 6.0 B2007.025.1834

[slapd 64-bit]
Sun Microsystems, Inc.
Sun-Java(tm)-System-Directory/6.0 B2007.025.1834 64-bit
ns-slapd : 6.0 B2007.025.1834
Slapd Library : 6.0 B2007.025.1834
Front-End Library : 6.0 B2007.025.1834


Call to undefined function pg_connect()

When using coolstack and trying to connect to postgresql database from php script the following error appear:

Call to undefined function pg_connect() in somescript.php on line XX

The reason is default php configuration; php.ini doesn't know anything about postgresql extension, only mysql (finally, it's Solaris AMP - Apache MySQL PHP). To resolve the undesirable behaviour add:


to php.ini configuration.

Cool Stack 1.2
Default file location:


ZFS dataset inside a non-global zone

To achieve the usage of global ZFS dataset inside a non-global zone you have to set the zoned attribute to on. It could be done during the dataset creation (zfs create -o zoned=on DATASET) or after the creation process:

zfs set zoned=on DATASET

Without this option the zone startup process will fail, ex.

sunflower [/]# zoneadm -z samba boot
zoneadm: zone 'samba': These file-systems are mounted on subdirectories of /export/zones/samba/root:
zoneadm: zone 'samba': /export/zones/samba/root/export/vol1
zoneadm: zone 'samba': call to zoneadmd failed


Disable Solaris GUI

It could be done by using one of the two methods.
The first one does its job immediate.

# svcadm disable cde-login

(You could also use the full FMRI, svc:/application/graphical-login/cde-login:default)

The second one takes place during the next startup.

# /usr/dt/bin/dtconfig -d

(Use -e switch to enable auto-start)


OpenSolaris on MacBook Pro

The purpose of this post is not to give the recipe for an overall installation.
I've written down a few notes about the network configuration.

I've used the Parallels virtualization and OpenSolaris b79b. Parallels emulates the Realtek 8029(AS) network card but there's no support inside the OS.
To complete this task perform the following steps:

1. Mount vmtools.iso as CD/DVD-ROM (/Library/Parallels/Tools/vmtools.iso)
2. Turn off the eeprom DMA property (atapi-cd-dma-enabled) - before the boot process edit the grub menu list (press 'e') and add the following to the kernel line:

grub edit> kernel$ /platform/i86pc/kernel/$ISADIR/unix -B atapi-cd-dma-enabled=0

Boot with a 'b' key.
3. Install the requested driver:

# cd /cdrom/prltools/Drivers/Network/RTL8029/SOLARIS
# ./network.sh
Will you receive IP address from DHCP server (Y/N)

If you've chosen the answer 'N', enter the requested values:

Enter IP address of the virtual machine:
Enter network address:
Enter network mask:
Enter default gateway IP address:

The script will modify the following files:
(if the 'Y' have been chosen)

Now, reboot the system.

During the boot process you could see the information:

WARNING: ni0: niattach: SA_eeprom is funny, assuming byte-mode

but everything should be just fine.