SGI/IRIX and Solaris: Difference between pages

From Smithnet Wiki
(Difference between pages)
Jump to navigation Jump to search
m (5 revisions imported)
 
 
Line 1: Line 1:
== Hardware ==
== General ==


Octane:
* [https://blogs.oracle.com/solaris/ Oracle Solaris Blog]
* IP30, Single 400 MHz R12000 CPU
* 1 GB RAM (fully populated)
* Odyssey Graphics (V8)
* 173 GB Fujitsu Disk (SCSI ID 1)
* Monitor: [https://dl.dell.com/manuals/all-products/esuprt_electronics/esuprt_display/dell-2007fp_user's%20guide_en-us.pdf Dell 2007FP] using 13W3-VGA converter
** Vertical: 56 Hz - 76 Hz (except 1600 x 1200: 60 Hz only)
** Horizontal: 30 kHz - 81 kHz
** SGI can drive 1024 x 768 / 75 Hz


Can use last IRIX version (6.5.30, released 2006-08).
=== Booting: x86 ===


See [http://web.ncf.ca/aa571/datfaq.htm here] for information on DAT drives that can play audio.
Into single-user mode:
* In grub menu, edit entry
* On $multiboot line, add "-s" to end
* CTRL-X to boot


=== Disk Partitions ===
Show Grub boot options:
bootadm list-menu


* 0: root filesystem
Set default menu option to second one:
* 1: swap
bootadm set-menu default=1
* ...
* 6: usr filesystem
* 7: entire usable portion, excluding volume header
* 8: volume header
* 9: non-SCSI bad block list
* 10: entire disk, including volume header
* ...
* 15: XFS log


From PROM:
Set the timeout:
* SystemPartition=xio(0)pci(15)scsi(0)disck(1)rdisk(0)partition(8)
bootadm set-menu timeout=10


== Command Monitor ARCS (PROM) ==
=== Booting: OpenBoot ===


Some commands (See full list [https://techpubs.jurassic.nl/manuals/0650/admin/IA_ConfigOps/sgi_html/ch09.html here]):
* ok> prompt: STOP-A or BRK
* help
banner
* init
reset-all
* hinv
probe-ide
* printenv
probe-scsi
* setenv
devaliases
* unsetenv
printenv boot-device
* passwd
setenv boot-device disk
* boot -f bootp()...
reset
** or just bootp()...


Note:
=== Package Management ===
* Set keyboard variable: keybd, eg "US" or "GB".
* Previous line: CTRL-P
* Disk specification: dksc(0,1,0)/file (for SCSI controller 0, unit 1, partition 0)


The "ping" command does not use ICMP echo, rather obsolete echo (7/udp), eg:
Show package publisher:
  09:37:49.278482 IP 0.0.0.0.3152 > 10.0.0.1.echo: UDP, length 64
  pkg publisher
09:37:49.278674 IP 10.0.0.1.echo > 10.0.0.2.3152: UDP, length 64


The IP "0.0.0.0" is used if the netaddr PROM variable is not set.
Show us only the packages for which newer versions are available:
pkg info -u


== Network installation ==
Update:
pkg update


In this procedure, we will use a BOOTP server to tell the SGI's PROM where to find in the Installation tools via TFTP. The installation tool itself obtains the full installation via RSH. These services are provided by a docker instance; this was running on Fedora 35.
Show SRU installed (look at Branch and Packaging Date):
pkg info entire


* Ensure no other BOOTP or DHCP servers are running on the network
Search for a package matching "ucb":
* Services are highly insecure, so recommend running for short time on isolated network
# pkg search ucb
* For this example:
INDEX      ACTION VALUE                                  PACKAGE
** sgi : 10.0.0.2
basename  file  usr/share/groff/1.22.3/font/devlj4/UCB pkg:/text/groff@1.22.3-11.4.0.0.1.14.0
** lin-docker : 10.0.0.1
basename  dir    usr/ucb                                pkg:/legacy/compatibility/ucb@11.4-11.4.0.0.1.15.0
pkg.fmri  set    solaris/compatibility/ucb              pkg:/compatibility/ucb@11.4-11.4.0.0.0.11.0
pkg.fmri  set    solaris/legacy/compatibility/ucb      pkg:/legacy/compatibility/ucb@11.4-11.4.0.0.1.15.0
# pkg install pkg:/compatibility/ucb@11.4-11.4.0.0.0.11.0


To monitor traffic, this tcpdump command is useful:
=== Services ===
tcpdump -i any -v -nn "portrange 67-69 or port 514 or port 7"


=== CD Images ===
List all enabled services (-a also shows disabled):
svcs


See [https://wiki.preterhuman.net/index.php?title=SGI_Media_Product_Numbers&mobileaction=toggle_view_desktop here] for list of SGI CD numbers. EFS CD images can be converted with [http://wiki.irixnet.org/EFS efs2tar] or download the tar archives.
Show long list about one service:
<pre>
# svcs -l apache24
fmri        svc:/network/http:apache24
name        Apache 2.4 HTTP server
enabled      true
state        online
next_state  none
state_time  Mon Nov 12 16:22:58 2018
logfile      /var/svc/log/network-http:apache24.log
restarter    svc:/system/svc/restarter:default
contract_id  2017
manifest    /lib/svc/manifest/network/http-apache24.xml
dependency  optional_all/error svc:/system/filesystem/autofs:default (online)
dependency  require_all/none svc:/system/filesystem/local:default (online)
dependency  require_all/error svc:/milestone/network:default (online)
</pre>


* [http://www.bitsavers.org/bits/SGI/mips/cd/irix_set1/ Bitasvers 1]
Enable a service:
* [http://www.bitsavers.org/bits/SGI/mips/cd/irix_set2/ Bitasvers 2]
svcadm enable apache24


Create structure installation, eg:
=== User Management ===
mkdir /home/user/irix
cd /home/user/irix


Download and extract tar archives to suitable subdirectories:
To give user ability to su to root:
* /etc/user_attr.d/local-entries


* 812-0818-030 [https://jrra.zone/sgi/cds/IRIX%206.5.30%20Installation%20Tools%20and%20Overlays%20%281%20of%203%29.iso IRIX 6.5.30 Installation Tools and Overlays (1 of 3)] : inst
To show status and unlock:
* 812-0819-030 [https://jrra.zone/sgi/tar/IRIX%206.5.30%20Overlays%20%282%20of%203%29.tar IRIX 6.5.30 Overlays (2 of 3)] : overlays2
passwd -s
* 812-0817-030 [https://jrra.zone/sgi/tar/IRIX%206.5.30%20Overlays%20%283%20of%203%29.tar IRIX 6.5.30 Overlays] : overlays3
passwd -u someuser
* 812-0759-002 [https://jrra.zone/sgi/tar/IRIX%206.5%20Foundation%201.tar IRIX 6.5 Foundation 1] : found1
* 812-0760-002 [https://jrra.zone/sgi/tar/IRIX%206.5%20Foundation%202.tar IRIX 6.5 Foundation 2] : found2
Common prerequisites for other packages:
* 812-0766-003 [https://jrra.zone/sgi/tar/IRIX%206.5%20Development%20Libraries%20February%202002.tar IRIX 6.5 Development Libraries] : dev_libs
* 812-0757-004 [https://jrra.zone/sgi/tar/IRIX%20Development%20Foundation%201.3.tar IRIX Development Foundation 1.3] : dev_found


Optional, but recommended:
To stop account lockout:
* 812-0774-002 [https://jrra.zone/sgi/tar/ONC3%20NFS%20Version%203.tar ONC3/NFS Version 3 for IRIX 6.2, 6.2, 6.4 and 6.5] : nfs
usermod -K lock_after_retries=no someuser
* 812-0877-030 [https://jrra.zone/sgi/tar/IRIX%206.5%20Applications%20August%202006.tar IRIX 6.5 Applications August 2006] : apps
* 812-1180-030 [https://jrra.zone/sgi/tar/IRIX%206.5%20Complementary%20Applications%20August%202006.tar IRIX 6.5 Complementary Applications August 2006] : capps


[https://terminals-wiki.org/wiki/index.php/User:Legalize/CD_Part_Numbers See here for Aug 2006 Freeware]
== iSCSI initiator (Static) ==


Freeware (Feb 2003):
Check initiator service is up:
* 812-0773-019 [https://jrra.zone/sgi/tar/Freeware%20%28part%201%20of%204%29.tar Freeware 1] : fware1
svcs network/iscsi/initiator
** autoconf
** apache2
** bash
** curl
* 812-0964-019 [https://jrra.zone/sgi/tar/Freeware%20%28part%202%20of%204%29.tar Freeware 2] : fware2
** gcc
* 812-1085-019 [https://jrra.zone/sgi/tar/Freeware%20%28part%203%20of%204%29.tar Freeware 3] : fware3
** make
** md5
** openssh
** postgresql
* 812-1137-019 [https://jrra.zone/sgi/tar/Freeware%20%28part%204%20of%204%29.tar Freeware 4] : fware4
** samba
** teTeX
** zfig
** zip


=== SGI ===
Add IP of storage system (use default port 3260):
iscsiadm add static-config iqn.2000-01.com.example:initiator01, 192.0.2.2:3260


Esc to enter SGI Command Monitor ([https://nixdoc.net/man-pages/IRIX/man1/prom.1.html PROM]) and note the MAC address:
Check targets:
  printenv eaddr
  iscsiadm list static-config


The BOOTP server does not to respond unless an IP is set to match what it has for the client:
CHAPS enable:
  setenv netaddr 10.0.0.2
  iscsiadm modify initiator-node --authentication CHAP


=== Docker Setup ===
Set user, and secret (password):
iscsiadm modify initiator-node --CHAP-name someuser
iscsiadm modify initiator-node --CHAP-secret
  Enter CHAP secret: ************
  Re-enter secret: ************


This docker image provides the services:
Enable:
* echo (7/udp)
iscsiadm modify discovery --static enable
** For response to PROM's "ping"; not used during installation
* bootps (67/udp)
** Privides BOOTP response, gives out an IP and points to TFTP sever
* tftp (69/udp)
** Allows the transfer of initial installer tools
* shell (514/tcp)
** Used by Inst to transfer the majority of data


Download [https://hub.docker.com/r/nickpgsmith/irix-install/ this] docker image and check:
Show initiator status:
  docker pull nickpgsmith/irix-install
iscsiadm list initiator-node
  docker images
  iscsiadm list target
  iscsiadm list target-param -v


Create a [https://www.net.princeton.edu/software/dhcpd/bootptab.5.html bootptab] file in /home/user/irix:
Show iSCSI disks:
  sgi:ha=0800690b9e1f:sa=10.0.0.1:ds=10.0.0.1:rp=/data
  iscsiadm list target -S | grep "OS Device Name"


where ha is the Ethernet address of the SGI, sa is the IP of the TFTP server, ds is the IP of the DNS server.


Start Docker image (as root):
See also: [https://docs.oracle.com/cd/E53394_01/html/E54792/iscsi-1.html#scrolltoc Oracle Docs]
docker run --name irix --network host --add-host sgi:10.0.0.2 --volume /home/user/irix:/data:ro,Z -it nickpgsmith/irix-install


Ensure firewall is not blocking:
== Kerberos ==
firewall-cmd --add-port="7/udp"
firewall-cmd --add-port="67/udp"
firewall-cmd --add-port="69/udp"
firewall-cmd --add-port="514/tcp"


or:
Client: kclient
systemctl stop firewalld


Can boot standalone shell with any of:
== Networking ==
boot -f bootp()lin-docker:/inst/dist/sa(sash64)
boot -f bootp()lin-docker:inst/dist/sa(sash64)
bootp():/inst/dist/sa(sash64)
bootp():inst/dist/sa(sash64)


NOTE: It seems like replacing the hostname ("lin-docker") with the IP does not work.
[https://www.oracle.com/technetwork/articles/servers-storage-admin/s11-network-config-1632927.html networking]


=== Disk Labelling ===
Check status:
dladm show-link


The disk needs to have an SGI label and partition structure. Invoke disk partitioner with either:
Show hostname:
  boot -f bootp():inst/stand/fx.64 --x
  svccfg -s system/identity:node listprop config
bootp():inst/stand/fx.64 -x


Accept defaults for disk: dksc(0,1,0)
Set hostname:
  fx: "device-name" = (dksc)
  svccfg -s system/identity:node setprop config/nodename="my-sol-host"
  fx: ctlr# = (0)
  svccfg -s system/identity:node setprop config/loopback="localhost
fx: drive# = (1)
...opening dksc(0,1,0)


To show current partitions:
== NTP ==
* /label/show/partitions


Partition root drive (for OS installation) with defaults:
Client:
* /label/create/all
cd /etc/inet; cp ntp.client > ntp.conf


By default, 128 MB of swap is allocated as partition 1. To change, use:
(edit file)
* /repartition/resize


A non-root disk can be partitioned:
svcadm enable ntp
* /repartition/optiondrive
svcadm start ntp


Erase disk and check surface for bad blocks (slow):
== Reset root password ==
* /exercise/sequential
* modifier = “wr-c”, enter start and number of blocks


Exit:
* Boot from CD
* /exit
* Select option 3: Shell


See also [https://nixdoc.net/man-pages/IRIX/man1/fx.1.html here]
Check availability of rpool (none expected):
zpool list


=== Installation ===
Import rpool:
zpool import -f -R /a rpool


(Graphical):
df -h should show some filesystems under /a
* Select "Install System Software"
* Select "Remote Directory"
** For "remote host" enter the hostname of the install server (lin-docker)
** For "remote directory" enter the sub-directory from the /home/user/irix base where the stand-alone shell (sa) is located (inst/dist)


This is equivalent to the command:
Show zfs filesystems, check for root/ROOT/...
  xio(0)pci(15)multi(0)network(0)bootp()lin-docker:inst/dist/sa(sash64)
  zfs list


(From PROM Command Prompt):
Set mount point for root filesystem:
  bootp():inst/dist/miniroot/unix.IP30
  zfs set mountpoint=/mnt_tmp rpool/ROOT/11.4-11.4.31.0.1.88.5


Installer will present:
Check new entry under /mnt/tmp has been added:
* If there is a newly partitioned disk, a report of no realroot will be seen:
zfs list
** Confirm create new file system on /dev/dsk/realroot
* Choose 4096 bytes blocksize for disks ~> 4 GB
* Enter hostname, IP, Netmask
* Inst 4.1 Main Menu (Inst> prompt)
** For nonclean disks: 13/11/y/yes
** Change hostname and IP: 13/12 and 13/13


NOTE: >Inst uses rsh (not TFTP) so subsequent paths are relative to / not /data
Mount filesystem:
* Open Source: 2
zfs mount rpool/ROOT/11.4-11.4.31.0.1.88.5
* Choose location (/data is the mount point within docker)
** lin-docker:/data/inst/dist
*** Confirm network address
*** Choose feature stream (2)
* Continue to add additional disks from RSH root:
** lin-docker:/data/overlays2/dist
** lin-docker:/data/overlays3/dist
** lin-docker:/data/found1/dist
** lin-docker:/data/found2/dist
** lin-docker:/data/nfs/dist
** lin-docker:/data/apps/dist
** lin-docker:/data/capps/dist
** lin-docker:/data/apps/dev_libs
** lin-docker:/data/capps/dev_found
* Return to >Inst (11)


keep *
Remove password hash from /a/mnt_tmp/etc/shadow
install standard
install eoe.sw.ipv6
install eoe.man.ipv6
install eoe.man.ipv6_rn


Check for conflicts; will report: java2_plugin.sw.mozilla_freeware and inventor_dev.sq.base
Reset mount point:
  (because Development Foundation is not installed here) and remove:
zfs umount rpool/ROOT/11.4-11.4.31.0.1.88.5
conflicts
  zfs set mountpoint=/ rpool/ROOT/11.4-11.4.31.0.1.88.5
  conflicts 1a 2a
  zpool export rpool


Start installation:
* Reboot server
go
* edit grub menu ("e")
* on line starting $multiboot, append "-s" option for single-user mode
* enter "root" and once in shell, change root password
* reboot


After transfer over the network, Requickstart ELF files:
== Resource Pools ==
quit


and confirm restart into the new OS installation
Disks can be listed and formatted with:
format


=== EZsetup Post-installation ===
Will show at least the root pool (rpool):
zpool list
zpool status


Login with EZsetup account
Show zfs file systems:
Step 1:
zfs list
* Improve Security: disable or set passwords for accounts: root, lp, nuucp, EZsetup, demos, OutOfBox, guest
* Enable/disable Java/JavaScript
* Turn off NIS
* Use shadow password file
* Require passwords
* Disable Visual Login
* Disable privilege users (leaving only root)
* Protect new users' files
* Disable remote X
* Disable IP forwarding
* Disable OOTB WebServer


Step 2:
Create a new pool from one device (file, or disk device):
* Setup networking (DHCP/static)
zpool create pool1 /root/disk1
zpool list pool1
zfs list pool1


Step 3:
Add a second disk, and zfs capacity expands automatically:
* Add new user(s) (home directory in /usr/people)
zpool add pool1 /root/disk2


Step 4:
Remove a pool:
* Web Config
zpool destroy pool1
* Desktop setup


=== License Server ===
Create a mirror:
zpool create pool1 mirror /root/disk1 /root/disk2


Install Flexlm from Overlays 3 disk:
Check for errors:
* license_eoe.sw.flexlm_server
zpool scrub pool1
* license_eoe.sw.flexlm_utils
* license_eoe.sw.license_eoe
* license_eoe.man.flexlm_server


Edit /var/flexlm/license.dat (see [https://www-local.pdc.kth.se/doc/pgi/3.3/flexuser/chap2.htm here] for format)
Remove a disk:
zpool detatch pool1 /root/disk1


SERVER robin ANY
Add a new disk ("silver" the mirror disk2 > 1):
FEATURE cc sgifd 7.000 1-jan-0 0 ACE61A24A73E99462ECC HOSTID=ANY vendor_info="C <=128 CPU" ISSUER="Hax Force, Inc."
  zpool attach pool1 /root/disk2 /root/disk1
FEATURE cpp sgifd 7.000 1-jan-0 0 8CE65AB48DDCD394E6E1 HOSTID=ANY vendor_info="C++ <=128 CPU" ISSUER="Hax Force, Inc."
FEATURE f77 sgifd 7.000 1-jan-0 0 ACC63A346C444B7C99A7 HOSTID=ANY vendor_info="F77 <=128 CPU" ISSUER="Hax Force, Inc." ck=0
FEATURE f90 sgifd 7.000 1-jan-0 0 4C66BA143C7230ED9230 HOSTID=ANY vendor_info="F90 <=128 CPU" ISSUER="Hax Force, Inc." ck=42
  FEATURE auto_pp sgifd 7.000 1-jan-0 0 8C862A14661D81BA12EB HOSTID=ANY vendor_info="APO <=128 CPU" ISSUER="Hax Force, Inc."
FEATURE WorkShop sgifd 2.000 1-jan-0 0 6C16DAD49AC3AF2388D3 HOSTID=ANY vendor_info="PRODEV WORKSHOP" ISSUER="Hax Force, Inc." ck=73


  chkconfig flexlm start
Make a bigger RAID:
  zpool create pool1 raidz /root/disk1 /root/disk2 /root/disk3 /root/disk4


=== Further Post-installation ===
== Role Based Authentication ==


Static IP address:
List profiles for a user:
* hostname in: /etc/sys_id
  profiles -l user1
* add IP/hostname in: /etc/hosts
* /etc/resolv.conf
* /etc/nsswitch.conf
chkconfig autoconfig_ipaddress off
chkconfig routed off
  chkconfig esp off; rm -rf /0esp


Default route (or static routes in general) in: /etc/config/static-route.options
Create a new profile (local files, not LDAP):
  $ROUTE $QUIET add net default 192.168.1.1
profile -p ChangePasswords -S files
> set desc="Allow changing of passwords"
  > set auth=solaris.passwd.assign,solaris.account.activate
> info
> verify
> exit


Turn on IPv6:
Update a user to be assigned the new profile:
  systune ip6_enable 1
  usermod +P ChangePasswords user1
(need to install eoe.sw.ipv6 / eoe.man.ipv6 / eoe.man.ipv6_rn)


Improve TCP sequence number obscurity:
Profiles are stored locally in:
systune tcpiss_md5 1
* /etc/security/prof_attr


IP Aliases (multiple IPs): /etc/config/ipaliases.options
== Zones ==
ef0 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
chkconfig ipaliases on


Time:
Oracle Docs:
* Add server to /etc/ntp.conf
* [https://docs.oracle.com/cd/E37838_01/html/E61037/zonesoverview.html#scrolltoc Zones Overview]
chkconfig ntp on
* [https://www.oracle.com/technetwork/articles/servers-storage-admin/o11-092-s11-zones-intro-524494.html Getting Started]
echo "TZ=Europe/London" >> /etc/TIMEZONE
* Turn off legacy services:
chkconfig timed off
chkconfig timeslave off


* Move /usr/people to /home
Check zfs:
** Change UID/GID to match Linux (1000/1000)
zfs list | grep zones


Configuring a zone:
<pre>
root@npgs-solaris:~# zonecfg -z zone1
Use 'create' to begin configuring a new zone.
zonecfg:zone1> create
create: Using system default template 'SYSdefault'
zonecfg:zone1> set autoboot=true
zonecfg:zone1> set bootargs="-m verbose"
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit
root@npgs-solaris:~#
</pre>


List config:
<pre>
root@npgs-solaris:~# zoneadm list -cv
  ID NAME            STATUS      PATH                        BRAND      IP
  0 global          running    /                            solaris    shared
  - zone1            configured  /system/zones/zone1          solaris    excl
</pre>


XServer configuration:
Install zone:
* /var/X11/xdm/Xservers
<pre>
root@npgs-solaris:~# zoneadm -z zone1 install
The following ZFS file system(s) have been created:
    rpool/VARSHARE/zones/zone1
Progress being logged to /var/log/zones/zoneadm.20181109T163221Z.zone1.install
      Image: Preparing at /system/zones/zone1/root.


Syslog Messages:
Install Log: /system/volatile/install.25403/install_log
* /var/adm/SYSLOG
AI Manifest: /tmp/manifest.xml.5c4vcb
  SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
    Zonename: zone1
Installation: Starting ...
          Creating IPS image
Startup linked: 1/1 done
        Installing packages from:
            solaris
                origin:  http://pkg.oracle.com/solaris/release/
DOWNLOAD                                PKGS        FILES    XFER (MB)  SPEED
Completed                            415/415  65388/65388  428.2/428.2  507k/s


CDE:
PHASE                                          ITEMS
  chkconfig xdm off
Installing new actions                  89400/89400
chkconfig dtlogin on
Updating package state database                Done
Updating package cache                          0/0
Updating image state                            Done
Creating fast lookup database                  Done
Updating package cache                          1/1
Installation: Succeeded
  done.


More Software
        Done: Installation completed in 1328.592 seconds.


Check software installed:
versions


Graphical tool:
  Next Steps: Boot the zone, then log into the zone console (zlogin -C)
swmgr


Command line tool:
              to complete the configuration process.
inst -f somepath/dist


>Inst install standard
Log saved in non-global zone as /system/zones/zone1/root/var/log/zones/zoneadm.20181109T163221Z.zone1.install
>Inst remove
</pre>
> ...
>Inst conflicts 1a 1b


Install the default subsystems:
Start the zone:
  >inst go
  zoneadm -z zone1 boot


Install everything:
Login to the zone console (disconnect with ~.) and finish setup with UI:
  >inst all
  zlogin -C zone1


Install bash (/usr/gnu/bin/bash) from Foundation 2 disk:
Check status:
* gnu.sw.bash
zoneadm list -v
* gnu.man.bash
* gnu.base.gnu_base
* gnu.sw.lib_readline


Show config:
zonecfg -z zone1 info -a


Dedicated CPUs (set min 1, max 3) to a zone:
<pre>
# zonecfg -z zone1
zonecfg:zone1> add dedicated-cpu
zonecfg:zone1:dedicated-cpu> set ncpus=1-3
zonecfg:zone1:dedicated-cpu> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit
</pre>


install SSH Server from Foundation 3 disk:
("select" to enter a resource once it exists. "remove" to delete)


install sysadm_xvm
Set Memory cap:
install sysadm_base
<pre>
install sysadm_cluster.sw.client
zonecfg:zone1> add capped-memory
install eoe.sw.xvm
zonecfg:zone1:capped-memory> set physical=512m
install sysadm_xvm.sw.client
zonecfg:zone1:capped-memory> set swap=1024m
install eoe.sw.xfsrt
zonecfg:zone1:capped-memory> set locked=128m
install eoe.books
zonecfg:zone1:capped-memory> end
install eoe.sw.xlv
</pre>
install eoe.sw.xlvplex
install license_eoe
install license_dev
install eoe.sw.uucpeoe.sw.ipv6
install eoe.sw.quotas
install eoe.sw.ipv6
install eoe.sw.imagetools
install eoe.sw.netman
install eoe.sw.pam
install eoe.sw.pam_dev
install eoe.sw.terminfo


== Development and Compilers ==
[https://www.thegeekdiary.com/resource-management-in-solaris-zones-capped-memory/ Capped Memory]


The prerequisites should have been installed:
Set CPU cap (proportion guaranteed if there is contention), eg 50%:
* Foundation 1
<pre>
* Foundation 2
# zonecfg -z zone1
* Overlays 1
zonecfg:zone1> add capped-cpu
* Overlays 2
zonecfg:zone1:capped-cpu> set ncpus=0.5
* Overlays 3
zonecfg:zone1:capped-cpu> end
* Development Libraries
</pre>
* Development Foundation
* License entries required in license.dat, but flexlm does not need to run.


Plus one or all of the compilers:
[https://www.thegeekdiary.com/resource-management-in-solaris-zones-cpu-shares-capped-cpu-dedicated-cpu-assignment/ Capped CPU]
* 812-0707-010 [https://jrra.zone/sgi/tar/MIPSpro%20C%20Compiler%207.4.tar MIPSpro C Compiler 7.4] : mipspro_c
** c_fe.man.relnotes (C Front-end Release Notes)
** c_fe.sw.c (C Front-end Compiler)
* 812-0400-010 [https://jrra.zone/sgi/tar/MIPSpro%20C%2b%2b%20Compiler%207.4.tar MIPSpro C++ Compiler 7.4] : mipspro_cpp
** c++_fe.man.relnotes (C++ Front-end Release Notes)
** c++_fe.sw.c++ (C++ Front-end Compiler)
* 812-0403-010 [https://jrra.zone/sgi/tar/MIPSpro%20Fortran%2077%20Compiler%207.4.tar MIPSpro Fortran 77 Compiler 7.4] : mipspro_f77
** ftn77_fe.man.ftn (Fortran 77 Front-end Compiler Man Pages)
** ftn77_fe.man.relnotes (Fortran 77 Front-end Release Notes)
** ftn77_fe.sw.ftn77 (Fortran 77 Front-end Compiler)
* 812-0402-010 MIPSpro Fortran 90 Compiler 7.4
* 812-0706-002 : [https://sgi-irix.s3.amazonaws.com/development/mipspro-74/mipsproap.tar.gz MIPSpro Auto Parallelizing Option 7.4] : mipspro_autop
** Release notes only; to use build-in option -apo requires a license
Latest patch overlay:
* 812-0980-007 [http://mirror.rqsall.com/misc/sgi/MIPSPro7.4.4.tar.gz MIPSpro 7.4.4m Maintenance Release] : mipspro_7.4.4)
 
* 812-0925-001 [https://jrra.zone/sgi/tar/MIPSpro%20All-Compiler%20CD%20May%201999.tar MIPSpro All-Compiler (C/C++/F77/F90 7.3)] : mipspro_all
 
Optionally:
* 812-0768-006 [https://jrra.zone/sgi/tar/ProDev%20WorkShop%202.9.2.tar ProDev WorkShop 2.9.2] prodev (Can't find source for 812-0768-009 V2.9.5)
* 812-0653-002 [https://archive.org/download/sgi_SCSL_Scientific_Library_1.2_for_IRIX_6.4_and_6.5/SCSL%20Scientific%20Library%201.2%20for%20IRIX%206.4%20and%206.5.img SCSL Scientific Library 1.2] : scsl (Can't find source for 812-0653-004 V1.4
** Included in overlay CDs?
 
* 812-0924-002 [https://jrra.zone/sgi/tar/Compiler%20Execution%20Environment%207.4.tar Compiler Execution Environment 7.4] : comp_exe
 
== NFS ==
 
NFS Server: define exports in /etc/exports, eg:
/home -access=bonnie:clyde
/data -ro,access=foo,rw=bar,root=baz
/spare @192.168.1.0/24
 
NFS Client:
By default, /etc/auto_master has a /hosts map
 
== SGI/IRIX Documentation ==
 
See [http://irix7.com/techpubs.html here] for a large library, specifically:
 
* 007-0850-170 [http://irix7.com/techpubs/007-0850-170.pdf ONC3/NFS Administrator’s Guide]
* 007-1342-180 [http://irix7.com/techpubs/007-1342-180.pdf Desktop User’s Guide]
* 007-1366-190 [http://irix7.com/techpubs/007-1366-190.pdf Personal System Administration Guide]
* 007-2825-013 [http://irix7.com/techpubs/007-2825-013.pdf IRIX Admin: Disks and Filesystems]
* 007-2859-021 [http://irix7.com/techpubs/007-2859-021.pdf IRIX Admin: System Configuration and Operation]
* 007-2860-012 [http://irix7.com/techpubs/007-2860-012.pdf IRIX Admin: Networking and Mail]
* 007-2861-005 [http://irix7.com/techpubs/007-2861-005.pdf IRIX Admin: Peripheral Devices]
* 007-2862-008 [http://irix7.com/techpubs/007-2862-008.pdf IRIX Admin: Backup, Security, and Accounting]
* 007-3435-004 [http://irix7.com/techpubs/007-3435-004.pdf OCTANE Workstation Owner’s Guide]
 
 
* 007-0704-140 [http://irix7.com/techpubs/007-0704-140.pdf C++ Programmer's Guide]
* 007-0704-150 [http://irix7.com/techpubs/007-0704-150.pdf MIPSpro C++ Programmer's Guide]
* 007-3687-010 [https://irix7.com/techpubs/007-3687-010.pdf Message Passing Toolkit: MPI Programmer’s Manual]
 
== Sys Admin Notes ==
 
Set keyboard layout:
ipanel
 
3 Button mouse
systune pc_mouse 2
 
* 0 : Default 3-button mode
* 1 : 3-button Wheel Mouse (type 3), Wheel scrolling generates button events 4 & 5
* 2 : 5-button Wheel Mouse (type 4), Wheel & buttons 4 & 5 generate button events 4 & 5
 
Hardware info:
hinv -t memory
sysconf
 
Packages:
showprods -M -1
versions -b patch\*
 
Network:
netstat -ian
netstat -an -f inet4
netstat -anW -f inet6
 
Add swap:
mkfile -v 4096m /usr/swap
swap -a /usr/swap
 
Install local file:
inst -r /usr -f neko_zlib_1211.tardist

Revision as of 09:53, 31 January 2022

General

Booting: x86

Into single-user mode:

  • In grub menu, edit entry
  • On $multiboot line, add "-s" to end
  • CTRL-X to boot

Show Grub boot options: 

bootadm list-menu

Set default menu option to second one: 

bootadm set-menu default=1

Set the timeout: 

bootadm set-menu timeout=10

Booting: OpenBoot

  • ok> prompt: STOP-A or BRK
banner
reset-all
probe-ide
probe-scsi
devaliases
printenv boot-device
setenv boot-device disk
reset

Package Management

Show package publisher: 

pkg publisher

Show us only the packages for which newer versions are available: 

pkg info -u

Update: 

pkg update

Show SRU installed (look at Branch and Packaging Date): 

pkg info entire

Search for a package matching "ucb": 

# pkg search ucb
INDEX      ACTION VALUE                                  PACKAGE
basename   file   usr/share/groff/1.22.3/font/devlj4/UCB pkg:/text/groff@1.22.3-11.4.0.0.1.14.0
basename   dir    usr/ucb                                pkg:/legacy/compatibility/ucb@11.4-11.4.0.0.1.15.0
pkg.fmri   set    solaris/compatibility/ucb              pkg:/compatibility/ucb@11.4-11.4.0.0.0.11.0
pkg.fmri   set    solaris/legacy/compatibility/ucb       pkg:/legacy/compatibility/ucb@11.4-11.4.0.0.1.15.0

# pkg install pkg:/compatibility/ucb@11.4-11.4.0.0.0.11.0

Services

List all enabled services (-a also shows disabled): 

svcs

Show long list about one service: 

# svcs -l apache24
fmri         svc:/network/http:apache24
name         Apache 2.4 HTTP server
enabled      true
state        online
next_state   none
state_time   Mon Nov 12 16:22:58 2018
logfile      /var/svc/log/network-http:apache24.log
restarter    svc:/system/svc/restarter:default
contract_id  2017
manifest     /lib/svc/manifest/network/http-apache24.xml
dependency   optional_all/error svc:/system/filesystem/autofs:default (online)
dependency   require_all/none svc:/system/filesystem/local:default (online)
dependency   require_all/error svc:/milestone/network:default (online)

Enable a service: 

svcadm enable apache24

User Management

To give user ability to su to root:

  • /etc/user_attr.d/local-entries

To show status and unlock: 

passwd -s
passwd -u someuser

To stop account lockout: 

usermod -K lock_after_retries=no someuser

iSCSI initiator (Static)

Check initiator service is up: 

svcs network/iscsi/initiator

Add IP of storage system (use default port 3260): 

iscsiadm add static-config iqn.2000-01.com.example:initiator01, 192.0.2.2:3260

Check targets: 

iscsiadm list static-config

CHAPS enable: 

iscsiadm modify initiator-node --authentication CHAP

Set user, and secret (password): 

iscsiadm modify initiator-node --CHAP-name someuser
iscsiadm modify initiator-node --CHAP-secret
 Enter CHAP secret: ************
 Re-enter secret: ************

Enable: 

iscsiadm modify discovery --static enable

Show initiator status: 

iscsiadm list initiator-node
iscsiadm list target
iscsiadm list target-param -v

Show iSCSI disks: 

iscsiadm list target -S | grep "OS Device Name"


See also: Oracle Docs

Kerberos

Client: kclient

Networking

networking

Check status: 

dladm show-link

Show hostname: 

svccfg -s system/identity:node listprop config

Set hostname: 

svccfg -s system/identity:node setprop config/nodename="my-sol-host"
svccfg -s system/identity:node setprop config/loopback="localhost

NTP

Client: 

cd /etc/inet; cp ntp.client > ntp.conf

(edit file) 

svcadm enable ntp
svcadm start ntp

Reset root password

  • Boot from CD
  • Select option 3: Shell

Check availability of rpool (none expected): 

zpool list

Import rpool: 

zpool import -f -R /a rpool

df -h should show some filesystems under /a

Show zfs filesystems, check for root/ROOT/... 

zfs list

Set mount point for root filesystem: 

zfs set mountpoint=/mnt_tmp rpool/ROOT/11.4-11.4.31.0.1.88.5

Check new entry under /mnt/tmp has been added: 

zfs list

Mount filesystem: 

zfs mount rpool/ROOT/11.4-11.4.31.0.1.88.5

Remove password hash from /a/mnt_tmp/etc/shadow

Reset mount point: 

zfs umount rpool/ROOT/11.4-11.4.31.0.1.88.5
zfs set mountpoint=/ rpool/ROOT/11.4-11.4.31.0.1.88.5
zpool export rpool
  • Reboot server
  • edit grub menu ("e")
  • on line starting $multiboot, append "-s" option for single-user mode
  • enter "root" and once in shell, change root password
  • reboot

Resource Pools

Disks can be listed and formatted with: 

format

Will show at least the root pool (rpool): 

zpool list
zpool status

Show zfs file systems: 

zfs list

Create a new pool from one device (file, or disk device): 

zpool create pool1 /root/disk1
zpool list pool1
zfs list pool1

Add a second disk, and zfs capacity expands automatically: 

zpool add pool1 /root/disk2

Remove a pool: 

zpool destroy pool1

Create a mirror: 

zpool create pool1 mirror /root/disk1 /root/disk2

Check for errors: 

zpool scrub pool1

Remove a disk: 

zpool detatch pool1 /root/disk1

Add a new disk ("silver" the mirror disk2 > 1): 

zpool attach pool1 /root/disk2 /root/disk1

Make a bigger RAID: 

zpool create pool1 raidz /root/disk1 /root/disk2 /root/disk3 /root/disk4

Role Based Authentication

List profiles for a user: 

profiles -l user1

Create a new profile (local files, not LDAP): 

profile -p ChangePasswords -S files
> set desc="Allow changing of passwords"
> set auth=solaris.passwd.assign,solaris.account.activate
> info
> verify
> exit

Update a user to be assigned the new profile: 

usermod +P ChangePasswords user1

Profiles are stored locally in:

  • /etc/security/prof_attr

Zones

Oracle Docs:

Check zfs: 

zfs list | grep zones

Configuring a zone: 

root@npgs-solaris:~# zonecfg -z zone1
Use 'create' to begin configuring a new zone.
zonecfg:zone1> create
create: Using system default template 'SYSdefault'
zonecfg:zone1> set autoboot=true
zonecfg:zone1> set bootargs="-m verbose"
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit
root@npgs-solaris:~#

List config: 

root@npgs-solaris:~# zoneadm list -cv
  ID NAME             STATUS      PATH                         BRAND      IP
   0 global           running     /                            solaris    shared
   - zone1            configured  /system/zones/zone1          solaris    excl

Install zone: 

root@npgs-solaris:~# zoneadm -z zone1 install
The following ZFS file system(s) have been created:
    rpool/VARSHARE/zones/zone1
Progress being logged to /var/log/zones/zoneadm.20181109T163221Z.zone1.install
       Image: Preparing at /system/zones/zone1/root.

Install Log: /system/volatile/install.25403/install_log
 AI Manifest: /tmp/manifest.xml.5c4vcb
  SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
    Zonename: zone1
Installation: Starting ...
          Creating IPS image
Startup linked: 1/1 done
        Installing packages from:
            solaris
                origin:  http://pkg.oracle.com/solaris/release/
DOWNLOAD                                PKGS         FILES    XFER (MB)   SPEED
Completed                            415/415   65388/65388  428.2/428.2  507k/s

 PHASE                                          ITEMS
Installing new actions                   89400/89400
Updating package state database                 Done
Updating package cache                           0/0
Updating image state                            Done
Creating fast lookup database                   Done
Updating package cache                           1/1
Installation: Succeeded
 done.

        Done: Installation completed in 1328.592 seconds.


  Next Steps: Boot the zone, then log into the zone console (zlogin -C)

              to complete the configuration process.

Log saved in non-global zone as /system/zones/zone1/root/var/log/zones/zoneadm.20181109T163221Z.zone1.install

Start the zone: 

zoneadm -z zone1 boot

Login to the zone console (disconnect with ~.) and finish setup with UI: 

zlogin -C zone1

Check status: 

zoneadm list -v

Show config: 

zonecfg -z zone1 info -a

Dedicated CPUs (set min 1, max 3) to a zone: 

# zonecfg -z zone1
zonecfg:zone1> add dedicated-cpu
zonecfg:zone1:dedicated-cpu> set ncpus=1-3
zonecfg:zone1:dedicated-cpu> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit

("select" to enter a resource once it exists. "remove" to delete)

Set Memory cap: 

zonecfg:zone1> add capped-memory
zonecfg:zone1:capped-memory> set physical=512m
zonecfg:zone1:capped-memory> set swap=1024m
zonecfg:zone1:capped-memory> set locked=128m
zonecfg:zone1:capped-memory> end

Capped Memory

Set CPU cap (proportion guaranteed if there is contention), eg 50%: 

# zonecfg -z zone1
zonecfg:zone1> add capped-cpu
zonecfg:zone1:capped-cpu> set ncpus=0.5
zonecfg:zone1:capped-cpu> end

Capped CPU

Retrieved from ‘https://www.smithnet.org.uk/wiki/index.php?title=SGI/IRIX&oldid=615