OpenWRT and Solaris: Difference between pages
(Difference between pages)
NickPGSmith (talk | contribs) |
NickPGSmith (talk | contribs) |
||
| Line 1: | Line 1: | ||
== | == Installation == | ||
* [https://blogs.oracle.com/solaris/post/announcing-the-first-oracle-solaris-114-cbe Oracle CBE] (Common Build Environmnet) : Not for production | |||
* SRU (Support Repository Update) for production | |||
CBE does not install a desktop. To do this after a text install, change the repository location: | |||
/ | pkg set-publisher -G'*' -g http://pkg.oracle.com/solaris/release/ solaris | ||
Check the online package, then install: | |||
pkg info -r solaris-desktop | |||
pkg install solaris-desktop | |||
=== VirtualBox === | |||
pkg install runtime/python-39 | |||
pkgadd -d VirtualBox-7.0.8-SunOS-amd64-r156879.pkg | |||
== | == General == | ||
* [https://blogs.oracle.com/solaris/ Oracle Solaris Blog] | |||
=== | === Booting: x86 === | ||
Into single-user mode: | |||
* | * In grub menu, edit entry | ||
* | * On $multiboot line, add "-s" to end | ||
* | * CTRL-X to boot | ||
Show Grub boot options: | |||
bootadm list-menu | |||
Set default menu option to second one: | |||
bootadm set-menu default=1 | |||
Set the timeout: | |||
bootadm set-menu timeout=10 | |||
=== | === Booting: OpenBoot === | ||
* ok> prompt: STOP-A or BRK | |||
banner | |||
reset-all | |||
* | probe-ide | ||
probe-scsi | |||
devaliases | |||
printenv boot-device | |||
setenv boot-device disk | |||
reset | |||
=== Package Management === | |||
Show package publisher: | |||
pkg publisher | |||
Show us only the packages for which newer versions are available: | |||
pkg info -u | |||
Update: | |||
pkg update | |||
Show SRU installed (look at Branch and Packaging Date): | |||
pkg info entire | |||
Search for a package matching "ucb": | |||
# pkg search ucb | |||
INDEX ACTION VALUE PACKAGE | |||
basename file usr/share/groff/1.22.3/font/devlj4/UCB pkg:/text/groff@1.22.3-11.4.0.0.1.14.0 | |||
basename dir usr/ucb pkg:/legacy/compatibility/ucb@11.4-11.4.0.0.1.15.0 | |||
pkg.fmri set solaris/compatibility/ucb pkg:/compatibility/ucb@11.4-11.4.0.0.0.11.0 | |||
pkg.fmri set solaris/legacy/compatibility/ucb pkg:/legacy/compatibility/ucb@11.4-11.4.0.0.1.15.0 | |||
# pkg install pkg:/compatibility/ucb@11.4-11.4.0.0.0.11.0 | |||
=== | === Services === | ||
List all enabled services (-a also shows disabled): | |||
svcs | |||
Show long list about one service: | |||
<pre> | |||
# svcs -l apache24 | |||
fmri svc:/network/http:apache24 | |||
name Apache 2.4 HTTP server | |||
enabled true | |||
state online | |||
next_state none | |||
state_time Mon Nov 12 16:22:58 2018 | |||
logfile /var/svc/log/network-http:apache24.log | |||
restarter svc:/system/svc/restarter:default | |||
contract_id 2017 | |||
manifest /lib/svc/manifest/network/http-apache24.xml | |||
dependency optional_all/error svc:/system/filesystem/autofs:default (online) | |||
dependency require_all/none svc:/system/filesystem/local:default (online) | |||
dependency require_all/error svc:/milestone/network:default (online) | |||
</pre> | |||
Enable a service: | |||
svcadm enable apache24 | |||
=== | === User Management === | ||
To give user ability to su to root: | |||
* /etc/user_attr.d/local-entries | |||
* | |||
To show status and unlock: | |||
passwd -s | |||
passwd -u someuser | |||
To stop account lockout: | |||
usermod -K lock_after_retries=no someuser | |||
== iSCSI initiator (Static) == | |||
Check initiator service is up: | |||
svcs network/iscsi/initiator | |||
Add IP of storage system (use default port 3260): | |||
iscsiadm add static-config iqn.2000-01.com.example:initiator01, 192.0.2.2:3260 | |||
Check targets: | |||
iscsiadm list static-config | |||
CHAPS enable: | |||
iscsiadm modify initiator-node --authentication CHAP | |||
Set user, and secret (password): | |||
iscsiadm modify initiator-node --CHAP-name someuser | |||
iscsiadm modify initiator-node --CHAP-secret | |||
Enter CHAP secret: ************ | |||
Re-enter secret: ************ | |||
== | Enable: | ||
iscsiadm modify discovery --static enable | |||
Show initiator status: | |||
iscsiadm list initiator-node | |||
iscsiadm list target | |||
iscsiadm list target-param -v | |||
Show iSCSI disks: | |||
iscsiadm list target -S | grep "OS Device Name" | |||
See also: [https://docs.oracle.com/cd/E53394_01/html/E54792/iscsi-1.html#scrolltoc Oracle Docs] | |||
== Kerberos == | |||
Client: kclient | |||
== Networking == | |||
[https://www.oracle.com/technetwork/articles/servers-storage-admin/s11-network-config-1632927.html networking] | |||
Check status: | |||
dladm show-link | |||
Show hostname: | |||
svccfg -s system/identity:node listprop config | |||
Set hostname: | |||
svccfg -s system/identity:node setprop config/nodename="my-sol-host" | |||
svccfg -s system/identity:node setprop config/loopback="localhost | |||
== NTP == | |||
Client: | |||
cd /etc/inet; cp ntp.client > ntp.conf | |||
(edit file) | |||
svcadm enable ntp | |||
svcadm start ntp | |||
== Reset root password == | |||
* Boot from CD | |||
* Select option 3: Shell | |||
Check availability of rpool (none expected): | |||
zpool list | |||
Import rpool: | |||
zpool import -f -R /a rpool | |||
df -h should show some filesystems under /a | |||
Show zfs filesystems, check for root/ROOT/... | |||
zfs list | |||
Set mount point for root filesystem: | |||
zfs set mountpoint=/mnt_tmp rpool/ROOT/11.4-11.4.31.0.1.88.5 | |||
Check new entry under /mnt/tmp has been added: | |||
zfs list | |||
Mount filesystem: | |||
zfs mount rpool/ROOT/11.4-11.4.31.0.1.88.5 | |||
Remove password hash from /a/mnt_tmp/etc/shadow | |||
Reset mount point: | |||
zfs umount rpool/ROOT/11.4-11.4.31.0.1.88.5 | |||
zfs set mountpoint=/ rpool/ROOT/11.4-11.4.31.0.1.88.5 | |||
zpool export rpool | |||
* Reboot server | |||
* edit grub menu ("e") | |||
* on line starting $multiboot, append "-s" option for single-user mode | |||
* enter "root" and once in shell, change root password | |||
* reboot | |||
== Resource Pools == | |||
Disks can be listed and formatted with: | |||
format | |||
Will show at least the root pool (rpool): | |||
zpool list | |||
zpool status | |||
Show zfs file systems: | |||
zfs list | |||
Create a new pool from one device (file, or disk device): | |||
zpool create pool1 /root/disk1 | |||
zpool list pool1 | |||
zfs list pool1 | |||
Add a second disk, and zfs capacity expands automatically: | |||
zpool add pool1 /root/disk2 | |||
Remove a pool: | |||
zpool destroy pool1 | |||
Create a mirror: | |||
zpool create pool1 mirror /root/disk1 /root/disk2 | |||
Check for errors: | |||
zpool scrub pool1 | |||
Remove a disk: | |||
zpool detatch pool1 /root/disk1 | |||
Add a new disk ("silver" the mirror disk2 > 1): | |||
zpool attach pool1 /root/disk2 /root/disk1 | |||
Make a bigger RAID: | |||
zpool create pool1 raidz /root/disk1 /root/disk2 /root/disk3 /root/disk4 | |||
== Role Based Authentication == | |||
List profiles for a user: | |||
profiles -l user1 | |||
Create a new profile (local files, not LDAP): | |||
profile -p ChangePasswords -S files | |||
> set desc="Allow changing of passwords" | |||
> set auth=solaris.passwd.assign,solaris.account.activate | |||
> info | |||
> verify | |||
> exit | |||
Update a user to be assigned the new profile: | |||
usermod +P ChangePasswords user1 | |||
Profiles are stored locally in: | |||
* /etc/security/prof_attr | |||
== Zones == | |||
Oracle Docs: | |||
* [https://docs.oracle.com/cd/E37838_01/html/E61037/zonesoverview.html#scrolltoc Zones Overview] | |||
* [https://www.oracle.com/technetwork/articles/servers-storage-admin/o11-092-s11-zones-intro-524494.html Getting Started] | |||
Check zfs: | |||
zfs list | grep zones | |||
Configuring a zone: | |||
<pre> | |||
root@npgs-solaris:~# zonecfg -z zone1 | |||
Use 'create' to begin configuring a new zone. | |||
zonecfg:zone1> create | |||
create: Using system default template 'SYSdefault' | |||
zonecfg:zone1> set autoboot=true | |||
zonecfg:zone1> set bootargs="-m verbose" | |||
zonecfg:zone1> verify | |||
zonecfg:zone1> commit | |||
zonecfg:zone1> exit | |||
root@npgs-solaris:~# | |||
</pre> | |||
List config: | |||
/ | <pre> | ||
root@npgs-solaris:~# zoneadm list -cv | |||
ID NAME STATUS PATH BRAND IP | |||
0 global running / solaris shared | |||
- zone1 configured /system/zones/zone1 solaris excl | |||
</pre> | |||
Install zone: | |||
<pre> | |||
root@npgs-solaris:~# zoneadm -z zone1 install | |||
The following ZFS file system(s) have been created: | |||
rpool/VARSHARE/zones/zone1 | |||
Progress being logged to /var/log/zones/zoneadm.20181109T163221Z.zone1.install | |||
Image: Preparing at /system/zones/zone1/root. | |||
Install Log: /system/volatile/install.25403/install_log | |||
AI Manifest: /tmp/manifest.xml.5c4vcb | |||
SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml | |||
Zonename: zone1 | |||
Installation: Starting ... | |||
Creating IPS image | |||
Startup linked: 1/1 done | |||
Installing packages from: | |||
solaris | |||
origin: http://pkg.oracle.com/solaris/release/ | |||
DOWNLOAD PKGS FILES XFER (MB) SPEED | |||
Completed 415/415 65388/65388 428.2/428.2 507k/s | |||
PHASE ITEMS | |||
Installing new actions 89400/89400 | |||
Updating package state database Done | |||
Updating package cache 0/0 | |||
Updating image state Done | |||
Creating fast lookup database Done | |||
Updating package cache 1/1 | |||
Installation: Succeeded | |||
done. | |||
Done: Installation completed in 1328.592 seconds. | |||
Next Steps: Boot the zone, then log into the zone console (zlogin -C) | |||
to complete the configuration process. | |||
Log saved in non-global zone as /system/zones/zone1/root/var/log/zones/zoneadm.20181109T163221Z.zone1.install | |||
</pre> | |||
Start the zone: | |||
zoneadm -z zone1 boot | |||
Login to the zone console (disconnect with ~.) and finish setup with UI: | |||
zlogin -C zone1 | |||
Check status: | |||
zoneadm list -v | |||
Show config: | |||
zonecfg -z zone1 info -a | |||
= | Dedicated CPUs (set min 1, max 3) to a zone: | ||
<pre> | |||
# zonecfg -z zone1 | |||
zonecfg:zone1> add dedicated-cpu | |||
zonecfg:zone1:dedicated-cpu> set ncpus=1-3 | |||
zonecfg:zone1:dedicated-cpu> end | |||
zonecfg:zone1> verify | |||
zonecfg:zone1> commit | |||
zonecfg:zone1> exit | |||
</pre> | |||
("select" to enter a resource once it exists. "remove" to delete) | |||
Set Memory cap: | |||
<pre> | |||
zonecfg:zone1> add capped-memory | |||
zonecfg:zone1:capped-memory> set physical=512m | |||
zonecfg:zone1:capped-memory> set swap=1024m | |||
zonecfg:zone1:capped-memory> set locked=128m | |||
zonecfg:zone1:capped-memory> end | |||
</pre> | |||
[https://www.thegeekdiary.com/resource-management-in-solaris-zones-capped-memory/ Capped Memory] | |||
Set CPU cap (proportion guaranteed if there is contention), eg 50%: | |||
<pre> | |||
# zonecfg -z zone1 | |||
zonecfg:zone1> add capped-cpu | |||
zonecfg:zone1:capped-cpu> set ncpus=0.5 | |||
zonecfg:zone1:capped-cpu> end | |||
</pre> | |||
[https://www.thegeekdiary.com/resource-management-in-solaris-zones-cpu-shares-capped-cpu-dedicated-cpu-assignment/ Capped CPU] | |||
Revision as of 17:18, 5 July 2023
Installation
- Oracle CBE (Common Build Environmnet) : Not for production
- SRU (Support Repository Update) for production
CBE does not install a desktop. To do this after a text install, change the repository location:
pkg set-publisher -G'*' -g http://pkg.oracle.com/solaris/release/ solaris
Check the online package, then install:
pkg info -r solaris-desktop pkg install solaris-desktop
VirtualBox
pkg install runtime/python-39 pkgadd -d VirtualBox-7.0.8-SunOS-amd64-r156879.pkg
General
Booting: x86
Into single-user mode:
- In grub menu, edit entry
- On $multiboot line, add "-s" to end
- CTRL-X to boot
Show Grub boot options:
bootadm list-menu
Set default menu option to second one:
bootadm set-menu default=1
Set the timeout:
bootadm set-menu timeout=10
Booting: OpenBoot
- ok> prompt: STOP-A or BRK
banner reset-all probe-ide probe-scsi devaliases printenv boot-device setenv boot-device disk reset
Package Management
Show package publisher:
pkg publisher
Show us only the packages for which newer versions are available:
pkg info -u
Update:
pkg update
Show SRU installed (look at Branch and Packaging Date):
pkg info entire
Search for a package matching "ucb":
# pkg search ucb INDEX ACTION VALUE PACKAGE basename file usr/share/groff/1.22.3/font/devlj4/UCB pkg:/text/groff@1.22.3-11.4.0.0.1.14.0 basename dir usr/ucb pkg:/legacy/compatibility/ucb@11.4-11.4.0.0.1.15.0 pkg.fmri set solaris/compatibility/ucb pkg:/compatibility/ucb@11.4-11.4.0.0.0.11.0 pkg.fmri set solaris/legacy/compatibility/ucb pkg:/legacy/compatibility/ucb@11.4-11.4.0.0.1.15.0 # pkg install pkg:/compatibility/ucb@11.4-11.4.0.0.0.11.0
Services
List all enabled services (-a also shows disabled):
svcs
Show long list about one service:
# svcs -l apache24 fmri svc:/network/http:apache24 name Apache 2.4 HTTP server enabled true state online next_state none state_time Mon Nov 12 16:22:58 2018 logfile /var/svc/log/network-http:apache24.log restarter svc:/system/svc/restarter:default contract_id 2017 manifest /lib/svc/manifest/network/http-apache24.xml dependency optional_all/error svc:/system/filesystem/autofs:default (online) dependency require_all/none svc:/system/filesystem/local:default (online) dependency require_all/error svc:/milestone/network:default (online)
Enable a service:
svcadm enable apache24
User Management
To give user ability to su to root:
- /etc/user_attr.d/local-entries
To show status and unlock:
passwd -s passwd -u someuser
To stop account lockout:
usermod -K lock_after_retries=no someuser
iSCSI initiator (Static)
Check initiator service is up:
svcs network/iscsi/initiator
Add IP of storage system (use default port 3260):
iscsiadm add static-config iqn.2000-01.com.example:initiator01, 192.0.2.2:3260
Check targets:
iscsiadm list static-config
CHAPS enable:
iscsiadm modify initiator-node --authentication CHAP
Set user, and secret (password):
iscsiadm modify initiator-node --CHAP-name someuser iscsiadm modify initiator-node --CHAP-secret Enter CHAP secret: ************ Re-enter secret: ************
Enable:
iscsiadm modify discovery --static enable
Show initiator status:
iscsiadm list initiator-node iscsiadm list target iscsiadm list target-param -v
Show iSCSI disks:
iscsiadm list target -S | grep "OS Device Name"
See also: Oracle Docs
Kerberos
Client: kclient
Networking
Check status:
dladm show-link
Show hostname:
svccfg -s system/identity:node listprop config
Set hostname:
svccfg -s system/identity:node setprop config/nodename="my-sol-host" svccfg -s system/identity:node setprop config/loopback="localhost
NTP
Client:
cd /etc/inet; cp ntp.client > ntp.conf
(edit file)
svcadm enable ntp svcadm start ntp
Reset root password
- Boot from CD
- Select option 3: Shell
Check availability of rpool (none expected):
zpool list
Import rpool:
zpool import -f -R /a rpool
df -h should show some filesystems under /a
Show zfs filesystems, check for root/ROOT/...
zfs list
Set mount point for root filesystem:
zfs set mountpoint=/mnt_tmp rpool/ROOT/11.4-11.4.31.0.1.88.5
Check new entry under /mnt/tmp has been added:
zfs list
Mount filesystem:
zfs mount rpool/ROOT/11.4-11.4.31.0.1.88.5
Remove password hash from /a/mnt_tmp/etc/shadow
Reset mount point:
zfs umount rpool/ROOT/11.4-11.4.31.0.1.88.5 zfs set mountpoint=/ rpool/ROOT/11.4-11.4.31.0.1.88.5 zpool export rpool
- Reboot server
- edit grub menu ("e")
- on line starting $multiboot, append "-s" option for single-user mode
- enter "root" and once in shell, change root password
- reboot
Resource Pools
Disks can be listed and formatted with:
format
Will show at least the root pool (rpool):
zpool list zpool status
Show zfs file systems:
zfs list
Create a new pool from one device (file, or disk device):
zpool create pool1 /root/disk1 zpool list pool1 zfs list pool1
Add a second disk, and zfs capacity expands automatically:
zpool add pool1 /root/disk2
Remove a pool:
zpool destroy pool1
Create a mirror:
zpool create pool1 mirror /root/disk1 /root/disk2
Check for errors:
zpool scrub pool1
Remove a disk:
zpool detatch pool1 /root/disk1
Add a new disk ("silver" the mirror disk2 > 1):
zpool attach pool1 /root/disk2 /root/disk1
Make a bigger RAID:
zpool create pool1 raidz /root/disk1 /root/disk2 /root/disk3 /root/disk4
Role Based Authentication
List profiles for a user:
profiles -l user1
Create a new profile (local files, not LDAP):
profile -p ChangePasswords -S files > set desc="Allow changing of passwords" > set auth=solaris.passwd.assign,solaris.account.activate > info > verify > exit
Update a user to be assigned the new profile:
usermod +P ChangePasswords user1
Profiles are stored locally in:
- /etc/security/prof_attr
Zones
Oracle Docs:
Check zfs:
zfs list | grep zones
Configuring a zone:
root@npgs-solaris:~# zonecfg -z zone1 Use 'create' to begin configuring a new zone. zonecfg:zone1> create create: Using system default template 'SYSdefault' zonecfg:zone1> set autoboot=true zonecfg:zone1> set bootargs="-m verbose" zonecfg:zone1> verify zonecfg:zone1> commit zonecfg:zone1> exit root@npgs-solaris:~#
List config:
root@npgs-solaris:~# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared - zone1 configured /system/zones/zone1 solaris excl
Install zone:
root@npgs-solaris:~# zoneadm -z zone1 install
The following ZFS file system(s) have been created:
rpool/VARSHARE/zones/zone1
Progress being logged to /var/log/zones/zoneadm.20181109T163221Z.zone1.install
Image: Preparing at /system/zones/zone1/root.
Install Log: /system/volatile/install.25403/install_log
AI Manifest: /tmp/manifest.xml.5c4vcb
SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
Zonename: zone1
Installation: Starting ...
Creating IPS image
Startup linked: 1/1 done
Installing packages from:
solaris
origin: http://pkg.oracle.com/solaris/release/
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 415/415 65388/65388 428.2/428.2 507k/s
PHASE ITEMS
Installing new actions 89400/89400
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Updating package cache 1/1
Installation: Succeeded
done.
Done: Installation completed in 1328.592 seconds.
Next Steps: Boot the zone, then log into the zone console (zlogin -C)
to complete the configuration process.
Log saved in non-global zone as /system/zones/zone1/root/var/log/zones/zoneadm.20181109T163221Z.zone1.install
Start the zone:
zoneadm -z zone1 boot
Login to the zone console (disconnect with ~.) and finish setup with UI:
zlogin -C zone1
Check status:
zoneadm list -v
Show config:
zonecfg -z zone1 info -a
Dedicated CPUs (set min 1, max 3) to a zone:
# zonecfg -z zone1 zonecfg:zone1> add dedicated-cpu zonecfg:zone1:dedicated-cpu> set ncpus=1-3 zonecfg:zone1:dedicated-cpu> end zonecfg:zone1> verify zonecfg:zone1> commit zonecfg:zone1> exit
("select" to enter a resource once it exists. "remove" to delete)
Set Memory cap:
zonecfg:zone1> add capped-memory zonecfg:zone1:capped-memory> set physical=512m zonecfg:zone1:capped-memory> set swap=1024m zonecfg:zone1:capped-memory> set locked=128m zonecfg:zone1:capped-memory> end
Set CPU cap (proportion guaranteed if there is contention), eg 50%:
# zonecfg -z zone1 zonecfg:zone1> add capped-cpu zonecfg:zone1:capped-cpu> set ncpus=0.5 zonecfg:zone1:capped-cpu> end