Tuesday Mar 29, 2011

Spotlights

Leading up to the release of Solaris 11 later this year, the team has picked a compelling feature to "spotlight" each month of 2011. The spotlights include podcasts, screencasts, demos, white papers, cheat sheats, how-to guides, related blog posts and links to the official product documentation. In the very least, it's a great collection of all the material that we have on a given topic.

Thus far we've completed spotlights on:

Keep an eye on the Solaris 11 Spotlights page for updates.

Friday Mar 25, 2011

Online Forum

Set aside 3 hours on April 14th to attend the Solaris Online Forum. The event runs from 9:00 AM to 12:15 AM US Pacific time on Thursday April 14th (click the links to find the corresponding day and time in your part of the world).

The agenda for the forum is as follows:

9:00 a.m. - 9:45 a.m. PT
Oracle Solaris Strategy Overview

Bill Nesheim, VP Oracle Solaris Engineering

9:45 a.m. - 10:00 a.m. PT
An Industry Analyst's View of the Operating System Market

Gary Chen, IDC

10:00 a.m. - 10:45 a.m. PT
Manage Your Deployments With Image Packaging System and the Automated Installer

Bart Smaalders, Oracle Solaris Engineering
Dave Miner, Oracle Solaris Engineering
Glynn Foster, Oracle Solaris Product Management
Isaac Rozenfeld, Oracle Solaris Product Management

10:45 a.m. - 11:30 a.m. PT
Get More out of Your Oracle Solaris Environments With Virtualization

Dan Price, Oracle Solaris Engineering
Nicolas Droux, Oracle Solaris Engineering
Duncan Hardie, Oracle Solaris Product Management

11:30 a.m. - 12:15 p.m. PT
Learn How All New Features in Oracle Solaris 11 Raise The Bar For Operating Systems

Markus Flierl, Sr. Director Oracle Solaris Engineering
Liane Praza, Oracle Solaris Engineering
Joost Pronk, Oracle Solaris Product Management

In all sessions you'll be able to participate in a live online chat.


Fair warning my Solaris friends, in pains me to say that the company Oracle contracts to host the event, on24, doesn't include Solaris as a supported platform on their Test Your System page. However, I am told that as long as you're running Firefox 3.x with Flash 9.0.115+, you'll be OK.

Thursday Mar 10, 2011

Solaris 10 Branded Zones

One of the powerful features of Solaris 11 is the ability to run a Solaris 10 environment in a zone. Solaris 10 allows you to run Solaris 8 and 9 environments in zones, but only on SPARC. 

Unfortunately, you can't just create a Solaris 10 zone from scratch - you have to have an existing Solaris 10 environment. That environment can be either a Solaris 10 instance or a Solaris 10 zone. 

Step 1: Pick a Solaris 10 Instance to Migrate

For this exercise, I'm going to migrate a complete Solaris 10 installation (not a Solaris 10 zone). The Solaris 10 9/10 VirtualBox VM is a great candidate, so that's what I'm going to use. If you're interested in migrating a Solaris 10 zone, see: Migrating an Oracle Solaris 10 native Non-Global Zone Into an Oracle Solaris 10 Container.

Step 2: Set Up Common Storage

We need to create an archive of the Solaris 10 system. Ideally, that archive would be written to and read from the same location. Since we're using VirtualBox, the host system makes a great common storage location. So, on the host system, set up an NFS share if you don't already have one.

Step 3: Create the Archive

As documented in Assessing an Oracle Solaris 10 System and Creating an Archive, note the Solaris 10 system's hostid:

bash-3.00# hostid
3198b62f

Then create the image, writing the archive to the NFS share on the host system:

bash-3.00# flarcreate -S -n s10-system -L cpio /net/10.0.1.3/export/home/bleonard/share/s10-system.flar Archive format requested is cpio
This archiver format is NOT VALID for flash installation of ZFS root pool.
This format is useful for installing the system image into a zone.
Reissue command without -L option to produce an archive for root pool install.
Full Flash
Checking integrity...
Integrity OK.
Running precreation scripts...
Precreation scripts done.
Creating the archive...
6917057 blocks
Archive creation complete.
Running postcreation scripts...
Postcreation scripts done.

Running pre-exit scripts...
Pre-exit scripts done.

The 3.3G file takes about 30 minutes to create.

Step 4: Install the s10 Package

The s10 package provides support for the Solaris 10 Branded Zone. Just click Install to install it.

Step 5: Create a ZFS File System for the Zones

If you already have a ZFS file system for your zones, you can skip this step:

bleonard@solaris:~$ sudo zfs create -o mountpoint=/zones rpool/zones
Password:

Step 6: Create a VNIC for the Zone

This is optional as you could elect to use shared networking, but why not take advantage of network virtualization?

bleonard@solaris:~$ sudo dladm create-vnic -l e1000g0 s10zone0

Step 7: Configure the Zone

The key difference here from creating a standard zone is the zone type is set to SUNWsolaris10:

bleonard@solaris:~$ sudo zonecfg -z s10-zone
s10-zone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:s10-zone> create -t SUNWsolaris10
zonecfg:s10-zone> set zonepath=/zones/s10-zone
zonecfg:s10-zone> set ip-type=exclusive
zonecfg:s10-zone> add net
zonecfg:s10-zone:net> set physical=s10zone0
zonecfg:s10-zone:net> end
zonecfg:s10-zone> set hostid=<solaris 10 host id>
zonecfg:s10-zone> verify
zonecfg:s10-zone> commit
zonecfg:s10-zone> exit

Step 8: Install the Zone

You'll be installing the zone from the flash archive that was created in step 3. I'll be installing the zone unconfigured (If you wish to preserve the zone configuration, replace the -u with -p, but I've had mixed luck with this approach):

bleonard@solaris:~$ sudo zoneadm -z s10-zone install -a /export/home/bleonard/share/s10-system.flar -u
A ZFS file system has been created for this zone.
      Log File: /var/tmp/s10-zone.install_log.fUa4Lh
    Installing: This may take several minutes...
Postprocessing: This may take a while...
   Postprocess: Updating the image to run within a zone

        Result: Installation completed successfully.
      Log File: /zones/s10-zone/root/var/log/s10-zone.install3809.log

The installation should take about 25 minutes to complete.

Step 9: Configure Solaris 10

This step can be done interactively when the zone is first booted, but I like to automate it by providing a sysidcfg file. See How to Use an /etc/sysidcfg for more information:

bleonard@solaris:~$ sudo cat /zones/s10-zone/root/etc/sysidcfg
system_locale=C
terminal=xterms
network_interface=s10zone0 {
	hostname=s10-zone
	ip_address=10.0.2.25
        default_route=NONE
	netmask=255.255.255.0
 	protocol_ipv6=no}
security_policy=none
name_service=NONE
nfs4_domain=domain
timezone=US/Eastern
root_password=N4l3cWQb/s9zY 

The above root password is "solaris".

Step 10: Boot the Zone

bleonard@solaris:~$ sudo zoneadm -z s10-zone boot
Password:

Step 11: Log Into the Zone

If you attempt to log in immediately after the boot command, you'll need to wait a couple of minutes for the Solaris 10 system configuration to complete before the login prompt appears. Don't fear the message about s10zone0 not being a valid network interface - it configures just fine:

bleonard@solaris:~$ sudo zlogin -C s10-zone bleonard@solaris:~$ sudo zlogin -C s10-zone
[Connected to zone 's10-zone' console]
Hostname: s10-zone
Loading smf(5) service descriptions: 1/1
 network_interface=s10zone0 {
 \^                 
s10zone0 is not a valid network interface  line 3 position 19
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair
Configuring network interface addresses: s10zone0.
Mar 10 13:32:14 s10-zone sendmail[7277]: My unqualified host name (s10-zone) unknown; sleeping for retry

s10-zone console login: root
Password: solaris
Mar 10 13:32:32 s10-zone login: ROOT LOGIN /dev/console
Last login: Thu Feb 24 13:50:44 on console
Oracle Corporation      SunOS 5.10      Generic Patch   January 2005
-bash-3.00# cat /etc/release 
                    Oracle Solaris 10 9/10 s10x_u9wos_14a X86
     Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
                            Assembled 11 August 2010

To get rid of the "unqualified host name" messages from sendmail, add s10-zone.local to /etc/inet/hosts as follows:

-bash-3.00# cat /etc/hosts
#
# Internet host table
#
127.0.0.1       localhost       
::1     localhost       
10.0.2.25       s10-zone        loghost s10-zone.local

Step 12: Use

Now that you have a Solaris 10 zone, it's up to you to decide what to do with it. If you migrated over a Solaris 10 system with applications, then you should be able to quickly get them up and running in the zone. One of the nice benefits of running a Solaris 10 zone in Solaris 11 is the ability to take advantage of new features like network virtualization and zonestat:

bleonard@solaris:~$ zonestat 5
Collecting data for first interval...
Interval: 1, Duration: 0:00:05
SUMMARY                    Cpus/Online: 1/1   Physical: 1535M    Virtual: 2512M
                    ----------CPU---------- ----PHYSICAL----- -----VIRTUAL-----
               ZONE  USED %PART  %CAP %SHRU  USED   PCT  %CAP  USED   PCT  %CAP
            [total]  0.22 22.8%     -     - 1113M 72.4%     - 1338M 53.2%     -
           [system]  0.08 8.73%     -     -  423M 27.5%     -  728M 29.0%     -
             global  0.12 12.8%     -     -  543M 35.3%     -  453M 18.0%     -
           s10-zone  0.01 1.22%     -     -  146M 9.55%     -  156M 6.22%     -

For a great introdution to zonestat, check out Jeff Victor's blog entries: All New Zonestat!, and All New Zonestat - Part 2.

Thursday Feb 24, 2011

Quick & Dirty NFS

NFS is such as well known topic and so well documented that I hesitate to write about it. However, I find it crucial in my everyday use of Solaris, so I thought I'd at least summarize the quick steps I take to share files, if only for my own future benefit.

NFS stands for Network File System. NFS was invented by Sun years ago and it is the premier way to share files between systems (although Microsoft will argue CIFS / SMB fits that bill).

One thing I find confusing about NFS is that it provides several different utilities for creating and managing shares. This is an artifact of NFS's maturity, as it has been around well before newer file systems like ZFS. NFS is now tightly integrated with ZFS and in this entry I'm only going to focus on how NFS is configured via ZFS.

Managing Network File Systems is the official Solaris documentation on using NFS. However, the ZFS features I'm going to be discussing are found in Sharing and Unsharing ZFS File Systems.

On the Server

The first step is to figure out which file system you want to share. For this exercise I'm going to create a new ZFS file system for the sole purpose of sharing files:

10.0.1.20:~$ sudo zfs create rpool/export/home/bleonard/share
Password: 

I'll also change the ownership and  write permissions of the shared directory so anyone can write to it:

10.0.1.20:~$ sudo chown bleonard:staff share
Password: 
10.0.1.20:~$ sudo chmod 777 share
Password: 

Note, the NFS server is disabled by default:

10.0.1.20:~$ svcs nfs/server
STATE          STIME    FMRI
disabled       Feb_14   svc:/network/nfs/server:default

However, setting the sharenfs property on the ZFS dataset will also start the NFS server:

10.0.1.20:~$ sudo zfs sharenfs=on rpool/export/home/bleonard/share
10.0.1.20:~$ svcs nfs/server
STATE          STIME    FMRI
online          7:38:27 svc:/network/nfs/server:default

At this point the share is ready for use. If you use an existing dataset, it only takes one command to set up.

Another useful utility is the showmount command, which will show the file systems that have been shared:

10.0.1.20:~$ showmount -e
export list for solaris:
/export/home/bleonard/share (everyone)

Note, sharing can also be viewed and managed via the GUI at System > Administration > Shared Folders:


On the Client

These instructions assume a Solaris client. Instructions can be easily found for other clients as well.

You can use the showmount command to list which shares are provided by a particular server:

10.0.1.24:~$ showmount -e 10.0.1.20
export list for 10.0.1.20:
/export/home/bleonard/share (everyone)

My favorite way to access NFS shares is via the automounted /net directory. For example:

10.0.1.24:~$ cd /net/10.0.1.20/export/home/bleonard/share/
10.0.1.24:/net/10.0.1.20/export/home/bleonard/share$ 

And that's all there is to it!

If you want to mount the share to a different location, you do so as follows (I'm using the name share again, but the directory could be anywhere and called anything):

10.0.1.24:~$ mkdir share
10.0.1.24:~$ sudo mount -F nfs 10.0.1.20:/export/home/bleonard/share ~/share
Password:

To make the mount permanent (that is, survive a reboot), there are a couple of options, one of which is adding an entry to the /etc/vfstab file. That process is well documented in How to Mount a File System at Boot Time.

 
  


Monday Feb 14, 2011

Automounted Home Directory

If you're running a fresh installation of Solaris 11 Express (as opposed to an upgrade from OpenSolaris), you'll notice your home directory is now at the more appropriate /home/<username>, instead of /export/home/<username>.

bleonard@solaris:~$ pwd
/home/bleonard

bleonard@solaris:~$ grep bleonard /etc/passwd 
bleonard:x:54324:1::/home/bleonard:/usr/bin/bash

In reality, the data for your home directory still resides at /export/home/<username>, it's just that the directory has been automounted for you at /home/<username>. This is configured in the file /etc/auto_home:

oracle@solaris:~$ cat /etc/auto_home 
#
# <license text removed>
#
# Home directory map for automounter
#
oracle  	localhost:/export/home/&
bleonard	localhost:/export/home/&
+auto_home

A big benefit of automating your home directory is that it now becomes very easy to relocate the location of the storage behind the directory. Say, for example, the rpool, in which the home directory is stored by default, starts running out of space. By changing the automount location, we can relocate our home directory to another disk, or even network attached storage (which would make it accessible from any instance of Solaris).

For this example I'm simply going to relocate my home directory to another disk I have available on the machine.

bleonard@solaris:~$ sudo format < /dev/null
Password: 
Searching for disks...
Failed to inquiry this logical diskFailed to inquiry this logical diskdone


AVAILABLE DISK SELECTIONS:
       0. c7d0 <ئ���Pp�nD����pȅ��ئ���pp�n4"��� cyl 2607 alt 2 hd 255 sec 63>
          /pci@0,0/pci-ide@1,1/ide@0/cmdk@0,0
       1. c8d0 <ئ���Pp�nD����pȅ��ئ���pp�n4"��� cyl 33416 alt 2 hd 255 sec 63>
          /pci@0,0/pci-ide@1,1/ide@1/cmdk@0,0
Specify disk (enter its number): 

The new disk is c8d0 (I forget the reason why the output is messed up, but it gives me the information I need).

I'll create a new zpool using that disk:

bleonard@solaris:~$ sudo zpool create newpool c8d0
Password:

And then create a new file system for my home directory:

bleonard@solaris:~$ sudo zfs create -p newpool/home/bleonard 

Then copy my current home directory to its new location:

bleonard@solaris:~$ sudo cp -rp /export/home/bleonard /newpool/home 

The next step is to tell the automounter to use the new location as the backing store for my home directory by updating /etc/auto_home as follows:

bleonard@solaris:~$ grep bleonard /etc/auto_home 
bleonard	localhost:/newpool/home/&
 
  

Then reboot to re-establish the home directory at its new location:

bleonard@solaris:~$ sudo reboot
Password:

Now you can delete the old home directory in rpool, freeing up space:

bleonard@solaris:~$ sudo zfs destroy rpool/export/home/bleonard
Password: 

For more information on the automounter, see the Task Overview for Autofs Administration.

Friday Feb 04, 2011

Solaris 11 Express VirtualBox VM

A couple of weeks ago I wrote about the release of the Solaris 10 09/10 VirtualBox VM. Yesterday, a VirtualBox image for Solaris 11 Express was released. Here are the quick steps to get it up and running:
  1. Download the Oracle Solaris 11 Express 2010.11 VM for Oracle VM VirtualBox.

  2. Extract the archive:
    bleonard@solaris:~/Download$ unzip OracleSolaris11Express2010_11_VM.zip 
    Archive:  OracleSolaris11Express2010_11_VM.zip
      inflating: OracleSolaris11Express2010_11.mf  
      inflating: OracleSolaris11Express2010_11.ovf  
      inflating: OracleSolaris11Express2010_11-disk1.vmdk  
      inflating: README.txt     
  3. Start VirtualBox and select File > Import Appliance. Then select the OracleSolaris11Express2010_11.ovf file that was just extracted.

  4. On the Appliance Import Wizard, feel free to bump the RAM from the default of 1024 MB if you have it to spare. I'm setting mine to 1536 MB:



  5. Click Finish and wait a few minutes while the VM is imported:



  6. Start the OracleSolaris11Express2010_11 Virtual Machine. Unlike the Solaris 10 VM, the Solaris 11 Express VM comes pre-configured, so you're immediately able to start using the system. When prompted, enter the username oracle and the password oracle:






    Note, the VirtualBox Guest Additions are pre-installed:
    oracle@solaris:~$ pkginfo -l SUNWvboxguest
       PKGINST:  SUNWvboxguest
          NAME:  Oracle VM VirtualBox Guest Additions
      CATEGORY:  application
          ARCH:  i386
       VERSION:  4.0.0,REV=r69151.2010.12.22.15.21
       BASEDIR:  /
        VENDOR:  Oracle Corporation
          DESC:  Oracle VM VirtualBox Guest Additions for Solaris guests
        PSTAMP:  vboxguest20101222152102_r69151
      INSTDATE:  Jan 10 2011 11:50
       HOTLINE:  Please contact your local service provider
         EMAIL:  info@virtualbox.org
        STATUS:  completely installed
         FILES:       50 installed pathnames
                       3 linked files
                       4 directories
                      19 executables
                   22011 blocks used (approx)
    Also, the hard disk isn't quite as generous as the 64 GB disk that ships with the Solaris 10 VM. Here we only have 20 GB:
    oracle@solaris:~$ zpool list rpool
    NAME    SIZE  ALLOC   FREE    CAP  DEDUP  HEALTH  ALTROOT
    rpool  19.9G  4.24G  15.6G    21%  1.00x  ONLINE  -
    Finally, it would probably help to know the root password. It's ovsroot.
    oracle@solaris:~$ su 
    Password: ovsroot
    oracle@solaris:~#
    Actually, the user oracle is in the /etc/sudoers file, so you don't really need the root password:
    oracle@solaris:~$ sudo su
    
    We trust you have received the usual lecture from the local System
    Administrator. It usually boils down to these three things:
    
        #1) Respect the privacy of others.
        #2) Think before you type.
        #3) With great power comes great responsibility.
    
    Password: oracle
    root@solaris:/home/oracle# 

Friday Jan 28, 2011

Apache & SSL

I was recently asked about how to set up SSL on Apache. Here are the steps I took to do it.

Setting Up Apache

Install Apache

bleonard@solaris:~$ sudo pkg install apache-22
               Packages to install:     4
           Create boot environment:    No
               Services to restart:     1
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  4/4     902/902      4.5/4.5

PHASE                                        ACTIONS
Install Phase                              1145/1145 

PHASE                                          ITEMS
Package State Update Phase                       4/4 
Image State Update Phase                         2/2 

Install the Apache Visual Panel

The Apache visual panel is a management interface for Apache.

bleonard@solaris:~$ sudo pkg install panel-apache
               Packages to install:     5
           Create boot environment:    No
               Services to restart:     2
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  5/5     433/433    14.1/14.1

PHASE                                        ACTIONS
Install Phase                                638/638 

PHASE                                          ITEMS
Package State Update Phase                       5/5 
Image State Update Phase                         2/2 

There's a bug that prevents the visual panel from restarting until the desktop is restarted:
bleonard@solaris:~$ sudo svcadm restart gdm

You can then successfully start the visual panel from the System > Administration > Apache Web Server menu.

Start Apache

Select "Enable the Apache web server" and click Apply:

You'll be prompted to authenticate yourself. Enter your Username:


And then select the root role:

Wait while the instance transitions to online. And you're up and running:

Configuring SSL

Getting a Certificate

The key piece needed for secure communication is a certificate. Ideally this certificate would be signed by an authority, such as VeriSign, GoDaddy or Comodo. However, for the purposes of this example, and the fact that I'm not actually setting up a public facing server that can be verified by an authority, we'll be using a self-signed certificate.

O'Reilly has a good article on Configuring SSL Under Apache, which includes a nice explanation of using openssl for creating a self-signed certificate. As well as the steps necessary to get your certificate signed. I won't bother repeating that information here, other than the steps I took to create the self-signed certificate:

oracle@solaris:~$ openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes -keyout server.key -out server.crt -subj '/O=Oracle/OU=Solaris/CN=10.0.2.15'
Generating a 1024 bit RSA private key
............++++++
.++++++
writing new private key to 'server.key'
-----

Configure SSL

Return to the Apache visual panel. Highlight the localhost virtual host and select clone. When prompted, set the domain to securelocalhost:

On the General tab select "Enable this virtual host" and then switch to the SSL tab. Enable SSL, set the IP address and select the certificate and key that were just created:

The select Apply and wait while the server is restarted.

Browse Securely

Try an https connection to your configured IP address. You'll be presented with a fairly scary "This Connection is Untrusted" page:

Under the Technical Details you'll see that the certificate is untrusted because it's self-signed, which we've already addressed.

Select Add Exception and you'll be presented with another dialog to add a security exception:


Select Confirm Security Exception and you'll be securely browsing:

Beyond the Apache Visual Panel

You can disable/enable/restart apache through its SMF interface:

bleonard@solaris:~$ sudo svcadm disable apache2

The apache2 SMF service writes its configuration information out to /etc/vpanels/httpd.conf for Apache to read on startup. You can see the changes that were made by the addition of another virtual host:

Listen   10.0.2.15:443
<VirtualHost   10.0.2.15:443>
SSLEngine on
SSLCertificateFile   /export/home/bleonard/server.crt
SSLCertificateKeyFile   /export/home/bleonard/server.key
DocumentRoot  /var/apache2/2.2/htdocs
<Directory  "/var/apache2/2.2/htdocs" >
Options Indexes Includes FollowSymLinks  SymLinksifOwnerMatch ExecCGI MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ServerName   securelocalhost
</VirtualHost>

It's important to note the differences between using the Apache visual panel GUI and the default Apache command line interface. The Apache visual panel stores all of Apache's configuration information in the SMF repository and writes out the httpd.conf configuration file when the service is started, so you can directly edit httpd.conf. The default Apache SMF service, apache22, reads Apache's configuration information from the configuration file at  /etc/apache2/2.2/httpd.conf. So there are two important considerations here:

  1. Don't attempt to start Apache using both SMF interfaces, apache22 (default) and apache2 (visual panel), as it will just create a conflict.
  2. If you're looking to customize Apache beyond what the visual panel interface allows, I would recommend going with the default interface, apache22, and customizing /etc/apache2/2.2/httpd.conf.

Tuesday Jan 25, 2011

Configuring Automatic Login

If you've ever wondered how the Live CD just boots directly into the desktop, this is easily configured through a couple of settings in your GNOME Display Manager (GDM) configuration file, /etc/gdm/custom.conf.  Just add the following to the daemon section in custom.conf:

[daemon]
AutomaticLoginEnable=true
AutomaticLogin=<user id>
GdmXserverTimeout=30

When AutomaticLoginEnable is set to true, the user given in AutomaticLogin is logged in immediately. The GdmXserverTimeout setting will determine how long the system will try before giving up and presenting the login screen. This could occur, for example, if the supplied user id doesn't exist on the system.

When making changes to custom.conf, restart gdm for the changes to take effect:

$ sudo svcadm restart gdm

The GNOME Display Manager is quite customizable. See the gdm man page for more.

Friday Jan 21, 2011

Localizing Solaris 10

This entry is in response to a comment from my previous post, asking how to localize Solaris 10. Most of everything you need is in the localeadm man page, but I'll walk through the steps here.

Step 1: Get the Solaris 10 DVD.

If you installed from the DVD, then you should already have it. However, if you started with the Solaris 10 virtual machine, then you'll need to also download the Oracle Solaris 10 9/10 Full DVD Image (zip), which contains the locales.

Step 2: Mount the DVD.

In the case of VirtualBox, with Solaris 10 running, from the VirtualBox menu select Devices > CD / DVD Devices > Choose a virtual CD / DVD disk file...

And select the Solaris 10 ISO,  sol-10-u9-ga-x86-dvd.iso, in my case. This action will mount the ISO at /cdrom/sol_10_910_x86.

Step 3: View the Available Locales

The available locales are listed by region:

# localeadm -l -d /cdrom/sol_10_910_x86

Checking for installed packages. This could take a while. Checking for Australasia region (aua) (c_solaris packages) |...| All packages found. Checking for Australasia region (aua) (solaris1 packages) |............|

...

Japanese (ja) Korean (korean) Simplified Chinese (china) Traditional Chinese (Hong Kong) (hongkong) Traditional Chinese (taiwan) Thai (th_th) India (india) South East Asia (sea) [ Indonesia, Malaysia, Singapore ] Southern Africa (saf) [ South Africa ] Done.

Step 4: Install the Locale

Once you find the region / locale you want to install, you will pass the value in parentheses to the localeadm command. I'm going to install Simplified Chinese (china) as follows:

# localeadm -a china -d /cdrom/sol_10_910_x86
Log file is /var/sadm/install/logs/localeadmin_install.2011-01-21

locale/region name is china
Adding packages for Simplified Chinese (china)

Region china will be installed.

...

The following regions are installed on unknown on Fri Jan 21 12:30:15 EST 2011

POSIX (C)


Simplified Chinese (china)



One or more locales have been added. To update the list of locales available at the login screen's "Options->Language" menu, please restart the dtlogin daemon (WARNING: this will terminate any active dtlogin sessions)

Please log out and login again to use the new locale(s) at your desktop. If you are not intending to use the new locale(s) with the GUI desktop, you can start using the new locale(s) immediately by setting the LC_\* environment variables

Step 5: Eject the DVD & Reboot

I have found that the machine needs to be rebooted for the new locale to be recognized by the login screen. Before rebooting, eject the DVD, otherwise, the VM will boot from the DVD. The DVD can be ejected by deselecting it under the Devices menu (just like we added it).

# reboot

Step 6: Select the New Language

When the Login Screen appears again, select Options > Language, to get to the Select a language screen:

Then login:

Then enjoy:


At this point I wish I knew Chinese :-).

Wednesday Jan 19, 2011

Solaris 10 9/10 VirtualBox VM

A pre-built VirtualBox virtual machine of Solaris 10 9/10, the latest update, has recently been published. The pre-built VM gets you quickly up and running with Solaris 10. Just follow these steps:

  1. Download the Oracle Solaris 10 9/10 Virtual Machine for Oracle VM VirtualBox. It's 1.8 GBs.

  2. Extract the Archive:
  3. bleonard@solaris:~/Download/$ unzip Solaris10_9-10_VM.zip 
    Archive:  Solaris10_9-10_VM.zip
      inflating: README.txt              
      inflating: Solaris10_9-10.mf       
      inflating: Solaris10_9-10.ovf      
      inflating: Solaris10_9-10.vmdk 
    
  4. Start VirtualBox and select File > Import Appliance. Then select the Solaris10_9-10.ovf file that was just extracted.

  5. On the Appliance Import Wizard, set the Guest OS Type to Solaris modern (S10U8+). Also feel free to bump the RAM from the default of 1024 MB if you have it to spare. I'm setting mine to 1536 MB:



  6. Click Finish and wait a few minutes while the VM is imported (Note, the dialog may initially say something ridiculous like 20 hours remaining. You can safely ignore this.):



  7. Start the Solaris 10_9-10 Virtual Machine. The machine is delivered unconfigured, so on first boot you'll need to select your keyboard layout, network connectivity, security policy, name service, NFSv4 domain name, time zone and root password. Once these settings are selected the system will reboot into the Solaris 10 desktop:



    Note, the VirtualBox Guest Additions are pre-installed:
    # pkginfo -l SUNWvboxguest
       PKGINST:  SUNWvboxguest
          NAME:  Oracle VM VirtualBox Guest Additions
      CATEGORY:  application
          ARCH:  i386
       VERSION:  3.2.8,REV=r64453.2010.08.05.14.52
       BASEDIR:  /
        VENDOR:  Oracle Corporation
          DESC:  Oracle VM VirtualBox Guest Additions for Solaris guests
        PSTAMP:  vboxguest20100805145230_r64453
      INSTDATE:  Sep 14 2010 17:23
       HOTLINE:  Please contact your local service provider
         EMAIL:  info@virtualbox.org
        STATUS:  completely installed
         FILES:       51 installed pathnames
                       3 linked files
                       4 directories
                      19 executables
                   19628 blocks used (approx)
    Also, ZFS is used as the root file system with a 64 GB dynamically expanding hard disk (so it will only consume 64 GBs of your host system if you actually use that much space in the VM):
    # zpool list
    NAME    SIZE  ALLOC   FREE    CAP  HEALTH  ALTROOT
    rpool  63.5G  4.57G  58.9G     7%  ONLINE  -
    
    # zfs list
    NAME                  USED  AVAIL  REFER  MOUNTPOINT
    rpool                5.10G  57.4G  32.5K  /rpool
    rpool/ROOT           3.57G  57.4G    21K  legacy
    rpool/ROOT/s10_0910  3.57G  57.4G  3.57G  /
    rpool/dump           1.00G  57.4G  1.00G  -
    rpool/export           44K  57.4G    23K  /export
    rpool/export/home      21K  57.4G    21K  /export/home
    rpool/swap            544M  57.9G    16K  -
    

Thursday Jan 06, 2011

Chime 1.5

This morning Tom Erickson announced version 1.5 of the Chime Visualization Tool for DTrace.

The update includes many improvements:

  • Total rows can now be included in plots over time.
  • Sparklines now appear on total rows.
  • The aggregate sampling interval is now a saved preference and independent of the DTrace aggregate option.
  • Plots over time now scale with the sampling interval.
  • Individual plot lines can be selected or hidden by clicking or double-clicking on the plot legend.

Besides many other fixes, this update removes all dependence on third party code.

The website has also been updated. In particular, the Command Line page now explains some of the nifty things you can do with Chime on the command line.

See the Installation page to get Chime along with instructions on how to install it.

Thursday Dec 16, 2010

Obsolete Packages

In my previous entry I talked about packages that were not brought forward into the Solaris 11 Express repository. However, those packages are still available and can be installed from the opensolaris.org repository.

There's another category of packages that have technically been brought forward into the Solaris 11 Express repository, but for various reasons are now marked as obsolete. You can read a nice write-up of what it means to obsolete a package, but basically the design is to intentionally mark that a particular package is no longer supplied by the repository.

The primary difference is that a "missing" package is left untouched when the system is updated. An obsolete package will be uninstalled (if possible) when the system is updated.

There are a couple of ways to see the packages that are obsolete. Using pkg search:

bleonard@solaris:~$ pkg search ::pkg.obsolete: 
INDEX        ACTION VALUE PACKAGE
pkg.obsolete set    true  pkg:/SUNWinleu@0.5.11-0.130
pkg.obsolete set    true  pkg:/SUNWsfwhea@0.5.11-0.130
pkg.obsolete set    true  pkg:/SUNWupdatemgr@0.5.11-0.130
pkg.obsolete set    true  pkg:/database/postgres-83/documentation@8.3.11-0.146
pkg.obsolete set    true  pkg:/SUNWcleue@0.5.11-0.130
pkg.obsolete set    true  pkg:/SUNWpostgr-82-client@8.2.15-0.146
...

Or using pkg list with a grep on the o flag:

bleonard@solaris:~$ pkg list -a | grep -e '[-u]-[o]--' FSWfontconfig-devel-docs 0.5.11-0.130 known --o-- FSWxorg-devel-docs 0.5.11-0.130 known --o-- FSWxwpft 0.5.11-0.130 known --o-- OSOLvpanels-hypervisor 0.5.11-0.151 known --o-- OSOLvpanels-mysql 0.5.11-0.130 known --o-- ... 

I mention all of this because packages that are obsolete have some interesting side effects. The highest profile obsolete package is PostgreSQL, and you'll note it's marked Obsolete in the output of pkg info:

bleonard@solaris:~$ pkg info -r pkg://solaris/database/postgres-84
          Name: database/postgres-84
       Summary: 
         State: Not installed (Obsolete)
     Publisher: solaris
       Version: 8.4.4
 Build Release: 5.11
        Branch: 0.146
Packaging Date: October 27, 2010 06:31:28 PM 
          Size: 0.00 B
          FMRI: pkg://solaris/database/postgres-84@8.4.4,5.11-0.146:20101027T183128Z

And if you try to install it, you get a somewhat obscure error message:

bleonard@solaris:~$ sudo pkg install pkg://solaris/database/postgres-84
No updates necessary for this image.

The message is a little more clear if you try to install a package that depends on a package that's been marked as obsolete (I'm not aware of any such packages currently in the solaris release repository, so this example's using the opensolaris.org repository):

bleonard@solaris:~$ sudo pkg install amp-dev
Creating Plan \\pkg: No version of amp-dev can be installed:
pkg://opensolaris.org/amp-dev@0.5.11,5.11-0.86:20080424T113414Z: Required dependency pkg:/SUNWphp524-pgsql@5.2.4,5.11-0.86 is obsolete
...

I already mentioned an obsolete package will be uninstalled (if possible) when the system is updated. The if possible part is key, and it did trip up several folks trying to upgrade from OpenSolaris to Solaris 11 Express. The assumption is made that if you have a package installed that has not been marked as obsolete (such as amp-dev) that depends on a package that's been marked as obsolete (such as SUNWphp52-pgsql), you still depend on the functionality provided by the dependent package and the update is prevented.

I don't have insight as to why a particular package is marked as obsolete, however, I would assume most of it has to do with support (everything in the solaris release repository is supported). My primary point here was to shed some additional light on the concept of an obsolete package.

Wednesday Dec 15, 2010

Left Behind

Those of you familiar with OpenSolaris before the release of Solaris 11 Express may have noticed that certain applications have not found their way into the Solaris 11 Express repository - most notably OpenOffice.org.

Out of curiosity, I set up the opensolaris.org repository on Solaris 11 Express:

bleonard@solaris:~$ sudo pkg set-publisher -g http://pkg.opensolaris.org/release --non-sticky opensolaris.org

And then ran this awk script to find out exactly what was missing:

bleonard@solaris:~$ pkg list -a | awk -f pkg.awk 
SUNWlibnb-apisupport1
SUNWlibnb-cnd1
SUNWlibnb-enterprise4
SUNWlibnb-gsf1
SUNWlibnb-ide8
SUNWlibnb-java1
SUNWlibnb-platform7
SUNWlibnb-profiler2
SUNWlibnb-ruby1
SUNWlibnb-visualweb1
SUNWlibnb-xml1
SUNWnetbeans-cpp
SUNWnetbeans-desktop
SUNWnetbeans-ide
SUNWnetbeans-javaee
SUNWnetbeans-javase
SUNWnetbeans-ruby
amp-dev
clustertools
clustertools_7.1
clustertools_8.1
clustertools_8.2.1
developer/clustertools
developer/clustertools-821
developer/gcc/gcc-432
developer/gcc/gcc-dev-4
developer/gcc/gcc-runtime-432
developer/netbeans/plugin/nb-dtrace
developer/sunstudio
developer/sunstudio12u1
developer/sunstudioexpress
developer/tool/exuberant-ctags
dtrace-gui-plugin
eclipse
glassfishv2
hpc-dev
java-dev
libnb-apisupport
libnb-cnd
libnb-dlight
libnb-enterprise
libnb-ergonomics
libnb-groovy
libnb-gsf
libnb-ide
libnb-identity
libnb-java
libnb-php
libnb-platform
libnb-profiler
libnb-ruby
libnb-soa
libnb-visualweb
libnb-webcommon
libnb-websvccommon
libnb-xml
mq41
netbeans
netbeans-cpp
netbeans-desktop
netbeans-full
netbeans-ide
netbeans-incorporation
netbeans-java
netbeans-javase
netbeans-php
netbeans-ruby
opends
openoffice
openoffice-de
openoffice-es
openoffice-fr
openoffice-hu
openoffice-it
openoffice-ja
openoffice-ko
openoffice-nl
openoffice-pl
openoffice-pt
openoffice-pt-BR
openoffice-ru
openoffice-sdk
openoffice-sv
openoffice-zh-CN
openoffice-zh-TW
ruby-dev
service/network/ldap/opends
service/network/message-queue-41
slim_cd
ss-dev
sunstudio
sunstudio12u1
sunstudioexpress
web/glassfish-2
web/webstack-ui
webstackui

As you can see, the major applications missing are OpenOffice, Sun Studio, NetBeans, Eclipse, GlassFish, OpenDS, Message Queue and the development bundles that depend on these tools (amp-dev, hpc-dev, java-dev, ruby-dev, ss-dev and webstack)

I don't know the details of why these particular pieces of software have yet to find their way into the Solaris 11 Express repository. However, to get them, you can either install (a slightly stale version) from the opensolaris.org repository, or download and install the non-IPS version. Here are some pointers:

If I get more information on the status of these software packages, I'll be sure to post it here.

Friday Dec 03, 2010

File Based Repo

It was always possible to mount an ISO and use it as the package repository, but you also had to configure and run a local package server. With Solaris 11 Express, it is now possible to serve the packages directly from the local repository files, bypassing the server.

Step 1: Download the Repository Image

The repository image comes in two 2 GB chunks and they're available on the Solaris 11 Express Downloads page. After downloading parts A & B, unzip and concatenate them as follows:

bleonard@solaris:~$ cd Download/
bleonard@solaris:~/Download$ unzip sol-11-exp-201011-repo-full-iso-a.zip 
Archive:  sol-11-exp-201011-repo-full-iso-a.zip
  inflating: sol-11-exp-201011-repo-full.iso-a  
bleonard@solaris:~/Download$ unzip sol-11-exp-201011-repo-full-iso-b.zip 
Archive:  sol-11-exp-201011-repo-full-iso-b.zip
  inflating: sol-11-exp-201011-repo-full.iso-b  
bleonard@solaris:~/Download$ cat sol-11-exp-201011-repo-full.iso-a sol-11-exp-201011-repo-full.iso-b > sol-repo-full.iso

Note, I kept the ISO name generic, as this allows me to upgrade to a newer version of the repository by simply replacing the underlying ISO.

Step 2: Mount the Repository Image

Create a directory at which to mount the ISO:

 bleonard@solaris:~$ sudo mkdir /repo

Mount the ISO to the /repo directory:

bleonard@solaris:~$ sudo mount -F hsfs ~/Download/sol-repo-full.iso /repo

Step 3: Make the Mount Persistent

The mount will not survive a reboot. You have a couple of approaches to make it persist:

The Quick and Dirty Way

Add the following file to /etc/rc3.d:

# cat /etc/rc3.d/S99mountiso
#!/bin/sh
#
mount -F hsfs /export/home/bleonard/Download/sol-repo-full.iso /repo 

The SMF Way

Save the following repo.xml SMF manifest to /var/svc/manifest/system/filesystem, which defines a new service, repo.

Install the repo service:

bleonard@opensolaris:~$ svccfg import /var/svc/manifest/system/filesystem/repo.xml

Start the repo service:

bleonard@opensolaris:~$ svcadm enable repo 
bleonard@opensolaris:~$ svcs -l repo
fmri         svc:/system/filesystem/repo:default
name         Solaris ISO repository mounter
enabled      true
state        online
next_state   none
state_time   Mon Oct 11 09:40:07 2010
logfile      /var/svc/log/system-filesystem-repo:default.log
restarter    svc:/system/svc/restarter:default
dependency   require_all/none svc:/system/filesystem/local (online)

Step 4: Add the Local Repository as a Publisher

This is the new part in that a publisher can now point to a local file, bypassing the need to set up a local package server.

You can either set up the local file as a mirror or on its own. Use the following syntax to set it up as a mirror:

bleonard@solaris:~$ sudo pkg set-publisher -m file:///repo/repo/ -P solaris
bleonard@solaris:~$ pkg publisher
PUBLISHER                             TYPE     STATUS   URI
solaris                  (preferred)  origin   online   http://pkg.oracle.com/solaris/release/
solaris                  (preferred)  mirror   online   file:///repo/repo/

To remove the mirror:

bleonard@solaris:~$ sudo pkg set-publisher -M file:///repo/repo/ solaris

To set it up on its own:

bleonard@solaris:~$ sudo pkg set-publisher -G http://pkg.oracle.com/solaris/release -g file:///repo/repo/ -P solaris
bleonard@solaris:~$ pkg publisher
PUBLISHER                             TYPE     STATUS   URI
solaris                  (preferred)  origin   online   file:///repo/repo/

In the above we're removing the default remote repository and replacing it with the new local repository. You can see the status of the repository as follows:

bleonard@solaris:~$ pkgrepo info -s /repo/repo
PUBLISHER PACKAGES STATUS           UPDATED
solaris   3941     online           2010-11-11T00:04:39.171739Z

At this point, the repository is ready for use.

However, one minor limitation is that the repository doesn't include a search index (this was done to reduce the initial size of the repository):

bleonard@solaris:~$ pkg search hex
pkg: Some repositories failed to respond appropriately:
solaris:
file protocol error: code: 11 reason: Search temporarily unavailable.
Repository URL: 'file:///repo/repo'. (happened 4 times)

And since the ISO is mounted directly (and therefore, read-only), one can't be built. If you happen to extract the ISO, a search index could be build with the following command:

sudo pkgrepo -s /repo/repo refresh

Conclusion

I like this approach because when a new repository becomes available, I simply need to replace the ISO file and I'm all set. For further details, including how to set up a local repository server, see the article How To Copy an Oracle Solaris 11 Express Software Package Repository.

Thursday Dec 02, 2010

sudo?

We here in Solaris land have expended a lot of energy in the past explaining pfexec. In the simplest case it was described as an alias for sudo (and when I first come to Solaris, I'm somewhat embarrassed to admit I did just that, created an alias for sudo to pfexec). But having an alternative to sudo was one of those things that made Solaris "different". When OpenSolaris was first released we tracked unsuccessful searches against our package repository - and sudo was as the top of that list.

As part of the modernization effort for Solaris, sudo eventually found its way into OpenSolaris (beginning with the 2008.11 release). However, by that time I was pretty comfortable with pfexec and never looked back - until now that is.

A big change in the Solaris 11 Express release is that pfexec has been rendered relatively toothless out of the box. The "Primary Administrator" profile is no longer assigned to the user created during installation. If you've upgraded from an earlier release of OpenSolaris, you are unaffected by this change. However, on a fresh installation of Solaris 11 Express, commands that used to work will no longer. For example:

bleonard@solaris:~$ pfexec zfs create rpool/myfs
cannot create 'rpool/myfs': permission denied

However, sudo now works just fine:

bleonard@solaris:~$ sudo zfs create rpool/myfs
Password: 

One big difference you'll notice is that sudo requires a password - and this your password, not the root password (which I'll address in a moment). The lack of a password prompt was the whole reason for the "Primary Administrator" role being dropped in the first place - although sudo can be configured to behave the same.

If you've upgraded to Solaris 11 Express, you have the opposite problem, pfexec still works as you're accustomed, however, sudo reports you to the sudo police.

bleonard@solaris:~$ sudo zfs create rpool/myfs

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password: 
bleonard is not in the sudoers file.  This incident will be reported. 

The report actually shows up in the /var/adm/messages file:

Dec  2 11:21:57 solaris sudo: [ID 702911 auth.alert] bleonard : user NOT in sudoers ; TTY=pts/2 ; PWD=/export/home/bleonard ; USER=root ; COMMAND=/usr/sbin/zfs create rpool/myfs

I'll address setting up sudo at the end of this entry.

The root Password

In the continued simplification of the Solaris 11 Express installer, it now only asks for one password, which is used as the password for both the root account and the initial user account:

However, the root password is immediately expired, as you'll see if you try to switch to root:

bleonard@solaris:~$ su
Password: 
su: Password for user 'root' has expired
New Password: 

As you no longer have Primary Administrator privileges, GUI tools requiring administrator privileges will now also prompt you for the root password. For example, if you try to start the Package Manger GUI, you'll first be presented with:

There is one little glitch to be aware of - if you attempt to run a GUI that prompts for the root password, and the root password is expired, the GUI just exits. No warning or prompt for a new password is provided. This issue is being addressed: Gksu does not report expired password. So just make sure you attempt an su from the command, and set a new root password, before trying to use the GUI tools that require the root password.

The root Role

If you look at the installer screen capture above, you'll see that the initial user is assigned administrative privileges. Although this is not in the form of the "Primary Administrator" profile, the user created at installation time does have the root role assigned to them.

bleonard@solaris:~$ roles
root

Some people mistakingly think that having the root role allows them to use pfexec. pfexec stands for Profile Execute, and executes commands against your assigned profiles - not your assigned roles. The root role simply allows you to su to the root user account.

The etc/sudoers file

Now to the reason why sudo works on a fresh install of Solaris 11 Express, but not on a version upgraded from OpenSolaris.  When a command is prefixed with pfexec, it first checks to see if the user executing the command has a profile which allows the execution of that command. Very similarly, when a command is prefixed with sudo, the /etc/sudoers files is first consulted to see the user is allowed to execute that command.

The /etc/sudoers file is well documented and you can defined very fine grained rules as to what a particular user is allowed to do. In the case of the user created during installation, the user is allowed to do everything (just as if they were root). Here's what the entry for my user, bleonard, looks like:

bleonard ALL=(ALL) ALL

The entry above is stating that user bleonard can run any command on any host as any user. For further details on how to fine tune a user's privileges, see the sudoers man page.

So, to configure an instance of Solaris 11 Express upgraded from OpenSolaris to operate like a freshly installed instance, you need to add a line like the above to the /etc/sudoers file. Note that the file is read-only and should be edited using the visudo editor - I hope you like vi :-).

One last note, if you want sudo to behave like pfexec (sans password), make the following tweak to your entry:

bleonard ALL=(ALL) NOPASSWD: ALL

Finally, if you're on a fresh install of Solaris 11 Express and want to continue using pfexec, you can add the "Primary Administrator" profile as follows:

bleonard@solaris:~$ sudo usermod -P "Primary Administrator" bleonard
Password: 
UX: usermod: bleonard is currently logged in, some changes may not take effect until next login.

Now creating that file system works just fine:

bleonard@solaris:~$ pfexec zfs create rpool/myfs

Happy sudoing or pfexecing, whichever you prefer.

About

The Observatory is a blog for users of Oracle Solaris. Tune in here for tips, tricks and more as we explore the Solaris operating system from Oracle.

Connect with Oracle Solaris:


Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
20
21
22
23
24
25
26
27
28
29
30
   
       
Today