News, tips, partners, and perspectives for the Oracle Solaris operating system

Upgrading a Linux Server to OpenSolaris

width="300" height="400" border="0" alt="OpenSolaris GRUB boot screen" />
For years I've been using various Linux distributions for my home-based server (Web, FTP, NTP (time), DNS (name), SMB and NFS (file)).
I didn't use Solaris because (1) the license used to cost $595 for commercial use and (2) it was missing many features found in Linux (mainly modern GNU/open source software). Now that OpenSolaris is available, I've decided to convert.
The recent additions of SMB file access, ksh93, /usr/gnu/bin,
along with earlier additions of ZFS filesystem, and
/{usr,opt}/sfw/bin utilities helped a lot.
The following outlines steps I took to do this.
Formerly, I used OpenSUSE 10.3 and I upgraded to OpenSolaris NV79 (SXDE 1/08).

DVD Install

I started by booting off the DVD and selecting the first (and default) selection, "Solaris Express Developer Edition". This creates a Solaris partition with a 10GB root (/) slice, a spare 10GB slice (/second_root) for future Live Upgrade use (luupgrade(1M), live_upgrade(5)), and the rest is placed in /export/home. After reboot, I'll change the /export/home filesystem to a ZFS filesystem pool. If you want to install with more customization, select "Solaris Express" (the second menu item).

Initial Customization

The first thing I do is login and disable the GUI login with:

svmadm disable graphical-login/cde-login
svcadm disable graphical-login/gdm

I also disable autofs, so I can use /home, with:
svmadm disable autofs 

and create a /root home directory for root with:
mkdir /root; passmgmt -m -h /root root

(this last step isn't needed for newer OpenSolaris versions)

ZFS Filesystem Creation

Recent versions of OpenSolaris have the option of creating root and other filesystems as ZFS.
Otherwise, I destroy the /export/home UFS filesystem created during install, which contains all of the disk not used by / or /second_root. I first unmount /export/home and comment it out of /etc/vfstab, then type these commands to create a large ZFS pool to divvy up among ZFS filesystems:

zpool create -f mypool /dev/dsk/c0d0s7
zpool list
zfs create mypool/home
zfs set mountpoint=/export/home mypool/home
zfs create mypool/local
zfs set mountpoint=/usr/local mypool/local
zfs list

NFS client

Solaris uses NFSv4 by default, but NFSv4 is broken on Linux 2.6
(and is not available at all with earlier Linux versions),
so we must fall back to v3 when mounting NFS directories on a remote Linux NFSv4 server (the other direction, Solaris NFSv4 server to Linux NFS client works on Linux though).
To mount a directory:

mount -F nfs -o vers=3 venus:/export /mnt

Or the equivalent /etc/vfstab entry would be:
# /etc/vfstab
venus:/export - /venus-export nfs - no vers=3

FTP File Service

I enable the FTP server, in.ftpd(1M), by creating a ftp user, copying the ftp files, and enabling the ftp server:

useradd -c "FTP server" -d /export/home/ftp -m -s /bin/false ftp
svcadm enable ftp
svcs ftp
# cat >>/etc/ftpd/ftpaccess << FTPACCESS_EOF
xferlog format %T %Xt %R %Xn %XP %Xy %Xf %Xd %Xm %U ftp %Xa %u %Xc %Xs %Xr
log transfers real,guest,anonymous inbound,outbound log syslog+xferlog

NTP Time Service

I enable the NTP time server, xntpd(1M), by copying the /etc/ntp.conf file from Linux to /etc/inet/ntp.conf on Solaris and enabling the server:

svcadm enable ntp 

NFS File Server

# sharemgr add-share -s /backup -r backup -d "backup drive" default

Entries appear in /etc/dfs/dfstab (instead of Linux /etc/exports)
Type "exportfs" to list NFS-exported directories

SMB MS Windows File Server

To enable add this line to /etc/pam.conf :

other password required pam_smb_passwd.so.1 nowarn 

Enable the service and join a MS Windows Workgroup:
# Create filesystem if needed:
zfs create -o casesensitivity=mixed rpool/myshare
zfs set mountpoint=/myshare rpool/myshare
# Setup SMB server:
svcadm enable -r smb/server;
smbadm join -w MYGROUP # (default is WORKGROUP)
sharemgr add-share -s /myshare -r myshare -d "My OpenSolaris SMB share" default
sharemgr list -v
sharemgr show -vp

Change "myshare" to the name of the root directory you're sharing.
Then use passwd(1) to set any passwords you'll be using in MS Windows
(old passwords set before pam.conf is modified are not used).
On MS Windows, go to Windows Explorer or My Computer and, from the Tools menu,
select "Map Network Drive": \\\\myhostname\\myshare. Change myhostname to your OpenSolaris hostname and myshare to the root directory being shared. Login with the username and password set with passwd, above.
No guest login is allowed.

DNS Name Server (BIND, named)

Copy /etc/named.conf and associated files pointed to in /etc/named.conf (in my case, /etc/named.conf.include, /etc/named.d/named-local.conf, /var/lib/named/\*/\*)

svcadm enable network/dns/server
svcs network/dns/server

Sendmail Mail Server

To enable sendmail, you first need to copy and customize sendmail.cf.
Here's what I did:

echo mydomainname.com >>/etc/mail/local-host-names:
vi /etc/mail/aliases
cd /usr/lib/mail/cf
cp sendmail.mc customized.mc
vi customized.mc
make customized.cf
cp customized.cf /etc/mail/sendmail.cf
# Configure sendmail to not use local.cf
svccfg -s sendmail setprop config/local_only = false
svcadm refresh sendmail
svcadm restart sendmail
# Test
sendmail -c customized.cf -v root@mydomainname.com </dev/null

Here's a copy of my customized.mc file:
# Based on /usr/lib/mail/cf/sendmail.mc, Solaris NV79
VERSIONID(`@(#)sendmail.mc 1.11 (Sun) 06/21/04')
# Blacklists
FEATURE(`enhdnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}', `t')dnl
FEATURE(`dnsbl', `sbl.spamhaus.org', `"550 Mail from " $`'&{client_addr} " refused - see http://www.spamhaus.org/sbl/"')
FEATURE(`dnsbl', `list.dsbl.org', `"550 Mail from " $`'&{client_addr} " refused - see http://dsbl.org/"')
FEATURE(`dnsbl',`dnsbl.njabl.org',`550 Message from $&{client_addr}rejected - see http://njabl.org/')dnl
# Procmail
# Need SUNWprocmail, SFWprcmail, or CSWprocmail procmail package (or similar) and
# rules file ~/.procmailrc. Change procmail path to where your procmail is located:
# Replace localhost with another relay host different from SMART_HOST, if available:
define(`confFALLBACK_SMARTHOST', `localhost$?m.$m$.')dnl
R$\* < @ $\* .$m. > $\* $#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3

Note: you must preserve the tabs in the R$ line above, which is in the original /usr/lib/mail/cf/sendmail.mc file.

Postfix. An alternative to the above is to use a more-modern email server (MTA) such as Postfix. That way, you can use the same configuration files on Linux as on Solaris (assuming you used Postfix on Linux). The trade-off is the overhead of installing/maintaining add-on software (Postfix on Solaris) versus setting up a new configuration with pre-installed software (Solaris Sendmail). However, Postfix configuration files are a lot less complex and less-error prone than Sendmail.

Sendmail References

IMAP Mail Client Server

I use the imap daemon from
UW Pine.
Cyrus also provides a imap daemon, but it's mind-boggling complexity and extra configuration is more than I want to deal with for my purposes.
A Pine package is available from
SunFreeware, and
I add these lines to /etc/inet/inetd.conf, to enable unsecure and secure imap, for IPv4 and IPv6:

imap    stream  tcp     nowait  root    /usr/local/sbin/imapd     imapd
imap stream tcp6 nowait root /usr/local/sbin/imapd imapd
imaps stream tcp nowait root /usr/local/sbin/imapd imapd
imaps stream tcp6 nowait root /usr/local/sbin/imapd imapd

and import it into SMF with
inetconv -i /etc/inet/inetd.conf 

Secure IMAP
If you use imap over a unsecured network, you should use SSL (TCP port 993) instead of the unsecured imap port 143.
This requires

generating a certificate with OpenSSL
You can copy the same certificate from your previous (Linux) system, if this is a replacement server.
To make your own certificate (using the Blastwave version of openssl):

mkdir -p /etc/sfw/openssl/certs
cd /etc/sfw/openssl/certs
# Create a self-signed certificate (careful—don't make it readable by others!)
openssl req -new -x509 -nodes -out imapd.pem -keyout imapd.pem -days 9999
chmod 0400 imapd.pem

I just copied my /etc/ssl/certs directory on Linux to /usr/local/openssl/certs (where Blastwave OpenSSL expects it—your version of OpenSSL may use another directory, such as /usr/local/ssl/certs).
Do not use tcpd (TCP wrappers) with imaps—it doesn't work.

MySQL Database Server

I simply copied the binary database files from Linux to Solaris.
First, enable the MySQL server:

# /usr/sfw/bin/mysql_install_db
# groupadd mysql
# useradd -g mysql -d /var/mysql mysql
# chgrp -R mysql /var/mysql
# chmod -R 770 /var/mysql
# echo "skip-networking" >>/etc/mysql/my.cnf
# svcadm enable mysql
# /usr/sfw/bin/mysqladmin -u root -p
(enter your pw)

Next, I copied the /var/lib/mysql/\* files on Linux to /var/mysql/5.0/data on Solaris.
You can also use mysqldump on Linux and import with mysql on Solaris.

Apache Web Server

Apache 2 comes pre-built under /usr/apache. However, I've always rolled-my-own to get the exact set of features and modules, and to make moving between Linux distributions (and OpenSolaris) easy. So, here's how I build Apache with PHP on Solaris:
I use GDBM from
(also available on SunFreeware).

gtar xfz httpd-2.2.6.tar.gz
gtar xfz php-5.2.5.tar.gz
cd httpd-2.2.6
export PATH=$PATH:/usr/sfw/bin
export CC=/usr/sfw/bin/gcc
# Show you're running on OpenSolaris (optional):
export CFLAGS='-DPLATFORM=\\"Unix/OpenSolaris\\"'
./configure --prefix=/usr/local/apache \\
--enable-so \\
--enable-cgi \\
--enable-info \\
--enable-rewrite \\
--enable-speling \\
--enable-usertrack \\
--enable-deflate \\
--enable-ssl \\
make install
cd ../php-5.2.5
./configure \\
--with-apxs2=/usr/local/apache/bin/apxs \\
--with-mysql=/usr/sfw \\
--prefix=/usr/local/apache/php \\
--with-config-file-path=/usr/local/apache/php \\
--enable-force-cgi-redirect \\
--disable-cgi \\
--with-gettext \\
--with-zlib \\
--with-gdbm=/opt/csw \\
make install
make install-cli
for i in init.d/apachectl rcS.d/K16apachectl rc0.d/K16apachectl \\
rc1.d/K16apache rc2.d/K16apachectl rc3.d/S50apache ; do
cp /usr/local/bin/apachectl /etc/$i
vi /usr/local/apache/conf/httpd.conf
/etc/init.d/apachectl start

Update: for recent versions of OpenSolaris, change the PHP configure --with-mysql and --with-openssl entries to --with-mysql=/usr/mysql --with-openssl=/usr

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.