Archive for Uncategorized

DHCP server setup for solaris express

No point in covering something already fully described elsewhere so here’s the link…

http://www.sun.com/bigadmin/content/submitted/config_dhcp_server.jsp

This outlines setting up using the command line. You can also use the GUI tool by launching;
#dhcpmgr

Comments (4)

Setting up VDI software on OpenSolaris & Solaris 11 Express

Although this is supposed to be impossible (according to this guy’s post) I’m game for a laugh!

Initially I just ran

$pfexec vda-install

and it all seemed to work.

So then I followed all the instructions for installing SRSS on an opensolaris machines.

When I ran $vda-config all seemed well until the configuring of SRWC – it just hung – looking at the log created it couldn’t find the files
/usr/sfw/lib/libcrypto.so.0.9.8
/usr/sfw/lib/libssl.so.0.9.8
this does exist on an opensolaris system with openssl package installed but it’s in the wrong place so quick and dirty fix was
pfexec ln -s /lib/libcrypto.so.0.9.8 /usr/sfw/lib/libcrypto.so.0.9.8
pfexec ln -s  /lib/libssl.so.0.9.8 /usr/sfw/lib/libssl.so.0.9.8

Great try again……but when I tried to start again the system had got it’s knickers in a twist and I could neither unconfigure or configure! Trying to uninstall gave a cryptic message about container service – in fact this indicates the need for something else – the cacao (common agent container something!).

$pfexec pkg install cacao

Now running $pfexec vda-config seems to work OK – at least it runs all the way to the end! I can even get access to http://sol:1800 to login to the vdi administration interface! Now then all I have to do is login as the root user and…..whoa opensolaris doesn’t have a root user only a root ROLE (WTF).

The solution is to follow this guide – http://dlc.sun.com/osol/docs/content/IPS/login.html

OK now I login to the VDI webadmin using root credentials and start to troll through the settings BUT I haven’t setup the desktop provider yet.

To check the system is running OK I ran through a few check to see if everything is running.
$cacaoadm status
$svcs svc:/application/management/common-agent-container-1:default
$cacaoadm status com.sun.vda..service_module
$svcs svc:/application/database/vdadb:sql
$/opt/SUNWvda/sbin/vda-webadmin status

Reference information:
– This site has a great set of video walk-throughs for setting up VDI on Solaris – http://blogs.sun.com/weber/

Comments (233)

Upgrading from Opensolaris b134 to Solaris 11 Express

Right it’s here – so having carefully weighed up all the pros and cons and in no way just blindly updating just for the sake of it without thinking through the consequences – here goes upgrading from a running opensolaris b134 to solaris 11express. I’ve only ever installed things using ‘pkg install’ no weird stuff, either as binaries or compiled myself, so I guess if any system will upgrade cleanly this one should.

<UPDATE> – although Solaris 11 express installed OK I managed to paint myself int a corner and couldn’t configure the COMSTAR Fiber Channel stuff.

Read further but to get round the error message about qlc/qlt driver I unbound them both an continued with the upgrade. But that mean’t for some reason that I couldn’t get the qlt (or qlc) drivers to bind with the HBA in the upgraded system.

SO BEWARE – if you have a OpenSolaris system setup as a SAN server using the qlt driver – be carefull when you upgrade.

I guess I should have gone back and unbound the qlt driver and bound the original qlc driver then let it upgrade but I don’t have time to experiment I need to get the SAN back in time for the Night Garden! So I did a fresh install of S11EXP – – it all works just fine.

</UPDATE>

First just to check (since these are the important bits for me – ZFS and COMSTAR)…
root@sol:~# pfexec zpool upgrade
This system is currently running ZFS pool version 22.

root@sol:~# sbdadm -V
sbdadm: Version 1.0

There’s a simple explanation of how to update opensolaris to Solaris 11 Express in the release notes which seems like a good place to start (http://docs.sun.com/app/docs/doc/821-1479/gklaa).

I haven’t reproduced the whole procedure but here’s some output (the initial image-update in my case downloaded 214MB and took about 23 minutes (on a ADSL internet connection).

root@sol~#date
Tuesday, January 11, 2011 02:44:27 PM GMT
root@sol:~# pfexec pkg image-update
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                              783/783   9885/9885  214.0/214.0

PHASE                                        ACTIONS
Removal Phase                              4788/4788
Install Phase                              5235/5235
Update Phase                             13585/13585

A clone of opensolaris exists and has been updated and activated.
On the next boot the Boot Environment opensolaris-1 will be mounted on ‘/’.
Reboot when ready to switch to this updated BE.

root@sol:~# date
Tuesday, January 11, 2011 03:07:34 PM GMT

Fine then followed the rest of the instructions with one tiny wrinkle – the #pkg install pkg:/package/pkg needs to be performed BEFORE the #pkg image-update 2>&1 | less bit otherwise you just see a blank screen.

The the final stage #pkg image-update --accept this is the one that took the real time of course downloading 700MB and taking 1hr 15minutes. In fact when I did ‘#pkg image-update’ I got an error message about the qlc/qlt drivers!

Action upgrade failed for ‘qlc’ (pkg://solaris/driver/network/qlc):

RuntimeError: The ‘qlc’ driver shares the alias ‘pciex1077,2432’ with the ‘qlt’
driver; both drivers cannot be installed simultaneously.  Please remove
the package delivering ‘qlt’ or ensure that the package delivering
‘qlc’ will not be installed, and try the operation again.
The running system has not been modified. Modifications were only made to a clone of the running system.  This clone is mounted at /tmp/tmpmuuw38 should you wish to inspect it.
pkg: image-update failed: The ‘qlc’ driver shares the alias ‘pciex1077,2432’ with the ‘qlt’
driver; both drivers cannot be installed simultaneously.  Please remove
the package delivering ‘qlt’ or ensure that the package delivering
‘qlc’ will not be installed, and try the operation again.

This is due to installing different drivers in order to get qlogic FC card to act as a target (see – http://wikis.sun.com/display/OpenSolarisInfo/How+to+Configure+Fibre+Channel+Ports) which gives instructions to upgrade qlc (default) drivers to qlt. To overcome this I decided to unbind the qlt driver

root@sol#update_drv -d -i ‘pciex1077,2432’ qlt
Cannot unload module: qlt
Will be unloaded upon reboot.

after a reboot…
root@sol:~# update_drv -d -i ‘pciex1077,2432’ qlt
Alias not bound to driver qlt.
root@sol:~# update_drv -d -i ‘pciex1077,2432’ qlc
Alias not bound to driver qlc.

so try again with ‘pkg image-update –accept’ this time (because the files are already downloaded it took just 10 minutes) no error were reported.

Tuesday, January 11, 2011 05:34:58 PM GMT
root@sol:~# pkg image-update –accept
Refreshing catalog 2/2 solarisate
————————————————————
Package: pkg://solaris/consolidation/osnet/osnet-incorporation@0.5.11,5.11-0.151.0.1:20101104T230646Z
License: usr/src/pkg/license_files/lic_OTN

Oracle Technology Network Developer License Agreement

[SNIP – remove license statement]
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                              940/940 43821/43821  699.8/699.8

PHASE                                        ACTIONS
Removal Phase                            19373/19373
Install Phase                            28531/28531
Update Phase                             37984/37984

A clone of opensolaris-1 exists and has been updated and activated.
On the next boot the Boot Environment opensolaris-3 will be mounted on ‘/’.
Reboot when ready to switch to this updated BE.

—————————————————————————
NOTE: Please review release notes posted at:

http://docs.sun.com/doc/821-1479
—————————————————————————

root@sol:~# date
Tuesday, January 11, 2011 05:44:06 PM GMT

reboot and hey presto everything has gone Oracle (don’t really like the new branding but then I’m not a dot-com millionaire so what do I know.).

The setup for the first network interface is badly broken somehow – something to do with me setting a static IP in the /etc/nwam/llp file maybe? Plugging a cable into another interface and using DHCP gets me online just fine! Oh yes and it’s sneakily changed my locale to the US I don’t think I live in the US (CHECK am I living in a trailer with my sister – NO, do I harbor ill advised urges to invade sovereign nations and install a ‘democracy’ – NO) so I didn’t want it to.

The solution to the keyboard map behaviour is to reset your keymap
# svccfg -s keymap:default setprop keymap/layout = UK-English
# svcadm refresh keymap
# svcadm restart keymap
# svcadm restart hal

I haven’t noticed any other problems yet (I do need to go back and work out the FC issue with qlc/qlt drivers now – I guess just rebind the qlt driver again).

Checkout the same versions as I did at the beginning…
root@sol:~#zpool upgrade
This system is currently running ZFS pool version 31.

root@sol:~# sbdadm -V
sbdadm: Version 1.0

Comments (99)

Tales from the skip – setting up cisco 3508 switch

Ah what a lucky chap I am I bought a FC hub off ebay very-very cheap (yes a crazy impulse I know) and when I went to pick it up what do you know – I found a cisco 3508 switch in the skip outside – obviously having a clear out of obsolete kit – well it’s not obsolete to me.

FIRST recover from a lost password

Here’s the low-down via the web (http://www.petri.co.il/csc_how_to_recover_lost_password_on_cisco_switch.htm) but basically plug-in your console cable then hold down the mode button and plug-in the power cable when the 1st port LED goes out let go of the mode button. This interupts the boot process and enables password recovery….

SECOND check that the lastest firmware is installed on the switch.

switch3#show version
IOS ™ C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC10, RELEASE SOFTWARE (fc1)
For the existing switches I have at home (all cisco 3500 series gear bought at computer fairs and bought cheap off ebay) I have updated them all to the latest verison of IOS I could find on the cisco website. When I log into one and run #show version it says…
IOS ™ C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC17, RELEASE SOFTWARE (fc1)
needless to say the version numbering of cisco switches is as cryptic as everything else to do with them but I think this means that a very marginally newer version of the firmware is available (WC17) to install rather than the existing verison (WC10).
In this case since I remember it being a right PITA I’m not going to bother upgrading the firmware unless some problem arises.

THIRD perform initial setup

I decided to erase the existing setup and start again so 

switch> enable 
switch# erase startup-config

Verify that it worked:

switch# show startup-config 
%% Non-volatile configuration memory is not present
that allowed me to setup the IP address and hostname for the switch.

Verify that the configuration looks right:

 switch#show running-config

 If all looks good, save the configuration:

 switch#copy running-config startup-config

reboot....
So there you are a cisco 3508 switch to add to the network....
THE DOWNSIDE OF ALL THIS CLASSIC NETWORK ACTION -
- ONLY 8 ports and each port needs a GBIC (but it came with some and I have some others) - The best consumes 55 Watts of electricity just sitting there!
- It bloody noisy - fixed with a dremel and a 120mm fan!
 

Comments (229)

cisco 3500 series enable telnet access

Whoa I went to change some settings on the main switch at home today and found that I couldn’t access it by telnet!

When I set it up I did so via the console cable and added a password just to be safe – it turns out this means you can access the switch by telnet unless you also enable a telnet password (a little over complicated maybe but it is cisco gear!).

This is the solution…http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_example09186a0080202614.shtml

basically access the switch via console cable then

switch1>enable
Password:
switch1#config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
switch1(config)#line vty
switch1(config)#line vty 0 4
switch1(config-line)#login
switch1(config-line)#password letmein
switch1(config-line)#^Z
switch1#
BINGO

Comments (203)

Setting up BIND as caching DNS server on Opensolaris for a home server

I wanted to setup a local DNS server for the home network to cache and resolve local machine names. I did think about DNSMasq of DNS cache which are two linux centric cut-down DNS caching only servers but trawling the interwaves they seem to be a flaky on OpenSolaris at the moment.

So a task for me is to install and configure the defacto standard DNS server (BIND) on opensolaris.

I first tried pretty much followed this guide to the letter BUT I found that on my system (a fresh b134 install) they’re a bit mis-leading.

So here’s my attempt at a walkthrough.

1. Install the server binaries (SUNWbind)

Either via the package management GUI  (the way I did it) or I guess

#pfexec pkgadd SUNWbind

would also work.

2. Create the configuration files

The files that are need are
1. /etc/named.conf                               Main configuration file
2. /var/named/slave/smjc.co.uk  ‘Zone file’
3. /var/named/192.168.1.rev         Reverse DNS lookup map
4. /var/pri.localhost                            Localhost forward lookup file (required)
5. /var/localhost.rev                           Localhost reverse lookup file (required)
6. /var/named/root.servers            Root servers lookup file

1. named.conf configuration file

I’ve based my file on the example provided in the BIND documentation. I’ve used the example of a slave DNS server (the domain is hosted elsewhere and hence already has a master DNS server provided by the ISP

// SLAVE & CACHING NAME SERVER for smjc.co.uk
// maintained by: JWC
// CHANGELOG:
// 1. 9 November - initial configuration
//
options {
  directory "/var/named";
  // version statement - inhibited for security
  // (avoids hacking any known weaknesses)	
  version "not currently available";
  // allows notifies only from master
  allow-notify {69.64.67.242};
  // disables all zone transfer requests
  allow-transfer{"none"};
  // Closed DNS - permits only local IPs to issue recursive queries 
  // remove if an Open DNS required to support all users 
  // or add additional ranges 
  allow-recursion {192.168.1.0/24;};
};
//
// log to /var/log//named/example.log all events 
// from info UP in severity (no debug)
// defaults to use 3 files in rotation
// BIND 8.x logging MUST COME FIRST in this file
// BIND 9.x parses the whole file before using the log
// failure messages up to this point are in (syslog)
// typically /var/log/messages
//
  logging{
  channel example_log{
  file "/var/log/named/example.log" versions 3 size 2m;
  severity info;
  print-severity yes;
  print-time yes;
  print-category yes;
 };
 category default{
  example_log;
 };
};
// required zone for recursive queries
zone "." {
  type hint;
  file "root.servers";
};
// see notes below
zone "smjc.co.uk" in{
  type slave;
  file "slave/slave.smjc.co.uk";
  masters {69.64.67.242;};
};
// required local host domain
zone "localhost" in{
  type master;
  file "pri.localhost";
  allow-update{none;};
};
// localhost reverse map
zone "0.0.127.in-addr.arpa" in{
  type master;
  file "localhost.rev";
  allow-update{none;};
};
// reverse map for class C 192.168.1.0 (see notes)
zone "1.168.192.IN-ADDR.ARPA" IN {
  type slave;
  file "sec.192.168.1.rev";
  masters {69.64.67.242;};
};

2. Zone file /var/named/slave/smjc.co.uk

Initially just create an empty file

3. /var/named/192.168.1.rev         Reverse DNS lookup map

Initially just create an empty file

4. /var/named/pri.localhost               Localhost forward lookup file (required)

$TTL	86400 ; 24 hours could have been written as 24h
$ORIGIN localhost.
; line below = localhost 1D IN SOA localhost root.localhost
@  1D  IN	 SOA @	root (
			      2002022401 ; serial
			      3H ; refresh
			      15 ; retry
			      1w ; expire
			      3h ; minimum
			     )
@  1D  IN  NS @ 
   1D  IN  A  127.0.0.1

5. /var/localhost.rev

$TTL	86400 ;
; could use $ORIGIN 0.0.127.IN-ADDR.ARPA.
@       IN      SOA     localhost. root.localhost.  (
                        1997022700 ; Serial
                        3h      ; Refresh
                        15      ; Retry
                        1w      ; Expire
                        3h )    ; Minimum
        IN      NS      localhost.
1       IN      PTR     localhost.

6. root.servers file

;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  "
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC 
;       under anonymous FTP as
;           file                /domain/named.root
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    Jan 29, 2004
;       related version of root zone:   2004012900
;
;
; formerly NS.INTERNIC.NET
;
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
;
; formerly NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
;
; formerly C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
;
; formerly TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
;
; formerly NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; formerly NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
;
; formerly NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
;
; operated by VeriSign, Inc.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
;
; operated by RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129 
;
; operated by ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     198.32.64.12
;
; operated by WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
; End of File

3. Configure the service

Try

#svcadm -v enable dns/server

Then check if the service is running by
#
svcs network/dns/server

References and links;
– A post about chrooted BIND install – http://blog.l1x.me/2009/09/chrooted-bind-in-opensolaris.html

– Useful post detailing how to install, confgure and check the status of BIND – http://sunadmin.blogspot.com/2005/12/configuring-bind-931.html

– General documentation about ,name service discovery on opensolaris
http://www.opensolaris.org/os/project/duckwater/Documentation/ns-discovery/;jsessionid=511F3C3237DAA6CD0ACE1DD93D8BA850#configuring-dns-serve

– Nice full manual including some template named.conf files
http://www.zytrax.com/books/dns/ch4/index.html#caching

– Solaris 10 manual about naming services –
http://docs.sun.com/app/docs/doc/816-4556/intro-1?l=en&a=view

Comments (167)

COMSTAR setup

This post outlines my setup of an open fibre-channel storage server.

My FC card is a Qlogic card that is compatible with COMSTAR and can be configured as a FC target. After a bit of research I realised that COMSTAR is a bit fussy about Fibre HBA cards…

Will work…
QLogic 4gb/s cards in the 24*** series
‘Enterprise’ emulex HBAs i.e. LPe12002, LPe12000, LP11002, LP11000, LPe11004, LPe11002, LPe11000,
LP10000ExDC, LP10000DC, LP10000, LP9802, LP9002DC, LP9002L and LP9002S.

Will NOT work (as a target at least)…
qlogic 2gb/s cards
the qlogic ‘lite’ cards in the 200 series (like the often dell supplied qlogic 220)
Lower end emulex cards e.g., LP982, LP1050, LP1050-EX, PL1150 or LPe1150.
ANYTHING by LSI

The cards in the ‘not working list’ may well work as FC initiators although I have an LSI card that I can’t get to work at all (even though I’ve tried the driver supplied for us in Solaris 10 – ‘itmptfc’).

It seems from a scan of the forums that a qlogic 24** card is the best bet since that is the chipset used by a lot of SUN supplied HBAs.

Setting up…

The COMSTAR wiki gives pretty much a walkthrough on setting up a FC storage server (including the vital step needed to get the qlogic card to work in target mode. The relevant bit is here (http://wikis.sun.com/display/OpenSolarisInfo/Configuring+a+Fibre+Channel+Storage+Array+With+COMSTAR+(Task+Map).

For my setup the disk storage pool is called ‘tank’. I’ve already created a parent pool called tank/fc_luns/ to hold all the target LUNs. I followed the step through guide and created a LUN and tested that a host machine (the existing windows 2008 server) and it all works just fine.

Documented here is a recipe to setup a new ZFS based LUN for use by the FC server…

1. Create a volume (here's the LUN is called 'disk1' and is 100 Gbyte in size)
# zfs create -V 100G tank/fc_luns/disk1
2. Create the LUN based on the ZFS volume above.
# sbdadm create-lu /dev/zvol/rdsk/tank/fc_luns/disk1
Created the following LU:

              GUID                    DATA SIZE           SOURCE
--------------------------------  -------------------  ----------------
6000ae40980000000000486a6f930002      107374116864     /dev/zvol/rdsk/tank/fc_luns/disk1
3. Verify the creation of the LUN
# sbdadm list-lu
4. Make the LUN available to hosts (in this example all hosts can access all LUNS)
# stmfadm add-view GUID_number

Reference material…

Vital reference material on the COMSTAR wiki  – http://wikis.sun.com/display/OpenSolarisInfo/Configuring+a+Fibre+Channel+Storage+Array+With+COMSTAR+(Task+Map)
Nice blog post with relevant info – http://thegreyblog.blogspot.com/2010/02/setting-up-solaris-comstar-and.html

Comments (198)

OpenSolaris b134 install

OpenSolaris seems to be well publicised limbo pending the release of Solaris Express 11 by Oracle.

The latest version of OpenSolaris officially made available was build 134 (b134) released in Early March 2010. Best source for this is genunix…http://www.genunix.org/

In the future the options are to move to Solaris express 11 or switch the the open alternative (Openindiana) I guess I’ll bide my time and see how the different projects develop before jumping one way or the other – just like a lot of other ‘home-users’ of solaris/opensolaris. Oracle doesn’t seem to get the same warm and fuzzy feeling about individual users that SUN once got.

Comments (258)

Setting up DNS server on OpenSolaris

I want to setup a local DNS server for the network to resolve local IP/hostnames and to forward unresolved queries to OpenDNS servers.

Opensolaris comes with BIND named which I’m totally unfamiliar with but I found this great link to get me started – http://204.152.191.100/wiki/index.php/Setting_Up_DNS/BIND_On_a_Home_Network

Comments (163)

Codename ‘Dancing Bear’ – OpenSolaris home-server

I’ve had enough of bloody windows server 2008 – the licensing is doing my head in. As a member of staff at a UK research institute I get a free license for Windows Server 2008 – but not the high end version that let’s me create FC targets and I cannot fathom the licensing for running a terminal server. Also reading the fine print in fact I don’t think I do have a license either because I’m a former employee and my rights have lapsed or because the organisation I used to work for is not academic in the sense of being degree-awarding. Also I’ve run it for a few months and to be honest it’s just not my cup-of-tea.

So I’ve decided to go for an OpenSolaris home-server – here’s what I want…
– A general server (file/DHCP/DNS) for the home network.
– A Sun Ray server – yes I have picked up a couple of sunrays off ebay and I think they’d be great for the kids.
– A virtual desktop server (ideally using proper VDI).
– A Fibre Channel server – to centralise all files onto my monster server!

Codename ‘Dancing Bear’ – the whole sunray thing provides that classic dancing-bear moment as does attaching a machine to a remote FC target rather that a local harddisk.

With this shopping list it would have to be OpenSolaris really with SunRay, VDI/Virtualbox software being developed on it by SUN/Oracle. Also the COMSTAR project means I can create a Open Storage server.

Having decided on my setup here’s the task list (I’ll cross them off as I finish them)…

Comments (149)