Archive for Solaris

Setting up VDI software on OpenSolaris & Solaris 11 Express

Although this is supposed to be impossible (according to this guy’s post) I’m game for a laugh!

Initially I just ran

$pfexec vda-install

and it all seemed to work.

So then I followed all the instructions for installing SRSS on an opensolaris machines.

When I ran $vda-config all seemed well until the configuring of SRWC – it just hung – looking at the log created it couldn’t find the files
/usr/sfw/lib/libcrypto.so.0.9.8
/usr/sfw/lib/libssl.so.0.9.8
this does exist on an opensolaris system with openssl package installed but it’s in the wrong place so quick and dirty fix was
pfexec ln -s /lib/libcrypto.so.0.9.8 /usr/sfw/lib/libcrypto.so.0.9.8
pfexec ln -s  /lib/libssl.so.0.9.8 /usr/sfw/lib/libssl.so.0.9.8

Great try again……but when I tried to start again the system had got it’s knickers in a twist and I could neither unconfigure or configure! Trying to uninstall gave a cryptic message about container service – in fact this indicates the need for something else – the cacao (common agent container something!).

$pfexec pkg install cacao

Now running $pfexec vda-config seems to work OK – at least it runs all the way to the end! I can even get access to http://sol:1800 to login to the vdi administration interface! Now then all I have to do is login as the root user and…..whoa opensolaris doesn’t have a root user only a root ROLE (WTF).

The solution is to follow this guide – http://dlc.sun.com/osol/docs/content/IPS/login.html

OK now I login to the VDI webadmin using root credentials and start to troll through the settings BUT I haven’t setup the desktop provider yet.

To check the system is running OK I ran through a few check to see if everything is running.
$cacaoadm status
$svcs svc:/application/management/common-agent-container-1:default
$cacaoadm status com.sun.vda..service_module
$svcs svc:/application/database/vdadb:sql
$/opt/SUNWvda/sbin/vda-webadmin status

Reference information:
– This site has a great set of video walk-throughs for setting up VDI on Solaris – http://blogs.sun.com/weber/

Comments (233)

Codename ‘Dancing Bear’ – OpenSolaris home-server

I’ve had enough of bloody windows server 2008 – the licensing is doing my head in. As a member of staff at a UK research institute I get a free license for Windows Server 2008 – but not the high end version that let’s me create FC targets and I cannot fathom the licensing for running a terminal server. Also reading the fine print in fact I don’t think I do have a license either because I’m a former employee and my rights have lapsed or because the organisation I used to work for is not academic in the sense of being degree-awarding. Also I’ve run it for a few months and to be honest it’s just not my cup-of-tea.

So I’ve decided to go for an OpenSolaris home-server – here’s what I want…
– A general server (file/DHCP/DNS) for the home network.
– A Sun Ray server – yes I have picked up a couple of sunrays off ebay and I think they’d be great for the kids.
– A virtual desktop server (ideally using proper VDI).
– A Fibre Channel server – to centralise all files onto my monster server!

Codename ‘Dancing Bear’ – the whole sunray thing provides that classic dancing-bear moment as does attaching a machine to a remote FC target rather that a local harddisk.

With this shopping list it would have to be OpenSolaris really with SunRay, VDI/Virtualbox software being developed on it by SUN/Oracle. Also the COMSTAR project means I can create a Open Storage server.

Having decided on my setup here’s the task list (I’ll cross them off as I finish them)…

Comments (149)

SGD on home server – set up to traverse a firewall.

I guess most employers will have a pretty robust firewall setup. Since by default SGD uses a load of non-standard  ports a corporate firewall will not allow you to run the client at work and access your SGD server at home. There are two options 1) open holes in the firewall or 2) modify the SGD installation to confine all the traffic to a standard port so that it will traverse a corporate firewall.

A nice post on the subject can be found here http://macrae.wordpress.com/2008/07/02/sun-secure-global-desktop-firewall-friendly/ this post gives the background to the problem but in fact these instructions are out of date for SGD version 4.5.

There is a whole section in the manual that now provides the information neede to setup a SGD server to perform firewall traversal http://docs.sun.com/source/820-6689/chapter1.html#Z400003e1312957.

I’ve reproduced the steps here (in case I need to do it again).

1. Create a selfsigned certificate

shs$pfexec /opt/tarantella/bin/tarantella security certrequest --country UK --state war --orgname "Nobody Puts Baby in a corner"
shs$pfexec /opt/tarantella/bin/tarantella security selfsign

2. Enable security on SGD server

shs$ pfexec /opt/tarantella/bin/tarantella security start

3. Edit apache .conf file

shs$ pfexec vi /opt/tarantella/webserver/apache/2.2.10_openssl‑0.9.8i_jk1.2.27/conf/httpd.conf

replace the section
<IfDefine SSL>
443

with

<IfDefine SSL>
127.0.0.1:443

4. Configure the SGD server to use 443 port
shs$ pfexec /opt/tarantella/bin/tarantella config edit --array-port-encrypted 443
shs$ pfexec /opt/tarantella/bin/tarantella config edit --array --security-firewallurl https://127.0.0.1:443

5. Restart the SGD server

I followed these instructions and when I first accessed it it asked to to confirm the use of the temporary certificate. Straight away I can access my (unix) desktop straight out of the box. More work seems to be needed to access a windows desktop using rdesktop or uttsc (the sun ray windows connector) but I guess it must be relatively straight forward (right?).

What the instructions in the manual about enabling firewall traversal don’t do is setup the server to be accessed by https rather than plain old http – I guess this is a security hole but I decided to stop while

Comments (90)

Installing SRS EA2 on OpenSolaris 2009.06

I’ve gone the whole hog and installed The Early Access 2 release of the upcoming Sun Ray Server Software version 5.

Here goes – I’m following the guide here – http://wiki.sun-rays.org/index.php/SRSS_4.1_on_OpenSolaris_2008.11 which as the title suggests is for 2008.11 but should work ;-<>

1. Set my IP to static 192.168.1.72 (as suggested). In fact I have totally disables NWAM since it seems to be the source of a number of problems for other users and hardcoded all the network information.

2. Checked DNS setup –  in my case resolv.conf looks like this…the router is the DNS server.
domain nobodyputsbabyinacorner.co.uk
nameserver 192.168.1.254

3. Addressed the ‘sock2path bug’

From http://www.filibeto.org/pipermail/sunray-users/2009-May/012776.html

just change In /etc/sock2path change the following lines:
   2   2   0   tcp
   2   2   6   tcp
   26  2   0   tcp
   26  2   6   tcp
   2   1   0   udp
   2   1   17  udp
   26  1   0   udp
   26  1   17  udp

change to...
   2   2   0   /dev/tcp
   2   2   6   /dev/tcp
   26  2   0   /dev/tcp6
   26  2   6   /dev/tcp6
   2   1   0   /dev/udp
   2   1   17  /dev/udp
   26   1  0   /dev/udp6
   26   1  17  /dev/udp6

4. Setup a working DHCP and tftp server.

5. Install SRSS software

Following the instructions step-by-step with a couple of points to note..

Here are instructions for clearing a sun ray frozen in gecko or blank screen mode…http://www.filibeto.org/~aduritz/truetrue/sunray/misc-stuff.html
ALSO – sun web based troubleshooter – here http://www.sun.com/service/sunray/30.html might help.
ALSO – http://www.sunshack.org/data/sh/2.1.8/infoserver.central/data/syshbk/collections/SRDB/1-25-21962-1.html
ALSO – http://tenzer.dk/solaris-dhcp-server for dhcp

See also this blog post with some more recent information… http://thegreyblog.blogspot.com/2010/06/installing-sun-ray-server-software-on.html

Comments (145)

A conundrum – ESXi and solaris zfs

Despite the change to a full hypervisor I wanted to keep using zfs to manage the storage of datafiles. Partly because it seems like a great system and the reporting and management is excellent and simple and partly because that’s what I started out with and I’m too bloody minded to change.

One of my inspirations for this came from solarisinternals.com who have moved to a similar setup.  There they have setup zfs to access the disks on esx server using ‘raw disk mode’ which is obviously exactly what I want isn’t it? This would be my preferred route. I know it goes against the virtual ethos but I could whack the drives into any solaris box and ‘zfs import’ them in the event of a hardware failure. I gives me options to keep the drives without having to offload all the data and re-format; if I run into problems with ESXi in the future.

Well NOT SO FAST…..it’s a case of needed to do the research and read the small print. ESXi 4.0 doesn’t support virtual machines accessing raw disk devices (‘raw disk mode’). It seems that older versions (or maybe other vmware products do or did). RDM or ‘Raw disk Mapping’ is a supoprted option in ESXi 4 but that refers to mapping onto raw disks over a SAN (NOT LOCALLY).

I have created an opensolaris 2009.06 virtual machine running on the hypervisor. The root pool or system disk of this is infact a .vmdk file sitting on the internal mirrored pair of drives sitting in the server. My intention was to add additional drives that would be managed directly under opensolaris. BUT this just doesn’t seem possible…ESXi 4.0 doesn’t allow raw device access or direct disk access.

Research is ongoing I have two choices it seems.

1. Use the hardware raid capabilities of the SAS/SATA RAID cards – Then just use ZFS to manage quotas/snapshots and management stuff. BUT I’m nervous about recovering these should a controller fail (I’m left with a situation where in order to recover the data I’d need to buy a very specific and very expensive RAID controller – or wait ages until the right thing came up on ebay). Also RAID-Z in ZFS removes write-hole errors.
2. Create virtual disks on the actual disks and use zfs to manage these as if they were actual disks. I guess I can see a disaster recover route for this option. The disk could be hooked out and connected to any sata controller and then read from within ESXi (I think) but I need to check that. This would have to be slower wouldn’t it?
3. Forget zfs completely. Use hardware RAID and create another virtual machine which is a small footprint freenas or similar box let that take care of all the file serving work. Still need to think about a possible route for recovering the data in the event of a hardware failure.
4. Find work around – there is always a work around!
5. Sod it – switch to hyper-v which does seem to support it!

ESXi access local disks as a raw device – workarounds
1. Use vmkfstools: There do seem to be worked examples
here………http://www.hardforum.com/showthread.php?t=1441318
and here…http://www.hardforum.com/showthread.php?t=1429640
2. Edit configuration files by hand
discussed here… http://communities.vmware.com/thread/145589?tstart=0&start=0

Decisions, decisions…

Comments (140)

OpenSolaris and 3ware 5950SE-4ME SATA Controller

Got one of these super cheap of ebay – oh dear not again. What can I say a SATA/SAS x4 RAID controller for £15 it would have been rude not to!

This was originally part of a “sidecar” kit for the mac but is listed as supporting other Operating Systems on the 3ware website so could be a great buy.

But after installing it in the opensolaris server it is not recognised!

I download the 9.5.2 drivers from 3ware that seem to suggest that the device is supported but although the install works just fine – nothing!

The machine knows it’s there (according to the Device Driver Utility) but thinks it’s a 9550SX and says that no driver has been found.

After some digging (AKA googling) here’s the apparent solution. Based on this page (http://defect.opensolaris.org/bz/show_bug.cgi?id=5860).

1. Using the Device Driver Utility, find your Smart Array controller, right-click on it, and select “Show Details”. Note the values of “subsystem-vendor-id” and “subsystem-id”.
IN THIS CASE THE VALUES ARE… pci13c1,1003

2.  Unconfigure the driver:

# rem_drv tw

3. Re-configure the driver with your controller’s PCI IDs:

#add_drv -c scsi -i ‘”pci13c1,1003″‘ tw

The general format of the -i option is

'"pci<subsystem-vendor-id>,<subsystem-id>"'.

4. modinfo should now show the driver as loaded:

#modinfo | grep tw
223 fffffffff7ce9000  140d0 132   1  nsmb (SMBFS network driver v1.36)
249 fffffffff7d2d000   6fb0 265   1  tw (3ware SCSI HBA 1.7)

5. Run the tw_cli to check…
john@shs:/opt/AMCC/CLI$ pfexec ./tw_cli
//shs> show

Ctl   Model        (V)Ports  Drives   Units   NotOpt  RRate   VRate  BBU
————————————————————————
c12   9590SE-4ME   4         0        0       0       1       1      –

Encls         Slots  Drives  Fans  TSUnits  PSUnits
—————————————————–
e0            4      0       1     1        0

OK so far!

All I have to do now is sort out a cable!!!

Ekk! SFF-8088 (aka Infiniband) to SFF-8470 – the cables are more expensive that the controllers! SPAN is a good source but lists the cable at £40!

Now I realise why the controller was so cheap – I found a reasonable cable (from hong-kong via ebay) for $30USD which is about £19 in real money. Oh dear.

Comments (104)

Setup DHCP and tftp servers

Ensure TFTP & DHCP packages are available:

  • On OpenSolaris 2008.11 the TFTP package is installed by default, but DHCP is not. Install the DHCP packages:
pkg install SUNWdhcs SUNWdhcsb SUNWdhcm
  • If you observe an error during the pkg install above: there is a known bug
Bug Ref: http://defect.opensolaris.org/bz/show_bug.cgi?id=4788

If TFTP is missing, install it:
pkg install SUNWtftp

Enable TFTP: Follow the instructions under
http://default-information.blogspot.com/2007/12/opensolaris-tftp-server.html

» Continue reading “Setup DHCP and tftp servers”

Comments (102)

Solaris Home Server: Static IP (disable NWAM)

UPDATE 9-11-2010: This procedure doesn’t work in fresh install of b134 – used this (http://www.parolski.com/2010/02/16/static-ips-with-nwam/) to make IP static instead.

What happened when I tried to follow this recipe in b134 was a failure to get a route established despite trying everything. The symptoms looked a lot like this bug report (http://bugs.opensolaris.org/view_bug.do?bug_id=6913780) but I couldn’t get the work around to fix the problem so I’ve gone back to nwam with a static Ip hoping that will work with sunray server!

ORIGINAL POST……

This is cribbed wholesale from the sun ray users wiki

Background

Use of Open Solaris NWAM causes some problems w/ the Sun Ray utadm command. This set of procedures shows how to turn NWAM off & a few other SRSS work-arounds so utadm will work correctly.

Turn off NWAM SMF Service

svcadm disable nwam

Turn on Physical Network Service

svcadm enable network/physical:default

Setup Network Files

For this example, I used network device pcn0. Substitute yours as appropriate.

Automate NIC start up:

cp /etc/nodename /etc/hostname.pcn0

Adjust /etc/hosts with following edits:

vi /etc/hosts:
  1 BEFORE: ::1 myhost myhost.local localhost loghost
    AFTER:  ::1 myhost.local localhost loghost
  2 BEFORE: 127.0.0.1 myhost myhost.local localhost loghost
    AFTER:  127.0.0.1 myhost.local localhost loghost
  3 ADD:    192.168.1.6 myhost

Note: myhost & IP address 192.168.1.6 are examples. Substitute yours as appropriate.

Edit /etc/netmasks with appropriate netmask. For example:

192.168.1.0 255.255.255.0

Set your default route (192.168.1.1 is an example, substitute yours as appropriate):

echo 192.168.1.1 > /etc/defaultrouter

A reboot will activate all of this…

init 6

… or you can activate on the fly:

ifconfig pcn0 plumb 192.168.1.24/24 up
route -f add default 192.168.1.1 1
svcadm restart name-service-cache

ADDED BY ME...
Ensure DNS is configured (if applicable). Setup /etc/resolv.conf, here's an example:
domain     example.acme.com
nameserver 192.168.1.1

Activate:

cp /etc/nsswitch.dns /etc/nsswitch.conf
svcadm enable dns/client
svcadm restart dns/client

Comments (143)

New toy….Sun Ray

Whoa – things not complicated enough in the household – I’ve bought a sunray – I’ve begun to hate sitting next to a PC with half a dozen fans whizzing and hot air blowing out the back so I’ve decided to fight back!!

Update to follow

Comments (2)

Solaris Home Server: SMB setup

What is needed is obviously a simple windows filesharing setup – but opensolaris doesn’t come with this out of the box so it needs to be installed then configured.

It should be noted there are two ways to add windows (CIFS aka SMB) file sharing…one is to add the solaris port of SAMBA – the other way which promises to be more lightweight if a bit less feature rich is SUN’s in kernel CIFS server package.  It’s important to note that both are not available together!

Install CIFS server components;

In openSolaris 2009.06 there are two packages needed I installed then from the command line…
host:#pfexec pkg install SUNWsmbskr SUNWsmbs

then reboot

host:#pfexec reboot

(You can also install them using the package manager GUI).

Make the SMB service start automatically at boot

host:#pfexec svcadm enable -r smb/server
svcadm: svc:/milestone/network depends on svc:/network/physical, which has multiple instances.

(apparently the error message doesn't matter!)

Setup the PAM authentication needed

To give SMB access to OpenSolaris users, edit the /etc/pam.conf file to contain the following line:

other password required pam_smb_passwd.so.1 nowarn

Then the password must be re-created for each user that want’s access to the smb service.

host:#passwd john

Join the appropriate workgroup

host:#pfexec smbadm join -w OTB
OTB is the household smb workgroup

Say these magic words…

Apparently this will prevent problems later in defining access permissions and using java web console tools.
host:#pfexec zfs set aclinherit=passthrough rpool

Create the ZFS shares

Create a zfs filesystem within the rpool mirror for sharing pictures…..
host:#pfexec zfs create -o casesensitivity=mixed -o nbmand=on -o sharesmb=name=pictures rpool/pictures
and one for the kids videos..
host:#pfexec zfs create -o casesensitivity=mixed -o nbmand=on -o sharesmb=name=kids_videos rpool/kids_videos

Check the staus of smb shares with…
host:# sharemgr show -vp
default nfs=()
zfs
zfs/rpool/pictures smb=()
pictures=/rpool/pictures

Set File Permissions

At the end of this I ended up with a /rpool/pictures/ directory and a pictures share which can be read but with only the root user has permission to write to. To control access to the directory/share I’ve setup two levels of access.

First I took over ownership of the shares (in this case pictures).
host:#pfexec chown john pictures

I want two layers of access read only for unpriviledges users (like the kids) and read/write access for the grownups.
User       Groups
media    other,media
joseph   other,media
sarah      staff,grownups,media
john       staff,grownups,media

I know that I should work out the correct ACL but I just went into the opensolaris filemanager right-clicked on the folder and went to the permissions tab. I set staff to have full access and ‘others’ (e.g. those in the media group) only read access. I I’m struck by a flamingo I’ll sort out the correct ACL setup.

So I can restrict write permissions for the shares that contain anything valuable (like the family photos) and also restrict read access to the film that I have ripped that are 12 certificate and over.

For the future???

1. Automount home directories
Apparently you just create a file /etc/smbautohome and add the line… *   /export/home/&
and magically the home directory of the unix user will be mounted.

2. Proper ACL for different levels of access to files being server

Reference sources

There’s a good guide here – http://wiki.genunix.org/wiki/index.php/Getting_Started_With_the_Solaris_CIFS which includes details of actually installing the service!. There are a few gotchas like not trying to run SAMBA at the same time as the smb-kernel service. NOTE: no SMB/CIFS server is installed by default.
The other definitive source of information in the guide produced by SUN –http://docs.sun.com/app/docs/doc/820-2429

Other sources of information:

This description of setting up an opensolaris file server http://www.h-online.com/open/OpenSolaris-as-a-file-server–/features/112212

This description of howto install the smb packages from the open solaris express DVD – by looping back the iso image as a filesystem – usefull reference! http://osdir.com/ml/os.solaris.opensolaris.storage.general/2008-03/msg00112.html

Comments (164)