Learning Solaris 10 Check out the Zones F.A.Q. !

Recently tried the Linux Branded zone within OpenSolaris, part of the BrandZ project, added to Solaris 8/07. It is said to be working with only a defined number of Linux distributions, namely CentOS 3.x and Red Hat Enterprise Linux 3.x. So I went to the CentOS site and downloaded the DVD iso of CentOS 3.9 (i386).

Then created my zone :

• 
root@kiwi:~# zonecfg -z lx1
lx1: No such zone configured
Use ‘create’ to begin configuring a new zone.
zonecfg:lx1> create -t SUNWlx
zonecfg:lx1> add net
zonecfg:lx1:net> set address=172.22.1.1/16
zonecfg:lx1:net> set physical=rge0
zonecfg:lx1:net> end
zonecfg:lx1> set zonepath=/zones/lx1
zonecfg:lx1> exit

root@kiwi:~# zonecfg -z lx1 info
zonename: lx1
zonepath: /zones/lx1
brand: lx
autoboot: false
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
net:
address: 172.22.1.1/16
physical: rge0
defrouter not specified

root@kiwi:~# ls -lh /zones/CentOS-3.9-i386-binDVD.iso
-rw-r–r– 1 nieuwenj staff 1.8G 2009-03-18 15:10 /zones/CentOS-3.9-i386-binDVD.iso


Next I have to install the zone by pointing the zoneadm command to the directory that contains the ISO file.

• 
  root@kiwi:/# zoneadm -z lx1 install -d /zones
  A ZFS file system has been created for this zone.

  Checking for valid Linux distribution ISO images...
/zones/CentOS-3.9-i386-binDVD.iso

  No supported Linux distributions found.

  Installation of CentOS to zone
'lx1' FAILED Thu Mar 19 14:24:26 CET 2009.

  Cleaning up after failed install...

  Installation of zone 'lx1' FAILED.

  See the log file:
'/zones/lx1/root/var/log/lx1.install.12491.log'
for details.

Doesn’t work, my ISO file is seen but it seems that it is not a supported version. Some more looks in the documentation shows that only 3.5 –> 3.8 are supported. Damn’, took me hours to download the 3.9 version. Let’s try some more.
Zoneadm probably calls some brand-specific check script so, using the Dtrace Toolkit (truss -t open would do…)

• 
root@kiwi:/opt/DTT# ./opensnoop -n zoneadm
UID PID COMM FD PATH
0 11904 zoneadm -1 /var/ld/ld.config
0 11904 zoneadm 3 /lib/libc.so.1
0 11904 zoneadm 3 /usr/lib/locale/en_US.UTF-8/en_US.UTF-8.so.3
0 11904 zoneadm 3 /usr/lib/locale/common/methods_unicode.so.3
0 11904 zoneadm 3 /lib/libzfs.so.1
0 11904 zoneadm -1 /usr/lib/locale/en_US.UTF-8/LC_MESSAGES/SUNW_OST_SGS.mo
0 11904 zoneadm -1 /usr/lib/locale/en_US.UTF-8/LC_MESSAGES/SUNW_OST_OSLIB.mo
0 11904 zoneadm 3 /usr/lib//libshare.so.1
0 11904 zoneadm 3 /lib/libxml2.so.2
0 11904 zoneadm 3 /lib/libpthread.so.1
0 11904 zoneadm 3 /lib/libz.so.1
0 11904 zoneadm 3 /lib/libm.so.2
0 11904 zoneadm 3 /lib/libsocket.so.1
0 11904 zoneadm 3 /lib/libnsl.so.1
0 11904 zoneadm 3 /dev/zfs
0 11904 zoneadm 4 /etc/mnttab
0 11904 zoneadm 5 /etc/dfs/sharetab
0 11904 zoneadm 6 /usr/lib/libzonecfg.so.1
0 11904 zoneadm 6 /etc/zones/lx1.xml
0 11904 zoneadm 7 /usr/share/lib/xml/dtd/zonecfg.dtd.1
0 11904 zoneadm 6 /usr/lib/brand/lx/config.xml
(…)


The first “lx-related” file is ‘/usr/lib/brand/lx/config.xml’

• 
root@kiwi:/usr/lib/brand/lx# cat config.xml
< ?xml version="1.0"?>
(…)

--install-- /usr/lib/brand/lx/lx_install --/install--


OK, the script is lx_install. After some reading, I see that the script will return more information if the variable verbose_mode is defined. So I change the code at the right function :

validate_iso_distros()
{
export verbose_mode=”t”
typeset cd


And we try again

• 
  root@kiwi:/# zoneadm -z lx1 uninstall
  Are you sure you want to uninstall zone lx1 (y/[n])? y
  The ZFS file system for this zone has been destroyed.
  root@kiwi:/#
  root@kiwi:/# zoneadm -z lx1 install -d /zones
  A ZFS file system has been created for this zone.

  Checking for valid Linux distribution ISO images...
/zones/CentOS-3.9-i386-binDVD.iso

Checking ISOs against distro file "/usr/lib/brand/lx/distros/centos35.distro"...
ISO "/zones/CentOS-3.9-i386-binDVD.iso":

  Checking ISOs against distro file "/usr/lib/brand/lx/distros/centos36.distro"...
ISO "/zones/CentOS-3.9-i386-binDVD.iso":

  Checking ISOs against distro file "/usr/lib/brand/lx/distros/centos37.distro"...
ISO "/zones/CentOS-3.9-i386-binDVD.iso":

  Checking ISOs against distro file "/usr/lib/brand/lx/distros/centos38.distro"...
ISO "/zones/CentOS-3.9-i386-binDVD.iso":

  Checking ISOs against distro file "/usr/lib/brand/lx/distros/rhel35.distro"...
ISO "/zones/CentOS-3.9-i386-binDVD.iso":

  Checking ISOs against distro file "/usr/lib/brand/lx/distros/rhel36.distro"...
ISO "/zones/CentOS-3.9-i386-binDVD.iso":

  Checking ISOs against distro file "/usr/lib/brand/lx/distros/rhel37.distro"...
ISO "/zones/CentOS-3.9-i386-binDVD.iso":

  Checking ISOs against distro file "/usr/lib/brand/lx/distros/rhel38.distro"...
ISO "/zones/CentOS-3.9-i386-binDVD.iso":

  No supported Linux distributions found.

Installation of CentOS to zone
'lx1' FAILED Thu Mar 19 14:35:06 CET 2009.

Cleaning up after failed install...

  Installation of zone 'lx1' FAILED.

  See the log file:
'/zones/lx1/root/var/log/lx1.install.12836.log'
for details.


OK, it seems that I need a distro file for CentOS 3.9. Let’s copy the one for 3.8 and try to modify the relevant fields :

• 
#
# Installation information for the CentOS 3.8 distribution disc set:
#
# + Serial number (as found in the disc set's .discinfo file)
# + Version Name
# + Order CDs holding the distribution must be installed in
# + MB of disk space required to hold a full install of the distribution
#
distro_serial=1155307611.42
distro_version="3.8"


So I need to find the serial number of my 3.9 distro.

• 
root@kiwi:~# lofiadm -a /zones/CentOS-3.9-i386-binDVD.iso
/dev/lofi/1
root@kiwi:~# mount -F hsfs /dev/lofi/1 /linux
root@kiwi:~#
root@kiwi:~# cd /linux
root@kiwi:/linux# ls
./ ../ .discinfo
root@kiwi:/linux# cat .discinfo
1183469235.986110
final
i386
1,2,3
RedHat/base
RedHat/RPMS
RedHat/pixmaps


I just copy the serial number just found in the centos39.distro newly created file (with updated comments from 3.8 to 3.9)

• 
root@kiwi:/usr/lib/brand/lx/distros/# cat centos39.distro
(…)
#
# Installation information for the CentOS 3.9 distribution disc set:
#
# + Serial number (as found in the disc set’s .discinfo file)
# + Version Name
# + Order CDs holding the distribution must be installed in
# + MB of disk space required to hold a full install of the distribution
#
distro_serial=1183469235.986110
distro_version=”3.9″
set -A distro_cdorder 1 2 3
(…)

And let’s try again :

• 
root@kiwi:/# zoneadm -z lx1 uninstall
Are you sure you want to uninstall zone lx1 (y/[n])? y
The ZFS file system for this zone has been destroyed.
root@kiwi:/#
root@kiwi:/# zoneadm -z lx1 install -d /zones
A ZFS file system has been created for this zone.


Checking for valid Linux distribution ISO images...
(...)
Checking ISOs against distro file "/usr/lib/brand/lx/distros/centos39.distro"...
ISO "/zones/CentOS-3.9-i386-binDVD.iso":
Serial #1183469235.986110
Release Name "CentOS"
DVD, representing CDs #1,2,3
(...)
Distro "CentOS" (DVD) found.
Installing distribution 'CentOS (DVD)'...
Installing cluster 'desktop'
(...)
Installing miniroot for zone 'lx1'.
(...)
Found DVD (representing CDs 1,2,3), Serial #1183469235.986110
Release Name "CentOS"
(...)
seamonkey-chat ##################################################
(...)


Here we go !
Wait ! No, an error after successful installation of hundreds of packages :

• 
Install of zone 'lx1' from
FAILED.

  Installation of CentOS to zone
'lx1' FAILED Thu Mar 19 20:55:48 CET 2009.


  Looking in the logfile :
ERROR: Unable to locate some needed packages:
gaim expectk tcl-html tcllib


  Seems I don’t really need these packages anyway…

  
root@kiwi:/usr/lib/brand/lx/distros# grep gaim *
rhel_centos_common: gaim \
root@kiwi:/usr/lib/brand/lx/distros# grep expectk *
centos38.distro: expectk \
centos39.distro: expectk \
root@kiwi:/usr/lib/brand/lx/distros# grep tcl-html *
centos38.distro: tcl-html \
centos39.distro: tcl-html \
root@kiwi:/usr/lib/brand/lx/distros# grep tcllib *
centos38.distro: tcllib”
centos39.distro: tcllib”


So let’s update rhel_centos_common and centos39.distro and remove all the lines that refer to packages that seem not to be there in CentOS 3.9…
And try another install afterwards…

• 
Completing installation; this may take a few minutes.
Setting up the initial lx brand environment.
System configuration modifications complete.
Installation of CentOS to zone
'lx1' completed Thu Mar 19 21:29:31 CET 2009.

  Installation of zone 'lx1' completed successfully.


Yope ! Finally….

• 
root@kiwi:~# zoneadm -z lx1 boot
root@kiwi:~# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
3 lx1 running /zones/lx1 lx shared
(…)
root@kiwi:~# zlogin lx1
[Connected to zone ‘lx1′ pts/6]
(…)
-bash-2.05b# top
08:39:41 up 5 min, 1 user, load average: 1.23, 0.79, 0.41
12 processes: 10 sleeping, 2 running, 0 zombie, 0 stopped
CPU states: cpu user nice system irq softirq iowait idle


-bash-2.05b# uname -a
Linux lx1 2.4.21 BrandZ fake linux i686 i686 i386 GNU/Linux


T: OpenSolaris, CentOS, BrandZ, Zones

Oddly enough, it appears that using Sun Secure Global desktop (SGD) from OpenSolaris doesn’t work from scratch. When my browsers try to connect to the server after authenticating, the browser never stop “Loading…” and times out after a while with an error message of style :”Failed to install”…

After some investigation, I found out that SGD is actually what’s left of a company called Tarantella, bought by Sun in 2005.

Now going to my home directory, there is a “hidden” directory called .tarantella

#cd ~/.tarantella/tcc/4.41.907/
#ls -l
total 3245
-rwxr-xr-x 1 nieuwenj staff 4368592 Aug 7 2008 ttatcc

Which seems to prove that the installation of the client started. Unfortunately,
# ldd ttatcc
libXm.so.4 => (file not found)

After going to a machine where SGD works, I see that I need SUNWmfrun, the Motif runtime software package. After googling, it appears that the package is part of Solaris 10 and even the early builds of OpenSolaris but it is no longer part of the OpenSolaris 2008.05 & 2008.11 distributions. Fortunately, I still have an iso of build79 of OpenSolaris ( a Solaris 10 iso or DVD would do )…

# lofiadm -a /downloads/laptop/iso/sol-nv-b79b-x86-dvd.iso
/dev/lofi/1
# mount -F hsfs /dev/lofi/1 /a
# cd /a/Solaris_11/Product
# pkgadd -d . -G SUNWmfrun
# pkgadd -d . -G SUNWxwrtl


The latter being a package that links the Motif libraries from /usr/dt to /usr/lib, where “ld” can find it.

There you go, retry to start SGD and you see a small (Motif) window popping up, asking something security-related. Then SGD finally starts…

Go to the article

With a new job comes a new laptop. I went for Acer Aspire 9424WSMi. It of course comes with Windows Media Center preinstalled. Because I’m gonna work with production Solaris machines, I decided that it would be best to install Solaris on it. Here is the results of my attempts :

1. Tried to install official Solaris 10 06/06. Installation successful but laptop crashes very early during boot. Too early to find out the guilty device driver.
2. Installed Solaris Express 11/06. No problem whatsoever. Nvidia card recognised, beautiful desktop out of the box. Networking fine thanks to an updated version of the rge Realtek Gigabit Ethernet Driver. Would have loved to stop there BUT… I need to install JES on top of Solaris and for whatever unexplained reason, the JES installer crashes at launch time. Couldn’t find anything on the internet on the subject. Of course, one can try to install every JES product manually. But I need many so that wasn’t so practical. Strangely enough, in the stacktrace output of the installer error, it showed a method called “checkOsVersion”. Would that be the reason ?
3. Installed official Solaris 10 11/06. No crash during boot. Great. But no network. The “rge” driver is not the updated release so that it cannot take my NIC. Tried to use the “rge” driver of Solaris Express/Opensolaris but that failed as well, some network projects having been integrated with some dependencies between them.

And the solution is : on December 19, an updated “gani” driver showed up on the Free NIC drivers for Solaris superb page. some “modload” later, I could type :
#ifconfig gani0 plumb
#ifconfig gani0 dhcp

and I had got the net work…

Still to be done : I have no wireless yet. This is normal because the laptop uses a Intel 3945ABG chipset for which even OpenSolaris doesn’t have a driver yet (in development right now).

But I have enough to start working…

Now that I want to download OpenOffice for Solaris x86 to compare it with the StarOffice suite provided with Solaris 10, I see that the download is available as a torrent. The problem is that Solaris doesn’t come with any Bit torrent client. After a bit of searching, I see that Azureus is the way to go. Completely Java. Unfortunately, although the latest release is available for Solaris 10 Sparc, nothing yet on the Solaris 10 x86 front. After more searching, it seems that Azureus is using the eclipse libraries , which are not available yet for x86 in the official distribution. Although the Azureus-x86 wiki basically tells us that we just need to compile eclipse ourselves and then replace some libraries, this is not trivial and more that what I want to do. But of course, someone did it before…

Eclipse release for Solaris on x86 is a BugId open for Eclipse where people talk about what I need. Included in the webpage is a nice attachement that contains the needed libraries.

Soooo :

1. Download Azureus for Sparc : Azureus_2.4.0.2_Solaris.tar.bz2
2. #bunzip Azureus_2.4.0.2_Solaris.tar.bz
3. #tar xf Azureus_2.4.0.2_Solaris.tar
You should now have a directory named azureus. In it, you’ll find 5 swt libraries ( libswt* ). These are the SPARC ones that you’ll need to replace by their x86 equivalent.
4. Download the eclipse SWT libraries for Solaris 10 x86
5. In another directory, unzip the file eclipse_launcher_and_swt_jar_for_solaris_10×86.zip You’ll have a directory and a jar file.
6. #unzip org.eclipse.swt.gtk.solaris.sparc_3.1.1.jar libswt-atk-gtk-3139.so libswt-awt-gtk-3139.so libswt-cde-gtk-3139.so libswt-gtk-3139.so libswt-pi-gtk-3139.so
   will extract the 5 libraries from the jar file. Simply copy the 5 libraries to the azureus directory.
7. Run the azureus command in the azureus directory. It should work…

Keith Wesolowski recently announced that the Fault Management subsystem is now capable of :

1. sending basic fault information to a Network Management Server. Provides the same information than the one sent to the syslog daemon.

2. Providing more information on the errors as well as FMA configuration info on request. An Fault Management MIB describes what information can be obtained.

Available on Nevada Build 33 and later so soon in Solaris.

The long story in this blog post.

T: OpenSolaris, FMA, SNMP

Finally a document aggregates the SMF information that was disseminated everywhere on the internet. This very good document from Rob Romack covers the following topic :

- SMF basics
- SMF components
- Example SMF Manifest for a new service, including a description of all the existing attributes ( require_all, … )
- SMF at boot time + SMF and milestones (the one area that will likely trigger a bunch of calls to Sun Support )
- The funny demonstration of the fact that the SMF engine is tracking services with cycling dependencies
- An original use of the dependency system that would allow somebody to login as root only if the configured name service is not available

View the document

T: SMF, OpenSolaris, Solaris 10

For those who cannot afford to reinstall their machines and have no spare computers, it is a good solution…

View the Howto

T: OpenSolaris, VmWare

Sun is not known to be a great developer of GUI applications. The best example is probably the unlikely suite of administration tools offered to Solaris sysadmins along the years. Now that “admintool” is a thing of the past (as of Solaris 10) and considering that the Solaris Management Console is not significantly better, we are left with this sad conclusion : managing Solaris with a GUI is a pain –> managing Solaris is impossible if you are not a sysadmin.

The good news is that a new OpenSolaris project has been created to make Solaris configuration by end-users easier : it is called Project Visual Panels and looks promising.

Since the underlying storage is provided by the SMF data store, it looks like the graphical Solaris “registry” is on its way. Let’s see if Solaris can do it better than Windows…

Go to the project page
Go to the preliminary screeshots of the GUI

From Solaris 9 update 2, a new framework was introduced that would make it possible to select among a number of hash algorithms the famous one that would be used to compute the encrypted version of the passwords. Before that time, the traditional crypt() routine was used, limiting the size of passwords to 8 characters and providing the even more famous 13 characters found in the /etc/shadow file.

The Solaris Pluggable Crypt Framework makes it possible to choose from 3 new algorithms, all allowing a maximal password size of 255 characters:

# cat /etc/security/crypt.conf
(…)
1 crypt_bsdmd5.so.1
2a crypt_bsdbf.so.1
md5 crypt_sunmd5.so.1

What are these libraries?

From the man pages: (more…)