The easiest way to install on Solaris is to obtain the packages from http://OpenCSW.org. OpenCSW uses a tool called pkgutil on top of the existing Solaris toolset to obtain, install and maintain OpenCSW packages.
Start by installing the latest version of CSWpkgutil:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
root@sol11test:~# pkgadd -d http://get.opencsw.org/now ## Downloading... ..............25%..............50%..............75%..............100% ## Download Complete The following packages are available: 1 CSWpkgutil pkgutil - Installs Solaris packages easily (all) 2.6.6,REV=2013.11.12 Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: all Processing package instance <CSWpkgutil> from <http://get.opencsw.org/now> pkgutil - Installs Solaris packages easily(all) 2.6.6,REV=2013.11.12 Please see /opt/csw/share/doc/pkgutil/license for license information. ## Processing package information. ## Processing system information. ## Verifying package dependencies. ## Verifying disk space requirements. ## Checking for conflicts with packages already installed. ## Checking for setuid/setgid programs. This package contains scripts which will be executed with super-user permission during the process of installing this package. Do you want to continue with the installation of <CSWpkgutil> [y,n,?] y Installing pkgutil - Installs Solaris packages easily as <CSWpkgutil> ## Installing part 1 of 1. /etc/opt/csw/pkgutil.conf.CSW /etc/opt/csw <implied directory> /opt/csw/bin/pkgutil /opt/csw <implied directory> /opt/csw/bin <implied directory> /opt/csw/etc/pkgutil.conf.CSW /opt/csw/etc <implied directory> /opt/csw/libexec/pkgutil/wget-i386 /opt/csw/libexec/pkgutil/wget-sparc /opt/csw/share/doc/pkgutil/license /opt/csw/share/doc/pkgutil/readme /opt/csw/share/man/man1/pkgutil.1 /opt/csw/var/pkgutil/admin.CSW [ verifying class <none> ] ## Executing postinstall script. Copying sample pkgutil.conf to /opt/csw/etc. Copying sample pkgutil.conf to /etc/opt/csw. Copying sample admin from /opt/csw/var/pkgutil to /var/opt/csw/pkgutil. NOTE! NOTE! Make sure to check out any changes in /etc/opt/csw/pkgutil.conf.CSW. NOTE! Installation of <CSWpkgutil> was successful. |
The first step is to configure pkgutil to use PGP cryptographic verification. Issue the following command to install the CSWpki package via pkgutil:
|
1 |
# pkgutil -y -i cswpki |
First, import the keys with cswpki:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
# cswpki --import Do you want to import the key used for: catalog signing 2011-09? Yes/No: Yes Importing the key used for: catalog signing 2011-09 gpg: keyring `/var/opt/csw/pki//secring.gpg' created gpg: keyring `/var/opt/csw/pki//pubring.gpg' created gpg: /var/opt/csw/pki//trustdb.gpg: trustdb created gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys found Do you want to import the key used for: legacy catalog verification? Yes/No: Yes Importing the key used for: legacy catalog verification gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys found |
The current fingerprint is available at http://www.opencsw.org/manual/for-administrators/getting-started.html, and currently looks like this:
|
1 2 3 4 5 |
# gpg --homedir=/var/opt/csw/pki --fingerprint [email protected] pub 1024D/9306CC77 2011-08-31 Key fingerprint = 4DCE 3C80 AAB2 CAB1 E60C 9A3C 05F4 2D66 9306 CC77 uid OpenCSW catalog signing <board@opencsw.org> sub 2048g/971EDE93 2011-08-31 |
With the key imported, edit /etc/opt/csw/pkgutil.conf and uncomment the following values, thus setting them to true from their defaults of false:
|
1 2 |
use_gpg=true use_md5=true |
Now, run a pkgutil catalog update. You should see the GPG verification taking place:
|
1 2 3 4 5 6 7 8 9 |
# pkgutil -U => Fetching new catalog and descriptions (http://mirror.opencsw.org/opencsw/testing/i386/5.11) if available ... Checking integrity of /var/opt/csw/pkgutil/catalog.mirror.opencsw.org_opencsw_testing_i386_5.11 with gpg. gpg: Signature made Wed Dec 18 10:43:20 2013 EST using DSA key ID 9306CC77 gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 4DCE 3C80 AAB2 CAB1 E60C 9A3C 05F4 2D66 9306 CC77 ==> 3807 packages loaded from /var/opt/csw/pkgutil/catalog.mirror.opencsw.org_opencsw_testing_i386_5.11 |
Now, we can search for the appropriate Puppet package using pkgutil -a:
|
1 2 3 4 5 6 |
# pkgutil -a puppet common package catalog size puppet CSWpuppet 2.7.21,REV=2013.03.15 709.8 KB puppet3 CSWpuppet3 3.1.1,REV=2013.03.15 780.4 KB puppetmaster CSWpuppetmaster 2.7.21,REV=2013.03.15 3.4 KB puppetmaster3 CSWpuppetmaster3 3.1.1,REV=2013.03.15 2.2 KB |
As this is only a client, we will need the puppet3 package, and any dependencies. pkgutil takes care of dependency resolution for us with respect to other OpenCSW.org packages.
For the sake of convenience, at this point you should update your $PATH accordingly to find binaries under /opt/csw/bin:
|
1 2 3 4 5 6 7 |
# vi ~/.profile ... export PATH=$PATH:/opt/csw/bin ... # . .profile # which pkgutil /opt/csw/bin/pkgutil |
Install the puppet3 package and its dependencies:
|
1 |
# pkgutil -i -y puppet3 |
By default, an SMF service is created to run the Puppet agent daemonised. This is not something that we want - the updates will be run out of cron for more control and granularity. For now, check the status of the service:
|
1 2 3 4 5 |
# svcs -xv cswpuppetd svc:/network/cswpuppetd:default (?) State: online since November 26, 2013 08:44:35 AM EST See: /var/svc/log/network-cswpuppetd:default.log Impact: None. |
Disable it, thus stopping it also:
|
1 |
# svcadm disable svc:/network/cswpuppetd |
Copy the supplied sample puppet.conf into place:
|
1 |
# cp /etc/puppet/puppet.conf.example-CSW /etc/puppet/puppet.conf |
Update puppet.conf server variable in the [agent] section as appropriate:
|
1 2 3 4 |
# vi /etc/puppet/puppet.conf [agent] ... server = mypuppetserver.local |
Try a test run, the certificate request will be sent to the Puppet master, and can be signed as shown in the CentOS instructions above.
|
1 2 3 4 5 6 |
# puppet agent --test Info: Creating a new SSL key for sol11test.local Info: Caching certificate for ca Info: Creating a new SSL certificate request for sol11test.local Info: Certificate Request fingerprint (SHA256): 96:B2:AB:E8:E7:6C:DE:98:DD:3F:AA:29:3C:B7:97:C4:FD:DB:41:0D:F7:04:BF:3D:03:41:D9:76:95:84:76:23 Exiting; failed to retrieve certificate and waitforcert is disabled |
Once the certificate is signed, a clean run should be observed:
|
1 2 3 4 5 6 7 8 |
# puppet agent --test Info: Caching certificate_revocation_list for ca Info: Retrieving plugin Notice: /File[/var/opt/csw/puppet/lib]/mode: mode changed '0750' to '0755' Info: Caching catalog for sol11test.local Info: Applying configuration version '1386191583' Info: Creating state file /var/opt/csw/puppet/state/state.yaml Notice: Finished catalog run in 0.05 seconds |
A quick check of the facter variables on each type of host confirms that things are ready to go:
|
1 2 3 4 |
root@sol11test:~# facter operatingsystem Solaris root@sol11test:~# facter operatingsystemrelease 5.11 |