The aim of this series is to show the experienced Solaris system administrator how to transition from Solaris 10 to Solaris 11 immediately after initial installation of the operating system, as well as offering tips, tricks and insights into Solaris 11, which differs significantly from Solaris 10.
This article will cover the commands that will enable both servers to be networked and able to reach the internet.
I’m using two VMs with the same specification - 2GB RAM, 30GB VMDK, one configured for Solaris 11 and one configured for Solaris 10. I Esc-2 my way through the installs and end up with two VMs - one Solaris 10 and one Solaris 11. I set them both up with no special configuration with regards to networking, naming services, or DHCP. I did select IPv6 during the Solaris 10 installation to have that available should we need it.
I’m running these installs under VMware Fusion 5.0.2 on Mac OS X 10.8. Looking at the networking configuration for these under VMware shows me they are receiving DHCP as part of the following scope.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
$ cat /Library/Preferences/VMware\ Fusion/vmnet8/dhcpd.conf ... subnet 172.16.18.0 netmask 255.255.255.0 { range 172.16.18.128 172.16.18.254; option broadcast-address 172.16.18.255; option domain-name-servers 172.16.18.2; option domain-name localdomain; default-lease-time 1800; # default is 30 minutes max-lease-time 7200; # default is 2 hours option netbios-name-servers 172.16.18.2; option routers 172.16.18.2; } ... |
I will place the two VMs outside of this scope, with the following IP address allocation:
|
1 2 |
sol10lab Solaris 10 17.16.18.69 sol11lab Solaris 11 17.16.18.70 |
The first step will be logging into the respective servers and changing them from being DHCP-address workstations floating around the network to actual servers we can use to do stuff.
Solaris 10 from OOTB to Useful
Log into sol10lab using the Options → Command Line Login … option on the CDE login screen. Then hit enter and the root prompt will appear
|
1 2 3 4 5 |
unknown console login: root Password: Last login: Fri Jan 18 11:20:17 on console Oracle Corporation SunOS 5.10 Generic Patch January 2005 # |
Let’s see exactly what release we are using
|
1 2 3 4 5 6 |
# cat /etc/release Oracle Solaris 8/11 s10x_u10wos_17b x86 Copyright © 1983, 2011, Oracle and/or its affiliates. All rights reserved. Assembled 23 August 2011 # uname -a SunOS unknown 5.10 Generic_147441-01 i86pc i386 i86pc |
So it’s Solaris 10, Update 10 – the latest and greatest at the time of writing. A bit more poking around before any configuration changes are made
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# psrinfo 0 on-line since 01/18/2013 11:03:18 # psrinfo -p 1 # psrinfo -v Status of virtual processor 0 as of: 01/18/2013 11:13:31 on-line since 01/18/2013 11:03:18. The i386 processor operates at 2385MHz, and has an i387 compatible floating point processor # prtconf | grep Mem Memory size: 2048 Megabytes # dladm show-link e1000g0 type: non-vlan mtu: 1500 device: e1000g0 |
Before I do any more poking around I really want to be doing it over an SSH connection to a stable and viable endpoint, so let’s get the network stuff sorted out. Personally, I don’t like the hostname hostname so that can go, and the proposed IP address of 17.16.18.69 can be applied to the interface we have discovered through the use of dladm show-link ise1000g0.
First, to ease my immediate pain:
|
1 |
# stty erase ^H |
Second, to erase future pain:
|
1 |
# svcadm disable cde-login |
OK – now for the network. Set the nodename
|
1 |
# echo “sol10lab” > /etc/nodename |
Add an appropriate entry to /etc/hosts for the node
|
1 |
# echo “17.16.18.69 sol10lab” >> /etc/hosts |
Add an entry to /etc/hostname.<interface> - we queried for the interface via dladm show-link above.
|
1 |
# echo “sol10lab netmask 255.255.255.0 broadcast +” > /etc/hostname.e1000g0 |
Remove the /etc/dhcp.<interface> file for the interface.
|
1 |
# rm -f /etc/dhcp.e1000g0 |
Add an a appropriate entry to /etc/netmasks
|
1 |
# echo “172.16.18.0 255.255.255.0” >> /etc/netmasks |
Set name service resolution configuration
|
1 2 3 |
# vi /etc/resolv.conf domain somedomain nameserver 172.16.18.2 |
Add the persistent default gateway
|
1 |
# route -p add default 172.16.18.2 |
Copy the DNS-based NSS configuration into place.
|
1 |
# cp -p /etc/nsswitch.dns /etc/nsswitch.conf |
Bounce the host …
|
1 |
# shutdown -y -g 0 -i 6 |
Once it comes back – log back into the console. Just to check it works, ping something
|
1 2 |
# ping google.com google.com is alive |
Hurrah! Now we will quickly examine how the static route is stored, as even in Solaris 10 Update 10, we were not using /etc/defaultrouter or /etc/rc2.d/S99dodgy-route-hacks. It still would have worked, but it’s all built into the route c0mmand now via the -p option (for persistence) , and unbeknownst to many it was still in later releases of Solaris 10. I’ll also check routing under Solaris 11 to see if the same principles apply.
Looking at our routing table, we can see the default route
|
1 2 3 4 5 6 7 |
# netstat -rn -f inet Routing Table: Ipv4 Destination Gateway Flags Ref Use Interface default 172.16.8.2 UG 1 1 172.16.18.0 172.16.18.69 U 1 2 e1000g0 224.0.0.0 172.16.19.69 U 1 0 e1000g0 127.0.0.1 127.0.0.1 UH 1 33 lo0 |
But we didn’t populate /etc/defaultrouter when setting up the box initially. Instead, route -p add was used to add a persistent route. We can prove the existence of this persistent route with route -p show
|
1 2 |
# route -p show perisistent: route add default 172.16.18.2 |
That routing information is stored in /etc/inet/static_routes
|
1 2 3 |
# cat /etc/inet/static_routes # File generated by route(1M) – do not edit. default 172.16.18.2 |
And you pretty much have your new machine on the network. Many more things to do, but we’re here to learn about Solaris 11. Let’s try the same tasks …
Solaris 11 from OOTB to Useful
I know the Solaris 11 box won’t let me, as I’ve read the documentation and root is now a role not a user account, but I’ll still see what it does.
|
1 2 3 4 5 |
solaris console login: root Password: Roles can not login directly Login incorrect Jan 18 23:29:53 solaris login: login account failure: permission denied |
You can see quite clearly that it isn’t pleased with your actions. So, I’ll log in with my user account that I created during the installation of Solaris 11 – toki.
|
1 2 3 4 5 |
solaris console login: toki Password: Last login: Fri Jan 18 22:51:01 on console Oracle Corporation SunOS 5.11 11.1 September 2012 toki@solaris:~$ |
And there we are. Let’s assume the root role and change the hostname.
|
1 2 3 4 5 |
toki@solaris:~$ su - Password: Jan 18 23:34:22 solaris su: 'su root' succeeded for toki on /dev/console Oracle Corporation SunOS 5.11 11.1 September 2012 root@solaris~# |
Solaris 11 sees a lot more of the administrative change moving out of traditional configuration files and into SMF, which at first seemed a little over-engineered for my liking but I’ve found I’m now growing to like it now as it keeps a consistent administrative command composition and interface across Oracle’s products and Operating Systems. Additionally, it provides a single database to poll for system information, and also a single database in which to make changes to that configuration.
Let’s start by checking what is currently within SMF for the hostname of this server. The correct SMF service is svc:/system/identity:node so svccfg can be used to query it.
|
1 2 3 4 5 6 |
solaris# svccfg -s system/identity:node listprop config config application config/enable_mapping boolean true config/ignore_dhcp_mapping boolean false config/nodename astring solaris config/loopback astring solaris |
Use svccfg to change both the config/nodename and config/loopback astrings.
|
1 2 |
solaris# svccfg -s system/identity:node setprop config/nodename = astring: sol11lab solaris# svccfg -s system/identity:node setprop config/loopback = astring: sol11lab |
Confirm the results with a listprop config:
|
1 2 3 4 5 6 |
solaris# svccfg -s system/identity:node listprop config config application config/enable_mapping boolean true config/ignore_dhcp_mapping boolean false config/nodename astring solaris config/loopback astring solaris |
Now we must refresh the system/identity:node entry within SMF to make this changes have any effect. So …
|
1 |
solaris# svccfg -s system/identity:node refresh |
The console will spit out
|
1 |
Hostname: sol11lab |
Next comes networking. Solaris 11 comes with support for automatic network configuration, but I’ll be configuring the network manually. In short, the Automatic network profile has to be disabled, and the Manual one enabled. A default OOTB Solaris 11 box booted and configured with reasonable defaults will have a network configuration profile setup something like this:
|
1 2 3 4 5 6 |
sol11lab# netadm list -p ncp -x TYPE PROFILE STATE AUXILIARY STATE ncp Autommatic online active ncu:phys net0 online interface/link is up ncu:ip net0 online interface/link is up ncp DefaultFixed disabled disabled by administrator |
The DefaultFixed NCP is what we want. We can enable this -
|
1 2 |
sol11lab# netadm enable -p ncp DefaultFixed Enabling ncp 'DefaultFixed' |
- and then verify that this has been successful with another netadm list:
|
1 2 3 4 |
sol11lab# netadm list -p ncp -x TYPE PROFILE STATE AUXILIARY STATE ncp Automatic disabled disabled by administrator ncp DefaultFixed online active |
OK, you’ll also see that the ncu:phys and ncu:ip entries are gone so we have no network – yet.
A quick dladmshow-phys on the box will give us our link name.
|
1 2 3 |
sol11lab# dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE net0 Ethernet unknown 1000 full e1000g0 |
ipadm will know nothing of this link at this point however:
|
1 2 3 |
sol11lab# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes – |
The first thing to do is configure a virtual IP interface on top of our net0 interface found whilst poking around above. To do this, issue the following command:
|
1 |
sol11lab# ipadm create-ip net0 |
You will now notice that a new virtual IP interface has been created, although it is still down and hasn’t been enabled.
|
1 2 3 4 |
sol11lab# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes – net0 ip down no – |
If we add an address to that new interface, it will come online and all will be well.
|
1 2 3 4 5 |
sol11lab# ipadm create-addr -T static -a 172.16.18.70/24 net0/v4static sol11lab# ipadm show-if IFNAME CLASS STATE ACTIVE OVER lo0 loopback ok yes – net0 ip ok yes – |
And now we can ping our Solaris 10 host …
|
1 2 |
sol11lab# ping 172.16.18.69 172.16.18.69 is alive |
… and add our default route.
|
1 |
sol11lab# route -p add default 172.16.18.2 |
All that remains for this to be in the same state as its Solaris 10 cousin is the configuration of name services (/etc/resolv.conf and /etc/nsswitch.*, essentially).
First I will review the current configuration properties for the network/dns/client SMF service.
|
1 2 3 |
sol11lab# svccfg -s network/dns/client listprop config config application config/value_authorization astring solaris.smf.value.name-service.dns.client |
So, nothing is set up. Add a default domain; I’ll use example.com.
|
1 |
sol11lab# svccfg -s network/dns/client setprop config/domain = astring: example.com |
Then verify that it has indeed been updated:
|
1 2 |
sol11lab# svccfg -s network/dns/client listprop config/domain config/domain astring example.com |
Next a nameserver. There is one locally on my network so I’ll just use that, and a known Google freebie resolver.
|
1 2 |
sol11lab# svccfg -s network/dns/client setprop config/nameserver = net_address: \ > "(172.16.18.2 8.8.8.8)" |
And again verify the result:
|
1 2 |
sol11lab# svccfg -s network/dns/client listprop config/nameserver config/nameserver net_address 172.16.8.2 8.8.8.8 |
A final piece of svccfg work required is for name service switch ordering.
Anyway – for now, you do this:
|
1 |
sol11lab# svccfg -s name-service/switch setprop config/host = astring:'("files dns")' |
As always, verify:
|
1 2 |
sol11lab# svccfg -s name-service/switch listprop config/host config/host astring “files dns” |
If it looks good, write out the configuration:
|
1 |
sol11# nscfg export svc:/network/dns/client:default |
That will write out the nsswitch.conf and resolv.conf files directly from the information you put into SMF. nscfg also has an import option, but I wanted to show the correct way – not the way that will become legacy as more and more config moves into SMF.
Your Solaris 11 box can now see Google:
|
1 2 |
sol11lab# ping google.com google.com is alive |
This article should hopefully have someone who is very experienced at rolling out Solaris 10 servers up to speed on the basic changes required to get the same result using Solaris 11. It has only skimmed the surface of what the OS has to offer – and many more articles will be forthcoming – the next concentrating on ZFS administration.