MPU Solaris Notes - a Craig to Chris Brain Dump

Not all of this concerns MPU but it's all useful knowledge.

Patching

Ths is currently done by downloading the recommended patch cluster from sunsolve and installing it. There are four things to say about patching.

  1. It takes ages, because each separate patch is done by a script which painstakingly carries out lots of checks before eventually checking whether it should be installed or not, and half the time the answer is no because (for instance) it's already installed. It might be hugely speeded up if done by a script similar to updatepkgs for instance. This works like updaterpms in that it has a list of what ought to be installed and calculates the differences between that and what is installed and makes the necessary changes, rather than attempting to install every patch every time.
  2. It has to be done with the machine in single-user mode. Yes this is necessary: we've corrupted things by patching in multi-user mode before now. As a result it's done fairly infrequently. Perhaps a regular patch-fest once a month would be a good idea.
  3. An average patching session currently takes perhaps an hour or so.
  4. We'll need the sunsolve password.

Packages

  • There are two types of Solaris package, the filesystem format (a directory, more or less) and the datastream format (a cpio archive, like an RPM). A package file with .pkg in its name will be in datastream format, and that's the one we generally use.
  • The base name of a package can only be 8 characters long.
  • Find what packages are already installed with pkginfo (akin to rpm -qa).
  • updatepkgs does the same job for Sun packages on Solaris as the updaterpms utility does for RPM packages on Linux.
  • The associated LCFG component is lcfg-updaterpms. There is no lcfg-updatepkgs component.
  • lcfg-updaterpms (or maybe updatepkgs) works silently, but does log to the log file.
  • lcfg-updaterpms does not automatically run at night like on Linux machines. Until now we have preferred to run it by hand from time to time.
  • Buildtools supports Solaris packages. To use buildtools on Solaris you have to do two things:
    • export CVS_RSH=/usr/local/bin/ssh
    • Use gmake instead of make.
  • Submit a package with pkgsubmit
    • This has a --test option
    • Use --repository to specify the repository to submit to.
    • There are three repositories:
      • LCFG - the obvious
      • SUNW - official Sun stuff
      • SFW - originally named for Sun FreeWare, but now it contains everything that doesn't fit in either of the other categories.
    • e.g. pkgsubmit --test --repository LCFG lcfg-foo-1.3.2-1.pkg.gz

Installation

This takes ages, because of the aforementioned patching delays.

If you ever have an installation fail really quickly with "read-only filesystem" type errors, then rdxprof may be the cause:

The latest version of rdxprof tries to create /etc/logrotate.d when it is run and if it can't create it promptly dies. One of the things the start.lcfg script does is to run rdxprof to get the fstab resources so it can partition the hard disk. Unfortunately at this point the root filesystem is read only mounted from the boot server (in your case sphinx). Rdxprof craps out and qxprof when run to get the fstab resources produces the error messages you were seeing. The solution is to go to the install root, located at /export/install/Solaris_9/Tools/Boot on the boot server and put in a symbolic link from /etc/logrotate.d to /var/etc/logrotate.d which is writable.

If the boot component fails to start with
/usr/lib/lcfg/components/boot: /opt/sfw/bin/gsed: No such file or directory
/usr/lib/lcfg/components/boot: /etc/init.d: is a directory

Halt the machine and at the boot prompt type boot net. It'll boot into the windowing system again. When the window with the install stuff appears, exit from the install program and use the right button menu on the background to start up a console. Run the commands

mount /dev/dsk/c0t0d0s0 /mnt
cd /mnt/opt/sfw/bin
cp /mnt/usr/bin/gsed .
/usr/sbin/reboot

The machine should then come up OK.

If you still can't login after installation is complete:

Is the krb5.keytab in place in /etc/krb5? Are the time and date right? Those are the two usual things which prevent people logging in.

Notable Solaris Machines

All are running Solaris 9 with LCFG.

Servers

  • All six servers are SunFire 280Rs.
  • The root disks are raided and are 70-oddGB.
  • It's been discovered that it's not a good idea to have any user data on these disks even though there's space for it as when the user partition on the root disk is hammered the whole machine suffers horribly.
  • The /export partition on each server is mirrored to /export on all of the other five servers.
  • Each machine has a D2. This is a JBOD. A JBOD is Just a Bunch Of Disks. Ho ho.

AT
Phoenix, Roc. Both use the AT sataboy.
BP
Pegasus, Hippocampus. Both use bpbeast. Hippocampus carries no home directories, just research space.
KB
Sphinx, Wyvern. Both use ataboy1.

There's currently no support on the Suns for limiting logins by netgroup, so for the servers only, anyone who wants to be able to login has to be put into the machine's passwd file. Get the user's passwd entry from getent passwd and enter it with vipw. Afterwards run pwconv to copy the entry to the shadow password file too.

Other Machines

Manticore
SunBlade 100. LCFG testbed. Now in BP.
Cyclops
SunBlade 100. AFS backup. Moving from AT 4.11 to AT basement as it sounds like a sack of spanners in a washing machine every afternoon from 15:30 as the AFS replication starts up.
Troll
SunBlade 100. Fibrechannel testbed. Connected to sataboy in AT basement.
Harpy
SunBlade 100. Don't remember anything about this one.
Salamander
SunBlade 1000. FH AFS test machine. Will become a Solaris multi-user machine once again.
Phlegethon
SunBlade 100. George's office.
Boglander
SunBlade 100. Chris's office.

-- ChrisCooke - 16 Jun 2006

Topic revision: r4 - 26 Jun 2006 - 10:42:11 - ChrisCooke
DICE.MPUSolarisNotes moved from DICE.SolarisNotes on 16 Jun 2006 - 13:46 by ChrisCooke - put it back
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies