Sun announced intentions to release SunWebServer under BSD license

Sun will opensource part of their web stack under a BSD license.

"Sun announced that it is open sourcing the core components of the Sun Java(TM) System Web Server 7.0 and Sun Java(TM) System Web Proxy technologies under a BSD (Berkeley Software Distribution) license in the Web Stack sub-project of the OpenSolaris community. The Web and Proxy source code will be available in CY08Q3."

http://www.opensolaris.org/os/project/webstack/

"We're pleased to announce that the Web Stack project will be taking on the Open Source releases of the Sun Web and Proxy Server.... under a BSD license. Read about this and other plans in the Sun press release"

D-Light DTrace script for Sun Studio 12 in Solaris

Here's a pretty cool tool for developers, similar to the DTrace GUI from XCode in OS X 10.5 Leopard (Instruments):

It's part of Sun Studio 12.




It's still in development, but it can be pretty useful.

Using AWK to convert UNIX passwords from HP-UX to Solaris

Converting password hashes from HP-UX 11.11 to Solaris is pretty simple if you are using UNIX crypt passwords (if HP-UX isn't a Trusted System. If it is, it will use bigcrypt passwords, > 8 characters, converting them to Solaris UNIX crypt could be problematic).

Here's the gest of it:

On the HP-UX System, we create a test user:

# useradd test
# passwd test
test

Now we convert the passwd file to generate passwd entries for Solaris:

• # awk ' BEGIN { FS = ":" } { print $1":x:" $3 ":" $4 "::/export/home/" $1 ":/usr/bin/sh" }' /etc/passwd
• test:x:107:20::/export/home/test:/usr/bin/sh

And we create the shadow file entries, including the password hash:

• # awk ' BEGIN { FS = ":" } { print $1":"$2"::::::" }' /etc/passwd
• test:lsDWJo7M.iAhY::::::

Just add them using /usr/ucb/vipw to the password file, edit the shadow file for consistency and test. Be sure to backup the files and to test using a few users at first.

• $ su test
• Password:
• $ id
• uid=127(test) gid=120
• $ whoami
• test
• $ echo $HOME
• /export/home/test
• $ echo $SHELL
• /usr/bin/sh

Mix with some shell scripting and mkdir's and you're set :-). Next time, use LDAP :P.

Fixing Java WebConsole ZFS Administration on Solaris Express Community Edition build 90, 91

Application Error

com.iplanet.jato.NavigationException: Exception encountered during forward
Root cause = [java.lang.IllegalArgumentException: No enum const class com.sun.zfs.common.model.AclInheritProperty$AclInherit.restricted]

---

Notes for application developers:

• To prevent users from seeing this error message, override the onUncaughtException() method in the module servlet and take action specific to the application
• To see a stack trace from this error, see the source for this page

---

Generated Sun Jun 22 14:22:44 EEST 2008


If this happens to you, you need to set acl inherit to passthrough:

# zfs set aclinherit=passthrough rpool

Now WebConsole ZFS Admin will work.

You also need to make sure the webconsole serivce is enabled before you can use it:

# svcs -a | grep webconsole
disabled 15:32:25 svc:/system/webconsole:console

# svcadm enable webconsole

# svcs -xv webconsole
svc:/system/webconsole:console (java web console)
State: online since Sun Jun 22 15:34:40 2008
See: man -M /usr/share/man -s 1M smcwebserver
See: /var/svc/log/system-webconsole:console.log
Impact: None.




When you're done using it, you should probably disable the service, as Java will eat up 100MB of memory :-). Besides, you don't really need a GUI for ZFS admin. It's just nice to show to your friends.

# svcadm disable webconsole

You should also make sure to disable webconsole in your Zones, as it serves no purpose what so ever (and it will bloat your zones by about 100MB memory usage).

Compiling 64 bit OpenSSL and OpenSSH on Solaris with Sun Studio 12; SSH ASCII fingerprints

For building OpenSSL.
% ./config
Replace -xarch=amd64 with -m64 in the Makefile.
% gmake
# gmake install

Now build OpenSSH:

export CFLAGS=-m64
export LDFLAGS=-m64

% ./configure --with-ssl-dir=/usr/local/ssl
% make
% su
# make package
The following packages are available:
1 OpenSSH OpenSSH Portable for Solaris
(i386) OpenSSH_5.0p1
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: Transferring package instance

# pkgadd -d OpenSSH-OpenSSH_5.0p1-Solaris-i386.pkg



If you're using OpenSSH portable from CVS you can also enjoy the ASCII art fingerprint funtion:


ibmsolaris% ./ssh -F /etc/ssh/ssh_config 192.168.21.168
Host key fingerprint is ...
+--[ RSA]----------+
| |
| = . |
| . = F |
| + * + |
| S * . |
| o + . |
| . = o . . |
| o + . o |
| . .oo . |
+----------------------+

Just add CheckHostIP fingerprint to ssh_config.

To compile OpenSSH from CVS:

% export CVSROOT=anoncvs@anoncvs.mindrot.org:/cvs
% export CVS_RSH=/usr/bin/ssh
% cvs get openssh

# ln -s /usr/bin/aclocal-1.10 /usr/bin/aclocal
# ln -s /usr/bin/automake-1.10 /usr/bin/automake
% ./configure --with-ssl-dir=/usr/local/ssl
% make
% su
# make package

Solaris ZFS to ZFS LiveUpgrade

Regular UFS to UFS LiveUpgrade used to take a while to create the boot environment, etc. Complicated :-).
As of Solaris Express Community Edition 90, you can use LiveUpgrade with ZFS. You can also LU a UFS system to ZFS.

One of the benefits of ZFS root is the ZFS clone command (lucreate -n happens in a second):

# lucreate -n sxce91
Checking GRUB menu...
Analyzing system configuration.
No name for current boot environment.
INFORMATION: The current boot environment is not named - assigning name .
Current boot environment is named .
Creating initial configuration for primary boot environment .
The device is not a root device for any boot environment; cannot get BE ID.
PBE configuration successful: PBE name PBE Boot Device .
Comparing source boot environment file systems with the file
system(s) you specified for the new boot environment. Determining which
file systems should be in the new boot environment.
Updating boot environment description database on all BEs.
Updating system configuration files.
Creating configuration for boot environment .
Source boot environment is .
Creating boot environment .
Cloning file systems from boot environment to create boot environment .
Creating snapshot for on .
Creating clone for on .
Setting canmount=noauto for in zone on .
Creating snapshot for on .
Creating clone for on .
No entry for BE in GRUB menu
Population of boot environment successful.
Creation of boot environment successful.


Mount the DVD image loopback:

# mkdir /mnt/iso
# lofiadm -a /export/home/cmihai/Desktop/SunDownloads/sol-nv-b91-x86-dvd.iso
/dev/lofi/1
# mount -F hsfs /dev/lofi/1 /mnt/iso

Liveupgrade:
# luupgrade -u -n sxce91 -s /mnt/iso/
No entry for BE in GRUB menu
Copying failsafe kernel from media.
Uncompressing miniroot
Uncompressing miniroot archive (Part2)
13371 blocks
Creating miniroot device
miniroot filesystem is
Mounting miniroot at
Mounting miniroot Part 2 at
Validating the contents of the media .
The media is a standard Solaris media.
The media contains an operating system upgrade image.
The media contains version <11>.
Constructing upgrade profile to use.
Locating the operating system upgrade program.
Checking for existence of previously scheduled Live Upgrade requests.
Creating upgrade profile for BE .
Checking for GRUB menu on ABE .
Saving GRUB menu on ABE .
Checking for x86 boot partition on ABE.
Determining packages to install or upgrade for BE .
Performing the operating system upgrade of the BE .
CAUTION: Interrupting this process may leave the boot environment unstable
or unbootable.

Upgrading Solaris: 100% completed
Installation of the packages from this media is complete.
Restoring GRUB menu on ABE .
Adding operating system patches to the BE .
The operating system patch installation is complete.
ABE boot partition backing deleted.
Configuring failsafe for system.
Failsafe configuration is complete.
INFORMATION: The file on boot
environment contains a log of the upgrade operation.
INFORMATION: The file on boot
environment contains a log of cleanup operations required.
INFORMATION: Review the files listed above. Remember that all of the files
are located on boot environment . Before you activate boot
environment , determine if any additional system maintenance is
required or if additional media of the software distribution must be
installed.
The Solaris upgrade of the boot environment is complete.
Installing failsafe
Failsafe install is complete.

# luactivate sxce91
System has findroot enabled GRUB
Generating boot-sign, partition and slice information for PBE
Saving existing file in top level dataset for BE as //etc/bootsign.prev.

Generating boot-sign for ABE
Saving existing file in top level dataset for BE as //etc/bootsign.prev.
Generating partition and slice information for ABE
Boot menu exists.
Generating direct boot menu entries for PBE.
Generating xVM menu entries for PBE.
Generating direct boot menu entries for ABE.
Generating xVM menu entries for ABE.
GRUB menu has no default setting
No more bootadm entries. Deletion of bootadm entries is complete.
GRUB menu default setting is unchanged
Done eliding bootadm entries.


**********************************************************************

The target boot environment has been activated. It will be used when you
reboot. NOTE: You MUST NOT USE the reboot, halt, or uadmin commands. You
MUST USE either the init or the shutdown command when you reboot. If you
do not use either init or shutdown, the system will not boot using the
target BE.

**********************************************************************

In case of a failure while booting to the target BE, the following process
needs to be followed to fallback to the currently working boot environment:

1. Boot from Solaris failsafe or boot in single user mode from the Solaris
Install CD or Network.

2. Mount the Parent boot environment root slice to some directory (like
/mnt). You can use the following command to mount:

mount -Fzfs /dev/dsk/c1t0d0s0 /mnt

3. Run utility with out any arguments from the Parent boot
environment root slice, as shown below:

/mnt/sbin/luactivate

4. luactivate, activates the previous working boot environment and
indicates the result.

5. Exit Single User mode and reboot the machine.

**********************************************************************

Modifying boot archive service
Activation of boot environment successful.


# init 6

Sun Solaris DTrace - counting page-ins

Need more details than:

% kstat -n vm | grep pgin
anonpgin 727
execpgin 0
fspgin 1012885
pgin 999385
pgpgin 1013612
anonpgin 1347
execpgin 0
fspgin 187550
pgin 46875
pgpgin 188897

22:41 <> hello, is there a way to see what processes could be causing a page-in excess?
22:43 <> dtrace pgin

As always, DTrace to the rescue :-).

cthulhu# dtrace -n pgin'{@[pid, execname] = count();}'
dtrace: description 'pgin' matched 1 probe

^C

27462 gnome-keyring-da 1
27495 wnck-applet 1
430 dbus-daemon 2
27446 gnome-session 2
27483 nautilus 4
27319 Xorg 11

Making VirtualBox work in headless mode on Solaris

If you've ran VirtualBox 1.6.2 on Solaris or OpenSolaris (SXCE anyway) you'll see something interesting happen when you run VBoxHeadless (let's say in GNU screen) and kill X :-). It will die.

cthulhu% ./VBoxHeadless -s CentOS51
VirtualBox Headless Interface 1.6.2
(C) 2008 Sun Microsystems, Inc.
All rights reserved

Listening on port 3389
X connection to :0.0 broken (explicit kill or server shutdown).

Which is kind of silly for something called "headless"...

Here's the fix:

env DISPLAY=buggerthis /opt/VirtualBox/VBoxHeadless -s SomeMachine

Now you can kill X happily.

It basically dies when :0.0 dies. Make it look for another DISPLAY, and it's fine.

Mortal Kombat 4 on Solaris - Wine

Using Wine, DosBOX, DosEMU, GSNEX, GBA, ePSX and various other Windows, DOS and game console emulators you can get a fair amount of fun old games running on Solaris (like StarCraft, Mortal Kombat Series, Final Fantasy 1-8, etc). Not to mention the whole Doom, Quake 1,2,3 series using the open sourced engines.



Add a Windows XP in VirtualBox to the mix and you're set :-). You can also use SeamlessRDP to run remote Windows app on your desktop.

Installing TeX Live 2008 LaTeX distribution on Solaris

If you're installing TeXLive on Solaris you'll run into some issues with tar / GNUtar (gtar).

I've used the small bootstrap installer available on CTAN.

# ./install-tl
...
Installing: 12many
tar: /dev/rmt/0: No such file or directory

It basically sends UNIX tar GNU tar flags. Just copy /usr/bin/gtar to ~/bin/tar (or some other PATH) and put that in PATH first. TeX Live will install just fine.

# copy /usr/bin/gtar /root/bin/tar
# export PATH=/root/bin
# ./install-tl

Deploying IBM DB2 inside a Solaris 10 Container

1. Creating the ZFS filesystem:
# zfs create rpool/export/zones

2. Configuring the DB2 zone:
# zonecfg -z db2
db2: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:db2> create
zonecfg:db2> set zonepath=/export/zones/db2
zonecfg:db2> set autoboot=true
zonecfg:db2> add net
zonecfg:db2:net> set address=192.168.1.100/24
zonecfg:db2:net> set physical=iwk0
zonecfg:db2:net> end
zonecfg:db2> verify
zonecfg:db2> commit
zonecfg:db2> exit

3. Installing the DB2 zone:
# zoneadm -z db2 install
A ZFS file system has been created for this zone.
Preparing to install zone .
Creating list of files to copy from the global zone.
Copying <9648> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <1319> packages on the zone.
Initialized <1319> packages on zone.
Zone is initialized.
Installation of these packages generated errors:
Installation of these packages generated warnings:
The file contains a log of the zone installation.

4. Listing the zones:
# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
- db2 installed /export/zones/db2 native shared

5. Booting the DB2 zone:
# zoneadm -z db2 boot

6. Logging into the zone:
# zlogin -C db2
[Connected to zone 'db2' console]

Configure the initial system (locale, etc).

7. Install IBM DB2 Database 9:
db2# gunzip db2_v9fp1_ese_solaris_x64.tar.gz
db2# tar xvf db2_v9fp1_ese_solaris_x64.tar
db2# cd ese/disk1/
db2# ./db2_install


Default directory for installation of products - /opt/IBM/db2/V9.1

***********************************************************
Do you want to choose a different directory to install [yes/no] ?
no


Specify one or more of the following keywords,
separated by spaces, to install DB2 products.

CLIENT
RTCL
ESE

Enter "help" to redisplay product names.

Enter "quit" to exit.

***********************************************************
CLIENT RTCL ESE
DB2 installation is being initialized.

Total number of tasks to be performed: 41
Total estimated time for all tasks to be performed: 915

Task #1 start
Description: Checking license agreement acceptance
Estimated time 1 second(s)
Task #1 end

Task #2 start
Description: GSKit support
Estimated time 19 second(s)
...

8. Add a regular user account to your DB2 zone:

db2# mkdir -p /export/home/cmihai
db2# useradd -s /usr/bin/zsh -d /export/home/cmihai cmihai
db2# chown cmihai /export/home/cmihai
db2# passwd cmihai
New Password:
Re-enter new Password:
passwd: password successfully changed for cmihai
db2# su - cmihai
db2% cd /opt/IBM/db2/V9.1/bin

Check locale(1) and export LC_ALL=C if needed or db2 will complain:

db2% ./db2fs
couldn't set locale correctly

Make sure you read the install log in /tmp.

Here's a tip though: if you can, use the Graphical installer (ssh -X and run db2setup instead of db2_install).
All you need now is add various tuning, limitations and zfs quotas, etc.

If you need to start over, there's always ZFS snapshots or db2_deinstall.

Either way, if you need to create an instance:

# ./db2icrt -s wse -u db2fenc1 db2inst1
Sun Microsystems Inc. SunOS 5.11 snv_90 January 2008
Sun Microsystems Inc. SunOS 5.11 snv_90 January 2008
DBI1070I Program db2icrt completed successfully.

You can now use db2 to create a database and connect to it.

# db2
db2=> CREATE DATABASE test
db2 => CONNECT TO test
Database Connection Information

Database server = DB2/SUN64 9.1.1
SQL authorization ID = DB2INST1
Local database alias = TEST

db2 => CREATE TABLE clients (name char(25), surname char(50))
DB20000I The SQL command completed successfully.
db2 => LIST TABLES

Table/View Schema Type Creation time
------------------------------- --------------- ----- --------------------------
CLIENTS DB2INST1 T 2008-06-11-05.39.58.167896

1 record(s) selected.

db2 => INSERT INTO clients VALUES ('Some','Guy')
DB20000I The SQL command completed successfully.
db2 => SELECT * FROM clients

NAME SURNAME
------------------------- --------------------------------------------------
Some Guy

1 record(s) selected.

Building xpdf on Solaris

Building xpdf on SXCE 90:

xpdf has some issues building with Sun Studio, so I suggest you use gcc. Make sure you export CC=g++ or linking will fail.

export PATH=/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ucb:/usr/sbin:/opt/SUNWspro/bin:/usr/local/bin:/usr/sfw/bin:/usr/sfw/sbin
export CC=/usr/sfw/bin/g++
./configure --with-freetype2-library=/usr/lib --with-freetype2-includes=/usr/include/freetype2 && gmake
su
gmake install

Compiling GNU Screen, irssi and Emacs on Solaris with Sun Studio 12

Screen, Emacs and irssi aren't included in Solaris, and the Sun Freeware versions tend to be out of date. Blastwave usually pulls in too many depends. You can compile screen, irssi and emacs without any additional depends on SXCE 90 and you get to use SS12.

Here's how you compile them on SXCE 90 using Sun Studio 12.

1. Install Sun Studio 12. If you have SXCE, just use the Developer Tools installer from the DVD.
2. Export a PATH that includes Sun Studio (you can also just export CC):
   PATH=/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ucb:/usr/sbin:/opt/SUNWspro/bin
   export PATH
3. Download and untar the sources
4. ./configure --prefix=/usr/local; gmake; su; gmake install

If you're compiling screen, it will fail. It's because it assumes you're using Solaris 9 or older / no setenv.
Look for the offending line:

# if defined(linux) || defined(__convex__) || (BSD >= 199103)
setenv(var, value, 1);
# else
setenv(var, value);
# endif /* linux || convex || BSD >= 199103 */
#endif /* USESETENV */

Just replace setenv(var, value); to use 3 parameters: setenv(var, value, 1);


Better yet (pkgsrc):

1. Index: misc.c
2. --- misc.c.orig 2003-12-05 14:45:41 +0100
3. +++ misc.c 2006-07-13 18:00:46 +0200
4. @@ -613,7 +613,7 @@
5. */
6. # endif /* NEEDSETENV */
7. #else /* USESETENV */
8. -# if defined(linux) || defined(__convex__) || (BSD >= 199103)
9. +# if defined(linux) || defined(__convex__) || (BSD >= 199103) || defined(__sun)
10. setenv(var, value, 1);
11. # else
12. setenv(var, value);

Now screen will compile. You can also make packages.

Other software such as top, smartctl (smartmontools) and so on all compiles cleanly without the need for 3rd party depends.

ZFS Root in Solaris Express Community Edition - SXCE 90

Solaris Express Community Edition now supports ZFS root. Pick Solaris Express Developer in the grub menu, exit the X gui installer (Ctrl - Alt - Backspace) and use the text mode installer (install-solaris from the console). Now select "ZFS root" :-).

You should now have a default ZFS rpool.

It also supports JumpStart:

http://opensolaris.org/os/community/zfs/boot/zfsbootFAQ/

Disable OpenSolaris Network Auto-Magic (NWAM)

NWAM is now enabled by default, but it has some limitations (only one NIC is enabled, etc). Personally, I like to configure the network interfaces myself.

To disable Network Auto-Magic on SXCE (Solaris Express Community
Edition) or Indiana (OpenSolaris):

# svcadm disable svc:/network/physical:nwam

Custom df (diskfree) column output in Solaris using nawk

Let's say you want to combine some features of "df -h" with "df -n" to show filesystem type and some other custom modifications to the output. This is where awk/nakw/gawk/whatever come in handy:

% df -g | nawk '{if (NR % 5 == 1) printf "%-22s", $1 ; if (NR % 5 == 4) printf "%-10s", "fstype " $1 "\n"; if (NR % 5 == 2) printf "%-30s",$1/2/1024/1024 " GB"; if (NR % 5 == 2) printf "%-30s", $4/2/1024/1024 " GB free "}'

/	33.6627 GB	18.4351 GB free	fstype ufs
/devices	0 GB	0 GB free	fstype devfs
/system/contract	0 GB	0 GB free	fstype ctfs
/proc	0 GB	0 GB free	fstype proc
/etc/mnttab	0 GB	0 GB free	fstype mntfs
/etc/svc/volatile	7.88214 GB	7.8813 GB free	fstype tmpfs
/system/object	0 GB	0 GB free	fstype objfs
/lib/libc.so.1	33.6627 GB	18.4351 GB free	fstype ufs
/dev/fd	0 GB	0 GB free	fstype fd
/tmp	7.88142 GB	7.8813 GB free	fstype tmpfs
/var/run	7.88134 GB	7.8813 GB free	fstype tmpfs
/export/home	74.4858 GB	1.87458 GB free	fstype ufs
/storage	108.639 GB	66.9259 GB free	fstype nfs

You can also add a comma (,) to the separators and output > csv (you can open the comma separated values table in Excel or OpenOffice or any other Spreadsheet application) :-).

Solaris SnapUpgrade - LiveUpgrade replacement for ZFS root.

Apparently, LiveUpgrade won't be opensourced, or included in "Indiana", but there is a ZFS aware replacement in the works:

BE Utility for Snap Upgrade

The BE utility is the user interface for managing Boot Environments and is the replacement for the Live Upgrade commands (luupgrade(1M), lucreate(1M)...) This utility is intended to be used by System Administrators who want to manage multiple Solaris Instances on a single system. The BE utility will be implemented with ZFS support only, however a migration path from UFS to ZFS will also be supported but not in the Spring release.

Solaris 10 update 5 Released

Solaris 10 5/08 has been released.

Project Etude - The Solaris 8 Migration Assistant now free

Project Etude - that lets you run Solaris 8 Containers (Zones) is now free.
Announcement here. Solaris 9 containers will also be available.

The project has been renamed into Solaris 8 Migration Assistant.

RE:Trace - DTrace based Vulnerability Auditing Framework

RE:Trace is a set of Ruby scripts that use DTrace for exploit development.

DTrace whitepaper here.