tecosystems

Solaris-ing the New RedMonk Gear

Share via Twitter Share via Facebook Share via Linkedin Share via Reddit


The V20Z Finds a Home

Originally uploaded by sogrady.

While we’re on the subject of Sun’s new Opteron tin, the gear that’s (in part) powering one of my favorite services, del.icio.us, I thought I’d introduce everyone to the newest addition to the RedMonk hardware family (courtesy of one John Fowler, who is seriously dedicated to this Share idea ;). I spent a few hours yesterday afternoon getting it up and running and into its new home at a datacenter down in Englewood, CO.

Which OS?

When I first got the V20Z, I seriously contemplated dropping in Gentoo, because some folks have been having success running it in such a fashion and after a few years of running as a desktop and server it’s an OS I’m very comfortable with. But after giving it a bit of thought, I decided that I’d prefer to go with a Solaris install, a.) so that I could get a first hand look at some of the new features that Bryan, Claire, Erik, John, Jim, Stephen and a host of others are talking about, b.) because some of my future plans for the box (i.e. providing open source folks and small projects with spaces of their own) make Zones a very attractive feature, and c.) because my Unix skills – not Linux, but Unix – are very, very rusty (haven’t been really hands on with one apart from running applications in maybe 7 or 8 years) and could use with some brushing up.

So having made the decision to go with Solaris, my options were Solaris 10 or OpenSolaris (there was zero chance of me going with the Solaris 9 CD’s that shipped with the hardware). My expectation was that I’d be going with OpenSolaris, but the fact that it required a prior environment install (Solaris Express) coupled with my overall inexperience with the Solaris environment led me to select the simplest possible approach: plain old Solaris 10 to begin, with the plan to migrate to OpenSolaris down the road.

Fortunately, Solaris 10 is relatively easy to download – you simply head over here, fill out a form, and grab the source. It was a bit of a pain for me, however, as I actually had to reregister because my usual lower level passwords were apparently not used in the original registration and my password reminder emails never showed up. Given that I’d left the task of downloading the ISO’s till the day of the install at the colo, I couldn’t wait so I simply registered again under a different username/email combo. Inefficient though such a process might be, it worked fine and I was quickly thereafter able to download the 4 required ISO images (in ZIP form) and burn them onto CD’s. Popping them in the case, I headed down the road to the Denver Tech Center where our new datacenter is located.

Installing Solaris 10

As previously mentioned, my overall experience level with Solaris in general, let alone the latest and greatest, is minimal. My touchpoints with the OS are limited to having used it as a platform for a variety of applications back in my systems integration days. In other words, I’ve installed things on it, but never installed it myself. Given that, I expected it to be a real battle getting the thing installed and up and running. This proved to only be partially true. After popping in the disk (once I finally figured out that the V20Z has power switches in back AND in front – as is clearly noted on the installation sheet πŸ˜‰ and booting up, I was dropped into a text based setup screen that ultimately fed me into a relatively polished GUI setup workflow.

That part, then, was good for a Solaris rookie such as myself. I was disappointed, however, at the relative paucity of real, hand-holding installation materials that I’ve become accustomed in projects such as Gentoo (more on this later). For example, I found nothing in the Solaris world comparable to the Gentoo Handbook here. While the wizard was fairly straightforward, there were a couple of instances where I was a bit lost – in the networking section, for example, I wanted to feed it DNS name servers but it seemed to want to configure itself as a name server.

Despite my misgivings about the documentation, however, a non-Solaris person such as myself was in relatively short order able to get at least the base OS laid down with only minor issues and questions. That’s not bad. With the OS installed, it was time to shut the machine down and move it from the datacenter’s lab to the actual rack that would be its home.

Finalizing the Installation

The first problem was slightly, um, basic? I couldn’t shut the machine down. After a reboot, I’d been presented with two choices for UIs – CDE or JDS – and I chose JDS (which is GNOME based). No issues there, but on logout I came back to whatever the Solaris equivalent of GDM is, and there’s no shutdown button. Lots of different options, but no shutdown button. I tried logging into a console and executing a manual shutdown, but it gave me some sort of RPC error. Not having the patience for this, I used the next best method available to me – the power switch.

We (Icelab’s (our colo provider) Zach Weber and I) then unplugged the monitor, keyboard, and mouse and dragged the machine from the lab over to its new home. After plugging in the network connection and pulling over a crash cart with monitor and keyboard, we booted up. To shortcut what took us about an hour to figure out, we had three separate and mostly unrelated problems. First, there was a problem with the hostname / domain setup – clearly my fault, and actually still unresolved. Second, Solaris, having configured itself for the monitor in the lab, choked on the crash cart monitor and therefore X (the GUI) crapped out. I tried to restart and inform Solaris that the hardware had changed, but it wasn’t obvious how to tell it we had a new monitor. Normally, the lack of a GUI’s not such a big deal, as you can exit to the console and do what you need to do. But unfortunately, problem three was that the keyboard on the cart was either a.) defective or b.) sufficiently distinct from the keyboard in the lab that Solaris wouldn’t allow it to work. This made things slightly more challenging.

No problem, I thought, we can just SSH into the box from my laptop and fix things that way. Nope, as Solaris 10 does not include SSH (you can add it via svcadm enable svc:/network/ssh:default – thanks to the tip here) in the default run layer, though it does include sendmail, curiously enough (it took me almost 20 minutes to find out that what rc-update show gives you in Gentoo, svcs -a gives you in Solaris). Eventually we ended up bringing in the keyboard from the lab, which at least allowed us (Zach figuring out most of it) to add SSH and a user permitted to use it (useradd -u 1010 -g root[1] -d /export/home/sog -s /bin/bash -c “stephen ogrady” sog – then passwd sog to set the password).

Conclusions

Once all that was figured out, we rebooted the box, and given that I was able at least to get in via SSH I counted my mission as accomplished and headed for home. Overall, I’d say that Solaris install experience is not bad, as many of these errors were my inexperience rather than shortcomings of the OS. That, however, does highlight the need for comprehensive but very granular and step by step documentation. For example, I would have killed for some sort of Linux to Solaris Rosetta stone, i.e. rc-update show = svcs -a, ps aux = ps -ef etc. If Solaris – and particularly OpenSolaris – really wants to be market itself to the masses, it needs to have readily available, easily discoverable, dead simple documentation. The shiny new features will undoubtedly prove to be hugely valuable, but they’re still dependent on people actually being able to use them. First feature I need to learn? Zones, ASAP.

Oh, and what about the hardware? Well, I haven’t really pushed it yet so I have little of substance to report, but based on Tim Bray’s informal little test here – it’s fast. Really fast. It also looks cool (more valuable than you’d think) and runs loud. It drew more than a few compliments from Zach, who presumably has seen his share of boxes.

Which reminds me – thanks to Zach for all of his help, and if you’re in the Denver area, you might consider coloing with these folks; I’m not a hosting expert, but $55/month/U is tough to beat, in my experience. For more photos of the install, see my Flickr set here – and especially (if you have a sense of humor), this shot of some of the other machines in my rack.

Other Solaris Observations

Inspired by Tim Bray’s entry here (and duplicating many of his questions), here are a few concerns, questions, and other issues regarding my experiences to date with Solaris.

  1. Wiki?: Sun’s reportedly on the wiki bandwagon big time – indeed, we got some very valuable insight into the various wiki packages from Sun employees. Many of their engineers are using them internally to collaborate on projects, which is not too surprising when you consider that many of Sun’s employees do not work local to each other. But I have thus far not turned up either Solaris or OpenSolaris wikis – am I missing something? As I discussed last week, a wiki would have been highly preferable to crawling through pages of forum replies seeking a single answer. Given the documentation issues I mentioned before, I think wikis could a significant value add.
  2. Bash?: The default shell in Solaris is apparently some sort of POSIX equiv, and while I’m not enough of a Unix guy to have strong preferences as does Tim, I hate the default. No backspace? No prior commands? Seriously? I was ecstatic when my SSH session threw me into bash.
  3. Services?: For an OS with the secure reputation of Solaris, I’m rather surprised at the volume of services that run out of the box: sendmail, finger, telnet, sun-manageconsole, and a host of other things which I have no idea how to shut off [2]. I would have expected that the install would present me with options for these, but I didn’t see it.
  4. Missing executables?Given my experiences with Gentoo’s Portage, one of the first things I wanted to do for Solaris was install Blastwave’s pkg-get, so I hopped over there and did a wget. Or, rather, I tried to. Wget isn’t operational. Tim discusses this here, and sure enough wget is right there in my /usr/sfw/bin path, but when I go to edit my profile to let Solaris know where it might be found, I discover that there’s no nano [3], only Vi to edit the profile file. I hate Vi worse than I hate the default shell, and attempting to edit my profile I lock myself up inside of 10 seconds. My question? If Solaris ships with these apps, why on earth is the path not included in the default environment profile?
  5. Languages/Platforms: Perl and Java appeared to be installed by default, but interestingly my build did not include Python as did Tim’s. Oh, check that – it will once I figure the binaries path issue.

[1] There’s apparently no “wheel” group in Solaris

[2] nmap is here:
21/tcp open ftp
22/tcp open ssh
79/tcp open finger
111/tcp open rpcbind
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
513/tcp open login
514/tcp open shell
898/tcp open sun-manageconsole
4045/tcp open lockd
7100/tcp open font-service
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
32775/tcp open sometimes-rpc13
32776/tcp open sometimes-rpc15
32777/tcp open sometimes-rpc17
32780/tcp open sometimes-rpc23

[3] Yes, I’m a huge Unix wuss

13 comments

  1. I think the shell argument kind of funny. First of all, because it's very easy to solve (just use another shell), secondlly, because it was the first reaction when booting JDS for the first time (WHAT?!?! This thing doesn't have ksh?!?!) and, finally, because I found out that people complaining about the shell were right. If Solaris wan't to became an O.S. for all people, Sun has to pay more attention to those details like the shell, the automatic CDROM ejection and other stuff like that.
    PS. You might want to solve the backspace "problem" by typing "stty erase "

    Oh, I almost forgot, … Welcome to the club πŸ™‚

  2. Hey, I'm into sharing too. Want a Sun Ray or two to go with that Opteron?

  3. What kind of bandwidth are you getting for that $55? That is cheap, but 1u doesn't cost the hosting center much if there isn't any bandwidth.

    BTW, the server looks a lot like my $700 SuperMicro ; ) Just kidding.

  4. BTW, that nmap looks down right frightening. ; )

    It scares the hell out of me when I see ports open that I don't even know what they are for. Looks like the first think you need to do is figure out the firewall options.

  5. Jaime: i think you hit the nail on the head when you call it the little things. sure, i can drop into bash, but is there a reason to use a less functional shell? pre-S10, apparently there was (due to dynamic library concerns), but now? and thx for the welcome.

    ThinGuy: twist my arm πŸ˜‰ short answer is yes, i've wanted to demo the SunRays for a while. if you've got one to spare, drop me a line over email.

    Christopher: 10GB/month. fine for what should be modest needs on our part.

    and yes, the nmap is terrifying. my only consolation is that there's nothing of any consequence on the box at the moment, so if it's 0wn3d, i'm only out the install time. first step is shutting down the services.

  6. Vi is something you need to know how to use…. at one point in history ed was the ed[itor] of choice on *nix systems, but today vi is standard. You don't need to know anything advanced. Just how to move around (hjkl), and how to save (ESC, :wq). Once you can do that, you can edit just enough to get yourself your nano.

  7. If you really like the old BSD-style 'ps' arguments, that's still there (and supported) under /usr/ucb/ps.

    As for the shells issue, Solaris ships with a number of different shells, but the default must remain the old UNIX Bourne shell for compatibility reasons. We prize compatibility highly; breaking some obscure working application just to follow a fad isn't something we do.

  8. Matt: i should have been clearer on this – i actually can use it, i'm just terrible with it. it has been, as you note, the standard for a while – but a lot of the Linux distros i've used supply nano as well, which is far more user friendly (IMO). the good news is that i was able to (with the help of a cheat sheet) do what i needed to do, and now have my beloved nano πŸ™‚

    James: the ps stuff i actually probably won't bother with; that i think is simply just a learning exercise.

    on the shell front, i'm aware that there are other options. what i'm wondering is why you ship with that as the default? i don't believe it's compatability, since from what i gather from dennis over at blastwave it's safe to alter the root shell in version 10 (but not prior versions). as for it being a fad, i don't think i'd use that term in conjunction with bash or alternatives, a.) because that implies that they are shortlived, which doesn't seem to be the case, and b.) because a high volume of users seem sufficiently motivated to take the risk of altering their root shell – indicating that it may be an actual need.

  9. To shutdown quickly most of the Solaris default services with open ports:

    # svccfg apply /var/svc/profile/generic_limited_net.xml

    (More details at the provided URL.) Other points all well taken.

    — Stephen

  10. thanks for the tip, Stephen – but after running it my nmap only shows a few more services shutdown. it seems as if from the script (http://cvs.opensolaris.org/source/xref/usr/src/cmd/svc/profile/generic_limited_net.xml) provides for several services, and many of the remaining running services are nfs/rpc related. i guess they have to stay, but it still seems like more openings than necessary.

  11. Hey, Stephen. Regarding wikis: opensolaris.org will be wiki-fied, so to speak, more than it is now. We had a wiki in the pilot program, we do use wikis internally for various things, and the current live site now has some wiki features in that community members (that is, members of a *specific* community) can edit their community pages. For instance, the DTrace community has a community (non-Sun) editor along with Bryan and Adam, so does the PPC community, and I plan to add community people to my user group community as editors when we open that up (hopefully this week). So, editors of a community — initially Sun people — can add external people as editors right now. Over time (sooner, rather than later), we'll build access control into the system so that we can assign different levels of rights to people (internal to Sun and external as well) so they can have the freedom to write and edit and build out the content of their communities but not necessarily step over each other. And editorial policy outlining who does what on the site would be helpful, too. πŸ™‚ — Jim

  12. Hi Stephen, the reason the wheel group is missing is that wheel came from BSD and was not brought over into Solaris in the transition between SunOS 4.x and Solaris 2.x. It also happens to be one of the BSD'ish features in Linux.

    David

  13. If you'd like to get nano, try installing Blastwave – http://www.blastwave.org – on Solaris. You can use their pkg-get tool which works similarly to Debian's apt-get, and they have a nano package (I'm the nano maintainer for them).

Leave a Reply to sogrady Cancel reply

Your email address will not be published. Required fields are marked *