Monday, March 10, 2008

How to start a Trivial-FTP server on Solaris 10

Managing network services under Solaris 10 is a bit different to what it used to be with older Solaris releases. As an example I will show how to set up a Trivial FTP server.


The tftp service software ships with Solaris, but is not configured by default. In my work I need a tftp server quite often, for example it is used to update flash firmware on the system controllers on some of Sun's server systems.


With Solaris 10 you need to define a “SMF service manifest” ... something which can be as complex or as simple as you want it to be. You will find a commented entry for a tftp service in the /etc/inetd.conf file, but simply un-commenting and sig-HUPing inetd it is not enough to start the service. You need to manage the service through the SMF tools.


Solaris 10 ships with a very handy tool to convert inetd.conf entries to SMF service manifests, in the form of the inetconv command.


Make a copy of the /etc/inetd.conf file, eg in /tmp and edit it to un-comment the tftp service entry. You can do some basic customizing, eg to the startup options for the service program, eg if you want to use a non-default directory for the service, change the definition on the line to reflect this. If there are any other service entries in this file you should remove them before continuing, leaving only the entry for the service that you are busy configuring. In the below example I set /export to be the tftp base directory:


tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /export


Then run inetconv, specifying the modified file you created, like this


Bash-3.2# inetconv -i /tmp/myservice_inetd.conf


The new service will be created as follow:


tftp -> /var/svc/manifest/network/tftp-udp6.xml

Importing tftp-udp6.xml ...Done


You can now check the service and start or stop it with the normal svc commands, like this:


bash-3.2$ svcs tftp/udp6

STATE STIME FMRI

online 10:30:05 svc:/network/tftp/udp6:default






Posted by Hartz at 14:47 1 comments

Labels: , , , , ,

StumbleUpon

Sunday, March 9, 2008

Automating the system identification for a Solaris zone to speed up zone deployment


Recapping, I demonstrated how to create a basic Solaris zone from scratch. Then I showed how to use ZFS snapshots to add the ability to “reset” a zone to a clean state, and how to speed up the definition step by exporting a zone configuration file and then using this as a template for defining zones.


This can save a considerable amount of time with complex zones. The other two steps of creating a zone, namely installing it (populating it with files) and setting it up by completing the system identification during the first boot can also be improved one, the first by using the zoneadm “clone” feature, and the second by using a pre-defined sysidcfg file (and maybe a few other tweaks) injected into the zone file system before it is booted the first time.


This blog entry talks about the second of these.


The sysidcfg file is simply a text file with lines specifying the values for the various options. This file is placed in the zone's /etc directory in its root file system, before it is booted. Then during boot-up, the file is read and any specified values prompted, while any missing items will be prompted for as per normal.


The items that can be set are as follow:


Item

Variable Name

Description of Values

Security Policy

security_policy

Kerberos or NONE. If set to “kerberos”, additional properties can be set. If not specified, a value will be prompted.

Name Service

name_service

NIS, NIS+, LDAP, DNS, NONE. Some additional properties are available when using NIS, NIS+, LDAP or DNS. If not specified, you will be prompted for the appropriate value(s).

NFSv4 Domain Name

nfs4_domain

Specify either the keyword “dynamic”, or provide the value to be used for the NFS4 domain name as a Fully Qualified domain name. If not specified, you will be prompted for the appropriate value(s).

Region and Time zone

timezone

Ether give the time zone from /usr/share/lib/zoneinfo/* or else specify a GMT-offset value. If not specified, you will be prompted for this information.

Terminal Type

terminal

Specify the TERM type, eg vt100. If not specified, you will be prompted for this value.

Locale

system_locale

Specify a locale, eg C, such as found from /usr/lib/locale. If not specified, you will be prompted for this value.

Root Password

root_password

The Encrypted root password. To get this, the easiest is to make a dummy user, set its password to what you want, and then copy the encrypted value from the /etc/shadow file. Other options include writing a little perl script or C program to produce the encrypted version of a password. If not specified, you will be prompted during the first boot.

Network Settings

network_interface

Except for the hostname, these are normally obtained from the zone definition. It can be specified here to override those values, but will not be prompted if not specified.


Note: It is entirely possible to use sys-unconfig in a zone. Doing so will have a similar effect to running sys-unconfig on a global zone or normal Solaris system: The zone will halt and on the next boot you will be presented with prompts for the system identification items. Be Aware that sys-unconfig also removes the zone's root key, and a new one will be generated on the first boot after the system was un-configured.


Something else to note is that a zone's “hostname” and “zone name” does not have to be the same. If you do keep it the same, there will be less opportunity for confusion. While the other network settings for a zone is obtained automatically from the zone's definition, the hostname will still be prompted. To eliminate this prompt, include a network settings section in the zone's sysidcfg file.


Some items available in the sysidcfg file for a normal system can not be set during a zone's system identification as it relies on configuring the kernel and a zone does not have its own dedicated kernel. These include items like power management and the Date and Time, including a Time-server.


An example of a basic sysidcfg file might look like this:


bash-3.2# cat sysidcfg

nfs4_domain=dynamic

security_policy=NONE

timezone=Africa/Johannesburg

terminal=vt100

system_locale=C

name_service=NONE

network_interface=PRIMARY {hostname=ziggy.mydomain}


In the above example the keyword PRIMARY is used to automatically select the only interface configured on this zone. This effectively allows for setting the zone name in the sysidcfg template with minimal fuss. It is of course also possible to use the interface name.


If any of the options are omitted from the file, those items will be prompted for in the usual manner. I did not specify the root login password, so that will be the only item which will be prompted for during the boot up process.


To test this, do the following:

  1. Define the zone (using zonecfg)

  2. Install the zone (using zoneadm -z zonename install

  3. Copy the sysidcfg file to the zone's etc file, eg
    cp sysidcfg.template /export/zones/zonename/root/etc/sysidcfg

  4. Boot the zone and connect to its console, eg
    zoneadm -z zonename boot; zlogin -C zonename


And voila! Now you can automate the zone definition and the zone's system identification. In the next part I'll show how to speed up the Installation step.






Posted by Hartz at 21:17 0 comments

Labels: , , , , , , , , , , , , ,

StumbleUpon
Subscribe to: Posts (Atom)