File Server, part 3: Tweaking a fresh OpenSolaris install

Posted

Right out of the box, OpenSolaris is ready to use as a desktop system. This is great, but that’s not what I’m using it for. It’ll be used as a hefty server at home, so there’s a lot of fat I can trim to keep it running with as little overhead as possible. I’ll also need to install and configure a few Sun-provided services like OpenSSH, iSCSI, SMB/CIFS, and NFS.

Disabling the X environment (the GUI) and using OpenSSH

Since X takes a good amount of memory to run, and I won’t be using it, this is a great place to start. I’d really also prefer to configure everything else from a command line rather than the GNOME-based GUI tools. I run the following command after logging into X as my unprivileged account and starting the terminal app:

brian@hal:~$ pfexec svcadm disable gdm

Immediately, I am logged out and X shuts off; I now see a blank, black screen. I had to hit enter before I could see a login prompt. I’ll log back in. OpenSSH is already installed and running, so I’ll log in to the console to find the IP address I’ve been assigned:

brian@hal:~$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
e1000g0: flags=201004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 2
        inet 10.0.0.72 netmask ffffff00 broadcast 10.0.0.255
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
        inet6 ::1/128
e1000g0: flags=202004841<UP,RUNNING,MULTICAST,DHCP,IPv6,CoS> mtu 1500 index 2
        inet6 fe80::20c:29ff:fe4d:1405/10

Looks like my NIC interface is e1000g0. To make the rest of my experience easier for me, I’ll now SSH to 10.0.0.72 to perform everything else, then assume the root role so I don’t have to keep prefixing all my privileged commands with pfexec:

brian@shuttle:~$ ssh brian@10.0.0.72
The authenticity of host '10.0.0.72 (10.0.0.72)' can't be established.
RSA key fingerprint is 79:fb:b6:d9:b6:1a:c9:8f:dd:e4:f7:df:97:23:e8:d2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.72' (RSA) to the list of known hosts.
Password:
Last login: Sat May  2 14:35:46 2009
Sun Microsystems Inc.   SunOS 5.11      snv_101b        November 2008
brian@hal:~$ su -
Password:
Sun Microsystems Inc.   SunOS 5.11      snv_101b        November 2008
root@hal:~#

Booting in text mode

Unfortunately, disabling gdm is not enough if you want a GUI-less console. Due to a bug in OpenSolaris (at least in the 2008.11 release), the blue boot screen will never turn off after a successful, gdm-less boot. As a result there is no way to log in to the console. We’ll need to tell GRUB to boot into text mode by default instead.

You could edit the /rpool/boot/grub/menu.lst file yourself, but there’s a handy bootadm utility to save you a step or two. I’ll also set the boot selection timeout to 2 seconds rather than 30 seconds, as it will drastically reduce my server’s boot time.

root@hal:~# bootadm list-menu
The location for the active GRUB menu is: /rpool/boot/grub/menu.lst
default 0
timeout 30
0 OpenSolaris 2008.11 snv_101b_rc2 X86
1 OpenSolaris 2008.11 snv_101b_rc2 X86 text boot

root@hal:~# bootadm set-menu default=1
root@hal:~# bootadm set-menu timeout=2

That’s it. It will boot into text mode by default next time, and nearly half a minute sooner.

Setting a static IP address

Before setting the static address on the NIC itself, I also need to prepare a few other things for statically-set DNS resolution. I’ll start by editing my /etc/resolv.conf file to look like the following:

domain systempoint.us
nameserver 10.0.0.5

Now I need to change the resolution search order so that DNS is preferred. This requires me to restart the DNS client service:

root@hal:~# cd /etc
root@hal:/etc# cp nsswitch.conf nsswitch.original
root@hal:/etc# cp nsswitch.dns nsswitch.conf
root@hal:/etc# svcadm restart svc:/network/dns/client:default

Finally I’ll edit the /etc/nwam/llp file to change my NIC from dhcp to static configuration. My new llp file looks like the following:

e1000g0 static 10.0.0.4/24

To specify the default gateway, I’ll create and edit the /etc/defaultrouter file:

10.0.0.1

Now I’ll disable the DHCP service, enable the network/physical:default service, and restart NWAM. Note that the ssh session will be disconnected at this point, but a new one can be started at the static address I just set up.

root@hal:/etc/# svcadm enable svc:/network/physical:default
root@hal:/etc/# svcadm restart svc:/network/physical:nwam

I recommend rebooting at this point to make sure the system will initialize correctly on a fresh boot with the new configuration, and to make sure the boot menu options worked fine.

Keep in mind that, provided you have decent hardware, this is the most you’ll ever need to reboot a Solaris server.

Installing Packages

Next I need to install a few packages for file sharing. While they are Sun-provided, they are not automatically installed. OpenSolaris makes it easy to do so with the pkg command.

I’ll need packages for the CIFS/SMB service and iSCSI target service. These can be installed with the following. Note: I’ve omitted output from pkg because it is very verbose, is much the same for all instances below, and all attempts were successful.

root@hal:~# pkg install SUNWsmbs SUNWsmbskr
root@hal:~# pkg install SUNWiscsitgt

Enabling NFS, iSCSI, SMB facilities

Now we’ll enable all our file sharing services and the services they depend upon.

root@hal:~# svcadm enable -r nfs/server
root@hal:~# svcadm enable -r system/iscsitgt
root@hal:~# svcadm enable -r smb/server
svcadm: svc:/milestone/network depends on svc:/network/physical, which has multiple instances.

It’s safe to ignore the svcadm warning shown above.

Configuring SMB

By default, the SMB server resides in WORKGROUP. I’ll join my existing workgroup, using all-caps as the lower-case variation caused the machine not to appear in Windows’ machine list:

root@hal:~# smbadm join -w SYSTEMPOINT
Successfully joined workgroup 'SYSTEMPOINT'

Usernames and passwords for existing users will not work via SMB on remote machines yet. To make this happen, I’ll need to add a PAM module and re-set existing passwords for accounts on the machine.

Add the following line to /etc/pam.conf:

other password required pam_smb_passwd.so.1 nowarn

Now I’ll have to reset any passwords for users whose accounts need to be used via SMB. Any new users created from now on will not require any special changes just for SMB access. Using the passwd command will set their SMB passwords automatically:

root@hal:~# passwd brian
New Password:
Re-enter new Password:
passwd: password successfully changed for brian

Now what?

With everything set up, the next step is to configure ZFS and the appropriate share points. I’ll save that for the next entry.

Comments

Bobby commented on Monday 4 May 2009, 10:36pm CDT:

I'm really enjoying the new site and in-depth articles.