Solaris tips (for the CMS)

I had to use the following tips time to time so I am posting them here to save me the time to look for them again (and avoid the possibility of the original sites going off-line).

1. Set up your /etc/hosts file.

It should look something like this:

127.0.0.1       localhost
192.168.0.150   solaris-box-1 solaris-box-1.yourdomain.com loghost

Make sure the second line has the correct IP address, hostname, and FQDN. The first line is the loopback entry. Along with #5, Solaris will know its name and IP address.

2. Create or edit /etc/nodename

Contains the hostname of the computer (same as hostname.hme0).

# cat nodename
solaris-box-1

3. Create or edit /etc/defaultrouter

Surprisingly enough, this file contains the IP address of your default router (or gateway). When you reboot and the network initialization scripts run, it will add a default route to the IP address in this file.

# cat defaultrouter
192.168.0.1

Now it knows about it's own network parameters and it's time to get it to use DNS. The next steps will tell it to use other nameservers. If you want to set up a nameserver on the local machine, see the man page for named.

4. Edit /etc/nsswitch.conf

If you haven't edited this file before, it should look suspiciously like like this:

passwd:     files
group:      files
hosts:      files
networks:   files
protocols:  files
rpc:        files
ethers:     files
netmasks:   files
bootparams: files
publickey:  files
# At present there isn't a 'files' backend for netgroup;  the system will
#   figure it out pretty quickly, and won't use netgroups at all.
netgroup:   files
automount:  files
aliases:    files
services:   files
sendmailvars:   files

Add the word 'dns' after 'files' on the 'hosts' line:

passwd:     files
group:      files
hosts:      files dns
networks:   files
protocols:  files
rpc:        files
ethers:     files
netmasks:   files
bootparams: files
publickey:  files
# At present there isn't a 'files' backend for netgroup;  the system will
#   figure it out pretty quickly, and won't use netgroups at all.
netgroup:   files
automount:  files
aliases:    files
services:   files
sendmailvars:   files

Now it knows to query a nameserver when looking up a name. Next we have to tell it what nameservers to use:

5. Create or edit /etc/resolv.conf

Here you tell it three things:

1. What domain we're in
2. Specify any additional search domains
3. What the nameservers are (it will use them in the order you put them in the file)

When you're done it should look something like this:

# cat resolv.conf
domain yourdomain.com
search yourdomain.com
search client1.com
nameserver 192.168.0.9
nameserver 192.168.0.11

For more information, see the man page for resolv.conf.

6. Edit /etc/hostname.hme0

This file should contain the hostname of your machine, without the domain name. So, if the FQDN (Fully Qualified Domain Name = hostname + domain name) is solaris-box-1.yourdomain.com, the file should look like this:

# cat hostname.hme0
solaris-box-1

This assumes that your Ethernet adatper is hme0, the default device name for the first Ethernet adapter.

7. Reboot

# sync;sync;sync
# reboot

8. Change IPs

UNIX Shell:      All Primary shells (sh,ksh,csh)
Function:    Use ifconfig to change your IP address immediately. Edit your /etc/hosts file to change it permanently.
Syntax:    Immediate change: ifconfig interface new IPaddress subnet mask

Permanent change: vi /etc/hosts
  interface   Specifies the network interface, e.g. hme0 for 100 Mbps or le0 for 10 Mbps.
  new IPaddress   Specifies the new IP address that you want to assign the computer.
  subnet mask   Specifies the subnet mask for your local network.

File Name:   hosts    Directory:    /etc    Type:   External
  ifconfig hme0 192.168.1.250 255.255.255.0     Sets the IP address to 192.168.1.250 on interface hme0.
  ifconfig le0 192.168.1.250 255.255.255.0     Sets the IP address to 192.168.1.250 on interface le0

9. Recover ROOT password

You need to have physical access to the machine's console.

Note the root partition;

Solaris uses

* /dev/dsk/c0t0d0s0 on the Ultra5/10 and Blade 100
* /dev/dsk/c0t1d0s0 for Blade 1000.

Press the STOP and A keys simultaneously, or, on an ASCII terminal or emulator, send a ) to halt the operating system, if it's running.

Boot single-user from CD-ROM (boot cdrom -s) or network install/jumpstart server (boot net -s). For CD media use the CD-ROM labeled "Installation". I prom pssword is set you need to know it

Mount the root partition on "/a". "/a" is an empty mount point that exists at this stage of the installation procedure. For example:

#mount /dev/dsk/c0t0d0s0 /a

If the mount command fails and since "/a" always exists, then you either typed in the wrong device, OR the system is seeing the root partition as something else.

Do a "ls /tmp/dev/dsk" and see what is there. "c0t6" things are the CD-ROM, what is left is what one needs to try. On a Blade 1000/2000, choose /dev/dsk/c1t1d0s0, and execute: #mount /dev/dsk/c1t1d0s0 /a

Set your terminal type so you can use a full-screen editor, such as vi. You can skip this step if you know how to use "ex" or "vi" from open mode.

* If you're on a sun console, type "TERM=sun; export TERM";
* If you are using an ascii terminal or terminal emulator on a PC for your console, set TERM to the terminal type for example: TERM=vt100; export TERM.

Edit the passwd file, /a/etc/shadow (or perhaps in older versions, /etc/passwd) and remove the encrypted password entry for root.

Type: "cd /; then "umount /a"

Reboot as normal in single-user mode ("boot -s"). The root account will not have a password. Give it a new one using the passwd command. PROM passwords: Naturally, you may not want anyone with physical access to the machine to be able to do the above to erase the root password. Suns have a security password mechanism in the PROM which can be set (this is turned off by default). The man page for the eeprom command describes this feature.

If security-mode is set to "command", the machine only be booted without the prom password from the default device (i.e. booting from CD-ROM or install server will require the prom password). Changing the root password in this case requires moving the default device (e.g. the boot disk) to a different SCSI target (or equivalent), and replacing it with a similarly bootable device for which the root password is known. If security-mode is set to full, the machine cannot be booted without the prom password, even from the default device; defeating this requires replacing the NVRAM on the motherboard. "Full" security has its drawbacks -- if, during normal operations, the machine is power-cycled (e.g. by a power outage) or halted (e.g. by STOP-A), it cannot reboot without the intervention of someone who knows the prom password.

10. Others (and repeated)

"I've almost just reinstalled Solaris to get the network settings fixed!" Ya, sometimes you can get alittle confused and irritated. Whether it's a new Linux distro, or diffrent UNIX OS, everyone puts their network configuration in diffrent places and learning each systems setup can be a pita. So, what if you don't even wanna bother learning all the network configuration stuff and what files does what... what if you could just re-run the networking configuration and have it all sorted out? You can! Solaris has a nifty command that can reset the base networking and configuration to a clean system: "sys-unconfig". If you buy a pre-installed system from Sun or a VAR, what they will generally do is install Solaris, customize the install as needbe and then run "sys-unconfig" before putting the system in the box and shipping it out. The command will scratch the networking configuration (most of it anyway), the root password, time zone, etc. Once sys-unconfig finished cleaning out the files it will immediately halt the system (shut it down). Next time you boot the system it will prompt you for all the networking information, time zone, locale and a new root password. This is the "quick-no-hassle" reconfiguration method. Generally we do not recommend this as ideal, but it will do the trick. If you plan on selling a pre-installed system or you are moving your system to a new network where all the info is changing, this is the command to use. Just use it carefully.

"I know root shouldn't login remotely, but I really want too!" Logging into a system via telnet, ftp, or ssh is just bad... very bad. However, some times people think they need to do this or they simply don't care about security. If you really wanna drop your pants like this, edit: /etc/default/login. In this file, you'll see a line for CONSOLE. To allow root to log in via telnet or ftp just comment out this line and your done. To allow root login via SSH you need to edit a diffrent file: /etc/ssh/sshd_config. Change the value of PermitRootLogin from "no" to "yes" and restart SSH via "svcadm restart ssh". The SSH configuration file is just the same as Linux since Solaris uses OpenSSH. Please note, that allowing root to log in remotely is a massive security risk and needlessly stupid, don't do this unless you absolutely must.

"How do I set and make the default gateway persistant across reboots?" The default gateway is easy to configure, just put the IP address of the default gateway in /etc/defaultrouter. If this file doesn't exist just create it and add the IP. The IP address of the gateway should be the ONLY thing in this file, nothing else. Typically you should just use echo, like this: "echo 10.0.0.255 > /etc/defaultrouter". Once you've changed the file you can restart the physical network interfaces to make the changes effective without a reboot ("svcadm restart physical").

How do I set or change my IP address? Setting and changing IP addresses on Solaris is a snap. Just add the IP and hostname that you wish to use to /etc/hosts. Then put the hostname (by itself) in teh /etc/hostname.(interface) file. Then just restart the physical networking via SMF ("svcadm restart phsyical") and your done! Example: "echo '10.0.0.25 solarisrox' >> /etc/hosts; echo 'solarisrox' > /etc/hostname.hme0" assuming that hme0 was the interface you wanted to use. Don't worry about this changing the hostname for the whole workstation, the hostname for the system is kept in /etc/nodename. You can add the default gateway as we discussed just above. If you need to specify a non-standard subnet netmask you can add it to /etc/netmasks. You can have as many subnet masks in the /etc/netmasks file as you like, one per line, just follow the instructions at the top of the file.

How do I configure DHCP? DHCP is pretty easy to configure, just create 2 empty files: /etc/hostname.(interface) and /etc/dhcp.(interface). If you are using HME0 you could do this: "echo "" > /etc/hostname.hme0 > /etc/dhcp.hme0". You might want to wipe out information that might conflict like the /etc/defaultrouter file if you created one. Once you've got these two empty files ready just restart the physical network to make the changes effective without a reboot ("svcadm restart physical"). If you want to customize the properties of the DHCP agent you can check out the " System Administration Guide: IP Services" manual. Remember that DHCP settings take acouple seconds to be retrieved from the server so if you reset the physical interfaces as mentioned above and you notice that nothing happened, just wait a couple seconds (30 secs is the default timeout).

I can't figure out what the network interface is called! Linux sort of makes network interface naming easy because typically interfaces are named "eth0", "eth1", so on and so forth. In Solaris, however, the name of the interface is decided by the interface driver. For instance, the onboard ethernet of a Sun Ultra workstation uses the HME (Happy Meal Ethernet, also more boringly called Hundred Meg Ethernet) driver and so the first instance is "hme0". You can look at the device mappings to driver names using "prtconf -D". In general, Solaris will find your network device and try to configure it so generally just checking "ifconfig -a" is enough to find it.

My l337 workstations network device isn't frickin' support!?! Sadly there are lots of networking devices that aren't officially supported (right now anyway, OpenSolaris hopes to change this). Thankfully there are tons of really kool Solaris developers that have been creating open source drivers! Check out these free NIC drivers by Masayuki Murayama! Grok google for drivers, you just might find your l337 gear really does have drivers avalible, they just aren't in Solaris right now.

There ya go.. some quick Solaris networking tips. As always, check out docs.sun.com's Solaris10 manuals for help and details.