Posts Tagged ‘openindiana’

Want mplayer2 (the newer fork of mplayer) that uses ffmpeg goodness to play all the latest avi's with funky codecs and mp4 hidef goodness. Some Openindiana contributors are building a lot of friendly packages in the oi-sfe repo.

sudo pkg set-authority -O oi-sfe
sudo pkg refresh --full
sudo pkg install SFEmplayer2 SFEgccruntime
P.S. Need to manually install SFEgccruntime as it was a forgotten dependency - This will be fixed I have been informed.
P.P.S - ALSO I have only tested and is only expect to work on OI_148

I love ipadm. It rocks. Much needed for Solaris and derivatives. I seem to keep forgetting the dam new ipadm commands tho. So I wrote this script to help me set up new Solaris machines and thought I would share.




if [ $? -ne 0 ]; then
echo "ERROR: $@"
exit 69

# Handle Args
if [ $# -ne 3 ]; then
echo "ERROR: Invalid arguments"
exit 1

ipadm create-if $INTERFACE
errorCheck "Unable to create-if $INTERFACE"

ipadm create-addr -T static -a local=${ADDRESS} ${INTERFACE}/v4static
errorCheck "Unable to set static v4 on $INTERFACE"

if [ $V6AUTO -ne 0 ]; then
ipadm create-addr -T addrconf ${INTERFACE}/v6addr
errorCheck "Unable to set v6 autoconf on $INTERFACE"

if [ $GATEWAY != "" ]; then
route add default $GATEWAY
errorCheck "Unable to set default router to $GATEWAY"
echo "!--> Not setting gateway as none was set ..."

echo "--> Finished setting $ADDRESS on $INTERFACE with $GATEWAY default route ..."

After I spent hours thinking I have lost the plot, I finally read about how IPF is configured by default now. I am not sure what build this was changed, but now, by default IPF on OpenIndiana does not look @ /etc/ipf/ipf.conf for default IPv4 IPF Rules to load @ start. To make it look @ this file apply the following.



# Turn IPF back to legacy text file usage

$PRV_EXEC svccfg -s ipfilter:default setprop firewall_config_default/policy = astring: "custom"

$PRV_EXEC svccfg -s ipfilter:default setprop firewall_config_default/custom_policy_file = astring: "$IPFW_CFG"

$PRV_EXEC svcadm refresh ipfilter:default

echo "Done - Edit $IPFW_CFG and enable IPF now ..."

Sample Conf:

# Default policies
pass out all keep state
block in all
block return-rst in log first proto tcp all
block return-icmp(host-unr) in log proto udp all

# Allow Loopback
pass in quick on lo0 all
pass out quick on lo0 all

# Allow ICMP
pass out quick proto icmp all keep state
pass in quick proto icmp all keep state

# Allow SSH
pass in quick proto tcp from any to any port = 22 flags S/FSRPAU keep state keep frags

# Allow SSH
pass in quick proto tcp from any to any port = 80 keep state

Now just enable the service
pfexec svcadm enable svc:/network/ipfilter:default

Handy IPF Commands

ipf -E                          : Enable ipfilter when running
                                : for the first time.
				: (Needed for ipf on Tru64)

ipf -f /etc/ipf/ipf.conf        : Load rules in /etc/ipf/ipf.conf file
                                : into the active firewall.

ipf -Fa -f /etc/ipf/ipf.conf    : Flush all rules, then load rules in
                                : /etc/ipf/ipf.conf into active firwall.

ipf -Fi                         : Flush all input rules.

ipf -I -f /etc/ipf/ipf.conf     : Load rules in /etc/ipf/ipf.conf file
                                : into inactive firewall.

ipf -V                          : Show version info and active list.

ipf -s                          : Swap active and inactive firewalls.

ipfstat                         : Show summary

ipfstat -i                      : Show input list

ipfstat -o                      : Show output list

ipfstat -hio                    : Show hits against all rules

ipfstat -t -T 5			: Monitor the state table and refresh every  
				: 5 seconds. Output is similiar to	
				: 'top' monitoring the process table.

ipmon -s S                      : Watch state table.

ipmon -sn                       : Write logged entries to syslog, and
                                : convert back to hostnames and servicenames.

ipmon -s [file]                 : Write logged entries to some file.

ipmon -Ds			: Run ipmon as a daemon, and log to
				: default location. 
				: (/var/adm/messages for Solaris)
IPMP in Solaris allows you to have redundancy with your network on mission critical servers. It is really excellent as it allows you to mix speed of NICs (e.g. a Ten Gigabit Ethernet with Gigabit Ethernet). Below will demonstrate the 'passive' IPMP configuration. Active mode allows you to check the ability to ping a defined host as well as the same checks of passive, but does require more extensive configuration.
NIC Setup
Stop the scary nwam service
  • svcadm disable svc:/network/physical:nwam
Plumb each nic
  • ifconfig NIC0 plumb
  • ifconfig NIC1 plumb
Add to group
  • ifconfig NIC0 group GROUPNAME
  • ifconfig NIC1 group GROUPNAME
Edit /etc/hostname.interface
  • Primary NIC: IP/NETMASK group GROUPNAME up
  • Secondary NIC: group GROUPNAME standby
Enable traditional Solaris Networking
  • svcadm enable svc:/network/physical:default

You should now be done. Have fun yanking network cables and seeing your server stay online.

Zone Setup

Once your networking is set up just set the zone up as you normally would, but use the ipmpX as your physical zone NIC in zonecfg.

  • add net
  • set physical=ipmpX
  • end
  • verify
  • commit

For more zone configuration command information visit GenUnix Wiki.