Posts Tagged ‘opensolaris’

Want mplayer2 (the newer fork of mplayer) that uses ffmpeg goodness to play all the latest avi's with funky codecs and mp4 hidef goodness. Some Openindiana contributors are building a lot of friendly packages in the oi-sfe repo.

sudo pkg set-authority -O oi-sfe
sudo pkg refresh --full
sudo pkg install SFEmplayer2 SFEgccruntime
P.S. Need to manually install SFEgccruntime as it was a forgotten dependency - This will be fixed I have been informed.
P.P.S - ALSO I have only tested and is only expect to work on OI_148

I love ipadm. It rocks. Much needed for Solaris and derivatives. I seem to keep forgetting the dam new ipadm commands tho. So I wrote this script to help me set up new Solaris machines and thought I would share.




if [ $? -ne 0 ]; then
echo "ERROR: $@"
exit 69

# Handle Args
if [ $# -ne 3 ]; then
echo "ERROR: Invalid arguments"
exit 1

ipadm create-if $INTERFACE
errorCheck "Unable to create-if $INTERFACE"

ipadm create-addr -T static -a local=${ADDRESS} ${INTERFACE}/v4static
errorCheck "Unable to set static v4 on $INTERFACE"

if [ $V6AUTO -ne 0 ]; then
ipadm create-addr -T addrconf ${INTERFACE}/v6addr
errorCheck "Unable to set v6 autoconf on $INTERFACE"

if [ $GATEWAY != "" ]; then
route add default $GATEWAY
errorCheck "Unable to set default router to $GATEWAY"
echo "!--> Not setting gateway as none was set ..."

echo "--> Finished setting $ADDRESS on $INTERFACE with $GATEWAY default route ..."

After I spent hours thinking I have lost the plot, I finally read about how IPF is configured by default now. I am not sure what build this was changed, but now, by default IPF on OpenIndiana does not look @ /etc/ipf/ipf.conf for default IPv4 IPF Rules to load @ start. To make it look @ this file apply the following.



# Turn IPF back to legacy text file usage

$PRV_EXEC svccfg -s ipfilter:default setprop firewall_config_default/policy = astring: "custom"

$PRV_EXEC svccfg -s ipfilter:default setprop firewall_config_default/custom_policy_file = astring: "$IPFW_CFG"

$PRV_EXEC svcadm refresh ipfilter:default

echo "Done - Edit $IPFW_CFG and enable IPF now ..."

Sample Conf:

# Default policies
pass out all keep state
block in all
block return-rst in log first proto tcp all
block return-icmp(host-unr) in log proto udp all

# Allow Loopback
pass in quick on lo0 all
pass out quick on lo0 all

# Allow ICMP
pass out quick proto icmp all keep state
pass in quick proto icmp all keep state

# Allow SSH
pass in quick proto tcp from any to any port = 22 flags S/FSRPAU keep state keep frags

# Allow SSH
pass in quick proto tcp from any to any port = 80 keep state

Now just enable the service
pfexec svcadm enable svc:/network/ipfilter:default

Handy IPF Commands

ipf -E                          : Enable ipfilter when running
                                : for the first time.
				: (Needed for ipf on Tru64)

ipf -f /etc/ipf/ipf.conf        : Load rules in /etc/ipf/ipf.conf file
                                : into the active firewall.

ipf -Fa -f /etc/ipf/ipf.conf    : Flush all rules, then load rules in
                                : /etc/ipf/ipf.conf into active firwall.

ipf -Fi                         : Flush all input rules.

ipf -I -f /etc/ipf/ipf.conf     : Load rules in /etc/ipf/ipf.conf file
                                : into inactive firewall.

ipf -V                          : Show version info and active list.

ipf -s                          : Swap active and inactive firewalls.

ipfstat                         : Show summary

ipfstat -i                      : Show input list

ipfstat -o                      : Show output list

ipfstat -hio                    : Show hits against all rules

ipfstat -t -T 5			: Monitor the state table and refresh every  
				: 5 seconds. Output is similiar to	
				: 'top' monitoring the process table.

ipmon -s S                      : Watch state table.

ipmon -sn                       : Write logged entries to syslog, and
                                : convert back to hostnames and servicenames.

ipmon -s [file]                 : Write logged entries to some file.

ipmon -Ds			: Run ipmon as a daemon, and log to
				: default location. 
				: (/var/adm/messages for Solaris)
IPMP in Solaris allows you to have redundancy with your network on mission critical servers. It is really excellent as it allows you to mix speed of NICs (e.g. a Ten Gigabit Ethernet with Gigabit Ethernet). Below will demonstrate the 'passive' IPMP configuration. Active mode allows you to check the ability to ping a defined host as well as the same checks of passive, but does require more extensive configuration.
NIC Setup
Stop the scary nwam service
  • svcadm disable svc:/network/physical:nwam
Plumb each nic
  • ifconfig NIC0 plumb
  • ifconfig NIC1 plumb
Add to group
  • ifconfig NIC0 group GROUPNAME
  • ifconfig NIC1 group GROUPNAME
Edit /etc/hostname.interface
  • Primary NIC: IP/NETMASK group GROUPNAME up
  • Secondary NIC: group GROUPNAME standby
Enable traditional Solaris Networking
  • svcadm enable svc:/network/physical:default

You should now be done. Have fun yanking network cables and seeing your server stay online.

Zone Setup

Once your networking is set up just set the zone up as you normally would, but use the ipmpX as your physical zone NIC in zonecfg.

  • add net
  • set physical=ipmpX
  • end
  • verify
  • commit

For more zone configuration command information visit GenUnix Wiki.

Well after I tried myself months ago to get istatd to compile on my Opensolaris box (token) someone smarter and who is not as lazy has worked it all out and got it to compile. One thing he did not do tho was write an init script so that it would start @ boot time. Here you can find it.

Please follow the install instructions on the following blog - I have written scripts, included a sample configuration and written a init script.

Karim Berrah's Weblog

Compile Script (Place in parent dir to source code):



export ACLOCAL110
export AUTOMAKE110
export AUTOCONF26

cd ${DIR}${VER}
if [ $? -ne 0 ]; then
echo "ERROR with configure"


echo "--> Finished compiling ..."

pfexec useradd istat
pfexec groupadd istat

if [ ! -d /var/cache/istat ]; then
mkdir /var/cache/istat
pfexec chown istat:istat /var/cache/istat

echo "--> Finished ..."

Sample Config:

# /etc/istat.conf: Configuration for iStat server

# network_addr
network_port 5901
server_code 55551
server_user istat
server_group istat
# server_socket /tmp/istatd.sock
server_pid /var/run/istat/
cache_dir /var/cache/istat

# Note: Only support for one network interface, limited by client.
monitor_net ( bge0 )

# Array of disks to monitor. Specify mount path or device name.
monitor_disk ( / /home )

# Set to 1 if you want to use mount path as label instead of the device name.
disk_mount_path_label 0

# Try to probe the filesystem for disk label, will override the mount path label.
disk_filesystem_label 1

# Set custom disk label. Will override all other labels.
# disk_rename_label /dev/sda1 "root"
# disk_rename_label /home "home"

# End of file

Init Script:

# Basic support for chkconfig
# chkconfig: 35 99 55
# description: start and stop istatd - iphone monitoring tool daemon



case "$1" in
echo -n "Starting $BINARY ... "
if [ $? -ne 0 ]; then
echo "! Failed !"
echo "done"
echo -n "Stopping $BINARY ... "
kill $(cat $PIDFILE)
echo "done"
ps -ef | grep "$BINARY $OPTS"
echo "Usage: $0 {start|status|stop}"
exit 1

exit 0

ln -s /etc/init.d/istatd /etc/rc3.d/S99istatd
ln -s /etc/init.d/istatd /etc/rc3.d/K10istatd

If someone has written a SMF service I would love to take it from you 🙂

If you have any questions - feel free to ask ...

So, at work I am lucky enough to get to play with 3 Sun x4500 x86_64 Thumper Systems. You may be sitting there and saying big deal, I say it's a lot of disk and sweet sexy Sun hardware.

The Sun x4500 Thumper

The Sun x4500 Thumper

I have posted this due to the hard time I found trying to find information on linking the Network Interfaces and using Jumbo Frames to maximise your network throughput from your x4500.

I have a x4500, using jumbo frames and has two Gig (e1000g0) interfaces running Solaris 10u6 with a rpool and a big fat data pool I call cesspool. I have shares exported by nfs. Below I will detail my conf and what I have found to be the best performing NFS mounting options from clients.

I did try to do this when I had the x4500 on 10u5, but had difficulties. Hosts that were not on the same switch as the device were having speed issues with NFS. I contacted Sun and got some things to try, along with things I tried and below is the end conf I have found to work best, please let me know if you have found better results or success with different configurations. Please note, I am now running Solaris 10u6, and apparently there was a bug with 10u5 and the e1000g driver.

1) Enabiling Jumbo Frames

Host (Solaris) Config:

On Solaris two things must be done to enable jumbo frames. Please ensure the switch is configured before enabiling the host:


  1. Enable it on the driver - e.g. e1000g conf = /kernel/drv/e1000g.conf
    • Reboot will be required if not already enabled
  2. Enable Jumbo Frames it with ifconfig
    • From CLI = ifconfig ${INTERFACE} mtu ${SIZE}
    • At Boot = make /etc/hostname.${INTERFACE} =
    • ${HOSTNAME} mtu ${SIZE}

    - This has been tested on both Solaris 10u6 and Opensolaris 2008.11

Switch Config:

system mtu jumbo 9000 (this gets hidden in the IOS defaults)
system mtu routing 1500 (this is an auto insert command by IOS)

Show system mtu Output:
System MTU size is 1500 bytes
System Jumbo MTU size is 9000 bytes
Routing MTU size is 1500 bytes

Remember to copy run start once happy with config 🙂

2) Enabling Aggregated Interfaces

Host (Solaris) Config:

I wrote a script to apply. This script asumes you already have /etc/defaultrouter, /etc/netmasks, /etc/resolv.conf and /etc/nsswitch.conf all setcorrectly

Here is the script I used to apply the conf:


# Create Link aggr on plumper
# Ether Channel on Swith Ports 2 on each 3750 - 20081223

# Do I want these ?
# -l = LCAP mode - active, passive or disabled
# -T time - LCAP Timer ...

ifconfig e1000g0 unplumb
ifconfig e1000g1 unplumb

# Sun's Suggestion
dladm create-aggr -P L4 -l active -d e1000g0 -d e1000g1 1

# Move hostname file
mv /etc/hostname.e1000g0 /etc/hostname.aggr1

# Check Link
dladm show-aggr 1

# Set device IP # Can set MTU here if jumbo enabled
ifconfig aggr1 plumb x.x.x.x up

# Show me devs / links so I can watch
dladm show-dev -s -i 2

Switch Config:

# = Insert Integer

Configure a Port Group:

  • interface Port-channel#
    • switchport access vlan #
    • switchport mode access
  • exit
  • port-channel load-balance src-dst-ip

Please configure the ports you want in the channel (4 max) required as following:

# = Insert Integer

  • config term
    • interface INTERFACE
      • channel-group # mode passive
      • channel-protocol lacp
      • switchport access vlan #
      • switchport mode access
      • exit
    • end
  • show run (to verify)

Remember to copy run start once happy with config 🙂

3) Nfs Sharing w/zfs

This was another silly little mistake I was doing, I was turning sharenfs=on with the ZFS file systems I wished to share and then trying to apply the shares properties using share command and adding entries to the sharetab manually. With ZFS tho, all your NFS options should be applied to the sharenfs attribute on the ZFS filesystem, as the following example:

  • zfs set sharenfs=ro,,

These arguments get pased to 'share' via ZFS @ boot time.

4) NFS Mount Options

Most of my clients (that I have tuned) are Linux boxes, running Scientific Linux 5.2 (a Redhat deriviative - similiar to CentOS). I have found once jumbo frames and aggregated interfaces are involved TCP performs better. By default, tcp is used on modern Linux nfs clients, but on older Linux, Irix etc. UDP is, which, once you try to move a large amount of data will not work if the host has a different MTU to the file server. (With old OS's like this running you can tell I work @ a cientific research facility). Here are some examples of my mount options in /etc/fstab on these boxes:

Modern Linux Machines: (CentOS 5, Scientific Linux 5):      /home   nfs     defaults,bg,intr,hard,noacl     0 0

Old Linux Machines: (Redhat 7 etc.) /home          nfs     defaults,bg,intr,hard,tcp 0 0
-No mention of ACL's and UDP is default here

Irix 6.5 (yuck - MIPS): /home nfs defaults,rw,sync,proto=tcp
-No acl and once again UDP ...