I was annoyed that my solaris system was not registering the hostname I set in /etc/nodename when getting a DHCP address. Turns out nodename is only used locally and not for DHCP (which really doesn’t make sense to me). You have to enable DHCP to register the hostname and set the hostname in a different file. I would expect this task to be an easy thing to find on google, but it took me a while to find it! Maybe my search engine skills aren’t as good as they used to be, but I’ll post this here so others can find it more easily.

Registering a Hostname through DHCP from Solaris

Quick howto to setup ntp service on solaris 10:

vi /etc/inet/ntp.client

remove the server line and add pool.ntp.org servers (or your own):

server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server 3.pool.ntp.org

:wq /etc/inet/ntp.conf

svcadm enable ntp

svcs

If your system says maintenance, check /var/svc/log/network-ntp* to see what went wrong and fix it. After that, run:

svcadm clear ntp

and that should make you up and running…

After 10-15 minutes, run

ntpq -p

and make sure that one of the entries has a * in front of it. If so, your clock is being synchronized to that server and you’re all set.

Debugging SMTP Servers

| September 2nd, 2010

I had to setup some postfix and sendmail servers today and I needed to manually debug them to see if it worked.

If you’re using sendmail, you can use sendmail -v somebody@gmail.com, it gives a nice output of all the raw SMTP communication.

Postfix doesn’t have this unfortunately so I had to test it out manually. This tutorial proved to be useful to test my relayhost using AUTH PLAIN.

I used these two howtos on setting up postfix and sendmail with a mail relay using an AUTH method. For the postfix tutorial, I don’t know if you need to add smtp_always_send_ehlo = yes or smtp_sasl_security_options = noanonymous, but I could be wrong.

Updating MacPorts

| September 2nd, 2010

Save me time from reading the man page again… To update all macports programs, do the following:

sudo port -v selfupdate
port list outdated # get a list of what is outdated (just for curiosity sake – not necessary)
sudo port upgrade -v outdated

Why couldn’t they just make this into one simple command like port upgradeall I do not know.

OpenSolaris Disbanded

| September 2nd, 2010

Grrr… Just when I spent a good deal of time developing and working with OpenSolaris, it decides to disband….

http://jaxenter.com/opensolaris-governing-board-symbolically-disband-30610.html

Oracle isn’t going to support OpenSolaris as Sun did so the OpenSolaris Governing Body disbanded and gave control of OpenSolaris back to the parent company. Good news though is that is isn’t all over, some developers forked the project and started Illumos. I am not going to keep my hopes too high – remember BeOS? I’ve been waiting 8 or so years for Haiku and at this point, it’s a little too late… We’re not in 1999 anymore…or 2005 for that matter… or 2006… or 2007… you get the idea…

The future of Solaris/ZFS is pretty unclear now… Will we see Solaris go back to being a closed source unix? Will Illumos take off? All these factors have me watching for further development. ZFS’s license prohibits it from being ported natively to linux (non-compliant  with GPL I believe), so if Solaris goes down, I think ZFS is also dead. On the other hand, linux is getting it’s own ZFS type file system called Btrfs. Looks like it will have many, if not more features as ZFS, and early benchmarks show that is may be faster than ZFS… I’ll keep watching…

I spent the last week writing this utility to manage my ZFS backups. ZFS’s snapshot ability is great for efficient incremental backups. Solutions using rsync and other file level backup utilities are at a disadvantage because they do not know what changes occur so they have to constantly scan all the data during each backup. Since ZFS’s incremental backups are made at the file system level, changes are marked during new write operations making the process of snapshot-ing instantaneous. I wrote this based on inspiration from duplicity and  ftplicity (which I think now is just duply?). The idea is to send remote snapshots to an offsite location securely and safely, that is, encrypt it so nobody can read your data and ensure that all your 1s and 0s don’t get mangled in the process. This utility tries to do both utilizing gnupg for encryption and md5sum for data integrity, though I maintain no guarantee this first version will actually meet up to both goals, I am pretty confident it will work in most circumstances. I still need further testing (yes, from you) for faulty conditions such as the internet failing in the middle of transfer or the local or remote computer shutting down, but I guess I can only find out from testing…

So without further to do, here’s my first release of zfsbackup.

Here is how I got zfs to share files on smb with no passwords (Note: I am on opensolaris snv_134)

Install the zfs cifs kernel package:

pfexec pkg install SUNWsmbs
pfexec pkg install SUNWsmbskr # this was already installed by default on my system

Reboot the system after this…

pfexec reboot

The service is disabled, let’s enable it.

$ svcs smb/server
STATE          STIME    FMRI
disabled       21:28:39 svc:/network/smb/server:default

$ svcadm enable -r smb/server # the -r recursively enables dependent services
# the following error message is fine.
svcadm: svc:/milestone/network depends on svc:/network/physical, which has multiple instances.

If you wish to join a certain workgroup (default is WORKGROUP):

smbadm join -w MyHome

Now let’s create the zfs file system:

pfexec zfs create -o casesensitivity=mixed -o nbmand=on rpool/storage

Let’s fix the permissions so that anyone and everyone could use access the file share:

pfexec chmod 777 /rpool/storage/
# must specify solaris chmod as GNU chmod does not know about solaris extended permissions

zfs set aclinherit=passthrough rpool/storage
zfs set aclmode=passthrough rpool/storage

pfexec /usr/bin/chmod -R A=everyone@:full_set:fd:allow /rpool/storage/

And let us make the share:

pfexec zfs set sharesmb=name=storage,guestok=true rpool/storage

Verify setup:

$ sharemgr show -v

Last step, map the windows guest user to a valid solaris account (if not, it’ll generate random UIDs):

pfexec idmap add winname:Guest unixuser:nobody

and the group too:

pfexec idmap add "wingroup:Domain Users" unixgroup:staff

Test the connection from another computer. Done! Thank you James, Simon, and Afshin for your help.

bashusr@solaris:~/backuppc/install$ cat install.sh

#!/bin/bash
# Installation Guide for OpenSolaris version:
# SunOS 5.11 snv_134 i86pc i386 i86pc Solaris
#
# Written by Jonathan Chan <jonmchan@gmail.com>
#
# We will be using most of the packages from CSW instead of the SunW versions.
# If you have already installed CSW or have SUNWApache, you will have to make
# adjustments to the installation. Especially if you already have CSW perl
# installed.
#
# NOTE: This guide/script must be run by a user with pfexec root priviledges.
#
# You can also run this as a bash script and hope the whole thing works :-P
set -u
set -e
DIRPREFIX=/rpool/BackupPC
PKGADD_FLAGS=""
#PKGADD_FLAGS="-n" # uncomment this for silent non-interactive install
PKGGET_FLAGS=""
#PKGGET_FLAGS="-f" # and this too.
PKGUTIL_FLAGS=""
#PKGUTIL_FLAGS="-y" # and one last one.
#### Prerequisites ####
# install pkg-get to get packages from the CSW repository
wget -O /tmp/pkg-get http://www.opencsw.org/pkg-get
pfexec pkgadd $PKGADD_FLAGS -d /tmp/pkg-get
# Install pkgutil (we don't really this util), you can use either/or pkg-get
# I'm a solaris newbie, so I'm trying both.
wget -O /tmp/pkgutil.pkg http://ftp.math.purdue.edu/mirrors/opencsw.org/pkgutil-i386.pkg
pfexec pkgadd $PKGADD_FLAGS -d /tmp/pkgutil.pkg
# if you want to keep this path, better set it in your ~/.profile
export PATH=$PATH:/opt/csw/bin
# install packages from CSW
pfexec pkgutil $PKGUTIL_FLAGS --install gnupg lynx # dependencies for cpan
gpg --keyserver pgp.mit.edu --recv-keys E12E9D2F
gpg --keyserver pgp.mit.edu --recv-keys A1999E90
pfexec pkg-get $PKGGET_FLAGS -i samba_client par2cmdline apache2 apache2_manual
pfexec pkg-get $PKGGET_FLAGS -i ap2_modphp5 ap2_modperl # not used, but good modules to have for apache
# we need a compiler to compile some of the perl modules...
pfexec pkg install sunstudioexpress
# hack to make cpan work... (they hardcoded to an old version of sun studio express)
pfexec mkdir -p /opt/studio/SOS11/SUNWspro/
pfexec ln -s /opt/SunStudioExpress/bin /opt/studio/SOS11/SUNWspro/
# install perl modules from CPAN
PERL_MM_USE_DEFAULT=1 /opt/csw/bin/cpan -a
PERL_MM_USE_DEFAULT=1 pfexec /opt/csw/bin/cpan Compress::Zlib Archive::Zip File::RsyncP
#### Actual BackupPC Install ####
# Create filesystems and username
pfexec zfs create ${DIRPREFIX:1}
pfexec useradd -d $DIRPREFIX -c "BackupPC User" backuppc
# change to latest version - 3.2.0 was the latest at the time of this writing.
wget --no-check-certificate https://sourceforge.net/projects/backuppc/files/backuppc/3.2.0/BackupPC-3.2.0.tar.gz/download
tar zxvf BackupPC-3.2.0.tar.gz
cd BackupPC-3.2.0
# fix applications to use the correct CSW version of perl
find bin/ -type f -exec sed -i 's|/usr/bin/perl|/opt/csw/bin/perl|g' {} \;
sed -i 's|/usr/bin/perl|/opt/csw/bin/perl|g' cgi-bin/BackupPC_Admin
# fix for stop executing kill instead of running stop block.
sed -i '25s/stop/stopBackupPC/g' init.d/src/solaris-backuppc
sed -i '30s/stop/stopBackupPC/g' init.d/src/solaris-backuppc
sed -i '43s/stop/stopBackupPC/g' init.d/src/solaris-backuppc
# Correct apache configuration file since CONFDIR is chmod 750 and apache runs as nobody
sed -i "s|__CONFDIR__|${DIRPREFIX}/files/conf|g" httpd/src/BackupPC.conf
# Allow from all instead of limiting to 127.0.0.1 (critical because the new versions
# of solaris use ::1 ipv6 so 127.0.0.1 is not used either)
sed -i '17s/deny,allow/allow,deny/g' httpd/src/BackupPC.conf
sed -i '18s/deny/allow/g' httpd/src/BackupPC.conf
sed -i '19s/^/##/g' httpd/src/BackupPC.conf
pfexec bash -c "cat << EOF >> httpd/src/BackupPC.conf
<Directory $DIRPREFIX/files/images >
order allow,deny
allow from all
</Directory>
EOF"
pfexec /opt/csw/bin/perl configure.pl --batch \
--cgi-dir $DIRPREFIX/files/cgi-bin            \
--data-dir $DIRPREFIX/data                    \
--hostname `hostname`                         \
--html-dir $DIRPREFIX/files/images            \
--html-dir-url /BPCImages                     \
--install-dir $DIRPREFIX/files                \
--config-dir $DIRPREFIX/files/etc             \
--log-dir $DIRPREFIX/files/log
# install BackupPC Service
pfexec cp init.d/solaris-backuppc /etc/init.d/backuppc
pfexec chmod 755 /etc/init.d/backuppc
pfexec ln -s ../init.d/backuppc /etc/rc0.d/K40backuppc
pfexec ln -s ../init.d/backuppc /etc/rc2.d/S99backuppc
# Install httpd config file
pfexec mkdir $DIRPREFIX/files/conf
pfexec cp httpd/BackupPC.conf $DIRPREFIX/files/conf/BackupPC.conf
# Workaround since apache is run as nobody.
# ##WARNING## BackupPC documentation EXPLICITLY states not to do this - all
# users will be able to have access to your backup files. Please note the
# security risk of this step.
pfexec chmod a+x $DIRPREFIX/files/cgi-bin/BackupPC_Admin
export DIRPREFIX
pfexec bash -c 'echo "Include $DIRPREFIX/files/conf/BackupPC.conf" >> /opt/csw/apache2/etc/httpd.conf'
echo Please insert password for admin user:
pfexec /opt/csw/apache2/sbin/htpasswd -c $DIRPREFIX/files/conf/BackupPC.users admin
# start BackupPC daemon
pfexec /etc/init.d/backuppc start
# start apache
pfexec svcadm enable svc:/network/cswapache2
pfexec svcadm refresh svc:/network/cswapache2
cd ..
# delete installation files that we don't need anymore...
##rm BackupPC-3.2.0*
#firefox http://localhost/BackupPC_Admin
Also posted here: http://sourceforge.net/apps/mediawiki/backuppc/index.php?title=FAQ_installation