Daz’s bits and bobs

I’ve moved from a CentOS linux distro running vmware server 2.0 to OpenSolaris running VirtualBox. My previous system was totally headless and i wanted something similar to replace it.

I’ve just started getting into OpenSolaris for many reasons (Sun has some cool stuff – ZFS / VirtualBox). But I have always wanted to run OpenSolaris as a headless server, and from what i initially found VirtualBox didn’t have the easy to use autostart on boot features that vmware server had. But there are always ways to get things working…

OpenSolaris 2008.11 has desktop sharing (system->preferences->desktop sharing) which is half of the job — enable this.

I had issues if i used a password protected session (it kept prompting on the actual console for password to unlock the key chain), so chose not to prompt for password for now. Now every time after you have logged in you are able to connect to your machine via VNC. (veno-server)

The other half of the problem is how to have the machine automatically log on as a user on boot-up. This is easily enabled via /etc/x11/gdm/custom.conf or gdmadmin. See this post for more details on the autologon.

Updated : 26/07/2009

After a bit of playing about I’ve found another way to make opensolaris the perfect headless box. First fire up gdmsetup and enable the required remote sessions.

Go to the “Remote” tab and set the style to “same as local”, then under security ensure that “Deny TCP connections to Xserver” is not checked.

Next go into the services GUI and tick the box next to X server (x11/xvnc-inetd). Next type;

svcs | grep vnc

Disable all vnc services except the one we want to enable (below);

svcadm enable xvnc-inetd

Now to get the vnc session to remain open when you disconnect update the service with the following parameter change;

svccfg -s xvnc-inetd setprop inetd/wait = boolean: true

Reboot. Done.

You should upon reboot be able to vnc straight into the box with a session that wont reset on disconnect.

To share your zfs pool via NFS (that works with Citrix Xen / ESX) to a host called “esxhost”;

zfs set sharenfs=rw,nosuid,root=esxhost tank/nfs

Note : You MUST have a resolvable name from the opensolaris box. i.e. you should be able to ping it. I have tried with ip’s only and it will fail. I have edited the /etc/hosts file to include the following line for my config;

# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident “%Z%%M% %I% %E% SMI”
#
# Internet host table
#
192.168.9.120 esxhost

This also requires that you are using both DNS and Files in your /etc/nsswitch.conf file. You should have a line like so;

# You must also set up the /etc/resolv.conf file for DNS name
# server lookup. See resolv.conf(4). For lookup via mdns
# svc:/network/dns/multicast:default must also be enabled. See mdnsd(1M)
hosts: files dns mdns

# Note that IPv4 addresses are searched for in all of the ipnodes databases
# before searching the hosts databases.
ipnodes: files dns mdns

i’ve also run this before hand; (to allow full access)

chmod -R 777 /tank/nfs

Update : check this guide http://blog.laspina.ca/ubiquitous/running-zfs-over-nfs-as-a-vmware-store

I’ve had this with certain kernels (2009.06) on opensolaris. Seems there is some incompatibility between some kernels and the opensolaris virtualbox network emulation. This only seems to effect linux virtual guests.

When you try to ping an address you get something like this…

[root@VA-DHCPWEB ~]# ping 192.168.9.15
PING 192.168.9.15 (192.168.9.15) 56(84) bytes of data.
64 bytes from 192.168.9.15: icmp_seq=1 ttl=128 time=1.85 ms
64 bytes from 192.168.9.15: icmp_seq=1 ttl=127 time=1.88 ms (DUP!)

I usually forward a port from my dsl router through to a VM, but it does not like it when the network is performing as above. I’m yet to find a permanent fix other than dropping back a kernel level.

I have no VLANs configured, and just have a single unmanaged switch on a single subnet. There is only a single nic configured on the virtual guest. Found this, but didn’t seem to resolve my issues. http://www.virtualbox.org/ticket/2713

If i ping the IP of the vm host it does not have the DUP packets, so it seems to be anything beyond the host adapter.

Update: This problem seemed to show itself with the new kernel / updates on the 2009.06 release of opensolaris. I’ve reverted back to 2008.11 and all seems to be working fine again. It may have something to do with project crossbow (new virtualization around the networking space) http://www.opensolaris.com/use/ProjectCrossbow.pdf

I’ve been dabbling with virtual box up until this point. But have decided to take it to the next step by using xvm to run my virtual machines. I have taken a guide from BDerzhavets at this site : http://bderzhavets.blogspot.com/2008/12/xvm-on-opensolaris-2008.html

First step is to open package manager and find the “vitalization” grouping. Install everything in this group. You’ll probably find some packages are already installed.

Next you’ll need to add the xvm kernel to the grub startup menu (menu.1st). This bit is a bit of blind faith from my perspective – its a shame that the xvm kernel package doesn’t add itself to grub? Anyhow… You need to add the following as another boot option in the /rpool/boot/grub/menu.lst file;

title OpenSolaris 2008.11 snv_101b_rc2 X86 xVM
bootfs rpool/ROOT/opensolaris
kernel$ /boot/$ISADIR/xen.gz
module$ /platform/i86xpv/kernel/$ISADIR/unix /platform/i86xpv/kernel/$ISADIR/unix -B $ZFS-BOOTFS

After a bit more reading you can apparently run bootadm -m upgrade to automatically ad the new kernel to the boot menu. But there might be some issues with on-boot? Some good info on this page : http://trevoro.ca/blog/2008/05/07/getting-xvm-to-work-in-opensolaris-200805/

…added the xVM entry automatically after performing the linkage steps. You will still need to add the ‘bootfs rpool/ROOT/opensolaris lines however.

Update : i have not implemented this yet – i’m currently happy with the stable file / virtual box server that i’m using at the moment. Its also a little early to check out this tech, as there is a lot of work being done at http://www.opensolaris.org/os/community/xen/ that is near completion.

O.k. from this  point I’m assuming you have created your zfs shares via the zfs command and renamed appropriately like so…..   (if you havent setup cifs yet then check read this)

zfs set sharesmb=on protected/backup

zfs set sharesmb=name=backup

Now to check your current shares type…

sharemgr show

zfs 

zfs/protected/backup
backup=/protected/backup

zfs/protected/photos
photos=/protected/photos

Now its time to look at NFSv4 ACL’s. This page has a great explanation of ACL’s and how to set things up. http://cuddletech.com/blog/pivot/entry.php?id=939

The ZFS manual here has the compact access and inheritance codes for chmod : http://opensolaris.org/os/community/zfs/docs/zfsadmin.pdf

Here are the current compact codes for access control;

add_file w , add_subdirectory p , delete d , delete_child D , execute x , list_directory r , read_acl c , read_attributes a , read_data r , read_xattr R , write_xattr W , write_data w , write_attributes A , write_acl C , write_owner o

Here are the current compact codes for inheritance control;

file_inherit f , dir_inherit d , inherit_only i , no_propagate n

So… The below command (referencing above compact codes) will give me (the owner) full permissions to files / directories, and read only access to everyone else. I have enabled inheritance so newly created files should also maintain their parents ACL without windows creating its own. Note: i used chown on the root of the my share first  i.e. chown -R daz /protected

then… 

chmod -R A=\

owner@:wACpdDo:d:allow,\

owner@:wACpdDo:f:allow,\

everyone@:rxaARWcs:d:allow,\

everyone@:raARWcs:f:allow \

/protected/

Remember to test that this has provided what you want. Connect to your share as guest test the permissions, then connect as the owner and test permissions again. The fun thing about this particular ACL system is that you are not restricted to just one owner and one group. You can add additional lines as required using user: and group: attributes. I’ve done a multi-user ACL post here.

There is alot of flexibility – i’d say even more than the samba server options by a long shot. Its probably a little bit more fiddly getting your commands right, but once up and running you can have alot more control.

There are also “ACL sets” which combine the above attributes into groups….. i.e .you can have just the word “full_set” (full permissions) or “read_set”  (supposedly gives you read, but i couldn’t see any child files after using this) between the first set of colons in the above command… Using ACL sets the above command could be changed to…

chmod -R A=\

owner@:full_set:d:allow,\

owner@:full_set:f:allow,\

everyone@:rxaARWcs:d:allow,\

everyone@:raARWcs:f:allow \

/protected/

This should still give the owner full permissions (previously the owner just inherited the everyone groups permissions it didnt have as well)

These are the possible choices for ACL sets: full_set , read_set , modify_set , write_set

see here for more examples : http://sigtar.com/2009/02/15/opensolaris-cifssmb-server-configuring-acl’s-on-shares-part-2/