Category Archives: Solaris Express

VirtualBox – Dup on ping

Posted on by No Comments ↓

I’ve had this with certain kernels (2009.06) on opensolaris. Seems there is some incompatibility between some kernels and the opensolaris virtualbox network emulation. This only seems to effect linux virtual guests.

When you try to ping an address you get something like this…

[root@VA-DHCPWEB ~]# ping 192.168.9.15
PING 192.168.9.15 (192.168.9.15) 56(84) bytes of data.
64 bytes from 192.168.9.15: icmp_seq=1 ttl=128 time=1.85 ms
64 bytes from 192.168.9.15: icmp_seq=1 ttl=127 time=1.88 ms (DUP!)

I usually forward a port from my dsl router through to a VM, but it does not like it when the network is performing as above. I’m yet to find a permanent fix other than dropping back a kernel level.

I have no VLANs configured, and just have a single unmanaged switch on a single subnet. There is only a single nic configured on the virtual guest. Found this, but didn’t seem to resolve my issues. http://www.virtualbox.org/ticket/2713

If i ping the IP of the vm host it does not have the DUP packets, so it seems to be anything beyond the host adapter.

Update: This problem seemed to show itself with the new kernel / updates on the 2009.06 release of opensolaris. I’ve reverted back to 2008.11 and all seems to be working fine again. It may have something to do with project crossbow (new virtualization around the networking space) http://www.opensolaris.com/use/ProjectCrossbow.pdf

Flashing si3114 to sata only bios

Posted on by 1 Comment ↓

This is the perfect controller for adding additional sata drives into opensolaris (well in terms of price, the bandwidth of the PCI slot is the only negative part). The si3114 comes with the default bios that supports various raid configs, but this requires additional drivers to be loaded.

Essentially the “raid” on the card is called fakeraid as it does not actually process any data itself, but hooks into the cpu via a driver and lets your cpu do all the work.

Instead we will flash the bios to be a sata only controller (no raid). If we are using ZFS its better to just present the disks and let the OS take care of the work.

You will need these tools;

bio-003114-x10_5403 – the various bios’s for the si3114 card

siflashtool – the flashing tool

Note : you must plug in a hard drive into the card or else the flash will not work.

From the zip above you want to grab this file for the bios flash “b5403.bin” the other is for raid and can be ignored.

Now you’ll need to grab your trusty bootable flash drive / usb stick. If you dont have one check out HP’s tool for creating one (else you could use a floppy boot disk if you still have one). Copy the files onto it, and boot it up.

The instructions say you can flash in windows, but i never had any luck with that – instead found booting to dos a much more reliable method. This is the commandline to run it;

SiFlashTool /File:b5403.bin

Done.

Opensolaris 2008.11 and xvm

Posted on by No Comments ↓

I’ve been dabbling with virtual box up until this point. But have decided to take it to the next step by using xvm to run my virtual machines. I have taken a guide from BDerzhavets at this site : http://bderzhavets.blogspot.com/2008/12/xvm-on-opensolaris-2008.html

First step is to open package manager and find the “vitalization” grouping. Install everything in this group. You’ll probably find some packages are already installed.

Next you’ll need to add the xvm kernel to the grub startup menu (menu.1st). This bit is a bit of blind faith from my perspective – its a shame that the xvm kernel package doesn’t add itself to grub? Anyhow… You need to add the following as another boot option in the /rpool/boot/grub/menu.lst file;

title OpenSolaris 2008.11 snv_101b_rc2 X86 xVM
bootfs rpool/ROOT/opensolaris
kernel$ /boot/$ISADIR/xen.gz
module$ /platform/i86xpv/kernel/$ISADIR/unix /platform/i86xpv/kernel/$ISADIR/unix -B $ZFS-BOOTFS

After a bit more reading you can apparently run bootadm -m upgrade to automatically ad the new kernel to the boot menu. But there might be some issues with on-boot? Some good info on this page : http://trevoro.ca/blog/2008/05/07/getting-xvm-to-work-in-opensolaris-200805/

…added the xVM entry automatically after performing the linkage steps. You will still need to add the ‘bootfs rpool/ROOT/opensolaris lines however.

Update : i have not implemented this yet – i’m currently happy with the stable file / virtual box server that i’m using at the moment. Its also a little early to check out this tech, as there is a lot of work being done at http://www.opensolaris.org/os/community/xen/ that is near completion.

Opensolaris : SMF and Squid

Posted on by No Comments ↓

Decided to create a SMF manifest for squid so that it autostarts on boot.

Command to start squid : /usr/squid/sbin/squid 

Command to stop squid : /usr/squid/sbin/squid -k shutdown 

This site has a good starter on SMF creation : http://blogs.sun.com/observatory/entry/mouting_windows_shares_at_startup

I’ve taken a copy of the /var/svc/manifest/network/smb/server.xml file for my squid manifest and placed it at /var/svc/manifest/network/squid/squid.xml

Import the XML using this command; 

svccfg import /var/svc/manifest/network/squid/squid.xml 

Update: i’ve stopped this work as i missed the fact that squid already comes with a SMF manifest! :)  No idea how i missed that one. You can enable via ; 

svcadm enable svc:/network/http:squid

This is the manifest for the above service; 

Continue reading Opensolaris : SMF and Squid

Opensolaris – configuring squid as a transparent proxy

Posted on by No Comments ↓

I used to have a virtual machine that acted as a transparent proxy, but as of late thought i’d move squid onto my host box (opensolaris). This way hopefully increasing the amount of free ram available to the host while also taking advantage of ZFS etc…

So this is a very brief guide on how to configure your opensolaris 2008.11 box as a transparent proxy. Essentially meaning if you set the solaris box as the default gateway all web traffic will be cached as it goes through it before it goes onto your dls router or outside connection.

At this point i’m assuming that your opensolaris box can access the web without issue. The config i have loaded on my box points DNS and the default route straight to my dsl router. If you have having problems getting to the web it may be the DNS problem discussed here : https://sigtar.com/2009/02/11/opensolaris-manual-network-config-issue/

First step is to enable IP forwarding;

svcadm enable ipv4-forwarding

Then install the squid package though package manager – search for “squid” and install

Configure squid via /etc/squid/squid.conf file. Find the http_port setting and add “transparent” to the required line like so…

http_port 3128 transparent

Find the network acl and add your subnet to the required line. My subnet is 192.168.4.0/24 so it should look like this. (note: you can have multiple subnets so i have two in the following example). You may need to uncomment the line…

acl our_networks src 192.168.4.0/24 192.168.2.0/24

http_access allow our_networks

Update : i had some problems with web traffic slowing down and stalling eventually over time so i have made an additional update to the /etc/squid/squid.conf file…

httpd_accel_no_pmtu_disc on

Run /usr/squid/sbin/squid -z to create the swap directories.

The default disk cache size in squid as of writing is 100MB, i usually increase mine to 30GB since disk is cheap). I also move my disk cache to a faster disk array and also increase the maximum cached object size to 1000 MB – but probably isn’t required for the small load that i would generate. Here are some of the additional changes i make (optional);

refresh_pattern . 0 80% 10080 reload-into-ims
maximum_object_size 1000 MB

I have made another post that details increasing your hit ratio here : https://sigtar.com/2009/06/10/squid-optimizing-cache-hits/

Run /usr/squid/sbin/squid

Check for any issues in the cache log located at /var/squid/logs/cache.log

You should test your proxy at the default port of 3128 first. i.e. setup the proxy details in Internet Explorer / FireFox to point to your solaris box ipaddress:3128

Next you need to redirect traffic hitting the solaris box on port 80 to 3128 (the transparent port forwarding) like so…

First enable the ipfilter service…    (no iptables in solaris)

svcadm enable ipfilter

create a file called /etc/ipf/ipnat.conf, and place this rule in it;  (this file should be auto loaded at startup)

rdr e1000g1 0.0.0.0/0 port 80 -> 127.0.0.1 port 3128

This redirects my nic (e1000g1) any network port 80 to the local loopback port 3128. To load this rule type;  (clears current rules and loads file)

ipnat -Cf /etc/ipf/ipnat.conf

to check if its working and loaded type ipnat -l

Browse some websites from your web client, and check the squid logs that all http requests are hitting the cache. default log location is /var/squid/logs/access.log

Set your DHCP to point to your solaris box as the default gateway. Done. In most cases your dsl router if it has DHCP will not allow you to change your default gateway. If this is the case you will need to setup your own DHCP server and define the opensolaris box as the default gateway. The DHCP scope can point the clients to the dsl router for DNS, only the default gateway needs to be changed.

Set squid to autostart at boot via SMF manifest;

svcadm enable svc:/network/http:squid

Done