= Solaris Post Install =
**Summary**: What to do after a Solaris 10U9 Installation. \\
**Date**: Around 2012 \\
**Refactor**: 16 April 2025: Checked links and formatting. \\
{{tag>solaris}}
This post install page is based on Solaris 10 update 9, and shows what steps need to be taken to have a fully functional Solaris server up and running.
= Network Configuration =
== Network Adapter VMXNET3 ==
Find the name of the network card in the messages logfile:
# grep -i vmxnet /var/adm/messages
You'll see messages containing the name of the network card which should be similar to "vmxnet3s0".
Now activate the network card:
# ifconfig vmxnet3s0 plumb
Now set the actual network configuration:
# echo "solarisbox" > /etc/nodename
# echo "solarisbox" > /etc/hostname.vmxnet3s0
# echo "10.10.10.100" > /etc/defaultrouter
# echo "10.10.0.0 255.255.0.0" >> /etc/inet/netmasks
Also, you need to set the IP address in the hosts file. This file is not setup correctly by default, so make sure you configure it correctly:
vi /etc/hosts
#
# Internet host table
#
::1 localhost
127.0.0.1 localhost
10.10.10.14 solarisbox
Then restart the network service:
# svcadm restart network/physical
> Note: You can also configure the network for one time use (not persistent over reboots) by using ifconfig:
# ifconfig vmxnet3s0 10.10.10.14 netmask 255.255.0.0 up
== Setup DNS Client ==
Enter the correct DNS information into the dns configuration files file:
# echo "search getshifting.local" > /etc/resolv.conf
# echo "nameserver 10.10.10.1" >> /etc/resolv.conf
# echo "nameserver 10.10.10.11" >> /etc/resolv.conf
# echo "getshifting.local" > /etc/defaultdomain
And change the /etc/nsswitch.conf file to also look at dns for hostname resolving since it only looks at the hosts file by default:
hosts: files dns
== SSH Access ==
Right now you only have one user root which is not allowed to login using ssh by default. Edit the file /etc/ssh/sshd_config to allow root access using ssh:
PermitRootLogin yes
and restart ssh:
# svcadm restart svc:/network/ssh:default
== Troubleshooting ==
If you have any network connectivity problem you could try to disable the firewall:
# svcadm disable svc:/network/ipfilter:default
= Time and Date =
== Setup NTP Client ==
Although there is a /etc/inet/ntp.client file which can be copied to ntp.conf you can also simply create a new ntp.conf file and enter the required information:
bash-3.00# vi /etc/inet/ntp.conf
# NTP client configuration file
server 10.0.0.123
driftfile /var/ntp/ntp.drift
Now restart the NTP client:
# svcadm enable ntp
# svcs ntp
STATE STIME FMRI
online 13:44:14 svc:/network/ntp:default
bash-3.00#
> Note: if ntp is already running you should do a "svcadm restart ntp"
=== Resources ===
This is a nice article on NTP on Solaris: http://thegreyblog.blogspot.nl/2008/11/configuring-ntp-server-and-client-on.html
= Runlevel and X-Environment =
Solaris has the following default runlevels:
S : Single user state (useful for recovery)
0 : Access Sun Firmware ( ok> prompt)
1 : System administrator mode
2 : Multi-user without NFS
3 : Multi-user with NFS
4 : Unused
5 : Completely shutdown the host
6 : Reboot
As you can see, Solaris does not have different runlevels to start the server without the X-Environment. The default runlevel is 3, to check this use {{{who -r}}}. You can switch from runlevel using the {{{/sbin/init N}}} command (replace N with the runlevel you want to switch to).
I can't find a way to permanently change the default runlevel. To make sure the X-environment does not start up every time the server reboots you can disable this:
svcadm disable cde-login
== Resources ==
View the [[http://docs.oracle.com/cd/E23824_01/html/821-1451/hbrunlevels-13026.html|Oracle documentation]] for more information regarding run levels and the {{{who -r}}} command.
= ZFS Swap and Other Filesystems =
For more information regarding zfs, see [[solariszfs]]. This page just shows a quick overview of the commands. Remember you can use {{{format}}} to get an overview of the available disks, and {{{df -h}}} to get an overview of the available filesystems.
== ZFS Swap ==
Issue these commands to determine the size and create the swap partition:
# zpool create swappool c1t1d0
# zpool list swappool
# zfs create -V 83G swappool/swap
# swap -a /dev/zvol/dsk/swappool/swap
# swap -l
== ZFS Filesystem ==
There is one more disk available which should host the data:
# zpool create data c1t2d0
This will not only create the zfs pool but also the first filesystem in the pool.
Additional filesystems, as well as setting a maximum size or reserving disk space can be done using the following commands:
* zfs create data/archive
* zfs set quota=30G data/archive
* zfs set reservation=30G data/archive
= Change Shell to Bash =
We want to change the default shell for users to bash, as well as for current users. The current user is only root so far, to change the default shell for root first check where bash is located on your filesystem and then issue the correct passwd command:
# which bash
/usr/bin/bash
# passwd -e
Old shell: /sbin/sh
New shell: /usr/bin/bash
passwd: password information changed for root
> Note that if you've already added more users you can change their default shell with the same command, only add their username to the command, for example {{{passwd -e sjoerd}}}
== Change Default Shell ==
For new users, you can also create the default shell. First use the following command to check for the default settings for new users:
# useradd -D
group=other,1 project=default,3 basedir=/home
skel=/etc/skel shell=/bin/sh inactive=0
expire= auths= profiles= roles= limitpriv=
defaultpriv= lock_after_retries=
As you can see, the default shell is set to /bin/sh. There is no way to change this default to a different value using a command, as you can see here:
# useradd
UX: useradd: ERROR: invalid syntax.
usage: useradd [-u uid [-o] | -g group | -G group[[,group]...] |-d dir |
-s shell | -c comment | -m [-k skel_dir] | -f inactive |
-e expire | -A authorization [, authorization ...] |
-P profile [, profile ...] | -R role [, role ...] |
-K key=value | -p project [, project ...]] login
useradd -D [-g group | -b base_dir | -f inactive | -e expire
-A authorization [, authorization ...] |
-P profile [, profile ...] | -R role [, role ...] |
-K key=value ... -p project]
However, after you've run the useradd command a new file is created which can be modified:
# vi /usr/sadm/defadduser
"/usr/sadm/defadduser" 17 lines, 286 characters
# Default values for useradd. Changed Fri Sep 20 15:05:51 2013
defgroup=1
defgname=other
defparent=/home
defskel=/etc/skel
defshell=/usr/bin/bash
definact=0
defexpire=
defauthorization=
defrole=
defprofile=
defproj=3
defprojname=default
deflimitpriv=
defdefaultpriv=
deflock_after_retries=
Change the defshell value to show your bash shell and new users will have this shell as their default.
= Change Home Directories and Profile =
Under Solaris, home directories are kept on one of two places, /home or /export/home. The /home directory is under control of the automounter and only the automounter can create directories there. The /export/home directory is where users home directories can be created by the system administrator. By default the home directory of root is /. This is not how I want it to be, so to change this follow these steps:
* Create a home directory for root at /export/home/root
* {{{mkdir /export/home/root}}}
* {{{chmod 750 /export/home/root/}}}
* Copy root's personal files to the new home directory
* Modify /etc/passwd to reflect the change to the new homedirectory
* {{{vi /etc/passwd}}}
* Modify {{{root:x:0:0:Super-User:/:/usr/bin/bash}}}
* to {{{root:x:0:0:Super-User:/export/home/root:/usr/bin/bash}}}
* Log out and log back in again
* If everything is ok remove the old files in /
== Profiles ==
Add or change the following files in the /etc/skel directory to make sure everyone has a user friendly working environment. Copy the files to existing users as well.
=== .aliases ===
# cat .aliases
alias ll='ls -lh'
=== .bash_profile ===
# cat .bash_profile
# Begin /etc/profile
# Written for Beyond Linux From Scratch
# by James Robertson
# modifications by Dagmar d'Surreal
# Path modifications for Solaris by Sjoerd Hooft
# System wide environment variables and startup programs.
# System wide aliases and functions should go in /etc/bashrc. Personal
# environment variables and startup programs should go into
# ~/.bash_profile. Personal aliases and functions should go into
# ~/.bashrc.
# Functions to help us manage paths. Second argument is the name of the
# path variable to be modified (default: PATH)
pathremove () {
local IFS=':'
local NEWPATH
local DIR
local PATHVARIABLE=${2:-PATH}
for DIR in ${!PATHVARIABLE} ; do
if [ "$DIR" != "$1" ] ; then
NEWPATH=${NEWPATH:+$NEWPATH:}$DIR
fi
done
export $PATHVARIABLE="$NEWPATH"
}
pathprepend () {
pathremove $1 $2
local PATHVARIABLE=${2:-PATH}
export $PATHVARIABLE="$1${!PATHVARIABLE:+:${!PATHVARIABLE}}"
}
pathappend () {
pathremove $1 $2
local PATHVARIABLE=${2:-PATH}
export $PATHVARIABLE="${!PATHVARIABLE:+${!PATHVARIABLE}:}$1"
}
# Set the initial path
export PATH=/usr/local/bin:/bin:/usr/bin:/usr/openwin/bin:/usr/ucb:/etc:.
if [ $EUID -eq 0 ] ; then
pathappend /sbin:/usr/sbin:/usr/local/sbin:/root/bin
unset HISTFILE
fi
# Setup some environment variables.
export HISTSIZE=1000
export HISTIGNORE="&:[bf]g:exit"
# Setup a red prompt for root and a green one for users.
NORMAL="\[\e[0m\]"
RED="\[\e[1;31m\]"
GREEN="\[\e[1;32m\]"
if [[ $EUID == 0 ]] ; then
PS1="$RED\u$NORMAL@\h:\w$RED# $NORMAL"
else
PS1="$GREEN\u$NORMAL@\h:\w$GREEN\$ $NORMAL"
fi
for script in /etc/profile.d/*.sh ; do
if [ -r $script ] ; then
. $script
fi
done
# Now to clean up
unset pathremove pathprepend pathappend
if [ -f ~/.bashrc ]; then
source ~/.bashrc
fi
=== .bashrc ===
# cat .bashrc
if [ -f ~/.aliases ]; then
source ~/.aliases
fi
=== local.cshrc ===
# cat local.cshrc
#ident "@(#)local.cshrc 1.2 00/05/01 SMI"
umask 022
set path=(/bin /usr/bin /usr/ucb /etc .)
if ( $?prompt ) then
set history=32
endif
=== local.login ===
# cat local.login
#
# Copyright (c) 2001 by Sun Microsystems, Inc.
# All rights reserved.
#
# ident "@(#)local.login 1.7 01/06/23 SMI"
stty -istrip
# setenv TERM `tset -Q -`
umask 022
=== local.profile ===
# cat local.profile
#
# Copyright (c) 2001 by Sun Microsystems, Inc.
# All rights reserved.
#
# ident "@(#)local.profile 1.10 01/06/23 SMI"
stty istrip
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/usr/openwin/bin:/usr/ucb:/etc:.
export PATH
umask 022
= Syslog =
For more information regarding syslog see [[syslog]]. Just edit the {{{/etc/syslog.conf}}} to look like this:
#ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
# *.alert;kern.err;daemon.err operator
# *.alert root
*.emerg *
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
#
#mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)
#
#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
#ifdef(`LOGHOST', ,
#user.err /dev/sysmsg
#user.err /var/adm/messages
#user.alert `root, operator'
#user.emerg *
#)
# Configure syslog server for all alerts
*.debug @syslogserver.getshifting.local
> Note: Do not use spaces (not even one!) between the selector and action colums. always use tabs or syslog will not read the configuration file correctly, resulting in errors like this: {{{syslogd: line xx: unknown priority name "debug @loghost"}}}
After configuring syslog make sure to restart the syslog daemon:
svcadm restart system-log
= Additional Software =
== List of Software ==
We need some additional packages to run on our Solaris servers:
* openssl-1.0.1c-sol10-x86-local
* python-2.6.2-sol10-x86-local
* perl-5.12.3-sol10-x86-local
* mercurial-2.3-sol10-x86-local
* sudo_ldap-1.8.1p2-sol10-x86-local
* top-3.6.1-sol10-x86-local
== Download ==
Luckily, all these packages can be downloaded from [[http://sourceforge.net/projects/solarispackages/files/solaris10-x86-freeware/|here]] or download all packages available as I did.
> From the downloadlink above only mercurial 2.2.1 can be downloaded while we need 2.3, I have the correct package, leave me a message if you need it.
== Installing ==
After downloading you can follow these steps:
# gunzip solaris10-x86-freeware.tgz
# tar -xf solaris10-x86-freeware2.tar
# cd solaris10-x86-freeware/
From here, for each software package follow these steps:
# gunzip openssl-1.0.1c-sol10-x86-local.gz
# pkgadd -d openssl-1.0.1c-sol10-x86-local
The following packages are available:
1 SMCossl openssl
(x86) 1.0.1c
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
Processing package instance from
openssl(x86) 1.0.1c
The OpenSSL Group
The selected base directory must exist before
installation is attempted.
Do you want this directory created now [y,n,?,q] y
Using as the package base directory.
## Processing package information.
## Processing system information.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
Installing openssl as
## Installing part 1 of 1.
/usr/local/doc/openssl/CHANGES
......