Server and Storage Systems
Solaris 10
Documentation
Getting Started With the OpenSolaris OS
By Brian Leonard and Janice J. Heiss, October 2009
Contents
Trying OpenSolaris
Installation Options
Users, Roles, and Profiles
Service Management Facility (SMF)
Administering the Network With Network Auto-Magic
Where Is Everything on OpenSolaris?
Image Packaging System (IPS)
A Final Message
For More Information
Comments
 |
OpenSolaris is distributed as a Live CD, which means that it can be booted into RAM, causing zero impact on your existing operating system. Once it is loaded, experiment with OpenSolaris to determine whether it is something that you would like to install.
You can obtain the OpenSolaris Live CD by downloading the roughly 700 MB image file and using a CD burner to create the disk. If downloading the file to burn the CD is not an option, you can order the CD to be delivered to you for free.
The Live CD is not intended for long-term use. For example, any changes that you make to the system will be lost when the system is shut down. Therefore, the next logical step is to install OpenSolaris on the system, which the Live CD makes easy by placing an Install OpenSolaris icon right on the desktop. But before we head down that road, let's step back a bit and consider the installation options.
|
You have several alternatives on where to install OpenSolaris: inside a virtual machine on top of your existing operating system, on the bare metal alongside your existing operating system(s), or on the bare metal as a stand-alone operating system.
The easiest way to start using OpenSolaris is to install it into a virtual machine on top of your existing operating system. Figure 1 shows OpenSolaris installed on Windows Vista.
Figure 1. OpenSolaris on Windows Vista
Click the image to enlarge it. |
You are guaranteed that OpenSolaris will recognize the virtualized devices that the virtual machine provides. If you run OpenSolaris in full-screen mode, you may actually forget that there's another operating system underneath. The one drawback to this approach is that you need enough memory to run two operating systems simultaneously -- a minimum of 2 GB is recommended.
VirtualBox is a free and open-source hypervisor that supports Windows, OS X, Linux, and Solaris as host platforms, and, of course, OpenSolaris, as one of its many guests. If you decide to take this approach, watch this screencast, which covers all the details.
If you have a machine to dedicate to OpenSolaris, the installation process is straightforward. The biggest question mark with this approach is whether OpenSolaris has the proper drivers for your hardware devices. If you've run the Live CD, you may already have an indicator of how well your devices are supported. On the desktop of the Live CD is an icon for the Device Driver Utility, as shown in Figure 2. Double-click on the desktop icon and wait for the scan to complete.
Figure 2. Device Driver Utility
|
Note: It is possible to test your hardware devices even before downloading or ordering the Live CD. You can launch the Sun Device Detection Tool, as shown in Figure 3, from any browser on your existing operating system. The application is written in the Java programming language and starts with Java Web Start, which is included in the Java Runtime Environment (JRE) as part of Java SE 6. As long as you have the JRE, the application will run on any system.
Figure 3. Sun Device Detection Tool
|
If drivers are missing, both tools will provide pointers on where to look for help. Google is also your friend here, but if you truly hit a dead end, VirtualBox may be a better solution until the driver you need becomes available or until you buy a new machine.
Assuming that you have no driver issues, simply boot the Live CD and click the InstallOpenSolaris icon on the desktop to launch the installer, as shown in Figure 4.
Figure 4. OpenSolaris Installer
|
As you can see from Figure 4, the installation process is simple and asks the user some basic questions before laying down the bits.
In a multiboot scenario, you install OpenSolaris on the bare metal alongside your existing operating system(s). This scenario is the most complicated and requires some preparation. For starters, OpenSolaris does not yet include a partitioning tool, so it's up to you to create a partition in which to install OpenSolaris.
You should create the partition as a primary partition of the type Linux swap, which the OpenSolaris installer will recognize. As of this writing, it is not possible to install OpenSolaris into an extended partition, but that issue is also being addressed.
Although you can use any partitioning tool, the GNOME Partition Editor, known as GParted, is a great open-source option. If Windows is your existing OS, the OpenSolaris boot loader will recognize it without difficulty. If Linux is your existing OS, be sure to back up your GRUB configuration file, because you will need to add its entries to the OpenSolaris GRUB menu. Consult the excellent documentation available for these scenarios, as well as for many others, such as triple boot and OS X.
|
Now that you have OpenSolaris installed in some form, let's discuss how the privileges assigned to the user ID that you created during installation allow you to administer your system.
If you recall, during installation you assigned a root password and created a user account, as shown in Figure 5.
Figure 5. Installer Users Page
|
If you look at the /etc/passwd file in Figure 6, you will see root defined.
Figure 6. The
/etc/passwd File |
However, you will be frustrated if you try to log in as root. For security reasons, OpenSolaris does not define root as a user account. If you look at the /etc/user_attr file in Figure 7, you can see that root is defined as a role.
Figure 7. The
/etc/user_attr File |
You can also see in Figure 7 that the user ID created by the installer was assigned the root role by default. So, although you cannot log in as root, you can switch to the root role, which will prompt you for the root password:
bleonard@opensolaris:~$ su root Password: bleonard@opensolaris:~# |
By using this approach, you're guaranteed to have an audit trail of who did what on the system as root.
OpenSolaris also includes a collection of rights profiles. One of the rights profiles is named Primary Administrator. The etc_attr file shown in Figure 8 contains the execution attributes associated with rights profiles.
Figure 8. The
/etc/security/exec_attr File |
Notice that the Primary Administrator profile has an asterisk (*) for the command, which means all commands, and that it has a user ID (uid) of 0. This means that all commands run with a user ID of 0, which is the user ID for root.
The Primary Administrator profile is then assigned to the user who was defined during installation. This association can be seen in the user_attr file, which contains extended attributes for each user or role, as shown in Figure 9.
Figure 9. The
user_attr File |
To run commands against your rights profile, use the pfexec command. As Figure 10 shows, this command searches through the rights profiles assigned to the user ID and applies the first one that works with the specified command. In this case, recall Figure 8, where the Primary Administrator had an asterisk for the command, and recall that all commands run with a uid of 0.
Figure 10. The
pfexec Command |
For example, if you try to remove the root role from a user with the usermod command, this is what happens:
bleonard@opensolaris:~$ usermod -R "" bleonard UX: usermod: ERROR: Permission denied. |
However, if you prefix that same command with pfexec, you succeed:
bleonard@opensolaris:~$ pfexec usermod -R "" bleonard UX: usermod: bleonard is currently logged in, some changes may not take effect until next login. |
Note, the GUI shown in Figure 11 is available to administer these configuration files. Go to the System > Administration > Users and Groups menu.
Figure 11. Settings for User
|
The bottom line here is that everything is set up for you "out of the box" with the default installation of OpenSolaris. The user ID you created at install time is able to fully administer the system.
With the right privileges, you can properly administer your system, such as managing system services, which we address in the next section.
|
OpenSolaris manages system services through the Service Management Facility (SMF). Although a GUI is available, the more common and powerful way to manage the services is to use these command-line commands: svcs to report service status and svcadm to manipulate service instances. For example, run svcs to get a list of the currently running services:
bleonard@opensolaris:~$ svcs STATE STIME FMRI legacy_run Aug_28 lrc:/etc/rcS_d/S99punchclean legacy_run Aug_28 lrc:/etc/rc2_d/S20sysetup ... online 13:43:30 svc:/network/ntp:default online 17:17:22 svc:/system/avahi-bridge-dsd:default |
SMF has many advantages relative to the old way of using Unix services through startup scripts. The key advantage is the specification of metadata about each service in a manifest file. This allows users to specify dependencies between services, which then enables independent services to be started in parallel, which speeds up the system boot. Also, when services fail, they can be restarted in the correct order relative to each other. For example, take a look at the sendmail service, using the -l option to display all available information:
bleonard@opensolaris:~$ svcs -l sendmail fmri svc:/network/smtp:sendmail name sendmail SMTP mail transfer agent enabled true state online next_state none state_time Mon Aug 31 13:43:25 2009 logfile /var/svc/log/network-smtp:sendmail.log restarter svc:/system/svc/restarter:default contract_id 92 dependency require_all/refresh file://localhost/etc/mail/sendmail.cf (online) dependency require_all/refresh file://localhost/etc/nsswitch.conf (online) dependency optional_all/none svc:/system/filesystem/autofs (online) dependency require_all/none svc:/system/filesystem/local (online) dependency require_all/none svc:/network/service (online) dependency require_all/refresh svc:/milestone/name-services (online) dependency optional_all/refresh svc:/system/identity:domain (online) dependency optional_all/none svc:/system/system-log (online) |
At the bottom of this listing, you can see the services on which sendmail depends. If one of sendmail's dependent services fails to start for some reason, sendmail will not even attempt to start.
You can also easily disable, enable, and restart services by using the svcadm command. For example, use this command to disable the sendmail service:
svadm disable sendmail |
Using the -x option for the svcs command will give you an explanation of the service state:
bleonard@opensolaris:~$ svcs -x sendmail svc:/network/smtp:sendmail (sendmail SMTP mail transfer agent) State: disabled since Tue Sept 01 10:57:34 2009 Reason: Disabled by an administrator. See: http://sun.com/msg/SMF-8000-05 See: sendmail(1M) See: /var/svc/log/network-smtp:sendmail.log Impact: This service is not running. |
Note that this output also provides links to further information about the service state (http://sun.com/msg/SMF-8000-05) and the services log file (/var/svc/log/network-smtp:sendmail.log), both of which can be very useful in tracking down service failures.
|
One of the first services that users need to administer is the network. OpenSolaris uses a service known as Network Auto-Magic (NWAM) to manage the network. The service works with both wired and wireless network connections and provides all the features that you expect from a network manager, such as the ability to identify and manage wireless networks. The service prefers a wired network by default, as shown in Figure 12, but you can easily change this preference.
Figure 12. Network Interface Priority
|
You can disable NWAM either from the connection properties dialog box, as shown in Figure 13, or from the command line with the svcadm disable nwam command. This command gives you full manual control over the network configuration.
Figure 13. Connection Properties Dialog Box
|
|
So where is everything on OpenSolaris? The root directory is not hard to understand for those accustomed to Windows operating systems. It's like the top-level directory on a drive (C:\). The key difference is that OpenSolaris provides a single directory hierarchy that starts at /. So, unlike Windows, there's no need to specify a device (C:\ or D:\, and so on) in the file name.
Table 1 shows directories available on OpenSolaris through the default PATH. Note the use of forward slashes and colons instead of the semicolons found on Windows.
|
Table 1. OpenSolaris Directories on the Default Path
|
|
|
Directory
|
Content
|
Notes
|
|---|---|---|
|
||
/usr |
Sharable files: docs, executables, and so on
|
|
/usr/gnu/bin |
The GNU versions of user command-line tools
|
GNU is a recursive acronym for "GNU's Not Unix." Due to the popularity of GNU, you can now find the GNU software in Unix.
|
/usr/bin |
The Solaris versions of user command-line tools
|
The
/usr/bin directory has some overlap with /usr/gnu/bin versions, so change the PATH if you want the Solaris version. This order was set to make OpenSolaris more familiar to Linux users. |
/usr/sbin |
System administration tools
|
The
s stands for "system." |
/sbin |
Essential executables (used at boot time)
|
The
s stands for "system." |
/usr/X11/bin |
X11 utilities
|
|
|
||
Table 2 shows three additional directories of note on OpenSolaris.
|
Table 2: Additional Directories on OpenSolaris
|
|
|
Directory
|
Content
|
|
|---|---|---|
|
||
/opt |
Third-party software such as VirtualBox and OpenOffice.org
|
|
/etc |
For configuration files
|
|
/var |
For log files
|
|
|
||
No matter what operating system you use, you already understand the concept of a home directory. OpenSolaris uses /export/home instead of /home to avoid name collisions with the automounter. Solaris has a heritage as a network file system. Some users find this a bit confusing, and the development team plans to address it in the next release.
|
Because OpenSolaris is designed to fit on a CD, you'll discover very quickly the need to get additional software. A key differentiator from the Solaris OS is the new Image Packaging System (IPS) in OpenSolaris. One of the main goals of the IPS is to provide a network repository-based delivery mechanism. OpenSolaris comes with one repository preregistered, and you can easily add more.
You can use either the Package Manager GUI, as shown in Figure 14, or the command line to manage the packages.
Figure 14. Package Manager
Click the image to enlarge it. |
From the command line, the main command is pkg. The pkg command is always intended to be run with a subcommand such as list, search, info, or install. For example, use the pkg list command to see the list of packages currently installed on your system:
bleonard@os200906:~$ pkg list NAME (PUBLISHER) VERSION STATE UFIX BRCMbnx 0.5.11-0.111 installed ---- FSWxorg-fonts-core 0.5.11-0.111 installed ---- NVDAgraphics 0.180.44-0.111 installed ---- SUNW1394 0.5.11-0.111 installed ---- SUNWDTraceToolkit 0.5.11-0.111 installed ---- SUNWPython 2.4.4-0.111 installed ---- ... |
To find a package, use the search subcommand. For example, if you are looking for GlassFish, use pkg search:
bleonard@os200906:~$ pkg search glassfish INDEX ACTION VALUE PACKAGE description set GlassFish pkg:/glassfishv2@0.5.11-0.86 description set GlassFish pkg:/glassfishv2@0.5.11-0.86 description set GlassFish pkg:/glassfishv2@0.5.11-0.86 description set GlassFish pkg:/web/glassfish-2@2.1-0.111 |
And then to get more information on a particular package, use pkg info:
bleonard@os200906:~$ pkg info -r glassfishv2
Name: glassfishv2
Summary:
State: Not installed
Publisher: opensolaris.org
Version: 0.5.11
Build Release: 5.11
Branch: 0.111
Packaging Date: Mon May 18 20:20:21 2009
Size: 0.00 B
FMRI: pkg:/glassfishv2@0.5.11,5.11-0.111:20090518T202021Z
|
To see the contents of the GlassFish package, use the pkg contents command:
bleonard@os200906:~$ pkg contents -rm glassfishv2 set name=publisher value=opensolaris.org set name=variant.opensolaris.zone value=global value=nonglobal set name=variant.arch value=sparc value=i386 depend fmri=web/glassfish-2@2.1-0.111 type=require |
Here you can see that glassfishv2 is actually a metapackage, which has a dependency on the glassfish-2 package. Run pkg contents again, this time on glassfish-2, to see the actual files installed by the package.
bleonard@os200906:~$ pkg contents -r glassfish-2 PATH etc etc/init.d etc/init.d/appserv ... |
To see other dependencies that a package may have, you can use the -m or metadata option, along with grep:
bleonard@os200906:~$ pkg contents -rm glassfish-2 | grep depend depend fmri=SUNWcsl@0.5.11-0.111 type=require depend fmri=SUNWcs@0.5.11-0.111 type=require depend fmri=SUNWj6dmo@0.5.11-0.111 type=require depend fmri=SUNWj6rt@0.5.11-0.111 type=require depend fmri=SUNWj6cfg@0.5.11-0.111 type=require depend fmri=SUNWpr@0.5.11-0.111 type=require depend fmri=SUNWlibms@0.5.11-0.111 type=require depend fmri=SUNWjavadb@10.4.2.1-0.111 type=require depend fmri=SUNWj6man@0.5.11-0.111 type=require depend fmri=SUNWant@1.7.1-0.111 type=require depend fmri=SUNWj6dvx@0.5.11-0.111 type=require depend fmri=SUNWj6dmx@0.5.11-0.111 type=require depend fmri=SUNWj6dev@0.5.11-0.111 type=require depend fmri=SUNWj6rtx@0.5.11-0.111 type=require depend fmri=service/network/message-queue-41 type=require depend fmri=SUNWlibC@0.5.11-0.111 type=require depend fmri=SUNWj6jmp@0.5.11-0.111 type=require |
What this means is that IPS will identify the packages on which GlassFish depends and install them if they are not already installed.
Finally, when you are ready to install the package, use the pkg install command:
bleonard@os200906:~$ pfexec pkg install glassfishv2 DOWNLOAD PKGS FILES XFER (MB) Completed 12/12 6416/6416 114.35/114.35 PHASE ACTIONS Install Phase 7474/7474 |
Note: Only authorized users can install packages to the system, which is why you must prefix the previous command with pfexec. See the Users, Roles, and Profiles section to review.
Besides the default release repository at pkg.opensolaris.org, several additional repositories exist:
Extraincludes free software that is not freely redistributable, such as Adobe Flash and VirtualBox. It requires registration and the installation of a certificate to set up. Follow the instructions to obtain the keys and certificates. To view the contents of the repository in your browser, follow the instructions to add the certificate to Firefox.
Supportcontains the latest bug fixes and updates for those with a support contract, which we highly recommend if you decide to get serious with OpenSolaris.
Pendingis for developers who contribute packages to OpenSolaris through the Source Juicer web service. Open to all, this is a staging ground for reviewing and testing packages before they are promoted to theContribrepository. The packages are not qualified and generally not recommended for installation by users because they could contain bugs, viruses, or objectionable content.
Contribis for packages that have been promoted from thependingrepository. The packages have gone through some screening by the community, but you still use the content in this repository at your own risk.
Devis where you'll find the development branch of OpenSolaris. A new build of OpenSolaris is released approximately every two weeks. Thedevrepository replaces thereleaserepository, and unless your interest in OpenSolaris is in developing OpenSolaris, we highly recommend that you stick with thereleaserepository.
You can install additional repositories by using the pkg set-publisher command or the Package Manager GUI, as shown in Figure 15. If you rarely install repositories, using the Package Manager may be the better way to go. It's especially useful when the repository you want to add requires a key and certificate, as the command line can get quite long and prone to error.
Figure 15. Manage Repositories
|
You may have noticed the Install link when you were browsing the repositories. Figure 16 shows the Package Catalog.
Figure 16. Package Catalog
|
Clicking the Install link will launch the Package Manager and start the installation. It will also install the repository first if necessary. This is a nice feature, as anyone can promote a package. For example, here's a link to install GlassFish 
(note: Unless you're reading this from OpenSolaris, your operating system will not know what do to with this link).
A boot environment is a snapshot of the files that are critical to the operation of OpenSolaris. After installation, there is only a single boot environment, but over time, new boot environments will be created, either manually by you or automatically by the Update Manager (discussed next). A boot environment essentially allows you to roll back to an earlier snapshot of OpenSolaris in case something goes wrong in your current boot environment.
Before you do anything risky on your system, such as installing a package from the pending repository, consider creating a new boot environment to protect yourself. You can create a boot environment from either the Package Manager or the command line. Figure 17 shows the Manage Boot Environments dialog box.
Figure 17. Manage Boot Environments
|
When updates to IPS packages are available, OpenSolaris will notify you by way of an icon in your top panel, as shown in Figure 18. The Update Manager will then create a new boot environment and install the updates, which will be active on the next boot. If an update corrupts your system, you can safely boot into the environment prior to the update.
Figure 18. Update Manager
|
For many years, the Solaris OS has used the SVR4 packaging system, so named because it was part of the System V, Release 4 version of Unix.
OpenSolaris supports SVR4 packages and includes the commands needed to install and remove those packages. But no coordination exists between the IPS packages and the SVR4 packages. Conflicts may occur during package installation when you mix SVR4 and IPS packages that contain identical files, so don't install SVR4 packages unless absolutely necessary. If you run into this situation, cancel the installation and attempt to resolve the conflict before you continue.
|
Moving to OpenSolaris can be exciting. However, it can also be frustrating as you begin to learn your way around. Hopefully, this article has given you enough of an introduction to make the move.
Once up and running, you will surely come up with additional questions. A great benefit of open-source software is that the engineers who build OpenSolaris communicate in public forums. In most cases, your question has already been answered, so begin by searching the forum that most closely matches your question. For example, if you have a question about printing, start by searching the printing discussion forum, and post the question only if you cannot find the answer. Generally, you will receive a response within hours.
Also, as a user of OpenSolaris, you've just joined the OpenSolaris community. Simply asking a question in a forum makes you a contributor to the community. If you find a bug in OpenSolaris, please notify the developers.
Enjoy your journey with OpenSolaris.
|
OpenSolaris
OpenSolaris.org
Solaris and OpenSolaris Developer Center
The Observatory: OpenSolaris Tips and Tricks
Learn OpenSolaris
Download OpenSolaris
 | System Administrator |  |
| Developer and ISVs | |
| Related Products | |
Printer View