Category: Solaris

Posted on

OpenVPN between Solaris and MacOSX

I decided to see if I could get a VPN connection working between my laptop (running MacOSX) and my home server running Solaris 10. It turned out to be pretty easy to do a simple config. I am using OpenVPN. To compile the software on my Solaris box I needed to download 3 items:

  1. Virtual Point-to-Point (Tun) and Ethernet (TAP) devices driver. I got the version 1.1 from http://vtun.sourceforge.net/tun/ in source code form.
  2. LZO version 1.08 compression software from : http://www.oberhumer.com/opensource/lzo/download/LZO-v1/
  3. OpenVPN software, I am using the version 2.1RC because I wanted the version to match what I am going to run on the Mac. It can be downloaded from http://openvpn.net/index.php/open-source/downloads.html

Once I got everything downloaded, just compile the LZO, Tun, and OpenVPN:
I decided to have everything related to the vpn installed in /opt/vpn. One thing to note, I tried using the new version 2.x of LZO, and OpenVPN would not find it, so I had to use Version 1 even though 2 is supposed to be supported. So I did the following to compile LZO:

gzip -d lzo-1.08.tar.gz
tar -xvf lzo-1.08.tar
cd lzo-1.08
./configure --prefix=/opt/vpn/lzo
make
sudo make install

Next was to compile TUN

gzip -d tun-1.1.tar
tar -xvf tun-1.1.tar
cd tun-1.1
./configure --prefix=/opt/vpn/tun
make
sudo make install

Only issue with tun was that it did not use the –prefix, it puts everything where it needs to be in /usr/kernel/drv on solaris.

Next is openvpn:

gzip -d openvpn-2.1_rc19.tar.gz
tar -xvf openvpn-2.1_rc19.tar
cd openvpn-2.1_rc19
./configure --prefix=/opt/vpn/openvpn --with-lzo-headers=/opt/vpn/lzo/include --with-lzo-lib=/opt/vpn/lzo/lib
make
sudo make install

Once that is installed I did the simple 1 to 1 vpn connection (static key) for just testing to see if it would work. So in the /opt/vpn/openvpn/sbin directory I did this:

cd /opt/vpn/openvpn/sbin
./openvpn --genkey --secret static.key

I then copy that key to my client via some “secure” means

Then created a server.conf that looks like this:

dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static.key
cipher AES-256-CBC
keepalive 10 120

On my client (MacOSX) I downloaded Tunnelblick from http://code.google.com/p/tunnelblick/downloads/list and installed it. Next I copied that static.key from the server to the client and put it in ~/Library/openvpn. I also created a openvpn.conf in that directory that looked like this:

remote a.b.c.d
dev tun
ifconfig 10.8.0.2 10.8.0.1
secret static.key
cipher AES-256-CBC
route 10.0.0.0 255.255.255.0

In the above, a.b.c.d represents my public IP address for my solaris server.

Now when you start tunnelblick it will search that directory and find that config file and ask if you want to load it. But we are not quite ready to start yet. The next thing I had to do was forward port 1194 UDP off of my router to my OpenVPN server. I will leave this exercise to you. You will also need to make sure IP forwarding is enabled on the Solaris 10 server (because I only have 1 network card in it, but “two” different networks on the box. IP Forwarding will allow your remote machine to be able to see your local network. And since my OpenVPN server is not the router for the entire network, I had to add a static route on my router to say that 10.8.0.0 is available via the openvpn servers local network address, I.e. 10.0.0.1.

You should be able to start the openvpn server now:

/opt/vpn/openvpn/sbin/openvpn server.conf

Once it is started you can use tunnelblick to connect. Once you are connected, you should see that is is connected and the icon has changed from this:
Picture 3
to look like this:
Picture 2

You should also see a tun0 device show up:

ifconfig tun0
tun0: flags=8851 < up ,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST > mtu 1500
	inet 10.8.0.2 --> 10.8.0.1 netmask 0xffffffff 
	open (pid 608)

You should now be able to see all your hosts on the “remote” network. Next up I am going to work on doing the pki infrastructure so I can hopefully link other clients both static and dynamic.

This make is really nice to be able to see your “home” network while you are away.

Posted on

Sun Ray 5 Early Access part 2

I finally got time again to start playing with Sun Ray 5 Early Access software. Now my current setup probably should not be used for any type of test more than simple single/dual user testing. But I did not want to test the software on the current working server. So I decided to install it in a VMWare image on my Mac Pro. The Mac Pro is more than suited to handle it and had plenty of free memory/processor/storage to use so there was no contention (I gave the VM 4 processors and 8 gig of ram)..

The kicker was getting VMWare Fusion to actually allocate the network cards the way I needed them. I gave the VM 2 nics (the Mac Pro has 2), however the only options that VMWare Fusion let you do is NAT, Host-Only, and Bridged. None of which will work if I want a private network for the Sun Ray’s. To fix this you will need to go and edit some files that VMWare Fusion uses. What I had to do was the following:

1. Open up the Terminal app
2. Edit the file /Library/Application Support/VMware Fusion/boot.sh 

sudo vi /Library/Application\ Support/VMware\ Fusion/boot.sh

3. Comment out the following line:

"$LIBDIR/vmnet-bridge" -d /var/run/vmnet-bridge-vmnet0.pid vmnet0 ''

And then add 2 lines directly below that line, which tells vmware to bind the en0 physical device to the vmnet0 virtual device, same for en1 to vmnet2. Note you can not use vmnet1 or vmnet8 as those are for NAT and Host-only connections.

"$LIBDIR/vmnet-bridge" -d /var/run/vmnet-bridge-vmnet0.pid vmnet0 en0
"$LIBDIR/vmnet-bridge" -d /var/run/vmnet-bridge-vmnet2.pid vmnet2 en1

Once done, do the following:

sudo /Library/Application\ Support/VMware\ Fusion/boot.sh --restart

Now go in to your Mac System Preferences and configure the second network card for a private subnet (i.e. 192.168.128.0/24, and set the IP to be something like 192.168.128.254).

Now make sure that your VM is NOT started and is in a powered off state. Go in to the VM and under the settings for that VM add another network adapter, make sure it is selected as “Connected” it doesn’t matter what the device is configured to as we will change it later to an option that is not shown in that list.

Now you need to change the .VMX file so that it can use the new network device. So go in to the directory where you have your VM’s at and then cd in to the machine.vmwarevm directory (For example mine is called SolarisDev.vmwarevm)

Once in there you will need to edit the vmx file, mine is called SolarisDev.vmx. The first thing we are going to change is the ethernet0.connectionType property. Right now it could be any of the ones listed (host-only,bridged, nat). But we are going to change this to “custom”:

ethernet0.connectionType="custom"

Next find the entry for ethernet0.vnet, if it doesn’t exist create it and make it look like the line below. If it does exist and doesn’t match that below, make it match that:

ethernet0.vnet = "vmnet0"

Now we need to do the same for the ethernet1 entries. The only difference to what is above is vmnet0 changes to vmnet2. Once the changes are made you can save the file and start up your Solaris VM. Now what ever network is on your en0 connection on your Mac should be what is connected to the e1000g0 network on the Solaris side. I used the e1000g0 as the “public” side of the Sun Ray server. The e1000g1 interface will be what ever is connected on the en1 connection on the Mac side. I used this adapter for the private Sun Ray Lan.

You should be able to finish following the instructions on the Sun Ray wiki now and get everything configured.

To test the soft client, I set up LAN Connections on the Sun Ray Server:

/opt/SUNWut/sbin/utadm -L on

I then installed the soft client in another VM on the same machine that only had access to the public network. You then can tell the soft client what the IP of the Sun Ray server is and it will connect. Pretty darn cool that the soft client works with minimal config.

This can probably be done on a MacBook Pro as well, if you use the wireless connection as the public side and the wired as the private side. Nice way to do a little demo in one computer.

For reference here is what my network section of the .vmx file looks like :

ethernet0.addressType = "generated"
ethernet0.connectionType = "custom"
ethernet0.generatedAddress = "00:0c:29:f8:29:3b"
ethernet0.generatedAddressOffset = "0"
ethernet0.linkStatePropagation.enable = "TRUE"
ethernet0.pciSlotNumber = "32"
ethernet0.present = "TRUE"
ethernet0.virtualDev = "e1000"
ethernet0.vnet = "vmnet0"
ethernet0.wakeOnPcktRcv = "FALSE"
ethernet1.addressType = "generated"
ethernet1.connectionType = "custom"
ethernet1.generatedAddress = "00:0c:29:f8:29:45"
ethernet1.generatedAddressOffset = "10"
ethernet1.linkStatePropagation.enable = "TRUE"
ethernet1.pciSlotNumber = "35"
ethernet1.present = "TRUE"
ethernet1.virtualDev = "e1000"
ethernet1.vnet = "vmnet2"
ethernet1.wakeOnPcktRcv = "FALSE"

References:
Sun Ray Software 4.2 Wiki: http://wikis.sun.com/display/SRSS4dot2/Home

Posted on

fscking a disk under solaris volume manager control

Some people may have noticed others may not, but the server went down for a while today. Well the root cause I think is that there were some file system problems. The one thing that lead me to that is this error in /var/adm/messages:

ufs: [ID 879645 kern.notice] NOTICE: /: unexpected free inode 48714, run fsck(1M) -o f

Well this is a little hard to fix especially if you have root under solaris volume manager control. So how do you do it? Sort of easy, but it assumes you have either a solaris boot cd or a jumpstart server you can boot off of to get the box into single user mode.

Once you have the box in single user mode off of either the CD or the jumpstart server, you will need to mount in readonly mode one side of the root mirror. Say /dev/dsk/c1t0d0s0. :

mount -o ro /dev/dsk/c1t0d0s0 /mnt

Once that is mounted (if it won’t mount then you will have to fsck that side of the mirror to fix the file system if it is really screwed up to not even mount in read only mode) you need to copy some files from it to the “temp” root that you are booted from. But first we need to unload the md driver: 

# modinfo | grep md
 25 fffffffffbb04b88  30608  85   1  md (Solaris Volume Manager base mod)
#modunload -i 25

Now that the md driver is unloaded, you need to copy the following files:

cp /mnt/etc/lvm/mddb.cf  /etc/lvm/mddb.cf 
cp /mnt/etc/lvm/md.cf  /etc/lvm/md.cf
cp /mnt/kernel/drv/md.cf /kernel/drv/md.cf

Now unmount the /mnt 

umount /mnt

Now we need to restart the md driver

modload /kernel/drv/md

Now if you run metastat or metadb, you will get a generic error like there is no devices or databases set up. To fix this run a :

metainit -r

This does the following:

    -r              Only used in a shell script  at  boot  time.
                     Sets up all metadevices that were configured
                     before the system crashed or was shut  down.
                     The  information about previously configured
                     metadevices  is  stored  in  the  metadevice
                     state database (see metadb(1M)).

You can now run metastat, but all your devices will say they need maintenance. To fix this run :

metasync -r

This will sync all the mirrors back up. Now we are finally able to run an fsck againest a mirrored slice that we weren’t able to run if the machine is up in full user mode.

So now I ran :

fsck -o f /dev/md/rdsk/d30

And I keep running fsck on the device till it comes back clean with no errors. Then lather, rinse, repeat for the other slices.

Now once all the slices are done, make sure to update your boot archive (if on an x86 machine) and then you can restart the machine:

mount /dev/md/dsk/d30 /mnt
bootadm update-archive -R /mnt
umount /mnt
shutdown -g0 -i6 -y

If on a SPARC box, just make sure all the file systems you mounted off of the disks are unmounted and then restart the machine.

Posted on

vSphere4i cloning

Have been playing around with VMWare’s vSphere 4i today. One of the major differences between it and the full version is being able to clone and make templates out of VM images. What I did today was setup a machine with a bunch of Solaris VM’s. But I did not want to installed them all from scratch. On the full version of ESX, cloning is supported for Windows and I believe Linux, but don’t think it is for Solaris. So to do the poor mans clone of Solaris was what I needed to do. So how do you do it? Sort of simple:

1. Install one of the VM’s from scratch from either a CD or ISO Image. (You can upload an ISO image to the server by going in to to the Configuration section of the vSphere Client, and clicking on storage and then browse the datastore. What I did was make a directory for the ISO Images, and then you can click the upload button and find the file on the local machine and it will upload it to the server. It makes it a lot faster to install from an ISO image vs the CDRom).

2. Once the OS is installed, I put the latest Security/Recommended patches on it. I also installed the VMWare Tools.

3. Do any “configuration” that you want to be done for all the VM’s. For example, modify the /etc/issue,/etc/ssh/sshd_config, create non root accounts, enable auditing, disable services, etc.

4. The next thing I did was ran a “sys-unconfig”. This will remove the root user’s password, clear the hostname, clear all IP information and the naming service info. It will leave other local created accounts though.

5. The final step of the sys-unconfig, halts the VM. This will be the “last” time you will boot this image. We will now use it as a poor man’s template for our other VM’s. (The reason I say last is unless you are going to update it to be used to “clone” new vm’s, you should never boot it again.) You should also probably rename this virtual machine to be something like “Solaris – Template – DNB” (DNB=Do Not Boot… )

6. Back in the Datastore browser, create a new folder for the to be “cloned” vm.

7. Now go in to the folder of the original vm you made that is in the “unconfiged” state. Once in there, select ALL the files in there and right click and select copy.

8. Now go to the newly created folder, and go in to it and right click and select paste. For a VM with a 20gb disk this takes about a minute or so to copy and paste.

9. Now go in to the cloned directory and right click on the VMX file and select “Add to Inventory”. It will pop up a dialog box and will let you “name” the new vm. Type in the new name of the new vm. (It won’t change the name of the files in that directory though.)

10. Next you can power on the new “cloned” vm. It will give you a pop up box asking if you have “moved” it or “copied” it or something else. Just select copied, and it will load the VM.

11. Now when Solaris boots, it will look like a clean machine, it will ask you for the hostname, ip, name service, etc, and then reboot after you enter in the information.

All said I did about 12 of these and had them all running at the same time and didn’t have a problem with them. If you need some different “hardware” for a vm, before you power it on, you can change the settings just as if you had installed it from scratch. One thing with the new vSphere it will support adding more than just a disk if the OS supports it. So you should be able to add processors, disk and possibly memory on the fly to a solaris VM.

Hope that helps people with the i version of ESX…

Posted on

Mediatomb and Solaris 10

Now that I rebuilt the server, it was time to put media tomb on it to share media with the PS3. To get it to compile on Solaris (fresh 05/09 Update 7 install patched with the latest security and recommended patches), there are a couple of things you have to do (most of this is from http://blogs.sun.com/constantin/entry/mediatomb_on_solaris with some additional stuff I had to do:

1. Download the latest version of the “file” program from ftp://ftp.astron.com/pub/file/ (my case the current is 5.03)
2. Unzip/untar the file
3. Configure and run make:

gzip -d file-5.03.tar.gz
tar -xvf file-5.03.tar
cd file-5.03
./configure --prefix=/usr/local/file
gmake
su - root -c "gmake install"

3. There are a bunch of other requirements for mediatomb, the easiest way to get them is to use www.blastwave.org. The packages that I installed are:
CSWbdb4
CSWbzip2
CSWcurl
CSWcurlrt
CSWexpat
CSWfaac
CSWfaad2
CSWfconfig
CSWffmpeg
CSWffmpeglib
CSWftype2
CSWgcc3corert
CSWgcc3g++rt
CSWgcrypt
CSWggettext
CSWgpgerr
CSWiconv
CSWid3lib
CSWimlib2
CSWisaexec
CSWlame
CSWliba52
CSWlibid3tag
CSWlibidn
CSWlibnet
CSWlibogg
CSWlibsdl
CSWlibssh2
CSWlibtool
CSWlibtoolrt
CSWlibx11
CSWlibxau
CSWlibxcb
CSWlibxdmcp
CSWncurses
CSWoldaprt
CSWossl
CSWossldevel
CSWosslrt
CSWosslutils
CSWpixman
CSWpng
CSWsasl
CSWsdlmixer
CSWsqlite3
CSWsqlite3dev
CSWstl4
CSWsunmath
CSWtaglibgcc
CSWtheora
CSWtiff
CSWungif
CSWvorbis
CSWxvid
CSWzlib

4. Once these are installed, you can download mediatomb and compile it. http://mediatomb.cc/pages/download

gzip -d mediatomb-0.11.0.tar.gz
tar -xvf mediatomb-0.11.0.tar
cd mediatomb-0.11.0
./configure --prefix=/mediatomb --enable-iconv-lib --with-iconv-h=/opt/csw/include --with-iconv-libs=/opt/csw/lib --enable-libmagic --with-magic-h=/usr/local/file/include --with-magic-libs=/usr/local/file/lib --with-taglib-cfg=/opt/csw/bin/taglib-config --with-curl-cfg=/opt/csw/bin/curl-config --with-sqlite3-libs=/opt/csw/lib --with-sqlite3-h=/opt/csw/include --with-search=/opt/csw --with-id3lib-h=/opt/csw/include --with-id3-libs=/opt/csw/lib
gmake

However before you can run gmake, you need to edit a couple of files. One is the src/main.cc, you need to comment out lines 128 through 141. This is not needed for Solaris. The second file to edit is a result of this:

During the compile I got an error that looked like this:

../src/url.cc:78:53: macro "curl_easy_setopt" requires 3 arguments, but only 2 given
../src/url.cc: In member function `zmm::Ref<zmm ::StringBuffer> URL::download(zmm::String, long int*, CURL*, bool, bool, bool)':
../src/url.cc:78: warning: statement is a reference, not call, to function `curl_easy_setopt'

To fix it edit the src/url.cc file and on line 78 change it from this:

curl_easy_setopt(curl_handle, CURLOPT_NOBODY);

to this :

curl_easy_setopt(curl_handle, CURLOPT_NOBODY, 1);

Then rerun gmake . Once the compile is finished, su to root and do a gmake install, it will place all the media tomb stuff in /mediatomb. (I am using a Zone on a Solaris 10 machine so / has plenty of space).

I then created a user for mediatomb to be run under, so a user and group called mediatmb were created, and all the /mediatomb directories and files were changed to be owned by mediatmb

Once that was done, login as the mediatmb user and create a script in /mediatmb/bin with the following in it:

LD_LIBRARY_PATH=/opt/csw/lib:/usr/local/file/lib:/usr/sfw/lib
export LD_LIBRARY_PATH
./mediatomb --ip x.x.x.x --port 49194 --daemon --pidfile /tmp/mediatomb.pid --logfile=/tmp/mediatomb.log

where x.x.x.x is the IP address of the machine you are running it on. In Constantin’s blog, he mentioned also using the interface, but I found that it had problems since this was a zone. So instead of using the interface, I used the IP address of the zone.

The changes I made to the config.xml in the ~/.mediatomb directory are as follows:

-bash-3.00$ diff orig-config.xml config.xml 
6a7
&gt;       &lt;account user="unixwiz" password="video"/&gt;
23c24
&lt; &lt;protocolInfo extend="no"/&gt;&lt;!-- For PS3 support change to "yes" --&gt;
---
&gt;     &lt;protocolinfo extend="yes"/&gt;&lt;!-- For PS3 support change to "yes" --&gt;
44a46
&gt;     &lt;magic -file&gt;/usr/local/file/share/misc/magic.mgc&lt;/magic&gt;
46a49,50
&gt;       &lt;map from="mpg" to="video/mpeg"/&gt;
&gt;       &lt;map from="JPG" to="image/jpeg"/&gt;
61c65
&lt; &lt;!-- &lt;map from="avi" to="video/divx"/&gt; --&gt;
---
&gt;         &lt;map from="avi" to="video/divx"/&gt;

Now all you have to do is login to the web interface and add the media, following mediatomb’s documentation.

Some interesting things I have found with it:

1. If your PS3 is on wireless it may have problems streaming mp4, but not mpeg2. Weird I know as the mpeg2 was solid streaming at 370kb/s, but it couldn’t handle the mp4. Switching to a hardwired connection fixed that problem.

2. If you happen to be a ReplayTV user [cause TiVO is a wanna be replay 😉 ] you can use MediaTomb in conjunction with DVArchive, which also runs nicely in my Solaris zone. Just point a media directory at the Local_Guide directory and mediatomb will stream every MPEG2 file in that directory to your PS3. Which is pretty damn cool.

3. The PS3 is very pickly about it’s mp4 type files. Some that I made with handbrake don’t work, but ones I did with ffmpegx worked once I put the hardwired connection in.

4. I have not tried any of the transcoding stuff. I would rather do that before and not bog down my server doing that.

5. I need to do a lot of reading on how to make folders and the such so that my collection is organized and not just all under one directory.

For those interested:
My compile environment is setup like this:

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/sfw/bin:/usr/ccs/bin:/usr/local/bin:/opt/csw/bin
SHELL=/bin/tcsh