Testing Oracle Solaris 11

Last May I published a post about my tests on Solaris 11 Express. Two weeks ago, Oracle released the final release of Solaris 11. I upgraded my Express version to the final and… a lot of stuff stopped working :no: I am finally out of the tunnel :wizard:, and I survived to tell you the story. …The first things that I noticed weren't working were pfexec and pfbash. In the OpenSolaris/Solaris 11 Express world, pfexec was used much like sudo is used in Linux; the added benefit of pfexec is the ability to use fine grained "profiles" to define what a user can and cannot do, but that's a long story.

Before the upgrade if I ran, e.g., pfexec touch /that, that would create a file named "that" in the root directory; and if I ran pfbash, I got a root shell. That wasn't working any more.

Then, I noticed my workstation, which gets its network configuration via DHCP, wasn't updating the dynamic DNS any more. While trying to understand that, I also noticed that I wasn't able to switch to system network profiles any more, neither via the GUI nor via the command line. (Note: if you are wondering what "network profiles" are, and you are a Linux+NetworkManager user, think at the different "connections" you can define for a network interface, and you get the idea).

That was too much, and Google was not returning any useful information. I hate forums with all my heart :furious:, but I had no other choice than to ask the question on Oracle's Solaris 11 for SysAdmins forum.

The first thing that turned out was that the powerful 'Primary Administrator' profile, which allowed you to do basically anything as root and without password using pfexec, was removed and replaced with the less powerful 'System Administrator' profile. This new profile retained some of the previous power, but a lot more was left out. From a Linux user point of view, now Solaris is more in line with Linux in that it relies more on sudo.

Still, the questions regarding DHCP and network profiles were open, and I got some pointers to documentation to read. After some reading, and trial and error, it was evident that you are not allowed to switch to system network profiles any more. There was a sneaky workaround anyway: disabling the "User" profiles switches you to the Automatic one.

But the DHCP/DNS problem was still open. No recipe I found on the Internet was working.

In an attempt to debug the problem better, I reconfigured syslog to throw more information from the system daemons into a log file. In syslog.conf I put:

daemon.info                                     /var/log/daemon.log

That was helpful: look what I found at the first reboot:

Nov 24 13:35:30 isaiah ipmgmtd[95]: [ID 233892 daemon.notice] /etc/hostname.bge0 files are no longer a supported mechanism for defining persistence. See ipadm(1m).

/etc/hostname.interface was the way DHCP/Dynamic DNS worked before (see again my previous post): this confirmed that I needed to get into ipadm, and leave all other recipes out.

But that wasn't easy: the recipes in the Oracle guides didn't work, because the automatic network configuration got in the way. After a lot of unfruitful attempts, I decided for the hard way: I staked my system and decided to reconfigure it using sysconfig configure. Stake my system? Wait, no!

I already said here in this blog and elsewhere that one of the features of Solaris I like most are boot environments. Basically, you can take a snapshot of the system, and reboot into the snapshot. If you make a destructive change and screw the system, you can reboot back in the original system image (it reads: boot environment), and you are back at the state as it was when you took the snapshot.

Back to our case, I was going to do a potentially destructive change, so I created a new boot environment (using the beadm command), and rebooted into that. But wait, I needed to boot in single user mode, and running the classic init 1, or using shutdown, was hanging my system :bomb:. But I found a way: you must add a "-s" in the kernel line in grub. I think I knew this, but I forgot 😦

So, finally: booted in single user mode, and ran sysconfig. When prompted, I choose to have no network configuration. The system was reconfigured and left with the loopback interfaces only. It was time to use ipadm, the official Solaris 11 command to deal with network interface configuration at the IP level. And Oracle's recipe finally worked!.

For future reference, these are the steps:

ip create-ip bge0                            # prepares the network interface for configuration
ipadm create-addr -T dhcp -h isaiah bge0/v4 # configures IPv4 address
ipadm create-addr -T addrconf bge0/v6       # configures IPv6

My system was back online, with its IPv4 and IPv6 addresses as before, and the configuration is persistent (it doesn't vanish after a reboot).

So, after nearly a week fighting, I have reclaimed my powers on my workstation :cool:. It's time to play with Solaris again 🙂

And, in case you are interested, you can read the whole forum thread.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.