May 26th, 2016 | Categories: Personal, Solaris, Technology

I was in the market for a configuration management and remote execution tool. After looking around I didn’t really find any I liked and also supported SmartOS (and illumos).

It quickly became clear that I would need to do some legwork. I’m by no means a great programmer and my language selection is mostly limited to Turbo Pascal, C#, and Java supplemented with shell script (~bash really), perl (long ago), and Python.

My eye fell on SaltStack as it uses mostly Python, the community looked welcoming. I looked at some PR’s and the feedback happening on them was constructive. As a plus, Nahum Shalman already did some legwork to get SaltStack into the SmartOS global zone!

I spend a lot of time getting SmartOS support for managing zones/VMs usable.

  • imgadm execution module got cleaned up and reworked
  • vmadm execution module was written as a replacement for the existing ‘virt’ compatible module
  • smartos state module was written that uses the imgadm and vmadm execution modules, this allows for management of zones/vms, images, and configuration.

I’ve been running these at home for about 3 months. They are pretty solid, I have a few things I want to improve in them but they are certainly usable. If you use them and find any issues, please open an issue on the saltstack github and tag me using @sjorge. I will try and fix them as soon as I can.

After this I started to manage my zones themselves hitting a few roadblocks along the way. Most of these changes also apply to illumos in general. (Sometimes to *BSD’s too)

  • zpool execution module got reworked and now supports most actions the underlying cli command does.
  • zfs execution module also got reworked
  • zfs state module was writting that uses the rewritten zpool and zfs execution modules.
    • zfs.scheduled_snapshot written to replace my usage of zsnapper in the global zone. It’s not perfect but gets the job done. (Use the schedule state to execute this state often.)
  • mdata execution module to retrieve and set SmartOS metadata.
  • fmadm execution module written for Solarish platforms.
  • system execution module written for Solarish platforms.
  • cron execution module fixed for Solarish platforms when setting jobs for a different user.
  • shadow execution module improved with gen_password and del_password for Solarish platforms.
  • timezone execution module fixed for Solarish platforms
  • locale execution module fixed for Solarish platforms
  • pkgin execution module now loads as default on SmartOS
  • grains now show more info on SmartOS, including mdata
  • grains now show correct info when running on SmartOS under LX branded emulation.

Some other small fixes here and there.

Overall SaltStack 2016.3 is working great for me on SmartOS and OmniOS. If you use these platforms, give it a spin!

How do I get this awesomeness? A pip install should work fine inside a zone. For the global zone I have a esky package hosted here.

Comments Off on SmartOS, would you like some Salt with that?
July 25th, 2015 | Categories: Personal, Programming, Solaris, Technology

I spent the last 3 days yak-shaving. I had the intent of looking into deploying SaltStack to monitor my zones at home. Instead I give you asmd AKA “Advanced SmartOS Management Daemon”. Yes I should really get better at naming things.

So what is this asmd you speak of, you may ask? It is my one pythonbash script to replace them all. SmartOS wise anyway. As you know I run a few SmartOS nodes at home, you may also know I really try to push IPv6 everywhere. SmartOS does not support this. After a few months I had collected a few hacks to make my life easier, each had their own smf service… You could see my learning progression in them as the quality improved as I got more familiar with the SmartOS internals.

I wrote a simple “framework” to plug in my little hacks and scripts, this framework is asmd. Once I had the base line I rewrote most of my hacks to leverage this framework. I originally wrote this in python that I pushed to the SmartOS nodes as an esky package. This was powerful but also complete, on day two I rewrote everything in bash.

So how does it work? Each ‘service’ lives in $PREFIX/services/name.service and sets a few variables to describe it self and implements 3 functions:

  • asmd_service_config :: execute on asmd-setup, this can be used to prepare some files and directories.
  • asmd_service_start :: runs when the service starts
  • asmd_service_stop :: runs when the service stops

The following variables are required

  • ASMD_SERVICE_NAME :: name of the service as it appears under smf
  • ASMD_SERVICE_DESC :: description use for the smf service
  • ASMD_SERVICE_TYPE :: for now only ‘transient’ is tested, although ‘daemon’ should also be supported.
  • ASMD_SERVICE_DEPENDENCIES :: svc identifiers for service dependencies
  • ASMD_SERVICE_DEPENDENTS :: svc identifiers for services dependent on this service

Functions marked in italic can be omitted, variables marked in italic can be empty.

When asmd-setup is ran, usually once after install or when adding/removing services a smf manifest is generated and placed in /opt/custom/smf so that SmartOS loads it at boot. Each service is a named instance under system/asmd. I decided to use /usbkey/config to store all the configuration individual services need.

Currently the following services are implented:

  • hostname :: set hostname and/or domain name at boot
  • profile :: symlinks files and folders into /root to customize the user environment (aka inject bash aliasses like vmadm wrapper that can use aliasses of zones)
  • exec :: executes each script located in /usbkey/config.inc/exec after network is up. Mostly used for quick and dirty hacks 😉
  • swap :: manage additional swap devices / can also remove the default zones/swap device
  • mail :: configure forwarding for root mails / (smart)relay host
  • cron :: inject cron jobs defined in /usbkey/config
  • ipv6 :: configure ipv6 address/gateway on admin_nic.

You can check it out on github: https://github.com/sjorge/asmd

Feel free to play around, open issue on github if you find things that are broken.

Comments Off on Advanced SmartOS Management Daemon
May 23rd, 2015 | Categories: Personal, Solaris, Technology

My new package repo is now live!

I’m only targeting the current base64-lts release.
Currently only SmartOS is supported, although it should be compatible with OmniOS using the pkgsrc bootstrap available at http://pkgsrc.joyent.com/ some recent changes (epoll) seem to have broke them as SmartOS supports it but OmniOS and Nexenta Community both seem to be lacking it.

As of now omnios.blackdot.be is deprecated and no further updates will happen. Somewhere later this year it will go offline, I have no date yet but it will probably happen the next time I need to do a big round of updates.

Comments Off on pkg.blackdot.be live, omnios.blackdot.be depricated
May 20th, 2015 | Categories: Solaris, Technology

As previously mentioned I will be deprecating omnios.blackdot.be IPS package repository soonish.

Work has started on pkg.blackdot.be, the initial set of packages is up. But most are untested and they need some more love. Once the packages are where I want them to be. I will start rolling packages for omnios also.

Check it out if you want to poke it. Although stuff will change and change often!

Comments Off on pkg.blackdot.be enters alpha stages
April 18th, 2015 | Categories: Personal, Solaris, Technology

Just a heads up, somewhere later this year I will turn down omnios.blackdot.be and will bring up pkg.blackdot.be. There I will host a smaller selection of packages for use in SmartOS zones or on OmniOS once the illumos flavor of pkgsrc is installed.

Not sure when this will happen because I am currently changing jobs. More info will follow.

Comments Off on OmniOS package repo eventual deprecation
March 25th, 2015 | Categories: Solaris, Technology

I wrote a wiki page on how to run a ntp server on SmartOS. Check it out!


http://wiki.smartos.org/display/DOC/GPS+backed+NTP+server

Comments Off on Running an NTP server under SmartOS
March 22nd, 2015 | Categories: Personal, Solaris, Technology

As it comes as no surprise I migrated my hosting from ESXi Free to SmartOS a year or so ago.
However every major update I spend an hour or so building a new zone from scratch to then switch over.

This is tiresome so now I’m working on a bootstrap script that will rebuild the zone for me from the data on a delegated dataset.
So far 2/4 zones are done and this is AMAZING, a simple vmadm reprovision and all is set.

Anyway, back to the other 2 zones that need some love! I hope to start update more again soon.
I will be switching jobs again and the new one will give me some more free time to write!

Comments Off on SmartOS and updates
January 5th, 2015 | Categories: Uncategorized

Bryan Cantrill has some interesting thoughts about the last year.

Very much worth your time to read his blog entry 2014 in review: Docker rising.

I also get a mention which came as a huge surprise and honer!

Happy 2015 everyone.

Comments Off on Very interesting read to start of the years.
September 2nd, 2014 | Categories: Hardware, Solaris, Technology

Hey Folks,

Sorry for not updating more often, but I do not have that much to say. The wiki actually sees more information with me updating that as I go along or discover some small neat things! So please do check out the wiki also!

I had page on the wiki about setting up a serial console on OmniOS and other Illumos based systems like OpenIndiana.

Some improvements were made. But it boils down to a simple patch of console-login service to add 2 (or more) vt’s on the serial ports.

Patch can be found here.

Then do the following to enable login on serial (for non-root only).
You can also enable com1 to enable the 2nd serial port.

sttydefs -a com0 -i '115200 hupcl opost onlcr ofill' -f '115200'
sttydefs -a com1 -i '115200 hupcl opost onlcr ofill' -f '115200'

svccfg export console-login > console-login.xml 
patch < console-login.patch
svccfg import console-login.xml && rm console-login.xml console-login.patch
 
svcadm enable vtdaemon:default console-login:com0

If you want root to be able to login run the following:

/usr/gnu/bin/sed -i 's/^CONSOLE=/#CONSOLE=/' /etc/default/login

A more in depth explanation that also covers GRUB can be found here.

Enjoy

Comments Off on OmniOS and Serial Console
June 22nd, 2014 | Categories: Networking, Solaris, Technology

Hey Guys,

Lately I’ve been thinking about replacing my ESXi setup I have at OVH with a SmartOS one. I got a cheap kimsufi server for one month to play around. As you know those do not have multiple IP’s/NIC’s.

I wrote a little dirty how to on how to setup NAT in the global zone and use port forwarding to expose services from zones.

You can read about it here: https://docu.blackdot.be/snipets/solaris/smartos-nat

Edit: some already asked me on how secure this is, well not very since the displays (vnc) spawned by SmartOS are not encrypted. I updated the wiki to only allow ICMP + SSH by default now.

Using a single IP+NAT is definitely not the best way to do it, but it does work.

Comments Off on SmartOS with single IP and NAT