pkgsrc / pkgin perl environment for napp-it?

[AveryFreeman]

Hey,

So I've been running napp-it on OmniOS CE 151028-d3d0427bff and I was trying to set up TLS for email notifications, to no avail.

I don't really want to have to rebuild a server, because my current VM records my TV all day and serves all my files.

But it got me thinking:

My current setup has a bunch of different repositories from the now-defunct OmniTI and elsewhere, after I was trying to download nano for editing text files when I was first setting it up a year ago

It seems like it might be better just to keep the pkg repos clean with OS only and stick with something a little less disparate like pkgsrc for the additional userland (?)

But has anyone ever done this, and does napp-it work OK with the pkgsrc perl environment?

What PATH settings might I have to change to indicate the pkgsrc perl as the default working dir?

Sorry, I am not real good with Solarish yet, it's just different enough from Linux and FreeBSD that I struggle.

Thanks
Avery

 

[gea]

1. OmniOS 151028 comes with a newer Perl and OpenSSH instead the former Sun SSH. Both updates together give problems with TLS mails when you update OmniOS to 028. On a new setup of 151028 TLS installs without problem.

My usual suggestion is to do a clean install. If you keep storage (and VM server) separate, you are up again within 30min. Just import the datapool, save/restore /var/web-gui/_log/* for napp-it settings then readd users with same uid (or backup/restore /etc/passwd, /etc/shadow, /etc/user_attr and optionally /var/smb/* for smb passwords).

2. napp-it use the included default Perl. You can add your Perl from pkgsrc that is independend from OS settings and installs in /opt (like all pkgsrc programms). Its Perl path is predefined to the /opt path. You must set it in your Perl scripts as well.

3. I would always prefer to keep storage as small and independent as possible. I would think of virtualizing additional services, either via ESXi (my preferred solution) or via Linux/Bhyve zones ontop of OmniOS.

 

[AveryFreeman]

1. OmniOS 151028 comes with a newer Perl and OpenSSH instead the former Sun SSH. Both updates together give problems with TLS mails when you update OmniOS to 028. On a new setup of 151028 TLS installs without problem.

My usual suggestion is to do a clean install. . .

2. napp-it use the included default Perl. You can add your Perl from pkgsrc that is independend from OS settings and installs in /opt (like all pkgsrc programms). Its Perl path is predefined to the /opt path. You must set it in your Perl scripts as well.

3. I would always prefer to keep storage as small and independent as possible. I would think of virtualizing additional services, either via ESXi (my preferred solution) or via Linux/Bhyve zones ontop of OmniOS.

Thank you, yes I think I am going to do a fresh install - I'm noticing now that I was running off an .OVA that has been patched quite a few times

For future reference, though, where do I need to configure defaults in OmniOS CE to use pkgsrc userland by default? I like it a lot better than the pkg system, which seems to be in a sad state of disrepair.

Is it like linux where I set build defaults using something like pkg-config?

Now to see if I can tame my ZFS shares for my domain with some info from this thread

OmniOS will be great once I learn how it works

import the datapool, save/restore /var/web-gui/_log/* for napp-it settings then readd users with same uid (or backup/restore /etc/passwd, /etc/shadow, /etc/user_attr and optionally /var/smb/* for smb passwords).

About that - I was just going to SCP from one VM to the other. Is there anything else I need to do to get my domain settings up and running?

I also have NFS shares that I serve to a few places - most notably a FreeBSD that runs my hdhomerun_record service (for TV). Anything I should know about NFS?

 

[gea]

For future reference, though, where do I need to configure defaults in OmniOS CE to use pkgsrc userland by default? I like it a lot better than the pkg system, which seems to be in a sad state of disrepair.

Solaris is feature complete for storage by its own. Sun invented ZFS, NFS, added its own SMB server, the Comstar FC/iSCSI framework and network virtualisation. Not adding 3rd party tools avoids a lot of troubles. OmniOS is Solarish (Illumos) pure. It only adds a basic set of userland tools and Linux LX zones and Bhyve from Smartos. This is ideal if you look for an as stable as possible storage server. Pkgin is an ideal addon as it adds extras without interfering too much with the core OS. But if you want best of all stability skip it. Minimalism on OmniOS is intended per design.

This is different to OpenIndiana, another Illumos distribution with a much wider repository, even with Mate and desktop apps.

For NFS you only need to preserve the permissions (allow everyone@=modify)

About AD
As the Solaris SMB server use Windows SID credidentials from the AD server, a pool move between Solarish AD member servers is uncritical. Permissions/ ntfs alike ACL just remain intact and work.

 

[AveryFreeman]

Solaris is feature complete for storage by its own. Sun invented ZFS, NFS, added its own SMB server, the Comstar FC/iSCSI framework and network virtualisation. Not adding 3rd party tools avoids a lot of troubles. OmniOS is Solarish (Illumos) pure. It only adds a basic set of userland tools and Linux LX zones and Bhyve from Smartos. This is ideal if you look for an as stable as possible storage server. Pkgin is an ideal addon as it adds extras without interfering too much with the core OS. But if you want best of all stability skip it. Minimalism on OmniOS is intended per design.

This is different to OpenIndiana, another Illumos distribution with a much wider repository, even with Mate and desktop apps.

For NFS you only need to preserve the permissions (allow everyone@=modify)

About AD
As the Solaris SMB server use Windows SID credidentials from the AD server, a pool move between Solarish AD member servers is uncritical. Permissions/ ntfs alike ACL just remain intact and work.

Awesome, thanks for all your help!

I just downloaded omniosce-r151028b.iso and set up a new VM, and I'm getting this message from vSphere:

operating system not found

It seems like the ISO isn't bootable? I'm using the Solaris 11 VM type, ESXi 6.7U1 cluster w/VCSA.

Is there an alternative download source?

 

[AveryFreeman]

Public Service Announcement:

The US-East mirror from omniosce.org doesn't appear to have a working omniosce-r151028b.iso file (at least not in my experience around the time of this post)

I tried the Swiss mirror's ISO and it worked just fine

 

[AveryFreeman]

1. OmniOS 151028 comes with a newer Perl and OpenSSH instead the former Sun SSH. Both updates together give problems with TLS mails when you update OmniOS to 028. On a new setup of 151028 TLS installs without problem.

So,

I installed the latest OmniOS and right after I set up Napp-It and SSH, the first thing I did was try to install TLS in perl using:

perl -MCPAN -e shell
notest install Net::SSLeay
notest install IO::Socket::SSL
notest install Net::SMTP::TLS

Here's the error I got from test-tls in Napp-It:

ld.so.1: perl: fatal: relocation error: file /usr/perl5/site_perl/5.28/i86pc-solaris-thread-multi-64int/auto/Net/SSLeay/SSLeay.so: symbol CRYPTO_get_locking_callback: referenced symbol not found

I noticed it was a crypto library, so I installed:

notest install Crypt::SSLeay (?)

Not really knowing what I was doing, just to see if it would help.

I'm noticing there's perl 5 libraries for SSLeay in pkgsrc. Any ideas?

 

[gea]

I have just tried a new setup of 151028 (newest patch level).
I have had no problems with TLS setup (Just confirmed everything with enter).

Have you done anything special?

 

[AveryFreeman]

I have just tried a new setup of 151028 (newest patch level).
I have had no problems with TLS setup (Just confirmed everything with enter).

Have you done anything special?

No?

Installed napp-it per website download, then the first thing I tried to do after logging in was follow the TLS email setup guide, then try the TLS email.

It was the 151028b version if that makes a difference...

 

[AveryFreeman]

So here's what I did:

# pkg fix perl
# pkg install perl-64
cpan> upgrade
(reboot)
# cpan -fi Net::SSLeay
# cpan -fi IO::Socket::SSL
# cpan -fi Net::SMTP::TLS

Tested TLS-mail in Napp-It and it worked (!!)

Know nothing about compiling using perl, but I noticed after I did the upgrade in cpan, I was trying to build files in the ~/.cpan/build directory, and watching the output I noticed a bunch of the libraries weren't linking (like DynaLoader - !).

Really relieved that a reboot helped - I thought I was going to have to re-install perl.

I'll try this again on my other OmniOS VM to see if it's reproduceable.

Thanks for all your help

 

[AveryFreeman]

OK, I couldn't reproduce the "fix" on the older VM, but I noticed it had gcc 4.9.3 while the newer version had 7.3.0 --

After having this error appear during lots of c compilation attempts that there were too many symlinks, I installed a newer version of gcc using pkgsrc (I got 7.3.0 since that's what the other VM with newer OmniOS version had by default)

In fact, gcc in /usr/bin wouldn't run at all -here's what I got when I tried to find --version:

-bash: /usr/bin/gcc: Number of symbolic links encountered during path name traversal exceeds MAXSYMLINKS

I set the gcc compiler in cpan with this flag at the end of ~/.cpan/CPAN/MyConfig.pm:

'make_arg' => q[CC=/opt/local/bin/gcc]

Then did the cpan upgrade in the shell after deleting the contents of ~/.cpan/build and force-installed the modules for TLS in the Napp-It guide.

and THAT at least appeared to install all the modules properly, but I'm still getting this message:

EHLO command failed: 501 Syntactically invalid EHLO argument(s) at /var/web-gui/data/napp-it/zfsos/15_Jobs and data services/04_TLS Email/09_TLS-test/action.pl line 80.

I think it's an issue with Net::SMTP::TLS

 

[gea]

Napp-it can use a default Perl installation with mainly two exceptions:

One is TLS (for secure email) and the other is Expect.pm (for interactive commands like passwd). The first must be compiled manually from Cpan modules, the latter is included in napp-it as a precompiled binary for any supported Solarish version and therefor work only on the default Perl environment.

In effect, it is therefor not suggested to modify the default (32bit) Perl environment or the compiler that is installed during napp-it setup as any problems are then your problems and any hint is special to your unique setup. If you need a different Perl, use another VM for it and other services or at least a separate and independent pkgin Perl that does not modify the system Perl.

 

[AveryFreeman]

Napp-it can use a default Perl installation with mainly two exceptions:

One is TLS (for secure email) and the other is Expect.pm (for interactive commands like passwd). The first must be compiled manually from Cpan modules, the latter is included in napp-it as a precompiled binary for any supported Solarish version and therefor work only on the default Perl environment.

In effect, it is therefor not suggested to modify the default (32bit) Perl environment or the compiler that is installed during napp-it setup as any problems are then your problems and any hint is special to your unique setup. If you need a different Perl, use another VM for it and other services or at least a separate and independent pkgin Perl that does not modify the system Perl.

Oh yeah, that makes sense.

I kind of felt the same way about adding pkg repositories to my old OmniOS VM - seemed like a good idea at the time, but now I have all these disparate repositories with software from different versions of OmniOS.

I thought at least pkgsrc would keep everything separate. I was only using the GCC compiler from pkgsrc.

I installed gcc 7.3 from a pkg repository and tried re-building the modules with that - no change. I even manually deleted them all from /usr/perl5/5.28/lib/i86pc-solaris-thread-multi-64

When I installed perl-64 I was a little surprised that it wasn't 64-bit already. Is that for compatibility reasons? I will uninstall it now, maybe that's adding issues.

 

[gea]

Perl is for system management where 32/64 bit makes no difference.
For napp-it this is not relevant. It use the Perl that is included per default in OmniOS, OpenIndiana or Solaris and behaves accordingly.