Showing posts with label smf. Show all posts
Showing posts with label smf. Show all posts
Tuesday, 1 April 2008
Running a DTrace script as an SMF service
Sam Faulkner has put together an SMF manifest that will run a DTrace script and send the output to syslog. Very useful if you wish to DTrace something over a period of time while also ensuring that it is always running.
Thursday, 13 March 2008
SMF Tutorial
Joerg Moellenkamp has put together a great five part tutorial on SMF where he explains the concepts, then dives into developing an SMF service for OpenVPN.
Wednesday, 7 November 2007
An alternate SMF manifest for Splunk
I recently deployed an enterprise licensed version of Splunk. When an enterprise license is installed Splunk requires users to login before they can start splunking. This protects the Splunk administration pages from anonymous users and removes the need to put Splunk behind an apache reverse proxy for protection.
In order to still be able to access Splunk via HTTP (TCP/IP port 80) or HTTPS (TCP/IP port 443) the SMF manifest I originally wrote needed to be modified to allow the splunk user to open TCP/IP ports less than 1024. This was achieved by adding the “net_privaddr” privilege to the method context in the manifest. The manifest also had to be changed so that Splunk no longer bound sockets to the loop-back address only and was directly accessible.
Once you have loaded this manifest and started Splunk you must initially connect to your splunk server via the web interface and configure it to listen on TCP/IP port 80 or enable SSL and have it listen on TCP/IP port 443. Then restart the service with “
Download the complete Splunk SMF manifest. Note that it can be used with both the free and enterprise versions of Splunk.
In order to still be able to access Splunk via HTTP (TCP/IP port 80) or HTTPS (TCP/IP port 443) the SMF manifest I originally wrote needed to be modified to allow the splunk user to open TCP/IP ports less than 1024. This was achieved by adding the “net_privaddr” privilege to the method context in the manifest. The manifest also had to be changed so that Splunk no longer bound sockets to the loop-back address only and was directly accessible.
Once you have loaded this manifest and started Splunk you must initially connect to your splunk server via the web interface and configure it to listen on TCP/IP port 80 or enable SSL and have it listen on TCP/IP port 443. Then restart the service with “
svcadm restart splunk”.Download the complete Splunk SMF manifest. Note that it can be used with both the free and enterprise versions of Splunk.
Tuesday, 7 August 2007
Splunk 3.0 is out!
Splunk 3.0 is out the door! I've tested my Splunk SMF manifest and it continues to work with the new release.
Monday, 12 March 2007
SMF manifest for buildbot
As I mentioned in a previous post, I use buildbot for testing my Solaris installations. I'll be writing more about that in a future article. Until then here is a Solaris 10 SMF manifest that I've developed for starting up a buildbot master or slave. By default it creates one instance called
Before using this manifest you'll need to create your buildbot master or slave directories yourself using
To change the path run:
Then enable the service:
With this manifest you can run as many buildbot masters and slaves as your system can handle.
To add another instance run:
Now enable the new buildbot instance:
Update: Added the PATH environment variable to the manifest.
default with a configuration path of /home/buildbot/master.Before using this manifest you'll need to create your buildbot master or slave directories yourself using
buildbot create-master or buildbot create-slave.To change the path run:
# svccfg -s svc:/site/application/buildbot:default setprop buildbot/config="/path/to/buildbot/dir"
Then enable the service:
# svcadm enable svc:/site/application/buildbot:default
With this manifest you can run as many buildbot masters and slaves as your system can handle.
To add another instance run:
# svccfg -s svc:/site/application/buildbot add instance
# svccfg -s svc:/site/application/buildbot:instance addpg buildbot application
# svccfg -s svc:/site/application/buildbot:instance setprop buildbot/config="/path/to/instance"
Now enable the new buildbot instance:
# svcadm enable svc:/site/application/buildbot:instance
Update: Added the PATH environment variable to the manifest.
Friday, 9 March 2007
SMF manifests for ISC dhcpd, splunk and syslog-ng
I recently had a couple of SMF manifests listed on the Open Solaris SMF Community web site. The manifests are for ISC dhcpd, splunk 2.1/2.2, and syslog-ng.
The splunk and syslog-ng manifests are intended to be used together. The syslog-ng and splunk services depend on a FIFO existing at /var/log/splunk-syslog. In my environment I have syslog-ng accepting syslog messages, filtering them, and writing to the FIFO and splunk reading from it. You may remove this dependency if you wish.
I also have splunk binding to 127.0.0.1 with an environment variable being set in the manifest. Remove the following from the manifest if you wish to have splunk directly accessible:
I do this to limit access to the splunk admininstrator interface via an apache reverse proxy. The apache configuration snippet to achieve this is included below. Add apache Allow statements to those who you trust to access the administrator interface.
Update: Here are the same ISC dhcpd, splunk and syslog-ng manifests now hosted in my new Google Code repo. I expect these to be more up to date than the opensolaris.org hosted copies.
The splunk and syslog-ng manifests are intended to be used together. The syslog-ng and splunk services depend on a FIFO existing at /var/log/splunk-syslog. In my environment I have syslog-ng accepting syslog messages, filtering them, and writing to the FIFO and splunk reading from it. You may remove this dependency if you wish.
I also have splunk binding to 127.0.0.1 with an environment variable being set in the manifest. Remove the following from the manifest if you wish to have splunk directly accessible:
<method_environment>
<envvar name="SPLUNK_BINDIP" value="127.0.0.1"/>
</method_environment>
I do this to limit access to the splunk admininstrator interface via an apache reverse proxy. The apache configuration snippet to achieve this is included below. Add apache Allow statements to those who you trust to access the administrator interface.
# Reverse Proxy for splunk listening on localhost:8000
ProxyRequests Off
<Proxy *>
Order Deny,Allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
# Don't allow access to /admin/ which allows people to upload log files
# and tail any file on the server.
<Location /admin/>
Order Deny,Allow
Deny from all
# Add allow statements here
</Location>Update: Here are the same ISC dhcpd, splunk and syslog-ng manifests now hosted in my new Google Code repo. I expect these to be more up to date than the opensolaris.org hosted copies.
Subscribe to:
Posts (Atom)