Tag: cfengine

Persistent static routes in Solaris 10 11/06, 08/07

Static routes are a very common necessity once your networks become even a little complex. Whether you need to route specific traffic over a VPN or setup specific test addresses for IPMP failover, static routes are indispensable.

For many years the “correct” way of configuring static routes in Solaris has been to create an init.d script which ran the ‘route add’ commands.

As of Solaris 10 11/06, a more reasonable approach has been implemented. The ‘route’ command has a new option ‘-p’.

Make changes to the network route tables persistent across system restarts. The operation is applied to the network routing tables first and, if successful, is then applied to the list of saved routes used at system startup. In determining whether an operation was successful, a failure to add a route that already exists or to delete a route that is not in the routing table is ignored. Particular care should be taken when using host or network names in persistent routes, as network-based name resolution services are not available at the time routes are added at startup.

Now you may be asking “Where is my configuration file?” The route command currently stores your static routes in the file /etc/inet/static_routes but this has been declared volatile. Sun is not promising to keep these configurations in that file or in the same format from release to release.

I personally am not happy with Sun’s general move to administrative utilities for configuration as opposed to configuration files. I agree that utilities are useful. They ensure correct syntax, etc. but I want the ability to configure a system on the file system level as well. Otherwise I loose the ability to keep a system’s configuration files in version control. I loose the ability to deploy a system by transferring the appropriate files (ala scp, cfengine, puppet, home grown script, etc.) I prefer something along the lines of crontab where the syntax is checked but the configuration itself is a file in userspace.

Still, a standard method for configuring static routes is welcome in place of creating init scripts, especially with SMF services phasing out init scripts altogether.

CFEngine in mixed Solaris, Linux, environments

If you’ve ever tried to use CFEngine for package management, you know that it is basically useless.

  1. CFEngine only supports installing packages and not removing them (yet).
  2. It has some crazy limit defined at compilation time which limits the number of packages you can install. (see Google://cfengine “Too many arguments in embedded script”)
  3. It merges all your package work into one logical section even if you logically split up the sections and had them in a certain order etc.
  4. etc.

What comes out of all this is that you are better off using repository aware package management tools via the shellcommands actions (IMHO).

In the case of Solaris, the choice of champions seems to be pkg-get ala bolthole and blastwave.
In the case of Debian/Ubuntu, use apt-get.
This also means you no longer need to copy your package files using the cfengine copy actions since these tools will automatically retrieve them from your custom repository.

For those wanting to set up a pkg-get repository, the makecontents script should help you on your way.