– Kamailio SIP Server –

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
install:configure-install-solaris-sparc [2011/09/01 08:43]
109.254.49.8
install:configure-install-solaris-sparc [2012/03/22 13:42] (current)
80.250.1.245 removed spam
Line 1: Line 1:
 +======= Configuring and Installing OpenSER v1.3.2 on Solaris SPARC(tm)=======
 +
 +<​code>​
 +Main author:
 +   ​Sergio Gutierrez <saguti (at) gmail.com>​
 +</​code>​
 +
 +
 +This document describes some installation tips which where taken present at compiling and installation time of OpenSER on a Solaris SPARC System; these steps are focused in operating System setup and using some free tools provided by Sun Microsystems which can improve the performance of OpenSER. Tips for improving security when installing on this operating system are also presented.
 +These whole steps have been proven on a real life system, which offers carrier class services to 100K users of a Telco Company.
 +
 +
 +
 +
 +
 +
 +
 +
 +===== 1. Installation profile =====
 +
 +A first step to be performed is the system preparation at installation time. A first choose to be performed is the Operating System Cluster to be installed. From the various options that can be performed, a good starting point would be **SUNWCreq**,​ which will offer a relatively minimized system, but keeping basic functionalities at installation time. This cluster is described as Core System Support.
 +
 +In case that installation be performed from DVD or CD, is easier to avoid the adding of packages listed below at installation time, and install them after installation. If an advanced installation technique as Solaris JumpStart(tm),​ the installation profile can be defined to add the listed packages at installation time. 
 +
 +
 +
 +
 +
 +
 +
 +
 +===== 2. Disk Partitioning =====
 +
 +The next step to be taken is the disk partitioning. In the event that, besides OpenSER, the SIP Server has also a database installed, it is important to use a reliable File System to store datafiles. Since Solaris 10 11/06, the ZettaByte File System (ZFS) is included. ZFS has native support for features as Striping, Mirroring and Dynamic Resizing, among other. ZFS has unpreceded scalability and it is easier to use than other volume management utilities, as Solaris Volume Manager. ​
 +Currently, there is a restriction with filesystems as /, /usr, /var, which can not be created at installation time as ZFS, and they need to be confiugred, for mirroring, by using Solaris Volume Manager, in the conventional way, as explained at [[http://​docs.sun.com/​app/​docs/​doc/​816-4520/​tasks-mirrors-1?​a=view]]. ​
 +
 +A recommended disk partitioning,​ asuming OpenSER and MySQL for example, could be the following one, for a system with at least two 72 GB disks (similar to the one used for us)
 +
 +
 +\\ 
 +
 +^ File System ​ ^ Recommended Type                  ^ Recommended Size                ^ Comment ^
 +^ /          |  UFS  |  8096  MB  |Assuming you have /usr as a different File System. ​                                   |
 +^ /usr       ​| ​ UFS  |  8096  MB  |For additional packages to be installed. ​                                             |
 +^ /var       ​| ​ UFS  |  20240 MB  |For system logging, and assuming that error logs are to be kept through syslogd(1M). ​ |
 +^ /opt       ​| ​ ZFS  |  10240 MB  |For system local base, where openser and MySQL related files are going to be installed. ​    |
 +^ /data      |  ZFS  |  20240 MB  |For datafiles store. It could be sized according to traffic and information preservation policies. ​    |
 +\\ 
 +
 +An implicit advantage of using ZFS is that, because of its architecture,​ it is possible to take an fdisk partition on disk and to create on it the entity called //zpool//; on this //zpool// filesystems are created, and these can be dynamically resized according to particular requirements;​ The detailed documentation of ZFS is located at [[http://​docs.sun.com/​app/​docs/​doc/​819-5461|Solaris ZFS Administration Guide]]
 +
 +
 +
 +
 +
 +
 +
 +===== 3. Complementary Packages =====
 +
 +As **SUNWCreq** offers limited functionality,​ some packages need to be added to the system to include other ones, and in particular, to include the whole tools which are required to build software from source.
 +
 +The following table lists the packages to be added. It is recommended to install them from the Solaris Installation Media because in this way, the patches provided for Sun will apply for those packages too, instead of download them from public repositories or other available sources.
 +
 +\\ 
 +
 +| Package Name  ^ Description ^
 +^ SUNWGlib ​          | Library for C Programming ​   | 
 +^ SUNWaccu ​          | System Accounting and Reporting - Usr files  | 
 +^ SUNWaccr ​          | System Accounting and Reporting - Root files |  ​
 +^ SUNWarc ​           | Lint Libraries for Software Development - Usr files  |  ​
 +^ SUNWarcr ​          | Lint Libraries for Software Development - Root files  |  ​
 +^ SUNWbash ​          | Bourne Again Shell  |  ​
 +^ SUNWbinutils ​      | GNU Binary File Utilities ​ |  ​
 +^ SUNWbtool ​         | Software Development Utilities ​ |  ​
 +^ SUNWflexlex ​       | Flex Lexer  |  ​
 +^ SUNWflexruntime ​   | Flex Lexer Runtime ​ |  ​
 +^ SUNWgcc ​           | GNU Compiler Suite  |  ​
 +^ SUNWgccruntime ​    | GNU Compiler Suite Runtime ​ |  ​
 +^ SUNWgmake ​         | GNU Make  |  ​
 +^ SUNWgzip ​          | GNU Zip Utility ​ |  ​
 +^ SUNWhea ​           | SunOS(tm) C/C++ Header Files for Software Development ​ |  ​
 +^ SUNWlibm ​          | Math and Microtasking Header - Usr files  |  ​
 +^ SUNWlibmr ​         | Math Library and Lint Files - Root files  |  ​
 +^ SUNWlibms ​         | Math and Microtasking Libraries - Usr Files   ​|  ​
 +^ SUNWlibmsr ​        | Math and Microtasking Libraries - Root Files  |  ​
 +^ SUNWntpr ​          | Network Time Protocol Server V3.0 - Root Files  |  ​
 +^ SUNWntpu ​          | Network Time Protocol Client V3.0 - Usr Files |  ​
 +^ SUNWsfwhea ​        | OpenSource Header Files  |  ​
 +^ SUNWsshcu ​         | Solaris SSH Protocol Common Utilities ​ |  ​
 +^ SUNWsshdr ​         | Solaris SSH Protocol Server - Root Files  |  ​
 +^ SUNWsshdu ​         | Solaris SSH Protocol Server - Usr Files   ​|  ​
 +^ SUNWsshr ​          | Secure Shell Protocol Client and Utilities - Root Files|  ​
 +^ SUNWsshu ​          | Secure Shell Protocol Client and Utilities - Usr Files |  ​
 +^ SUNWtoo ​           | Utilities for Software Development ​ |  ​
 +
 +\\ 
 +
 +
 +For performing special optimizations and compiling time, is recommended to install the packages GCC For SPARC(tm) Systems (GCCFSS) and Sun Code Generator for SPARC(tm) Systems. This packages can be downloaded from [[https://​cds.sun.com/​is-bin/​INTERSHOP.enfinity/​WFS/​CDS-CDS_SMI-Site/​en_US/​-/​USD/​ViewProductDetail-Start?​ProductRef=GCC-4.2.0-FCS-G-F@CDS-CDS_SMI]],​ both in pkgadd(1M) and tar.gz format. This release is based on GCC 4.2.0 and it is proven not to present problems in OpenSER compilation.
 +
 +Following a common convention, and for further reference on this document, GCCFSS installs at /opt/gcc and SCGFSS installs at /​opt/​SUNW0scgfss
 +
 +There are other packages, which are included in the cluster, but in the most of situations they are not required to be installed on the SIP Server itself. These packages are recommended to be deleted, and they should be kept only in case they be explicitely required.
 +
 +| Package Name  ^ Description ^
 +^ SUNWbsr ​          | Boot Server Daemons - Root Files    | 
 +^ SUNWbsu ​          | Boot Server Daemons - Usr Files  | 
 +^ SUNWftpr ​         | FTP Server Configuration Files  |  ​
 +^ SUNWftpu ​         | FTP Server and Utilities ​ |  ​
 +^ SUNWnfsckr ​       | Network File System Client Kernel Support - Root Files  |  ​
 +^ SUNWnfscr ​        | Network File System Client Support - Root Files  |  ​
 +^ SUNWnfscu ​        | Network File System Client Support - Usr Files  |  ​
 +^ SUNWnisr ​         | Configuration Files and Directories for Network Information System (NIS and NIS+)  |  ​
 +^ SUNWnisu ​         | Utilities for Network Information System (NIS and NIS+)  |  ​
 +^ SUNWrcmdcr ​       | Remote Network Server Commands ​ |  ​
 +^ SUNWrcmds ​        | Remote Network Server Commands |  ​
 +^ SUNWsndmr ​        | Sendmail Configuration Files  |  ​
 +^ SUNWsndmu ​        | Sendmail Utilities ​ |  ​
 +
 +\\
 +
 +
 +
 +
 +===== 4. System Hardenning =====
 +
 +After installing the packages, a recommended next step is apply the recommended patches delivered by Sun; A good starting point is the Recommended Patches, which are periodically delivered, acumulating several bug fixes, security fixes and Kernel and software updates. The Recommended Patch can be downloaded from [[http://​sunsolve.sun.com/​show.do?​target=patches/​patch-access]].
 +
 +Related to security and minimization,​ there are automated options as Solaris Security Toolkit (formerly known as JASS), available at [[http://​www.sun.com/​software/​security/​jass/​]]. However, for a finer control of the steps to secure the system, the following tips can be followed:
 +
 +
 +* The utilities which are used to compile software from source should be allowed only for specific users; these utilities should not have execution permission for other users:
 +
 +  chmod 550 /​usr/​sfw/​bin
 +  chmod 550 /​usr/​sfw/​bin
 +  chmod 550 /​opt/​gcc/​bin
 +  chmod 550 /​opt/​SUNW0scgfss/​4.0.4/​prod/​bin
 +
 +* The option **nosuid** should be added to filesystems;​ whatever, through ///​etc/​vfstab//​ or through zfs(1M) command, the whole filesystems should have this option.
 +
 +* The system builtin accounts shoulde be locked up. The following command should be executed:
 +
 +
 +  passwd -l daemon
 +  passwd -l bin
 +  passwd -l sys
 +  passwd -l adm
 +  passwd -l lp
 +  passwd -l uucp
 +  passwd -l nuucp
 +  passwd -l listen
 +  passwd -l gdm
 +  passwd -l webservd
 +  passwd -l nobody
 +  passwd -l noaccess
 +  passwd -l nobody4
 +  passwd -l mysql
 +
 +The account smmsp, which belongs to Sendmail remains created; it can be safely removed taking care not to use the option -r of userdel(1M) command, because this account is created having / as its home directory! ​
 +
 +Finally, if SAR(1M) is going to be used, sys account should not be locked up, but its password should be changed to something different to its default password.
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +
 +===== 5. Package Installation =====
 +
 +The next sections of this document will describe the steps take to compile OpenSER and its supporting packages on Solaris SPARC(tm) systems.
 +
 +As for OpenSER 1.3.2, the standard compilation on 32 bits mode produced and installation which generated random crashes; after several tests, an stable binary was got using 64 bit mode; the tips described here assume that the whole run environment of OpenSER is build exclusively and thoroughly on 64 bits; if someone detects or knows any issue with one of the described packages, feel free to report it.
 +
 +Besides, to make things easier for OpenSER installation,​ the prefix used for all packages would be pointing to /​opt/​openser,​ directory which will be used later as LOCALBASE; this simplifies the detection of prerequisites for several OpenSER modules.
 +
 +
 +There are two customizations which can be performed before starting to compile the packages, which allow to use the performance tunings ofered by GCCFSS and SCGFSS. For the installation used as reference for this document, the used options are discused below.
 +
 +* GCCFSS offers optimizations based on architecture or hardware platform; this options are detailed at [[http://​cooltools.sunsource.net/​gcc/​flags.html]]. These options are specified using the command options //​-xtarget=//​ and //​-xarch=//,​ defining them into environment variables **CFLAGS, LDFLAGS** and **CXXFLAGS**. Next, the optimizations that can be used for most usual SPARC platforms and for getting 64 bit binaries are listed:
 +
 +  For UltraSPARC: -xtarget=ultra -xarch=v9a
 +  For UltraSPARC II: -xtarget=ultra2 -xarch=v9a
 +  For UltraSPARC IIi: -xtarget=ultra2i -xarch=v9a
 +  For UltraSparc III: -xtarget=ultra3 -xarch=v9b
 +  For UltraSPARC IIICu: -xtarget=ultra3cu -xarch=v9b
 +  For UltraSPARC IV: -xtarget=ultra4 -xarch=v9a
 +  For UltraSPARC T1: -xtarget=ultraT1 -xarch=v9a
 +
 +
 +The main difference between -xarch=v9a and -xarch=v9b is the enabling of extensions specially designed for UltraSPARC III processors, and VIS instruction set; both options produce 64 bits executables.
 +
 +For reference purposes, a UltraSPARC T1 processor is assumed in the compilation examples, and **/​opt/​openser** is defined as LOCALBASE.
 +
 +
 +
 +
 +
 +# MySQL installation
 +
 +Although MySQL can be installed from Operating System sources, for a customized server, and for obtaining the performance improvements,​ is prefered to install it from sources.
 +
 +The sources of MySQL can be downloaded from: http://​dev.mysql.com/​downloads/​mysql/​5.0.html#​source
 +
 +The recommended environment for compilation is:
 +
 +  CFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  LDFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  CXXFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  PATH="/​usr/​sbin:/​sbin:/​usr/​bin:/​opt/​gcc/​bin:/​opt/​SUNW0scgfss/​4.0.4/​prod/​bin:/​usr/​sfw/​bin:/​usr/​ccs/​bin"​
 +
 +After defining these enviromental variables, configure should be run like this:
 +
 +  MAKE=gmake ./configure --prefix=/​opt/​openser --with-big-tables --enable-thread-safe-client
 +
 +In case that, for some reason, the openser database be installed in other location, the compilation of server could be disable, because openser only needs client libraries. In that case, configure would be run as:
 +
 +  MAKE=gmake ./configure --prefix=/​opt/​openser --enable-thread-safe-client --without-server
 +
 +After configuration,​ compilation can be performed with:
 +
 +  gmake
 +
 +Or, if machine has more than one processor, an extra option could be passed to make, so that it executes in parallel. For a UltraT1 system with 6 cores, for instance, gmake could be invoked like:
 +
 +  gmake -j 6
 +
 +When compilation finishes, testing of the just compiled binary is recommended to confirm it generated correctly. This can be performed by excuting:
 +
 +  gmake test;
 +
 +After tests finishes, MySQL can be installed by running the following commands:
 +
 +  groupadd mysql;
 +  useradd -m -d /​opt/​openser/​var -c "MySQL Database Server"​ -g mysql -s /bin/false mysql
 +  passwd -l mysql;
 +  cd scripts
 +  sh mysql_install_db --user=mysql
 +  cd ..
 +
 +A master configuration file for MySQL should be installed from one of the templates located at support-files subdirectory in MySQL source directory, according to host resources, my-small.cnf or my-large.cnf can be used; this file should be installed as my.cnf at data directory of MySQL installation. For this example, it would be /​opt/​openser/​var.
 +
 +Finally, a template should be installed for MySQL start at boot time; the template which appears below could be installed at /​etc/​init.d/​mysql,​ and linked from /etc/rc2.d, with a relative start order of 10 (S10mysql), and from /etc/rc1.d with a relative stop order of 90 (K90mysql); this particular template should be installed with very restrictive permissions,​ because it contains the mysql root user password for a gracefully stop, so it is recommended to be owned by root, group sys, and with 500 mode permission:
 +
 +<​code>​
 +
 +#!/bin/sh
 +
 +# Template script to start MySQL
 +
 +dirMySql=/​opt/​openser
 +userMySql=root
 +passwordMySql=verySecretPassword
 +
 +# To find libraries installed at non-standar locations, avoinding to perform crle(1M) execution
 +# to define these paths
 +LD_LIBRARY_PATH_64=/​opt/​gcc/​lib/​gcc/​sparc-sun-solaris2.10/​4.0.4:/​opt/​openser/​lib:/​opt/​openser/​lib/​mysql
 +
 +# Defines preloading of the implementation of Memory Allocation which is included with Solaris, specially
 +# designed for Multithread applications.
 +LD_PRELOAD_64=/​usr/​lib/​sparcv9/​libmtmalloc.so
 +
 +export LD_PRELOAD_64 LD_LIBRARY_PATH_64
 +case $1 in
 +        '​start'​)
 +                echo "​Starting MySQL" > /​dev/​console
 +                cd $dirMySql/​bin
 +                LD_PRELOAD_64=/​usr/​lib/​sparcv9/​libmtmalloc.so ./​mysqld_safe --user=mysql --log-warnings --log-slow-queries &
 +                sleep 10;
 +                ;;
 +
 +        '​stop'​)
 +                cd $dirMySql/​bin
 +                ./​mysqladmin -u $usuarioMySql -p$passwordMySql shutdown
 +                ;;
 +
 +        '​status'​)
 +                ps -ef | grep mysql | grep -v grep
 +                echo "​Network:"​
 +                echo "​----"​
 +                netstat -an | grep 3306
 +esac
 +
 +</​code> ​
 +
 +
 +
 +# OpenLDAP installation
 +
 +In the installation used as reference for this document, OpenSER was installed with LDAP support for authentication and authorization. Although Solaris has LDAP libraries included in Operating System installation,​ these are not useful for the OpenSER module, so that, OpenLDAP libraries are required to compile it. For the compilation,​ to avoid a current conflict between a header file included with OpenLDAP and a Solaris System header file, an extra parameter should be included in CFLAGS. For OpenLDAP compilation,​ the package SUNWdoc (Documentation tools) needs to be installed.
 +
 +The build environment would be:
 +
 +  ​
 +  CFLAGS="​-xtarget=ultraT1 -xarch=v9a -D_AVL_H"​
 +  LDFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  CXXFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  PATH="/​usr/​sbin:/​sbin:/​usr/​bin:/​opt/​gcc/​bin:/​opt/​SUNW0scgfss/​4.0.4/​prod/​bin:/​usr/​sfw/​bin:/​usr/​ccs/​bin"​
 +
 +Supposing that LDAP server is located at other location, the configure file would disable building of OpenLDAP server:
 +
 +  MAKE=gmake ./configure --prefix=/​opt/​openser --disable-slapd
 +
 +When configure finishes, the following sequence of commands would be run to build OpenLDAP:
 +
 +  gmake depend;
 +  gmake;
 +  gmake tests;
 +  gmake install;
 +
 +
 +#libConfuse
 +
 +Another package that was installed for this sample installation was libConfuse, which is required for the carrierroute module. libConfuse can be downloaded from [[http://​www.nongnu.org/​confuse/​]]
 +
 +This library, at compilation time, requires an extra option in CFLAGS and LDFLAGS, because of the default behaviour that GCCFSS exhibits when generating shared libraries. According to this, the compilation environment needs to be adjusted as follows:
 +
 +  CFLAGS="​-xtarget=ultraT1 -xarch=v9a -xcode=pic32"​
 +  LDFLAGS="​-xtarget=ultraT1 -xarch=v9a -xcode=pic32"​
 +  CXXFLAGS="​-xtarget=ultraT1 -xarch=v9a -xcode=pic32"​
 +  PATH="/​usr/​sbin:/​sbin:/​usr/​bin:/​opt/​gcc/​bin:/​opt/​SUNW0scgfss/​4.0.4/​prod/​bin:/​usr/​sfw/​bin:/​usr/​ccs/​bin"​
 +
 +The registration which makes mandatory the inclusion of this option is discused at [[http://​cooltools.sunsource.net/​gcc/​flags.html]],​ at the section describing the option -xcode=
 +
 +After configuring the environment,​ the building and compilation can be run as usual:
 +
 +  MAKE=gmake ./configure --prefix=/​opt/​openser;​
 +  gmake;
 +  gmake install;
 +
 +
 +#CURL
 +
 +CURL Library needs to be installed to fulfill further dependencies for OpenSER modules. ​
 +
 +The compilation environment is the following:
 +
 +  CFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  LDFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  CXXFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  PATH="/​usr/​sbin:/​sbin:/​usr/​bin:/​opt/​gcc/​bin:/​opt/​SUNW0scgfss/​4.0.4/​prod/​bin:/​opt/​openser/​bin:/​usr/​sfw/​bin:/​usr/​ccs/​bin"​
 +
 +Compilation and installation are performed as usual:
 +
 +  gmake;
 +  gmake install
 +
 +
 +#libxml
 +
 +Solaris has a preinstalled version of libxml, but it is quite old for most of the applications related to install external packages on the system. For that reason, it is better to compile a more recent version of it; libxml sources can be downloaded from:[[ http://​xmlsoft.org/​downloads.html]]
 +
 +
 +The compilation environment is the following:
 +
 +  CFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  LDFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  CXXFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  PATH="/​usr/​sbin:/​sbin:/​usr/​bin:/​opt/​gcc/​bin:/​opt/​SUNW0scgfss/​4.0.4/​prod/​bin:/​opt/​openser/​bin:/​usr/​sfw/​bin:/​usr/​ccs/​bin"​
 +
 +Compilation and installation are performed as usual:
 +
 +  gmake;
 +  gmake install
 +
 +
 +#XMLRPC
 +
 +XMLRPC is required to install mi_xmlrpc module of OpenSER.
 +
 +The compilation environment is defined as follows:
 +
 +  CFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  LDFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  CXXFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  CADD=$CFLAGS
 +  LDADD=$LDFLAGS
 +  LADD=$LDFLAGS
 +  PATH="/​opt/​openser/​bin:/​usr/​sbin:/​sbin:/​usr/​bin:/​opt/​gcc/​bin:/​opt/​SUNW0scgfss/​4.0.4/​prod/​bin:/​usr/​sfw/​bin:/​usr/​ccs/​bin"​
 +
 +In this case, /​opt/​openser/​bin is put at first place in PATH, so that xml2-config be called from libxml just compiled, instead the one which is built in with the system.
 +
 +Compilation and installation are performed as usual, but for XMLRPC, the build flags have to be passed in a different way:
 +
 +  CADD="​$CFLAGS"​ LDADD="​$LDFLAGS" ​ LADD="​$LDFLAGS"​ ./configure --prefix=/​opt/​openser --enable-curl-client=/​opt/​openser --enable-libxml2-backend
 +  gmake;
 +  gmake install
 +
 +
 +#NET-SNMP
 +
 +Net-SNMP is a good option for system monitoring, and is a prerequisite to be able to compile the snmpstats module, very useful to monitor OpenSER.
 +
 +Compilation environment can be configured as follows:
 +
 +
 +  CFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  LDFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  CXXFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  PATH="/​usr/​sbin:/​sbin:/​usr/​bin:/​opt/​gcc/​bin:/​opt/​SUNW0scgfss/​4.0.4/​prod/​bin:/​usr/​sfw/​bin:/​opt/​openser/​bin:/​usr/​ccs/​bin" ​
 +
 +At configuration time, some extra mib modules can be installed, which offer extra functionality on Solaris SPARC Systems:
 +
 +  MAKE=gmake ./configure --prefix=/​opt/​openser --with-mib-modules="​ucd-snmp/​diskio smux ucd-snmp/​lmSensors tcp-mib udp-mib"​ --enable-mfd-rewrites
 +  gmake
 +  gmake install;
 +
 +The following template can be used for the startup script of NET-Snmp:
 +
 +<​code>​
 +
 +#!/sbin/sh
 +
 +LD_LIBRARY_PATH_64=/​opt/​gcc/​lib/​gcc/​sparc-sun-solaris2.10/​4.0.4:/​opt/​openser/​lib:/​opt/​openser/​lib/​mysql
 +export LD_LIBRARY_PATH_64
 +
 +
 +case $1 in
 +        '​start'​)
 +                /​opt/​openser/​sbin/​snmpd -Lsd -x tcp:​localhost:​705
 +                ;;
 +
 +
 +        '​stop'​)
 +                pkill -TERM snmpd
 +                ;;
 +
 +        '​status'​)
 +                ps -ef | grep snmp | grep -v grep
 +                echo " ​    ";​
 +                echo "​Network:";​
 +                echo "​----";​
 +                netstat -an | grep 161
 +                ;;
 +esac
 +
 +
 +</​code>​
 +
 +This template should be installed at /​etc/​init.d/​net-snmpd and linked from /etc/rc2.d with a relative start order of 20 (S20net-snmpd) and from /etc/rc1.d with a relative stop order of 80 (K80net-snmpd). Recommended permissions are 550, owned by root, and group sys.
 +
 +
 +
 +
 +
 +===== 5. OpenSER Installation =====
 +
 +After the whole support packages have been installed, compilation of OpenSER can be performed.
 +
 +The compilation environment is defined as follows:
 +
 +In the installation used as reference for this document, the features which will be added to OpenSER are: Carrierroute,​ MySQL support, LDAP Support. Other modules which require other not fulfilled dependencies are not compiled.
 +
 +There is a couple of issues detected at compilation of OpenSER 1.3.2, which are even reported and fixed at Bug Tracker, but not yet released.
 +
 +1. MySQL autodetection does not work right; For a right compilation of mysql module, cross compilation has to be enabled; to enable it, the Makefile of mysql module should be edited to uncomment the following line (line 11 at Makefile):
 +
 +  CROSS_COMPILE=true ​
 +
 +2. libradiusclient-ng does not work when compiled on 64 bits; although library compiles without errors, there is an issue in the generation of hash at authorization tasks. ​
 +
 +3. Solaris has LDAP libraries built it, but those libraries are not useful to build ldap module; In case of installing OpenLDAP libraries as shown previously, at the directory defined as LOCALBASE, lines 17 and 18 of Makefile should be edited so that libraries and headers be found at LOCALBASE
 +
 +  DEFS+=-I$(LOCALBASE)/​include
 +  LIBS=-L$(LOCALBASE)/​lib -lldap
 +
 +4. In compilation of mi_xmlrpc module, the constant HAVE_SYS_FILIO_H is not defined, so compilation files. There is a patch published on tracker which fixes this for Solaris. The patch for module Makefile is:
 +
 +<​code>​
 +--- Makefile ​   Thu Dec 13 18:38:50 2007
 ++++ Makefile.saguti ​    Thu Jul 31 14:43:17 2008
 +@@ -74,7 +74,14 @@
 +        exclude_files=$(wildcard abyss_*.c)
 + endif
 +
 ++#Solaris has filio.h
 +
 ++ifeq ($(OS),​solaris)
 ++               ​MY_DEFS+=-DHAVE_SYS_FILIO_H
 ++endif
 ++
 ++
 ++
 + ​DEFS+=$(MY_DEFS)
 + ​LIBS+=$(MY_LIBS)
 +</​code>​
 +
 +
 +5. No one of the perl related modules can be built with the perl interpreter provided with Solaris; this perl has compilation flags used by Sun proprietary compiler, which are not supported by OpenSER, and this perl interpreter is not compiled in 64 bits mode. If perl modules are required, an independent perl version should be compiled from source.
 +
 +The build environment,​ for the installation used as reference for this document is defined as follows:
 +
 +  CFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  LDFLAGS="​-xtarget=ultraT1 -xarch=v9a"​
 +  PATH="/​opt/​openser/​bin:/​usr/​sbin:/​sbin:/​usr/​bin:/​opt/​gcc/​bin:/​opt/​SUNW0scgfss/​4.0.4/​prod/​bin:/​usr/​sfw/​bin:/​usr/​ccs/​bin"​
 +  LOCALBASE="/​opt/​openser"​
 +
 +And the build command is:
 +
 +  gmake PREFIX=/​opt/​openser"​ exclude_modules="​auth_radius avp_radius db_berkeley group_radius osp perl perlvdb postgres tlsops unixodbc uri_radius"​ all 
 +
 +In this way, OpenSER is compiled with all modules, except those listed at command line.
 +
 +
 +
 +
 +===== 6. Post Installation Steps =====
 +
 +
 +After OpenSER has been compiled and installed, a few final steps should be followed for ending successfully the installation:​
 +
 +1. The script for system startup of OpenSER can be installed at /​etc/​init.d/​openser,​ linked from /etc/rc2.d with relative start order of 50 (S50Openser) and from /etc/rc1.d with relative stop order of 50 (K50openser). The recommended permissions of this template are 500, owned by root and group sys.
 +
 +<​code>​
 +
 +
 +#!/sbin/sh
 +
 +# Template for starting up OpenSER
 +
 +
 +LD_LIBRARY_PATH_64=/​opt/​openser/​lib:/​opt/​openser/​lib/​mysql:/​opt/​gcc/​lib/​gcc/​sparc-sun-solaris2.10/​4.0.4
 +export LD_LIBRARY_PATH LD_LIBRARY_PATH_64
 +
 +base=/​opt/​local/​toip
 +log=$base/​openser.log
 +cfg=openser.cfg
 +#The primary IP address of the SIP Server
 +ip=192.168.0.1
 +
 +case $1 in
 +        '​start'​)
 +                # 9 process and 256 MB for Shared Memory ​                               ​
 +                $base/​sbin/​openser -n 9 -m 256 -f $base/​etc/​openser/​$cfg > $log 2>&1 &
 +                ;;
 +
 +        '​stop'​)
 +                pkill -TERM openser
 +                kill -TERM `ps -ef | grep -v grep | awk '​{print $2}'`
 +                ;;
 +
 +        '​status'​)
 +                check=`ps -ef | grep openser | grep -c -v grep`
 +
 +                if [ $check -lt 9 ]
 +                then
 +                        echo "​OpenSER stopped or not running right. Check Logs"
 +                        echo "​---------------------------------------------"​
 +                        ps -ef | grep openser | grep -c -v grep
 +                else
 +                        echo "​Openser Active"​
 +                        echo "​--------------"​
 +                        $base/​sbin/​openserctl ps
 +                        echo "​--------------"​
 +                        echo "​Network:";​
 +                        netstat -an | grep $ip.5060
 +                fi
 +
 +                ;;
 +
 +esac
 +
 +</​code>​
 +
 +2. After installing OpenSER, the structure of Database is created by invoking the create option of the openserdbctl script:
 +
 +  /​opt/​openser/​sbin/​openserdbctl create
 +
 +This, in the case that MySQL database be located at the same server. If this is not the case, the structure shoul be installed manually on the server.
 +It is important to apply a more restrictive permissions,​ because in the default configuration,​ openser user can connect to database from any location.
 +
 +3. It is important to apply more restrictive permissions to etc subdirectory at localbase. It is possible that configuration files contain sensitive information as username or passwords of database and/or LDAP directory. A mode of 500 would be desirable.
 +
 +
 +
 +===== 7. Summary =====
 +
 +This documented presented a guide to install OpenSER on a Solaris SPARC System. It contains tips which can be used from Operating System install until the compilation of software itself, to increase the security of system, and to boost performace of OpenSER by using specialized tools available from Sun to be used on these platforms.
 +
 +Although it has been written for a very particular set of modules and features in OpenSER, it offers a very complete solution, and it is near to a solution which is currently operative for a carrier class telephony system of a Telco Company.
 +
 +In the mid term, it is expected to include a more complete set of tips, for other features and modules, and to adapt itself to new releases of OpenSER.
 +
 +Any feedback about style, clarity or accuracy is more than welcome.
 +
 +Feel free to contact the author through the email address [[saguti at gmail dot com]]
 +
 +
 +
 +[color=brown]//​Jumpstart,​ Solaris, SunOS are Trademarks of Sun Microsystems. ​
 +
 +SPARC, UltraSPARC are trademarks of SPARC International Inc.//​[/​color]