Summary

Guidance for deploying 1E Client onto Solaris devices, including installation and uninstallation. Only the Tachyon features of 1E Client are available on Solaris and other non-Windows OS.

Requirements

Guidance provided below is for installation on Solaris.

Deployment choices

Deploying the 1E Client is normally achieved using your existing software deployment tool.

Non-Windows installation account

Certificate files

Each Tachyon client device requires a .pfx certificate file. Please refer to Client certificates below, for steps to create and use the .pfx file.

For Solaris devices, the Tachyon client does not use proprietary certificate stores. Instead, the client requires the certificate exists as a .PFX file in the client installation folder structure.



Preparation

Within the zip, the Solaris 1E Client is provided as the following .p5p files:

  • 1e.client-Solaris_11.3_SPARC_v5.1.x.x.p5p

  • 1e.client-Solaris_11.4_x64_v5.1.x.x.p5p



Installation

The following specific libraries are required, but are usually installed by default:

  • libcurl
  • zlib

The Solaris 1E Client is provided as an Image Packaging System (IPS) package archive file, with the suffix .p5p. The basic command to install a package archive is:

pkg install -g package_archive_file package_name

Unfortunately, IPS does not support pre- and post-install actions of any sort, so after installation separate commands must be run to configure the client, enable it as a service, and start it. So, if the Tachyon Server (assuming that the switch and the background channel are both installed on the Tachyon Server) has the DNS Name FQDN tachyon.acme.local then the 3 commands needed are as follows:

sudo pkg install -g 1e.client-Solaris_11.3_x64_v4.0.0.573.p5p 1e.client
sudo /usr/sbin/1e.client.updateconf.sh /etc/1E/Client/1e.client.conf SWITCH=tachyon.acme.local:4000 BACKGROUNDCHANNELURL=https://tachyon.acme.local:443/Background/
sudo svcadm enable n1e-client

Please refer to 1E Client configuration settings and installer properties for a list of other configuration properties that can be configured in the same way. 

If you get an error telling you that you can't get to the Solaris package repository while installing, e.g. Unable to contact any configured publishers - which you'll probably get if your machine doesn't have internet access - you may need to temporarily disable the Solaris publisher from the package repository, by running the following command:

 sudo pkg set-publisher --disable solaris

Then the pkg install should succeed. You should be able to re-enable the Solaris publisher (should you need to) by doing an --enable instead of --disable on the command line above.

Another restriction of Solaris IPS is that files and directories cannot be tagged so that they are not deleted on uninstall. If you want the client's persistent storage to survive after uninstall (e.g. because you are likely to install the client again in future), installing the additional 1e.client.persist package will ensure this. This is included in the same package archive file as the client package itself. This command can be run either before or after installation of the client itself:

sudo pkg install -g 1e.client-Solaris_11.3_x64_v4.0.0.573.p5p 1e.client.persist


Add a pair of entries for https/443 (one each for udp and tcp) to the /etc/services file if they are not there already. Likewise http/80 for consistency. The Tachyon background channel does not work without the https entries, and we get "ERROR - failed to get host IP address for name '<background channel server>' because: service name not available for the specified socket type", and file downloads for example fail.

Certificate Files for the Tachyon Solaris client

The client certificate Tachyon.pfx and a cacert.pem file are required in the hidden directory:/etc/1E/Client/.sslcerts (to create these files see Client certificates below).

If Tachyon.pfx contains the same certificate trust chain as the Tachyon Switch, then cacert.pem is optional. This is because the client will have already cached the public certificates when it parses Tachyon.pfx and cacert.pem will be duplicating the public certificate information. If Tachyon.pfx is using a different certificate trust chain from the Tachyon Switch, then cacert.pem is always required.


Reconfiguration

Please refer to 1E Client command-line parameters if you would like to see details of other CLI commands.

This method is suitable for reconfiguring all 1E Client settings on non-Windows devices because only Tachyon client features are available and all settings are stored in the 1E Client configuration file.

Example:


/usr/sbin/1E.Client -reconfigure Switch=ACME-DMZ01.ACME.LOCAL:4000 BackgroundChannelUrl=https://ACME-DMZ01.ACME.LOCAL:443/Background/ -restart



Client certificates

Each client device requires its own certificate, which must be created as a .pfx file.

Using OpenSSL to create the .pfx file

Storing the .pfx on the client

Uninstallation

The Solaris IPS packaging system does not support pre- and post-install actions, so the 1E Client must be disabled before uninstallation.

sudo svcadm disable 1e.client
sudo pkg uninstall 1e.client

If you protected the 1E Client's persistent storage, as described in Solaris installation, but no longer need it, then you will also need to run this command:

sudo pkg uninstall 1e.client.persist

Even if you did not protect the 1E Client's persistent storage, when the 1E Client is uninstalled the IPS system saves the directory at /var/pkg/lost+found/etc/1E/1e.client/Persist-timestamp , so it can be restored if necessary.