I wrote these instructions back in Feb 2008 and just dumped this from my old Google Sites wiki. |
This guide describes a stripped down Server Solaris 10 server ideal as a host for Container technology. You can download Solaris 10 for free online and you will only need the first, second and fifth disc.
This procedure will outline the steps to be used in the creation of basic Sun image. Server images built this way can then be backed up and restored to any similar hardware using ufsdump/ufsrestore and the standard Sun solaris install boot cd to access a recovery shell running in memory.
CTRL-L {refresh the shell}
Things have slightly changed with the new Solaris T5120 system. First, ILOM has been replaced with ALOM. Think of (Lights Out Manager) LOM as an OS that you use even when the SUN system is off. It has many features, but for us all that matters is you can still boot the system even after it is down with LOM. You can browser the T5120 product documentation for more details.
Note* - When connecting to the remote console, certain editors do not display properly (mainly vi) when the TERM environment variable is not set to vt100. To rectify this problem, set: TERM=vt100; export TERM |
Highlighted below are the tougher questions to answer or standards that 2Keys developed. Straightforward steps will be denoted with the text ... obvious questions.
Hard Disk Partitioning Strategy (find my old article)
|
Log into your system and create a place for mounting your cdrom,
cd /mnt mkdir cdrom |
Once you have logged in, execute the following command so that backspace will work,
stty erase '^H' |
On a true server class machine, the network card will not be fully working yet so read, get your network card working. On a simple demo vm install it should be already working.
At this point you may should work remotely using ssh. It's faster than terminal and you will be able to copy and paste more easily. To do so you must minimally set up the home directory and add your user account. See the section below, Setup of Account. Just keep in mind that you won't have the bash shell yet so do not specify a default shell.
If the system is on the 4th floor at 888 Birchmount the network interface needs to be forced to 100 full as the autodetect doesn't work.On a Solaris 10 system with an e1000g interface as shown by netstat -in or ifconfig -a edit the /kernel/drv/e1000g.conf file and add as per the comments:
ForceSpeedDuplex=4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4;
Reboot for the change to take effect. grep -i link /var/adm/messages* after booting to verify the link speed is correct.
In the event SSHD is installed manually after the base installation, post-installation configuration is required. SSHD host keys need to be generated to allow ssh connections to the system. To achieve this, run the following:
/lib/svc/method/sshd -c svcadm restart ssh |
Ensure time stays correct on your server,
# Create the ntp.conf file in /etc/inet/ntp.conf # Note - zones use NTP off the global zone. The following configuration is not necessary for zones. su - root vi /etc/inet/ntp.conf driftfile /etc/ntp.drift server 10.0.44.74 server 10.234.2.6 Stop and start the ntp service to enable. svcadm enable network/ntp Check that ntp is working, ntpq ntpq> peers ntpq> quit # You should see something similiar to below. remote refid st t when poll reach delay offset disp ============================================================================== +10.0.44.74 .GPS. 1 u 812 1024 377 9.80 1.406 1.11 *10.234.2.6 .GPS. 1 u 860 1024 377 6.56 -0.546 0.52 |
There are other packages that we will now install. We choose to install these package manually rather than during the initial server setup step. We do this to remove unnecessary dependencies (extra packages being installed) and also because the interface during that step is really really slow.(It appears that the Reduced Networking Core System Support doesn't list SSH)
There are other packages that we will now install. We choose to install these package manually rather than during the initial server setup step. We do this to remove unnecessary dependencies (extra packages being installed) and also because the interface during that step is really really slow.(It appears that the Reduced Networking Core System Support doesn't list SSH)
Manually install packages as follows and in the outlined order. If you do not want to use the order provided, make sure to check package dependencies with the command, pkginfo. Package list details can be found at, http://docs.sun.com/app/docs/doc/817-0545/sparcpackagelist-tbl-1?a=view
Convenience Package I still have to make this. With Solaris10.ConveniencePackage.BonsaiFramework.zip using pkgadd -s /var/spool/pkg -d . [package name] which would contain all the packages you would need to install. This saves time of putting in CDs and then installing packages one at a time. |
Mound your CD and then use the following command to install packages,
cd /mnt/cdrom/Solaris_10/Product pkgadd -d . [package name] # command to install packages |
Core of what you need minimally,
Proven to be useful and required for day to day maintenance
Since ~ Jan 2007 - Feb 2008 we've had production proven use of container technology. Before we used to hack "cloning" but since becoming a feature in build 33 (date?), I would say we are not cutting edge (rather than bleeding edge).
Note we've are comfortable with other types of zone, but our enterprise production proven use case has been sparse zones. As of this article, the technology is brand new so here is a quick excerpt,
The default zone filesystem model is called sparse-root. This model emphasizes efficiency at the cost of some configuration flexibility. Sparse-root zones optimize physical memory and disk space usage by sharing some directories, like /usr and /lib. Any updates and programs installed in the global zone (where all the other zones site) for the most part affect the sparse-root zones. Further, sparse-root zones have their own private file areas for directories like /etc and /var (this is where your service software like Apache Web Server go).
Whole-root zones increase configuration flexibility but increase resource usage. They do not use shared filesystems for /usr, /lib, and a few others. http://opensolaris.org/os/community/zones/faq/#basic_zonetypes. We do not use Whole-root zones as it increaes maintenance (more systems to update).
This lists the required packages to allow use of Zones. The initial list is from Tony. I spent some time slimming things down. I believe this list may be even further stripped down and will try given time.
Why can we ignore the X-Windows dependencies? Turns out this is a known issue and a bug (as of Tin looking Feb 1, 2008). The kernel developer Gary Pennington explains why here. Basically SUNWzoneu depends on SUNWpool which depends on Java which asks for X stuff. In the fix, they took the parts of SUNWpool that depend on Java and split it into its own package called SUNWpoold.
SUNWxcu4 (XCU4 Utilities) (look like we do not need this)
(Required for native Java runtime and GID)
Make the base zone directory,
su - root cd /var mkdir zones |
In order to run IHS (IBM HTTP Server) 6.x on zones you must have GSKit which is packaged with IHS.
Check if GSKit is installed on the global zone.
cd /usr/bin ls gsk7* |
If you do not see gsk7 files then you must install it.
GSKit must be installed using root on the global zone,
su - # unpackage mkdir tmp cd tmp tar -xvpf ./ihs.6020.solaris.sparc.tar # run installer ./IHS/gskit.sh # Expect the following ERROR message, SunOS This is an SPARC Series machine. We are moving appropriate library into place. exec failed. errno=2. Installation of <gsk7bas> was successful. |
SUNWsndmr SUNsndmu (sendmail used for alerting verify if this is needed in the global zone)
Our packages are taken from Sunfreeware. Use the versions of package on this wiki unless:
Any freeware new packages or updated packages must be approved by Dickson or Tony.
Here is the list of Freeware packages we use,
The top program gives a high level view of the system.
Download top-3.6.1-sol10-sparc-local.gz to the global zone.
When running the command to install, do NOT put ., ./, or the directory name in front of the file name in pkgadd,
su - gunzip top-3.6.1-sol10-sparc-local.gz pkgadd -Gd top-3.6.1-sol10-sparc-local # notice no . ./ or directory name |
Found this article in 2016 which has similar practice - http://deer-run.com/~hal/SolarisWebcast.pdf and given time compare to see if they covered anything we missed here.