Solaris 11.2 Deployment - Many Steps Forward
By Dar_K on Apr 29, 2014
Solaris 11.2 Deployment - Many Steps Forward
Solaris 11.2 has seen a lot of new additions in the deployment area, I'm sure that you'll see much more details about each of these over the coming days, but I figured it would be good to list them all out in one place, to whet your appetite.
In no particular order, some of the biggest changes that can be seen are:
- Unified Archives
Unified Archives, in summary, allow the cloning and redeployment of existing installations with ease.
New commands, and enhancements to existing commands, have been provided to take snapshots of installed systems, bundle these up in to what we're calling Unified Archives (UA for short) and to re-deploy these images to other systems.
This is part of the Solaris 11.2 operating system, not an add-on, and supported by the same people that develop the operating system.
A lot of work has gone into ensuring that only what needs to be archived is archived, and that on deployment the system can be reconfigured either the same as the original system (a clone for easy recovery), or similar to the original system (redeployment to another host in parallel to original system).
This can be used to move S11 based systems between physical and virtual deployments (P2V) and vice versa, virtual to physical (V2P). This will better enable customers to manage their deployments over time.
A lot more about Unified Archives can be found in the documentation at the following:
- Automated Installer (AI) Manifest Wizard
A common annoyance of Solaris 11 Automated Installer was that people were required to write XML files to define the structure of their systems to be installed.
The AI Manifest Wizard is web-based, in that you can use your favourite browser to create your first AI XML file using a wizard-style interface, similar to the Live CD Installer. It will guide you along the most common tasks to be performed on installation with AI - the selection of disks and packages to install, the definition of the ZFS pools, etc.
To help you learn about the structure of the AI Manifest's XML, you can play with things, adding/removing elements, and view the generated XML to see how it varies with these changes.
The generated XML can then be saved for later use in a real deployment.
While this won't totally eliminate having to learn XML, it goes a long way to helping you to understand what can be done, and how it is all tied together, especially when first starting out.
When your install server is updated to Solaris 11.2, the best way to get started with it is of course to use it.
If connecting to the AI server via ssh with X forwarding (ssh -X) or connecting to a desktop session on the AI server, you may also connect using the following command to launch it:
http://<AI Server IP>:<AI Server Port>/
All going well, you should see something like:
For more on the ai-wizard launcher, you can take a look at the ai-wizard(1M) manpage.
In Solaris 11 and 11.1, installation with AI on SPARC uses WANboot and HTTP for transport of data between the AI server and the AI SPARC client.
With Solaris 11.2, it will now be possible to configure the AI server to communicate with the SPARC AI client using Secure HTTP (HTTPS) as the transport, with the initial boot image provided via Secure WANboot.
With Solaris 11.2, it will be possible to configure the AI service so that that the security level of the installation can vary between optional, encrypt only, server signature verified and/or client signature verified - thus allowing things to be tailored to a site's requirements.
This will provide a secure end-to-end transport for the SPARC AI client. Something that is important to many customers.
More on configuring your AI Server's security credentials can be found in the Installing Oracle Solaris 11.2 Systems documentation at one of:
- How to Configure Security for Automated Installations
- Configuring Security Credentials.
- Showing Security Information
The 'installadm' CLI now provides the primary interface for configuring an Automated Installer (AI) server.
In the past, to configure some elements of an AI server, it was necessary to directly push values in to SMF - it is now possible to configure these values using the installadm CLI and its set-server sub-command. For example, to set the HTTP and HTTPS port to be used for the AI server:
# installadm set-server --port 15555 --secure-port 15556
# installadm list -av
It is now possible to specify the user of secure package repositories when creating or updating an AI service image, for example:
# installadm create-service -p solaris=http://pkg.mycompany.com/ --key /tmp/key.pem --cert /tmp/cert.pm
# installadm update-service --help
The sysconfig CLI has been enhanced to provide support for groupings, in that it is now possible to specifically configure (or un-configure) specific individual groups of configuration - such as (system) identity, users, keyboard, location, naming service, etc.
This further feeds into the ability to generate such a configuration profile for delivery by the Automated Installer (AI) service to a client, allowing you to more easily maintain separate configuration profiles for various groupings - e.g. one for network, one for the users, etc.
Lots of examples, and usage about the sysconfig CLI can be found in the Installing Oracle Solaris 11.2 Systems documentation under:
While not directly used by the installers, the configuration and maintenance of that configuration over time is something that is important in an enterprise.
With the addition of Puppet 3 into Solaris 11.2, along with the addition of some Solaris specific providers it will now be easier to ensure that a machine's configuration is as expected, and this can be managed from a central source.
Solaris 11 Zones are lightweight containers that allow for easy division of resources for various uses.
In regular zones, to make them so lightweight, they have a shared kernel, requiring that the kernel version running inside the Non-Global Zone (NGZ) has to be the same as that in the Global Zone (GZ), thus requiring all Zones (global or not) to have to be kept in step during upgrades.
With the introduction of Kernel Zones (KZ) in Solaris 11.2, it will now be possible to deploy different patch-level versions of Solaris 11.2 in to each Non-Global Zone. Kernel Zones are so-called because each Zone may have a different version of the Solaris Kernel (the heart of an operating system) running inside the NGZ.
Kernel Zones are still lightweight and maintain all the benefits of existing Solaris Zones including operating with minimal performance overhead, allowing for some over-subscription (more virtual hardware than physical hardware) and easy management.
Additionally, these new enhancements to existing tools will be important for some users:
- Bootable Solaris 11.2 USB media for SPARC
With Solaris 11.2 it is now possible to boot SPARC systems off of USB, not just DVD/CD-ROM, hard-disk or network.
- 'dd'-able media
Prior to Solaris 11.2, installation media required the use of a 'usbcopy' script to write media to a device to be later used for installation. For some people this created a chicken-and-egg scenario since to run 'usbcopy' you first had to have a Solaris installation.
With Solaris 11.2, it is now possible to create media from the install images (.iso or .usb) by simply writing the raw-data to the device, using a unix tool like 'dd' or some Windows equivalent.
- 'aimanifest' CLI Updates
This 'aimanifest' CLI has been enhanced to make scripting around it easier with the ability to get multiple matching entries in the XML, enable the setting of several elements at once, and finally adding the ability to delete nodes.
More information about this can be found in the aimanifest(1M) manpage.
- Automated Installer (AI) Configuration Profile Support for Kerberos
With Solaris 11.2, it will now be possible to deploy a Kerberos configuration at install time, which will then be configured on first-boot.
- Automated Installer (AI) Configuration Profile Template Variables
The AI Configuration Profiles have had some new variables added to enable easier sharing of network configuration profiles over multiple clients.
The variables introduced here are: AI_NETLINK_DEVICE, AI_NETLINK_VANITY, AI_IPV4_PREFIXLEN, AI_ROUTER.
- Automated Installer (AI) Manifest slice tag use_existing action
With Solaris 11.2, it is possible to specify a use_existing action on slices to re-use the same dimensions (start_sector and size) from the existing slice on the disk.
More information on this can be found in the ai_manifest(4) manpage