X

Tips on deploying and managing Oracle Solaris, especially in clouds

Automatic Configuration of Solaris OCI Guests

Dave Miner
Sr. Principal Software Engineer

Once you've gone through the basics of setting up an Oracle Solaris guest on Oracle Cloud Infrastructure (OCI) covered in my previous post, you will likely wonder how you can customize them automatically at launch.  You can always create specific custom images by hand, but that has two problems: you're doing a lot of work by hand, and then you have to manage the custom images as well; once created, they become objects with a lifecycle of their own.  The natural desire of system admins is to write some scripts to automate the work, and then run those scripts at first boot.  That allows just managing the scripts and applying them when booting an instance of Solaris.  Let's use setting up the Solaris 11.4 beta publisher as an example.

Here's a template for a script that can automate applying your certificate and key to access the Solaris 11.4 beta publisher:

#!/bin/ksh
#
# userdata script to setup pkg publisher for Solaris beta, install packages

MARKER=/var/tmp/userdata_marker

# If we've already run before in this instance, exit
[[ -f $MARKER ]] && exit 0

# Save key and certificate to files for use by pkg
cat </system/volatile/pkg.oracle.com.certificate.pem
# replace with contents of downloaded pkg.oracle.com.certificate.pem 
EOF

cat </system/volatile/pkg.oracle.com.key.pem
# replace with contents of downloaded pkg.oracle.com.key.pem
EOF

# Wait for DNS configuration, as cloudbase-init intentionally doesn't wait
# for nameservice milestone
while [[ $(svcs -H -o state dns/client) != "online" ]]; do
    sleep 5
    done

pkg set-publisher -G '*' -g https://pkg.oracle.com/solaris/beta \
    -c /system/volatile/pkg.oracle.com.certificate.pem \
    -k /system/volatile/pkg.oracle.com.key.pem solaris

# Publisher is set up, install additional packages here if desired
# pkg install ...

# Leave marker that this script has run
touch $MARKER

Copy this script, modify it by pasting in the contents of the certificate and key files you've downloaded from pkg-register.oracle.com, and save it.

Now, select Create Instance in the OCI Console, and select your Solaris 11.4 beta image as the boot volume.  Paste or select your ssh key, and then as a Startup Script select or paste your modified copy of the template script above (Note: if you're using the emulated VM image you'll need to click Show Advanced Options to access these two fields).  Select a virtual cloud network for the instance, and then click Create Instance to start the launch process.  Once the image is launched and you're able to ssh in, you can verify that the package repository is correctly configured using "pkg search".

There are lots of possible things you might do in such a startup script: install software, enable services, create user accounts, or any other things required to get an application running on a cloud instance.  Note, though, that the script will run at every boot, not just the first one, so your script must either be idempotent or ensure that it runs only once.  The pkg operatiosn in the example script are idempotent, but I've included a simple run-once mechanism to optimize it.

Debugging Startup Script Problems

There are two components to the startup script mechanism.  OCI provides a metadata service that publishes the startup script you provide, and Solaris includes the cloudbase-init service that downloads the metadata and applies it; the script is known as a userdata script.  If your script doesn't work, you can examine the cloudbase-init service log using the command sudo svcs -Lv cloudbase-init.  By default, cloudbase-init only reports the exit status of the userdata script, which likely isn't enough to tell you what happened since scripts generally can't provide specific error codes for every possible problem.  You can enable full debug logging for cloudbase-init by modifying its config/debug property:

svccfg -s cloudbase-init:default setprop config/debug=boolean: true
svcadm refresh cloudbase-init
svcadm restart cloudbase-init
The log will now include all output sent to stdout or stderr from the script.

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha
Oracle

Integrated Cloud Applications & Platform Services