Installing N1SPS in a Zone



Following up on yesterday's post, I thought I would share the steps I took to get the N1 Service Provisioning System up and running in a local zone.

Global zone
The following steps should be run from the global zone.
  • Create a whole zone. I've called mine "sps".
  • Run "modload /kernel/sys/semsys"

Local zone
The following steps should be run from the local (sps) zone.

You may or may not have to do this depending on your setup, but N1 SPS requires a minimum amount of IPC resources. I think this is primarily due to the bundled Postgres database. FYI, these steps are documented in the installation guide. No special sauce applied.
  • Install guide steps
  • projmod -a -K "project.max-shm-memory(priv,512mb,deny) default
  • projmod -a -K "project.max-sem-ids=(priv,32,deny)" default 
  • projmod -a -K "process.max-sem-nsems=(priv,17,deny)" default 
  • prctl -n project.max-shm-memory -v 536870912 -r -i project 1 
  • prctl -n project.max-sem-ids -v 32 -r -i project 1 
  • prctl -n process.max-sem-nsems -v 17 -r -i process $$
I screwed myself by not running projmod. I have a bad habit of editing files using vi instead of running command line tools. That wasted an hour or two.

Here's the other (abstract) steps I followed:
  • I created a Solaris user/group: n1sps/n1sps
  • ran installer (cr_ms_solaris_x86_pkg_5.2.sh)
    • I chose ssh, SSL/HTTPS, create keystore later 
  • Because I chose https, I had to create a keystore
    • /usr/jdk/j2sdk1.4.2_06/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore SPS_HOME/server/tomcat/keystore -storepass [YOUR_KEYSTORE_PASSWORD]
      • Your JDK path may vary
    • chmod 600 keystore
    • chown n1sps:n1sps keystore
  • SPS_HOME/server/bin/crkeys -epass -password [YOUR_KEYSTORE_PASSWORD] 
  • copy the resulting text and paste into tomcat's server.xml (search for "keystore" in server.xml)
  • Started the server: su - n1sps SPS_HOME/server/bin/cr_server start
I now have SPS running in a local zone that has the ability to communicate with an agent running in the global zone. That agent will be responsible for provisioning other zones along with JES components. Perhaps this will be another blog entry.


Comments:

Nice. But I would've rather read, "Following up on yesterday's post, I finally finished my topic overview for UUASC." :-)

Posted by Rabbs on July 10, 2006 at 03:29 AM PDT #

Post a Comment:
Comments are closed for this entry.
About

John Clingan

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today