Lessons with OpenSolaris Appliances

Going through the comments for Minimal OpenSolaris Appliance entry,  I thought I will go over the problems I encountered when I was working on the create_solaris_appliance.sh script and what I think we can do to improve OpenSolaris in those areas.

1. Setting up the disk

This is probably the first thing that most appliance creators will have to do is to format a new media before it is usable by OpenSolaris. Now to make a disk usable by OpenSolaris (on x86/x64 platforms) two things needs to be done, one a primary Solaris partition needs to be created using fdisk and then a regular Solaris VTOC needs to be initialized on the Solaris partition. While the experience is bit easier with the interactive option of the commands, putting it in a script can be challenging.

Fortunately fdisk has -B option. From the man page:

    -B
         Default to one Solaris partition  that  uses  the  whole
         disk. On an x86 machine, if the disk is larger than 2 TB
         (terabytes), the default size of the  Solaris  partition
         will be limited to 2 TB.

Hence I could use the following easily in my script:

fdisk -n -B /dev/rdsk/${INSTALLDISK}p0

Unfortunately I saw no such option for fmthard. Infact it made it more difficult since you need to enter the geometry information of the target disk. I took the easy way out by finding the same for the default VirtualBox disk size which is 16GB and using it as follows:

fmthard -d 0:2:00:48195:33447330 /dev/rdsk/${INSTALLDISK}p0

There are some scripting ways to work this around as Vikram Datta commented on my earlier entry:

  SecCnt=`prtvtoc /dev/rdsk/${INSTALLDISK}p0 | awk '/sectors\\/cylinder/ { print $2 }'`
  LastSect=`prtvtoc /dev/rdsk/${INSTALLDISK}p0 | awk '$1 == "2" { print $5 }'` 
  LastSect=`expr $LastSect - $SecCnt` 
  fmthard -d 0:2:00:${SecCnt}:${LastSect} /dev/rdsk/${INSTALLDISK}p0 
  

But I think it should be as easy as  fdisk.. i.e. doing the following:

fmthard -B /dev/rdsk/${INSTALLDISK}p0

Hence I have filed a new RFE 6829475. I think this RFE is useful not just for my script but in general helps improve usability of the command to a new learner of OpenSolaris.

2. Setting up the ZPool

The next step of creating zpool for the root device was pretty straight forward

zpool create -f rpool ${INSTALLDISK}s0
zfs set compression=on rpool 
zfs create -o mountpoint=legacy rpool/ROOT
zfs create -o mountpoint=$PKG_IMAGE rpool/ROOT/VOSApp
zfs create -V 128M rpool/swap
zfs create -V 16M rpool/dump
zfs create rpool/ROOT/VOSApp/opt
zfs create rpool/ROOT/VOSApp/var
zfs create rpool/export
zpool set bootfs=rpool/ROOT/VOSApp rpool

Here I took liberty of separating out /opt /var into separate dataset so that I can enable zfs snapshots just for "optional" and "variable" data of the applications. This is a point of view of deployment. Your view may be different here.

3. Setting up the packages from OpenSolaris repository

The next step on how to use OpenSolaris repository to install the pacakges. Alex Eremin had great pointers on his blog that I adapted . The initial setup can be easily done by exporting the PKG_IMAGE environment variable to the directory where you are currently mounting the zpool and then using pkg image-create command.

pkg image-create -f -F -a opensolaris.org=http://pkg.opensolaris.org/release $PKG_IMAGE
pkg refresh

Then  I played with the package list over and over again to get a minimal size with most network adapter drivers to get on the internet and all required pacakges to allow "pkg" command to work. Of course this is the piece that took me quite a bit of trial and error to figure out the right mix of pacakges so OpenSolaris does boot up successfully and allow "pkg" to run successfully.

pkg install SUNWcsd 
pkg install SUNWcs 
pkg install SUNWcar SUNWcakr SUNWkvm SUNWos86r SUNWrmodr \\
 SUNWpsdcr SUNWpsdir SUNWcnetr SUNWesu SUNWkey SUNWnfsckr \\
 SUNWnfsc SUNWgss SUNWgssc SUNWbip SUNWbash SUNWloc SUNWsshcu \\
 SUNWsshd SUNWssh SUNWtoo SUNWzfskr SUNWipf SUNWintgige SUNWipkg \\
 SUNWadmr SUNWadmap SUNWPython SUNWperl584core SUNWgrub SUNWxcu6\\
 SUNWxcu4 SUNWgawk SUNWgtar SUNWgnu-coreutils SUNWscp SUNWfmd \\
 SUNWxge SUNWbge SUNWnge SUNWrge SUNWrtls \\
 SUNWixgb SUNWchxge SUNWzfs-auto-snapshot SUNWsolnm

I did realize one thing.. Loading one package at a time with pkg is awfully slow. By putting all the packages within one line (except for SUNWcsd and SUNWcs) I could cut down the time from hours to minutes. This was my "Eureka" moment when I could install the packages to a bare-metal .. well a bare-virtualbox VDI within 10 minutes.

4. Setting up the SMF Database on the system

cp $PKG_IMAGE/lib/svc/seed/global.db $PKG_IMAGE/etc/svc/repository.db
chmod 0600 $PKG_IMAGE/etc/svc/repository.db
chown root:sys $PKG_IMAGE/etc/svc/repository.db
# setup smf profiles
ln -s ns_files.xml $PKG_IMAGE/var/svc/profile/name_service.xml
ln -s generic_limited_net.xml $PKG_IMAGE/var/svc/profile/generic.xml
ln -s inetd_generic.xml $PKG_IMAGE/var/svc/profile/inetd_services.xml
ln -s platform_none.xml $PKG_IMAGE/var/svc/profile/platform.xml
# Set the environment variables for svccfg.
SVCCFG_DTD=${PKG_IMAGE}/usr/share/lib/xml/dtd/service_bundle.dtd.1
SVCCFG_REPOSITORY=${PKG_IMAGE}/etc/svc/repository.db
SVCCFG=/usr/sbin/svccfg
export SVCCFG_DTD SVCCFG_REPOSITORY SVCCFG
${SVCCFG} import ${PKG_IMAGE}/var/svc/manifest/milestone/sysconfig.xml 

Again this is one area I think OpenSolaris can improve a bit. It does some amount of research (google, Alex Eremin) before understanding how to set it up properly. (But then I am not a kernel engineer.)

5. Other Miscellaneous but important stuff to get a bootable system

The following are basically hacks in some ways to get to a bootable system. 

# Set TimeZone 
echo "$TIMEZONE" >⁞ $PKG_IMAGE/etc/TIMEZONE
echo $HOSTNAME > $PKG_IMAGE/etc/nodename 
# configure our new /etc/vfstab
printf "rpool/ROOT/VOSApp -\\t/\\t\\tzfs\\t-\\tno\\t-\\n" >> $PKG_IMAGE/etc/vfstab
printf "/dev/zvol/dsk/rpool/swap\\t-\\t-\\t\\tswap\\t-\\tno\\t-\\n" >> $PKG_IMAGE/etc/vfstab
chmod a+r $PKG_IMAGE/etc/vfstab
# turn off root as a role
printf "/\^root::::type=role;\\ns/\^root::::type=role;/root::::/\\nw" |\\
ed -s $PKG_IMAGE/etc/user_attr
# Edit etc/ssh/sshd_config to allow ssh to root account
printf "/\^PermitRootLogin no\\ns/\^PermitRootLogin no/PermitRootLogin yes/\\nw" |\\
ed -s ${PKG_IMAGE}/etc/ssh/sshd_config 
# Generate ssh keys
ssh-keygen -t dsa -f $PKG_IMAGE/etc/ssh/ssh_host_dsa_key -N ''
ssh-keygen -t rsa -f $PKG_IMAGE/etc/ssh/ssh_host_rsa_key -N ''

6. Finally the boot archive and  grub

# configure /dev in the new image
devfsadm -R $PKG_IMAGE
bootadm update-archive -R $PKG_IMAGE
$PKG_IMAGE/boot/solaris/bin/update_grub -R $PKG_IMAGE
# For zfs root, menu.lst has moved to /rpool/boot/grub/menu.lst. # 
# create the new real grub menu
cat <⁞<-EOF > /rpool/boot/grub/menu.lst
default 0
timeout 10
splashimage /boot/grub/splash.xpm.gz
title  Appliance based on OpenSolaris 2008.11 
findroot (pool_rpool,0,a)
bootfs rpool/ROOT/VOSApp
kernel\\$ /platform/i86pc/kernel/\\$ISADIR/unix  -B \\$ZFS-BOOTFS
module\\$ /platform/i86pc/\\$ISADIR/boot_archive
EOF
# make the grub menu files readable by everyone.
chmod a+r $PKG_IMAGE/boot/grub/menu.lst
chmod a+r /rpool/boot/grub/menu.lst
# setup /etc/bootsign so that grub can find this zpool
dir -p /rpool/etc>
echo pool_rpool > /rpool/etc/bootsign
zfs set mountpoint=/ rpool/ROOT/VOSApp
zfs set compression=off rpool 


Hope this makes it easier for  someone thinking of making their own appliances based on OpenSolaris.

NOTE: There was fair number of people who did download the images. I did accidently lose the OpenSolaris image once after it was downloaded 75 times.  But you can track the images directly at mediacast.sun.com/tags/appliance



Comments:

Great job!

We have another Leasons Leared:

1. Putting all packages in IPG command line have limitation of Solaris 2KB CMD line buffer.

We allready escalate this to ipkg-core team, solutions can be to have file option with file of packages list ?

2. Try to make your blog tempalte to grow by widht on larger screans, readers will be after able better read longer and larger commands which are often used in Virtualization related topics.

Posted by VirtualGuru on April 15, 2009 at 10:09 PM EDT #

I suggest a "--no-refresh" be added to the pkg install command line. That's likely the reason it was taking too long to install.
Something like this:

PKGINST="pkg install -v --no-refresh"
$PKGINST SUNWrmodr SUNWkey ...

Posted by marcelo on April 16, 2009 at 01:59 AM EDT #

Great and thanks.

Posted by stradi on April 16, 2009 at 02:12 AM EDT #

No --no-index will help only to extend then resulted disk image can be poteitialy smaller. Main reason why this parameter is used in Installer is size, this param will cost you more memory usage.

IPS can be very memory consuming, if it is used in "all one cmd mode". If your instalation is slow, first check if you OS in VM is not swaping.

Second, Recomended and Suported way to speed up IPS installations is to limit network issues, this mean use a IPS local content mirror, in Sun they are allready pre-setup as services and for more IPS experimenting outside sun I recomned to look in IPS docs how to set up local one outside SUN (Basicaly run your onwn IPS REPO with Rsynced comtemt from public Sun IPS REPO service).

Posted by VirtualGuru on April 16, 2009 at 03:42 AM EDT #

Once I need work from home and I create this fully local OpenSolaris 2008.11 IPS repo creation script, see more in:

Home No-Network needed OpenSolaris Live-CD IPS REPO full mirror
http://blogs.sun.com/VirtualGuru/entry/home_no_network_needed_opensolaris

Posted by VirtualGuru on April 16, 2009 at 07:50 AM EDT #

Yes this is useful. Now all I need is a viable business case. :)

Posted by Kristofer on April 18, 2009 at 11:56 AM EDT #

Hi Kristofer, we allready working on Business side for about a year, see Virtual Apllinces as wikis.sun.com/display/Appliance/Virtual+Appliances (Search on google wikis sun Virtual Appliances)

Posted by VirtualGuru on April 21, 2009 at 12:11 AM EDT #

I added Java, Apache, and Tomcat to the base packages:

# pkg install SUNWapch22 SUNWj6dev SUNWj6rt SUNWtcat

My attempt to enable the Tomcat service fails:

# ${SVCCFG} -s svc:/network/http:tomcat6 setprop general/enabled=true

I know the Tomcat service is new to 2009.06. Is this a problem with the Tomcat package or an exception to how you configure other services?

Posted by Justin on April 27, 2009 at 11:31 AM EDT #

For the 2008.11 release (on which this OVF is based) tomcat can be configured as follows:

# cp /var/apache/tomcat/conf/server.xml-example /var/apache/tomcat/conf/server.xml

# /usr/apache/tomcat/bin/startup.sh

I haven't tried the 2009.06 SMF manifest to see what it does yet.

-Jignesh

Posted by Jignesh Shah on April 27, 2009 at 02:14 PM EDT #

htjuty

Posted by fhtu on May 06, 2009 at 01:36 AM EDT #

Post a Comment:
Comments are closed for this entry.
About

Jignesh Shah is Principal Software Engineer in Application Integration Engineering, Oracle Corporation. AIE enables integration of ISV products including Oracle with Unified Storage Systems. You can also follow me on my blog http://jkshah.blogspot.com

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today