oraclesolaris11ipsai5!12!120523112131 phpapp01

1 Copyright © 2011, Oracle and/or its affiliates. All rights

reserved.

Manage You Deployments With The Image Packaging System And The Automated Installer

Michael Fitzgerald

Principal Solutions Consultant

Oracle Solaris 11


reserved.

Agenda

• Requirements and Ideas

• Updates & Upgrades

• Boot Environments

• SRUs

• Deploying at Scale

• IPS Repository Mirrors

• Automated Installer

• System Configuration

• Zones

• Additional Transition Tools and Resources


reserved.

Requirements and Big Ideas - Packaging

• Updates & upgrades must be fast, reliable, reversible

• Updates should be package updates, not patches

• Packages dependencies should be handled automatically

• Packages should be network-based

• Image minimization should be easy

• Seamless integration with Zones is required

• Deliver practically identical experience

on SPARC, x86

Plan

Deploy

Test

Use

Maintain

Update


reserved.

Requirements and Big Ideas - Install

• Low initial investment, great scalability for deployment

– Ease-of-use is a priority for all features

• Deployment must be well-integrated with best practices,

overall user experience

– Limit install-specific features, knowledge

• Integrated deployment of Zones is required

• Leverage existing Solaris strengths

Plan

Deploy

Test

Use

Maintain

Update


reserved.

Value-engineering in Installation, Configuration

Simplified architecture

+ Improved automation

+ Improved safety

+ Improved flexibility

+ Improved integration

= Better user experience

No longer a sum of independent parts

On a Large Scale


reserved.

Rosetta Stone for Oracle Solaris 10 Users

Oracle Solaris 10 Oracle Solaris 11

SVR4 Packages IPS Packages

Install DVD Install CD + pkg repository

Live Upgrade Boot Environments

Upgrade from installer pkg(1), Update Manager

JumpStart Automated Installer (AI)

JumpStart Profiles AI manifests

Blueprints for custom DVD's Distribution Constructor


reserved.

Agenda




• SRUs





• Zones



reserved.

Safe Upgrades “in a snap”

• ZFS Boot Environments Benefits

– No initial investment

– Updates are applied to a file system clone, no

interruption

– Reboot into upgraded environment when you’re

ready

– Trivial roll-back if failure occurs

– Integrated, enforced best practice for safety

• Fast reboot reduces maintenance windows

• Excellent for recovery purposes

Active BE

Active BE

New BE

Active BE

Updated BE


reserved.

Boot Environments

• Make updates safe, reliable, recoverable

• Different from/simpler than Solaris 10 Live Upgrade

– Takes advantage of ZFS

– Use liberally as an administrative safety net

• Managed by beadm(1M), functionality includes:

– List

– Activate, Rename

– Create, Destroy

– Mount, Unmount


reserved.

beadm(1) Utility

Create a new boot environment based on the active boot environment

Create a new boot environment based on an inactive boot environment

Create a snapshot of an existing boot environment

Create a new boot environment based on an existing snapshot

Create a new boot environment, and copy it to a different zpool

Create a new boot environment and add a custom title to the

x86 GRUB menu or the SPARC boot menu

Activate an existing, inactive boot environment

Mount a boot environment

Unmount a boot environment

Destroy a boot environment

Destroy a snapshot of a boot environment

Rename an existing, inactive boot environment

Display information about your boot environment snapshots and datasets


reserved.

Listing Boot Environments {badboy} beadm list

BE Active Mountpoint Space Policy Created

-- ------ ---------- ----- ------ -------

b-140 - - 11.51M static 2010-05-26 12:47

b-141 - - 11.98M static 2010-06-10 15:40

b-142 - - 10.14M static 2010-06-24 08:05

b-143 - - 13.85M static 2010-07-12 09:47

b-144 - - 1.48G static 2010-07-22 12:09

b-145 - - 14.64M static 2010-08-03 22:23

b-146 - - 10.43M static 2010-08-20 15:31

b-147 - - 12.29M static 2010-09-06 19:28

b-148 - - 13.11M static 2010-09-23 17:05

b-149 - - 14.49M static 2010-09-30 18:53

b-150 - - 11.83M static 2010-10-15 10:32

b-151 - - 130.94M static 2010-11-15 10:10

b-152 NR / 56.03G static 2010-11-17 16:32


reserved.

More Fun with beadm {badboy} beadm activate b-151

{badboy} beadm mount b-151 /tmp/mnt

{badboy} beadm list

BE Active Mountpoint Space Policy Created

-- ------ ---------- ----- ------ -------

b-140 - - 11.51M static 2010-05-26 12:47

b-141 - - 11.98M static 2010-06-10 15:40

b-142 - - 10.14M static 2010-06-24 08:05

b-143 - - 13.85M static 2010-07-12 09:47

b-144 - - 1.48G static 2010-07-22 12:09

b-145 - - 14.64M static 2010-08-03 22:23

b-146 - - 10.43M static 2010-08-20 15:31

b-147 - - 12.29M static 2010-09-06 19:28

b-148 - - 13.11M static 2010-09-23 17:05

b-149 - - 14.49M static 2010-09-30 18:53

b-150 - - 11.83M static 2010-10-15 10:32

b-151 R /tmp/mnt 53.82G static 2010-11-15 10:10

b-152 N / 1.71G static 2010-11-17 16:32


reserved.

Live Upgrade -> Boot Environments

Oracle Solaris 10 Oracle Solaris 11 Description

lucreate –n newBE beadm create newBE Create a new BE

lustatus beadm list Display BE info

luactivate newBE beadm activate newBE Activate a BE

ludelete BE beadm destroy BE Destroy an inactive BE

luupgrade or patchadd pkg update Upgrade or update a BE


reserved.

pkg(1)

• To install an individual package: pkg install communication/im/pidgin

• To check for individual updates: pkg info –r communication/im/pidgin

• To update an individual package: pkg update communication/im/pidgin

• “Test Run” an image update: pkg update –nv

• Update (all packages, or the complete image): pkg update


reserved.

Oracle Solaris 11 Lifecycle Management Improved updates with IPS

• 4X Faster upgrades typical

• Create ZFS boot environment to safely apply updates

• Full dependency check of packages, crypto verified, auditable

• Reboot updated ZFS boot environment

New Security

Patch

6:00: pkg update

6:00-6:02: Dependency checks,

patch/update planning

6:02-6:04: New boot environment created,

updates downloaded and applied 6:04-6:06: reboot

up and running again

Maintenance window: 6-7pm


reserved.

Boot Environments in Non-global Zones

• BE's automatically include installed/attached zones

• Zone BE is linked to a global zone BE

• Multiple zone BE's can be linked to a single

global zone BE

• Zone administrator can create, mount, activate BE's

– Active BE is within the context of the active global zone BE


reserved.

Agenda




• SRUs





• Zones



reserved.

Maintenance Updates for Oracle Solaris 11

• Oracle customers with an active Oracle support plan have

access to the support package repository

• Register for the support repository at

• http://pkg-register.oracle.com

• SRU = Support Repository Update

• Future Oracle Solaris 11 Releases

• will be available in the support repository or a release

repository that provides the currently available OS


reserved.

Agenda




• SRUs





• Zones



reserved.

Local IPS Repositories

• Reasons for a local package repository

• Security and Performance

• Consistency and Replication

• Custom Packages

• Two Types of Repositories:

Origin Mirror


reserved.

Create a Local IPS Repositories

• Copy From Internet: • pkgrepo create /export/repoSolaris11

• pkgrecv -s http://pkg.oracle.com/solaris11/release/ -d /export/repoSolaris11 '*’

• Copy From File: • Get file, and unzip and cat (if necessary)

• lofiadm -a /export/repo2010_11/ sol-11-repo-full.iso

• mount -F hsfs /dev/lofi/1 /mnt

• rsync -aP /mnt/repo /export/repoSolaris11 or

cd /mnt/repo; tar cf - . | (cd /export/repoSolaris11; tar xfp -)

• umount /mnt

• lofiadm -d /dev/lofi/1


reserved.

Agenda




• SRUs





• Zones



reserved.

Automated Installation (AI)

• Reduce initial and ongoing costs of deploying Solaris-

based software stack

• Leverages ZFS, SMF, IPS features to provide enhanced

features vs. JumpStart

– Reduces need for third-party or customer-developed extensions

– Most scripting moved to first-boot SMF services

• Integrated, seamless Zones deployment

• WAN-capable design provides operational flexibility

• Designed to be manageable and observable

– installadm(1M) provides one-stop management interface


reserved.

AI Terminology

• Client – physical or virtual machine to be installed

• Manifest – XML specification of installation (storage layout,

software payload)

• Profile – SMF profile to pre-configure system services

• Service – server infrastructure needed to network boot an

installation client

• Criteria – mapping of clients to services, manifests and profiles

• Repository – IPS package repository

• “Bootable AI” - service-less AI boot from media

– Manifest included on media or downloaded from network location


reserved.

Basic Flow of Automated Installation


reserved.

Static Manifests

• Default manifest provided with service

– Installs solaris-large-server package set from Oracle's Solaris

repository to firmware-designated boot disk

– Sysconfig invoked automatically at first boot to interactively configure

basic system

• Manifest specifies:

– Package repositories and lists; major group packages: solaris-small-

server, solaris-large-server, solaris-desktop

– Target disk: choose by device path, volume id, type, vendor, size,

container/receptacle/occupant (CRO) label; ZFS configuration

– Locales are installed/removed using package facets; all locales are

installed by default


reserved.

Derived Manifests

• Dynamically generate manifest in a script

• Scales AI management by reducing number of manifests

maintained by administrators

• Most effective model is to load template manifest, modify

specific elements

• Script uses the aimanifest(1M) command as interface

to generate AI manifest

• Generated manifest located on the client at:

/system/volatile/manifest.xml


reserved.

Agenda




• SRUs





• Zones



reserved.

New System Configuration Framework & UI

• Replaces sysidtool/sysidcfg/sys-unconfig

• sysconfig(1m) interactive UI

– configure, unconfigure, create-profile subcommands

• Interactive tool provides basic, required system

configuration. UI similar to Text Installer.

• Profiles can configure any SMF service property

• sysconfig unconfigure reverts the properties

configured by the interactive UI to shipped defaults

– --destructive option requests more complete cleanup, e.g.

deleting initial user account's home directory


reserved.

System Configuration Profiles

• Common parameters available in Oracle Solaris 11:

– User account, including RBAC roles, profiles and sudo

– Root user: password, role/normal

– Timezone, locale

– Hostname

– Console terminal type, keyboard layout

– IPv4 and/or IPv6 interface, default route

– DNS, NIS, LDAP clients

– Name service switch


reserved.

Creating a Configuration Profile with sysconfig

• Easiest starting point

# sysconfig create-profile -o myprofile.xml

• Runs the sysconfig UI, places output into specified profile

• Edit further to add properties not configured by sysconfig


reserved.

Agenda




• SRUs





• Zones



reserved.

Deploying Zones with AI

• Zones can be specified in the AI manifest <configuration type=”zone” name=”zone1”

source=”http://server/zone1/config”/>

<configuration type=”zone” name=”zone2”

source=”file:///net/server/zone2/config”/>

• config file is the zone's configuration file as output

from “zonecfg export”

• Automatically installed on first boot of the global zone

svc:/system/zones-install:default

http://server/zone1/config

/net/server/zone2/config


reserved.

Deploying Zones with AI (2)

• Use zonename criterion to associate manifests and

profiles with a zone # installadm create-manifest -n S11-x86 -f /tmp/zmanifest.xml

-c zonename=”zone1 zone2”

# installadm create-profile -n S11-x86 -f /tmp/zprofile1.xml

-c zonename=”zone1”

# installadm create-profile -n S11-x86 -f /tmp/zprofile2.xml

-c zonename=”zone2”


reserved.

Deploying Zones with AI (3)

• AI is also used when installing non-global zones from

existing global zone

• Default manifest is

/usr/share/auto_install/manifest/zone_default.xml

• Default profile enables interactive system

configuration during first boot

• Provide alternate manifest and/or profile with # zoneadm -z <zone> install -m <manifest> -c <profile>


reserved.

Agenda




• SRUs





• Zones



reserved.

JumpStart to AI Mapping

JumpStart Automated Installation

setup_install_server installadm create-service

add_install_client installadm create-client

JumpStart profile & rules AI manifest & criteria

sysidcfg file SMF configuration profile

Begin script Derived Manifests, custom images from Distribution Constructor

Finish script pkg actions, First-boot SMF services


reserved.

Steps to Convert from Solaris 10 JumpStart

• Deploy S11 server instance to host AI service

– Use as JumpStart server as well

• Translate rules to criteria

• Translate profiles to manifests

• Translate sysidcfg to SMF profile

• Publish manifests and profiles to AI service

• Convert finish scripts to SMF service(s)

• Publish SMF service package to IPS repository


reserved.

js2ai JumpStart to AI translation tool

• Automatically converts existing JumpStart rules,

profiles, sysidcfg files to AI equivalents

• Conversion is best-effort, with instructions on issues

that need manual resolution

• Result is a directory hierarchy with AI profiles, system

config manifests, log of the tool's actions

• See js2ai(1m)


reserved.

Distribution Constructor (DC)

• Tool to easily construct installation images and virtual

machine images

– Used by Solaris engineering to build the product

• Use DC to build AI (or interactive install) images

customized with additional drivers or services

• XML manifest (similar to AI) specifies construction

• Checkpoint/resume feature nicely leverages ZFS!

• Fully extensible – plug your own customizations into build

process

• See distro_const(1M) for more information


reserved.

Building and Using a Custom AI Boot Image

• Install Distribution Constructor – pkg install distribution-constructor

• Copy base AI image manifest, customize

– Basic SPARC manifest at /usr/share/distro_const/auto_install/ai_sparc_image.xml

• Build the image: – distro_const build my_ai_image.xml

• Deploy to AI service:

– installadm create-service ...


reserved.

Technical Article Available

• “How To Create a Customized Oracle Solaris 11

Image Using the Distribution Constructor”

• http://www.oracle.com/technetwork/articles/servers-storage-admin/o11-

087-sol11-dist-const-496819.html


reserved.

• “Transitioning From Oracle Solaris 10 JumpStart to

Oracle Solaris 11 Automated Installer”

• http://docs.oracle.com/cd/E23824_01/html/E21799/index.html

Documentation Available


reserved.

Technical Article Available

• “How to Perform System Archival and Recovery

Procedures with Oracle Solaris 11”

• http://www.oracle.com/technetwork/articles/servers-storage-admin/o11-

091-sol-dis-recovery-489183.html


reserved.

Summary


reserved.

Simplified Administration, Service Provisioning


reserved.

Summary

• Oracle Solaris 11 deployment is different from Solaris 10

– Little required customization work to start deploying

– Powerful, stable, supported capabilities for those who need to

customize

• Transition documentation, tools are provided

• Feature set will expand & evolve

• Boot Environments allow for fast, efficient, and fool-

proof software upgrades


reserved.

For More Information / Try Out Today

• Product overview and download

– oracle.com/solaris

• Oracle Technology Network

– oracle.com/technetwork/server-storage/solaris11

• System administrators community

– oracle.com/technetwork/systems

• @ORCL_Solaris

• facebook.com/oraclesolaris

• Oracle Solaris Insider

48


reserved.


reserved.

One Installation Engine; Three Installers

• Each with its own features and capabilities

• Each delivering its own benefits for specific needs

• Interactive

• Live Media – Desktop, GUI tools

• Text Installer – “Headless” servers

• Automated

• Automated Installer – Large-scale deployments

• Distribution Constructor lets you build your own

installation media, behaving like any of these categories


reserved.

Two types of interactive installers

• 1 - Text-based UI for server systems (SPARC & x86)

• 2 - GUI for x86 desktop/laptop systems

• Principle: Install fixed software payload with basic

configuration, customize after installation

– GUI installs desktop/laptop-appropriate software (solaris-desktop group package), automatic network configuration

– Text installer installs server-appropriate software (solaris-large-server group package), choice of automatic or

manual network & name service configuration

• Both provide configuration of initial user account, with

administrative privileges via sudo


reserved.

Two types of interactive installers

Text-based Install

Live Media GUI Install

oraclesolaris11ipsai5!12!120523112131 phpapp01

Documents

oracle andor

users oracle solaris

updates safe

reversible updates

initial investment updates

snap zfs boot environments

installer pkg1

svr4 packages ips packages