Click to edit the title text formatClick to edit Master · Install DVD Install CD + pkg repository...
Transcript of Click to edit the title text formatClick to edit Master · Install DVD Install CD + pkg repository...
2 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Click to edit the title text formatClick to edit Master title style
IPS – Packaging for Oracle Solaris 11
Wenlong Zhang
Senior Sales Consultant
Agenda • Requirements and Ideas • Updates & Upgrades
• Boot Environments • SRUs
• Deploying at Scale • IPS Repository Mirrors • Automated Installer • System Configuration • Zones
• Additional Transition Tools and Resources
Requirements and Big Ideas - Packaging
• Updates & upgrades must be fast, reliable, reversible • Updates should be package updates, not patches • Packages dependencies should be handled automatically • Packages should be network-based • Image minimization should be easy • Seamless integration with Zones is required • Deliver practically identical experience
on SPARC, x86
Plan
Deploy
Test
Use
Maintain
Update
Requirements and Big Ideas - Install
• Low initial investment, great scalability for deployment – Ease-of-use is a priority for all features
• Deployment must be well-integrated with best practices, overall user experience – Limit install-specific features, knowledge
• Integrated deployment of Zones is required • Leverage existing Solaris strengths
Plan
Deploy
Test
Use
Maintain
Update
Install, packaging and patching – an integrated design.
Simplified architecture+ Improved automation+ Improved safety+ Improved flexibility+ Improved integration
= Better user experience
• No longer a collection of independent parts
On a Large Scale
Image Packaging System – IPS
• Networked package repositories• Cryptographically verified• Complete set of tools
• Package, version, and distribute your internal applications
• Easy to pilot and automate• Best practice is the default practice• Can’t stray off track
• Change Management Built for the Enterprise
7
Lightning fast updates
Rosetta Stone for Oracle Solaris 10 Users
Oracle Solaris 10 Oracle Solaris 11 SVR4 Packages IPS Packages Install DVD Install CD + pkg repository Live Upgrade Boot Environments Upgrade from installer pkg(1), Update Manager JumpStart Automated Installer (AI) JumpStart Profiles AI manifests
Blueprints for custom DVD's Distribution Constructor
Agenda • Requirements and Ideas • Updates & Upgrades
• Boot Environments • SRUs
• Deploying at Scale • IPS Repository Mirrors • Automated Installer • System Configuration • Zones
• Additional Transition Tools and Resources
Safe Upgrades “in a snap” • ZFS Boot Environments Benefits – No initial investment – Updates are applied to a file system clone, no
interruption – Reboot into upgraded environment when you’re
ready – Trivial roll-back if failure occurs – Integrated, enforced best practice for safety
• Fast reboot reduces maintenance windows • Excellent for recovery purposes
Active BE
Active BE New BE
Active BE Updated BE
Boot Environments • Make updates safe, reliable, recoverable • Different from/simpler than Solaris 10 Live Upgrade – Takes advantage of ZFS – Use liberally as an administrative safety net
• Managed by beadm(1M), functionality includes: – List – Activate, Rename – Create, Destroy – Mount, Unmount
beadm(1) Utility Create a new boot environment based on the active boot environment Create a new boot environment based on an inactive boot environment Create a snapshot of an existing boot environment Create a new boot environment based on an existing snapshot Create a new boot environment, and copy it to a different zpool Create a new boot environment and add a custom title to the x86 GRUB menu or the SPARC boot menu Activate an existing, inactive boot environment Mount a boot environment Unmount a boot environment Destroy a boot environment Destroy a snapshot of a boot environment Rename an existing, inactive boot environment Display information about your boot environment snapshots and datasets
Listing Boot Environments {badboy} beadm list BE Active Mountpoint Space Policy Created -- ------ ---------- ----- ------ ------- b-140 - - 11.51M static 2010-05-26 12:47 b-141 - - 11.98M static 2010-06-10 15:40 b-142 - - 10.14M static 2010-06-24 08:05 b-143 - - 13.85M static 2010-07-12 09:47 b-144 - - 1.48G static 2010-07-22 12:09 b-145 - - 14.64M static 2010-08-03 22:23 b-146 - - 10.43M static 2010-08-20 15:31 b-147 - - 12.29M static 2010-09-06 19:28 b-148 - - 13.11M static 2010-09-23 17:05 b-149 - - 14.49M static 2010-09-30 18:53 b-150 - - 11.83M static 2010-10-15 10:32 b-151 - - 130.94M static 2010-11-15 10:10 b-152 NR / 56.03G static 2010-11-17 16:32
Live Upgrade -> Boot Environments
Oracle Solaris 10 Oracle Solaris 11 Description lucreate –n newBE beadm create newBE Create a new BE lustatus beadm list Display BE info
luactivate newBE beadm activate newBE Activate a BE
ludelete BE beadm destroy BE Destroy an inactive BE luupgrade or patchadd pkg update Upgrade or update a BE
pkg(1) • To install an individual package:
pkg install communication/im/pidgin • To check for individual updates:
pkg info –r communication/im/pidgin • To update an individual package:
pkg update communication/im/pidgin • “Test Run” an image update:
pkg update –nv • Update (all packages, or the complete image):
pkg update
Oracle Solaris 11 Lifecycle Management Improved updates with IPS
• 4X Faster upgrades typical • Create ZFS boot environment to safely apply updates • Full dependency check of packages, crypto verified, auditable • Reboot updated ZFS boot environment
New Security Patch
6:00: pkg update
6:00-6:02: Dependency checks, patch/update planning
6:02-6:04: New boot environment created, updates downloaded and applied
6:04-6:06: reboot up and running again
Maintenance window: 6-7pm
Boot Environments in Non-global Zones
• BE's automatically include installed/attached zones • Zone BE is linked to a global zone BE • Multiple zone BE's can be linked to a single
global zone BE • Zone administrator can create, mount, activate BE's – Active BE is within the context of the active global zone BE
Agenda • Requirements and Ideas • Updates & Upgrades
• Boot Environments • SRUs
• Deploying at Scale • IPS Repository Mirrors • Automated Installer • System Configuration • Zones
• Additional Transition Tools and Resources
Maintenance Updates for Oracle Solaris 11
• Oracle customers with an active Oracle support plan have access to the support package repository
• Register for the support repository at • http://pkg-register.oracle.com
• SRU = Support Repository Update • Future Oracle Solaris 11 Releases • will be available in the support repository or a release
repository that provides the currently available OS
Agenda • Requirements and Ideas • Updates & Upgrades
• Boot Environments • SRUs
• Deploying at Scale • IPS Repository Mirrors • Automated Installer • System Configuration • Zones
• Additional Transition Tools and Resources
Local IPS Repositories
• Reasons for a local package repository • Security and Performance • Consistency and Replication • Custom Packages
• Two Types of Repositories:
Origin Mirror
Create a Local IPS Repositories
• Copy From Internet: • pkgrepo create /export/repoSolaris11
• pkgrecv -s http://pkg.oracle.com/solaris11/release/ -d /export/repoSolaris11 '*’
• Copy From File: • Get file, and unzip and cat (if necessary) • lofiadm -a /export/repo2010_11/ sol-11-repo-full.iso
• mount -F hsfs /dev/lofi/1 /mnt • rsync -aP /mnt/repo /export/repoSolaris11 or
cd /mnt/repo; tar cf - . | (cd /export/repoSolaris11; tar xfp -) • umount /mnt
• lofiadm -d /dev/lofi/1
Agenda • Requirements and Ideas • Updates & Upgrades
• Boot Environments • SRUs
• Deploying at Scale • IPS Repository Mirrors • Automated Installer • System Configuration • Zones
• Additional Transition Tools and Resources
Automated Installation (AI) • Reduce initial and ongoing costs of deploying Solaris-
based software stack • Leverages ZFS, SMF, IPS features to provide enhanced
features vs. JumpStart – Reduces need for third-party or customer-developed extensions – Most scripting moved to first-boot SMF services
• Integrated, seamless Zones deployment • WAN-capable design provides operational flexibility • Designed to be manageable and observable – installadm(1M) provides one-stop management interface
Basic Flow of Automated Installation
Agenda • Requirements and Ideas • Updates & Upgrades
• Boot Environments • SRUs
• Deploying at Scale • IPS Repository Mirrors • Automated Installer • System Configuration • Zones
• Additional Transition Tools and Resources
New System Configuration Framework & UI • Replaces sysidtool/sysidcfg/sys-unconfig • sysconfig(1m) interactive UI – configure, unconfigure, create-profile subcommands
• Interactive tool provides basic, required system configuration. UI similar to Text Installer.
• Profiles can configure any SMF service property • sysconfig unconfigure reverts the properties
configured by the interactive UI to shipped defaults – --destructive option requests more complete cleanup, e.g.
deleting initial user account's home directory
System Configuration Profiles
• Common parameters available in Oracle Solaris 11: – User account, including RBAC roles, profiles and sudo – Root user: password, role/normal – Timezone, locale – Hostname – Console terminal type, keyboard layout – IPv4 and/or IPv6 interface, default route – DNS, NIS, LDAP clients – Name service switch
Agenda • Requirements and Ideas • Updates & Upgrades
• Boot Environments • SRUs
• Deploying at Scale • IPS Repository Mirrors • Automated Installer • System Configuration • Zones
• Additional Transition Tools and Resources
Deploying Zones with AI • Zones can be specified in the AI manifest <configuration type=”zone” name=”zone1” source=”http://server/zone1/config”/> <configuration type=”zone” name=”zone2” source=”file:///net/server/zone2/config”/>
• config file is the zone's configuration file as output from “zonecfg export” • Automatically installed on first boot of the global zone
svc:/system/zones-install:default
Deploying Zones with AI (2) • Use zonename criterion to associate manifests and
profiles with a zone # installadm create-manifest -n S11-x86 -f /tmp/zmanifest.xml -c zonename=”zone1 zone2”
# installadm create-profile -n S11-x86 -f /tmp/zprofile1.xml -c zonename=”zone1”
# installadm create-profile -n S11-x86 -f /tmp/zprofile2.xml -c zonename=”zone2”
Deploying Zones with AI (3) • AI is also used when installing non-global zones from
existing global zone • Default manifest is
/usr/share/auto_install/manifest/zone_default.xml
• Default profile enables interactive system configuration during first boot • Provide alternate manifest and/or profile with # zoneadm -z <zone> install -m <manifest> -c <profile>
Agenda • Requirements and Ideas • Updates & Upgrades
• Boot Environments • SRUs
• Deploying at Scale • IPS Repository Mirrors • Automated Installer • System Configuration • Zones
• Additional Transition Tools and Resources
JumpStart to AI Mapping
JumpStart Automated Installation
setup_install_server installadm create-service
add_install_client installadm create-client
JumpStart profile & rules AI manifest & criteria
sysidcfg file SMF configuration profile
Begin script Derived Manifests, custom images from Distribution Constructor
Finish script pkg actions, First-boot SMF services
Steps to Convert from Solaris 10 JumpStart • Deploy S11 server instance to host AI service – Use as JumpStart server as well
• Translate rules to criteria • Translate profiles to manifests • Translate sysidcfg to SMF profile • Publish manifests and profiles to AI service • Convert finish scripts to SMF service(s) • Publish SMF service package to IPS repository
js2ai JumpStart to AI translation tool
• Automatically converts existing JumpStart rules, profiles, sysidcfg files to AI equivalents • Conversion is best-effort, with instructions on issues
that need manual resolution • Result is a directory hierarchy with AI profiles, system
config manifests, log of the tool's actions • See js2ai(1m)
Distribution Constructor (DC) • Tool to easily construct installation images and virtual
machine images – Used by Solaris engineering to build the product
• Use DC to build AI (or interactive install) images customized with additional drivers or services
• XML manifest (similar to AI) specifies construction • Checkpoint/resume feature nicely leverages ZFS! • Fully extensible – plug your own customizations into build
process • See distro_const(1M) for more information
Building and Using a Custom AI Boot Image
• Install Distribution Constructor – pkg install distribution-constructor
• Copy base AI image manifest, customize – Basic SPARC manifest at /usr/share/distro_const/auto_install/ai_sparc_image.xml
• Build the image: – distro_const build my_ai_image.xml
• Deploy to AI service: – installadm create-service ...
Q&A
49 Copyright © 2011, Oracle and/or its affiliates. All rights