1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Manage You Deployments With The Image Packaging System And The Automated Installer David Miner Senior Principal Software Engineer, Solaris Oracle Solaris 11
May 13, 2015
1 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Manage You Deployments With The Image Packaging System And The Automated Installer
David Miner
Senior Principal Software Engineer, Solaris
Oracle Solaris 11
2 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
2 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
The following is intended to outline our general product direction. It is intended
for information purposes only, and may not be incorporated into any contract. It
is not a commitment to deliver any material, code, or functionality, and should
not be relied upon in making purchasing decisions. The development, release,
and timing of any features or functionality described for Oracle ’s products
remains at the sole discretion of Oracle.
3 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Agenda
• Requirements and Ideas
• Updates & Upgrades
• Boot Environments
• SRUs
• Deploying at Scale
• IPS Repository Mirrors
• Automated Installer
• System Configuration
• Zones
• Additional Transition Tools and Resources
4 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Requirements and Big Ideas - Packaging
• Updates & upgrades must be fast, reliable, reversible
• Updates should be package updates, not patches
• Packages dependencies should be handled automatically
• Packages should be network-based
• Image minimization should be easy
• Seamless integration with Zones is required
• Deliver practically identical experience
on SPARC, x86
Plan
Deploy
Test
Use
Maintain
Update
5 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Requirements and Big Ideas - Install
• Low initial investment, great scalability for deployment
– Ease-of-use is a priority for all features
• Deployment must be well-integrated with best practices,
overall user experience
– Limit install-specific features, knowledge
• Integrated deployment of Zones is required
• Leverage existing Solaris strengths
Plan
Deploy
Test
Use
Maintain
Update
6 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Value-engineering in Installation, Configuration
Simplified architecture
+ Improved automation
+ Improved safety
+ Improved flexibility
+ Improved integration
= Better user experience
No longer a sum of independent parts
On a Large Scale
7 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Rosetta Stone for Oracle Solaris 10 Users
Oracle Solaris 10 Oracle Solaris 11
SVR4 Packages IPS Packages
Install DVD Install CD + pkg repository
Live Upgrade Boot Environments
Upgrade from installer pkg(1), Update Manager
JumpStart Automated Installer (AI)
JumpStart Profiles AI manifests
Blueprints for custom DVD's Distribution Constructor
8 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Agenda
• Requirements and Ideas
• Updates & Upgrades
• Boot Environments
• SRUs
• Deploying at Scale
• IPS Repository Mirrors
• Automated Installer
• System Configuration
• Zones
• Additional Transition Tools and Resources
9 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Safe Upgrades “in a snap”
• ZFS Boot Environments Benefits
– No initial investment
– Updates are applied to a file system clone, no
interruption
– Reboot into upgraded environment when you’re
ready
– Trivial roll-back if failure occurs
– Integrated, enforced best practice for safety
• Fast reboot reduces maintenance windows
• Excellent for recovery purposes
Active BE
Active BE
New BE
Active BE
Updated BE
10 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Boot Environments
• Make updates safe, reliable, recoverable
• Different from/simpler than Solaris 10 Live Upgrade
– Takes advantage of ZFS
– Use liberally as an administrative safety net
• Managed by beadm(1M), functionality includes:
– List
– Activate, Rename
– Create, Destroy
– Mount, Unmount
11 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
beadm(1) Utility
Create a new boot environment based on the active boot environment
Create a new boot environment based on an inactive boot environment
Create a snapshot of an existing boot environment
Create a new boot environment based on an existing snapshot
Create a new boot environment, and copy it to a different zpool
Create a new boot environment and add a custom title to the
x86 GRUB menu or the SPARC boot menu
Activate an existing, inactive boot environment
Mount a boot environment
Unmount a boot environment
Destroy a boot environment
Destroy a snapshot of a boot environment
Rename an existing, inactive boot environment
Display information about your boot environment snapshots and datasets
12 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Listing Boot Environments{badboy} beadm list
BE Active Mountpoint Space Policy Created
-- ------ ---------- ----- ------ -------
b-140 - - 11.51M static 2010-05-26 12:47
b-141 - - 11.98M static 2010-06-10 15:40
b-142 - - 10.14M static 2010-06-24 08:05
b-143 - - 13.85M static 2010-07-12 09:47
b-144 - - 1.48G static 2010-07-22 12:09
b-145 - - 14.64M static 2010-08-03 22:23
b-146 - - 10.43M static 2010-08-20 15:31
b-147 - - 12.29M static 2010-09-06 19:28
b-148 - - 13.11M static 2010-09-23 17:05
b-149 - - 14.49M static 2010-09-30 18:53
b-150 - - 11.83M static 2010-10-15 10:32
b-151 - - 130.94M static 2010-11-15 10:10
b-152 NR / 56.03G static 2010-11-17 16:32
13 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
More Fun with beadm{badboy} beadm activate b-151
{badboy} beadm mount b-151 /tmp/mnt
{badboy} beadm list
BE Active Mountpoint Space Policy Created
-- ------ ---------- ----- ------ -------
b-140 - - 11.51M static 2010-05-26 12:47
b-141 - - 11.98M static 2010-06-10 15:40
b-142 - - 10.14M static 2010-06-24 08:05
b-143 - - 13.85M static 2010-07-12 09:47
b-144 - - 1.48G static 2010-07-22 12:09
b-145 - - 14.64M static 2010-08-03 22:23
b-146 - - 10.43M static 2010-08-20 15:31
b-147 - - 12.29M static 2010-09-06 19:28
b-148 - - 13.11M static 2010-09-23 17:05
b-149 - - 14.49M static 2010-09-30 18:53
b-150 - - 11.83M static 2010-10-15 10:32
b-151 R /tmp/mnt 53.82G static 2010-11-15 10:10
b-152 N / 1.71G static 2010-11-17 16:32
14 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Live Upgrade -> Boot Environments
Oracle Solaris 10 Oracle Solaris 11 Description
lucreate –n newBE beadm create newBE Create a new BE
lustatus beadm list Display BE info
luactivate newBE beadm activate newBE Activate a BE
ludelete BE beadm destroy BE Destroy an inactive BE
luupgrade or patchadd pkg update Upgrade or update a BE
15 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
pkg(1)
• To install an individual package:pkg install communication/im/pidgin
• To check for individual updates:pkg info –r communication/im/pidgin
• To update an individual package:pkg update communication/im/pidgin
• “Test Run” an image update:pkg update –nv
• Update (all packages, or the complete image):pkg update
16 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Oracle Solaris 11 Lifecycle ManagementImproved updates with IPS
• 4X Faster upgrades typical
• Create ZFS boot environment to safely apply updates
• Full dependency check of packages, crypto verified, auditable
• Reboot updated ZFS boot environment
New Security
Patch
6:00: pkg update
6:00-6:02: Dependency checks,
patch/update planning
6:02-6:04: New boot environment created,
updates downloaded and applied6:04-6:06: reboot
up and running again
Maintenance window: 6-7pm
17 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Boot Environments in Non-global Zones
• BE's automatically include installed/attached zones
• Zone BE is linked to a global zone BE
• Multiple zone BE's can be linked to a single
global zone BE
• Zone administrator can create, mount, activate BE's
– Active BE is within the context of the active global zone BE
18 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Agenda
• Requirements and Ideas
• Updates & Upgrades
• Boot Environments
• SRUs
• Deploying at Scale
• IPS Repository Mirrors
• Automated Installer
• System Configuration
• Zones
• Additional Transition Tools and Resources
19 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Maintenance Updates for Oracle Solaris 11
• Oracle customers with an active Oracle support plan have
access to the support package repository
• Register for the support repository at
• http://pkg-register.oracle.com
• SRU = Support Repository Update
• Future Oracle Solaris 11 Releases
• will be available in the support repository or a release
repository that provides the currently available OS
20 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Agenda
• Requirements and Ideas
• Updates & Upgrades
• Boot Environments
• SRUs
• Deploying at Scale
• IPS Repository Mirrors
• Automated Installer
• System Configuration
• Zones
• Additional Transition Tools and Resources
21 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Local IPS Repositories
• Reasons for a local package repository
• Security and Performance
• Consistency and Replication
• Custom Packages
• Two Types of Repositories:
Origin Mirror
22 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Create a Local IPS Repositories
• Copy From Internet:• pkgrepo create /export/repoSolaris11
• pkgrecv -s http://pkg.oracle.com/solaris11/release/ -d /export/repoSolaris11 '*’
• Copy From File:• Get file, and unzip and cat (if necessary)
• lofiadm -a /export/repo2010_11/ sol-11-repo-full.iso
• mount -F hsfs /dev/lofi/1 /mnt
• rsync -aP /mnt/repo /export/repoSolaris11 or
cd /mnt/repo; tar cf - . | (cd /export/repoSolaris11; tar xfp -)
• umount /mnt
• lofiadm -d /dev/lofi/1
23 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Agenda
• Requirements and Ideas
• Updates & Upgrades
• Boot Environments
• SRUs
• Deploying at Scale
• IPS Repository Mirrors
• Automated Installer
• System Configuration
• Zones
• Additional Transition Tools and Resources
24 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Automated Installation (AI)
• Reduce initial and ongoing costs of deploying Solaris-
based software stack
• Leverages ZFS, SMF, IPS features to provide enhanced
features vs. JumpStart
– Reduces need for third-party or customer-developed extensions
– Most scripting moved to first-boot SMF services
• Integrated, seamless Zones deployment
• WAN-capable design provides operational flexibility
• Designed to be manageable and observable
– installadm(1M) provides one-stop management interface
25 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
AI Terminology
• Client – physical or virtual machine to be installed
• Manifest – XML specification of installation (storage layout,
software payload)
• Profile – SMF profile to pre-configure system services
• Service – server infrastructure needed to network boot an
installation client
• Criteria – mapping of clients to services, manifests and profiles
• Repository – IPS package repository
• “Bootable AI” - service-less AI boot from media
– Manifest included on media or downloaded from network location
26 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Basic Flow of Automated Installation
27 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Static Manifests
• Default manifest provided with service
– Installs solaris-large-server package set from Oracle's Solaris
repository to firmware-designated boot disk
– Sysconfig invoked automatically at first boot to interactively configure
basic system
• Manifest specifies:
– Package repositories and lists; major group packages: solaris-small-
server, solaris-large-server, solaris-desktop
– Target disk: choose by device path, volume id, type, vendor, size,
container/receptacle/occupant (CRO) label; ZFS configuration
– Locales are installed/removed using package facets; all locales are
installed by default
28 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Derived Manifests
• Dynamically generate manifest in a script
• Scales AI management by reducing number of manifests
maintained by administrators
• Most effective model is to load template manifest, modify
specific elements
• Script uses the aimanifest(1M) command as interface
to generate AI manifest
• Generated manifest located on the client at:
/system/volatile/manifest.xml
29 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Agenda
• Requirements and Ideas
• Updates & Upgrades
• Boot Environments
• SRUs
• Deploying at Scale
• IPS Repository Mirrors
• Automated Installer
• System Configuration
• Zones
• Additional Transition Tools and Resources
30 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
New System Configuration Framework & UI
• Replaces sysidtool/sysidcfg/sys-unconfig
• sysconfig(1m) interactive UI
– configure, unconfigure, create-profile subcommands
• Interactive tool provides basic, required system
configuration. UI similar to Text Installer.
• Profiles can configure any SMF service property
• sysconfig unconfigure reverts the properties
configured by the interactive UI to shipped defaults
– --destructive option requests more complete cleanup, e.g.
deleting initial user account's home directory
31 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
System Configuration Profiles
• Common parameters available in Oracle Solaris 11:
– User account, including RBAC roles, profiles and sudo
– Root user: password, role/normal
– Timezone, locale
– Hostname
– Console terminal type, keyboard layout
– IPv4 and/or IPv6 interface, default route
– DNS, NIS, LDAP clients
– Name service switch
32 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Creating a Configuration Profile with sysconfig
• Easiest starting point
# sysconfig create-profile -o myprofile.xml
• Runs the sysconfig UI, places output into specified profile
• Edit further to add properties not configured by sysconfig
33 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Agenda
• Requirements and Ideas
• Updates & Upgrades
• Boot Environments
• SRUs
• Deploying at Scale
• IPS Repository Mirrors
• Automated Installer
• System Configuration
• Zones
• Additional Transition Tools and Resources
34 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Deploying Zones with AI
• Zones can be specified in the AI manifest<configuration type=”zone” name=”zone1”
source=”http://server/zone1/config”/>
<configuration type=”zone” name=”zone2”
source=”file:///net/server/zone2/config”/>
• config file is the zone's configuration file as output
from “zonecfg export”
• Automatically installed on first boot of the global zone
svc:/system/zones-install:default
35 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Deploying Zones with AI (2)
• Use zonename criterion to associate manifests and
profiles with a zone# installadm create-manifest -n S11-x86 -f /tmp/zmanifest.xml
-c zonename=”zone1 zone2”
# installadm create-profile -n S11-x86 -f /tmp/zprofile1.xml
-c zonename=”zone1”
# installadm create-profile -n S11-x86 -f /tmp/zprofile2.xml
-c zonename=”zone2”
36 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Deploying Zones with AI (3)
• AI is also used when installing non-global zones from
existing global zone
• Default manifest is
/usr/share/auto_install/manifest/zone_default.xml
• Default profile enables interactive system
configuration during first boot
• Provide alternate manifest and/or profile with# zoneadm -z <zone> install -m <manifest> -c <profile>
37 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Agenda
• Requirements and Ideas
• Updates & Upgrades
• Boot Environments
• SRUs
• Deploying at Scale
• IPS Repository Mirrors
• Automated Installer
• System Configuration
• Zones
• Additional Transition Tools and Resources
38 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
JumpStart to AI Mapping
JumpStart Automated Installation
setup_install_server installadm create-service
add_install_client installadm create-client
JumpStart profile & rules AI manifest & criteria
sysidcfg file SMF configuration profile
Begin script Derived Manifests, custom images from Distribution Constructor
Finish script pkg actions, First-boot SMF services
39 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Steps to Convert from Solaris 10 JumpStart
• Deploy S11 server instance to host AI service
– Use as JumpStart server as well
• Translate rules to criteria
• Translate profiles to manifests
• Translate sysidcfg to SMF profile
• Publish manifests and profiles to AI service
• Convert finish scripts to SMF service(s)
• Publish SMF service package to IPS repository
40 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
js2ai JumpStart to AI translation tool
• Automatically converts existing JumpStart rules,
profiles, sysidcfg files to AI equivalents
• Conversion is best-effort, with instructions on issues
that need manual resolution
• Result is a directory hierarchy with AI profiles, system
config manifests, log of the tool's actions
• See js2ai(1m)
41 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Distribution Constructor (DC)
• Tool to easily construct installation images and virtual
machine images
– Used by Solaris engineering to build the product
• Use DC to build AI (or interactive install) images
customized with additional drivers or services
• XML manifest (similar to AI) specifies construction
• Checkpoint/resume feature nicely leverages ZFS!
• Fully extensible – plug your own customizations into build
process
• See distro_const(1M) for more information
42 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Building and Using a Custom AI Boot Image
• Install Distribution Constructor– pkg install distribution-constructor
• Copy base AI image manifest, customize
– Basic SPARC manifest at/usr/share/distro_const/auto_install/ai_sparc_image.xml
• Build the image: – distro_const build my_ai_image.xml
• Deploy to AI service:
– installadm create-service ...
43 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Technical Article Available
• “How To Create a Customized Oracle Solaris 11
Image Using the Distribution Constructor”
• http://www.oracle.com/technetwork/articles/servers-storage-admin/o11-
087-sol11-dist-const-496819.html
44 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
• “Transitioning From Oracle Solaris 10 JumpStart to
Oracle Solaris 11 Automated Installer”
• http://docs.oracle.com/cd/E23824_01/html/E21799/index.html
Documentation Available
45 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Technical Article Available
• “How to Perform System Archival and Recovery
Procedures with Oracle Solaris 11”
• http://www.oracle.com/technetwork/articles/servers-storage-admin/o11-
091-sol-dis-recovery-489183.html
46 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Summary
47 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Simplified Administration, Service Provisioning
48 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Summary
• Oracle Solaris 11 deployment is different from Solaris 10
– Little required customization work to start deploying
– Powerful, stable, supported capabilities for those who need to
customize
• Transition documentation, tools are provided
• Feature set will expand & evolve
• Boot Environments allow for fast, efficient, and fool-
proof software upgrades
49 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
For More Information / Try Out Today
• Product overview and download
– oracle.com/solaris
• Oracle Technology Network
– oracle.com/technetwork/server-storage/solaris11
• System administrators community
– oracle.com/technetwork/systems
• @ORCL_Solaris
• facebook.com/oraclesolaris
• Oracle Solaris Insider
49
50 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
51 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
One Installation Engine; Three Installers
• Each with its own features and capabilities
• Each delivering its own benefits for specific needs
• Interactive
• Live Media – Desktop, GUI tools
• Text Installer – “Headless” servers
• Automated
• Automated Installer – Large-scale deployments
• Distribution Constructor lets you build your own
installation media, behaving like any of these categories
52 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Two types of interactive installers
• 1 - Text-based UI for server systems (SPARC & x86)
• 2 - GUI for x86 desktop/laptop systems
• Principle: Install fixed software payload with basic
configuration, customize after installation
– GUI installs desktop/laptop-appropriate software(solaris-desktop group package), automatic network configuration
– Text installer installs server-appropriate software(solaris-large-server group package), choice of automatic or
manual network & name service configuration
• Both provide configuration of initial user account, with
administrative privileges via sudo
53 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
Two types of interactive installers
Text-based Install
Live Media GUI Install