Automating Solaris 11 Zones Installation Using The Automated Install Server
- by Orgad Kimchi
Introduction
How to use the Oracle Solaris 11 Automated install server in order to automate the Solaris 11 Zones installation. In this document I will demonstrate how to setup the Automated Install
server in order to provide hands off installation process for the Global
Zone and two Non Global Zones located on the same system.
Architecture layout: Figure 1. Architecture layout Prerequisite Setup the Automated install server (AI) using the following instructions “How to Set Up Automated Installation Services for Oracle Solaris 11” The first step in this setup will be creating two Solaris 11 Zones configuration files. Step 1: Create the Solaris 11 Zones configuration files
The Solaris Zones configuration files should be in the format of the zonecfg export command. # zonecfg -z zone1 export > /var/tmp/zone1# cat /var/tmp/zone1 create -b set brand=solaris set zonepath=/rpool/zones/zone1 set autoboot=true set ip-type=exclusive add anet set linkname=net0 set lower-link=auto set configure-allowed-address=true set link-protection=mac-nospoof set mac-address=random end
Create a backup copy of this file under a different name, for example, zone2. # cp /var/tmp/zone1 /var/tmp/zone2
Modify the second configuration file with the zone2 configuration information You should change the zonepath for example: set zonepath=/rpool/zones/zone2 Step2: Copy and share the Zones configuration files
Create the NFS directory for the Zones configuration files # mkdir /export/zone_config
Share the directory for the Zones configuration file # share –o ro /export/zone_config
Copy the Zones configuration files into the NFS shared directory # cp /var/tmp/zone1 /var/tmp/zone2 /export/zone_config
Verify that the NFS share has been created using the following command # share
export_zone_config /export/zone_config nfs sec=sys,ro Step 3: Add the Global Zone as client to the Install Service
Use the installadm create-client command to associate client (Global Zone) with the install service To find the MAC address of a system, use the dladm command as described in the dladm(1M) man page. The following command adds the client (Global Zone) with MAC address 0:14:4f:2:a:19 to the s11x86service install service. # installadm create-client -e “0:14:4f:2:a:19" -n s11x86service
You can verify the client creation using the following command # installadm list –c
Service Name Client Address Arch Image Path ------------ -------------- ---- ---------- s11x86service 00:14:4F:02:0A:19 i386 /export/auto_install/s11x86service
We can see the client install service name (s11x86service), MAC address (00:14:4F:02:0A:19 and Architecture (i386). Step 4: Global Zone manifest setup
First, get a list of the installation services and the manifests associated with them: # installadm list -m Service Name Manifest Status ------------ -------- ------ default-i386 orig_default Default
s11x86service orig_default Default Then probe the s11x86service and the default manifest associated with it.
The -m switch reflects the name of the manifest associated with a service.
Since we want to capture that output into a file, we redirect the output of the command as follows: # installadm export -n s11x86service -m orig_default > /var/tmp/orig_default.xml
Create a backup copy of this file under a different name, for example, orig-default2.xml, and edit the copy. # cp /var/tmp/orig_default.xml /var/tmp/orig_default2.xml
Use the configuration element in the AI manifest for the client system to specify non-global zones. Use the name attribute of the configuration element to specify the name of the zone. Use the source attribute to specify the location of the config file for the zone.The source location can be any http:// or file:// location that the client can access during installation.
The following sample AI manifest specifies two Non-Global Zones: zone1 and zone2
You should replace the server_ip with the ip address of the NFS server.
<!DOCTYPE auto_install SYSTEM "file:///usr/share/install/ai.dtd.1"> <auto_install> <ai_instance> <target> <logical> <zpool name="rpool" is_root="true"> <filesystem name="export" mountpoint="/export"/> <filesystem name="export/home"/> <be name="solaris"/> </zpool> </logical> </target> <software type="IPS"> <source> <publisher name="solaris"> <origin name="http://pkg.oracle.com/solaris/release"/> </publisher> </source> <software_data action="install"> <name>pkg:/entire@latest</name> <name>pkg:/group/system/solaris-large-server</name> </software_data> </software> <configuration type="zone" name="zone1" source="file:///net/server_ip/export/zone_config/zone1"/> <configuration type="zone" name="zone2" source="file:///net/server_ip/export/zone_config/zone2"/> </ai_instance> </auto_install> The following example adds the /var/tmp/orig_default2.xml AI manifest to the s11x86service install service # installadm create-manifest -n s11x86service -f /var/tmp/orig_default2.xml -m gzmanifest
You can verify the manifest creation using the following command # installadm list -n s11x86service -m
Service/Manifest Name Status Criteria --------------------- ------ -------- s11x86service
orig_default Default None
gzmanifest Inactive None
We can see from the command output that the new manifest named gzmanifest has been created
and associated with the s11x86service install service. Step 5: Non Global Zone manifest setup
The AI manifest for non-global zone installation is similar to the AI manifest for installing the global zone.
If you do not provide a custom AI manifest for a non-global zone, the default AI manifest for Zones is used
The default AI manifest for Zones is available at /usr/share/auto_install/manifest/zone_default.xml.
In this example we should use the default AI manifest for zones
The following sample default AI manifest for zones # cat /usr/share/auto_install/manifest/zone_default.xml
<?xml version="1.0" encoding="UTF-8"?> <!-- Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. --> <!DOCTYPE auto_install SYSTEM "file:///usr/share/install/ai.dtd.1"> <auto_install> <ai_instance name="zone_default"> <target> <logical> <zpool name="rpool"> <!-- Subsequent <filesystem> entries instruct an installer to create following ZFS datasets: <root_pool>/export (mounted on /export) <root_pool>/export/home (mounted on /export/home) Those datasets are part of standard environment and should be always created. In rare cases, if there is a need to deploy a zone without these datasets, either comment out or remove <filesystem> entries. In such scenario, it has to be also assured that in case of non-interactive post-install configuration, creation of initial user account is disabled in related system configuration profile. Otherwise the installed zone would fail to boot. --> <filesystem name="export" mountpoint="/export"/> <filesystem name="export/home"/> <be name="solaris"> <options> <option name="compression" value="on"/> </options> </be> </zpool> </logical> </target> <software type="IPS"> <destination> <image> <!-- Specify locales to install --> <facet set="false">facet.locale.*</facet> <facet set="true">facet.locale.de</facet> <facet set="true">facet.locale.de_DE</facet> <facet set="true">facet.locale.en</facet> <facet set="true">facet.locale.en_US</facet> <facet set="true">facet.locale.es</facet> <facet set="true">facet.locale.es_ES</facet> <facet set="true">facet.locale.fr</facet> <facet set="true">facet.locale.fr_FR</facet> <facet set="true">facet.locale.it</facet> <facet set="true">facet.locale.it_IT</facet> <facet set="true">facet.locale.ja</facet> <facet set="true">facet.locale.ja_*</facet> <facet set="true">facet.locale.ko</facet> <facet set="true">facet.locale.ko_*</facet> <facet set="true">facet.locale.pt</facet> <facet set="true">facet.locale.pt_BR</facet> <facet set="true">facet.locale.zh</facet> <facet set="true">facet.locale.zh_CN</facet> <facet set="true">facet.locale.zh_TW</facet> </image> </destination> <software_data action="install"> <name>pkg:/group/system/solaris-small-server</name> </software_data> </software> </ai_instance> </auto_install>
(optional) We can customize the default AI manifest for Zones
Create a backup copy of this file under a different name, for example, zone_default2.xml and edit the copy # cp /usr/share/auto_install/manifest/zone_default.xml /var/tmp/zone_default2.xml
Edit the copy (/var/tmp/zone_default2.xml)
The following example adds the /var/tmp/zone_default2.xml AI manifest to
the s11x86service install service and specifies that zone1 and zone2
should use this manifest. # installadm create-manifest -n s11x86service -f /var/tmp/zone_default2.xml -m zones_manifest -c zonename="zone1 zone2" Note: Do not use the following elements or attributes in a non-global zone AI manifest:
The auto_reboot attribute of the ai_instance element
The http_proxy attribute of the ai_instance element
The disk child element of the target element
The noswap attribute of the logical element
The nodump attribute of the logical element
The configuration element
Step 6: Global Zone profile setup
We are going to create a global zone configuration profile which
includes the host information for example: host name, ip address name
services etc… # sysconfig create-profile –o /var/tmp/gz_profile.xml You need to provide the host information for example:
Default router
Root password
DNS information
The output should eventually disappear and be replaced by the initial
screen of the System Configuration Tool (see Figure 2), where you can do
the final configuration. Figure 2. Profile creation menu You can validate the profile using the following command # installadm validate -n s11x86service –P /var/tmp/gz_profile.xml
Validating static profile gz_profile.xml... Passed
Next, instantiate a profile with the install service.
In our case, use the following syntax for doing this # installadm create-profile -n s11x86service -f /var/tmp/gz_profile.xml -p gz_profile You can verify profile creation using the following command # installadm list –n s11x86service -p
Service/Profile Name Criteria -------------------- -------- s11x86service
gz_profile None We can see that the gz_profie has been created and associated with the s11x86service
Install service. Step 7: Setup the Solaris Zones configuration profiles
The step should be similar to the Global zone profile creation on step 6 # sysconfig create-profile –o /var/tmp/zone1_profile.xml # sysconfig create-profile –o /var/tmp/zone2_profile.xml You can validate the profiles using the following command # installadm validate -n s11x86service -P /var/tmp/zone1_profile.xml
Validating static profile zone1_profile.xml... Passed # installadm validate -n s11x86service -P /var/tmp/zone2_profile.xml
Validating static profile zone2_profile.xml... Passed
Next, associate the profiles with the install service
The following example adds the zone1_profile.xml configuration profile
to the s11x86service install service and specifies that zone1 should
use this profile. # installadm create-profile -n s11x86service -f /var/tmp/zone1_profile.xml -p zone1_profile -c zonename=zone1
The following example adds the zone2_profile.xml configuration profile
to the s11x86service install service and specifies that zone2 should
use this profile. # installadm create-profile -n s11x86service -f /var/tmp/zone2_profile.xml -p zone2_profile -c zonename=zone2
You can verify the profiles creation using the following command # installadm list -n s11x86service -p
Service/Profile Name Criteria -------------------- -------- s11x86service
zone1_profile zonename = zone1
zone2_profile zonename = zone2
gz_profile None
We can see that we have three profiles in the s11x86service install service
Global Zone gz_profile
zone1 zone1_profile
zone2 zone2_profile. Step 8: Global Zone setup
Associate the global zone client with the manifest and the profile that we create in the previous steps
The following example adds the manifest and profile to the client (global zone), where:
gzmanifest is the name of the manifest.
gz_profile is the name of the configuration profile.
mac="0:14:4f:2:a:19" is the client (global zone) mac address
s11x86service is the install service name.
# installadm set-criteria -m gzmanifest –p gz_profile -c mac="0:14:4f:2:a:19" -n s11x86service
You can verify the manifest and profile association using the following command # installadm list -n s11x86service -p -m
Service/Manifest Name Status Criteria --------------------- ------ -------- s11x86service
gzmanifest mac = 00:14:4F:02:0A:19
orig_default Default None
Service/Profile Name Criteria -------------------- -------- s11x86service
gz_profile mac = 00:14:4F:02:0A:19
zone2_profile zonename = zone2
zone1_profile zonename = zone1 Step 9: Provision the host with the Non-Global Zones
The next step is to boot the client system off the network and provision
it using the Automated Install service that we just set up. First, boot the client system. Figure 3 shows the network boot attempt (when done on an x86 system): Figure 3. Network Boot
Then you will be prompted by a GRUB menu, with a timer, as shown in
Figure 4. The default selection (the "Text Installer and command line"
option) is highlighted. Press the down arrow to highlight the second option labeled Automated Install, and then press Enter.
The reason we need to do this is because we want to prevent a system
from being automatically re-installed if it were to be booted from the
network accidentally. Figure 4. GRUB Menu
What follows is the continuation of a networked boot from the Automated
Install server,. The client downloads a mini-root (a small set of files
in which to successfully run the installer), identifies the location of
the Automated Install manifest on the network, retrieves that manifest,
and then processes it to identify the address of the IPS repository from
which to obtain the desired software payload.
Non-Global Zones are installed and configured on the first reboot after the Global Zone is installed.
You can list all the Solaris Zones status using the following command # zoneadm list -civ
Once the Zones are in running state you can login into the Zone using the following command # zlogin –z zone1 Troubleshooting Automated Installations
If an installation to a client system failed, you can find the client log at /system/volatile/install_log. NOTE: Zones are not installed if any of the following errors occurs:
A zone config file is not syntactically correct.
A collision exists among zone names, zone paths, or delegated ZFS datasets in the set of zones to be installed
Required datasets are not configured in the global zone.
For more troubleshooting information see “Installing Oracle Solaris 11 Systems”
Conclusion
This paper demonstrated the benefits of using the Automated Install
server to simplify the Non Global Zones setup, including the creation
and configuration of the global zone manifest and the Solaris Zones
profiles.
