Intalling Sun Directory 6.2 by hand.

I followed the following steps on installing Sun Directory Server 6.2 on Solaris 10 08/07 in a container that lives on a zfs.  Click here to see how I set up zones on zfs.  I did take advantage of having snapshots during this install.  To err is easy with zfs :)

First - Install Sun Application Server 9.1.  Accept most defaults except for selecting for 80 over 8080 and 443 over 8181.

Second, I setup Applicaiton Server 9.1 to start at boot the old fashion way.

# cd /etc/init.d
# cp nfs.server appserver9.1
Update it to look like.... (Left as an exercise, add a restart option)
#!/sbin/sh
#
case "$1" in
'start')
        /opt/SUNWappserver/bin/asadmin start-domain --user=admin --passwordfile=/opt/SUNWappserver/.key
        ;;

'stop')
        /opt/SUNWappserver/bin/asadmin stop-domain
        ;;

*)
        echo "Usage: $0 { start | stop }"
        exit 1
        ;;
esac

# cd /etc/rc0.d
# ln /etc/init.d/appserver9.1 K99appserver9.1
# cd /etc/rc3.d
# ln /etc/init.d/appserver9.1 S99appserver9.1

Be sure to create a /opt/SUNWappserver/.key that looks like...
AS_ADMIN_PASSWORD=password
AS_ADMIN_MASTERPASSWORD=password

Now, you can start the application server...
# /etc/init.d/appserver9.1 start

It is at this point, I shutdown this zone, create a zfs snapshot of the filesystem so I can rollback to a clean zone with just application server installed.

Deploy directory 6.2...
# cd <where you unziped the bits>/DSEE_ZIP_Distribution
If you followed my previous blog about creating the repository of software....
# cd /share/software/dir62/DSEE_ZIP_Distribution

./dsee_deploy install -i /opt/ds62 -I -N

You will see lots of output.....

Now, setup cacao for dscc. 

vi /opt/ds62/dsee6/cacao_2/etc/cacao/instances/default/private/cacao.properties

Default cacao using 111XX port numbers.  I change them to 211XX.

Then run...

/opt/ds62/dsee6/cacao_2/usr/sbin/cacaoadm enable

/opt/ds62/dsee6/cacao_2/usr/sbin/cacaoadm start

Deploy /opt/ds62/var/dscc6/dscc.war to your application server.

Add this to /opt/SUNWappserver/domains/domain1/config/server.policy
// Permissions for Directory Service Control Center
grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/dscc/-"
{
        permission java.security.AllPermission;
};


/opt/ds62/dscc6/bin/dsccsetup initialize
***
DSCC Application cannot be registered because it is not installed
***
DSCC Agent is already registered
***
Choose password for Directory Service Manager:  <password>
Confirm password for Directory Service Manager:  <password>
Creating DSCC registry...
DSCC Registry has been created successfully
***


http://<host>/dscc

And you are own your way to creating a new directory server and more...
To setup auto start at boot...
# cd /etc/init.d
# cp nfs.server dir62
# vi dir62   (This just start the dscc at boot - You'll add similiar entries for other directory servers you create)
# cat dir62
#!/sbin/sh
#
case "$1" in
'start')
        /opt/ds62/var/dscc6/dcc/ads/start-slapd
        ;;

'stop')
        /opt/ds62/var/dscc6/dcc/ads/stop-slapd
        ;;
'restart')
        /opt/ds62/var/dscc6/dcc/ads/restart-slapd
        ;;
*)
        echo "Usage: $0 { start | stop }"
        exit 1
        ;;
esac
# cd /etc/rc0.d
# ln /etc/init.d/dir62 K99ds62
# cd /etc/rc3.d
# ln /etc/init.d/dir62 S99ds62

Now is a good time to take a zfs snapshot of the zone to rollback to a clean directory with just dscc running.
 

Posted at 02:40PM Oct 27, 2007 by jimblog in Software  |  Comments[2]

ZFS Zones Clones and Snapshot

Ever needed multiple copies of the same base zone configuration?  Here is my adventure in creating a sparse root template zone and its cloning.  (The same can be applied to full root zones by adding the option -b to the zonecfg create - "create -b")  In this example, I'm using Solaris 10 08/07.  In the latest Nevada builds, zoneadm is zfs aware and some of the noted steps below aren't needed. 

First, create a zfs filesystem for the zones to live in.  On my laptop, I created a 8G file /export/zpool with the command mkfile.  This isn't best practice for production, but on a laptop and playing around....
# mkfile 8G /export/zpool.

Then proceed to make a zpool called "z".
# zpool create z /export/zpool

# zpool list
 

NAME	SIZE	USED	AVAIL	CAP	HEALTH	ALTROOT
z	7.94G	2.52G	5.41G	31%	ONLINE	-

Next I create my first zfs filesystem /z/share.  The use is explained in the next section....

# zfs create z/share
 

Second, I create a file called sparsetemplate that looks like this...

# cat sparsetemplate
create
set zonepath=/z/sparsetemplate
set autoboot=false
add net
        set address=192.168.123.80
        set physical=e1000g0
end
add fs
        set dir=/share
        set special=/z/share
        set type=lofs
        add options [ro,nodevices]
end

The added filesystem noted by "add fs" is a filesystem that shows up in the zone as /share that is mounted from the global zone /z/share.  I place software and files that I shared between my zones here.  That way, I don't copy files into each zone.  I mount it read only so I maintain control of its contents globally, so if I give a zone over to a developer, they can't muck with it :)

Now, in Solaris 10 08/07 I need to create the zfs filesystem.  In the latest Nevada builds, zoneadm does the next 2 steps for you!!!  Hopefully, that feature will find its way to the next build of Solaris 10.  

# zfs create z/sparsetemplate

# chmod 700 /z/sparsetemplate 

# zonecfg -z sparsetemplate -f sparsetemplate

# zoneadm -z sparsetemplate install

# zoneadm -z sparsetemplate boot

# zlogin -C sparsetemplate

From here, you will need to select the appropriate options for your environment.  Can we use jumpstart at this point?  Or JET?  That would be nice.  Something to investigate or maybe you can leave a comment. 

Once this complete, I will login to sparsetemplate (zlogin sparsetemplate) and make changes in the way I like a clean system to look.  That is, I allow root to ssh in.  Also, change root's shell to bash and disable sendmail.  This way, when I clone sparsetemplate, the newly create zone will already have these items altered.  

Third, once I complete altering my sparsetemplate zone with all the changes, I will halt the zone and then take a zfs snapshot of its zfs filesystem.

# zfs snapshot z/sparsetemplate@cstate      (cstate meaning clean state)

# zfs list

NAME	USED	AVAIL	REFER	MOUNTPOINT
z	2.52G	5.29G	29.5K	/z
z/share	24.5K	5.29G	24.5K	/z/share
z/sparsetemplate	76.4M	5.29G	76.0M	/z/sparsetemplate
z/sparsetemplate@cstate	414K	-	76.0M	-

 

Forth, I will do the same, if need be and create a full root template.  Same steps. 

Fifth, Now onto creating a spare zone I will use.  If you install dir 6.2 by hand (verses using JES 5.1 installer), it will install in a sparse zone.  This is also true of Sun Application server 9.1.  Yea!  Since I do a lot with directory, I will use that as my example.

# cp sparsetemplate dir62

Update dir62 file with its zonepath /z/dir62 and its own IP. 

In the latest versions of Nevada, the next steps are NOT needed!!!! 

# zfs create z/dir62

# chmod 700 /z/dir62

# zonecfg -z dir62 -f dir62

# zoneadm -z dir62 clone sparsetemplate

# zoneadm -z dir62 boot

# zlogin -C dir62

Select the appropriate options for your environment.  Now, dir62 zone will have the root shell as bash, ssh turned on for root and sendmail not running.  Plus, creating dir62 is measured in seconds! 

 Fifth, Create a zfs snapshot of the dir62.

# zfs snapshot z/dir62@cstate     (as in clean state)

Sixth, now on with dir 6.2 install and creating a snapshot of the zfs filesystem once it is installed. 

# zfs snapshot z/dir62@cstate.dir62 

The bonus is when I mess up dir 6.2 or just want to roll back to a clean install, I simply issue a rollback and I have a clean directory!

# zfs rollback z/dir62@cstate.dir62     (the zone is halted prior to this step)

Taking a look at my zfs listing you will notice the snap shots of dir62.  You will notice that I took at snapshot of z/dir62@cstate.app91 prior to installing dir62.  Application server is needed (if you don't want to use Solaris' web console) for the dscc and this was very useful once I started installing the directory bits by hand since I needed to do it a few times.

# zfs list

NAME	USED	AVAIL	REFER	MOUNPOINT
z	4.21G	3.60G	31.5K	/z
z/dir62	804M	3.60G	779M	/z/dir62
z/dir62@cstate	3.03M	-	78.9M	-
z/dir62@cstate.app91	19.1M	-	470M	-
z/dir62@cstate.app91.dir62dscc	0	-	779M	-
z/share	911M	3.60G	911M	/z/share
z/sparsetemplate	79.7M	3.60G	76.2M	/z/sparsetemplate
z/sparsetemplate@cstate	3.48M	-	76.0M	-

Posted at 06:59PM Oct 19, 2007 by jimblog in Software  |