All entries for May 2014

May 21, 2014

solaris 11.1 copying zones between machines

I have zone all built up the way I like and I want more zones like it both on the same server and others.

The built zone is ZONENAME on the server SERVER, and it's in the installed state.

1st I did some local copies, using a sc_profile.xml file for each zone, the file must be called sc_profile.xml, and you must use a full pathname to it. Below is without a zone cfg, notes also do a with zone cfg, even better, don't forget to change IP, (maybe gateway) (maybe link name) & hostname in new sc_profile.xml

cp sc_profile.xml-NEW-LOCAL-ZONE sc_profile.xml
zonecfg -z NEW-LOCAL-ZONE "create -t ZONENAME"
zonecfg -z NEW-LOCAL-ZONE "set zonepath=/zones/NEW-LOCAL-ZONE "
zonecfg -z NEW-LOCAL-ZONE "select net physical=net2; set physical=net8;end"
zonecfg -z NEW-LOCAL-ZONE "select net physical=net3; set physical=net9;end"
zoneadm -z NEW-LOCAL-ZONE clone -c /opt/site/sc_profile.xml ZONENAME
zoneadm -z NEW-LOCAL-ZONE boot
zlogin -C NEW-LOCAL-ZONE

Then sort out networking and check services.


Next use the same zone to build zones on other machines:

zfs snapshot -r rpool/zones/ZONENAME@archive
zfs send -rc rpool/zones/ZONENAME@archive |bzip2 >/var/tmp/ZONENAME.zfs.bz2
scp /var/tmp/ZONENAME.zfs.bz2 MYLOGIN@NEW-MACHINE:/var/tmp
scp ZONENAME.cfg MYLOGIN@NEW-MACHINE:/var/tmp
scp sc_profile.xml MYLOGIN@NEW-MACHINE:/var/tmp

On new machine NEW-MACHINE:
copy & edit sc_profile.xml and zone cfg file, zoneadm also wants the full pathname to the archive

zonecfg -z NEW-ZONE -f NEW-ZONE.cfg
zoneadm -z NEW-ZONE install -a /var/tmp/ZONENAME.zfs.bz2 -u -c /var/tmp/sc_profile.xml
zoneadm -z NEW-ZONE boot
zlogin -C NEW-ZONE

Then sort out networking and check services.


Maria MacCallum : 21 May 2014 15:50  Tags:   Comments (0)  Report a problem

May 12, 2014

apache 2.4.9 in solaris 11 zone on sparc

Install apache 2.4.9 notes so far

This was done on a sparc zone 

pkg install gcc-3
pkg install developer/assembler   
pkg install developer/build/make
export PATH=$PATH:/usr/sfw/bin

Install pcre

./configure --prefix=/opt/warwick/pcre/
make
make install

openssl

./Configure solaris-sparcv9-gcc -m32 --prefix=/opt/warwick/openssl --shared
make
make install

apr & apr util
unpack tarball in httpsource---/srclib dir and rename dirs so there's no version numbers

apache

export LD_RUN_PATH=/opt/warwick/openssl/lib
./configure --prefix=/opt/warwick/apache2/2.4.9 --enable-mods-shared=all--enable-cache -enable-cache-disk --enable-deflate --enable-file-cache --enable-cgi --enable-proxy --enable-rewrite --enable-ssl --enable-suexec --with-suexec-caller=USER --enable-exception-hook --with-ssl=/opt/warwick/openssl --with-included-apr --with-mpm=prefork --with-pcre=/opt/warwick/pcre/bin/pcre-config CC="gcc -m32" LDFLAGS=" -s"
make
make install

Tested with a self signed cert & it works.

Next to run as another user using the SMF.


Here is where I found some most excellent notes: https://blogs.oracle.com/observatory/entry/limiting_apache_s_power

1. Give USER the correct privs

pfexec usermod -K defaultpriv=basic,net_privaddr USER

2. make USER the owner of logs and all that is in it


3. Configure the service:


# svccfg -s application/apache listprop 
manifestfiles  framework  
manifestfiles/opt_src_war-apache249_xml astring  /opt/src/war-apache249.xml
multi_user_dependency  dependency  
multi_user_dependency/entities  fmri  svc:/milestone/multi-user
multi_user_dependency/grouping  astring  require_all
multi_user_dependency/restart_on  astring  none
multi_user_dependency/type  astring  service
start  method  
start/exec  astring  "/opt/warwick/apache2/2.4.9/bin/apachectl start"
start/group  astring  USER
start/privileges  astring  basic,!proc_session,!proc_info,!file_link_any,net_privaddr
start/timeout_seconds  count  60
start/type  astring  method
start/use_profile  boolean  false
start/user  astring  USER
stop  method  
stop/exec  astring  "/opt/warwick/apache2/2.4.9/bin/apachectl stop"
stop/timeout_seconds  count  60
stop/type  astring  method
refresh  method  
refresh/exec  astring  "/opt/warwick/apache2/2.4.9/bin/apachectl graceful"
refresh/timeout_seconds  count  60
refresh/type  astring  method
tm_common_name  template  
tm_common_name/C  ustring  
tm_description  template  
tm_description/C  ustring

4. check one of the processes 

pfexec ppriv 29316
29316:  /opt/warwick/apache2/2.4.9/bin/httpd -k start
flags = <none>
  E: basic,!file_link_any,net_privaddr,!proc_info,!proc_session
  I: basic,!file_link_any,net_privaddr,!proc_info,!proc_session
  P: basic,!file_link_any,net_privaddr,!proc_info,!proc_session
 
 L: 
basic,contract_event,contract_identity,contract_observer,file_chown,file_chown_self,file_dac_execute,file_dac_read,file_dac_search,file_dac_write,file_owner,file_setid,ipc_dac_read,ipc_dac_write,ipc_owner,net_bindmlp,net_icmpaccess,net_mac_aware,net_observability,net_privaddr,net_rawaccess,proc_audit,proc_chroot,proc_lock_memory,proc_owner,proc_setid,proc_taskid,sys_acct,sys_admin,sys_audit,sys_flow_config,sys_ip_config,sys_iptun_config,sys_mount,sys_nfs,sys_ppp_config,sys_resource,sys_share
{code}

Here's the service manifest:


<?xml version="1.0" ?>
<!DOCTYPE service_bundle
 SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<service_bundle type="manifest" name="application/apache">
  <service version="1" type="service" name="application/apache">
  <dependency restart_on="none" type="service"
  name="multi_user_dependency" grouping="require_all">
  <service_fmri value="svc:/milestone/multi-user"/>
  </dependency>
  <exec_method timeout_seconds="60" type="method" name="start"
  exec="/opt/warwick/apache2/2.4.9/bin/apachectl start">
  <method_context>
 
 <method_credential user='USER' group='GROUP' 
privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr'/>
  </method_context>
  </exec_method>
  <exec_method timeout_seconds="60" type="method" name="stop"
  exec="/opt/warwick/apache2/2.4.9/bin/apachectl stop"/>
  <exec_method timeout_seconds="60" type="method" name="refresh"
  exec="/opt/warwick/apache2/2.4.9/bin/apachectl graceful"/>
  <instance enabled="true" name="default"/>
  <template>
  <common_name>
  <loctext xml:lang="C">
  <!--
  Replace this comment with a short name for the
  service.
  -->
  </loctext>
  </common_name>
  <description>
  <loctext xml:lang="C">
  <!--
  Replace this comment with a brief description of
  the service
  -->
  </loctext>
  </description>
  </template>
  </service>
</service_bundle>

Maria MacCallum : 12 May 2014 11:57  Tags:  Comments (1)  Report a problem

May 2014

Mo Tu We Th Fr Sa Su
Apr |  Today  | Jun
         1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31   

Search this blog

Tags

Galleries

Most recent comments

  • hello. i am from poland. i uwielbiam was! by on this entry
  • Hello, It was more for internal consumption, I will check it over and send you a version, can you em… by Maria MacCallum on this entry
  • Hello Maria, i don't see the script setup–zone.sh, can you post it ? I'am looking too for an example… by FRANCISCO on this entry
  • Solaris 11.2 returns the value of SI_MEMSIZE in Mb's now by Maria MacCallum on this entry

Blog archive

Loading…
Not signed in
Sign in

Powered by BlogBuilder
© MMXXI