Experimental OpenSolaris Server JeOS

1. Introduction

This document is a worksheet we're using to construct a series of experimental reduced footprint, server-oriented OpenSolaris JeOS (Just enough OS) virtual machine (VM) images that are to be used as building blocks in the construction of VM images containing various middleware applications and services. Our first application is the delivery of a set of VM images for Sun's WebSynergy Project.

Our intent is to:

  • align our activities with other projects that are interested in similar results and
  • periodically update our approach based on tracking the evolution of OpenSolaris and its installation tooling

Although there are many xVM VirtualBox and VMware OpenSolaris virtual images available, most of them retain X Windows and Gnome desktop (with GUI user land apllications) support that we don't need in our data center-oriented deployment images. Our set of JeOS images focus on the delivery of remotely managed server deployments that do not boot into X Windows GUI environment and do not include desktop support.

2. Scoping our JeOS Experiment

2.1 JeOS Profiles

In our initial experiment, we're targeting a JeOS profile that will generally be well positioned to support deployment of application sever-based services. Specifically, we're orienting this initial set of images to support the WebSynergy portal application that is deployed on top of the GlassFish application server which in turn depends on Java 6.

2.2 Remote Management Model

Our project is primarily targeting server images that are oriented toward remote command line- and web browser-based administration and standard forms of network protocol-based monitoring and management (e.g. SNMP, JMX, etc). We don't anticipate needing to include remote X display support, but we will fallback to including the supporting X library packages if dependencies make them difficult to remove.

2.3 Reduction Drivers

There are several motivations why projects reduce the content of OS distributions (installed OS footprint):

Driver Description
Ease of Distribution Reducing the size of the images such that they are easier to share amongst developers and deployers.
Ease of Maintenance Less packages means less time spent updating unnecessary features.
Hardening Improve the security of the deployment by not only disabling, but removing unnecessary features. Recognizing that reduction of unnecessary binaries and services is only a small part of the effort to harden a deployment environment. The SST/JASS tools can be applied to the JeOS images to address aspects of hardening beyond the mere exclusion of packages.

In support of our initial set of OpenSolaris Server JeOS oriented images, we're mainly focused on easing the process of distributing and sharing the images.

2.4 Basic Reduction Requirements

Consideration Description
Include secure remote CLI- and web-based administration Ensure commonly used tools for remote administration of headless server deployments are included in the images. For example, include ssh for secure shell access. Consider inclusion of web accessible administration tools for the images/appliances. In our case, we may choose to include Webmin as a basic means of managing the underlying OpenSolaris installation.
Include most commonly used CLI administration tools Make a judgement call as to which packages constitute the generally expected set of CLI tools for server administration.
Exclude desktop- and graphics-oriented packages In addition to X Windows and Gnome, exclude a wide variety of desktop-oriented packages such as audio and video support
Exclude unnecessary network services Those services that are not typically deployed to servers hosting middleware applications (e.g. DNS server)
Exclude unnecessary drivers Include drivers that are needed for the targeted v12n platforms:
* Sun xVM Server
* Sun xVM VirtualBox 2
* VMware ESX
* VMware Server 2.0
* VMWare Workstation 5/6

Future considerations: To support Virtual to Physical (V2P) migration and to support new virtualization features at the processor level, we may consider inclusion of non-virtual drivers. In the context of our initial images, this consideration is likely not very important.
Include as an option JDK Include or at least document how to install a complete Java SDK to support Java-based services
Language support Need to determine degree to which multi-language support is required. e.g. What about SUNWlang* packages? Leave in for now.

There are two facets to consider:
1. Preferred language of administrators
2. Language support required by applications.

Initially, in support of the somewhat generic OS, we'll concentrate on the first facet. As we begin to map the applications to the JeOS images, we'll add language support as necessary.

3. Steps in Producing Experimental JeOS Images

We're treating the creation of our initial JeOS images in two steps:

  1. Identify reduced set of packages based on application needs and other requirements
  2. Translate the desired package list into an installed VM image

3.1 Identifying Package List of Interest

Our approach of identifying the packages of interest is pretty basic. As part of his EC2 investigation, Rudolf Kutina already had a dream list of a pretty reduced set of packages for OpenSolaris. Using this list as a starting point, we're tweaking it to align with our requirements for this series of JeOS images. We recognize that the dependencies already specified between packages will have a large bearing on which packages ultimately must be installed in these images.

3.2 Translating List of Packages into VM Image

We're addressing the creation of the initial set of reduced images on two steps:

  1. Using Live CD as Starting Point
  2. Migrating to Automated Installer

3.2.1 Using Live CD as Starting Point

In support of our WebSynergy VM images, we're initially taking the brute force method of addressing both stages to producing a JeOS of OpenSolaris. Since the OpenSolaris live CDs are already a readily available form of a JeOS for OpenSolaris, albeit for desktop use, we've started with a live CD installation of OpenSolaris 2008.05 Build 98 and have identified the packages to exclude based on our application requirements. Next, we're writing scripts to remove the excluded packages from the installation. We will update these scripts and regenerate our baseline JeOS images as successive builds of OpenSolaris are made available.

3.2.2 Migrating to Automated Installer

The Automated Installer project of OpenSolaris will soon release an early form of installation tooling that should enable our project to use a list of desired packages as input and depend on the tooling and package dependencies to deliver a suitably installed image. As soon as it's feasible to do so, we plant to start exercising the automated installer.

4. Package List

4.1 List of Included Packages

The following list is a DRAFT set of packages that we are in the process of tweaking and trying to represent via the live CD-based selective removal method described earlier. The list will evolved based on our experiments.

#
# Core OpenSolaris packages
#
SUNWcakr                       Core Solaris Kernel Architecture
SUNWcakrx                      Core Kernel Architecture i86xpv
SUNWcar                        Core Architecture
SUNWcarx                       Core Architecture i86xpv
SUNWckr                        Core Solaris Kernel
SUNWcnetr                      Core Solaris Network Infrastructure
SUNWcs                         Core Solaris
SUNWcsd                        Core Solaris Devices
SUNWcsl                        Core Solaris, (Shared Libs)
SUNWkvm                        Core Architecture, (Kvm)
#
# Basic Drivers
#
SUNWusbs                       USB generic serial module
SUNWusb                        USB Device Drivers
SUNWrmodr                      Realmode Modules
SUNWrmodu                      Realmode Modules
SUNWpm                         Power Management binaries
#
# Main System Utilities
#
SUNWesu                        Extended System Utilities
SUNWadmr                       System & Network Administration Root
#
# English Language Support
#
SUNWlang-common                language support common components
SUNWlang-en                    English language support
SUNWkey                        Keyboard configuration tables
SUNWloc                        System Localization
#
# Packaging System
#
SUNWipkg                       Image Packaging System
SUNWinstall-libs               System install libraries
#
# ZFS
#
SUNWzfs                        ZFS
SUNWzfskr                      ZFS Kernel
#
# DTrace
#
SUNWDTraceToolkit              DTrace Toolkit
SUNWdtrc                       DTrace Clients
SUNWdtrp                       DTrace Providers
#
# More System stuff
#
SUNWhwdata                     Hardware data files
SUNWidnl                       Internationalized Domain Name Support Library Files
SUNWipf                        IP Filter utilities
SUNWzone                       Solaris Zones
SUNWservicetag                 Service Tags
SUNWfss                        Fair Share Scheduler
SUNWpoold                      Dynamic Resource Pools
SUNWpostrun                    Delayed execution environment for procedural package scripts
SUNWpool                       Resource Pools
SUNWos86r                      Platform Support, OS Functionality
SUNWatfs                       AutoFS
SUNWkey                        Keyboard configuration tables
SUNWmd                         Solaris Volume Manager
SUNWcfcl                       Common Fibre Channel HBA API Library
SUNWcfpl                       fp cfgadm plug-in library
#
# Core Network Services
#
SUNWbip                        Basic IP commands
SUNWbind                       BIND DNS Name server and tools
SUNWntp                        NTP
SUNWnfsc                       Network File System (NFS) client support
SUNWnfsckr                     Network File System (NFS) client kernel support
SUNWsmbfs                      SMB/CIFS File System client support
SUNWsmbfskr                    SMB/CIFS File System client support (Kernel)
SUNWroute                      Network Routing daemons/commands
#
# GNU Libraries and Tools
#
SUNWgccruntime                 GCC Runtime libraries
SUNWgcmn                       gcmn - Common GNU package
SUNWggrp                       ggrep - GNU grep utilities
SUNWgnu-coreutils              coreutils - GNU core utilities
SUNWgnu-diffutils              GNU diffutils
SUNWgnu-which                  GNU which
SUNWgnutls                     GNU transport layer security library
SUNWgpch                       The GNU Patch utility
SUNWgrub                       GNU GRUB - GNU GRand Unified Bootloader
SUNWgtar                       gtar - GNU tar
SUNWgzip                       The GNU Zip (gzip) compression utility
SUNWsfdoc                      GNU and open source documentation
SUNWsfinf                      GNU and open source info pages
SUNWsfman                      GNU and open source man pages
SUNWtexi                       GNU texinfo - Texinfo utilities (texinfo)
SUNWless                       The GNU pager (less)
SUNWcurl                       The C-URL Wrappers Library
SUNWgnu-idn                    The Internationalized Domains Library
#
# Essential Language Runtimes
#
# Python is required by pkg(5) system
SUNWPython                     The Python interpreter, libraries and utilities
# 
# Tcl/Tk is required by Python
SUNWTcl                        Tcl - Tool Command Language
SUNWTk                         Tk - TCL GUI Toolkit
#
# Miscellaneous Essential Libraries and Tools
#
SUNWlibms                      Math & Microtasking Libraries
SUNWpicl                       PICL Libraries, and Plugin Modules
SUNWpr                         Netscape Portable Runtime
SUNWsmapi                      Storage Management APIs
SUNWtecla                      Tecla command-line editing library
SUNWjss                        Network Security Services for Java (JSS)
SUNWlexpt                      libexpat - XML parser library
SUNWlibC                       Sun Workshop Compilers Bundled libC
SUNWlibgcrypt                  libgcrypt - cryptographic library
SUNWlibgpg-error               Common error codes for GnuPG, libgcrypt
SUNWlibpopt                    Command line parsing library
SUNWlibsasl                    SASL v2
SUNWlibsmbclient               A library that permits applications to manipulate CIFS/SMB network resources
SUNWlxml                       The XML library
SUNWlxsl                       The XSLT library
SUNWopenssl                    OpenSSL Commands
SUNWtls                        Network Security Services
SUNWzlib                       The Zip compression library
SUNWgss                        GSSAPI V2
SUNWxwrtl                      X Window System & Graphics Runtime Library Links in /usr/lib
#
# User Land Tools
#
SUNWbash                       GNU Bourne-Again shell (bash)
SUNWbzip                       The bzip compression utility
SUNWdoc                        Documentation Tools
SUNWman                        On-Line Manual Pages
SUNWssh                        SSH Client and utilities
SUNWsshcu                      SSH Common
SUNWsshd                       SSH Server
SUNWkrb                        Kerberos version 5 support
SUNWtoo                        Programming Tools
SUNWunzip                      The Info-Zip (unzip) compression utility
SUNWvim                        Vi IMproved
SUNWwget                       wget - GNU wget
SUNWzip                        The Info-Zip (zip) compression utility
SUNWter                        Terminal Information

4.2 Optional Additional Packages

SUNWj6rt                       JDK 6.0 Runtime Env. (1.6.0_04)
# add JDK packages...
SUNWwebmin                     Webmin Web-based Administrative Interface
#
# Perl is required by Webmin (nned to verify whether both core and non-core or just core is required)
SUNWperl584core                Perl 5.8.4 (core)
SUNWperl584usr                 Perl 5.8.4 (non-core)

5. Live CD Approach

...add information about our approach and any scripts we used to achieve the reduced installation when using the live CD as the starting point...

6. Automated Installer Approach

7. References

Reduction of Solaris 10 and OpenSolaris Nevada

Reference Description
Solaris 10 Software Groups Use the "Core" and "Reduced Networking" groups as documented in the Solaris 10 Software Groups manual as a guide when considering which packages to include in and exclude from the reduced image.
Peter Tribble's Solaris 10 docs Reducing Solaris 10 installations.
Rudolf Kutina's Solaris minimalizations for Amazon EC2 Rudolf provides some insight into OpenSolaris Nevada reduction in support of EC2 AMI images. Specially, see the Nevada section on Rudolf's blog.
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact