Running SAP's Java Gui on OpenSolaris (sort of)

Finally - you have switched your desktop system to OpenSolaris.

Now, you still want to be able to connect to your SAP systems. A quick check on ftp://ftp.sap.com shows that there is no GUI available for Solaris x86. What options do you have?

First of all, you could install a supported OS and the corresponding SAP GUI inside a VirtualBox VM (http://virtualbox.org). I won't go any further into this, since this is a no-brainer.

Then there's the Solaris feature called „Branded Zones". Here's a short description of the capabilities of a Linux branded zone, taken from http://opensolaris.org/os/community/brandz/: „The lx brand enables Linux binary applications to run unmodified on Solaris, within zones running a complete Linux userspace." Sounds like a good fit for this little project.

The one big advantage I see with a branded zone vs. other virtualization approaches is resource consumption.
Here's the output of „prstat -Z" with a freshly booted linux-zone named „lxzone":

ZONEID    NPROC  SWAP   RSS MEMORY      TIME  CPU ZONE
     0      109  862M  948M    23%   0:53:03 9.2% global
     8       13 9996K 9664K   0.2%   0:00:00 0.0% lxzone

Wow. A mere 10M of RAM needed (with no application running yet, of course). Try that with Hyper-Virtual-Anything-Boxware.

OK, let's go.

Prepare the global zone

In order to run the Java GUI from an lx zone, your X server has to allow remote clients. The preferred way – least effort, best security – is to utilize ssh's X11 forwarding capability. X11 forwarding is enabled with the -X option.

When not using ssh (e.g. because you logged into the zone with zlogin), you may have to modify your X server's settings to accept remote client connections.
If Xorg is started with -nolisten tcp (check with ps -ef), here's what you have to do:

# svccfg
svc:> select /application/x11/x11-server
svc:/application/x11/x11-server> setprop options/tcp_listen=true
svc:/application/x11/x11-server> quit

After this change, log out and restart X with <ctrl>-<alt>-<backspace>

Next, you have to allow your X clients to connect to the X server. This can be as easy as typing xhost + in a terminal window, but for some degree of security, only known hosts should be allowed. I automated this task by creating two files.

The first one is a Gnome-autostart-script, i.e. it is automatically run each time I log into my system:

aperkons@global:/export/home/aperkons $ cat .config/autostart/xhost.desktop
[Desktop Entry]
Type=Application
Name=No name
Encoding=UTF-8
Version=1.0
Exec=/export/home/aperkons/scripts/xhost.sh
X-GNOME-Autostart-enabled=true

The second script does the real work. It contains one line for each allowed client:

aperkons@global:/export/home/aperkons $ cat scripts/xhost.sh
xhost lxzone
(...)

Being too lazy to always update xhost.sh when I create a new zone, I came up with a solution that better fits my needs. The new and improved xhost.sh scans /etc/inet/hosts for a token ("@X+") placed there for each allowed host:

aperkons@global:/export/home/aperkons $ cat scripts/xhost.sh
# Automatically allow all marked systems
nawk '{ if ($NF=="@X+") system ("xhost "$1"") }' /etc/inet/hosts

My hosts-file contains entries like these:

aperkons@global:/export/home/aperkons $ grep "@X+" /etc/inet/hosts
(...)
192.168.254.6	lxzone		# lx26 branded zone		@X+
(...)

Which GUI version?

Java GUIs up to and including version 6.40rx run perfectly fine on a Linux 2.4 kernel.

Java GUIs 7.00 are linked to a newer version of glibc than what the lx-brand provides (glibc 2.3.2). The solution here is to run the GUI in an lx26-branded zone. Dubbed „experimental", lx26 branded zones provide Linux 2.6 kernel emulation support. There are quite a lot of known issues, and a lot of applications that do not work in an lx26-branded zone, but JavaGUI is not one of them.

Networking

Personally, I prefer running my zones with fixed addresses in a separate network segment that is internal to my laptop. This way, only one OS is exposed to the outside world. Communication from the zone running the GUI to the outside world happens via a saprouter running in the global zone.
As an added bonus, you don't have to worry about DHCP changing the ip address on the primary network interface.

The internal network is set up with a runlevel-script. In this example, all zones live in the 192.168.254.0/24 subnet. The global zone is reachable via 192.168.254.1.

root@global:/ # cat /etc/rc3.d/S90zonegw
#!/bin/sh
case $1 in
   'start') ifconfig bge0 addif 192.168.254.1;;
esac

The saprouter is started with a runlevel-script as well. Here's an example script with the corresponding saprouttab:

root@global:/ # cat /etc/rc3.d/S91saprouter
#!/bin/sh
SAPROUTER=/usr/local/bin/saprouter
LIBPATH=/usr/local/lib
START="-r -R /usr/local/etc/saprouttab -T /tmp/dev_rout"
STOP="-s"
case $1 in
   'start') LD_LIBRARY_PATH=$LIBPATH $SAPROUTER $START &;;
   'stop') LD_LIBRARY_PATH=$LIBPATH $SAPROUTER $STOP;;
esac

root@global/ # cat /usr/local/etc/saprouttab
P 192.168.254.* * *

Installing the zone

An lx branded zone can be installed directly from an ISO image, a CD/DVD or from a tarball. Out-of-the-box supported Linux-releases are Centos3.[5-8] and RedHat3.[5-8]. Other Linux-releases based on kernel 2.4 may or may not work. In this example, I used Centos 3.9 (http://centos.org).

See http://opensolaris.org/os/community/brandz/install/ for detailed instructions on how to install an lx-branded zone. Some caveats before installing Centos 3.9 from DVD or ISO image:

  • Create a file named centos39.distro by copying /usr/lib/brands/lx/distros/centos38.distro and modify two lines in the file:
    • distro_serial=1183481702.842473
    • distro_version="3.9"
  • modify /usr/lib/brands/lx/distros/rhel_centos_common (do I have to mention to create a backup copy of the original file?), removing the following 7 package entries:
    • Glide3 gettext glibc-headers glibc-kernheaders indexhtml lynx units

If you do not plan on using the lx zone for other purposes, the „core" cluster is sufficient and uses the least diskspace. Just make sure to install the packages

  • compat-libstdc++-7.3-2.96.128.i386.rpm and
  • XFree86-xauth-4.3.0-122.EL.i386.rpm

after successful installation of the zone. Alternatively, add „compat-libstdc++" and "XFree86-xauth" to the „common_core_rpms"-section in /usr/lib/brands/lx/distros/rhel_centos_common before installing the zone.

For an lx26 branded zone, we need to take a small detour, since the installation from DVD or ISO images is not supported. If you do not have a Linux system available, install one in a VirtualBox VM. I used Centos 5.3, and created a tarball as described on http://opensolaris.org/os/community/brandz/todo/linux_2_6/

As with Centos3, the „core" installation is sufficient. Just make sure the following packages are installed as well (actual versions on „my" Centos5-ISO):

  • libXp (libXp-1.0.0-8.1.el5.i386.rpm)
  • libXpm (libXpm-3.5.5-3.i386.rpm)
  • libXtst (libXtst-1.0.1-3.1.i386.rpm)
  • libXmu (libXmu-1.0.2-5.i386.rpm)
  • xauth (xorg-x11-xauth-1.0.1-2.1.i386.rpm)

Next steps, common to both lx- and lx26-zones

X11 forwarding. Check that the sshd in the Linux zone allows X11 forwarding:

root@lxzone:/ # grep "^X11Forwarding" /etc/ssh/sshd_config 
X11Forwarding yes

Install a JRE, available from http://java.sun.com (http://java.sun.com/javase/downloads/index.jsp). You want the „Linux" (=32 bit) version. JRE 1.6 works just fine.

There are two downloads (pick one): The one without „rpm" in its file name just unpacks the JRE in the current working directory. The other download unpacks an rpm-package and installs it with – you guessed it – rpm in /usr/java/jre<version>

When installing the rpm-package, ignore the scriptlet error (error: %post(jre-1.6.0_13-fcs) scriptlet failed, exit status 4). That's from a post-install-scriptlet trying to activate some kernel feature that's obviously not available within a branded zone.

Install the Java GUI. Assuming you placed the jar-file in the zone's /tmp-directory, just set the DISPLAY-variable if necessary and start the installation:

root@lxzone:/tmp # [ -z "$DISPLAY" ] && export DISPLAY=192.168.254.1:0
root@lxzone:/tmp # /usr/java/jre1.6.0_13/bin/java -jar PlatinGUI-Linux-<version>.jar

Create a user ("javaguy") that is going to run the Java GUI. Add two lines to javaguy's .bashrc:

[ -z "$DISPLAY" ] && export DISPLAY=192.168.254.1:0
export PLATIN_JAVA=/usr/java/jre1.6.0_13/bin/java

That's it. Now you can log in to the zone as javaguy and run the Java GUI. Enjoy.

.

.

.

That's it?

Wouldn't it be nice to be able to start the GUI from the global zone, preferrably without keyboard interaction (i.e. by doubleclicking an icon sitting on the desktop)?

OK, here's a short how-to:

  1. set the zone's „autoboot"-property to „true". Remember? Almost no resource consumption when idle.
root@global:/root # zonecfg -z lxzone "set autoboot=true"

2.  allow passwordless ssh-connects to javaguy in zone lxzone

  • create ssh-keys for javaguy in zone lxzone
javaguy@lxzone ~ $ ssh-keygen -t dsa -N ''
Generating public/private dsa key pair.
Enter file in which to save the key (/home/javaguy/.ssh/id_dsa):
Created directory '/home/javaguy/.ssh'.
Your identification has been saved in /home/javaguy/.ssh/id_dsa.
Your public key has been saved in /home/javaguy/.ssh/id_dsa.pub.
The key fingerprint is:
56:7f:4e:22:6a:47:da:7f:7f:4f:b4:c4:9f:7f:a4:ad javaguy@lxzone
  • add the desktop user's public key to javaguy's authorized key file (if necessary, create the key with ssh-keygen as shown above)
root@global:/ # cp /export/home/aperkons/.ssh/id_dsa.pub \
  /zones/lxzone/root/home/javagui/.ssh/authorized_keys
  • test the connection
aperkons@global:/export/home/aperkons $ ssh -X javaguy@lxzone hostname
The authenticity of host 'lxzone (192.168.254.6)' can't be established.
RSA key fingerprint is c9:f0:7f:1b:ef:5d:99:38:fd:69:45:b0:45:67:13:75.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'lxzone,192.168.254.6' (RSA) to the list of known hosts.
/usr/bin/xauth:  creating new authority file /home/javaguy/.Xauthority
lxzone

3.  create a launcher on the desktop. With Java GUI 7.0, SAP even provides some nice icons (located in the inst-subdirecory). I copied one of those to my home directory.

The launcher description file:

aperkons@global:/export/home/aperkons $ cat Desktop/SAP\ GUI.desktop
[Desktop Entry]
Version=1.0
Encoding=UTF-8
Name=SAP GUI
Type=Application
Terminal=false
Icon[en_US]=gnome-panel-launcher
Name[en_US]=SAP GUI
Exec=ssh -X javaguy@lxzone /opt/SAPClients/SAPGUI7.10rev8/bin/guilogon
Icon=/export/home/aperkons/guilogon.png

Here's a screenshot with my brand new SAPGUI for Java. The Launcher is the second icon from the top left. I'm now gonna change the desktop background back to the original one...

Labels

rss rss Delete
sap sap Delete
solaris solaris Delete
howto howto Delete
sapgui sapgui Delete
opensolaris opensolaris Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact