Friday, August 03, 2007

Installing CoolStack on Solaris and creating the SMF manifests.

Installing the AMP stack from Sun CoolStack 1.1 Solaris and writing the SMF manifests:

To cover all aspects, make sure you read the SMF QuickStart Guide and the SMF Blueprint.
Part I: CSKapache2

Create the Apache start method: /lib/svc/method/http-CSKapache2


#!/sbin/sh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "@(#)http-apache2 1.4 06/03/18 SMI"
#

. /lib/svc/share/smf_include.sh

APACHE_HOME=/opt/coolstack/apache2
CONF_FILE=/opt/coolstack/apache2/conf/httpd.conf
PIDFILE=/var/apache2/run/httpd.pid

[ ! -f ${CONF_FILE} ] && exit $SMF_EXIT_ERR_CONFIG

case "$1" in
start)
/bin/rm -f ${PIDFILE}
/bin/mkdir -p /var/run/apache2
ssl=`svcprop -p httpd/ssl svc:/network/http:apache2`
if [ "$ssl" = false ]; then
cmd="start"
else
cmd="startssl"
fi
;;
refresh)
cmd="graceful"
;;
stop)
cmd="stop"
;;
*)
echo "Usage: $0 {start|stop|refresh}"
exit 1
;;
esac

exec ${APACHE_HOME}/bin/apachectl $cmd 2>&1

Set the execute bit for the start method:


# chmod +x /lib/svc/method/http-CSKapache2


Create the Apache SMF manifest: /var/svc/manifest/network/http-CSKapache2.xml


<?xml version="1.0"?>
<!--
CDDL HEADER START

The contents of this file are subject to the terms of the
Common Development and Distribution License (the "License").
You may not use this file except in compliance with the License.

You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
or http://www.opensolaris.org/os/licensing.
See the License for the specific language governing permissions
and limitations under the License.

When distributing Covered Code, include this CDDL HEADER in each
file and include the License file at usr/src/OPENSOLARIS.LICENSE.
If applicable, add the following below this CDDL HEADER, with the
fields enclosed by brackets "[]" replaced with your own identifying
information: Portions Copyright [yyyy] [name of copyright owner]

CDDL HEADER END
-->

<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
Copyright 2006 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.

ident "@(#)http-apache2.xml 1.6 06/03/18 SMI"
-->

<service_bundle type='manifest' name='CSKapch2r:apache'>

<service
name='network/http'
type='service'
version='1'>

<!--
Because we may have multiple instances of network/http
provided by different implementations, we keep dependencies
and methods within the instance.
-->
<instance name='CSKapache2' enabled='false'>
<!--
Wait for network interfaces to be initialized.
-->
<dependency name='network'
grouping='require_all'
restart_on='error'
type='service'>
<service_fmri value='svc:/milestone/network:default'/>
</dependency>

<!--
Wait for all local filesystems to be mounted.
-->
<dependency name='filesystem-local'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri
value='svc:/system/filesystem/local:default'/>
</dependency>

<!--
Wait for automounting to be available, as we may be
serving data from home directories or other remote
filesystems.
-->
<dependency name='autofs'
grouping='optional_all'
restart_on='error'
type='service'>
<service_fmri
value='svc:/system/filesystem/autofs:default'/>
</dependency>

<exec_method
type='method'
name='start'
exec='/lib/svc/method/http-CSKapache2 start'
timeout_seconds='60' />

<exec_method
type='method'
name='stop'
exec='/lib/svc/method/http-CSKapache2 stop'
timeout_seconds='60' />

<exec_method
type='method'
name='refresh'
exec='/lib/svc/method/http-CSKapache2 refresh'
timeout_seconds='60' />

<property_group name='httpd' type='application'>
<stability value='Evolving' />
<propval name='ssl' type='boolean' value='false' />
</property_group>

<property_group name='startd' type='framework'>
<!-- sub-process core dumps shouldn't restart
session -->
<propval name='ignore_error' type='astring'
value='core,signal' />
</property_group>

</instance>

<stability value='Evolving' />

<template>
<common_name>
<loctext xml:lang='C'>
Apache 2 HTTP server
</loctext>
</common_name>
<documentation>
<manpage title='httpd' section='8'
manpath='/opt/coolstack/apache2/man' />
<doc_link name='apache.org'
uri='http://httpd.apache.org' />
</documentation>
</template>
</service>

</service_bundle>

Now import the SMF service:

# svccfg -v import /var/svc/manifest/network/http-CSKapache2.xml
Minimize service privileges:


# svcprop -v -p start CSKapache2
Increase semaphores for PHP:

# projadd -c "Apache-PHP" -U webservd httpd.php
# projmod -sK "project.max-sem-ids=(privileged,256,deny)" httpd.php
Add it to service configuration:

# svccfg -s http:CSKapache2 setprop start/project = astring: httpd.php
Edit /opt/coolstack/php5/lib/php.ini and enable hardened PHP:

extension="suhosin.so"

Part II: mysql

Install the 64 bit MySQL and follow the notes in the README: /opt/coolstack/mysql/README

  • Initialize the database tables:

    • /opt/coolstack/mysql/bin/mysql_install_db



  • Create mysql user and group and change install directory ownership:

    • # groupadd mysql
      # useradd -g mysql mysql
      # chown -R mysql:mysql /opt/coolstack/mysql/var



  • Add a password for the root user:

    • # /opt/coolstack/mysql/bin/mysqladmin -u root password 'new-password'
      # /opt/coolstack/mysql/bin/mysqladmin -u root -h cmsol password 'new-password'


Create the MySQL start method: /lib/svc/method/CSKmysql:

#!/usr/bin/sh
#
# Method file for MySQL
#
# This uses the MySQL packages from CoolStack 1.1
# CSKmysql
#
# Modify accordingly!
#
# NOTE: Make sure DB_DIR is owned BY the mysql user and group and chmod
# 700.
#

. /lib/svc/share/smf_include.sh

DB_DIR=/site-data0/data
PIDFILE=${DB_DIR}/`/usr/bin/uname -n`.pid

case "$1" in
start)
/opt/coolstack/mysql/bin/mysqld_safe --user=mysql --datadir=${DB_DIR} --pid-file=${PIDFILE} > /dev/null &
;;
stop)
if [ -f ${PIDFILE} ]; then
/usr/bin/pkill mysqld_safe >/dev/null 2>&1
/usr/bin/kill `cat ${PIDFILE}` > /dev/null 2>&1 && echo -n ' mysqld'
fi
;;
'restart')
stop
while pgrep mysqld > /dev/null
do
sleep 1
done
start
;;
*)
echo ""
echo "Usage: `basename $0` { start | stop | restart }"
echo ""
exit 64
;;
esac


Set the execute bit for the start method:


# chmod +x /lib/svc/method/CSKmysql

Create the MySQL SMF manifest: /var/svc/manifest/network/mysql.xml


<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<!--
Manifest for MySQL
-->

<service_bundle type='manifest' name='CSKmysql:mysql'>

<service
name='network/mysql'
type='service'
version='1'>
<create_default_instance enabled='false' />
<single_instance />

<!--
Wait for network interfaces to be initialized.
-->
<dependency name='network'
grouping='require_all'
restart_on='error'
type='service'>
<service_fmri value='svc:/milestone/network:default'/>
</dependency>

<!--
Wait for all local filesystems to be mounted.
-->
<dependency name='filesystem-local'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri
value='svc:/system/filesystem/local:default'/>
</dependency>

<exec_method
type='method'
name='start'
exec='/lib/svc/method/CSKmysql start'
timeout_seconds='60'>
</exec_method>

<exec_method
type='method'
name='stop'
exec='/lib/svc/method/CSKmysql stop'
timeout_seconds='60'>
</exec_method>

<exec_method
type='method'
name='restart'
exec='/lib/svc/method/CSKmysql restart'
timeout_seconds='60'>
</exec_method>

</service>
</service_bundle>


Now import the SMF service:

# svccfg -v import /var/svc/manifest/network/mysql.xml


Now we can start the SMF services:

# svcs -xv CSKapache2

# svcs -xv CSKmysql

# svcadm -v enable CSKapache2

# svcadm -v enable mysql


Using CoolStack in a Solaris Zone:

Move the xml manifests to /var/svc/manifest/site. The zone needs to inherit the manifests too. Then inport them again (see above).

# zonecfg -z coolstack
coolstack: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:coolstack> create
zonecfg:coolstack> set zonepath=/export/home/zones/coolstack
zonecfg:coolstack> set autoboot=true
zonecfg:coolstack> add net
zonecfg:coolstack:net> set address=192.168.21.221
zonecfg:coolstack:net> set physical=bge0
zonecfg:coolstack:net> end
zonecfg:coolstack> add inherit-pkg-dir
zonecfg:coolstack:inherit-pkg-dir> set dir=/opt
zonecfg:coolstack:inherit-pkg-dir> end
zonecfg:coolstack> add inherit-pkg-dir
zonecfg:coolstack:inherit-pkg-dir> set dir=/var/svc/manifest/site
zonecfg:coolstack:inherit-pkg-dir> end
zonecfg:coolstack> verify
zonecfg:coolstack> commit
zonecfg:coolstack> export -f /export/home/cmihai/coolstack-zone.cfg
zonecfg:coolstack>

# zoneadm -z coolstack install

# zoneadm -z coolstack boot

# zlogin -C coolstack

# zlogin coolstack

# svccfg -v import /var/svc/manifest/site/http-CSKapache2.xml
svccfg: Taking "previous" snapshot for svc:/network/http:apache2.
svccfg: Taking "previous" snapshot for svc:/network/http:CSKapache2.
svccfg: Upgrading properties of svc:/network/http according to instance "apache2".
svccfg: svc:/network/http: Upgrading property "tm_man_httpd/manpath".
svccfg: Taking "last-import" snapshot for svc:/network/http:CSKapache2.
svccfg: Refreshed svc:/network/http:CSKapache2.
svccfg: Successful import.
# svccfg -v import /var/svc/manifest/site/mysql.xml
svccfg: Taking "previous" snapshot for svc:/network/mysql:default.
svccfg: Upgrading properties of svc:/network/mysql according to instance "default".
svccfg: Taking "last-import" snapshot for svc:/network/mysql:default.
svccfg: Refreshed svc:/network/mysql:default.
svccfg: Successful import.


0 comments: