Creating A Custom Oracle Solaris 11.4 Image
Creating A Custom Oracle Solaris 11.4 Image
Creating A Custom Oracle Solaris 11.4 Image
4
®
Image
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?
ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Référence: E60981
Copyright © 2008, 2018, Oracle et/ou ses affiliés. Tous droits réservés.
Ce logiciel et la documentation qui l'accompagne sont protégés par les lois sur la propriété intellectuelle. Ils sont concédés sous licence et soumis à des restrictions d'utilisation et
de divulgation. Sauf stipulation expresse de votre contrat de licence ou de la loi, vous ne pouvez pas copier, reproduire, traduire, diffuser, modifier, accorder de licence, transmettre,
distribuer, exposer, exécuter, publier ou afficher le logiciel, même partiellement, sous quelque forme et par quelque procédé que ce soit. Par ailleurs, il est interdit de procéder à toute
ingénierie inverse du logiciel, de le désassembler ou de le décompiler, excepté à des fins d'interopérabilité avec des logiciels tiers ou tel que prescrit par la loi.
Les informations fournies dans ce document sont susceptibles de modification sans préavis. Par ailleurs, Oracle Corporation ne garantit pas qu'elles soient exemptes d'erreurs et vous
invite, le cas échéant, à lui en faire part par écrit.
Si ce logiciel, ou la documentation qui l'accompagne, est livré sous licence au Gouvernement des Etats-Unis, ou à quiconque qui aurait souscrit la licence de ce logiciel pour le
compte du Gouvernement des Etats-Unis, la notice suivante s'applique :
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation,
delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental
regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the
hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
Ce logiciel ou matériel a été développé pour un usage général dans le cadre d'applications de gestion des informations. Ce logiciel ou matériel n'est pas conçu ni n'est destiné à être
utilisé dans des applications à risque, notamment dans des applications pouvant causer un risque de dommages corporels. Si vous utilisez ce logiciel ou ce matériel dans le cadre
d'applications dangereuses, il est de votre responsabilité de prendre toutes les mesures de secours, de sauvegarde, de redondance et autres mesures nécessaires à son utilisation dans
des conditions optimales de sécurité. Oracle Corporation et ses affiliés déclinent toute responsabilité quant aux dommages causés par l'utilisation de ce logiciel ou matériel pour des
applications dangereuses.
Oracle et Java sont des marques déposées d'Oracle Corporation et/ou de ses affiliés. Tout autre nom mentionné peut correspondre à des marques appartenant à d'autres propriétaires
qu'Oracle.
Intel et Intel Xeon sont des marques ou des marques déposées d'Intel Corporation. Toutes les marques SPARC sont utilisées sous licence et sont des marques ou des marques
déposées de SPARC International, Inc. AMD, Opteron, le logo AMD et le logo AMD Opteron sont des marques ou des marques déposées d'Advanced Micro Devices. UNIX est une
marque déposée de The Open Group.
Ce logiciel ou matériel et la documentation qui l'accompagne peuvent fournir des informations ou des liens donnant accès à des contenus, des produits et des services émanant de
tiers. Oracle Corporation et ses affiliés déclinent toute responsabilité ou garantie expresse quant aux contenus, produits ou services émanant de tiers, sauf mention contraire stipulée
dans un contrat entre vous et Oracle. En aucun cas, Oracle Corporation et ses affiliés ne sauraient être tenus pour responsables des pertes subies, des coûts occasionnés ou des
dommages causés par l'accès à des contenus, produits ou services tiers, ou à leur utilisation, sauf mention contraire stipulée dans un contrat entre vous et Oracle.
Accès aux services de support Oracle
Les clients Oracle qui ont souscrit un contrat de support ont accès au support électronique via My Oracle Support. Pour plus d'informations, visitez le site http://www.oracle.com/
pls/topic/lookup?ctx=acc&id=info ou le site http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs si vous êtes malentendant.
Contents
Index .................................................................................................................. 29
5
6 Creating a Custom Oracle Solaris 11.4 Image • August 2018
Using This Documentation
■ Overview – Describes how to build custom Oracle Solaris installation packages using the
distribution constructor tool
■ Audience – Technicians, system administrators, and authorized service providers
■ Required knowledge – Experience administering an Oracle Solaris system
Feedback
Provide feedback about this documentation at http://www.oracle.com/goto/docfeedback.
System administrators and application developers can use the distribution constructor tool to
build custom Oracle® Solaris installation images. This chapter covers the following topics:
Depending on the image configuration, ISO or USB images can be bootable. An ISO image can
be burned to a CD or DVD while a USB image can be copied to a flash drive.
To copy the USB image to a USB flash drive, you use either the usbcopy command, which is
available in the distribution-constructor package, or the dd command.
You can create the following types of Oracle Solaris images:
■ Oracle Solaris x86 or SPARC Text Installation Image – For use when installing Oracle
Solaris with the text installer.
See Manually Installing an Oracle Solaris 11.4 System.
■ x86 or SPARC ISO Image for Automated Installations – For use when installing Oracle
Solaris with automated installer (AI).
See Automatically Installing Oracle Solaris 11.4 Systems.
All the fields in each DC manifest file provide preset default values that will create the type of
image you need. You can edit fields in the manifest file to further customize the resulting image.
You can also create custom scripts to modify your installation image. Then, you add
checkpoints to the manifest to run these custom scripts. Checkpoints enable you to stop and
start the image building process for purposes of debugging. At the end of the process, a simple
log file and a detailed log file are generated.
The following list shows some of the profiles that need to be assigned to you to work on
manifests and building and installing these images.
■ Install Client Management enables you to install Oracle Solaris on client systems.
■ Install Manifest Management enables you to create or configure manifests to customize the
installation.
■ Install Profile Management enables you to create and configure system configuration
profiles to customize the installation.
Some profiles are supersets of a combination of profiles. For example, the Install Service
Management profile contains the three profiles in the previous list.
The list of required profiles expands if you perform additional tasks that might be indirectly
connected to your current one, such as network configuration or zone configuration.
An administrator that has the solaris.delegate.* authorization can assign the necessary
profiles to users to enable them to perform administrative tasks in Oracle Solaris.
For example, an administrator assigns the Install Service Management rights profile to user
jdoe. Before jdoe executes a privileged installation command, jdoe must be in a profile shell.
The shell can be created by issuing the pfbash command. Or, jdoe can combine pfexec with
every privilege command that is issued, such as pfexec installadm.
Suppose that a role installadmin is created with the profiles for installation as well as for zone
creation and configuration. User jdoe can issue the su command to assume that role. All roles
automatically get pfbash as the default shell.
For more information about rights profiles, see “Using Your Assigned Administrative Rights”
in Securing Users and Processes in Oracle Solaris 11.4.
This chapter provides system requirements for building images and describes how to design
a custom installation image by creating a DC manifest and scripts. It includes the following
topics:
Note - To create and install custom images, and to run commands documented here, ensure that
you have the correct profiles. See “About Rights Profiles in Oracle Solaris” on page 10.
All the fields in each DC manifest file contain default values for the type of ISO image you
need. You can manually edit these preset fields or replicate elements to further customize the
image.
DC manifests contain the following primary elements:
■ distro – name of the image.
■ boot_mods – editable boot menu options.
■ target – ZFS dataset that will hold the installation image when it is created.
■ software – publisher for both the installation image and the install client, as well as the
packages to be installed or uninstalled.
■ execution – checkpoints for actions to be performed during the image building process.
You can also add your own checkpoints.
In certain sections of the manifests, elements are defined twice to provide you with alternative
attribute configurations. The alternative definitions are inside comment marks. To use the
alternative option, you remove the comment marks and set the correct values to the attributes.
See the example in “Providing the Image Title” on page 15.
Note - Do not edit the original sample file directly. Instead, as best practice, make a copy of
the file you want to use. Revise its contents and then specify it with the command to build the
image.
Tip - To facilitate understanding the next sections, have a copy of a sample manifest open to
serve as reference.
The add_timestamp attribute determines whether a time stamp is appended to the image name.
It enables you to retain a series of builds of the same image.
A second distro name definition inside comment marks enables you to specify an HTTP
proxy. To use, remove the comment marks and then provide the proxy location. Then, remove
the first option.
In Oracle Solaris 11.4, long image names are truncated to 32 characters at the end of the
process.
In the following example, a specialized boot menu with the title boot1 is applied to the image.
Based on timeout, the default boot entry is automatically activated within 5 seconds.
You can add individual boot menu entries by using boot_entry sub-elements. For boot entry
attributes, title_suffix is required, while the following are optional:
■ default_entry – sets the boot entry to be the default entry. This attribute is normally set to
false.
■ insert_at – determines the entry's position on the menu list: at the beginning if set to
start or at the end if set to end. By default, a new entry is added at the end of the list.
The following example shows a boot_entry configuration. The entry will be inserted at the end
of the menu list. Also, the entry is not designated to be the default entry.
The arguments variable refers to kernel settings that are passed to the kernel by the boot loader.
Note - The file system name should not include the name of the zpool.
<target>
<logical>
<zpool action="use_existing" name="rpool">
<dataset>
<filesystem name="dc/sample-dataset-location"
action="preserve"/>
</dataset>
</zpool>
</logical>
</target>
Software and package parameters are defined under the following heading:
To specify publisher information such as name, origin, and mirror settings, look for the source
element. You can specify multiple publishers, as shown in the example.
The source element is followed by software_data where you add the names of packages to
form the installed image. You can add multiple packages as needed.
By default, the most current package version available in the specified repository is installed. If
you want to install a different version, append the version number to the package reference.
The following example shows how publishers and packages are defined in the manifest:
To specify the default publisher to be set on the system after it has been installed, configure the
elements under the following heading:
Here you can add not only the name of the default publisher, but also any mirror information.
Note that other than publisher information, you would rarely configure other elements under
this heading.
Checkpoints are executed in the order in which they are listed under the execution element.
During the image construction process, the checkpoints modify the contents of the build area
that is specified in the manifest.
The build area consists of a pkg_image directory and a boot_archive directory. The contents
of the final image are added to the pkg_image directory. The files in the separate boot_archive
directory are used during the build process to create a boot archive file, which is also then added
to the pkg_image directory.
transfer-ips-install boot-setup
set-ips-attributes pkg-img-mod
pre-pkg-img-mod create-iso
ba-init create-usb
ba-config checksums
ba-arch
Each checkpoint element includes the mod-path attribute that specifies where the checkpoint
script is located.
The following checkpoint example from the dc_ai_sparc.xml sample manifest creates the
boot archive for the image build and points to a script that will build the image. It also includes
argument fields with specific values provided for each argument.
<checkpoint name="ba-arch"
desc="Boot Archive Archival"
mod_path="solaris_install/distro_const/checkpoints/boot_archive_archive"
checkpoint_class="BootArchiveArchive">
<kwargs>
<arg name="size_pad">0</arg>
<arg name="bytes_per_inode">0</arg>
<arglist name="uncompressed_files">
<argitem>etc/svc/repository.db</argitem>
<argitem>etc/name_to_major</argitem>
<argitem>etc/minor_perm</argitem>
<argitem>etc/driver_aliases</argitem>
<argitem>etc/driver_classes</argitem>
<argitem>etc/path_to_inst</argitem>
<argitem>etc/default/init</argitem>
<argitem>etc/nsswitch.conf</argitem>
<argitem>etc/passwd</argitem>
<argitem>etc/shadow</argitem>
<argitem>etc/inet/hosts</argitem>
</arglist>
</kwargs>
</checkpoint>
As shown in this example, the kwargs element contains keyword arguments that need to be
passed into the checkpoint during the build. Within the kwargs element are arg name elements
that can be used to specify individual keywords to be passed into the checkpoint. The arglist
element contains a list of multiple argitem values to be passed into the checkpoint. This
example includes a list of uncompressed files in the arglist element.
Each kwargs list item is enclosed in double quotes. If no double quotes are used or if one set
of double quotes encloses the entire string, the entire string including spaces and new lines is
interpreted as one argument. Do not use commas between arguments.
If you create a custom script to be used during the building of an image, you must add a
checkpoint element pointing to the script location. The checkpoint for a custom script needs
only an args element that points to the custom script location. For further information and
examples, see “Creating and Using Custom Scripts” on page 21.
In this example, a new checkpoint is added to the manifest. This new checkpoint lists SVR4
packages to be added to the image and their location. This new checkpoint then is referenced in
the execution section.
First, the new checkpoint is created by adding a new software element. This checkpoint
specifies SVR4 as the software type, where to find the packages, and where to install the
packages.
In addition, the specific SVR4 packages to be installed are listed in the software_data element.
</publisher>
</source>
<software_data action="install">
<name>SUNWpackage1</name>
<name>SUNWpackage2</name>
</software_data>
</software>
Finally, the new checkpoint is referenced in the execution section. The checkpoint name can be
any string, but for this example, the checkpoint_class value must be TransferSVR4.
<execution stop_on_error="true">
<checkpoint name="transfer-ips-install"
desc="Transfer pkg contents from IPS"
mod_path="solaris_install/transfer/ips"
checkpoint_class="TransferIPS"/>
<checkpoint name="set-ips-attributes"
desc="Set post-install IPS attributes"
mod_path="solaris_install/transfer/ips"
checkpoint_class="TransferIPS"/>
<checkpoint name="transfer-svr4-install"
desc="Transfer pkg contents from SVR4 packages"
mod_path="solaris_install/transfer/svr4"
checkpoint_class="TransferSVR4"/>
Note that the software name must match the checkpoint name. In this example, both are
“transfer-svr4–install.”
The checksums checkpoint enables users to automatically generate hashes of the media
generated by the distro_const command.
<checkpoint name="checksums"
desc="Checksum calculation for media"
mod_path="solaris_install/distro_const/checkpoints/checksums"
checkpoint_class="Checksums">
<kwargs>
<arglist name="algorithms">
<argitem file_path="/tmp/md5sums.txt">md5</argitem>
<argitem>sha1</argitem>
<argitem>sha224</argitem>
<argitem>sha256</argitem>
<argitem>sha384</argitem>
<argitem>sha512</argitem>
</arglist>
</kwargs>
</checkpoint>
The arglist element includes all of the algorithms that are used to generate hashes for the
generated media. Each argitem specifies an algorithm. The valid algorithms can be determined
by running the /usr/bindigest -l command. Each argitem can have a path attribute that
specifies the absolute path of an additional file that will be appended with the hashes produced
by that algorithm. If no algorithms are specified, the default is md5.
While the image is built, files will be generated for each algorithm containing checksums for
each media.
You can add scripts to further customize the image creation process. These scripts are
referenced in the execution section of the manifest files. You can specify any number of
custom-script checkpoints.
Often custom scripts are used to modify a configuration file or make some other changes that
can not be done using a manifest.
Scripts specified in the execution section of the manifest file are run during the image creation
process. The execution section does not reference pre-install or post-install scripts.
Note - Do not change scripts that are installed from packages. To prevent problems with future
package updates, make any changes in a script you create.
When you create your own custom scripts, note the following:
■ Scripts can be Python programs, shell scripts, or binaries.
■ Scripts are executed in the order in which they are listed in the execution section of the
manifest file.
■ Standard output (stdout) and error output (stderr) of commands executed within
the scripts (both shell and Python modules) are captured in log files that report on the
completed or attempted build.
2. Add the new script to your home directory or elsewhere on the system or
network.
Make sure that a user assuming the root role can execute the script.
Note - Use meaningful names for checkpoint names rather than ordinal numbers. If you use
numbers, adding new checkpoints for new scripts will disrupt the numbered checkpoint order.
<checkpoint name="my-script"
desc="my new script"
mod_path="solaris_install/distro_const/checkpoints/custom_script"
checkpoint_class="CustomScript">
<args>/tmp/myscript.sh</args>
</checkpoint>
5. (Optional) After the build is complete, view the log file for the build process.
The build output displays the location of the log files.
In the following example, the image directory path is used as an argument to myscript.sh.
<checkpoint name="my-script"
desc="my new script"
mod_path="solaris_install/distro_const/checkpoints/custom_script"
checkpoint_class="CustomScript">
<args>/tmp/myscript.sh {PKG_IMAGE_PATH}</args>
</checkpoint>
The following script will set the password for the solaris user which can be used to access an
install client during the installation process.
<checkpoint name="set-ips-attributes"
desc="Set post-install IPS attributes"
mod_path="solaris_install/transfer/ips"
checkpoint_class="TransferIPS"/>
</checkpoint>
<checkpoint name="solaris-password"
desc="Set the password for the solaris account used during the installation
process"
mod_path="solaris_install/distro_const/checkpoints/custom_script"
checkpoint_class="CustomScript">
<args>sed 's/solaris:.[^:]*:/solaris:string:/g' {PKG_IMAGE_PATH}/etc/shadow
> {PKG_IMAGE_PATH}/etc/shadow.new; cp {PKG_IMAGE_PATH}/etc/shadow.new
{PKG_IMAGE_PATH}/etc/shadow; rm {PKG_IMAGE_PATH}/etc/shadow.new</args>
</checkpoint>
<checkpoint name="pre-pkg-img-mod"
Building an Image
After you have set up the manifest file that you plan to use and, if desired, customized the
finalizer scripts, you are ready to build an image by running the distro_const command.
In this sample command output, an X in the resumable field indicates that you can
restart the build from this checkpoint.
Note - You can combine the pause and resume options in a build command.
A checkpoint_class attribute, 19
action=install manifest attribute checksums checkpoint, 20
in software_data element, 17 custom DC scripts and, 19
add_timestamp attribute definition of, 10
in distro manifest element, 15 fields in, 18
adding naming, 22
checkpoints, 18 transfer-svr4-install checkpoint, 19
SVR4 packages to installation image, 19 using to build an image in stages, 26
timestamp to build file name, 15 using to install SVR4 packages, 19
administrator privileges See installation privileges using to reference custom scripts during a build, 21
automated installation checksums checkpoint
creating an ISO image for, 9 in software element, 20
commands
distro_const command, 25
B usbcopy command, 9
boot menu custom DC scripts
modifying, 15 checkpoints and, 19
boot_entry manifest element, 16 creating and using, 21
boot_mods manifest element, 15 environment variables in, 23
build checkpoints including in a manifest, 23
modifying, 18 customizing See modifying
building installation images
in stages, 26
overview, 25 D
system requirements, 13 dataset attribute
in target manifest element, 16
DC custom scripts See custom DC scripts
C default boot entry
checkpoint manifest element, 18 timeout, 15
checkpoint_class attribute distribution constructor
in checkpoint element, 19 overview, 9
checkpoints distro manifest element, 15
adding, 18 distro_const command
29
Index
E
environment variables K
in custom DC scripts, 23 kernel_args attribute
execution manifest element, 18 in boot_entry manifest element, 16
kwargs element
in checkpoint manifest element, 18
F
flash memory devices
USB installation images and, 9 L
-l option
distro_const command, 26
location
H
for installation images, 16
hash algorithms
selecting, 20
http_proxy attribute
M
in distro manifest element, 15
manifest elements
boot_entry, 16
boot_mods, 15
I checkpoint, 18
image title distro, 15
modifying, 15 execution, 18
Install Service Management profile, 10
kwargs, 18
installation images
list of, 14
adding
publisher, 17
SVR4 packages, 19
building, 25 software, 17
in stages, 26 software_data, 17
overview, 10 source, 17
system requirements, 13 target, 16
dataset, 16 manifest files
differences between ISO and USB, 9 definition of, 10
ISO, 9 environment variables, 14
location for, 16 modifying, 14
modifying by using manifest files, 13 samples, 14
modifying by using scripts, 21 mirror attribute
naming, 15 in source manifest element, 17
types, 9 mod_path attribute
USB, 9 in checkpoint manifest element, 18
modifying S
boot menu, 15 sample manifest files, 14
build checkpoints, 18 scripts See custom DC scripts
image title, 15 set-ips-attributes attribute
installation images by using manifest files, 13 in software element, 17
installation images by using scripts, 21 software manifest element, 17
manifest files, 14 software_data manifest element, 17
package list, 17 source manifest element, 17
publisher for installed system, 17 SVR4 packages
publisher to use during build, 17 adding to installation image, 19
target, 16 system requirements for building images, 13
N T
name attribute target
in distro manifest element, 15 modifying, 16
naming target manifest element, 16
checkpoints, 22 text installation
installation image, 15 creating an ISO image for, 9
timeount attribute
in boot_mods manifest element, 15
O timestamp
origin attribute adding to build file name, 15
in source manifest element, 17 title attribute
in boot_mods manifest element, 15
title_suffix attribute
P in boot_entry manifest element, 16
packages transfer-ips-install attribute
specifying publisher for, 17 in software element, 17
to install, 17 transfer-svr4-install checkpoint
pause option in software element, 19
distro_const command, 26
pfbash shell, 10
publisher U
modifying for installed system, 17 USB installation images, 9
publisher attribute usbcopy command
in source manifest element, 17 flash memory devices and, 9
R Z
resume option zpool attribute
distro_const command, 26 in target manifest element, 16
31
32 Creating a Custom Oracle Solaris 11.4 Image • August 2018