OpenSolaris 2009.06 JeOS Prototype VM Image

The OpenSolaris JeOS - Just enough Operating System (pronounced "juice") - virtual machine (VM) image prototype is a reduced footprint, pre-installed form of the OpenSolaris 2009.06 distribution available for a variety of virtualization platforms.  This VM image delivery form complements the existing, desktop-oriented Live Media form of OpenSolaris by providing a text-oriented, headless server installation.  The OpenSolaris JeOS Project is responsible for delivering this image.

The image is primarily geared toward server side application developers who need a lightweight installation of the advanced OpenSolaris operating system as a starting point to build their own application-specific images. Since it's a proper subset of the OpenSolaris distribution delivered by Sun Microsystems, it's easy for developers to build their own custom images by adding and removing packages using the pkg(1) command line interface.

The image is also useful for developers and administrators wanting to easily experience a headless server form of OpenSolaris running on a variety of virtualization platforms.

• Downloads
• Initial Configuration
• Next Steps
• What's New?
• Provide Feedback and Participate
• License Terms

Downloads

Use subject to License Terms

Initial Configuration

Initial Login

are the login credentials for a predefined user that has administrator privileges.

Once you've logged in, consider changing the initial passwords:

$ passwd osol
$ pfexec passwd root

Initial Network Configuration

• Bridged Networking and DHCP by Default: Since the VM template is configured to use bridged networking and DHCP by default, the VM template will attempt to obtain an IP address on your host's network and it will display the IP address on the console during start up.

• Switching to Static IP Address: Refer to the Automated Installer documentation.

• Using NAT: If you prefer to use NAT in VirtualBox and you expect to access your VM from your host's network, see the VirtualBox documentation for additional set up information.

Next Steps

Add your own user account

Add the user: 

$ pfexec useradd -b /export/home -m -s /usr/bin/bash <user>

Assign a password: 

$ pfexec passwd <user>

Provide it with "root" privileges: 

$ pfexec usermod -P'Primary Administrator' <user>

Restart and Shut Down

Shut down:

$ pfexec shutdown -i0 -g0 -y

Restart: 

$ pfexec init 6

Access the VM via SSH

You have several options to enable SSH access to the JeOS VM image.  If you intend to use the JeOS image as means to get familiar with a reduced installation of OpenSolaris, you should consider resetting the SSH configuration.  However, if you are intending to use the JeOS image as part of appliance build automation process, you may find that reusing the initial SSH configuration makes your life easier.

In either case, consider configuring your OS to use a static IP address.

Appliance Builders: Reusing the Built-in SSH Configuration

The JeOS VM image is pre-configured to mount a disk named "instance" during start-up to access initially the configured keys.

1. In the expanded download archive, look for the file named sshvmkeys.virtdisks.zip and expand it.  Look for the instance VM image for your virtualization platform.
2. In your VM configuration, define and attach the instance image.
3. Start your image and note the IP address.  (A script with access to the serial console can scrape the screen for the IP address).
4. From a script or your client terminal, log into the VM instance using the private key in the file sshvmkeydsa.key:

$ssh -2 -i ./sshvmkeydsa.key osol@ip-of-guest

Casual Users: Resetting the SSH Configuration

If you intend to use the OS directly, you can disable the vm-instance service that attempts to load SSH keys from a specially named zpool named "instance":

$ pfexec svcadm disable vm-instance

If you want to remove the vm-instance service:

$ pfexec svccfg delete vm-instance
$ cd /lib/svc/method$ pfexec rm vm-instance
$ cd /var/svc/manifest/site$ pfexec rm vm-instance.xml

Clean up boot parameters only needed by the vm-instance service by editing /rpool/boot/grub/menu.lst to remove {{sshd=enable}} and {{sshd=disable}} boot options that are read by /lib/svc/method/vm-instance.

Lastly, if you want to use password-based SSH authentication, modify /etc/ssh/sshd_config by setting:

PasswordAuthentication yes

And restarting SSH:

$ pfexec svcadm restart ssh

Review OpenSolaris Next Steps After Installation Documentation

Review Next Steps After Installation in the OpenSolaris documentation.

See the OpenSolaris Information Center for an introduction to OpenSolaris.

Install Guest Additions

Refer to the virtualization platform documentation for installation instructions.  Performance of the VM and the ability to support shared folders may be enhanced through the installation of guest additions.

Since the Removable Media Manager depends on Gnome GUI libraries that are not installed in the JeOS image, a script is provided to simplify mounting of ISO images such as those used to deliver VirtualBox Guest Additions:

$ pfexec /sbin/mountisos

Customize Boot Process

If you plan to use the JeOS image directly as a reduced installation of OpenSolaris, you might want to simplify the GRUB configuration and remove the JeOS image-specific startup and login messages.

Remove "Press any key to continue" screen: 

$ pfexec vi /rpool/boot/grub/menu.lst

to comment out the first two lines as indicated in the file.

Pare back boot menu items: 

$ pfexec vi /rpool/boot/grub/menu.lst

to comment out those boot entries that you don't need.

Reduce boot timeout value: 

$ pfexec bootadm set-menu timeout=5

to set the boot time out to 5 seconds.

Customize Console and Login Messages

Customize the system startup and login messages as you see fit:

$ pfexec vi /etc/issue

$ pfexec vi /etc/motd

Change Hostname

See How To.

Experiment With VM Snapshots

Consider using your virtualization platform's snapshot capability to preserve the initial state of your VM and subsequent interesting checkpoints of your VM's configuration.

VirtualBox and Snapshots:

Shut down and power off your OS instance: 

$ pfexec shutdown -i0 -g0 -y

In VirtualBox, click on Snapshots and the camera icon.

Consider Upgrading to the Development Build

If you'd like to upgrade your OS installation to the latest generally available development quality build:

$ pfexec pkg set-publisher -O http://pkg.opensolaris.org/dev opensolaris.org
$ pfexec pkg install SUNWipkg
$ pfexec pkg image-update

Since you may see errors during the upgrade procedure, you should consult the latest upgrade notes prior to upgrading. For example, the OpenSolaris Build 125 Upgrade Notes describe some possible errors.

What's New?

This is the second version of our JeOS prototype of the Sun-managed OpenSolaris distribution.  Changes since the 2008.11 version include:

Auto Installer-based Install Scripts Published

The scripts and files used to generate the base JeOS installation have been published for your reference.  See the project source repository for AI manifests, related install files and supplemental scripts implementing some of the features listed below.

VM Image Assembly Automation Support

SSH With Key-based Authentication

When the JeOS image is used as the basis of an application-specific VM template or appliance, scripted and automated assembly tools and scripts can benefit from having key-based SSH access to a running VM instance such that they can customize the OS instance.  By default, SSH is enabled during startup and access via SSH is limited to public/private key pairs.

To allow automatic loading of a set of predefined authorized keys, you must attach additional virtual disk with zpool named 'instance' to your VM.  This zpool will be read automatically on system boot by the SMF service 'vm-instance'.

A sample of a zpool 'instance' along with instructions is included in the JeOS download archive.  This example will help you understand how you can start the JeOS image with SSH daemon disabled so you can safely regenerate yours new SSH keys and edit default instance data.

For x86-based systems, you can use GRUB menu to start the system with sshd either enabled (default) or disabled:

[OpenSolaris 2009.06 x86 JeOS Prototype (Auto 32 or 64 bit) -SSH]
[OpenSolaris 2009.06 x86 JeOS Prototype (Auto 32 or 64 bit) -SSH]

For SPARC-based systems, use the following boot procedures:

'ok boot disk - sshd=enable'
'ok boot disk - sshd=disable'

x86 Serial Access in GRUB Menu

On x86 platforms, your VM image assembly scripts can control the GRUB boot selection and SSH login via serial port access.  This feature has been demonstrated with the VirtualBox Headless Mode serial access, but it can also be useful for full login automation on other virtualization platforms. On boot you will see on the console:

"Press any key to continue"

At this stage, your assembly script can issue a "press key" on the serial console and select one of the \+SERIAL GRUB boot options to enable further serial access for login from your script.

[OpenSolaris 2009.06 x86 JeOS Prototype (AutoArch)  +SERIAL +SSH]
[OpenSolaris 2009.06 x86 JeOS Prototype (AutoArch)  +SERIAL -SSH]

Hardened Installation

The process by which the JeOS image is built now follows certain recommendations from the Center for Internet Security (CIS).  The JeOS image build process uses the portion of the Immutable Service Containers (ISC) project's tools applicable to a global zone to implement some of the recommendations outlined in the document OpenSolaris Security Hardening.

Additional Boot Options

Several boot options are included to address requirements or constraints of several virtualization platforms:

Disable IDE DMA

IDE DMA is not needed on slower hosts when IDE disk is used in platforms such as Qemu and Parallels.

[OpenSolaris 2009.06 x86 JeOS Prototype (AutoArch) -IDE DMA +SSH]

Force 32-bit Boot

Under some circumstances you may need to run OpenSolaris in 32-bit mode on 64-bit hosts.

[OpenSolaris 2009.06 x86 JeOS Prototype (Force 32 bit Boot) +SSH]

NWAM Notification Script

When the Network Auto Magic facility obtains an IP address from DHCP, the IP address, SSH key and sshd daemon status are displayed on the console.  The IP address is also recorded in the file {{/.nwamhasip}}. This information can help with detection if network is already set up on the booted JeOS instance.

IP: 129.120.11.120, Got SSH key OK, sshd online

Convenience Script to Mount ISO Images

Since the Removable Media Manager depends on Gnome GUI libraries that are not installed in the JeOS image, a script is provided to simplify mounting of ISO images:

$ pfexec /sbin/mountisos

Changes in Pre-installed Packages

• Removed relatively large 'vim' package and added much smaller 'nano' package. If and when the vim package is significantly reduced in size in the future, then it might make sense to pre-install it.
• Additional Python-related packages are pre-installed to support new dependencies of the pkg(5) system.
• GNU info pages component was removed.  Existing GNU man pages are sufficient to address pre-installed components.
• The Java Runtime Environment (JRE) and Ruby packages are no longer pre-installed.  These components had been included in the 2008.11 JeOS iteration to help support use of the image in the Amazon EC2 environment.  Since a post install customization step is already needed to prep the JeOS image for EC2, these packages can be easily installed from the OpenSolaris package repository.

Provide Feedback and Participate

Share your feedback on the image by sending a message to:

jeos-discuss AT opensolaris.org

Archives and mailing list sign-up forms are also available.

You can find out more information about the OpenSolaris JeOS project at the project web site.

License Terms