Re: [zones-discuss] Solaris 8 Zones Cleanup
well, certainly you could remove packages, but why bother. disk space is cheap. ed On Wed, Jan 21, 2009 at 07:20:31PM +0100, Bernd Schemmer wrote: Hi, we successfully installed some Solaris 8 zones and I'm wondering if I should delete some of the not necessary packages from the Solaris 8 Zones. I already removed the Veritas packages (VxVM, VxFS, and some VCS packages) Should I also delete some of the plain Solaris 8 packages that are not usable in Solaris 8 Zones? There's not much information about configuring Solaris 8 zones on the Sun Website regards Bernd -- Bernd Schemmer, Frankfurt am Main, Germany http://home.arcor.de/bnsmb/index.html M s temprano que tarde el mundo cambiar . Fidel Castro ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Solaris 8 Zones Cleanup
Ed, well, certainly you could remove packages, but why bother. disk space is cheap. Not SAN ... but I don't care about the diskspace -- I was only thinking it might be useful/recommended to do so. regards Bernd Edward Pilatowicz wrote: well, certainly you could remove packages, but why bother. disk space is cheap. ed On Wed, Jan 21, 2009 at 07:20:31PM +0100, Bernd Schemmer wrote: Hi, we successfully installed some Solaris 8 zones and I'm wondering if I should delete some of the not necessary packages from the Solaris 8 Zones. I already removed the Veritas packages (VxVM, VxFS, and some VCS packages) Should I also delete some of the plain Solaris 8 packages that are not usable in Solaris 8 Zones? There's not much information about configuring Solaris 8 zones on the Sun Website regards Bernd -- Bernd Schemmer, Frankfurt am Main, Germany http://home.arcor.de/bnsmb/index.html M s temprano que tarde el mundo cambiar . Fidel Castro ___ zones-discuss mailing list zones-discuss@opensolaris.org -- Bernd Schemmer, Frankfurt am Main, Germany http://home.arcor.de/bnsmb/index.html M s temprano que tarde el mundo cambiar . Fidel Castro ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Solaris 8 Zones Cleanup
Bernd Schemmer wrote: Ed, well, certainly you could remove packages, but why bother. disk space is cheap. Not SAN ... but I don't care about the diskspace -- I was only thinking it might be useful/recommended to do so. The vx* pkgs probably can be removed without a problem. I wouldn't remove anything else unless you know what you're doing. The other pkgs you might want to remove are likely required to fulfill pkg dependencies if you want to install extra software. There are no recommendations since you don't have to do anything. Even for the vx* pkgs, you can leave those in place and the brand software will properly work around those. Jerry ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Solaris 8 Zones Cleanup
Fredrich Maney wrote: On Wed, Jan 21, 2009 at 2:27 PM, Edward Pilatowicz edward.pilatow...@sun.com wrote: well, certainly you could remove packages, but why bother. disk space is cheap. ed For the same reasons that you don't install unneeded packages in the first place: security, stability and space. Thats really not the focus of the s8 branded zone. If you're going to spend a lot of time tuning up the zone, then you'd probably be better served spending that time getting your software stack running in a native s10 zone. The s8 brand is really intended to help with consolidating unsupported, legacy software stacks onto newer hardware. If you have a lot of time to spend on each stack, then why spend it on something thats obsolete? Of course, nothing is stopping you from doing this though. Jerry ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Solaris 8 Zones Cleanup
On Wed, Jan 21, 2009 at 3:45 PM, Edward Pilatowicz edward.pilatow...@sun.com wrote: On Wed, Jan 21, 2009 at 03:31:05PM -0500, Fredrich Maney wrote: On Wed, Jan 21, 2009 at 2:27 PM, Edward Pilatowicz edward.pilatow...@sun.com wrote: well, certainly you could remove packages, but why bother. disk space is cheap. ed For the same reasons that you don't install unneeded packages in the first place: security, stability and space. imho, most of the time these are false optimizations that are not worth the risk and/or trouble. You are certainly entitled to that view. However, it is far from the only one and is certainly not the a common best practice - common, yes; best, that's up for debate. wrt space, disk space is cheap. i'd also recommend installing your zones on compressed zfs filesystems, which will automatically reduce the space used. As was stated earlier in the thread, disk space isn't always cheap and not all disk is created equally. wrt stability, i don't see how having unused stuff on disk has any impact on stability. it's more likely that removing stuff will reduce stability by accidently removing something you might need in the future. On more than one occasion I've had to spend significant amounts of time rebuilding/resurrecting systems that were corrupted due to patches that were applied for installed, but not used, software. Those patches wouldn't have ever been installed if the unneeded software had never been installed in the first place. wrt security. unless there is some suid binaries in the packages your removing, i don't really see how security is impacted. Have you never seen a buffer overflow of a non-suid binary cause a denial of service? of course it's all about tradeoffs. if you have infinite free labor/time, and disk space is all that matters to you, then feel free to burn that labor/time eliminating everything you don't need. Since this should be done at build time, there is no risk and there is very little trouble. It's not that hard or time consuming to build a Jumpstart profile. And once the profile is build, it can be used for any number of systems. A little bit of upfront work goes a long way. fpsm ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Solaris 8 Zones Cleanup
On Wed, Jan 21, 2009 at 3:53 PM, Jerry Jelinek gerald.jeli...@sun.com wrote: Thats really not the focus of the s8 branded zone. Understood. However the OP asked if it made sense to do so. In my view it is nearly always worth the negligible amount of time and effort required to minimize and harden a system. If you're going to spend a lot of time tuning up the zone, then you'd probably be better served spending that time getting your software stack running in a native s10 zone. Agreed. However we are not talking about a lot of time. The s8 brand is really intended to help with consolidating unsupported, legacy software stacks onto newer hardware. If you have a lot of time to spend on each stack, then why spend it on something thats obsolete? Just because that is the intended purpose for the technology, doesn't mean that is the only way it will be used. Of course, nothing is stopping you from doing this though. Jerry ___ zones-discuss mailing list zones-discuss@opensolaris.org
