I'm considering installing Cool Stack on our production web server currently running the built-in versions of apache, mysql, PHP, etc. Does Cool Stack actually replace these bundled versions? If not, will they no longer be managed service instances under smf? Would the mysql database also need to be migrated?
Thanks.
Cool Stack does not replace built-in versions of apache, mysql etc. It installs in a different location - but they will not be managed service instances. You will have to do the work yourself to have these be managed by smf.
CoolStack includes MySQL5 which is a better performing and scalable version than the MySQL4 that comes with Solaris.
We are going to put out an update release of Cool Stack in a few days which will have Apache 2.2, PHP 5.2.
Shanti
Thanks for the response.
I look forward to installing the new release. But I'm somewhat puzzled: if the Cool Stack applications are better performing and optimized for Solaris 10, why they can't replace the bundled versions and be more integrated with Solaris? Is this just a support issue?
> But
> I'm somewhat puzzled: if the Cool Stack applications
> are better performing and optimized for Solaris 10,
> why they can't replace the bundled versions and be
> more integrated with Solaris? Is this just a support
> issue?
Going forward, we do hope to have it as part of Solaris. But currently - yes, it is just a support issue.
I have adapted the existing SMF manifest and service methods installed with Solaris for apache to use the CoolStack as follows:
/var/svc/manifest/network/CSQhttp-apache2.xml:
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
Copyright 2006 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
ident"@(#)CSQhttp-apache2.xml1.007/02/20 SMI"
based on http-apache2.xml1.306/03/27 SMI
-->
<service_bundle type='manifest' name='CSQapch2:apache'>
<service
name='network/http'
type='service'
version='1'>
<!--
Because we may have multiple instances of network/http
provided by different implementations, we keep dependencies
and methods within the instance.
-->
<instance name='apache2' enabled='false'>
<!--
Wait for network interfaces to be initialized.
-->
<dependency name='network'
grouping='require_all'
restart_on='error'
type='service'>
<service_fmri value='svc:/milestone/network:default'/>
</dependency>
<!--
Wait for all local filesystems to be mounted.
-->
<dependency name='filesystem-local'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri
value='svc:/system/filesystem/local:default'/>
</dependency>
<!--
Wait for automounting to be available, as we may be
serving data from home directories or other remote
filesystems.
-->
<dependency name='autofs'
grouping='optional_all'
restart_on='error'
type='service'>
<service_fmri
value='svc:/system/filesystem/autofs:default'/>
</dependency>
<exec_method
type='method'
name='start'
exec='/lib/svc/method/CSQhttp-apache2 start'
timeout_seconds='60' />
<exec_method
type='method'
name='stop'
exec='/lib/svc/method/http-apache2 stop'
timeout_seconds='60' />
<exec_method
type='method'
name='refresh'
exec='/lib/svc/method/http-apache2 refresh'
timeout_seconds='60' />
<property_group name='httpd' type='application'>
<stability value='Evolving' />
<propval name='ssl' type='boolean' value='false' />
</property_group>
<property_group name='startd' type='framework'>
<!-- sub-process core dumps shouldn't restart
session -->
<propval name='ignore_error' type='astring'
value='core,signal' />
</property_group>
</instance>
<stability value='Evolving' />
<template>
<common_name>
<loctext xml:lang='C'>
Apache 2 HTTP server
</loctext>
</common_name>
<documentation>
<manpage title='httpd' section='8'
manpath='/usr/apache2/man' />
<doc_link name='apache.org'
uri='http://httpd.apache.org' />
</documentation>
</template>
</service>
</service_bundle>
/lib/svc/method/CSQhttp-apache2:
#!/sbin/sh
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "@(#)CSQhttp-apache21.007/02/20"
# based on http-apache21.204/11/11 SMI"
#
. /lib/svc/share/smf_include.sh
APACHE_HOME=/usr/local/apache2
CONF_FILE=/usr/local/apache2/conf/httpd.conf
PIDFILE=/var/apache2/run/httpd.pid
[ ! -f ${CONF_FILE} ] && exit $SMF_EXIT_ERR_CONFIG
case "$1" in
start)
/bin/rm -f ${PIDFILE}
/bin/mkdir -p /var/apache2/run
ssl=`svcprop -p httpd/ssl svc:/network/http:apache2`
if [ "$ssl" = false ]; then
cmd="start"
else
cmd="startssl"
fi
;;
refresh)
cmd="graceful"
;;
stop)
cmd="stop"
;;
*)
echo "Usage: $0 {start|stop|refresh}"
exit 1
;;
esac
exec ${APACHE_HOME}/bin/apachectl $cmd 2>&1
You have to disable or remove the original manifest and method so that only the new one for CoolStack automatically starts and runs under SMF.Once you having it running under SMF it's an easy change to limit it's privileges. See Glenn's paper on how to do this:
http://www.sun.com/blueprints/0505/819-2680.html
Or go a step further and run apache in a restricted zone: http://www.sun.com/software/solaris/howtoguides/s10securityhowto.jsp
> We are going to put out an update release of Cool
> Stack in a few days which will have Apache 2.2, PHP
> 5.2.
Is it possible to create RSS feed which will inform about new releases of Cool Stack, new info etc ? Or maybe something like http://blogs.sun.com/coolstack (+ of course RSS feed :-) )
Regards
przemol
