Peter Tribble writes: > On Mon, Feb 25, 2008 at 12:17 PM, James Carlson <james.d.carlson at sun.com> > wrote: > > Yes, that should work, but (in general) I don't recommend attempting > > to "minimize" the system by removing packages. It ends up being > > extremely painful to craft a custom set of packages for desired > > features. > > > > Instead, just turn off the things you don't want. Disk space is > > cheap, and your time isn't. > > Indeed. Disk space is cheap, time isn't. > > In particular, manifest import time is a killer. 12 minutes per zones, > you gotta be kidding. > > This means that an important aspect of any current minimization > effort I put in is to actually reduce the number of services to a minimum, > in particular any service I want turned off is better not installed > in the first place.
Agreed; you have to look at the whole usage scenario -- including patching, zone usage, and upgrades. For the sorts of things I do, and for many "simple" server configurations, fiddling with detailed lists of packages and dependencies is a real drag. Dealing with users who say, "hey, why didn't you include SUNWfoobar?" is a more painful problem. If there's something that I "forgot" from the list, then in order to install it properly on an OpenSolaris system, I have to dredge up the original distribution DVD. For S10, it's much worse -- doing this right means backing out all the patches that may touch SUNfoobar, installing the package (and all its dependencies -- don't forget to remove the patches for those as well!) from the Update medium, and then reinstalling those patches. I doubt anyone ever really gets this right -- meaning we probably have a lot of people skating around on ice that's much thinner than they realize. For others, it's entirely possible that other considerations (such as the minutes required to install a zone) would dominate, and in those cases, I agree you'd want to make a different optimization. My point, though, was that you shouldn't just be minimizing in order to conserve cheap disk space, or because you think you "have to," or because it somehow makes things "more secure." Instead, it's a set of trade-offs. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
