Do a "pkg image-update" with multiple zones!!!

Hello you half-dozen readers!

Recently I reinstalled my home server to OpenSolaris, build 130. I used zfs send and zfs recv to recover my relevant bits of data. I also constructed new zones, this time using ipkg zones.

Using ipkg zones takes a bit of acclimation. The biggest thing to note is that if you need a specific software package, you have to use pkg install in the zone you wish to have the software. For example, I have three zones:

  • The Global, internal-only, server zone - My global zone spends most of its time without a default route, serving NFSv4 and anything else I can think of only to my local LAN. If I need a new service, I temporarily add a global route, and pkg install away.
  • The Webserver zone - Just like it says. I needed Apache here, and had to pkg install Apache here.
  • The Router/NAT/IPsec-remote-access/Firewall zone - If you're going to put potential targets on the Internet, why put the global zone there? Especially with Crossbow VNICs and IP Instances!
So I got all of these zones, and the global zone isn't even net-attached most of the time? More interesting still, I need to upgrade all of these zones.

I posed this problem to pkg-discuss@opensolaris.org. Right now, pkg image-update won't upgrade the non-global zones. Worse still, I need to upgrade a zone that's also acting as my NAT and router. Luckily for me, Ed Pilatowicz gave me some good advice:

i do have one other workaround/suggestion you could try. after you do an image-update of your global zone. before rebooting, use beadm to mount the new image on /a. then you can try doing "pkg -R /a/path_to_your_zone/root image-update" for each of your zones. this will probably work as long as your always image-update'ing to the latest bits in the repository (and no new images get pushed to the repository in between all the image-update opreations.) So I took Ed at his word.

Even if you have an ultra-paranoid global zone, you need to get it talking to an IPS repository. Either temporarily add an off-link route like I do, or have a local repository handy. Proceed and pkg image-update your global zone. Make sure you use --be-name to pick a BE name that you'll remember.

Next, you literally beadm mount new-be-name /mnt and for each zone root directory (while still able to reach the repository from your global zone) do pkg -R zone-root-path image-update. For my own example, I did:

  • pkg image-update --be-name 132
  • beadm mount 132 /mnt
  • pkg -R /mnt/export/home/webserver/root image-update
  • pkg -R /mnt/export/home/router/root image-update
  • beadm umount 132
  • reboot

This worked quite well for me moving up from 130 to 132. Just make sure your global zone can reach the repository, and you should be golden.

Comments:

It appears in your example that while you beadm mounted your new BE, the subsequent image-updates were not to /mnt/export/home/webserver/root or /mnt/export/home/router/root. Typo?

Posted by James McPherson on February 07, 2010 at 02:16 PM EST #

Yes James, typo! Now fixed.

Posted by Dan McDonald on February 07, 2010 at 02:32 PM EST #

I can see this as also being an advantage when doing upgrades of machines with zones on them. Because you can update the zones before rebooting the machine, so you don't have to wait with the zone upgrades till after the reboot, during which the zones will be unavailable.

Posted by Jeppe Toustrup on February 09, 2010 at 03:02 AM EST #

Thanks for that. My home system has a similar set up so this helped the upgrade a lot.

What would be really cool if there was a way to share the package download directory so that the packages are not downloaded more than once.

Posted by Chris Gerhard on February 11, 2010 at 09:43 AM EST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

danmcd

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today