Solaris-specific Providers for Puppet

As I mentioned in my previous post about Puppet, there are some new Solaris-specific Resource Types for Puppet 3.4.1 in Oracle Solaris 11.2.  All of these new Resource Types and Providers have been available on since integration into the FOSS projects gate.  I am actively working with Puppet Labs to get this code pushed back upstream so that it's available for anybody to work with.

Here's a small description of a few (of 23) of the new Resource Types:

  • boot_environment
    • name - The boot_environment name (#namevar)
    • description - Description for the new boot environment
    • clone_be - Create a new boot environment from an existing inactive boot environment
    • options - Create the datasets for a new boot environment with specific ZFS properties.  Specified as a hash
    • zpool - Create the new boot environment in the specified zpool
    • activate - Activate the specified boot environment
  • pkg_publisher
    • name - The publisher name (#namevar)
    • origin - Which origin URI(s) to set.  For multiple origins, specify them as a list
    • enable - Enable the publisher
    • sticky - Set the publisher 'sticky'
    • searchfirst - Set the publisher first in the search order
    • searchafter - Set the publisher after the specified publisher in the search order
    • searchbefore - Set the publisher before the specified publisher in the search order
    • proxy - Use the specified web proxy URI to retrieve content for the specified origin or mirror
    • sslkey - The client SSL key
    • sslcert - The client SSL certificate
  • vnic
    • name - The name of the VNIC (#namevar)
    • temporary - Optional parameter that specifies that the VNIC is temporary
    • lower_link - The name of the physical datalink over which the VNIC is operating
    • mac_address - Sets the VNIC's MAC address based on the specified value
  • dns
    • name - A symbolic name for the DNS client settings to use.  This name is used for human reference only
    • nameserver - The IP address(es) the resolver is to query.  A maximum of 3 IP addresses may be specified.  Specify multiple addresses as a list
    • domain - The local domain name
    • search - The search list for host name lookup.  A maximum of 6 search entries may be specified.  Specify multiple search entries as a list
    • sortlist - Addresses returned by gethostbyname() to be sorted.  Entries must be specified in IP 'slash notation'.  A maximum of 10 sortlist entries may be specified.  Specify multiple entries as an array.
    • options - Set internal resolver variables.  Valid values are debug, ndots:n, timeout:n, retrans:n, attempts:n, retry:n, rotate, no-check-names, inet6.  For values with 'n', specify 'n' as an integer.  Specify multiple options as an array.

Other Resource Types are:

  • Datalink Management:   etherstub, ip_tunnel, link_aggregation, solaris_vlan
  • IP Network Interfaces:  address_object, address_property, interface_properties, ip_interface, ipmp_interface,                                             link_properties, protocol_properties, vni_interface
  • pkg(5) Management:  pkg_facet, pkg_mediator, pkg_variant
  • Naming Services:  nis, nsswitch, ldap

The zones Resource Type has been updated to provide Kernel Zone and archive support as well.


Thanks for the work on puppet. I'm very interested in seeing this functionality make its way into the mainstream puppet code base. What is the licensing for this code? I'm considering wrapping it into a puppet module so I can make it available sooner.

I did notice that the ip_interface resource blows up when the ip_interface is an aggregate. The underlying show-phys -p -o link will not include aggregates or ipmp devices. Should the type/interface.rb use "show-link", instead of the "show-phys" that it does now?

Posted by Jon Craig on July 11, 2014 at 12:25 PM GMT #

The ip_interface issue was recently fixed. I'll need to double check on the backport to 11.3, however. The latest files can be picked up from

You can also clone this mercurial repository as explained here:

As far as the licensing goes, it's meant to match what Puppet itself is delivered as (in this case Apache 2.0). We're working with Puppetlabs to get the code integrated into Puppet's trunk but it's going to take some time.

Posted by Drew Fisher on September 15, 2014 at 02:19 PM GMT #

I'm running into the problem that puppet providers are being too OS specific. As an example the Solaris 11 provider for DNS won't work with either linux or even Solaris 10 as it is. Our shop is still early into it's Puppet rollout so maybe we are missing something.

Posted by Michael D. Gale on March 26, 2015 at 09:53 PM GMT #

Solaris 11 drastically changed how the naming services configuration settings are managed. In Solaris 10, they're managed via the "old" way (via editing files like /etc/resolv.conf and /etc/nsswitch.conf). In Solaris 11, all of the naming service configuration was moved to SMF.

For Solaris 10, use the 'file' resource type: to manage those files in /etc

For Solaris 11, use the 'dns' or 'ldap' type as shown above.

Posted by Drew Fisher on March 28, 2015 at 02:54 PM GMT #


I'm searching for a way to contribute to the puppet efforts in Solaris. I've used the puppet modules from Solaris 11.2 ind 11.1 and found some things missing.
I've added support for infiniband partitions (ibpart type and provider) as well as extended the provided vnic provider to support vlanid configuration.

Is there any documentation on how those changes can be commited to upstream?



Posted by Benjamin Fischer on March 31, 2015 at 02:28 PM GMT #

It looks like the puppet component was pulled out of the userland project on Did this move somewhere else?

Posted by Jon Craig on May 11, 2015 at 05:00 PM GMT #

Post a Comment:
  • HTML Syntax: NOT allowed

The Observatory is a blog for users of Oracle Solaris. Tune in here for tips, tricks and more as we explore the Solaris operating system from Oracle.


« July 2016