Automating custom software installation in a zone
By mgerdts on Nov 12, 2011
In Solaris 11, the internals of zone installation are quite different than they were in Solaris 10. This difference allows the administrator far greater control of what software is installed in a zone. The rules in Solaris 10 are simple and inflexible: if it is installed in the global zone and is not specifically excluded by package metadata from being installed in a zone, it is installed in the zone. In Solaris 11, the rules are still simple, but are much more flexible: the packages you tell it to install and the packages on which they depend will be installed.
So, where does the default list of packages come from? From the AI (auto installer) manifest, of course. The default AI manifest is /usr/share/auto_install/manifest/zone_default.xml. Within that file you will find:
<software_data action="install"> <name>pkg:/group/system/solaris-small-server</name> </software_data>
So, the default installation will install pkg:/group/system/solaris-small-server. Cool. What is that? You can figure out what is in the package by looking for it in the repository with your web browser (click the manifest link), or use pkg(1). In this case, it is a group package (pkg:/group/), so we know that it just has a bunch of dependencies to name the packages that really wants installed.
$ pkg contents -t depend -o fmri -s fmri -r solaris-small-server FMRI compress/bzip2 compress/gzip compress/p7zip ... terminal/luit terminal/resize text/doctools text/doctools/ja text/less text/spelling-utilities web/wget
If you would like to see the entire manifest from the command line, use pkg contents -r -m solaris-small-server.
Let's suppose that you want to install a zone that also has mercurial and a full-fledged installation of vim rather than just the minimal vim-core that is part of solaris-small-server. That's pretty easy.
First, copy the default AI manifest somewhere where you will edit it and make it writable.
# cp /usr/share/auto_install/manifest/zone_default.xml ~/myzone-ai.xml # chmod 644 ~/myzone-ai.xml
Next, edit the file, changing the software_data section as follows:
<software_data action="install"> <name>pkg:/group/system/solaris-small-server</name> <name>pkg:/developer/versioning/mercurial</name>
To figure out the names of the packages, either search the repository using your browser, or use a command like pkg search hg.
Now we are all ready to install the zone. If it has not yet been configured, that must be done as well.
# zonecfg -z myzone 'create; set zonepath=/zones/myzone' # zoneadm -z myzone install -m ~/myzone-ai.xml A ZFS file system has been created for this zone. Progress being logged to /var/log/zones/zoneadm.20111113T004303Z.myzone.install Image: Preparing at /zones/myzone/root. Install Log: /system/volatile/install.15496/install_log AI Manifest: /tmp/manifest.xml.XfaWpE SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml Zonename: myzone Installation: Starting ... Creating IPS image Installing packages from: solaris origin: http://localhost:1008/solaris/54453f3545de891d4daa841ddb3c844fe8804f55/ DOWNLOAD PKGS FILES XFER (MB) Completed 169/169 34047/34047 185.6/185.6 PHASE ACTIONS Install Phase 46498/46498 PHASE ITEMS Package State Update Phase 169/169 Image State Update Phase 2/2 Installation: Succeeded Note: Man pages can be obtained by installing pkg:/system/manual done. Done: Installation completed in 531.813 seconds. Next Steps: Boot the zone, then log into the zone console (zlogin -C) to complete the configuration process. Log saved in non-global zone as /zones/myzone/root/var/log/zones/zoneadm.20111113T004303Z.myzone.installNow, for a few things that I've seen people trip over:
- Ignore that bit about man pages - it's wrong. Man pages are already installed so long as the right facet is set properly. And that's a topic for another blog entry.
- If you boot the zone then just use zlogin myzone, you will see that services you care about haven't started and that svc:/milestone/config:default is starting. That is because you have not yet logged into the console with zlogin -C myzone.
- If the zone has been booted for more than a very short while when you first connect to the zone console, it will seem like the console is hung. That's not really the case - hit ^L (control-L) to refresh the sysconfig(1M) screen that is prompting you for information.