neuhalfen.name

A random collection of posts

Setting Up a Solaris IPS Server

Permalink

Besides several Linux VMs, I am using Solaris 11 for some of my home-tinkering systems. After an undetected three day outage of my mail server, I decided to install a monitoring solution for my systems.

Unwilling to go through the configure, make, make install triple jump every time I install a system, I set out to create a local IPS repository to serve my needs (and packages).

This tutorial consists of multiple steps

  1. Create and set up a local IPS in a dedicated zone (this article).
  2. Create a simple IPS package
  3. Create the Zabbix package for Solaris 11 and publish it.

Legend

I use several systems for package creation and -test. Each system is implemented as Solaris zone. Test systems are regularly reset to a known state by using zfs snapshots.

Systems used for package creation and test.

In listings the following prefixes are used when it is necessary to distinguish between systems:

  • host $ ... is the prefix used for the user root at the “global zone”.
  • ips $ ... denotes the user root inside the ips-zone.
  • ips-test $ ... denotes the user root inside the ips-test-zone.
  • client $ ... shows commands executed on clients (user root).

Preparations

The following steps will create a Solaris zone named ips by cloning an existing zone template. The new zone will be configured to be a world-writeable IPS repository.

Create/Clone a new zone for IPS

The new zone named IPS will be a clone of an existing zone called template.

First, create a zone configuration:

host $ zoneadm -z template halt
host $ zonecfg -z template export -f ./ips.zone

Next, change the zonepath and the IPv4 address of the zone. To make administration easier, all of my zones share /export/home.

host $ cat ips.zone
create -b
set zonepath=/zones/ips
set brand=ipkg
set autoboot=true
set ip-type=shared
add fs
set dir=/export/home
set special=/export/home
set type=lofs
add options nodevices
end
add net
set address=172.20.1.20
set physical=e1000g0
set defrouter=172.20.1.14
end

Now create the new zone IPS and create the filesystem by cloning zone template:

host $ zonecfg -z ips -f ./ips.zone
host $ zoneadm -z ips clone template

Verify, that everything is OK:

host $ zfs list -r storage/zones
NAME USED AVAIL REFER MOUNTPOINT
storage/zones 1.56G 14.1G 35K /zones
storage/zones/template 1.21G 14.1G 33K /zones/template
storage/zones/template/ROOT 1.21G 14.1G 31K legacy
storage/zones/template/ROOT/template 638M 14.1G 637M /var/lib/template
storage/zones/template/ROOT/zbe 605M 14.1G 571M legacy
storage/zones/ips 1.42M 14.1G 34K /zones/ips
storage/zones/ips/ROOT 1.38M 14.1G 31K legacy
storage/zones/ips/ROOT/zbe 1.35M 14.1G 571M legacy
storage/zones/mysql 352M 14.1G 34K /zones/mysql
storage/zones/mysql/ROOT 352M 14.1G 31K legacy
storage/zones/mysql/ROOT/mysql 30.8M 14.1G 84K /mysql
storage/zones/mysql/ROOT/mysql/data 30.7M 14.1G 29.1M /mysql/data
storage/zones/mysql/ROOT/zbe 322M 14.1G 711M legacy
host $ zoneadm list -c -v
ID NAME STATUS PATH BRAND IP
0 global running / ipkg shared
2 mysql running /zones/mysql ipkg shared
- template installed /zones/template ipkg shared
- ips installed /zones/ips ipkg shared

Setup the new zone

host $ zoneadm -z ips boot
host $ # ...
host $ zlogin -e\# -C ips
[Connected to zone 'ips' console]
You did not enter a selection.
What type of terminal are you using?
1) ANSI Standard CRT
2) DEC VT100
3) PC Console
4) Sun Command Tool
5) Sun Workstation
6) X Terminal Emulator (xterms)
7) Other
Type the number of your choice and press Return: 2
$ # ... setup the zone by following the wizard.
# For my setup I choose DNS as name service.
# Hint: press ESC and then 2 to Continue
# ...
System identification is completed.
ips console login:
#.
[Connection to zone 'ips' console closed]

Create the repository

As user root, log into the ips zone. Create a ZFS dataset to hold the repository:

ips $ zfs create -o compression=on -o mountpoint=/ips storage/zones/ips/ROOT/ips_repository
ips $ pkgrepo create /ips

Setup a local publisher “neuhalfen.name”

I want to publish our private packets as “my own” publisher:

ips $ pkgrepo set -s /ips publisher/prefix=neuhalfen.name
ips $ pkgrepo get -s /ips
SECTION PROPERTY VALUE
publisher prefix neuhalfen.name
repository version 4
ips $ pkgrepo info -s /ips
PUBLISHER PACKAGES STATUS UPDATED
neuhalfen.name 0 online 2011-07-03T23:18:36.712378Z

Install the IPS-server

The IPS server goes by the FMRI svc:/application/pkg/server:default and is installed by default.

# Point the server to our repository
ips $ svccfg -s application/pkg/server setprop pkg/inst_root=/ips
ips $ svccfg -s application/pkg/server listprop pkg/inst_root
pkg/inst_root astring /ips
# Allow write access to the repository
ips $ svccfg -s application/pkg/server setprop pkg/readonly=false
ips $ svccfg -s application/pkg/server listprop pkg/\*
pkg/cfg_file astring
pkg/content_root astring usr/share/lib/pkg
pkg/debug astring
pkg/file_root astring
pkg/log_access astring none
pkg/log_errors astring stderr
pkg/mirror boolean false
pkg/pkg_root astring /
pkg/port count 80
pkg/proxy_base astring
pkg/socket_timeout count 60
pkg/sort_file_max_size astring
pkg/ssl_cert_file astring
pkg/ssl_dialog astring smf
pkg/ssl_key_file astring
pkg/threads count 60
pkg/writable_root astring
pkg/inst_root astring /ips
pkg/readonly boolean false
ips $ svcadm refresh application/pkg/server
ips $ svcadm enable application/pkg/server

Browse the (empty) repository

The, albeit empty, repository can now be found under http://ips.local.neuhalfen.name/.

Enable search

To enable clients to search in our repository, the index needs to be refreshed:

ips $ pkgrepo -s /ips refresh
Repository refresh initiated.
ips $ find /ips
/ips
/ips/pkg5.repository

Refresh the service

If any of these modifications are made, after the repository service has been installed, the pkg/server service needs to be refreshed:

ips $ svcadm refresh application/pkg/server

Setup the clients

To make my repository known to my client machines, the new publisher needs to be made known:

client $ pkg set-publisher -O http://ips.local.neuhalfen.name:80 neuhalfen.name
client $ pkg publisher
PUBLISHER TYPE STATUS URI
solaris (preferred) origin online http://pkg.oracle.com/solaris/release/
neuhalfen.name origin online http://ips.local.neuhalfen.name:80/

See here for more documentation.

Next steps

It is a good idea to create dedicated test zones for package testing. Personally, I cloned the IPS-zone as ips-test, and template as test-client.

Resources

  1. How To Copy an Oracle Solaris 11 Express Software Package Repository
  2. IPS Documentation
  3. Oracle Solaris 11 Express Articles and White Papers

Comments