Tuesday, October 11, 2011

Setting up a Solaris 11 Express Local Package Repository

As part of the exercise to upgrade my entire infrastructure from ESXi 4 to ESX 5, and adding a few Solaris Global Zones into the mix, I started with setting up a Solaris 11-based utility server. The shared, utility server is envisioned to provide the following services to other nodes in the infrastructure without introducing too many individual servers in the lab environment:

1) Local network IPS repository server for other clients
2) ZFS-based iSCSI target for other Solaris zones
3) ZFS-based NFS for shared storage in Solaris zones
4) LDAP services
5) DNS services
6) and more...

This article will address the topic of setting up a shared repository.

- Solaris 11 Express VM. Download text installer here. I choose VMware workstation, you can obtain the entire VirtualBox image of Solaris 11 Express from Oracle website.
- Solaris 11 Express  full repository CD (sol-11-exp-201011-repo-full.iso). Download from Oracle website.

A repository is a location where clients publish and retrieve IPS packages. Clients that publish IPS packages are called publisher. A repository contains packages published by a single publisher. A repository is described by a Universal Resource Identifier (URI) such as http URL or a file location. The publisher name of all packages in the Solaris 11 Express full repository CD is 'solaris'. If you create software and publish the packages, you give yourself a publisher name, such as 'mycompany'.

A repository can be either an 'origin' or a 'mirror'.

An IPS package is a collection of software artefacts in a defined format. A package is represented by a Fault Management Resource Identifier (FMRI).

For detailed description of IPS concept, refer to Oracle documentation.

Setting up the IPS repository
In summary, the following components are required in order to setup a network based IPS repository.

- IPS Contents. We will copy all the packages from the Oracle repository CD into a local file system. You can simply create a local directory under the default ZFS pool (rpool) of your Solaris 11 Express installation. Alternatively, you can create a new ZFS pool to host the files.

In this exercise, I used the existing root file system rpool and make a directory under the root mountpoint.

root@sol11util:/rpool# cd /
root@sol11util:/# mkdir -p ips/repo

Copy all contents under the repo folder in the CD into the /ips/repo

root@sol11util:/# rsync -aP source dest

This is going to take a while as every files under the repo is copied.

After completion, check that the directory is there. You should see under the ips/repo the following files

root@sol11util:/ips/repo# ls -la
total 7
drwxr-xr-x 3 root root   4 2010-11-11 08:40 .
drwxr-xr-x 3 root root   3 2011-10-23 08:33 ..
-rw-r--r-- 1 root root 250 2010-11-11 08:40 pkg5.repository
drwxr-xr-x 3 root root   3 2010-11-11 08:39 publisher

- IPS server. We have the content in /ips/repo now. We need to setup a server to serve the contents of this folder to the clients on the LAN. Solaris 11 Express allows you to manage services with simple commands.

svcs - This command is used to list currently running services managed by the smf (Service Management Facility). To find out if an instance of pkg package server already running, issue the following command

root@sol11util:/tank/repo# svcs \*pkg\*
STATE          STIME    FMRI
disabled        6:48:32 svc:/application/pkg/server:default
disabled        6:48:32 svc:/application/pkg/dynamic-mirror:default
online          6:48:43 svc:/system/pkgserv:default

The /application/pkg/server is not enabled by default in a fresh Solaris 11 installation. This is the service that will serve the client and provide access to the packages published by a publisher.

Let's examine this service by another command called 'svccfg'. The following command line lists all the properties of the application/pkg/server service to the console.

root@sol11util:/tank/repo# svccfg -v -s application/pkg/server listprop

pkg                                                        application
pkg/cfg_file                                               astring 
pkg/content_root                                           astring  usr/share/lib/pkg
pkg/debug                                                  astring 
pkg/file_root                                              astring 
pkg/inst_root                                              astring  /var/pkg/repo
pkg/log_access                                             astring  none
pkg/log_errors                                             astring  stderr
pkg/mirror                                                 boolean  false
pkg/pkg_root                                               astring  /
pkg/port                                                   count    80
pkg/proxy_base                                             astring 
pkg/readonly                                               boolean  true
pkg/socket_timeout                                         count    60
pkg/sort_file_max_size                                     astring 
pkg/ssl_cert_file                                          astring 
pkg/ssl_dialog                                             astring  smf
pkg/ssl_key_file                                           astring 
pkg/threads                                                count    60
pkg/writable_root                                          astring 
pkg_bui                                                    application
pkg_bui/feed_description                                   ustring 
pkg_bui/feed_icon                                          ustring  web/_themes/pkg-block-icon.png
pkg_bui/feed_logo                                          ustring  web/_themes/pkg-block-logo.png
pkg_bui/feed_name                                          ustring  "package repository feed"
pkg_bui/feed_window                                        count    24
pkg_secure                                                 application
pkg_secure/read_authorization                              astring  solaris.smf.read.pkg-server
pkg_secure/ssl_key_passphrase                              astring 
fs                                                         dependency
fs/entities                                                fmri     svc:/system/filesystem/local
fs/grouping                                                astring  require_all
fs/restart_on                                              astring  none
fs/type                                                    astring  service
autofs                                                     dependency
autofs/entities                                            fmri     svc:/system/filesystem/autofs
autofs/grouping                                            astring  optional_all
autofs/restart_on                                          astring  none
autofs/type                                                astring  service
ntp                                                        dependency
ntp/entities                                               fmri     svc:/network/ntp
ntp/grouping                                               astring  optional_all
ntp/restart_on                                             astring  none
ntp/type                                                   astring  service
network                                                    dependency
network/entities                                           fmri     svc:/milestone/network
network/grouping                                           astring  require_all
network/restart_on                                         astring  none
network/type                                               astring  service
manifestfiles                                              framework
manifestfiles/var_svc_manifest_application_pkg-server_xml  astring  /var/svc/manifest/application/pkg-server.xml
startd                                                     framework
startd/duration                                            astring  child
general                                                    framework
general/entity_stability                                   astring  Unstable
start                                                      method
start/exec                                                 astring  "%{pkg/pkg_root}/lib/svc/method/svc-pkg-depot %m"
start/timeout_seconds                                      count    0
start/type                                                 astring  method
stop                                                       method
stop/exec                                                  astring  "%{pkg/pkg_root}/lib/svc/method/svc-pkg-depot %m %{restarter/contract}"
stop/timeout_seconds                                       count    30
stop/type                                                  astring  method
tm_common_name                                             template
tm_common_name/C                                           ustring  "image packaging repository"
As you can see, this is a huge list of service properties. Fortunately, we are only interested in 2 properties, namely the pkg/inst_root and pkg/port. The default values of these properties are /var/pkg/repo and 80 respectively.

We will update the pkg/inst_root to point to /ips/repo (the local copy of the repo folder in the Solaris package CD), and the port number to an unused port 9999.

root@sol11util:/tank/repo# svccfg -v -s application/pkg/server setprop pkg/inst_root=/ips/repo

root@sol11util:/tank/repo# svccfg -v -s application/pkg/server setprop pkg/port=9999

Make sure the props are set.

root@sol11util:~# svccfg -s /application/pkg/server listprop | grep '\(port\)\|\(inst_root\)'

pkg/inst_root                                              astring  /ips/repo/
pkg/port                                                   count    9999

So far so good. We need to start the service.

root@sol11util:~# svcadm enable /application/pkg/server
root@sol11util:~# svcs /application/pkg/server
STATE          STIME    FMRI
online         16:24:28 svc:/application/pkg/server:default

The service is up, good. By now we should be able to use web browser to explore the repository from the network.

To start using this repository, we will need to set the client up to point to this repository. For now, we will set up the host to use the repository it is hosting.

Before doing that, let's see what repository is currently available to the host.

root@sol11util:/usr# pkg publisher

PUBLISHER                             TYPE     STATUS   URI

solaris                  (preferred)  origin   online   http://pkg.oracle.com/solaris/release/

Ok, we currently have an internet based Oracle repository. We are going to replace that with our local (LAN based) one.

root@sol11util:/usr# pkg set-publisher -g -G http://pkg.oracle.com/solaris/release/ solaris

results in

root@sol11util:/usr# pkg publisher
PUBLISHER                             TYPE     STATUS   URI
solaris                  (preferred)  origin   online

Rebuild the repository index

root@sol11util:~# pkg rebuild-index

Try installing firefox from this default (preferred) repository.

root@sol11util:/usr# pkg install firefox Packages to install: 15 Create boot environment: No Services to restart: 3 DOWNLOAD PKGS FILES XFER (MB) Completed 15/15 5628/5628 34.2/34.2 PHASE ACTIONS Install Phase 6514/6514 PHASE ITEMS Package State Update Phase 15/15 Image State Update Phase 2/2

That is it.