Introducing the Basics of Image Packaging System (IPS) on Oracle Solaris 11

November 2011

by Glynn Foster

How to administer an Oracle Solaris 11 system using IPS, including how to deal with software package repositories, install and uninstall packages, and update systems.


Oracle Solaris 11 takes a new approach to lifecycle and package management to greatly simplify the process of managing system software helping to reduce the risk of operating system maintenance, including reducing unplanned and planned downtime. With Image Packaging System (IPS), administrators can install and update software from locally connected or remote software package repositories using a much-improved and modernized process.

OTN is all about helping you become familiar enough with Oracle technologies to make an informed decision. Articles, software downloads, documentation, and more. Join up and get the technical resources you need to do your job.

This article covers the basics of administering an Oracle Solaris 11 system using IPS. To learn more about IPS, check out a variety of content at the IPS Technology Spotlight page on Oracle Technology Network. Also see the Oracle Solaris 11 Cheat Sheet for Image Packaging System.

An Overview of IPS

Before we begin to dive into the administrative details of IPS, let's briefly review some of the benefits of the new approach.

In previous releases of the Oracle Solaris platform, administrators used SVR4 packaging to install software onto a system, and then they used a different set of commands to install patches to update the system. As Oracle Solaris evolved to include new technologies, such as Oracle Solaris zones, Oracle Solaris ZFS, and Solaris Service Management Facility (SMF), previously used processes for managing system updates and upgrades became more complex. With thousands of operating system instances installed in some of today's large virtualized data centers, manual methods of tracking and installing patches can result in errors that negatively affect application availability and security.

IPS is an integrated solution that helps automate and ease the complexity of managing system software on Oracle Solaris 11 by integrating patching with package updates. It relies on a network-centric and efficient approach with automatic software dependency checking and validation, and it builds on the foundation of ZFS as the default root file system. Using IPS, administrators can easily and reliably install or replicate an exact set of software package versions across many different client machines, and get a much clearer understanding of any differences between software versions installed on a system.

With ZFS's ability to snapshot and clone a given file system with little or no overhead, IPS establishes a much safer system update by applying changes to a clone or alternate boot environment so that updates can be done while a system is running services in a production environment. When a planned maintenance window can be scheduled, administrators can simply reboot the system into the new boot environment to get up and running faster with much lower system downtime. If administrators experience any problems with a new environment, they can simply bring the system down and back into the older boot environment.

Additionally, administration across any zones created on the system is much improved because the system automatically ensures that software package versions within a non-global zone are consistent with the global zone.

The IPS Command Line

There are several commands administrators can use from the command line to administer a system or create a package repository and populate it with software packages. Table 1 provides a quick summary of the different command line options that are available.

Table 1: Summary of IPS Commands
General administration
pkg Packaging client
Package creation and publication
pkgrepo Repository management utility
pkgrecv Content retrieval utility
pkgsend Package creation and publication
pkgdiff Package manifest comparing utility
pkgmerge Package merging utility
pkgmogrify Package manifest transmogrifying utility
pkgfmt Package manifest formatting utility
pkgsign Package signing utility
pkglint Package linting utility

In this article, we will take a closer look at the pkg command.

Configuring Repositories

IPS is a network-centric package management solution. Software developers, or publishers, make their software available in software package repositories from which administrators can install to their systems. Oracle Solaris 11 installations are configured to have a default publisher, solaris, which supplies software packages from the "release" repository: http://pkg.oracle.com/solaris/release. Administrators can install new software packages from this repository, search for package content, or mirror the contents of this repository locally if they are in a network-restricted environment within their data center. Administrators can quickly see what configuration a system has by using the pkg publisher command:

# pkg publisher
PUBLISHER	TYPE	STATUS	URI
solaris		origin	online	http://pkg.oracle.com/solaris/release/

Administrators can also quickly query some basic information about this repository using the pkgrepo info command, or they can load the repository URL into their Web browser:

# pkgrepo info -s http://pkg.oracle.com/solaris/release/
PUBLISHER	PACKAGES STATUS		UPDATED
solaris		4044	 online     2011-06-22T12:17:33.570603Z

Here we see that this repository is currently online with 4044 packages, and the output shows a time stamp of when the repository was last updated.

Additionally, administrators can choose to add new publishers to their configuration to allow them to install software packages from other publisher sources by using the pkg set-publisher command:

# pkg set-publisher -p http://10.1.1.5
# pkg publisher
PUBLISHER       TYPE    STATUS  URI
solaris         origin  online  http://pkg.oracle.com/solaris/release/
myrepo          origin  online  http://10.1.1.5

In this case, we're adding a new publisher from a system with IP address 10.1.1.5 that contains the software packages necessary for some in-house development. The -p option automatically retrieves publisher configuration information from the specified address. We could have provided this manually using other command line options.

Configuring new publishers or updating existing ones becomes especially important to administrators in environments where there are network restrictions about what systems can access external repositories and administrators are forced to set up an internal mirror in their data center (this will be covered later). Publishers can easily be modified, prioritized, or removed using the pkg set-publisher and pkg unset-publisher commands.

Administrators who configure additional publishers in the global zone automatically expose these publishers in any non-global zones. These publishers (also known as system publishers) are special because they are relied upon to ensure that non-global zones and the global zone are kept in sync and cannot be modified (or deleted) in the non-global zone.

Installing Additional Packages

Once we have configured our repository, we can easily install software packages using the pkg install command. If we want to see what changes would be made to the system without installing anything, we can use the -nv option. In Listing 1, we do a dry-run install of the GCC GNU C compiler package using pkg install -nv.

Listing 1: Doing a Dry-Run Install of the GCC GNU C Compiler Package and Dependencies
# pkg install -nv gcc-3
	       Packages to install:		1
         Estimated space available:     122.17 GB
     Estimated space to be consumed:     340.45 MB
	   Create boot environment:	       No
    Create backup boot environment:            No
                Services to change:             1
	      Rebuild boot archive:            No

Changed packages:
solaris
  developer/gcc-3
    None -> 3.4.3,5.11-0.175.0.0.0.1.530:20111012T111222Z
Services
  restart_fmri:
    svc:/application/texinfo-update:default

As we can see from the output, only a single package needs to be installed and it takes 340 MB. You can also see that no new boot environments are created, one service is restarted, and the system doesn't require the boot archive to be rebuilt.

By default, installing a package does not require a new boot environment to be created unless the package itself explicitly requires a reboot of the system. If a package operation is applied to the current boot environment and affects the state of the kernel, a backup boot environment is created for safety but it is not activated. Once you are happy with the proposed changes to the system, you can carry out the installation by removing the -nv option. In Listing 2, we install the GCC GNU C compiler package.

Listing 2: Installing the GCC GNU C Compiler Package and Dependencies
# pkg install gcc-3
	       Packages to install:             1
	   Create boot environment:            No
    Create backup boot environment:            No
	       Services to restart:             1

DOWNLOAD                          PKGS        FILES   XFER (MB)
Completed                          1/1      324/324   29.6/29.6

PHASE							ACTIONS
Install Phase						395/395

PHASE						 	  ITEMS
Package State Update Phase			            1/1
Image State Update Phase			            2/2

PHASE							  ITEMS
Reading Existing Index					    8/8
Indexing Packages				            1/1

Administrators who wish to install a package into an alternative boot environment can do so by using a simple extension of the pkg install command. In Listing 3, we install the GCC GNU C compiler package into a new boot environment called gcc-be.

Listing 3: Installing the GCC GNU C Compiler Package and Dependencies into a New Boot Environment
# pkg install --be-name gcc-be gcc-3
	       Packages to install:		1
	   Create boot environment:	      Yes 
    Create backup boot environment:            No

DOWNLOAD				PKGS	FILES	XFER (MB)
Completed				 1/1  314/314   29.6/29.6

PHASE                                                     ACTIONS
Install Phase                                             395/395

PHASE                                                       ITEMS
Package State Update Phase                                    1/1
Image State Update Phase                                      2/2

PHASE                                                       ITEMS
Reading Existing Index                                        8/8
Indexing Packages                                             1/1

A clone of solaris-1 exists and has been updated and activated.
On the next boot the Boot Environment gcc-be will be mounted on
'/'. Reboot when ready to switch to this updated BE.

Remember that each package operation automatically creates a ZFS snapshot of the file system to revert to in case the operation fails. Since ZFS snapshots and clones (or boot environments) have virtually zero overhead, it is recommended that administrators use them as part of their day-to-day best practices for administering a system.

Understanding the Package FMRI

Each software package is uniquely described by an FMRI (Fault Management Resource Indicator), which is used to define the name, version, and publisher of a package. We saw part of an FMRI in Listing 1 (pkg install -nv gcc-3). In this case, the full FMRI is pkg://solaris/developer/gcc-3@3.4.3,5.11-0.175.0.0.0.1.530:201111012T111222Z. Table 2 describes the different segments of this FMRI.

Table 2. FMRI Segments
FMRI Segment Description
pkg:// FMRI scheme
solaris Publisher
developer/gcc-3 Package name
3.4.3 Component version
5.11 Build version
0.175.0.0.0.1.530 Branch version
20111012T111222Z Package time stamp (ISO 8601 UTC format)

The component, build, and branch versions are all sequences of dot-separated integers.

If there are alternative packages that also match the gcc-3, you might need to further qualify what should be installed using any of the following commands, which are shown in increasing order of qualification:

# pkg install developer/gcc-3
# pkg install pkg:/developer/gcc-3
# pkg install pkg://solaris/developer/gcc-3
# pkg install pkg://solaris/developer/gcc-3@3.4.3
# pkg install pkg://solaris/developer/gcc-3@3.4.3,5.11-0.175.0.0.0.1.530:20111012T111222Z

For all package commands, it is possible to use the fully defined package FMRI.

Uninstalling Packages

Using the pkg uninstall command, uninstalling a package is as simple as installing one, as shown in Listing 4.

Listing 4: Uninstalling a Package
# pkg uninstall gcc-3
	        Packages to remove:	        1
	   Create boot environment:	       No
    Create backup boot environment:	       No
	       Services to restart:	        1
PHASE							ACTIONS
Removal Phase						408/408

PHASE							  ITEMS
Package State Update Phase				    1/1
Package Cache Update Phase				    1/1
Image State Update Phase				    2/2

PHASE							  ITEMS
Reading Existing Index					    8/8
Indexing Packages					    1/1

Uninstalling a package does not recursively uninstall any of its package dependencies.

Installing Packages in Oracle Solaris Zones

Software can also be installed and uninstalled in any non-global zones. Depending on the type of package being installed, it might be necessary for the package to be installed in the global zone first, which is usually the case for kernel components and drivers.

One of the unique capabilities of IPS is ensuring that all software versions on the system, whether they are installed in the global zone or non-global zones, are consistent with each other to ensure a working system. All package publishers that are configured in the global zone are automatically exposed in all non-global zones as system publishers, allowing individual non-global zone administrators to install additional packages independent of other non-global zones. System publishers are non-configurable and cache software packages as they are being installed so that the software does not need to be downloaded again over the network if it is required in other non-global zones. Administrators can also choose to configure new publishers in any non-global zones.

Getting Information About a Package

Determining what packages are installed on a given system, determining whether there are any updates available for those packages, and getting details about the packages themselves is also easy to do with IPS. To list packages that are installed on the system, use the pkg list command:

# pkg list
NAME (PUBLISHER)				VERSION			IFO
SUNWcs						0.5.11-0.168		i--
SUNWcsd						0.5.11-0.168		i--
archiver/gnu-tar				1.26-0.168		i--
audio/audio-utilities				0.5.11-0.168		i--
auto_install					0.1-0.166		i--
benchmark/x11perf				1.5.3-0.168		i--
....

The output of the command lists the package name, the package version, and the status of the package.

An i in the I column indicates that the package is installed. An f in the F column indicates that the package is frozen. An o in the O column indicates that this version of the package is obsolete (meaning that it cannot be installed, and, if upgraded to, would be removed), and an r in the O column indicates that the package is now available under a new name. Package freezing, obsolescence, and renaming are covered in the IPS Administration Guide.

We can take this a step further by listing some information about a particular package using the pkg info command shown in Listing 5.

Listing 5: Listing Information About a Particular Package
# pkg info gzip
          Name: compress/gzip
       Summary: GNU Zip (gzip)
   Description: The GNU Zip (gzip) compression utility
      Category: Applications/Systems Utilities
         State: Installed
     Publisher: solaris
       Version: 1.3.5
 Build Release: 5.11
        Branch: 0.175.0.0.0.1.530
Packaging Date: Wed Oct 12 10:44:51 2011
          Size: 215.32 kB
          FMRI: pkg://solaris/compress/gzip@1.3.5,5.11-0.175.0.0.0.1.530:20111012T104451Z

By default, this command only lists information about installed packages on the system; however, we can use a similar command to look up information about uninstalled packages, as shown in Listing 6.

Listing 6: Listing Information About an Uninstalled Package
# pkg info -r php-52
          Name: web/php-52
       Summary: PHP Server 5.2
   Description: PHP Server 5.2
      Category: Development/PHP
         State: Not Installed
     Publisher: solaris
       Version: 5.2.17
 Build Release: 5.11
        Branch: 0.175.0.0.0.1.530
Packaging Date: Wed Oct 12 14:01:41 2011
          Size: 44.47 MB
          FMRI: pkg://solaris/web/php-52@5.2.17,5.11-0.175.0.0.0.1.530:20111012T140141Z

Taking this a step further, we can easily list the contents of a given package using the pkg contents command, as shown in Listing 7.

Listing 7: Listing the Contents of a Package
# pkg contents gzip
PATH
usr
usr/bin
usr/bin/gunzip
usr/bin/gzcat
usr/bin/gzcmp
usr/bin/gzdiff
usr/bin/gzegrep
usr/bin/gzexe
usr/bin/gzfgrep
usr/bin/gzforce
usr/bin/gzgrep
....

Searching for Package Content

A huge advantage of IPS is the ability to connect to a package repository and easily search for specific things, such as the name of the package to which a particular file belongs. In its simplest form, you can use the pkg search command to search across any packages that are currently installed and any that are in configured publishers, as follows:

# pkg search stdio.h
INDEX	 ACTION VALUE                                                               PACKAGE
basename file   usr/include/ast/stdio.h                                             pkg:/shell/ksh@0.5.11-0.175.0.0.0.1.0
basename file   usr/gcc/4.5/lib/gcc/i386-pc-solaris2.11/4.5.2/include/ssp/stdio.h   pkg:/developer/gcc-45@4.5.2-0.175.0.0.0.1.530
basename file   usr/gcc/4.5/lib/gcc/sparc-sun-solaris2.11/4.5.2/include/ssp/stdio.h pkg:/developer/gcc-45@4.5.2-0.175.0.0.0.1.530
basename file   usr/include/stdio.h                                                 pkg:/system/header@0.5.11-0.175.0.0.0.1.0

In the results, we can see that there are four files that match the search, which come from three different packages. Like many other IPS commands, the type of output can be controlled by using the pkg search -o command with the appropriate values. This will be covered in more detail in another article.

Updating a System

Now that we've covered the basics of configuring publishers, installing and uninstalling packages, and searching for package content, let's look at how we update a system in a single step. We can use the pkg update -nv command to do a dry-run or the pkg update command to bring a system's software up to date.

Listing 8: Updating a System
# pkg update
                Packages to update:            28
           Create boot environment:           Yes
    Create backup boot environment:            No

DOWNLOAD				PKGS	FILES	XFER (MB)
Completed			       28/28  389/389   28.0/28.0

PHASE					 		ACTIONS
Removal Phase						  84/84
Install Phase						100/100
Update Phase					      1950/1950

PHASE							  ITEMS
Package State Update Phase				  56/56
Package Cache Update Phase				  28/28
Image State Update Phase				    2/2

PHASE							  ITEMS
Reading Existing Index					    8/8
Indexing Packages					  28/28

A clone of solaris exists and has been updated and activated.
On the next boot the Boot Environment solaris-2 will be mounted on '/'.
Reboot when ready to switch to this updated BE.

This command will usually create a new boot environment if kernel components are being updated, as is the case in Listing8. Changes are applied to the new boot environment and the boot environment is activated on the next system reboot. You can easily switch between boot environments if the update causes an undesirable result.

It is also important to note that an update depends on what existing package dependencies are present on the system. For example, an administrator may have chosen to freeze the content of a package because a specific version was required to always be present for business-critical application. If such a situation, a pkg update might not do quite what you'd expect, or it might not have apply any updates to the system, even if you know that newer versions of packages are available.

When a system update is being applied, all non-global zones are automatically updated as well. IPS recursively updates each non-global zone in turn to match the same set of software versions that are present in the global zone. The update will also create new zone boot environments for each non-global zone as necessary.

Summary

The Oracle Solaris 11 Image Packaging System is a major advancement in software management providing an integrated user experience and improved safety for system updates. IPS takes much of the complexity out of managing Oracle Solaris by providing improved automation and auditing, allowing administrators to flexibly manage multiple application environments across virtualized and non-virtualized instances of the operating system.

For More Information

Revision 1.0, 10/27/2011