by Albert White
Published May 2012
Oracle provides updates to Oracle Solaris 11 via Support Repository Updates (SRU), which are accessible only to customers who have purchased an Oracle support contract. SRUs are available through an online repository hosted at http://pkg.oracle.com and via incremental ISO images.
For most customers and organizations, maintaining a set of internal package repositories will be standard practice, particularly in network-restrictive environments with strict software version control processes. For example, administrators will typically want to manage the entire software lifecycle, including how software is delivered to end users of production systems, through a series of staging and test systems.
In this article, we will set up the following three repositories and demonstrate a best-practices environment:
This process is described in detail in Copying and Creating Oracle Solaris 11 Package Repositories, so we won't go into too much detail here. However, let's quickly summarize the key steps.
First, you create a dedicated ZFS file system for your repository on your Oracle Solaris 11 system. This allows you to use ZFS technologies, such as clones and snapshots, to easily manage your data.
We'll assume that you already have the zpool
rpool created on your system, and that this file system will be mounted as
# zfs create rpool/export/s11ReleaseRepo
Next, we use
pkgrepo(1) to create a repository in the location you created in Step 1. This creates the necessary initial structure of the repository that we will populate in the next step.
# pkgrepo create /export/s11ReleaseRepo
We now populate this repository with the contents of the official Oracle Solaris 11 release repository. For this we use
pkgrecv(1) and instruct it to pull the latest versions of all packages from the Oracle package repository to our local repository.
# pkgrecv -s http://pkg.oracle.com/solaris/release/ -d /export/s11ReleaseRepo '*'
If you do not have network access to the Oracle package repository, you can use the Oracle Solaris 11 repository ISO image, as detailed in Copying and Creating Oracle Solaris 11 Package Repositories.
ZFS allows you to create snapshots of file systems, which makes it very easy to roll back a file system at a later date, if needed, or to copy a file system quickly. For convenience, we will create a snapshot of our repository now using the
zfs snapshot command.
# zfs snapshot rpool/export/s11ReleaseRepo@initial
Repositories are managed in Oracle Solaris 11 by the
pkg.depotd daemon. You can configure and start instances of this daemon using the Oracle Solaris Service Management Facility (SMF).
Listing 1 shows an example of how to configure our Release repository service. We have chosen to run the daemon on port
# svccfg -s pkg/server add s11ReleaseRepo # svccfg -s pkg/server:s11ReleaseRepo setprop pkg/port=10081 # svccfg -s pkg/server:s11ReleaseRepo setprop pkg/inst_root=/export/S11ReleaseRepo # svccfg -s pkg/server:s11ReleaseRepo setprop pkg/readonly=true # svccfg -s pkg/server:s11ReleaseRepo setprop pkg/proxy_base = astring: http://pkg.example.com/s11ReleaseRepo # svccfg -s pkg/server:s11ReleaseRepo setprop pkg/threads = 200 # svcadm refresh application/pkg/server:S11ReleaseRepo # svcadm enable application/pkg/server:S11ReleaseRepo
Listing 1. Configuring the Release Repository Service
You can also make SMF configuration changes using the
svccfg interactive interface.
pkg/proxy_base configuration property is an optional property that can be used if you plan to access your package repository via Apache. This allows you to use, for example, a URL of
http://pkg.example.com/s11ReleaseRepo, rather than
http://pkg.example.com:10081. Setting up the repository in this way is advantageous because the repository will work through HTTP proxy servers and end users can use a descriptive URL rather a port number.
If you choose to use an Apache HTTP server so that the package repositories can be accessed via HTTP (or HTTPS) rather than directly through the file system, you now must configure the server to map our URL (
http://pkg.example.com/s11ReleaseRepo) to the port where the
pkg.depotd is running (
http://pkg.example.com:10081). To do this, you need to add the following to your
ProxyPass /s11ReleaseRepo http://pkg.example.com:10081 nocanon max=200
To activate this change, you need to do one of the following:
# svcadm restart svc:/network/http:apache22
# svcadm enable svc:/network/http:apache22
Now that we have now created a copy of the Oracle Solaris 11 Release repository, clients can install software directly from
http://pkg.example.com/s11ReleaseRepo rather than needing external network access to
Next, we will look at creating the local Support and Development repositories. The Support repository will be used to roll out changes that you have tested across your organization, and the Development repository will be used to mirror the latest Support Repository Update (SRU) changes from Oracle.
Initially, the Support and Development repositories will be the same as the Release repository you just created. We can use
zfs clone to create copies of the repository file systems rather than needing to use
pkgrecv to pull the content over the network again from Oracle.
# zfs clone rpool/export/s11ReleaseRepo@initial rpool/export/s11SupportRepo # zfs clone rpool/export/s11ReleaseRepo@initial rpool/export/s11DevelopmentRepo
Again, we will make a ZFS snapshot of these repositories for future use. It is recommended that ZFS snapshots be taken anytime new content is added to a repository to provide a convenient way to roll back to an earlier snapshot if necessary.
# zfs snapshot rpool/export/s11DevelopmentRepo@initial # zfs snapshot rpool/export/s11SupportRepo@initial
Caution: Pay careful attention to changing the repository name, path, Apache proxy base, and port number during configuration.
Every month or so, Oracle issues new updates to the Oracle Solaris 11 Support Repository. This repository is available only to customers with a support contract, and a support contract is required to obtain the updates.
We will use the Development repository to populate the latest changes from Oracle, either directly from the Oracle repository itself or through incremental SRU ISO images.
Obtain your SSL key and certificates from https://pkg-register.oracle.com/. You will need your My Oracle Support login to download the key and certificate pair. Once they have been downloaded, you can use
pkgrecv again to update the contents of the Development repository.
# pkgrecv -s https://pkg.oracle.com/solaris/support \
-d /export/s11DevelopmentRepo \
--key /path/to/ssl_key --cert /path/to/ssl_cert solaris '*'
Remember that since we made a change to the repository, it is always a good idea to create a ZFS snapshot for our current position. The snapshot names should be meaningful, such as
# zfs snapshot rpool/export/s11Development@sru04-2012-03-01
If you choose to manage your repository using
pkg.depod (instead of using a file-based repository), you must restart the appropriate SMF service.
# svcadm restart pkg/server:s11DevelopmentRepo
Alternatively, you can update your repository from the ISO images, which you can download from My Oracle Support (login required).
First, we mount the ISO image as a file system on the server:
# mount -F hsfs full_path_to/sol-11-1111-sruN-bldnum-incr-repo.iso /mnt
Once we have mounted the ISO image, we can use
pkgrecv to copy the updates from one file system repository to another. There is no need to specify an SSL key and certificate when using the ISO image.
# pkgrecv -s /mnt/repo -d file:///export/s11DevelopmentRepo '*'
Next, we need to rebuild the search index for the repository to reflect the latest updates:
# pkgrepo rebuild -s /export/s11DevelopmentRepo
And, once again, we need to create a ZFS snapshot for our current position and start the SMF service, if necessary:
# zfs snapshot rpool/export/s11DevelopmentRepo@sru04-2012-03-01 # svcadm restart pkg/server:s11DevelopmentRepo
After performing the necessary testing on your Development repository, it is time to roll out the changes to your Support repository so users can obtain the updates. We can make these changes using the
pkgrecv command as follows:
# pkgrecv -s /export/s11DevelopmentRepo -d file:///export/s11SupportRepo '*'
Then we need to rebuild the search indexes for the repository, take a ZFS snapshot, and restart the appropriate SMF service:
# pkgrepo rebuild -s /export/s11SupportRepo # zfs snapshot rpool/export/s11SupportRepo@sru04-2012-03-08 # svcadm restart pkg/server:s11SupportRepo
Occasionally, you might encounter a problem, which means that you cannot install a particular SRU in your environment. In this case, you will need to roll back your repository to a previous snapshot. This is easily accomplished using the ZFS rollback mechanism (the
zfs rollback command) and then restarting the SMF service:
# zfs rollback -r rpool/export/S11Development@SRU3-2012-02-15 # svcadm restart pkg/server:s11SupportRepo
Note: Ideally, you will not roll back changes on a repository from which systems have installed packages, because that might lead to dependency resolution problems during a system update. If dependency resolution problems occur, you will need to revert to a previous boot environment on any affected systems.
The Image Packaging System is a network-based package management system that enables systems to install software packages from locally or network-connected package repositories. To use this new Oracle Solaris 11 capability, it is wise to employ best practices in environments that have network restrictions or internal software change control.
Here are relevant SRU resources:
And here are additional Oracle Solaris 11 resources:
Albert White is a Principal Software Engineer working with the Revenue Product Engineering group at Oracle focusing on Oracle Solaris 11 and the Image Packaging System. Albert joined Oracle as part of the Sun Microsystems acquisition.
|Revision 1.1, 04/28/2014|