solaris10/zone/common.ksh

e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# CDDL HEADER START
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# The contents of this file are subject to the terms of the
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Common Development and Distribution License (the "License").
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# You may not use this file except in compliance with the License.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# or http://www.opensolaris.org/os/licensing.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# See the License for the specific language governing permissions
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# and limitations under the License.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# When distributing Covered Code, include this CDDL HEADER in each
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# If applicable, add the following below this CDDL HEADER, with the
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# fields enclosed by brackets "[]" replaced with your own identifying
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# information: Portions Copyright [yyyy] [name of copyright owner]
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# CDDL HEADER END
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Use is subject to license terms.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekunset LD_LIBRARY_PATH
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald JelinekPATH=/usr/bin:/usr/sbin
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekexport PATH
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek. /usr/lib/brand/shared/common.ksh
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa# Values for service tags.
ab5dfd5e82c7de6e8a7172573741f3c5890a82faSTCLIENT=/usr/bin/stclient
ab5dfd5e82c7de6e8a7172573741f3c5890a82faST_PRODUCT_NAME="Solaris 10 Containers"
ab5dfd5e82c7de6e8a7172573741f3c5890a82faST_PRODUCT_REV="1.0"
ab5dfd5e82c7de6e8a7172573741f3c5890a82faST_PRODUCT_UUID="urn:uuid:2f459121-dec7-11de-9af7-080020a9ed93"
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
caaceb365d0f555e83c883de4ea0b4339d8a1eb2w_sanity_detail=$(gettext "       WARNING: Skipping image sanity checks.")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekf_sanity_detail=$(gettext  "Missing %s at %s")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekf_sanity_sparse=$(gettext  "Is this a sparse zone image?  The image must be whole-root.")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekf_sanity_vers=$(gettext  "The image release version must be 10 (got %s), the zone is not usable on this system.")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekf_not_s10_image=$(gettext  "%s doesn't look like a Solaris 10 image.")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekf_sanity_nopatch=$(gettext "Unable to determine the image's patch level.")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekf_sanity_downrev=$(gettext "The image patch level is downrev for running in a solaris10 branded zone.\n(patchlist %s)")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekf_need_newer_emul=$(gettext "The image requires a newer version of the solaris10 brand emulation.")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekf_zfs_create=$(gettext "Unable to create the zone's ZFS dataset.")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekf_no_ds=$(gettext "No zonepath dataset; the zonepath must be a ZFS dataset.")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekf_multiple_ds=$(gettext "Multiple active datasets.")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekf_no_active_ds=$(gettext "No active dataset; the zone's ZFS root dataset must be configured as\n\ta zone boot environment.")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekf_zfs_unmount=$(gettext "Unable to unmount the zone's root ZFS dataset (%s).\nIs there a global zone process inside the zone root?\nThe current zone boot environment will remain mounted.\n")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekf_zfs_mount=$(gettext "Unable to mount the zone's ZFS dataset.")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekincompat_options=$(gettext "mutually exclusive options.\n%s")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelineksanity_ok=$(gettext     "  Sanity Check: Passed.  Looks like a Solaris 10 image.")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelineksanity_fail=$(gettext   "  Sanity Check: FAILED (see log for details).")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelineke_badboot=$(gettext "Zone boot failed")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelineke_nosingleuser=$(gettext "ERROR: zone did not finish booting to single-user.")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelineke_unconfig=$(gettext "sys-unconfig failed")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekv_unconfig=$(gettext "Performing zone sys-unconfig")
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
ab5dfd5e82c7de6e8a7172573741f3c5890a82fav_no_tags=$(gettext "Service tags facility not present.")
ab5dfd5e82c7de6e8a7172573741f3c5890a82fae_bad_uuid=$(gettext "Failed to get zone UUID")
ab5dfd5e82c7de6e8a7172573741f3c5890a82fav_addtag=$(gettext "Adding service tag: %s")
ab5dfd5e82c7de6e8a7172573741f3c5890a82fav_deltag=$(gettext "Removing service tag: %s")
ab5dfd5e82c7de6e8a7172573741f3c5890a82fae_addtag_fail=$(gettext "Adding service tag failed (error: %s)")
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelineksanity_check()
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek{
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    typeset dir="$1"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    res=0
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    #
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # Check for some required directories and make sure this isn't a
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # sparse zone image.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    #
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    checks="etc etc/svc var var/svc"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    for x in $checks; do
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        if [[ ! -e $dir/$x ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            log "$f_sanity_detail" "$x" "$dir"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            res=1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    done
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # Files from SUNWcsr and SUNWcsu that are in sparse inherit-pkg-dirs.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    checks="lib/svc sbin/zonename usr/bin/chmod"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    for x in $checks; do
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        if [[ ! -e $dir/$x ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            log "$f_sanity_detail" "$x" "$dir"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            log "$f_sanity_sparse"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            res=1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    done
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
caaceb365d0f555e83c883de4ea0b4339d8a1eb2    if (( $res != 0 )); then
caaceb365d0f555e83c883de4ea0b4339d8a1eb2        log "$sanity_fail"
caaceb365d0f555e83c883de4ea0b4339d8a1eb2        fatal "$install_fail" "$ZONENAME"
caaceb365d0f555e83c883de4ea0b4339d8a1eb2    fi
caaceb365d0f555e83c883de4ea0b4339d8a1eb2
caaceb365d0f555e83c883de4ea0b4339d8a1eb2    if [[ "$SANITY_SKIP" == 1 ]]; then
caaceb365d0f555e83c883de4ea0b4339d8a1eb2        log "$w_sanity_detail"
caaceb365d0f555e83c883de4ea0b4339d8a1eb2        return
caaceb365d0f555e83c883de4ea0b4339d8a1eb2    fi
caaceb365d0f555e83c883de4ea0b4339d8a1eb2
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    #
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # Check image release to be sure its S10.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    #
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    image_vers="unknown"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if [[ -f $dir/var/sadm/system/admin/INST_RELEASE ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        image_vers=$(nawk -F= '{if ($1 == "VERSION") print $2}' \
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            $dir/var/sadm/system/admin/INST_RELEASE)
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if [[ "$image_vers" != "10" ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        log "$f_sanity_vers" "$image_vers"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        res=1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    #
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # Make sure we have the minimal KU patch we support.  These are the
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # KUs for S10u8.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    #
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if [[ $(uname -p) == "i386" ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        req_patch="141445-09"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    else
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        req_patch="141444-09"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    for i in $dir/var/sadm/pkg/SUNWcakr*
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    do
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        if [[ ! -d $i || ! -f $i/pkginfo ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            log "$f_sanity_nopatch"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            res=1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    done
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    #
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # Check the core kernel pkg for the required KU patch.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    #
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    found=0
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    for i in $dir/var/sadm/pkg/SUNWcakr*/pkginfo
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    do
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        patches=$(nawk -F= '{if ($1 == "PATCHLIST") print $2}' $i)
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        for patch in $patches
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        do
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            if [[ $patch == $req_patch ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek                found=1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek                break
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        done
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        if (( $found == 1 )); then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            break
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    done
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if (( $found != 1 )); then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        log "$f_sanity_downrev" "$patches"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        res=1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    #
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # Check the S10 image for a required version of the emulation.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    #
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    VERS_FILE=/usr/lib/brand/solaris10/version
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    s10vers_needs=0
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if [[ -f $dir/$VERS_FILE ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        s10vers_needs=$(/usr/bin/egrep -v "^#" $dir/$VERS_FILE)
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # Now get the current emulation version.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    emul_vers=$(/usr/bin/egrep -v "^#" $VERS_FILE)
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # Verify that the emulation can run this version of S10.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if (( $s10vers_needs > $emul_vers )); then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        log "$f_need_newer_emul"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        res=1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if (( $res != 0 )); then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        log "$sanity_fail"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        fatal "$install_fail" "$ZONENAME"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    vlog "$sanity_ok"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek}
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Find the active dataset under the zonepath dataset to mount on zonepath/root.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# $1 ZONEPATH_DS
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekget_active_ds() {
090f667debfb7792a579172d3f173753762ee29a    ACTIVE_DS=$1/ROOT/zbe-0
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek}
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
090f667debfb7792a579172d3f173753762ee29a# Make sure the active dataset is mounted for the zone.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekmount_active_ds() {
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    get_zonepath_ds $zonepath
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    get_active_ds $ZONEPATH_DS
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
090f667debfb7792a579172d3f173753762ee29a    # If already mounted then we're done.
090f667debfb7792a579172d3f173753762ee29a    mnted=`zfs get -H mounted $ACTIVE_DS | cut -f3`
090f667debfb7792a579172d3f173753762ee29a    [[ $mnted = "yes" ]] && return
090f667debfb7792a579172d3f173753762ee29a
090f667debfb7792a579172d3f173753762ee29a    mount -F zfs $ACTIVE_DS $zonepath/root || fail_fatal "$f_zfs_mount"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek}
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Set up ZFS dataset hierarchy for the zone root dataset.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekcreate_active_ds() {
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # Find the zone's current dataset.  This should have been created by
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # zoneadm (or the attach hook).
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    get_zonepath_ds $zonepath
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    #
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # We need to tolerate errors while creating the datasets and making the
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # mountpoint, since these could already exist from an attach scenario.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    #
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    /usr/sbin/zfs list -H -o name $ZONEPATH_DS/ROOT >/dev/null 2>&1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if (( $? != 0 )); then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        /usr/sbin/zfs create -o mountpoint=legacy -o zoned=on \
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            $ZONEPATH_DS/ROOT
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        if (( $? != 0 )); then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            fail_fatal "$f_zfs_create"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    else
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            /usr/sbin/zfs set mountpoint=legacy $ZONEPATH_DS/ROOT \
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            >/dev/null 2>&1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            /usr/sbin/zfs set zoned=on $ZONEPATH_DS/ROOT \
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            >/dev/null 2>&1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
090f667debfb7792a579172d3f173753762ee29a    get_active_ds $ZONEPATH_DS
090f667debfb7792a579172d3f173753762ee29a    zfs list -H -o name $ACTIVE_DS >/dev/null 2>&1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if (( $? != 0 )); then
090f667debfb7792a579172d3f173753762ee29a            zfs create -o canmount=noauto $ACTIVE_DS
090f667debfb7792a579172d3f173753762ee29a        (( $? != 0 )) && fail_fatal "$f_zfs_create"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    else
090f667debfb7792a579172d3f173753762ee29a            zfs set canmount=noauto $ACTIVE_DS >/dev/null 2>&1
090f667debfb7792a579172d3f173753762ee29a            zfs inherit mountpoint $ACTIVE_DS >/dev/null 2>&1
090f667debfb7792a579172d3f173753762ee29a            zfs inherit zoned $ACTIVE_DS >/dev/null 2>&1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if [ ! -d $ZONEROOT ]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        /usr/bin/mkdir -m 0755 -p $ZONEROOT || \
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            fail_fatal "$f_mkdir" "$ZONEROOT"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    /usr/bin/chmod 700 $ZONEPATH || fail_fatal "$f_chmod" "$ZONEPATH"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
090f667debfb7792a579172d3f173753762ee29a    mount -F zfs $ACTIVE_DS $ZONEROOT || fail_fatal "$f_zfs_mount"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek}
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Before booting the zone we may need to create a few mnt points, just in
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# case they don't exist for some reason.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Whenever we reach into the zone while running in the global zone we
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# need to validate that none of the interim directories are symlinks
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# that could cause us to inadvertently modify the global zone.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekmk_zone_dirs() {
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    vlog "$v_mkdirs"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if [[ ! -f $ZONEROOT/tmp && ! -d $ZONEROOT/tmp ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        mkdir -m 1777 -p $ZONEROOT/tmp || exit $EXIT_CODE
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if [[ ! -f $ZONEROOT/var/run && ! -d $ZONEROOT/var/run ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        mkdir -m 1755 -p $ZONEROOT/var/run || exit $EXIT_CODE
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if [[ ! -f $ZONEROOT/var/tmp && ! -d $ZONEROOT/var/tmp ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        mkdir -m 1777 -p $ZONEROOT/var/tmp || exit $EXIT_CODE
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if [[ ! -h $ZONEROOT/etc && ! -f $ZONEROOT/etc/mnttab ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        /usr/bin/touch $ZONEROOT/etc/mnttab || exit $EXIT_CODE
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        /usr/bin/chmod 444 $ZONEROOT/etc/mnttab || exit $EXIT_CODE
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if [[ ! -f $ZONEROOT/proc && ! -d $ZONEROOT/proc ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        mkdir -m 755 -p $ZONEROOT/proc || exit $EXIT_CODE
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if [[ ! -f $ZONEROOT/dev && ! -d $ZONEROOT/dev ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        mkdir -m 755 -p $ZONEROOT/dev || exit $EXIT_CODE
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if [[ ! -h $ZONEROOT/etc && ! -h $ZONEROOT/etc/svc && \
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        ! -d $ZONEROOT/etc/svc ]]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        mkdir -m 755 -p $ZONEROOT/etc/svc/volatile || exit $EXIT_CODE
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek}
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# We're sys-unconfig-ing the zone.  This will normally halt the zone, however
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# there are problems with sys-unconfig and it can hang when the zone is booted
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# to milestone=none.  Sys-unconfig also sometimes hangs halting the zone.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Thus, we take some care to workaround these sys-unconfig limitations.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# On entry we expect the zone to be booted.  We use sys-unconfig -R to make it
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# think its working on an alternate root and let the caller halt the zone.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelineksysunconfig_zone() {
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    /usr/sbin/zlogin -S $ZONENAME /usr/sbin/sys-unconfig -R /./ \
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        >/dev/null 2>&1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if (( $? != 0 )); then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        error "$e_unconfig"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        return 1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    return 0
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek}
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa#
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa# Get zone's uuid for service tag.
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa#
ab5dfd5e82c7de6e8a7172573741f3c5890a82faget_inst_uuid()
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa{
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        typeset ZONENAME="$1"
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    ZONEUUID=`zoneadm -z $ZONENAME list -p | nawk -F: '{print $5}'`
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    [[ $? -ne 0 || -z $ZONEUUID ]] && return 1
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    INSTANCE_UUID="urn:st:${ZONEUUID}"
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    return 0
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa}
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa#
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa# Add a service tag for a given zone.  We use two UUIDs-- the first,
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa# the Product UUID, comes from the Sun swoRDFish ontology.  The second
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa# is the UUID of the zone itself, which forms the instance UUID.
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa#
ab5dfd5e82c7de6e8a7172573741f3c5890a82faadd_svc_tag()
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa{
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        typeset ZONENAME="$1"
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        typeset SOURCE="$2"
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    if [ ! -x $STCLIENT ]; then
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        vlog "$v_no_tags"
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        return 0
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    fi
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    get_inst_uuid "$ZONENAME" || (error "$e_bad_uuid"; return 1)
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    vlog "$v_addtag" "$INSTANCE_UUID"
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    $STCLIENT -a \
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        -p "$ST_PRODUCT_NAME" \
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        -e "$ST_PRODUCT_REV" \
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        -t "$ST_PRODUCT_UUID" \
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        -i "$INSTANCE_UUID" \
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        -P "none" \
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        -m "Sun" \
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        -A `uname -p` \
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        -z "$ZONENAME" \
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        -S "$SOURCE" >/dev/null 2>&1
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    err=$?
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    # 226 means "duplicate record," which we can ignore.
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    if [[ $err -ne 0 && $err -ne 226 ]]; then
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        error "$e_addtag_fail" "$err"
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        return 1
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    fi
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    return 0
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa}
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa#
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa# Remove a service tag for a given zone.
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa#
ab5dfd5e82c7de6e8a7172573741f3c5890a82fadel_svc_tag()
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa{
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        typeset ZONENAME="$1"
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    if [ ! -x $STCLIENT ]; then
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        vlog "$v_no_tags"
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        return 0
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    fi
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    get_inst_uuid "$ZONENAME" || (error "$e_bad_uuid"; return 1)
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    vlog "$v_deltag" "$INSTANCE_UUID"
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa        $STCLIENT -d -i "$INSTANCE_UUID" >/dev/null 2>&1
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa    return 0
ab5dfd5e82c7de6e8a7172573741f3c5890a82fa}