chpt12.txt revision 2562
bba7abea64e638cebc4b5f8c31c3b47ce1863d56Sachiko Wallace Chapter 12, Dealing with Zones, describes how IPS handles zones
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Papp and discusses those cases where package developers should be
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Papp aware of zones.
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis PappDeveloping packages which work consistently with zones often involves little to
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappno additional work but a few situations call for close attention from
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappdevelopers. When considering zones and packaging there are two questions which
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappneed to be answered:
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Papp1) Does anything in my package have an interface which crosses the boundary
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappbetween the global zone and non-global zones?
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Papp2) How much of my package should be installed in the non-global zone?
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis PappIf the answer to question one is yes, then it's important to place a parent
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappdependency in the package being developed. If a single package delivers both
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappsides of the interface then a parent dependency on
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Papp'feature/package/dependency/self' will ensure that the global zone and the
bba7abea64e638cebc4b5f8c31c3b47ce1863d56Sachiko Wallacenon-global zones contain the same version of the package, preventing version
bba7abea64e638cebc4b5f8c31c3b47ce1863d56Sachiko Wallaceskew across the interface. The dependency will also ensure that if the package
bba7abea64e638cebc4b5f8c31c3b47ce1863d56Sachiko Wallaceis in a non-global zone, it is present in the global zone. If the interface
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappspans multiple packages, then the package containing the non-global zone side of
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappthe interface must contain a parent dependency on the package which delivers the
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappglobal zone side of the interface. For more details on the parent dependency,
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappplease see chapter 6.
4f5edd38340e3bb8791f9912719f25b57ecc0f10Travis PappIf the answer to question two is "all of it" (and that's typically the case)
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majorthen nothing needs to be done to the package to enable it to function properly.
4f5edd38340e3bb8791f9912719f25b57ecc0f10Travis PappFor consumers of the package though, it can be reassuring to see that the
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Papppackager properly considered zone installation and decided that this package can
bba7abea64e638cebc4b5f8c31c3b47ce1863d56Sachiko Wallacefunction in one. For that reason, we encourage package developers to explicitly
bba7abea64e638cebc4b5f8c31c3b47ce1863d56Sachiko Wallacestate their package functions in both global and non-global zones. This is done
bba7abea64e638cebc4b5f8c31c3b47ce1863d56Sachiko Wallaceby adding the following action to the manifest:
4f5edd38340e3bb8791f9912719f25b57ecc0f10Travis Pappset name=variant.opensolaris.zone value=global value=nonglobal
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis PappIf the answer to question to is "none of it" (for example a package which only
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappdelivers kernel modules or drivers), then the package should specify that it
4f5edd38340e3bb8791f9912719f25b57ecc0f10Travis Pappcannot be installed in a zone. This is done by adding the following action to
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majorthe manifest:
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majorset name=variant.opensolaris.zone value=global
bba7abea64e638cebc4b5f8c31c3b47ce1863d56Sachiko WallaceIf the answer to question to is "some of it", then things get slightly more
bba7abea64e638cebc4b5f8c31c3b47ce1863d56Sachiko Wallacecomplicated. The first step is to state that the package can be installed in
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappboth global and non-global zones. Again, the action that states this is:
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappset name=variant.opensolaris.zone value=global value=nonglobal
24a9059b44f1052ab51858a86e7ca59715da8c61Peter MajorThe next step is to identify those actions which are only relevant in either the
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majorglobal or non-global zone. The global-zone-only actions should have the
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majoradditional attribute 'variant.opensolaris.zone=global' added to them.
24a9059b44f1052ab51858a86e7ca59715da8c61Peter MajorSimilarly, 'variant.opensolaris.zone=nonglobal' should be added to those actions
5956d3606770869ae43df7a7e872e293ea128371James Phillpottswhich only apply in non-global zones.
24a9059b44f1052ab51858a86e7ca59715da8c61Peter MajorIf a package has a parent dependency or has pieces which are different in global
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majorand non-global zones, it's important to test that the package works as expected
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majorin the non-global zone as well as the global zone. If the package has a parent
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majordependency on itself, then the global zone should configure the repository which
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majordelivers the package as one of its origins. The package should be installed in
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majorthe global zone, then in the non-global zone for testing. Occasionally problems
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappmay be encountered when trying to install the package in the non-global zone.
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis PappTypically the first steps to take to attack the problem are to ensure that the
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majorzoneproxy service is online in both the non-global zone and the global zone and
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majorthat the system-repository service is online in the global zone. These three
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majorservices provide publisher configuration to the non-global zone and a
d45503ba92cc3846a094981ebff073cdd2bcbae3Phill Cunningtoncommunication channel the non-global zone can use to make requests to the system
d45503ba92cc3846a094981ebff073cdd2bcbae3Phill Cunningtonpublishers. Remember that you won't be able to update the package in the
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappnon-global zone, since it has a parent dependency on itself. Initiating the
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappupdate from the global zone and allowing pkg's linked image code to update the
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappnon-global zone is the right solution. Once the package is installed in the
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappnon-global zone, testing it's functionality can begin.
4f5edd38340e3bb8791f9912719f25b57ecc0f10Travis PappIf the package does not have a parent dependency on itself, then it's not
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappnecessary to configure the publisher in the global zone nor install the package
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappthere. Further, updating the package in the global zone will not update it in
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majorthe non-global zone, causing potentially unexpected results when testing the
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappolder non-global zone package. The simplest solution in this situation is to
24a9059b44f1052ab51858a86e7ca59715da8c61Peter Majormake the publisher available to the non-global zone and install and update the
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Papppackage from within the zone. If the zone cannot access the publisher, then
c955bac1dcc9c48f1d3554ec79bffa835077738dTravis Pappconfiguring it in the global zone will work. In that case, it's still best to
d45503ba92cc3846a094981ebff073cdd2bcbae3Phill Cunningtoninstall and update the package in the non-global zone.