In Solaris 11, the internals of zone installation are quite different than they were in Solaris 10. This difference allows the administrator far greater control of what software is installed in a zone. The rules in Solaris 10 are simple and inflexible: if it is installed in the global zone and is not specifically excluded by package metadata from being installed in a zone, it is installed in the zone. In Solaris 11, the rules are still simple, but are much more flexible: the packages you tell it to install and the packages on which they depend will be installed.
So, where does the default list of packages come from? From the AI (auto installer) manifest, of course. The default AI manifest is /usr/share/auto_install/manifest/zone_default.xml. Within that file you will find:
<software_data action="install">
<name>pkg:/group/system/solaris-small-server</name>
</software_data>
So, the default installation will install pkg:/group/system/solaris-small-server. Cool. What is that? You can figure out what is in the package by looking for it in the repository with your web browser (click the manifest link), or use pkg(1). In this case, it is a group package (pkg:/group/), so we know that it just has a bunch of dependencies to name the packages that really wants installed.
$ pkg contents -t depend -o fmri -s fmri -r solaris-small-server
FMRI
compress/bzip2
compress/gzip
compress/p7zip
...
terminal/luit
terminal/resize
text/doctools
text/doctools/ja
text/less
text/spelling-utilities
web/wget
If you would like to see the entire manifest from the command line, use pkg contents -r -m solaris-small-server.
Let's suppose that you want to install a zone that also has mercurial and a full-fledged installation of vim rather than just the minimal vim-core that is part of solaris-small-server. That's pretty easy.
First, copy the default AI manifest somewhere where you will edit it and make it writable.
# cp /usr/share/auto_install/manifest/zone_default.xml ~/myzone-ai.xml
# chmod 644 ~/myzone-ai.xml
Next, edit the file, changing the software_data section as follows:
<software_data action="install">
<name>pkg:/group/system/solaris-small-server</name>
<name>pkg:/developer/versioning/mercurial</name> <name>pkg:/editor/vim</name>
</software_data>
To figure out the names of the packages, either search the repository using your browser, or use a command like pkg search hg.
Now we are all ready to install the zone. If it has not yet been configured, that must be done as well.
# zonecfg -z myzone 'create; set zonepath=/zones/myzone'
# zoneadm -z myzone install -m ~/myzone-ai.xml
A ZFS file system has been created for this zone.
Progress being logged to /var/log/zones/zoneadm.20111113T004303Z.myzone.install
Image: Preparing at /zones/myzone/root.
Install Log: /system/volatile/install.15496/install_log
AI Manifest: /tmp/manifest.xml.XfaWpE
SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
Zonename: myzone
Installation: Starting ...
Creating IPS image
Installing packages from:
solaris
origin: http://localhost:1008/solaris/54453f3545de891d4daa841ddb3c844fe8804f55/
DOWNLOAD PKGS FILES XFER (MB)
Completed 169/169 34047/34047 185.6/185.6
PHASE ACTIONS
Install Phase 46498/46498
PHASE ITEMS
Package State Update Phase 169/169
Image State Update Phase 2/2
Installation: Succeeded
Note: Man pages can be obtained by installing pkg:/system/manual
done.
Done: Installation completed in 531.813 seconds.
Next Steps: Boot the zone, then log into the zone console (zlogin -C)
to complete the configuration process.
Log saved in non-global zone as /zones/myzone/root/var/log/zones/zoneadm.20111113T004303Z.myzone.install
Now, for a few things that I've seen people trip over:
Ignore that bit about man pages - it's wrong. Man pages are already
installed so long as the right facet is set properly. And that's a
topic for another blog entry.
If you boot the zone then just use zlogin myzone, you will see that services you care about haven't started and that svc:/milestone/config:default is starting. That is because you have not yet logged into the console with zlogin -C myzone.
If the zone has been booted for more than a very short while when you first connect to the zone console, it will seem like the console is hung. That's not really the case - hit ^L (control-L) to refresh the sysconfig(1M) screen that is prompting you for information.
