Chapter 24
About Packages and Patches on a Solaris System With Zones Installed (Overview)
This chapter discusses maintaining the Solaris Operating System when zones are installed. Information about adding packages and patches to the operating system in the global zone and in all installed non-global zones is provided. Information about removing packages and patches is also included. The material in this chapter supplements the existing Solaris installation and patch documentation. See the Solaris Express Release and Installation Collection and System Administration Guide: Basic Administration for more information.
This chapter covers the following topics:
Packaging and Patch Tools Overview
The Solaris packaging tools are used in administering the zones environment. The global administrator can upgrade the system to a new version of Solaris, which updates both the global and the non-global zones.
The zone administrator can use the packaging tools to administer any software installed in a non-global zone, within the limits described in this document.
The following general principles apply when zones are installed:
The global administrator can administer the software on every zone on the system.
The root file system for a non-global zone can be administered from the global zone by using the Solaris packaging and patch tools. The Solaris packaging and patch tools are supported within the non-global zone for administering co-packaged (bundled), standalone (unbundled), or third-party products.
The packaging and patch tools work in a zones-enabled environment. The tools allow a package or patch installed in the global zone to also be installed in a non-global zone.
The SUNW_PKG_ALLZONES package parameter defines the zone scope of a package. The scope determines the type of zone in which an individual package can be installed. For more information about this parameter, see SUNW_PKG_ALLZONES Package Parameter.
The SUNW_PKG_HOLLOW package parameter defines the visibility of a package if that package is required to be installed on all zones and be identical in all zones. For information about this parameter, see SUNW_PKG_HOLLOW Package Parameter.
The SUNW_PKG_THISZONE package parameter defines whether a package must be installed in the current zone only. For information about this parameter, see SUNW_PKG_THISZONE Package Parameter.
Packages that do not define values for zone package parameters have a default setting of false.
The packaging information visible from within a non-global zone is consistent with the files that have been installed in that zone using the Solaris packaging and patch tools. The visibility includes packages that have been imported from the global zone using read-only loopback mounts. See Configuring, Verifying, and Committing a Zone for more information about this process.
A change, such as a patch or package added in the global zone, can be pushed out to all of the zones. This feature maintains consistency between the global zone and each non-global zone.
The package commands can add, remove, and interrogate packages. The patch commands can add and remove patches.
Note - While operations are performed, a zone is temporarily locked. The system will also confirm a requested operation with the administrator before proceeding.
About Packages and Zones
Only a subset of the Solaris packages installed on the global zone are completely replicated when a non-global zone is installed. For example, many packages that contain the Solaris kernel are not needed in a non-global zone. All non-global zones implicitly share the same Solaris kernel from the global zone. However, even if a package's data is not required or is not of use in a non-global zone, the knowledge that a package is installed in the global zone might be required in a non-global zone. The information allows package dependencies from the non-global zones to be properly resolved with the global zone.
Packages have parameters that control how their content is distributed and made visible on a system with non-global zones installed. The SUNW_PKG_ALLZONES, SUNW_PKG_HOLLOW, and SUNW_PKG_THISZONE package parameters define the characteristics of packages on a system with zones installed. If desired, system administrators can check these package parameter settings to verify the package's applicability when applying or removing a package in a zone environment. The pkgparam command can be used to view the values for these parameters. For more information on parameters, see Package Parameter Information. See Checking Package Parameter Settings on a System with Zones Installed for usage instructions.
Patches Generated for Packages
When a patch is generated for any package, the parameters must be set to the same values as the original package.
Interactive Packages
Any package that must be interactive, which means that it has a request script, is added to the current zone only. The package is not propagated to any other zone. If an interactive package is added to the global zone, the package is treated as though it is being added by using the pkgadd command with the -G option. For more information about this option, see About Adding Packages in Zones.
Keeping Zones in Sync
It is best to keep the software installed in the non-global zones in sync with the software installed in the global zone to the maximum extent possible. This practice minimizes the difficulty in administering a system with multiple installed zones.
To achieve this goal, the package tools enforce the following rules when adding or removing packages in the global zone.
Package Operations Possible in the Global Zone
If the package is not currently installed in the global zone and not currently installed in any non-global zone, the package can be installed:
Only in the global zone, if SUNW_PKG_ALLZONES=false
In the current zone only, which is the global zone in this case, if SUNW_PKG_THISZONE=true
In the global zone and all non-global zones
If the package is currently installed in the global zone only:
The package can be installed in all non-global zones.
The package can be removed from the global zone.