On Wed, May 25, 2011 at 07:57:50PM -0400, James Carlson wrote:
> On 05/25/11 17:27, Jens Elkner wrote:
> > On Wed, May 25, 2011 at 03:31:56PM -0400, James Carlson wrote:
> >> Jens Elkner wrote:
...
> >> Understandable desire, but I don't think using -R that way was
> >> supported. pkgadd(1M) says this:
> >>
> >> Note - The root file system of any non-
> >> global zones must not be referenced
> >> with the -R option. Doing so might
> >> damage the global zone's file sys-
> >> tem, might compromise the security
> >> of the global zone, and might damage
> >> the non-global zone's file system.
> >> See zones(5).
> >>
> >> That's from a Solaris 10 11/06 system (S10u3), and the same note is
> >> still there on OpenSolaris.
> >
> > Yes and might be the case for running zones or malicious packages.
> > But actually it is, what LU does all the time ;-)
>
> No, it's not. I wrote that part of the code. ;-}
But hopefully not the patches (12143{0|1}-49 pp) for it ;-)
> LU actually enters the zone and runs the pkgadd command inside the zone.
> It uses undocumented interfaces to bring the zones up to a "mounted"
> state when administering zones that are present in an alternate root
> environment.
Hmmm, can't find trace files anymore.
> It does not just set -R to point to the zone's root and let fly.
Ja, than I probably mixed it up with the zadm[d] -R ...
However, at least for native, not running zones I can't see any reason,
why one should not use -R. IIRC in contrast to pkgadd IPS is not running
any pre/post install scripts anymore. So it basically comes down to a
dep check, SW download and "untar" it in the [virtual] root dir. May be
hard links are a problem, but that's IMHO nothing, what the pkg stuff
can't find out/correct.
Actually, one doesn't really need pkg in a zone, as long as the global
zone admin is the zone admin as well. And if one starts removing pkg,
one can continue with python (I mean, who needs this? ;-)), than tcl/tk,
which opens the door to remove the X11 stuff and groff => ~175 MB less,
and now we would have something, 234MB vs. 407MB /, I could start with
without a bitter aftertaste - i.e. probably would not miss sparse zones
than (except its read-only fs features).
Usually, we would add the jdk and/or some convinience stuff and end up
with ~515 MB (would be nice, if the visualVM would be a separate pkg,
since not needed in a zone: ~ -30 MB). For that we certainly need to use
pkgadd (since pkg has still no relocation switch aka "-a none") - another
reason to remove pkg and company from the zone and do the
install/uninstall from outside ...
[
Just in case: If one is interested in more numbers, have a look at
http://iws.cs.uni-magdeburg.de/~elkner/osol/ips/
BTW: uiforce.patch is the patch I used to make pkg behave as I want.
(IMHO most sysadmins don't like pkg mgmt SW, which has no --force
option, because they usually know, what they wanna do/need).
]
Last but not least: Upgrades with IPS! How should that work without -R?
Rebooting the server after update/upgrade, and than reboot all zones
again (re-attach)? - starting to shiver ;-)
> Actually, I read the that initial reply you got much differently.
...
> that might concern you. It's a request for information.
Hmmm, may be I'm a victim of the responses we often got wrt. support
cases and should draw the language joker ;-)
Regards,
jel.
--
Otto-von-Guericke University http://www.cs.uni-magdeburg.de/
Department of Computer Science Geb. 29 R 027, Universitaetsplatz 2
39106 Magdeburg, Germany Tel: +49 391 67 12768
_______________________________________________
install-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/install-discuss
