Puppet users - May 2007 - UPDATE automated installation of puppet into solaris 10 zones

On Apr 30, 2007, at 4:44 AM, Frank.Munsche@izb.de wrote:
> I''ve built a puppet solaris - package which is distributed via  
> jumpstart at installation time of a solaris 10 machine.
> It''s postinstallation registers the puppetd into smf and starts  
> puppetd afterwards. Puppetd connects to puppetmasterd, gets ist  
> certificate signed (autosig on) and the configuration stuff.
>
> Now the interesting part: a new solaris zone is installed via  
> puppet. Given a sysidcfg-template puppet brings the zone up to a  
> running state. That''s really great!
>
> But how to automate the installation of the puppet solaris -  
> package into the new zone from the non-global zone?
> The package should be installed into the non-global zone and  
> puppetd within this zone should configure the virtual machine.
>
> Unfortunately, zonecfg and zoneadm don''t give the feature to add  
> packages during initialization of a zone.
>
> Could this be accoumplished by puppet?
>
> I''ve tried the types zone and package. But the root-dir of pkgadd
(-
> R) has to be set to the root-dir of the nonglobal zone. There is   
> no such parameter for the type package.Furthermore, there should be  
> a state-dependency between the non-global zone and the instance of  
> ''package'': the package can only be installled when the
non-global
> zone is ''installled'' or ''running''
Hmm, I haven''t looked at the zones in a long time, but I always used  
shared package databases across my systems (by mount /opt/csw in all  
zones, I think), so I didn''t have this problem.

I expect you''ll have to do an exec to shell into the zone and install  
the package manually, probably using a ''refreshonly'' so it
only gets
done when the zone is first created.  As long as the package install  
starts the service, you should be golden.

  --
  Learning is not attained by chance, it must be sought for with  
ardor and
  attended to with diligence.      -- Abigail Adams
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com <http://reductivelabs.com>  |
http://madstop.com <http://madstop.com> 




You''re right, if the package content from the global zone is reflected
in
all zones, the necessary files are already there. 
Typically I try to keep additional installed packages as independent as
possible. So all additional software packages have the following parameters
set in the pkginfo file:

SUNW_PKG_ALLZONES=false
SUNW_PKG_THISZONE=true

This ensures a discrete package installation within a given zone.

I'' ve just changed this for the packages ruby, facter and puppet to
"SUNW_PKG_ALLZONES=true" . So these are in the right place after a
zone
init. 
Normally, the postinstallation script of the puppet package registers puppet
into smf and starts puppetd. Unfortunately the pkg installation scripts are
not called when a zone is created. So I''ve to call them trough the
puppetd
of the global zone.

Anyway, if I would do the exec you mentioned, there would be no need to
change the package content. I''ll try this next.


By the way, are there plans to use the zonemgr as a interface instead of the
native zoneadm / zonecfg ?
The state-change of a zone from "running" to "installed" 
can be handled
more cleanly by zonemgr which does shut down the zone instead of
''zoneadm
halt''
Zonemgr has also much more functionality for zone administration and
reconfiguration than zoneadm / zonecfg.

Zonemgr is a ksh script not yet integrated into Solaris 10 but available for
download (stable version 1.8)

http://www.opensolaris.org/os/project/zonemgr
<http://www.opensolaris.org/os/project/zonemgr> 


cheers, frank



_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users

On May 2, 2007, at 5:54 AM, Frank.Munsche@izb.de wrote:
> You''re right, if the package content from the global zone is  
> reflected in all zones, the necessary files are already there.
>
> Typically I try to keep additional installed packages as  
> independent as possible. So all additional software packages have  
> the following parameters set in the pkginfo file:
>
> SUNW_PKG_ALLZONES=false
> SUNW_PKG_THISZONE=true
>
> This ensures a discrete package installation within a given zone.
>
> I'' ve just changed this for the packages ruby, facter and puppet  
> to  "SUNW_PKG_ALLZONES=true" . So these are in the right place  
> after a zone init.
>
> Normally, the postinstallation script of the puppet package  
> registers puppet into smf and starts puppetd. Unfortunately the pkg  
> installation scripts are not called when a zone is created. So
I''ve
> to call them trough the puppetd of the global zone.
>
> Anyway, if I would do the exec you mentioned, there would be no  
> need to change the package content. I''ll try this next.
It''d be great if you documented this on the wiki, whatever you end up  
using.
> By the way, are there plans to use the zonemgr as a interface  
> instead of the native zoneadm / zonecfg ?
> The state-change of a zone from "running" to
"installed"  can be
> handled more cleanly by zonemgr which does shut down the zone  
> instead of ''zoneadm halt''
>
> Zonemgr has also much more functionality for zone administration  
> and reconfiguration than zoneadm / zonecfg.
>
> Zonemgr is a ksh script not yet integrated into Solaris 10 but  
> available for download (stable version 1.8)
>
> http://www.opensolaris.org/os/project/zonemgr
I didn''t know that zonemgr exists; I wrote the zone support for a  
company I haven''t worked with in a year, and I have no idea if they  
even use Puppet any more.

Now that providers support optional commands, this should be pretty  
easy to support, but I''d need the exact commands to run in all  
cases.  A patch would be best, of course, and would actually get it  
done much faster.

  --
  SELF-EVIDENT, adj.  Evident to one''s self and to nobody else.
                  -- Ambrose Bierce
  ---------------------------------------------------------------------
  Luke Kanies | http://reductivelabs.com | http://madstop.com