IPS LAB

1 Introduction

Oracle Solaris 11 takes a new approach to lifecycle and package

management to greatly simplify the process of managing system software
helping to reduce the inherent risks of operating system maintenance,
including reducing unplanned and planned downtime. With the Image
Packaging System (IPS), administrators can install and update software from
local or remote software package repositories using a more efficient and
modernized process.

Participants in this lab will gain example-led awareness and understanding of

the following technical facilities:

 Image Packaging System Basics

 IPS command line overview
 Installing and uninstalling packages
 Obtaining information about packages
 Searching for packages
 Package manifest basics

We will go on a brief tour of the new IPS feature and help the learner gain
confidence in this new technology to be able to take their expertise to the
next step.

2 Overview

IPS automates the management of system software on Oracle Solaris 11 by

replacing patching with package updates. IPS is an efficient and network-
centric approach that includes automatic software dependency checking and
validation. IPS builds on the foundation of ZFS and utilizes its powerful
snapshot and clone features which help reduce risk by creating instant
backups and near instant roll-backs in case issues arise. Using IPS,
administrators can easily and reliably install or replicate an exact set of
software package versions across many different client machines.

Working with IPS involves these simple steps

1. Configuration of the repository, either local, remote, or both

2. Package installation, removal, and updating commands
3. Obtaining information about packages
4. Automating package installation
We will utilize the Virtual Box images that we installed in the introductory
lab.

3 Repository basics

 Software developers, or publishers, make their software available in

software package repositories from which administrators can install to
their systems.
 Oracle Solaris 11 installations are configured to have a default
publisher, Solaris, which supplies software packages from the "release"
repository: http://pkg.oracle.com/solaris/release
 Administrators can install new software packages, search for package
content, or mirror the contents of this repository locally.
 While many IPS commands that query the system (list, info, contents,
search, history) can be performed by any user, commands that make
changes to the system image must be performed by adopting an
appropriate administrative role.

Administrators can quickly see what configuration a system has by using the
pkg publisher command:

# pkg publisher

We can quickly query some basic information about this repository using the
pkgrepo info command:

# pkgrepo info –s http://pkg.oracle.com/solaris/release

3.1 Installing and uninstalling packages

Now that we’ve confirmed the repository let’s review installation of

packages.

First we’ll investigate installing the GNU GCC compiler package.

Type the pkg info command on your system to see if you can find any
information on it.

# pkg info gcc-3

Gcc-3 doesn’t appear to be installed on our system just yet.

Let’s try doing a remote inquiry.

#pkg info –r gcc-3

Examine the output and you can tell many things. We have communication
with our IPS server, the version information is listed in case we need it. The
size of the package is around 100MB, and the package is currently ‘Not
Installed’.

Also note the FMRI as you were instructed in the lectures.

Let’s go ahead and install this package but with what’s called a ‘dry-run’
installation using the ‘nv’ switch. This means that the system will go through
the actual package install without actually installing anything. This is to
troubleshoot any potential issues that may arise with this package
installation.

Note: In order to install a package, you’ll need to ‘su –‘ to the root role.
Please feel free to remain in the root role unless directed for another
exercise.

# pkg install –nv gcc-3

For a dry run (no changes have been made to the system), we used the –nv
switch. We learn from this output that this package …

 Will install one package

 Will take up about 236 megabytes of space
 Doesn’t create a new boot environment
 Doesn’t create a backup boot environment
 Changes a single service
 Will restart the svc:/application/texinfo-update:default service

Note: A boot environment is one that is created and set Active on next
reboot in order to make it the default environment. A Backup boot
environment is one that is created and not set to active so that you may
boot into it if necessary. We’ll learn about boot environments later in this
lesson

Let’s go ahead and install this package.

# pkg install gcc-3

Our package has been installed.

Verify that the gcc-3 package has been installed.

# pkg info gcc-3

Note the other information available such as the description, state, publisher,
version, build release, etc.

Even if a package doesn’t require a new boot environment or at least a

backup, you can create one yourself on installation of any package using the
below command.

Let’s uninstall gcc-3 and try again in a new boot environment which is a
manual way to create a backup copy to revert back to in case something
should go wrong with this package install.

# pkg uninstall gcc-3

Now let’s run the install command with a switch that will automatically
create a backup environment for us to protect the system if we should
encounter a problem.

The switch is --be-name

# pkg install –-be-name before-gcc gcc-3

Note: In the above output, the ‘Create boot environment:’ field now says
‘Yes’. In the screen below the screen informs us that the clone has been
updated, activated, and will be the default boot environment on next boot.

Confirm this with the beadm command:

# beadm list

Note in the output above the size of the boot environments. before-gcc is
5.32GB and solaris is only around 200k. Also note the capital letters R and N.
R stands for ‘active on next Reboot’ and N stands for ‘active Now’.

We don’t want to reboot now so let’s set the active boot environment back to
our default ‘solaris’ instance.

# beadm activate solaris

# beadm list

Note that now the ‘solaris’ instance is marked with “NR” which means that it
is Active ‘Now’ and will be Active on the next ‘Reboot’.

Let’s delete (destroy) our boot environment for now but leaving it intact
would be just as easy and require hardly any resources.
# beadm destroy before-gcc

Answer ‘y’

Verify that gcc-be is gone and solaris has been marked with NR.

# beadm list

This lab has attempted to illustrate how easy it is to install packages as well
as create backup boot environments and how few resources they need. It’s
recommended that systems administrators use backup environments as
their day to day best practices when administering and maintaining systems.

The last thing we’ll do in this section is to create a boot environment to show
how simple it is.

# beadm create solaris-backup

Note that the environment is not active and not going to be active at the
next reboot. But it’s available for us to boot into if we should need to return
to our original environment.

Boot environments are easy to create and take up few resources. Use them
often.

3.2 Getting information about a package

IPS makes it easy to get information about installed packages, whether

updates are available, and many other details about installed and not
installed packages. The first command we’ll review is the ‘pkg list’ command.

The pkg list command will return every package on the system. You can limit
the output by typing the name of an existing package.

# pkg list

# pkg list text/groff

The output will shows us a concatenated version of the ‘pkg list’ command
with no arguments. It basically lists out every package on the system. If you
run it on your system you’ll see many lines scroll by quickly. The second
package list command we give with a specific package name to show the
information that can be obtained from the command. The columns will list
the name, version and an IFO column.

The IFO column tells us …

 An ‘i’ in the I column indicates the package is installed

  An ‘f’ in the F column indicates that the package is frozen
 An ‘o’ in the O column indicates that this package is obsolete
 An ‘r’ in the O column indicates the package is available under a new
name

For example:

# pkg list –af *toolkit@latest

The ‘-af’ option lists all matching packages, including those that can’t be
installed in this image. *toolkit matches any item with the word ‘toolkit’ in it,
and @latest lists only the newest packages. This output indicates that …

 The developer/dtrace/toolkit package cannot be installed in this image.

 The “r” in the O column indicates that this package has been renamed.
The developer/dtrace/toolkit package has been renamed to
system/dtrace/dtrace-toolkit,
 system/dtrace/dtrace-toolkit is already installed.
 And nothing in the columns for nvidia/cg-toolkit indicates it’s not
installed on our system

Below is the command that will give you more information about a package
that’s installed on our system already.

# pkg info system/dtrace/dtrace-toolkit

If we try to find information on packages that aren’t installed on our system

we won’t get any results. Try getting info on the nvidia/cg-toolkit package.

# pkg info nvidia/cg-toolkit

The system will complain that there are no packages matching what you’ve
entered. Use the ‘-r’ option to query the Repository to get information on
uninstalled packages. ‘-r’ queries the remote IPS repository that you have
configured on your system.

# pkg info –r nvidia/cg-toolkit

To list the contents of a package and the paths and files that are installed
use the contents subcommand.

# pkg contents gzip

Another powerful feature of IPS is the ability to search for specific things
about the packages, like the name of a package that a file might belong to.
Use the command below to search the repository for a file called stdio.h and
the output will tell you which applications the file belongs to.

# pkg search stdio.h

3.3 Updating the system

Oracle Solaris 11 IPS technology includes the ability to update your system
to the latest packages with a single command.

To get the latest updates for the entire system at one time you can issue the
pkg update command. Use the ‘- nv’ option for a dry run to get an idea how
much work needs to be done.

# pkg update –nv

You can also update specific packages by specifying them on the command
line.

# pkg update vim@latest

If you’ve updated a package and need to back an update out you’d use the
revert command.

# pkg revert vim

3.4 Package dependencies

We can see how these relationships are managed by taking a look at the
manifest of a particular package through the pkg command. A package
manifest describes how a package is assembled and provides basic
information about the package (such as the name, version, description,
categorization, and so on), what files the package includes, and what other
packages or services the package relies on to meet its dependencies. While
many package commands filter this information into a presentable form, it is
sometimes useful to look at the package manifest directly using the ‘pkg
contents –m’ command.

Each line within the manifest is called an action. Actions describe a small
part of the overall package. The first part of each line describes the action
type: set, license, depend, dir, file, and so on. Let’s take a look at an
example of the package manifest using the ‘grep’ command on the ‘gzip’
package.

Take a look at variables that are set on installation of the gzip package.

# pkg contents –m gzip | grep set

Here we’ll take a look at the dependencies of the gzip package. You can see
that it depends on library and bash.

# pkg contents –m gzip | grep depend