Simple zone management for OmniOS.
Written purely to scratch my own itch. I'm making no attempt at compatability with other Illumos distributions, or Solaris.
Zones are defined in YAML files. There's a simple and (hopefully) obvious mapping from YAML to a zone config file. For instance:
---
brand: sparse
zonepath: /zones/example
autoboot: true
fs:
- dir: /home
special: /home
type: lofs
- dir: /storage
special: /storage
type: lofs
net:
- physical: test0
'global-nic': auto
'allowed-address': 192.168.1.38/24
'defrouter': 192.168.1.1
dns:
domain: localnet
nameserver:
- 192.168.1.26
- 192.168.1.1
Compiles to:
create -b
set brand=sparse
set zonepath=/zones/example
set autoboot=true
add fs
set dir=/home
set special=/home
set type=lofs
end
add fs
set dir=/storage
set special=/storage
set type=lofs
end
add net
set physical=test0
set global-nic=auto
set allowed-address=192.168.1.38/24
set defrouter=192.168.1.1
end
add attr
set name=dns-domain
set type=string
set value=localnet
end
add attr
set name=resolvers
set type=string
set value=192.168.1.26,192.168.1.1
end
You can add extra information to the YAML file. The following extras are supported, and they happen in this order.
Add a block like this to your zone definition. All keys are optional. Things
like sortlist
will work if you add the list as an array.
dns:
domain: localnet
search: localnet
nameserver:
- 192.168.1.26
- 192.168.1.1
You can ask oozone
to install packages once the zone is created. Add the
packages
is the key with a list of FMRIs.
packages:
- 'ooce/runtime/ruby-26'
If you use Puppet, like I do, you can add a facts
hash. The facts will end
up in /etc/factor/facts.d/basic_facts.txt
. If this file is created, oozone
adds in a zbrand
fact, which I need for my stuff. (So far as I can tell, you
can't get the real brand of a zone from inside it. pkgsrc
, sparse
,
ipkg
etc all report as native
.)
facts:
role: wavefront-proxy
environment: lab
The upload
key lets you give a list of files and/or directories which will
be copied into the zone. The key is the source file in the global zone, the
value is the destination inside the zone.
upload:
/etc/release: /var/tmp/etc/release
/etc/passwd: /passwd
Use the run_cmd
key to add a list of commands you want to run in the zone
once installation is complete. The commands are run via zlogin(1)
, so their
context is inside the zone.
run_cmd:
- '/opt/ooce/bin/gem install puppet -v 5.5.0 --no-document --bindir=/opt/ooce/bin'
- '/opt/ooce/bin/puppet agent -t'
oozone
does not perform any privilege escalation on your behalf. So, you
must run it as root or with a profile which allows zone creation and arbitrary
file writing. Running with a non-zero EUID will issue a warning and give you
three seconds to hit CTRL-C and abort.
oozone create [-F] <file>...
Turn each given file into zones. If a zone exists, it is skipped, unless -F
is given, in which case the zone is destroyed and rebuilt.
oozone clone [-F] <zone> <file>...
Creates a zone described in each <file>
, based on a clone of <zone>
.
Normal rules apply: <zone>
must not be running, and you can only clone the
same brand. oozone
doesn't bother catching those kinds of errors, so you'll
just see the stderr of zoneadm
or zonecfg
.
oozone destroy <zone>...
Destroys all given zones. It won't check whether you're sure, so make certain you are.
oozone compile <file>...
Creates files suitable for zonecfg(1m)
in /var/tmp
. Doesn't require any
special privileges.
oozone customize <file>...
Re-reads the given zone definitions and enacts all the zone configuration
steps. DNS, facts, uploads etc. Not in any way guaranteed to be idempotent,
and almost certainly not of use to anyone not extending oozone
.