Skip to main content
Solaris 11 OCA

Using ZFS Clones with Software Management

By December 28, 2013September 12th, 2022No Comments

Using ZFS as the root file-system in Oracle Solaris 11 ensures that we can make backup boot environments that can be entered into from either the GRUB boot-loader, on Intel Systems, or the OpenBoot PROM, on SPARC systems. In essence this allows us to test software installs or updates before they are fully committed allowing us as an administrator to roll back any action we require. The power of these clones has been exposed to us with the option –be-name and –back-be-name options to the IPS pkg command.

Boot Environments

Oracle Solaris 11 provides a default boot environment or BE called solaris and it is this is the sole BE used until an administrator creates their own. BEs can be managed with their own tool beadm(/usr/sbin/beadm) , however the pkg tool has support for creating BEs. A Boot Environment is a clone of the current BE and is created quickly with very limited need for disk space; but as the clone begins to differ from the parent more space will be used to support those differences. Clones should not be thought of as permanent but as simple mechanisms to test and roll-back possible solutions.

To boot to a BE on an INTEL system the mechanism is via GRUB and on SPARC systems via the OpenBoot PROM. The GRUB menu shown in the screen shot below shows the default environment Oracle Solaris 11.1.

PKG and Backup Environments

The software management tool PKG allows for clones to be created during software operations be they installs, updates or removals. In this way a very robust environment, especially for testing updates, is provided and unsuccessful operations can be rollback to the parent of the clone. There are two options available to you

  • –backup-be-name
  • –be-name

Both options will create a clone but the packaging operation differs slightly:

  1. With –be-name the packaging operation happens in the clone and not the current BE
  2. With the –backup-be-name option the clone contains the untouched environment and the software packaging operation takes place in the current BE.

As a simple analogy, think of these options as optimistic and pessimistic. If you feel the operation will be successful and in no need of rollback then you can use the –backup-be-name. The backup clone is created and we can roll back to that if needed. The operation happens in the live environment. If we are a little more pessimistic about the success of the operation then be can use the –be-name option. The operation happens in the clone and not the live environment and we can just delete the clone if it fails.

–be-name

Any operation occurs in the clone and not the current environment

In the video we will look at the GCC compiler program as the software to install. In this tutorial we can use the port scanner nmap. First we will check to see if it is installed:

pkg list | grep nmap

We can see from the output that the package nmap is not installed.

If we want to install and test later we can install it into a BE using the following command

pkg install --be-name nmap_install nmap

We are supplying the name to the BE of nmap_install in this case.

The important point here is, when we check the current environment we will notice that nmap is not installed. The installation occurred in the new BE and we will need to boot into that to see and use nmap. In this way , if we realise that nmap is not required it is possible to roll back the operation completely be reverting to the original parent BE. If we feel the operation was successful we can delete the original parent after satisfactory testing of the clone.

BE Management

We can list the boot environments with

beadm list

Here we see that the new BE will be active on the next reboot, R and solaris is the current, N. They both will show in the GRUB menu. The default option in the menu will be nmap_install, we can manually select either from the GRUB menu when booting.

Booting into this environment we should see that nmap is installed. It is NOT installed in the BE Oracle Solaris 11 but is in nmap_install. We can boot in to either environment any time we want and the differences are maintained in the clone.

If after testing we decide that we do not want the software installed we can revert to the parent.

beadm activate solaris

 

This will make the original BE the default option in GRUB and on reboot we will return to the OS without nmap installed. If we no longer need the BE we can delete it with

beadm destroy nmap_install

–backup-be-name

Any operation made with this option will occur in the current BE, the clone as the untouched OS.

We can install the package from the currently configured repository with the install sub-command. If we use the option –backup-be-name; the software operation, in this case the installation of nmap, will occur in the live environment and the clone will be without nmap installed

pkg install –backup-be-name nmap_install nmap

With this command in place the backup will be Solaris without nmap installed and the current environment will have the software installed. The active E remains as the parent and even though the grub menu will have the option to boot into nmap_install it will not be the default. We can verify this with

beadm list

Summary

Clones of the current boot environment can be created during software packaging events associated with the pkg command. Two options are available:

  • –backup-be-name : The operation happens in the current environment, The clone is created in the state without the operation completed . The clone is not active on the grub menu
  • –be-name: The operation takes place in the clone and the clone becomes active on the next boot