One of the features that is still under development is to provide
a way to automatically keep the non-global zones in sync with
the global zone when you do a ‘pkg image-update’. The
project still needs some additional enhancements to be
able to describe the software dependencies between the
global and non-global zones. In the meantime, you must
manually ensure that you update the non-global zones after
you do an image-update and reboot the global zone. Doing
this will create new ZFS datasets for each zone which you can
then manually update so that they match the global zone software
The easiest way to update the zones is to use the new detach/attach
capabilities we added to the 2008.11 release. You can simply detach
the zone, then re-attach it. We provide some support for the zone
update on attach
option for ipkg-branded zones, so you can use ‘attach -u’ to simply update
The following shows an example of this.
# zoneadm -z jj1 detach # zoneadm -z jj1 attach -u Global zone version: pkg:/firstname.lastname@example.org,5.11-0.101:20081119T235706Z Non-Global zone version: pkg:/email@example.com,5.11-0.98:20080917T010824Z Updating non-global zone: Output follows Cache: Using /var/pkg/download. PHASE ITEMS Indexing Packages 54/54 DOWNLOAD PKGS FILES XFER (MB) Completed 54/54 2491/2491 52.76/52.76 PHASE ACTIONS Removal Phase 1253/1253 Install Phase 1440/1440 Update Phase 3759/3759 Reading Existing Index 9/9 Indexing Packages 54/54 pkg:/firstname.lastname@example.org,5.11-0.98:20080917T010824Z
Here you can see how the zone is updated when it is re-attached to the
system. This updates the software in the currently active dataset associated with
the global zone BE. If you roll-back to an earlier image, the dataset associated
with the zone and the earlier BE will be used instead of this newly updated dataset.
We’ve also enhanced the IPS code so it can use the pkg cache from the global
zone, thus the zone update is very quick.
Because the zone attach feature is implemented as a brand-specific capability,
each brand provides its own options for how zones can be attached. In addition
to the -u option, the ipkg brand supports a -a or -r option. The -a option allows
you to take an archive (cpio, bzip2, gzip, or USTAR tar) of a zone from another
system and attach it. The -r option allows you to receive the output of a ‘zfs send’
into the zone’s dataset. Either of these options can be combined with -u to
enable zone migration from one OpenSolaris system to another. An additional
option, which didn’t make it into 2008.11, but is in the development release, is
the -d option, which allows you to specify an existing dataset to be used for the
attach. The attach operation will take that dataset and add all of the properties
needed to make it usable on the current global zone BE.
If you used zones on 2008.11, you might have noticed that the zone’s dataset
is not mounted when the zone is halted. This is something we might change in
the future, but in the meantime, one final feature related to zone detach is that it
leaves the zone’s dataset mounted. This provides and easy way to access the zone’s
data. Simply detach the zone, then you can access the zone’s mounted file system,
then re-attach the zone.