It is recommended that proxies be set in an image, and that only the system-repository service proxy be set. The https_proxy and http_proxy should be set in the environment when running the pkg command.
The procedures in this section are used to set proxies in the system-repository service on an internal subnet that does not have a direct connection to the IPS publisher repository. Use of this procedure overrides any proxies configured by the pkg command in the global zone. Non-global zones communicate with the system-repository over HTTP. The system-repository then accesses the publishers using the protocol for that repository as configured in the global zone.
This configuration allows the solaris non-global zones to contact the publisher set in the global zone as well. Recursive pkg operations into the solaris zones will succeed.
Example 9-3 Using https_proxy and http_proxy To Override Global Zone ProxiesFor example, assume that the software on a system running solaris non-global zones is managed by IPS and requires the use of the proxy server http_proxy=http://129.156.243.243:3128 for access to both http and https URLs. The following steps show how to use http_proxy and https_proxy environment variables and SMF service properties to allow the global zone and non-global zones to access the IPS repositories.
Note that these variables override any proxy configuration set on the origin unless the user is running the pkg command from a non-global zone to connect to the Universal Resource Identifier (URI) for a system publisher. In this case, the command goes through the system-repository.
A host name that can be resolved can also be used.
Type the following lines to set the proxy in the shell for the global zone:
# export http_proxy=http://129.156.243.243:3128 # export https_proxy=http://129.156.243.243:3128
Setting the proxy allows pkg commands to reach the publisher through the proxy server. This affects pkg operations that use an https or http URL and do not go through the system-repository for the global zone.
To allow the solaris zones on the system to use the configured system publishers directly accessible from the global zone, execute the following commands:
# svccfg -s system-repository:default setprop config/http_proxy = http://129.156.243.243:3128 # svccfg -s system-repository:default setprop config/https_proxy = http://129.156.243.243:3128
To make the change take effect in the live SMF repository, run:
# svcadm refresh system-repository
To confirm that the setting is operational, run:
# svcprop -p config/http_proxy system-repository # svcprop -p config/https_proxy system-repository
For more information on the pkg command, see the pkg(1) man page.