You have two options when connecting to the package repository from a zone. You can create persistent proxies, or specify the proxies during package install.
You set persistent proxies in an image by using the –-proxy option as described in Chapter 5, Configuring Installed Images in Updating Systems and Adding Software in Oracle Solaris 11.4.
To specify proxies during install, you modify the system-repository service properties to use the same proxies as the http_proxy and https_proxy environment variables. See the pkg(1) man page.
Access to repositories configured in the global zone is provided to non-global zones using the system-repository service. Any updates to proxies for origins in the global zone are automatically made to the system-repository configuration. Using this method, no modifications are required to the system-repository SMF service, as the following example illustrates.Example 25 Configuring the Proxy in the Global Zone
$ pfexec pkg set-publisher --proxy http://www-proxy -g http://pkg-server pub
No port specification is required unless the proxy accepts connections on a port other than 80. If zones are on the system, the system-repository service is restarted, and the proxy is used to provide access to pkg-server.
Proxies should be set in an image, and only the system-repository service proxy should be set. The https_proxy and http_proxy environment variables should be set in the environment where you run the pkg command.
You can also configure the proxies used by the system-repository SMF service, overriding any proxies configured on publishers in the global zone. The system-repository proxies can be set by using the config/http_proxy or config/https_proxy SMF properties.
For more information, see Updating Systems and Adding Software in Oracle Solaris 11.4 and the following procedure, How to Set https_proxy and http_proxy To Override Global Zone Proxies.
This procedure sets proxies in the system-repository service on an internal subnet that does not have a direct connection to the IPS publisher repository. This configuration overrides any proxies that the pkg command configured in the global zone. Non-global zones communicate with the system-repository over HTTP. The system-repository then accesses the publishers using the protocol for that repository as configured in the global zone.
This configuration allows the solaris non-global zones to contact the publisher set in the global zone as well. Recursive pkg operations into the solaris zones will succeed.
The following steps show how to use the http_proxy and https_proxy environment variables and SMF service properties to allow the global zone and non-global zones to access the IPS repositories.
Note that these environment variables override any proxy configuration set on the origin, unless the user is running the pkg command from a non-global zone to connect to the Universal Resource Identifier (URI) for a system publisher. In that case, the command goes through the system-repository.
A host name that can be resolved can also be used.
Setting the proxy enables pkg commands to reach the publisher through the proxy server. This affects pkg operations that use an https or http URL and do not go through the system-repository for the global zone. For more information about the pkg command, see the pkg(1) man page.
$ export http_proxy=http://192.0.2.0 $ export https_proxy=http://192.0.2.0
$ svccfg -s system-repository:default setprop config/http_proxy = http://192.0.2.0 $ svccfg -s system-repository:default setprop config/https_proxy = http://192.0.2.0
$ svcadm refresh system-repository
$ svcprop -p config/http_proxy system-repository $ svcprop -p config/https_proxy system-repository
you can update zones in parallel instead of serially. A parallel update provides a significant improvement in the time required to update all the zones on a system. For details and a configuration example, see Updating Multiple Non-Global Zones Concurrently in Updating Systems and Adding Software in Oracle Solaris 11.4.