Go to main content

Creating and Using Oracle® Solaris Zones

Exit Print View

Updated: August 2019
 
 

Configuring Proxies to the Package Repository for Non-Global Zones

    You have two options when connecting to the package repository from a zone. You can create persistent proxies, or specify the proxies during package install.

  • You set persistent proxies in an image by using the –-proxy option as described in Chapter 5, Configuring Installed Images in Updating Systems and Adding Software in Oracle Solaris 11.4.

  • To specify proxies during install, you modify the system-repository service properties to use the same proxies as the http_proxy and https_proxy environment variables. See the pkg(1) man page.

Access to repositories configured in the global zone is provided to non-global zones using the system-repository service. Any updates to proxies for origins in the global zone are automatically made to the system-repository configuration. Using this method, no modifications are required to the system-repository SMF service, as the following example illustrates.

Example 25  Configuring the Proxy in the Global Zone
$ pfexec pkg set-publisher --proxy http://www-proxy -g http://pkg-server pub

No port specification is required unless the proxy accepts connections on a port other than 80. If zones are on the system, the system-repository service is restarted, and the proxy is used to provide access to pkg-server.

Overriding system-repository Proxies by Using https_proxy and http_proxy

Proxies should be set in an image, and only the system-repository service proxy should be set. The https_proxy and http_proxy environment variables should be set in the environment where you run the pkg command.

You can also configure the proxies used by the system-repository SMF service, overriding any proxies configured on publishers in the global zone. The system-repository proxies can be set by using the config/http_proxy or config/https_proxy SMF properties.

For more information, see Updating Systems and Adding Software in Oracle Solaris 11.4 and the following procedure, How to Set https_proxy and http_proxy To Override Global Zone Proxies.

This procedure sets proxies in the system-repository service on an internal subnet that does not have a direct connection to the IPS publisher repository. This configuration overrides any proxies that the pkg command configured in the global zone. Non-global zones communicate with the system-repository over HTTP. The system-repository then accesses the publishers using the protocol for that repository as configured in the global zone.

This configuration allows the solaris non-global zones to contact the publisher set in the global zone as well. Recursive pkg operations into the solaris zones will succeed.

How to Set https_proxy and http_proxy To Override Global Zone Proxies

The following steps show how to use the http_proxy and https_proxy environment variables and SMF service properties to allow the global zone and non-global zones to access the IPS repositories.

Note that these environment variables override any proxy configuration set on the origin, unless the user is running the pkg command from a non-global zone to connect to the Universal Resource Identifier (URI) for a system publisher. In that case, the command goes through the system-repository.

A host name that can be resolved can also be used.

  1. Set the proxy in the shell for the global zone.

    Setting the proxy enables pkg commands to reach the publisher through the proxy server. This affects pkg operations that use an https or http URL and do not go through the system-repository for the global zone. For more information about the pkg command, see the pkg(1) man page.

    $ export http_proxy=http://192.0.2.0
    $ export https_proxy=http://192.0.2.0
  2. Enable the solaris zones on the system to use the configured system publishers that are directly accessible from the global zone.
    $ svccfg -s system-repository:default setprop config/http_proxy = http://192.0.2.0
    $ svccfg -s system-repository:default setprop config/https_proxy = http://192.0.2.0
  3. Make the change take effect in the live SMF repository.
    $ svcadm refresh system-repository
  4. Confirm that the setting is in effect.
    $ svcprop -p config/http_proxy system-repository
    $ svcprop -p config/https_proxy system-repository

See Also

you can update zones in parallel instead of serially. A parallel update provides a significant improvement in the time required to update all the zones on a system. For details and a configuration example, see Updating Multiple Non-Global Zones Concurrently in Updating Systems and Adding Software in Oracle Solaris 11.4.