Go to main content

Using Puppet to Perform Configuration Management in Oracle® Solaris 11.4

Exit Print View

Updated: October 2019

Using Puppet to Configure Oracle Solaris Zones

The following example shows one way that you could define Oracle Solaris zones configuration by declaring the zone resource type in a Puppet manifest.

Example 8  Configuring Oracle Solaris Zones With Puppet

By running the puppet describe command (as shown in the following partial example output), you would first display a list of all of the attributes that you can declare for the zone resource type:

# puppet describe zone
Manages Oracle Solaris zones.


- **archive**
    The archive file containing an archived zone.

- **archived_zonename**
    The archived zone to configure and install

- **brand**

    The zone's brand type

- **clone**
    Instead of installing the zone, clone it from another zone.
    If the zone root resides on a zfs file system, a snapshot will be
    used to create the clone; if it resides on a ufs filesystem, a copy of
    zone will be used. The zone from which you clone must not be running.

- **config_profile**
    Path to the config_profile to use to configure a solaris zone.
    This is set when providing a sysconfig profile instead of running the
    sysconfig SCI tool on first boot of the zone.

- **ensure**
    The running state of the zone.  The valid states directly reflect
    the states that `zoneadm` provides.  The states are linear,
    in that a zone must be `configured`, then `installed`, and
    only then can be `running`.  Note also that `halt` is currently
    used to stop zones.
    Valid values are `absent`, `configured`, `installed`, `running`.
- **zonecfg_export**
    Contains the zone configuration information. This can be passed in
    in the form of a file generated by the zonecfg command, in the form
    of a template, or a string.

- **zonepath**
    The path to zone's file system.


The zonecfg_export attribute (shown in the preceding output) enables you to create a zone configuration file resource by using the zonecfg command as follows:

# zonecfg -z testzone1
Use 'create' to begin configuring a new zone.
zonecfg:testzone> create
create: Using system default template 'SYSdefault'
zonecfg:testzone> export -f /tmp/zone.cfg
zonecfg:testzone> exit
root@master:~# cat /tmp/zone.cfg
create -b
set zonepath=/system/zones/%{zonename}
set autoboot=false
set autoshutdown=shutdown
set ip-type=exclusive
add anet
set linkname=net0
set lower-link=auto
set configure-allowed-address=true
set link-protection=mac-nospoof
set mac-address=auto
root@master:~# cp /tmp/zone.cfg /etc/puppetlabs/code/modules/mycompany

The zone that you created becomes configurable when the zone resource type is applied. You would declare the zone resource type in the Puppet manifest as follows:

zone { 'systemazone':
  zonecfg_export => 'puppet:///modules/mycompany/zone.conf',
  ensure => 'running',

Here, the ensure attribute's value is set to installed. The value of ensure matches an acceptable status for a zone (installed, and running). In this example, a zone called systemazone is created on the node.

The last step would be to verify that the node applied the configuration to itself:

# zoneadm list -cv
  ID NAME             STATUS       PATH                       BRAND       IP
   0 global           running      /                          solaris     shared
   - systemazone      running     /system/zones/systemazone  solaris     excl

The output of the preceding command shows that the non-global zone systemazone is configured, installed, and running.