Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Thursday, June 13, 2019
 
 

pkg.depot-config(8)

Name

pkg.depot-config - Image Packaging System HTTP depot configuration generator

Synopsis

/usr/lib/pkg.depot-config ( -d repository_dir | -S )
    -r runtime_dir [-c cache_dir] [-s cache_size] [-p port]
    [-h hostname] [-l logs_dir] [-T template_dir]
    [-A] [-t server_type] ( ([-F] [-P server_prefix] ) |
    [--https ( (--cert server_cert_file --key server_key_file
    [--cert-chain ssl_cert_chain_file] ) |
    --cert-key-dir cert_key_directory )
    [ (--ca-cert ca_cert_file --ca-key ca_key_file ) ]
    [--smf-fmri smf_pkg_depot_fmri] ] )

Description

pkg.depot-config generates the configuration files for the Image Packaging System (IPS) depot. The IPS depot provides scalable read-only access to IPS package repositories over HTTP.

The IPS depot is configured using the svc:/application/pkg/depot Service Management Facility (SMF) service in conjunction with one or more instances of the svc:/application/pkg/server service.

pkg.depot-config generates a configuration for use by the pkg/depot service, or the pkg.depot-config command can be invoked on the command line to generate a standalone configuration.

To change depot configuration, modify the properties of the pkg/depot service or the appropriate pkg/server service instance and refresh the instance. Modifying pkg/server service instance states can cause the pkg/depot service to be refreshed and the depot configuration files to be regenerated.

To serve multiple repositories, you need a separate pkg/server service instance for each repository but only one pkg/depot service instance. Each instance of the pkg/server service maps to an IPS repository specified by the pkg/inst_root service property. The pkg/server service does one of the following:

  • Runs an associated pkg.depotd process to serve the content of the repository.

  • Runs no processes and instead helps to configure the pkg.depot service.

Each repository is supported by a pkg/server service instance. A repository might also be supported by the pkg/depot:default service. If the pkg/standalone property of a particular pkg/server instance is set to true, then the repository is served by the pkg.depotd process. If the pkg/standalone property of a particular pkg/server instance is set to false, then the repository is served by the pkg/depot:default service. Each pkg/server instance either runs pkg.depotd or contributes configuration information (the pkg/inst_root location of the repository) to pkg/depot:default.

When you enable a pkg/server instance for which the pkg/standalone property set to false and the pkg/readonly property set to true, the pkg/depot:default configuration is refreshed, and that repository is served by the pkg/depot:default service. When you disable that same pkg/server instance, the pkg/depot:default service is refreshed, and that repository is no longer served by the pkg/depot:default service.

You can configure the depot manually by using the pkg.depot-config command with the –F option. The –F option produces a web server configuration file that can be added to an existing web server. In this case, the depot runs with reduced functionality: pkg search support and the depot browser user interface are not available. All other pkg(1) functionality required to install and update Oracle Solaris 11 systems is available.

    Use one of the following methods to pass repository paths and configuration to the depot server:

  • Use the pkg.depot-config command with the –S option. The –S option causes pkg.depotd to query the system for all instances of the pkg/server service that are marked as online and have the pkg/standalone property set to false and the pkg/readonly property set to true.

  • Use the pkg.depot-config command with the –d option. The –d option provides a path to the pkg(7) repository to use. Multiple –d options are accepted.

Repositories must have file permissions that permit the files and directories in the repositories to be read by the pkg5srv user.

Options

The following options are supported:

–d prefix=repository_dir

Specify the path to a pkg(7) file repository to use. The prefix is used as a prefix into the depot-config web server namespace where this repository can be accessed. The repository_dir is a directory that contains a version 4 (the default) pkg(7) package repository. The value of repository_dir will be included in the depot server configuration. The –d option cannot be used with the –S option. At least one –d option is required if the –S option is not used. Multiple –d options are allowed.

–S

Query the system for repositories to use. The –S option causes pkg.depotd to query the system for all instances of the pkg/server service that are marked as online and have the pkg/standalone property set to false and the pkg/readonly property set to true. These property values allow the depot to run concurrently with pkg/server instances that do not have these properties set. See the pkg.depotd(8) man page for information about pkg.depotd. The –S option cannot be used with the –d option.

–r runtime_dir

Specify the default output directory for configuration files. This directory can also be specified by setting the config/runtime_dir property in the pkg/depot service. When the config/runtime_dir property is used, the content of this directory is recreated during pkg/depot service startup.

–c cache_dir

Specify the directory where the depot stores its cache. If the –A option is also specified, the cache directory is also used to store server-side pkg(7) search indexes. The cache_dir directory can also be specified by setting the config/cache_dir property in the pkg/depot service.

–s cache_size

Specify the maximum cache size for the depot. The cache_size value is an integer number of megabytes. If cache_size is 0, no caching is performed by the web server. The default value of cache_size is 0. If all file repositories served by the depot server are local to the depot server (not accessed over NFS), the default value of 0 is sufficient. This cache size can also be specified by setting the config/cache_max property in the pkg/depot service.

–p port

Specify the port number that the depot will listen to. The default value of port is 80. This port can also be specified by setting the config/port property in the pkg/depot service. The pkg/port property of the pkg/server service is ignored when the repository is being managed by the pkg.depot service.

–h hostname

Specify the host name to use as the argument to the Apache ServerName directive. The default value of hostname is 0.0.0.0. This host name can also be specified by setting the config/host property in the pkg/depot service.

–l logs_dir

Specify the directory where the depot stores log files. The default value of logs_dir is /var/log/pkg/depot. This directory can also be specified by setting the config/log_dir property in the pkg/depot service.

–T template_dir

Specify the directory that contains the templates used to build the depot configuration. The default value of template_dir is /etc/pkg/depot. This directory can also be specified by setting the config/template_dir property in the pkg/depot service. This directory should not need to be changed.

–A

Refresh any search indices maintained by the depot when pkgrepo refresh is invoked. By default, search indices maintained by the depot are not refreshed when pkgrepo refresh is invoked. This option can also be specified by setting the config/allow_refresh property in the pkg/depot service. Best practice is to not use the –A option or the config/allow_refresh property to refresh the index on production servers because the search index is refreshed automatically when the depot starts.

–t server_type

Specify the type of web server that pkg.depot-config should output configuration information for. In this release, for server_type, the default value is apache2 (Apache 2.4), and the accepted values are apache2 and apache22 (Apache 2.2).

–F

Produce a partial configuration that enables a web server to serve basic pkg(7) installation operations for clients using an existing web service. For an Apache web server running on the Oracle Solaris OS, the partial configuration file could be placed in /etc/apache2/2.4/conf.d. For other operating systems, consult your OS documentation to determine how to use this partial configuration file. See also the –P option.

–P server_prefix

Specify the prefix used to map the depot into the web server namespace. The –P option is intended to be used with the –F option.

–-https

Enable the HTTPS service. This option cannot be used with the –F or –P options.

–-cert server_cert_file

Specify the location of the server certificate file. This option can only be used with the –-https option. Either both the –-cert and –-key options or the –-cert-key-dir option must be used with the –-https option.

–-key server_key_file

Specify the location of the server key file. This option can only be used with the –-https option. Either both the –-cert and –-key options or the –-cert-key-dir option must be used with the –-https option.

–-cert-key-dir cert_key_directory

Specify the directory where the automatically generated certificates and keys should be stored if the –-cert and –-key options are omitted. This option can only be used with the –-https option. Either both the –-cert and –-key options or the –-cert-key-dir option must be used with the –-https option.

–-ca-cert ssl_ca_cert_file

Specify the location of the top CA certificate file. This option can only be used with the –-https option and must be used together with the –-ca-key option. This option is only used for automatically generating the server certificate based on this CA certificate and the CA key specified by the –-ca-key option.

–-ca-key ssl_ca_key_file

Specify the location of the top CA key file. This option can only be used with the –-https option and must be used together with the –-ca-cert option. This option is only used for automatically generating the server certificate based on this CA key and the CA certificate specified by the –-ca-cert option.

–-cert-chain ssl_cert_chain_file

This option can only be used with the –-https option. This option is required if the server certificate is not signed by the top level CA directly but is signed by an intermediate authority.

–-smf-fmri smf_pkg_depot_fmri

Specify the FMRI of the pkg/depot service instance. This option is used to update the corresponding SMF properties of that instance if any certificates or keys are automatically generated for that instance. This option can only be used with the –-https option.

Providing Additional Server Configuration

When the –F option is not used, and the default -t apache2 is set, the svc:/application/pkg/depot service looks in /etc/pkg/depot/conf.d at startup for additional Apache configuration files that can be used to extend the server configuration. Consult the Apache web server documentation for details on the directives that are used to configure the web server.

Examples

Example 1 Showing How a Repository Is Served

The system in this example is running multiple instances of svc:/application/pkg/server and a single instance of svc:/application/pkg/depot. The pkg/server:standalone instance has an associated pkg.depotd process. The pkg.depotd process serves the repository configured in the pkg/server:standalone service. The pkg/server:userland instance has no associated processes. The pkg/depot:default service serves the repository configured in the pkg/server:userland service.

$ svcs pkg/server
STATE    STIME    FMRI
disabled Feb_06   svc:/application/pkg/server:default
online   Feb_03   svc:/application/pkg/server:userland
online   Feb_03   svc:/application/pkg/server:standalone
$ svcs pkg/depot
STATE    STIME    FMRI
online   Feb_07   svc:/application/pkg/depot:default
$ svcprop -p pkg/standalone -p pkg/readonly \
pkg/server:standalone
true
true
$ svcprop -p pkg/standalone -p pkg/readonly \
pkg/server:userland
false
true
$ svcs -p svc:/application/pkg/server:standalone
STATE    STIME    FMRI
online   Feb_03   svc:/application/pkg/server:standalone
         Jan_31       1206 pkg.depotd
$ svcs -p svc:/application/pkg/server:userland
STATE    STIME    FMRI
online   Feb_03   svc:/application/pkg/server:userland
Example 2 Showing Processes Associated With the Depot

The following command shows httpd processes associated with the pkg/depot service.

$ svcs -p pkg/depot
STATE    STIME    FMRI
online   11:43:56 svc:/application/pkg/depot:default
         11:43:55     16969 httpd
         11:43:55     16974 httpd
         11:43:55     16975 httpd
         11:43:55     16976 httpd
         11:49:01     16990 httpd
         11:51:33     16995 httpd

Exit Status

The following exit values are returned:

0

Command succeeded.

1

Command failed.

2

Invalid command line options were specified.

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
package/pkg/depot
Interface Stability
Uncommitted

See Also

svcprop(1), svcs(1), svcadm(8), svccfg(8), pkg.depotd(8), pkg(7)

Creating Package Repositories in Oracle Solaris 11.4

https://github.com/oracle/solaris-ips