├── .gitignore ├── Attachments ├── illumos-update ├── joyent-update ├── lx-port-data.tgz ├── omnios_zpool_install.pl └── ssl_services_to_restart.sh ├── BSDLoader.md ├── Bloody.md ├── BugReports.md ├── BuildInstructions.md ├── CNAME ├── CreatingRepos.md ├── DevEnv.md ├── Developing.md ├── Ec2Ami.md ├── FetchIPSFilesWithoutPkg.md ├── GeneralAdministration.md ├── GrubTooManyBEs.md ├── HowToSignPackages.md ├── ISOrpoolCustomize.md ├── Images ├── Boot_options.png ├── Main_loader_screen.png ├── Select_boot_env.png ├── available_disks.png ├── installer_main_menu.png ├── keyboard_layout_selector.png ├── login-screen.png ├── multiple_disks_selected.png └── release-cycle.png ├── Installation.md ├── KYSTY.md ├── KayakClientOptions.md ├── KayakInteractive.md ├── KayakMultiRelease.md ├── LXSidePorting.md ├── LXZones.md ├── Maintainers.md ├── ManSections.md ├── MoreInfo.md ├── NewLinkedImages.md ├── OmniOS-on-demand.md ├── OmniOSJeOS.md ├── PXEfromNonOmniOS.md ├── Packaging.md ├── PackagingForOmniOS.md ├── PopulatingRepos.md ├── Readme.md ├── ReleaseCycle.md ├── ReleaseMedia.md ├── ReleaseNotes.md ├── ReleaseNotes ├── r151002.md ├── r151004.md ├── r151006.md ├── r151008.md ├── r151010.md ├── r151012.md ├── r151014.md ├── r151016.md ├── r151018.md ├── r151020.md └── r151022.md ├── SignedPackages.md ├── StableVsBloody.md ├── Upgrade_r151002_r151004.md ├── Upgrade_r151004_r151006.md ├── Upgrade_r151006_r151008.md ├── Upgrade_r151008_r151010.md ├── Upgrade_to_r151014.md ├── Upgrade_to_r151020.md ├── Upgrade_to_r151022.md ├── VMwareNotes.md ├── VagrantBaseboxes.md ├── VirtualBoxNotes.md ├── VirtualMachinesKVM.md ├── WeeklyReleaseHowto.md ├── _config.yml ├── _layouts └── default.html ├── assets └── css │ └── style.scss ├── buildctl.md ├── illumos-tools.md └── linked_images.md /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /Attachments/illumos-update: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | 3 | echo "HEY -- pay attention in case any of these FUBAR somehow." 4 | 5 | # Illumos-gate child. Must be a local reference copy. 6 | ILLUMOS_GATE=~/ws/illumos-gate 7 | # OmniOS child. Must be a local reference copy with an "upstream" branch. 8 | ILLUMOS_OMNIOS=~/ws/illumos-omnios 9 | 10 | pushd $ILLUMOS_GATE 11 | git pull --all 12 | popd 13 | 14 | pushd $ILLUMOS_OMNIOS 15 | git pull --all 16 | git checkout upstream 17 | git pull $ILLUMOS_GATE 18 | git checkout master 19 | 20 | echo "" 21 | echo "So far so good... I'm going to give you a chance to ^C out of here before" 22 | echo "I 'git merge upstream'. At this point, illumos-omnios's 'upstream'" 23 | echo "branch is up to date with illumos-gate, but the master branch is checked" 24 | echo "out." 25 | echo "" 26 | echo "Press RETURN to continue." 27 | read 28 | 29 | git merge upstream 30 | popd 31 | -------------------------------------------------------------------------------- /Attachments/joyent-update: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | 3 | echo "HEY -- pay attention in case any of these FUBAR somehow." 4 | echo " (Also, make sure you've run 'illumos-update' first.)" 5 | 6 | # illumos-joyent child. Must be a local reference copy. 7 | ILLUMOS_JOYENT=~/ws/illumos-joyent 8 | # OmniOS repo, make sure it has the "upstream_joyent" branch. 9 | LX_PORT=~/ws/illumos-omnios 10 | # Directory where "lx-port-data" scripts and data are kept. 11 | PORT_DATA=~/lx-port-data 12 | 13 | cd $ILLUMOS_JOYENT 14 | git pull --all 15 | 16 | # NOTE: Two-deep now... 17 | pushd $LX_PORT 18 | git pull --all 19 | git checkout upstream_joyent 20 | git pull $ILLUMOS_JOYENT 21 | git checkout master 22 | 23 | 24 | # NOTE: This bit depends on the precise text of README.OmniOS... 25 | COMMIT_LINE=`grep "Last illumos-joyent" README.OmniOS` 26 | LAST_COMMIT=`echo $COMMIT_LINE | awk '{print $4}'` 27 | 28 | echo "At this point, your $LX_PORT repo has updated joyent bits." 29 | echo "So I'm going to generate new LX port data, starting with:" 30 | echo $COMMIT_LINE 31 | echo " (i.e. commit $LAST_COMMIT)" 32 | echo "Press RETURN for me to generate..." 33 | read 34 | 35 | ls -1 $PORT_DATA | grep -q commits 36 | if [[ $? == 0 ]]; then 37 | echo "Whoa! There are 'commits' files. Please clean up." 38 | echo "" 39 | ls $PORT_DATA 40 | echo "" 41 | exit 1 42 | fi 43 | 44 | # NOTE: popd should get us back to $ILLUMOS_JOYENT 45 | popd 46 | git log --reverse --no-merges --format=%H ${LAST_COMMIT}.. > $PORT_DATA/ij-ALL-commits 47 | # NOTE: Now we're done with $ILLUMOS_JOYENT 48 | cd $PORT_DATA 49 | ./narrow-ALL.csh 50 | echo "" 51 | echo "You should cd to $LX_PORT and run" 52 | echo "$PORT_DATA/cherry-pick-or-not.sh" 53 | echo "until it runs out of commits to potentially pick." 54 | -------------------------------------------------------------------------------- /Attachments/lx-port-data.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/omniosorg/omnios-wiki/55d7b8e9a4f835d9067ade20504ff127b95d505f/Attachments/lx-port-data.tgz -------------------------------------------------------------------------------- /Attachments/omnios_zpool_install.pl: -------------------------------------------------------------------------------- 1 | #! /usr/bin/perl 2 | 3 | $args = join(' ', @ARGV); 4 | 5 | # uncomment to set size of s0 on install disk (in format syntax) 6 | $rpool_size = '5gb'; 7 | 8 | # uncomment to add additional options for zpool create 9 | $rpool_opts = '-O compression=lz4'; 10 | 11 | # uncomment to set swap size 12 | #$swap_size = '512m'; 13 | 14 | # uncomment to set dump size 15 | #$dump_size = '256m'; 16 | 17 | open(LOG, '>>/tmp/omnios_zpool_install.log'); 18 | 19 | print LOG "$0 $args\n"; 20 | if ($0 =~ /zpool$/) { 21 | if ($args =~ /^create.* (\S+)/) { 22 | $device = $1; 23 | if ($rpool_size) { 24 | $device =~ s/s0$//; 25 | open(FH, '>/tmp/format.script'); 26 | print FH "p\n0\n\n\n\n$rpool_size\nlabel\nq\nq\n"; 27 | close(FH); 28 | system("format -d $device -f /tmp/format.script > /tmp/format.out 2>&1"); 29 | } 30 | if ($rpool_opts) { 31 | $args =~ s/create -f/create -f $rpool_opts/; 32 | } 33 | system("umount /usr/sbin/zpool"); 34 | } 35 | print LOG "/tmp/zpool $args\n"; 36 | system("/tmp/zpool $args"); 37 | exit($? >> 8); 38 | } 39 | elsif ($0 =~ /zfs$/) { 40 | if ($args =~ /^create/) { 41 | if ($swap_size && $args =~ /swap$/) { 42 | $args =~ s/-V .* rpool/-V $swap_size rpool/; 43 | } 44 | if ($args =~ /dump$/) { 45 | if ($dump_size) { 46 | $args =~ s/-V .* rpool/-V $dump_size rpool/; 47 | } 48 | system("umount /usr/sbin/zfs"); 49 | } 50 | } 51 | print LOG "/tmp/zfs $args\n"; 52 | system("/tmp/zfs $args"); 53 | exit($? >> 8); 54 | } 55 | else { 56 | system("cp /usr/sbin/zpool /tmp; cp /usr/sbin/zfs /tmp"); 57 | system("mount -F lofs $0 /usr/sbin/zpool"); 58 | system("mount -F lofs $0 /usr/sbin/zfs"); 59 | } 60 | -------------------------------------------------------------------------------- /Attachments/ssl_services_to_restart.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Find a list of services to restart when OpenSSL libraries are updated. 4 | ctids=( 5 | $(for i in `pgrep -z $(zonename)`; do \ 6 | pldd $i 2>&1 | \ 7 | egrep -e 'lib(ssl|crypto).so' >/dev/null && \ 8 | ps -octid -p $i | \ 9 | sed -e '1d; s/[^0-9]//g;' ; done | \ 10 | sort -n | uniq) 11 | ) 12 | 13 | length=`expr ${#ctids[@]} - 1` 14 | elems=$(eval echo {0..$length}) 15 | 16 | for index in $elems; do \ 17 | svcs -o fmri,ctid -a | egrep "[^0-9]${ctids[$index]}$" | awk '{ print $1 }' 18 | done 19 | -------------------------------------------------------------------------------- /BSDLoader.md: -------------------------------------------------------------------------------- 1 | illumos Loader (aka. “BSD Loader”) 2 | ================================== 3 | 4 | Starting with r151022, the new illumos boot loader, ported from FreeBSD, 5 | is the default boot loader. Existing installations that use `pkg update` will 6 | continue to use GRUB for at least one reboot, though. 7 | 8 | New OmniOS installations 9 | ------------------------ 10 | 11 | A new OmniOS installation of r151022 or later will install with Loader 12 | as the boot loader. It is possible to revert to GRUB in r151022, but 13 | GRUB is likely to be removed in a post-r151022 Stable release, and 14 | should be considered deprecated for new installations. 15 | 16 | Existing OmniOS installations 17 | ----------------------------- 18 | 19 | After a `pkg update` to r151022, the next system boot will still be on 20 | GRUB. This is because [beadm](http://illumos.org/man/1m/beadm) is still 21 | the pre-r151022 version. After you boot into r151022, the next 22 | [beadm](http://illumos.org/man/1m/beadm) operation will install loader 23 | unless /etc/default/be indicates otherwise. 24 | 25 | ### I WANT TO MOVE TO LOADER AFTER UPDATE 26 | 27 | #### WARNING - DO NOT SWITCH TO LOADER IF YOU HAVE 4K LOGICAL SECTOR DISKS 28 | 29 | There is currently a bug in loader (https://www.illumos.org/issues/8303) 30 | that will result in a non-bootable system if you have any pool (\*any\* 31 | pool, not just your rpool) with 4K logical sector disks attached to the 32 | system. Disks with 4K physical sectors and 512b logical sectors are ok, 33 | but disks which have 4K logical sectors will fail. Follow the directions 34 | listed in the [Loader](BSDLoader.md) instructions to leave your 35 | system configured with grub until this bug is fixed upstream and 36 | backported to r151022. You can check your disks with the following 37 | command: 38 | 39 | ``` 40 | # echo ::sd_state | mdb -k | egrep '(^un|_blocksize)' 41 | ``` 42 | 43 | It will return output like the following: 44 | 45 | ``` 46 | un 1: ffffff0d0c58cd40 47 | un_sys_blocksize = 0x200 48 | un_tgt_blocksize = 0x200 49 | un_phy_blocksize = 0x1000 50 | un_f_tgt_blocksize_is_valid = 0x1 51 | ``` 52 | 53 | This is for a disk with a physical sector size of 4K (0x1000) and a 54 | logical sector size of 512b (0x200), which is fine. If you see 0x1000 55 | for the tgt or sys blocksize, you have a disk with 4K logical sector 56 | size, DO NOT USE LOADER until this bug is fixed or your system will not 57 | boot. 58 | 59 | #### Moving to loader 60 | 61 | This is the default after updating, but Loader does not get installed 62 | until you `beadm activate` a loader-friendly BE (including the current one). Reboots 63 | after an update without the invocation of `beadm activate` or 64 | [installboot](http://illumos.org/man/1m/installboot) will mean your 65 | machine stays with grub. You should notice an extra message about `/rpool/boot/menu.lst` being 66 | created if loader is installed for the very first time on a root pool. 67 | 68 | An old BE CAN be booted from the new Loader menu, but beadm will not 69 | work properly in that pre-Loader boot environment once booted. 70 | 71 | ### I WANT TO STAY WITH GRUB AFTER UPDATE 72 | 73 | Put `BE_HAS_GRUB=true` into `/etc/default/be` on your current r151022 boot environment. This will instruct 74 | beadm(1M) and libbe that you wish to continue with GRUB. Pre-r151022 BEs 75 | will work fine, and you can `beadm activate` between all of them. 76 | 77 | ### OH NO, I WANT TO CHANGE MY MIND 78 | 79 | Sometimes people make a mistake when selecting which loader to use. For 80 | the lifetime of r151022, such a mistake can be rectified, so long as one 81 | of the other boot environments is not a post-r151022 with GRUB removed. 82 | 83 | #### I WAS USING GRUB, BUT WANT TO SWITCH TO LOADER 84 | 85 | * Remove `/etc/default/be` on an active r151022 BE 86 | * `beadm activate ` -- you should see a message about `/rpool/boot/menu.lst` being created 87 | * You are now on loader! 88 | 89 | If the `beadm activate` fails, or you still are booting with GRUB afterwards, explicitly install loader by: 90 | 91 | ``` 92 | # rm /etc/default/be 93 | # installboot -m /boot/pmbr /boot/gptzfsboot /dev/rdsk/ 94 | # rm /rpool/boot/menu.lst 95 | # beadm activate (should reconstruct /rpool/boot/menu.lst) 96 | ``` 97 | 98 | If you have mirrored roots, do the above installboot for each ``. 99 | 100 | #### I WAS USING LOADER, BUT WANT TO REVERT TO GRUB 101 | 102 | * You will need to be in an active 2017 bloody BE. 103 | * Invoke the following: 104 | 105 | ``` 106 | # rm /rpool/boot/menu.lst 107 | # echo "BE_HAS_GRUB=true" > /etc/default/be 108 | # installgrub -m /boot/grub/stage1 /boot/grub/stage2 /dev/rdsk/ 109 | ``` 110 | 111 | If you have mirrored roots, use `installgrub -M /dev/rdsk/ /dev/rdsk/` 112 | 113 | Interacting with Loader 114 | ----------------------- 115 | 116 | The Loader main screen looks like this: 117 | 118 | ![Main loader screen)](Images/Main_loader_screen.png) 119 | 120 | Normally a 10-second countdown will display at the bottom, and if 121 | nothing is done, OmniOS itself will boot. This screen provides all of 122 | the pre-boot functionality, including an interactive forth interpreter 123 | in the “Loader Prompt”. 124 | 125 | ALL loader screens will boot OmniOS upon the press of RETURN. 126 | 127 | ### Boot Options 128 | 129 | The Boot Options screen looks like this: 130 | 131 | ![Boot Options](Images/Boot_options.png) 132 | 133 | It allows the setting of debug-message boots, pre-loading of KMDB, and 134 | redirecting the console output. 135 | 136 | ALL loader screens will boot OmniOS upon the press of RETURN. 137 | 138 | ### Selecting a Boot Environment 139 | 140 | Unlike GRUB, loader does not have any unusually small memory limits on 141 | number of selectable boot environments. They are displayed five at a 142 | time as follows: 143 | 144 | ![Selecting a Boot Environment](Images/Select_boot_env.png) 145 | 146 | Like GRUB, a selected BE is NOT marked for persistent default. Only 147 | OmniOS's (1M) command can do that. 148 | 149 | ALL loader screens will boot OmniOS upon the press of RETURN. 150 | -------------------------------------------------------------------------------- /Bloody.md: -------------------------------------------------------------------------------- 1 | Bloody Release 2 | ============== 3 | 4 | The OmniOS bloody release uses the master branches of all of the 5 | relevant git repositories. It is always an odd-number, and is one after 6 | the current stable. Right now, bloody is r151015. 7 | 8 | Unsigned packages 9 | ----------------- 10 | 11 | Starting with r151014, we require signature enforcement on packages. If 12 | you wish to switch from a stable release to bloody by using IPS, you 13 | must be cautious. Unless you install bloody from an ISO, USB, or Kayak, 14 | you will need to reduce the “omnios” publisher's signature policy. To do 15 | this is similar to the [r151014 upgrade instructions](Upgrade_to_r151014.md): 16 | 17 | After shutting down the zones gracefully (`zlogin; shutdown -i5 -g0 -y`): 18 | 19 | It would also be a good idea to take a ZFS snapshot of the zone root in 20 | case it's needed for rollback (such as if there are issues with the zone 21 | upgrade.) where is the name of the ZFS dataset whose 22 | mountpoint corresponds to the value of *zonepath* in the zone's 23 | configuration. There are child datasets under this one, so we use the 24 | option to recursively snapshot all. 25 | 26 | Because each OmniOS release has its own dedicated repo, you will first 27 | need to set the package publisher to the repository for r151014: 28 | 29 | Once you move to bloody, you have weakened the OmniOS signature policy. 30 | To upgrade out of bloody to a stable release (if it's possible), you 31 | must change the signature policy of the “omnios” publisher back to 32 | require-signatures, as shown in the [r151014 upgrade instructions](Upgrade_to_r151014.md). 33 | 34 | Instability 35 | ----------- 36 | 37 | A bloody release has no guaranteed way to upgrade out of it, but we 38 | endeavor to make it able to be upgradeable to its next stable release. 39 | The r151013 bloody cycle was upgradable to r151014. The r151011 bloody 40 | cycle was not, due to a mismanaged upgrade of a specific package bug. 41 | 42 | Modulo the [limits on number of Boot Environments](GrubTooManyBEs.md), 43 | it's recommended that BEs are kept around in case one 44 | needs to revert. If a can't-upgrade event occurs, a BE created before 45 | that bug could be used to upgrade out to the next stable. 46 | -------------------------------------------------------------------------------- /BugReports.md: -------------------------------------------------------------------------------- 1 | Reporting Issues 2 | ================ 3 | 4 | Security 5 | -------- 6 | 7 | To notify the OmniOSce developers of a security-related issue, please 8 | email pgp-encrypted to security (at) omniosce (dot) org. 9 | 10 | All Other Issues 11 | ---------------- 12 | 13 | If you have a support contract, please follow the appropriate escalation 14 | path as outlined in your contract. 15 | 16 | Other users may report runtime issues to the [discusslist](http://lists.omniti.com/mailman/listinfo/omnios-discuss) or submit 17 | a pull request on [Github](https://github.com/omniosorg/omnios-build/issues) 18 | for build issues. 19 | 20 | Since OmniOS is based on illumos, the majority of the software delivered 21 | with the system is part of the [illumos source tree](http://src.illumos.org/source/). If you are experiencing problems 22 | with the kernel or software not [added by OmniOS](https://github.com/omniti-labs/omnios-build/tree/r151006/build), 23 | the wider illumos community may be able to help as well. Please help by 24 | [reporting your issue](http://wiki.illumos.org/display/illumos/How+To+Report+Problems) 25 | so that the whole community may benefit. 26 | -------------------------------------------------------------------------------- /BuildInstructions.md: -------------------------------------------------------------------------------- 1 | Build Instructions 2 | ================== 3 | 4 | See also the [illumos developer's guide](http://illumos.org/books/dev/) 5 | if you are interested in contributing to illumos. OmniOS is a 6 | near-optimal platform for developing against 7 | [illumos-gate](https://github.com/illumos/illumos-gate) or our own 8 | downstream 9 | [illumos-omnios](https://github.com/omniti-labs/illumos-omnios). 10 | 11 | Starting with [r151016](ReleaseNotes/r151016.md) or later, 12 | [building illumos](illumos-tools.md) is much easier. Visit the 13 | [Building illumos](illumos-tools.md) page for details. 14 | 15 | ## How-to 16 | 17 | ``` 18 | # git clone https://github.com/omniosorg/omnios-build.git 19 | ``` 20 | 21 | To build a single package, including illumos as well as the third-party 22 | packages: 23 | 24 | ``` 25 | # cd omnios-build/build 26 | # ./buildctl list 27 | # ./buildctl build 28 | ``` 29 | 30 | To a first approximation, the [buildctl](buildctl.md) script goes into one of 31 | the `build/*` directories and run `./build.sh`. Every package is generated by a “simple” bash 32 | script of the same name. The job of these build scripts is to download, 33 | compile, mock-install, assemble packages and finally publish packages 34 | into the repo specified in `lib/site.sh.`. 35 | 36 | If you're only interested in re-rolling the illumos packages: 37 | 38 | ``` 39 | # cd illumos/ 40 | # ./build.sh 41 | ``` 42 | 43 | Note that the illumos build script uses a different TMPDIR than most of 44 | the other build scripts, and by default it is not under /tmp. It 45 | defaults to “/code” which is typically on its own ZFS dataset, possibly 46 | with [child datasets for different 47 | workspaces](http://wiki.illumos.org/display/illumos/Managing+multiple+workspaces). 48 | If you [build illumos](illumos-tools.md) separately, the illumos 49 | build.sh will honor the PREBUILT\_ILLUMOS variable, and wait for that 50 | nightly to finish before merging the debug and non-debug packages. 51 | 52 | Because of the annoyance with a hardwired ZFS dataset, as well as being 53 | more friendly to illumos developers who often build illumos-omnios 54 | before building the rest of the system, `buildctl` has been 55 | enhanced. See the [dedicated buildctl page](buildctl.md) for more. 56 | 57 | ## How to roll your own software 58 | 59 | One of the advantages of IPS is that it is build system agnostic. 60 | However you wish to build your software, you can get it packaged into 61 | IPS. 62 | 63 | The OmniOS build scripts are on 64 | [Github](https://github.com/omniosorg/omnios-build). If you clone the 65 | “template” branch, you will have a good starting point for rolling your 66 | own software distributions. You simply need to setup a repo and alter 67 | the file in order to specify your publisher name and repository 68 | location. 69 | 70 | A working example of this is how OmniTI's managed services group rolls 71 | its packages, which is found in the [omniti-ms 72 | branch](https://github.com/omniti-labs/omnios-build/tree/omniti-ms). 73 | 74 | ### Package Notes 75 | 76 | Certain packages have idiosyncrasies that are documented below. 77 | 78 | #### openjdk and iso-codes 79 | 80 | The software in the “omnios” publisher is insufficient to build openjdk 81 | or iso-codes. The openjdk build system requires ant and freetype2. The 82 | iso-codes require Python3. See [omnios-build issue 83 | 103](https://github.com/omniti-labs/omnios-build/issues/103). We used 84 | the [ms.omniti.com](https://pkg.omniti.com/omniti-ms) publisher to 85 | provide those packages in the past. Their build.sh scripts call out 86 | these dependencies. 87 | 88 | #### git 89 | 90 | Git documentation is written in 91 | [AsciiDoc](http://www.methods.co.nz/asciidoc/), which requires an 92 | enormous number of dependencies, adding support overhead and bloat for 93 | little benefit. We instead get the manpage tarball that is distributed 94 | along with the source tarball from 95 | and add them to the 96 | pkg proto area before packaging. 97 | 98 | The build script takes care of extracting them, but it means that both 99 | the main source and the manpages archives should be fetched to 100 | mirrors.omniti.com (or your own mirror) before building. 101 | 102 | #### kayak 103 | 104 | Kayak builds have two components: kayak, and kayak-kernel. kayak-kernel 105 | requires privilege (either run as root, with sudo(1), or with 106 | appropriate finer-grained privileges). To this end, the 107 | [buildctl](buildctl.md) script has certain variables that can help assist with 108 | worry-free Kayak builds. Otherwise, chdir()-ing directly into the `kayak-kernel/` 109 | directory and uttering `sudo ./build.sh` may work as well. 110 | 111 | Also mentioned on the [buildctl](buildctl.md) page: kayak-kernel pulls its 112 | bits from PKGURL if specified, or PKGSRVR if PKGURL is not specified. 113 | 114 | #### illumos 115 | 116 | Already mentioned above is the TMPDIR change vs. every other package. 117 | Because illumos-omnios is the largest set of source, and because many 118 | OmniOS builders make changes to illumos-omnios, the PREBUILT\_ILLUMOS 119 | variable can be exploited to install an already-built-and-packaged 120 | illumos-omnios. See the [buildctl](buildctl.md) page for more details. 121 | 122 | ## Creating Installation Media 123 | 124 | See [ReleaseMedia](ReleaseMedia.md) 125 | 126 | ## Keeping Up With The Flow 127 | 128 | See the [Maintainers](Maintainers.md) page for how we stay in sync with 129 | illumos-gate. 130 | 131 | See the [OmniOS-on-demand](OmniOS-on-demand.md) page for how the bloody repo is built 132 | every time illumos-omnios or omnios-build changes. 133 | -------------------------------------------------------------------------------- /CNAME: -------------------------------------------------------------------------------- 1 | wiki.omniosce.org -------------------------------------------------------------------------------- /CreatingRepos.md: -------------------------------------------------------------------------------- 1 | Creating Repos 2 | -------------- 3 | 4 | Why? Because it's easy. It's also a good way to separate packages with 5 | different dispositions, such as core OS vs. site-specific. 6 | 7 | First, create the repo. Any directory will do, but it's usually a good 8 | idea to make a filesystem for your repo, which is trivial with ZFS but 9 | it can be UFS or NFS just as easily. 10 | 11 | ``` 12 | # zfs create data/myrepo 13 | # pkgrepo create /data/myrepo 14 | # pkgrepo set -s /data/myrepo publisher/prefix=myrepo.example.com 15 | ``` 16 | 17 | The last command sets the default publisher to be “myrepo.example.com”. 18 | A *publisher* is an entity that builds packages. Publishers are named 19 | for uniqueness among a list of possible software providers. Using 20 | Internet domain-style names or registered trademarks provides a natural 21 | namespace. 22 | 23 | At this point there is a fully-functioning pkg repository at `file:///data/myrepo`. The local 24 | machine can use this repository, but it's more likely that you'll want 25 | other machines to be able to access this repo. 26 | 27 | Configure pkg.depotd to provide remote access. pkg.depotd provides an 28 | HTTP interface to a pkg repo. Here we are going to make the repo server 29 | listen on port 10000, and use the repo dir we created as its default. 30 | 31 | ``` 32 | # svcadm disable pkg/server 33 | # svccfg -s pkg/server setprop pkg/inst_root = /data/myrepo 34 | # svccfg -s pkg/server setprop pkg/port = 10000 35 | # svcadm refresh pkg/server 36 | # svcadm enable pkg/server 37 | ``` 38 | 39 | ### Additional Depot Servers 40 | 41 | To create a additional depot servers, create a new instance of the 42 | pkg/server service for each repository you wish to serve. You'll need to 43 | change the filesystem path to the root of the repository, and optionally 44 | the port to listen on and whether to allow publishing. 45 | 46 | ``` 47 | # svccfg -s pkg/server 48 | svc:/application/pkg/server> add mycoolsw 49 | svc:/application/pkg/server> select mycoolsw 50 | svc:/application/pkg/server:mycoolsw> addpg pkg application 51 | svc:/application/pkg/server:mycoolsw> setprop pkg/inst_root = astring: "/data/mycoolsw" 52 | svc:/application/pkg/server:mycoolsw> setprop pkg/port = count: 10003 53 | svc:/application/pkg/server:mycoolsw> setprop pkg/readonly = false 54 | svc:/application/pkg/server:mycoolsw> exit 55 | # svcadm refresh pkg/server:mycoolsw 56 | # svcadm enable pkg/server:mycoolsw 57 | ``` 58 | 59 | There is now a depot server running at port 10003 that allows publishing 60 | (the default is read-only). Note that pkg.depotd provides no 61 | authentication, so you may wish to put a reverse-proxy server in front 62 | of it if you are going to expose the service publicly. The proxy would 63 | need to limit request methods to HEAD and GET for untrusted users. 64 | -------------------------------------------------------------------------------- /DevEnv.md: -------------------------------------------------------------------------------- 1 | Setting Up A Basic Dev Environment 2 | ================================== 3 | 4 | The default OmniOS install contains only runtime-oriented packages. It 5 | does not include a compiler, linker, system headers, etc. All of those 6 | things are available from the “omnios” publisher, so they are easy to 7 | install, but it's not obvious what the package names are. 8 | 9 | To get a basic build environment set up, do the following with root 10 | privileges: 11 | 12 | LTS 13 | --- 14 | 15 | Currently r151014 16 | 17 | ``` 18 | # pkg install developer/gcc48 19 | ``` 20 | 21 | Stable 22 | ------ 23 | 24 | Currently r151020 25 | 26 | ``` 27 | # pkg install developer/gcc51 28 | ``` 29 | 30 | Old LTS 31 | ------- 32 | 33 | Currently r151006 34 | 35 | ``` 36 | # pkg install developer/gcc47 system/library/math/header-math 37 | ``` 38 | 39 | All releases 40 | ------------ 41 | 42 | ``` 43 | # pkg install \ 44 | developer/build/autoconf \ 45 | developer/build/automake \ 46 | developer/lexer/flex \ 47 | developer/parser/bison \ 48 | developer/object-file \ 49 | developer/linker \ 50 | developer/library/lint \ 51 | developer/build/gnu-make \ 52 | library/idnkit \ 53 | library/idnkit/header-idnkit \ 54 | system/header \ 55 | system/library/math 56 | ``` 57 | 58 | This will get you enough to build most C/C++ software. 59 | 60 | Note that GCC installs into /opt/gcc-, so you'll need to add its 61 | “bin” directory to your path. For example, on r151020, you would add 62 | **/opt/gcc-5.1.0/bin** to your PATH. 63 | 64 | illumos Development 65 | ------------------- 66 | 67 | If you are going to be working on upstream illumos development, take a 68 | look at the [contribution process overview](http://wiki.illumos.org/display/illumos/How+To+Contribute) for 69 | more information. You might also want to bookmark the [illumos developer's guide](http://illumos.org/books/dev/). 70 | -------------------------------------------------------------------------------- /Developing.md: -------------------------------------------------------------------------------- 1 | Developing on (and for) OmniOS 2 | ============================== 3 | 4 | For the first several years of [illumos](http://www.illumos.org/), the 5 | default generic development platform was 6 | [OpenIndiana](http://www.openindiana.org/). It works well enough for 7 | laptops and desktops. OmniOS, while being server-focused, can now also 8 | be used to develop for illumos, either witha stock illumos-gate, or with 9 | OmniOS's illumos-omnios. 10 | 11 | People used to using `/opt/onbld/bin/nightly` on platforms may do so on 12 | OmniOS. An illumos-omnios env file needs a couple of specific settings: 13 | 14 | * Disable SMB printing by using `export ENABLE_SMB_PRINTING='#'` 15 | * Stock OmniOS installs the illumos-building gcc version in `/opt/gcc-4.4.4/`, 16 | so `export GCC_ROOT=/opt/gcc-4.4.4` 17 | * To enable linting, you should set `ONLY_LINT_DEFS` per the illumos wiki: 18 | `export ONLY_LINT_DEFS=-I${SPRO_ROOT}/sunstudio12.1/prod/include/lint` 19 | * If you wish to onu (as opposed to just checking for build sanity), set 20 | `ONNV_BUILDNUM` to the release of the machine you're ONU-ing. (e.g. If 21 | you start with the current LTS release, use `export ONNV_BUILDNUM=151022`) 22 | 23 | The onu script works if you honor the ONNV\_BUILDNUM setting above. 24 | 25 | You will be able to [develop small](http://kebesays.blogspot.com/2011/03/for-illumos-newbies-on-developing-small.html) 26 | on OmniOS. This is useful for bugfixes and even larger modifications to 27 | existing code. 28 | 29 | As mentioned in the blog post, your shell will need to set some 30 | additional variables and modify PATH when in “ws mode”. Highlights 31 | include making sure /opt/onbld/bin, /opt/onbld/bin/i386, and 32 | /usr/ccs/bin are ahead of anything else (e.g. “install” is special to 33 | onbld). Here is a sample from [my](http://kebesays.blogspot.com) own .tcshrc file: 34 | 35 | ``` 36 | if ( $?CODEMGR_WS ) then 37 | set prompt="WS-%m-WS(%c2)[%?]%% " 38 | set path = ( /opt/onbld/bin /opt/onbld/bin/i386 /usr/ccs/bin \ 39 | /export/home/danmcd/bin /bin /usr/bin /usr/local/bin \ 40 | /usr/sbin /sbin /opt/omni/bin /opt/onbld/bin /opt/SUNWspro/bin ) 41 | setenv BUILD_TOOLS /opt 42 | setenv SPRO_ROOT /opt/SUNWspro 43 | setenv ONBLD_TOOLS /opt/onbld 44 | # For OmniOS, use GCC, and ONLY gcc. 45 | setenv __GNUC "" 46 | setenv CW_NO_SHADOW 1 47 | else 48 | set prompt="%m(%c2)[%?]%% " 49 | set path = ( /export/home/danmcd/bin /bin /usr/bin /usr/local/bin \ 50 | /usr/sbin /sbin /opt/omni/bin /opt/onbld/bin /opt/SUNWspro/bin ) 51 | endif 52 | ``` -------------------------------------------------------------------------------- /FetchIPSFilesWithoutPkg.md: -------------------------------------------------------------------------------- 1 | Fetching IPS Package Files Without pkg(1) 2 | ========================================= 3 | 4 | Inspired by Gavin Sandie's work on [PXE-booting OmniOS from 5 | Debian](https://gist.github.com/3874066) I wondered how one might fetch 6 | files from an IPS repo without having access to the pkg(1) client. 7 | 8 | I snooped a pkg transaction from an OmniOS system and while this method 9 | might not be fool-proof, it's close. 10 | 11 | The first thing to understand about IPS is that it's a very 12 | network-centric packaging system, so there isn't a single-file blob 13 | containing all the package's files. They are instead ingested into a 14 | hashed directory structure and referred to by a metadata document called 15 | a manifest. The pkg(1) client fetches and reads this manifest to 16 | understand how the package should be installed, then fetches the 17 | individual file resources (if any) via HTTP and places them on the 18 | system. 19 | 20 | Let's say I want to fetch “miniroot.gz” from the package 21 | “system/install/kayak-kernel”. I first get the manifest, which I can 22 | find in the pkg server's catalog. For example, the OmniOS unstable 23 | repo's catalog is at 24 | . There I find 25 | the kayak-kernel package and view the manifest by clicking the 26 | “Manifest” link in the right-most column. 27 | 28 | 29 | 30 | That document describes the kayak-kernel package. Important for this 31 | discussion are the “file” actions. Actions express the content of the 32 | package and the properties of those contents. Here's the line that 33 | describes the miniroot.gz file. I've broken up the line for readability. 34 | 35 | ``` 36 | file f5786d808cee23acfd932ccd7d3251dca3ba376d 37 | chash=290bf1da7e9c62a0f34fb68d0458c29636b61391 38 | group=bin 39 | mode=0644 40 | owner=root 41 | path=tftpboot/kayak/miniroot.gz 42 | pkg.csize=42696769 43 | pkg.size=43353952 44 | ``` 45 | 46 | The first value after the “file” action declaration is the filename of 47 | this resource on the pkg server. When a package is published to a 48 | server, all files are named by the SHA-1 hash of their content: 49 | 50 | ``` 51 | digest -a sha1 miniroot.gz 52 | f5786d808cee23acfd932ccd7d3251dca3ba376d 53 | ``` 54 | 55 | Files are stored in a hashed directory structure in the on-disk repo: 56 | 57 | ``` 58 | /repo/omnios-bloody/publisher/omnios/file/f5/f5786d808cee23acfd932ccd7d3251dca3ba376d 59 | ``` 60 | 61 | All files are stored in gzipped form as well, and that's what the 62 | pkg.csize and pkg.size attributes indicate (compressed vs. actual size). 63 | In this case, the file is already gzipped, so it doesn't compress much 64 | more. 65 | 66 | Here's where I had to snoop an actual transaction because there is not a 67 | direct mapping from the URI of this file to the hashed directory 68 | structure. The pkg.depotd process (a simple Python-based webserver) 69 | handles the translation and knows where to fetch files from disk. 70 | 71 | By locating the file's hash name in the packet payload (the HTTP 72 | request) I could see that the URI was 73 | 74 | ``` 75 | /omnios/bloody/omnios/file/1/f5786d808cee23acfd932ccd7d3251dca3ba376d 76 | ``` 77 | 78 | `/omnios/bloody` is the mapping from our front-end Apache proxy. pkg.depotd doesn't have 79 | any sort of access control, so we put Apache in front of it to limit the 80 | allowed HTTP methods to HEAD and GET. Otherwise, anyone with network 81 | access could publish to our repo. The next “omnios” is the publisher 82 | name, which you can get from the first component of the FMRI (pkg.fmri 83 | in the first line of the manifest). Then, followed by the file hash that 84 | we found in the manifest. 85 | 86 | Note: 87 | 88 | > The URL component following file requests is “1”, which is 89 | > the version of the pkg(5) API for file actions that the client is 90 | > requesting. For other types of resources the number may be different, 91 | > but in OmniOS, is either 0 or 1. 92 | 93 | Now that we know what to request, we can grab just the file we want: 94 | 95 | ``` 96 | curl http://pkg.omniti.com/omnios/bloody/omnios/file/1/f5786d808cee23acfd932ccd7d3251dca3ba376d | \ 97 | gzip -dc > miniroot.gz 98 | 99 | digest -a sha1 miniroot.gz 100 | f5786d808cee23acfd932ccd7d3251dca3ba376d 101 | 102 | digest -a sha1 /tftpboot/kayak/miniroot.gz 103 | f5786d808cee23acfd932ccd7d3251dca3ba376d 104 | ``` 105 | 106 | I now have the exact file as was installed by pkg(1). This is useful, 107 | for example, if you're setting up PXE booting for OmniOS installs on a 108 | non-OmniOS system. Ordinarily you'd need an OmniOS system to either 109 | fetch the files via 'pkg install' or by building the miniroot and other 110 | bits from the Kayak source. 111 | 112 | A sufficiently motivated person could probably automate this too. :) 113 | -------------------------------------------------------------------------------- /GrubTooManyBEs.md: -------------------------------------------------------------------------------- 1 | Recovering from a too-large file 2 | ================================ 3 | 4 | Method 1 - Use GRUB's command line to get you booted 5 | ---------------------------------------------------- 6 | 7 | ##### NOTE - This method may not work if you have too many BEs. Experimental results have been mixed. 8 | 9 | 1. Make note of the BE name you wish to boot into. This BE should have 10 | working networking and the ability to ssh in, in case GRUB does not 11 | reset the console properly using this method. We will use “BEname” for 12 | this example. 13 | 2. Enter the GRUB command line. Its prompt is `grub> ` 14 | 3. Set the boot ZFS filesystem as follows: `bootfs rpool/ROOT/BEname` 15 | 4. Reload an EMPTY configuration file, so the memory is cleaned up and 16 | reset, as follows: `configfile /dev/null` 17 | 5. Set the boot kernel as follows: `kernel$ /platform/i86pc/kernel/amd64/unix -B $ZFS-BOOTFS` 18 | 6. Set the boot archive as follows: `module$ /platform/i86pc/amd64/boot_archive` 19 | 7. Boot the system as follows: `boot` 20 | 21 | In some of our testing on VMware Fusion, the console display would not 22 | be set properly with this method. OmniOS, however, will come up. This is 23 | why we recommend a BE that has known-working networking. Once OmniOS is 24 | booted, you can use `beadm destroy OtherBEname` to eliminate BEs that are crowding up menu.lst. 25 | 26 | Method 2 - use a ISO or USB to clean up 27 | ---------------------------------------- 28 | 29 | 1. You will have to boot off an ISO or a USB stick 30 | 2. Enter the shell 31 | 3. `mkdir /tmp/mnt` 32 | 4. `zpool import -R /tmp/mnt ` 33 | 5. Edit `/tmp/mnt//boot/grub/menu.lst` as follows 34 | 35 | You will see a lot of entries grouped like this: 36 | 37 | ``` 38 | title r151012-Dec08-backup-1 39 | bootfs rpool/ROOT/r151012-Dec08-backup-1 40 | kernel$ /platform/i86pc/kernel/amd64/unix -B $ZFS-BOOTFS 41 | module$ /platform/i86pc/amd64/boot_archive 42 | #============ End of LIBBE entry ============= 43 | title r151012-Dec08-backup-2 44 | bootfs rpool/ROOT/r151012-Dec08-backup-2 45 | kernel$ /platform/i86pc/kernel/amd64/unix -B $ZFS-BOOTFS 46 | module$ /platform/i86pc/amd64/boot_archive 47 | #============ End of LIBBE entry ============= 48 | ``` 49 | 50 | Those are two BE entries. You will need to remove BEs in five-line 51 | groups, starting with the `title` line and ending with the `====` line. Make note of 52 | which BE entries you are deleting, as you will need to explicitly delete 53 | them upon reboot. Make sure you do not delete the BE you wish to enter. 54 | ALSO, it is likely the “default” entry will be inaccurate after editing, 55 | so use GRUB to explicitly pick your BE next boot. 56 | 57 | After editing the menu.lst file down to a smaller size (30 entries or 58 | less is a good rule of thumb, anything above 40 risks triggering this 59 | problem), write out the smaller file in place. 60 | 61 | 6. `zpool export ` 62 | 7. Reboot 63 | 8. When the GRUB menu comes up, make sure you're selecting your 64 | newly-created and updated BE 65 | 9. You will now have a booted system 66 | 10. Delete the BEs you edited out of menu.lst by using repeated 67 | instances of `beadm destroy `. This will 68 | destroy the datasets that back up the BEs you deleted from GRUB 69 | 70 | The version of GRUB used in illumos does not scale well to multiple 71 | entries, because of GRUB's poor memory management. It is the illumos 72 | community's intention to eventually replace the current GRUB with 73 | something better. Community contributions are, as always, welcome. 74 | -------------------------------------------------------------------------------- /HowToSignPackages.md: -------------------------------------------------------------------------------- 1 | Signing Packages 2 | ================ 3 | 4 | This document specifies the process (but not the implementation 5 | specifics) that OmniTI uses for creating signed packages, so that 6 | interested third parties can sign their packages as well. The process is 7 | straightforward, but requires the administrator to be familiar with how 8 | SSL and IPS work. The [packaging how-to documents](Packaging.md#How-tos) will be quite helpful here. 9 | 10 | ## Prerequisites 11 | 12 | * A functioning IPS repository 13 | * An SSL CA and certificate with which to sign the packages 14 | 15 | ## Setup OmniOS CA 16 | 17 | ``` 18 | mkdir ca 19 | cd ca 20 | mkdir certs crl newcerts private 21 | chmod 700 private 22 | touch index.txt 23 | echo 1000 > serial 24 | echo 1000 > crlnumber 25 | ``` 26 | 27 | omniosce-ca.cnf: 28 | 29 | ``` 30 | [ ca ] 31 | default_ca = CA_default 32 | 33 | [ CA_default ] 34 | # Directory and file locations. 35 | dir = /home/oetiker/checkouts/omniosce-ca 36 | certs = $dir/certs 37 | crl_dir = $dir/crl 38 | new_certs_dir = $dir/newcerts 39 | database = $dir/index.txt 40 | serial = $dir/serial 41 | RANDFILE = $dir/private/.rand 42 | 43 | # The root key and root certificate. 44 | private_key = $dir/private/ca.key.pem 45 | certificate = $dir/certs/ca.cert.pem 46 | 47 | # For certificate revocation lists. 48 | crlnumber = $dir/crlnumber 49 | crl = $dir/crl/ca.crl.pem 50 | crl_extensions = crl_ext 51 | default_crl_days = 30 52 | 53 | # SHA-1 is deprecated, so use SHA-2 instead. 54 | default_md = sha256 55 | 56 | name_opt = ca_default 57 | cert_opt = ca_default 58 | default_days = 375 59 | preserve = no 60 | policy = policy_loose 61 | 62 | [ crl_ext ] 63 | # issuerAltName=issuer:copy #this would copy the issuer name to altname 64 | authorityKeyIdentifier=keyid:always 65 | 66 | [ policy_loose ] 67 | countryName = supplied 68 | stateOrProvinceName = optional 69 | localityName = supplied 70 | organizationName = supplied 71 | organizationalUnitName = optional 72 | commonName = supplied 73 | emailAddress = supplied 74 | 75 | [ req ] 76 | default_bits = 2048 77 | distinguished_name = req_distinguished_name 78 | string_mask = utf8only 79 | default_md = sha256 80 | x509_extensions = omniosce_ca 81 | 82 | [ req_distinguished_name ] 83 | countryName = Country Name (2 letter code) 84 | stateOrProvinceName = State or Province Name 85 | localityName = Locality Name 86 | 0.organizationName = Organization Name 87 | organizationalUnitName = Organizational Unit Name 88 | commonName = Common Name 89 | emailAddress = Email Address 90 | 91 | # Optionally, specify some defaults. 92 | countryName_default = GB 93 | stateOrProvinceName_default = 94 | localityName_default = 95 | 0.organizationName_default = OmniOSce or MyCompany 96 | emailAddress = github-id@omniosce.org or me@mycompany.com 97 | 98 | [ omniosce_ca ] 99 | subjectKeyIdentifier = hash 100 | authorityKeyIdentifier = keyid:always,issuer 101 | basicConstraints = critical, CA:true 102 | crlDistributionPoints = URI:https://crl.omniosce.org/root.crl 103 | keyUsage = critical, digitalSignature, cRLSign, keyCertSign 104 | 105 | [ ips_cert ] 106 | basicConstraints = CA:FALSE 107 | subjectKeyIdentifier = hash 108 | authorityKeyIdentifier = keyid,issuer 109 | keyUsage = digitalSignature 110 | extendedKeyUsage = codeSigning, clientAuth 111 | ``` 112 | 113 | edit this to change the dir= line to the ca location 114 | 115 | ``` 116 | openssl genrsa -aes256 -out private/ca.key.pem 4096 117 | ``` 118 | 119 | enter passphrase when prompted 120 | 121 | ``` 122 | openssl req -config omniosce-ca.cnf -key private/ca.key.pem \ 123 | -new -x509 -days 7300 -sha256 -extensions omniosce_ca \ 124 | -out certs/ca.cert.pem 125 | ``` 126 | 127 | answer questions for information in request 128 | 129 | ``` 130 | chmod 444 certs/ca.cert.pem 131 | ``` 132 | 133 | ### Create the Cert revokation List 134 | 135 | ``` 136 | openssl ca -config omniosce-ca.cnf -gencrl -out root.crl 137 | scp root.crl omniosce:/crl 138 | ``` 139 | 140 | ### Revoke a Certificate 141 | 142 | ``` 143 | openssl ca -config omniosce-ca.cnf -revoke newcerts/1000.pem 144 | scp root.crl omniosce:/crl 145 | ``` 146 | 147 | ### Create Cert for a Guardian 148 | 149 | First the Guardian creates a CSR 150 | 151 | ``` 152 | openssl genrsa -aes256 -out key.pem 2048 153 | openssl req -config omniosce-ca.cnf \ 154 | -key key.pem -new -sha256 -out csr.pem 155 | ``` 156 | 157 | and sends it to ca@ommniosce.org 158 | 159 | The CA then sign the csr with: 160 | 161 | ``` 162 | openssl ca -config omniosce-ca.cnf \ 163 | -extensions ips_cert -days 366 -notext \ 164 | -md sha256 -in csr.pem 165 | ``` 166 | 167 | ## Method 168 | 169 | 1. Create a repo and publish some packages to it 170 | 2. Create an SSL CA and obtain its certificate and key. Alternately, use an existing one 171 | 3. Obtain the list of packages, in FMRI form, to sign (one way to do this is, e.g., 172 | ``` 173 | pkg info -r -g $REPO_URL 'pkg:/*@*-0.151008' | grep FMRI | awk '{ print $2 }' > ~/fmris_to_sign_151008 174 | ``` 175 | which will write all the FMRIs to sign for the 151008 release to the file `fmris_to_sign_151008` 176 | 4. Sign the packages with something like 177 | 178 | ``` 179 | # pkgsign \ 180 | -c /path/to/signing.crt \ 181 | -k /path/to/signing.key \ 182 | -s $REPO_URL \ 183 | $(cat fmris_to_sign_151008) 184 | ``` 185 | 186 | Known issues / troubleshooting 187 | ------------------------------ 188 | 189 | TBD 190 | -------------------------------------------------------------------------------- /ISOrpoolCustomize.md: -------------------------------------------------------------------------------- 1 | While the recommended way to customize rpool configuration is to utilize 2 | a network install with kayak, putting together a complete dhcp/tftp/http 3 | network install environment is a bit overkill for installing one box or 4 | doing some testing. 5 | 6 | Instead, you can use this small perl script (attached) that interposes 7 | itself between the installer and the zpool creation allowing some basic 8 | customizations while doing an iso install. 9 | 10 | Boot the installer media, and pick option 3/shell prior to beginning the 11 | install. Get the attached script into `/tmp` one way or another (light up 12 | the network interface and suck it over with wget, for example) and make 13 | it executable. Execute `/tmp/omnios_zpool_install.pl` (note: use fully 14 | qualified path, not relative path) and it will copy the `zpool/zfs` 15 | binaries into `/tmp` and install itself in their place with an overlay 16 | mount. 17 | 18 | Edit the script to configure what customizations you might want to make. 19 | The first option is if you want to use less than the entire disk for the 20 | rpool. If enabled, s0 on the installation device will be modified to the 21 | size specified. The second option allows you to provide any arbitrary 22 | zpool options to the zpool create (for example, to enable compression). 23 | The last two options allow you to specify the size of swap/dump 24 | explicitly rather than using the installer generated values. 25 | 26 | Exit the shell and go back to the installer, and start the installation. 27 | Proceed through as normal, and when it is done, the created rpool should 28 | include the customizations you picked. 29 | 30 | After the install is complete, the file `/tmp/omnios_zpool_install.log` 31 | contains a rough log of what commands the installer tried to run and 32 | what commands were run instead. If you enabled the rpool size option, 33 | there will also be a file /tmp/format.out containing the output from 34 | format when trying to resize the slice. If the end result isn't what you 35 | expected, one of those might contain a clue as to what went wrong. 36 | 37 | [omnios_zpool_install.pl](Attachments/omnios_zpool_install.pl) added by henson@acm.org -------------------------------------------------------------------------------- /Images/Boot_options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/omniosorg/omnios-wiki/55d7b8e9a4f835d9067ade20504ff127b95d505f/Images/Boot_options.png -------------------------------------------------------------------------------- /Images/Main_loader_screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/omniosorg/omnios-wiki/55d7b8e9a4f835d9067ade20504ff127b95d505f/Images/Main_loader_screen.png -------------------------------------------------------------------------------- /Images/Select_boot_env.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/omniosorg/omnios-wiki/55d7b8e9a4f835d9067ade20504ff127b95d505f/Images/Select_boot_env.png -------------------------------------------------------------------------------- /Images/available_disks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/omniosorg/omnios-wiki/55d7b8e9a4f835d9067ade20504ff127b95d505f/Images/available_disks.png -------------------------------------------------------------------------------- /Images/installer_main_menu.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/omniosorg/omnios-wiki/55d7b8e9a4f835d9067ade20504ff127b95d505f/Images/installer_main_menu.png -------------------------------------------------------------------------------- /Images/keyboard_layout_selector.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/omniosorg/omnios-wiki/55d7b8e9a4f835d9067ade20504ff127b95d505f/Images/keyboard_layout_selector.png -------------------------------------------------------------------------------- /Images/login-screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/omniosorg/omnios-wiki/55d7b8e9a4f835d9067ade20504ff127b95d505f/Images/login-screen.png -------------------------------------------------------------------------------- /Images/multiple_disks_selected.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/omniosorg/omnios-wiki/55d7b8e9a4f835d9067ade20504ff127b95d505f/Images/multiple_disks_selected.png -------------------------------------------------------------------------------- /Images/release-cycle.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/omniosorg/omnios-wiki/55d7b8e9a4f835d9067ade20504ff127b95d505f/Images/release-cycle.png -------------------------------------------------------------------------------- /KYSTY.md: -------------------------------------------------------------------------------- 1 | The OmniOS Approach to Software Distribution 2 | ============================================ 3 | 4 | OmniOS embodies a philosophy we've dubbed KYSTY, for Keep Your 5 | !{Shit|Stuff|Software} To Yourself. Every OS requires a collection of 6 | third-party libraries and utilities to run itself. Applications need 7 | third-party libraries and supporting utilities too. However, **the two 8 | need not be the same.** 9 | 10 | I'll Use Mine, You Use Yours 11 | ---------------------------- 12 | 13 | In many other systems, there is a single version of a given library or 14 | language runtime that is used both by components of the system itself 15 | and by users of the system for their own applications. On the kind of 16 | time scales that enterprise OS support covers, large changes can occur 17 | in a given piece of software. A new library version might come out that 18 | offers desirable features not available in the version shipped with the 19 | OS. The new version may also break backward compatibility with existing 20 | applications. If that application happens to be a core component of the 21 | OS, then upgrading the library becomes much more difficult, if not 22 | impossible. 23 | 24 | KYSTY is, above all else, about separating as much as possible the 25 | spheres of responsibility for the OS itself and the application 26 | environment. The two necessarily have very different goals and 27 | development timelines. 28 | 29 | This Is Nothing New 30 | ------------------- 31 | 32 | It is true that there have long been, on other OSes, alternative or 33 | add-on repos full of packages, but OmniOS embraces KYSTY as a core 34 | organizing principle. We purposefully ship only what we need to build 35 | and run the OS. In many cases, these are not the most recent versions. 36 | Except in the most basic circumstance, you should not use these things 37 | in your app stack. At best, their versions are stagnant; at worst, they 38 | may go away entirely as the OS components they exist for are rewritten 39 | or removed. For example, [intrd(1M)](http://illumos.org/man/1m/intrd) is 40 | currently a Perl script. It is being [rewritten in 41 | C](http://cr.illumos.org/~webrev/0xffea/intrd-gsoc-01/), so that's one 42 | less Perl dependency. 43 | 44 | But This Is Really Inconvenient! 45 | -------------------------------- 46 | 47 | It's true, building (and maintaining) your own software stack is a lot 48 | of work. The payoff is that your application stack is truly yours. 49 | You're not at the mercy of someone else's idea of what the version of X 50 | should be, what plugins or modules are available, where things live, 51 | etc. You also have the power to make changes according to your own 52 | schedule, without waiting for someone else to provide you an update. 53 | 54 | You might not care enough about the particular build options and just 55 | want something you can install and use. That's fine. Find someone else 56 | who has done the work and made their packages available via their own 57 | publisher. OmniOS encourages a “layer cake” approach to the packaging 58 | ecosystem. [Add packages from different collections](Packaging.md) to 59 | your system to get the tools you want. 60 | -------------------------------------------------------------------------------- /KayakInteractive.md: -------------------------------------------------------------------------------- 1 | Kayak Interactive Installer 2 | =========================== 3 | 4 | Starting with r151022, the ISO and USB interactive installers are new. 5 | They install on whole-disks, and multiple disks can be selected to make 6 | mirrored rpools. Also, blkdev devices (e.g. NVMe, vioblk) can now be 7 | detected. Custom rpools can also be built, and the installer can just 8 | install the bits on a preconfigured rpool. 9 | 10 | BSD Loader Menu 11 | --------------- 12 | 13 | See the [Loader usage documentation](BSDLoader.md#InteractingwithLoader). 14 | The new ISO/USB media for r151022 and later will boot with the Loader 15 | instead of GRUB. 16 | 17 | Language Selection and Main Menu 18 | -------------------------------- 19 | 20 | Like the old installer, the first thing to come up after boot is the 21 | keyboard-layout selector: 22 | 23 | ![Keyboard-layout selector](Images/keyboard_layout_selector.png) 24 | 25 | And then the installer displays its main menu: 26 | 27 | ![Installer main menu](Images/installer_main_menu.png) 28 | 29 | The first two items are for installing on to a new root pool `rpool` . The first 30 | one goes through disk-selection (see below) followed by an installation, 31 | the second assumes `rpool` was constructed already, and proceeds straight to it. 32 | For cases where the rpool is comprised of mirrored slices (for example, 33 | to split an SSD pair between slog and rpool), the second entry should be 34 | selected. 35 | 36 | Before this installer, certain tricks like [this](ISOrpoolCustomize.md) 37 | needed to be used. Now, one can use the Shell first (option 3) to 38 | create a custom rpool as well as anything else, and then use the 39 | straight-to-pool (option 2) method for installing on the rpool. The 40 | Shell can also be used post-installation (see below). 41 | 42 | Disk Selection 43 | -------------- 44 | 45 | Available disks are displayed seven (7) at a time on one screen: 46 | 47 | ![Available disks](Images/available_disks.png) 48 | 49 | Multiple disks selected will form an N-way mirror. Only a mirror or a 50 | single-disk pool can serve as an rpool. 51 | 52 | ![Multiple disks selected](Images/multiple_disks_selected.png) 53 | 54 | Installation 55 | ------------ 56 | 57 | After rpool creation, the installer will prompt for a few more 58 | questions, including time-zone selection. Then it will `zfs receive` an on-media ZFS 59 | send stream to create `rpool/ROOT/omnios`, the first Boot Environment (BE) on this `rpool`. It 60 | will also create swap and dump datasets on `rpool`. 61 | 62 | Post-install 63 | ------------ 64 | 65 | After installation, the main menu returns. The shell is still available, 66 | and the new `rpool` is mounted on `/mnt` for further editing. `/mnt/.initialboot` contains commands that 67 | will run exactly once at first-boot time. Network configuration could be 68 | done here, for example. Other configuration on `/mnt/etc` could be done at this 69 | time as well via the shell. Once the machine reboots, the 70 | newly-installed rpool will display [Loader](BSDLoader.md) and then 71 | boot into the newly-installed BE. 72 | -------------------------------------------------------------------------------- /KayakMultiRelease.md: -------------------------------------------------------------------------------- 1 | Serving Multiple Releases From A Kayak Server 2 | ============================================= 3 | 4 | You may want to support installation of clients to different releases in 5 | your environment, such as enabling both LTS and current-stable. By 6 | default, a Kayak setup only serves the release matching the version of 7 | Kayak installed, but there is no technical restriction on what it can 8 | serve. 9 | 10 | Here's an example of how to modify your Kayak configs to support 11 | multiple releases concurrently, from a single Kayak server. In this 12 | example, the Kayak server is on an LTS release (r151006) but is serving 13 | both r151006 and r151010 clients. 14 | 15 | You can start either with the official Kayak packages, or do an install 16 | from [source](https://github.com/omniosorg/kayak). If you do a source 17 | install, make sure to check out and build the branch matching the 18 | release of the build machine, to ensure you get the correct bits. 19 | 20 | The files you will need from the non-native release(s) are the ZFS 21 | image, which you can just download (see below), plus the boot kernel 22 | (“unix”) and ramdisk root filesystem (“miniroot.gz”). There is a way to 23 | [get these files without pkg(1)](FetchIPSFilesWithoutPkg.md) if you 24 | don't have an installation of that version handy. 25 | 26 | ZFS images 27 | ---------- 28 | 29 | These live in `/var/kayak/kayak` and the [downloadable images](Installation.md#SetupaKayakserver) 30 | already have non-conflicting names, so just fetch 31 | the ones you want to serve. Optionally, make a generic symlink to the 32 | release image you want to serve, so that you don't have to keep editing 33 | the GRUB config for each new weekly release. 34 | 35 | ``` 36 | lrwxrwxrwx 1 19 Jul 15 14:48 r151006.zfs.bz2 -> r151006_059.zfs.bz2 37 | -rw-r--r-- 1 253M Apr 9 16:53 r151006_049.zfs.bz2 38 | -rw-r--r-- 1 253M Jun 18 17:34 r151006_059.zfs.bz2 39 | lrwxrwxrwx 1 16 Aug 6 16:40 r151010.zfs.bz2 -> r151010j.zfs.bz2 40 | -rw-r--r-- 1 302M Jun 5 17:20 r151010j.zfs.bz2 41 | ``` 42 | 43 | Boot Kernel 44 | ----------- 45 | 46 | The package puts the boot kernel in `/tftpboot/boot/platform/i86pc/kernel/amd64/` 47 | but we need a release-specific path 48 | so that our multiple copies don't conflict. This is just an example-- 49 | any non-conflicting path and/or filename combination will work. 50 | 51 | Starting with our r151006 system, which has the kayak-kernel files 52 | already installed in their default location: 53 | 54 | ``` 55 | cd /tftboot/boot 56 | mkdir 006 010 57 | mv platform 006/ 58 | mkdir -p 010/platform/i86pc/kernel/amd64 59 | cp /path/to/unix.010 010/platform/i86pc/kernel/amd64/unix 60 | ``` 61 | 62 | You would end up with the boot kernels like so: 63 | 64 | ``` 65 | /tftpboot/boot/006/platform/i86pc/kernel/amd64/unix 66 | /tftpboot/boot/010/platform/i86pc/kernel/amd64/unix 67 | ``` 68 | 69 | Miniroot 70 | -------- 71 | 72 | Just like the boot kernel, the miniroots must match their release and be 73 | in non-conflicting paths. By default, the native one is `/tftpboot/kayak/miniroot.gz`. 74 | 75 | ``` 76 | cd /tftpboot/kayak 77 | mkdir 006 010 78 | mv miniroot.gz 006/ 79 | cp /path/to/miniroot.gz.010 010/miniroot.gz 80 | ``` 81 | 82 | The result: 83 | 84 | ``` 85 | /tftpboot/kayak/006/miniroot.gz 86 | /tftpboot/kayak/010/miniroot.gz 87 | ``` 88 | 89 | GRUB Config 90 | ----------- 91 | 92 | Tying it all together, we make GRUB menu entries for each release. Edit 93 | `/tftpboot/boot/grub/menu.lst` so that it looks something like: 94 | 95 | ``` 96 | default=0 97 | timeout=10 98 | min_mem64 1024 99 | 100 | title OmniOS Kayak r151006 101 | kernel$ /boot/006/platform/i86pc/kernel/$ISADIR/unix -B install_media=http:///kayak/r151006.zfs.bz2,install_config=http:///kayak 102 | module$ /kayak/006/miniroot.gz 103 | 104 | title OmniOS Kayak r151010 105 | kernel$ /boot/010/platform/i86pc/kernel/$ISADIR/unix -B install_media=http:///kayak/r151010.zfs.bz2,install_config=http:///kayak 106 | module$ /kayak/010/miniroot.gz 107 | ``` 108 | 109 | > Note: the default config sets the GRUB timeout to 1 second. You 110 | > will likely want to increase this so the user has time to make a choice. 111 | 112 | Now, when a client boots from the Kayak server, their GRUB menu will 113 | offer both releases and the client can choose which one to install. 114 | -------------------------------------------------------------------------------- /LXSidePorting.md: -------------------------------------------------------------------------------- 1 | Side-porting LX from illumos-joyent 2 | ===================== 3 | 4 | See [here](Maintainers.md#Cherrypickingfromillumos-joyent). 5 | -------------------------------------------------------------------------------- /LXZones.md: -------------------------------------------------------------------------------- 1 | LX Branded Zones 2 | ================ 3 | 4 | Hello, Linux! 5 | ------------- 6 | 7 | The LX branded zone is a new type of zone, resurrected and further 8 | developed by Joyent for SmartOS, and now ported over to OmniOS. It 9 | allows an OmniOS deployment to host and run most Linux applications in a 10 | lighter-weight-than-a-VM environment. 11 | 12 | Getting Started 13 | --------------- 14 | 15 | The LX Brand support is not included with an initial install. One must 16 | explicitly install LX Brand support: 17 | 18 | ``` 19 | # pkg install pkg:/system/zones/brand/lx 20 | ``` 21 | 22 | The next thing one needs is an *image*. An image is either a: 23 | 24 | * ZFS Send Stream (plain or gzipped) 25 | * A dataset or snapshot residing on the same pool as the LX zone's zonepath 26 | * A tar file (plain or gzipped) 27 | 28 | The image must contain a Linux userland. For example, CentOS 6.8, or 29 | Ubuntu 16.04. 30 | 31 | These can be found at various places. The bottom entries of the 32 | [Joyent image list](https://images.joyent.com/images) are the most recent. 33 | Search for “Container-native”. 34 | 35 | For example: 36 | 37 | ``` 38 | { 39 | "v": 2, 40 | "uuid": "0be607d2-8b61-11e6-bf98-03750d422a79", 41 | "owner": "00000000-0000-0000-0000-000000000000", 42 | "name": "centos-6", 43 | "version": "20161006", 44 | "state": "active", 45 | "disabled": false, 46 | "public": true, 47 | "published_at": "2016-10-06T01:06:00Z", 48 | "type": "lx-dataset", 49 | "os": "linux", 50 | "files": [ 51 | { 52 | "sha1": "d1b52f3382fa2f51bb95ba0e7760447c32deba82", 53 | "size": 286693599, 54 | "compression": "gzip" 55 | } 56 | ], 57 | "description": "Container-native CentOS 6.8 64-bit image. Built to run on containers with bare metal speed, while offering all the services of a typical unix host.", 58 | "homepage": "https://docs.joyent.com/images/container-native-linux", 59 | "requirements": { 60 | "networks": [ 61 | { 62 | "name": "net0", 63 | "description": "public" 64 | } 65 | ], 66 | "min_platform": { 67 | "7.0": "20160317T000105Z" 68 | }, 69 | "brand": "lx" 70 | }, 71 | "tags": { 72 | "role": "os", 73 | "kernel_version": "2.6.32" 74 | } 75 | }, 76 | ``` 77 | 78 | Pay attention to both the image UUID, and the `kernel_version attribute`. The compressed 79 | ZFS send stream for this Joyent image can be obtained knowing the image 80 | UUID, like so [file](https://images.joyent.com/images/0be607d2-8b61-11e6-bf98-03750d422a79/file). 81 | 82 | Here's a terminal session transcript: 83 | 84 | ``` 85 | bloody(/tmp)[0]% curl -o centos68.zss.gz https://images.joyent.com/images/0be607d2-8b61-11e6-bf98-03750d422a79/file 86 | % Total % Received % Xferd Average Speed Time Time Time Current 87 | Dload Upload Total Spent Left Speed 88 | 100 273M 100 273M 0 0 8584k 0 0:00:32 0:00:32 --:--:-- 9296k 89 | bloody(/tmp)[0]% file centos68.zss.gz 90 | centos68.zss.gz: gzip compressed data - deflate method , max compression 91 | bloody(/tmp)[0]% gunzip centos68.zss.gz 92 | bloody(/tmp)[0]% file centos68.zss 93 | centos68.zss: ZFS snapshot stream 94 | bloody(/tmp)[0]% 95 | ``` 96 | 97 | To turn this into a working LX zone, you must next properly configure 98 | the zone using zonecfg(1M). Remember the above was 2.6.32: 99 | 100 | ``` 101 | # zonecfg -z lx0 102 | zonecfg:lx0> create 103 | zonecfg:lx0> set zonepath=/zones/lx0 104 | zonecfg:lx0> set brand=lx 105 | zonecfg:lx0> set autoboot=false 106 | zonecfg:lx0> set ip-type=exclusive 107 | zonecfg:lx0> add net 108 | zonecfg:lx0> set physical=lx0 109 | zonecfg:lx0> add property (name=gateway,value="192.168.0.1") 110 | zonecfg:lx0> add property (name=ips,value="192.168.0.69/24") 111 | zonecfg:lx0> add property (name=primary,value="true") 112 | zonecfg:lx0> end 113 | zonecfg:lx0> add attr 114 | zonecfg:lx0> set name=dns-domain 115 | zonecfg:lx0> set type=string 116 | zonecfg:lx0> set value=example.com 117 | zonecfg:lx0> end 118 | zonecfg:lx0> add attr 119 | zonecfg:lx0> set name=resolvers 120 | zonecfg:lx0> set type=string 121 | zonecfg:lx0> set value=192.168.0.1 122 | zonecfg:lx0> end 123 | zonecfg:lx0> add attr 124 | zonecfg:lx0> set name=kernel-version 125 | zonecfg:lx0> set type=string 126 | zonecfg:lx0> set value=2.6.32 127 | zonecfg:lx0> end 128 | zonecfg:lx0> set max-lwps=2000 129 | zonecfg:lx0> exit 130 | # 131 | ``` 132 | 133 | You will notice that for LX zones, we must use zonecfg(1M) to configure 134 | its networking. Using zonecfg(1M) for networking configuration only is 135 | supported on LX zones. Also note the explicit cap on max-lwps. This 136 | feeds into the LX emulation of ulimit(1), otherwise some Linux binaries 137 | break. 138 | 139 | Once an LX zone is configured, one must use zoneadm(1M) to install the 140 | zone, using one of the image sources (-t for tarballs, -s for ZFS 141 | streams, snapshots, or datasets). 142 | 143 | To use a ZFS send stream (or gzipped ZFS send stream): 144 | 145 | ``` 146 | # zoneadm -z lx0 install -s /full/path/to/centos68.zss.gz 147 | ``` 148 | 149 | To use a ZFS dataset: 150 | 151 | ``` 152 | # zoneadm -z lx0 install -s name/of/zfs-dataset 153 | ``` 154 | 155 | A snapshot will be made, cloned, and promoted. The dataset MUST be on 156 | the same pool as the zonepath. 157 | 158 | To use a ZFS snapshot: 159 | 160 | ``` 161 | # zoneadm -z lx0 install -s name/of/datasets@snapshot 162 | ``` 163 | 164 | The snapshot will become the dataset for the LX zone. The snapshot MUST 165 | be on the same pool as the zonepath. 166 | 167 | To use a tarball (like a docker one): 168 | 169 | ``` 170 | # zoneadm -z lx0 install -t /full/path/to/docker-tarball.tgz 171 | ``` 172 | 173 | Afterwards, you boot the zone like any other one. 174 | 175 | LX Zones, BEs, and Upgrades 176 | --------------------------- 177 | 178 | LX Zones, unlike ipkg or lipkg zones, do not have individual boot 179 | environments. If you update and create a new BE, any LX zones are not 180 | explicitly updated. LX zones use lofs mounts to remap the global zone's 181 | `/usr/bin` into `/native/usr/bin` inside the LX zone. The zone's 182 | contents stay constant no matter which BE you're using. 183 | 184 | Keeping up 185 | ---------- 186 | 187 | We will be tracking Joyent's developments of LX Zones closely, and the 188 | new 189 | [README.OmniOS](https://github.com/omniosorg/illumos-omnios/blob/r151022/README.OmniOS) 190 | will keep you up to date on what illumos-joyent:master commit we last 191 | synched with. Each release has its own target as well: 192 | 193 | * [`r151022`](https://github.com/omniosorg/illumos-omnios/blob/r151022/README.OmniOS) 194 | * [`bloody`](https://github.com/omniosorg/illumos-omnios/blob/master/README.OmniOS) 195 | 196 | See the [How we side-port LX](Maintainers.md#Cherrypickingfromillumos-joyent) page for 197 | gory details. 198 | 199 | Possible Futures 200 | ---------------- 201 | 202 | The LX brand work has yielded some interesting insights, as has 203 | community feedback from r151020. Some insights may turn into other 204 | related features. Examples of potential (but not promised) ideas 205 | include: 206 | 207 | * Using more /native tools to configure networking in an LX zone 208 | * Using zonecfg(1M) for networking configuration insides OmniOS Zones (ipkg, lipkg, lofs-native per above) 209 | * BE-aware LX zones 210 | * A native OmniOS zone that uses lofs for its `/usr` filesystem, like LX does for `/native` 211 | -------------------------------------------------------------------------------- /ManSections.md: -------------------------------------------------------------------------------- 1 | Man Page Sections 2 | ================= 3 | 4 | If you're from a BSD and/or Linux background, you'll notice that the 5 | location of man pages in OmniOS is slightly different. OmniOS, being a 6 | distribution of [illumos](http://illumos.org), itself a descendant of 7 | Solaris, uses the System V man sections. For each section, there is an 8 | *intro* man page that describes that section, and the online equivalent 9 | has been linked to each description below. 10 | 11 | The table below illustrates the SysV sections and maps them (roughly) to 12 | their BSD/Linux equivalents. 13 | 14 | | Section | Description | BSD/Linux Section | 15 | |---------|----------------------------------------------------------------------|-------------------| 16 | | 1 | [User Commands](http://illumos.org/man/1/intro) | 1 | 17 | | 1M | [System Administration Commands](http://illumos.org/man/1M/intro) | 8 | 18 | | 2 | [System Calls](http://illumos.org/man/2/intro) | 2 | 19 | | 3 | [Library Functions](http://illumos.org/man/3/intro) | 3 | 20 | | 4 | [File Formats and Configurations](http://illumos.org/man/4/intro) | 5 | 21 | | 5 | [Standards, Environments and Macros](http://illumos.org/man/5/intro) | 7 | 22 | | 7 | [Device and Network Interfaces](http://illumos.org/man/7/intro) | 4 | 23 | | 9 | [Kernel routines](http://illumos.org/man/9/intro) | | 24 | 25 | Some sections break down further into subsections, such as “3C” for C 26 | library functions or “7D” for device drivers. These are explained in 27 | their respective intro pages. 28 | 29 | Note: 30 | 31 | > In addition to the -s flag for specifying the desired 32 | > section, you can also append a dot, followed by the section number, to 33 | > the command being searched. For example, `man -s 2 intro` is 34 | > equivalent to `man intro.2` -------------------------------------------------------------------------------- /MoreInfo.md: -------------------------------------------------------------------------------- 1 | More Information 2 | ---------------- 3 | 4 | [OmniOS Motivation and 5 | Design](https://www.usenix.org/conference/lisa12/omnios-motivation-and-design) 6 | / Theo lays out the case for OmniOS at Usenix LISA '12. 7 | 8 | OmniOS is a distribution of **illumos**, and as such, many aspects of 9 | the system's function are derived from the illumos core, which has its 10 | own documentation. Additionally, technologies like ZFS and DTrace, which 11 | have been ported to non-illumos operating systems, have their own 12 | communities of wisdom from which we all benefit. 13 | 14 | ### illumos 15 | 16 | * [The illumos Project](https://www.illumos.org/) 17 | * [Fork Yeah: The Rise and Development of Illumos](http://www.youtube.com/watch?v=-zRN7XLCRhc) (youtube.com) 18 | * [illumos developer's guide](http://illumos.org/books/dev/) 19 | * [CDDL License](http://illumos.org/license/CDDL) 20 | * [Lesser-Known Solaris Features](http://www.c0t0d0s0.org/pages/lksfbook.html) (despite the title, very much applicable to any illumos system) 21 | 22 | ### ZFS 23 | 24 | * [ZFS “Read Me 1st”](http://nex7.blogspot.com/2013/03/readme1st.html) 25 | * [Bacon Preservation with ZFS](http://sysadvent.blogspot.com/2012/12/day-7-bacon-preservation-with-zfs.html) 26 | * [zfsday Videos](http://zfsday.com/zfsday/) 27 | * [RaidZ Striping](http://joyent.com/blog/zfs-raidz-striping) 28 | 29 | ### DTrace 30 | 31 | * [DTrace](http://dtrace.org/blogs/about/) 32 | * [illumos Dynamic Tracing Guide](http://dtrace.org/guide/preface.html) 33 | * [USE Method: illumos Performance Checklist](http://dtrace.org/blogs/brendan/2012/03/01/the-use-method-solaris-performance-checklist/) - for administrators of physical systems / global zones 34 | * [USE Method: SmartOS Performance Checklist](http://dtrace.org/blogs/brendan/2012/12/19/the-use-method-smartos-performance-checklist/) - for users of non-global zones (except for sm-* utilities, these work on OmniOS) 35 | * [kdavyd / dtrace](https://github.com/kdavyd/dtrace) - Utilities for troubleshooting storage systems 36 | 37 | #### DTrace USDT 38 | 39 | USDT probes are Userland Statically-Defined Tracing probes added to 40 | application or language runtimes that provide additional probes beyond 41 | what can be obtained from dynamic tracing of library and system calls. 42 | This allows for deeper introspection and tracing of a broader set of 43 | operations within the runtime. 44 | 45 | [USDT probe how-to](http://dtrace.org/blogs/dap/2011/12/13/usdt-providers-redux/) 46 | 47 | DTrace probes are available for many common applications and languages, 48 | including: 49 | 50 | * Apache: via [mod_usdt](https://github.com/davepacheco/mod_usdt) or [patches](https://github.com/omniti-labs/omnios-build/tree/omniti-ms/build/apache22/patches) 51 | * [Erlang/OTP](http://www.erlang.org/doc/apps/runtime_tools/DTRACE.html) 52 | * [Java](http://docs.oracle.com/javase/6/docs/technotes/guides/vm/dtrace.html) 53 | * [MySQL](http://dev.mysql.com/tech-resources/articles/getting_started_dtrace_saha.html) 54 | * [Node.js](http://blog.nodejs.org/2012/04/25/profiling-node-js/) 55 | * Perl: [in perl itself](http://perldoc.perl.org/perldtrace.html) or [in your program with Devel::DTrace::Provider](http://search.cpan.org/~chrisa/Devel-DTrace-Provider-1.11/lib/Devel/DTrace/Provider.pm) 56 | * [PHP](http://pecl.php.net/package/DTrace) 57 | * [PostgreSQL](https://wiki.postgresql.org/wiki/DTrace) 58 | * [Python](https://pypi.python.org/pypi/python-dtrace) 59 | * [Rails](https://github.com/sax/rails-dtrace) 60 | * [Ruby](https://github.com/chrisa/ruby-dtrace) 61 | * [Tcl](http://wiki.tcl.tk/19923) 62 | 63 | ### IPS/pkg(5) 64 | 65 | * [Introduction to IPS](http://www.slideshare.net/esproul/ips-image-packaging-system) (slide stack, also available in [PDF](http://omnios.omniti.com/media/IPS_Intro.pdf)) 66 | * [pkg(5): Image Packaging System](http://en.wikipedia.org/wiki/Image_Packaging_System) 67 | * [Packaging and Delivering Software with the Image Packaging System: A Developer's Guide](http://omnios.omniti.com/media/ipsdevguide.pdf) 68 | * [IPS Project at java.net](https://java.net/projects/ips) 69 | -------------------------------------------------------------------------------- /NewLinkedImages.md: -------------------------------------------------------------------------------- 1 | Linked-Image Changes for r151022 and Later. 2 | =========================================== 3 | 4 | A side-effect of upgrading to Python 2.7 was updating pkg(5) to a more 5 | modern upstream from Oracle Solaris and OpenIndiana. 6 | 7 | This changed some semantics of [Linked-image zones](linked_images.md). 8 | Linked-image zones are no longer as strictly linked to the 9 | parent (global-zone) image as they were. The `-r` flag in pkg(1) can be used 10 | to maintain strict child-image (non-global `lipkg` zone) updates. Some packages 11 | (like `system/library`) have explicit parent-image dependencies, which means they will 12 | still always be updated alongside the global zone. Most other packages 13 | now do not have to synchronize their child-images, or required to be in 14 | synch with their parent images. 15 | 16 | Here is an example between a global zone and a single linked-image 17 | non-global zone, showing that non-parent-dependent `shell/bash` can be updated. Note 18 | that from the global zone, the non-global zone is updated only with `-r`. 19 | And also note that inside the non-global zone, it can update without the 20 | parent having to do so as well. 21 | 22 | ``` 23 | bloody(~)[0]% zoneadm list -cv 24 | ID NAME STATUS PATH BRAND IP 25 | 0 global running / ipkg shared 26 | 1 lx0 running /zones/lx0 lx excl 27 | 2 lx2 running /zones/lx2 lx excl 28 | 3 lx1 running /zones/lx1 lx excl 29 | 5 lipkg0 running /zones/lipkg0 lipkg excl 30 | bloody(~)[0]% sudo pkg update -nv bash 31 | Packages to update: 1 32 | Estimated space available: 27.12 GB 33 | Estimated space to be consumed: 35.35 MB 34 | Create boot environment: No 35 | Create backup boot environment: Yes 36 | Rebuild boot archive: No 37 | 38 | Changed packages: 39 | omnios 40 | shell/bash 41 | 4.4.12-0.151021:20170418T215800Z -> 4.4.12-0.151021:20170419T204904Z 42 | 43 | Planning linked: 0/1 done; 1 working: zone:lipkg0 44 | Linked image 'zone:lipkg0' output: 45 | | Estimated space available: 483.84 GB 46 | | Estimated space to be consumed: 34.98 MB 47 | | Rebuild boot archive: No 48 | ` 49 | Planning linked: 1/1 done 50 | bloody(~)[0]% sudo pkg update -nvr bash 51 | Packages to update: 1 52 | Estimated space available: 27.12 GB 53 | Estimated space to be consumed: 35.35 MB 54 | Create boot environment: No 55 | Create backup boot environment: Yes 56 | Rebuild boot archive: No 57 | 58 | Changed packages: 59 | omnios 60 | shell/bash 61 | 4.4.12-0.151021:20170418T215800Z -> 4.4.12-0.151021:20170419T204904Z 62 | 63 | Planning linked: 0/1 done; 1 working: zone:lipkg0 64 | Linked image 'zone:lipkg0' output: 65 | | Packages to update: 1 66 | | Estimated space available: 483.84 GB 67 | | Estimated space to be consumed: 35.15 MB 68 | | Rebuild boot archive: No 69 | | 70 | | Changed packages: 71 | | omnios 72 | | shell/bash 73 | | 4.4.12-0.151021:20170418T215800Z -> 4.4.12-0.151021:20170419T204904Z 74 | ` 75 | Planning linked: 1/1 done 76 | bloody(~)[0]% sudo zlogin lipkg0 pkg update -nv bash 77 | Startup: Refreshing catalog 'ms.omniti.com' ... Done 78 | Startup: Refreshing catalog 'omnios' ... Done 79 | Planning: Solver setup ... Done (0.734s) 80 | Planning: Running solver ... Done (0.619s) 81 | Planning: Finding local manifests ... Done (0.007s) 82 | Planning: Package planning ... Done (0.055s) 83 | Planning: Merging actions ... Done (0.000s) 84 | Planning: Checking for conflicting actions ... Done (0.122s) 85 | Planning: Consolidating action changes ... Done (0.001s) 86 | Planning: Evaluating mediators ... Done (0.145s) 87 | Planning: Planning completed in 1.85 seconds 88 | Packages to update: 1 89 | Estimated space available: 483.84 GB 90 | Estimated space to be consumed: 35.15 MB 91 | Create boot environment: No 92 | Create backup boot environment: Yes 93 | Rebuild boot archive: No 94 | 95 | Changed packages: 96 | omnios 97 | shell/bash 98 | 4.4.12-0.151021:20170418T215800Z -> 4.4.12-0.151021:20170419T204904Z 99 | 100 | bloody(~)[0]% 101 | ``` 102 | 103 | Behavior changes 104 | ---------------- 105 | 106 | | Behavior | r151014-r151022 | r151022 and beyond | 107 | |--------------------------------------------------------|---------------------------------------|---------------------------------------| 108 | | Zone publishers | Must match or be a superset of global | Must match or be a superset of global | 109 | | Updating child zone packages when updating global zone | Implicit upgrading regardless | Unless package is marked as parent-dependent (only system packages like ), implicit upgrading only if flag is used in pkg(1). | 110 | | Updating child zone package when updating global zone | No affect on child | No affect on child | 111 | -------------------------------------------------------------------------------- /OmniOS-on-demand.md: -------------------------------------------------------------------------------- 1 | OmniOS on demand 2 | ================ 3 | 4 | OmniOS-on-demand is a cron(1)-driven script. It tracks changes in local 5 | copies of both illumos-omnios and omnios-build. If there are changes 6 | (“gate churn”) in either, the script will start a build after a certain 7 | period of calm after the last gate churn event. It is available in 8 | \$OMNIOS\_BUILD\_PATH/tools/. 9 | 10 | OmniOS-on-demand starts parallel builds of illumos-omnios and 11 | omnios-build. It uses the [PREBUILT_ILLUMOS](buildctl.md#PREBUILT_ILLUMOS) 12 | environment variable to allow the parallel builds. 13 | Because of the current default ordering of omnios-build's package list, 14 | omnios-build will block for a while waiting for illumos-omnios to 15 | finish. 16 | 17 | On an 8-core single-processor 3.2GHz Xeon E5 system, a build of 18 | OmniOS-on-demand takes slightly more than 5 hours. Improvements in this 19 | script, or in [buildctl](buildctl.md) itself should further reduce this time. 20 | 21 | Deploying OmniOS on demand 22 | -------------------------- 23 | 24 | ## System requirements 25 | 26 | A machine that can build illumos-omnios AND has enough swap in /tmp to 27 | build any arbitrary package in omnios-build is all you need. Our 28 | experience has shown that 16-32GB of memory, at least 4 processor cores, 29 | and 100GB of disk space should be more than enough to make this work. 30 | Due to illumos bug [5938](https://illumos.org/issues/5938), there must 31 | be a swap device (e.g. a zvol) enabled, even a very small one, or else 32 | at least the OpenJDK build will hang the build process until a swap 33 | devices is added. 34 | 35 | ## User profile 36 | 37 | A dedicated user (we use “builder”) can be assigned to run the 38 | OmniOS-on-demand script in its cron(1) table, once per minute. Unless 39 | gate churn is high, this script will perform no-change git pulls, 40 | followed by a quick exit. 41 | 42 | ## sudoers entries 43 | 44 | The user profile for OmniOS-on-demand requires a specific entry in 45 | `/etc/sudoers` or `/etc/sudoers.d`. Basically, the Kayak build script should 46 | be allowed to be run under sudo without user interaction. This allows 47 | cron(1)-driven OmniOS-on-demand to run smoothly. An example line: 48 | 49 | ``` 50 | builder ALL=(ALL) NOPASSWD: .../build/kayak/build.sh 51 | ``` 52 | 53 | The `$OMNIOS_BUILD_PATH/tools/` directory also contains a sample file 54 | for `/etc/sudoers.d/`. 55 | -------------------------------------------------------------------------------- /OmniOSJeOS.md: -------------------------------------------------------------------------------- 1 | OmniOS Approach 2 | =============== 3 | 4 | **Video: [Motivation and Design](https://www.usenix.org/conference/lisa12/omnios-motivation-and-design)** 5 | / Theo Schlossnagle lays out the case for OmniOS at Usenix LISA '12. 6 | 7 | Goal: Produce a self-hosting, minimalist Illumos-based release suitable 8 | for production deployment 9 | 10 | We're not looking for a minimal appliance install, but a fully 11 | functional service install without extraneous dependencies causing 12 | package management issues and relentless disruptive upgrades for 13 | packages unrelated to the operation of the system. 14 | 15 | We started with an !OpenIndiana system that we attempted to reduce, but 16 | we found package inter-dependencies caused a large amount of additional 17 | software to be installed that we did not want. Changing those 18 | dependencies would require rebuilding the affected packages, but 19 | (re)building OI packages proved a challenge. Many of the packages we 20 | wanted to keep were also quite dated. At any rate, the moment we change 21 | a single package we “own” the resulting build in the sense that we are 22 | responsible for upkeep. The OmniOS project takes this to its logical 23 | conclusion -- create a wholly-customized OS and reduce OI dependencies 24 | to zero. 25 | 26 | The OmniOS system should be 27 | [self-hosting](http://en.wikipedia.org/wiki/Self-hosting), that is, 28 | capable of building new versions of itself, on itself. 29 | 30 | Methodology 31 | ----------- 32 | 33 | * Start with an Illumos build 34 | * Bootstrap packages that replace their equivalents in OI 35 | * Strip out anything not essential to booting and running a minimal system, 36 | see [Keep Your S**t To Yourself](KYSTY.md) 37 | * The [OmniOS package repository](http://omnios.omniti.com/omnios/release) 38 | provides more packages than the bare essentials (toolchains to support 39 | self-hosting, for instance) but these packages are not defined for a 40 | typical install 41 | * Build with GCC instead of Sun/Solaris Studio wherever possible, but 42 | continue to use `/usr/ccs/bin/ld` and **not** GNU ld 43 | * Locate non-core user-land packages in a different publisher/repo. 44 | See a [list of third-party repos](Packaging.md). 45 | 46 | Ultimately others in the community should be able to take our build 47 | scripts and documentation and roll their own copy of the system. 48 | 49 | ## Incorporations 50 | 51 | Incorporations are packages that only depend on other packages. They 52 | provide no filesystem content of their own. 53 | 54 | We use as few incorporations as possible. They have proven to cause at 55 | least as many problems as they purport to solve. Primarily they are 56 | supposed to prevent upgrading to package versions that create 57 | incompatibilities with other installed software. This is particularly 58 | important for shared libraries. We intend to solve that problem 59 | differently, by bringing in the most current versions of software for 60 | the first release (2012) and maintaining those versions for the lifetime 61 | of that release. This is similar to the strategy used by CentOS and 62 | other enterprise Linux vendors. 63 | 64 | That said, incorporations are still useful to keep together the set of 65 | packages that constitute a stable release, e.g. “r151004”. 66 | 67 | ### entire 68 | 69 | Governs which packages are installed on every system. This is the 70 | minimal set for running an OmniOS system. 71 | 72 | ### illumos-gate 73 | 74 | Constrains the version of all packages delivered by the upstream 75 | illumos-gate source. Contains only dependencies of type “incorporate”, 76 | which is an optional dependency. Installing illumos-gate does not cause 77 | all dependent packages to be installed, but if they are installed at 78 | some point, their version is constrained to the degree specified in the 79 | dependency. 80 | 81 | ``` 82 | depend fmri=system/management/intel-amt@0.5.11,5.11-0.151004 type=incorporate 83 | ``` 84 | 85 | The above constrains the intel-amt package to version 86 | `0.5.11,5.11-0.151004:*`. This excludes, for example, versions 87 | `0.5.11,5.11-0.151002:*` and `0.5.11,5.11-0.151005:*`, but permits 88 | updated versions that match up to the branch (0.151004) but bear more 89 | recent timestamps. 90 | 91 | ### omnios-userland 92 | 93 | New incorporation for r151004 that performs the same function as 94 | illumos-gate but for the additional software provided by OmniOS. 95 | 96 | Major Updates 97 | ------------- 98 | 99 | These were the highlights of the initial stable release (r151002): 100 | 101 | * GNU binutils 2.22 102 | * GCC 4.6.3 (for user-land) 103 | * OpenSSL 1.0.1 104 | * python 2.6 only (dual 32/64) 105 | * perl 5.14.2 (dual 32/64) 106 | * zlib 1.2.6 107 | * libxml2 2.7.8 108 | 109 | While we took build hints from Oracle's still-open “userland-gate” repo, 110 | such as patches and configuration options, we do not use any of 111 | userland-gate's build plumbing. 112 | 113 | ## High-Level Components 114 | 115 | The major pieces that come together to make OmniOS are as follows. Hit 116 | “Browse” in the top menu bar to explore the actual sources. 117 | 118 | ### illumos-omnios 119 | 120 | Our copy of illumos-gate, [minimally modified](ReleaseNotes.md) to 121 | support things like dual-arch Python, newer OpenSSL. 122 | 123 | ### caiman 124 | 125 | The installer used for CD/USB media. “Project Caiman” is a replacement 126 | for the traditional Solaris installer, incorporating features like Live 127 | CD/DVD and an updated GUI. Given our goal of a simplified, stripped-down 128 | install, we kept only the bare essential text install pieces and 129 | eliminated the rest. We also modified it to run under our dual-arch 130 | Python in much the same way as pkg(5). 131 | 132 | ### pkg(5) 133 | 134 | pkg provides the IPS pkg toolchain. The upstream build provides only 135 | 32-bit python native extensions which is problematic with our dual 136 | 32/64-bit python build. Our fork of pkg alters the build system to build 137 | the native extensions on both architectures and removes GUI-dependent 138 | components leaving the bare minimum required for complete IPS packaging 139 | (including the branded zone). 140 | 141 | ### kayak 142 | 143 | An alternative to Solaris 11's Automated Installer (AI). Features a 144 | simple, extensible configuration syntax (a.k.a bash) and delivers the 145 | installation as a ZFS stream. 146 | 147 | Notable features not found in AI: 148 | 149 | * Mirrored boot pool (simple mirrors only) 150 | * compression=on for rpool by default 151 | 152 | See the [network installation](Installation.md#Fromthenetwork) section for more details. 153 | 154 | ### omnios-build 155 | 156 | Build scripts that tie together the above pieces and also provide the 157 | rest of the packages. 158 | -------------------------------------------------------------------------------- /PXEfromNonOmniOS.md: -------------------------------------------------------------------------------- 1 | PXE Install from non-OmniOS Setup 2 | ================================= 3 | 4 | This is work by Gavin Sandie 5 | ([@gavinsandie](https://twitter.com/gavinsandie)) originally published 6 | at 7 | 8 | ## omnios pxe install notes 9 | 10 | The goal was to be able to perform a network install of OmniOS from a 11 | Debian system. 12 | 13 | I know there is refinement that can take place in this process (and 14 | these notes), but this got me up and running. 15 | 16 | All testing took place on a Mac running !VirtualBox with the extra 17 | extensions installed to allow for PXE booting. However I cannot see why 18 | this wouldn't work on real hardware in a network that is already setup 19 | to do PXE installs. 20 | 21 | I setup: 22 | 23 | * omnios vm running bloody release (20121004 release) 24 | * Solaris 10/x64 type vm 25 | * 512Mb RAM 26 | * 16Gb drive 27 | * choose Intel networking 28 | * OS installed using all defaults from the ISO 29 | * vm running debian 30 | * two nics 31 | * choose Intel networking 32 | * first was host-only networking 33 | * second setup NAT 34 | * solaris 10/x64 blank vm 35 | * two nics 36 | * choose Intel networking 37 | * first was host-only networking, same network as debian vm, make a note of the MAC address 38 | * second setup for NAT 39 | * blank 16Gb disk attached 40 | * set boot order to network boot first, but you can do this from the F12 menu 41 | 42 | ## PXE setup 43 | 44 | To perform the PXE boot you're going to need the initial kernel 45 | environment and miniroot. 46 | 47 | These are packaged in the `system/install/kayak-kernel` package. 48 | Unfortunately as far as I could see there is no way to download these 49 | packages using http, you can only get the manifest. I installed an 50 | OmniOS vm so that I would have access to pkg(5). 51 | 52 | ``` 53 | # mkdir pkgs 54 | # pkgrecv -s https://pkg.omniti.com/omnios/bloody -d /root/pkgs --raw pkg:/system/install/kayak-kernel 55 | ``` 56 | 57 | Examples taken from [PopulatingRepos](PopulatingRepos.md) 58 | 59 | Now if you browse into pkgs you'll see the system/install/kayak-kernel 60 | dir which contains the release. In there are the actual package files. I 61 | used the manifest.file to match the checksummed filenames against what 62 | they should actually be. You should end up with: 63 | 64 | ``` 65 | pxegrub 66 | miniroot.gz 67 | unix 68 | menu.lst 69 | ``` 70 | 71 | My VM had less than 4Gb of RAM and I ended up hitting a bug in the 72 | disk\_help.sh script. If you've got more than 4Gb of RAM you can skip 73 | this step. This has been fixed, but the fix wasn't in the miniroot I 74 | had. Fortunately it's easy to patch: 75 | 76 | ``` 77 | # gzip -d miniroot.gz 78 | # cp miniroot /tmp 79 | # mkdir /mnt/test 80 | # mount -o nologging `lofiadm -a /tmp/miniroot` /mnt/test/ 81 | # vi /mnt/test/kayak/disk_help.sh 82 | ``` 83 | 84 | and apply this patch: 85 | 86 | ``` 87 | # umount /mnt/test 88 | # lofiadm -d /tmp/miniroot 89 | # cp /tmp/miniroot . 90 | # gzip miniroot 91 | ``` 92 | 93 | Now copy the files onto your debian box. 94 | 95 | You'll also need some install media. If you look at the `menu.list` file 96 | you'll see that the kernel boots with an `install_media` and 97 | `install_config` option: 98 | 99 | ``` 100 | install_media=http:///kayak/r151002.zfs.bz2,install_config=http:///kayak 101 | ``` 102 | 103 | The `install_config` is your kayak config, which I'll cover below. The 104 | install media is a compressed zfs image, which you can create with the 105 | kayak tools. 106 | 107 | I used the kayak source: 108 | 109 | ``` 110 | # pkg install git 111 | # mkdir src && cd src 112 | # git clone https://github.com/omniosorg/kayak 113 | # cd kayak 114 | ``` 115 | 116 | Now build the image: 117 | 118 | ``` 119 | # ./build_zfs_send.sh bloody 120 | ``` 121 | 122 | This will download the packages and install them into a zfs mount. It 123 | will then create a compressed snapshot using zfs and bzip. 124 | 125 | When it's done you'll have `/rpool/kayak_bloody.zfs.bz2`, copy this to your debian box. 126 | 127 | On the debian box you'll need to install a dhcp server, tftp server, and 128 | a webserver. I went with: 129 | 130 | ``` 131 | tftpd-hpa 132 | isc-dhcp-server 133 | nginx 134 | ``` 135 | 136 | I used the default config for the tftpd server, it uses /srv/tftp as its 137 | root, you install the file copied from the OmniOS box at: 138 | 139 | ``` 140 | /srv/tftp/kayak/miniroot.gz 141 | /srv/tftp/kayak/kayak_bloody.zfs.bz2 142 | /srv/tftp/pxegrub 143 | /srv/tftp/boot/grub/menu.lst 144 | /srv/tftp/boot/platform/i86pc/kernel/amd64/unix 145 | ``` 146 | 147 | Setup your webserver to serve out the files from /srv/tftp. The 148 | menu.list expects to get things from to make sure you 149 | can access that. Edit the `menu.list` and change `r151002.zfs.bz2` to be `kayak_bloody.zfs.bz2`. 150 | 151 | You'll need a basic kayak config. The wiki explains the config options: 152 | [KayakClientOptions](KayakClientOptions.md) 153 | 154 | I used the example config: 155 | 156 | ``` 157 | BuildRpool c1t0d0 158 | SetHostname omnios-installer 159 | UseDNS 8.8.8.8 160 | Postboot '/sbin/ipadm create-if e1000g1' # Use g1 here as the first nic is host-only networking 161 | Postboot '/sbin/ipadm create-addr -T dhcp e1000g1/v4' 162 | NO_REBOOT=1 163 | ``` 164 | 165 | it should be named after the MAC address of the card, and live in 166 | `/srv/tftp/kayak` 167 | 168 | e.g. 169 | 170 | ``` 171 | /srv/tftp/kayak/0800278C5336 172 | ``` 173 | 174 | For the networking, I had eth0 using NAT/DHCP from virtualbox. eth0 was 175 | on the host only network. I statically assigned it 176 | 10.1.0.10/255.255.255.0 177 | 178 | I've then used the following simple DHCP config. Change the MAC to be 179 | the MAC of your host only networking card from the solaris type vm. 180 | 181 | ``` 182 | default-lease-time 600; 183 | max-lease-time 7200; 184 | 185 | allow booting; 186 | allow bootp; 187 | 188 | subnet 10.1.0.0 netmask 255.255.255.0 { 189 | range 10.1.0.50 10.1.0.100; 190 | option broadcast-address 10.1.0.255; 191 | option routers 10.1.0.10; 192 | option domain-name-servers 10.1.0.10; 193 | } 194 | 195 | group { 196 | 197 | next-server 10.1.0.10; 198 | host tftpclient { 199 | hardware ethernet MAC; 200 | filename "pxegrub"; 201 | } 202 | } 203 | ``` 204 | 205 | Now you should be able to boot your solaris type vm. It will boot over 206 | the network, launch grub, then proceed into the omnios installer. When 207 | it finishes you can login as root with a blank password, shut down the 208 | box, and disable the pxe booting. Then start the box back up, and login 209 | (root and a blank password). 210 | 211 | ### Troubleshooting 212 | 213 | If the install fails you'll get left in a miniroot environment. There is 214 | a log in `/tmp/kayak.log` which should help figure out what's wrong. The 215 | miniroot I used had no less, so you'll need to use head to view it. If 216 | it gets as far as downloading the zfs image, then you'll have more tools 217 | in `/mnt` that you can use. 218 | -------------------------------------------------------------------------------- /Packaging.md: -------------------------------------------------------------------------------- 1 | Packaging 2 | --------- 3 | 4 | See [GeneralAdministration](GeneralAdministration.md#ConfigurePublishers) 5 | for how to manage repositories. 6 | 7 | OmniOS takes a “layer cake” approach to packaging. The core OS contains 8 | the packages needed to build the OS, plus a few small frills (more 9 | shells, tmux/screen, etc.) Users are encouraged to either create their 10 | own package repos for additional software they want to run (and where 11 | they like it to be installed) or use repos published by other users. 12 | 13 | Maintainers of add-on repos are encouraged to share their work with the 14 | community. If you wish to have your repo listed here, please speak up on 15 | the [mailing 16 | list](http://lists.omniti.com/mailman/listinfo/omnios-discuss) or 17 | [IRC](irc://chat.freenode.net/omnios). 18 | 19 | ## Repos 20 | 21 | | URL | Publisher | Build Scripts | Notes | 22 | |------------------------------------------|-----------|-------------------------------------------------------------------|---------------------------------------------| 23 | | | omnios | [r151022](https://github.com/omniosorg/omnios-build/tree/r151022) | Core OS components (current LTS and Stable) | 24 | | | omnios | [master](https://github.com/omniosorg/omnios-build) | Core OS components (unstable) | 25 | 26 | ### Unofficial Extras 27 | 28 | | URL | Publisher | Maintainer | Build Scripts | Notes | 29 | |------------------------------------------|--------------------|----------------------------------------|-----------------------------------------------------------------------------|------------------------------------------------------------------------------| 30 | | | cs.umd.edu | Sergey Ivanov | | | 31 | | | ms.omniti.com | OmniTI | [omniti-ms](https://github.com/omniti-labs/omniti-ms) | Non-core packages used in OmniTI's managed services environments | 32 | | | perl.omniti.com | OmniTI | [omnios-build-perl](https://github.com/omniti-labs/omnios-build-perl) | Perl module dists designed to work with omniti/runtime/perl | 33 | | | niksula.hut.fi | pkg@niksula.hut.fi | | Signed packages; see the [instructions](http://pkg.niksula.hut.fi/) | 34 | | | uulm.mawi | Steffen Kram | [stefri/omnios-build](https://github.com/stefri/omnios-build) | | 35 | | | localhostomnios | SFE Community | | Open for contribution | 36 | | | application | [qutic development](https://qutic.com) | | Userland packages; pull requests welcome | 37 | | DEPRECATED | omnios.blackdot.be | Jorge Schrauwen | [omnios-build-blackdot](https://github.com/sjorge/omnios-build-blackdot) | source still available on github | 38 | | | SysV packages | OpenCSW | | A collection of SysV packages (i.e. for use with the old pkgadd(1M) command) | 39 | 40 | Note that ms.omniti.com and perl.omniti.com hold packages built 41 | specifically for OmniTI's own use. While there is nothing secret or 42 | astonishing therein, non-OmniTI users may wish to see the 43 | [template branch](https://github.com/omniti-labs/omnios-build/tree/template) 44 | which may be used as the basis to build one's own packages. 45 | 46 | ## How-to's 47 | 48 | * [Creating IPS Repositories](CreatingRepos.md) - Everything Lives in a Repo so here is how to create one 49 | * [Populating IPS Repositories](PopulatingRepos.m) - How to get all those wonderful packages into our repos 50 | * [PackagingForOmniOS](PackagingForOmniOS.md) - How to create packages to put in the repos you've set up above 51 | * [FetchIPSFilesWithoutPkg](FetchIPSFilesWithoutPkg.md) - Fetching files from an IPS repo without pkg(1) 52 | -------------------------------------------------------------------------------- /PackagingForOmniOS.md: -------------------------------------------------------------------------------- 1 | Introduction 2 | ============ 3 | 4 | This page describes how to package open source software for OmniOS. The 5 | current system largely resembles other source-based packaging systems 6 | like FreeBSD ports, pkgsrc, or Gentoo portage. The user writes a few 7 | metadata files in plain text, and these serve as a driver for the system 8 | to create the package. 9 | 10 | The build system consists of a collection of shell scripts and 11 | associated metadata files which the shell scripts read to produce 12 | packages. 13 | 14 | To find out more about the Image Packaging System, please see 15 | [the More Info page](MoreInfo.md#IPSpkg5). In particular the 16 | Developer's Guide explains the key concepts in IPS that you'll need to 17 | successfully create and maintain packages for OmniOS. 18 | 19 | Repository layout 20 | ================= 21 | 22 | The package metadata lives in a git repository, accessible at 23 | `https://github.com/omniosorg/omnios-build`. 24 | 25 | The `build` directory contains the package-specific metadata, with 26 | `template` containing various templates for common projects and 27 | `lib` housing various shell functions used by the system. `new.sh` 28 | is used to create a directory 29 | 30 | Your First OmniOS package 31 | ========================= 32 | 33 | Run the `new.sh` script with the name of the package you want to 34 | create for OmniOS. For example: 35 | 36 | ``` 37 | $ ./new.sh example 38 | ``` 39 | 40 | This will create an entry `build/example` with the following layout: 41 | 42 | ``` 43 | build/example/ 44 | build/example/build.sh 45 | build/example/patches 46 | ``` 47 | 48 | The `build.sh` script is pretty basic; here are the uncommented 49 | portions: 50 | 51 | ``` 52 | . ../../lib/functions.sh 53 | 54 | PROG=myapp # App name 55 | VER= # App version 56 | VERHUMAN=$VER # Human-readable version 57 | PKG= # Package name (e.g. library/foo) 58 | SUMMARY="" # One-liner, must be filled in 59 | DESC="" # Longer description, must be filled in 60 | 61 | init 62 | download_source $PROG $PROG $VER 63 | patch_source 64 | prep_build 65 | build 66 | make_isa_stub 67 | make_package 68 | clean_up 69 | ``` 70 | 71 | Most things here should be self-explanatory. The PKG variable should be 72 | set to the category and name of the package, but not include a publisher 73 | name. See [GeneralAdministration#FMRIFormat](GeneralAdministration.md#FMRIFormat) 74 | for details on package names. VERHUMAN preserves the upstream version in case it 75 | contains something other than numbers and dots. The package author may 76 | need to code up a conversion scheme so that VER conforms to IPS format. 77 | The value of VERHUMAN will be placed in the **pkg.human-version** key in 78 | the package, which is displayed in parentheses following the IPS 79 | component version in the output of 'pkg info', e.g.: 80 | 81 | ``` 82 | $ pkg info openssl 83 | Name: library/security/openssl 84 | Summary: openssl - A toolkit for Secure Sockets Layer (SSL v2/v3) and Transport Layer (TLS v1) protocols and general purpose cryptographic library 85 | State: Installed 86 | Publisher: omnios 87 | Version: 1.0.1.5 (1.0.1e) 88 | Build Release: 5.11 89 | Branch: 0.151006 90 | Packaging Date: May 6, 2013 06:54:19 PM 91 | Size: 18.00 MB 92 | FMRI: pkg://omnios/library/security/openssl@1.0.1.5,5.11-0.151006:20130506T185419Z 93 | ``` 94 | 95 | Useful configuration options: 96 | 97 | * `$MIRROR` is defined in `lib/config.sh` and defines the base URL from 98 | which the package will be downloaded. `download_source $PROG $PROG $VER` 99 | tries to download from `$MIRROR/$PROG/$PROG-$VER.*`. There is a 4th 100 | argument to `download_source` that specifies where to build the package 101 | * `$PKGSRVR` and `$PKGPUBLISHER` from `lib/site.sh` configure where the 102 | package gets published. See [CreatingRepos](CreatingRepos.md) 103 | for info on creating a repo 104 | 105 | Most items there are self-explanatory and in general shouldn't be 106 | changed for the usual case. 107 | 108 | Given all of this, it should be fairly simple to build basic packages. 109 | Shell variables set in build.sh will be available to the build process, 110 | so things like `$LDCLFAGS` and `$CFLAGS` work as expected. 111 | 112 | Best practice is to provide a `local.mog` file along with the `build.sh` 113 | for licensing. Its format is the following: 114 | 115 | ``` 116 | license $LICENSE_FILE license=$LICENSE_NAME 117 | ``` 118 | 119 | This helps inform users about the legal terms of using the packaged 120 | software. 121 | 122 | Troubleshooting 123 | =============== 124 | 125 | In the event of problems, `build.sh` leaves a log file, `build.log`. 126 | This should make any problems immediately evident, though solving them 127 | is left as an exercise for the reader. ;) 128 | 129 | More Information 130 | ================ 131 | 132 | * [Introduction to IPS](http://www.slideshare.net/esproul/ips-image-packaging-system) (slide stack, also available in [PDF](http://omnios.omniti.com/media/IPS_Intro.pdf)) 133 | * [pkg(5): Image Packaging System](http://en.wikipedia.org/wiki/Image_Packaging_System) 134 | * [Packaging and Delivering Software with the Image Packaging ystem: A Developer's Guide](http://omnios.omniti.com/media/ipsdevguide.pdf) 135 | * [IPS Project at java.net (Wayback Machine)](https://web.archive.org/web/20170317195523/https://java.net/projects/ips) 136 | -------------------------------------------------------------------------------- /PopulatingRepos.md: -------------------------------------------------------------------------------- 1 | Populating IPS Repos 2 | ==================== 3 | 4 | So we have set up a fancy IPS repo, but now we need to get packages into 5 | and out of it. We could either copy all the packages or only some of 6 | them. In either case, the source and destination URIs may be any 7 | combination of `http://` and `file://` URIs. 8 | 9 | Wholesale Repo Copy 10 | ------------------- 11 | 12 | ``` 13 | # pkgrecv -s https://pkg.omniosce.org/r151022/core/ -d file:///repo/myomnios/ 'pkg:/*' 14 | ``` 15 | 16 | What we have done above is tell `pkgrecv` to suck down all the packages 17 | from pkg.omniti.com/omnios/release and push them into a local file-based 18 | repo. The `pkg:/` at the end is just saying get everything. 19 | 20 | Cherry-picking 21 | -------------- 22 | 23 | You could just put in a pattern to match if you wanted specific 24 | packages. 25 | 26 | ``` 27 | pkgrecv -s https://pkg.omniosce.org/r151022/core/ -d file:///repo/myomnios/ pkg:/terminal/screen pkg:/shell/zsh 28 | ``` 29 | 30 | Specify as many pkg: FMRIs as needed (you can use shell-style globbing 31 | as in the wholesale example above.) 32 | 33 | Changing Package Metadata 34 | ------------------------- 35 | 36 | To pull down an individual package for editing, do something similar to 37 | the following example. You may want to make a metadata change, such as 38 | fixing a missing dependency, correcting a typo in the summary, or 39 | changing the publisher name. The gist is that you pull down a copy of 40 | the package to your local filesystem, make your changes, then publish an 41 | updated package back to the original repo or maybe to a different repo. 42 | 43 | > Changing package metadata in this way will result in a new package 44 | > with a different timestamp from the source package. 45 | 46 | Make a working directory somewhere: 47 | 48 | ``` 49 | $ mkdir /home/me/custom 50 | ``` 51 | 52 | Pull down a copy of the package to this directory. Using `--raw` gets us the package metadata as well as the content, and treats the destination as a plain directory and not a repository 53 | 54 | ``` 55 | $ pkgrecv -s file:///repo/myomnios -d /home/me/custom --raw pkg:/system/pciutils/pci.ids 56 | ``` 57 | 58 | 59 | In your specified directory you'll end up with a subdirectory structure of package-name/version-string, e.g 60 | 61 | ``` 62 | ./system%2Fpciutils%2Fpci.ids 63 | ./system%2Fpciutils%2Fpci.ids/2.2.20120906%2C5.11-0.151002%3A20120907T175614Z 64 | ``` 65 | 66 | Optionally make metadata changes. In the version directory there is a file, `manifest`. Make any necessary changes in this file. 67 | 68 | Use pkgsend to publish the package to a repo: 69 | 70 | ``` 71 | $ cd system%2Fpciutils%2Fpci.ids/2.2.20120906%2C5.11-0.151002%3A20120907T175614Z 72 | 73 | $ export PKG_TRANS_ID=$(pkgsend -s file:///repo/myomnios open -n system/pciutils/pci.ids@2.2.20120906,5.11-0.151002) 74 | 75 | $ pkgsend -s file:///repo/myomnios include manifest 76 | 77 | $ pkgsend -s file:///repo/myomnios close 78 | PUBLISHED 79 | pkg://omnios/system/pciutils/pci.ids@2.2.20120906,5.11-0.151002:20120907T180039Z 80 | ``` 81 | 82 | Note that when opening a new repo transaction, the environment variable 83 | PKG\_TRANS\_ID gets set by capturing the output of the `pkgsend open` 84 | operation, which returns a unique identifier for that transaction. 85 | PKG\_TRANS\_ID must be set for the subsequent actions to succeed. 86 | 87 | Notice as well that I didn't include the timestamp portion of the 88 | existing package's FMRI. It's not needed; as you can see, the updated 89 | package gets a new timestamp that corresponds to the publication date. 90 | -------------------------------------------------------------------------------- /Readme.md: -------------------------------------------------------------------------------- 1 | OmniOS Documentation 2 | ==================== 3 | 4 | Latest downloads 5 | 6 | * Stable: [ISO](http://omnios.omniti.com/media/OmniOS_Text_Stable_latest.iso), [USB](http://omnios.omniti.com/media/OmniOS_Text_Stable_latest.usb-dd), [PXE](http://omnios.omniti.com/media/OmniOS_Kayak_Stable_latest.zfs.bz2) 7 | * LTS: [ISO](http://omnios.omniti.com/media/OmniOS_Text_LTS_latest.iso), [USB](http://omnios.omniti.com/media/OmniOS_Text_LTS_latest.usb-dd), [PXE](http://omnios.omniti.com/media/OmniOS_Kayak_LTS_latest.zfs.bz2) 8 | 9 | ## Wiki 10 | 11 | * [Installation](Installation.md) - How to install OmniOS. 12 | * [Release Notes](ReleaseNotes.md) - Release-specific information. 13 | * [Release Cycle](ReleaseCycle.md) - Releases and their update schedules 14 | * [Freezing](GeneralAdministration.md#StayingOnARelease) - How to remain on a previous release 15 | * [Inter-release Planning](Intervals.md) - Work that happens between releases 16 | * [Admin Guide](GeneralAdministration.md) - How to run OmniOS. 17 | * [VirtualBox Notes](VirtualBoxNotes.md) - Known issues when running under [Oracle VM VirtualBox](https://www.virtualbox.org/) 18 | * [VMware Notes](VMwareNotes.md) - Getting OmniOS running under VMware products. 19 | * [EC2 How-to](Ec2Ami.md) - Creating an EC2 AMI 20 | * [Dev Environment](DevEnv.md) - Getting a basic development environment set up 21 | * [Man Page Sections](ManSections.md) - Locations of documentation 22 | * [Reporting Bugs](BugReports.md) - How to report issues 23 | * [Build Instructions](BuildInstructions.md) - How to build OmniOS. 24 | * [Preparing release media](ReleaseMedia.md) - How to create the release media 25 | * [Doing a Weekly Release](WeeklyReleaseHowto.md) - How to prepare a weekly release 26 | * [Vagrant Baseboxes](VagrantBaseboxes.md) - Creating a Vagrant base box for OmniOS. 27 | * [The Mission](OmniOSJeOS.md) - Producing a self-hosting, stripped-down OS for production deployments. 28 | * [Keep Your S**t To Yourself](KYSTY.md) - Embracing a minimalist principle 29 | * [Packaging](Packaging.md) - Details on where OmniOS packages live and how we make them. 30 | * [Creating Repos](CreatingRepos.md) - Everything Lives in a Repo so here is how to create one. 31 | * [More Info](MoreInfo.md) - Links to external sources of additional information. 32 | 33 | ## Package Server 34 | 35 | * [Stable release](https://pkg.omniosce.org/r151022/core/) 36 | * [LTS release](https://pkg.omniosce.org/r151022/core/) 37 | * [Bloody release](https://pkg.omniosce.org/bloody/core/) 38 | * [What's the difference?](StableVsBloody.md) 39 | 40 | ## Join the Conversation 41 | 42 | * IRC: #omnios and #illumos on Freenode 43 | * [OmniOS-discuss](http://lists.omniti.com/mailman/listinfo/omnios-discuss) - general discussion mailing list 44 | * [OmniOS-devel](http://lists.omniti.com/mailman/listinfo/omnios-devel) - technical discussion of ongoing development 45 | * [illumos mailing lists](http://wiki.illumos.org/display/illumos/illumos+Mailing+Lists) 46 | -------------------------------------------------------------------------------- /ReleaseCycle.md: -------------------------------------------------------------------------------- 1 | OmniOS Release Cycle 2 | ==================== 3 | 4 | Even-numbered releases are stable. Odd-numbered releases are unstable 5 | (bloody). See [stable vs. bloody](StableVsBloody.md) for more details 6 | on the difference between them. 7 | 8 | Stable releases come out every 26 weeks. Interim, “weekly” updates to 9 | stable follow a fixed schedule denoted by letters, one per week. Weekly 10 | releases are made as needed. The first release of a new stable version 11 | is synonymous with weekly release “a”, though the letter is not used. 12 | 13 | During the intervals between stable releases, Bloody moves forward 14 | rapidly, picking up changes from upstream illumos-gate and updating 15 | various userland packages. Major goals for each interval are 16 | [noted](Intervals.md). 17 | 18 | The following image illustrates how releases progress. 19 | 20 | ![OmniOS release cycle](Images/release-cycle.png) 21 | 22 | Image from [OmniOS: Motivation and Design, LISA '12](http://www.slideshare.net/postwait/omnios-lisa-2012) 23 | ([video](https://www.usenix.org/conference/lisa12/omnios-motivation-and-design)) 24 | 25 | ## Stable Support 26 | 27 | Note: this plan went into effect as of r151006. Also note: r151022 had 28 | an 8-month development cycles, due to upstream churn around r151022's 29 | start. 30 | 31 | Normal stable releases receive updates for one year. Long-Term Support 32 | releases receive updates for three years. LTS releases are staggered 33 | every two years, with [r151006](ReleaseNotes/r151006.md) being the 34 | first. Releases in **bold** are currently receiving support. 35 | 36 | | Release | Type | Release Date | Updates Until | 37 | |-------------|--------|------------------------------------|---------------| 38 | | r151006 | LTS | [H1 2013](ReleaseNotes/r151006.md) | H1 2016 | 39 | | r151008 | normal | [H2 2013](ReleaseNotes/r151008.md) | H2 2014 | 40 | | r151010 | normal | [H1 2014](ReleaseNotes/r151010.md) | H1 2015 | 41 | | r151012 | normal | [H2 2014](ReleaseNotes/r151012.md) | H2 2015 | 42 | | r151014 | LTS | [H1 2015](ReleaseNotes/r151014.md) | H1 2017 | 43 | | r151016 | normal | [H2 2015](ReleaseNotes/r151016.md) | H2 2016 | 44 | | r151018 | normal | [H1 2016](ReleaseNotes/r151018.md) | H1 2017 | 45 | | r151020 | normal | [H2 2016](ReleaseNotes/r151020.md) | H1 2017 | 46 | | **r151022** | LTS | [H1 2017](ReleaseNotes/r151022.md) | | 47 | 48 | ## Supported Upgrades 49 | 50 | Upgrades are supported from the most previous version in a given track 51 | (Stable vs. LTS) for the life of a given release. For example, upgrades 52 | from r151008 to r151010 will be supported for 1 year after the release 53 | of r151010, but not upgrades from r151006 to r151010. Upgrades from 54 | r151006 will be supported to r151014 for 3 years after the release of 55 | r151014. 56 | -------------------------------------------------------------------------------- /ReleaseMedia.md: -------------------------------------------------------------------------------- 1 | Preparing Release Media 2 | ======================= 3 | 4 | How to make the release images. If any of these are created, *all* 5 | should be created so that we remain consistent. 6 | 7 | ## Kayak 8 | 9 | Kayak builds require a global zone with no non-global zones configured. 10 | As of [r151022](ReleaseNotes/r151022.md) Kayak now generates ALL of the 11 | OmniOS release media. 12 | 13 | Check out the [source]https://github.com/omniosorg/kayak), **ensuring 14 | that it is the branch matching the release you're building for**, 15 | install gnu-make, cdrtools, and if this isn't the first time you've make 16 | Kayak media on this host: 17 | 18 | ``` 19 | # zfs destroy -R rpool/kayak_image 20 | # zfs create rpool/kayak_image 21 | ``` 22 | 23 | Then (as root or with sudo): 24 | 25 | ``` 26 | # gmake install-usb 27 | ``` 28 | 29 | The install-usb target is dependent on all of the other media. When you 30 | are done, you will see: 31 | 32 | | file | purpose | 33 | |---------------------------------------------|---------------------------------------------------------------------------------------------| 34 | | `/rpool/kayak_image/miniroot.gz` | The PXE boot miniroot that also forms the ISO/USB miniroot | 35 | | `/rpool/kayak_image/kayak_$RELEASE.zfs.bz2` | The compressed ZFS send stream that Kayak installers spray onto a new rpool | 36 | | `/rpool/kayak_image/$RELEASE.iso` | The ISO image for the [Kayak Interactive Installer](KayakInteractive.md) | 37 | | `/rpool/kayak_image/$RELEASE.usb-dd` | The USB stick image (using dd(1) for the [Kayak Interactive Installer](KayakInteractive.md) | 38 | 39 | ## Publishing Media Files 40 | 41 | Copy the media files to the `https://pkg.omniosce.org/` webserver, placing 42 | them in the media directory. Don't forget to [update symlinks](WeeklyReleaseHowto.md#Updatingsymlinks). 43 | -------------------------------------------------------------------------------- /ReleaseNotes.md: -------------------------------------------------------------------------------- 1 | OmniOS Release Notes 2 | ==================== 3 | 4 | * [OmniOS r151022](ReleaseNotes/r151022.md) - Initial release May 12 2017 - **Current LTS and Stable** 5 | * [OmniOS r151020](ReleaseNotes/r151020.md) - Initial release November 4 2016 6 | * [OmniOS r151018](ReleaseNotes/r151018.md) - Initial release April 14 2016 7 | * [OmniOS r151016](ReleaseNotes/r151016.md) - Initial release November 3 2015 8 | * [OmniOS r151014](ReleaseNotes/r151014.md) - Initial release April 3 2015 9 | * [OmniOS r151012](ReleaseNotes/r151012.md) - Initial release October 1 2014 10 | * [OmniOS r151010](ReleaseNotes/r151010.md) - Initial release May 7 2014 11 | * [OmniOS r151008](ReleaseNotes/r151008.md) - Initial release December 5 2013 12 | * [OmniOS r151006](ReleaseNotes/r151006.md) - Initial release May 8 2013 13 | * [OmniOS r151004](ReleaseNotes/r151004.md) - Initial release October 29 2012 14 | * [OmniOS r151002](ReleaseNotes/r151002.md) - Initial release April 2 2012 15 | 16 | ## Bloody Release 17 | 18 | The [bloody release](Bloody.md) has unsigned packages, and is in flux FAR MORE than its stable or LTS peers. 19 | 20 | The OmniOS release cycle [explained](ReleaseCycle.md). 21 | 22 | Unless specifically noted, any interim (“weekly”) release may be applied 23 | via `pkg update` without a reboot. See [the admin page](GeneralAdministration.md#PackageManagement) 24 | for details on using pkg(1). 25 | 26 | Major releases are really all that matter in terms of general support. 27 | Use `pkg info` on packages mentioned in weekly releases to see if you 28 | have the updated version. 29 | 30 | To determine the major release your system is on, look at `/etc/release` 31 | 32 | ``` 33 | OmniOS v11 r151014 34 | Copyright 2015 OmniTI Computer Consulting, Inc. All rights reserved. 35 | Use is subject to license terms. 36 | ``` 37 | 38 | or starting with [OmniOS r151018](ReleaseNotes/r151018.md), `uname -v` or `uname -a` will 39 | have it as well: 40 | 41 | ``` 42 | r151018(~)[0]% uname -v 43 | omnios-r151018-ae3141d 44 | r151018(~)[0]% uname -a 45 | SunOS r151018 5.11 omnios-r151018-ae3141d i86pc i386 i86pc 46 | r151018(~)[0]% 47 | ``` -------------------------------------------------------------------------------- /ReleaseNotes/r151002.md: -------------------------------------------------------------------------------- 1 | OmniOS r151002 2 | ============== 3 | 4 | ## r151002w 5 | 6 | Weekly release for 3-7 Sep 2012 7 | 8 | * Bug fixes 9 | * Installer crashes during disk selection under VMware have been 10 | backported to the stable release. The stable [ISO](Installation.md#FromCDiso) 11 | has been updated 12 | * The Kayak web service (`svc:/network/kayak:default`) manifest was not 13 | imported at install time. The package has been updated to deliver the 14 | XML manifest into a directory where it will be automatically imported 15 | * Updated packages 16 | * updated to 2012-09-06 snapshot 17 | 18 | ## r151002u 19 | 20 | Weekly release for 20-24 Aug 2012 21 | 22 | * Updated packages 23 | * `security/sudo` updated to 1.8.4p5 (fixes an 24 | [issue with IP network matching](http://www.gratisoft.us/sudo/alerts/netmask.html)) 25 | * `system/pciutils/pci.ids` updated to 2012-08-15 snapshot 26 | * `terminal/screen` will now read the global /etc/screenrc file. 27 | Thanks to Jorge Schrauwen (sjorge) for suggesting this change 28 | 29 | ## r151002r 30 | 31 | Weekly release for 30 July - 3 Aug 2012 32 | 33 | “Too bad this be not Talk Like A Pirate Day... arrrr” 34 | 35 | * Updated packages 36 | * `developer/gcc46` now depends on `developer/library/lint` and `developer/linker` 37 | to make it easier to get a fully-functional build environment 38 | * `network/dns/bind` updated to 9.9.1-P2 ([release notes](https://kb.isc.org/article/AA-00718)) 39 | * `system/pciutils/pci.ids` updated to 2012-07-11 snapshot 40 | 41 | ## r151002o 42 | 43 | Weekly release for 9-13 July 2012 44 | 45 | * Updated packages 46 | * `system/pciutils` updated to version 3.1.10 47 | * `system/pciutils/pci.ids` updated to 2012-06-25 snapshot 48 | 49 | ## r151002l 50 | 51 | Weekly release for 18-22 June 2012 52 | 53 | * Security fixes 54 | * [US-CERT Vulnerability 649219](http://www.kb.cert.org/vuls/id/649219) 55 | (SYSRET 64-bit operating system privilege escalation vulnerability 56 | on Intel CPU hardware) 57 | * fix is in-kernel; update requires reboot 58 | 59 | * Other changes 60 | * `service/network/ntp` (re-compiled to restore traditional 61 | Solaris default config file location `/etc/inet/ntp.conf`) 62 | 63 | A new release ISO has been made which includes the above security fix; 64 | see the [installation page](Installation.md#FromCDiso). 65 | 66 | ## r151002h 67 | 68 | Weekly release for 21-25 May 2012 69 | 70 | * Updated packages 71 | * `network/dns/bind` BIND 9.9.1 client utilities 72 | ([release notes](https://deepthought.isc.org/article/AA-00674)) 73 | * New packages 74 | * `system/pciutils` provides PCI utilities lspci, setpci 75 | * `system/pciutils/pci.ids` is the PCI device database for pciutils (provided separately as it updates more often) 76 | 77 | ## r151002f 78 | 79 | Weekly release for 7-11 May 2012 80 | 81 | * Security fixes 82 | * OpenSSL 1.0.1c ([advisory](http://www.openssl.org/news/secadv_20120510.txt)) 83 | * Removed packages 84 | * image/library/libjpeg 85 | * image/library/libpng 86 | * image/library/libtiff 87 | * library/print/cups-libs 88 | * library/print/lcms2 89 | * print/cups 90 | * print/filter/ghostscript 91 | * system/library/fontconfig 92 | * system/library/freetype-2 93 | * Furthering our minimalism goal, we have removed dependencies on 94 | Ghostscript and CUPS. This breaks CUPS support in smbd (spool). 95 | If we decide we want to enable that, we should only require the 96 | cups header to build and should consider packaging that in 97 | illumos-gate 98 | * Note that these packages are not defined in the “entire” incorporation 99 | so typical installs would not have any of these packages. They would only 100 | have been installed if you were building the OS‚‘ 101 | * New packages 102 | * `system/install/kayak` : [Kayak network installer system](Installation.md#Fromthenetwork) 103 | * `system/install/kayak-kernel` : Kayak boot kernel and miniroot 104 | 105 | ## r151002c 106 | 107 | * Weekly release for 16-20 April 2012 108 | * Security fixes: 109 | * OpenSSL 1.0.1a ([advisory](http://openssl.org/news/secadv_20120419.txt)) 110 | * Other changes: 111 | * C++ ABI change: illumos-gate userland now built with g++ 4.6.3 (previously we used 3.4.3) 112 | * tmux added to core (terminal/tmux) 113 | 114 | ## r151002 115 | 116 | * Initial public release. 117 | * Published complete build system: [repo:core/omnios-build](https://omnios.omniti.com/browse.php/core/omnios-build) 118 | * Userland (notable differences from other distros) 119 | * Perl 5.14.2 120 | * Python 2.6.7 121 | * OpenSSL 1.0.1 122 | * libxml2 2.7.8 123 | * zlib 1.2.6 124 | * qemu + kvm 125 | * Illumos changes 126 | * Illumos upstream at changeset:core/illumos-omnios,eb36692e8e3d1add7a4530a507a828476656941b 127 | * Changed: 128 | * Switch default timezone to UTC. 129 | * Build python support bits dual (32/64) architecture. 130 | * Added 64bit versions of libbe, libinstzone, libdhcputil, libwanboot, libwanbootutil, libzoneinfo, libfstyp. 131 | * Fixed build to use gas 2.22 132 | * Added: 133 | * `svc:/system/initial-boot:default` 134 | * Removed: 135 | * Removed machid(1) 136 | * Removed all dependencies on `sysidtool` 137 | * Removed all dependencies on `product-registry` 138 | * Removed mod_ipp and thus the Apache 1.3 dependency 139 | * Prevent `svc-auditset` from running inside a zone 140 | * Removed build dependency on docbook 141 | * Removed dependency on Python 2.4 142 | * Installer 143 | * Caiman-based, reduced interaction installer 144 | -------------------------------------------------------------------------------- /ReleaseNotes/r151004.md: -------------------------------------------------------------------------------- 1 | OmniOS r151004 2 | ============== 3 | 4 | ## r151004y 5 | 6 | Weekly release for 15-19 Apr 2013 7 | 8 | * Security fixes 9 | * `web/curl` - 7.30.0, [libcurl cookie domain tailmatch](http://curl.haxx.se/docs/adv_20130412.html), 10 | [libcurl SASL buffer overflow vulnerability](http://curl.haxx.se/docs/adv_20130206.html) 11 | * Updated packages 12 | * `file/gnu-coreutils` - 8.20, fixes cp permission error when preserving file ACLs (cp -a) 13 | * `incorporation/jeos/omnios-userland` - relaxes restrictions on curl and 14 | gnu-coreutils packages to allow for the above updates 15 | 16 | ## r151004v 17 | 18 | Weekly release for 1-5 Apr 2013 19 | 20 | * Updated packages 21 | * `network/dns/bind` - 9.9.2-P2, [Removed the check for regex.h in configure](https://kb.isc.org/article/AA-00889) (isc.org). OmniOS does not ship libregex so there is no security vulnerability. 22 | * `system/pciutils/pci.ids` - updated to 2013-03-29 snapshot 23 | 24 | ## r151004t 25 | 26 | Weekly release for 18-22 Mar 2013 27 | 28 | * Security fix 29 | * `driver/virtualization/kvm` - fix for CVE-2013-1798 30 | [Fix bounds checking in ioapic indirect register reads](http://seclists.org/oss-sec/2013/q1/702). 31 | 32 | *Note:* The illumos KVM implementation is **not** vulnerable to the 33 | other two CVEs that are related to this one (1796, 1797) 34 | 35 | If you do not run any KVM guests, you likely do not have the kvm driver 36 | loaded. Simply updating the package will be sufficient. An updated 37 | omnios-userland incorporation package is required as well, which relaxes 38 | the version constraint on the KVM packages. A blanket 'pkg update' will 39 | take care of this, but if you are not applying all available updates, 40 | you need, at a minimum: `omnios-userland`, `driver/virtualization/kvm` and `system/kvm` 41 | 42 | To update the kvm driver on a running system: 43 | 44 | * Obtain the module ID, which is the first column in the output of modinfo(1M): 45 | ``` 46 | # modinfo | grep kvm 47 | 266 fffffffff8325000 39ff0 265 1 kvm (kvm driver v0.1) 48 | ``` 49 | * Shut down all KVM guests. 50 | * Unload the current module using the ID obtained above: 51 | ``` 52 | # modunload -i 266 53 | ``` 54 | * Load the updated module: 55 | ``` 56 | # modload -p drv/kvm 57 | ``` 58 | * Verify the updated module has loaded. Note the change in size from the previous info (third column): 59 | ``` 60 | # modinfo | grep kvm 61 | 266 fffffffff8325000 39eb0 265 1 kvm (kvm driver v0.1) 62 | ``` 63 | 64 | If you encounter errors with the above procedure, just reboot. 65 | 66 | ## r151004r 67 | 68 | Weekly release for 4-8 Mar 2013 69 | 70 | * Security fixes 71 | * `security/sudo` - fixes for 72 | [Authentication bypass when clock is reset (CVE-2013-1775)](http://www.sudo.ws/sudo/alerts/epoch_ticket.html) and 73 | [Potential bypass of tty_tickets constraints CVE-2013-1776)](http://www.sudo.ws/sudo/alerts/tty_tickets.html) 74 | * Requires updated omnios-userland to relax the version restriction 75 | * Updated packages 76 | * `system/pciutils/pci.ids` updated to 2013-03-02 snapshot 77 | 78 | As always, a `pkg update -nv` will do a “dry run” and show you the 79 | proposed upgrades. 80 | 81 | ## r151004n 82 | 83 | Weekly release for 4-8 Feb 2013 84 | 85 | * Security fixes 86 | * `library/security/openssl@1.0.1.4` - SSL, TLS and DTLS Plaintext 87 | Recovery Attack (CVE-2013-0169) 88 | [OpenSSL advisory](http://www.openssl.org/news/secadv_20130205.txt) 89 | * Shortly after r151004n was announced, we were made aware of a 90 | [regression](http://rt.openssl.org/Ticket/Display.html?id=2975) 91 | in 1.0.1d that causes corruption of the data stream on x86_64. 92 | We have applied the patch referenced in the ticket and re-published 93 | the package 94 | * The omnios-userland incorporation was overly restrictive with the 95 | openssl version. In order to update openssl, do: 96 | ``` 97 | # pkg update omnios-userland openssl 98 | ``` 99 | * This [shell script](Attachments/ssl_services_to_restart.sh) 100 | will examine running processes in the current zone and tell you which services 101 | need to be restarted to complete the update 102 | * Updated packages 103 | * `system/pciutils/pci.ids` updated to 2013-02-05 snapshot 104 | 105 | ## r151004j 106 | 107 | Weekly release for 7-11 Jan 2013 108 | 109 | * Updated packages 110 | * `system/library/pcap` - backported fix from bloody which corrects a build issue that results in a missing symbol. 111 | * `system/pciutils/pci.ids` - updated to 2013-01-07 snapshot 112 | 113 | ## r151004h 114 | 115 | Weekly release for 24-28 Dec 2012 116 | 117 | * Updated packages 118 | * `developer/versioning/git` - Now with man pages! Git documentation is written in 119 | [AsciiDoc](http://www.methods.co.nz/asciidoc/), which requires an enormous number 120 | of dependencies, adding support overhead and bloat for little benefit. Git's man 121 | pages are now [built on a different system](BuildInstructions.md#git) and included 122 | in the final package. 123 | 124 | ## r151004f 125 | 126 | Weekly release for 10-14 Dec 2012 127 | 128 | * New packages 129 | * `system/management/ec2-api-tools` - API tools serve as the client interface to 130 | the Amazon EC2 web service 131 | * Updated packages 132 | * `network/dns/bind` - BIND 9.9.2-P1 client utilities 133 | * `system/pciutils/pci.ids` updated to 2012-12-08 snapshot 134 | 135 | ## r151004b 136 | 137 | Weekly release for 12-16 Nov 2012 138 | 139 | * Bug fixes 140 | * Missing build dependency for `system/management/ipmitool` resulted in bmc 141 | interface not working. Recompiled with correct support 142 | * New packages 143 | * `system/management/ec2-credential` - Service that handles Amazon EC2 ssh key 144 | setup at boot time. Already included in official AMIs; not relevant outside AWS 145 | * Updated packages 146 | * `system/pciutils/pci.ids` updated to 2012-11-11 snapshot 147 | 148 | ## r151004 149 | 150 | Stable release, October 29, 2012 151 | 152 | illumos-omnios at 153 | [33fdde4](https://omnios.omniti.com/changeset.php/core/illumos-omnios/33fdde4db8344e316d03e0582b73cdc5608c8f1e) 154 | 155 | ### Highlights 156 | 157 | * Corrected some latent issues with package metadata related to upgrading 158 | * New “omnios-userland” incorporation prevents accidentally upgrading 159 | non-illumos-gate packages past one's current release 160 | * **NOTE**: A small number of package updates are required prior to upgrading from r151002 161 | See [Upgrade_r151002_r151004](Upgrade_r151002_r151004.md) 162 | * illumos-gate built with GCC 4.4.4-il 163 | * [ZFS feature flags](http://www.mail-archive.com/zfs-discuss@opensolaris.org/msg45854.html) 164 | * [ZFS I/O throttling for zones](http://dtrace.org/blogs/wdp/2011/03/our-zfs-io-throttle/) 165 | 166 | ### Userland changes 167 | 168 | * developer/build/automake-111 - Automake 1.11.6 169 | * file/gnu-coreutils - /usr/gnu/bin/install now linked to /usr/bin/install 170 | * network/dns/bind - BIND 9.9.2 171 | * system/install/kayak - more utilities in miniroot environment, helpful for breakfix 172 | * system/library/pcap - libpcap 1.3.0, now uses DLPI 173 | * system/pciutils/pci.ids - snapshot as of 2012-10-10 174 | * Removed GCC 3 packages: developer/gcc-3, system/library/gcc-3-runtime 175 | 176 | ### Notable upstream illumos changes 177 | 178 | * [370](https://www.illumos.org/issues/370) Open-source IPMI baseboard driver (driver/ipmi) 179 | * [3047](https://www.illumos.org/issues/3047) grep support for -r 180 | * [3014](https://www.illumos.org/issues/3014) Intel X540 Support 181 | * [3021](https://www.illumos.org/issues/3021) time-ordered output for DTrace 182 | * [1450](https://www.illumos.org/issues/1450) Illumos buildable with GCC4 183 | * [2831](https://www.illumos.org/issues/2831) reduce SMF memory footprint 184 | * [2619](https://www.illumos.org/issues/2619) asynchronous destruction of ZFS file systems 185 | * [2747](https://www.illumos.org/issues/2747) zpool feature flags 186 | 187 | ### Changes from other sources 188 | 189 | * illumos-kvm as of [bb04ae8a50](https://github.com/joyent/illumos-kvm/commit/bb04ae8a50029589b0b2df66bcb1136c1624d72a) (Joyent) 190 | * illumos-kvm-cmd as of [6d85df9c59](https://github.com/joyent/illumos-kvm-cmd/commit/6d85df9c5991c26ead6195ef6eed31e604b14db5) (Joyent) 191 | * ZFS I/O throttle (Joyent) 192 | * includes new `vfsstat` command to inspect filesystem activity 193 | closer to where it matters for applications 194 | * [2869](https://www.illumos.org/issues/2869) Fix duplicate packets when using VNICs over aggr links (OmniTI) 195 | -------------------------------------------------------------------------------- /ReleaseNotes/r151008.md: -------------------------------------------------------------------------------- 1 | OmniOS r151008 2 | ============== 3 | 4 | ## r151008 August 7 5 | 6 | * Security fix, updating OpenSSL to 1.0.1i per 7 | [here](https://www.openssl.org/news/secadv_20140806.txt) 8 | 9 | ## r151008_027 10 | 11 | Weekly release for 2 June - 6 June 2014 12 | 13 | * Security fixes: 14 | * Update OpenSSL to 1.0.1h to address [OpenSSL SecAdv 20140605](https://www.openssl.org/news/secadv_20140605.txt) 15 | 16 | 17 | ## r151008t 18 | 19 | Weekly release for 7-11 April 2014 20 | 21 | Security fixes: 22 | 23 | * update to 1.0.1g, fixing [CVE-2014-0160](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160) (aka the “Heartbleed” bug). 24 | * **TIP:** After installing the update, you should restart any daemons which utilize the affected OpenSSL libraries (libssl, and libcrypto). We have a [shell script](http://omnios.omniti.com/media/ssl_services_to_restart.sh) will examine running processes in the current zone and inform you which services need to be restarted to complete the update. 25 | 26 | Bug fixes: 27 | 28 | * Multiple fixes which increase hot-plug reliability with LSI HBAs. (**REBOOT REQUIRED**) 29 | * [4682](https://www.illumos.org/issues/4682) panic in mptsas refhash 30 | * [4500](https://www.illumos.org/issues/4500) mptsas_hash_traverse() is unsafe, leads to missing devices 31 | * [4403](https://www.illumos.org/issues/4403) mpt_sas panic when pulling a drive 32 | * [4623](https://www.illumos.org/issues/4623) Remove -Wno-unused-label from mpt_sas 33 | * Fix a crash in the ipmi driver which can occur under some access circumstances (**REBOOT REQUIRED**) 34 | * [4636](https://www.illumos.org/issues/4636) ipmi driver calls delay without converting to hz 35 | * [4637](https://www.illumos.org/issues/4637) ipmi driver needs to coordinate access to the dev_list 36 | 37 | ## r151008j 38 | 39 | Weekly release for 6-10 January 2014 40 | 41 | Security fixes: 42 | 43 | * `library/security/openssl` update to 1.0.1f, fixing 44 | [CVE-2013-6449](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449), 45 | [CVE-2013-6450](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450), and 46 | [CVE-2013-4353](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353) 47 | 48 | Bug fixes: 49 | 50 | * `package/pkg`, `system/zones/brand/ipkg` fix an issue that caused problems 51 | with creating and attaching zones. (**REBOOT REQUIRED**) 52 | * `system/install/kayak`, `system/install/kayak-kernel` updated miniroot and 53 | fix to image builder scripts to allow building ZFS streams for LTS release 54 | 55 | Updated release media are [available](Installation.md) which contain 56 | these updates. 57 | 58 | ## r151008f 59 | 60 | Weekly release for 9 December - 13 December 2013 61 | 62 | Bug fixes - Updated kernel (**REBOOT REQUIRED**) 63 | 64 | * system/file-system/zfs: [4347](https://www.illumos.org/issues/4347) 65 | ZPL can use dmu_tx_assign(TXG_WAIT) 66 | * Updated omnios-userland to have correct versions it requires to facilitate 67 | users upgrading to later 151008 packages after install. In addition, the 68 | 151006->151008 upgrade document has been upgraded to have instructions on 69 | doing the upgrade in the event that one is missing omnios-userland in 151006 70 | 71 | ## r151008e 72 | 73 | This is the initial release of r151008 to keep the release schedule in 74 | place. 75 | 76 | ### r151008 77 | 78 | Stable release, December 5, 2013 79 | 80 | *Note that because this release was late, and we are in week “e” of the 81 | release schedule, the initial release media is named r151008e.* 82 | 83 | illumos-omnios at 84 | [6de5e81](https://omnios.omniti.com/changeset.php/core/illumos-omnios/6de5e81bf5b176581b7f017bf92f7d11b5145779) 85 | 86 | Upgrade instructions: [Upgrade_r151006_r151008](Upgrade_r151006_r151008.md) 87 | 88 | * Highlights 89 | * All packages shipped as part of OmniOS r151008 are now cryptographically signed 90 | * All package signatures will be verified by default, including on systems upgraded from r151006 91 | * More strict policies regarding signatures are possible. See “signature-policy” under 92 | IMAGE PROPERTIES in the pkg(1) man page for details 93 | * New ZFS pool features: spacemap_histogram, multi_vdev_crash_dump, extensible_dataset 94 | * see zpool-features(5) for details on what these features do 95 | * Rewritten ZFS write throttle to produce more consistent delays under constant load 96 | * This supersedes the per-zone I/O throttle feature taken from illumos-joyent 97 | in r151006. We are investigating a compatible feature set 98 | * ZFS L2ARC compression 99 | * Dump volumes may now be placed on multi-vdev pools such as raidz, striped mirrors 100 | * Oracle Java SE 6 replaced with OpenJDK 7 101 | * GCC 4.8.1 102 | * New, open source driver for HP !SmartArray controllers: cpqary(7D) 103 | * IPD, the Internet Packet Disturber, is a new kernel facility for simulating 104 | pathological networks by inducing packet drops, delays and corruption 105 | * available in `pkg:/network/ipd` and administered by ipdadm(1M) 106 | * usable by the global zone and zones with exclusive IP stacks 107 | * Notable upstream illumos changes and fixes 108 | * [2583](https://www.illumos.org/issues/2583) Add -p (parsable) option to zfs list 109 | * [2932](https://www.illumos.org/issues/2932) support crash dumps to raidz, etc. pools 110 | * [2989](https://www.illumos.org/issues/2989) LOGNAME_MAX should be increased to 32 111 | * [3137](https://www.illumos.org/issues/3137) L2ARC compression 112 | * [3881](https://www.illumos.org/issues/3881) want device driver for HP !SmartArray RAID controllers 113 | * [4016](https://www.illumos.org/issues/4016) disk-monitor should activate fault/fail indicators 114 | * [4018](https://www.illumos.org/issues/4018) mpt_sas: allow physical topology enumeration in libtopo 115 | * [4045](https://www.illumos.org/issues/4045) zfs write throttle & i/o scheduler performance work 116 | * [4086](https://www.illumos.org/issues/4086) readonly option for lofiadm(1m) 117 | * [4090](https://www.illumos.org/issues/4090) igb I210/I211 support 118 | * [4091](https://www.illumos.org/issues/4091) e1000g I217/I218 support 119 | * [4166](https://www.illumos.org/issues/4166) EOF pcata 120 | * [4167](https://www.illumos.org/issues/4167) EOF pcser 121 | * [2995](https://www.illumos.org/issues/2995) pcan and pcwl wifi device drivers EOL 122 | * [4236](https://www.illumos.org/issues/4236) Internet Packet Disturber 123 | * Package changes ([+] Added, [-] Removed, [*] Changed) 124 | * [*] compress/gzip 1.5 -> 1.6 125 | * [*] compress/xz 5.0.4 -> 5.0.5 126 | * [*] data/iso-codes 3.39 -> 3.46 127 | * [*] database/sqlite-3 3.7.14.1 -> 3.8.0.2 128 | * [*] developer/build/automake 1.12 -> 1.14 129 | * [-] developer/gcc47 130 | * [-] developer/gcc47/libgmp-gcc47 131 | * [-] developer/gcc47/libmpc-gcc47 132 | * [-] developer/gcc47/libmpfr-gcc47 133 | * [+] developer/gcc48 4.8.1 134 | * [+] developer/gcc48/libgmp-gcc48 5.0.5 135 | * [+] developer/gcc48/libmpc-gcc48 1.0.1 136 | * [+] developer/gcc48/libmpfr-gcc48 3.1.1 137 | * [*] developer/gnu-binutils 2.23 -> 2.23.2 138 | * [*] developer/macro/gnu-m4 1.4.16 -> 1.4.17 139 | * [*] developer/parser/bison 2.6.4 -> 2.7.1 140 | * [*] developer/swig 2.0.8 -> 2.0.11 141 | * [*] developer/versioning/git 1.8.1.3 -> 1.8.4 142 | * [*] developer/versioning/mercurial 2.3.2 -> 2.7.1 143 | * [*] driver/virtualization/kvm 1.0.5 -> 1.0.5.11 144 | * [*] editor/vim 7.3 -> 7.4.45 145 | * [*] file/gnu-coreutils 8.20 -> 8.21 146 | * [*] library/gmp 5.0.5 -> 5.1.2 147 | * [*] library/libidn 1.25 -> 1.28 148 | * [*] library/nspr 4.9.3 -> 4.10 149 | * [*] library/nspr/header-nspr 4.9.3 -> 4.10 150 | * [*] library/pcre 8.31 -> 8.33 151 | * [*] library/unixodbc 2.2.14 -> 2.3.1 152 | * [*] library/zlib 1.2.7 -> 1.2.8 153 | * [*] network/dns/bind 9.9.3.2 -> 9.9.4 154 | * [+] network/ipd 0.5.11 155 | * [*] runtime/python-26 2.6.7 -> 2.6.8 156 | * [*] security/sudo 1.8.6.7 -> 1.8.7 157 | * [*] shell/pipe-viewer 1.3.9 -> 1.4.12 158 | * [*] shell/zsh 5.0.0 -> 5.0.2 159 | * [*] system/kvm 1.0.5 -> 1.0.5.11 160 | * [*] system/library/g++-4-runtime 4.7.2 -> 4.8.1 161 | * [*] system/library/gcc-4-runtime 4.7.2 -> 4.8.1 162 | * [*] system/library/pcap 1.3.0 -> 1.4.0 163 | * [*] system/management/ec2-api-tools 1.6.5.1 -> 1.6.10.0 164 | * [*] system/management/ipmitool 1.8.12 -> 1.8.13 165 | * [*] system/pciutils/pci.ids 2.2.20131023 -> 2.2.20131202 166 | * [*] terminal/tmux 1.7 -> 1.8 167 | * [*] text/gawk 4.0.1 -> 4.1.0 168 | * [*] text/gnu-diffutils 3.2 -> 3.3 169 | * [*] text/gnu-gettext 0.18.1.1 -> 0.18.3.1 170 | * [*] text/gnu-sed 4.2.1 -> 4.2.2 171 | * [*] text/groff 1.21 -> 1.22.2 172 | * [*] web/curl 7.31.0 -> 7.33.0 173 | * Other notes 174 | * DTrace support in `pkg:/runtime/perl` has been disabled temporarily until build issues can be worked out. 175 | -------------------------------------------------------------------------------- /ReleaseNotes/r151010.md: -------------------------------------------------------------------------------- 1 | OmniOS r151010 2 | ============== 3 | 4 | ## r151010u 5 | 6 | Weekly release for 18 August - 22 August 2014 7 | 8 | * Other fixed: 9 | * Backported Illumos [5111](https://illumos.org/issues/5111) (**REBOOT REQUIRED**) 10 | 11 | ## r151010s 12 | 13 | Weekly release for 4 August - 8 August 2014 14 | 15 | * Security fixes: 16 | * Update OpenSSL to 1.0.1i to address [OpenSSL SecAdv 20140806](https://www.openssl.org/news/secadv_20140806.txt) 17 | * Other fixes: 18 | * Backported Illumos [5026](https://illumos.org/issues/5026) (**REBOOT REQUIRED**) 19 | * Small modification to Perl build system generated a Perl-OS-modules update 20 | 21 | ## r151010j 22 | 23 | Weekly release for 2 June - 6 June 2014 24 | 25 | * Security fixes: 26 | * Update OpenSSL to 1.0.1h to address [OpenSSL SecAdv 20140605](https://www.openssl.org/news/secadv_20140605.txt) 27 | 28 | ## r151010 release 29 | 30 | Stable release, May 7, 2014 31 | 32 | illumos-omnios at 33 | [8c08411](https://omnios.omniti.com/changeset.php/core/illumos-omnios/8c084111cb2add343e3a1b8fbca6c3636b129acf) 34 | 35 | Upgrade instructions: [Upgrade_r151008_r151010](Upgrade_r151008_r151010.md) 36 | 37 | * Highlights 38 | * All packages shipped as part of OmniOS r151010 are cryptographically signed 39 | * All package signatures will be verified by default 40 | * More strict policies regarding signatures are possible. See “signature-policy” 41 | under IMAGE PROPERTIES in the pkg(1) man page for details 42 | * OmniOS has moved to a per-release package repository setup. Each major release 43 | going forward will have its own IPS repository 44 | * The previous repo for releases ([http://pkg.omniti.com/omnios/release/](http://pkg.omniti.com/omnios/release/)) 45 | will continue to serve packages for r151006 and r151008 46 | * The repo for r151010 is [http://pkg.omniti.com/omnios/r151010/](http://pkg.omniti.com/omnios/r151010/). 47 | See [the upgrade instructions](Upgrade_r151008_r151010.md) on how to move between repos if upgrading 48 | from a previous OmniOS release 49 | * ZFS: 50 | * ZFS performance and reliability improvements, especially with hole-y ZFS sends and receives 51 | * ZFS bookmarks for easier sending and receiving of ZFS filesystems 52 | * ZFS CLI improvements 53 | * DTrace: 54 | * Increase DTrace visibility inside non-global zones 55 | * DTrace now can speak to you in JSON 56 | * Histogram support in DTrace's count() 57 | * Hardware Support: 58 | * Supports Intel i354-based ethernet interfaces 59 | * SATA support for nVidia MCP61 chipsets 60 | * Areca 1882 SAS HBA support 61 | * Support for the HP P400 SmartArray HBA added to the cpqary3(7D) driver 62 | * Reliability improvements to the mpt_sas(7D) driver for LSI HBAs 63 | * Other: 64 | * Grub composite console (grub console on multiple screens) 65 | * OmniOS can now execute the Illumos test suites 66 | * Improvements in libumem(3umem) performance 67 | * NFS reliability improvements 68 | * Notable upstream illumos changes and fixes 69 | * [4694](https://www.illumos.org/issues/4694) svcs(1) truncates contract ID 70 | * [3243](https://www.illumos.org/issues/3243) Add shadow support to getent(1) 71 | * [4655](https://www.illumos.org/issues/4655) add %Z corefile name pattern for zonepath 72 | * [4669](https://www.illumos.org/issues/4669) cpqary3 driver does not see drives on P400 Smart-Array 73 | * [4431](https://www.illumos.org/issues/4431) igb support for I354 74 | * [4471](https://www.illumos.org/issues/4471) DTrace count() with histogram 75 | * [4474](https://www.illumos.org/issues/4474) Userland CTF Support 76 | * [374](https://www.illumos.org/issues/374) cron should send more useful mail 77 | * [4337](https://www.illumos.org/issues/4337) eliminate /etc/TIMEZONE 78 | * [4573](https://www.illumos.org/issues/4573) ZFS snapshot alias 79 | 80 | ### Package changes ([+] Added, [-] Removed, [*] Changed) 81 | 82 | * [*] terminal/tmux 1.6 -> 1.9a 83 | * [*] network/dns/bind 9.9.4 -> 9.9.5 84 | * [*] network/rsync 3.0.9 -> 3.1.0 85 | * [*] library/nspr 3.39 -> 3.46 86 | * [*] system/pciutils 2.23 -> 3.2.1 87 | * [*] file/gnu-coreutils 8.21 -> 8.22 88 | * [*] system/management/snmp/net-snmp 5.7.2 -> 5.7.2.1 89 | * [*] web/curl 7.33.0 -> 7.36.0 90 | * [*] web/wget 1.14 -> 1.15 91 | -------------------------------------------------------------------------------- /ReleaseNotes/r151012.md: -------------------------------------------------------------------------------- 1 | OmniOS r151012 2 | ============== 3 | 4 | ## r151012 release 5 | 6 | Stable release, Oct 1, 2014 7 | 8 | illumos-omnios branch r151012 at [c0bfedc](https://omnios.omniti.com/changeset.php/core/illumos-omnios/c0bfedc6bb08973a6a0806ff6127a9b8e15b43bf) 9 | 10 | `uname -a` shows 10b9c79, which is one change behind reality. 11 | 12 | Last illumos-gate merge was [a776d98](https://github.com/illumos/illumos-gate/commit/a776d98e5f349dbb7f5a47eca48f50e6117adcb7) with some backports, including timezone and PCI database updates. 13 | 14 | [r151012 release repository](http://pkg.omniti.com/omnios/r151012/) 15 | 16 | Upgrade instructions: Follow the ones that [r151010](Upgrade_r151008_r151010.md) 17 | suggested, substituting “151010” for “151012” where appropriate. 18 | 19 | ### What's new in this release? 20 | 21 | * ISC DHCP server (v. 4.3.1). 22 | * **NOTE:** The old Sun DHCP server is still available, but may be removed from 23 | a future OmniOS release. The ISC DHCP server is now in place alongside the old 24 | Sun one to aid with any transitions 25 | * mandoc support for our man pages 26 | * ZFS improvements: 27 | * ZFS filesystem and snapshot limits 28 | * ZFS metadata perfomance improvement (tunable, see `zfs(1M)` for details) 29 | * `zdb(1M)` can now dump all metadata 30 | * Embedded-data block pointers (“zero block compression”) 31 | * Better behavior in the face of full or nearly-full pools 32 | * Better-behaved `zfs rename` and `zfs create` when not sharing the datasets 33 | * Improved `DKIOCFREE` (used by iSCSI UNMAP) performance for large datasets 34 | * NFS improvements: 35 | * `rpcbind(1M)` and `mountd(1M)` now use libumem, for better performance under load 36 | * Device improvements: 37 | * Additional `cpqary3(7D)` devices for newer SmartArray cards 38 | * `mpt_sas(7D)` now supports LSI 3008 12G SAS chipsets 39 | * Less (ab)use of `ddi_get_time()` which will increase reliability in the face of 40 | changing wallclock time 41 | * Packages are now built with pkgdepend(1) 42 | * Networking improvements: 43 | * `tcp_strong_iss` now defaults to 2 (use RFC 6528 initial sequence numbers by default) 44 | * `ipsec_policy_log_interval` now defaults to 0 (no console logging of IPsec failures) 45 | * Closed localhost connections spend less time in `TIME_WAIT` state 46 | * Zones improvements: 47 | * Virtualized load average for zones 48 | * Per-zone CPU kstats 49 | * intra-node/inter-zone packets now deliver `SIGPOLL` to the reciever 50 | 51 | ### Package changes ([+] Added, [-] Removed, [*] Changed) 52 | 53 | * Amazon EC2 API [*] 1.6.10.0 -> 1.7.1.0 54 | * M2Crypto[*] 0.21.1 -> 0.22.3 55 | * Mako [*] 0.6.2 -> 1.0.0 56 | * NTP [*] 4.2.7p316 -> 4.2.7p460 57 | * OpenSSH [*] 6.1p1 -> 6.6p1 58 | * bash [*] 4.2.45 -> 4.3.25 (**NOTE: Further bash updates are on the IPS repo.**) 59 | * bind [*] 9.9.5.1 -> 9.10.0-P2 60 | * bison [*] 2.7.1 -> 3.0.2 61 | * coreutils [*] 8.22 -> 8.23 62 | * curl [*] 7.36.0 -> 7.37.1 63 | * expat [*] 2.0.1 -> 2.1.0 64 | * flex [*] 2.5.37 -> 2.5.39 65 | * gawk [*] 4.1.0 -> 4.1.1 66 | * gettext [*] 0.18.3.1 -> 0.19.2 67 | * git [*] 1.8.4 -> 2.0.4 68 | * gmp/gnump [*] 5.1.2 -> 5.1.3 69 | * gnu-binutils [*] 2.23.2 -> 2.24 70 | * gnu-grep [*] 2.14 -> 2.20 71 | * gnu-patch [*] 2.7 -> 2.7.1 72 | * gnu-tar [*] 1.26 -> 1.28 73 | * ipmitool [*] 1.8.13 -> 1.8.14 74 | * isc-dhcp [+] 4.3.1 75 | * iso-codes [*] 3.46 -> 3.55 76 | * less [*] 451 -> 458 77 | * libffi [*] 3.0.11 -> 3.1 78 | * libidn [*] 1.28 -> 1.29 79 | * libpcap [*] 1.4.0 -> 1.6.1 80 | * lxml-26 [*] 2.3.3 -> 3.3.5 81 | * nspr [*] 4.10.4 -> 4.10.6 82 | * nss [*] 3.14.3 -> 3.16.5 83 | * numpy-26 [*] 1.6.1 -> 1.8.1 84 | * pcre [*] 8.33 -> 8.35 85 | * pv (pipe-viewer) [*] 1.4.12 -> 1.5.3 86 | * pycurl [*] 7.19.0.1 -> 7.19.5 87 | * readline [*] 6.2 -> 6.3 88 | * rsync [*] 3.1.0 -> 3.1.1 89 | * screen [*] 4.0.3 -> 4.2.1 90 | * sigcpp [*] 2.3.1 -> 2.3.2 91 | * simplejson-26 [*] 2.3.2 -> 3.6.2 92 | * sqlite-3 [*] 3.8.0.2 -> 3.8.5.0 93 | * unixodbc [*] 2.3.1 -> 2.3.2 94 | * zsh [*] 5.0.2 -> 5.0.5 95 | -------------------------------------------------------------------------------- /ReleaseNotes/r151016.md: -------------------------------------------------------------------------------- 1 | OmniOS r151016 2 | ============== 3 | 4 | ## June 6th Update 5 | 6 | illumos-omnios branch r151016 at [c774cf9](https://omnios.omniti.com/changeset.php/core/illumos-omnios/c774cf9) 7 | 8 | `uname -a` shows omnios-f0a1fe2 (note small discrepancy) 9 | 10 | * libxml update to 2.9.4 11 | * DTrace stability fixes (illumos 7033-7035) 12 | * setid binaries disallow ld.so.1's $ORIGIN (illumos 6987) 13 | * ZFS no longer bleeds zvol entries into non-global zones (illumos 7019,7020) 14 | * NTP to 4.2.8p8 15 | * expat to 2.1.1 (with CVE 2016-0718 fix) 16 | 17 | ## February 4th Update 18 | 19 | illumos-omnios branch r151016 at [33c53a8](https://omnios.omniti.com/changeset.php/core/illumos-omnios/33c53a8) 20 | 21 | `uname -a` shows omnios-33c53a8 22 | 23 | * ZFS receive now covers refquota-on-receive overage (illumos 6562) 24 | * DTrace robustness update 25 | 26 | ## December 16th Update 27 | 28 | illumos-omnios branch r151016 at [b5093df](https://omnios.omniti.com/changeset.php/core/illumos-omnios/b5093df) 29 | 30 | `uname -a` shows omnios-b5093df 31 | 32 | * BIND security update to 9.10.3-P2 33 | * ZFS receives now replication streams with a refquota even if older snapshots exceed it (illumos 4986). Includes new ZFS Test Suite test. 34 | * OpenSSH now integrates with the illumos audit subsystem. Thanks to Joyent, and this is part of getting OpenSSH to match SunSSH's integrated functionality. 35 | * NVMe bugfixes (illumos 6466 and 6467). 36 | 37 | ## November 12th Update 38 | 39 | illumos-omnios branch r151016 at [0a84329](https://omnios.omniti.com/changeset.php/core/illumos-omnios/0a84329) 40 | 41 | `uname -a` shows omnios-073d8c0 (NOTE: The discrepency is because the tip of the 42 | branch contains a single-package change, not enough to respin illumos.) 43 | 44 | * Changed entire's sendmail dependency from “require” to “group”, which allows uninstalling sendmail 45 | * illumos 6439 (handles KVM guests better) 46 | * KVM updates 47 | * Hans Rosenfeld's blkdev series of fixes (illumos 6299-6305) 48 | * LSI Fury support 49 | * ilbd memory leak plug 50 | 51 | omnios-userland changes are more frequent, due to things like OpenSSL 52 | updates, etc. 53 | 54 | ## r151016 release 55 | 56 | Stable Release, November 3rd, 2015 57 | 58 | illumos-omnios branch r151016 at [ab87a0b](https://omnios.omniti.com/changeset.php/core/illumos-omnios/ab87a0b) 59 | 60 | `uname -a` shows omnios-ab87a0b 61 | 62 | Last full illumos-gate merge was [056d3a7](https://github.com/illumos/illumos-gate/commit/056d3a7). Six additional cherry-picks (five small, one important) followed. 63 | 64 | [r151016 release repository](http://pkg.omniti.com/omnios/r151016/) 65 | 66 | Please read the [upgrade instructions](Upgrade_to_r151014.md) 67 | carefully. They were written for r151014, but they apply to r151016 as 68 | well. 69 | 70 | ### What's new in this release? 71 | 72 | * GCC 5.1 now available, and replaces GCC 4.8 in omnios-userland. (illumos bits 73 | are still built with the illumos-custom GCC 4.4.4). GCC 5.1 also has mediated 74 | symlinks for `gcc` in `/usr/bin` now as well. 75 | **NOTE: GCC 5.1's default standard is `-std=gnu11`. This is a change from GCC 4's 76 | `-std=gnu89`. Some software may assume gnu89, and to compile it with GCC 5, you'll 77 | need to specify `-std=gnu89` or update your software.** 78 | * New simple metapackage for building illumos: [illumos-tools](illumos-tools.md) 79 | * Part of illumos-tools is the illumos-closed package, which contains the tarballs 80 | and expanded-as-root closed-binaries for illumos distros 81 | * The signing certificate for r151016 uses SHA-256 for its hash 82 | * OpenSSH 7.1 can now be used as the system's default SSH daemon. New installs will 83 | install OpenSSH 7.1 by default. To switch from SunSSH to OpenSSH (remove `--no-backup-be` 84 | if you wish to generate backup Boot Environments): 85 | ``` 86 | # /usr/bin/pkg install --no-backup-be --reject pkg:/network/ssh --reject pkg:/network/ssh/ssh-key --reject pkg:/service/network/ssh pkg:/network/openssh pkg:/network/openssh-server 87 | ``` 88 | To switch from OpenSSH to SunSSH: 89 | ``` 90 | # /usr/bin/pkg install --no-backup-be --reject pkg:/network/openssh --reject pkg:/network/openssh-server pkg:/network/ssh pkg:/network/ssh/ssh-key pkg:/service/network/ssh 91 | ``` 92 | **IMPORTANT NOTE**: Switching from SunSSH to OpenSSH will require commenting-out `MaxAuthTriesLog` 93 | and `RhostsAuthentication` options from `/etc/ssh/sshd_confi`g. Also both `ListenAddress` 94 | directives MUST be commented out (SunSSH has one uncommented by default). There will be an 95 | `sshd_config.new` to consult 96 | **IMPORTANT NOTE 2 (Thanks Andy Fiddaman)**: To continue allowing connections from SunSSH, please add 97 | `KexAlgorithms +diffie-hellman-group1-sha1` to `/etc/ssh/sshd_config` and ALSO if you have entries 98 | in `/etc/pam.conf` to update them. For example, Andy needed to `s/sshd-kbdint/sshd/` to re-enable 99 | their two-factor authentication 100 | * Network performance test tools iperf and netperf now in the omnios repo 101 | * Updates for screen to have 256 colors 102 | * illumos distributed make (dmake) is now open-source 103 | * GNU make is now up to version 4.1 (requested by many) 104 | * Updated timezone (2015g) and HW information (PCI, USB, and SMBIOS) 105 | * arc4random(3c) family of library calls 106 | * One can serve SMB/CIFS from a non-global zone, see 107 | [here](http://www.listbox.com/member/archive/182179/2015/04/sort/time_rev/page/1/entry/5:475/20150428134823:C190ED2C-EDCE-11E4-98D2-8987C5A0D07F/) 108 | for details 109 | * AVL trees are now a stable public interface 110 | * IOPS, bandwidth, and latency kstats for NFS server 111 | * Support for linux-like eventfd, epoll, and timerfd 112 | * NVME 1.0 support 113 | * New checksums for ZFS: SHA-512, Skein, Edon-R 114 | * useradd/userdel/usermod is now ZFS aware 115 | * Resumable ZFS send & receive 116 | * Many other illumos-provided improvements in ZFS, documentation, small fixes, and more 117 | 118 | ### Package changes ([+] Added, [-] Removed, [*] Changed) 119 | 120 | * automake 1.14 -> 1.15 [*] 121 | * bash 4.3p33 -> 4.3p42 [*] 122 | * bind 9.10.2 -> 9.10.3 [*] 123 | * cachefs (from illumos) EOLed [-] 124 | * coverage-26 3.7.1 -> 4.0 [*] 125 | * curl 7.42.1 -> 7.44.0 [*] 126 | * gawk 4.1.1 -> 4.1.3 [*] 127 | * GCC 4.8 -> 5.1 [*] 128 | * git 2.3.0 -> 2.6.1 [*] 129 | * gnu-coreutils 8.23 -> 8.24 [*] 130 | * gnu-gettext 0.19.4 -> 0.19.6 [*] 131 | * gnu-make 3.8.2 -> 4.1 [*] 132 | * gnu-patch 2.7.4 -> 2.7.5 [*] 133 | * groff 1.22.2 -> 1.22.3 [*] 134 | * intltool 0.50.2 -> 0.51.0 [*] 135 | * iperf 3.0.11 [+] 136 | * isc-dhcp 4.3.1 -> 4.3.3 137 | * iso-codes 3.57 -> 3.62 [*] 138 | * libidn 1.30 -> 1.32 [*] 139 | * libtool/libltdl 2.4.2 -> 2.4.6 [*] 140 | * libxml2 2.9.1 -> 2.9.2 [*] 141 | * lxml-26 3.4.2 -> 3.4.4 [*] 142 | * Mercurial 2.7.1 -> 3.5.2 [*] 143 | * netperf 2.7.0 [+] 144 | * net-snmp 5.7.2.1 -> 5.7.3 [*] 145 | * numpy-26 1.9.2 -> 1.10.0 [*] 146 | * OpenSSH 6.7p1 -> 7.1p1 [*] 147 | * pcap 1.6.2 -> 1.7.4 [*] 148 | * pciutils 3.2.1 -> 3.4.0 [*] 149 | * pcre 8.35 -> 8.37 [*] 150 | * pipe-viewer (pv) 1.5.7 -> 1.6.0 [*] 151 | * ply 3.4 -> 3.8 [*] 152 | * pylint-26 1.3.1 -> 1.4.4 [*] 153 | * screen 4.2.1 -> 4.3.1 [*] 154 | * sigcpp 2.4.0 -> 2.6.1 [*] 155 | * simplejson-26 3.6.5 -> 3.8.0 [*] 156 | * sqlite-3 3.8.8.2 -> 3.8.11.1 [*] 157 | * tcsh 6.18.1 ->6.19.0 [*] 158 | * tmux 1.9.0 -> 2.0 [*] 159 | * unixODBC 2.3.2 -> 2.3.4 [*] 160 | * wget 1.16 -> 1.16.3 [*] 161 | * Wireless USB (aka. ultra-wideband) from illumos EOLed [-] 162 | * xml-parser 2.41 -> 2.44 [*] 163 | * xz 5.0.5 -> 5.2.2 [*] 164 | * zsh 5.0.7 -> 5.1.1 [*] 165 | -------------------------------------------------------------------------------- /ReleaseNotes/r151020.md: -------------------------------------------------------------------------------- 1 | OmniOS r151020 2 | ============== 3 | 4 | ## March 1 2017 Update 5 | 6 | illumos-omnios branch r151020 at [4151d05](https://omnios.omniti.com/changeset.php/core/illumos-omnios/4151d05) 7 | 8 | `uname -v/uname -a` shows omnios-r151020-4151d05 9 | 10 | * Restored includes-branch uname format 11 | * HP Gen9 sudden-reboot fix with the Broadcom NIC (bge) 12 | * i40e now uses multiple receive and transmit rings, for better per-flow performance 13 | * Small bugfixes in NFS, ZFS, NVMe, and LSI HBA support (mpt_sas) 14 | 15 | ## December 31 2016 Update 16 | 17 | illumos-omnios branch r151020 at [bed3013](https://omnios.omniti.com/changeset.php/core/illumos-omnios/bed3013) 18 | 19 | `uname -a` shows omnios-bed3013 20 | 21 | * Chelsio Terminator T5 NIC support 22 | * Security and reliability updates to `procfs` and `tmpfs` 23 | 24 | ## r151020 release 25 | 26 | Stable Release, November 4, 2016 27 | 28 | illumos-omnios branch r151020 at [b5b8c75](https://omnios.omniti.com/changeset.php/core/illumos-omnios/b5b8c75) 29 | 30 | `uname -a` shows omnios-r151020-b5b8c75 31 | 32 | Last full illumos-gate merge was [b6bc2fd](https://github.com/illumos/illumos-gate/commit/b6bc2fd). 33 | Because of high upstream churn, this is earlier than most OmniOS stable releases. Several cherrypicks 34 | of device support occurred after the freeze 35 | 36 | r151020 release repository: [r151020](http://pkg.omniti.com/omnios/r151020/) 37 | 38 | Please read the [upgrade instructions](Upgrade_to_r151020.md) 39 | carefully. The end-of-life for SunSSH means SunSSH-deployments must 40 | change over to OpenSSH. 41 | 42 | ### What's NOT new in this release? 43 | 44 | **NOTE**: The BSD Loader, ASLR, and Python2.7-for-illumos are **NOT** 45 | included in this release. The sample .env files shipped in the `illumos-tools` package, 46 | used for building `illumos-omnios`, reflect this by setting the `PYTHON_VERSION` environment variable to `2.6`. 47 | This allows one to build both future `illumos-omnios` and current `illumos-gate` on r151020. 48 | 49 | It is currently planned that during the next Bloody cycle (r151021) and 50 | its following LTS release (r151022) these major features and changes 51 | will be matured and integrated into OmniOS. 52 | 53 | ### What is new in this release? 54 | 55 | * **LX Zones (beta)** - this feature has [its own page](LXZones.md) 56 | * SunSSH has reached its End-of-Life and is no longer included in OmniOS, having 57 | been fully replaced by OpenSSH. 58 | **Important:** it is preferred that an upgrade to OpenSSH is done **prior** to 59 | installing OmniOS r151020. See the [upgrade instructions](Upgrade_to_r151020.md) 60 | for how to successfully transition if you have not already abandoned SunSSH 61 | * Introduction of the `omnios/library/nghttp` library package, allowing HTTP/2 62 | support in the shipped curl(1) and libcurl(3) 63 | * VIM is now at version 8.0. The default for `vi` was always `vim`. With version 8.0, 64 | this is now more noticeable 65 | * All driver improvements already in r151018 updates 66 | * Timezone database update to version 2016h 67 | * Several small NVMe fixes, culminating in introductory NVMe 1.1 support 68 | * Intel I219 (“Kaby Lake”) gigabit ethernet chip support in the `e1000g` driver 69 | * ACPI Version 6 support 70 | * Public documentation of `libproc(3LIB)` 71 | * Initial support for ISO/IEC 9899:2011 (C11) standards 72 | * Various man page cleanups 73 | * DTrace now supports "if" and "else" statements. 74 | * ZFS L2ARC now caches compressed data 75 | * Many small/medium-sized ZFS improvements 76 | 77 | ### Package changes ([+] Added, [-] Removed, [*] Changed) 78 | 79 | * bash 4.3 -> 4.4 [*] 80 | * bind 9.10.4-P2 -> 9.10.4-P4 [*] 81 | * ca-bundle See Mozilla NSS/NSPR 82 | * curl 7.48 -> 7.51.0 [*] 83 | * dbus-glib 0.106 -> 0.108 [*] 84 | * dbus 1.10.8 -> 1.11.4 [*] 85 | * diffutils 3.3 -> 3.5 [*] 86 | * expat 2.1.1 -> 2.2.0 [*] 87 | * fio 1.2 [+] 88 | * gawk 4.1.3 -> 4.1.4 [*] 89 | * gettext 0.19.7 -> 0.19.8.1 [*] 90 | * git 2.8.0 -> 2.10.0 [*] 91 | * gnu-make 4.1 -> 4.2.1 [*] 92 | * gnump 6.1.0 -> 6.1.1 [*] 93 | * grep 2.24 -> 2.26 [*] 94 | * gtar 1.28 -> 1.29 [*] 95 | * gzip 1.6 -> 1.8 [*] 96 | * iperf 3.1.2 -> 3.1.3 [*] 97 | * isc-dhcp 4.3.3-P1 -> 4.3.5 [*] 98 | * iso-codes 3.66 -> 3.70 [*] 99 | * libidn 1.32 -> 1.33 [*] 100 | * libxslt 1.1.28 -> 1.1.29 [*] 101 | * mercurial 3.7.3 -> 3.9.2 [*] 102 | * Mozilla NSS/NSPR 3.25/4.12 -> 3.26/4.12 [*] 103 | * nghttp2 1.15.0 [+] 104 | * p7zip 9.20.1 -> 16.02 [*] 105 | * pciutils 3.4.1 -> 3.5.2 [*] 106 | * pcre 8.38 -> 8.39 [*] 107 | * python26-coverage 4.0.3 -> 4.2 [*] 108 | * python26-lxml 3.6.0 -> 3.6.4 [*] 109 | * python26-numpy 1.11.0 -> 1.11.2 [*] 110 | * python26-ply 3.8 -> 3.9 [*] 111 | * python26-pylint 1.5.5 -> 1.6.4 [*] 112 | * readline 6.3 -> 7.0 [*] 113 | * screen 4.3.1 -> 4.4.0 [*] 114 | * sigcpp 2.8.0 -> 2.10.0 [*] 115 | * sqlite3 3.12.0 -> 3.15.0 [*] 116 | * tmux 2.1 -> 2.3 [*] 117 | * vim 7.4 -> 8.0 [*] 118 | -------------------------------------------------------------------------------- /ReleaseNotes/r151022.md: -------------------------------------------------------------------------------- 1 | OmniOS r151022 2 | ============== 3 | 4 | LTS Release, May 12, 2017 5 | 6 | illumos-omnios branch r151022 at 7 | 8 | `uname -a ` shows omnios-r151022-f9693432c2 9 | 10 | r151022 release repository: 11 | 12 | New features since r151014 13 | -------------------------- 14 | 15 | ## System features 16 | 17 | 1. GRUB replaced by [Loader](BSDLoader.md) 18 | 2. New [Kayak-based ISO/USB installer](KayakInteractive.md) 19 | 3. [LX Zones](LXZones.md) 20 | 4. Python 2.7 21 | 5. Changes in [how linked-image zones behave](NewLinkedImages.md) 22 | 6. Perl 5.24.1 23 | 7. SunSSH replaced with OpenSSH 24 | 8. Vim 8 25 | 9. The in-kernel SMB server now supports SMB2 26 | 10. A new `/dev/full` soft device. See `full(7D)` 27 | 11. [SMAP](https://en.wikipedia.org/wiki/Supervisor_Mode_Access_Prevention) and [SMEP](https://software.intel.com/en-us/articles/intel-xeon-processor-e5-2600-v2-product-family-technical-overview#osguard) use on applicable CPUs 28 | 12. [ASLR](https://en.wikipedia.org/wiki/Address_space_layout_randomization) now implemented ([but must be enabled](https://illumos.topicbox.com/groups/developer/discussions/Td7ae6bbc978e8749-M465db25d9ce78c5b783db628)) 29 | 13. Improved decoding of NFSv4 packets and RARP filters in `snoop(1M)` 30 | 14. Backspace now performs a delete on the cam!^H!^Honsole 31 | 15. `kstat(1M)` now outputs *valid* JSON with `-j` 32 | 16. The `c0` controller instance for disks is now reserved for exclusive use by multipath 33 | 17. The default number of threads for `nfsd` and `lockd` has been increased to 1024 and 256 respectively 34 | 18. `mkfs_pcfs(1M)` is now aware of GPT-formatted drives 35 | 19. “Last login” hostnames can now be and display longer (including IPv6 addresses) 36 | 20. The default `/etc/inet/ntp.conf` file now syncs to the OmniOS vendor pool on pool.ntp.org. 37 | One may turn on NTP by issuing `svcadm enable ntp` with no further configuration required 38 | 21. OmniOS repositories default to TLS use now 39 | 40 | ## Hardware support 41 | 42 | 1. USB 3.0 XHCI controller and device support 43 | 2. Intel I210/I218/I219 1Gb NIC support added to e1000g(7d) and igb(7D) 44 | 3. Intel X550/X552/X557 10Gb NIC support added to ixgbe(7D) 45 | 4. Intel X710/XL710/XXV710 10/25/40Gb NIC support added with i40e(7D) 46 | 5. Solarflare SFC9000 10/40Gb NIC support added with sfxge(7D) 47 | 6. Chelsio Terminator-5 10/40Gb NIC support added to chxge(7D) 48 | 7. Broadcom 57xx/577xx 1Gb NIC support added to bge(7D) 49 | 8. vmxnet3s driver for when operating as a VMWare ESXi guest 50 | 9. Intel WiFi Link 4965/100/1000/2000/5000/6000 adapter support added with iwn 51 | 10. Realtek RTL8150 USB 100Mb ethernet adapters 52 | 11. ASIX AX88172/88772 USB 100Mb ethernet adapters 53 | 12. Davicom DM9601 USB 100Mb ethernet adapters 54 | 13. ADMtek AN986/ADM851x USB 100Mb ethernet adapters 55 | 14. NVMe 1.1 device support added with nvme(7D) 56 | 15. Support for SATA 4K Native drives 57 | 16. LSI Fury-based adapters (Dell H330) in mpt_sas(7D) 58 | 17. HP Gen. 9 Smart Array Controller support added to cpqary3(7D) 59 | 18. SMBIOS 3.1 support 60 | 19. ACPI-CA 6.0 61 | 62 | ## ZFS improvements 63 | 64 | 1. [ARC now caches compressed data in compressed form](https://www.illumos.org/issues/6950) 65 | 2. `zpool history` records scrub completion 66 | 3. [Large block support](https://www.illumos.org/issues/5027) 67 | 4. Resumable and [compressed](https://www.illumos.org/issues/7252) ZFS send and receive 68 | 5. Reliability improvements to ZFS send and receive 69 | 6. New checksums for ZFS: SHA-512, Skein, Edon-R 70 | 7. Many reliability improvements concerning special-case scenarios 71 | 8. `useradd(1M)`, `userdel(1M)`, and `usermod(1M)` are now ZFS-aware 72 | 73 | ## Commands and command options 74 | 75 | 1. New `uuidgen(1)` command. It generates UUIDs 76 | 2. New `diskinfo(1M)` command for concise listing of attached storage devices 77 | 3. New `acpidump(1M`) and `acpixtract(1M)` commands for better system ACPI table observability 78 | 4. New `-s` option for `hostname(1M)` to print the short hostname instead of FQDN 79 | 5. New `-m` option for `prtconf(1M)` to print system memory amount in megabytes 80 | 6. New `-e` option for `pbind(1M)` to execute a command and bind it to a specific CPU 81 | 7. New `-A` option for `du(1)` to count by apparent file size rather than the default of 512-byte blocks 82 | 83 | ## Development features 84 | 85 | 1. GCC 4.8 replaced with GCC 5.1\ 86 | 2. Support for linux-like `eventfd(3C)`, `signalfd(3C)`, `epoll(5)`, `inotify(5)`, and `timerfd(5)` 87 | 3. `flock(3C)` introduced 88 | 4. `arc4random(3C)` family introduced 89 | 5. `debug.illumos` package variant now available to run `DEBUG` version of OmniOS 90 | 6. DTrace now supports "if" and "else" statements 91 | 7. Initial support for ISO/IEC !9899:2011 (C11) standards 92 | 93 | Deprecated features since r151014 94 | --------------------------------- 95 | 96 | 1. SVM has been removed. If SVM volumes are still employed, they 97 | must be converted to the appropriate ZFS type prior to upgrading 98 | to r151022 99 | 2. SunSSH has been removed and replaced with OpenSSH 7.4p1. Please 100 | follow the [UPGRADE INSTRUCTIONS](Upgrade_to_r151022.md) prior 101 | to upgrading to r151022 102 | 3. Sun CacheFS has been removed 103 | 4. Wireless USB support has been removed 104 | 5. Java-based Kerberos management GUI removed 105 | 6. Intel Local Manageability Service (LMS) and Host Embedded 106 | Controller Interface (HECI) support has been removed 107 | 108 | ### Package changes ([+] Added, [-] Removed, [*] Changed) 109 | 110 | * ca-bundle Yes, see Mozilla NSS/NSPR 111 | * coreutils 8.25 -> 8.27 112 | * curl 7.53.0 -> 7.54.0 113 | * dbus 1.11.4 -> 1.11.12 114 | * git 2.10.0 -> 2.13.0 115 | * gnump 6.1.1 -> 6.1.2 116 | * grep 2.26 -> 3.0 117 | * iso-codes 3.70 -> 3.74 118 | * less 481 -> 487 119 | * libpcap 1.7.4 -> 1.8.1 120 | * m4 1.4.17 -> 1.4.18 121 | * mercurial 3.9.2 -> 4.1.2 122 | * Mozilla NSS/NSPR 3.26/4.12 -> 3.30.2/4.14 123 | * nghttp2 1.15.0 -> 1.21.1 124 | * pciutils 3.5.2 -> 3.5.4 125 | * pcre 8.39 -> 8.40 126 | * perl 5.16.1 -> 5.24.1 127 | * pkg-config 0.29.1 ->0.29.2 128 | * python-coverage 4.2 -> 4.3.4 129 | * python-lxml 3.6.4 -> 3.7.2 130 | * python-mako 1.0.4 -> 1.0.6 131 | * python-numpy 1.11.2 -> 1.12.1 132 | * python-ply 3.9 -> 3.10 133 | * python-pylint 1.6.4 -> 1.7.1 134 | * python 2.6 -> 2.7.13 135 | * screen 4.4.0 -> 4.5.1 136 | * sed 4.2.2 -> 4.4 137 | * sigcpp 2.10.0 -> 2.99.8 138 | * sqlite3 3.15.0 -> 3.18.0 139 | * tcsh 6.19 -> 6.20 140 | * vim 8.0 -> 8.0 PL567 141 | * wget 1.18 -> 1.19.1 142 | * zlib 1.2.8 -> 1.2.11 143 | * zsh 5.2 -> 5.3.1 144 | -------------------------------------------------------------------------------- /SignedPackages.md: -------------------------------------------------------------------------------- 1 | Signed Packages 2 | =============== 3 | 4 | With the [r151008 release cycle](ReleaseNotes/r151008.md), OmniTI 5 | started providing cryptographically signed packages in the main release 6 | repository. Our intention is to provide signed packages for all new 7 | packages published to any release repo. 8 | 9 | With the [r151014 release cycle](ReleaseNotes/r151014.md) we take the 10 | further step with ISO and Kayak installations that the “omnios” 11 | publisher will now **require** signed OmniOS packages. If someone 12 | upgrades from pre-r151014 to r151014, they must follow the 13 | [documented upgrade instructions](Upgrade_to_r151014.md) to make 14 | **require-signatures** the signature policy for the “omnios” publisher. 15 | This policy will not affect other publishers' default settings. 16 | 17 | Note that only packages in the stable release repos will be signed. 18 | Packages in the unstable (bloody) repo will not be signed. 19 | 20 | This document describes what this means for the end user. 21 | 22 | ## Installer Changes 23 | 24 | As of r151008, OmniOS release install images came with the OmniTI 25 | Certificate Authority (CA) set as an approved authority for the omnios 26 | publisher and **verify** that packages from the omnios publisher will be 27 | signed with a cert issued by the OmniTI CA. (Unsigned packages are still 28 | allowed with the **verify** policy, but signed packages will be 29 | inspected under that same policy.) 30 | 31 | As of r151014, OmniOS release install images change the signature policy 32 | to **require-signatures**. This means that, by default, all packages 33 | subsequently installed from the omnios publisher will be 34 | cryptographically verified and will fail to install if the hash of the 35 | package's manifest contents does not match the signature. Other 36 | publishers that you wish to add will not be subject to this restriction 37 | (they will default to **verify**, which only rejects upon invalid 38 | signatures, not for lack of signatures) unless you choose to make them 39 | so. 40 | 41 | ## Changing the Defaults 42 | 43 | Both publishers and images (i.e. collections of publishers that supply 44 | software to an instance of OmniOS) have a property (signature-policy) 45 | that governs whether and to what extent package signatures should be 46 | checked. People who [upgrade to r151014](Upgrade_to_r151014.md) are 47 | expected to change the omnios publisher's policy per the documented 48 | upgrade instructions. 49 | 50 | ### Signature Policy 51 | 52 | In a default r151014 or later install, packages from the omnios 53 | publisher *must* have valid signatures in order to be installed 54 | (signature-policy **require-signatures**). Signatures in packages from 55 | other publishers will be verified *if they exist*, but are not required 56 | (image signature-policy **verify**). Use the following commands to view 57 | the properties of the omnios publisher and the local image, 58 | respectively: 59 | 60 | ``` 61 | $ pkg publisher omnios 62 | $ pkg property 63 | ``` 64 | 65 | If you wish to require *all* packages from *all* publishers configured 66 | in the local image to be signed, set the *image's* signature-policy 67 | property: 68 | 69 | ``` 70 | # pkg set-property signature-policy require-signatures 71 | ``` 72 | 73 | **WARNING** - Do not do this unless you are sure all your publishers, 74 | especially ones in non-global zones who inherit policies from the global 75 | zone, have signed packages AND you have their root CA certs installed 76 | properly. 77 | 78 | See the pkg(1) man page for details on publisher and image properties. 79 | Publisher properties are set via the **set-publisher** sub-command. 80 | Image properties, as shown above, are set via the **set-property** 81 | sub-command. 82 | 83 | ### Chains of Trust 84 | 85 | #### Manifest Signing 86 | 87 | Certificates used for signing must be issued by a trusted authority. By 88 | default, pkg(1) trusts CA certs that have been either: 89 | 90 | * set for the publisher: 91 | ``` 92 | pkg set-publisher --approve-ca-cert /path/to/ca-cert.pem publishername 93 | ``` 94 | * placed into a dedicated directory for this purpose. For OmniOS, it's `/etc/ssl/pkg/` 95 | 96 | If you wish to configure pkg(1) to trust different global CAs, you may 97 | configure the local image with a different trust directory: 98 | 99 | ``` 100 | # pkg set-property trust-anchor-directory /path/to/cert/dir 101 | ``` 102 | 103 | You can do this manually post-install, via a action in 104 | [Kayak](KayakClientOptions.md#Postboot), or via your local 105 | configuration management. 106 | 107 | #### SSL Transport 108 | 109 | A different property is used to govern trust when communicating with 110 | repositories over HTTPS. This is the “ca-path” image property. By 111 | default, this is also . You may change this path to point at an 112 | alternate directory. 113 | 114 | ``` 115 | # pkg set-property ca-path /path/to/cert/dir 116 | ``` 117 | 118 | NOTE: SSL transport is not implemented for OmniOS currently by default. 119 | 120 | ## FAQ 121 | 122 | ### What if I don't care about requiring signed packages? 123 | 124 | You may change the signature-policy property on all publishers and the local image 125 | if you wish. Use the value “ignore”. Do so at your own risk, however 126 | 127 | ``` 128 | # pkg set-property signature-policy ignore 129 | ``` 130 | 131 | ### How do I trust the install media? 132 | 133 | SHA1 and MD5 checksums are published for all ISO, USB and Kayak ZFS images. 134 | You may retrieve them over HTTPS from [the installation page](Installation.md) 135 | in order to verify that they are coming from OmniTI. 136 | 137 | ### How do I get my existing r151012 install to have the same settings as a new one? 138 | 139 | To convert an existing install to behave like a new install, follow these steps. 140 | This includes removing and re-adding the omnios publisher. This is because signed 141 | manifests have the same timestamp as their unsigned predecessors, and pkg(1) doesn't 142 | notice the change. Removing the publisher clears all local copies of the repository 143 | catalog, allowing the new, signed manifests to be seen. 144 | 145 | ``` 146 | # pkg update pkg 147 | # pkg unset-publisher omnios 148 | # pkg set-publisher -g http://pkg.omniti.com/omnios/release/ omnios 149 | # pkg update web/ca-bundle 150 | # openssl sha1 /etc/ssl/pkg/OmniTI_CA.pem 151 | # # Compare the sha1 against the one listed at 152 | # pkg set-publisher --approve-ca-cert /etc/ssl/pkg/OmniTI_CA.pem omnios 153 | # pkg set-publisher --set-property signature-policy=require-signatures omnios 154 | ``` 155 | -------------------------------------------------------------------------------- /StableVsBloody.md: -------------------------------------------------------------------------------- 1 | Stable vs. Bloody 2 | ================= 3 | 4 | **OmniOS stable** is designed to be run in production with minimal 5 | disruption. This means we release updates in a way to minimize service 6 | disruption (reboot). Kernel updates are only made if they are security- 7 | or stability-related and no work-around exists. User-space applications 8 | can be treated more aggressively, but we're still conservative. 9 | Non-disruptive updates are made available weekly (if there's anything to 10 | update) and a full stable release is done every six months. Updates to 11 | new stable releases will always require a reboot. 12 | 13 | Stable releases occur at approximately 6-month intervals and have even 14 | numbers, such as “r151004”, which was released in October 2012. 15 | 16 | **OmniOS bloody** incorporates user-land updates and kernel updates in 17 | an aggressive fashion and updates are made available as they are 18 | introduced via IPS. 19 | 20 | The only time we see install media rolled for stable is if there is a 21 | specific security or installation-related issue addressed by a change. 22 | Install media for bloody are updated periodically but not on a set 23 | schedule. 24 | 25 | Users can always obtain the latest-available packages on their systems 26 | via `pkg update`. See the [Package Management](GeneralAdministration.md#PackageManagement) 27 | wiki page for more information. 28 | -------------------------------------------------------------------------------- /Upgrade_r151002_r151004.md: -------------------------------------------------------------------------------- 1 | Upgrading from r151002 to r151004 2 | ================================= 3 | 4 | ## Note Current BE Name 5 | 6 | Make a note of the name of your current boot environment (BE) in case 7 | you need to roll back. 8 | 9 | ``` 10 | $ /usr/sbin/beadm list 11 | ``` 12 | 13 | It may look something like this: 14 | 15 | ``` 16 | BE Active Mountpoint Space Policy Created 17 | omnios NR / 1.37G static 2012-09-26 18:26 18 | omnios-backup-1 - - 211K static 2012-10-01 14:16 19 | omnios-backup-2 - - 110K static 2012-10-18 19:55 20 | omnios-backup-3 - - 205K static 2012-10-18 20:02 21 | ``` 22 | 23 | The current BE is the one marked 'NR' (active now, active on reboot.) 24 | 25 | ## Update pkg(1) 26 | 27 | A newer version of the pkg client is necessary to perform the upgrade. 28 | 29 | ``` 30 | # /usr/bin/pkg install pkg 31 | ``` 32 | 33 | ## Pre-update Fixes 34 | 35 | Update 2 packages in the current BE that could break the upgrade 36 | process. These are metadata changes only-- no on-disk content changes 37 | with these updates. **If you have non-global zones, these packages must 38 | be updated within each zone as well.** 39 | 40 | ``` 41 | # /usr/bin/pkg install entire@11,5.11-0.151002:20121030T141303Z runtime/perl-5142/manual@5.14.2,5.11-0.151002:20121030T141343Z 42 | ``` 43 | 44 | ## Perform the Upgrade 45 | 46 | If you have non-global native (ipkg) zones, they must be shutdown and 47 | detached at this time. Once the global zone is updated and rebooted, the 48 | zones will be upgraded as they are re-attached to the system. This is 49 | not necessary for s10-branded zones or KVM guests. 50 | 51 | After shutting down the zones gracefully (`zlogin ; shutdown -i5 -g0 -y`): 52 | 53 | ``` 54 | # /usr/sbin/zoneadm -z detach 55 | ``` 56 | 57 | It would also be a good idea to take a ZFS snapshot of the zone root in 58 | case it's needed for rollback (such as if there are issues with the zone 59 | upgrade.) 60 | 61 | ``` 62 | # /usr/sbin/zfs snapshot -r @r151002 63 | ``` 64 | 65 | where is the name of the ZFS dataset whose 66 | mountpoint corresponds to the value of *zonepath* in the zone's 67 | configuration. There are child datasets under this one, so we use the `-r` 68 | option to recursively snapshot all. 69 | 70 | Update the global zone. The `--be-name argument` argument is optional, but 71 | it's nice to use a name that's more meaningful than “omnios-N”. 72 | 73 | ``` 74 | # /usr/bin/pkg update --be-name=omnios-r151004 75 | ``` 76 | 77 | This will create a new BE and install r151004 packages into it. When it 78 | is complete, reboot your system. The new BE will now be the default 79 | option in GRUB. If your hardware supports it, you may get into the new 80 | BE via [fast reboot](http://illumos.org/man/1M/reboot), in which case 81 | you won't see a GRUB menu. 82 | 83 | Once booted into your new r151004 BE, if you don't have non-global 84 | zones, you're done. 85 | 86 | If you have non-global native (ipkg) zones, attach each one with the 87 | option, which will upgrade the zone's core packages to match the global 88 | zone. 89 | 90 | ``` 91 | # /usr/sbin/zoneadm -z attach -u 92 | ``` 93 | 94 | Assuming the attach succeeds, the zone may be booted as usual: 95 | 96 | ``` 97 | # /usr/sbin/zoneadm -z boot 98 | ``` 99 | 100 | ## Rolling Back 101 | 102 | ### ZFS Upgrade 103 | 104 | OmniOS r151004 includes a new zpool version that supports feature flags. 105 | Post-upgrade you will see a message like this in **zpool status**: 106 | 107 | ``` 108 | status: The pool is formatted using a legacy on-disk format. The pool can 109 | still be used, but some features are unavailable. 110 | action: Upgrade the pool using 'zpool upgrade'. Once this is done, the 111 | pool will no longer be accessible on software that does not support feature 112 | flags. 113 | ``` 114 | 115 | **If you want to be able to roll back to your previous environment, DO 116 | NOT upgrade your zpools yet.** The upgrade is one-way and irreversible. 117 | Any zpool that is upgraded will be unusable on r151002. 118 | 119 | If, for some reason, you need to roll back to r151002, simply activate 120 | the previous BE and reboot. 121 | 122 | ``` 123 | # /usr/sbin/beadm activate 124 | # /usr/sbin/reboot 125 | ``` 126 | 127 | Where is the name of the previous BE that you noted at the beginning. 128 | 129 | If you have native zones but had not yet attempted to attach them, they 130 | remain unchanged from the previous BE and may be re-attached once booted 131 | into the previous BE. Simply omit the from the attach example above. 132 | Note that even if you tried to attach but the attachment failed 133 | completely (perhaps due to a packaging issue), then the zone data 134 | remains unchanged and you can still safely re-attach it in the previous 135 | BE. 136 | 137 | If you are rolling back because there was a problem with the zone attach 138 | in which the zone was partially updated, then you will need to roll back 139 | each of the zone root datasets that you snapshotted after detachment. 140 | There is no recursive rollback, so we have to roll back each of the 141 | datasets one at a time. 142 | 143 | ``` 144 | # /usr/sbin/zfs rollback @r151002 145 | # /usr/sbin/zfs rollback /ROOT@r151002 146 | # /usr/sbin/zfs rollback /ROOT/zbe@r151002 147 | ``` 148 | -------------------------------------------------------------------------------- /Upgrade_r151004_r151006.md: -------------------------------------------------------------------------------- 1 | Upgrading from r151004 to r151006 2 | ================================= 3 | 4 | **Important:** If you wish to upgrade from r151002 to r151006, you must 5 | upgrade to r151004 first. Refer to [Upgrade_r151002_r151004](Upgrade_r151002_r151004.md5) 6 | 7 | Note Current BE Name 8 | -------------------- 9 | 10 | Make a note of the name of your current boot environment (BE) in case 11 | you need to roll back. 12 | 13 | ``` 14 | $ /usr/sbin/beadm list 15 | ``` 16 | 17 | It may look something like this: 18 | 19 | ``` 20 | BE Active Mountpoint Space Policy Created 21 | omnios NR / 1.37G static 2012-09-26 18:26 22 | omnios-backup-1 - - 211K static 2012-10-01 14:16 23 | omnios-backup-2 - - 110K static 2012-10-18 19:55 24 | omnios-backup-3 - - 205K static 2012-10-18 20:02 25 | ``` 26 | 27 | The current BE is the one marked 'NR' (active now, active on reboot.) 28 | 29 | Perform the Upgrade 30 | ------------------- 31 | 32 | If you have non-global native (ipkg) zones, they must be shutdown and 33 | detached at this time. Once the global zone is updated and rebooted, the 34 | zones will be upgraded as they are re-attached to the system. This is 35 | not necessary for s10-branded zones or KVM guests. 36 | 37 | After shutting down the zones gracefully (`zlogin ; shutdown -i5 -g0 -y`): 38 | 39 | ``` 40 | # /usr/sbin/zoneadm -z detach 41 | ``` 42 | 43 | It would also be a good idea to take a ZFS snapshot of the zone root in 44 | case it's needed for rollback (such as if there are issues with the zone 45 | upgrade.) 46 | 47 | ``` 48 | # /usr/sbin/zfs snapshot -r @r151004 49 | ``` 50 | 51 | where is the name of the ZFS dataset whose 52 | mountpoint corresponds to the value of *zonepath* in the zone's 53 | configuration. There are child datasets under this one, so we use the 54 | option to recursively snapshot all. 55 | 56 | Update the global zone. The argument `--be-name` is optional, but it's nice to use a 57 | name that's more meaningful than “omnios-N”. 58 | 59 | ``` 60 | # /usr/bin/pkg update --be-name=omnios-r151006 entire@11,5.11-0.151006 61 | ``` 62 | 63 | This will create a new BE and install r151006 packages into it. When it 64 | is complete, reboot your system. The new BE will now be the default 65 | option in GRUB. If your hardware supports it, you may get into the new 66 | BE via [fast reboot](http://illumos.org/man/1M/reboot), in which case 67 | you won't see a GRUB menu. 68 | 69 | Once booted into your new r151006 BE, if you don't have non-global 70 | zones, you're done. 71 | 72 | If you have non-global native (ipkg) zones, attach each one with the 73 | option, which will upgrade the zone's core packages to match the global 74 | zone. 75 | 76 | ``` 77 | # /usr/sbin/zoneadm -z attach -u 78 | ``` 79 | 80 | Assuming the attach succeeds, the zone may be booted as usual: 81 | 82 | ``` 83 | # /usr/sbin/zoneadm -z boot 84 | ``` 85 | 86 | r151004 had some packages which are no longer in r151006. If you depend 87 | on these, or do not use them, they can be left. If you'd like to have 88 | your upgraded system resemble a fresh r151006 install, they can be 89 | uninstalled. The list of these packages is as follows: 90 | 91 | ``` 92 | crypto/ca-certificates 0.5.11-0.151004 93 | library/libtasn1 2.11-0.151004 94 | library/popt 1.16-0.151004 95 | library/python-2/python-extra-26 0.5.11-0.151004 96 | library/security/libgpg-error 1.10-0.151004 97 | shell/which 2.20-0.151004 98 | system/library/security/libgcrypt 1.5.0-0.151004 99 | ``` 100 | 101 | If you would like to freeze the system at r151006 at this point, you 102 | should refer to [GeneralAdministration#StayingOnARelease](GeneralAdministration.md#StayingOnARelease) 103 | 104 | Rolling Back 105 | ------------ 106 | 107 | ### ZFS Upgrade 108 | 109 | OmniOS r151006 includes a new zpool version that supports feature flags. 110 | Post-upgrade you will see a message like this in **zpool status**: 111 | 112 | ``` 113 | status: The pool is formatted using a legacy on-disk format. The pool can 114 | still be used, but some features are unavailable. 115 | action: Upgrade the pool using 'zpool upgrade'. Once this is done, the 116 | pool will no longer be accessible on software that does not support feature 117 | flags. 118 | ``` 119 | 120 | **If you want to be able to roll back to your previous environment, DO 121 | NOT upgrade your zpools yet.** The upgrade is one-way and irreversible. 122 | Any zpool that is upgraded will be unusable on r151004. 123 | 124 | If, for some reason, you need to roll back to r151004, simply activate 125 | the previous BE and reboot. 126 | 127 | ``` 128 | /usr/sbin/beadm activate 129 | /usr/sbin/reboot 130 | ``` 131 | 132 | Where is the name of the previous BE that you noted at the beginning. 133 | 134 | If you have native zones but had not yet attempted to attach them, they 135 | remain unchanged from the previous BE and may be re-attached once booted 136 | into the previous BE. Simply omit the from the attach example above. 137 | Note that even if you tried to attach but the attachment failed 138 | completely (perhaps due to a packaging issue), then the zone data 139 | remains unchanged and you can still safely re-attach it in the previous 140 | BE. 141 | 142 | If you are rolling back because there was a problem with the zone attach 143 | in which the zone was partially updated, then you will need to roll back 144 | each of the zone root datasets that you snapshotted after detachment. 145 | There is no recursive rollback, so we have to roll back each of the 146 | datasets one at a time. 147 | 148 | ``` 149 | /usr/sbin/zfs rollback @r151004 150 | /usr/sbin/zfs rollback /ROOT@r151004 151 | /usr/sbin/zfs rollback /ROOT/zbe@r151004 152 | ``` 153 | -------------------------------------------------------------------------------- /Upgrade_r151006_r151008.md: -------------------------------------------------------------------------------- 1 | Upgrading from r151006 to r151008 2 | ================================= 3 | 4 | NOTE - THIS PAGE IS OBSOLETE AS r151008 IS OBSOLETE 5 | --------------------------------------------------- 6 | 7 | Please upgrade to at least r151014, per [here](Upgrade_to_r151014) 8 | 9 | END OF NOTE 10 | ----------- 11 | 12 | **Important:** You must be running r151006 in order to upgrade to 13 | r151008. Upgrading from previous releases is not supported. 14 | 15 | Pre-Upgrade Preparation 16 | ----------------------- 17 | 18 | Starting with r151008, packages shipped by OmniOS will be 19 | cryptographically signed. In order to be able to install these new 20 | packages there are two r151006 package updates that must be applied 21 | before attempting an upgrade: 22 | 23 | ``` 24 | # pkg update package/pkg@0.5.11,5.11-0.151006:20130731T192303Z web/ca-bundle@5.11,5.11-0.151006:20130718T173831Z 25 | ``` 26 | 27 | The ca-bundle package delivers the OmniTI CA certificate that pkg(1) 28 | will use to verify the signing certificate for r151008 packages, and the 29 | updated pkg knows where to find this CA certificate. 30 | 31 | If you already have these package updates, the above command will 32 | indicate that no update is necessary. 33 | 34 | Additionally there are a couple other packaging issues that can cause 35 | dependency problems during the upgrade. Corrected packages for r151006 36 | have been published, and must be applied to the global zone *and all 37 | non-global zones* prior to upgrading to r151008. 38 | 39 | `incorporation/jeos/omnios-userland` might be missing on your system. 40 | If so, the 151006 version of it should be installed in your current BE 41 | and any non-global zones before attempting an upgrade: 42 | 43 | ``` 44 | $ pkg list incorporation/jeos/omnios-userland >/dev/null 2>&1 || pkg install incorporation/jeos/omnios-userland@11,5.11-0.151006 45 | ``` 46 | 47 | `runtime/perl/manual` is part of the default install and is always present. All users will 48 | need this update: 49 | 50 | ``` 51 | # pkg update runtime/perl/manual@5.16.1,5.11-0.151006 52 | ``` 53 | 54 | `runtime/perl-64` is an optional package and only needs to be updated if it is installed: 55 | 56 | ``` 57 | # pkg list runtime/perl-64 >/dev/null 2>&1 && pkg update runtime/perl-64@5.16.1,5.11-0.151006 58 | ``` 59 | 60 | Note Current BE Name 61 | -------------------- 62 | 63 | Make a note of the name of your current boot environment (BE) in case 64 | you need to roll back. 65 | 66 | ``` 67 | $ /usr/sbin/beadm list 68 | ``` 69 | 70 | It may look something like this: 71 | 72 | ``` 73 | BE Active Mountpoint Space Policy Created 74 | omnios NR / 1.37G static 2012-09-26 18:26 75 | omnios-backup-1 - - 211K static 2012-10-01 14:16 76 | omnios-backup-2 - - 110K static 2012-10-18 19:55 77 | omnios-backup-3 - - 205K static 2012-10-18 20:02 78 | ``` 79 | 80 | The current BE is the one marked 'NR' (active Now, active on Reboot.) 81 | 82 | Perform the Upgrade 83 | ------------------- 84 | 85 | If you have non-global native (ipkg) zones, they must be shutdown and 86 | detached at this time. Once the global zone is updated and rebooted, the 87 | zones will be upgraded as they are re-attached to the system. This is 88 | not necessary for s10-branded zones or KVM guests. 89 | 90 | After shutting down the zones gracefully (`zlogin ; shutdown -i5 -g0 -y`): 91 | 92 | ``` 93 | # /usr/sbin/zoneadm -z detach 94 | ``` 95 | 96 | # It would also be a good idea to take a ZFS snapshot of the zone root in 97 | case it's needed for rollback (such as if there are issues with the zone 98 | upgrade.) 99 | 100 | ``` 101 | # /usr/sbin/zfs snapshot -r @r151006 102 | ``` 103 | 104 | where is the name of the ZFS dataset whose 105 | mountpoint corresponds to the value of *zonepath* in the zone's 106 | configuration. There are child datasets under this one, so we use the `-r` 107 | option to recursively snapshot all. 108 | 109 | Update the global zone. The `--be-name` argument is optional, but it's nice to use a 110 | name that's more meaningful than “omnios-N”. Add a `-nv` after the 111 | `update` sub-command to do a dry run if you're unsure of what will 112 | happen. 113 | 114 | ``` 115 | # /usr/bin/pkg update --be-name=omnios-r151008 entire@11,5.11-0.151008 116 | ``` 117 | 118 | This will create a new BE and install r151008 packages into it. When it 119 | is complete, reboot your system. The new BE will now be the default 120 | option in GRUB. If your hardware supports it, you may get into the new 121 | BE via [fast reboot](http://illumos.org/man/1M/reboot), in which case 122 | you won't see a GRUB menu. 123 | 124 | Once booted into your new r151008 BE, if you don't have non-global 125 | zones, you're done. 126 | 127 | If you have non-global native (ipkg) zones, attach each one with the 128 | option, which will upgrade the zone's core packages to match the global 129 | zone. 130 | 131 | ``` 132 | # /usr/sbin/zoneadm -z attach -u 133 | ``` 134 | 135 | Assuming the attach succeeds, the zone may be booted as usual: 136 | 137 | ``` 138 | # /usr/sbin/zoneadm -z boot 139 | ``` 140 | 141 | Rolling Back 142 | ------------ 143 | 144 | ### ZFS Upgrade 145 | 146 | OmniOS r151008 includes new zpool feature flags. Post-upgrade you will 147 | see a message like this in **zpool status**: 148 | 149 | ``` 150 | This system supports ZFS pool feature flags. 151 | 152 | All pools are formatted using feature flags. 153 | 154 | 155 | Some supported features are not enabled on the following pools. Once a 156 | feature is enabled the pool may become incompatible with software 157 | that does not support the feature. See zpool-features(5) for details. 158 | ``` 159 | 160 | **If you want to be able to roll back to your previous environment, DO 161 | NOT upgrade your zpools yet.** The upgrade is one-way and irreversible. 162 | 163 | If, for some reason, you need to roll back to r151006, simply activate 164 | the previous BE and reboot. 165 | 166 | ``` 167 | # /usr/sbin/beadm activate 168 | # /usr/sbin/reboot 169 | ``` 170 | 171 | Where is the name of the previous BE that you noted at the beginning. 172 | 173 | If you have native zones but had not yet attempted to attach them, they 174 | remain unchanged from the previous BE and may be re-attached once booted 175 | into the previous BE. Simply omit the from the attach example above. 176 | Note that even if you tried to attach but the attachment failed 177 | completely (perhaps due to a packaging issue), then the zone data 178 | remains unchanged and you can still safely re-attach it in the previous 179 | BE. 180 | 181 | If you are rolling back because there was a problem with the zone attach 182 | in which the zone was partially updated, then you will need to roll back 183 | each of the zone root datasets that you snapshotted after detachment. 184 | There is no recursive rollback, so we have to roll back each of the 185 | datasets one at a time. 186 | 187 | ``` 188 | /usr/sbin/zfs rollback @r151006 189 | /usr/sbin/zfs rollback /ROOT@r151006 190 | /usr/sbin/zfs rollback /ROOT/zbe@r151006 191 | ``` 192 | -------------------------------------------------------------------------------- /Upgrade_r151008_r151010.md: -------------------------------------------------------------------------------- 1 | Upgrading from r151008 to r151010 2 | ================================= 3 | 4 | One may upgrade to r151010 from r151008. 5 | 6 | **NOTE:** If you are running r151006 and wish to upgrade to r151010, 7 | please upgrade to r151008 first. See Upgrade instructions: 8 | [Upgrade_r151006_r151008](Upgrade_r151006_r151008.md) 9 | 10 | Performing the Upgrade 11 | ---------------------- 12 | 13 | If you have non-global native (ipkg) zones, they must be shutdown and 14 | detached at this time. Once the global zone is updated and rebooted, the 15 | zones will be upgraded as they are re-attached to the system. This is 16 | not necessary for s10-branded zones or KVM guests. 17 | 18 | After shutting down the zones gracefully (`zlogin ; shutdown -i5 -g0 -y`): 19 | 20 | ``` 21 | # /usr/sbin/zoneadm -z detach 22 | ``` 23 | 24 | It would also be a good idea to take a ZFS snapshot of the zone root in 25 | case it's needed for rollback (such as if there are issues with the zone 26 | upgrade.) 27 | 28 | ``` 29 | /usr/sbin/zfs snapshot -r @r151008 30 | ``` 31 | 32 | where is the name of the ZFS dataset whose 33 | mountpoint corresponds to the value of *zonepath* in the zone's 34 | configuration. There are child datasets under this one, so we use the `-r` 35 | option to recursively snapshot all. 36 | 37 | Because r151010 moves OmniOS to a dedicated repo for each release, you 38 | will first need to set the package publisher to the repository for 39 | r151010: 40 | 41 | ``` 42 | # /usr/bin/pkg unset-publisher omnios 43 | # /usr/bin/pkg set-publisher -P -g http://pkg.omniti.com/omnios/r151010/ omnios 44 | ``` 45 | 46 | Update the global zone. The `--be-name` argument is optional, but it's nice to use a 47 | name that's more meaningful than “omnios-N”. Add a `-nv` after the 48 | `update` sub-command to do a dry run if you're unsure of what will 49 | happen. 50 | 51 | ``` 52 | # /usr/bin/pkg update --be-name=omnios-r151010 entire@11,5.11-0.151010 53 | ``` 54 | 55 | This will create a new BE and install r151010 packages into it. When it 56 | is complete, reboot your system. The new BE will now be the default 57 | option in GRUB. If your hardware supports it, you may get into the new 58 | BE via [fast reboot](http://illumos.org/man/1M/reboot), in which case 59 | you won't see a GRUB menu. 60 | 61 | Once booted into your new r151010 BE, if you don't have non-global 62 | zones, you are done with the upgrade. 63 | 64 | If you have non-global native (ipkg) zones, attach each one with the 65 | option, which will upgrade the zone's core packages to match the global 66 | zone. 67 | 68 | ``` 69 | /usr/sbin/zoneadm -z attach -u 70 | ``` 71 | 72 | Assuming the attach succeeds, the zone may be booted as usual: 73 | 74 | ``` 75 | /usr/sbin/zoneadm -z boot 76 | ``` 77 | -------------------------------------------------------------------------------- /Upgrade_to_r151014.md: -------------------------------------------------------------------------------- 1 | Upgrading to r151014 or later. 2 | ============================== 3 | 4 | One may upgrade any of r151006, r151008, r151010, r151012, or 5 | r151013/bloody to r151014 or later. Upgrading from r151014 to a later 6 | release can be simpler if [linked-image zones](linked_images.md) are 7 | used. 8 | 9 | A WARNING ABOUT NUMBER OF BOOT ENVIRONMENTS 10 | ------------------------------------------- 11 | 12 | There is a known issue with grub and its memory management that limits 13 | the number of boot environment entries in . This limit has been 14 | shrinking as grub gets more features and bugfixes. If you are upgrading 15 | from r151006 to r151014, this will be a large number. 16 | 17 | If you have more than 38 Boot Environments, please go through and 18 | destroy ones you don't need anymore **PRIOR TO UPGRADING**. (Use the 19 | [beadm](http://illumos.org/man/1m/beadm) command - e.g. ' BENAME'.) The 20 | experimental limits with the r151014 version of grub suggests 41 is the 21 | upper limit of number of boot environments before grub cannot boot the 22 | system. If you have more than 38 boot environments, we recommend 23 | deleting enough to not break grub. 24 | 25 | If you get your machine into a state where grub will not boot, 26 | [there are two different recovery methods available](GrubTooManyBEs.md). 27 | 28 | Performing the Upgrade (lipkg zones from a r151014 or later stable) 29 | ------------------------------------------------------------------- 30 | 31 | If you have moved to [linked-image (lipkg)](linked_images.md) 32 | non-global zones exclusively, the upgrade process can be simpler, modulo 33 | some setup. 34 | 35 | * If you wish to avoid a window of on-rpool log overflow between the old and new boot environments, disable any services that log in appropriate zones (including global) 36 | * Make sure the global zone can reach the network 37 | * Create a backup boot environment for safety (being careful of the number of BEs): 38 | ``` 39 | # beadm create 40 | ``` 41 | * Change the publisher (as root or with privilege) in every zone root, including global. For example, going from r151014 to r151016: 42 | ``` 43 | # /usr/bin/pkg set-publisher -G http://pkg.omniti.com/omnios/r151014/ -g http://pkg.omniti.com/omnios/r151016/ omnios 44 | # /usr/bin/pkg -R /zones/zone1/root set-publisher -G http://pkg.omniti.com/omnios/r151014/ -g http://pkg.omniti.com/omnios/r151016/ omnios 45 | # /usr/bin/pkg -R /zones/zone2/root set-publisher -G http://pkg.omniti.com/omnios/r151014/ -g http://pkg.omniti.com/omnios/r151016/ omnios 46 | . . . 47 | ``` 48 | * If you have non-OmniOS IPS publishers, some of those packages may not yet be aware of r151016 and block the upgrade (e.g. some ms.omniti.com packages). Uninstall these ones prior to the update. 49 | * Perform the update, optionally specifying the new BE name: 50 | ``` 51 | # /usr/bin/pkg update {--be-name new-BE-name} 52 | ``` 53 | * Reboot 54 | 55 | **NOTE**: Once past a release migration, linked-image zones still offers 56 | great convenience, because a single `pkg update` in the global zone easy 57 | updates all linked-image zones. 58 | 59 | Performing the Upgrade (all other cases, including lipkg if you wish) 60 | --------------------------------------------------------------------- 61 | 62 | If you have non-global native (ipkg) zones, they must be shutdown and 63 | detached at this time. **Even if you are used to updating zones after 64 | `pkg upgrade` by using `pkg -R`, you MUST perform the upgrade this way, 65 | because of the signature-policy changes.** (Bloody users, even 66 | post-r151014 bloody, must do this too because of the signature policy 67 | changes.) Once the global zone is updated and rebooted, the zones will 68 | be upgraded as they are re-attached to the system. This is not necessary 69 | for s10-branded zones or KVM guests. 70 | 71 | After shutting down the zones gracefully (`zlogin ; shutdown -i5 -g0 -y`): 72 | 73 | ``` 74 | # /usr/sbin/zoneadm -z detach 75 | ``` 76 | 77 | It would also be a good idea to take a ZFS snapshot of the zone root in 78 | case it's needed for rollback (such as if there are issues with the zone 79 | upgrade.) 80 | 81 | ``` 82 | # /usr/sbin/zfs snapshot -r @ 83 | ``` 84 | 85 | where is the name of the ZFS dataset whose 86 | mountpoint corresponds to the value of *zonepath* in the zone's 87 | configuration. There are child datasets under this one, so we use the 88 | `-r` option to recursively snapshot all. 89 | 90 | Because each OmniOS release has its own dedicated repo, you will first 91 | need to set the package publisher to the repository for r151016 (works 92 | for r151014 as well from older version, just change 016 to 014): 93 | 94 | ``` 95 | # /usr/bin/pkg unset-publisher omnios 96 | # /usr/bin/pkg set-publisher -P --set-property signature-policy=require-signatures -g http://pkg.omniti.com/omnios/r151016/ omnios 97 | ``` 98 | 99 | **NOTE: The “require-signatures” is new for r151014, and if you are upgrading this way it is up to you, the administrator, to make this change effective. If you are upgrading from r151014 or later, it's not needed, but stating it again will not hurt. The zone attach code will automatically match zone's publisher policies with the global zone. New zone creation after updating to r151014 will also apply the global zone's publisher policies on a per-publisher basis. If you have existing other publishers with or without signature policies, those publishers' signature policies will propagate into non-global zones.** 100 | 101 | Update the global zone. The `--be-name` argument is optional, but it's nice to use a 102 | name that's more meaningful than “omnios-N”. Add a `-nv` after the 103 | 'update' sub-command to do a dry run if you're unsure of what will 104 | happen. 105 | 106 | ``` 107 | # /usr/bin/pkg update --be-name=omnios-r151014 entire@11,5.11-0.151014 108 | ``` 109 | 110 | This will create a new BE and install r151014 packages into it. When it 111 | is complete, reboot your system. The new BE will now be the default 112 | option in GRUB. 113 | 114 | Once booted into your new r151014 BE, if you don't have non-global 115 | zones, you are done with the upgrade. 116 | 117 | If you have non-global native (ipkg) zones, you can either modify them 118 | to become [linked-image zones](linked_images.md) (lipkg), or 119 | continue on with non-linked images. If you wish to make a zone be a 120 | linked-image one, change the brand PRIOR to attachment: 121 | 122 | **NOTE: This is optional. Use only if you want to be linked-image** 123 | 124 | ``` 125 | # /usr/sbin/zonecfg -z set brand=lipkg 126 | ``` 127 | 128 | Attach each one with the `-u` option, which will upgrade the zone's core 129 | packages to match the global zone. 130 | 131 | ``` 132 | # /usr/sbin/zoneadm -z attach -u 133 | ``` 134 | 135 | Assuming the attach succeeds, the zone may be booted as usual: 136 | 137 | ``` 138 | # /usr/sbin/zoneadm -z boot 139 | ``` 140 | 141 | Post-Upgrade (from pre-r151014 systems) 142 | --------------------------------------- 143 | 144 | If you are running one or more instances of pkg.depotd(1M), then after 145 | the upgrade you will need to refresh and clear them, as the name of the 146 | start method has changed. This will cause the service(s) to be placed in 147 | maintenance. 148 | 149 | ``` 150 | # svcadm refresh svc:/application/pkg/server: 151 | # svcadm clear svc:/application/pkg/server: 152 | ``` 153 | 154 | Thanks to community member Volker Brandt for pointing this out! 155 | -------------------------------------------------------------------------------- /VMwareNotes.md: -------------------------------------------------------------------------------- 1 | VMware Notes 2 | ============ 3 | 4 | OmniOS will run just fine on recent VMware products, with a few caveats. 5 | 6 | Installing VMware Tools 7 | ----------------------- 8 | 9 | Follow the directions for [installing VMware Tools in a Solaris guest](http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1023956) 10 | 11 | Attach a virtual floppy 12 | ----------------------- 13 | 14 | If running the text installer from the [Installation#FromCDisoISO](Installation.md#FromCDisoISO), 15 | the guest must have a virtual floppy device configured or it will 16 | hang during installation. Either add the device via the VMware GUI or 17 | add the following to your .vmx file: 18 | 19 | ``` 20 | floppy0.fileType = "file" 21 | floppy0.fileName = "path_to_/floppy_image/Omni.flp" 22 | floppy0.clientDevice = "FALSE" 23 | floppy0.startConnected = "FALSE" 24 | ``` 25 | 26 | Credit: 27 | 28 | The floppy image can be an empty file, but it must exist. If the floppy 29 | is the default boot device (which is the case if you add it through the 30 | VMware GUI), your VM will boot into Pong - (see 31 | ). 32 | 33 | Use recent release 34 | ------------------ 35 | 36 | The r151002w ISO, which contains text-installer fixes for device 37 | detection under VMware, is required. These fixes were previously only 38 | available in “bloody”. 39 | 40 | **As of r151004, this is no longer an issue in either stable or 41 | bloody.** 42 | -------------------------------------------------------------------------------- /VagrantBaseboxes.md: -------------------------------------------------------------------------------- 1 | Vagrant Baseboxes 2 | ================= 3 | 4 | How to create a Vagrant basebox for OmniOS. 5 | 6 | Necessary Software 7 | ------------------ 8 | 9 | You will need the following packages installed on the host system being 10 | used to build an OmniOS basebox for Vagrant: 11 | 12 | * Virtualbox 13 | * Packer 14 | 15 | Definitions 16 | ----------- 17 | 18 | We provide a packer template and script at: 19 | 20 | ``` 21 | https://github.com/jfqd/omnios-packer 22 | ``` 23 | 24 | These will generate a barebones OmniOS basebox with little beyond the 25 | insecure Vagrant key installed. Ideally all that would be necessary to 26 | then use as the base for your own per-project provisioning through 27 | Vagrant. This template and post install script can be modified to suit 28 | your needs if necessary to produce a basebox configuration that differs 29 | from the ones we publish at . 30 | 31 | Building the Basebox 32 | -------------------- 33 | 34 | All steps below assume you are working from the base directory of the 35 | repository checkout above. 36 | 37 | ### template.json 38 | 39 | You may want to edit `template.json` if you need to alter the OmniOS release installed, 40 | use a different ISO mirror, or modify disk or memory settings. 41 | 42 | In almost all cases, you will want to leave `:boot_cmd_sequence` untouched. 43 | 44 | ### postinstall.sh 45 | 46 | The `definitions/omnios-stable/postinstall.sh` file details everything installed 47 | and configured on the basebox after OmniOS has been installed. 48 | 49 | Additionally, this script configures the nameserver, adds the omniti-ms 50 | IPS publisher, installs the Virtualbox Guest Additions, and sets up the 51 | Vagrant insecure key. Any packages you require to be installed or 52 | configured inside your basebox should be added to this script. 53 | 54 | ### Building 55 | 56 | Once the packer template is modified to suit your needs, you build the 57 | basebox using the following: 58 | 59 | ``` 60 | $ packer build template.json 61 | ``` 62 | 63 | This will take some time. You should see Virtualbox create the new 64 | machine, and if you are running on a local machine (or remotely with X11 65 | forwarding) a new VM window will be displayed where you can watch the 66 | progress of the OmniOS installer. 67 | 68 | Once complete, you can import the basebox with vagrant to test it: 69 | 70 | ``` 71 | $ vagrant box add omnios-r151008e-r1 packer_virtualbox_virtualbox.box 72 | ``` 73 | -------------------------------------------------------------------------------- /VirtualBoxNotes.md: -------------------------------------------------------------------------------- 1 | VirtualBox Notes 2 | ----------------- 3 | 4 | **NOTE: AMD PCnet-PCI NICs not supported** 5 | 6 | The “PCnet-PCI II” virtual adapter is not supported in the pcn driver. 7 | 8 | “PCnet-PCI III” is known to have issues with DHCP and perhaps other 9 | traffic. 10 | 11 | For best results, use one of the Intel PRO/1000 adapters (e1000g 12 | driver). 13 | 14 | Note that if you want PXE boot support for Intel adapters you will also 15 | need the Oracle VM VirtualBox Extension Pack from 16 | 17 | -------------------------------------------------------------------------------- /VirtualMachinesKVM.md: -------------------------------------------------------------------------------- 1 | Virtual Machines with KVM 2 | ========================= 3 | 4 | **NOTE: THIS IS A WORK IN PROGRESS. COME BACK WHEN THIS NOTE IS GONE.** 5 | 6 | Starting a VM 7 | ------------- 8 | 9 | Each KVM virtual machine requires a **dedicated** virtual network 10 | interface (card), HDD (a ZFS Volume, aka. zvol, will do) and VNC TCP 11 | port. 12 | 13 | ### Create vnic 14 | 15 | Find the physical device to build it on top: 16 | 17 | ``` 18 | root@server:~# dladm show-link 19 | LINK CLASS MTU STATE BRIDGE OVER 20 | igb0 phys 1500 up -- -- 21 | igb2 phys 1500 down -- -- 22 | igb1 phys 1500 down -- -- 23 | igb3 phys 1500 down -- -- 24 | ``` 25 | 26 | Create a virtual network interface on top of ´igb0´: 27 | 28 | ``` 29 | root@server:~# dladm show-vnic 30 | LINK OVER SPEED MACADDRESS MACADDRTYPE VID 31 | root@server:~# dladm create-vnic -l igb0 vnic0 32 | root@server:~# dladm show-vnic 33 | LINK OVER SPEED MACADDRESS MACADDRTYPE VID 34 | vnic0 igb0 100 2:8:20:38:a5:d6 random 0 35 | ``` 36 | 37 | ### Setup ISO and HDD 38 | 39 | Download an ISO: 40 | 41 | ``` 42 | # mkdir -p /export/vm 43 | # cd /export/vm 44 | # wget ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/9.1/FreeBSD-9.1-RC2-amd64-disc1.iso 45 | ``` 46 | 47 | Prepare a volume for the VM: 48 | 49 | ``` 50 | # zfs create -V / 51 | ``` 52 | 53 | should be an appropriately-sized virtual disk. E.g. 32G. 54 | 55 | and represent a pool, and a name of a ZFS Volume. The 56 | `-V` flag indicates you're creating a ZFS Volume, and an entry in 57 | `/dev/zvol/dsk//`. 58 | 59 | ### Start Virtual Machine 60 | 61 | You can use the following script to start the VM: 62 | 63 | ``` 64 | #!/usr/bin/bash 65 | 66 | # configuration 67 | VNIC=vnic0 68 | # Sample zvol path. 69 | HDD=/dev/zvol/rdsk/rpool/vm-zvol 70 | # NOTE: You can add more... (see NOTE2 below) 71 | #HDD2=/dev/zvol/rdsk/data/vm-data-zvol 72 | CD=/export/iso/FreeBSD-9.1-RC2-amd64-disc1.iso 73 | VNC=5 74 | # Memory for the KVM instance, in Megabytes (2^20 bytes). 75 | MEM=1024 76 | 77 | mac=`dladm show-vnic -po macaddress $VNIC` 78 | 79 | /usr/bin/qemu-system-x86_64 \ 80 | -name "$(basename $CD)" \ 81 | -boot cd \ 82 | -enable-kvm \ 83 | -vnc 0.0.0.0:$VNC \ 84 | -smp 2 \ 85 | -m $MEM \ 86 | -no-hpet \ 87 | -localtime \ 88 | -drive file=$HDD,if=ide,index=0 \ 89 | -drive file=$CD,media=cdrom,if=ide,index=2 \ 90 | -net nic,vlan=0,name=net0,model=e1000,macaddr=$mac \ 91 | -net vnic,vlan=0,name=net0,ifname=$VNIC,macaddr=$mac \ 92 | -vga std \ 93 | -daemonize 94 | 95 | # NOTE2: Add an additional -drive file=$HDD2,if=ide,index=X for a unique X 96 | # in the big command-line above if you want another drive. Repeat as needed. 97 | 98 | if [ $? -gt 0 ]; then 99 | echo "Failed to start VM" 100 | fi 101 | 102 | # TCP port for VNC connections to the KVM instance. 5900 is added in the command. 103 | port=`expr 5900 + $VNC` 104 | public_nic=$(dladm show-vnic|grep vnic1|awk '{print $2}') 105 | public_ip=$(ifconfig $public_nic|grep inet|awk '{print $2}') 106 | 107 | echo "Started VM:" 108 | echo "Public: ${public_ip}:${port}" 109 | ``` 110 | 111 | #### Notes 112 | 113 | * script credit: [John Grafton's blog](http://www.graymatterboundaries.com/?p=158) 114 | * *configuration settings* on the top of the script are in **UPPERCASE** 115 | * multiple VMs: customize `VNIC`, `VNC` and `HDD` 116 | 117 | #### Next steps 118 | 119 | When `./start-vm.sh` completed, use a VNC client to connect to the `IP:PORT` and install FreeBSD 120 | into the VM. 121 | 122 | During the installation, make sure to enable and add a local user 123 | account for yourself. on FreeBSD does not by default. 124 | 125 | **Note:** In case your host system is connected via DHCP to your local 126 | network, DHCP should work for the guest's OS as well. 127 | 128 | Once the installation completed and the guest rebooted, the guest should 129 | boot FreeBSD from its HDD right away. Access the FreeBSD guest using VNC 130 | or . 131 | 132 | Using a script to start VM guests also makes it easy to put them under 133 | SMF control. Here's a sample manifest (replace '@@VM_NAME@@' with your 134 | VM name): 135 | 136 | ``` 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 157 | 158 | 159 | ``` 160 | 161 | Troubleshooting 162 | --------------- 163 | 164 | ### /usr/bin/qemu-kvm on OmniOS 165 | 166 | The binary is called: `/usr/bin/qemu-system-x86_64` 167 | 168 | ### /dev/kvm - no such device 169 | 170 | First ensure kvm is loaded: 171 | 172 | ``` 173 | # modinfo |grep kvm 174 | 205 fffffffff80a5000 39ff0 264 1 kvm (kvm driver v0.1) 175 | ``` 176 | 177 | If the module is not present, load it with: 178 | 179 | ``` 180 | # add_drv kvm 181 | ``` 182 | 183 | This is a one-time setup and will persist across reboots. 184 | 185 | Setting up KVM in a zone. 186 | ------------------------- 187 | 188 | You may run a KVM instance in a non-global zone so long as: 189 | 190 | * The zone has its own vNIC so KVM's VNC server can run 191 | * The KVM's vNIC is provisioned into the zone's creation by using 192 | zonecfg(1M)'s “add net” command 193 | ``` 194 | zonecfg> add net 195 | zonecfg> set physical=vnic0 196 | zonecfg> end 197 | ``` 198 | * The zvol is named such that its parent dataset can be delegated 199 | to the zone, and that its zvol device path is provisioned into 200 | the zone's creation by using zonecfg(1M)'s “add device” 201 | command. One can provide a number of zvols to a zone this way: 202 | ``` 203 | zonecfg> add device 204 | zonecfg> set match="/dev/zvol/rdsk/rpool/zvol/*" 205 | zonecfg> end 206 | zonecfg> add dataset 207 | zonecfg> set name=rpool/zvol 208 | zonecfg> end 209 | ``` 210 | 211 | Once those resources are available to a zone, you can run the shell 212 | script or import the SMF service per above. 213 | -------------------------------------------------------------------------------- /WeeklyReleaseHowto.md: -------------------------------------------------------------------------------- 1 | Making a Weekly Release 2 | ======================= 3 | 4 | [Cherry-pick](PopulatingRepos.md#Cherry-picking) the desired 5 | package(s) from the RC repo into the release repo. 6 | 7 | On the release repo server: 8 | 9 | 1. Review package differences between the current state of the filesystem and the snapshot of the previous release: 10 | ``` 11 | # zfs diff data/set/omnios/repo/release@ data/set/omnios/repo/release | grep pkg 12 | ``` 13 | 1. Snapshot repo dataset @, e.g. “r151002a” 14 | 1. Prepare [ReleaseMedia](ReleaseMedia.md) if there are security fixes 15 | or significant changes to packages provided by default, such as 16 | driver updates 17 | * Update symlinks for latest release to point at the new media, as 18 | appropriate (LTS or Stable), see below for details 19 | 1. Update [ReleaseNotes](ReleaseNotes.md) with what changed 20 | 1. Announce to #omnios on IRC, Twitter w/hashtags #OmniOS and #illumos, 21 | and on omnios-discuss list 22 | 23 | Updating symlinks 24 | ----------------- 25 | 26 | These links should always point to the most recent media: 27 | 28 | ``` 29 | OmniOS_Text_Stable_latest.iso 30 | OmniOS_Text_Stable_latest.usb-dd 31 | OmniOS_Kayak_Stable_latest.zfs.bz2 32 | OmniOS_Text_LTS_latest.iso 33 | OmniOS_Text_LTS_latest.usb-dd 34 | OmniOS_Kayak_LTS_latest.zfs.bz2 35 | ``` 36 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-minimal -------------------------------------------------------------------------------- /_layouts/default.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | {{ site.title | default: site.github.repository_name }} by {{ site.github.owner_name }} 7 | 8 | 9 | 10 | 13 | 14 | 15 |
16 |
17 |

{{ site.title | default: site.github.repository_name }}

18 |

{{ site.description | default: site.github.project_tagline }}

19 | 20 | {% if site.github.is_project_page %} 21 |

View the Project on GitHub {{ github_name }}

22 | {% endif %} 23 | 24 | {% if site.github.is_user_page %} 25 |

View My GitHub Profile

26 | {% endif %} 27 | 28 | {% if site.show_downloads %} 29 | 34 | {% endif %} 35 | 36 |
37 | Note: These pages have been imported from the OmniTI wiki and are in the 38 | process of being converted. 39 |
Information here may not yet be correct for the Community Edition. 40 |
41 |
42 |
43 | 44 | {{ content }} 45 | 46 |
47 | 53 |
54 | 55 | 56 | 57 | {% if site.google_analytics %} 58 | 67 | {% endif %} 68 | 69 | 70 | -------------------------------------------------------------------------------- /assets/css/style.scss: -------------------------------------------------------------------------------- 1 | --- 2 | --- 3 | 4 | @import "{{ site.theme }}"; 5 | 6 | .masthead 7 | { 8 | text-align: center; 9 | position: fixed; 10 | top: 0; 11 | border-bottom: 1px solid #f2f3f3; 12 | -webkit-animation: intro 0.3s both; 13 | animation: intro 0.3s both; 14 | -webkit-animation-delay: 0.15s; 15 | animation-delay: 0.15s; 16 | z-index: 20; 17 | width: 100%; 18 | background: rgb(255, 152, 0); 19 | font-size: 1.2em; 20 | color: white; 21 | padding-top: 4px; 22 | height: 62px; 23 | } 24 | 25 | body 26 | { 27 | padding-top: 65px; 28 | } 29 | 30 | -------------------------------------------------------------------------------- /buildctl.md: -------------------------------------------------------------------------------- 1 | The OmniOS build control script 2 | ================================== 3 | 4 | Introduction 5 | ------------ 6 | 7 | At its simplest, `buildctl` scans the subdirectories of 8 | `omnios-build/build/.` and runs `./build.sh` in each directory. 9 | Because each subdirectories' `./build.sh` can be arbitrarily 10 | messy, sometimes simply uttering `./buildctl -lb build all` will 11 | not be sufficient for a fire-and-forget built. 12 | 13 | Syntax 14 | ------ 15 | 16 | ``` 17 | cd $OMNIOS_BUILD_SRC/build 18 | 19 | ./buildctl list {grep-pattern} 20 | ./buildctl list-build {grep-pattern} 21 | ./buildctl {-lb} build {list of package names or package name subsets} 22 | ./buildctl {-lb} build {all} 23 | ``` 24 | 25 | ### list 26 | 27 | The `list` command will print an alphabetized list of packages available, or a 28 | list that matches the grep pattern. 29 | 30 | ### list-build 31 | 32 | The `list-build` command will print a list of packages as they are built. Currently, 33 | this is determined by `bash` associative array sorting. The build order is not 34 | a stable interface, and is subject to change. 35 | 36 | ### build 37 | 38 | The `build` command can take two optional flags: 39 | 40 | * The `-b` flag stands for “batch”, and if used, will not prompt the 41 | user yes-or-no for `pkglint` (see below), for package installation 42 | into `$PKGSRVR` (see below), or when a build failure occurs. The 43 | default answers when this flag is set are see `-l` for pkglint, 44 | “yes” for install into `$PKGSRVR`, and “stop” when a build failure 45 | occurs 46 | * The `-l` flag causes the bypass of `pkglint` checking. It is 47 | recommended for now that this flag be used, as not all packages 48 | in omnios-build are `pkglint`-clean 49 | 50 | Environment Variables 51 | --------------------- 52 | 53 | `buildctl` and several subdirectory `build.sh` scripts use several environment variables to 54 | control various behaviors. These can be placed into the script, or just 55 | exported to the environment prior to invoking `buildctl`. 56 | 57 | ### PKGSRVR 58 | 59 | The PKGSRVR environment variable takes a URL (either `` or 60 | ``). It specifies the destination for the built IPS packages. If 61 | it is a `` URL, buildctl will first run `pkgrepo create` if the 62 | directory does not exist. 63 | 64 | ### PKGPUBLISHER 65 | 66 | For OmniOS, this should always be set to “omnios”. It is the IPS publisher string. 67 | 68 | ### PREBUILT\_ILLUMOS 69 | 70 | If set to a directory, `buildctl` will search out illumos-omnios packages in this 71 | directory. `buildctl` will also attempt to see if the build is still going on based 72 | on contents of this directory. If so, it will block any packages that 73 | depend on “illumos” being built - using pwait(1) to wait for the nightly 74 | build process to finish. 75 | 76 | IMPORTANT: At a minimum, a prebuilt-illumos MUST build non-DEBUG 77 | packages with the publisher set to “omnios” or whatever else 78 | PKGPUBLISHER is set to. 79 | 80 | ### KVM\_ROLLBACK and KVM\_CMD\_ROLLBACK 81 | 82 | These two variables should be set to git changeset IDs. buildctl will 83 | roll back the checked-out illumos-kvm and illumos-kvm-cmd trees to the 84 | changeset ID specified. Because these come from a different source with 85 | their own illumos build, sometimes we need to roll back time until 86 | illumos-omnios is caught up. 87 | 88 | ### KAYAK\_SUDO\_BUILD 89 | 90 | Tells the Kayak kernel (kayak-kernel) build.sh to use sudo(1M) instead 91 | of assuming it's being run as root. A build of the whole world should 92 | have kayak-kernel be the last thing to build. kayak-kernel pulls its 93 | bits from either PKGURL (a URL for a source of packages), or PKGSRVR if 94 | PKGURL is not set. The source of packages for kayak-kernel should be 95 | fully populated in advance. [OmniOS-on-demand](OmniOS-on-demand.md) 96 | does this explicitly with PKGSRVR, for example. 97 | 98 | ### ROOT\_OK 99 | 100 | Most `build.sh` scripts should not be run as root, and they will exit immediately 101 | if they are. Setting ROOT\_OK disables the immediate exit if running as 102 | root. 103 | 104 | Files 105 | ----- 106 | 107 | `buildctl` also reads data from some files. 108 | 109 | ### .../lib/config.sh 110 | 111 | Rarely changes, but this file contains more variables for `buildctl` and 112 | subdirectory `build.sh` scripts. 113 | 114 | ### .../{builddir}/dependencies 115 | 116 | While rare, some packages depend on other packages already having been 117 | built and installed in $PKGSRVR. This is distinct from IPS dependencies 118 | or machine environment dependencies, as dependencies in this file are 119 | BUILD-TIME dependencies. The contents of this files are a list of 120 | one-package-per-line packages. Currently only `kayak/` has this file. 121 | 122 | Miscellany 123 | ---------- 124 | 125 | Recent versions of `buildctl` will perform duplicate suppression. If a subdirectory 126 | has N packages, that subdirectory's `build.sh` used to be run N times. Duplicate 127 | suppression will reduce N down to 1, IF AND ONLY IF “all” is the list of 128 | packages, or the list of packages use full package names. 129 | 130 | A package can be specified by a full package name, or a substring. If a 131 | substring matches more than one full package name, it unspecified which 132 | single full package name will match, but only one will. 133 | -------------------------------------------------------------------------------- /linked_images.md: -------------------------------------------------------------------------------- 1 | Linked Image Zones 2 | ================== 3 | 4 | Starting with [r151014](ReleaseNotes/r151014.md), the ability to have 5 | linked-image zones is available. In OmniOS, we chose to make 6 | linked-images an option, available through the “lipkg” brand zone. The 7 | only difference between an ipkg zone (the normal zone type for OmniOS) 8 | and lipkg zones is the linking of images. 9 | 10 | A linked-image zone either has the same, or a superset, of publishers as 11 | the global zone has. 12 | 13 | What *are* linked images? 14 | ------------------------- 15 | 16 | ### r151014 through r151020 17 | 18 | Linked images link the packages in a zone to the global zone. If you 19 | update the global zone's packages, the linked-image zones get updated 20 | alongside it. This means going forward, an upgrade with linked image 21 | zones does not require detaching and reattaching the zone. You can 22 | update zones on a running system (at the cost of losing some log state 23 | during the time of the upgrade and the time of a reboot), or you can 24 | simply halt the zones, do the upgrade, and reboot with all linked-image 25 | zones automatically updated. 26 | 27 | ### r151022 and beyond 28 | 29 | It has [its own page](NewLinkedImages.md), but in a nutshell, the 30 | linkage in linked-image zones weakens some, unless you are using the 31 | new-in-[r151022](ReleaseNotes/r151022.md) “-r” flag for pkg(1). 32 | 33 | How do I use linked images with my zones? 34 | ----------------------------------------- 35 | 36 | Normal OmniOS zones are “ipkg” branded. To change a zone's brand, you 37 | must detach it first, and then reattach it. 38 | 39 | ``` 40 | zoneadm -z detach 41 | zonecfg -z set brand=lipkg 42 | zoneadm -z attach -u 43 | ``` 44 | 45 | Once the brand is changed, will have its IPS image linked to 46 | the global zone's image. When you update the global zone, 47 | will have its software updated as well. One potential side-effect of 48 | this is that the zone may get software more new than the zone's tenant 49 | (if you have tenants on your zone) can cope with. It's this side effect 50 | that kept us from just making linked-images the default on ipkg zones, 51 | and prompted us to create the lipkg brand. 52 | --------------------------------------------------------------------------------