5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
22 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 # Use is subject to license terms.
26 # NOTE: this script runs in the global zone and touches the non-global
27 # zone, so care should be taken to validate any modifications so that they
30 # Restrict executables to /usr/bin and /usr/sbin
31 PATH
=/usr
/bin
:/usr
/sbin
35 .
/usr
/lib
/brand
/ipkg
/common.ksh
43 if (( $ZONE_IS_MOUNTED != 0 )); then
45 zoneadm
-z $ZONENAME unmount
52 # For an exclusive stack zone, fix up the network configuration files.
53 # We need to do this even if unconfiguring the zone so sys-unconfig works
58 [[ "$STACK_TYPE" == "shared" ]] && return
61 for i
in $ZONEROOT/etc
/hostname.
* $ZONEROOT/etc
/dhcp.
*
63 if [[ -f "$i" ]]; then
64 NETIF_CNT
=$
(expr $NETIF_CNT + 1)
68 if (( $NETIF_CNT != 1 )); then
73 NET
=$
(LC_ALL
=C zonecfg
-z $ZONENAME info net
)
74 if (( $?
!= 0 )); then
75 error
"$e_badinfo" "net"
79 NETIF
=$
(echo $NET | nawk
'{
80 for (i = 1; i < NF; i++) {
81 if ($i == "physical:") {
82 if (length(net) == 0) {
95 if [[ -z "$NETIF" ]]; then
100 NEWHOSTNET
=${OLD_HOSTNET%*.*}
101 if [[ "$OLD_HOSTNET" != "$NEWHOSTNET.$NETIF" ]]; then
102 safe_move
$OLD_HOSTNET $NEWHOSTNET.
$NETIF
107 # Disable all of the shares since the zone cannot be an NFS server.
108 # Note that we disable the various instances of the svc:/network/shares/group
109 # SMF service in the fix_smf function.
113 zonedfs
=$ZONEROOT/etc
/dfs
115 if [[ -h $zonedfs/dfstab ||
! -f $zonedfs/dfstab
]]; then
116 error
"$e_badfile" "/etc/dfs/dfstab"
121 if [[ -z "$tmpfile" ]]; then
127 if (substr($1, 0, 1) == "#") {
136 printf("# Modified by p2v ")
137 system("/usr/bin/date")
141 }' $zonedfs/dfstab
>>$tmpfile
143 if (( $?
== 0 )); then
144 if [[ ! -f $zonedfs/dfstab.pre_p2v
]]; then
145 safe_copy
$zonedfs/dfstab
$zonedfs/dfstab.pre_p2v
147 safe_copy
$tmpfile $zonedfs/dfstab
153 # Comment out most of the old mounts since they are either unneeded or
154 # likely incorrect within a zone. Specific mounts can be manually
155 # reenabled if the corresponding device is added to the zone.
159 if [[ -h $ZONEROOT/etc
/vfstab ||
! -f $ZONEROOT/etc
/vfstab
]]; then
160 error
"$e_badfile" "/etc/vfstab"
165 if [[ -z "$tmpfile" ]]; then
171 if (substr($1, 0, 1) == "#") {
173 } else if ($1 == "fd" || $1 == "/proc" || $1 == "swap" ||
174 $1 == "ctfs" || $1 == "objfs" || $1 == "sharefs" ||
175 $4 == "nfs" || $4 == "lofs") {
184 printf("# Modified by p2v ")
185 system("/usr/bin/date")
189 }' $ZONEROOT/etc
/vfstab
>>$tmpfile
191 if (( $?
== 0 )); then
192 if [[ ! -f $ZONEROOT/etc
/vfstab.pre_p2v
]]; then
193 safe_copy
$ZONEROOT/etc
/vfstab \
194 $ZONEROOT/etc
/vfstab.pre_p2v
196 safe_copy
$tmpfile $ZONEROOT/etc
/vfstab
202 # Delete or disable SMF services.
206 SMF_UPGRADE
=/a
/var
/svc
/profile
/upgrade
209 # Fix network services if shared stack.
211 if [[ "$STACK_TYPE" == "shared" ]]; then
214 NETPHYSDEF
="svc:/network/physical:default"
215 NETPHYSNWAM
="svc:/network/physical:nwam"
217 vlog
"$v_enblsvc" "$NETPHYSDEF"
218 zlogin
-S $ZONENAME "echo /usr/sbin/svcadm enable $NETPHYSDEF \
219 >>$SMF_UPGRADE" </dev
/null
221 vlog
"$v_dissvc" "$NETPHYSNWAM"
222 zlogin
-S $ZONENAME \
223 "echo /usr/sbin/svcadm disable $NETPHYSNWAM \
224 >>$SMF_UPGRADE" </dev
/null
226 # Disable routing svcs.
227 vlog
"$v_dissvc" 'svc:/network/routing/*'
228 zlogin
-S $ZONENAME \
229 "echo /usr/sbin/svcadm disable 'svc:/network/routing/*' \
230 >>$SMF_UPGRADE" </dev
/null
234 # Disable well-known services that don't run in a zone.
236 vlog
"$v_rminvalidsvcs"
237 for i
in $
(egrep -hv "^#" \
238 /usr
/lib
/brand
/ipkg
/smf_disable.lst \
239 /etc
/brand
/ipkg
/smf_disable.conf
)
242 vlog
"$v_dissvc" "$i"
243 zlogin
-S $ZONENAME \
244 "echo /usr/sbin/svcadm disable $i >>$SMF_UPGRADE" </dev
/null
248 # Since zones can't be NFS servers, disable all of the instances of
251 vlog
"$v_dissvc" 'svc:/network/shares/*'
252 zlogin
-S $ZONENAME \
253 "echo /usr/sbin/svcadm disable 'svc:/network/shares/*' \
254 >>$SMF_UPGRADE" </dev
/null
258 # Remove well-known pkgs that do not work inside a zone.
262 for i
in $
(egrep -hv "^#" /usr
/lib
/brand
/ipkg
/pkgrm.lst \
263 /etc
/brand
/ipkg
/pkgrm.conf
)
265 pkg info
$i >/dev
/null
2>&1
266 if (( $?
!= 0 )); then
271 zlogin
-S $ZONENAME LC_ALL
=C \
272 /usr
/bin
/pkg
-R /a uninstall
-r $i </dev
/null
>&2 || \
278 # Zoneadmd writes a one-line index file into the zone when the zone boots,
279 # so any information about installed zones from the original system will
280 # be lost at that time. Here we'll warn the sysadmin about any pre-existing
281 # zones that they might want to clean up by hand, but we'll leave the zonepaths
282 # in place in case they're on shared storage and will be migrated to
287 zoneconfig
=$ZONEROOT/etc
/zones
289 if [[ -h $zoneconfig/index ||
! -f $zoneconfig/index
]]; then
290 error
"$e_badfile" "/etc/zones/index"
295 if (substr($1, 0, 1) == "#" || $1 == "global")
298 if ($2 == "installed")
300 }' $zoneconfig/index
)
302 # Return if there are no installed zones to warn about.
303 [[ -z "$NGZ" ]] && return
305 log
"$v_rmzones" "$NGZ"
308 if (substr($1, 0, 1) == "#" || $1 == "global")
311 if ($2 == "installed")
313 }' $zoneconfig/index
)
324 # failure should unmount the zone if necessary;
330 # Parse the command line options.
335 while getopts "b:uvl:" opt
340 l
) LOGFILE
="$OPTARG"; OPT_L
="-l \"$OPTARG\"";;
346 (( $# != 2 )) && exit 1
348 [[ -n $LOGFILE ]] && exec 2>>$LOGFILE
352 ZONEROOT
=$ZONEPATH/root
354 e_badinfo
=$
(gettext "Failed to get '%s' zone resource")
355 e_badfile
=$
(gettext "Invalid '%s' file within the zone")
356 e_tmpfile
=$
(gettext "Unable to create temporary file")
357 v_mkdirs
=$
(gettext "Creating mount points")
358 v_nonetfix
=$
(gettext "Cannot update /etc/hostname.{net} file")
359 v_change_var
=$
(gettext "Changing the pkg variant to nonglobal...")
360 e_change_var
=$
(gettext "Changing the pkg variant to nonglobal failed")
361 v_update
=$
(gettext "Updating the zone software to match the global zone...")
362 v_updatedone
=$
(gettext "Zone software update complete")
363 e_badupdate
=$
(gettext "Updating the Zone software failed")
364 v_adjust
=$
(gettext "Updating the image to run within a zone")
365 v_stacktype
=$
(gettext "Stack type '%s'")
366 v_rmhollowsvcs
=$
(gettext "Deleting global zone-only SMF services")
367 v_fixnetsvcs
=$
(gettext "Adjusting network SMF services")
368 v_rminvalidsvcs
=$
(gettext "Disabling invalid SMF services")
369 v_collectingsmf
=$
(gettext "Collecting SMF svc data")
370 v_delsvc
=$
(gettext "Delete SMF svc '%s'")
371 e_delsvc
=$
(gettext "deleting SMF svc '%s'")
372 v_enblsvc
=$
(gettext "Enable SMF svc '%s'")
373 e_enblsvc
=$
(gettext "enabling SMF svc '%s'")
374 v_dissvc
=$
(gettext "Disable SMF svc '%s'")
375 e_adminf
=$
(gettext "Unable to create admin file")
376 v_rmpkg
=$
(gettext "Remove package '%s'")
377 e_rmpkg
=$
(gettext "removing package '%s'")
378 v_rmzones
=$
(gettext "The following zones in this image will be unusable: %s")
379 v_rmzonepaths
=$
(gettext "These zonepaths could be removed from this image:")
380 v_exitgood
=$
(gettext "Postprocessing successful.")
383 # Do some validation on the paths we'll be accessing
392 # Now do the work to update the zone.
394 # Before booting the zone we may need to create a few mnt points, just in
395 # case they don't exist for some reason.
397 # Whenever we reach into the zone while running in the global zone we
398 # need to validate that none of the interim directories are symlinks
399 # that could cause us to inadvertently modify the global zone.
401 if [[ ! -f $ZONEROOT/tmp
&& ! -d $ZONEROOT/tmp
]]; then
402 mkdir
-m 1777 -p $ZONEROOT/tmp ||
exit $EXIT_CODE
404 if [[ ! -f $ZONEROOT/var
/run
&& ! -d $ZONEROOT/var
/run
]]; then
405 mkdir
-m 1755 -p $ZONEROOT/var
/run ||
exit $EXIT_CODE
407 if [[ ! -h $ZONEROOT/etc
&& ! -f $ZONEROOT/etc
/mnttab
]]; then
408 touch $ZONEROOT/etc
/mnttab ||
exit $EXIT_CODE
409 chmod 444 $ZONEROOT/etc
/mnttab ||
exit $EXIT_CODE
411 if [[ ! -f $ZONEROOT/proc
&& ! -d $ZONEROOT/proc
]]; then
412 mkdir
-m 755 -p $ZONEROOT/proc ||
exit $EXIT_CODE
414 if [[ ! -f $ZONEROOT/dev
&& ! -d $ZONEROOT/dev
]]; then
415 mkdir
-m 755 -p $ZONEROOT/dev ||
exit $EXIT_CODE
417 if [[ ! -h $ZONEROOT/etc
&& ! -h $ZONEROOT/etc
/svc
&& ! -d $ZONEROOT/etc
/svc
]]
419 mkdir
-m 755 -p $ZONEROOT/etc
/svc
/volatile ||
exit $EXIT_CODE
422 # Check for zones inside of image.
425 STACK_TYPE
=$
(zoneadm
-z $ZONENAME list
-p | nawk
-F: '{print $7}')
426 if (( $?
!= 0 )); then
427 error
"$e_badinfo" "stacktype"
429 vlog
"$v_stacktype" "$STACK_TYPE"
431 # Note that we're doing this before update-on-attach has run.
437 # Mount the zone so that we can do all of the updates needed on the zone.
441 zoneadm
-z $ZONENAME mount
-f || fatal
"$e_badmount"
444 # Any errors in these functions are not considered fatal. The zone can be
445 # be fixed up manually afterwards and it may need some additional manual
446 # cleanup in any case.
450 # cleanup SMF services
452 # remove invalid pkgs
456 zoneadm
-z $ZONENAME unmount || fatal
"$e_badunmount"
459 # Change the pkging variant from global zone to non-global zone.
461 pkg
-R $ZONEROOT change-variant variant.opensolaris.zone
=nonglobal || \
462 fatal
"$e_change_var"
465 # Run update on attach. State is currently 'incomplete' so use the private
466 # force-update option.
467 # This also leaves the zone in the 'installed' state. This is a known bug
468 # in 'zoneadm attach'. We change the zone state back to 'incomplete' for
469 # now but this can be removed once 'zoneadm attach' is fixed.
472 zoneadm
-z $ZONENAME attach
-U >&2 || fatal
"$e_badupdate"
473 zoneadm
-z $ZONENAME mark incomplete || fatal
"$e_badupdate"
476 [[ -n $OPT_U ]] && unconfigure_zone