1 # 2 # CDDL HEADER START 3 # 4 # The contents of this file are subject to the terms of the 5 # Common Development and Distribution License (the "License"). 6 # You may not use this file except in compliance with the License. 7 # 8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 # or http://www.opensolaris.org/os/licensing. 10 # See the License for the specific language governing permissions 11 # and limitations under the License. 12 # 13 # When distributing Covered Code, include this CDDL HEADER in each 14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 # If applicable, add the following below this CDDL HEADER, with the 16 # fields enclosed by brackets "[]" replaced with your own identifying 17 # information: Portions Copyright [yyyy] [name of copyright owner] 18 # 19 # CDDL HEADER END 20 # 21 # 22 # Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 # Use is subject to license terms. 24 # 25 26 unset LD_LIBRARY_PATH 27 PATH=/usr/bin:/usr/sbin 28 export PATH 29 30 . /usr/lib/brand/shared/common.ksh 31 32 # Values for service tags. 33 STCLIENT=/usr/bin/stclient 34 ST_PRODUCT_NAME="Solaris 10 Containers" 35 ST_PRODUCT_REV="1.0" 36 ST_PRODUCT_UUID="urn:uuid:2f459121-dec7-11de-9af7-080020a9ed93" 37 38 w_sanity_detail=$(gettext " WARNING: Skipping image sanity checks.") 39 f_sanity_detail=$(gettext "Missing %s at %s") 40 f_sanity_sparse=$(gettext "Is this a sparse zone image? The image must be whole-root.") 41 f_sanity_vers=$(gettext "The image release version must be 10 (got %s), the zone is not usable on this system.") 42 f_not_s10_image=$(gettext "%s doesn't look like a Solaris 10 image.") 43 f_sanity_nopatch=$(gettext "Unable to determine the image's patch level.") 44 f_sanity_downrev=$(gettext "The image patch level is downrev for running in a solaris10 branded zone.\n(patchlist %s)") 45 f_need_newer_emul=$(gettext "The image requires a newer version of the solaris10 brand emulation.") 46 f_zfs_create=$(gettext "Unable to create the zone's ZFS dataset.") 47 f_no_ds=$(gettext "No zonepath dataset; the zonepath must be a ZFS dataset.") 48 f_multiple_ds=$(gettext "Multiple active datasets.") 49 f_no_active_ds=$(gettext "No active dataset; the zone's ZFS root dataset must be configured as\n\ta zone boot environment.") 50 f_zfs_unmount=$(gettext "Unable to unmount the zone's root ZFS dataset (%s).\nIs there a global zone process inside the zone root?\nThe current zone boot environment will remain mounted.\n") 51 f_zfs_mount=$(gettext "Unable to mount the zone's ZFS dataset.") 52 incompat_options=$(gettext "mutually exclusive options.\n%s") 53 54 sanity_ok=$(gettext " Sanity Check: Passed. Looks like a Solaris 10 image.") 55 sanity_fail=$(gettext " Sanity Check: FAILED (see log for details).") 56 57 e_badboot=$(gettext "Zone boot failed") 58 e_nosingleuser=$(gettext "ERROR: zone did not finish booting to single-user.") 59 e_unconfig=$(gettext "sys-unconfig failed") 60 v_unconfig=$(gettext "Performing zone sys-unconfig") 61 62 v_no_tags=$(gettext "Service tags facility not present.") 63 e_bad_uuid=$(gettext "Failed to get zone UUID") 64 v_addtag=$(gettext "Adding service tag: %s") 65 v_deltag=$(gettext "Removing service tag: %s") 66 e_addtag_fail=$(gettext "Adding service tag failed (error: %s)") 67 68 sanity_check() 69 { 70 typeset dir="$1" 71 res=0 72 73 # 74 # Check for some required directories and make sure this isn't a 75 # sparse zone image. 76 # 77 checks="etc etc/svc var var/svc" 78 for x in $checks; do 79 if [[ ! -e $dir/$x ]]; then 80 log "$f_sanity_detail" "$x" "$dir" 81 res=1 82 fi 83 done 84 # Files from SUNWcsr and SUNWcsu that are in sparse inherit-pkg-dirs. 85 checks="lib/svc sbin/zonename usr/bin/chmod" 86 for x in $checks; do 87 if [[ ! -e $dir/$x ]]; then 88 log "$f_sanity_detail" "$x" "$dir" 89 log "$f_sanity_sparse" 90 res=1 91 fi 92 done 93 94 if (( $res != 0 )); then 95 log "$sanity_fail" 96 fatal "$install_fail" "$ZONENAME" 97 fi 98 99 if [[ "$SANITY_SKIP" == 1 ]]; then 100 log "$w_sanity_detail" 101 return 102 fi 103 104 # 105 # Check image release to be sure its S10. 106 # 107 image_vers="unknown" 108 if [[ -f $dir/var/sadm/system/admin/INST_RELEASE ]]; then 109 image_vers=$(/usr/xpg4/bin/awk -F= '{if ($1 == "VERSION") print $2}' \ 110 $dir/var/sadm/system/admin/INST_RELEASE) 111 fi 112 113 if [[ "$image_vers" != "10" ]]; then 114 log "$f_sanity_vers" "$image_vers" 115 res=1 116 fi 117 118 # 119 # Make sure we have the minimal KU patch we support. These are the 120 # KUs for S10u8. 121 # 122 if [[ $(uname -p) == "i386" ]]; then 123 req_patch="141445-09" 124 else 125 req_patch="141444-09" 126 fi 127 128 for i in $dir/var/sadm/pkg/SUNWcakr* 129 do 130 if [[ ! -d $i || ! -f $i/pkginfo ]]; then 131 log "$f_sanity_nopatch" 132 res=1 133 fi 134 done 135 136 # 137 # Check the core kernel pkg for the required KU patch. 138 # 139 found=0 140 for i in $dir/var/sadm/pkg/SUNWcakr*/pkginfo 141 do 142 patches=$(/usr/xpg4/bin/awk -F= '{if ($1 == "PATCHLIST") print $2}' $i) 143 for patch in $patches 144 do 145 if [[ $patch == $req_patch ]]; then 146 found=1 147 break 148 fi 149 done 150 151 if (( $found == 1 )); then 152 break 153 fi 154 done 155 156 if (( $found != 1 )); then 157 log "$f_sanity_downrev" "$patches" 158 res=1 159 fi 160 161 # 162 # Check the S10 image for a required version of the emulation. 163 # 164 VERS_FILE=/usr/lib/brand/solaris10/version 165 s10vers_needs=0 166 if [[ -f $dir/$VERS_FILE ]]; then 167 s10vers_needs=$(/usr/bin/egrep -v "^#" $dir/$VERS_FILE) 168 fi 169 170 # Now get the current emulation version. 171 emul_vers=$(/usr/bin/egrep -v "^#" $VERS_FILE) 172 173 # Verify that the emulation can run this version of S10. 174 if (( $s10vers_needs > $emul_vers )); then 175 log "$f_need_newer_emul" 176 res=1 177 fi 178 179 if (( $res != 0 )); then 180 log "$sanity_fail" 181 fatal "$install_fail" "$ZONENAME" 182 fi 183 184 vlog "$sanity_ok" 185 } 186 187 # Find the active dataset under the zonepath dataset to mount on zonepath/root. 188 # $1 ZONEPATH_DS 189 get_active_ds() { 190 ACTIVE_DS=$1/ROOT/zbe-0 191 } 192 193 # 194 # Make sure the active dataset is mounted for the zone. 195 # 196 mount_active_ds() { 197 get_zonepath_ds $zonepath 198 get_active_ds $ZONEPATH_DS 199 200 # If already mounted then we're done. 201 mnted=`zfs get -H mounted $ACTIVE_DS | cut -f3` 202 [[ $mnted = "yes" ]] && return 203 204 mount -F zfs $ACTIVE_DS $zonepath/root || fail_fatal "$f_zfs_mount" 205 } 206 207 # 208 # Set up ZFS dataset hierarchy for the zone root dataset. 209 # 210 create_active_ds() { 211 # Find the zone's current dataset. This should have been created by 212 # zoneadm (or the attach hook). 213 get_zonepath_ds $zonepath 214 215 # 216 # We need to tolerate errors while creating the datasets and making the 217 # mountpoint, since these could already exist from an attach scenario. 218 # 219 220 /usr/sbin/zfs list -H -o name $ZONEPATH_DS/ROOT >/dev/null 2>&1 221 if (( $? != 0 )); then 222 /usr/sbin/zfs create -o mountpoint=legacy -o zoned=on \ 223 $ZONEPATH_DS/ROOT 224 if (( $? != 0 )); then 225 fail_fatal "$f_zfs_create" 226 fi 227 else 228 /usr/sbin/zfs set mountpoint=legacy $ZONEPATH_DS/ROOT \ 229 >/dev/null 2>&1 230 /usr/sbin/zfs set zoned=on $ZONEPATH_DS/ROOT \ 231 >/dev/null 2>&1 232 fi 233 234 get_active_ds $ZONEPATH_DS 235 zfs list -H -o name $ACTIVE_DS >/dev/null 2>&1 236 if (( $? != 0 )); then 237 zfs create -o canmount=noauto $ACTIVE_DS 238 (( $? != 0 )) && fail_fatal "$f_zfs_create" 239 else 240 zfs set canmount=noauto $ACTIVE_DS >/dev/null 2>&1 241 zfs inherit mountpoint $ACTIVE_DS >/dev/null 2>&1 242 zfs inherit zoned $ACTIVE_DS >/dev/null 2>&1 243 fi 244 245 if [ ! -d $ZONEROOT ]; then 246 /usr/bin/mkdir -m 0755 -p $ZONEROOT || \ 247 fail_fatal "$f_mkdir" "$ZONEROOT" 248 fi 249 /usr/bin/chmod 700 $ZONEPATH || fail_fatal "$f_chmod" "$ZONEPATH" 250 251 mount -F zfs $ACTIVE_DS $ZONEROOT || fail_fatal "$f_zfs_mount" 252 } 253 254 # 255 # Before booting the zone we may need to create a few mnt points, just in 256 # case they don't exist for some reason. 257 # 258 # Whenever we reach into the zone while running in the global zone we 259 # need to validate that none of the interim directories are symlinks 260 # that could cause us to inadvertently modify the global zone. 261 # 262 mk_zone_dirs() { 263 vlog "$v_mkdirs" 264 if [[ ! -f $ZONEROOT/tmp && ! -d $ZONEROOT/tmp ]]; then 265 mkdir -m 1777 -p $ZONEROOT/tmp || exit $EXIT_CODE 266 fi 267 if [[ ! -f $ZONEROOT/var/run && ! -d $ZONEROOT/var/run ]]; then 268 mkdir -m 1755 -p $ZONEROOT/var/run || exit $EXIT_CODE 269 fi 270 if [[ ! -f $ZONEROOT/var/tmp && ! -d $ZONEROOT/var/tmp ]]; then 271 mkdir -m 1777 -p $ZONEROOT/var/tmp || exit $EXIT_CODE 272 fi 273 if [[ ! -h $ZONEROOT/etc && ! -f $ZONEROOT/etc/mnttab ]]; then 274 /usr/bin/touch $ZONEROOT/etc/mnttab || exit $EXIT_CODE 275 /usr/bin/chmod 444 $ZONEROOT/etc/mnttab || exit $EXIT_CODE 276 fi 277 if [[ ! -f $ZONEROOT/proc && ! -d $ZONEROOT/proc ]]; then 278 mkdir -m 755 -p $ZONEROOT/proc || exit $EXIT_CODE 279 fi 280 if [[ ! -f $ZONEROOT/dev && ! -d $ZONEROOT/dev ]]; then 281 mkdir -m 755 -p $ZONEROOT/dev || exit $EXIT_CODE 282 fi 283 if [[ ! -h $ZONEROOT/etc && ! -h $ZONEROOT/etc/svc && \ 284 ! -d $ZONEROOT/etc/svc ]]; then 285 mkdir -m 755 -p $ZONEROOT/etc/svc/volatile || exit $EXIT_CODE 286 fi 287 } 288 289 # 290 # We're sys-unconfig-ing the zone. This will normally halt the zone, however 291 # there are problems with sys-unconfig and it can hang when the zone is booted 292 # to milestone=none. Sys-unconfig also sometimes hangs halting the zone. 293 # Thus, we take some care to workaround these sys-unconfig limitations. 294 # 295 # On entry we expect the zone to be booted. We use sys-unconfig -R to make it 296 # think its working on an alternate root and let the caller halt the zone. 297 # 298 sysunconfig_zone() { 299 /usr/sbin/zlogin -S $ZONENAME /usr/sbin/sys-unconfig -R /./ \ 300 >/dev/null 2>&1 301 if (( $? != 0 )); then 302 error "$e_unconfig" 303 return 1 304 fi 305 306 return 0 307 } 308 309 # 310 # Get zone's uuid for service tag. 311 # 312 get_inst_uuid() 313 { 314 typeset ZONENAME="$1" 315 316 ZONEUUID=`zoneadm -z $ZONENAME list -p | /usr/xpg4/bin/awk -F: '{print $5}'` 317 [[ $? -ne 0 || -z $ZONEUUID ]] && return 1 318 319 INSTANCE_UUID="urn:st:${ZONEUUID}" 320 return 0 321 } 322 323 # 324 # Add a service tag for a given zone. We use two UUIDs-- the first, 325 # the Product UUID, comes from the Sun swoRDFish ontology. The second 326 # is the UUID of the zone itself, which forms the instance UUID. 327 # 328 add_svc_tag() 329 { 330 typeset ZONENAME="$1" 331 typeset SOURCE="$2" 332 333 if [ ! -x $STCLIENT ]; then 334 vlog "$v_no_tags" 335 return 0 336 fi 337 338 get_inst_uuid "$ZONENAME" || (error "$e_bad_uuid"; return 1) 339 340 vlog "$v_addtag" "$INSTANCE_UUID" 341 $STCLIENT -a \ 342 -p "$ST_PRODUCT_NAME" \ 343 -e "$ST_PRODUCT_REV" \ 344 -t "$ST_PRODUCT_UUID" \ 345 -i "$INSTANCE_UUID" \ 346 -P "none" \ 347 -m "Sun" \ 348 -A `uname -p` \ 349 -z "$ZONENAME" \ 350 -S "$SOURCE" >/dev/null 2>&1 351 352 err=$? 353 354 # 226 means "duplicate record," which we can ignore. 355 if [[ $err -ne 0 && $err -ne 226 ]]; then 356 error "$e_addtag_fail" "$err" 357 return 1 358 fi 359 return 0 360 } 361 362 # 363 # Remove a service tag for a given zone. 364 # 365 del_svc_tag() 366 { 367 typeset ZONENAME="$1" 368 369 if [ ! -x $STCLIENT ]; then 370 vlog "$v_no_tags" 371 return 0 372 fi 373 374 get_inst_uuid "$ZONENAME" || (error "$e_bad_uuid"; return 1) 375 376 vlog "$v_deltag" "$INSTANCE_UUID" 377 $STCLIENT -d -i "$INSTANCE_UUID" >/dev/null 2>&1 378 return 0 379 }