Building a Solaris 11 IPS Server

Published   Read time 2 min(s) 13 sec(s)   (888 views).  Solaris  

Many environments prevent a Solaris systems from directly accessing the internet, or force systems to go through a proxy server. The Solaris IPS enables you to keep the Solaris software distribution (and your own packages) on-site, and share it to the other systems.

This article provides the steps necessary to build an IPS server for Solaris 11.

Install the base Solaris 11 repo

  1. To begin, download the latest Solaris IPS repo zip files (for Solaris 11.3 there are 5 files) and download the install-repo.ksh script.
  2. Create a directory for IPS and remove the existing solaris publisher: 
    # mkdir /repo/sol11.3
# pkg unset-publisher solaris
  3. Install the repo using the zip files, confirm it is usable afterwards: 
    # cd /var/tmp/
# ./install-repo.ksh -d /repo/sol11.3/ -v
# pkg list -g /repo/sol11.3/
  4. The repo is now available via HTTP (optionally use a different port, or use NFS): 
    # unset http_proxy https_proxy
# svccfg -s application/pkg/server setprop pkg/inst_root=/repo/sol11.3
# svcadm enable pkg/server
  5. Configure the local system to use this HTTP repo location: 
    # pkg set-publisher -G '*' -g 'http://ips-server' solaris
# pkg publisher
    (replace ips-server with the IP address or hostname of your IPS Server).

Upgrading the base release

To apply the latest updates to the base release of Solaris 11, perform the following:

  1. Login to support.oracle.com.
  2. Locate the latest Support Repository Update (SRU). For example, search for "Oracle Solaris 11.3 Support Repository Updates".
  3. Download the zip files and extract them into some suitable location. For example: 
    # mkdir /var/tmp/SRU
# cd /var/tmp/SRU
# unzip ../*1of3.zip
# unzip ../*2of3.zip
# unzip ../*3of3.zip
  4. Apply the SRU to the IPS repo checking the version change. For example: 
    # pkgrepo list -s /repo/sol11.3/ | grep entire
...20151006...
# pkgrecv -s /var/tmp/SRU -d /repo/sol11.3 '*'
# pkgrepo list -s /repo/sol11.3/ | grep entire
...20160815...
# pkg rebuild-index
# pkgrepo -s /repo/sol11.3 refresh
# svcadm refresh svc:/application/pkg/server
# svcadm restart svc:/application/pkg/server

Configure local REPO services

Now we have an IPS repo that is ahead of the IPS server Solaris patch level. Ensure this and other systems are configured to use the local IPS http location.

  1. Configure local IPS location: 
    # unset http_proxy https_proxy
# pkg set-publisher -G '*' -g 'http://ips-server' solaris
# pkg publisher
  2. Check the Solaris patch level installed and the SRU levels available in the repo: 
    # pkg list entire
# pkgrepo list -s http://ips-server/ entire
  3. Update this and any other systems to the latest patch level (with a dry-run prior). A reboot may be required afterward: 
    # pkg update -nv
# pkg update
    NOTE:
    • The "pkg update" command will update the current boot environment and create a clone.
    • Use "beadm list" to review your patch version options.