Solaris 11.2 introduces a new native archive file type, the Unified Archive. Let's take a look at cloning zones with Unified Archives.
Using Unified Archives to clone zones provides a few differences compared to dataset clone-based zone cloning, as we have with 'zoneadm clone' with non-global zones.
The main difference in using an archive rather than 'zoneadm clone' is that the clone archive image is prepared for redistribution. Rather than a full copy, the origin zone is more used as a template for the creation of a new, independently deployable image.
With clone archives, various aspects of the file system are reverted to an as-installed state, and other aspects are cleaned up and sanitized. This makes for a fully portable, migratable image within the archive payload. It can also be carried to remote systems for cloning there.
To keep the images small for our examples, we'll install our zones with the new 'solaris-minimal-server' group package. This gives us a smaller zone image which has most of the core Solaris services available. The image makes for a nice starting point for application development.
One thing to note, the minimal server image doesn't include localization support. The 'system/locale' package is quite large, but we can have our cake and eat it too by using package facets. We can add 'system/locale' to our minimal install, and turn off all of the locales we don't need by using facets.
Let's start by putting this install profile into a simple AI manifest which we'll use for our initial installation.
For my purposes, I'm keeping English and unsetting the rest. You can configure your install as needed.
Ok, let's install our zone.
Now we've got a minimal zone. Notice the install does a lot of package work. Since we're starting from scratch, the deployment creates a new IPS image, validates the publishers and host image, links the zone image to the host's and then installs it. The install consists of building the list of packages, downloading them, and then invoking all of the install and post-install actions for each one. It does this very quickly, but it's a lot of work so it takes some time. In this case, about 3 minutes.
A side effect of using Unified Archives to deploy Solaris systems is that the deployment time is typically quicker than with package-based installs. Since an archived system contains the system's package image, a deployment simply lays the image back down. IPS doesn't need to do all that work again, since it already did so during the deployment of the origin system.
So, let's archive this zone up and deploy a clone of it to see how this works.
Again in the spirit of keeping things small, we can use the -e (exclude-media) option with archiveadm create. Since we don't need a portable and transformable image for this simple example, we won't need install media. More on embedded media later.
That took about a minute and a half and resulted in an archive which is just shy of 200MB. There is quite a bit of compression in the image, as we can see from the verbose output the deployed size is nearly 1GB.
Now that we have an archive, we can deploy new zones directly from it. As always, deploying a zone is two steps; the zone configuration is first created and then it is installed.
The zonecfg and zoneadm utilities have been updated to work with unified archives. This allows for direct cloning of the origin configuration stored within the archive as well as installation of a new zone directly from the archive. These two steps are not tied to each other - any valid zone configuration can be installed from an archive, the zonecfg need not be sourced from the archive.
Let's create a new zone from the archive, which will mirror the origin zone's configuration, and then install it.
So, easy enough. The new zone 'thing2' has a configuration which is based upon the configuration of 'thing1'. Now we can install the new zone directly from the archive as well, with zoneadm.
Simple, and this one deploys in about a minute and a half. IPS still links the image into the global zone and does some validation, but for the most part already did the heavy lifting for us in the deployment of the origin system.
This archive can be used to deploy any number of zones on any number of host systems. The only criteria for support is that the host is a supported platform of the same ISA. This means that archives can be used for all sorts of migrations and transforms, even across virtualization boundaries. More on that later, as well.
Support for kernel zones is transparent - zonecfg and zoneadm work the same way to create and install a new zone from an archive, respectively. By the way, for a kernel zones primer and a bit more detail, check out Mike Gerdts' Zones blog.
Note when the archive is created this time, we'll need the embedded media which is built by default. This media is used to boot and install the new kernel zone. This all happens under the covers, of course. Just keep in mind that if you might want to deploy an archive into a kernel zone in the future, don't use --exclude-media.
Ok, let's create a clone archive of a kernel zone and build it a friend.
And there we go. We created a kernel zone archive in a few minutes and deployed a new kernel zone from it in a few more minutes.