OmniOS lipkg zone as debian package mirror

My private Debian package mirror was a Debian 8 virtual machine with the storage provided by an OmniOS fileserver and exported as a nfs share.
The goal is to move the whole mirror into a zone on the fileserver. The debian ftpsync mirror script is a bash script and should also run on OmniOS.

The ftpsync script needed some minor modification to run on OmniOs and is described in the blog post: Debian mirror script “ftpsync” on OmniOS.

To create the zone i used the section Creating Zones on the General Administration page and the lipkg wiki entry from the OmniOS wiki.

The name and hostname of the zone is mirror.
The mirrored packages are on the ZFS filesystem /storage/mirror that should be made available inside the zone.

Create the ZFS filesystem for the zone:

zfs create zones/mirror

Create a network interface (vNIC) mirror0 on top of the physical interface bnxe0. The vNIC name has to end in a number, see this post from omnios-discuss.

dladm create-vnic -l bnxe0 mirror0

I will be using the exclusive IP type and manage the network from inside the zone.

Create  the zone

# /usr/sbin/zonecfg -z mirror
mirror: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:mirror>
zonecfg:mirror> create
zonecfg:mirror> set zonepath=/zones/mirror
zonecfg:mirror> set autoboot=true
zonecfg:mirror> set limitpriv=default,dtrace_proc,dtrace_user
zonecfg:mirror> set brand=lipkg
zonecfg:mirror> set ip-type=exclusive
zonecfg:mirror> add net
zonecfg:mirror:net> set physical=mirror0
zonecfg:mirror:net> end
zonecfg:mirror> verify
zonecfg:mirror> commit
zonecfg:mirror> exit
#
# zoneadm -z mirror install
# zoneadm -z mirror boot

After the zone is installed and boots, type zlogin -C mirror for a system console to login (like on a physical machine) or zlogin mirror gives you a shell in the zone without the need to login.

This is now a fresh install of OmniOS and needs post install configuration.

• Configure the network with an address of 10.0.1.55/24 and default route via 10.0.1.1:

ipadm create-if lipkg0
ipadm create-addr -T static -a 10.0.1.55/24 mirror0/LANv4
route -p add default 10.0.1.1

Configure dns resolution:

• add dns server to /etc/resolv.conf
• configure NSS to use the dns server (see the comment in /etc/nsswitch.dns)
• add the systems domain name to /etc/defaultdomain (see man domainname)
• enable the dns client service

echo "nameserver 10.0.1.1" > /etc/resolv.conf
cp /etc/nsswitch.{conf,bak}
cp /etc/nsswitch.{dns,conf}
echo "domain.local" > /etc/defaultdomain
svcadm enable svc:/network/dns/client

Swap SunSSH for OpenSSH, see the Release Notes for 151016:

pkg install --no-backup-be --reject pkg:/network/ssh --reject pkg:/network/ssh/ssh-key \
  --reject pkg:/service/network/ssh pkg:/network/openssh pkg:/network/openssh-server

The ftpsync script requires rsync and a webserver. I use nginx from the omniti-ms repository (wiki: Packaging) to make the repository available to clients.

Add the ZFS filesystem with the mirrored packages to the zone and reboot the zone. The ZFS properties

• Name is used in zonecfg to identify the dataset to add
• Mountpoint is used as the mountpoint inside the zone

zonecfg -z mirror
zonecfg:mirror> add dataset
zonecfg:mirror:dataset> set name=storage/mirror
zonecfg:mirror:dataset> end
zonecfg:mirror> commit
zonecfg:mirror> exit
zoneadm -z mirror reboot

The ZFS dataset should now be mounted as /storage/mirror inside the zone.

Some links that helped me besides man zonecfg:
How to Delegate a ZFS Dataset to a Non-Global Zone
Delegating Datasets to a Non-Global Zone

 ftpsync

The ftpsync script with its configuration file ftpsync.conf is used to mirror a debian package archive.

Clone the archvsync git repository or download the ftpsync.tar.gz from the debian mirror page, the ftpsync version used is 20160306.

The README and the comments in ftpsync.conf describe all the needed configuration to setup ftpsync. I had to make some modifications to the files ftpsync, common and ftpsync.conf to make it work on OmniOS. These modifications are described in the blog post: Debian mirror script “ftpsync” on OmniOS.

I mirror the amd64 and i386 architectures from ftp.at.debian.org and security.debian.org with the configuration in ftpsync.conf and ftpsync-security.conf and the packages are mirrored to /storage/mirror/debian and /storage/mirror/security respectively.

The important parts in the config files are

• TO is the path to the destination of the mirrored files
• RSYNC_PATH is the rsync share to connect to
• RSYNC_HOST is the rsync host to connect to
• ARCH_INCLUDE the architectures to mirror

Call the ftpsync script with the argument sync:archive: and sync:archive:security to use the configuration from ftpsync.conf or ftpsync-security.conf config file respectively. This is done with crontab entries.

33 2       * * * /opt/ftpsync/bin/ftpsync sync:archive:
5  5,13,19 * * * /opt/ftpsync/bin/ftpsync sync:archive:security

Nginx

The basic nginx config is modified to serve the directory /storage/mirror and create a directory listing.

nginx.conf server directive

server {
        listen       80;
        server_name  mirror.domain.local;

        location / {
            root   /storage/mirror;
            index  index.html index.htm;
            try_files $uri $uri/ =404;
            autoindex on;
        }
}

On Debian machines modify /etc/apt/sources.list entries to use the hostname of the mirror.