Version Changelog

Changelog

Version 2.0.7.1

Here is the list new features in version 2.0.7.1:

• Fixed bug where on OpenSolaris zones fail to boot when creating 2nd and beyond multi-zones.
• Fixed bug with -z not properly creating the requisite filesystem.
• Fixed bug with update_hosts adding the wrong information to the global hosts.
• Fixed bugs with operating system command differences between Solaris 10 and OpenSolaris.  Namely sed, tr and awk. 
• Fixed bugs with the only, and zone naming documentation.

Zonemgr 2.0.7.1 new features

• Added special glob use case support for all (e.g *), prefixed glob ( e.g.  name*), and suffix glob (e.g. *name) to zone names (e.g. -n <zonename>) for list, info, del and modify actions.
• Added support for SMB network mounted filesystems.

Version 2.0.7

Here is the list new features in version 2.0.7:

• When adding a zone, add support for specifying autoboot, comment, and bootargs via -o option.  As a result of this new feature, the -A feature for disabling autoboot has be
  en depricated.
• When adding or cloning a zone, if the root user password of the new non-global zone is not specified via -P or -E, the root user password of the global zone is inherited by
   the new non-global zone.
• Made sparse root filesystem list inherit default values from the contents of the /etc/zones/SUNWdefault.xml file of the global zone.
• When creating a whole root zone, use /etc/zones/SUNWdefault.xml to determine what directories should be removed (un-inherited) from the zone configuration.
• Added the ability to add and remove directory inheritance via -o "addDir|/dir1[|/dir2|...]" or -o "rmDir|/dir1[|/dir2|...]".
• Addedd ability to delete a device from the non-global zone via -a modify -m "del|device|<match_value>".
• Added support for modifying the default router.
• Added support for FSS cpu shares with -p 'scpu|number'.
• Added status action to list the status of all non-global zones.  The status action shows the state of the zones, the number of frequency of CPUs visible within the zones, a
  nd the zone uptime information.
• Saved JASS output into its own log file.
• Added the ability to apply resource management controls immediately.  This removed the need to reboot the zone when applying resource constraints.
• Added support for multiple zonemgr invocations within a single input config file.  Use 'newcmd' to delimit between zonemgr invocations.
• Added support for comments within input config file.
• Unified the file format and location of all artifacts.  e.g. artifacts are files like output, log files, and configuration files.  Each invocation of the zonemgr script res
  ults in the creation of a new folder in ${HOME}/.zonemgr/<yearMonthDayHourMinuteSecond>) where the folder name is the current date and time.  All artifacts created for that in
  vocation are stored in that directory.
• With the addition of support for multiple zonemgr invocations as well as multiple zone actions, the artifacts have been broken out per action.
• Provide option (-o keep_artifiacts) to keep and list of all artifacts created during the invocation of the zonemgr command.  The default action is to remove all artifacts u
  pon successful completion of the zonemgr.
• Added new service management mode called 'jail'.  This disables all but the very bare necessities including ssh to keep the zone running.
• Added -o debug option to enable debuging.
• Expanded the context of -n <zonename> to support multiple pipe delimited zone names.  e.g. -n "zone1[|zone2|zone3|...].  This applies to nearly all actions.  For example, n
  ow you can add 3 zones with zonemgr -a add -n "z1|z2|z3".
• Enabled parallelization of select actions.
• Removed requirement to speicfy a zone name by using a default zone name. If you run zonemgr without specifying a zonename (e.g. -n <zonename>), it will use a default zonena
  me of zone where  is an incrementing number with prefixed zeros to keep the number four digits in length. This feature also finds the next available zone name in order
   to avoid errors when creating a new zone.  For example, if zones zone0001, zone0002, and zone0005 exist.  When I add 3 new zones with -o "dCount|3", zonemgr will create zones
   zone0003, zone0004, and zone0006.
• Add the ability to name the prefix used by the default zone namer via -o "dPrefix|<prefix>".  The default prefix is 'zone'.  For example, if no zones exist with the prefix
  'mysql' exist, creating three new zones with the 'mysql' prefix via -o "dPrefix|mysql" -o "dCount|3" will result in three new zones named mysql0001, mysql0002, and mysql0003.
• Simplified the service restart flag format to support both multiple invocations of -S <svc> as well as a single invocation with multiple svcs with a single -S "<svc1>[|<svc
  2>|<svc3>|...]" format.
• Reformatted all of the documentation to conform to a 80 character width format.

Here is the list of bugs fixed in version 2.0.7:

• Updated all examples in documentation for new usage and new features.
• Added exception update_hosts to not update /etc/hosts, if hosts are looked up rather than specified.  e.g. 'hosts' specified rather than IP address.
• Fixed bug where applying a swap resource control to a non-global zone failed because multiple swaps exist in global zone.
• Fixed bug where zonecfg fails if TERM=xterm-color.
• Fixed bug where lofi/lofs filesystems were forced to readonly even for -w.
• Fixed bug where netservices was not found.
• Fixed bug in ck4fs bug in check_fs.
• Fixed bug where quotes of -m flag are being ignored by optarg when inputed by input config file (e.g. -f inputFile.cfg)
• Fixed bug where modiying comment used wrong input field.
• Fixed bug that prevented nameserver entry from getting into /etc/resolv.conf.
• Removed resource modification from -m option portion of help page.
• Switched loghost of non-global zone to loopback.
• Documented consequences of changing the defrouter for shared ip zones.
• Consolidated all of the zone state checking into a handful of subroutines.
• Added zfs filesystem check to see if zfs filesystem is already in use.
• Added zone path check to see if path is already in use by another zone.
• Made list action include only non-global zones.
• Fixed bug with NFS vfstab entry construction.
• Fixed bug relative to unmount NFS and SMB filesystems when deleting zone.
• Fixed post-install reboot wait frmi.
• Fixed various bugs with zone cloning.
• Added informational message to explain a specific case when cloning copies the zone instead of using a snapshot from the zfs filesystem.
• Fixed bug with root password propagation from soruce zone to cloned zone(s).
• Added better error handling when destroying the root ZFS filesystem of a zone being deleted.  e.g. Don't delete the filesystem if it has dependencies or is a pool.
• Unified zone shutdown/halt functions and their use throughout the script.
• Re-wrote modify action for simplification and greater clarity.
• Fixed many documentation bugs.
• Fixed bug on OpenSolaris systems where the zone name get's chopped up due to differences between gnu and xpg4 versions of sed.
• Blastwave support has been disabled for OpenSolaris until a viable Blastwave package authority becomes avaiable.
• Brought -L input into conformity with the new pipe delmiting format.

Version 2.0.6

• New version with a ton of new functionality
• Unified all filesystems in -r and -w
• Added support for all many filesystem types
• Added support for ZFS volumes
• Added support for ZFS dataset
• Added support for new version of Bastwave
• Added support for OpenSolaris
• Added support for OpenSolaris IPS/pkg
• Added support for SunFreeware via URL for Solaris and IPS for OpenSolaris.
• Extended and refined support for resource management
• Reduced some common flags by making assumptions and setting some defaults.
• Extended zone root directory to include support for ZFS filesystem and customized ZFS options in the zone root directory.
• Configure via input configuration file
• Depricated -N for adding nfs mounts and moved nfs mounts to -r and -w
• Expanded -r and -w filesystem support to include: zfs (fs, zvol, and dataset), ufs, pcfs, hsfs, nfs, and smb/cifs
• Unified variable syntax

Version 1.8.1

• Fixed NM2CIDR and CIDR2NM conversion inconstency AND simplified conversion method. (Thanks James Carlson!)
• Basic hardening mode doesnt' work with lock or unlock for hardening_args.
• Hardening compatibility with v1.7 is incomplete.
• Made successful completion message more meaningful.

Version 1.8

• Updated support for GA version BrandZ
• Eliminated duplication of code between add and modify actions
• Added limiting privleges. See man privileges(5).
• Made hardening feature backward compatible with v1.7 by using
     basic mode when lock, unlock, enable, or disable are used for
     the hardening mode.
• Added ability to set the root users home directory and
     root shell via modify action.
• Added ability to add CSW packages via modify action.
• Removed minimize action and moved that functionality to
     the modify action.
• Removed lock/unlock/enable/disable actions and moved that
     functionality into the modify action.
• Fixed bug with minimization and updated assocciated help.
• Fixed bug with file/directory/link copies
• Fixed bug when specifying multiple interfaces.
• Fixed bug with recursive copy using : instead of | for delimiter.
• Switched to GPL v2 from CDDL
• Replaced all references to /tmp with a variable for a user
     specified temporary directory.  The default value is /.zonemgr.
• Added support for a zone to use an existing filesystem. e.g
     Don't error out if the directory/filesystem already exists.
• Added ability modify existing zone configuration
• Fixed bug with root home directory not getting set with proper
     permissions.
• Added ability to display zone info
• Enabled several modes of service hardening including Secure by
     by Default, JASS, SMF Site Profile, and Basic.
• Incorporated Secure By Default (SBD) into hardening modes.
      http://www.opensolaris.org/os/community/security/projects/sbd/
       service_profile = [limited|open]
       To enable a service once netservices is enabled, you will need
       to both enable the service and may have to make it accessible
       remotely via the following commands:
          svcadm enable <service>
          svccfg -s <service> setprop config/local_only = false
• Incorporated JASS into hardening modes.
• Incorporated SMF Site Profile into hardening modes.
• Added support for moving a zone to a new directory
• Add support for zone cloning feature.
      http://onesearch.sun.com/search/blog/index.jsp?qt=zones+clone
• Add detach and attach for moving a zone from one server to another
• Added support to set the root users shell
• Quit setting root PermitRootLogin in ssh sshd_config.  The code is
     still there but it isn't enabled by default anymore.
• Implemented info level error message that won't exit on error.
• Added support for one or more ZFS partitions via type=zfs
      http://onesearch.sun.com/search/blog/index.jsp?qt=zones+zfs
         zpool create -m <mount_point> <zpool> <device>
         zfs set quota=<size>M <zpool>

Version 1.7

• Adopted and incorporated CDDL license via -l flag.
• Added zone cloning.
• Improved usage by making output more man like and piping to less.
• Added Blastwave pkg-get support to automate installing any blastwave
  package into a new non-global zone. * Added BrandZ support http://www.opensolaris.org/os/community/brandz Currently supports the lx brand. The -t, -M, -r, -w, -d, -D, and -s are not supported with the brand option. * Added the ability to add a zone with no networking. * Prevent a user from creating a zone when the zone directory that already exists. * Fixed bug where zonepath ends with a / * Added support for multiple IP addresses on independent network interfaces and independent network mask per IP address and host name * Added the ability to specify your own minimization package list file * Added the ability to specify services file via "-f <file>" flag * Added the ability to specify input password file for clear text or encrypted passwords * Removed the -i <interface> flag since it has been obsoleted by the new "-I <ip address>:<interface>:<netmask>:<host name>" method of specifying the network interface. Now the non-global host name will be the host name specified or derived from the first IP address. If no host name is specified or derived, the zone name will be used. * Removed the -H flag since it has been obsolated by the new -I spec * Moved recursive file copy to before command execution so that the command to be executed can be something that was copied into place. * Added hosts file updating for global and new non-global zones * Added the ability to specify multiple commands to run. * Added the ability to setup one or more NFS mounts in /etc/vfstab of the non-global zone. * Fixed bug with -X "<cmd>". * Fixed bug where domain was not getting set in /etc/defaultdomain * Added the ability to specify a destination directory for the file or directory being copied by the -C <file/dir> command. * Added ability to specify a zone root directory * Fixed Bug where TZ doesn't get set * Updated NFSv4 config in sysidcfg for Solaris 06/06 * Fixed Bug with input parameters for optional file parameters * Added the runcmd action that enables you to run one or more commands in all specified zones from the global zone. * Synchronized the delimiter to be the pipe symbol (|) instead of a mix of the pipe and colon.