Zones are a feature new in Solaris 10, and provide a useful mechanism to create a Solaris environment for testing, and containment (Apache server, etc.). No additional hardware is required for a zone, just some disk space. The impact of a zone on machine performance is minimal. as all zones use the same kernel (not true any more - see the example for installing a Linux zone to run acroread here), so some additional memory for extra processes is all that's required.
Resource allocation to a zone can be closely controlled, and this includes processor shares, resource pools and resource capping with rcapd.
Since update 4 of Solaris 10 (August 2007) dedicated network interfaces can be assigned to a zone; prior to this they have to be shared with the global zone.
# mkdir -p /Zones/ApacheNow create the zone using zonecfg# zonecfg -z apacheapache: No such zone configuredUse 'create' to begin configuring a new zone
zonecfg:apache> create
zonecfg:apache> set zonepath=/Zones/Apache
zonecfg:apache> add net
zonecfg:apache:net> set address=192.168.200.117
zonecfg:apache:net> set physical=hme0
zonecfg:apache:net> end
zonecfg:apache> set autoboot=true
(The above information is sufficient to configure a basic zone, with most software shared from the global zone.
Other options could have been used, for example to inherit parts of the Global zone's file system, mount directories (e.g. /software) from the Global zone, restrict the zone's resources (e.g. CPU, memory))
zonecfg:apache> info
zonepath: /Zones/Apache
autoboot: true
pool:
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
net:
address: 192.168.200.117
physical: hme0
zonecfg:apache> verify zonecfg:apache> commit
zonecfg:apache> exit
(Note that a full copy of Solaris can be installed, rather than sharing directories, by using the -b flag to the create option within zonecfg.)
Now we use zoneadm to install the zone:-
# zoneadm -z apache install/Zones/Apache must not be group readable./Zones/Apache must not be group executable.
/Zones/Apache must not be world readable.
/Zones/Apache must not be world executable.
could not verify zonepath /Zones/Apache because of the above errors.
zoneadm: zone apache failed to verify
Permissions problem - rectified as follows:-
# ls -ld /Zones/Apachedrwxr-xr-x 2 root root 512 Jul 5 07:08 /Zones/Apache# chmod 700 /Zones/ApacheAbove sets correct permissions; now we can try again:-# zoneadm -z apache installPreparing to install zone Creating list of files to copy from the global zone.
Copying <2574> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <914> packages on the zone.
Initializing package <535> of <914>: percent complete: 58%
(The install takes about 10-15 minutes.)
While this is going on, open another shell window, and have a look under /Zones/Apache:-
# cd /Zones/Apache# lsroot# ls rootbin etc home mnt platform sbin tmp vardev export lib opt proc system usr
Meanwhile, back at the zone:-
Initialized <914> packages on zone.
Zone
Installation of these packages generated warnings:
The file contains a log of the zone installation.
The zone is now installed, and we can boot it:-
# zoneadm -z apache bootNow login to the zone:- (-C option says we wish to login at the Console device):-
# zlogin -C apache[Connected to zone 'apache' console]You may now have to wait a while to get a response.
95/117
- After the above counter finishes (which is showing SMF manifest imports during initial boot), we have to go through some setup procedures:-
0. English
1. fr
Please make a choice (0 - 1), or press h or ? for help: 0
- This continues:-
0. English (C - 7-bit ASCII)
1. Belgium-Flemish (ISO8859-1)
2. Belgium-Flemish (ISO8859-15 - Euro)
3. Great Britain (ISO8859-1)
4. Great Britain (ISO8859-15 - Euro)
5. Ireland (ISO8859-1)
6. Ireland (ISO8859-15 - Euro)
7. Netherlands (ISO8859-1)
8. Netherlands (ISO8859-15 - Euro)
9. Go Back to Previous Screen
Please make a choice (0 - 9), or press h or ? for help: 0
- Then:-
1) ANSI Standard CRT
etc.etc.
10) Televideo 925
11) Wyse Model 50
12) X Terminal Emulator (xterms)
13) CDE Terminal Emulator (dtterm)
14) Other
Type the number of your choice and press Return: 13
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair
- You are now asked some questions as though you were performing a boot after a sys-unconfig(1M), and when all information has been entered:-
System identification is completed.
One more question:-
This system is configured with NFS version 4, which uses a domain
name that is automatically derived from the system's name services.
The derived domain name is sufficient for most configurations. In a
few cases, mounts that cross different domains might cause files to
be owned by "nobody" due to the lack of a common domain name.
Do you need to override the system's default NFS version 4 domain name (yes/no) ? [no] : no
rebooting system due to change(s) in /etc/default/init
[NOTICE: Zone rebooting]
SunOS Release 5.10 Version Generic 64-bit
Copyright 1983-2005 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
Hostname: apache
apache console login: root
Password:
Jul 5 07:54:31 apache login: ROOT LOGIN /dev/console
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
#
We have now created the zone, installed it, rebooted and logged in.
Use the usual commands to check things out (df, ifconfig, uname, etc).
Tips: (But make sure your site security allows this)
1. Edit /etc/default/login and comment out the "CONSOLE=/dev/console" line to permit remote root logins. (password needed of course..)
2. Edit /etc/ssh/sshd_config and set PermitRootLogin=yes if you want to login as root via ssh. Restart sshd with "svcadm restart ssh"
3. Current zone implementation allows graphical login as the zone runs "dtlogin -daemon" by default.
No comments:
Post a Comment