Instruction/ maintenance manual of the product 10 Sun Microsystems
Go to page of 121
Functio nalit ies Use Cases Best Practices Cookbooks Solari s 10 Container Guide - Funct iona lity status up t o Sola ris 10 10/ 09 and OpenS ola ris 20 09.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 Effect ive: 3 0/11 /200 9 Table of conten ts Disclaimer ................................................................................................................................. ... ... .... .
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 Effect ive: 3 0/11 /200 9 4.1.5 .1. Soft ware install ati on by the glob al zone – usage in all zones ............ ....................... ...................... ..............36 4.1.5 .2. Soft ware install ati on by the glob al zone – us age in a loc al zone .
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 Effect ive: 3 0/11 /200 9 4.5. Management and monitoring .................................................................................................... ... .... .55 4.5.1. Using boot arguments in zones .
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 Effect ive: 3 0/11 /200 9 5.2. Network .......................................................................................................................... .... ... ... .... ... .81 5.2.1. Change network configuration for shared IP instan ces .
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 Disclai mer Effect ive: 3 0/11 /200 9 Disclaime r Sun Microsyst ems GmbH does not offe r any guarantee regarding the completeness and accuracy of the information and examples contained in this document.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 Disclai mer Effect ive: 3 0/11 /200 9 Versio n Conten ts Who Drawin gs 1 - 6 a s an imag e Detle f Drew anz 1.2 06/1 1/20 06 Gene ral chapt er v irtualiz ation Addi tio nal netw ork exa mples Detle f Drew anz, Ul rich Grä f 1.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 1. Intro ducti on Effect ive: 3 0/11 /200 9 1. In troductio n [dd/ug] This guide is a bout Solaris Containers, how th ey work and h ow to use them. Although the original guide was developed in german [ 25 ], starting with version 3.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 2. Funct ional ity Eff ective: 30/ 11/ 2009 2. F unctiona lity 2.1. Solaris Cont ainers and Solaris Zones 2.1.1. Overview [ug] Solaris Zones is the term for a virtuali zed execution enviro nment – a virtualization at the operating system level (in contrast to HW virtualization).
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 2. Funct ional ity Eff ective: 30/ 11/ 2009 Thus, a local zone is a Solaris environment t hat is separated fro m o ther zones and can be used indepen dently.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 2. Funct ional ity Eff ective: 30/ 11/ 2009 2.1.2. Zones and softwa re instal latio n [dd] The respective requirements on local zones determine the manner in which sof tware is installed in zones. There are two ways of supplyi ng sof tware in zones: 1.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 2. Funct ional ity Eff ective: 30/ 11/ 2009 2.1.5. Zones and resource ma nagement [ug] In S olaris 9 , resource management was introduced on the basis of projects, tasks and resource pools. In Solaris 10, resource management can be applie d to zones as well.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 2. Funct ional ity Eff ective: 30/ 11/ 2009 2.1.5.2. Memory resource management [ug] I n Solaris 10 (in an update of Solaris 9 as well), main memo ry consumption can be limited at the level of zones, projects and processes.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 2. Funct ional ity Eff ective: 30/ 11/ 2009 2.1.7. Zones and hig h availabi lity [tf/d u/hs] In the presence o f all RAS capabilities, a zone has only the availabil ity of a computer and it decreases with the number of components of the machine (MTBF).
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 2. Funct ional ity Eff ective: 30/ 11/ 2009 2.1.9. Solaris contai ner c luster (aka "zone cluster") [hs] In autumn 2008, within the scope o f the O pen HA Cluster Project, zone clusters were announc ed.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 2. Funct ional ity Eff ective: 30/ 11/ 2009 2.2. Virtualiza tion tech nolo gies compare d [ug] Conve ntional data center technologies inclu de • A.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 2. Funct ional ity Eff ective: 30/ 11/ 2009 2.2.1. Domains/p hysica l parti tions [ug] A computer can be partitioned by configuration into sub-computers (domain, partition). Domains are almost completely physically separated since e lectrical connections are t urned o ff.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 2. Funct ional ity Eff ective: 30/ 11/ 2009 2.2.2. Logic al partitio ns [ug] A minimal operating system called the hypervisor, that virtualizes the interface between the hardware and the O S of a computer, runs on the compute r's hardware.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 2. Funct ional ity Eff ective: 30/ 11/ 2009 2.2.3. Containe rs (Sola ris zones) in an OS [ug] In an operating system installation, execution environments for a pplic ations and services are created that a re independ ent of each other.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 2. Funct ional ity Eff ective: 30/ 11/ 2009 2.2.4. Consol idati on i n o ne com puter [ug] The applications are installed on a computer and used under different userid. This is the type of consolid ation feasible with modern operating systems.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 2. Funct ional ity Eff ective: 30/ 11/ 2009 2.2.5. Summary of virtual izatio n technol ogie s [ug] The virtualization technologies discussed above can be summarized in the following table – compared to installation on a separate computer.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 2. Funct ional ity Eff ective: 30/ 11/ 2009 15 Figur e 6 : [dd] Com pari son of vi rtuali zat ion techno logi es HW OS App Lo gical virtuali sation .
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3. Use Cases The following chapter discusses a variety of use cases for Solaris Containers and evaluates the m.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.2. Small web servers Requirement [ug] One of the following situations exists: • An In ternet Service Provider (ISP) would l ike to have the option to set u p web servers automatically, without additional costs.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.3. Mu lti- network consoli datio n Requirement [dd] A company uses several d ifferent networks t hat are separated either by firewalls or by routers. Applications are run in the individual networks.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.4. Mu lti- network monitoring Requirement [dd] A company has several diff erent networks that are separated into se veral levels either by firewalls or by routers.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.5. Mu lti- network backup Requirement [dd] A company has several different networks that are sepa rated in different stages either by firewalls or by routers.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.6. Con solidat ion dev elopmen t/test /inte gratio n/pro ducti on Requirement [ug] Usually, further systems.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.7. Con solidat ion of test systems Requirement [ug] To test software and applicati ons, there are many test systems in the data center environment that are only ever used fo r test s.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.8. Train ing systems Requirements [ug] In tra ining dep artments, computers that a re provided for trai ning participants (including pupils/students) must frequently be reset.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.9. Server conso lidati on Requirement [ug] In a data center, several applications run whose workload is t oo low (of ten much less than 50%). The computers themselves usually require a lot of electricity, cooling and space.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.10. Confide ntial ity of data and processes Requirement [ug] In the da ta center, appli cations are running on different computers because • Certain d epartments want to be certain that d ata a nd pr ocesses are not seen by other departments.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.11. Test systems f or develo pers Requirement [ug] Developers need test systems to te st their a pplic ation. Frequently, the interaction of several computers must be teste d as well.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.12. Solaris 8 a nd Solaris 9 cont ainers for dev elopment Requirement [ug] There are st ill system s runnin.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.13. Solaris 8 a nd Solaris 9 cont ainers as revision sy stems Requirement [ug] For legal reasons o r due to revision requests, it is necessary to have certain systems available for years under Solaris 8 or Solaris 9 .
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.14. Hosting f or several comp anies on one computer Requirement [ug] An application service p rovid er operates systems f or a variety of companies. The syste ms are underutili zed.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.15. SAP portals i n Solaris c ontain ers Requirement [da] The operation of SA P syste m environments is becoming more complex.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.16. Upgrade- and Patch- managemen t in a virtual enviro nment Requirement [da] Virtualization by means of Solaris Containers allows the application to be disengage d from the hardware.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.17. "Flying zo nes" – Service-oriented Solaris server infrastructur e Requirement [os] A highly.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 3. Use Cases Effect ive: 3 0/11 /200 9 3.18. Solaris Con tainer Cluster (aka "zon e clus ter") Requirement [hs] • In a virtualized environment based on Solaris containers, the administrator of a zo ne should also be able to administer t he cluster part of the application in the zone.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4. Best P ractices The f ollow ing chapter describes concepts for the implementation of architectures with Solaris containers.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.1.3. Comparison between sparse-root zones and whol e-r oot zones [dd] From the considerations listed above, a comparison can be drawn between sparse-root zones and whole-ro ot zones.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.1.5. Software installa tions in Solaris and zones [dd] Th e zones' directory structure is determined main ly from t he need to install soft ware with special needs in this area.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.1.5.3. Software instal lation by the gl obal zon e – usage in the gl obal zone • non-pkg software − Software A is installed by the global zone e .g.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.1.6. Storage concepts 4.1.6.1. Storage for the ro ot file system of the local zones [ug] It is usually sufficient fo r several zones to share a file sys tem.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.1.6.4. Root disk layout [dd] Depending on availabi lity requireme nts, root disks within a system are mirrored via internal disks or made avail able through a variet y of controllers and e xternal sto rage devices.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.1.6.6. Opti ons for using ZFS in loca l zo nes [hes] Dependi ng on the manner of configuration of ZF S in zones, t here are different application options for ZFS in zones.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.1.7. Network concepts 4.1.7.1. Intro ducti on i nto networ ks and zones [dd] A network address is not mandatory when configuring a zone. However, services within a zone can only be reached from th e outside through the network.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.1.7.4. Exclusive IP instanc e [dd] With exclusive IP instances, an almost complete separation of t he network stacks between zones is achieved (from Solaris 10 8/07).
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.1.7.6. Zones an d lim itatio ns in the ne twork [dd] Zones have different limitations related to network configurations. The following table shows the differences separated by zone type and IP instance type .
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.1.8. Additi onal de vices in zones 4.1.8.1. Confi gurati on of devices [ug] In principle, a local zone uses no p hysical devices. To use n etwork interfaces exclusively in one zone, the zone has to be configured a s an exclusive IP zone ( 4.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.1.9. Separate name s ervices in zones [ug] Name services include among other things the hosts database and the userids ( passwd , shadow ) and are configured with the f ile /etc/nsswitch.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.2. Paradigms Paradigms are design rules for the construction of zones. Depending on the application, a d ecisi on must be made which one of them should be applied.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.2.3. One appli cation per zone [ug] Another paradigm is to a lways install one applicat ion per zone.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 administrator. With the software p roducts described here, t he requir ements with respect to visualiz ation and f lexibil ization of containers right up to disaster recovery concepts can be covered completely.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.2.5. Solaris Contai ner Cluster [hs] One of the essential properties of containers is the possibil ity to delegate ad min istrative t asks to the administrator or the user of one or more containers.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.3. Con figurati on and administrat ion 4.3.1. Manual con figurat ion o f zo nes w ith zonecf g [ug] The command zonecfg is used t o configure a zone; see the example in the Cookbook.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 As a g ener al rule, so me guidelin es are specified locally, for example: • Which file syst ems are to be inherited from the global zone ( in herit- pkg-dir ).
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.4. Life cycle management 4.4.1. Patching a system with l ocal zones [dd/ug] In a Solaris system with native zones, the local zones always have the sa me patch status as in the global zone.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.4.3. Patching with up grade server [ug] A zone is tran sported from t he production computer to a so-called upgrade server ( zoneadm detach and zoneadm attach ) tha t has the same version as the production server.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.4.6. Re-installa tion a nd service prov ision ing instead of patchin g [dd] Pa tching o f zones can force zones into single user mode, when system patches are applied.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.4.8. Backup of zo nes w ith ZFS [ug] Starting with Solaris 10 10/08, zones o n ZFS are of ficially supported. This considerably simplifies the backup of zones.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.5.2. Consol idati ng l og inform ation o f zone s [dd] The u se o f zones as a runtime environment for services leads t o an increase in the number of operating system environments that are part of a n architecture.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.5.6. DTrace of processes with in a zone [dd/ug] DTrace can be u sed to examine processes in zones. To do so, DTrace scripts can be extended by the va riab le zonename in order to e.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.6. Reso urce managem ent 4.6.1. Types of resource management [dd] There are 3 differen t types of resource management in all: • Fair re sources: Here, all resources are distributed fairly a mong all requesters and according to the defined rules.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.6.2.3. Fair share schedul er (FSS ) [ug] When multiple zones are running in one resource pool, then the distribution of CPU time among these zones is configurable.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.6.3. Limiti ng memory resources [ug] Memory usage by zone s is calculated almost exactly (since Solaris 10 8/07). This is done in the followi ng way: Fir st, the set of all memory segments of t he processes in the zone is determined.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.6.3.4. Limit ing locked memory [ug] Real time programs and databases can establish the locking of virtual memory pages in the main memory. To do so, the programs require th e privilege ( proc_lock_memory ) which must be configured for the zone.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 4.7. Solaris contain er navi gator [dd] The following segment n avi gates through the considerations required p rior t o the applicati on o f Solaris containers.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 63 Figur e 2 9: [dd] Self -qual ificat ion of an applic atio n i n a contai ner A-3: Self-qualification .
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 4. Best Pr actices Eff ective: 30/ 11/ 2009 64 Figur e 3 0: [dd] Determ ini ng the confi gurat ion of a co ntain er B: Determini ng the c onfigurat .
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5. Coo kbooks The Cookbooks chapter demonstrates the impl ementation of conceptional Best P ractices with concrete examples. 5.1. Ins tallatio n and config uratio n 5.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.1.2. Special commands for zones [dd/ug] The creation and usage of zones in Solaris 10 is done by the follo.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 The following commands allow information t o be displayed dependi ng on the zones: Command Descriptio n df(1.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.1.3. Root disk layout [dd] The f ollow ing t able gives an e xample for a root disk layout of a syste m with a local zone.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.1.4. Config urin g a s parse root zone: required Actions [dd] To change a sparse root zone into a whole root zone it is necessary t o re-install t he zone a fter change of the configuration.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.1.5. Config urin g a wh ole root zone : required Actions [dd] Whole root zones do not contain inherit-pkg-dir and are generated with zonecfg create from the default file /etc/zone/SUNWdefault.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.1.6. Zone instal latio n [dd] Be fore using a zone for th e first time it must be installed according to your configuration. The installation t ime varies dependi ng on whether a sparse-root zone or a whole-root zone is installed.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.1.8. Unins talling a zone [dd] Installed zones are uninstalled by zoneadm -z <zone> uninstall .
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.1.10. Configu ration and instal lation of a Solari s 8/Sola ris 9 container [ug] Solaris 8 containers and Solaris 9 containers can be created using 4 simple steps.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.1.12. Storage withi n a zone [dd] Storage can be used in different ways in local zones.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.1.12.3. The glo bal zone mou nts a file system when the local zone is booted [dd] File systems can be provided to a local zone by the glob al zone not o nly as loopback filesystems.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.1.12.5. User level NFS server in a loca l zone [ug] The native NFS in the Solaris kernel can currently not be used as a server within a local zone.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 For dynamic configuration, t he device's majo r and minor numb er must b e determined. Th is information can be obtained with the ls command in the global zone .
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.1.12.8. Several zones share a fi le syste m [dd] The zone model makes it ve ry easy fo r several zones to share a writable file syst em.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.1.13. Configu ring a zone by command fi le or template [dd] Zones can be configured by using command files f or zonecfg or by the use of templates. This allows quick and automatic configuration of many zones avoiding errors.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.1.15. Accelerat ed automatic creation of zone s on a ZF S file system [bf/ug] If a zone is configured on a ZF S file system, it can be duplicated very quickly by u sing Z FS snapshots.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.2. Network 5.2.1. Change netwo rk co nfigur ation for shared IP instances [dd] For an already configured zone with a shared IP instance, it may be necessary to change the physical interface or t he network address.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.2.4. Change netwo rk co nfigur ation from shared IP instance to exclusive IP insta nce [dd] Zones that are a lready configured are ru n with sha red IP instances up to Solaris 10 11/06.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.2.6. IP filter be tween exclusive IP zone s on a system [dd] The usual configuration rules for IP filters must be followe d for the use of IP filters in exclusive IP zones.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.2.7.2. Zones i n se parate network segments usi ng the shared IP instance [dd/ug] Two local zones, zone1 and zone2, are located in sepa rated network segments and provide services for these network segments.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.2.7.3. Zones i n se parate network segments usi ng exclusiv e IP instances [dd/ug] Two local zones, zone1 and zone2, are located in sepa rated network segments and provide services for these network segments.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.2.7.4. Zones i n se parate networks using the shared IP instance [dd/ug] Two local zones, zone1 and zone2, are located in separated networks and provide services for other networks.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.2.7.5. Zones i n se parate networks using exclusi ve IP insta nces [dd] Two local zones, zone1 and zone2, are located in separated networks and provide services for other networks.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.2.7.6. Zones co nnected to inde pendent customer netw orks usi ng the shared IP instance [dd/ug] Two local zones, zone1 and zone2, are located in separated networks and provide services for a va riety of customers in their own networks.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 89 Figur e 36: [dd] Zones connec ted to i ndepe nde nt custom er networ ks using the share d I P instan ce bge0 - 192.168.1.1 bge1 - 0.0.0. 0 bge2 - 0.0.0. 0 reject route 192.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.2.7.7. Zones co nnected to inde pendent customer netw orks usi ng exclusi ve IP instance s [dd/ug] Two local zones, zone1 and zone2, are located in separated networks and provide services for a va riety of customers in their own networks.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.2.7.8. Connect ion o f zo nes v ia external route rs usin g the shared IP instanc e [dd/ug] A web server in zone1 is contacted from the internet and needs the applicati on server in zone2 to fulfill t he orders.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 • In order to avoid communication between the local zones through the shared TCP /IP stack, reject routes must be set in th e global zone that prevent communication between the IP addresses of the two zones (or the use of ipfilter).
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.2.7.9. Connect ion o f zo nes thr ough an external load bala ncing router usi ng exclusive IP instances [dd/ug] A web server in zone1 is contacted from the internet and needs the applicati on server in zone2 to fulfill t he orders.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 94 bge0 - 192.168.1.1 ip t ype: s hared Global Zone bge3 - 192.168.201.1 bge1 - 192.168.200.1 Def router - 192.168.200.2 ip ty pe: ex clus ive Zone 1 192.168.1.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.3. Life cycle management 5.3.1. Bootin g a zone [dd] zoneadm -z <zone> boot st arts up a zone, mounts the file systems , initializes th e network interface s, sets the resource controls and star ts the service manager of the zone.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 Alternatively, se t the b oot arguments permanently in a zone configuration: global# zonecfg -z keetonga zon.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.3.4. Software installa tion w ith prov isioni ng system [ug] The N1 SPS software can provision software in zones as well. The requirements are: • A writable directly where the software can be installed.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.3.6. Zone migrati on wi thin a system [ug] Let us assume that a zone named " test" is to be moved to another directory. Currently, this zone is located on /export /home/zone/test (zonepath).
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.3.7. Duplic ating zones with zone adm c lone [ug] Zone installation can b e accelerated with zoneadm ... clone . In t his example, a zone named test is already configured and installe d.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 Now, zone test1 is configured in exactly the same way as zone test but has its own zonepath .
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.3.8. Duplic ating zones with zone adm de tach/attach and zfs c lone [ug] First , the zone " test" is moved to its own ZFS file system. The file syste m must only be available from root otherwise an error message will appear.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.3.9. Moving a zone betwee n a sun4u and a su n4v system [ug] Currently, two architectures with SPARC- processors a re available from Sun Microsystems that are both supported by Solaris 10.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 Next, the zone is to be transported to a sun4v system named bashful . To do so, the contents and the configuration are saved: root@tiger [23] # cd /zone root@tiger [23] # tar cEvf u0.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.3.10. Shutti ng dow n a zone [dd] Zones can be shut down fro m the local zone itself o r fro m the global zone. Depending on which option is used, running services a re either completed or simply stopped.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 The BE is now available e.g. under /.alt.s10- 807+1. Next, the boot archive of this BE is updated and the BE is unmounted again. bootadm update-archive -R /.alt.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.4. Man agement and monit oring 5.4.1. DTrace in a local zo ne [dd] Since Solaris 10 11/06, DTrace can be applied within local zones to processes of this zone.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.5. Reso urce managem ent 5.5.1. Limiti ng the /tmp- size w ithin a zone [dd] In many cases, /tmp is used as tmpfs in swap. This leads to the swap area being shared by all zones b y /tmp in each zone.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.5.4. Fair s hare scheduler [ug] The ratio of CPU usage between zones or projects can be set. This is impleme nted by he so-called fair share sch eduler . CPU shares are allocated as follows: • For zones, by using add rctl and the attribute zone.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 created with poolcfg and pooladm . 5.5.9. Dynamic resource pool s f or zones [dd] As already described in 4.6.2.5 Dynamic resource pools , dynamic resource p ools can very easily be used for zones since Solaris 10 8/07.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 5.5.10. Limitin g the physica l main memory co nsumpti on of a project [dd] To limit the physical main memory of a p roj ect, the resource capping daemon rcapd(1M) can be used.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 5. Cookboo ks Effect ive: 3 0/11 /200 9 Settings for swap (= virtual memory), locked memory and other resource controls of a zone can be queried at runtime with prctl -i zone <zone> . global # prctl -i zone zone1 zone: 22: zone1 NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT zone.
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 Sup plem ent Effective: 30/ 11/ 2009 Supp lemen t A. Solaris Containe r in OpenSolaris A.1. OpenS olari s – ge neral [dd] In 2005, Sun Microsyste ms starte d OpenSolaris as an OpenSource project in order to support and advance the developer community a round Solaris ( http:/ /www .
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 A. S olaris Conta iner i n Ope nSola ris Eff ective: 30/ 11/ 2009 A.1. Cookbo ok: Confi guri ng an ipkg zo ne The configuration of the zone is done as usual with zonecfg(1M) .
Version 3.1 -en S olaris 10 Contai ner Gui de - 3.1 B. R eferen ces Effe ctive: 30/1 1/20 09 B. Reference s [1] Jeff Vict or, "So laris C ontain ers T echnol ogy Archite cture Guide ", Sun B luepri nt, May 2006, http:/ /www .sun.com/blueprints/0506/819-6186.
An important point after buying a device Sun Microsystems 10 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Sun Microsystems 10 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Sun Microsystems 10 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Sun Microsystems 10 you will learn all the available features of the product, as well as information on its operation. The information that you get Sun Microsystems 10 will certainly help you make a decision on the purchase.
If you already are a holder of Sun Microsystems 10, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Sun Microsystems 10.
However, one of the most important roles played by the user manual is to help in solving problems with Sun Microsystems 10. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Sun Microsystems 10 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center