Solaris 10 Container Guide
Table of contents
III
Network limitation IPQoS
Duplicating zones with zoneadm detach/attach and zfs clone
Disclaimer
VII
Introduction
Solaris Containers and Solaris Zones
Overview
Ug Characteristics of Solaris 10 Zones
Zones and software installation
Zones and security
Zones and privileges
Processor sets in a resource pool
Zones and resource management
CPU resources
Fair share scheduler in a resource pool
Network resource management IPQoS = IP Quality of Service
Memory resource management
User interfaces for zones
Zones and high availability
Branded zones Linux and Solaris 8/Solaris 9 compatibility
Solaris container cluster aka zone cluster
Virtualization technologies compared
App Server
Domains/physical partitions
Logical partitions
Dd Logical partitions
Containers Solaris zones in an OS
Dd Container Solaris zones in an OS
Consolidation in one computer
Dd Consolidation in one computer
Summary of virtualization technologies
App
Physical Logical Resource Virtualisation Management
Requirement
Solution
Grid computing with isolation
Assessment
Global Zone System
Small web servers
Multi-network consolidation
Dd Use case Multi-network consolidation
Multi-network monitoring
Dd Use case Multi-network monitoring
Multi-network backup
Dd Use case Multi-network backup
Consolidation development/test/integration/production
Consolidation of test systems
Dd Use case Consolidation of test systems
Training systems
Requirements
Server consolidation
Dd Use case Server consolidation
Confidentiality of data and processes
Dd Use case Confidentiality of data and processes
Test systems for developers
Dd Use case Developer test systems
Solaris 8 and Solaris 9 containers for development
Solaris 8 and Solaris 9 containers as revision systems
Hosting for several companies on one computer
Dd Use case Hosting for different companies on one computer
SAP portals in Solaris containers
Da Use case SAP portals in Solaris containers
Upgrade- and Patch-management in a virtual environment
Da Live upgrade
Flying zones Service-oriented Solaris server infrastructure
DC1 DC2
Solaris Container Cluster aka zone cluster
− /lib − /platform − /sbin − /usr
Concepts
Sparse-root zones
Whole-root zones
Comparison between sparse-root zones and whole-root zones
Whole-root Var Usr
Platform ~3.6 GB Software in zones
Software installations in Solaris and zones
Software installation by the global zone usage in all zones
Installation by the local zone usage in the local zone
Data storage
Program/application storage
Root disk layout
Opt/staroffice
ZFS within a zone
Options for using ZFS in local zones
Volume manager in local zones
NFS and local zones
Shared IP instance and routing between zones
Network concepts Introduction into networks and zones
Network address management for zones
Ndd -set /dev/ip iprestrictinterzoneloopback
Interface = InterfacenameInstance + VLAN-ID
Exclusive IP instance
Plumb, snoop1M, dhcp5 or ipfilter5 is possible
Firewalls between zones IP filter
Zones and limitations in the network
Ipmp
Static configuration of devices
Dynamic configuration of devices
Hosts database
Separate name services in zones
Services
Projects
Paradigms
Applications in local zones only
One application per zone
Clustered containers
Client
Solaris Container Cluster
Configuration and administration
Automatic configuration of zones by script
Automated provisioning of services
Installation and administration of a branded zone
Patching with live upgrade
Lifecycle management
Patching a system with local zones
Patching with upgrade server
Patching with zoneadm attach -u
Moving zones between architectures sun4u/sun4v
Backup and recovery of zones
∙ create /zones/zone1
Management and monitoring
Backup of zones with ZFS
Using boot arguments in zones
Migration of a zone to another system
Extended accounting with zones
Consolidating log information of zones
Monitoring zone workload
Auditing operations in the zone
DTrace of processes within a zone
Global# dtrace -n iostart@zonename = count
Capping of CPU time for a zone
Resource management
Types of resource management
General resource pools
Fair share scheduler in a zone
Lightweight processes LWP
Fair share scheduler FSS
Projects, projadd, projmod, projdel
Assessing memory requirements for global and local zones
Limiting memory resources
Rcapstat
Limiting virtual memory
IPC limits Semaphore, shared memory, message queues
Limiting locked memory
Network limitation IPQoS
Privileges and resource management
Solaris container navigator
Dd Planning a Solaris container
Dd Self-qualification of an application in a container
4zonecfgbrand=native
Installation and configuration
Configuration files
Dd File /etc/zones/index
Special commands for zones
Command Description
Command Description
Var/crash
Swap
Var
Metadb
Configuring a sparse root zone required Actions
Configuring a whole root zone required Actions
Zone installation
Zone initialization with sysidcfg
Uninstalling a zone
Optional settings
Starting zones automatically
Changing the set of privileges of a zone
Using a device in a local zone
Storage within a zone
Local zone mounts a UFS file system from a device
Zone1# ls /dev/dsk C1d0s0
Using a DVD drive in the local zone
User level NFS server in a local zone
Version 3.1-enSolaris 10 Container Guide 3.1 5. Cookbooks
Tank 30.2M 10G 18K None Tank/zone1 16.3M 983M Mnt
Several zones share a file system
ZFS in a zone
User attributes for ZFS within a zone
With zonecfg -z zone export -f file of an existing zone
Configuring a zone by command file or template
Automatic quick installation of zones
− zonecfg -z zone -f file
Accelerated automatic creation of zones on a ZFS file system
Zones hardening
Network
Change network configuration for shared IP instances
Set default router for shared IP instance
Network interfaces for exclusive IP instances
IP filter between shared IP zones on a system
Set interceptloopback
Global and local zone with shared network
IP filter between exclusive IP zones on a system
Zones, networks and routing
Implementation
NetworkNetwork
Zone 1 /etc/hostname.bge1 Zone 2 /etc/hostname.bge2
Zoneadm -z zone1 ready Zoneadm -z zone2 ready
Zones in separate networks using the shared IP instance
Ifconfig bge1 plumb down
Set defrouter=192.168.202.2
Zones in separate networks using exclusive IP instances
Zonecfg set ip-type=exclusive
Zone 1 /etc/hostname.bge1
Zone2 192.168.202.1 are now active
192.168.101.201
Zone 1 /etc/hostname.bge1
Zone1 192.168.201.1,192.168.200.1 and zone2192.168.202.1
Zoneadm -z zone1 boot, zoneadm -z zone2 boot
Zone 1 /etc/hostname.bge3 /etc/defaultrouter
Load Balancer
Booting a zone
Boot arguments in zones
Root password for system maintenance control-d to bypass
Software installation per mount
Software installation with provisioning system
Zone migration among systems
∙ Detach the zone with zoneadm -z zone detach
Global Running Native Shared Test Export/home/zone/test
Zone migration within a system
Global# zoneadm List -vc
Global# zoneadm -z test halt
Global Running Native Shared Test Installed Container/test
Duplicating zones with zoneadm clone
ID Name Status Path Brand
100
Duplicating zones with zoneadm detach/attach and zfs clone
101
Moving a zone between a sun4u and a sun4v system
102
103
Lucreate -c s10-807 -n s10-807+1 -m //dev/dsk/c1t0d0s4ufs
Using live upgrade to patch a system with local zones
Shutting down a zone
Lumount s10-807+1
Reboot Luactivate s10-807+1 init
105
Zone accounting
DTrace in a local zone
Zone1# dtrace -l tail +2 zone1#
Zone audit
Limiting the CPU usage of a zone CPU capping
Limiting the /tmp-size within a zone
Swap Tmp Tmpfs Yes Size=250m
Resource pools with processor sets
108
Dynamic resource pools for zones
Global # svcs dynamic
109
Rcapadm -z zone1 -m 40m
Limiting the physical main memory consumption of a project
Implementing memory resource management for zones
110
Global # prctl -i zone zone1 Zone 22 zone1
Zone.max-swap Privileged 180MB Deny System 16.0EB Max
111
Ipkg-Branded zones
Solaris Container in OpenSolaris
OpenSolaris general
112
Cookbook Configuring an ipkg zone
Cookbook Installing an ipkg zone
113
References
114
