Solaris 10 Container Guide
Table of contents
III
Network limitation IPQoS
Duplicating zones with zoneadm detach/attach and zfs clone
Disclaimer
VII
Introduction
Overview
Solaris Containers and Solaris Zones
Ug Characteristics of Solaris 10 Zones
Zones and software installation
Zones and security
Zones and privileges
Fair share scheduler in a resource pool
Zones and resource management
CPU resources
Processor sets in a resource pool
Network resource management IPQoS = IP Quality of Service
Memory resource management
User interfaces for zones
Branded zones Linux and Solaris 8/Solaris 9 compatibility
Zones and high availability
Solaris container cluster aka zone cluster
Virtualization technologies compared
Domains/physical partitions
App Server
Dd Logical partitions
Logical partitions
Dd Container Solaris zones in an OS
Containers Solaris zones in an OS
Dd Consolidation in one computer
Consolidation in one computer
Summary of virtualization technologies
Physical Logical Resource Virtualisation Management
App
Assessment
Solution
Grid computing with isolation
Requirement
Small web servers
Global Zone System
Dd Use case Multi-network consolidation
Multi-network consolidation
Dd Use case Multi-network monitoring
Multi-network monitoring
Dd Use case Multi-network backup
Multi-network backup
Consolidation development/test/integration/production
Dd Use case Consolidation of test systems
Consolidation of test systems
Requirements
Training systems
Dd Use case Server consolidation
Server consolidation
Dd Use case Confidentiality of data and processes
Confidentiality of data and processes
Dd Use case Developer test systems
Test systems for developers
Solaris 8 and Solaris 9 containers for development
Solaris 8 and Solaris 9 containers as revision systems
Dd Use case Hosting for different companies on one computer
Hosting for several companies on one computer
Da Use case SAP portals in Solaris containers
SAP portals in Solaris containers
Da Live upgrade
Upgrade- and Patch-management in a virtual environment
DC1 DC2
Flying zones Service-oriented Solaris server infrastructure
Solaris Container Cluster aka zone cluster
Whole-root zones
Concepts
Sparse-root zones
− /lib − /platform − /sbin − /usr
Comparison between sparse-root zones and whole-root zones
Whole-root Var Usr
Platform ~3.6 GB Software in zones
Software installation by the global zone usage in all zones
Software installations in Solaris and zones
Installation by the local zone usage in the local zone
Program/application storage
Data storage
Root disk layout
Opt/staroffice
ZFS within a zone
Options for using ZFS in local zones
Volume manager in local zones
NFS and local zones
Ndd -set /dev/ip iprestrictinterzoneloopback
Network concepts Introduction into networks and zones
Network address management for zones
Shared IP instance and routing between zones
Firewalls between zones IP filter
Exclusive IP instance
Plumb, snoop1M, dhcp5 or ipfilter5 is possible
Interface = InterfacenameInstance + VLAN-ID
Ipmp
Zones and limitations in the network
Dynamic configuration of devices
Static configuration of devices
Projects
Separate name services in zones
Services
Hosts database
Applications in local zones only
Paradigms
Clustered containers
One application per zone
Client
Solaris Container Cluster
Configuration and administration
Automatic configuration of zones by script
Automated provisioning of services
Installation and administration of a branded zone
Patching with live upgrade
Lifecycle management
Patching a system with local zones
Patching with upgrade server
Patching with zoneadm attach -u
Moving zones between architectures sun4u/sun4v
∙ create /zones/zone1
Backup and recovery of zones
Migration of a zone to another system
Backup of zones with ZFS
Using boot arguments in zones
Management and monitoring
Auditing operations in the zone
Consolidating log information of zones
Monitoring zone workload
Extended accounting with zones
Global# dtrace -n iostart@zonename = count
DTrace of processes within a zone
General resource pools
Resource management
Types of resource management
Capping of CPU time for a zone
Projects, projadd, projmod, projdel
Lightweight processes LWP
Fair share scheduler FSS
Fair share scheduler in a zone
Limiting virtual memory
Limiting memory resources
Rcapstat
Assessing memory requirements for global and local zones
Privileges and resource management
Limiting locked memory
Network limitation IPQoS
IPC limits Semaphore, shared memory, message queues
Dd Planning a Solaris container
Solaris container navigator
Dd Self-qualification of an application in a container
4zonecfgbrand=native
Installation and configuration
Configuration files
Dd File /etc/zones/index
Command Description
Special commands for zones
Command Description
Metadb
Swap
Var
Var/crash
Configuring a sparse root zone required Actions
Configuring a whole root zone required Actions
Zone initialization with sysidcfg
Zone installation
Uninstalling a zone
Optional settings
Starting zones automatically
Changing the set of privileges of a zone
Storage within a zone
Using a device in a local zone
Zone1# ls /dev/dsk C1d0s0
Local zone mounts a UFS file system from a device
User level NFS server in a local zone
Using a DVD drive in the local zone
Version 3.1-enSolaris 10 Container Guide 3.1 5. Cookbooks
User attributes for ZFS within a zone
Several zones share a file system
ZFS in a zone
Tank 30.2M 10G 18K None Tank/zone1 16.3M 983M Mnt
− zonecfg -z zone -f file
Configuring a zone by command file or template
Automatic quick installation of zones
With zonecfg -z zone export -f file of an existing zone
Zones hardening
Accelerated automatic creation of zones on a ZFS file system
Network interfaces for exclusive IP instances
Change network configuration for shared IP instances
Set default router for shared IP instance
Network
Set interceptloopback
IP filter between shared IP zones on a system
Implementation
IP filter between exclusive IP zones on a system
Zones, networks and routing
Global and local zone with shared network
NetworkNetwork
Zone 1 /etc/hostname.bge1 Zone 2 /etc/hostname.bge2
Set defrouter=192.168.202.2
Zones in separate networks using the shared IP instance
Ifconfig bge1 plumb down
Zoneadm -z zone1 ready Zoneadm -z zone2 ready
Zones in separate networks using exclusive IP instances
Zonecfg set ip-type=exclusive
Zone 1 /etc/hostname.bge1
Zone2 192.168.202.1 are now active
192.168.101.201
Zone 1 /etc/hostname.bge1
Zone1 192.168.201.1,192.168.200.1 and zone2192.168.202.1
Zoneadm -z zone1 boot, zoneadm -z zone2 boot
Zone 1 /etc/hostname.bge3 /etc/defaultrouter
Load Balancer
Booting a zone
Boot arguments in zones
Root password for system maintenance control-d to bypass
Software installation per mount
Software installation with provisioning system
Zone migration among systems
∙ Detach the zone with zoneadm -z zone detach
Global# zoneadm -z test halt
Zone migration within a system
Global# zoneadm List -vc
Global Running Native Shared Test Export/home/zone/test
Duplicating zones with zoneadm clone
Global Running Native Shared Test Installed Container/test
100
ID Name Status Path Brand
101
Duplicating zones with zoneadm detach/attach and zfs clone
102
Moving a zone between a sun4u and a sun4v system
103
Lumount s10-807+1
Using live upgrade to patch a system with local zones
Shutting down a zone
Lucreate -c s10-807 -n s10-807+1 -m //dev/dsk/c1t0d0s4ufs
105
Reboot Luactivate s10-807+1 init
Zone audit
DTrace in a local zone
Zone1# dtrace -l tail +2 zone1#
Zone accounting
Resource pools with processor sets
Limiting the /tmp-size within a zone
Swap Tmp Tmpfs Yes Size=250m
Limiting the CPU usage of a zone CPU capping
108
Dynamic resource pools for zones
Global # svcs dynamic
109
110
Limiting the physical main memory consumption of a project
Implementing memory resource management for zones
Rcapadm -z zone1 -m 40m
Global # prctl -i zone zone1 Zone 22 zone1
Zone.max-swap Privileged 180MB Deny System 16.0EB Max
111
112
Solaris Container in OpenSolaris
OpenSolaris general
Ipkg-Branded zones
Cookbook Configuring an ipkg zone
Cookbook Installing an ipkg zone
113
114
References
