Manuals / Sun Microsystems / Computer Equipment / Computer Hardware

Sun Microsystems 10 manual Dd Self-qualification of an application in a container

Models: 10

1 121

Download 121 pages 49.77 Kb

Page 70

Version 3.1-enSolaris 10 Container Guide - 3.1 4. Best Practices

Effective: 30/11/2009

A-3: Self-qualification of an application in a container

A-3-1: If necessary, note additional details in:

“Qualification Best Practices for Application Support in Non-Global Zones”

http://developers.sun.com/solaris/articles/zone_app_qualif.html

A-3-2:	y					n
					A-3-3:
Use of Solaris Application Scanners					Problem found

?	?

n				y
	A-3-5: Further testing since problems which
	have arisen could be solved by special
	have arisen could be solved by special
	container configurations.

A-3-6:

Is one of the requirementsy met by the application?

-Creation and removal of devices

-Direct access to kernel modules

-Loading and unloading of drivers

		n
A-3-10:				y
Further privileged operations
necessary during the runtime
(suid root, or the like)
?
	n			A-3-11:			n
	n


			Can required privileges be
			configured by zonecfg:limitpriv
			?
					y

			A-3-12: determine zonecfg:limitpriv

A-3-13: Results of qualification positive (application is suitable for Solaris containers)

A-3: Self-qualification of an application

in a container

A-3-7: Results of qualification negative (application is not suitable for Solaris containers)

A-3-4: Results of qualification positive (application is suitable for Solaris containers)

Figure 29: [dd] Self-qualification of an application in a container

63

Image 70

Sun Microsystems 10 manual Dd Self-qualification of an application in a container

Contents

Solaris 10 Container Guide Table of contents III Network limitation IPQoS Duplicating zones with zoneadm detach/attach and zfs clone Disclaimer VII Introduction Solaris Containers and Solaris Zones OverviewUg Characteristics of Solaris 10 Zones Zones and security Zones and software installationZones and privileges Processor sets in a resource pool Zones and resource managementCPU resources Fair share scheduler in a resource poolMemory resource management Network resource management IPQoS = IP Quality of ServiceUser interfaces for zones Zones and high availability Branded zones Linux and Solaris 8/Solaris 9 compatibilitySolaris container cluster aka zone cluster Virtualization technologies compared App Server Domains/physical partitionsLogical partitions Dd Logical partitionsContainers Solaris zones in an OS Dd Container Solaris zones in an OSConsolidation in one computer Dd Consolidation in one computerSummary of virtualization technologies App Physical Logical Resource Virtualisation ManagementRequirement SolutionGrid computing with isolation AssessmentGlobal Zone System Small web serversMulti-network consolidation Dd Use case Multi-network consolidationMulti-network monitoring Dd Use case Multi-network monitoringMulti-network backup Dd Use case Multi-network backupConsolidation development/test/integration/production Consolidation of test systems Dd Use case Consolidation of test systemsTraining systems RequirementsServer consolidation Dd Use case Server consolidationConfidentiality of data and processes Dd Use case Confidentiality of data and processesTest systems for developers Dd Use case Developer test systemsSolaris 8 and Solaris 9 containers for development Solaris 8 and Solaris 9 containers as revision systems Hosting for several companies on one computer Dd Use case Hosting for different companies on one computerSAP portals in Solaris containers Da Use case SAP portals in Solaris containersUpgrade- and Patch-management in a virtual environment Da Live upgradeFlying zones Service-oriented Solaris server infrastructure DC1 DC2Solaris Container Cluster aka zone cluster − /lib − /platform − /sbin − /usr ConceptsSparse-root zones Whole-root zonesWhole-root Var Usr Comparison between sparse-root zones and whole-root zonesPlatform ~3.6 GB Software in zones Software installations in Solaris and zones Software installation by the global zone usage in all zonesInstallation by the local zone usage in the local zone Data storage Program/application storageOpt/staroffice Root disk layoutZFS within a zone Volume manager in local zones Options for using ZFS in local zonesNFS and local zones Shared IP instance and routing between zones Network concepts Introduction into networks and zonesNetwork address management for zones Ndd -set /dev/ip iprestrictinterzoneloopbackInterface = InterfacenameInstance + VLAN-ID Exclusive IP instancePlumb, snoop1M, dhcp5 or ipfilter5 is possible Firewalls between zones IP filterZones and limitations in the network IpmpStatic configuration of devices Dynamic configuration of devicesHosts database Separate name services in zonesServices ProjectsParadigms Applications in local zones onlyOne application per zone Clustered containersClient Solaris Container Cluster Configuration and administration Automated provisioning of services Automatic configuration of zones by scriptInstallation and administration of a branded zone Lifecycle management Patching with live upgradePatching a system with local zones Patching with zoneadm attach -u Patching with upgrade serverMoving zones between architectures sun4u/sun4v Backup and recovery of zones ∙ create /zones/zone1Management and monitoring Backup of zones with ZFSUsing boot arguments in zones Migration of a zone to another systemExtended accounting with zones Consolidating log information of zonesMonitoring zone workload Auditing operations in the zoneDTrace of processes within a zone Global# dtrace -n iostart@zonename = countCapping of CPU time for a zone Resource managementTypes of resource management General resource poolsFair share scheduler in a zone Lightweight processes LWPFair share scheduler FSS Projects, projadd, projmod, projdelAssessing memory requirements for global and local zones Limiting memory resourcesRcapstat Limiting virtual memoryIPC limits Semaphore, shared memory, message queues Limiting locked memoryNetwork limitation IPQoS Privileges and resource managementSolaris container navigator Dd Planning a Solaris containerDd Self-qualification of an application in a container 4zonecfgbrand=native Configuration files Installation and configurationDd File /etc/zones/index Special commands for zones Command DescriptionCommand Description Var/crash SwapVar MetadbConfiguring a sparse root zone required Actions Configuring a whole root zone required Actions Zone installation Zone initialization with sysidcfgUninstalling a zone Starting zones automatically Optional settingsChanging the set of privileges of a zone Using a device in a local zone Storage within a zoneLocal zone mounts a UFS file system from a device Zone1# ls /dev/dsk C1d0s0Using a DVD drive in the local zone User level NFS server in a local zoneVersion 3.1-enSolaris 10 Container Guide 3.1 5. Cookbooks Tank 30.2M 10G 18K None Tank/zone1 16.3M 983M Mnt Several zones share a file systemZFS in a zone User attributes for ZFS within a zoneWith zonecfg -z zone export -f file of an existing zone Configuring a zone by command file or templateAutomatic quick installation of zones − zonecfg -z zone -f fileAccelerated automatic creation of zones on a ZFS file system Zones hardeningNetwork Change network configuration for shared IP instancesSet default router for shared IP instance Network interfaces for exclusive IP instancesIP filter between shared IP zones on a system Set interceptloopbackGlobal and local zone with shared network IP filter between exclusive IP zones on a systemZones, networks and routing ImplementationNetworkNetwork Zone 1 /etc/hostname.bge1 Zone 2 /etc/hostname.bge2 Zoneadm -z zone1 ready Zoneadm -z zone2 ready Zones in separate networks using the shared IP instanceIfconfig bge1 plumb down Set defrouter=192.168.202.2Zonecfg set ip-type=exclusive Zones in separate networks using exclusive IP instancesZone 1 /etc/hostname.bge1 Zone2 192.168.202.1 are now active 192.168.101.201 Zone 1 /etc/hostname.bge1 Zone1 192.168.201.1,192.168.200.1 and zone2192.168.202.1 Zoneadm -z zone1 boot, zoneadm -z zone2 boot Zone 1 /etc/hostname.bge3 /etc/defaultrouter Load Balancer Boot arguments in zones Booting a zoneRoot password for system maintenance control-d to bypass Software installation per mount Zone migration among systems Software installation with provisioning system∙ Detach the zone with zoneadm -z zone detach Global Running Native Shared Test Export/home/zone/test Zone migration within a systemGlobal# zoneadm List -vc Global# zoneadm -z test haltGlobal Running Native Shared Test Installed Container/test Duplicating zones with zoneadm cloneID Name Status Path Brand 100Duplicating zones with zoneadm detach/attach and zfs clone 101Moving a zone between a sun4u and a sun4v system 102103 Lucreate -c s10-807 -n s10-807+1 -m //dev/dsk/c1t0d0s4ufs Using live upgrade to patch a system with local zonesShutting down a zone Lumount s10-807+1Reboot Luactivate s10-807+1 init 105Zone accounting DTrace in a local zoneZone1# dtrace -l tail +2 zone1# Zone auditLimiting the CPU usage of a zone CPU capping Limiting the /tmp-size within a zoneSwap Tmp Tmpfs Yes Size=250m Resource pools with processor sets108 Global # svcs dynamic Dynamic resource pools for zones109 Rcapadm -z zone1 -m 40m Limiting the physical main memory consumption of a projectImplementing memory resource management for zones 110Zone.max-swap Privileged 180MB Deny System 16.0EB Max Global # prctl -i zone zone1 Zone 22 zone1111 Ipkg-Branded zones Solaris Container in OpenSolarisOpenSolaris general 112Cookbook Installing an ipkg zone Cookbook Configuring an ipkg zone113 References 114