Manuals / Sun Microsystems / Computer Equipment / Computer Hardware

Sun Microsystems 10 manual Zone 1 /etc/hostname.bge1 Zone 2 /etc/hostname.bge2

Models: 10

1 121

Download 121 pages 49.77 Kb

Page 92

Version 3.1-enSolaris 10 Container Guide - 3.1 5. Cookbooks

Effective: 30/11/2009

5.2.7.3. Zones in separate network segments using exclusive IP instances

[dd/ug] Two local zones, zone1 and zone2, are located in separated network segments and provide services for these network segments.

∙Each local zone should have its own physical interface.

∙No additional network is connected to the network segment.

∙Routing is not used.

∙There should be no communication between the local zones.

∙Communication between the global zone and the local zones is not intended.

Implementation:

∙A separate GLDV3 interface (e.g. bge1 and bge2) is provided for each zone. These interfaces must not be used elsewhere in the global zone.

zone1-zonecfg: add net physical=bge1

zone2-zonecfg: add net physical=bge2

∙The zone configuration for zone1 and zone2 is indicates the use of exclusive IP instances. zonecfg: set ip-type=exclusive

∙The IP addresses are defined inside of the zones.

Zone 1: /etc/hostname.bge1

Zone 2: /etc/hostname.bge2

∙No routing entries in the zones.

∙Option: To enable communication between the global and the local zone, an interface that is located in the network of the local zone must be configured in the global zone.

∙By the use of exclusive IP instances, communication between the zones or between the zones and the global zone takes place only if corresponding routing entries exist in the zones and if a physical network connection exists between the zone interfaces.

192.168.201.0192.168.202.0

NetworkNetwork

bge1 - 192.168.201.1	bge2 - 192.168.202.1
ip type: exclusive	ip type: exclusive
Zone 1	Zone 2

bge0 - 192.168.1.1

ip type: shared

Global Zone

192.168.1.0

Network

Figure 33: [dd] Zones in separate network segments using exclusive IP instances

85

Image 92

Sun Microsystems 10 manual Zone 1 /etc/hostname.bge1 Zone 2 /etc/hostname.bge2

Contents

Solaris 10 Container Guide Table of contents III Network limitation IPQoS Duplicating zones with zoneadm detach/attach and zfs clone Disclaimer VII Introduction Solaris Containers and Solaris Zones OverviewUg Characteristics of Solaris 10 Zones Zones and privileges Zones and software installationZones and security Zones and resource management CPU resourcesProcessor sets in a resource pool Fair share scheduler in a resource poolUser interfaces for zones Network resource management IPQoS = IP Quality of ServiceMemory resource management Zones and high availability Branded zones Linux and Solaris 8/Solaris 9 compatibilitySolaris container cluster aka zone cluster Virtualization technologies compared App Server Domains/physical partitionsLogical partitions Dd Logical partitionsContainers Solaris zones in an OS Dd Container Solaris zones in an OSConsolidation in one computer Dd Consolidation in one computerSummary of virtualization technologies App Physical Logical Resource Virtualisation ManagementSolution Grid computing with isolationRequirement AssessmentGlobal Zone System Small web serversMulti-network consolidation Dd Use case Multi-network consolidationMulti-network monitoring Dd Use case Multi-network monitoringMulti-network backup Dd Use case Multi-network backupConsolidation development/test/integration/production Consolidation of test systems Dd Use case Consolidation of test systemsTraining systems RequirementsServer consolidation Dd Use case Server consolidationConfidentiality of data and processes Dd Use case Confidentiality of data and processesTest systems for developers Dd Use case Developer test systemsSolaris 8 and Solaris 9 containers for development Solaris 8 and Solaris 9 containers as revision systems Hosting for several companies on one computer Dd Use case Hosting for different companies on one computerSAP portals in Solaris containers Da Use case SAP portals in Solaris containersUpgrade- and Patch-management in a virtual environment Da Live upgradeFlying zones Service-oriented Solaris server infrastructure DC1 DC2Solaris Container Cluster aka zone cluster Concepts Sparse-root zones− /lib − /platform − /sbin − /usr Whole-root zonesPlatform ~3.6 GB Software in zones Comparison between sparse-root zones and whole-root zonesWhole-root Var Usr Software installations in Solaris and zones Software installation by the global zone usage in all zonesInstallation by the local zone usage in the local zone Data storage Program/application storageZFS within a zone Root disk layoutOpt/staroffice NFS and local zones Options for using ZFS in local zonesVolume manager in local zones Network concepts Introduction into networks and zones Network address management for zonesShared IP instance and routing between zones Ndd -set /dev/ip iprestrictinterzoneloopbackExclusive IP instance Plumb, snoop1M, dhcp5 or ipfilter5 is possibleInterface = InterfacenameInstance + VLAN-ID Firewalls between zones IP filterZones and limitations in the network IpmpStatic configuration of devices Dynamic configuration of devicesSeparate name services in zones ServicesHosts database ProjectsParadigms Applications in local zones onlyOne application per zone Clustered containersClient Solaris Container Cluster Configuration and administration Installation and administration of a branded zone Automatic configuration of zones by scriptAutomated provisioning of services Patching a system with local zones Patching with live upgradeLifecycle management Moving zones between architectures sun4u/sun4v Patching with upgrade serverPatching with zoneadm attach -u Backup and recovery of zones ∙ create /zones/zone1Backup of zones with ZFS Using boot arguments in zonesManagement and monitoring Migration of a zone to another systemConsolidating log information of zones Monitoring zone workloadExtended accounting with zones Auditing operations in the zoneDTrace of processes within a zone Global# dtrace -n iostart@zonename = countResource management Types of resource managementCapping of CPU time for a zone General resource poolsLightweight processes LWP Fair share scheduler FSSFair share scheduler in a zone Projects, projadd, projmod, projdelLimiting memory resources RcapstatAssessing memory requirements for global and local zones Limiting virtual memoryLimiting locked memory Network limitation IPQoSIPC limits Semaphore, shared memory, message queues Privileges and resource managementSolaris container navigator Dd Planning a Solaris containerDd Self-qualification of an application in a container 4zonecfgbrand=native Dd File /etc/zones/index Installation and configurationConfiguration files Special commands for zones Command DescriptionCommand Description Swap VarVar/crash MetadbConfiguring a sparse root zone required Actions Configuring a whole root zone required Actions Zone installation Zone initialization with sysidcfgUninstalling a zone Changing the set of privileges of a zone Optional settingsStarting zones automatically Using a device in a local zone Storage within a zoneLocal zone mounts a UFS file system from a device Zone1# ls /dev/dsk C1d0s0Using a DVD drive in the local zone User level NFS server in a local zoneVersion 3.1-enSolaris 10 Container Guide 3.1 5. Cookbooks Several zones share a file system ZFS in a zoneTank 30.2M 10G 18K None Tank/zone1 16.3M 983M Mnt User attributes for ZFS within a zoneConfiguring a zone by command file or template Automatic quick installation of zonesWith zonecfg -z zone export -f file of an existing zone − zonecfg -z zone -f fileAccelerated automatic creation of zones on a ZFS file system Zones hardeningChange network configuration for shared IP instances Set default router for shared IP instanceNetwork Network interfaces for exclusive IP instancesIP filter between shared IP zones on a system Set interceptloopbackIP filter between exclusive IP zones on a system Zones, networks and routingGlobal and local zone with shared network ImplementationNetworkNetwork Zone 1 /etc/hostname.bge1 Zone 2 /etc/hostname.bge2 Zones in separate networks using the shared IP instance Ifconfig bge1 plumb downZoneadm -z zone1 ready Zoneadm -z zone2 ready Set defrouter=192.168.202.2Zone 1 /etc/hostname.bge1 Zones in separate networks using exclusive IP instancesZonecfg set ip-type=exclusive Zone2 192.168.202.1 are now active 192.168.101.201 Zone 1 /etc/hostname.bge1 Zone1 192.168.201.1,192.168.200.1 and zone2192.168.202.1 Zoneadm -z zone1 boot, zoneadm -z zone2 boot Zone 1 /etc/hostname.bge3 /etc/defaultrouter Load Balancer Root password for system maintenance control-d to bypass Booting a zoneBoot arguments in zones Software installation per mount ∙ Detach the zone with zoneadm -z zone detach Software installation with provisioning systemZone migration among systems Zone migration within a system Global# zoneadm List -vcGlobal Running Native Shared Test Export/home/zone/test Global# zoneadm -z test haltGlobal Running Native Shared Test Installed Container/test Duplicating zones with zoneadm cloneID Name Status Path Brand 100Duplicating zones with zoneadm detach/attach and zfs clone 101Moving a zone between a sun4u and a sun4v system 102103 Using live upgrade to patch a system with local zones Shutting down a zoneLucreate -c s10-807 -n s10-807+1 -m //dev/dsk/c1t0d0s4ufs Lumount s10-807+1Reboot Luactivate s10-807+1 init 105DTrace in a local zone Zone1# dtrace -l tail +2 zone1#Zone accounting Zone auditLimiting the /tmp-size within a zone Swap Tmp Tmpfs Yes Size=250mLimiting the CPU usage of a zone CPU capping Resource pools with processor sets108 109 Dynamic resource pools for zonesGlobal # svcs dynamic Limiting the physical main memory consumption of a project Implementing memory resource management for zonesRcapadm -z zone1 -m 40m 110111 Global # prctl -i zone zone1 Zone 22 zone1Zone.max-swap Privileged 180MB Deny System 16.0EB Max Solaris Container in OpenSolaris OpenSolaris generalIpkg-Branded zones 112113 Cookbook Configuring an ipkg zoneCookbook Installing an ipkg zone References 114