cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Solaris Zones and SFHA cheatsheet

anand_raj
Level 3
Employee Accredited Certified

on ‎03-17-2014 04:29 PM

Solaris 10 ZONES:

===============

Zones provides a means of virtualizing operating system services, allowing one or more processes to run in isolation from other activity on the system. A zone is a "sandbox" within which one or more applications can run without affecting or interacting with the rest of the system. 

 

You can configure non-global zones with a shared-IP address or an exclusive-IP address. The shared-IP zone shares a network interface with global-zone and the exclusive-IP zone does not share network interface with global-zone. In this example, I'm using a shared-IP zone on the test box.

 

Upper limit on the number of zones in a system: 8192

 

Zones enable more efficient resource utilization on your system. Dynamic resource reallocation permits unused resources to be shifted to other containers as needed. Processes that are assigned to different zones are only able to communicate through network APIs.

 

Zone states: It can be in one of these states

--    Configured: configuration was completed and committed

--    Incomplete: Transition state during install or uninstall operation

--    Installed: the packages have been successfully installed

--    Ready: the virtual platform has been established

--    Running: the zone booted successfully and is now running

--    Shutting down: the zone is in the process of shutting down - this is a temporary state, leading to "Down"

--    Down: the zone has completed the shut down process and is down - this is a temporary state, leading to "Installed"

 

Listing zone information:

=====================

global# zoneadm list -icv

  ID NAME             STATUS         PATH

   0 global           running        /

   - ora11g_zone      configured     /export/home/ora11g_zone

 

Installing a Zone:

===============

Recommended to have about 6G disk space for the zone root. 

 

1. Create the zone with the zonecfg command.

global# zonecfg -z ora11g_zone

zonecfg:newzone> create

zonecfg:newzone> set zonepath=/export/home/ora11g_zone

 

2. Set a virtual IP address of the system to be the IP address of the zone and define the device name for the NIC associated 

with the IP address.

zonecfg> add net

zonecfg:net>set physical=<device_name>

zonecfg:net>set address=<ip address>

zonecfg> exit

 

3. Create the actual zone root directory

global# mkdir /export/home/ora11g_zone

 

4. Set permissions for the zone root directory.

global# chmod 700 /export/home/ora11g_zone

 

5. Install the non-global zone.

global# zoneadm -z ora11g_zone install

Preparing to install zone <ora11g_zone>.

Creating list of files to copy from the global zone.

Copying <62288> files to the zone.

Initializing zone product registry.

Determining zone package initialization order.

Preparing to initialize <1733> packages on the zone.

Initialized <1733> packages on zone.

Zone <ora11g_zone> is initialized.

Installation of these packages generated errors: <SUNWspci3 SUNWvts SUNWvtsts SUNWhsip>

Installation of <11> packages was skipped.

Installation of these packages generated warnings: <VRTSat>

The file </export/home/ora11g_zone/root/root/var/sadm/system/logs/install_log> contains a log of the zone installation.

 

global# zoneadm list -icv

  ID NAME             STATUS         PATH

   0 global           running        /

   - ora11g_zone      installed      /export/home/ora11g_zone/root

 

Uninstall the zone:

===============

global# zoneadm -z ora11g_zone uninstall -F

global# zoneadm list -icv

  ID NAME             STATUS         PATH

   0 global           running        /

   - ora11g_zone      configured     /export/home/ora11g_zone/root

global#

 

Booting the zone:

===============

global# zoneadm -z ora11g_zone boot

global# zoneadm list -icv

  ID NAME             STATUS         PATH

   0 global           running        /

   1 ora11g_zone      running        /export/home/ora11g_zone/root

#

 

Zone configuration files:

====================

# pwd

/etc/zones

# grep ora11g_zone index

ora11g_zone:installed:/export/home/ora11g_zone/root:00000035-ffbf-f914-ffbf-f8e801000000

#

 

NOTES:

======

1. inherit-pkg-dir

-------------------------

zonecfg:ora11g_zone> info

zonepath: /export/home/ora11g_zone

autoboot: false

pool:

inherit-pkg-dir:

        dir: /lib

inherit-pkg-dir:

        dir: /platform

inherit-pkg-dir:

        dir: /sbin

inherit-pkg-dir:

        dir: /usr

net:

        address: 192.100.1.101/21

        physical: bge0

zonecfg:ora11g_zone>

 

The inherit-pkg-dir attribute specifies that /usr for the local zone is in-fact a lofs mount of /usr from the global zone. It's mounted in local zone in read-only mode. To change this behavior, 

 

global# zonecfg -z ora11g_zone

zonecfg:ora11g_zone> remove inherit-pkg-dir dir=/usr

zonecfg:ora11g_zone> info

..

inherit-pkg-dir:

        dir: /lib

inherit-pkg-dir:

        dir: /platform

inherit-pkg-dir:

        dir: /sbin

..

zonecfg:ora11g_zone> verify

zonecfg:ora11g_zone> commit

zonecfg:ora11g_zone> exit

 

Now install the zone, so that the files in /usr are copied from global zone to local zone.

 

global# zoneadm -z ora11g_zone install

..

 

VCS specific zone-stuff:

====================

1. The VCS engine, VCS agents, and engine components run in the global zone. For applications running within zones, agents run entry points inside the zones. VCS supports non-global zones in both secure and non-secure cluster environments. If VCS is running in a secure environment using Symantec Product Authentication Service, communication from non-global zones to global zones is secure.

 

2. Custom agents that need to run within the zone - Should be script based and not c++.

 

3. Use hazonesetup to configure the zone under VCS. hazoneverify to verify the zone configuration.

 

VxFS: Using loopback to mount a VxFS filesystem inside a zone:

====================================================

You may want to share a VxFS filesystem between multiple zones. For example, if a configuration file is available in a particular file system and this 

configuration file is required by the non-global zone, then the file system can be shared with the non-global zone using a loopback file system mount.

 

The following commands share access of file system /oradata as a loopback file system mount with an existing non-global zone myzone:

 

global# zonecfg -z myzone

zonecfg:myzone> add fs

zonecfg:myzone:fs> set dir=/oradata

zonecfg:myzone:fs> set special=/globalzone/oracle/data

zonecfg:myzone:fs> set type=lofs

zonecfg:myzone:fs> end

zonecfg:myzone> verify

zonecfg:myzone> commit

zonecfg:myzone> exit

 

The value of dir is a directory in the non-global zone. The value of special is a directory in the global zone to be mounted in the non-global zone. Use this method only when you want shared read-only access to the file system.

 

VxFS: Using direct mount of VxFS filesystem inside a zone:

================================================

Exclusive access of a VxFS file system can be delegated to a non-global zone by direct mounting the file system in the non-global zone. Only the zone has visibility and access to the filesystem. The mount command is issued from the global zone. 

 

1 Log in to the zone and make the mount point:

global# zlogin myzone

myzone# mkdir dirmnt

myzone# exit

 

2 Mount the file system from the global zone:

¦ Non-cluster file system:

global# mount -F vxfs /dev/vx/dsk/dg/vol1 /zonedir/zoneroot/dirmnt

 

¦ Cluster file system:

global# mount -F vxfs -o cluster /dev/vx/dsk/dg/vol1 /zonedir/zoneroot/dirmnt

 

Once a file system has been delegated to a non-global zone through a direct mount, the mount point will be visible in the global zone through the mount command, but not through the df command.

 

VxFS: Adding a direct mount to a zone startup:

======================================

NOTE: fsck (log replay and not full fsck) is run on the filesystem before mounting it and if it fails, zone will not boot. 

 

1. Stop the zone

global# zoneadm -z myzone halt

 

2. Add the mount to zone configuration

global# zonecfg -z myzone

zonecfg:myzone> add fs

zonecfg:myzone:fs> set dir=/dirmnt

zonecfg:myzone:fs> set special=/dev/vx/dsk/dg_name/vol_name

zonecfg:myzone:fs> set raw=/dev/vx/rdsk/dg_name/vol_name

zonecfg:myzone:fs> set type=vxfs

zonecfg:myzone:fs> end

zonecfg:myzone> verify

zonecfg:myzone> commit

zonecfg:myzone> exit

 

VxVM: Export VxVM volumes to a non-global zone:

=========================================

Following procedure makes a volume to be exported to a local zone. The volume can be used for raw I/O or for creating a fs inside the zone

 

1 Create a volume vol1 in the global zone:

global# ls -l /dev/vx/rdsk/rootdg/vol1

crw------- 1 root root 301, 102000 Jun 3 12:54 /dev/vx/rdsk/rootdg/vol1

crw------- 1 root sys 301, 102000 Jun 3 12:54 /devices/pseudo/vxio@0:rootdg,vol1,102000,raw

 

2 Add the volume device vol1 to the non-global zone myzone:

global# zonecfg -z myzone

zonecfg:myzone> add device

zonecfg:myzone:device> set match=/dev/vx/rdsk/mydg/vol1

zonecfg:myzone:device> end

zonecfg:myzone> add device

zonecfg:myzone:device> set match=/dev/vx/dsk/mydg/vol1

zonecfg:myzone:device> end

zonecfg:myzone> commit

 

3 Ensure that the devices will be seen in the non-global zone:

global# zoneadm -z myzone halt

global# zoneadm -z myzone boot

 

NOTE: Even though the volume is delegated to the local zone, raw device access is still possible from the global zone and this can lead to data corruption if the device is improperly accessed from the global zone as shown below. 

 

global# dd if=/dev/zero of=/dev/vx/dsk/ananddg/vol01 seek=200 bs=2048 count=1

1+0 records in

1+0 records out

global#

 

global# mkfs -F vxfs /dev/vx/rdsk/ananddg/vol01

UX:vxfs mkfs: ERROR: V-3-21015: /dev/vx/rdsk/ananddg/vol01 is mounted, cannot mkfs

global#

 

zoneadm attach

-------------------------

For native zones, zoneadm checks package and patch levels on the machine to which the zone is to be attached. If the packages/patches that the zone depends on from the global zone are different (have different revision numbers) from the dependent packages/patches on the source machine, zoneadm reports these conflicts and does not perform the attach. If the destination system has only newer dependent packages/patches (higher revision numbers) than those on the source system, you can use the -u or -U options. The -u option updates the minimum number of packages within the attached zone to match the higher-revision packages and patches that exist on the new system. The -U option updates all packages in the attached zone that are also installed in the global zone. With -u or -U, as in the default behavior, zoneadm does not perform an attach if outdated packages/patches are found on the target system.

 

zoneadm detach

-------------------------

Detaching a zone is the first step in moving a zone from one system to another. The full procedure to migrate a zone is that the zone is detached, the zonepath directory is moved to the new host, and then the zone is attached on the new host. Once the zone is detached, it is left in the configured state.

0 Kudos
Comments
Gaurav_S
Moderator
Moderator
   VIP    Certified
‎03-19-2014 06:10 AM

Excellent article ... Thanks

 

 

Version history
Last update:
‎03-17-2014 04:29 PM
Updated by: