Category Archives: Solaris

Best Practics- Setting up zones in Solaris10

1 – Setting up Non-Global Zone ‘appserver’ configuring IP, Ethernet and define directory ( here directory is ‘/zones/appserver/root’ ) where system partition like
export system mnt opt kernel home lib platform sbin usr bin proc dev tmp var etc

filesystem will be stored

Note – only /zones/appserver needs to be created and rest of directory will automatically created once you install zones ( See point 2)

bash-3.2# zoneadm list -cv
ID NAME             STATUS     PATH                           BRAND    IP
0 global           running    /                              native   shared

bash-3.2# zonecfg -z appserver
appserver: No such zone configured
Use ‘create’ to begin configuring a new zone.
zonecfg:appserver> create
zonecfg:appserver> set zonepath=/zones/appserver
zonecfg:appserver> set autoboot=true
zonecfg:appserver> add net
zonecfg:appserver:net> set physical=e1000g0
zonecfg:appserver:net> set address=192.168.1.120
zonecfg:appserver:net> end
zonecfg:appserver> verify
zonecfg:appserver> info
zonename: appserver
zonepath: /zones/appserver
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid:
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
net:
address: 192.168.1.120
physical: e1000g0
defrouter not specified
zonecfg:appserver> commit
zonecfg:appserver> exit

bash-3.2# zoneadm list -cv
ID NAME             STATUS     PATH                           BRAND    IP
0 global           running    /                              native   shared
– appserver        configured /zones/appserver               native   shared
bash-3.2#

2 – Installing ‘appserver’ zones

bash-3.2# zoneadm -z appserver install
Preparing to install zone <appserver>.
Creating list of files to copy from the global zone.
Copying <2923> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <1466> packages on the zone.
Initialized <1466> packages on zone.
Zone <appserver> is initialized.
The file </zones/appserver/root/var/sadm/system/logs/install_log> contains a log of the zone installation.
bash-3.2#

3 – checking if ‘appserver’ zone is installed or not

bash-3.2# zoneadm list -cv
ID NAME             STATUS     PATH                           BRAND    IP
0 global           running    /                              native   shared
– appserver        installed  /zones/appserver               native   shared
bash-3.2#

4 – Booting up the appserver zone. Let’s note down the ifconfig output to see how it changes after the local zone boots up. Also observe that there is no answer from the server yet, since it is not up

bash-3.2# zoneadm list -cv
ID NAME             STATUS     PATH                           BRAND    IP
0 global           running    /                              native   shared
– appserver        installed  /zones/appserver               native   shared

bash-3.2# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.100 netmask ffffff00 broadcast 192.168.1.255
ether 0:c:29:5d:7c:ae

bash-3.2# ping 192.168.1.120
no answer from 192.168.1.120

bash-3.2# zoneadm -z appserver boot
zoneadm: zone ‘appserver’: WARNING: e1000g0:1: no matching subnet found in netmasks(4) for 192.168.1.120; using default of 255.255.255.0.

bash-3.2# zoneadm list -cv
ID NAME             STATUS     PATH                           BRAND    IP
0 global           running    /                              native   shared
2 appserver        running    /zones/appserver               native   shared

bash-3.2# ping 192.168.1.120
192.168.1.120 is alive

bash-3.2# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone appserver
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.100 netmask ffffff00 broadcast 192.168.1.255
ether 0:c:29:5d:7c:ae
e1000g0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone appserver
inet 192.168.1.120 netmask ffffff00 broadcast 192.168.1.255
bash-3.2#

NOte – check “zone appserver’ in e1000g0:1 & lo0:1

Hope this gives clear picture that zone ‘appserver is installed properly’

4 – Login on zone and performing initial configuration –

bash-3.2#zlogin -C  appserver

[Connected to zone ‘appserver’ console]

Select a Language

0. English
1. es
2. fr

Please make a choice (0 – 2), or press h or ? for help: 0

Select a Locale

0. English (C – 7-bit ASCII)
1. Canada (English) (UTF-8)
2. Canada-English (ISO8859-1)
3. U.S.A. (UTF-8)
4. U.S.A. (en_US.ISO8859-1)
5. U.S.A. (en_US.ISO8859-15)
6. Go Back to Previous Screen

Please make a choice (0 – 6), or press h or ? for help: 0

Enter the host name which identifies this system on the network.  The name
must be unique within your domain; creating a duplicate host name will cause
problems on the network after you install Solaris.

A host name must have at least one character; it can contain letters,
digits, and minus signs (-).

Host name for eri0:1 appserver appserver


System identification is completed.

rebooting system due to change(s) in /etc/default/init

[NOTICE: Zone rebooting]

SunOS Release 5.11 Version snv_23 64-bit
Copyright 1983-2005 Sun Microsystems, Inc.  All rights reserved.
Use is subject to license terms.
Hostname: appserver

appserver console login: root
Password:
Oct 15 15:15:30 appserver login: ROOT LOGIN /dev/console
Oracle Corporation      SunOS 5.10      Generic Patch   January 2005

bash-3.2#

5 – ‘appserver’ machine is now prepared. Since this is runinng as a virtual machine ( zone machine in base OS – Solaris) but it will act like physical machine for other users.

See the details below –

Note – Created ‘baba’ user on 192.168.1.120 as direct remote root login is disabled for the same.

Xshell:> ssh baba@192.168.1.120

Connecting to 192.168.1.120:22…
Connection established.
Escape character is ‘^@]’.

Last login: Sun Oct  9 11:03:14 2011 from 192.168.1.2
Could not chdir to home directory /home/baba: No such file or directory
Oracle Corporation      SunOS 5.10      Generic Patch   January 2005
$ su –
Password:
Oracle Corporation      SunOS 5.10      Generic Patch   January 2005

# bash
bash-3.2# df -h
Filesystem             size   used  avail capacity  Mounted on
/                       10G   5.2G   5.2G    50%    /
/dev                    10G   5.2G   5.2G    50%    /dev
/lib                    10G   5.2G   5.2G    50%    /lib
/platform               10G   5.2G   5.2G    50%    /platform
/sbin                   10G   5.2G   5.2G    50%    /sbin
/usr                    10G   5.2G   5.2G    50%    /usr
proc                     0K     0K     0K     0%    /proc
ctfs                     0K     0K     0K     0%    /system/contract
mnttab                   0K     0K     0K     0%    /etc/mnttab
objfs                    0K     0K     0K     0%    /system/object
swap                   759M   332K   759M     1%    /etc/svc/volatile
/usr/lib/libc/libc_hwcap1.so.1
10G   5.2G   5.2G    50%    /lib/libc.so.1
fd                       0K     0K     0K     0%    /dev/fd
swap                   759M    36K   759M     1%    /tmp
swap                   759M    24K   759M     1%    /var/run

bash-3.2# ifconfig -a
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.120 netmask ffffff00 broadcast 192.168.1.255
bash-3.2#

Note – All zone (virtual) machine runs in non-global zone, however there is one global zone which is manage by base OS called global

6 –
The above steps are pure OS setup in solaris zone, now we need to setup data directory to store files/folder

(1) – Exporting the Raw Device(s) to a non-global zone ‘appserver’ which is already configured –

on the base OS, if raw device exist ( Not yet formatted it with UFS filesystem to configured it on block device), you can export the raw device in zone global zone ( virtual machine) and format it with ‘newfs’

Note – Make sure raw device is not yet formatted on base OS with ‘newfs’ else it gives the error.

(a) Run the following commands on ‘base OS’ for configuring raw device for the ‘appserver’

———————————————————————————————————————-
Note – Question may come why cann’t we run the ‘zonecfg’ command from non-gloabal zone as ‘appserver’ is now stand alone machine so here is the answers

bash-3.2# zonecfg -z appserver
zonecfg can only be run from the global zone.
bash-3.2#

————————————————————————————————————————

bash-3.2# zonecfg -z appserver
zonecfg:appserver> add device
zonecfg:appserver:device> set match=/dev/rdsk/c2t2d0s0
zonecfg:appserver:device> end
zonecfg:appserver> verify
zonecfg:appserver> commit
zonecfg:appserver> info
zonename: appserver
zonepath: /zones/appserver
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid:
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
net:
address: 192.168.1.120
physical: e1000g0
defrouter not specified
device
match: /dev/rdsk/c2t2d0s0
zonecfg:appserver> exit
bash-3.2#

(b) Reboot non-global zone ‘appserver’ to get new exported disk recognized

bash-3.2# zoneadm -z appserver reboot
zoneadm: zone ‘appserver’: WARNING: e1000g0:1: no matching subnet found in netmasks(4) for 192.168.1.120; using default of 255.255.255.0.
bash-3.2#

(c) Once the ‘appserver’ is up, you can check if exported raw disk is available on ‘appserver’ or not

bash-3.2# ls -tlr /dev/rdsk/c2t2d0s0
crw-r—–   1 root     sys       30, 192 Oct  9 11:22 /dev/rdsk/c2t2d0s0
bash-3.2#

Note – I have tried to run ‘devfsadm’ and ‘cfgadm’ commands to configure exported raw disk on ‘appserver’ but it looks like it does not work, Reboot is only option left

(d) format raw device to create block device like ‘/dev/dsk/c2t2d0s0’ to mount on ‘/satyendra’ for storing appserver data.

bash-3.2# newfs -v /dev/rdsk/c2t2d0s0
newfs: construct a new file system /dev/rdsk/c2t2d0s0: (y/n)? y

(e) mounting the disk to /satyendra

bash-3.2# mount /dev/dsk/c2t2d0s0 /satyendra

2 -Exporting the Block Device(s) to a  non-global zone ‘appserver’ which is already configured –

(a) Configuring block device /dev/dsk/c2t2d0s0 for ‘appserver’

bash-3.2# zonecfg -z appserver
zonecfg:appserver> add device
zonecfg:appserver:device> set match=/dev/dsk/c2t2d0s0
zonecfg:appserver:device> end
zonecfg:appserver> verify
zonecfg:appserver> info
zonename: appserver
zonepath: /zones/appserver
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid:
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
net:
address: 192.168.1.120
physical: e1000g0
defrouter not specified
device
match: /dev/rdsk/c2t2d0s0
device
match: /dev/dsk/c2t2d0s0
zonecfg:appserver> commit
zonecfg:appserver> exit

(b) Reboot non-global zone ‘appserver’ to get new exported block disk recognized

bash-3.2# zoneadm -z appserver reboot
zoneadm: zone ‘appserver’: WARNING: e1000g0:1: no matching subnet found in netmasks(4) for 192.168.1.120; using default of 255.255.255.0.
bash-3.2#

(c) Once the ‘appserver’ is up, you can check if exported raw disk is available on ‘appserver’ or not

bash-3.2# ls -trl /dev/dsk/c2t2d0s0
brw-r—–   1 root     sys       30, 192 Oct  9 11:44 /dev/dsk/c2t2d0s0
bash-3.2#

(d)  mounting the block disk to /satyendra

bash-3.2# mount /dev/dsk/c2t2d0s0 /satyendra/

bash-3.2# hostname
appserver
bash-3.2#

bash-3.2# ifconfig -a
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.120 netmask ffffff00 broadcast 192.168.1.255
bash-3.2#

bash-3.2# df -hF ufs
Filesystem             size   used  avail capacity  Mounted on
/                       10G   5.2G   5.2G    50%    /
/dev/dsk/c2t2d0s0      1.9G   2.0M   1.9G     1%    /satyendra
bash-3.2#

3 – Cloning a Non-Global Zone ‘appserver’

(a) export the configuration of zone that you want to clone/copy

bash-3.2# zoneadm list -cv
ID NAME             STATUS     PATH                           BRAND    IP
0 global           running    /                              native   shared
5 appserver        running    /zones/appserver               native   shared
bash-3.2#

bash-3.2# zonecfg -z appserver export > /tmp/appserver.cfg
bash-3.2# cat /tmp/appserver.cfg
create -b
set zonepath=/zones/appserver
set autoboot=true
set ip-type=shared
add inherit-pkg-dir
set dir=/lib
end
add inherit-pkg-dir
set dir=/platform
end
add inherit-pkg-dir
set dir=/sbin
end
add inherit-pkg-dir
set dir=/usr
end
add net
set address=192.168.1.120
set physical=e1000g0
end
add device
set match=/dev/rdsk/c2t2d0s0
end
add device
set match=/dev/dsk/c2t2d0s0
end

(b) Change the configuration of the new zone that differ from the existing one — for example, IP address, data set names, network interface etc. To make these changes, edit /tmp/appserver.cfg

Changed /tmp/appserver.cfg configuration as below for my example –

bash-3.2# cat /tmp/appserver.cfg
create -b
set zonepath=/zones/app2
set autoboot=true
set ip-type=shared
add inherit-pkg-dir
set dir=/lib
end
add inherit-pkg-dir
set dir=/platform
end
add inherit-pkg-dir
set dir=/sbin
end
add inherit-pkg-dir
set dir=/usr
end
add net
set address=192.168.1.121
set physical=e1000g0
end
bash-3.2#

Note – I have removed raw device/block device because the same is mounted on ‘appserver’ itself. However if require we can mount other raw/block device for the same.

(c) Create the zone root directory for the new zone being created

bash-3.2# mkdir /zones/app2
bash-3.2# chmod 700 /zones/app2
bash-3.2# ls -ld /zones/app2/
drwx——   2 root     root         512 Oct  9 15:35 /zones/app2/
bash-3.2#

(d) Create a new zone  with the edited configuration file as an input

bash-3.2# zonecfg -z app2 -f /tmp/appserver.cfg
bash-3.2# zoneadm list -cv
ID NAME             STATUS     PATH                           BRAND    IP
0 global           running    /                              native   shared
5 appserver        running    /zones/appserver               native   shared
– app2             configured /zones/app2                    native   shared
bash-3.2#

(e) Ensure that the zone you intend to clone/copy is not running

bash-3.2# zoneadm -z appserver halt

(f) Clone the existing zone

bash-3.2# zoneadm -z app2 clone appserver
Copying /zones/appserver…
bash-3.2#

(g) booting new zone ‘app2’

bash-3.2# zoneadm -z app2 boot
zoneadm: zone ‘app2’: WARNING: e1000g0:1: no matching subnet found in netmasks(4) for 192.168.1.121; using default of 255.255.255.0.
bash-3.2#

(h) Bring up the halted zone ‘appserver’ as well, if wish.

(i) Login to the console of the new zone to configure IP, networking, etc., and you are done.

bash-3.2# zlogin -C app2

here are the details of ‘app2’ server

bash-3.2# hostname
app2
bash-3.2# ifconfig -a
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.121 netmask ffffff00 broadcast 192.168.1.255
bash-3.2#

—————————————————————————————————————-

Base OS ifconfig -a output to confirm that both zones ‘appserver’ & ‘app2’ is running.

bash-3.2# hostname
sol
bash-3.2# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone app2
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone appserver
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.100 netmask ffffff00 broadcast 192.168.1.255
ether 0:c:29:5d:7c:ae
e1000g0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone app2
inet 192.168.1.121 netmask ffffff00 broadcast 192.168.1.255
e1000g0:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone appserver
inet 192.168.1.120 netmask ffffff00 broadcast 192.168.1.255
bash-3.2#

Advertisements