Solaris Container (zone). Creation and administration. Part 1
Solaris Container (zone). Creation and administration. Part 2
The Solaris Zone (Solaris Container) technology is a technology that allows the Solaris 10 OS to be divided into software containers (zones), almost independent operating systems that can have separate independent resources (processors, memory, disk space) and their own users.
Koneteynery is a good solution for building application servers in which each application will have its own honest guaranteed (or shared between all zones) piece of resources with which it can work. Such a solution will allow to consolidate the infrastructure on more powerful servers, which will generally reduce the cost and complexity of information systems.
')
When planning to consolidate servers, there appear quite a lot of heterogeneous solutions in front of us, from which we must choose the one that fully satisfies us. Usually we choose between these three:
Features of Solaris Zones:
For the demonstration, install a zone called habrazone.
I have Solaris OS 10 09/10 and it is installed on ZFS . In the next article I will describe the process of creating a separate pool on ZFS, installing zones in this pool, and also allocating guaranteed CPU and RAM for a zone, and in this only setting the zone to a separate directory without assigning it to resources. The zone will be no frills (forwarding physical network interfaces, raw devices etc), but simply with a virtual network interface at the host level.
So, first create a directory in which the zone will be installed, and assign rights to it.
It's simple. Only root can look into this zone and no one else.
To create a zone, use the zonecfg command with the –z key.
Now I will comment a little on what happened here:
zonecfg: habrazone> create - create a zone. In fact, there is no zone as such. This is just her config in XML.
zonecfg: habrazone> set zonepath = / export / habrazone - the zone will be located along the path / export / habrazone
zonecfg: habrazone> set autoboot = true - the zone will start automatically with the host bootup, for example, after a reboot.
zonecfg: habrazone> add net - add the network interface to the zone configuration
zonecfg: habrazone: net> set physical = bge0 - the virtual interface will be placed above bge0
zonecfg: habrazone: net> set address = 10.44.3.92 - the address of our zone
zonecfg: habrazone: net> end - end
zonecfg: habrazone> add attr - added “name” for the zone
zonecfg: habrazone: attr> set name = comment
zonecfg: habrazone: attr> set type = string
zonecfg: habrazone: attr> set value = "Habrahabr" is our favorite resource
zonecfg: habrazone: attr> end - and again end
zonecfg: habrazone> verify - check the config. If there are errors in the config, then in this place we will be informed about it.
zonecfg: habrazone> commit - commit
zonecfg: habrazone> exit - exit
Let's see our config entirely. Pay attention to inherit-pkg-dir . They point to directories that are "inherited" from the global zone.
Now we have only 1 zone - global. The list of zones can be viewed with the zoneadm command with the list –iv keys:
Now we are all ready for the installation zone. To install the zone, the already familiar zoneadm command is used, but as parameters it is passed the name of the still non-install zone with the install command:
I would like to note that the OS files are copied from the global zone to the zone, and part of the directories are inherited. Inherited directories in the zone are in read only.
In the list of zones, we have a new zone:
And its size is very small as for almost separate OS.
Start and stop is performed using the zoneadm –z <zone name> boot and zoneadm –z <zone name> halt, respectively:
After starting the zone, you can check what has changed, for example in the configuration of the network interfaces of the host.
As can be seen from the output of ifconfig, a virtual interface has appeared in the system, to which the zone address is assigned. A zone can also be given a separate physical interface, for example, if an application is raised in a zone that actively exploits the network, and to enable other zones to function normally.
After the zone has booted, you need to enter the console and enter the minimum configuration (hostname, time zone, name service, root password etc).
You can log in using zlogin –C <zone name>:
Next, we answer the OS questions about hostname, time zone, name service, enter the root password. After all the configuration steps, the zone will reboot itself and we will be able to get to its console by the same zlogin <zone name> or ssh:
The zone is ready.
In the next article I will try to describe how you can allocate resources (raw, CPU, RAM) for a zone and how you can migrate zones between hosts.
Thanks for attention.
Introduction
The Solaris Zone (Solaris Container) technology is a technology that allows the Solaris 10 OS to be divided into software containers (zones), almost independent operating systems that can have separate independent resources (processors, memory, disk space) and their own users.
Koneteynery is a good solution for building application servers in which each application will have its own honest guaranteed (or shared between all zones) piece of resources with which it can work. Such a solution will allow to consolidate the infrastructure on more powerful servers, which will generally reduce the cost and complexity of information systems.
')
When planning to consolidate servers, there appear quite a lot of heterogeneous solutions in front of us, from which we must choose the one that fully satisfies us. Usually we choose between these three:
- Domains - Oracle VM Server for SPARC (ex LDom from Sun) or IBM LPAR s
- Virtual Machines - Vmware, Microsoft Hyper-V etc
- Isolated OS-level partitions - Solaris Zones , FreeBSD Jail, LVS (Linux Virtual Server)
Features of Solaris Zones:
- Security - an application running in a zone is running in a sandbox, that is, a process, even running as root within a zone, cannot affect other zones or the global zone (control, root zone). Reboot or shutdown is available only from the global zone.
- Insulation - zones have the exclusive right to the resources allocated to it; zones can have my own users and my own root user. Restarting a zone can in no way affect other zones running on the host.
- Flexibility — zone resources can be assigned rigidly or a zone can use a shared pool of host resources.
Create Solaris Zone
For the demonstration, install a zone called habrazone.
I have Solaris OS 10 09/10 and it is installed on ZFS . In the next article I will describe the process of creating a separate pool on ZFS, installing zones in this pool, and also allocating guaranteed CPU and RAM for a zone, and in this only setting the zone to a separate directory without assigning it to resources. The zone will be no frills (forwarding physical network interfaces, raw devices etc), but simply with a virtual network interface at the host level.
So, first create a directory in which the zone will be installed, and assign rights to it.
# mkdir /export/habrazone
# chown root:root /export/habrazone
# chmod 700 /export/habrazoneIt's simple. Only root can look into this zone and no one else.
To create a zone, use the zonecfg command with the –z key.
# zonecfg -z habrazone
habrazone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:habrazone> create
zonecfg:habrazone> set zonepath=/export/habrazone
zonecfg:habrazone> set autoboot=true
zonecfg:habrazone> add net
zonecfg:habrazone:net> set physical=bge0
zonecfg:habrazone:net> set address=10.44.3.92
zonecfg:habrazone:net> end
zonecfg:habrazone> add attr
zonecfg:habrazone:attr> set name=comment
zonecfg:habrazone:attr> set type=string
zonecfg:habrazone:attr> set value="Habrahabr"
zonecfg:habrazone:attr> end
zonecfg:habrazone> verify
zonecfg:habrazone> commit
zonecfg:habrazone> exitNow I will comment a little on what happened here:
zonecfg: habrazone> create - create a zone. In fact, there is no zone as such. This is just her config in XML.
zonecfg: habrazone> set zonepath = / export / habrazone - the zone will be located along the path / export / habrazone
zonecfg: habrazone> set autoboot = true - the zone will start automatically with the host bootup, for example, after a reboot.
zonecfg: habrazone> add net - add the network interface to the zone configuration
zonecfg: habrazone: net> set physical = bge0 - the virtual interface will be placed above bge0
zonecfg: habrazone: net> set address = 10.44.3.92 - the address of our zone
zonecfg: habrazone: net> end - end
zonecfg: habrazone> add attr - added “name” for the zone
zonecfg: habrazone: attr> set name = comment
zonecfg: habrazone: attr> set type = string
zonecfg: habrazone: attr> set value = "Habrahabr" is our favorite resource
zonecfg: habrazone: attr> end - and again end
zonecfg: habrazone> verify - check the config. If there are errors in the config, then in this place we will be informed about it.
zonecfg: habrazone> commit - commit
zonecfg: habrazone> exit - exit
Let's see our config entirely. Pay attention to inherit-pkg-dir . They point to directories that are "inherited" from the global zone.
# zonecfg -z habrazone info
zonename: habrazone
zonepath: /export/habrazone
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid:
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
net:
address: 10.44.3.92
physical: bge0
defrouter not specified
attr:
name: comment
type: string
value: Habrahabr
Now we have only 1 zone - global. The list of zones can be viewed with the zoneadm command with the list –iv keys:
# zoneadm list -iv
ID NAME STATUS PATH BRAND IP
0 global running / native sharedNow we are all ready for the installation zone. To install the zone, the already familiar zoneadm command is used, but as parameters it is passed the name of the still non-install zone with the install command:
# zoneadm -z habrazone install
A ZFS file system has been created for this zone.
Preparing to install zone habrazone.
Creating list of files to copy from the global zone.
Copying 3137 files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize 1207 packages on the zone.
Initialized 1207 packages on zone.
Zone habrazone is initialized.
The file /export/habrazone/root/var/sadm/system/logs/install_log contains a log of the zone installation.
I would like to note that the OS files are copied from the global zone to the zone, and part of the directories are inherited. Inherited directories in the zone are in read only.
In the list of zones, we have a new zone:
# zoneadm list -iv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
- habrazone installed /export/habrazone native sharedAnd its size is very small as for almost separate OS.
# du -shk /export/habrazone/
79M /export/habrazoneStart and stop is performed using the zoneadm –z <zone name> boot and zoneadm –z <zone name> halt, respectively:
# zoneadm -z habrazone boot
After starting the zone, you can check what has changed, for example in the configuration of the network interfaces of the host.
# /sbin/ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone habrazone
inet 127.0.0.1 netmask ff000000
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.44.3.93 netmask ffffff00 broadcast 10.44.3.255
ether 0:14:4f:79:91:1a
bge0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone habrazone
inet 10.44.3.92 netmask ffffff00 broadcast 10.44.3.255As can be seen from the output of ifconfig, a virtual interface has appeared in the system, to which the zone address is assigned. A zone can also be given a separate physical interface, for example, if an application is raised in a zone that actively exploits the network, and to enable other zones to function normally.
After the zone has booted, you need to enter the console and enter the minimum configuration (hostname, time zone, name service, root password etc).
You can log in using zlogin –C <zone name>:
# zlogin –C habrazoneNext, we answer the OS questions about hostname, time zone, name service, enter the root password. After all the configuration steps, the zone will reboot itself and we will be able to get to its console by the same zlogin <zone name> or ssh:
# hostname
globalzone
# zlogin habrazone
[Connected to zone 'habrazone' pts/1]
Last login: Fri Jul 1 18:43:32 on pts/3
Oracle Corporation SunOS 5.10 Generic Patch January 2005
# hostname
habrazoneThe zone is ready.
In the next article I will try to describe how you can allocate resources (raw, CPU, RAM) for a zone and how you can migrate zones between hosts.
Thanks for attention.
Source: https://habr.com/ru/post/123221/
All Articles