Creating A Zone (Solaris 10)

From S23Wiki
Revision as of 07:27, 17 November 2010 by DrOwl (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Simple steps to get a zone up and running.

The Manual Way

First for our standard build we have three volumes in a zone '/', '/var', and '/cust' (to be decided per customer).

Easist method to create these is to create one mirrored metadevice then create one soft partition for each 'metainit d(new device) -p d(underlying device) (size eg 2g)'.

Mount these at /zones/zone1, /zones/zone1/var, /zones/zone1/cust. You cannot mount /var and /cust under zone1/root (the eventual location of the root zone) as zone1/root must not exist when creating the zone.

Then create the zone using zonecfg. Here's an example session, it's all fairly obvious. Full details on page 235 in "Solcaris Containers - Resource Management and Solaris Zones"

bash-3.00# zonecfg -z zone1
zone1: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:zone1> create
zonecfg:zone1> set zonepath=/zones/zone1
zonecfg:zone1> set autoboot=true
zonecfg:zone1> set scheduling-class=FSS
zonecfg:zone1> add rctl
zonecfg:zone1:rctl> set name=zone.cpu-shares
zonecfg:zone1:rctl> add value (priv=privileged,limit=100,action=none)
zonecfg:zone1:rctl> end
zonecfg:zone1> add fs
zonecfg:zone1:fs> set dir=/var
zonecfg:zone1:fs> set special=/zones/zone1/var
zonecfg:zone1:fs> set type=lofs
zonecfg:zone1:fs> end
zonecfg:zone1> add fs
zonecfg:zone1:fs> set dir=/cust
zonecfg:zone1:fs> set special=/zones/zone1/cust
zonecfg:zone1:fs> set type=lofs
zonecfg:zone1:fs> end
zonecfg:zone1> add net
zonecfg:zone1:net> set address=10.1.2.3
zonecfg:zone1:net> set physical=hme0
zonecfg:zone1:net> end
zonecfg:zone1> add net
zonecfg:zone1:net> set address=127.0.0.101
zonecfg:zone1:net> set physical=lo0
zonecfg:zone1:net> end
zonecfg:zone1> add attr
zonecfg:zone1:attr> set name=comment
zonecfg:zone1:attr> set type=string
zonecfg:zone1:attr> set value="test zone"
zonecfg:zone1:attr> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit

At any stage you can now check the status of the zone:

bash-3.00# zoneadm -z zone1 list -v
  ID NAME             STATUS         PATH
   - zone1            configured     /zones/zone1

You now need to install the zone, this copies files to the zone and readies it for identification.

You should verify the status of the zone before you install it

bash-3.00# zoneadm -z zone1 verify
/zones/zone1 must not be group readable.
/zones/zone1 must not be group executable.
/zones/zone1 must not be world readable.
/zones/zone1 must not be world executable.
could not verify zonepath /zones/zone1 because of the above errors.
zoneadm: zone zone1 failed to verify

Fix any errors and rerun verify before you install.

Now install the zone

bash-3.00# zoneadm -z zone1 install
Preparing to install zone <zone1>.
Creating list of files to copy from the global zone.
Copying <3439> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <1037> packages on the zone.
Initialized <1037> packages on zone.
Zone <zone1> is initialized.
Installation of these packages generated errors: <SUNWsrsdm>
Installation of <3> packages was skipped.
Installation of these packages generated warnings: <SUNWpprou SUNWapchu SUNWipplu SUNWtcatu>
The file </zones/zone1/root/var/sadm/system/logs/install_log> contains a log of the zone installation.

If you like you can trainsition the zone to the 'ready' state, but it'll do this automatically if you just boot the zone 'zoneadm -z zone1 ready'

If you want to give the zone it's identity manually you can now just boot the zone. Preferably tho create a 'sysidcfg' file at /zones/zone1/root/etc/sysidcfg. Similar to this:

system_locale=C
terminal=dtterm
network_interface=primary {
	hostname=zone1
}
security_policy=NONE
name_service=DNS {
	domain_name=localnet
	name_server=4.2.2.2,195.92.195.92
	search=yoururl.com }
timezone=GB
root_password=H/h49DNFXYDU2

(that root_password will give you abc123)

If you don't have a real hostname configured for the box yet, set 'name_service=NONE' and sort out nsswitch.conf and resolv.conf at a later date.

Now set 'NFSMAPID_DOMAIN=zone1' (zone1 your hostname) in /zones/zone1/root/etc/default/nfs. Then do

touch .NFS4inst_state.domain

in the etc/default directory.

Now boot the zone

bash-3.00# zoneadm -z zone1 boot
bash-3.00# zoneadm -z zone1 list -v
  ID NAME             STATUS         PATH
   1 zone1            running        /zones/zone1

Now login to the zone on the console (-C) to configure the zone

bash-3.00# zlogin -C zone1
[Connected to zone 'zone1' console]

If you didn't do the sysidcfg you now need to give the box its identity:

  • hostname
  • Kerberos yes/no
  • Name Service (eg DNS)
  • Domain Name
  • DNS Servers
  • Search Domains
  • Time Zone
  • Root Password
  • Override NFS v4 Domain Name (choose 'no' generally)

The zone will now reboot and will then be ready to use.