Playing with Solaris Zones

-
Solaris supports operating system-level virtualization, allowing you to run only Solaris in virtual hosts, utilizing the same kernel copy as the parent OS. This results in high performance, with overhead degradation typically between 1-3%.

Zones

There are two types of zones:

  1. Global/Parent Zone (Base OS)
  2. Non-Global Zones

Key Points about Zones:

  • A single machine can host up to 8192 zones.
  • Zones do not support graphics.
  • Zones are not installed from DVD or other media; they are created from the parent OS.
  • It is common not to run services on the Global Zone, as its failure affects all Non-Global Zones.

Types of Non-Global Zones:

  1. Whole Root Zone: This contains a complete Solaris OS. It's slower and generally not recommended for production as it acts as a full replica of the Global Zone.
  2. Spare Root Zone: This type shares parts of the Solaris OS with the parent zone, offering faster performance since only essential components are loaded.

Inheritance in Spare Root Zones

Spare Root Zones inherit four key directories from the Global Zone:

  1. /usr: Uses all programs from the Global Zone; removing a program here doesn't affect the Global Zone.
  2. /lib: Utilizes the OS libraries from the Global Zone.
  3. /sbin: Accesses superuser binaries from the Global Zone.
  4. /platform: Downloads platform-independent modules from the Global Zone.

Zone States

A zone can exist in several states:

  • Configured: Initial configuration is set, but the zone isn't installed and cannot be booted.
  • Incomplete: Indicates the zone is being installed or uninstalled.
  • Installed: The zone is configured, packages are installed, and it is ready to be booted.
  • Ready: The zone is prepared for use, with a scheduled process and plumbed interfaces, ready to transition to a running state.
  • Running: The zone is active and can be used.
  • Shutting Down/Down: Indicates the zone is in the process of being halted.

Configuring a Spare Root Zone

To configure a spare root zone, follow these steps:

  1. Configure
  2. Install
  3. Boot

Commands for Managing a Spare Root Zone

To check the current zone name (default is the Global Zone):

-bash-3.00# zonename
global

To list the zones on the machine:

-bash-3.00# zoneadm list
global

To view zone information:

-bash-3.00# cat /etc/zones/index

Creating a Zone

  1. Create a directory for the zone: 
    -bash-3.00# mkdir /solzone
-bash-3.00# chmod 700 /solzone
  2. Start configuring the zone: 
    -bash-3.00# zonecfg -z solzone
solzone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:solzone>
  3. Create the zone: 
    zonecfg:solzone> create
  4. Set the zone path: 
    zonecfg:solzone> set zonepath=/solzone/
  5. Configure it to boot on startup: 
    zonecfg:solzone> set autoboot=true
  6. Set up the network interface: 
    zonecfg:solzone> add net
zonecfg:solzone:net> set address=192.168.56.200
zonecfg:solzone:net> set physical=e1000g1
zonecfg:solzone:net> end
  7. Limit memory usage: 
    zonecfg:solzone> add capped-memory
zonecfg:solzone:capped-memory> set physical=512m
zonecfg:solzone:capped-memory> set swap=512m
zonecfg:solzone:capped-memory> end
  8. Verify and commit the configuration: 
    zonecfg:solzone> verify
zonecfg:solzone> commit
zonecfg:solzone> exit

Installing the Zone

-bash-3.00# zoneadm -z solzone install

Preparing the Zone for Booting

-bash-3.00# zoneadm -z solzone ready

Booting the Zone

-bash-3.00# zoneadm -z solzone boot

Logging into the Console

-bash-3.00# zlogin -C solzone

(Note: Using -C requires a password for root access.)

Uninstalling the Zone

-bash-3.00# zoneadm -z solzone uninstall

Checking the Zone List

-bash-3.00# zoneadm list -v

Reconfiguring the Zone

-bash-3.00# zonecfg -z solzone

Comments

Post a Comment

Popular posts from this blog

Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

-
The error usually arises from one of the following issues: Missing Certificate File: The certificate file may not be located at the specified path. Ensure that the file exists and the path is correctly referenced in your SSL configuration. Incorrect SSL Configuration: There may be issues within your SSL settings. Double-check your configuration files for any errors or misconfigurations that could affect SSL functionality. If neither of these issues seems to be the problem, try the following: Update the Apache Ports Configuration: Open the /etc/apache2/ports.conf file and locate the line that reads "Listen 443". Change it to "Listen 443 http". This adjustment can help ensure that Apache correctly listens for secure connections on port 443. By addressing these points, you should be able to resolve the error effectively.
Read more

Using a Self signed Certificate to Run Apache2 under SSL

-
Generating a Self-Signed Certificate for Apache2 SSL Generating a Self-Signed Certificate for Apache2 SSL This guide will help you create a self-signed certificate to enable SSL for Apache2. While using a commercial certificate is preferable for production environments, a self-signed certificate is suitable for development or testing purposes. Step 1: Enable SSL for Apache First, enable the SSL module in Apache: sudo a2enmod ssl Step 2: Create a Directory for Certificates Next, create a directory to store your self-signed certificate and its associated keys: sudo mkdir /etc/apache2/certificate Step 3: Generate the Self-Signed Certificate Now, generate the keys for your self-signed certificate. You will be prompted to provide some information during this process: sudo openssl req -new -x509 -days 1095 -nodes -out /etc/apache2/certificate/apache.pem -keyout /etc/apache2/certificate/apache.key During this step, you will see output similar to this:...
Read more

IPS (Image Packaging system) in Solaris 10

-
In Standard Solaris, IPS is exclusively a feature of Oracle Solaris 11. While Oracle Solaris 10 provides some tools to achieve similar functionality, their use in production environments raises questions about reliability. Historically, package installation in Solaris has been challenging. Fortunately, some solutions now provide IPS-like functionality: 1. OpenCSW To utilize IPS functionality with OpenCSW in Oracle Solaris 10, follow these steps: Download the package from: http://mirror.opencsw.org/opencsw/current/i386/5.10/pkgutil-2.4%2CREV%3D2011.05.15-SunOS5.8-i386-CSW.pkg.gz Unzip the downloaded package: gunzip pkgutil-2.4,REV=2011.05.15-SunOS5.8-i386-CSW.pkg.gz Install the package: pkgadd -d pkgutil-2.4,REV=2011.05.15-SunOS5.8-i386-CSW.pkg Fetch the latest catalog: pkgutil --catalog Install any package with all dependencies: pkgutil -i vim 2. BlastWave To achieve IPS functionality ...
Read more