root@frneucvt01-r1# ls -ltr
total 2
drwxr-xr-x 2 root root 512 Apr 7 12:16 frneucvt01-r2
root@frneucvt01-r1# ls
frneucvt01-r2
root@frneucvt01-r1# bash
root@frneucvt01-r1# zonecfg -z frneucvt01-r2
frneucvt01-r2: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:frneucvt01-r2> create
zonecfg:frneucvt01-r2> set zonepath=/export/zones/frneucvt01-r2
zonecfg:frneucvt01-r2> set autoboot=true
zonecfg:frneucvt01-r2> add inherit-pkg-dir
zonecfg:frneucvt01-r2:inherit-pkg-dir> set dir=/lib
zonecfg:frneucvt01-r2:inherit-pkg-dir> end
An inherit-pkg-dir resource with the dir '/lib' already exists.
zonecfg:frneucvt01-r2:inherit-pkg-dir> add inherit-pkg-dir
usage:
add
(global scope)
add
(resource scope)
Add specified resource to configuration.
zonecfg:frneucvt01-r2:inherit-pkg-dir> end
An inherit-pkg-dir resource with the dir '/lib' already exists.
zonecfg:frneucvt01-r2:inherit-pkg-dir> set dir=/platform
zonecfg:frneucvt01-r2:inherit-pkg-dir> end
An inherit-pkg-dir resource with the dir '/platform' already exists.
zonecfg:frneucvt01-r2:inherit-pkg-dir> set dir=/sbin
zonecfg:frneucvt01-r2:inherit-pkg-dir> end
An inherit-pkg-dir resource with the dir '/sbin' already exists.
zonecfg:frneucvt01-r2:inherit-pkg-dir> dir=/usr
syntax error at 'd'
Commands:
add
(global scope)
add
(resource scope)
cancel
clear
commit
create [-F] [ -a | -b | -t ]
delete [-F]
end
exit [-F]
export [-f output-file]
help [commands] [syntax] [usage] []
info [ [property-name=property-value]*]
remove [-F] [ = ]*
(global scope)
remove
(resource scope)
revert [-F]
select { = }
set=
verify
zonecfg:frneucvt01-r2:inherit-pkg-dir> set dir=/usr
zonecfg:frneucvt01-r2:inherit-pkg-dir> set dir=/opt
zonecfg:frneucvt01-r2:inherit-pkg-dir> set dir=/home
zonecfg:frneucvt01-r2:inherit-pkg-dir> end
zonecfg:frneucvt01-r2> add net
zonecfg:frneucvt01-r2:net> set address=10.237.25.217
zonecfg:frneucvt01-r2:net> set physical=fjgi0
zonecfg:frneucvt01-r2:net> end
zonecfg:frneucvt01-r2> add rctl
zonecfg:frneucvt01-r2:rctl> set name=zone.cpu-shares
zonecfg:frneucvt01-r2:rctl> add value (priv=privileged,limit=2,action=none)
zonecfg:frneucvt01-r2:rctl> end
zonecfg:frneucvt01-r2> verify
zonecfg:frneucvt01-r2> commit
zonecfg:frneucvt01-r2>
root@frneucvt01-r1# zoneadm list -iv n( Installed)
ID NAME STATUS PATH BRAND IP
0 global running / native shared
root@frneucvt01-r1# zoneadm list -cv ( Configured )
ID NAME STATUS PATH BRAND IP
0 global running / native shared
- frneucvt01-r2 configured /export/zones/frneucvt01-r2 native shared
root@frneucvt01-r1# zoneadm -z frneucvt01-r2 verify
/export/zones/frneucvt01-r2 must not be group readable.
/export/zones/frneucvt01-r2 must not be group executable.
/export/zones/frneucvt01-r2 must not be world readable.
/export/zones/frneucvt01-r2 must not be world executable.
could not verify zonepath /export/zones/frneucvt01-r2 because of the above errors.
zoneadm: zone frneucvt01-r2 failed to verify
root@frneucvt01-r1# pwd
/export/zones
root@frneucvt01-r1# ls -ltr
total 2
drwxr-xr-x 2 root root 512 Apr 7 12:16 frneucvt01-r2
root@frneucvt01-r1# chmod 700 frneucvt01-r2
root@frneucvt01-r1# zoneadm -z frneucvt01-r2 verify
root@frneucvt01-r1# zoneadm -z frneucvt01-r2 install
Preparing to install zone.
Creating list of files to copy from the global zone.
Copying <8142> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <816> packages on the zone.
Initialized <816> packages on zone.
Zone is initialized.
Installation of <12> packages was skipped.
Installation of these packages generated warnings:
The file
contains a log of the zone installation.
total 2
drwxr-xr-x 2 root root 512 Apr 7 12:16 frneucvt01-r2
root@frneucvt01-r1# ls
frneucvt01-r2
root@frneucvt01-r1# bash
root@frneucvt01-r1# zonecfg -z frneucvt01-r2
frneucvt01-r2: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:frneucvt01-r2> create
zonecfg:frneucvt01-r2> set zonepath=/export/zones/frneucvt01-r2
zonecfg:frneucvt01-r2> set autoboot=true
zonecfg:frneucvt01-r2> add inherit-pkg-dir
zonecfg:frneucvt01-r2:inherit-pkg-dir> set dir=/lib
zonecfg:frneucvt01-r2:inherit-pkg-dir> end
An inherit-pkg-dir resource with the dir '/lib' already exists.
zonecfg:frneucvt01-r2:inherit-pkg-dir> add inherit-pkg-dir
usage:
add
(global scope)
add
(resource scope)
Add specified resource to configuration.
zonecfg:frneucvt01-r2:inherit-pkg-dir> end
An inherit-pkg-dir resource with the dir '/lib' already exists.
zonecfg:frneucvt01-r2:inherit-pkg-dir> set dir=/platform
zonecfg:frneucvt01-r2:inherit-pkg-dir> end
An inherit-pkg-dir resource with the dir '/platform' already exists.
zonecfg:frneucvt01-r2:inherit-pkg-dir> set dir=/sbin
zonecfg:frneucvt01-r2:inherit-pkg-dir> end
An inherit-pkg-dir resource with the dir '/sbin' already exists.
zonecfg:frneucvt01-r2:inherit-pkg-dir> dir=/usr
syntax error at 'd'
Commands:
add
(global scope)
add
(resource scope)
cancel
clear
commit
create [-F] [ -a
delete [-F]
end
exit [-F]
export [-f output-file]
help [commands] [syntax] [usage] [
info [
remove [-F]
(global scope)
remove
(resource scope)
revert [-F]
select
set
verify
zonecfg:frneucvt01-r2:inherit-pkg-dir> set dir=/usr
zonecfg:frneucvt01-r2:inherit-pkg-dir> set dir=/opt
zonecfg:frneucvt01-r2:inherit-pkg-dir> set dir=/home
zonecfg:frneucvt01-r2:inherit-pkg-dir> end
zonecfg:frneucvt01-r2> add net
zonecfg:frneucvt01-r2:net> set address=10.237.25.217
zonecfg:frneucvt01-r2:net> set physical=fjgi0
zonecfg:frneucvt01-r2:net> end
zonecfg:frneucvt01-r2> add rctl
zonecfg:frneucvt01-r2:rctl> set name=zone.cpu-shares
zonecfg:frneucvt01-r2:rctl> add value (priv=privileged,limit=2,action=none)
zonecfg:frneucvt01-r2:rctl> end
zonecfg:frneucvt01-r2> verify
zonecfg:frneucvt01-r2> commit
zonecfg:frneucvt01-r2>
root@frneucvt01-r1# zoneadm list -iv n( Installed)
ID NAME STATUS PATH BRAND IP
0 global running / native shared
root@frneucvt01-r1# zoneadm list -cv ( Configured )
ID NAME STATUS PATH BRAND IP
0 global running / native shared
- frneucvt01-r2 configured /export/zones/frneucvt01-r2 native shared
root@frneucvt01-r1# zoneadm -z frneucvt01-r2 verify
/export/zones/frneucvt01-r2 must not be group readable.
/export/zones/frneucvt01-r2 must not be group executable.
/export/zones/frneucvt01-r2 must not be world readable.
/export/zones/frneucvt01-r2 must not be world executable.
could not verify zonepath /export/zones/frneucvt01-r2 because of the above errors.
zoneadm: zone frneucvt01-r2 failed to verify
root@frneucvt01-r1# pwd
/export/zones
root@frneucvt01-r1# ls -ltr
total 2
drwxr-xr-x 2 root root 512 Apr 7 12:16 frneucvt01-r2
root@frneucvt01-r1# chmod 700 frneucvt01-r2
root@frneucvt01-r1# zoneadm -z frneucvt01-r2 verify
root@frneucvt01-r1# zoneadm -z frneucvt01-r2 install
Preparing to install zone
Creating list of files to copy from the global zone.
Copying <8142> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <816> packages on the zone.
Initialized <816> packages on zone.
Zone
Installation of <12> packages was skipped.
Installation of these packages generated warnings:
The file
root@frneucvt01-r1#
oot@frneucvt01-r1# zoneadm list -v
ID NAME STATUS PATH BRAND IP
0 global running / native shared
root@frneucvt01-r1# zoneadm list -iv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
- frneucvt01-r2 installed /export/zones/frneucvt01-r2 native shared
root@frneucvt01-r1# zoneadm -z frneucvt01-r2 ready
zoneadm: zone 'frneucvt01-r2': WARNING: The zone.cpu-shares rctl is set but
zoneadm: zone 'frneucvt01-r2': FSS is not the default scheduling class for
zoneadm: zone 'frneucvt01-r2': this zone. FSS will be used for processes
zoneadm: zone 'frneucvt01-r2': in the zone but to get the full benefit of FSS,
zoneadm: zone 'frneucvt01-r2': it should be the default scheduling class.
zoneadm: zone 'frneucvt01-r2': See dispadmin(1M) for more details.
root@frneucvt01-r1# zlogin -C frneucvt01-r2
[Connected to zone 'frneucvt01-r2' console]
[NOTICE: Zone booting up]
root@frneucvt01-r1# zoneadm -z frneucvt01-r2 boot
What type of terminal are you using?
1) ANSI Standard CRT
2) DEC VT52
3) DEC VT100
4) Heathkit 19
5) Lear Siegler ADM31
6) PC Console
7) Sun Command Tool
8) Sun Workstation
9) Televideo 910
10) Televideo 925
11) Wyse Model 50
12) X Terminal Emulator (xterms)
13) CDE Terminal Emulator (dtterm)
14) Other
Type the number of your choice and press Return: 3
Creating new rsa public/private host key pair
Creating new dsa public/private
"/etc/ssh/sshd_config" 15 edit this file
root@frneucvt01-r1# zonecfg -z frneucvt01-r2
zonecfg:frneucvt01-r2> add fs set
zonecfg:frneucvt01-r2:fs> set dir=/data_ora /rt zone directory
zonecfg:frneucvt01-r2:fs> set special=/DATA/frneucvt01-r2/data_ora /opt golbal directory
zonecfg:frneucvt01-r2:fs> set type=lofs
zonecfg:frneucvt01-r2:fs> end
root@frneucvt01-r1# mount -F lofs /DATA/frneucvt01-r2/product_weblogic/ /export/zones/frneucvt01-r2/root/product_weblogic/
root@frneucvt01-r1# mount -F lofs /DATA/frneucvt01-r2/data_ora /export/zones/frneucvt01-r2/root/data_ora
root@frneucvt01-r1# mount -F lofs /DATA/frneucvt01-r3/u01 /export/zones/frneucvt01-r3/root/u01
root@frneucvt01-r1# mount -F lofs /DATA/frneucvt01-r3/u02 /export/zones/frneucvt01-r3/root/u02
global # newfs /dev/md/rdsk/d100
newfs: construct a new file system /dev/md/rdsk/d100: (y/n)? y
Warning: 1280 sector(s) in last cylinder unallocated
/dev/md/rdsk/d100: 1024000 sectors in 712 cylinders of 15 tracks, 96 sectors
500.0MB in 45 cyl groups (16 c/g, 11.25MB/g, 5440 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 23168, 46304, 69440, 92576, 115712, 138848, 161984, 185120, 208256,
806720, 829856, 852992, 876128, 899264, 922400, 945536, 968672, 991808,
1014944,
global # zonecfg -z zone1
zonecfg:zone1> add fs
zonecfg:zone1:fs> set dir=/u01
zonecfg:zone1:fs> set special=/dev/md/dsk/d100
zonecfg:zone1:fs> set raw=/dev/md/rdsk/d100
zonecfg:zone1:fs> set type=ufs
zonecfg:zone1:fs> end
zonecfg:zone1> exit
At this point we could reboot the zone and have the new file system mounted during zone boot. However, there is no need to restart the zone because the file system can be mounted into the running zone from the global zone. The only thing we have to do now is add the mountpoint in the zone ourselves:
global # mkdir /export/zones/zone1/root/u01
global # mount /dev/md/dsk/d100 /export/zones/zone1/root/u01
global # zonecfg -z zone1
zonecfg:zone1> add net
zonecfg:zone1:net> set physical=hme0
zonecfg:zone1:net> set address=192.168.1.13/24
zonecfg:zone1:net> end
zonecfg:zone1> exit
global # ifconfig hme0 addif 192.168.1.13 netmask + broadcast + zone zone1 up
Created new logical interface hme0:3
Setting netmask of hme0:3 to 255.255.255.0
The key point here is the 'zone' option of ifconfig. Running ifconfig -a inside the zone shows that we now have the extra network interface. And without having to reboot the zone!
zone1 # ifconfig -a
lo0:5: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0:2: flags=1000843 mtu 1500 index 2
inet 129.159.206.38 netmask ffffffc0 broadcast 129.159.206.63
hme0:3: flags=1000843 mtu 1500 index 2
inet 192.168.1.13 netmask ffffff00 broadcast 192.168.1.255
# save -vvv -D7 -S backup-par2 /opt
Clone a zone
From a global zone:
zoneadm -z
zonecfg -z
Modify zone.cfg file as needed. Particularly, change zonepath and IP address(es). Then
zonecfg -z
Copy zonename.tar to a new host. On the new host execute:
tar -xf zonename.tar
zonecfg -z
zonename: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:zonename>create -a
zonecfg:zonename>info
Make any necessary adjustments to the configuration. Then
zonecfg:zonename>exit
zoneadm -z
To create a whole root zone, remove all inherit-pkg-dir resources as shown below
zonecfg -z
zonecfg:zonename>remove inherit-pkg-dir=/sbin
zonecfg:zonename>remove inherit-pkg-dir=/usr
zonecfg:zonename>remove inherit-pkg-dir=/platform
zonecfg:zonename>remove inherit-pkg-dir=/lib
zonecfg:zonename>exit
The interface would be
#zoneadm -z zonename lock
With the zone locked no changes in the global zone effects the
non-global zones.
#zoneadm -z zonename unlock
Now packages installed after being unlocked would be installed in the
non-global zone at the same time as happens now.
Existing System Setup
SunFire T1000 with a single sparse root zone (zone1) installed in /export/zones/zone1. The objective is to create a clone of zone1 called zone2
but using a different IP address and physical network port. I am not using any ZFS datasets (yet).
Procedure
1. Export the configuration of the zone you want to clone/copy
# zonecfg -z zone1 export > zone2.cfg
2. Change the details of the new zone that differ from the existing one (e.g. IP address, data set names, network interface etc.)
# vi zone2.cfg
3. Create a new (empty, unconfigured) zone in the usual manner based on this configuration file
# zonecfg -z zone2 -f zone2.cfg
4. Ensure that the zone you intend to clone/copy is not running
# zoneadm -z zone1 halt
5. Clone the existing zone
# zoneadm -z zone2 clone zone1
Cloning zonepath /export/zones/zone1...
This took around 5 minutes to clone a 1GB zone (see notes below)
6. Verify both zones are correctly installed
# zoneadm list -vi
ID NAME STATUS PATH
0 global running /
- zone1 installed /export/zones/zone1
- zone2 installed /export/zones/zone2
7. Boot the zones again (and reverify correct status)
# zoneadm -z zone1 boot
# zoneadm -z zone2 boot
# zoneadm list -vi
ID NAME STATUS PATH
0 global running /
5 zone1 running /export/zones/zone1
6 zone2 running /export/zones/zone2
8. Configure the new zone via its console (very important)
# zlogin -C zone2
The above step is required to configure the locale, language, IP settings of the new zone.
It also creates the system-wide RSA key pairs for the new zone, without which you cannot SSH into the zone.
If this step not done, many of the services on the new zone will not start and you may observe /etc/.UNCONFIGURED errors in certain log files.
Delegating ZFS File system to a Non-Global Zone
Delegating the file system will provide control to non-global zone for managing the file system properties a
nd the priviledge to perform activities like create snapshot,clone over the file system.
[root@geekyfacts]# zonecfg -z tzone
zonecfg:tzone> add dataset
zonecfg:tzone:dataset> set name=testpool/zonefs
zonecfg:tzone:dataset> end
zonecfg:tzone> commit
zonecfg:tzone> exit
[root@geekyfacts]#
Example: Zones + Raw Devices global#zonecfg -z zone1 zonecfg:zone1> add device
zonecfg:zone1:device> set match=/dev/rdsk/c0d0s6
zonecfg:zone1:device> end
zonecfh:zone1> add device
zonecfg:zone1:device> set match=/dev/dsk/c0d0s6
zonecfg:zone1:device> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> ^D
>Adds a raw device directly into the non-global zone
>Creates device node for the new device
>Match can include wildcards and is evaluated each time the zone boots
zone1# newfs /dev/rdsk/c0d0s6 zone1# mount /dev/dsk/c0d0s6 /opt/local
Reporting Memory Utilization and the Memory Cap Enforcement Threshold
# rcapstat -g
id project nproc vm rss cap at avgat pg avgpg
376565 rcap 0 0K 0K 10G 0K 0K 0K 0K
physical memory utilization: 55% cap enforcement threshold: 0%
id project nproc vm rss cap at avgat pg avgpg
376565 rcap 0 0K 0K 10G 0K 0K 0K 0K
physical memory utilization: 55% cap enforcement threshold: 0%
For linux Branded zone :
global# **zonecfg -z myzone "create -t SUNWlx; set zonepath=/export/myzone_root"**
global# **zoneadm -z myzone install -d** //
No comments:
Post a Comment