Saturday, January 1, 2011

Zones - Nut Shell

Zone Types:
1. Global zone
2. Non-global zone


Global zones:
1. Has 2 functions
2. Is both the default zone for the system and the zone used for system-wide administrative control.
3. Is the only zone from which a non-global zone can be configured, installed, managed, or uninstalled.
4. Only global zone is bootable from the system hardware.
5. Administration of the system infrastructure, such as physical devices, routing, or dynamic reconfiguration, is ONLY possible in the global zone.
6. Contains a complete installation of the Solaris system software packages.
7. Provides a complete database containing information about all installed components. It also holds configuration information specific to the global zone only, such as the global zone hostname and the file system table.
8. Is the only zone that is aware of all devices and all file systems.
9. Always has the name global.

Note:
1. Each zone is also given a unique numeric identifier, which is assigned by the system when the zone is booted.
2. The global zone is always mapped to zone id 0.
3. The system assigns non-zero IDz to non-global zones when they reboot. The number can change when the zone reboots.
4.

Non-global zones:
1. Can also contain Solaris software packages shared from the global zone and additional installed software packages not shared from the global zone.
2. Is not aware of the existence of any other zones. It CANNOT install, manage or uninstall itself or any other zones.


Zone daemons:
1. Uses 2 daemons to control zone operation.
a. zoneadm
b. zsched

Note:
The zoneadm daemon is the primary process for managing the zone’s virtual platform. There is one zoneadm process running for each active (ready, running or shutting down) zone on the system.

Unless the zoneadmd daemon is already running, it is automatically started by the zoneadm command.



Zoneadm:
Responsible for:
1. Managing zone booting and shutting down
2. Allocating the zone ID and starting the zsched system process
3. Setting zone-wide resource control (rctl)
4. Preparing the zone’s devices as specified in the zone configuration
5. Plumbing virtual network interfaces
6. Mounting loopback and conventional file systems



Zsched:
Every active zone has associated kernel process, zsched. The zsched process enables the zones subsystem to keep track of per-zone kernel threads. Kernel threads doing work on behalf of the zone are owned by zsched.



Zone file system:
There are 2 models for installing root file systems in non-global zones.
a. Sparse zone
b. Whole root zone



Sparse zone:
1. Installs minimal number of files from the global zone when a non-global zone is installed.
2. Only certain root packages are installed in the non-global zone. These include a subset of the required root packages that are normally installed in the global zone, as well as any additional root packaged that the global administrator might have selected.
Note:

Any files that need to be shared between a non-global zone and the global zone can be mounted as read-only loopback file systems. By default /lib, /usr, /platform and /sbin are mounted in this manner.

Once a zone is installed it is no longer dependent on the global zone unless a file system is mounted using a loopback file system.

A non-global zone CANNOT be a nfs server.



Whole root zone:
1. All of the required and any selected optional Solaris packages are installed into the private file systems of the zone.
2. Provides the maximum flexibility.
3. Advantages of this model include the capability for global zone administrators to customize their zones file system layout.



Zone states:
Undefined: The zone’s configuration has not been completed and committed to stable storage. This state also occurs when a zone’s configuration has been deleted.

Configured: Zone’s configuration is complete and committed to stable storage. However, those elements of the zone’s application environment that must be specified after initial boot are not yet present.


Incomplete:
This is a transitional state. During an install or uninstall operation, zoneadm sets the state of the target zone to incomplete. Upon successful completion of the operation, the state is set to the correct state. However, a zone that is unable to complete the install process will stop in this state.

Installed: During this state, the zones configuration is instantiated on the system. The zoneadm command is used to verify that the configuration can be successfully used on the designated Solaris system. Packages are installed under the zones root path. In this state, the zone has no associated virtual platform.

Ready: In this state, the virtual platform for the zone is established. The kernel created the zsched process, network interfaces are plumbed, file systems are mounted, and devices are configured. A unique zone ID is assigned by the system. At this stage, no processes associated with the zone have been started.

Running: In this state. The user processes associated with the zone application environment are running. The zone enters the running state as soon as the first user process associated with the application environment is created.

Shutting: Down and down- These states are transitional states that are visible while the zone is being halted. However, a zone that is unable to shut down for any reason will stop in one of these states.



Allocating file system space:
1. About 100 Mb of disk space per non-global zone is required when the global zone has been installed with all of the standard Solaris packages.
2. By default, any additional packages installed in the global zone also populate the non-global zones. The amount of disk space required must be increased accordingly. The directory location in the non-global zone for these additional packages is specified through the inerhit-pkg-dir resource.
3. An additional 40 Mb of RAM per zones are suggested, but not required on a machine with sufficient swap space.



Usage of # zonecfg command:
1. Create or delete a zone configuration
2. Set properties for resources added to a configuration
3. Query or verify a configuration
4. Commit to a configuration
5. Revert to a previous configuration
6. Exit from a zonecfg session.



Usaage of # zoneadm command:

1. Verify a zone’s configuration
2. Install a zone
3. Boot a zone
4. Reboot a zone
5. Display information about a running zone
6. Move a zone
7. Uninstall a zone
8. Remove a zone using the zonecfg command





In nut shell:

Before configuring the zones:
Create the zone using zonecfg -z (zonename) command [undefined state]
1. Create the zone path dir manually and the permission should be 700 for that directory
2. Configure the zone using zonecfg command[configured]
3. Install a zone after configuration to change the state to installed[during installation-incomplete] from configured
4. Boot the zone after installing it[running state-before this state it goes to ready state where all the n/w interfaces are plumbed, file systems are mounted , devices are configured, unique zone id is assigned to the system].At this ready state no processes associated with this zone is started
5. The state goes to running state where all the processes are started.





Zone configuration steps:
bash-3.00# zonecfg -z zones1
zones1: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:zones1> create
zonecfg:zones1> set zonepath=/etc/zones/zonepractice
zonecfg:zones1> set autoboot=true
zonecfg:zones1> add fs
zonecfg:zones1:fs> set dir=/mnt/zones
zonecfg:zones1:fs> set special=c1t0d0s4
zonecfg:zones1:fs> set raw=/dev/rdsk/c1t0d0s4
zonecfg:zones1:fs> set type=ufs
zonecfg:zones1:fs> end
zonecfg:zones1> add net
zonecfg:zones1:net> set physical=eri0
zonecfg:zones1:net> set address=10.2.3.5
zonecfg:zones1:net> end
zonecfg:zones1> add attr
zonecfg:zones1:attr> set name=zones
zonecfg:zones1:attr> set type=string
zonecfg:zones1:attr> set value=uint
zonecfg:zones1:attr> end
zonecfg:zones1> add inherit-pkg-dir
zonecfg:zones1:inherit-pkg-dir> set dir=/opt/sfw
zonecfg:zones1:inherit-pkg-dir> end
zonecfg:zones1> add rctl
zonecfg:zones1:rctl> set name=zone.cpu-shares
zonecfg:zones1:rctl> add value(priv=privileged,limit=10,action=none)
zonecfg:zones1:rctl> end
zonecfg:zones1:verify
zonecfg:zones1:commit
zonecfg:zones1:exit



To find zone configuration information:
bash-3.00# zonecfg -z zones1 info
zonename: zones1
zonepath: /etc/zones/zonepractice
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
[cpu-shares: 10]
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
inherit-pkg-dir:
dir: /opt/sfw
fs:
dir: /mnt/zones
special: c1t0d0s4
raw: /dev/rdsk/c1t0d0s4
type: ufs
options: []
net:
address: 10.2.3.5
physical: eri0
defrouter not specified
attr:
name: zones
type: string
value: uint
rctl:
name: zone.cpu-shares
value: (priv=privileged,limit=10,action=none)

bash-3.00# zonecfg -z zones1 info|more
zonename: zones1
zonepath: /etc/zones/zonepractice
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
[cpu-shares: 10]
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
inherit-pkg-dir:
dir: /opt/sfw
fs:
dir: /mnt/zones
special: c1t0d0s4
raw: /dev/rdsk/c1t0d0s4
type: ufs
options: []
net:
address: 10.2.3.5
physical: eri0
defrouter not specified
attr:
name: zones
type: string
value: uint
rctl:
name: zone.cpu-shares
value: (priv=privileged,limit=10,action=none)



To know the configured zone status:
# zoneadm list -cp

0:global:running:/::native:shared
-:zones1:configured:/etc/zones/zonepractice::native:shared

bash-3.00#zoneadm -z zones1 install


bash-3.00#zoneadm -z zones1 boot

bash-3.00# zoneadm list -cp
0:global:running:/::native:shared
1:zones1:running:/etc/zones/zonepractice:f84ec383-bfe3-c890-8a7f-f74970d40c96:native:shared
bash-3.00# zlogin -C zones1
[Connected to zone 'zones1' console]



To halt a zone:
# zoneadm -z zones1 halt



To uninstall a zone:
# zoneadm -z zones1 uninstall



To delete a zone:
# zonecfg -z zones1 delete