Chapter 7 About Zone Login and Post-Installation Configuration
This chapter discusses logging in to zones, using sysidcfg to complete system identification, making modifications to /etc/system, and using ssh X11 forwarding in a solaris8 zone.
Internal Zone Configuration
Note that you perform the internal zone configuration when you log in to the sys-unconfig zone for the first time. This is described in Internal Zone Configuration in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones.
When responding to the system question asking whether the time is correct, do not modify the time displayed. If you modify the time, the system identification will fail and return to the time setting prompt, because non-global zones cannot modify the system clock by default. You must also accept the network configuration already specified in zonecfg for shared-IP zones.
If you plan to use an /etc/sysidcfg file to perform initial zone configuration, as described in How to Use an /etc/sysidcfg File to Perform the Initial Zone Configuration in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones, create the sysidcfg file and place it the zone's /etc directory before you boot the zone.
How to Log In to the Zone Console to Complete
System Identification
You must be the global administrator in the global zone to perform this procedure.
-
Become superuser, or assume the Primary Administrator role.
-
Use the zlogin command with the -C option and the name of the zone, s8-zone in this procedure.
global# zlogin -C s8-zone
-
From another terminal window, boot the zone.
global# zoneadm -z s8-zone boot
You will see a display similar to the following in the zlogin window:
[NOTICE: Zone booting up]
-
The first time you log in to the console, you are prompted to answer a series of questions. Your screen will look similar to this:
SunOS Release 5.8 Version Generic_Virtual 64-bit Copyright 1983-2000 Sun Microsystems, Inc. All rights reserved Use is subject to license terms. Hostname: s8-zone Select a Language 0. English 1. fr Please make a choice (0 - 1), or press h or ? for help: Select a Locale 0. English (C - 7-bit ASCII) 1. Canada-English (ISO8859-1) 2. Thai 3. U.S.A. (en_US.ISO8859-1) 4. U.S.A. (en_US.ISO8859-15) 5. Go Back to Previous Screen Please make a choice (0 - 5), or press h or ? for help: What type of terminal are you using? 1) ANSI Standard CRT 2) DEC VT52 3) DEC VT100 4) Heathkit 19 5) Lear Siegler ADM31 6) PC Console 7) Sun Command Tool 8) Sun Workstation 9) Televideo 910 10) Televideo 925 11) Wyse Model 50 12) X Terminal Emulator (xterms) 13) Other Type the number of your choice and press Return: 12 . . .For the approximate list of questions you must answer, see Internal Zone Configuration in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones.
-
(Optional) If you are not using two windows as described in step 3, you might have missed the initial prompt for configuration information. If you see the following system message at zone login instead of a prompt:
[connected to zone zonename console]
Press Return to display the prompt again.
If you enter an incorrect response and try to restart the configuration, you might experience difficulty when you attempt the process again. This occurs because the sysidtools can store your previous responses.
If this happens, use the following workaround from the global zone to restart the configuration process.
global# zlogin -S zonename /usr/sbin/sys-unconfig
For more information on the sys-unconfig command, see the sys-unconfig(1M) man page.
Applying Solaris 8 Patches in the Container
Solaris 8 patches can be applied to the Solaris 8 environment from within the container, using the same process as on a standalone system. Obtain the patch and, while running in the solaris8 zone, run patchadd to install the patch. Note that because the kernel is actually a Solaris 10 kernel, patches that alter any Solaris 8 kernel bits will not take effect. In this case, the equivalent Solaris 10 patch should be applied in the global zone if needed. Even though Solaris 8 patches delivering kernel updates have no effect within the zone, they are still required to satisfy patch dependencies.
For more information on patching Solaris 8 systems, see Chapter 22 Patch Administration (Overview) in System Administration Guide, Volume 1.
Tuning /etc/system and Using Resource Controls
In Solaris 8, System V and file descriptor limits are tuned by modifying /etc/system and rebooting the machine to have the modifications take effect. In Solaris 10, these limits can be tuned dynamically through resource controls.
For a solaris8 branded zone, the contents of /etc/system are used to set project and process resource controls when the zone boots. If /etc/system is not tuned, the default file descriptor and System V limits from Solaris 8 are used.
The effective limits within the zone will be the lower of the zone's /etc/system or the zone's zonecfg settings. To view the effective limits, run the sysdef command described in the sysdef(1M) in the zone.
You must be the zone administrator to modify /etc/system within the solaris8 branded zone. and reboot it to have the changes take effect. Because /etc/system can be modified within the zone, the global administrator can use the zonecfg command from the global zone to set limits for the zone.
Use the prctl command from the global zone to view the default resource control settings. The example shows that the default settings on the init process restrict the System V limits.
Example 7–1 View Default Settings on the init Process in a solaris8 Zone
global# prctl `pgrep -x init -z s8zone`
...
process.max-msg-messages
privileged 40 - deny -
system 4.29G max deny -
process.max-msg-qbytes
privileged 4.00KB - deny -
system 16.0EB max deny -
process.max-sem-ops
privileged 10 - deny -
system 2.15G max deny -
process.max-sem-nsems
privileged 25 - deny -
system 32.8K max deny -
process.max-file-descriptor
basic 256 - deny 10485
privileged 1.02K - deny -
system 2.15G max deny -
...
project.max-shm-memory
privileged 100MB - deny -
system 16.0EB max deny -
project.max-shm-ids
privileged 100 - deny -
system 16.8M max deny -
project.max-msg-ids
privileged 50 - deny -
system 16.8M max deny -
project.max-sem-ids
privileged 10 - deny -
system 16.8M max deny -
...
|
Modifying /etc/system
For applications that require these tunings to be increased, the zone administrator can modify /etc/system within the solaris8 branded zone, and reboot it. This procedure is identical to that used to increase tunings on a native Solaris 8 system.
Using zonecfg to Set Resource Controls
The zonecfg command can be used from the global zone to restrict the System V limits within the zone.
Example 7–2 Setting Resource Controls From the Global Zone
You must be the global administrator in the global zone to perform these procedures.
global# zonecfg -z mys8zone set max-shm-memory=100m |
If you use zonecfg after initial zone creation, reboot the zone to have the change take effect.
global# zoneadm -z mys8zone reboot |
Running X11 Applications in a solaris8 Branded Zone
ssh X11 forwarding is the preferred method for running Solaris 8 X11 applications, including 3-D and graphics intensive applications, within a solaris8 zone. 3-D applications can only be run on a system that supports 3-D graphics in the global zone.
How to Use ssh X11 Forwarding
To use X11 forwarding, you must meet the following requirements:
-
Networking must be enabled for the solaris8 zone
-
Because Solaris 8 does not include the ssh login by default, ssh must be downloaded and installed in the zone.
-
Become superuser, or assume the Primary Administrator role.
-
Enable networking in the zone as described in How to Configure a solaris8 Branded Zone.
-
Download ssh from www.openssh.org, www.sunfreeware.com or www.blastwave.com and install it in the zone.
-
When ssh is running in the zone, log directly into the X server running on the console of the global zone.
-
To enable ssh X11 forwarding and run X applications remotely, use the following command:
# ssh -X zone_host_name
Troubleshooting
Any application that delivers its own Xserver extensions will not work with ssh -X forwarding and is not currently supported within solaris8 branded zones.
- © 2010, Oracle Corporation and/or its affiliates