A zone cluster is a cluster of Oracle Solaris non-global zones. You can use the clsetup utility to create a zone cluster and add a network address, file system, ZFS storage pool, or storage device. You can also use a command line interface (the clzonecluster utility) to create a zone cluster, make configuration changes, and remove a zone cluster. For more information about using the clzonecluster utility, see the clzonecluster (1CL) man page.
Supported brands for zone clusters are solaris, solaris10, and labeled. The labeled brand is used exclusively in a Trusted Extensions environment. To use the Trusted Extensions feature of Oracle Solaris, you must configure the Trusted Extensions feature for use in a zone cluster. No other use of Trusted Extensions is supported in an Oracle Solaris Cluster configuration.
You can also specify a shared-IP zone cluster or an exclusive-IP zone cluster when you run the clsetup utility.
Shared-IP zone clusters work with solaris or solaris10 brand zones. A shared-IP zone cluster shares a single IP stack between all the zones on the node, and each zone is allocated an IP address.
Exclusive-IP zone clusters work with solaris and solaris10 brand zones. An exclusive-IP zone cluster supports a separate IP instance stack.
Consider the following points when you plan the creation of a zone cluster:
Global cluster – The zone cluster must be configured on a global Oracle Solaris Cluster configuration. A zone cluster cannot be configured without an underlying global cluster.
Cluster mode – The global-cluster node from which you create or modify a zone cluster must be in cluster mode. If any other nodes are in noncluster mode when you administer a zone cluster, the changes that you make are propagated to those nodes when they return to cluster mode.
Adequate private-IP addresses – The private IP-address range of the global cluster must have enough free IP-address subnets for use by the new zone cluster. If the number of available subnets is insufficient, the creation of the zone cluster fails.
Changes to the private IP-address range – The private IP subnets and the corresponding private IP-addresses that are available for zone clusters are automatically updated if the global cluster's private IP-address range is changed. If a zone cluster is deleted, the cluster infrastructure frees the private IP-addresses that were used by that zone cluster, making the addresses available for other use within the global cluster and by any other zone clusters that depend on the global cluster.
Supported devices – Devices that are supported with Oracle Solaris zones can be exported to a zone cluster. Such devices include the following:
Oracle Solaris disk devices (cNtXdYsZ)
DID devices (/dev/did/*dsk/dN)
Solaris Volume Manager and Solaris Volume Manager for Sun Cluster multi-owner disk sets (/dev/md/setname/*dsk/dN)
Distribution of nodes – You cannot host multiple nodes of the same zone cluster on the same host machine. A host can support multiple zone-cluster nodes as long as each zone-cluster node on that host is a member of a different zone cluster.
Node creation – You must create at least one zone-cluster node at the time that you create the zone cluster. You can use the clsetup utility or the clzonecluster command to create the zone cluster. The name of the zone-cluster node must be unique within the zone cluster. The infrastructure automatically creates an underlying non-global zone on each host that supports the zone cluster. Each non-global zone is given the same zone name, which is derived from, and identical to, the name that you assign to the zone cluster when you create the cluster. For example, if you create a zone cluster that is named zc1, the corresponding non-global zone name on each host that supports the zone cluster is also zc1.
Cluster name – Each zone-cluster name must be unique throughout the cluster of machines that host the global cluster. The zone-cluster name cannot also be used by a non-global zone elsewhere in the cluster of machines, nor can the zone-cluster name be the same as that of a global-cluster node. You cannot use “all” or “global” as a zone-cluster name, because these are reserved names.
Public-network IP addresses – You can optionally assign a specific public-network IP address to each zone-cluster node.
That specific zone cluster will not be able to configure NAS devices for use in the zone cluster. The cluster uses the IP address of the zone cluster node when communicating with the NAS device, so not having an IP address prevents cluster support for fencing NAS devices.
The cluster software will activate any Logical Host IP address on any NIC.
Private hostnames – During creation of the zone cluster, a private hostname is automatically created for each node of the zone cluster, in the same way that hostnames are created in global clusters. Currently, you cannot rename the private hostname of a zone-cluster node. For more information about private hostnames, see Private Hostnames.
Oracle Solaris Zones brands – All nodes of a zone cluster are configured as non-global zones of the solaris, solaris10, or labeled brand that is set with the cluster attribute. No other brand types are permitted in a zone cluster.
For Trusted Extensions, you must use only the labeled brand.
IP type - You can create a zone cluster that is either the shared IP type or the exclusive IP type. If the IP type is not specified, a shared-IP zone cluster is created by default.
Global_zone=TRUE resource-type property – To register a resource type that uses the Global_zone=TRUE resource-type property, the resource-type file must reside in the /usr/cluster/global/rgm/rtreg/ directory of the zone cluster. If that resource-type file resides in any other location, the command to register the resource type is rejected.
Conversion to a zone-cluster node – You cannot add to a zone cluster a non-global zone that resides outside that zone cluster. You must use only the clzonecluster command to add new nodes to a zone cluster.
File systems – You can use the clsetup utility or the clzonecluster command to add the following types of file systems for use by the zone cluster. A file system is exported to a zone cluster by using either a direct mount or a loopback mount. Adding a file system with the clsetup utility is done in cluster scope, which affects the entire zone cluster.
By direct mount:
UFS local file system
Sun QFS stand-alone file system
Sun QFS shared file system, only when used to support Oracle RAC
Oracle Solaris ZFS (exported as a data set)
NFS from supported NAS devices
By loopback mount:
UFS local file system
Sun QFS stand-alone file system
Sun QFS shared file system, only when used to support Oracle RAC
UFS cluster file system
You configure an HAStoragePlus or ScalMountPoint resource to manage the mounting of the file system.
Consider the following points when you use the Trusted Extensions feature of Oracle Solaris in a zone cluster:
Only zone-cluster support – In an Oracle Solaris Cluster configuration with Trusted Extensions enabled, applications must run only in a zone cluster. No other non-global zones can be used on the cluster. You must use only the clzonecluster command to create a zone cluster. Do not use the txzonemgr command to create a non-global zone on a cluster that has Trusted Extensions enabled.
Trusted Extensions scope – You can either enable or disable Trusted Extensions for the entire cluster configuration. When Trusted Extensions is enabled, all non-global zones in the cluster configuration must belong to one of the zone clusters. You cannot configure any other kind of non-global zone without compromising security.
IP addresses – Each zone cluster that uses Trusted Extensions must use its own IP addresses. The special networking feature in Trusted Extensions that enables an IP address to be shared between multiple non-global zones is not supported with Oracle Solaris Cluster software.
Loopback mounts – You cannot use loopback mounts that have write permissions in a zone cluster that uses Trusted Extensions. Use only direct mounts of file systems that permit write access, or use loopback mounts that have only read permissions.
File systems – Do not configure in the zone cluster the global device that underlies a file system. Configure only the file system itself in the zone cluster.
Storage device name – Do not add an individual slice of a storage device to a zone cluster. You must add the entire device to a single zone cluster. The use of slices of the same storage device in different zone clusters compromises the security of those zone clusters.
Application installation – Install applications only in the zone cluster or in the global cluster and then export to the zone cluster by using read-only loopback mounts.
Zone cluster isolation – When Trusted Extensions is used, the name of a zone cluster is a security label. In some cases, the security label itself might be information that cannot be disclosed, and the name of a resource or resource group might be a sensitive piece of information that cannot be disclosed. When an inter-cluster resource dependency or inter-cluster resource-group affinity is configured, the name of the other cluster becomes visible as well as the name of any affected resource or resource group. Therefore, before you establish any inter-cluster relationships, evaluate whether this information can be made visible according to the your requirements.