Chapter 6 Using the Solaris Plug-In to Deploy Zones

This chapter explains how to use the Solaris 10 zone specific components and plans that are provided with the Solaris Plug-In. The chapter contains the following information:

• Introduction to Zones Partitioning

• Creating and Managing Solaris Zones

• Solaris Zone Component Types

• Solaris Zone Container Component

• Solaris Zone Plans

• Hosts and Solaris Zones

• Troubleshooting Solaris Zones

Introduction to Zones Partitioning

The Solaris Zones partitioning technology is used to virtualize operating system services and to provide an isolated and secure environment for running applications. A zone is a virtualized operating system environment that is created within a single instance of the Solaris Operating System (OS). When you create a zone, you produce an application execution environment in which processes are isolated from the rest of the system. This isolation prevents processes that are running in one zone from monitoring or affecting processes that are running in other zones. Even a process that is running with superuser credentials cannot view or affect activity in other zones.

Zones can be used on any machine that is running the Solaris 10 OS. The total resource requirements of the application software running in all of the zones determines how many zones a single system can host effectively. For more information about Solaris Zones, see Part II, Zones, in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.

Creating and Managing Solaris Zones

The Common Tasks page of the software enables you to create and manage Solaris 10 zones.

How to Define a Host as a Global Zone

A global zone is a host on which individual zones are defined. Before you can create any local zones, you must have at least one host defined to be in the host set com.sun.solaris#global_zones. This task explains how to define a host as a global zone.

Steps

1. In the left control panel, under the Hosts Setup section, click Hosts.

2. Designate the host system by choosing one of the following options:

   • User provided Solaris 10 host.

     1. Type a Solaris 10 host name in the Host field.

     2. Click Create.

   • Solaris 10 host from the host table.

     1. Select a Solaris 10 host from the host table.

     2. Click Edit.

3. Choose com.sun.solaris#global_zone from the host type menu.

4. Modify values for any attributes as needed.

   For example, you might want to change the connection type from RAW (the default) to SSH or SSL.

   ---

   Note –

   To use SSH for the local zone connection, you must set the port to 70000.

   ---

5. Click the appropriate checkbox to include a Remote Agent or a Local Distributor on the physical host.

6. Click Save.

How to Create a Solaris Local Zone

Before You Begin

If there is no Name Server, you must update the /etc/hosts file on the Master Server with the hostname:ip_address of the local zone on the Remote Agent.

Steps

1. In the left control panel, under Common Tasks, click the Solaris link.

2. Click the Solaris Container: Create and Manage link.

3. Click the Run action next to Install: Create.

4. Select the target host on which to create the local zone.

   ---

   Note –

   The target host must be a member of the com.sun.solaris#global_zones host set.

   ---

5. Select the local zone host name from the Plan Variables settings.

   If desired local zone names are not present, you can create new zone names. To create new zone names, follow these steps:

   1. Click Select From List in the plan parameters table.

   2. In the Variable Setting window, click Create Set

   3. Type the new zone set name in the New Set Name field.

   4. Click the box next to Zone Name prompt and type a new variable set name.

      ---

      Note –

      Zone names become network Zone Host Names during local zone creation. Local Zone Host Names should resolve to local network IP address.

      ---

   5. Determine if you want the local zone file system to be sparse or full.

      A sparse local zone file system shares the /lib, /sbin, /platform, and /usr directories with the global zone. If the local zone will run applications that must install files into one of these directories, then install the local zone with a full file system. The full local zone file system does not share directories with the global zone.

      ---

      Note –

      The provisioning system installs the local zone file system as sparse by default. Install a full local zone file system by overriding the default.

      ---

   6. (Optional) If you need to add the logical network interfaces into the local zone, type values into the zoneIfaceDetails component variable.

      Each entry consists of three fields in the following format: network interface,IPAddress/netmask. Each entry is separated by a semicolon. For example: hme0,123.123.123.123/24;eri0,124.124.124.124/8

   7. (Optional) If you need to mount global zone file systems in the local zone, type values into the zoneFsLayout component variable.

      Each file system must be separated by a semicolon. For example, dir=/usr/local special=/opt/local raw=/dev/rdsk/c0t0d0s7 type=lofs [ro,nodevices];dir=/opt/mystuff special=/empty type=lofs ro

      For more information, see the zonecfg(1M) man page.

6. Click Save and Select.

7. Click Select From List for the target host.

8. Select one of Current Found Hosts.

9. Click Add Hosts To Main Window.

10. Click Run Plan (includes preflight).

Using the CLI to Work With Solaris Zones

By default, the Sun N1 Service Provisioning System command-line interface is located in the following directory: /opt/SUNWn1sps/N1_Service_Provisioning_System_5.2/cli/bin/cr_cli

Solaris zone plug-in plans that run Container procedures are located in the folder /com/sun/solaris/zones.

Example 6–1 Creating a Solaris Zone by Using the CLI

This example illustrates how you can use the Sun N1 Service Provisioning System command-line interface to create a Solaris zone. The example contains three command segments. All commands use an example user name of spsadmin and password of x1y2z3.

The first command creates a host for global zone on server10 and defines default values for the local_zone_default_name, local_zone_connection_type, and local_zone_port variables.

% cr_cli -cmd hdb.h.mod                     host modify
    -ID "NM:server10"                       target global host
    -tID "NM:com.sun.solaris#global_zone"   host type
    -attr "local_zone_default_name=server10_z1; 
     local_zone_default_filesystem=FULL; 
     local_zone_connection_type=RAW; 
     local_zone_port=1131"                  local zone attributes
    -u spsadmin                             user name
    -p x1y2z3                               password

The second command creates a local zone using the default variables.

% cr_cli -cmd pe.p.run                      plan execution
    -PID "NM:/com/sun/solaris/Container-create" 	create zone plan ID
    -tar "H:NM:server10"                    target global host
    -vs "+"                                 default var set "default set"
    -comp "+"                               default component "latest build"
    -pto 6000                               plan time 1 hr max [6000 secs]
    -nto 6000                               call time 1 hr max [6000 secs]
    -u spsadmin                             user name
    -p x1y2z3                               user password

The third command activates the local zone.

% echo "server10_z1" | cr_cli -cmd pe.p.run plan execution, std input is zone name
    -PID "NM:/com/sun/solaris/Container-activate" attach zone plan ID
    -tar "H:NM:server10"                    target global host
    -f "-"                                  standard input args
    -pto 6000                               plan time 1 hr max [6000 secs]
    -nto 6000                               call time 1 hr max [6000 secs]
    -u spsadmin                             user name
    -p x1y2z3                               user password

Solaris Zone Component Types

Solaris containers have no specific component types. However, some specific host types are associated with Solaris containers. For information, see Hosts and Solaris Zones.

Solaris Zone Container Component

The Container component is the main component delivered by the Solaris plug-in for use with Solaris zones. The Container component is an untyped component.

The Container component includes several procedures. You can run these procedures directly from the Sun N1 Service Provisioning System interface or from within execution plans.

Component Procedures

create:install

Creating a Container component creates a corresponding local Solaris 10 zone. The host target of this procedure is a Solaris 10 host that is running a provisioning system Remote Agent. The target host type must be set to com.sun.solaris#global_zone. The create procedure uses Solaris 10 zonecfg and zoneadm commands to configure and install a local Solaris 10 zone from the Solaris 10 global zone. After the installation, this procedure then installs a Remote Agent on the newly create local zone. A new host of type com.sun.solaris#local_zone appears on the host page.

attach:install

This procedure is similar to the create procedure, but it does not create the zone. Instead, the procedure attaches to an existing local zone on the host. This procedure creates a Container component in the provisioning system database and installs a remote agent on the existing local zone. The attach procedure is useful for times when a tool other than Sun N1 Service Provisioning System created the zone. For example, you might use the attach procedure when a zone has been created directly through Solaris APIs or by another software management application.

markOnly:install

The markOnly:install procedure adds a Solaris Zone Container Component to the provisioning system database. The markOnly:install procedure does not create a local zone. The markOnly-install procedure does not install a Remote Agent.

delete:uninstall

The delete procedure uses the Solaris 10 zonecfg and zoneadm commands to remove the specified Solaris 10 local zone from the global zone host. The procedure also removes the corresponding Container component from the provisioning system database.

detach:uninstall

The detach procedure is similar to the delete procedure. This procedure removes the Container component from the provisioning system database and uninstalls the Remote Agent. However, the local zone is not removed from the global zone host. If the local zone is booted, it remains booted. If the local zone is halted, it remains halted.

markOnly:uninstall

The markOnly:uninstall procedure removes a Solaris Zone Container Component from the provisioning system database. The markOnly:uninstall procedure does not delete a local zone. The markOnly-delete procedure does not uninstall a Remote Agent.

activate

This procedure activates (boots) a local zone. You select the zone from the list of installed Container components on the targeted Solaris 10 host. The procedure uses the zoneadm -z zonename boot command. This procedure also initiates provisioning system host preparation for unprepared hosts.

deactivate

This procedure deactivates (halts) a local zone. You select the zone from the list of installed Container components on the targeted Solaris 10 host. The procedure uses the zoneadm -z zonename halt command.

Solaris Zone Plans

For each of the procedures described for the Container component, an associated plan is provided in the /com/sun/solaris plan folder. These plans are convenient to use with command-line shell calls, as shown in Example 6–1.

Hosts and Solaris Zones

The Solaris Plug-In includes a specific host set, a host search, and two host types for Solaris 10 zones.

• Global Zone host set – Any host on which you want to install a zone must be a member of the global zone host set. To ensure this relationship, set the host type of the target host to com.sun.solaris#global_zone.

• Global Zone host search – The global zones host search provides a search string that matches any host that is a global zone.

• Global Zone host type – Any physical host on which you want to install a zone must have a host type of com.sun.solaris#global_zone.

• Local Zone host type – When you install the Container component onto a global zone host, the provisioning system creates a host of type com.sun.solaris#local_zone.

Troubleshooting Solaris Zones

If you are experiencing problems managing your Solaris zones through the provisioning system, messages will likely appear on the screen to tell you that a problem exists.

For example, if you try to create a local zone for a target host that is not known to be a global zone, then you see a message similar to the following:

Problems encountered during plan run or preflight

The plan (or preflight) "/system/autogen/Container-inst-create-1098225529078" 
finished with 1 failed host(s).

The specified target host "masterserver" was not in the required host set 
"com.sun.solaris#global_zones" for component "/com/sun/solaris/Container".

Although the message in this example is easily deciphered, not all messages are this straightforward. To find out more information about the specific problem, follow the Details links.