跳过导航链接 | |
退出打印视图 | |
Oracle Solaris 管理:Oracle Solaris Zones、Oracle Solaris 10 Zones 和资源管理 Oracle Solaris 11 Information Library (简体中文) |
19. 安装、引导、关闭、停止、卸载和克隆非全局区域(任务)
23. 迁移 Oracle Solaris 系统和迁移非全局区域(任务)
24. 关于安装了区域的 Oracle Solaris 11 系统上的自动安装和软件包
25. Oracle Solaris Zones 管理(概述)
26. 管理 Oracle Solaris Zones(任务)
28. 各种 Oracle Solaris Zones 问题的故障排除
29. Oracle Solaris 10 Zones 介绍
30. 评估 Oracle Solaris 10 系统和创建归档文件
31. (可选)将 Oracle Solaris 10 native 非全局区域迁移到 Oracle Solaris 10 Zones
使用 zonecfg(1M) 手册页中所述的 zonecfg 命令可以执行以下操作。
创建区域配置
检验是否具备所需的全部信息
提交非全局区域配置
也可以使用 zonecfg 命令永久指定全局区域的资源管理设置。
当使用 zonecfg 实用程序配置区域时,您可以使用 revert 子命令来撤消资源设置。请参见如何恢复区域配置。
在系统上配置多个区域的脚本在配置多个区域的脚本中提供。
有关如何显示非全局区域配置,请参见如何显示非全局区域的配置。
请注意,创建非全局区域的必需元素只有 zonename 和 zonepath 属性。其他资源和属性都是可选的。有些可选的资源还需要在备选项之间进行选择,例如决定使用 dedicated-cpu 资源还是 capped-cpu 资源。有关可用的 zonecfg 属性和资源的信息,请参见区域配置数据。
您必须是全局管理员或在全局区域中具有相应授权的用户才能执行此过程。
此示例过程中使用名称 my-zone。
global# zonecfg -z my-zone
如果是第一次配置该区域,则可以看到以下系统消息:
my-zone: No such zone configured Use 'create' to begin configuring a new zone.
此过程使用缺省设置。
zonecfg:my-zone> create create: Using system default template 'SYSdefault'
zonecfg:my-zone> set zonepath=/zones/my-zone
区域必须位于 ZFS 数据集中。在安装或附加区域时,将自动创建 ZFS 数据集。如果无法创建 ZFS 数据集,也无法安装或附加区域。请注意,如果区域路径有父目录,它必须是已挂载数据集的挂载点。
如果设置为 true,则在引导全局区域时将自动引导该区域。缺省值为 false。请注意,要自动引导区域,还必须启用区域服务 svc:/system/zones:default。缺省情况下将启用该服务。
zonecfg:my-zone> set autoboot=true
zonecfg:my-zone> set bootargs="-m verbose"
zonecfg:my-zone> add dedicated-cpu
zonecfg:my-zone:dedicated-cpu> set ncpus=1-2
zonecfg:my-zone:dedicated-cpu> set importance=10
缺省值为 1。
zonecfg:my-zone:dedicated-cpu> end
zonecfg:my-zone> set limitpriv="default,sys_time"
该行添加了将系统时钟设置为缺省特权集的功能。
zonecfg:my-zone> set scheduling-class=FSS
zonecfg:my-zone> add capped-memory
zonecfg:my-zone:capped-memory> set physical=1g
zonecfg:my-zone:capped-memory> set swap=2g
zonecfg:my-zone:capped-memory> set locked=500m
zonecfg:my-zone:capped-memory> end
注 - 要使用 capped-memory 资源,全局区域中必须安装 resource-cap 软件包。
zonecfg:my-zone> add fs
zonecfg:my-zone:fs> set dir=/usr/local
zonecfg:my-zone:fs> set special=/opt/local
在非全局区域中,/usr/local 文件系统是可读写的。
zonecfg:my-zone:fs> set type=lofs
此类型指明了内核与文件系统的交互方式。
zonecfg:my-zone:fs> end
可多次执行此步骤来添加多个文件系统。
zonecfg:my-zone> set hostid=80f0c086
zonecfg:my-zone> add dataset
zonecfg:my-zone> set name=tank/sales
zonecfg:my-zone> end
区域管理员可以在此数据集中创建和销毁文件系统,并可修改此数据集的属性。
zonecfg:my-zone> set ip-type=exclusive
zonecfg:my-zone> add anet
zonecfg:my-zone> add device
zonecfg:my-zone:device> set match=/dev/sound/*
zonecfg:my-zone:device> end
可多次执行此步骤来添加多个设备。
zonecfg:my-zone> add device
zonecfg:my-zone:device> set match=/dev/*dsk/c2t40d3*
zonecfg:my-zone:device> set allow-partition=true
zonecfg:my-zone:device> end
可多次执行此步骤来添加多个设备。
zonecfg:my-zone> add device
zonecfg:my-zone:device> set match=/dev/*dsk/c2t40d3*
zonecfg:my-zone:device> set allow-raw-io=true
zonecfg:my-zone:device> end
注意 - 如果允许区域在磁盘上执行 uscsi 操作,也会允许区域访问与磁盘连接到同一总线的任何其他设备。因此,启用此功能可能会带来安全风险,让攻击者有机可乘去攻击全局区域或使用同一总线上资源的其他区域。请参见 uscsi(7I)。 |
可多次执行此步骤来添加多个设备。
zonecfg:my-zone> set max-sem-ids=10485200
可多次执行此步骤来添加多个资源控制。
zonecfg:my-zone> add attr
zonecfg:my-zone> verify
zonecfg:my-zone> commit
zonecfg:my-zone> exit
请注意,即使您没有在提示符下明确键入 commit,也会在键入 exit 或出现 EOF 时自动执行 commit。
提示 - zonecfg 命令还支持通过同一个 shell 调用多条子命令,这些子命令放在引号中并用分号进行分隔。
global# zonecfg -z my-zone "create ; set zonepath=/zones/my-zone"
对于共享 IP 区域,只能在 zonecfg net 资源中指定静态地址。不能使用命令行提供地址。
请参见安装和引导区域来安装已提交的区域配置。
可以使用此脚本在系统中配置和引导多个区域。所创建的区域缺省情况下是带有 anet 资源的专用 IP 区域。
在执行脚本之前,先通过运行 SCI 工具创建一个配置文件:
global# sysconfig create-profile -o sc_config.xml
此脚本采用以下参数:
要创建的区域个数
zonename 前缀
可用作基目录的目录
新创建的配置文件的完整路径名
您必须是在全局区域中具有超级用户特权的全局管理员或具有适当权限配置文件的用户才能执行此脚本。
#!/bin/ksh # # Copyright 2006-2011 Oracle Corporation. All rights reserved. # Use is subject to license terms. # # # This script serves as an example of how to instantiate several zones # with no administrative interaction. Run the script with no arguments to # get a usage message. The general flow of the script is: # # 1) Parse and check command line arguments # 2) Configure all zones that are not yet configured # 3) Install the first zone, if needed # 4) Create the remaining zones as clones of the first zone # # Upon successful completion, the requested number of zones will be # been installed and booted. # export PATH=/usr/bin:/usr/sbin me=$(basename $0) function fail_usage { print -u2 "Usage: $me <#-of-zones> <zonename-prefix> <basedir> <sysconfig.xml> Generate sysconfig.xml with: sysconfig create-profile -o sysconfig.xml When running sysconfig, choose \"Automatically\" or \"None\" for network configuration. The value entered for \"Computer Name\" will ignored: each zone's nodename will be set to match the zone name." exit 2 } function log { print "$(date +%T) $@" } function error { print -u2 "$me: ERROR: $@" } function get_zone_state { zoneadm -z "$1" list -p 2>/dev/null | cut -d: -f3 } # # Parse and check arguments # (( $# != 4 )) && fail_usage # If $1 is not a number nzones will be set to 0. integer nzones=$1 if (( nzones < 1 )); then error "Invalid number of zones \"$1\"" fail_usage fi # Be sure that zonename prefix is an allowable zone name and not too long. prefix=$2 if [[ $prefix != @([a-zA-Z0-9])*([-_.a-zA-Z0-9]) || ${#prefix} > 62 ]]; then error "Invalid zonename prefix" fail_usage fi # Be sure that basedir is an absolute path. zoneadm will create the directory # if needed. dir=$3 if [[ $dir != /* ]]; then error "Invalid basedir" fail_usage fi # Be sure the sysconfig profile is readable and ends in .xml sysconfig=$4 if [[ ! -f $sysconfig || ! -r $sysconfig || $sysconfig != *.xml ]]; then error "sysconfig profile missing, unreadable, or not *.xml" fail_usage fi # # Create a temporary directory for all temp files # export TMPDIR=$(mktemp -d /tmp/$me.XXXXXX) if [[ -z $TMPDIR ]]; then error "Could not create temporary directory" exit 1 fi trap 'rm -rf $TMPDIR' EXIT # # Configure all of the zones # for (( i=1; i <= nzones; i++ )); do zone=$prefix$i state=$(get_zone_state $zone) if [[ -n $state ]]; then log "Skipping configuration of $zone: already $state" continue fi log "Configuring $zone" zonecfg -z "$zone" "create; set zonepath=$dir/$zone" if (( $? != 0 )); then error "Configuration of $zone failed" exit 1 fi done # # Install the first zone, then boot it for long enough for SMF to be # initialized. This will make it so that the first boot of all the clones # goes much more quickly. # zone=${prefix}1 state=$(get_zone_state $zone) if [[ $state == configured ]]; then log "Installing $zone" # Customize the nodename in the sysconfig profile z_sysconfig=$TMPDIR/$zone.xml search="<propval type=\"astring\" name=\"nodename\" value=\".*\"/>" replace="<propval type=\"astring\" name=\"nodename\" value=\"$zone\"/>" sed "s|$search|$replace|" $sysconfig > $z_sysconfig zoneadm -z $zone install -c $z_sysconfig if (( $? != 0 )); then error "Installation of $zone failed." rm -f $z_sysconfig exit 1 fi rm -f $z_sysconfig elif [[ $state != installed ]]; then error "Zone $zone is currently in the $state state." error "It must be in the installed state to be cloned." exit 1 fi # Boot the zone no further than single-user. All we really want is for # svc:/system/manifest-import:default to complete. log "Booting $zone for SMF manifest import" zoneadm -z $zone boot -s if (( $? != 0 )); then error "Failed to boot zone $zone" exit 1 fi # This zlogin will return when manifest-import completes log "Waiting for SMF manifest import in $zone to complete" state= while [[ $state != online ]]; do printf "." sleep 1 state=$(zlogin $zone svcs -Ho state \ svc:/system/manifest-import:default 2>/dev/null) done printf "\n" log "Halting $zone" zoneadm -z $zone halt if (( $? != 0 )); then error "failed to halt $zone" exit 1 fi firstzone=$zone # # Clone and boot the remaining zones # for (( i=2; i <= $nzones; i++ )); do zone=$prefix$i # Be sure that it needs to be installed state=$(get_zone_state $zone) if [[ $state != configured ]]; then log "Skipping installation of $zone: current state is $state." continue fi log "Cloning $zone from $firstzone" # Customize the nodename in the sysconfig profile z_sysconfig=$TMPDIR/$zone.xml search='<propval type="astring" name="nodename" value=".*"/>' replace='<propval type="astring" name="nodename" value="'$zone'"/>' sed "s|$search|$replace|" $sysconfig > $z_sysconfig # Clone the zone zoneadm -z $zone clone -c $z_sysconfig $firstzone if (( $? != 0 )); then error "Clone of $firstzone to $zone failed" rm -f $z_sysconfig exit 1 fi rm -f $z_sysconfig # Boot the zone log "Booting $zone" zoneadm -z $zone boot if (( $? != 0 )); then error "Boot of $zone failed" exit 1 fi done # # Boot the first zone now that clones are done # log "Booting $firstzone" zoneadm -z $firstzone boot if (( $? != 0 )); then error "Boot of $firstzone failed" exit 1 fi log "Completed in $SECONDS seconds" exit 0
脚本的输出:
$ ./buildzones Usage: buildzones <#-of-zones> <zonename-prefix> <basedir> <sysconfig.xml> Generate sysconfig.xml with: sysconfig create-profile -o sysconfig.xml When running sysconfig, choose "Automatically" or "None" for network configuration. The value entered for "Computer Name" will be ignored: each zone's nodename will be set to match the zone name. # ~user/scripts/buildzones 3 bz /tank/bz /var/tmp/sysconfig.xml 12:54:04 Configuring bz1 12:54:05 Configuring bz2 12:54:05 Configuring bz3 12:54:05 Installing bz1 A ZFS file system has been created for this zone. Progress being logged to /var/log/zones/zoneadm.20110816T195407Z.bz1.install Image: Preparing at /tank/bz/bz1/root. Install Log: /system/volatile/install.24416/install_log AI Manifest: /usr/share/auto_install/manifest/zone_default.xml SC Profile: /tmp/buildzones.F4ay4T/bz1.xml Zonename: bz1 Installation: Starting ....
您必须是全局区域中的全局管理员或具有适当权限配置文件的用户才能执行此过程。
global# zonecfg -z zonename info