Create Zones on Application Domains

Language:

Locate the control domain on your system:
1. Log in to the first domain in your system.
2. Type:
```
# virtinfo -a
```
  Output similar to the following appears:
```
Domain role: LDoms control I/O service root
Domain name: primary
Domain UUID: 96ef6675-114f-e6b1-d29b-90dd48693efb
Control domain: etc25dbadm01
Chassis serial#: AK00083251
```
3. Locate the line beginning with Control domain: in the output, highlighted in the example output above.
  The domain shown in this line is your control domain. If you are logged in to this particular domain when you enter the virtinfo -a command, you also see the value LDoms control I/O service root in the Domain role: line for this domain.

Log in to the control domain on your system.

# ssh control-dom
Password:
control-dom#

For example:

# ssh etc4m7dbadm0101
Password:
root@etc4m7dbadm0101#

View information on the domains in your system:

control-dom# ldm list
NAME                           STATE      FLAGS   CONS    VCPU  MEMORY   UTIL  NORM  UPTIME
primary                        active     -n-cv-  UART    256   244224M  0.3%  0.3%  32d 11m
ssccn1-dom1                    active     -n----  5001    256   244224M  0.4%  0.4%  32d 11m
ssccn1-dom2                    active     -n----  5002    256   244224M  0.0%  0.0%  32d 11m
ssccn1-dom3                    active     -n--v-  5003    16    32G      0.1%  0.1%  32d 11m
ssccn1-io-db-medium            active     -n----  5008    32    64G      0.7%  0.7%  5h 46m
ssccn1-io-db-small             active     -n----  5007    16    32G      0.2%  0.2%  6h 8m
ssccn1-io-etc4m7-ioappadm0101  active     -n----  5006    16    32G      0.1%  0.1%  10h 21m
ssccn1-io-etc4m7zioadm0101     active     -n----  5004    32    64000M   1.3%  1.3%  5h 32m

Locate the Application Domain where you want to create zones.

For example, using the output above, you could create zones on the I/O Application Domain:

NAME                           STATE      FLAGS   CONS    VCPU  MEMORY   UTIL  NORM  UPTIME
primary                        active     -n-cv-  UART    256   244224M  0.3%  0.3%  32d 11m
ssccn1-dom1                    active     -n----  5001    256   244224M  0.4%  0.4%  32d 11m
ssccn1-dom2                    active     -n----  5002    256   244224M  0.0%  0.0%  32d 11m
ssccn1-dom3                    active     -n--v-  5003    16    32G      0.1%  0.1%  32d 11m
ssccn1-io-db-medium            active     -n----  5008    32    64G      0.7%  0.7%  5h 46m
ssccn1-io-db-small             active     -n----  5007    16    32G      0.2%  0.2%  6h 8m
ssccn1-io-etc4m7-ioappadm0101  active     -n----  5006    16    32G      0.1%  0.1%  10h 21m
ssccn1-io-etc4m7zioadm0101     active     -n----  5004    32    64000M   1.3%  1.3%  5h 32m

Exit out from the control domain:
```
control-dom# exit
```

Log in to the Application Domain:

# ssh app-dom
Password:
app-dom#

For example:

# ssh etc4m7-ioappadm0101
Password:
root@etc4m7-ioappadm0101#

Determine if the Application Domain is a dedicated domain or an I/O Domain:
```
app-dom# svcprop -a id|grep configuration/ldom_type
```
- If the Application Domain is a dedicated domain, output similar to the following appears:
```
configuration/ldom_type astring dedicated
```
- If the Application Domain is an I/O Domain, output similar to the following appears:
```
configuration/ldom_type astring io
```

Verify that this is an Application Domain:

app-dom# svcprop -a id|grep configuration/domain_type

Output similar to the following appears:

configuration/domain_type astring app

Install or update packages from the remote or local repository.
See Preparing to Configure Zones on Application Domains.
Determine if you currently have zones and/or a template zone on this Application Domain.
The action you take next varies, depending on whether you currently have zones or a template zone on this Application Domain:
- If you currently have zones on this Application Domain, you will make a note of those zone names so that you can give the new zones different names from the existing zones on this Application Domain.
- If you do not currently have a template zone on this Application Domain, you can create one later in this process, if you want. Creating the template zone on the Application Domain expedites the process of creating multiple zones. When you create the template zone on each Application Domain, the core Oracle Solaris packages are installed on each Application Domain. When zones are created later on, the core Oracle Solaris packages can be cloned from the template zone onto each of the zones that are created on the Application Domains. This process can significantly reduce the amount of time it takes to install core Oracle Solaris packages on each zone.
Enter this command to determine if you currently have zones and/or a template zone on this Application Domain:
```
app-dom# zoneadm list -cv
```
- If you see output similar to the following:
```
ID  NAME     STATUS       PATH                           BRAND      IP
 0  global   running      /                              solaris    shared
```
  then this Application Domain does not currently contain any zones or a template zone. You can create a template zone in this case, if you want (covered later in these procedures), and you are free to name the new zones you create with any name that you wish.
- If you see output similar to the following:
```
ID  NAME     STATUS       PATH                           BRAND      IP
 0  global   running      /                              solaris    shared
 -  s10-zone configured   /export/home/s10-zone          solaris10  shared
```
  then this Application Domain currently contains a zone called s10-zone, but it does not have a template zone. In this case, you can create a template zone using procedures provided later in these steps, if you want, and when you create additional zones, make sure to name the new zones something other than the s10-zone name currently used by the existing zone.
- If you see output similar to the following:
```
ID  NAME                 STATUS     PATH                             BRAND    IP
 0  global               running    /                                solaris  shared
61  etc4m7zdbadm010206   running    /zoneHome/etc4m7zdbadm010206     solaris  excl
65  etc4m7-appadm0103_T  installed  /zoneHomeT/etc4m7-appadm0103_T   solaris  excl
```
  then this Application Domain currently contains a zone called etc4m7zdbadm010206, and it also contains a template zone, shown with a "_T" at the end of the file name (etc4m7-appadm0103_T in this example). In this case, you do not have to create a template zone later on in these procedures, and when you create additional zones, make sure to name the new zones something other than the etc4m7zdbadm010206 name currently used by the existing zone.

Set up passwordless ssh from the Application Domain to the ZFS storage appliance:

Log in to the Application Domain, if you are not already logged in:
```
# ssh app-dom
Password:
app-dom#
```
For example:
```
# ssh etc4m7-appadm0103
Password:
root@etc4m7-appadm0103#
```

Enter the following command on the Application Domain:

root@etc4m7-appadm0103# /usr/bin/ssh-keygen -t rsa -f ~/.ssh/id_rsa -N "" -q ; sync;sync;sync;

Enter the following command on the Application Domain:
```
root@etc4m7-appadm0103# cat .ssh/id_rsa.pub
```

From the output produced, copy the information between ssh-rsa and the login information for your Application Domain (in this case, root@etc4m7-appadm0103).

Below is example output, with the relevant information that you would need to copy highlighted in bold font:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6eqf6BJTIVHKgoEGNnon6sS9m6pFp0f4qvpyHCNudStJRv8tR+z4fFNpLb9U3ImS6asENT4+1GxoLTsNrs0CzhITyaRVTuRuHBD0CHT17DrSZxm/oAwxaJhxjAC0Viq4KAP28daFjBODvIMLcB/paiLlNo4zLQsNbU3aDfrcL7R9yRtni63lgAM2U0BWN/V6HUGvSK6rlhv7WQIucv4PlyjOrjPU31IMkO0MSrgxyBwfkvijiEN+55BJFN8/7xOTMqqZOdDryw0fVS0Wyc2lvV1vzF8MidVSAhGkz2Kwyz7VuPujeB7U+wGylpdgW877fmxSYGplQMBkqPkANqX9lQ== root@etc4m7-appadm0103

Enter the following commands, entering the necessary password when prompted:
```
root@etc4m7-appadm0103# ssh -o StrictHostKeyChecking=no zfs-controller1-hostname.domain-name
zfs-controller1-hostname:> exit
```
where:
- zfs-controller1-hostname is the host name for the first storage head on the ZFS storage appliance
- domain-name is the domain name for your company
For example:
```
root@etc4m7-appadm0103# ssh -o StrictHostKeyChecking=no etc4m7-h1-storadm.us.example.com
etc4m7-h1-storadm:> exit
```
Enter the following commands, entering the necessary passwords when prompted:
```
root@etc4m7-appadm0103# ssh -o StrictHostKeyChecking=no zfs-controller1-hostname
zfs-controller1-hostname:> exit
```
where zfs-controller1-hostname is the host name for the first storage head on the ZFS storage appliance. Note that you do not append your company's domain name for these two entries. For example:
```
root@etc4m7-appadm0103# ssh -o StrictHostKeyChecking=no etc4m7-h1-storadm
etc4m7-h1-storadm:> exit
```

Log in to the first storage head on the ZFS storage appliance:

# ssh zfs-controller1-hostname
Password:
zfs-controller1-hostname:>

For example:

# ssh etc4m7-h1-storadm
Password:
etc4m7-h1-storadm:>

Enter the following commands on the first storage head on the ZFS storage appliance:

etc4m7-h1-storadm:> configuration users
etc4m7-h1-storadm:configuration users> select root
etc4m7-h1-storadm:configuration users root> preferences keys
etc4m7-h1-storadm:configuration users root preferences keys> create
etc4m7-h1-storadm:configuration users root preferences key (uncommitted)> set type=RSA

Enter the following command:

etc4m7-h1-storadm:configuration users root preferences key (uncommitted)> set key="copied-output"

where copied-output is the output that you copied from Step 11.d, within quotation marks. For example:

etc4m7-h1-storadm:configuration users root preferences key (uncommitted)> set key="AAAAB3NzaC1yc2EAAAABIwAAAQEA6eqf6BJTIVHKgoEGNnon6sS9m6pFp0f4qvpyHCNudStJRv8tR+z4fFNpLb9U3ImS6asENT4+1GxoLTsNrs0CzhITyaRVTuRuHBD0CHT17DrSZxm/oAwxaJhxjAC0Viq4KAP28daFjBODvIMLcB/paiLlNo4zLQsNbU3aDfrcL7R9yRtni63lgAM2U0BWN/V6HUGvSK6rlhv7WQIucv4PlyjOrjPU31IMkO0MSrgxyBwfkvijiEN+55BJFN8/7xOTMqqZOdDryw0fVS0Wyc2lvV1vzF8MidVSAhGkz2Kwyz7VuPujeB7U+wGylpdgW877fmxSYGplQMBkqPkANqX9lQ=="

Provide a comment for these changes:
```
etc4m7-h1-storadm:configuration users root preferences key (uncommitted)> set comment="comment"
```
where comment is a unique comment for the changes you just applied, such as the name of the Application Domain and the date. For example:
```
etc4m7-h1-storadm:configuration users root preferences key (uncommitted)> set comment="etc4m7-appadm0103-20170420"
```

Commit these changes:

etc4m7-h1-storadm:configuration users root preferences key (uncommitted)> commit

Exit back to the Application Domain login prompt:

etc4m7-h1-storadm:configuration users root preferences key> done
etc4m7-h1-storadm:> exit
root@etc4m7-appadm0103#

If you do not have a template zone on the Application Domain and you would like to create one, do so using the following command.

From the ssc_exavm directory, create the template zone:

root@etc4m7-appadm0103# cd /opt/oracle.supercluster/zonetools/ssc_exavm
root@etc4m7-appadm0103:/opt/oracle.supercluster/zonetools/ssc_exavm# ./ssc_exavm -template

The output shown below is abbreviated from the actual output.

INFO: Logging all actions in /opt/oracle.supercluster/zonetools/ssc_exavm/tmp/etc4m7-appadm0103-20121129093659.log and traces in /opt/oracle.supercluster/zonetools/ssc_exavm/tmp/etc4m7-appadm0103-20121129093659.trc and o/p in /opt/oracle.supercluster/zonetools/ssc_exavm/tmp/etc4m7-appadm0103-20121129093659.out
INFO: Begin Template Creation
INFO: Checking for etc4m7-appadm0103_T
INFO: Checking for etc4m7-appadm0103_T
INFO: Creating a template Virtual Guest for future use
INFO: 2012-11-29 09:37:14 : Executing zfs create rpool/etc4m7-appadm0103_T
 
INFO: Executing /opt/oracle.supercluster/zonetools/ssc_exavm/tmp/vmtrash/8461.SysCall.0.cmd
 
INFO: Running System command ... 
R  R
SUCCESS: Done
INFO: 2 : Completed Command Execution
INFO: 2012-11-29 09:37:16 : Completed Command Execution
INFO: 2012-11-29 09:37:16 : Executing zfs set quota=6G rpool/etc4m7-appadm0103_T
 
INFO: Executing /opt/oracle.supercluster/zonetools/ssc_exavm/tmp/vmtrash/8461.SysCall.1.cmd
 
... (OUTPUT ABBREVIATED) ...
 
INFO: Running System command ...
R
SUCCESS: Done
INFO: 1 : Completed Command Execution
INFO: 2012-11-29 09:51:25 : Completed Command Execution
SUCCESS: Completed creation of Virtual guests
 
INFO: Virtual Guest creation Summary :
 
INFO: Completed : etc4m7-appadm0103_T  Data file :: none

The name for the template zone for this particular domain is app-dom_T (for example, etc4m7-appadm0103_T).

Enter the following command to verify that the template zone was created successfully:

root@etc4m7-appadm0103# zoneadm list -cv
ID  NAME                 STATUS   PATH                            BRAND    IP 
0   global               running  /                               solaris  shared
65  etc4m7-appadm0103_T  running  /zoneHomeT/etc4m7-appadm0103_T  solaris  excl

Navigate to the ssc_exavm directory:

root@etc4m7-appadm0103# cd /opt/oracle.supercluster/zonetools/ssc_exavm

Locate the testzone_app.xml file within that directory.

Make a backup copy of the testzone_app.xml file:

root@etc4m7-appadm0103# cp testzone_app.xml testzone_app.xml.orig

Determine the entries that you want to use for the zones that you want to create in the Application Domain.

In the next step, you will edit the testzone_app.xml file to replace the default entries in that file with zone-specific entries. Use the following table to determine what the default values are and what values you want to use for the zone that you want to create in the Application Domain.

Note the following:

If there is a default entry that should remain as-is when you make your zones-specific changes to the testzone_app.xml file, that entry will be repeated in the Your Zone-Specific Entry column to show you that this default entry should remain as-is in your edited file.
The SLAVES fields are empty in the generic testzone_app.xml file, and should remain empty in your zone-specific edited version of the file.

Section	Field	Default Entry	Your Zone-Specific Entry
ID	id	testappzone01
HOSTINFO	DNSSERVERS	192.168.100.1, 192.168.200.1
	DEFAULTGW	192.168.100.1
	DOMAINNAME	mydomain.com
	NODETYPE	app	app
	NTPSERVERS	192.168.110.1
	TIMEZONE	America/Los_Angeles
	VIRTUALNODENAME	testappzone01
	VIRTUALOSTYPE	SolarisZone	SolarisZone
NETWORKS, 1st NETWORK Subsection (Management Network)	id	c0_testappzone01.us.oracle.com_admin
	GATEWAY	192.168.100.1
	INTERFACENAME	scm_ipmp0	scm_ipmp0
	IPADDRESS	192.168.100.10
	NETMASK	255.255.240.0
	NETWORKHOST	testappzone01
	NETWORKNAME	admin	admin
	NETWORKTYPE	GigE	GigE
	NETWORKVERSION	1.0	1.0
	SLAVES	Empty	Leave empty
NETWORKS, 2nd NETWORK Subsection (Client Access Network)	id	c0_testappzone01.us.oracle.com_client
	GATEWAY	192.168.200.1
	INTERFACENAME	sc_ipmp0	sc_ipmp0
	IPADDRESS	192.168.200.10
	NETMASK	255.255.240.0
	NETWORKHOST	testappclnt01
	NETWORKNAME	client	client
	NETWORKTYPE	XGigE	XGigE
	NETWORKVERSION	1.0	1.0
	SLAVES	Empty	Leave empty
NETWORKS, 3rd NETWORK Subsection (Private IB Network)	id	c0_testappzone01.us.oracle.com_stor
	GATEWAY	Empty	Leave empty
	INTERFACENAME	stor_ipmp0	stor_ipmp0
	NETWORKPKEY	8503	8503
	IPADDRESS	192.168.128.240
	NETMASK	255.255.252.0
	NETWORKHOST	testappzone01-stor
	NETWORKNAME	private	private
	NETWORKTYPE	IB	IB
	NETWORKVERSION	1.0	1.0
	SLAVES	Empty	Leave empty
SPACE/STORAGE	id	root	root
	MOUNTPOINT	/	/
	QUOTA	100gb
	STORAGEBASE	testappzone01
	STORAGEVERSION	1.0	1.0
CPU	CORELOCKED	no
	CPUPOOLPREFIX	testappzone01
	CPUSHARED	no
	CPUTYPE	DevDynamic
	CPUVERSION	1.0
	MAX	4
	MIN	4
	POLICY	Static

Edit the testzone_app.xml file with the necessary information for the zone that you will be creating on this Application Domain.
Use the information that you entered in the table in the previous step to replace the default values in the file with the zone-specific values.
Create the zone on the Application Domain using the edited testzone_app.xml file, which now contains the zone-specific information:
```
root@etc4m7-appadm0103# ./ssc_exavm -create -xml testzone_app.xml
```
At the end of the process, you should see a confirmation message similar to the following:
```
INFO: Completed: etc4m7zdbadm010206  Data file : : testzone_app.xml
```

Verify that the zone was created on the Application Domain successfully:

root@etc4m7-appadm0103# zoneadm list -cv

Output similar to the following appears - note the addition of the new zone:

ID  NAME                    STATUS     PATH                               BRAND     IP 
0   global                  running    /                                  solaris   shared
67  etc4m7zdbadm010206      running    /zoneHome/etc4m7zdbadm010206       solaris   excl
-   etc4m7-appadm0103_T     installed  /zoneHomeT/etc4m7-appadm0103_T     solaris   excl

Log into the new zone on the Application Domain to verify that it was created successfully:
```
root@etc4m7-appadm0103# zlogin etc4m7zdbadm010206
root@etc4m7zdbadm010206#
```

Verify that there are no duplicate addresses:

root@etc4m7zdbadm010206# ipadm show-addr

Output similar to the following should appear:

ADDROBJ          TYPE       STATE     ADDR
lo0/v4           static     ok        127.0.0.1/8
scm_ipmp0/v4     static     ok        10.111.22.19/22
sc_ipmp0/v4      static     ok        10.111.222.20/22
bondib0/v4       static     ok        192.111.10.15/22
lo0/v6           static     ok        ::1/128

You should not see duplicate in the STATE column for the zone that you just created. If you do see duplicate IP addresses in the output:

Remove the duplicate address:

root@etc4m7zdbadm010206# ipadm delete-addr ADDROBJ-entry

Re-add the address:

root@etc4m7zdbadm010206# ipadm create-addr -T static -a local=new-ADDR ADDROBJ-entry

For example:

root@etc4m7zdbadm010206# ipadm delete-addr net0/v4
root@etc4m7zdbadm010206# ipadm create-addr -T static -a local=10.7.8.9/24 net0
net0/v4

Repeat Step 16 through Step 20 to replace the duplicate IP address in the testzone_app.xml file.
Create the zone again, then run Step 21 again to verify that there are no duplicate addresses after the correction.

Log out of the new zone:

root@etc4m7zdbadm010206# exit
root@etc4m7-appadm0103#