How to Configure a Zone Cluster to Use Trusted Extensions

After you create a labeled brand zone cluster, perform the following steps to finish configuration to use Trusted Extensions.

Complete IP-address mappings for the zone cluster.

Perform this step on each node of the zone cluster.

From a node of the global cluster, display the node's ID.
```
phys-schost# cat /etc/cluster/nodeidN
```
Log in to a zone-cluster node on the same global-cluster node.

Ensure that the SMF service has been imported and all services are up before you log in.

Determine the IP addresses used by this zone-cluster node for the private interconnect.

The cluster software automatically assigns these IP addresses when the cluster software configures a zone cluster.

In the ifconfig -a output, locate the clprivnet0 logical interface that belongs to the zone cluster. The value for inetis the IP address that was assigned to support the use of the cluster private interconnect by this zone cluster.

zc1# ifconfig -a
lo0:3: flags=20010008c9<UP,LOOPBACK,RUNNING,NOARP,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone zc1
inet 127.0.0.1 netmask ff000000
net0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.11.166.105 netmask ffffff00 broadcast 10.11.166.255
groupname sc_ipmp0
ether 0:3:ba:19:fa:b7
ce0: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu 1500 index 4
inet 10.11.166.109 netmask ffffff00 broadcast 10.11.166.255
groupname sc_ipmp0
ether 0:14:4f:24:74:d8
ce0:3: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
zone zc1
inet 10.11.166.160 netmask ffffff00 broadcast 10.11.166.255
clprivnet0: flags=1009843<UP,BROADCAST,RUNNING,MULTICAST,MULTI_BCAST,PRIVATE,IPv4> mtu 1500 index 7
inet 172.16.0.18 netmask fffffff8 broadcast 172.16.0.23
ether 0:0:0:0:0:2
clprivnet0:3: flags=1009843<UP,BROADCAST,RUNNING,MULTICAST,MULTI_BCAST,PRIVATE,IPv4> mtu 1500 index 7
zone zc1
inet 172.16.0.22 netmask fffffffc broadcast 172.16.0.23

Add to the zone-cluster node's /etc/inet/hosts file the following addresses of the zone-cluster node.
- The host name for the private interconnect, which is clusternodeN-priv, where N is the global-cluster node ID.
```
172.16.0.22    clusternodeN-priv 
```
- Each net resource that was specified to the clzonecluster command when you created the zone cluster
Repeat on the remaining zone-cluster nodes.

Authorize communication with zone-cluster components.
Create new entries for the IP addresses used by zone-cluster components and assign each entry a CIPSO template. These IP addresses which exist in the zone-cluster node's /etc/inet/hosts file are as follows:
- Each zone-cluster node private IP address
- All cl_privnet IP addresses in the zone cluster
- Each logical-hostname public IP address for the zone cluster
- Each shared-address public IP address for the zone cluster
```
phys-schost# tncfg -t cipso
tncfg:cipso> add host=ipaddress1
tncfg:cipso> add host=ipaddress2
…
tncfg:cipso> exit
```
For more information about CIPSO templates, see How to Configure a Different Domain of Interpretation in Trusted Extensions Configuration and Administration.
Set IP strict multihoming to weak.
Perform the following commands on each node of the zone cluster.
```
phys-schost# ipadm set-prop -p hostmodel=weak ipv4
phys-schost# ipadm set-prop -p hostmodel=weak ipv6
```
For more information about the hostmodel property, see hostmodel Parameter (IPv4 or IPv6) in Oracle Solaris 11.4 Tunable Parameters Reference Manual.

Next Steps

To add file systems or storage devices to the zone cluster. See the following sections: