Communities
|
Social Applications
Networks
Support
|
|
C-Level Executives
Other Roles
|
|
Support
Education
Partner
Other Tasks
|
Articles
Server and Storage Administration
How to Get Started Creating Oracle Solaris Zones in Oracle Solaris 11
November 2011
by Duncan Hardie
How to create an Oracle Solaris Zone, install an application in that zone, and clone the zone so you can roll out multiple, duplicate resource-controlled environments quickly and easily.
Introduction
This article will help you get familiar with the basic operations of Oracle Solaris Zone configuration and management in Oracle Solaris 11.
|
In Oracle Solaris 10, Oracle Solaris Zones technology gave you the ability to create different isolated environments to suit the needs of your particular applications, all on the same instance of Oracle Solaris. Instead of running and managing multiple operating systems to host multiple applications on multiple systems, you could run and manage only one OS and place each application inside a zone. So instead of having to spend time and resources managing multiple OSs, all you needed to do was manage multiple zones. Much simpler.
Oracle Solaris 11 places Oracle Solaris Zones technology at its core, integrating Oracle Solaris Zones with key Oracle Solaris 11 features. For example, tight integration with the new software management architecture makes deployment of Oracle Solaris 11 and Oracle Solaris Zones easy.
Oracle Solaris Zones let you isolate one application from others on the same OS, allowing you to create an isolated environment in which users can log in and do what they want from inside an Oracle Solaris Zone without affecting anything outside that zone. In addition, Oracle Solaris Zones also are secure from external attacks and internal malicious programs. Each Oracle Solaris Zone contains a complete resource-controlled environment that allows you to allocate resources such as CPU, memory, networking, and storage.
If you are the administrator who owns the system, you can choose to closely manage all the Oracle Solaris Zones or you can assign rights to other administrators for specific Oracle Solaris Zones. This flexibility lets you tailor an entire computing environment to the needs of a particular application, all within the same OS.
Overview of the Environment We Will Implement
In this how-to guide, we will set up three Oracle Solaris Zones, one to host a test environment for developers (testzone) and two to host our Web-facing applications (webzone-1 and webzone-2), all side by side on a single system.
Each zone will highlight a simple feature of getting started with zones:
- With
testzone, we'll see how to create a zone using the command line. - With
webzone-1, we'll see how to add an application to a zone. - With
webzone-2, we'll see how to clone a zone.
Our test zone will benefit from the isolation capabilities of Oracle Solaris Zones technology. You can quickly create the zone and then hand it over to the development group. That group's administrator can independently manage the environment, and the test engineers are free to install the packages they need, all in isolation from the rest of the system. We will also see how the Image Package System (IPS) in Oracle Solaris 11 enables Oracle Solaris Zones to be mean and lean, allowing system resources to be used for the applications rather than for the virtualization technologies.
Our first Web zone, webzone-1, will be used to install the Web environment where we run our online Point of Sales (POS) Web server. Here, we can make sure transactions are completed by assigning appropriate resources to guarantee levels of service. Oracle Solaris Zones technology allows you to control not only CPU and memory, but also network bandwidth and access to storage. This is enabled by tight integration with the rest of Oracle Solaris 11 core features, such as network virtualization and ZFS-based storage.
Our second Web zone, webzone-2, will be created in response to a spike in demand within our POS environment. An additional Web server is needed to handle the increased traffic as quickly as possible. We will do this using the cloning feature available in Oracle Solaris Zones. This is a commonly used technique in the industry where a golden master (or template) is created and new environments are rolled out based on the original. We will see how incredibly fast this is with Oracle Solaris Zones technology, and we will also see how we save on disk space. This cloning process can be used to rapidly roll out multiple, duplicate environments quickly and easily, on demand, which could be of great use in a cloud environment.
After following the procedures in this article, you will have three zone environments configured as shown in Figure 1. Each zone will have its file system placed on the /zones ZFS data set and will have an exclusive network connection through the physical data link (network port e1000g0). The Web zones will also have the Apache Web server application.
Figure 1. Three Zones Accessing a Network Port with Their File Systems on /zones
Note: "Global zone" refers to the default zone for the system, which is also used for system-wide administrative control.
Now that we understand what we are trying to do, we will go through the steps for achieving our goal.
Figure 2 shows the settings we will use.
Figure 2. Three Zones and Their Configuration Details
Creating Your First Zone: testzone
This article concentrates on the tasks that are necessary to get Oracle Solaris Zone instances up and running quickly. For a full discussion on all the steps involved in creating an Oracle Solaris Zone and how you can configure its attributes, please see Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management.
Before We Start
Check the status of both the ZFS file system and the network:
root@global:~# zfs list | grep zones root@global:~# dladm show-link LINK CLASS MTU STATE OVER e1000g0 phys 1500 up -- e1000g1 phys 1500 unknown --
Note that there are no ZFS data sets associated with any zones and no virtual NIC devices.
Step 1: Configure an Oracle Solaris Zone
Let's start by creating a simple test zone using the command line, as shown in Listing 1.
Listing 1: Creating a Zoneroot@global:~# zonecfg -z testzone testzone: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:testzone> create create: Using system default template 'SYSdefault' zonecfg:testzone> set zonepath=/zones/testzone zonecfg:testzone> set autoboot=true zonecfg:testzone> set bootargs="-m verbose" zonecfg:testzone> verify zonecfg:testzone> commit zonecfg:testzone> exit
If you get any configuration errors at this stage, refer to Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management.
Tip: If your zonepath includes the zone's name, it's much easier to track your zone's files.
In this case, we have named the zone testzone and we have chosen /zones/testzone as the location under which the zone will be installed. Also, the zone will automatically start on boot in a verbose manner. We do this so that we don't have to start the zone manually after a system reboot and so we can see all the services start up.
By default, all Oracle Solaris Zones are configured to have an automatic VNIC called anet, which gives us a network device automatically. (We will discuss more details for this network device's configuration later.) We cannot see this network device yet, because it is automatically created when the zone is booted and also automatically destroyed on shutdown. We can check this with the dladm command:
root@global:~# dladm show-link LINK CLASS MTU STATE OVER e1000g0 phys 1500 up -- e1000g1 phys 1500 unknown --
We can verify that the zone is now in the configured state using the zoneadm command:
root@global:~# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared - testzone configured /zones/testzone solaris excl
Step 2: Install the Zone
Now that the zone has been configured, we need to install it, as shown in Listing 2.
It is important to understand that Oracle Solaris Zones in Oracle Solaris 11 are created by using the IPS feature. You will need to ensure you have access to your IPS repository. In this case, we have network access to our IPS repository. For more details on IPS see Introducing the Basics of Image Packaging System (IPS) on Oracle Solaris 11.
Listing 2: Installing a Zone
root@global:~# zoneadm -z testzone install
A ZFS file system has been created for this zone.
Progress being logged to /var/log/zones/zoneadm.20111016T114436Z.testzone.install
Image: Preparing at /zones/testzone/root.
Install Log: /system/volatile/install.6677/install_log
AI Manifest: /tmp/manifest.xml.zVaybn
SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
Zonename: testzone
Installation: Starting ...
Creating IPS image
Installing packages from:
solaris
origin: http://pkg.oracle.com/solaris/release/
DOWNLOAD PKGS FILES XFER (MB)
Completed 167/167 32062/32062 175.8/175.8
PHASE ACTIONS
Install Phase 44311/44311
PHASE ITEMS
Package State Update Phase 167/167
Image State Update Phase 2/2
Installation: Succeeded
Note: Man pages can be obtained by installing pkg:/system/manual
done.
Done: Installation completed in 110.519 seconds.
Next Steps: Boot the zone, then log into the zone console (zlogin -C)
to complete the configuration process.
Log saved in non-global zone as /zones/testzone/root/var/log/zones/zoneadm.20111016T114436Z.testzone.install
The zone was installed in just 110 seconds. This is very quick when compared with other virtualization technologies and reflects the lightweight nature of Oracle Solaris Zones.
We can check on the status of our zone using the zoneadm command:
root@global:~# zoneadm list -iv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared - testzone installed /zones/testzone solaris excl
The zonepath must live on a ZFS data set, and it is created automatically when the zone is installed. You can check that by using the zfs command, as shown in Listing 3.
root@global:~# zfs list | grep zones rpool/zones 368M 844G 32K /zones rpool/zones/testzone 368M 844G 32K /zones/testzone rpool/zones/testzone/rpool 368M 844G 31K /rpool rpool/zones/testzone/rpool/ROOT 368M 844G 31K legacy rpool/zones/testzone/rpool/ROOT/solaris 367M 844G 310M /zones/testzone/root rpool/zones/testzone/rpool/ROOT/solaris/var 57.3M 844G 56.4M /zones/testzone/root/var rpool/zones/testzone/rpool/export 62K 844G 31K /export rpool/zones/testzone/rpool/export/home 31K 844G 31K /export/home
You can see the /zones and /zones/testzone data sets have been created automatically for you. Having Oracle Solaris Zones on a ZFS data set enables functionality, such as cloning and snapshots, and allows Oracle Solaris Zones to take full advantage of ZFS.
Note: The size of testzone is only 368 MB. Oracle Solaris Zones have a minimal footprint, reflecting how lightweight Oracle Solaris Zones are as a virtualization technology.
Step 3: Boot and Complete the System Configuration
The final step in getting testzone up and running is to boot it and set up the system configuration.
Run the following command to boot the zone and then access its console:
root@global:~# zoneadm -z testzone boot; zlogin -C testzone
Note: The
-Coption tozloginlets us access the zone console, that is, it takes us into the zone and lets us work within the zone.Because no system configuration files are available, the System Configuration Tool starts up, as shown in Figure 3.
Figure 3. System Configuration Tool
- Press F2 to continue.
Enter
testzoneas the computer name, as shown in Figure 4, highlight Manually to manually configure the network, and then press F2 to continue.Note: We do not select "Automatically" in this example, but if you were to select it, you would not have to enter any network information at all, because the configuration would be done for you.
Figure 4. Selecting Manual Configuration
Enter the network settings appropriate for your network, as shown in Figure 5, and then press F2.
Figure 5. Entering Network Settings
We will not configure DNS at this time (see Figure 6), so press F2.
Figure 6. Selecting Not to Configure DNS
We will not set up a name service at this time, so press F2.
Figure 7. Selecting Not to Set Up a Name Service
Select the time zone region appropriate for your location, as shown in Figure 8, and press F2.
Figure 8. Selecting Time Zone Region
Select the appropriate location, as shown in Figure 9, and then press F2.
Figure 9. Selecting Location
Select the appropriate time zone, as shown in Figure 10, and then press F2.
Figure 10. Selecting Time Zone
Complete your configuration by entering a root password, your name, a user name, and a user password, as shown in Figure 11. Then press F2.
Figure 11. Completing the Configuration
Verify that the configuration you have chosen is correct and apply the settings by pressing F2.
Figure 12. Verifying the Configuration
The zone will continue booting and soon you will see the console login, as shown in Listing 4.
Listing 4: Output from Zone Booting Process[ system/system-log:default starting (system log) ] [ system/auditd:default starting (Solaris audit daemon) ] [ network/smtp:sendmail starting (sendmail SMTP mail transfer agent) ] [ network/sendmail-client:default starting (sendmail SMTP client queue runner) ] Oct 16 13:13:15 testzone sendmail[8911]: My unqualified host name (testzone) unknown; sleeping for retry Oct 16 13:13:15 testzone sendmail[8913]: My unqualified host name (testzone) unknown; sleeping for retry [ system/console-login:default starting (Console login) ] testzone console login:
The zone is now ready to be logged into. For this example, we will now exit the console using the "~." escape sequence.
You can check that your zone is booted and running by using the zoneadm command:
root@global:~# zoneadm list -v ID NAME STATUS PATH BRAND IP 0 global running / solaris shared 2 testzone running /zones/testzone solaris excl
As promised, a VNIC was automatically created for us when the zone was booted. We can check this by using the dladm command:
root@global:~# dladm show-link LINK CLASS MTU STATE OVER e1000g0 phys 1500 up -- e1000g1 phys 1500 unknown -- testzone/net0 vnic 1500 up e1000g0
We can see the VNIC listed as testzone/net0.
Step 4: Log In to Your Zone
The last step is to log in to your zone and have a look about. You can do this from the global zone using the zlogin command, as shown in Listing 5.
root@global:~# zlogin testzone [Connected to zone 'testzone' pts/3] Oracle Corporation SunOS 5.11 11.0 November 2011 root@testzone:~# uname -a SunOS testzone 5.11 11.0 i86pc i386 i86pc root@testzone:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 net0/v4 static ok 10.134.79.241/24 lo0/v6 static ok ::1/128 net0/v6 addrconf ok fe80::8:20ff:fe6f:9645/10 root@testzone:~# dladm show-link LINK CLASS MTU STATE OVER net0 vnic 1500 up ? root@testzone:~# zfs list NAME USED AVAIL REFER MOUNTPOINT rpool 400M 843G 31K /rpool rpool/ROOT 400M 843G 31K legacy rpool/ROOT/solaris 400M 843G 341M / rpool/ROOT/solaris/var 58.1M 843G 57.1M /var rpool/export 96.5K 843G 32K /export rpool/export/home 64.5K 843G 32K /export/home rpool/export/home/fred 32.5K 843G 32.5K /export/home/fred root@testzone:~# exit logout [Connection to zone 'testzone' pts/3 closed]
Note: We did not use the -C option for the zlogin command, which means we are not accessing the zone via its console. This is why we can simply exit the shell at the end to leave the zone.
Let's look at what we found:
- The
unamecommand shows that we are running on Oracle Solaris 11. - The
ipadmcommand shows the IP addresses fortestzone. There are four entries, two loopback devices (IPv4 and IPv6), our IPv4net0device with an IP address of 10.134.79.241, and finally an IPv6net0device. - The
dladmcommand shows our automatically creatednet0VNIC. - The
zfs listcommand shows us our ZFS data set.
Note: From within testzone, we cannot see any information about the global zone. We can see only the attributes of our own zone.
You have now verified that testzone is up and running. You can give the user logins and passwords to the development team's administrator, allowing that administrator to complete the setup of the team's zone as if it were a single system.
Oracle Solaris Zones and Networking
New in Oracle Solaris 11, Oracle Solaris Zones are now automatically created with an exclusive IP network resource by default. This means that an Oracle Solaris Zone has access to a complete network stack, allowing zone administrators to do such things as set their own IP address and routing.
When we used zonecfg to create testzone (in Step1: Configure an Oracle Solaris Zone) using the default template, a network resource called anet with the following properties was automatically included in the zone configuration:
linknameisnet0lower-linkisautomac-addressisrandomlink-protectionismac-nospoof
We can see this by using the zonecfg command, as shown in Listing 6.
root@global:~# zonecfg -z testzone info zonename: testzone zonepath: /zones/testzone brand: solaris autoboot: true bootargs: -m verbose file-mac-profile: pool: limitpriv: scheduling-class: ip-type: exclusive hostid: fs-allowed: anet: linkname: net0 lower-link: auto allowed-address not specified configure-allowed-address: true defrouter not specified allowed-dhcp-cids not specified link-protection: mac-nospoof mac-address: random mac-prefix not specified mac-slot not specified vlan-id not specified priority not specified rxrings not specified txrings not specified mtu not specified maxbw not specified rxfanout not specified
You can see that the anet network device has been automatically configured. As discussed earlier, this resource is created and destroyed automatically when the zone is booted and shut down, respectively. You can see this as follows.
First, check the IP address of your global zone:
root@global:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 e1000g0/_a static ok 10.134.79.168/24 lo0/v6 static ok ::1/128
Use dladm to look at the data link status:
root@global:~# dladm show-link LINK CLASS MTU STATE OVER e1000g0 phys 1500 up -- e1000g1 phys 1500 unknown -- testzone/net0 vnic 1500 up e1000g0
Note how a VNIC attached to e1000g0 (testzone/net0) has been automatically created for testzone.
Log in to testzone, checking the link status and IP address and then ping the global zone, as shown in Listing 7.
root@testzone:~# zlogin testzone root@testzone:~# dladm show-link LINK CLASS MTU STATE OVER net0 vnic 1500 up ? root@testzone:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 net0/v4 static ok 10.134.79.241/24 lo0/v6 static ok ::1/128 net0/v6 addrconf ok fe80::8:20ff:fec4:32bb/10 root@testzone:~# ping 10.134.79.168 10.134.79.168 is alive root@testzone:~# exit logout [Connection to zone 'testzone' pts/3 closed]
Creating webzone-1 and Adding an Application
Now let's create our second zone, webzone-1, for our Web-facing applications and add an application to it.
Step 1: Create webzone-1 with Minimum Information
Again we start by creating webzone-1 using zonecfg. However, this time, to demonstrate how quick and easy it is to set up a zone, we will supply the minimum required information, the zonepath:
root@global:~# zonecfg -z webzone-1 "create ; set zonepath=/zones/webzone-1"
You can see the zone configuration by using the zonecfg command, as shown in Listing 8.
root@global:~# zonecfg -z webzone-1 info zonename: webzone-1 zonepath: /zones/webzone-1 brand: solaris autoboot: false bootargs: file-mac-profile: pool: limitpriv: scheduling-class: ip-type: exclusive hostid: fs-allowed: anet: linkname: net0 lower-link: auto allowed-address not specified configure-allowed-address: true defrouter not specified allowed-dhcp-cids not specified link-protection: mac-nospoof mac-address: random mac-prefix not specified mac-slot not specified vlan-id not specified priority not specified rxrings not specified txrings not specified mtu not specified maxbw not specified rxfanout not specified
That's it. As far as configuration, we are done.
Step 2: Install webzone-1
Next we install the zone, as shown in Listing 9.
Listing 9: Installing the Zone
root@global:~# zoneadm -z webzone-1 install
A ZFS file system has been created for this zone.
Progress being logged to /var/log/zones/zoneadm.20111016T143052Z.webzone-1.install
Image: Preparing at /zones/webzone-1/root.
Install Log: /system/volatile/install.10393/install_log
AI Manifest: /tmp/manifest.xml.Iza4ru
SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
Zonename: webzone-1
Installation: Starting ...
Creating IPS image
Installing packages from:
solaris
origin: http://pkg.oracle.com/solaris/release/
DOWNLOAD PKGS FILES XFER (MB)
Completed 167/167 32062/32062 175.8/175.8
PHASE ACTIONS
Install Phase 44311/44311
PHASE ITEMS
Package State Update Phase 167/167
Image State Update Phase 2/2
Installation: Succeeded
Note: Man pages can be obtained by installing pkg:/system/manual
done.
Done: Installation completed in 108.257 seconds.
Next Steps: Boot the zone, then log into the zone console (zlogin -C)
to complete the configuration process.
Log saved in non-global zone as /zones/webzone-1/root/var/log/zones/zoneadm.20111016T143052Z.webzone-1.install
Step 3: Boot and Configure webzone-1
Boot webzone-1, log in to the console, and enter the same settings as we did for testzone except for the IP address. Set the IP address to 10.134.79.242.
root@global:~# zoneadm -z webzone-1 boot; zlogin -C webzone-1
Refer back to Step 3: Boot and Complete the System Configuration if you are unsure of the steps. At the end, remember to exit from the console using the "~." escape sequence.
Adding an Application to webzone-1
Now that we have a running zone that is connected to the network, we want to put an application in it. In this case, because this is going to be a zone that serves our Web content, let's add the Apache Web server.
From the global zone, log in to webzone-1 and check the status of the Apache Web server package:
root@global:~# zlogin webzone-1
[Connected to zone 'webzone-1' pts/3]
Oracle Corporation SunOS 5.11 11.0 November 2011
root@webzone-1:~# pkg info /web/server/apache-22
pkg: info: no packages matching the following patterns you specified are
installed on the system. Try specifying -r to query remotely:
/web/server/apache-22
The package is not installed. Let's double-check by querying remotely against the IPS repository using the -r option, as shown in Listing 10.
root@webzone-1:~# pkg info -r /web/server/apache-22
Name: web/server/apache-22
Summary: Apache Web Server V2.2
Description: The Apache HTTP Server Version 2.2
Category: Web Services/Application and Web Servers
State: Not installed
Publisher: solaris
Version: 2.2.20
Build Release: 5.11
Branch: 0.175.0.0.0.1.530
Packaging Date: Wed Oct 12 14:13:31 2011
Size: 9.24 MB
FMRI: pkg://solaris/web/server/apache-22@2.2.20,5.11-0.175.0.0.0.1.530:20111012T141331Z
The state is shown as Not installed. So let's install the Apache Web server into our zone, as shown in Listing 11.
root@webzone-1:~# pkg install /web/server/apache-22
Packages to install: 3
Create boot environment: No
Create backup boot environment: No
Services to change: 1
DOWNLOAD PKGS FILES XFER (MB)
Completed 3/3 636/636 4.2/4.2
PHASE ACTIONS
Install Phase 800/800
PHASE ITEMS
Package State Update Phase 3/3
Image State Update Phase 2/2
We see that IPS downloads all the related files we need. There is no need to figure out the dependencies. In this case, three packages were installed. We can check the status of the Apache Web server by using the pkg info command again, as shown in Listing 12.
root@webzone-1:~# pkg info /web/server/apache-22
Name: web/server/apache-22
Summary: Apache Web Server V2.2
Description: The Apache HTTP Server Version 2.2
Category: Web Services/Application and Web Servers
State: Installed
Publisher: solaris
Version: 2.2.20
Build Release: 5.11
Branch: 0.175.0.0.0.1.530
Packaging Date: Wed Oct 12 14:13:31 2011
Size: 9.24 MB
FMRI: pkg://solaris/web/server/apache-22@2.2.20,5.11-0.175.0.0.0.1.530:20111012T141331Z
This time, the state is shown as Installed. Congratulations; you have added your first package to a zone.
Creating webzone-2 Using a Clone
Now let's create the final zone, webzone-2. We could just repeat the process that we used to create the other zones, but in this case, we simply want another Web server environment just like webzone-1. Instead of having to duplicate the configuration process, let's make a clone of webzone-1. We are effectively using webzone-1 as a global master for zone creation.
Step 1: Create a Zone System Configuration Template
To avoid having to manually configure the system properties of our cloned zone, let's first create a system ID template for webzone-2. We can do this by using the sysconfig tool from within webzone-1:
root@global:~# zlogin webzone-1 root@webzone-1:~# sysconfig create-profile -o /root/webzone-2-template.xml
Note: When using the sysconfig tool to create a profile, make sure you use the .xml extension in your output file name.
Go through the screens entering the correct information for webzone-2 (remember to use 10.134.79.243 as the IP address this time). As in the Step 3: Boot and Complete the System Configuration section, when the configuration has been completed, you will see that your configuration file has been created. Finally, log out back to the global zone.
Exiting System Configuration Tool. Log is available at: /var/tmp/install/sysconfig.log root@webzone-1:~# ls webzone-2-template.xml root@webzone-1:~# exit logout [Connection to zone 'webzone-1' pts/2 closed]
Note: When using the sysconfig tool, you are not allowed to use any existing user names in the user account section. In our case, we could not use the user name fred so we chose jack instead.
We'll copy this file to a more convenient location in a later step.
Step 2: Create the Zone Profile File
From the global zone on our system, we first need to halt webzone-1, the zone we want to clone. (You should not clone a running zone.) We use zoneadm list to verify that the zone is shut down, as shown in Listing 13.
root@global:~# zoneadm list -iv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared 2 testzone running /zones/testzone solaris excl 3 webzone-1 running /zones/webzone-1 solaris excl root@global:~# zoneadm -z webzone-1 shutdown root@global:~# zoneadm list -iv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared 2 testzone running /zones/testzone solaris excl - webzone-1 installed /zones/webzone-1 solaris excl
Now let's capture the configuration of the zone and use it as a master profile template for other zones we will create, in this case, webzone-2:
root@global:~# zonecfg -z webzone-1 export -f /zones/webzone-2-profile
Using your favorite editor, make the file read as shown in Listing 14. (You always need to update the zonepath, but we have also chosen to update autoboot.)
root@global:~# cat /zones/webzone-2-profile create -b set zonepath=/zones/webzone-2 set brand=solaris set autoboot=true set ip-type=exclusive add anet set linkname=net0 set lower-link=auto set configure-allowed-address=false set link-protection=mac-nospoof set mac-address=random set auto-mac-address=2:8:20:f1:e4:b7 end
We now want to place the system configuration template (webzone-2-template.xml) we created earlier in a more convenient location. Fortunately, you can access a zone's file system while it is shut down:
root@global:~# pwd /root root@global:~# cp /zones/webzone-1/root/root/webzone-2-template.xml /zones root@global:~# ls /zones/webzone-2-template.xml /zones/webzone-2-template.xml
Step 3: Create webzone-2 by Cloning webzone-1
Next create webzone-2 using the modified configuration (by using zonecfg), and then perform the clone of webzone-1 (by using zoneadm). Remember to add the full path to the system config template. Note how quickly the clone is completed. (We can see this by prepending the time command to our zonecfg clone command.)
root@global:~# zonecfg -z webzone-2 -f /zones/webzone-2-profile root@global:/zones# time zoneadm -z webzone-2 clone -c /zones/webzone-2-template.xml webzone-1 A ZFS file system has been created for this zone. Progress being logged to /var/log/zones/zoneadm.20111029T193536Z.webzone-2.clone Log saved in non-global zone as /zones/webzone-2/root/var/log/zones/zoneadm.20111029T193536Z.webzone-2.clone real 0m13.269s user 0m1.740s sys 0m2.716s
The cloning of webzone-1 took only 13 seconds. In addition, because we used the clone command, we took advantage of a ZFS snapshot. Let's check the disk space taken by both webzone-1 and webzone-2, as shown in Listing 15.
root@global:/zones# zfs list | grep webzone rpool/zones/webzone-1 470M 843G 33K /zones/webzone-1 rpool/zones/webzone-1/rpool 470M 843G 31K /rpool rpool/zones/webzone-1/rpool/ROOT 470M 843G 31K legacy rpool/zones/webzone-1/rpool/ROOT/solaris 470M 843G 366M /zones/webzone-1/root rpool/zones/webzone-1/rpool/ROOT/solaris/var 97.8M 843G 57.9M /zones/webzone-1/root/var rpool/zones/webzone-1/rpool/export 96.5K 843G 32K /export rpool/zones/webzone-1/rpool/export/home 64.5K 843G 32K /export/home rpool/zones/webzone-1/rpool/export/home/fred 32.5K 843G 32.5K /export/home/fred rpool/zones/webzone-2 350K 843G 34K /zones/webzone-2 rpool/zones/webzone-2/rpool 316K 843G 31K /rpool rpool/zones/webzone-2/rpool/ROOT 295K 843G 31K legacy rpool/zones/webzone-2/rpool/ROOT/solaris-0 294K 843G 366M /zones/webzone-2/root rpool/zones/webzone-2/rpool/ROOT/solaris-0/var 39K 843G 57.9M /zones/webzone-2/root/var rpool/zones/webzone-2/rpool/export 3K 843G 32K /export rpool/zones/webzone-2/rpool/export/home 2K 843G 32K /export/home rpool/zones/webzone-2/rpool/export/home/fred 1K 843G 32.5K /export/home/fred
Even after we added the Apache Web server, webzone-1 is only 470 M. Even better, webzone-2, an exact copy of webzone-1, is only 350 K, providing a great savings on disk space.
Finally, boot webzone-2 and watch the console. Occasionally, you will see the system configuration being applied. You can see below that the host name has been set for us from the template.
root@global:~# zoneadm -z webzone-2 boot; zlogin -C webzone-2 [Connected to zone 'webzone-2' console] Hostname: unknown Unconfiguration failed for svc:/system/config-user:default Hostname: webzone-2 webzone-2 console login: ~. [Connection to zone 'webzone-2' console closed]
Remember to exit from the console using the "~." escape sequence.
Note that we now have a .xml template for webzone-2. We could very easily copy and edit this template to allow us to deploy a whole set of other Web zones just as quickly.
Now log in to webzone-2 and look for the Apache Web server package, as shown in Listing 16.
root@global:~# zlogin webzone-2
[Connected to zone 'webzone-2' pts/3]
Oracle Corporation SunOS 5.11 11.0 November 2011
root@webzone-2:~# pkg info /web/server/apache-22
Name: web/server/apache-22
Summary: Apache Web Server V2.2
Description: The Apache HTTP Server Version 2.2
Category: Web Services/Application and Web Servers
State: Installed
Publisher: solaris
Version: 2.2.20
Build Release: 5.11
Branch: 0.175.0.0.0.1.530
Packaging Date: Wed Oct 12 14:13:31 2011
Size: 9.24 MB
FMRI: pkg://solaris/web/server/apache-22@2.2.20,5.11-0.175.0.0.0.1.530:20111012T141331Z
As you can see, unlike before, when we created a zone from scratch, the Apache Web server package that we had to add to webzone-1 is here already. This cloning method is frequently used when a "master" zone is created with all the additional packages and configuration in place. The master zone is then simply cloned as new, similar environments are required.
We can also check that the IP address was applied correctly:
root@webzone-2:~# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 net0/v4 static duplicate 10.134.79.243/24 lo0/v6 static ok ::1/128 net0/v6 addrconf ok fe80::8:20ff:fe7a:7b0f/10
Note: The Oracle Solaris Automated Installer also provides a method for creating ready-made zones as part of the system install service.
Conclusion
In this article, we saw how to create, install, boot, and configure an Oracle Solaris Zone. We also saw how a ZFS data set is automatically created and how the networking is set up automatically for you. Finally, we saw how to add an application to an Oracle Solaris zone using IPS and then clone that zone.
For More Information
Here are some additional resources:
- Download Oracle Solaris 11
- Access Oracle Solaris 11 product documentation
- Access all Oracle Solaris 11 how-to guides
- Learn more with Oracle Solaris 11 training and support
- See Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management
- See "Introducing the Basics of Image Packaging System (IPS) on Oracle Solaris 11"
- See "How to Script Oracle Solaris 11 Zones Creation for a Network-In-a-Box Configuration"
- See "How to Configure Oracle Solaris 11 Using the
sysconfigCommand" - See the Oracle Solaris Observatory blog
- Check out Jeff Victor's blog
| Revision 1.0, 11/03/2011 |
Printer View