Re: [zones-discuss] improved zones/RM integration
Mike, Mike Gerdts wrote: On 6/26/06, Gerald A. Jelinek [EMAIL PROTECTED] wrote: Attached is a description of a project we have been refining for a while now. The idea is to improve the integration of zones with some of the existing resource management features in Solaris. In the proposal you say: As part of this overall project, we will be enhancing the internal rcapd rss accounting so that rcapd will have a more accurate measurement of the overall rss for each zone. Does this spill over to prstat such that there may finally be a fix for: 4754856 prstat -atJTZ should count shared segments only once Yes, we are addressing this bug as part of this work. prstat will be able to report an accurate rss number for processes, users, projects and tasks as well as zones. prstat and rcapd will use the same, new underlying rss counting code we have developed. Jerry ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] improved zones/RM integration
Jerry Jelinek wrote: Mike, Mike Gerdts wrote: In the proposal you say: As part of this overall project, we will be enhancing the internal rcapd rss accounting so that rcapd will have a more accurate measurement of the overall rss for each zone. Does this spill over to prstat such that there may finally be a fix for: 4754856 prstat -atJTZ should count shared segments only once Yes, we are addressing this bug as part of this work. prstat will be able to report an accurate rss number for processes, users, projects and tasks as well as zones. prstat and rcapd will use the same, new underlying rss counting code we have developed. Just curious: which process(es) gets billed for shared text pages? -- Jeff VICTOR Sun Microsystemsjeff.victor @ sun.com OS AmbassadorSr. Technical Specialist Solaris 10 Zones FAQ:http://www.opensolaris.org/os/community/zones/faq -- ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] What is the proceess to change the physical net to an already working zone?
Title: Ian Matchett I am running a zone bge0:1 10.12.13.14 I have added a new physical interface bge1 How do I move a zone to use bge1:1 10.12.13.14 IanM -- Ian Matchett Sun Microsystems Burlington MA 01803 USA Phone x22043 781-442-2043 Email Mobile 413 237 6599 Vtext Webservice SMS Email Map and Hotels ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] What is the proceess to change the physical net to an already working zone?
Ian Matchett writes: How do I move a zone to usebr br bge1:1 /10.12.13.14br Two methods: change the entry in zonecfg and restart the zone, or unplumb the alias and plumb up a new one from the global zone. The first case: # zonecfg -z test zonecfg:test select net physical=bge0 zonecfg:test:net set physical=bge1 zonecfg:test:net end zonecfg:test verify zonecfg:test commit zonecfg:test exit # zoneadm -z test reboot The second case: # ifconfig bge0:1 unplumb # ifconfig bge1:1 10.12.13.14 netmask + broadcast + zone test up -- James Carlson, KISS Network[EMAIL PROTECTED] Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] What is the proceess to change the physical net to an already working zone?
zonecfg -z test zonecfg:test add net zonecfg:test:net set physical=bge1 zonecfg:test:net set address=10.12.13.14 zonecfg:test:net info net: address: 10.12.13.14 physical: bge1 zonecfg:test:net end zonecfg:test remove net physical=bge0 I think that should work. On 11/2/06, Ian Matchett [EMAIL PROTECTED] wrote: I am running a zone bge0:1 10.12.13.14 I have added a new physical interface bge1 How do I move a zone to use bge1:1 10.12.13.14 IanM -- Ian Matchett Sun Microsystems Burlington MA 01803 USA Phone x22043 781-442-2043 Email Mobile 413 237 6599 Vtext Webservice SMS Email Map and Hotels ___zones-discuss mailing listzones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Mounting disk from local zone after failover
Hi, Customer is having trouble mounting a disk from local zone after zone resource group is failed over to another node. disk can be mounted from local zone on primary node. disk can be mounted from global zone on either node A or B. Here are the details: - a pair of e2900's with Solaris 10 and SunCluster 3.1 installed, server names are prs179 and prs180 - see attachement 1 for SunCluster scstat output - two zones were created each with its own shared XP SAN disk as a whole disk boot disk, zone names are prsgdmsz01 and prsgdmsz02 - both zones exhibit the same problem so I'll just use prsgdmsz02 as the example to work this case - see attachment 2 for the prsgdmsz02 zone configs on prs179 - see attachment 3 for the prsgdmsz02 zone configs on prs180 - the SunCluster resource group for prsgdmsz02 is appZONE02rg1 - SunCluster scswitch can successfully move appZONE02rg1 to either prs179 or prs180 thereby booting the zone on either server. - attachment 1 shows appZONE02rg1 (zone prsgdmsz02) running on prs179 - attachment 4 shows appZONE02rg1 (zone prsgdmsz02) running on prs180 - attachment 5 shows the dsk/rdsk device info from prs179 for a disk to be made available within prsgdmsz02 and also shows that the disk can be mounted within the global zone on prs179 and within the local prsgdmsz02 zone when running on prs179 - attachment 6 shows the same device info for the same SAN disk from prs180 and also that the disk can be mounted within the global zone on prs180 but cannot be mounted within the local prsgdmsz02 zone when running on prs180 Let me know what else you might want to see. Thanks. Rich prs179 # scstat -- -- Cluster Nodes -- Node name Status - -- Cluster node: prs179 Online Cluster node: prs180 Online -- -- Cluster Transport Paths -- Endpoint Endpoint Status -- Transport path: prs179:ce1 prs180:ce3 Path online Transport path: prs179:ce3 prs180:ce1 Path online -- -- Quorum Summary -- Quorum votes possible: 3 Quorum votes needed:2 Quorum votes present: 3 -- Quorum Votes by Node -- Node Name Present Possible Status - --- -- Node votes: prs179 11 Online Node votes: prs180 11 Online -- Quorum Votes by Device -- Device Name Present Possible Status --- --- -- Device votes: /dev/did/rdsk/d8s2 11 Online -- -- Device Group Servers -- Device GroupPrimary Secondary --- - Device group servers: vgZONE01prs179 prs180 Device group servers: vgZONE02prs179 prs180 -- Device Group Status -- Device GroupStatus -- Device group status:vgZONE01Online Device group status:vgZONE02Online -- Multi-owner Device Groups -- Device GroupOnline Status - -- -- Resource Groups and Resources -- Group Name Resources -- - Resources: appZONE01rg1zone01-storplus-res zone01-boot-res Resources: appZONE02rg1zone02-storplus-res zone02-boot-res -- Resource Groups -- Group Name Node Name State -- - - Group: appZONE01rg1prs179 Online Group: appZONE01rg1prs180 Offline Group: appZONE02rg1prs179 Online Group: appZONE02rg1prs180 Offline -- Resources -- Resource Name Node Name State Status Message - - - -- Resource: zone01-storplus-res prs179 OnlineOnline Resource: zone01-storplus-res prs180 Offline Offline Resource: zone01-boot-res prs179 OnlineOnline Resource: zone01-boot-res prs180 Offline Offline
Re: [zones-discuss] Re: PSARC/2006/598 Swap resource control; locked memory RM improvements
I'm not sure it is within the domain of this case to to tell admins what they should and shouldn't use the global zone for. In any event, we are making it easy for admins to manage swap limits for zones via zonecfg. On Tue, Oct 31, 2006 at 05:58:24PM -0800, Michael Barto wrote: After all thus juggling, let make it simple for the system admin and use some sort of fair share process to assignment and manage the swap for all the zones. Personally I think that the global zone should use minimum resources and be considered in the IT management processes to be only like a system controller on a complex server. Keep your applications out of the global zone!!! Gary Winiger wrote: This will not help root logins directly, but could by setting: usermod -K project=system root Or perhaps deliver root's entry this way to start with. Would that be a reasonable change to make via patch? Perhaps this change could be delivered to nevada, but not backported. It would be confusing to deliver this change, and also deliver the user.root project. If we made root's default project system, then the user.root project should be removed. user.root is kind of a bug anyhow, as SMF does not run root services in user.root. Currently, only root processes spawned by login/pam run in user.root. Perhaps this issue should be run as a seperate fasttrack? I need to investigate the implementation impact. I'm looking for this case to define how to preserve the current model of unlimited unless one asks for a limit model in the global zone. I believe it is important from a system integrity and maintenance perspective. Other's may have different opinions. If there is a compelling reason to deliver in phases, please discuss that. The global zone will have no swap limit by default. The default zone.max-swap rctl delivered on the global zone is UINT64_MAX, which is essentially unlimited. Is that what you mean? My point(s) here is not so much how things get done, but that the global zone is in some ways special. IIRC, before this project, the GZ doesn't have a swap limit. After this project an administrator could set swap limit on the GZ. Granted this is administrative action and they get what they deserve/ask for. However, it seemed to me that part of this case should (my judgement) include some way to override the limit in case override is really desired. As implied, perhaps by putting root into project 0 at login or as part of daemon/service start is a way to bypass the administrator's choice in the GZ for some processes. What I didn't see as part of this case is the architecture to allow this bypass. Perhaps I'm off base for thinking it's necessary to protect against inadvertantly not being able to administer the system from the GZ. Gary.. ___ zones-discuss mailing list zones-discuss@opensolaris.org -- *Michael Barto* Software Architect LogiQwest Circle LogiQwest Inc. 16458 Bolsa Chica Street, # 15 Huntington Beach, CA 92649 http://www.logiqwest.com/ [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Tel: 714 377 3705 Fax: 714 840 3937 Cell: 714 883 1949 *'tis a gift to be simple* This e-mail may contain LogiQwest proprietary information and should be treated as confidential. ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Re: PSARC/2006/598 Swap resource control; locked memory RM improvements
Given a lack of supportive feedback, I'm going to revoke the proposed amendment below. To mitigate a zone admin setting a problematic swap limit on the global zone, we will enhance zonecfg to: 1. Print a warning when setting swap (and lwp) limits on the global zone. Since the swap limit will not go into effect until reboot, the admin has a change to modify his setting before it takes affect. 2. Enforce a reasonable minimum when setting swap (and lwp) limits on the global zone. Currently, the rctl framework provides many mechanisms by which the admin can make the system difficult to manage. For instance, setting task.max-lwps on project user.root can prevent root login. If we want to make changes to prevent admins from resource-controlling their way out of the box, I think we need a broader case to address the whole problem. -Steve On Tue, Oct 31, 2006 at 03:24:18PM -0800, Steve Lawrence wrote: I'm looking for this case to define how to preserve the current model of unlimited unless one asks for a limit model in the global zone. I believe it is important from a system integrity and maintenance perspective. Other's may have different opinions. If there is a compelling reason to deliver in phases, please discuss that. The global zone will have no swap limit by default. The default zone.max-swap rctl delivered on the global zone is UINT64_MAX, which is essentially unlimited. Is that what you mean? My point(s) here is not so much how things get done, but that the global zone is in some ways special. IIRC, before this project, the GZ doesn't have a swap limit. After this project an administrator could set swap limit on the GZ. Granted this is administrative action and they get what they deserve/ask for. However, it seemed to me that part of this case should (my judgement) include some way to override the limit in case override is really desired. As implied, perhaps by putting root into project 0 at login or as part of daemon/service start is a way to bypass the administrator's choice in the GZ for some processes. What I didn't see as part of this case is the architecture to allow this bypass. Perhaps I'm off base for thinking it's necessary to protect against inadvertantly not being able to administer the system from the GZ. It seems reasonable to amend this case to say: 1. Any process with priv_sys_resource running in the global zone's system project (project 0) will not subject to project.* or zone.* resource controls. System daemons which wish to be subject to the global zone's resource controls can drop priv_sys_resource. 2. The user.root project will be removed, and root's default project will be set to the system project via /etc/user_attr. I'm not sure if (2) can be delivered via patch. I need some guidance here. I'm also not sure how implementable (1) is until I do more investigation. -Steve Gary.. ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] re: [networking-discuss] Re: [crossbow-discuss] Design review of IP Instances part of Crossbow
With regard to the third bullet, please see my concerns above about the introduction of list -l. I think this should be part of a general zone status/health facility or perhaps something that dladm(1M) can print about the link names and how their assignment zone-wise. Displaying the zone with dladm show-link seems a nice approach to me. -- meem ___ zones-discuss mailing list zones-discuss@opensolaris.org