Re: [zones-discuss] Is it possible to determine from the zone as the global zone is called
Hi, i'm new here and i have a question: Is it possible to determine from the zone as the global zone is called? Is there a command in the zone like zoneadm list , which show me the name of the global-zone. I need it for a script in the zone. AFAIK, there is no standard way to do that. Some people create zones with a file containing the hostname of the global zone. Others might put that in oem-banner, or use sneep to put it in nvramrc, along with hardware serial numbers and such.http://wikis.sun.com/display/sneep/Home But none of those are a built-in solution. I like the idea of putting it in nvram better than putting it in a file, since if the zone is moved to another server, it should then show the new location without having to update a file. -- This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Branded zones and external hardware
hello, I would like to upgrade a Thumper we use as a staging server for backups form Solaris 10 to OpenSolaris. The backup application (NetVault) is only supported on Solaris. So my question is: can a branded Solaris 10 zone access the external tape vault? If so are there likely to be any issues with running an application like NetVault within a branded zone? Devices can be assigned to zones. With a disk, that could be a security issue (a corrupted filesystem could crash the whole system, for example). A tape probably wouldn't be as much of a threat, but that's not the same as saying it would be safe. In general, one should consider very carefully the security and reliability implications of assigning devices to zones. I don't know if anyone has used NetVault within a zone, let alone a branded zone. -- This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Branded zones and external hardware
Frank Batschulat (Home) frank.batschu...@sun.com wrote: the problem with exporting the tape device to a NGZ, which although not supported can be achived as you mention, is that there's no way to exclusive assign that particular tape device to a particular NGZ or to restrict access from the GZ or any other NGZ to that same tape device. that might become a problem if several different users try to use that tape from different NGZs or a NGZ and the GZ, that access may produce a somewhat questionable end result that care must be taken here when setting up such configuration. Where do you see a difference from many different users trying to access the same tape from the Global Zone? Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Branded zones and external hardware
On 08/05/10 07:03, joerg.schill...@fokus.fraunhofer.de wrote: Frank Batschulat (Home)frank.batschu...@sun.com wrote: the problem with exporting the tape device to a NGZ, which although not supported can be achived as you mention, is that there's no way to exclusive assign that particular tape device to a particular NGZ or to restrict access from the GZ or any other NGZ to that same tape device. that might become a problem if several different users try to use that tape from different NGZs or a NGZ and the GZ, that access may produce a somewhat questionable end result that care must be taken here when setting up such configuration. Where do you see a difference from many different users trying to access the same tape from the Global Zone? The difference is that in the global zone there is the possibility for applications to coordinate with each other because they have visibility into what each is doing, whereas in non-global zones there is no visibility from one zone to another. Jerry ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Zones on NFS
Hello Benr, I had read all the reply of your query posted on this blog. I have the same matching query with the others. As i had configured the non-global zone on nfs shared folder(nfsserver) and this shared folder is mapped onto another host(testzone). I am able to configured and see the status of non-global zone on both the hosts(nfsserver $ testzone). I sucessfully detach my test zone from nfsserver but not able to attached onto testzone as showing the error as zonepath is configured on nfs share folder, local file system must be configured. Please let me know, if you have any of solution for this problem as of this i am not able to attache the non-global zone onto my testzone box. Once it get attach then can make it boot and can be used. -- This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Branded zones and external hardware
On Thu, 05 Aug 2010 15:03:56 +0200, Joerg Schilling joerg.schill...@fokus.fraunhofer.de wrote: Frank Batschulat (Home) frank.batschu...@sun.com wrote: the problem with exporting the tape device to a NGZ, which although not supported can be achived as you mention, is that there's no way to exclusive assign that particular tape device to a particular NGZ or to restrict access from the GZ or any other NGZ to that same tape device. that might become a problem if several different users try to use that tape from different NGZs or a NGZ and the GZ, that access may produce a somewhat questionable end result that care must be taken here when setting up such configuration. Where do you see a difference from many different users trying to access the same tape from the Global Zone? technically there is no difference here. but from an administrative point of view there is. the zone administration (zones root) is often delegated to some other person(s) then the one administering the GZ. the zones root position may be fullfilled by an internal or external client of the entity that administers and own the GZ and the corresponding HW itself. one must just be more aware of the fact that there's no restricted access to such a tape device then in normal situations because its so easy to forgett that you've given away the tape device so some NGZ in the past. --- frankB ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Is it possible to determine from the zone as the global zone is called
One quick method that is mentioned frequently here and one we use very successfully is to create a readonly lofs to /etc/nodename. We add the following to all our zonecfgs add fs set dir=/etc/GLOBAL set special=/etc/nodename set type=lofs add options [ro, nodevices] end so when your in a ngz you can cat /etc/GLOBAL to get the global host name. On Thu, Aug 5, 2010 at 7:00 AM, Richard L. Hamilton rlha...@smart.netwrote: Hi, i'm new here and i have a question: Is it possible to determine from the zone as the global zone is called? Is there a command in the zone like zoneadm list , which show me the name of the global-zone. I need it for a script in the zone. AFAIK, there is no standard way to do that. Some people create zones with a file containing the hostname of the global zone. Others might put that in oem-banner, or use sneep to put it in nvramrc, along with hardware serial numbers and such.http://wikis.sun.com/display/sneep/Home But none of those are a built-in solution. I like the idea of putting it in nvram better than putting it in a file, since if the zone is moved to another server, it should then show the new location without having to update a file. -- This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Branded zones and external hardware
On 08/ 6/10 12:40 AM, Frank Batschulat (Home) wrote: On Thu, 05 Aug 2010 14:03:20 +0200, Richard L. Hamiltonrlha...@smart.net wrote: I would like to upgrade a Thumper we use as a staging server for backups form Solaris 10 to OpenSolaris. The backup application (NetVault) is only supported on Solaris. So my question is: can a branded Solaris 10 zone access the external tape vault? If so are there likely to be any issues with running an application like NetVault within a branded zone? Devices can be assigned to zones. With a disk, that could be a security issue (a corrupted filesystem could crash the whole system, for example). A tape probably wouldn't be as much of a threat, but that's not the same as saying it would be safe. In general, one should consider very carefully the security and reliability implications of assigning devices to zones. the problem with exporting the tape device to a NGZ, which although not supported can be achived as you mention, is that there's no way to exclusive assign that particular tape device to a particular NGZ or to restrict access from the GZ or any other NGZ to that same tape device. that might become a problem if several different users try to use that tape from different NGZs or a NGZ and the GZ, that access may produce a somewhat questionable end result that care must be taken here when setting up such configuration. NetVault will be the exclusive user of the tape unit, so we shouldn't have any issues with attempted multiple access. In some ways I would prefer to run it from a zone. All the other services currently sand-boxed in their own zones, so moving NetVault to a zone will make it the rule rather than the exception. -- Ian. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Zones on NFS
On 08/ 6/10 01:43 AM, Prasoon Bansal wrote: Hello Benr, I had read all the reply of your query posted on this blog. Which blog? Your post appears to be an orphan. I have the same matching query with the others. As i had configured the non-global zone on nfs shared folder(nfsserver) and this shared folder is mapped onto another host(testzone). I am able to configured and see the status of non-global zone on both the hosts(nfsserver $ testzone). I sucessfully detach my test zone from nfsserver but not able to attached onto testzone as showing the error as zonepath is configured on nfs share folder, local file system must be configured. You should copy the zoneroot to the new host. -- Ian. ___ zones-discuss mailing list zones-discuss@opensolaris.org
