[zones-discuss] Reconfig of existing Zone
After you create a zone, can you later set up CPU caps, numbers of CPU's, memory and any of the other parameters. Is there list of what cannot be change after its creation? Michael Barto Software Architect LogiQwest Inc. Email:mba...@logiqwest.com 16458 Bolsa Chica Street, # 15 Cell: 714 883 1949 Huntington Beach, CA 92649Fax: 714 840 3937 http://www.logiqwest.com/ inline: circle.gif ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] ?: configuration of a *running* zone
Note sure what you mean by "stable", but this is what we do for
q-Status. Also this run on both Global and local zones. CFGDIR should
be '.' the directory where you have this script. Set it up like this.
q-Status/bin/list.zones
q-Status/data/
The script will generate a file hostname.zones which is the
configuration of your zone. There may be more we need, but no one has
asked for it yet. What this will probably promote is some more
discussion and maybe someone else will add some more ideas.
--
#!/bin/sh
# Copyright LogiQwest 2007
# Name: CFGDIR/bin/list.zones
# Version 1.00:02 Nov 2005 created (David Schulz).
# Version 1.01:12 Apr 2006 Added zoneinfo output.
# Version 1.02:30 Oct 2006 Added creation of zpstat file.
# Version 2.00:10 Aug 2007 Updated for Rev5.
# Purpose: Reports zoneadm configuration information.
DIR=`/usr/bin/dirname $0`
CFGDIR=`/bin/cat $DIR/CFGDIR`
ZONE_ADM='/usr/sbin/zoneadm'
TMP='/tmp'
GLOBAL='FALSE'
if [ -f /usr/sbin/zoneadm ]; then
/usr/sbin/zoneadm list -vi ${CFGDIR}/data/`hostname`.zones
2$1
zones=`/usr/sbin/zoneadm list`
for zone in $zones
do
if [ $zone = 'global' ]; then
GLOBAL='TRUE'
echo "# GLOBAL
="
${CFGDIR}/data/`hostname`.zones
fi
done
if [ $GLOBAL = 'TRUE' ]; then
for zone in $zones
do
if [ $zone != 'NAME' ]; then
if [ $zone != 'global' ]; then
echo "ZONENAME=$zone"
${CFGDIR}/data/`hostname`.zones
/usr/sbin/zonecfg -z $zone info
${CFGDIR}/data/`hostname`.zones
fi
fi
done
/usr/bin/prstat -n 1 -Z 1 1
${CFGDIR}/data/`hostname`.zpstat
/usr/sbin/pooladm
${CFGDIR}/data/`hostname`.pooladm 21
fi
fi
If you are interested in seeing our tool, I will send you the
extraction script, you can send me back data and will post for you and
interactive server configuration analysis (up to 10 servers) on our
secure web site as a demo.
Steffen Weiberle wrote:
Is there a stable way of determining the configuration of a running zone?
zonecfg and /etc/zones/zonename.xml show the configuration that will
be used on the next boot, so if a change was made via zonecfg, the
current running instance may be different from what those report.
zoneadm does list ip-type and brand, but does not show anything else.
This includes limits, assigned interfaces for ip-type=exclusive, and
other things. some things can be gleaned relatively easily. Others may not.
Thanks,
Steffen
___
zones-discuss mailing list
zones-discuss@opensolaris.org
--
Michael Barto
Software Architect
LogiQwest
Inc.
16458 Bolsa Chica Street, # 15
Huntington Beach, CA92649
http://www.logiqwest.com/
[EMAIL PROTECTED]
Tel:714 377 3705
Fax:714 840 3937
Cell: 714 883 1949
'tis a gift to be
simple
This e-mail may contain
LogiQwest
proprietary information and should be treated as confidential.
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Re: [zones-discuss] How to configure network for zone?
You need to consider each zone to be an individual host with is own IP.
Share means it uses the same NIC card to connect to the internet. The
following is the RAW network output (ifconfig -a ) from the global zone
(dione) and comparing it with the same output for the local zone
(dione-dev) to show you what is going on. Note the "zone" parameter in
the output of the global zone, but it is missing in the local zone
ouput:
--
ifconfig:
lo0: flags=2001000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL
mtu 8232 index 1
inet 127.0.0.1 netmask ff00
lo0:1:
flags=2001000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL mtu
8232 index 1
zone dione-prod
inet 127.0.0.1 netmask ff00
lo0:2:
flags=2001000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL mtu
8232 index 1
zone dione-dev
inet 127.0.0.1 netmask ff00
eri0: flags=1000843UP,BROADCAST,RUNNING,MULTICAST,IPv4 mtu 1500
index 2
inet 172.166.11.202 netmask ff00 broadcast 172.166.11.255
ether 0:3:ba:14:c0:df
eri0:1: flags=1000843UP,BROADCAST,RUNNING,MULTICAST,IPv4 mtu
1500 index 2
zone dione-prod
inet 172.166.11.205 netmask ff00 broadcast 172.166.11.255
eri0:2:
flags=1000843UP,BROADCAST,RUNNING,MULTICAST,IPv4 mtu 1500 index
2
zone dione-dev
inet 172.166.11.206 netmask ff00 broadcast 172.166.11.255
eri0:3: flags=1000843UP,BROADCAST,RUNNING,MULTICAST,IPv4 mtu
1500 index 2
inet 172.166.11.208 netmask ff00 broadcast 255.255.255.255
This is the ouput from the local zone (dione-dev)
ifconfig:
lo0:2:
flags=2001000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL mtu
8232 index 1
inet 127.0.0.1 netmask ff00
eri0:2:
flags=1000843UP,BROADCAST,RUNNING,MULTICAST,IPv4 mtu 1500 index
2
inet 172.166.11.206 netmask ff00 broadcast 172.166.11.255
Hopefully this will make things clearer to you.
Ava Zhang wrote:
Hi all,
I followed the instruction "Q: How do I create a zone?" in
http://www.opensolaris.org/os/community/zones/faq/#sa_create,
created a
zone named zone1.
But zone1 can't boot, it is said some error about IP address. My system
is s10u5_b02 X86.
I want to use shared-IP mode to configure zone1, because I have only
one NIC.
Could you give me some hints to configure it?
Here is the detailed information about my system:
--
bash-3.00# cat /etc/release
Solaris 10 5/08 s10x_u5wos_02 X86
Copyright 2007 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 12 November 2007
bash-3.00# id
uid=0(root) gid=0(root)
bash-3.00# zonecfg -z zone1
zonecfg:zone1 info
zonename: zone1
zonepath: /zone/zone1
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
net:
address: 129.158.215.197 #Here
IP address is my global zone's IP.
physical: bge0
zonecfg:zone1
bash-3.00# zoneadm -z zone1 boot
zoneadm: zone 'zone1': bge0:1: could not bring network interface up:
address in
use by zone 'global': Cannot assign requested address
zoneadm: zone 'zone1': call to zoneadmd failed
bash-3.00#
--
Thanks
--Ava
___
zones-discuss mailing list
zones-discuss@opensolaris.org
--
Michael Barto
Software Architect
LogiQwest
Inc.
16458 Bolsa Chica Street, # 15
Huntington Beach, CA 92649
http://www.logiqwest.com/
[EMAIL PROTECTED]
Tel: 714 377 3705
Fax: 714 840 3937
Cell: 714 883 1949
'tis a gift to be
simple
This e-mail may contain
LogiQwest
proprietary information and should be treated as confidential.
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Re: [zones-discuss] Interfaces to automate zone system
Actually it is kind of there already. Put a command in /usr/bin in the global zone that displays the Global zone name. This shared file system it is available to the local zones. When you build a full zone, this command goes with it. The only issue is if you change the Global zone name on a system, the full zone will need to be updated. Very rare. See: http://www.logiqwest.com/dataCenter/Demos/RunBooks/Zones/listingGlobal.html My concern is this functionality is actually a security violation. Konstantin Gremliza wrote: Hi there, I have a question regarding zonemgr. We would like to use lofs to mount (ro) a file /etc/GLOBAL into the zones. It should contain the name of the global zone so anyone can easily find out, what system he is really on. Zonemgr 1.8 only supports directories for readonly lofs mounts: option -r Can it be changed to support files ? Thanks and regards, Konstantin ___ zones-discuss mailing list zones-discuss@opensolaris.org -- Michael Barto Software Architect LogiQwest Inc. 16458 Bolsa Chica Street, # 15 Huntington Beach, CA92649 http://www.logiqwest.com/ [EMAIL PROTECTED] Tel:714 377 3705 Fax:714 840 3937 Cell: 714 883 1949 'tis a gift to be simple This e-mail may contain LogiQwest proprietary information and should be treated as confidential. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] unable to rsh into zone2
Brendan Gregg, who contributes to this mailing list wrote a Perl program which he calls zcp. # USAGE: zcp file1 zonename:file2 # eg, # zcp /etc/syslog.conf workzone1:/tmp If you would like a copy, please let me know. [EMAIL PROTECTED] wrote: Does anyone know how to get rsh working on zone2? I can zlogin to both zone1 and zone2 ok. xc12p11-b1# zoneadm list -cv ID NAME STATUS PATH BRANDIP 0 global running/ native shared 6 xc12p11-b1-ce0-zone1 running/export/xc12p11-b1-ce0-zone1 native shared 12 xc12p11-b1-ce0-zone2 running/export/xc12p11-b1-ce0-zone2 native shared xc12p11-b1# rsh -l root xc12p11-b1-ce0-zone2 'date'- Not working xc12p11-b1-ce0-zone2: Connection refused xc12p11-b1# rsh -l root xc12p11-b1-ce0-zone1 'date' Wednesday, September 26, 2007 10:04:25 AM PDT xc12p11-b1# ping xc12p11-b1-ce0-zone1 xc12p11-b1-ce0-zone1 is alive xc12p11-b1# ping xc12p11-b1-ce0-zone2 xc12p11-b1-ce0-zone2 is alive xc12p11-b1# zlogin xc12p11-b1-ce0-zone1 [Connected to zone 'xc12p11-b1-ce0-zone1' pts/10] Last login: Wed Sep 26 10:08:05 from xc12p11-b1 Sun Microsystems Inc. SunOS 5.10 Generic January 2005 # hostname xc12p11-b1-ce0-zone1 # date Wed Sep 26 10:17:03 PDT 2007 # exit [Connection to zone 'xc12p11-b1-ce0-zone1' pts/10 closed] xc12p11-b1# zlogin xc12p11-b1-ce0-zone2 [Connected to zone 'xc12p11-b1-ce0-zone2' pts/10] Last login: Wed Sep 26 10:03:08 on pts/10 Sun Microsystems Inc. SunOS 5.10 Generic January 2005 # hostname xc12p11-b1-ce0-zone2 # date Wed Sep 26 10:17:14 PDT 2007 # exit [Connection to zone 'xc12p11-b1-ce0-zone2' pts/10 closed] Please reply directly to me as I am not on this alias. Thanks, Lana ___ zones-discuss mailing list zones-discuss@opensolaris.org -- Michael Barto Software Architect LogiQwest Inc. 16458 Bolsa Chica Street, # 15 Huntington Beach, CA92649 http://www.logiqwest.com/ [EMAIL PROTECTED] Tel:714 377 3705 Fax:714 840 3937 Cell: 714 883 1949 'tis a gift to be simple This e-mail may contain LogiQwest proprietary information and should be treated as confidential. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zonename
This question has been asked before. This is the trick we use:
Since the zone command /usr/sbin/zoneadm list -vi does not display the
name of the global zone when logged on to a local zone, we added to the
global zone OS filesystem in "/usr/bin" a script/command called
"zone-global-name". This script has the global zone name hard coded and
echoes its name. e.g.
#!/bin/sh
echo "global zone name"
Now every time we build a new local zone this command is copied or
shared with the local zone depending on the type of zone created. This
installs a command that will always show you the name of the global
zone when you are on logged on to the local zone.
Kind of a hack, but it works for us.
Boyd Adamson wrote:
"Sabri Ali" [EMAIL PROTECTED] writes:
Hello!
if i'm in a zone localy how do i know the zone global, with which command ??
Think's
This should probably be in the FAQ. It last came up about 2 weeks ago:
http://www.opensolaris.org/jive/thread.jspa?threadID=35960
Boyd
___
zones-discuss mailing list
zones-discuss@opensolaris.org
--
Michael Barto
Software Architect
LogiQwest
Inc.
16458 Bolsa Chica Street, # 15
Huntington Beach, CA92649
http://www.logiqwest.com/
[EMAIL PROTECTED]
Tel:714 377 3705
Fax:714 840 3937
Cell: 714 883 1949
'tis a gift to be
simple
This e-mail may contain
LogiQwest
proprietary information and should be treated as confidential.
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Re: [zones-discuss] how to find global-zone from zone
Since this seems to be a common question that has shown up on this list from time to time, I have added our method to our Solaris Zone RunBook which is free and posted it at: http://www.logiqwest.com/dataCenter/Demos/RunBooks/Zones/listingGlobal.html Hope this helps till Sun finally puts a real command in the OS. Remco Fugers wrote: Hi, I was wondering if it's possible to find out to which global zone a zone is related. (And not from Globalzone point of view!) It might happen (as a sysadmin) that you login to a zone but you need to perform maintenance in the global zone ( i.e. Veritas VM -stuff). Thanks in advance Remco ___ zones-discuss mailing list zones-discuss@opensolaris.org -- Michael Barto Software Architect LogiQwest Inc. 16458 Bolsa Chica Street, # 15 Huntington Beach, CA92649 http://www.logiqwest.com/ [EMAIL PROTECTED] Tel:714 377 3705 Fax:714 840 3937 Cell: 714 883 1949 'tis a gift to be simple This e-mail may contain LogiQwest proprietary information and should be treated as confidential. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Zones on Netra T1
I have built the same thing with one nic card, and have had no problems except it works great. I also have enable a third zone as a DNS server. Neal Miskin wrote: Hi All I have a Netra T1 with 2 onboard NIC's. I would like to install Solaris 10 and build two zones, one as a ftp server and one as a scp server. Is this possible or do I need an extra NIC for the global zone? Thanks Nelly Boy This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org -- Michael Barto Software Architect LogiQwest Inc. 16458 Bolsa Chica Street, # 15 Huntington Beach, CA92649 http://www.logiqwest.com/ [EMAIL PROTECTED] Tel:714 377 3705 Fax:714 840 3937 Cell: 714 883 1949 'tis a gift to be simple This e-mail may contain LogiQwest proprietary information and should be treated as confidential. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zonename-another idea
In regards to Sabri question again about wanting to identify at a login which is the Global zone the local zone belongs to. I started talking about this with our system admins and enclosed is a kind of a hack script to get around the issue we were having fun with. Many of us are building and destroying zone all the time. We kind of need this function without going to configuration monitoring. The idea is to set up an end of an execution process or procedure in update to any zone configuration to execute a script. This script makes the global information available to the local zone as long as that zone has been created as a small zone which shares the /usr/bin directory. This script write the information out to a file/command we call "zoneinfo" in the "shared" /usr/bin directory. The usr/bin directory is seen by both the global and local zones for small zone configurations. Hence when a user logs onto a local zone, they can find out associated global zone. Below is a script that should be run when any zone configuration is updated. Then the user can simply execute zoneinfo to get an answer. #!/usr/bin/sh HOSTNAME=`hostname` echo '#!/usr/bin/sh' /usr/bin/zoneinfo echo "echo \"" /usr/bin/zoneinfo echo "Global Zone is $HOSTNAME" /usr/bin/zoneinfo /usr/sbin/zoneadm list -vi /usr/bin/zoneinfo echo "\"" /usr/bin/zoneinfo chmod 777 /usr/bin/zoneinfo --- For a large zone where /usr/bin is not shared. Brendan Gregg from Sun wrote a Perl script called "zcp.pl". It duplicates rcp (remote copy) for zone. Instead of writing to the shared "/usr/bin" directory, his script is called to perform a remote copy. I was unable to located at his web site http://www.brendangregg.com/index.html the latest version of this script. If you can not get it from him by sending him email ([EMAIL PROTECTED]), let me know and I will forward you a copy. -- Michael Barto Software Architect LogiQwest Inc. 16458 Bolsa Chica Street, # 15 Huntington Beach, CA92649 http://www.logiqwest.com/ [EMAIL PROTECTED] Tel:714 377 3705 Fax:714 840 3937 Cell: 714 883 1949 'tis a gift to be simple This e-mail may contain LogiQwest proprietary information and should be treated as confidential. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] zonename
I used "/usr/sbin/zoneadm list -vi". If the global zone is listed with
the others, you are on the global zone. If you used it on a local zone
you will only see that zone.
# /usr/sbin/zoneadm list -vi
ID NAME STATUS PATH
0 global running /
2 rlogic running /zones/rlogic
3 utility running /zones/utility
Local Only:
# /usr/sbin/zoneadm list -vi
ID NAME STATUS PATH
2 lqweb running /
-bash-3.00#
Some other ideas to look at zone status, I have posted at :
http://www.logiqwest.com/dataCenter/Demos/RunBooks/Zones/zoneStatus.html
which are free to browse.
Hans Spaans wrote:
Hello!
if i'm in a zone localy how do i know the zone global, with which command
??
Think's
I'm not aware of a command, but I have seen two possible solutions. The
first one is using sneep since then you can see the hardware serial number
of the machine you're running on. This requires that your eeprom has been
set up correctly and you need to keep record of the zones.
The other requires some modification with zonecfg and you need to mount
/etc/nodename from the global zones with lofs (read-only) to /etc/chassis
in the non-global zone. This one should also work when you detach and
attach zones and move them to another box.
Some people prefer to go with extra records in DNS, but that solution
seems to be doomed since it requires extra maintenance to keep your DNS up
to date. That part always gets forgotten when time passes.
Hans
___
zones-discuss mailing list
zones-discuss@opensolaris.org
--
Michael Barto
Software Architect
LogiQwest
Inc.
16458 Bolsa Chica Street, # 15
Huntington Beach, CA92649
http://www.logiqwest.com/
[EMAIL PROTECTED]
Tel:714 377 3705
Fax:714 840 3937
Cell: 714 883 1949
'tis a gift to be
simple
This e-mail may contain
LogiQwest
proprietary information and should be treated as confidential.
___
zones-discuss mailing list
zones-discuss@opensolaris.org
[zones-discuss] DBI and DBD::mysql zone Install
Has anyone setup mysql with DBI and DBD::mysql using the gcc (sfw) compiler in a local zone and how did you get it to compile? Solaris 10 11/06 -- Michael Barto Software Architect LogiQwest Inc. 16458 Bolsa Chica Street, # 15 Huntington Beach, CA92649 http://www.logiqwest.com/ [EMAIL PROTECTED] Tel:714 377 3705 Fax:714 840 3937 Cell: 714 883 1949 'tis a gift to be simple This e-mail may contain LogiQwest proprietary information and should be treated as confidential. ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Question about Compatibility of using a Zpool with a Solaris Zone
Could someone tell me what the current limitation are now with using a ZFS file system with a Solaris Zones. At one time you could not put an OS in a ZFS file system. But could you out an entire zone in a ZFS file system? Has this changed lately? I would like to use the quota function in ZFS with a Solaris Zone for limiting upload. Is that possible?--and is the syntax for seting up the zone. We are talking Release 11/06 -- Michael Barto Software Architect LogiQwest Inc. 16458 Bolsa Chica Street, # 15 Huntington Beach, CA92649 http://www.logiqwest.com/ [EMAIL PROTECTED] Tel:714 377 3705 Fax:714 840 3937 Cell: 714 883 1949 'tis a gift to be simple This e-mail may contain LogiQwest proprietary information and should be treated as confidential. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] 3 questions about zones and containers
This question was asked:
2. if a zone pool shares out resources dynamically how do I correlate
that with my performance data? For example if a CPU were to be
'imported' by one zone from another, how do I know by looking at the
performance data?
It was suggestion to use poolstat. which supports an interval
and a count. Could an example output be provided showing how this is
interpreted?
Just a comment on some other ideas that might be useful. For validating
variable processes, log into the zone and verify that the number of
processor are indeed enabled by using the "psrinfo -vp",
workzone1# psrinfo -vp
The physical processor has 1 virtual processor (0)
x86 (AuthenticAMD family 15 model 5 step 1 clock 2193 MHz)
AMD Opteron(tm) Processor 248
The physical processor has 1 virtual processor (1)
x86 (AuthenticAMD family 15 model 5 step 1 clock 2193 MHz)
AMD Opteron(tm) Processor 248
The physical processor has 1 virtual processor (2)
x86 (AuthenticAMD family 15 model 5 step 1 clock 2193 MHz)
AMD Opteron(tm) Processor 248
workzone1#
Also prstat -Z -n 9,11 -R will produce a display that will
dynamicall change as processing is executed.
Use /usr/bin/prstat -Z. to show zone process status.
global# /usr/bin/prstat -Z
PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP
2008 root 4000K 1168K cpu513 28 0 0:02:11 3.7% cpuhog.pl/1
2018 root 4000K 1168K cpu1 32 0 0:02:11 3.7% cpuhog.pl/1
2015 root 4000K 1168K cpu515 30 0 0:02:13 3.6% cpuhog.pl/1
2020 root 4000K 1168K cpu3 29 0 0:02:13 3.6% cpuhog.pl/1
2010 root 4000K 1168K run 17 0 0:02:11 3.5% cpuhog.pl/1
2013 root 4000K 1168K run 28 0 0:02:11 3.5% cpuhog.pl/1
2005 root 4008K 2320K run 8 0 0:02:11 3.5% cpuhog.pl/1
2014 root 4000K 1168K cpu0 30 0 0:02:11 3.5% cpuhog.pl/1
2007 root 4000K 1168K run 20 0 0:02:11 3.5% cpuhog.pl/1
2016 root 4000K 1168K cpu512 28 0 0:02:12 3.5% cpuhog.pl/1
2021 root 4000K 1168K run 17 0 0:02:11 3.4% cpuhog.pl/1
2009 root 4000K 1168K run 14 0 0:02:14 3.3% cpuhog.pl/1
2012 root 4000K 1168K run 16 0 0:02:08 3.3% cpuhog.pl/1
2006 root 4000K 1304K run 18 0 0:02:13 3.3% cpuhog.pl/1
2017 root 4000K 1168K run 25 0 0:02:10 3.3% cpuhog.pl/1
ZONEID NPROC SIZE RSS MEMORY TIME CPU ZONE
2 51 182M 93M 0.5% 0:37:27 59% workzone1
4 51 182M 92M 0.5% 0:16:25 30% workzone2
3 51 183M 93M 0.5% 0:16:30 10% workzone3
0 61 359M 194M 1.1% 0:00:11 0.1% global
1 34 116M 72M 0.4% 0:00:12 0.0% workzone4
Total: 248 processes, 659 lwps, load averages: 51.19, 40.28, 20.52
control -C
global#
Jeff Victor wrote:
George Davis
wrote:
Zone/Container Gurus,
My customers' DBAs ask:
1. how do I collect historical performance data on a 'per zone' basis?
With extended accounting. See acctadm(1M) and docs.sun.com.
2. if a zone pool shares out resources
dynamically how do I correlate that with my performance data? For
example if a CPU were to be 'imported' by one zone from another, how do
I know by looking at the performance data?
poolstat(1M) tells you this.
3. is it still true that you need to reboot a
zone when adding a new disk?
Don't know.
--
Jeff VICTOR Sun Microsystems jeff.victor @
sun.com
OS Ambassador Sr. Technical Specialist
Solaris 10 Zones FAQ:
http://www.opensolaris.org/os/community/zones/faq
--
___
zones-discuss mailing list
zones-discuss@opensolaris.org
--
Michael Barto
Software Architect
LogiQwest
Inc.
16458 Bolsa Chica Street, # 15
Huntington Beach, CA92649
http://www.logiqwest.com/
[EMAIL PROTECTED]
Tel:714 377 3705
Fax:714 840 3937
Cell: 714 883 1949
'tis a gift to be
simple
This e-mail may contain
LogiQwest
proprietary information and should be treated as confidential.
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Re: [zones-discuss] zone management and security
This probably sacrilege, but some of these zone security issues might be better served with Secure Solaris, if the security requirements are this extreme (e.g . DOD). Adding complex security always add complex overhead. On the other hand locking out the global zone to all purposes and administrators except for managing zones (nothing else) creates less security overhead. Diving servers into manage sets (this group, that group, accounts payable, accounts receivable) instead of sharing between groups can also keep the security overhead low. Everyone things they can write programs to correct bad management instead of trying to correct bad management. Brian Kolaci wrote: IHAC that is looking to split out zone management roles. The zone administrator creates and manages the local zones however that person should not be able to see the data in the zone for security purposes. They should only be able to manipulate the resources assigned to the zone, as well as create/destroy zones. The issue that comes up is that zlogin automatically grants them unauthenticated root privileges in the zone. Console access should be fine since that is authenticated, however the default without -C gives them full access. So with the current scenario its an all or nothing proposition. I propose that zlogin be split into two different programs, one for console access and one for running programs and/or shell. A simple way to do this (and would be backward compatible) would be to create a hard link to zlogin, say 'zconsole' that when it is executed the program can test arg0 and automatically apply the -C functionality if it is called zconsole. This would allow better separation of duties and allow two different profiles in exec_attr to differentiate what zone administrators can do. Thanks, Brian ___ zones-discuss mailing list zones-discuss@opensolaris.org -- Michael Barto Software Architect LogiQwest Inc. 16458 Bolsa Chica Street, # 15 Huntington Beach, CA92649 http://www.logiqwest.com/ [EMAIL PROTECTED] Tel:714 377 3705 Fax:714 840 3937 Cell: 714 883 1949 'tis a gift to be simple This e-mail may contain LogiQwest proprietary information and should be treated as confidential. ___ zones-discuss mailing list zones-discuss@opensolaris.org
