Re: [zones-discuss] Possible to use zones for hardening? Security?
Ian, I believe that you are correct in your comment about running VirtualBox in a zone. Why I haven't attempted it myself, I believe that VirtualBox will not work from a zone because VirtualBox needs to load kernel modules. here is an example: ultra20 /root 401 # modinfo | grep -i vbox 175 f85127f0a88 345 1 vboxnet (VirtualBox NetAdp 3.1.4r57640) 177 f8682000 24de8 344 1 vboxdrv (VirtualBox HostDrv 3.1.4r57640) 250 f89e2000 6a20 346 1 vboxflt (VirtualBox NetDrv 3.1.4r57640) 250 f89e2000 6a20 - 1 vboxflt (VirtualBox NetMod 3.1.4r57640) 251 f89e9000 4598 347 1 vboxusbmon (VirtualBox USBMon 3.1.4r57640) 252 f89ee000 6de8 348 1 vboxusb (VirtualBox USB 3.1.4r57640) ultra20 /root 402 # uname -a SunOS ultra20 5.11 snv_130 i86pc i386 i86pc ultra20 /root 403 # Jerry On 09/30/10 15:55, Ian Collins wrote: I don't think you can install VirtualBox in a zone. If you are using VirtualBox, you can use the same networking tricks to get isolation as you would use for a zone. ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Possible to use zones for hardening? Security?
I stand corrected. Thanks for the update Glenn. Jerry On 09/30/10 16:33, Glenn Faden wrote: VBox definitely works in zones. It installs a global zone SMF service, VBoxService, to take care of loading the kernel modules since this can't be done by a NGZ. see http://www.virtualbox.org/changeset/24240 --Glenn ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Centralized Zone Management Tool
Sorry to interrupt your discussion. when you are discussing Puppet, are you discussing this project http://projects.reductivelabs.com/projects/puppet or something else? thank you, Jerry Kemp On 07/10/09 07:17, Bryan Allen wrote: +-- | On 2009-07-10 04:52:59, Robert Gst??hl wrote: | | Date: Fri, 10 Jul 2009 04:52:59 PDT | From: Robert Gst??hl no-re...@opensolaris.org | To: zones-discuss@opensolaris.org | Subject: [zones-discuss] Centralized Zone Management Tool | | Hello World, | | I started to think about a centralized zone management utility / system. I know exactly one tool that does this, which is proprietary, expensive, complicated and has too much half baked features. xVM ops center doesn't do what I need either and is closed source too. | | It's time to scratch an itch. | | To further illustrate what I'm thinking about here some use cases: | | crud (create, read, update, delete) on zone configurations | state changes of zones (boot, halt, restart, ...) | migrate a zone from one host to another to build ha / desaster tolerant solutions | | administration of the underlying storage of a zone (san luns, isci, nfs, zfs, - you get the idea) is propably the toughest part, I guess keeping this out of scope in the first phase is a good idea ;) | | I'm eager to hear what you the opensolaris zone community thinks about such a tool, who would like to help me do a little initial design work in the inception phase. | | Thanks for your time and input. Regards Robert Puppet manages zones, ZFS, NFS, and you could write providers to do the rest. Puppet is free, well-written, and has a great dev team. It's also being incorporated into many other management projects (like Cobbler), so you could say it's either already or on its way to becoming an industry standard. The DR stuff would probably be non-trivial, though in my shop I just move the zone class to another host, boot it, it mounts the data via NFS or what have you, and I'm done. ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] troubleshooting zone boot issues - failed with exit code 32
I have a Sun T2000 running Solaris 10u2, all UFS file systems that has been in place for several months. This morning during a reboot, I had a zone that would not come back up. It failed to boot due to an inability to mount /svc with an error of failed with exit code 32. I did many Yahoo and Google searches and also looked at the most recent Solaris Containers - Resource Management and Solaris Zones guide that was just released this summer. I did see that several people has encountered this issue, but did not find any resolutions. Posted below are some specifics about the zone in question. tech3 is the global zone and tech10 is the zone with booting problems. The zoneadm that shows the error had to be recreated from memory as I needed to get a work-around in place and did not get a capture of the error, but the error code is accurate. Where can I research this error code in more detail? TIA, Jerry K - tech3 / 170 # uname -a SunOS tech3 5.10 Generic_118833-18 sun4v sparc SUNW,Sun-Fire-T200 tech3 / 171 # zonecfg -z tech10 info zonepath: /export/zones/tech10 autoboot: false pool: inherit-pkg-dir: dir: /lib inherit-pkg-dir: dir: /platform inherit-pkg-dir: dir: /sbin inherit-pkg-dir: dir: /usr fs: dir: /opt special: /dev/md/dsk/d71 raw: /dev/md/rdsk/d71 type: ufs options: [logging] fs: dir: /usr/local special: /dev/md/dsk/d70 raw: /dev/md/rdsk/d70 type: ufs options: [logging] fs: dir: /prod special: /dev/md/dsk/d72 raw: /dev/md/rdsk/d72 type: ufs options: [logging] fs: dir: /svc special: /dev/md/dsk/d73 raw: /dev/md/rdsk/d73 type: ufs options: [logging] net: address: 10.9.3.79 physical: ipge1 attr: name: comment type: string value: tech10 zone tech3 / 172 # tech3 / 173 # cat /etc/release Solaris 10 6/06 s10s_u2wos_09a SPARC Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Use is subject to license terms. Assembled 09 June 2006 tech3 / 174 # zoneadm -z tech10 boot zoneadm: zone 'tech10': /usr/lib/fs/dev/mount -o attrdir=/export/tech10/svc /svc /dev/md/dsk/d73 failed with exit code 32 zoneadm: zone 'tech10': call to zoneadmd failed tech3 / 175 # ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Creating a Virtualization Community Group
+1 keep them separated. Jerry Ellard Roush wrote: Hi, There is so much discussion in these areas that it would be most undesirable to combine these 3 different areas. Recommend that they be kept distinct. However, I do agree that there are topics that would appeal to all 3 areas. In such cases recommend that people send their comments to the 3 discussion aliases in a single email. Regards, Ellard ___ zones-discuss mailing list zones-discuss@opensolaris.org
