[zones-discuss] Re: ZoneMgr Survey: 2pkg or not 2pkg... that is the
Good timing and this kind of feedback is appropriate for the alias. I've been thinking about this since my last feature submission. While modifying the script, I've realized that it's become too big for its own britches. I'm not sure that breaking out "artifacts" from business logic is granular enough. Perhaps we should consider some very simple plugin architecture enabling more effective parallel development. We would have to put some thought on module granularity, but I can see brandz logic in one script, post-zone config in another script, actual zone creation in another, with some main control logic script (zonemgr itself). This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: Re: Re: guidance for beginner
However, there a good shot you can run those RH 3.8 services in zones natively (depending on the service). FWIW, I am working with customers running many more than 5 zones on a T2K. John Clingan Sun Microsystems Sent from mobile phone. -Original Message- From: Jeff Victor <[EMAIL PROTECTED]> Subj: Re: [zones-discuss] Re: Re: Re: guidance for beginner Date: Wed Feb 14, 2007 3:46 pm Size: 1K To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> cc: zones-discuss@opensolaris.org [EMAIL PROTECTED] wrote: > Excellent results were obtained! managed to create 5 zones on on T2k and > another 4 on a 2nd T2k. Error msgs (as described) on one, no error messages > on the other. And all the zones behaved perfectly. Gratifying. Thanx to > everyone who contributed... > > It seems there is a plan to add some dedicated RH AS 3.8 boxes to the > network, but I see from the zonemgr docs that it is possible to create some > virtual Centos machines, on a T2k. What would we the fastest way to do > this? I do have a CentOS-3.8-server-i386.iso to hand. Can I use that > somehow? Well, you might have a problem there, seeing that the iso image has binaries for an x86/x64 computer and the T2k isn't. ;-) -- Jeff VICTOR Sun Microsystemsjeff.victor @ sun.com OS AmbassadorSr. Technical Specialist Solaris 10 Zones FAQ:http://www.opensolaris.org/os/community/zones/faq -- ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Recommendations for utilizing global zones
In addition, if you can run that ssh service in the global zone on an interface on an "admin network". I try to give the global zone an interface on the admin network only with public interfaces reserved for non-global zones only. John Clingan Sun Microsystems Sent from mobile phone. -Original Message- From: Brad Diggs <[EMAIL PROTECTED]> Subj: Re: [zones-discuss] Recommendations for utilizing global zones Date: Wed Feb 14, 2007 2:10 pm Size: 2K To: Brad Bowling <[EMAIL PROTECTED]> cc: zones-discuss@opensolaris.org The biggest problem with running a service in the global zone is that if compromised, it may be used to get privileged access to the non-global zones as well. IMHO if you plan to deploy non-global zones you are best off (from a security perspective) to run only the minimum necessary services (ssh) and install only the minimum number of software packages in the global zone. My global zone typically only runs ssh and has less than 200 packages. If a non-global zones require SUNW packages, then I make the non-global zone a whole root zone (e.g. don't read-only mount/inherit /usr, /lib, /sbin, and /platform from the global zone). Otherwise I just create sparse root zones. The biggest problem with this methodology is that you have to manually determine the package dependencies when installing SUNW packages in your non-global zone. One day Sun will resolve this issue and get package dependencies automagicly resolved like apt/yum/pkg-get works today. Until then its still a manual process. Having said that, the software/service that you may want to run may be available via the Blastwave package repository. In that case install a sparse zone and use pkg-get to install the desired software from blastwave.org. On this topic, I have made it very convenient in the Zone Manager to install any Blastwave package with -G when creating or modifying a non-global zone. For example, you can create and install a sparse root non-global zone called z1 and install mysql5 from Blastwave with the following command: # zonemgr -a add -n z1 -z /zones -P pw \ -I â192.168.0.10|hme0|24|z1â -G mysql5 \ -C /etc/nsswitch.conf -C /etc/resolv.conf More info on the Zone Manager available here: http://opensolaris.org/os/project/zonemgr/ Regards, Brad On Wed, 2007-02-14 at 12:36 -0800, Brad Bowling wrote: > Are there any pros/cons to using a global zone to host a service/app > just as you do on the local zones (i.e. the global zone serves as just > another host with the added responsibility of managing local zones)? > Are there any pros/cons to using the global zone only as an > administrative zone, serving no other purpose but to manage local > zones? > ___ > zones-discuss mailing list > zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [zfs-discuss] Downsides to zone roots on ZFS?
Do you know which nevada build that will be? Thanks! John Clingan Sun Microsystems Sent from mobile phone. -Original Message- From: Lori Alt <[EMAIL PROTECTED]> Subj: Re: [zones-discuss] Re: [zfs-discuss] Downsides to zone roots on ZFS? Date: Wed Feb 7, 2007 2:51 pm Size: 1K To: Jerry Jelinek <[EMAIL PROTECTED]> cc: ZFS discussion list ; John Clingan <[EMAIL PROTECTED]>; Zones discussion list Jerry Jelinek wrote: > John Clingan wrote: >>> This is incorrect. All S10 updates have supported upgrading systems >>> with zones. I believe what you are thinking of is that live-upgrade >>> does not support upgrading systems with zones. This is being >>> fixed in the next S10 update. It is already fixed in nevada. >>> >> Which Nevada build? > > The install code changes look like they were integrated into b53. Some > of the zones support that was needed had been integrated earlier. > The bug is 6264796. > >> When will zone roots on ZFS be supported by live upgrade? > > I don't know. Asking the install team would be your best bet. Zone roots on ZFS will definitely be supported by liveupgrade at the time that zfs as a root file system is supported, currently planned for Update 5. There is a possibility that liveupgrade for zone roots on ZFS will be supported earlier than Update 5, if it can be released as a bug fix. Lori ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: [zfs-discuss] Downsides to zone roots on ZFS?
Jerry Jelinek wrote: Rich, Rich Teer wrote: Hi all, Last time I checked, having one's zone roots (zonepaths) on ZFS file systems was not a recommended practice, despite the fact that this works. IIRC, the problem was that the upgrade code didn't grok zfs and would therefore get terribly confused should the zone roots reside on ZFS. However, given that S10 11/06 doesn't support upgrading of zones anyway (even if they reside on UFS file systems), is this point moot? (Or is that applicable to live upgrade only?) This is incorrect. All S10 updates have supported upgrading systems with zones. I believe what you are thinking of is that live-upgrade does not support upgrading systems with zones. This is being fixed in the next S10 update. It is already fixed in nevada. Which Nevada build? More succinctly: apart from not being able to upgrade (presumably an initial reinstall will be required), what are the reasons for NOT hosting zone roots on ZFS? That is the only real reason. The only other reason I know of is fairly obscure. The patch tools don't know about zfs so they can miscalculate space when you have a set of zones, each on their own zfs dataset, but in the same zpool. If you were really tight on space, the patch process might fail partway through as a result. This is probably not an issue for most people but is the only other one I know of. When will zone roots on ZFS be supported by live upgrade? Jerry ___ zones-discuss mailing list zones-discuss@opensolaris.org Thanks! ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Several zonepaths on a single slice
That's where you want to use zfs datasets. Push a dataset to each zone and mount zone-local bits, data and logs to filesystems created from that dataset. You can specify a quota per filesystem. John Clingan Sun Microsystems Sent from mobile phone. -Original Message- From: Wee Yeh Tan <[EMAIL PROTECTED]> Subj: Re: [zones-discuss] Several zonepaths on a single slice Date: Tue Feb 6, 2007 7:00 pm Size: 1006 bytes To: [EMAIL PROTECTED] cc: zones-discuss@opensolaris.org On 2/7/07, Paul Davis <[EMAIL PROTECTED]> wrote: > I have a proposed config on T2000 that will use the HW RAID to mirror > the internal disks. So with a limited number of physical slices on the > internal disks, we are looking at having several zones sharing a single > partition for their zonepaths, like all under /export/zones > > /export/zones/zone1 > /export/zones/zone2 > /export/zones/zone... > > SVM with soft partitions is not an option and there will be no SAN > attached storage to mount small slices for zonepaths. Other than the > obvious issue of zones sharing a single partition (disk slice), are > there any other concerns with this configuration? Yes. Running out of space on 1 zone will affect all other zones on the same slice. We ran into problems with this config because we cannot guarantee that we do not have a rogue zone. -- Just me, Wire ... ___ zones-discuss mailing list zones-discuss@opensolaris.org --- message truncated --- ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: guidance for beginner
However, generally speaking, zfs datasets can be configured for a zone from the global zone. Example: The global zone admin can create a 5GB dataset and assign it to a zone. The zone administrator can then create and mount filesystems, each with its own quota, from that ZFS dataset. Assign each user their one ZFS-based filesystem. This is an easy and lightweight thing to do in ZFS. Brad Diggs wrote: Hello Tony, The usage that you specified below will place your zone root in /zones/m1. At this point in time there is no storage containment management within zonemgr for the non-global root mount point. (e.g. /zones/m1) If you wish to limit the storage of that mount point to 5GB then you will need to do that in the global zone. Also note that at the present time Solaris does not support non-global zone root being put on a ZFS filesystem. Thus /zones/m1 should be some other filesystem type such as UFS. With regards to directory inheritance, zonemgr by default creates a sparse root zone. This means that the default system directories (/lib, /usr, /sbin, and /platform) are inherited from the global zone. With regards to packaging, for both sparse and whole root (e.g. no directories inherited) the non-global zone will contain all packages that are present in the global zone. If the application to which you refer is installed in the global zone via pkgadd, then the application bits will also be installed in each non-global zone. Data and configuration of the application in the global zone however will not be installed/copied into the non-global zone. Hope that helps! Brad On Mon, 2007-02-05 at 03:37 -0800, [EMAIL PROTECTED] wrote: Thanks - had a look round the docs - quite a lot of stuff on resource management - but i get the general idea. zonemgr -a add -n m1 -z \"/zones\" -P \"abc123\" \\ -I \"192.168.0.10|hme0|24|myzonehost\" I want to do this for 4 zones per box - dont think I need to deal with resource mangement plenty available. Intend to use sysidcfg for config. I am not clear on what the non-root zones will inherit - there is already a single application installed on each box (in a separete slice) - on this occasion I dont want this included in the non-root zones. I think that by default (ie above) only Solaris will be copied over (?). How does the size of the non-root zone's slices get specified BTW. I only need 5 GB in total for each user - (oh dear that sounds a bit like resource management ;-) TIA Tony This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Strange phenomenon with zones
Did you log in to the zone's console and answer the questions? (zlogin -C zone_name). Regardless, I have never had a zone hang on a "ps", even before sysidtool completes Ian Brown wrote: Hello, I have this strange phenomenon with zones : I create a zone with zonecfg, than , with zoneadm, I install it and boot it. When I try , after these stages, "ps -ef", everything is OK (namely I see all processes as I should). BUT: than I ran "zlogin myZone", and then : from the global zone : ps -ef hangs after displaying some processes (the last is sched). and then it hangs. It does NOT return to the prompt even when I wait for more than 10 minutes. (btw, ps -ef from the global zone works ok). I want to add that NFS services do NOT run on this machine (namely, svcs | grep nfs returns nothing) because i know that sometimes this can cause troubles. Also i want to add that I do it from ssh , but I don't think this is important. More info: The configuration of the zone is minimal. Here is what " zonecfg -z myzone info" returns: zonename: myzone zonepath: /export/home/myzone brand: native autoboot: false bootargs: pool: pool_default limitpriv: default,sys_time inherit-pkg-dir: dir: /lib inherit-pkg-dir: dir: /platform inherit-pkg-dir: dir: /sbin inherit-pkg-dir: dir: /usr fs: dir: /usr/local special: /opt/local raw not specified type: lofs options: [] Any ideas? Regads, Ian This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] New zone, sysidtool:net isn't starting
Learn something new every day. I didn't know that and thanks for the clarification. Your suggestion of introducing a "whole root zone" makes should be revisited. Not because of lazy typists but because of incorrect assumptions folks (like me) might make. [EMAIL PROTECTED] wrote: FYI, you can also use "create -b" (blank) so you don't have to run remove-pkg-dir 4 times. Actually, the documented way to create a whole-root zone *is* to remove the default inherit-pkg-dir resources. The reason for this is "create -b" says to use a blank template - namely, no properties set and no resources defined. It doesn't mean "create a whole-root zone" and in the future, an empty template might not be the same as a whole-root zone. During the development of the project I suggested we introduce something like "create -w" or "create -t SUNWwhole" ;-) and perhaps it's time to consider that again. dsc ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] New zone, sysidtool:net isn't starting
FYI, you can also use "create -b" (blank) so you don't have to run remove-pkg-dir 4 times. John Clingan Sun Microsystems Sent from mobile phone. -Original Message- From: Tim Cook <[EMAIL PROTECTED]> Subj: [zones-discuss] New zone, sysidtool:net isn't starting Date: Mon Jan 29, 2007 4:07 pm Size: 2K To: zones-discuss@opensolaris.org So I started by doing the following to create a zone. The zone resides on a zfs pool. This is the first zone on this system: # zonecfg -z z1 z1: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:z1> create zonecfg:z1> remove inherit-pkg-dir dir=/sbin zonecfg:z1> remove inherit-pkg-dir dir=/usr zonecfg:z1> remove inherit-pkg-dir dir=/platform zonecfg:z1> remove inherit-pkg-dir dir=/lib zonecfg:z1> set autoboot=true zonecfg:z1> set zonepath=/tank/z1 zonecfg:z1> add net zonecfg:z1:net> set address=192.168.2.201 zonecfg:z1:net> set physical=hme0 zonecfg:z1:net> end zonecfg:z1> verify zonecfg:z1> commit zonecfg:z1> exit # zoneadm -z z1 verify # zoneadm -z z1 install # zoneadm -z z1 boot So, I've got the following output from svcs -xv, and the logs themselves show absolutely nothing as far as errors are concerned: # svcs -xv svc:/system/sysidtool:net (sysidtool) State: offline since Mon Jan 29 14:57:58 2007 Reason: Start method is running. See: http://sun.com/msg/SMF-8000-C4 See: man -M /usr/man -s 1M sysidtool See: /var/svc/log/system-sysidtool:net.log Impact: 18 dependent services are not running: svc:/system/sysidtool:system svc:/milestone/sysconfig:default svc:/milestone/multi-user:default svc:/system/webconsole:console svc:/application/graphical-login/cde-login:default svc:/milestone/multi-user-server:default svc:/application/cde-printinfo:default svc:/system/system-log:default svc:/network/smtp:sendmail svc:/system/utmp:default svc:/system/console-login:default svc:/network/ssh:default svc:/network/inetd:default svc:/application/management/wbem:default svc:/system/sac:default svc:/system/postrun:default svc:/network/rpc/bind:default svc:/system/filesystem/autofs:default svc:/network/rpc/smserver:default (removable media management) State: uninitialized since Mon Jan 29 14:55:04 2007 Reason: Restarter svc:/network/inetd:default is not running. See: http://sun.com/msg/SMF-8000-5H See: man -M /usr/share/man -s 1M rpc.smserverd Impact: 1 dependent service is not running: svc:/milestone/multi-user-server:default svc:/system/dbus:default (D-BUS message bus) State: maintenance since Mon Jan 29 14:57:59 2007 Reason: Start method exited with $SMF_EXIT_ERR_FATAL. See: http://sun.com/msg/SMF-8000-KS See: man -M /usr/man -s 1M dbus See: /var/svc/log/system-dbus:default.log Impact: This service is not running. # exit Help??? What did I do wrong here? This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Fwd: Zones and SNMP
Andy, you can monitor applications in local zones as you would a global zone. I am doing just this with the Sun Web Server 6.1. On the server side is the Web Server Master Agent at the moment, with the Halcyon Sun Management Center plugin on the server side. Andy Dishong wrote: --- Andrew Dishong Solutions Architect Sun Client Services - JPMorgan Account Team Email: [EMAIL PROTECTED] Access Line: 877.226.8297 Cell: 303-808-5884 Text Page: [EMAIL PROTECTED] Personal WebPage: http://webhome.central/adishong Subject: Zones and SNMP From: Andy Dishong <[EMAIL PROTECTED]> Date: Tue, 23 Jan 2007 11:19:38 -0500 To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Trying to find details on SNMP usage in a local zone, does anyone have any pointers? We want to be able to provide SNMP traps to a 3rd party monitoring and/or perforamance agent. If anyone has anything please let me knoa ASAP it is important I get this info right away, thanks Andy --- Andrew Dishong Solutions Architect Sun Client Services - JPMorgan Account Team Email: [EMAIL PROTECTED] Access Line: 877.226.8297 Cell: 303-808-5884 Text Page: [EMAIL PROTECTED] Personal WebPage: http://webhome.central/adishong ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: zonemgr -s syntax
If we had used ksh, I am sure we would have gotten the bash question :) Developer preference I suppose. If you still have issues, blame Brad. He started it :) Jean-Louis Liagre wrote: It works now. Thanks, that was fast :-) A side question. Why are you using bash instead of ksh ? Are there specific bashisms in your script ? FWIW, I changed the interpreter to #!/bin/ksh and the script did its job for me. This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
