Re: [zones-discuss] can't unset defrouter ?

2009-04-17 Thread Konstantin Gremliza 



exactly:

zonecfg -z donald
zonecfg:donald> info
zonename: donald
zonepath: /zones/donald
brand: native
autoboot: false
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
...
net:
   address: 10.2.140.150/16
   physical: e1000g0
   defrouter: 10.2.0.1
net:
...:
zonecfg:donald> select net address=10.2.140.150/16
zonecfg:donald:net> remove defrouter 10.2.0.1
zonecfg:donald:net> info
net:
   address: 10.2.140.150/16
   physical: e1000g0
   defrouter not specified
zonecfg:donald:net> end
zonecfg:donald> exit



Konstantin

Hugh McIntyre wrote:

Tommy McNeely wrote:
Once a defrouter is set, there doesn't appear to be a way to unset 
it. I have added another (public) IP address to this zone, and with 
that public IP its own defroute. I want to keep this private one, but 
remove the defrouter attribute. There is no "unset" and you can't set 
it to "" .. I can obviously remove it and re-add it, but shouldn't 
there be an unset?



zonecfg:blah-amer:net> info
net:
   address: 172.168.134.151
   physical: aggr634001
   defrouter: 172.168.134.1


"remove" is the unset command, I think.  Try:
 remove defrouter 172.168.134.1

Hugh.
___
zones-discuss mailing list
zones-discuss@opensolaris.org



___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] Testing memory and swap caps

2009-03-11 Thread Konstantin Gremliza 


Hi

I use this one for teaching purposes. Can be used like this:

gcc -o mem mem.c

mem [ -p  ][ -n <#pages> ][ -t  ]

You can easily watch memory consumption with pmap as anon grows...
You can also see how Solaris works with multiple pasgesize support MPSS.

Konstantin


#include 
#include 
#include 

int getopt(int argc, char * const argv[], const char *optstring);
int atoi(const char *str);
void *malloc(size_t size);



int main(int argc, char **argv)
{
   extern int optind;
   extern char *optarg;

   int pagesize = PAGESIZE;
   int option;
   int err;
   int count = 1;
   int seconds = 10;

   char *buf;
   int loop;

   while ((option = getopt(argc, argv, "p:t:n:")) != EOF) {
   switch (option) {
   case 'p':
   pagesize = atoi(optarg);
   break;
   case 'n':
   count = atoi(optarg);
   break;
   case 't':
   seconds = atoi(optarg);
   break;;
   default:
   err++;
   } /* switch */
   } /* while */

   argc -= optind;
   argv += optind;

   while (1) {
   for (loop = 0; loop < count; loop++) {
   buf = malloc(pagesize);
   *buf = ' ';
   }
   printf("Consume about %d/%d kB/s.\n", count * pagesize, 
seconds);

   sleep(seconds);
   }
}
Maidak Alexander J schrieb:

I've used this before:

perl -e '$a = "A" x 100_000_000; sleep 3600' &

I think each perl onliner will chew up ~200MB memory.  Add or remove a zero for 
more or less consumption.

-Alex

-Original Message-
From: zones-discuss-boun...@opensolaris.org 
[mailto:zones-discuss-boun...@opensolaris.org] On Behalf Of Paul Davis
Sent: Wednesday, March 11, 2009 9:44 AM
To: zones-discuss@opensolaris.org
Subject: [zones-discuss] Testing memory and swap caps


Is there a tool available that can incrementally consume memory in a zone?

Thanks,
Paul



___
zones-discuss mailing list
zones-discuss@opensolaris.org
___
zones-discuss mailing list
zones-discuss@opensolaris.org

__ Hinweis von ESET NOD32 Antivirus, Signaturdatenbank-Version 3927 
(20090311) __

E-Mail wurde geprüft mit ESET NOD32 Antivirus.

http://www.eset.com




  


___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] Making directories in /usr visible (from global zone) in non-global zone

2009-02-12 Thread Konstantin Gremliza 





Other possibilities to find out if its sparse or whole root from within
the local zone:

- touch /usr  (should not work in sparse zone)
- df -n /usr (reports lofs)

Konstantin Gremliza




Jeff Victor schrieb:

  On Tue, Feb 10, 2009 at 12:26 AM, Arun Gupta  wrote:
  
  
Thanks Jeff,

How do I know whether it's a sparse-root or whole-root zone ?

  
  
>From the global zone, use "zonecfg -z  info" and look for
entries about inherit-pkg-dir. If there are four (/usr, /lib, and two
others) then it's a sparse-root zone, and /usr should look the same in
the zone as in the GZ.  If they are not present, it's a whole-root
zone, and the zone has its own /usr which may include software not
available in the GZ or in other zones.

  
  
I took the default options when creating zones.

  
  
If that's true, it's a sparse-root zone, and anything in the GZ's /usr
would be visible in the zone's /usr. If a sparse-root zone can't see
things in /usr that the GZ can, either another loopback mount is
needed, or something is broken. It's hard to know without more
information, such as:

Output of "zonecfg ... info"
Output of "mount" in both the GZ and the zone.


  
  
-Arun

Jeff Victor wrote:


  Is it a sparse-root zone or a whole-root zone? It should be visible in
a sparse-root, but a whole-root zone has its own separate copy of
/usr.

On Mon, Feb 9, 2009 at 6:50 PM, Arun Gupta  wrote:
  
  
I installed GlassFish in global zone in /usr directory. However this
directory does not seem to be visible in non global zone. Do I need to do
something special to make it visible ?

Bunch of other directories in /usr are visible.

What am I missing ?

  
  
  

  
  


  




___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] Creating Zones with minimal space usage on S10U6

2008-12-13 Thread Konstantin Gremliza 




Hi Alexander

Alexander Skwar schrieb:
Hi.
  
I'd like to create a NGZ on a S10U6 system. Actually, I'd like to create
a number of NGZ's on this host and the NGZs don't differ much. So
I thought that it should be possible to create a "template" NGZ where
the zone root is on a ZFS.
  
Then I think it should somehow be possible to use ZFS snapshots
and clones. Ie. a snapshot of the zone root should be created, it
should be promoted to a clone and this clone should be used as the
zone root for a new NGZ. When first booting, I'd run a sys-unconfig,
reboot again and enter valid data (or modify the files touched by
sys-unconfig myself and safe me one boot). Afterwards, the
zone XML file in /etc would need to be modified to "cheat" the system
into thinking that this new NGZ is properly configured.

All correct. If you do not start the "template" NGZ for the first time,
you could directly clone that one without sys-unconfig the targets.


Or does zoneadm maybe support this from itself? If so, what would
be the correct way of using zoneadm? Is the manpage at
  http://docs.sun.com/app/docs/doc/816-5166/zoneadm-1m?l=de&a=view
the current man page (or at least the one that is valid for S10U6)?
And if that's so, would the following be the correct way of doing
things?
  
  # zoneadm -z template-zone halt
  # zfs snapshot zones/templ...@2008-12-13
  # zoneadm -z target clone -s zones/templ...@2008-12-13 template-zone


Would that be correct?
  

No. Opensolaris can directly clone zones using ZFS snapshots. Solaris
up to 10u6 cannot. The manpage for 10u6 is more advanced than the
command.
Do not forget to create a unique identifier when cheating
/etc/zones/index. Copy a valid uid and modifiy a bit. It only has to be
unique.

Konstantin

Thanks a lot,
  
Alexander
  

___
zones-discuss mailing list
zones-discuss@opensolaris.org


__ Information from ESET NOD32 Antivirus, version of virus signature database 3687 (20081212) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

  




___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] Questions regarding Solaris containers

2008-10-21 Thread Konstantin Gremliza 
Steffen Weiberle wrote:
> On 10/20/08 21:29, Challa, Narsimha Reddy (STSD-HYD) wrote:
>   
>> Hi,
>>  
>> I am new to Solaris containers. Can somebody please clarify the below 
>> questions:
>>  
>>  
>>
>>1. What are the supported versions of Solaris that support Containers
>>   concept? As per my search on this from “Solaris 10 Update 4 or
>>   Update 5” onwards containers are supported.  Am I right?
>> 
>
> Solaris Containers were delivered in the original 3/05 release of 
> Solaris 10. Technically, Solaris Zone were delivered then, unless you 
> count the Solaris Express previews of S10 before that. And since 
> Containers is a marketing term to combine zones and resource management, 
> the later updates of Solaris 9 had RM Containers. And RM goes back to at 
> least 2.4 with processor sets (pset), 2.6 with the fair share scheduler 
> (FSS or Solaris Resource Manager (SRM)), Solaris 9 with resource pools 
> (an abstraction of pset), and then S10 with dynamic resource pools.
>
>
>   
>> 2.  Can raw disks be exported to Solaris containers from global 
>> zone? Using “zonecfg” command we tried exporting devices (disk 
>> partitions/SVM volumes) to containers. Once they have been exported we 
>> are unable to see those in the “/dev/dsk” directory of the non global zone.
>> 
>
> The zones FAQ at http://opensolaris.org/os/community/zones/faq/ 
> discusses this. Did you reboot the zone?
>
> The question I would ask is 'why do you nned to do this?' Zones is a 
> security perimeter around a set of processes and additional services to 
> make it look like its own system, without all the other stuff to make it 
> a 'complete' system (those things are kept to the kernel and global zone.
>
> One of the benefits is needing to manage devices only in the global 
> zone. So when you have ten zones running, there is one device 
> administration point, instead of eleven.
>
>   
>> Is there a known issue regarding this?
>>  
>> 3.  Is there any concept of virtual HBA in Solaris Containers? Are 
>> external disks from the storage arrays presented directly to the Solaris 
>> container? Can multipathing software be configured on the Solaris container?
>> 
>
> No. Per above you can extend LUNs. Multipathing is a kernel/driver 
> function for disk. IPMP (multipathing for IP) can be done in zone if it 
> is of ip-type=exclusive, which is not the default. This puts more 
> admin1stration into the non-global zone.
>
>   
>>  
>> 4.  Is Volume management (SVM and VxVM) supported inside Solaris 
>> containers today? Some of the old documents show that the volume 
>> management commands are accessible but are modified to display the below 
>> message. Is this still valid today?
>> 
>
> SVM is. See the FAQ. You will need to ask Veritas about VxVM.
>
>   
>> /VxVM command_xxx ERROR msg_id: Please execute this operation in global 
>> zone./
>>  
>> 5.  Can somebody clarify me whether ZFS is supported for containers? 
>> Since ZFS has the concept of creating pool of devices first and on top 
>> of that file systems can be created. I would like to know what kind of 
>> support is there today for ZFS for Solaris containers?
>> 
>
> This is evolving. You can delegate a ZFS file system into a zone. With 
> the upcoming S10 10/08, the zone path is fully supported on ZFS. A 
> future is to have a zone clone automatically do a ZFS clone--this is 
> already in Solaris Nevada/SXCE.
>
>   
>>  
>> 6.  What cluster softwares (Ex: VCS, Solaris) are supported with 
>> Solaris Containers today?
>> 
>
> Solaris Cluster supports zones. I don't know if RM is managed within the 
> cluster framework, or outside of it. VCS supports zones.
>
>   
RM is managed outside Sun Cluster.
Zones are supported in two different ways:
1. Switching a zone from one node to another.
2. By having a service zone and switching the application. Cluster 
commands use the global zone as a "proxy".

Konstantin
>> 7.  Can we get CPU and Memory utilization statistics used by a 
>> specific container (either from with in the container or from global zone)?
>> 
>
> Always from the global zone. What you can get within a non-global zone 
> depends on resource management applied to the zone, especially for CPUs.
>
>   
>> 8.  What databases are supported today for Solaris containers? As 
>> per the bigadmin document “db_in_containers”, only non-RAC Oracle is 
>> supported by containers. Is this still valid today or is there support 
>> provided for Oracle RAC?
>> 
>
> Oracle is supported. I understand that RAC support may be coming.
>
>   
>> Is DB2 supported inside containers?
>> 
>
> I don't know.
>
> Steffen
>
>   
>> Thanks in advance.
>>  
>> Regards,
>> -Narsimha
>>  
>>
>>
>> 
>>
>> ___
>> zones-discuss mailing list
>> zones-discuss@opensolaris.org
>> 
>
> __

Re: [zones-discuss] Programming for zones

2008-10-03 Thread Konstantin Gremliza 
Hi Nic,

I have the feeling you are on the wrong track, if you want to start and 
maintain a apache server from the global zone and then fork worker procs 
into the zones.
This is not intended and also not needed - and here is why:

Security:

 From the zones point of view, it cannot see the global or other zones. 
The concept is isolation of process which is fully achieved and wanted.
Solaris has a important security feature other unixes do not have: least 
privileges.In Solaris you don't need to run the server as root with full 
power.
Option 1: Start the main apache process directly with a normal user 
webservd and give him the necessary privilege to open the port 80: 
net_privaddr
Option 2: Start it with the user root, but take away all privileges that 
root normally has (you spare a user).
This is the security feature that you really want.

Availability/Maintainability

By having to startup apache in every zone completely on its own makes 
the apache instances more available.
e.g. you could patch/start/stop one version of your own apache in one 
zone, but not the others.

Lightweightness

Infact zones are full of it.
The system maintains only one pagecache (like every other kernel 
resource). If you use sparse zones, files on the lofs are mapped against 
the same vnode, speeding up the start of processes and saving memory.
In a zone many os services are not needed and therefore not started - 
again saving memory and perhaps cpu.

Away from the defaults you can:

disable unneeded service instances in a zone.
make the zone more secure.
start apache with a restricted set of privileges.

You can always start and stop apache instances in a zone from the global 
zone:
zlogin  svcadm  apache2

Regards,

Konstantin





Nick Kew schrieb:
> I can find plenty of documentation for using zones, but none
> for programming with them.  The best I can get is the .h files
> (undocumented), and random snippets from googling.
>
> In the Apache webserver community, we have a lot of demand from
> hosting companies and their users for better separation of
> different users and virtual hosts - for example, strong protection
> of a user's database access from other users of a (physical) host.
>
> I'm looking at a virtualised version of the server based on zones.
> The basic idea is that apache will run in different zones, which
> are then protected from each other.  At the same time, it should
> be lighter-weight than a full-blown virtualbox, with code and
> static non-sensitive data (configuration read at startup) shared,
> but all per-request data private.
>
> In normal operation, copy-on-write gives us this model for free.
> Does copy-on-write work across a zone_enter()?
>
> Currently the Apache httpd model includes:
> * Server starts up, reads general configuration, loads modules, etc.
> * Apache forks one or worker children, each with one or more threads.
> * Worker processes drop privileges before accepting connections from
>the 'net.
> * There's no association between workers and hosts or users.  Workers
>are shared between all users.
>
> In the past, we've had some efforts to improve separation, based on
> worker children running under different user IDs.  See for example
> the perchild MPM at apache.org.  There's a lot of demand for
> perchild-like solutions, but no really satisfactory solution.
>
>
> My proposal is to provide an option whereby worker children perform
> a zone_enter before accepting connections or reading application-
> sensitive data.  This of course assumes apache is started up in the
> root zone.  Each zone will be the home for one or more virtualhost.
> It should be possible for zones to have different sizes (numbers of
> worker threads) and bandwidths (through crossbow), and other
> customisations.  But the primary purpose - and I believe a huge
> selling-point - is the increased security of this virtualisation.
>
> Is there anywhere I can get the programmer documentation to get
> started on this work, beyond dabbling blindly with examples found
> on the 'net?
>
>   

___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] zoneadm confusion

2008-07-10 Thread Konstantin Gremliza 




Thank you Dan! Also for the good hint to look at zone.c. I tried to add
some of the information into my picture.

I moved it to http://gremliza.net  for anyone who likes it.

Regards, 

Konstantin

This was my good old zone_state.d dtrace script:

#!/usr/sbin/dtrace -qs

BEGIN {
    z[0]="UNINITIALIZED";
    z[1]="READY";
    z[2]="BOOTING";
    z[3]="RUNNING";
    z[4]="SHUTTDING_DOWN";
    z[5]="EMPTY";
    z[6]="DOWN";
    z[7]="DYING";
    z[8]="DEAD";
    st=timestamp;
    printf("%14s %12s %3s %s\n", "TIME", "ZONE", "ID", "STATE");
}

proc:::exec
/ execname == "zoneadmd" / {
    self->exec = execname;
}

proc:::exec-success
/ self->exec == "zoneadmd" / {
    t=timestamp-st;
    printf("%10d.%03d", t/100, (t/1000)%1000 );
    printf(" EXEC: %s\n", curpsinfo->pr_psargs) ;
    self->exec = 0;
}

proc:::create
/ args[0]->pr_fname == "zsched" || args[0]->pr_fname == "init" / {
    t=timestamp-st;
    printf("%10d.%03d", t/100, (t/1000)%1000 );
    printf(" FORK: %3d %s[%d]\n", args[0]->pr_zoneid,
args[0]->pr_fname, args[0]->pr_pid) ;
}

proc:::exit
/ execname == "zsched" || execname == "init" / {
    t=timestamp-st;
    printf("%10d.%03d", t/100, (t/1000)%1000 );
    printf(" EXIT: %3d %s[%d]\n", curpsinfo->pr_zoneid,
execname, pid) ;
}


fbt:genunix:zone_status_set:entry {
    t=timestamp-st;
    printf("%10d.%03d", t/100, (t/1000)%1000 );
    printf("   %3d %12s %s\n", args[0]->zone_id,
stringof(args[0]->zone_name), z[args[1]]);
}



Dan Price schrieb:

  On Thu 10 Jul 2008 at 02:42AM, Konstantin Gremliza wrote:
  
  
   Ok.

   I wrote a dtrace script to monitor zone states. The resulting automata is
   in the attachment.
   In the state down, we should still have a zsched (ps), but we should not
   have any mounted filesystems, which is true (df).

  
  
Nicely done!  This is very well organized.

There's more info on the different states in the big comment at
the top of:

http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/os/zone.c

-dp

  




___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] zoneadm confusion

2008-07-09 Thread Konstantin Gremliza 
Martin Englund schrieb:
> I get over 10,000 lines of output from "::threadlist -v" any hints on how to 
> find the needle in the haystack? :)
>
> cheers,
> /Martin
>  
>  
> This message posted from opensolaris.org
> ___
> zones-discuss mailing list
> zones-discuss@opensolaris.org
>
> __ Information from ESET NOD32 Antivirus, version of virus signature 
> database 3255 (20080709) __
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
>   
Hi Martin,

please provide the following:

zoneadm list -cv
ps -fz  jcp-mail-zn-mn-colo1
df -hZ |grep   

Konstantin

___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] Sun Case 65979835

2008-06-26 Thread Konstantin Gremliza 
Hi Kathleen,

UFS is NOT a shared filesystem! What you are trying to do should not work.

A simple suggestion:

If you need the filesystem mounted globally, use lofs to mount the 
filesystem into the zones.

[EMAIL PROTECTED]:/]# zonecfg -z ldev7
zonecfg:ldev7> add fs
zonecfg:ldev7:fs> set dir=/shared
zonecfg:ldev7:fs> set special=/shared #  global 
mount point for /dev/dsk/c4t0d0s0
zonecfg:ldev7:fs> set type=lofs
zonecfg:ldev7:fs> end
zonecfg:ldev7> exit


Regards,

Konstantin

______

Konstantin Gremliza
Sun Education Training Center Hamburg



kathleen haines wrote:
> the customer issue
>
> I am attempting to make a global zone filesystem /dev/dsk/c4t4d0s0 
> available to two non-global zones
>
> The global zone is ldev6 and the non-global zones are ldev7 and ldev8. 
> Here is what I did.
>
> [EMAIL PROTECTED]:/]# zonecfg -z ldev7
> zonecfg:ldev7> add fs
> zonecfg:ldev7:fs> set dir=/shared
> zonecfg:ldev7:fs> set special=/dev/dsk/c4t4d0s0
> zonecfg:ldev7:fs> set raw=/dev/rdsk/c4t4d0s0
> zonecfg:ldev7:fs> set type=ufs
> zonecfg:ldev7:fs> end
> zonecfg:ldev7> verify
> zonecfg:ldev7> commit
> zonecfg:ldev7> exit
>
> I then rebooted the ldev7 non-global zone and received this message.
>
> [EMAIL PROTECTED]:/]# zoneadm -z ldev7 boot
> zoneadm: zone 'ldev7': fsck of '/dev/rdsk/c4t4d0s0' failed with exit 
> status 39; run fsck manually
> zoneadm: zone 'ldev7': call to zoneadmd failed
>
> I received this message on the ldev7 console.
> [EMAIL PROTECTED]:/]# zlogin -C ldev7
> [Connected to zone 'ldev7' console]
> [NOTICE: Zone booting up]
>
> [NOTICE: Zone boot failed]
>
> The filesystem is currently mounted in the global zone. Do I need to 
> umount the filesystem in the global zone and run fsck to allow the 
> ldev7 zone to boot?
> _*
> What does the customer need to do to resolve this issue? Can he create 
> these two non global zones*_
> -- 
> <http://www.sun.com>  * Kathleen Hains *
>
> *Sun Microsystems, Inc.*
> Canada
> Phone 1-800-USA-4SUN Option 2 + Case ID
> **If unavailable, option 0 for next agent**
> Business Hours - Mon-Fri 21:30 - 06:00PM EST (09:30pm to 06:00AM)
> Email [EMAIL PROTECTED]
> Duty Manager 902-563-4845 X 73866
> <http://www.sun.com>
>
> Tier 2 Operational Commitment I am... Through technical expertise, 
> customer service skills and leveraging Sun Service Americas, I provide 
> effective and timely solutions to customers while consistently meeting 
> commitments and exceeding expectations. An advocate for Sun's 
> Customers enabling timely access to Sun Services * Live it * Own it * 
> Breathe it*
> 
>
> ___
> zones-discuss mailing list
> zones-discuss@opensolaris.org

___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] How to configure Global/Local zone in seperate subnet and use seperate router

2008-03-04 Thread Konstantin Gremliza 


I would prefer not to upgrade, but to patch the solaris 10u3 to the 
functionality of 10u4 (mainly kernel and zones patches).
You also need the newly released ce driver patch, which will enable 
exclusive tcpip in zones.


regards, konstantin

Tony Wong wrote:
> Dear All and Solaris Expert,
>
> Our customer wanted to configure Global and Local zone in completely 
> difference IP Subnet and use difference default router. Understand 
> that existing Solaris 10 prior to update4, it's quite impossible, as 
> the Global zone will still see the Local zone IP traffic and the 
> routing can only be done of Global zone. Doing so, the Global zone has 
> becoming part of the member in the Local zone subnet
>
> After escalated, SUN Backend engineer has advised that it can be done 
> on Solaris 10 update4. Now, customer wanted to upgrade from Solaris 10 
> 11/06 u3 to update 4, to have that feature. The following is some of 
> our customer's questions (In Green), my research (In red) and question 
> at the bottom of this email. Hope this email isn't too long for your 
> to read
>
>
> 1, What would be the technical impact on their ecosystem? Any impact 
> on Solaris volume manager and container?
>
> Starting with this release, *Solaris* Live Upgrade has been changed 
> with the following enhancements:   <== Taking about Solaris 10 08/07 u4
>
>*
>
>   You can upgrade the *Solaris* OS when non-global zones are
>   installed on a system by using *Solaris* Live Upgrade.  <== Then
>   what about Solaris 10 11/06 u3?
>
> http://docs.sun.com/app/docs/doc/817-0547/getjd?l=en&q=solaris+10+zoneadm&a=view#getas
>
>
> 2. A written confirmation from Sun that by updating the Solaris, it 
> will resolve their issue.
>
> Found the following:
>
> Determine whether the zone will be a shared-IP zone or an exclusive-IP 
> zone. 
>
>   
>
> For a shared-IP zone, which is the default, obtain or configure IP 
> addresses for the zone. Depending on your configuration, you must 
> obtain at least one IP address for each non-global zone that you want 
> to have network access. 
>
> For an exclusive-IP zone, determine the data-link that will be 
> assigned to the zone. The zone requires exclusive access to one or 
> more network interfaces. The interface could be a separate LAN such as 
> bge1, or a separate VLAN such as bge2000. _*The data-link must be 
> GLDv3*_. A data-link that is *not* GLDv3 is identified as type: legacy 
> in the output of the dladm show-link command.
>
>
> http://docs.sun.com/app/docs/doc/817-1592/6mhahuoov?l=en&a=view
>
> Document Say the GLDv3 is supported on the interface types: bge, xge, 
> and e1000g. But, _*Customer** E25K is running most ce interface*_
>
> http://docs.sun.com/app/docs/doc/816-4554/6maoq01n5?l=en&a=view#gaugz
>
>
> Questions as follow:
>
> 1. Can we live upgrade the Solaris 10u3 to u4 without impacting their 
> existing solaris container/zone?
>
> 2. After upgraded, is their existing interface card supported to 
> configure global and local zone in difference subnet and use 
> individual default router without interface each other the global and 
> local zone.
>
> 3. How to configure it?
>
> Any advise and comment are very much appreciated. Thank you in advance
>
> Thanks
>
> Regards
> Tony Wong
>
> 
>
> ___
> zones-discuss mailing list
> zones-discuss@opensolaris.org

___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] Boot state completion?

2008-01-23 Thread Konstantin Gremliza 





Hi Brad,

unfortunatly there is no 

who -r 

for smf. i don't know if there is a rfe for this. the default milestone
is "all" , but you cannot query the state for this milestone so you
don't know when the graph is ready. the best thing i would consider is
running

svcs -x. 

if nothing shows up everything is ok. you could use zonemgr to run the
command in all the zones simultaneously, but somebody at sun should fix
this and many other things in smf too. 

kind regards, konstantin

Detlef Ulherr schrieb:

  Hi Brad

If it  is native container, I would suggest to log into a zone and test
if the desired milestone is online In normal cases, it should be
multi-user-server. If it is a branded zone, consider the runlevel.

Kind Regards

Brad Diggs wrote:
  
  
What is the best method to determine when a zone has fully completed 
booting?

In the Zone Manager, I do a process listing waiting until syslogd is 
running.
This can be problematic if syslogd isn't installed in the global zone or is
configured by default to not start.

"zoneadm list -cv" is good for determining when the zone starts running 
but it
is not sufficient to determine when the last service of the zone 
completes starting
up.

Thanks in advance,
Brad
___
zones-discuss mailing list
zones-discuss@opensolaris.org
  

  
  
  




___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] How to configure network for zone?

2007-11-22 Thread Konstantin Gremliza 




Ava Zhang schrieb:

  Zoram Thanga wrote:
  
  
That's the problem. Use an IP address which is not in use. Shared IP 
doesn't mean you share the IP address itself. It's the IP *stack* that 
is shared.

Zoram

  
  Must I use a free IP in the same subnet(129.158.215.x)? Or any IP is OK, 
including private IP such as 10.x.x.x?

Thanks
--Ava
  
  
___
zones-discuss mailing list
zones-discuss@opensolaris.org

  

In case you use a "shared-ip" address you must use a free ip-address
from a subnet known in the global zone.
a local zone cannot modify the routing table. 
it depends on the routing table from the global zone.

where did you get the solaris beta?

Konstantin


___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] Interfaces to automate zone system

2007-11-20 Thread Konstantin Gremliza 




Hi there,

I have a question regarding zonemgr.

We would like to use lofs to mount (ro) a file /etc/GLOBAL into the
zones. It should contain the name of the global zone so anyone can
easily find out, what system he is really on.

Zonemgr 1.8 only supports directories for readonly lofs mounts: option
-r

Can it be changed to support files ?

Thanks and regards,

Konstantin


___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] bug? zone wont create device files during boot

2007-10-03 Thread Konstantin Gremliza 





Dan, I apologize. I'm still learning.
I replayed the whole damn thing and of course it works well and all
devices appear in the zone as configured.
I was just confused because looking at /zones/zone-a/dev still doesn't
show any of my device files.
You also wanted me to check ZONEPATH/dev which is still quite empty
although the files apear in /dev within the zone. 
As my little dtrace script shows the earlier implementation of devfsadm
-z  in READY state and the devfsadm -Z during the stop of
the zone have disappeared.
It has been replaced by a strange mount -o attrdir=ZONEPATH/dev ... I
didnt find anything in the man pages, so I guess I have to look into
the source ...

Thanks again,

Konstantin

# more /etc/release  
              Solaris Express Developer Edition 9/07 snv_70b X86
   Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
    Use is subject to license terms.
    Assembled 30 August 2007
# zoneadm -z zone-a list zone-a -v
ID NAME STATUS PATH   BRAND   
IP    
 - zone-a   installed  /zones/zone-a  native  
shared

# ls /zones/zone-a/dev/lockstat 
/zones/zone-a/dev/lockstat: No such file or directory

# zonecgf -z zone-a 'add device;set match=/dev/lockstat;end'
# zonecgf -z zone-a info 
zonename: zone-a
...
device:
    match: /dev/lockstat
...

# zoneadm -z zone-a boot
# zoneadm list -cv
  ID NAME STATUS PATH  
BRAND    IP    
   0 global   running    / 
native   shared
   1 zone-a   running    /zones/zone-a 
native   shared
   - zone-b   installed  /zones/zone-b 
native   shared 

NO SUCH FILE:

# ls /zones/zone-a/dev
cpu   dtrace    fd    pts   rmt   sad   swap 
term  zconsole

BUT HERE IT IS:

# zlogin zone-a ls /dev
arp conslog console cpu crypto cryptoadm dsk dtrace dtremote fd kstat
lockstat log logindmux msglog null poll pool ptmx pts random rdsk rmt
sad stderr stdin stdout swap ...


# zone_state.d

  TIME ZONE  ID STATE
 11280.463 1   zone-a SHUTTDING_DOWN
 12282.011 EXIT:   1 init[993]
 12284.484 1   zone-a EMPTY
 12284.697 1   zone-a DOWN
 12357.223 1   zone-a DYING
 12357.312 EXIT:   1 zsched[981]
 12357.397 1   zone-a DEAD
 12364.892 2   zone-a READY

THIS IS NEW TO ME:
 12377.392 EXEC: mount -o attrdir=/zones/zone-a/dev /dev
/zones/zone-a/root/dev

 12391.944 EXEC: mount -o ro,nosub,nodevices /lib
/zones/zone-a/root/lib
 12400.040 EXEC: mount -o ro,nosub,nodevices /platform
/zones/zone-a/root/platform
 12406.763 EXEC: mount -o ro,nosub,nodevices /sbin
/zones/zone-a/root/sbin
 12412.863 EXEC: mount -o ro,nosub,nodevices /usr
/zones/zone-a/root/usr
 12448.600 2   zone-a BOOTING
 12449.042 2   zone-a RUNNING
 12453.645 FORK:   2 init[1560]
^D^C

script done on Wed Oct 03 15:19:25 2007

Dan Price schrieb:

  On Tue 02 Oct 2007 at 07:35AM, Konstantin Gremliza wrote:
  
  

Someone earlier stated that this was also broken in SXDE-- as far as
I know that is *not* the case.  One of the reasons this has been a
troublesome area is that in Nevada the /dev zones implementation is
radically different from S10, due to the existence of the "devnames"
project in Nevada.  Hence the S10 and Nevada code is pretty in this
area.

-dp


Before I posted this to [zone-discuss] I tried again on SXDE 09/07, and the
same problem occured.
Adding a device match will not create any device files in ZONEPATH/dev.

  
  
Konstantin, we'll go back and retest SXDE 9/07, although at present we
don't have a bug for this problem open against SXDE.  As I said, the
code is basically completely different in that area between SXDE and
S10, so it would have to be a new and different bug.

My desktop is a SPARC box running build 72 (which AFAIK is SXDE 9/07)
and I don't see this there; this is an example of adding, then
removing a pseudo device in a basic test:
  
  # uname -a 
  SunOS snowdog 5.11 snv_72 sun4u sparc SUNW,A70
  # ls -l /aux/foo/root/dev/lockstat
  /aux/foo/root/dev/lockstat: No such file or directory
  # zonecfg -z foo 'add device; set match=/dev/lockstat; end'
  # zoneadm -z foo reboot
  # ls -l /aux/foo/root/dev/lockstat
  crw-r--r--   1 root sys   89,  0 Oct  3 02:55 /aux/foo/root/dev/lockstat
  # zonecfg -z foo 'remove device match=/dev/lockstat'
  # zoneadm -z foo reboot
  # ls -l /aux/foo/root/dev/lockstat
  /aux/foo/root/dev/lockstat: No such file or directory

(Please note that I'm not advising that anyone add /dev/lockstat to
their zone; I simply used it as a test case).

Perhaps you could post your SXDE test cas

[zones-discuss] Bug? zonecfg export using memory-caps can't be imported

2007-10-02 Thread Konstantin Gremliza 




Hi,

I created a zone like this using memory-caps:


zonecfg
-z zone-a

zonecfg:zone-a> add capped-memory

zonecfg:zone-a:capped-memory> set swap=512m

zonecfg:zone-a:capped-memory> set physical=512m

zonecfg:zone-a:capped-memory> end

zonecfg:zone-a> exit


When I try to use this configuration to create a new zone (aka
import) I get an error:

# zonecfg -z zone-a export | sed 's/zone-a/zone-b/'|zonecfg -z zone-b
-f - 
On line 23:

The capped-memory resource or a related resource control already
exists.

On line 24:

Cannot set a resource-specific property from the global scope.

On line 25:

The end command only makes sense in the resource scope.


This is the zone configuration:

# zonecfg -z zone-a export

0 create -b

1 set zonepath=/zones/zone-a

2 set autoboot=false

3 set ip-type=shared

4 add inherit-pkg-dir

5 set dir=/lib

6 end

7 add inherit-pkg-dir

8 set dir=/platform

9 end

10 add inherit-pkg-dir

11 set dir=/sbin

12 end

13 add inherit-pkg-dir

14 set dir=/usr

15 end

16 add device

17 set match=/dev/*dsk/c2t0d0s*

18 end

19 add rctl

20 set name=zone.max-swap

21 add value (priv=privileged,limit=536870912,action=""

22 end

23 add capped-memory

24 set physical=512M

25 end

#


The problem is quite clear. Zonecfg tries to add two memory-caps, but
there can be only one. 
SWAP caps is implemented as RCTL, phsical caps as RCAP managed by the
global rcapd thus the strange output.
Maybe however it would have been better, to hide the implementaion von
zonecfg completly, or to separate them.


Konstantin Gremliza







___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] bug? zone wont create device files during boot

2007-10-01 Thread Konstantin Gremliza 







  
Someone earlier stated that this was also broken in SXDE-- as far as
I know that is *not* the case.  One of the reasons this has been a
troublesome area is that in Nevada the /dev zones implementation is
radically different from S10, due to the existence of the "devnames"
project in Nevada.  Hence the S10 and Nevada code is pretty in this
area.

-dp

  


Before I posted this to [zone-discuss] I tried again on SXDE
09/07, and the same problem occured. 
Adding a device match will not create any device files in ZONEPATH/dev.

regards,

Konstantin


___
zones-discuss mailing list
zones-discuss@opensolaris.org

[zones-discuss] bug? zone wont create device files during boot

2007-10-01 Thread Konstantin Gremliza 




Hi,

a collegue of mine mentioned a problem in both Solaris 10 >= 11/06
and Solaris Express 09/07. 

Setting a device match in zonecfg like
this works fine:

zonecfg> add device
zonecfg:device> set match=/dev/*dsk/c6t0d0s*
zonecfg:device> end

But 

zoneadm -z zone boot

wont create the necessary device files in ZONEPATH/dev.

In my understanding this part of zoneadmd which
would call devfsadm -z 
which it still does. But in the end there is no device file created?

I tried to look at the source of devfsadm.c but couldnt find the -z
switch, so I'm stuck here.

This is not really a problem to me as I could easily create the device
files by simply copying them. I'd rather like to submit this as a bug.

Thanks,

Konstantin Gremliza







___
zones-discuss mailing list
zones-discuss@opensolaris.org