Re: [zones-discuss] How to get global zone information from non-global zone
Mike, Thanks for sharing your views. I share your desire for that "big cluster manager". For now, we are still using a "load-balancer" type of failover where we have a frontend linux box that does IPVS (or BIGIP for web). Many other popular protocols like SMTP already have something else built in. The cost of deploying zones means we simply duplicate our environments across different physical hardware and load each of them with many zones fulfilling different functions and still manage to free up more machines. Warm migration of zones would be a nice progression :P. -- Just me, Wire ... On 11/26/06, Mike Gerdts <[EMAIL PROTECTED]> wrote: On 11/25/06, Wee Yeh Tan <[EMAIL PROTECTED]> wrote: > Hi Mike, > > Can you share why you want the NGZ to know about the GZ? There is little technical reason that most people will need to know. However, due to a variety of reasons (integration with monitoring, asset management, some notion that knowing the real box name will make things better, etc.) many non-root users feel that they need to know. Giving people this visibility is easy enough and is of little consequence in my environment. The key reason that I would need to know is if I am looking into a performance problem on the machine and I need to do something from the global zone (run dtrace, snoop, adjust resource allocations). Taking a quick look at /etc/hardwarename can be useful to allow me to avoid looking at some other external cross-reference that would likely be maintained manually (and therefore likely to degrade over time). The key reason that I want to provide it is so that our monitoring group can track any migrations of zones between servers and correlate that movement to performance or availability changes. For example, if a zone migrates from a V240 to a T2000, it would be really nice to have people not get too excited about going from 80% CPU utilization down to 15% utilization or suddenly having a few GB of RAM free. Assuming anyone is watching for such a situation, it would be normally be indicative of a portion of the application having crashed. > The reason I ask is that we are already doing zones but we will be > scaling up the effort quite tremendously and I want to get my bases > covered. The key thing that I am looking for is a way to handle lots of zones efficiently as almost every server has somewhere between 1 and 30 of them. For example, I am looking at various clustering products to provide "free failover" so long as a few basic rules are followed. Of course, my ulterior motive is that I am looking for a management framework that will allow me to say "vacate that server - it needs to go back to the lessor". A cluster that can scale to hundreds of machines and thousands of resources would be ideal. If it can handle this number of resources and the aspects of site failover in the event of a disaster, I would be extremely happy. > I currently use our network operations centre software to track which > zone is which but the zone owners do not really know which hardware > they are in. I personally have not seen any issues whether the zone > owners are in the know so I will let the zone owners know if they ask > -- but so far, no one ever did. As my users get more comfortable with zones, they tend to demand this information less. Keeping users within their "comfort zones" has been a big part of introducing the new features that come with Solaris 10. Mike -- Mike Gerdts http://mgerdts.blogspot.com/ ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] How to get global zone information from non-global zone
On 11/25/06, Wee Yeh Tan <[EMAIL PROTECTED]> wrote: Hi Mike, Can you share why you want the NGZ to know about the GZ? There is little technical reason that most people will need to know. However, due to a variety of reasons (integration with monitoring, asset management, some notion that knowing the real box name will make things better, etc.) many non-root users feel that they need to know. Giving people this visibility is easy enough and is of little consequence in my environment. The key reason that I would need to know is if I am looking into a performance problem on the machine and I need to do something from the global zone (run dtrace, snoop, adjust resource allocations). Taking a quick look at /etc/hardwarename can be useful to allow me to avoid looking at some other external cross-reference that would likely be maintained manually (and therefore likely to degrade over time). The key reason that I want to provide it is so that our monitoring group can track any migrations of zones between servers and correlate that movement to performance or availability changes. For example, if a zone migrates from a V240 to a T2000, it would be really nice to have people not get too excited about going from 80% CPU utilization down to 15% utilization or suddenly having a few GB of RAM free. Assuming anyone is watching for such a situation, it would be normally be indicative of a portion of the application having crashed. The reason I ask is that we are already doing zones but we will be scaling up the effort quite tremendously and I want to get my bases covered. The key thing that I am looking for is a way to handle lots of zones efficiently as almost every server has somewhere between 1 and 30 of them. For example, I am looking at various clustering products to provide "free failover" so long as a few basic rules are followed. Of course, my ulterior motive is that I am looking for a management framework that will allow me to say "vacate that server - it needs to go back to the lessor". A cluster that can scale to hundreds of machines and thousands of resources would be ideal. If it can handle this number of resources and the aspects of site failover in the event of a disaster, I would be extremely happy. I currently use our network operations centre software to track which zone is which but the zone owners do not really know which hardware they are in. I personally have not seen any issues whether the zone owners are in the know so I will let the zone owners know if they ask -- but so far, no one ever did. As my users get more comfortable with zones, they tend to demand this information less. Keeping users within their "comfort zones" has been a big part of introducing the new features that come with Solaris 10. Mike -- Mike Gerdts http://mgerdts.blogspot.com/ ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] How to get global zone information from non-global zone
Hi Mike, Can you share why you want the NGZ to know about the GZ? The reason I ask is that we are already doing zones but we will be scaling up the effort quite tremendously and I want to get my bases covered. I currently use our network operations centre software to track which zone is which but the zone owners do not really know which hardware they are in. I personally have not seen any issues whether the zone owners are in the know so I will let the zone owners know if they ask -- but so far, no one ever did. -- Just me, Wire ... On 11/26/06, Mike Gerdts <[EMAIL PROTECTED]> wrote: On 11/24/06, Jeff Victor <[EMAIL PROTECTED]> wrote: > prakash wrote: > > How to get global zone information from non-global zone, > > any coomand or any file to get the information ? > > Part of the design of the security boundary around a zone is preventing an NGZ > from getting information about its GZ. While this may be true, some information does "leak" into the non-global zone, primarily through network-related information. For example, if you know the hostname or IP address of various global zones (refer to your site's naming standard) you can use "route get". If the MTU matches that of loopback interfaces, the non-global zone is likely on the same machine. $ route get gz282 route to: gz282 destination: gz282 mask: 255.255.255.255 interface: e1000g0 flags: recvpipe sendpipe ssthreshrtt,ms rttvar,ms hopcount mtu expire 0 0 0 0 0 0 8232 0 Another way is to refer to the ARP table. This will also give you a pretty good hint of other zones on the same machine: non-global-zone$ arp -a | grep `uname -n` e1000g4 non-global-zone 255.255.255.255 SP00:14:4f:0e:ef:ae This command will likely display ARP entries that pertain to every zone that shares that physical interface. non-global-zone$ arp -a | grep 00:14:4f:0e:ef:ae Increment or decrement the MAC by a few and you may discover zones that are using other physical interfaces on the same machine. > However, as the GZ administrator you can place information about the GZ into a > file in the NGZ's file system. You can also automate this so that it happens > periodically. To simplify things, part of my standard zone build process creates a file called /etc/hardwarename. I specifically don't say "gzname" or similar because the same file is intended to be useful with domains (refer to the frame/system controller name), LDOM's, etc. Mike -- Mike Gerdts http://mgerdts.blogspot.com/ ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] How to get global zone information from non-global zone
On 11/24/06, Jeff Victor <[EMAIL PROTECTED]> wrote: prakash wrote: > How to get global zone information from non-global zone, > any coomand or any file to get the information ? Part of the design of the security boundary around a zone is preventing an NGZ from getting information about its GZ. While this may be true, some information does "leak" into the non-global zone, primarily through network-related information. For example, if you know the hostname or IP address of various global zones (refer to your site's naming standard) you can use "route get". If the MTU matches that of loopback interfaces, the non-global zone is likely on the same machine. $ route get gz282 route to: gz282 destination: gz282 mask: 255.255.255.255 interface: e1000g0 flags: recvpipe sendpipe ssthreshrtt,ms rttvar,ms hopcount mtu expire 0 0 0 0 0 0 8232 0 Another way is to refer to the ARP table. This will also give you a pretty good hint of other zones on the same machine: non-global-zone$ arp -a | grep `uname -n` e1000g4 non-global-zone 255.255.255.255 SP00:14:4f:0e:ef:ae This command will likely display ARP entries that pertain to every zone that shares that physical interface. non-global-zone$ arp -a | grep 00:14:4f:0e:ef:ae Increment or decrement the MAC by a few and you may discover zones that are using other physical interfaces on the same machine. However, as the GZ administrator you can place information about the GZ into a file in the NGZ's file system. You can also automate this so that it happens periodically. To simplify things, part of my standard zone build process creates a file called /etc/hardwarename. I specifically don't say "gzname" or similar because the same file is intended to be useful with domains (refer to the frame/system controller name), LDOM's, etc. Mike -- Mike Gerdts http://mgerdts.blogspot.com/ ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] How to get global zone information from non-global zone
prakash wrote: How to get global zone information from non-global zone, any coomand or any file to get the information ? This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org Hi Basically you would access any info re the global zone in the same way you would access info on any remote system. This is part of the security of zones. If you really needed this info in the local zone, then it would have to be provided by the global zone in some form. Be that over nfs, or updating a file on a shared mount, that is ro. But there are no provided tools to do this, as the idea is that they global zone is a sperate entity in the same way any remote system would be. Enda ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] How to get global zone information from non-global zone
prakash wrote: How to get global zone information from non-global zone, any coomand or any file to get the information ? Part of the design of the security boundary around a zone is preventing an NGZ from getting information about its GZ. However, as the GZ administrator you can place information about the GZ into a file in the NGZ's file system. You can also automate this so that it happens periodically. -- -- Jeff VICTOR Sun Microsystemsjeff.victor @ sun.com OS AmbassadorSr. Technical Specialist Solaris 10 Zones FAQ:http://www.opensolaris.org/os/community/zones/faq -- ___ zones-discuss mailing list zones-discuss@opensolaris.org
