Greetings,
I have read the wiki.
My q is: I'd like to have the root zone be on one network (inside) the
admin network tag, and
then the other physical nic is tagged with, say, prod. And I'd like all
the vms to be there.
So, I have the following:
sandbender is the vm, and sandbooter is the GZ
root@sandbooter /usbkey]# cat /usbkey/config
coal=true
admin_nic=00:0c:29:6e:97:b1
admin_ip=198.98.0.33
admin_netmask=255.255.255.0
admin_network=
admin_gateway=198.98.0.33
prod_nic=00:0c:29:6e:97:a7
prod_ip=
prod_netmask=
prod_network=
prod_gateway=
headnode_default_gateway=198.98.0.21
dns_resolvers=8.8.8.8,8.8.4.4
dns_domain=midlant.ogt11.net
ntp_hosts=0.smartos.pool.ntp.org
compute_node_ntp_hosts=198.98.0.33
hostname=sandbooter
Here are the resultant physical nics:
And here is the json for my vm:
root@sandbooter /usbkey]# vmadm get 9f52f81b-e84d-c95a-e001-9cac52eb99a3
|json nics
[
{
"interface": "net0",
"mac": "82:fb:b2:d5:ac:16",
"nic_tag": "prod",
"gateway": "207.188.212.1",
"gateways": [
"207.188.212.1"
],
"netmask": "255.255.255.128",
"ip": "207.188.212.33",
"ips": [
"207.188.212.33/25"
],
"primary": true
}
]
root@sandbooter /usbkey]# dladm show-phys -m
LINK SLOT ADDRESS INUSE CLIENT
e1000g1 primary 0:c:29:6e:97:b1 yes e1000g1
e1000g0 primary 0:c:29:6e:97:a7 yes e1000g0
[root@sandbooter /usbkey]# nictagadm list
NAME MACADDRESS LINK TYPE
prod 00:0c:29:6e:97:a7 e1000g0 normal
admin 00:0c:29:6e:97:b1 e1000g1 normal
snoop -d e1000g0
snoop -d e1000g1
And, finally, the traditional ifconfig shows what I want on the global zone:
[root@sandbooter /usbkey]# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
inet 127.0.0.1 netmask ff000000
e1000g1: flags=1001000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,FIXEDMTU> mtu
1500 index 2
inet 198.98.0.33 netmask ffffff00 broadcast 198.98.0.255
ether 0:c:29:6e:97:b1
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252
index 1
inet6 ::1/128
both show traffic. Currently, both interfaces are physically connected to
the same physical switch. Initially, sandbender was built with the nictag
"admin". I changed that using the instructions/examples on:
https://wiki.smartos.org/display/DOC/Using+vmadm+to+manage+virtual+machines
and now it is on "prod". Of course, it worked before the change and
doesn't now.
Again, my goal is to have the global zone on one switch and all of the VM's
public interfaces on another.
I'd of course use zlogin in an emergency. But yes, I don't want there to
be any possibility of reaching the global zone from a vm.
Any observations? ideas?
I'd really appreciate it.
Cheers!
-sam
-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com
