Hi Mike,
Can you share why you want the NGZ to know about the GZ?
The reason I ask is that we are already doing zones but we will be
scaling up the effort quite tremendously and I want to get my bases
covered.
I currently use our network operations centre software to track which
zone is which but the zone owners do not really know which hardware
they are in. I personally have not seen any issues whether the zone
owners are in the know so I will let the zone owners know if they ask
-- but so far, no one ever did.
--
Just me,
Wire ...
On 11/26/06, Mike Gerdts <[EMAIL PROTECTED]> wrote:
On 11/24/06, Jeff Victor <[EMAIL PROTECTED]> wrote:
> prakash wrote:
> > How to get global zone information from non-global zone,
> > any coomand or any file to get the information ?
>
> Part of the design of the security boundary around a zone is preventing an NGZ
> from getting information about its GZ.
While this may be true, some information does "leak" into the
non-global zone, primarily through network-related information.
For example, if you know the hostname or IP address of various global
zones (refer to your site's naming standard) you can use "route get".
If the MTU matches that of loopback interfaces, the non-global zone is
likely on the same machine.
$ route get gz282
route to: gz282
destination: gz282
mask: 255.255.255.255
interface: e1000g0
flags: <UP,DONE>
recvpipe sendpipe ssthresh rtt,ms rttvar,ms hopcount mtu expire
0 0 0 0 0 0 8232 0
Another way is to refer to the ARP table. This will also give you a
pretty good hint of other zones on the same machine:
non-global-zone$ arp -a | grep `uname -n`
e1000g40000 non-global-zone 255.255.255.255 SP 00:14:4f:0e:ef:ae
This command will likely display ARP entries that pertain to every
zone that shares that physical interface.
non-global-zone$ arp -a | grep 00:14:4f:0e:ef:ae
Increment or decrement the MAC by a few and you may discover zones
that are using other physical interfaces on the same machine.
> However, as the GZ administrator you can place information about the GZ into a
> file in the NGZ's file system. You can also automate this so that it happens
> periodically.
To simplify things, part of my standard zone build process creates a
file called /etc/hardwarename. I specifically don't say "gzname" or
similar because the same file is intended to be useful with domains
(refer to the frame/system controller name), LDOM's, etc.
Mike
--
Mike Gerdts
http://mgerdts.blogspot.com/
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org
