Upload
solarisjp
View
1.107
Download
5
Embed Size (px)
Citation preview
6 Solaris Zones
Kazuyuki Sato Feb 18, 2015
Corydoras sterbai
Agenda
@satokaz Oracle Solaris Zones
2
Solaris Zones
4@ Oracle Solaris Solaris Zonesh/p://www.slideshare.net/satokaz/4-20140906-solariszones
3
@satokaz
Solaris Solaris Solaris
() AQUA LIFE
4
Oracle Solaris Zones Na#ve Zones
5
Oracle Solaris Zones
() 1960
1
API ABI
Solaris API/ABI
6
Oracle Solaris Zones Solaris Zones (2003 )
(Security)
(Isolation)
(Virtualization)
(Granularity)
(Transparency)
7
Oracle Solaris Zones
chroot
jails chroot Trusted Operating System OS Hardware Logical Partitioning
2003 logical partitions for SPARC Ldoms (Oracle VM for SPARC)
8
Solaris jails OS
Oracle Solaris Zones (Solaris )
2 (global zone)
(non-global zone)
8192 ()
zone01 zone02 zone03
net0:1
zcons
/usr
(zonecfg, zoneadm, zlogin, etc)
zoneadmd zoneadmd zoneadmd
net0:2
/data /usr
net1
/data /usr
C C C C
Virt
ual
Plat
form
/data
zcons
zcons
Solaris 11.2
Oracle Solaris 11.2 VM Solaris 11.2
IPS
IPS (pkg.oracle.com)
10
Oracle Solaris 11.2 VM Oracle Solaris 11.2 VM Downloads
http://www.oracle.com/technetwork/server-storage/solaris11/downloads/vm-templates-2245495.html Oracle Solaris 11.2 VM for Oracle VM VirtualBox (1.6GB)
VirtualBox Oracle Solaris 11.2
Oracle ()
VirtualBox Oracle Solaris 11Oracle VM VirtualBox (OTN Oracle Solaris ) http://www.oracle.com/technetwork/jp/systems/hands-on-labs/s11-vbox-install-1408628-ja.html Solariss 11.1 11.2
Solaris Zones CPU/
CPU CPU
(Kernzl Zones )
12
Solaris Zones
13
Solaris Zones
Solaris Native Zones
Solaris Kernel Zones solaris-kz n Solaris 11.2
Oracle Solaris Zones Solaris Zones
14
zonecfg zones zoneadm zones (install, uninstall, boot, halt,
shutdown, attach/detach, clone, etc)
zlogin zones
zonestat zone
ready
installed
incomplete
uninstall
mark incomplete
uninstall install
boot boot ready
halt ready
halt
mark incomplete
reboot
configured
No Zone
create delete
login
Zone
running
zone
cfg
zone
adm
zl
ogin
Solaris Zones
15
# zonecfg -z testzone Use 'create' to begin configuring a new zone. zonecfg:testzone> create create: Using system default template 'SYSdefault' zonecfg:testzone> export create -b set zonepath=/system/zones/%{zonename} set autoboot=false set autoshutdown=shutdown set ip-type=exclusive add anet set linkname=net0 set lower-link=auto set configure-allowed-address=true set link-protection=mac-nospoof set mac-address=auto end zonecfg:testzone> verify zonecfg:testzone> commit zonecfg:testzone> exit
# zoneadm list -vc ID NAME STATUS PATH BRAND IP 0 global running / solaris shared
root@s11u2-sru7-4:~# zoneadm list -vc ID NAME STATUS PATH BRAND IP 0 global running / solaris shared - testzone configured /system/zones/testzone solaris excl
testzone
/etc/zones
Solaris Zones (1/2)
16
# zoneadm -z testzone install The following ZFS file system(s) have been created: rpool/VARSHARE/zones/testzone Progress being logged to /var/log/zones/zoneadm.20150218T023659Z.testzone.install Image: Preparing at /system/zones/testzone/root. Install Log: /system/volatile/install.4656/install_log AI Manifest: /tmp/manifest.xml.tRaGej SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml Zonename: testzone Installation: Starting Creating IPS image : 1/1 Installing packages from: solaris origin: http://pkg.oracle.com/solaris/support/ (MB) 281/281 53222/53222 352.3/352.3 320k/s
Solaris Zones (2/2)
17
71132/71132 0/0 1/1 Installation: Succeeded Note: Man pages can be obtained by installing pkg:/system/manual done. Done: Installation completed in 1256.021 seconds. Next Steps: Boot the zone, then log into the zone console (zlogin -C) to complete the configuration process. Log saved in non-global zone as /system/zones/testzone/root/var/log/zones/zoneadm.20150218T023659Z.testzone.install
root@s11u2-sru7-4:~# zoneadm list -vc ID NAME STATUS PATH BRAND IP 0 global running / solaris shared - testzone configured /system/zones/testzone solaris excl
root@s11u2-sru7-4:~# zoneadm list -vc ID NAME STATUS PATH BRAND IP 0 global running / solaris shared - testzone installed /system/zones/testzone solaris excl
installed
18
# zoneadm -z testzone install Progress being logged to /var/log/zones/zoneadm.20150218T022840Z.testzone.install Image: Preparing at /system/zones/testzone/root. Install Log: /system/volatile/install.3270/install_log AI Manifest: /tmp/manifest.xml.JdaOwg SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml Zonename: testzone Installation: Starting ... Creating IPS image Error occurred during execution of 'generated-transfer-3270-1' checkpoint. Failed Checkpoints: Checkpoint execution error: Error refreshing publishers, 0/1 catalogs successfully updated: Encountered the following error(s): Unable to contact any configured publishers. This is likely a network configuration problem. 1: Framework error: code: 28 reason: Operation too slow. Less than 1024 bytes/sec transfered the last 30 seconds URL: 'http://pkg.oracle.com/solaris/support' (happened 2 times) 2: Framework stall: URL: 'http://pkg.oracle.com/solaris/support' (happened 2 times) Installation: Failed. See install log at /system/volatile/install.3270/install_log ERROR: auto-install failed. #
IPS
# zoneadm z testzone uninstall
root@s11u2-sru7-4:~# zoneadm list -vc ID NAME STATUS PATH BRAND IP 0 global running / solaris shared - testzone incomplete /system/zones/testzone solaris excl
Solaris Zones zonecfg
19
# zonecfg -z testzone export create -b set brand=solaris set zonepath=/system/zones/%{zonename} set autoboot=false set autoshutdown=shutdown set ip-type=exclusive add anet set linkname=net0 set lower-link=auto set configure-allowed-address=true set link-protection=mac-nospoof set mac-address=auto end
brand solaris
zonepath /sytem/zones zonename (default)
autoboot false
autoshutdown
shutdown
ip-type exclusive
add anet : end
exclusive
(ip-type )
Solaris Zones
(global zones) /
/usr
/platform
/sbin
/lib /export /system
/dev /root
/etc
/var
ZFS dataset (ZVOL)
/opt
(whole root zones) /
/usr
/platform
/sbin
/lib
/export
/etc
/var
/opt
(local, iscsi, fc )NaJve Zones
/testzones
/zones
ZFS
Solaris Zones root@s11u2-sru7-4:/system/zones# zfs list NAME USED AVAIL REFER MOUNTPOINT rpool 18.6G 12.4G 4.65M /rpool rpool/ROOT 11.7G 12.4G 31K legacy rpool/ROOT/solaris 58.7M 12.4G 4.78G / rpool/ROOT/solaris-backup 132M 12.4G 4.78G / rpool/ROOT/solaris-backup-1 9.82M 12.4G 4.79G / rpool/ROOT/solaris-backup-1/var 3.19M 12.4G 1.87G /var rpool/ROOT/solaris/var 377K 12.4G 347M /var rpool/VARSHARE 695M 12.4G 4.80M /var/share rpool/VARSHARE/pkg 63K 12.4G 32K /var/share/pkg rpool/VARSHARE/pkg/repositories 31K 12.4G 31K /var/share/pkg/repositories rpool/VARSHARE/zones 690M 12.4G 32K /system/zones rpool/VARSHARE/zones/testzone 690M 12.4G 32K /system/zones/testzone rpool/VARSHARE/zones/testzone/rpool 690M 12.4G 31K /rpool rpool/VARSHARE/zones/testzone/rpool/ROOT 690M 12.4G 31K legacy rpool/VARSHARE/zones/testzone/rpool/ROOT/solaris 690M 12.4G 635M /system/zones/testzone/root rpool/VARSHARE/zones/testzone/rpool/ROOT/solaris/var 54.7M 12.4G 53.8M /system/zones/testzone/root/var rpool/VARSHARE/zones/testzone/rpool/VARSHARE 31K 12.4G 31K /var/share rpool/VARSHARE/zones/testzone/rpool/export 62K 12.4G 31K /export rpool/VARSHARE/zones/testzone/rpool/export/home 31K 12.4G 31K /export/home rpool/dump 1.03G 12.5G 1.00G - rpool/export 63K 12.4G 32K /export rpool/export/home 31K 12.4G 31K /export/home rpool/swap 1.03G 12.5G 1.00G -
Solaris Zones
22
# zoneadm -z testzone boot
root@s11u2-sru7-4:~# zoneadm list -vc ID NAME STATUS PATH BRAND IP 0 global running / solaris shared - testzone running /system/zones/testzone solaris excl
root@s11u2-sru7-4:~# zoneadm list -vc ID NAME STATUS PATH BRAND IP 0 global running / solaris shared - testzone configured /system/zones/testzone solaris excl
running
# zonestat 1 1 Collecting data for first interval... Interval: 1, Duration: 0:00:01 SUMMARY Cpus/Online: 2/2 PhysMem: 6339M VirtMem: 7363M ---CPU---- --PhysMem-- --VirtMem-- --PhysNet-- ZONE USED %PART USED %USED USED %USED PBYTE %PUSE [total] 0.06 3.09% 3616M 57.0% 4152M 56.3% 212 0.00% [system] 0.01 0.99% 2955M 46.6% 3226M 43.8% - - global 0.04 2.00% 578M 9.11% 847M 11.5% 212 0.00% testzone 0.00 0.09% 82.7M 1.30% 78.5M 1.06% 0 0.00%
Solaris Zones
# prstat Z PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP 2044 root 245M 123M sleep 59 0 0:01:32 0.3% java/23 2049 root 131M 18M sleep 59 0 0:00:44 0.2% gnome-power-man/4 974 root 15M 3812K sleep 59 0 0:00:24 0.1% vmtoolsd/2 12368 root 20M 5472K sleep 59 0 0:00:00 0.0% sshd/1 5 root 0K 0K sleep 99 -20 0:00:44 0.0% zpool-rpool/137 12399 root 5904K 3448K cpu1 59 0 0:00:00 0.0% prstat/1 12369 root 4756K 2620K sleep 49 0 0:00:00 0.0% bash/1 6478 root 4276K 2388K sleep 59 0 0:00:00 0.0% hald-addon-acpi/1 6474 root 7788K 5484K sleep 59 0 0:00:00 0.0% hald/5 12026 root 2940K 1736K sleep 59 0 0:00:00 0.0% in.routed/1 2077 root 61M 8192K sleep 12 19 0:00:01 0.0% updatemanagerno/1 2059 root 129M 12M sleep 59 0 0:00:01 0.0% isapython2.6/1 200 root 15M 4668K sleep 59 0 0:00:00 0.0% devfsadm/6 361 root 9544K 1396K sleep 59 0 0:00:00 0.0% dhcpagent/1 38 netcfg 4052K 2472K sleep 59 0 0:00:00 0.0% netcfgd/4 ZONEID NPROC SWAP RSS MEMORY TIME CPU ZONE 0 121 718M 580M 9.1% 0:05:33 0.7% global 1 33 77M 83M 1.3% 0:00:23 0.0% testzone Total: 154 processes, 796 lwps, load averages: 0.02, 0.16, 0.19
Solaris Zones
24
Kernel Zones: instance-00001 kzhost zsched 2 # ps -aefZ | grep -v global ZONE UID PID PPID C STIME TTY TIME CMD instance root 12406 12223 0 Aug 09 ? 278:03 /usr/lib/kzhost instance root 12223 1 0 Aug 09 ? 0:00 zsched
Native Zones: vrrpzone01 # ps -afefZ -z vrrpzone01 | grep -v global ZONE UID PID PPID C STIME TTY TIME CMD vrrpzone root 12402 1 0 Jul 31 ? 0:00 /usr/lib/inet/in.ndpd vrrpzone root 11849 1 0 Jul 31 ? 0:00 /usr/lib/rad/rad -sp vrrpzone netadm 11776 1 0 Jul 31 ? 1:41 /lib/inet/ipmgmtd vrrpzone root 11675 1 0 Jul 31 ? 8:08 /lib/svc/bin/svc.configd vrrpzone root 11779 1 0 Jul 31 ? 0:00 /usr/lib/pfexecd vrrpzone root 11873 1 0 Jul 31 ? 0:00 /usr/lib/dbus-daemon --system vrrpzone root 12477 1 0 Jul 31 ? 0:00 /usr/lib/ssh/sshd vrrpzone netcfg 11722 1 0 Jul 31 ? 3:02 /lib/inet/netcfgd vrrpzone daemon 11853 1 0 Jul 31 ? 0:06 /usr/lib/utmpd vrrpzone root 10770 1 0 Jul 31 ? 0:00 zsched vrrpzone root 12485 1 0 Jul 31 ? 0:02 /usr/sbin/syslogd
Solaris Zones (1/2)
25
# zoneadm -C testzone
Ctrl + L Automatically DHCP
Solaris Zones (2/2)
26
# zoneadm -C testzone [Connected to zone 'testzone' console]SunOS Release 5.11 Version 11.2 64-bit Copyright (c) 1983, 2014, Oracle and/or its affiliates. All rights reserved. Hostname: testzone testzone console login: login
Solaris Zones
IP (shared IP) Oracle Solaris 10 10/08
IP (exclusive IP) Solaris 11
GLDv3NIC Solaris 11 NIC
net1
net0
:1
net0
:0
IP IP
IP IP
Solaris Zones root@s11u2-sru7-4:~# dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE net0 Ethernet up 1000 full e1000g0 net1 Ethernet up 1000 full e1000g1 root@s11u2-sru7-4:~# dladm show-link LINK CLASS MTU STATE OVER net0 phys 1500 up -- net1 phys 1500 up -- testzone/net0 vnic 1500 up net0 testzone root@s11u2-sru7-4:~# zlogin testzone ipadm NAME CLASS/TYPE STATE UNDER ADDR lo0 loopback ok -- -- lo0/v4 static ok -- 127.0.0.1/8 lo0/v6 static ok -- ::1/128 net0 ip ok -- -- net0/v4 static ok -- 172.16.166.140/24 net0/v6 addrconf ok -- fe80::8:20ff:feec:3562/10
net0 (e1000g0)
vnic0vnic1
vnic2vnic3
vnic4vnic5
vnic6vnic7
) NIC NIC
28 zonecfg anet NIC
DHCP
Solaris Zones Solaris Zones
29
# zonecfg -z testzone create;verify;commit;exit # zoneadm z testzone install # zoneadm z testzone boot; zlogin e \# C testzone
zlogin e
net0
testzone01Solaris 11.2
NIC
global zone
Solaris 11.2
OS
Solaris Zones
syscong Solaris # syscong create-prole o /usr/tmp/sc_prole.xml
# syscong congure -c /usr/tmp/sc.xml OS
# zoneadm -z testzone install -c /usr/tmp/sc.xml -d /userpool/zones/zone01/root/ -u Automated Installer
Solaris Zones
Solaris Zones Oracle Solaris 11
pkg(1) Image Packaging System (IPS)
SlideShare http://www.slideshare.net/SolarisJP/
32
Solaris Native Zones 1
zoneadm Kernel Zones
Type2 HyperVisor Solaris Zones
CPU, ZOSS (Zones on Shared Storage)
iSCSI, FC Zones //
33
Solaris Native Zones 2
Oracle Solaris Cluster Zones Cluster EVS (Elastic Virtual Switch)
Solaris Zones
Solaris Zones
34
VMware Kernel Zones VMware Cmpatibility Guide: OS Release Name: Solaris 11.2 KB Articles
2040498 VMware KB: Mouse does not function on a Solaris 11 virtual machine (2040498)
VirtualBox Kernel Zones Solaris
35
Solaris Zones: Operating System Support for Consolidating Commercial Workloads Daniel Price and Andrew Tucker Sun Microsystems, Inc. https://www.usenix.org/legacy/event/lisa04/tech/full_papers/price/price.pdf
Oracle Solaris 11.2 Information Library () http://docs.oracle.com/cd/E36784_01/index.html
Oracle Solaris 11.2 http://docs.oracle.com/cd/E56342_01/index.html
36
Oracle Solaris http://www.oracle.com/technetwork/jp/systems/hands-on-labs/solaris-labs-1904205-ja.html
4@ Oracle Solaris Solaris Zonesh/p://www.slideshare.net/satokaz/4-20140906-solariszones
37