Solaris ZFS and Zones: Simple Example
The following is a simple example of creating a ZFS filesystem and using it to hold a newly-created Solaris Zone (Solaris Container). Zones are in Solaris 10 now. ZFS is a new filesystem in OpenSolaris that allows for large, more reliable filesystems. Tke three key advantages are:
- Simple administration
- Data integrity (64-bit checksums on data)
- Large capacity format for future growth (2**128 512-byte block files). That's 256 quadrillion zettabytes.
- Filesystems built on virtual storage "pools"
- Copy-on-write removes need for recovery (no fsck)
- Dynamic striping and multiple block sizes optimizes throughput (512 to 128K)
- Optional compression
- No modifications needed for apps
ZFS software is in packages SUNWzfsr and SUNWzfsu.
Create a ZFS Pool
First, you need a virtual device for ZFS. Normally this would be raw disk (or raw disk slice, if you prefer). However, for testing/demonstration, I'll create a regular file (this takes a few minutes):
# mkfile 5g /virtualDeviceForZFS 4m12.95s |
Now I create a "ZFS Storage Pool" for one or more ZFS filesystems:
# zpool create poolForZones /virtualDeviceForZFS # zpool list NAME SIZE USED AVAIL CAP HEALTH ALTROOT poolForZones 4.97G 32.5K 4.97G 0% ONLINE |
To create a mirrored-pool use the keyword "pool" and specify two virtual devices.
Create a ZFS Filesystem
Now, I'll create a ZFS filesystem using the ZFS pool I just created:
# zfs create poolForZones/twilightZone
# zfs set mountpoint=/twilightZone poolForZones/twilightZone
# zpool status -z
pool: poolForZones
state: ONLINE
scrub: none requested
config:
NAME STATE READ WRITE CKSUM
poolForZones ONLINE 0 0 0
/virtualDeviceForZFS ONLINE 0 0 0
# mount |grep twilightZone
/twilightZone on poolForZones/twilightZone read/write/setuid/devices/exec/atime/dev=3f50004 on Mon Nov 14 12:34:37 2005
# df -k /twilightZone
Filesystem kbytes used avail capacity Mounted on
poolForZones/twilightZone
5169408 8 5169341 1% /twilightZone
# ls -l /twilightZone
total 0 |
Note that /twilightZone is not in /etc/vfstab. Mounting is done automatically at boot time by ZFS:
# grep /twilightZone /etc/vfstab # |
If you want to allow the filesystem to be managed inside the zone, use the zfs zoned=on option when creating or modifying the filesystem.
Create a Solaris Zone
Use zonecfg to setup your zone:
# zonecfg -z twilightZone twilightZone: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:twilightZone> create zonecfg:twilightZone> set zonepath=/twilightZone zonecfg:twilightZone> set autoboot=true zonecfg:twilightZone> add net zonecfg:twilightZone:net> set address=10.140.1.25 zonecfg:twilightZone:net> set physical=ce0 zonecfg:twilightZone:net> end zonecfg:twilightZone> verify zonecfg:twilightZone> commit zonecfg:twilightZone> exit |
Install a Solaris Zone
Now install packages to your Solaris Zone:
# zoneadm -z twilightZone install /twilightZone must not be group readable. /twilightZone must not be group executable. /twilightZone must not be world readable. /twilightZone must not be world executable. could not verify zonepath /twilightZone because of the above errors. zoneadm: zone twilightZone failed to verify |
Ooops. We need to set proper permissions. The directory must not be world or group read, write, or execute:
# ls -ld /twilightZone drwxr-xr-x 2 root sys 2 Nov 14 12:34 /twilightZone # chmod go-rxw /twilightZone # ls -ld /twilightZone drwx------ 2 root sys 2 Nov 14 12:34 /twilightZone Try install with zoneadm again. This takes several minutes: # zoneadm -z twilightZone install Preparing to install zone <twilightZone>. Creating list of files to copy from the global zone. Copying <2808> files to the zone. Initializing zone product registry. Determining zone package initialization order. Preparing to initialize <946> packages on the zone. Initializing package <252> of <946>: percent complete: 26% . . . Initialized <946> packages on zone. Zone <twilightZone> is initialized. The file </twilightZone/root/var/sadm/system/logs/install_log> contains a log of the zone installation. |
Later, if you wish to halt, uninstall, or delete a zone, use these commands, respectively:
zonecfg -z twilightZone halt zonecfg -z twilightZone uninstall zonecfg -z twilightZone delete |
By default zonecfg creates a "sparse" zone--that is read-only files are shared from the "global" zone. This saves a lot of space as shown below: only 68 MB is used (as opposed to the 4GB or so for the global zone):
# df -k /twilightZone
Filesystem kbytes used avail capacity Mounted on
poolForZones/twilightZone
5169408 68508 5100754 2% /twilightZone |
If a "sparse" zone isn't desired, use "create -b" instead of "create" in zonecfg above. This prevents the new zone from "inheriting" packages from the global zone. This is called a "whole root" configuration.
The zone has been created, but it won't show up until after the initial boot:
# zoneadm list -v ID NAME STATUS PATH 0 global running / |
Boot and Configure a Solaris Zone
Lets boot the zone and login to the console with zoneadm and zlogin. The initial boot prompts for basic configuration information (language, locale, terminal, hostname, name service, time zone, and root password):
# zoneadm -z twilightZone boot # zlogin -C twilightZone [Connected to zone 'twilightZone' console] Loading smf(5) service descriptions: 1/108 . . . twilightZone2 console login: root . . . ~. |
Use "~." to disconnect from the console.
More Info
- OpenSolaris ZFS Community: FAQ, Beta docs,
- ZFS and Zones another blog on this topic by Dan Price. His example allows a Zone Admin to manage a dedicated ZFS filesystem, but not other ZFS filesystems.
- ZFS Flash Demo
- ZFS—the last word in file systems. (2004)
- Securing a Zone using the Solaris Security Toolkit
Technorati Tags: ZFS Zones Solaris OpenSolaris
Posted at 02:23PM Nov 16, 2005 by DanX in Solaris | Comments[1]
South Park portrait
In the great tradition of many Sun bloggers, here's my South Park Portrait:
|
Posted at 04:53PM Nov 14, 2005 by DanX in General | Comments[0]
War Dog walking for wireless access points
Trusty assistant servicing prototype antenna |
So, with dog leash and poop bag in one hand, and laptop running Kismet in the other, I gave it a try (hardware details below). However, as soon as I got outside, Kismet immediately found about 10. By the time I got done walking (10-15 minutes), Kismet found 60-some APs. 40 are displayed on the screen--that's all that would fit.
Security usage The main reason I did this is I was curious how many APs are in my neighborhood and how many are secured. Of the 40 or so APs, 10 (25%) were wide open, 24 (60%) were secured with WEP (which can be broken in a few minutes with downloadable software), and only 6 (15%) were secured with WPA (see column "W": "N" open, "Y" is WEP, and "O" os WPA).
Channel usage Looking at channel usage (column "Ch"), channel 6 was the most popular, the typical default, with channel 11 coming second. Channel 1 is the least popular, so that is usually the best to use. Note that if you or someone else has a 2.4GHz wireless phone, it's most likely to interfere with the upper channel,11, rather than 6 or 1. Other channels are used, such as 4, 6, 7, but those overlap with two out of channels 1, 6, and 11. Only channels 1, 6, and 11 should be used as the other's overlap (for example, channel 5 overlaps with channel 1 and 6).
Hardware Details For my wardogwalking, I used my IBM T40 Thinkpad. It has an IBM 11abg II wireless adapter and runs SuSE Linux 9.3 with Kismet (it also runs Win XP and Solaris 10). I used the built-in laptop antenna (instead of a "high-gain" antenna, which would have had better reception). I don't have a GPS, which real wardrivers use to plot where the APs are located.
Kismet output after dog walk |
Technorati Tags: security wifi
Posted at 10:34AM Nov 05, 2005 by DanX in Security |
WikiMedia, PHP, MySQL, and Apache in Solaris 10
Configuring Wikimedia using stock PHP, MySQL, and Apache packages on Solaris.[Read More]
Posted at 01:14PM Nov 04, 2005 by DanX in Solaris | Comments[2]