Learn...Discover
Step 1 to Solaris Containers - Creating Containers
Doing a demo for Solaris Zone
1. login to a terminal as root
#
2. check the current status of the zones using zoneadm command
# zoneadm list -v
ID NAME STATUS PATH BRAND IP
0 global running / native shared
In the case above, we've a clean system without any non-global zones installed.
3. create a basic zone with IP address 192.168.88.1, using Class C netmask (255.255.255.0)
zonecfg -z tz
tz: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:tz> createzonecfg:tz> set autoboot=true
zonecfg:tz> add net
zonecfg:tz:net> set address=192.168.88.1/24
zonecfg:tz:net> set physical=wpi0
zonecfg:tz:net> end
zonecfg:tz> verify
zonecfg:tz> commit
zonecfg:tz> exit
* Note that in order for autoboot to function, the zone service needs to be enabled. 'svcs' can be used to check the status.
# svcs | grep zones
online 11:33:06 svc:/system/zones:default
The result above shows that the zone service is enabled. If the result is otherwise (disabled), it can be enabled using the 'svcadm' command as below
# svcadm enable svc:/system/zones:default
4. After the 'exit' step, the tz zone is now in 'configured' state.
# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
- tz configured /zones/tz native shared
5. The next step is to install the zone. Below is a list of steps:
# zoneadm -z tz install
Preparing to install zone <tz>.
Creating list of files to copy from the global zone.
Copying <7665> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <1142> packages on the zone.
Initializing package <143> of <1142>: percent complete: 12%
6. At this state, the state of 'tz' zone is incomplete as can be shown through 'zoneadm' command
# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
- tz incomplete /zones/tz native shared
7. Wait till initialize package is done, the status will change to 'installed' as shown below
# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
- tz installed /zones/tz native shared
8. next change the status to 'ready' using (This is like powering the server without booting up)
# zoneadm -z tz ready
9. The command below will connect the 'serial cable' to console
# zlogin -C tz
[Connected to zone 'tz' console]
10. Using another terminal, issue the boot command to the zone (just like powering up the server)
# zoneadm -z tz boot
[NOTICE: Zone booting up]
SunOS Release 5.11 Version snv_75 64-bit
Copyright 1983-2007 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
Hostname: tz
Loading smf(5) service descriptions: 141/141
Reading ZFS config: done.
11. Since this is the first time that this zone is being booted up, some initial configurations needs to be performed.
------------------------START OF SCREEN SHOT-----------------------------
What type of terminal are you using?
1) ANSI Standard CRT
2) DEC VT52
3) DEC VT100
4) Heathkit 19
5) Lear Siegler ADM31
6) PC Console
7) Sun Command Tool
8) Sun Workstation
9) Televideo 910
10) Televideo 925
11) Wyse Model 50
12) X Terminal Emulator (xterms)
13) CDE Terminal Emulator (dtterm)
14) Other
Type the number of your choice and press Return:12
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair
Configuring network interface addresses: wpi0.
─ Host Name for wpi0:1 ─
Enter the host name which identifies this system on the network. The name
must be unique within your domain; creating a duplicate host name will cause
problems on the network after you install Solaris.
A host name must have at least one character; it can contain letters,
digits, and minus signs (-).
Host name for wpi0:1 tz-zone
> Press F2 to go to the next screen.
─ Confirm Information for wpi0:1 ─
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
Host name: tz-zone
─ Configure Security Policy: ─
Specify Yes if the system will use the Kerberos security mechanism.
Specify No if this system will use standard UNIX security.
Configure Kerberos Security
─────────────────
[ ] Yes
[X] No
─ Confirm Information ─
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
Configure Kerberos Security: No
─ Name Service ─
On this screen you must provide name service information. Select the name
service that will be used by this system, or None if your system will either
not use a name service at all, or if it will use a name service not listed
here.
> To make a selection, use the arrow keys to highlight the option
and press Return to mark it [X].
Name service
────────────
[X] NIS+
[ ] NIS
[ ] DNS
[ ] LDAP
[ ] None
─ Confirm Information ─
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
Name service: DNS
─ NFSv4 Domain Name ─
NFS version 4 uses a domain name that is automatically derived from the
system's naming services. The derived domain name is sufficient for most
configurations. In a few cases, mounts that cross domain boundaries might
cause files to appear to be owned by "nobody" due to the lack of a common
domain name.
The current NFSv4 default domain is: ""
NFSv4 Domain Configuration
─────────────────
[X] Use the NFSv4 domain derived by the system
[ ] Specify a different NFSv4 domain
─ Confirm Information for NFSv4 Domain ─
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
NFSv4 Domain Name: << Value to be derived dynamically >>
─ Time Zone ─
On this screen you must specify your default time zone. You can specify a
time zone in three ways: select one of the continents or oceans from the
list, select other - offset from GMT, or other - specify time zone file.
> To make a selection, use the arrow keys to highlight the option and
press Return to mark it [X].
Continents and Oceans
─────────────
- [ ] Africa
│ [ ] Americas
│ [ ] Antarctica
│ [ ] Arctic Ocean
│ [X] Asia
│ [ ] Atlantic Ocean
│ [ ] Australia
│ [ ] Europe
v [ ] Indian Ocean
─ Country or Region ─
> To make a selection, use the arrow keys to highlight the option and
press Return to mark it [X].
Countries and Regions
─────────────
^ [ ] Macao
│ [ ] Malaysia
│ [ ] Mongolia
│ [ ] Myanmar (Burma)
│ [ ] Nepal
│ [ ] Oman
│ [ ] Pakistan
│ [ ] Palestine
│ [ ] Philippines
│ [ ] Qatar
│ [ ] Russia
│ [ ] Saudi Arabia
v [X] Singapore
─ Confirm Information ─
> Confirm the following information. If it is correct, press F2;
to change any information, press F4.
Time zone: Singapore
─ Root Password ─
Please enter the root password for this system.
The root password may contain alphanumeric and special characters. For
security, the password will not be displayed on the screen as you type it.
> If you do not want a root password, leave both entries blank.
Root password: *******
Root password: *******
System identification is completed.
rebooting system due to change(s) in /etc/default/init
------------------------END OF SCREEN SHOT-----------------------------
12. After the reboot, the root prompt will appear and ready for login
tz-zone console login: root
Password:
Oct 23 13:51:57 tz-zone login: ROOT LOGIN /dev/console
Sun Microsystems Inc. SunOS 5.11 snv_75 October 2007
#
13. Close the session using 'tilde' then 'dot'
tz-zone console login: ~.
[Connection to zone 'tz' console closed]
14. Back to the global zone, use zoneadm to check the current status of the zone
# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
2 tz running /zones/tz native shared
15. use the 'ps' command with zone option to list the running services in the tz zone
# ps -efo zone,user,pid,ppid,c,stime,tty,time,comm
ZONE USER PID PPID C STIME TT TIME COMMAND
global root 0 0 0 11:32:37 ? 00:00 sched
global root 1 0 0 11:32:41 ? 00:05 /sbin/init
global root 2 0 0 11:32:41 ? 00:00 pageout
global root 3 0 0 11:32:41 ? 00:16 fsflush
global root 484 453 0 11:33:03 ? 00:00 /usr/lib/saf/ttymon
global root 7 1 0 11:32:43 ? 00:02 /lib/svc/bin/svc.startd
tz root 6292 6040 0 13:51:51 ? 00:00 /usr/lib/saf/sac
tz root 6297 6292 0 13:51:51 ? 00:00 /usr/lib/saf/ttymon
tz root 6040 1 0 13:51:47 ? 00:01 /lib/svc/bin/svc.startd
tz root 6038 6026 0 13:51:47 ? 00:00 /sbin/init
tz root 6239 1 0 13:51:51 ? 00:00 /usr/lib/autofs/automountd
..... list concatenated
16. checking on the network interface, you'll notice that an additional interface had been plumbed.
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone tz
inet 127.0.0.1 netmask ff000000
wpi0: flags=201000802<BROADCAST,MULTICAST,IPv4,CoS> mtu 1500 index 2
inet 0.0.0.0 netmask 0
ether 0:1b:77:5e:95:fb
wpi0:1: flags=201000803<UP,BROADCAST,MULTICAST,IPv4,CoS> mtu 1500 index 2
zone tz
inet 192.168.88.1 netmask ffffff00 broadcast 192.168.88.255
17. To shutdown the zone, issue the command (assuming from global zone):
# zlogin tz shutdown -y -i0 -g0
(remember the console terminal you've? Look at that and you'll see the interesting following)
# zlogin -C tz
[Connected to zone 'tz' console]
svc.startd: The system is coming down. Please wait.
svc.startd: 58 system services are now being stopped.
Oct 23 14:13:58 tz-zone syslogd: going down on signal 15
svc.startd: The system is down.
[NOTICE: Zone halted]
That's all for now!
By the way, tz is a shorthand for testzone. =P
Posted at 03:24PM Oct 23, 2007 by Eng Cheng Lim in Sun | Comments[0]