Learn...Discover

Step 1 to Solaris Containers - Creating Containers

Doing a demo for Solaris Zone

1. login to a terminal as root

#

2. check the current status of the zones using zoneadm command

# zoneadm list -v

ID NAME STATUS PATH BRAND IP

0 global running / native shared

In the case above, we've a clean system without any non-global zones installed.

3. create a basic zone with IP address 192.168.88.1, using Class C netmask (255.255.255.0)

zonecfg -z tz

tz: No such zone configured

Use 'create' to begin configuring a new zone.

zonecfg:tz> createzonecfg:tz> set autoboot=true

zonecfg:tz> add net

zonecfg:tz:net> set address=192.168.88.1/24

zonecfg:tz:net> set physical=wpi0

zonecfg:tz:net> end

zonecfg:tz> verify

zonecfg:tz> commit

zonecfg:tz> exit

* Note that in order for autoboot to function, the zone service needs to be enabled. 'svcs' can be used to check the status.

# svcs | grep zones

online 11:33:06 svc:/system/zones:default

The result above shows that the zone service is enabled. If the result is otherwise (disabled), it can be enabled using the 'svcadm' command as below

# svcadm enable svc:/system/zones:default

4. After the 'exit' step, the tz zone is now in 'configured' state.

# zoneadm list -cv

ID NAME STATUS PATH BRAND IP

0 global running / native shared

- tz configured /zones/tz native shared

5. The next step is to install the zone. Below is a list of steps:

# zoneadm -z tz install

Preparing to install zone <tz>.

Creating list of files to copy from the global zone.

Copying <7665> files to the zone.

Initializing zone product registry.

Determining zone package initialization order.

Preparing to initialize <1142> packages on the zone.

Initializing package <143> of <1142>: percent complete: 12%

6. At this state, the state of 'tz' zone is incomplete as can be shown through 'zoneadm' command

# zoneadm list -cv

ID NAME STATUS PATH BRAND IP

0 global running / native shared

- tz incomplete /zones/tz native shared

7. Wait till initialize package is done, the status will change to 'installed' as shown below

# zoneadm list -cv

ID NAME STATUS PATH BRAND IP

0 global running / native shared

- tz installed /zones/tz native shared

8. next change the status to 'ready' using (This is like powering the server without booting up)

# zoneadm -z tz ready

9. The command below will connect the 'serial cable' to console

# zlogin -C tz

[Connected to zone 'tz' console]

10. Using another terminal, issue the boot command to the zone (just like powering up the server)

# zoneadm -z tz boot

[NOTICE: Zone booting up]

SunOS Release 5.11 Version snv_75 64-bit

Copyright 1983-2007 Sun Microsystems, Inc. All rights reserved.

Use is subject to license terms.

Hostname: tz

Loading smf(5) service descriptions: 141/141

Reading ZFS config: done.

11. Since this is the first time that this zone is being booted up, some initial configurations needs to be performed.

------------------------START OF SCREEN SHOT-----------------------------

What type of terminal are you using?

1) ANSI Standard CRT

2) DEC VT52

3) DEC VT100

4) Heathkit 19

5) Lear Siegler ADM31

6) PC Console

7) Sun Command Tool

8) Sun Workstation

9) Televideo 910

10) Televideo 925

11) Wyse Model 50

12) X Terminal Emulator (xterms)

13) CDE Terminal Emulator (dtterm)

14) Other

Type the number of your choice and press Return:12

Creating new rsa public/private host key pair

Creating new dsa public/private host key pair

Configuring network interface addresses: wpi0.

─ Host Name for wpi0:1 ─

Enter the host name which identifies this system on the network. The name

must be unique within your domain; creating a duplicate host name will cause

problems on the network after you install Solaris.

A host name must have at least one character; it can contain letters,

digits, and minus signs (-).

Host name for wpi0:1 tz-zone

> Press F2 to go to the next screen.

─ Confirm Information for wpi0:1 ─

> Confirm the following information. If it is correct, press F2;

to change any information, press F4.

Host name: tz-zone

─ Configure Security Policy: ─

Specify Yes if the system will use the Kerberos security mechanism.

Specify No if this system will use standard UNIX security.

Configure Kerberos Security

─────────────────

[ ] Yes

[X] No

─ Confirm Information ─

> Confirm the following information. If it is correct, press F2;

to change any information, press F4.

Configure Kerberos Security: No

─ Name Service ─

On this screen you must provide name service information. Select the name

service that will be used by this system, or None if your system will either

not use a name service at all, or if it will use a name service not listed

here.

> To make a selection, use the arrow keys to highlight the option

and press Return to mark it [X].

Name service

────────────

[X] NIS+

[ ] NIS

[ ] DNS

[ ] LDAP

[ ] None

─ Confirm Information ─

> Confirm the following information. If it is correct, press F2;

to change any information, press F4.

Name service: DNS

─ NFSv4 Domain Name ─

NFS version 4 uses a domain name that is automatically derived from the

system's naming services. The derived domain name is sufficient for most

configurations. In a few cases, mounts that cross domain boundaries might

cause files to appear to be owned by "nobody" due to the lack of a common

domain name.

The current NFSv4 default domain is: ""

NFSv4 Domain Configuration

─────────────────

[X] Use the NFSv4 domain derived by the system

[ ] Specify a different NFSv4 domain

─ Confirm Information for NFSv4 Domain ─

> Confirm the following information. If it is correct, press F2;

to change any information, press F4.

NFSv4 Domain Name: << Value to be derived dynamically >>

─ Time Zone ─

On this screen you must specify your default time zone. You can specify a

time zone in three ways: select one of the continents or oceans from the

list, select other - offset from GMT, or other - specify time zone file.

> To make a selection, use the arrow keys to highlight the option and

press Return to mark it [X].

Continents and Oceans

─────────────

- [ ] Africa

│ [ ] Americas

│ [ ] Antarctica

│ [ ] Arctic Ocean

│ [X] Asia

│ [ ] Atlantic Ocean

│ [ ] Australia

│ [ ] Europe

v [ ] Indian Ocean

─ Country or Region ─

> To make a selection, use the arrow keys to highlight the option and

press Return to mark it [X].

Countries and Regions

─────────────

^ [ ] Macao

│ [ ] Malaysia

│ [ ] Mongolia

│ [ ] Myanmar (Burma)

│ [ ] Nepal

│ [ ] Oman

│ [ ] Pakistan

│ [ ] Palestine

│ [ ] Philippines

│ [ ] Qatar

│ [ ] Russia

│ [ ] Saudi Arabia

v [X] Singapore

─ Confirm Information ─

> Confirm the following information. If it is correct, press F2;

to change any information, press F4.

Time zone: Singapore

─ Root Password ─

Please enter the root password for this system.

The root password may contain alphanumeric and special characters. For

security, the password will not be displayed on the screen as you type it.

> If you do not want a root password, leave both entries blank.

Root password: *******

Root password: *******

System identification is completed.

rebooting system due to change(s) in /etc/default/init

------------------------END OF SCREEN SHOT-----------------------------

12. After the reboot, the root prompt will appear and ready for login

tz-zone console login: root

Password:

Oct 23 13:51:57 tz-zone login: ROOT LOGIN /dev/console

Sun Microsystems Inc. SunOS 5.11 snv_75 October 2007

#

13. Close the session using 'tilde' then 'dot'

tz-zone console login: ~.

[Connection to zone 'tz' console closed]

14. Back to the global zone, use zoneadm to check the current status of the zone

# zoneadm list -cv

ID NAME STATUS PATH BRAND IP

0 global running / native shared

2 tz running /zones/tz native shared

15. use the 'ps' command with zone option to list the running services in the tz zone

# ps -efo zone,user,pid,ppid,c,stime,tty,time,comm

ZONE USER PID PPID C STIME TT TIME COMMAND

global root 0 0 0 11:32:37 ? 00:00 sched

global root 1 0 0 11:32:41 ? 00:05 /sbin/init

global root 2 0 0 11:32:41 ? 00:00 pageout

global root 3 0 0 11:32:41 ? 00:16 fsflush

global root 484 453 0 11:33:03 ? 00:00 /usr/lib/saf/ttymon

global root 7 1 0 11:32:43 ? 00:02 /lib/svc/bin/svc.startd

tz root 6292 6040 0 13:51:51 ? 00:00 /usr/lib/saf/sac

tz root 6297 6292 0 13:51:51 ? 00:00 /usr/lib/saf/ttymon

tz root 6040 1 0 13:51:47 ? 00:01 /lib/svc/bin/svc.startd

tz root 6038 6026 0 13:51:47 ? 00:00 /sbin/init

tz root 6239 1 0 13:51:51 ? 00:00 /usr/lib/autofs/automountd

..... list concatenated

16. checking on the network interface, you'll notice that an additional interface had been plumbed.

# ifconfig -a

lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1

inet 127.0.0.1 netmask ff000000

lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1

zone tz

inet 127.0.0.1 netmask ff000000

wpi0: flags=201000802<BROADCAST,MULTICAST,IPv4,CoS> mtu 1500 index 2

inet 0.0.0.0 netmask 0

ether 0:1b:77:5e:95:fb

wpi0:1: flags=201000803<UP,BROADCAST,MULTICAST,IPv4,CoS> mtu 1500 index 2

zone tz

inet 192.168.88.1 netmask ffffff00 broadcast 192.168.88.255

17. To shutdown the zone, issue the command (assuming from global zone):

# zlogin tz shutdown -y -i0 -g0

(remember the console terminal you've? Look at that and you'll see the interesting following)

# zlogin -C tz

[Connected to zone 'tz' console]

svc.startd: The system is coming down. Please wait.

svc.startd: 58 system services are now being stopped.

Oct 23 14:13:58 tz-zone syslogd: going down on signal 15

svc.startd: The system is down.

[NOTICE: Zone halted]

That's all for now!

By the way, tz is a shorthand for testzone. =P

Posted at 03:24PM Oct 23, 2007 by Eng Cheng Lim in Sun  |  Comments[8]