|
Saturday September 25, 2004
Sample zone creation script Updated create_zones.sh script
I don't really want to post the script(s) I used to actually create the zones only because it is more complex than it has to be (it leverages my Solaris 10 Container Demo scripts which do much more than create zones). However, I do not want to leave people empty-handed either. I am not saying this is the best way to do things and I will say this is only an example. Write your own. Don't copy and paste this one. On a separate note, I believe there is intent to use our flash technology to create zones, but I haven't tried it (yet). So here goes.
Step 1: Create a zone template file.
Here is a sample zone.template file:
create -b set zonepath=ZONE_PATH set autoboot=false add inherit-pkg-dir set dir=/lib end add inherit-pkg-dir set dir=/platform end add inherit-pkg-dir set dir=/sbin end add inherit-pkg-dir set dir=/opt end add inherit-pkg-dir set dir=/usr end add net set address=ZONE_IPADDRESS set physical=hme0 end
This example hard codes the interface to hme0 (replace with your own and modify the create_zones.sh script below as well). ZONE_PATH will be replaced with the real path later. ZONE_IPADDRESS will be replaced with an the real IP address later.
Step 2: Create your own sysidcfg file
If you don't do this, you will have to log in to each and every zone and input configuration information (just like after a sys-unconfig). Below is a sample template.sysidcfg file and configure yours accordingly. Put in your own root password. The one shown is a random set of characters I typed, so cracking it would be meaningless (only applies to evil-doers).
system_locale=C
terminal=vt100
network_interface=primary {
hostname=ZONE
}
timeserver=localhost
security_policy=NONE
name_service=NONE
timezone=US/Central
root_password=pXldK72Oi15yY
The ZONE string will get replaced with the real zone name shortly.
Step 3: Run a script to create zones in a loop
. Here is a sample create_zones.sh script (not tested or debugged, literally brain-dumped). Don't run this script as-is. Write your own. Period. Now that that is over, you can see the progress of the zone being created which is good. Booting a zone with the Service Management Facility in place takes quite a bit of time the first boot with no visible feedback, so be patient (you can get feedback via "zlogin -C zonename" to watch what's going on. Exit the zlogin via "~." before it starts booting services or else the console service will complain on starting (IIRC)).
#!/usr/bin/ksh
# This script will create 5 zones.
#
# Set up some global variables
#
IP_BASE=192.168.200
GLOBAL_IP=${IP_BASE}.1
GLOBAL_INTERFACE=hme0:25
ZONE_START=2
ZONE_END=6
ZONE_BASE=/export/zones
#
# Plumb a random interface, make it permanent by creating
# a /etc/hostname.hme0:25 file
#
ifconfig ${GLOBAL_INTERFACE} plumb
ifconfig ${GLOBAL_INTERFACE} ${GLOBAL_IP}
echo "globalzone" > /etc/hostname.${GLOBAL_INTERFACE}
echo "${GLOBAL_IP}\tglobalzone\n" >> /etc/hosts
#
# zonenum starts at 2. 1 is reserved for the global zone (${BASE_IP}.1)
#
zonenum=${ZONE_START}
#
while [ ${zonenum} -le ${ZONE_END} ];
do
#
# Configure the IP address and zone path.
# Zone path is hardcoded to /export/zones/zone#.
#
ZONE_NAME=zone${zonenum}
IP=${IP_BASE}.${zonenum}
ZONE_PATH=${ZONE_BASE}/${ZONE_NAME}
ZONE_ETC=${ZONE_PATH}/root/etc
cat ./template.zone | sed -e "s:ZONE_IPADDRESS:${IP}:g" | \
sed -e "s:ZONE_PATH:${ZONE_PATH}:g" \
> /tmp/${ZONE_NAME}.zone
echo "Configuring ${ZONE_NAME} ..."
zonecfg -z ${ZONE_NAME} -f /tmp/${ZONE_NAME}.zone
rm /tmp/${ZONE_NAME}.zone
echo "Installing ${ZONE_NAME} ..."
zoneadm -z ${ZONE_NAME} install
#
# Put the sysidcfg file in place before booting the zone
# This will configure the zone on boot-up
#
cat ./template.sysidcfg | sed -e "s:ZONE:${ZONE_NAME}:g" |\
sed -e "s:IPADDRESS:${IP}:g" \
> ${ZONE_ETC}/sysidcfg
#
# Create the zone's .rhosts file to allow global zone access. Simply to
# allow us to test when the zone is up and running (at least up to
# RPC services ... good enough)
#
echo "${GLOBAL_IP}" > ${ZONE_ETC}/../.rhosts
#
# Boot the zone. Patience is a virtue the first time.
#
zoneadm -z ${ZONE_NAME} boot
#
# Wait for the zone to boot
#
x=1
while [ ${x} -ne 0 ];
do
echo "Waiting for zone to boot ..."
ping ${IP} 2
x=$?
done
#
# Append the zone ip/name to the global zone hosts file
#
echo "${IP}\t${ZONE_NAME}\n" >> /etc/hosts
#
# Just in case, wait for RUP to return to make sure rpc daemon is running
# That means we are far enough along in the boot process to move on to the
# next zone. This is the step where patience really kicks in recent
# builds of Solaris 10 include the service management facility. The first
# boot is where it builds its service dependency tree
# (that's a guess, anyway).
#
outer=1
while [ ${outer} -ne 0 ];
do
echo
/usr/ucb/echo -n "Waiting for rpc daemon .."
inner=1
idx=1
while [ ${inner} -ne 0 ] && [ ${idx} -le 50 ] ;
do
sleep 1
idx=$(( idx + 1 ))
/usr/ucb/echo -n "."
rup ${ZONE_NAME} > /dev/null 2>&1
inner=$?
outer=inner
done
done
#
# Remove root password from zone. If you have problems with rsh, this is
# a quick hack. Commented out for now and of course is a major security
# risk (as is the .rhosts). You can always use a similar set of lines to
# put the root password back in place for all zones.
#
# cat ${ZONE_ETC}/shadow | sed "s/^root:[a-zA-z0-9]*:/root::/g" \
# > /tmp/shadow.tmp
# mv /tmp/shadow.tmp ${ZONE_ETC}/shadow
#
# If you want to get as many zones up as running as possible like in
# the zones demo contest, turn off all non-essential services.
# These lines are commented out for now. The set of lines below will turn
# them off. Note that in Solaris 10 build 67, some services have not
# been moved over to the Service Management Facility, and I am not
# sure they will all be moved over. If you don't have a build of Solaris
# that has the Service Management Facility integrated, the svcadm commands
# will fail.
#
# rsh ${ZONE_NAME} "svcadm -v disable /system/cron:default"
# rsh ${ZONE_NAME} "svcadm -v disable /network/smtp:sendmail"
# rsh ${ZONE_NAME} "svcadm -v disable /network/ssh:default"
# rsh ${ZONE_NAME} "svcadm -v disable svc:/network/nfs/server:default"
# rsh ${ZONE_NAME} "/system/system-log:default"
# rsh ${ZONE_NAME} "/etc/init.d/init.sma stop"
# mv ${ZONE_ETC}/rc3.d/S82initsma ${ZONE_ETC}/rc3.d/s82initsma
# rsh ${ZONE_NAME} "/etc/init.d/init.dmi stop"
# mv ${ZONE_ETC}/rc3.d/S77dmi ${ZONE_ETC}/rc3.d/s77dmi
# rsh ${ZONE_NAME} "/etc/init.d/init.wbem stop"
# mv ${ZONE_ETC}/rc2.d/S90wbem ${ZONE_ETC}/rc2.d/s90wbem
# rsh ${ZONE_NAME} "/etc/init.d/init.snmpdx stop"
# mv ${ZONE_ETC}/rc3.d/S76snmpdx ${ZONE_ETC}/rc3.d/s76snmpdx
# rsh ${ZONE_NAME} "/etc/init.d/dtlogin stop"
# mv ${ZONE_ETC}/rc2.d/S99dtlogin ${ZONE_ETC}/rc2.d/s99dtlogin
#
# Remove the zones .rhosts file now that we know zone is running
#
rm ${ZONE_ETC}/../.rhosts
#
# Not a bad idea to wait for user to press return the first time you
# run this. Hate to get into an infinite loop with a bug. If everything
# works OK the first time through, press CTRL+C to break out, add
# 1 to ZONE_START (e.g. ZONE_START=3), and comment out the next section
#
echo "Check output for errors, then press ENTER to continue"
echo "If you have bugs, press CTRL+C to break out. Debug script."
echo "To clean up, type the following, where zoneX is the zone name"
echo " # zoneadm -z zoneX halt"
echo " # zoneadm -z zoneX uninstall"
echo " # zonecfg -z zoneX delete"
echo " # # Comment: unplumb your interface"
echo " # # Comment: Remove /etc/hostname.your_interface:25"
echo " # # Comment: Remove globalzone and zoneX from /etc/hosts"
read
#
# Optionally halt the zone. As resources dwindle, installing a zone takes
# longer and longer. Halting the zone will keep zone creation running as
# quickly as possible.
zoneadm -z ${ZONE_NAME} halt
#
# Increment zone counter
#
zonenum=$(( zonenum + 1 ))
done
You'll notice in that the create_zone.sh script isn't all that thorough. It doesn't check for return values on many commands. That's left an exercise for the reader
(2004-09-25 16:45:19.0) Permalink Comments [4]
