Jim's Blog
Friday Oct 19, 2007
ZFS Zones Clones and Snapshot
Ever needed multiple copies of the same base zone configuration? Here is my adventure in creating a sparse root template zone and its cloning. (The same can be applied to full root zones by adding the option -b to the zonecfg create - "create -b") In this example, I'm using Solaris 10 08/07. In the latest Nevada builds, zoneadm is zfs aware and some of the noted steps below aren't needed.
First, create a zfs filesystem for the zones to live in. On my laptop, I created a 8G file /export/zpool with the command mkfile. This isn't best practice for production, but on a laptop and playing around....
# mkfile 8G /export/zpool.
Then proceed to make a zpool called "z".
# zpool create z /export/zpool
# zpool list
| NAME | SIZE | USED | AVAIL | CAP | HEALTH | ALTROOT |
| z | 7.94G | 2.52G | 5.41G | 31% | ONLINE | - |
Next I create my first zfs filesystem /z/share. The use is explained in the next section....
# zfs create z/share
Second, I create a file called sparsetemplate that looks like this...
# cat sparsetemplate
create
set zonepath=/z/sparsetemplate
set autoboot=false
add net
set address=192.168.123.80
set physical=e1000g0
end
add fs
set dir=/share
set special=/z/share
set type=lofs
add options [ro,nodevices]
end
The added filesystem noted by "add fs" is a filesystem that shows up in the zone as /share that is mounted from the global zone /z/share. I place software and files that I shared between my zones here. That way, I don't copy files into each zone. I mount it read only so I maintain control of its contents globally, so if I give a zone over to a developer, they can't muck with it :)
Now, in Solaris 10 08/07 I need to create the zfs filesystem. In the latest Nevada builds, zoneadm does the next 2 steps for you!!! Hopefully, that feature will find its way to the next build of Solaris 10.
# zfs create z/sparsetemplate
# chmod 700 /z/sparsetemplate
# zonecfg -z sparsetemplate -f sparsetemplate
# zoneadm -z sparsetemplate install
# zoneadm -z sparsetemplate boot
# zlogin -C sparsetemplate
From here, you will need to select the appropriate options for your environment. Can we use jumpstart at this point? Or JET? That would be nice. Something to investigate or maybe you can leave a comment.
Once this complete, I will login to sparsetemplate (zlogin sparsetemplate) and make changes in the way I like a clean system to look. That is, I allow root to ssh in. Also, change root's shell to bash and disable sendmail. This way, when I clone sparsetemplate, the newly create zone will already have these items altered.
Third, once I complete altering my sparsetemplate zone with all the changes, I will halt the zone and then take a zfs snapshot of its zfs filesystem.
# zfs snapshot z/sparsetemplate@cstate (cstate meaning clean state)
# zfs list
| NAME | USED | AVAIL | REFER | MOUNTPOINT |
| z | 2.52G | 5.29G | 29.5K | /z |
| z/share | 24.5K | 5.29G | 24.5K | /z/share |
| z/sparsetemplate | 76.4M | 5.29G | 76.0M | /z/sparsetemplate |
| z/sparsetemplate@cstate | 414K | - | 76.0M | - |
Forth, I will do the same, if need be and create a full root template. Same steps.
Fifth, Now onto creating a spare zone I will use. If you install dir 6.2 by hand (verses using JES 5.1 installer), it will install in a sparse zone. This is also true of Sun Application server 9.1. Yea! Since I do a lot with directory, I will use that as my example.
# cp sparsetemplate dir62
Update dir62 file with its zonepath /z/dir62 and its own IP.
In the latest versions of Nevada, the next steps are NOT needed!!!!
# zfs create z/dir62
# chmod 700 /z/dir62
# zonecfg -z dir62 -f dir62
# zoneadm -z dir62 clone sparsetemplate
# zoneadm -z dir62 boot
# zlogin -C dir62
Select the appropriate options for your environment. Now, dir62 zone will have the root shell as bash, ssh turned on for root and sendmail not running. Plus, creating dir62 is measured in seconds!
Fifth, Create a zfs snapshot of the dir62.
# zfs snapshot z/dir62@cstate (as in clean state)
Sixth, now on with dir 6.2 install and creating a snapshot of the zfs filesystem once it is installed.
# zfs snapshot z/dir62@cstate.dir62
The bonus is when I mess up dir 6.2 or just want to roll back to a clean install, I simply issue a rollback and I have a clean directory!
# zfs rollback z/dir62@cstate.dir62 (the zone is halted prior to this step)
Taking a look at my zfs listing you will notice the snap shots of dir62. You will notice that I took at snapshot of z/dir62@cstate.app91 prior to installing dir62. Application server is needed (if you don't want to use Solaris' web console) for the dscc and this was very useful once I started installing the directory bits by hand since I needed to do it a few times.
# zfs list
| NAME | USED | AVAIL | REFER | MOUNPOINT |
| z | 4.21G | 3.60G | 31.5K | /z |
| z/dir62 | 804M | 3.60G | 779M | /z/dir62 |
| z/dir62@cstate | 3.03M | - | 78.9M | - |
| z/dir62@cstate.app91 | 19.1M | - | 470M | - |
| z/dir62@cstate.app91.dir62dscc | 0 | - | 779M | - |
| z/share | 911M | 3.60G | 911M | /z/share |
| z/sparsetemplate | 79.7M | 3.60G | 76.2M | /z/sparsetemplate |
| z/sparsetemplate@cstate | 3.48M | - | 76.0M | - |
Posted at 06:59PM Oct 19, 2007 by jimblog in Software |