Tag Archives: solaris

An Introduction to Solaris 11 Zones

Solaris Zones (or Containers) were first introduced in Solaris 10. I wrote about them a while back in How to Get Started with Solaris Containers, but a lot has changed in Solaris 11. Solaris Zones provide an easy way to either provide a sparse chroot-like environment so that applications can run in an environment that will not be detrimental to global system resources, or a full branded environment (running a Solaris 10 branded zone, for example). Delegated administration can be configured so that a zone can be managed by someone other than the global sysadmin. Zones provide an excellent way to split a system into several logical units, each with their own filesystem resources, system resources and management. Most of what I wrote about previously is still very pertinent, but Solaris 11 has built upon zone technology, placing it at its very core.

In Solaris 10, the default IP type for zones was shared, which meant that the zone shared the IP stack with the global zone. Within a zone on Solaris 10, an administrator was unable to configure network settings, unless exclusive IP was used, in which case the zone would be bound to a physical NIC in the global zone, and that NIC would only be available for exclusive use by that zone. With Solaris 11, and virtual networking, all zones can be created with an exclusive IP type. A Virtual NIC (VNIC) is created for each zone, over some physical NIC on the global zone. This network virtualisation allows each zone to maintain its own TCP/IP stack, and the zone administrator can change the zone’s network configuration from within the zone itself. A new anet interface type has been introduced within zonecfg to handle this.

Solaris 11 zones are now provisioned using the new Image Packaging System (IPS) and in a default configuration, packages will be installed from the repository configured (http://pkg.oracle.com, for example) in the global zone. It would make sense to have a local repository if you were rolling out large numbers of systems or zones, but for our testing purposes, downloading a couple of hundred megabytes of packages is no big issue.

This article will walk through the creation of a simple Solaris 11 zone, and introduce a method of installing zones without operator intervention using System Profiles.

Continue reading

ZFS Part 5: ZFS Clones and Sending/Receiving ZFS Data

A ZFS Clone is a read-write clone of a filesystem created from a snapshot. It still refers to the snapshot it has been created from, but allows us to make changes. We cannot remove the origin snapshot whilst the clone is in use, unless we promote it. These concepts will become clear during the examples.

Continue reading

ZFS Part 4: ZFS Snapshots

Snapshots are another piece of awesome functionality built right into ZFS. Essentially, snapshots are a read-only picture of a filesystem at a particular point-in-time. You can use these snapshots to perform incremental backups of filesystems (sending them to remote systems, too), create filesystem clones, create pre-upgrade backups prior to working with new software on a filesystem, and so on.

The snapshot will, initially, only refer to the files on the parent ZFS dataset from which they were created and not consume any space. They will only start to consume space once the data on the original dataset is changed. The snapshot will refer to these blocks and will not free them, thus the snapshot will start consuming space within the pool. The files on the snapshot can be accessed and read via standard UNIX tools (once you know where to look).

Continue reading

ZFS Part 3: Compression & Encryption

Also available to us is ZFS compression. Let’s create a test pool for testing. We’ll turn a few options on and off so you see the syntax:

Continue reading

ZFS Part 1: Introduction

ZFS is simply awesome. It simplifies storage management, performs well, is fault-tolerant and scalable and generally is just amazing. I will use this article to demonstrate some of its interesting features. Note that we are only scraping the tip of the ZFS iceberg here; read the official documentation for much more detail. The terms dataset and filesystem are used interchangeably throughout as with ZFS they are essentially the same thing.

Continue reading

How to Upgrade from Solaris 10 to Solaris 11: Network Preparation

The aim of this series is to show the experienced Solaris system administrator how to transition from Solaris 10 to Solaris 11 immediately after initial installation of the operating system, as well as offering tips, tricks and insights into Solaris 11, which differs significantly from Solaris 10.

This article will cover the commands that will enable both servers to be networked and able to reach the internet.

Continue reading

How to Update a File on All Zones at the Same Time

I recently modified /etc/resolv.conf on all of my global zones after building new nameservers. I wanted a quick way to copy this updated configuration to all child zones. A simple one-liner does the trick on each global zone (assuming all your zones are in the /var/zones zonepath):


 

How to Disable Name Resolution with Snoop

Whilst analysing some issues with multicast on a pair of Solaris boxes, I wanted to filter out some unwanted multicast addresses when viewing my snoop traces.

However, by default, snoop will resolve IPs, and ALL multicast IPs in the 228.x.x.x range (which I’m using) resolve to “reserved-multicast-range-not-delegated.example.com”.

So … how to “play back” the snoop output without name resolution? Just use the -r option. I also added -ta to get readable timestamps.

I could then pipe this through grep -v and see only the information I cared about.

How To Configure Solaris 10 BIND Chroot

Disclaimer: This post was originally posted in 2008 as an article on the now-defunct website zazzybob.com. While the software version and actual commands used may vary, the concepts are still similar and give a general idea of how to approach a given problem.

The default BIND installation in Solaris 10 does not run in a chroot environment, which is an obvious security risk. Starting BIND to run in a chroot environment is a no-brainer, but getting it to managed by SMF in Solaris 10 requires a bit more work …

Continue reading