16 Nov 2005

In this article, I will go through configuring a Solaris 10 server (in this case, a Sun Ultra 10 with one hard disk, one CPU) with two zones - a web server Zone, and a database server Zone. These will appear to external systems (and to each other) to be distinct systems, with their own name servers, IP addresses, users, and so on.

I will not claim to know much about other vendors' technologies - HP have nPars and vPars, while IBM have LPARs. Feel free to enlighten me and other readers on the forum.

I will discuss the differences between this approach and Sun's previous approach of Domains, whereby each domain has its own instance of Solaris, the benefits and drawbacks of each.

Let's dive in to the technical stuff: I installed Solaris 10 onto the system in the normal way (from CDs, in this case). That gives a standard Solaris 10 system. The server is called dougal. Don't ask why. I will create Zones within that server, called webzone and dbzone.

Because there is ample room for confusion - one system, one CPU, three zones (global zone, web zone, db zone), the zones will be colour coded.

The global zone (the initially installed system, dougal), will be shown in blue text.

The web zone (webzone) will be shown in red text.

The database zone (dbzone) will be shown in green text.

I will not bother with all the configuration details, of course - this is just an example, and we all know how to set up a LAMP (Linux/Apache/MySQL/PHP) or SAMP (Solaris/Apache/MySQL/PHP) server.

This is just a demonstration of the concept, and that you can set up a LAMP style configuration on Solaris (even Solaris x86, the same platform you might traditionally choose to run a LAMP installation on) with better separation than Linux provides.

There are other considerations too, of course - the HP, IBM and Sun hardware options mentioned above being the most obvious, though VmWare and others are possible considerations.

root@dougal # mkdir -p /zones/webzone
root@dougal # zonecfg -z webzone
webzone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:webzone> create
zonecfg:webzone> set zonepath=/zones/webzone
zonecfg:webzone> set autoboot=true
zonecfg:webzone> add net
zonecfg:webzone:net> set address=192.168.1.21
zonecfg:webzone:net> set physical=hme0
zonecfg:webzone:net> end
zonecfg:webzone> add device
zonecfg:webzone:device> set match=/dev/sound/*
zonecfg:webzone:device> end
zonecfg:webzone> add attr
zonecfg:webzone:attr> set name=comment
zonecfg:webzone:attr> set type=string
zonecfg:webzone:attr> set value="This is the web server zone"
zonecfg:webzone:attr> end
zonecfg:webzone> verify
zonecfg:webzone> commit
zonecfg:webzone> exit
root@dougal # zonecfg -z webzone info
zonepath: /zones/webzone
autoboot: true
pool:
inherit-pkg-dir:
        dir: /lib
inherit-pkg-dir:
        dir: /platform
inherit-pkg-dir:
        dir: /sbin
inherit-pkg-dir:
        dir: /usr
net:
        address: 192.168.1.21
        physical: hme0
device
        match: /dev/sound/*
attr:
        name: comment
        type: string
        value: "This is the web server zone"
root@dougal # chmod og-rx /zones/webzone/
root@dougal # ls -ld /zones/webzone/
drwx------   2 root     root         512 Nov 10 23:08 /zones/webzone/
root@dougal # zoneadm -z webzone install
Preparing to install zone .
Creating list of files to copy from the global zone.
Copying <16546> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <765> packages on the zone.
Initialized <765> packages on zone.
Zone  is initialized.
Installation of these packages generated warnings: 
The file  contains a log of the zone installation.
root@dougal # zlogin -C webzone
[Connected to zone 'webzone' console]
then from another terminal:
root@dougal # zoneadm -z webzone boot
The webzone now boots, like this:
[NOTICE: Zone booting up]


SunOS Release 5.10 Version Generic_118822-18 64-bit
Copyright 1983-2005 Sun Microsystems, Inc.  All rights reserved.
Use is subject to license terms.
Hostname: webzone
Loading smf(5) service descriptions: 27/89
 ... etc ...


And go through a hybrid of the normal install and sys-unconfig stuff.

The install process involves the following questions (in the normal F2 format):
Language
Locale
Terminal
... creates ssh keys (rsa/dsa) ...
hostname
kerberos
name servers
timezone
root password
override default NFS4 domain name?

rebooting system due to change(s) in /etc/default/init


[NOTICE: Zone rebooting]


SunOS Release 5.10 Version Generic_118822-18 64-bit
Copyright 1983-2005 Sun Microsystems, Inc.  All rights reserved.
Use is subject to license terms.
Hostname: webzone

webzone console login: root
Password: Nov 10 23:49:51 webzone sendmail[4395]: My unqualified host name (webzone) unknown; sleeping for retry

Nov 10 23:49:52 webzone login: ROOT LOGIN /dev/console
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
#
# tty
/dev/console
# ifconfig -a
lo0:1: flags=2001000849 mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
hme0:1: flags=1000843 mtu 1500 index 2
        inet 192.168.1.21 netmask ffffff00 broadcast 192.168.1.255
#

Note that this is a clue that you're in a zone: In the global zone, ifconfig -a now shows:
root@dougal # ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849 mtu 8232 index 1
        zone webzone
        inet 127.0.0.1 netmask ff000000
hme0: flags=1000843 mtu 1500 index 2
        inet 192.168.1.20 netmask ffffff00 broadcast 192.168.1.255
        ether 8:0:20:cf:fd:51
hme0:1: flags=1000843 mtu 1500 index 2
        zone webzone
        inet 192.168.1.21 netmask ffffff00 broadcast 192.168.1.255
root@dougal #
You are now ready to start installing software onto the zone.

root@dougal # df -h
Filesystem             size   used  avail capacity  Mounted on
/dev/dsk/c1t0d0s0       16G   4.3G    12G    28%    /
/devices                 0K     0K     0K     0%    /devices
ctfs                     0K     0K     0K     0%    /system/contract
proc                     0K     0K     0K     0%    /proc
mnttab                   0K     0K     0K     0%    /etc/mnttab
swap                   423M   904K   422M     1%    /etc/svc/volatile
objfs                    0K     0K     0K     0%    /system/object
fd                       0K     0K     0K     0%    /dev/fd
swap                   423M   896K   422M     1%    /tmp
swap                   422M    40K   422M     1%    /var/run
root@dougal #

Notice that the webzone df -h output is remarkably similar:

webzone console # df -h
Filesystem             size   used  avail capacity  Mounted on
/                       16G   4.3G    12G    28%    /
/dev                    16G   4.3G    12G    28%    /dev
/lib                    16G   4.3G    12G    28%    /lib
/platform               16G   4.3G    12G    28%    /platform
/sbin                   16G   4.3G    12G    28%    /sbin
/usr                    16G   4.3G    12G    28%    /usr
/usr/local              16G   4.3G    12G    28%    /usr/local
proc                     0K     0K     0K     0%    /proc
ctfs                     0K     0K     0K     0%    /system/contract
swap                   422M   248K   422M     1%    /etc/svc/volatile
mnttab                   0K     0K     0K     0%    /etc/mnttab
fd                       0K     0K     0K     0%    /dev/fd
swap                   422M     0K   422M     0%    /tmp
swap                   422M    16K   422M     1%    /var/run
webzone console #

So we now have a new Zone configured. So what? There's not much we can demonstrate with this, until we install some services there. Let's install Apache onto the webzone, and see that Apache responds on the 192.168.1.21 (webzone) address, and not on any other addresses.

In the next article, we will configure Apache on the zone, in pretty much the same way as you would on a normal instance of Solaris.

Articles - Solaris Zones
Share on Twitter Share on Facebook Share on LinkedIn Share on Identi.ca Share on StumbleUpon