Skip to main content

TOTD #68: Installing Zones in Open Solaris 2008/11 on Virtual Box

Posted by arungupta on February 10, 2009 at 5:53 AM PST

The href="http://blogs.sun.com/arungupta/entry/totd_64_opensolaris_2008_11">TOTD
#64 describes how to install href="http://opensolaris.org/">Open Solaris href="http://opensolaris.org/os/downloads/">2008/11
using Virtual Box.
This Tip style="font-weight: bold;">Of style="font-weight: bold;">The style="font-weight: bold;">Day (TOTD) is going
to explain how to install non-global  href="http://www.sun.com/bigadmin/content/zones/">zones
(aka Solaris Containers) on this Open Solaris image. Containers provide
an operating-system level virtualization technology.



Thanks for the
extensive discussion at href="http://www.opensolaris.org/jive/thread.jspa?messageID=337287">zones-discuss
forums, Bill
Walker
for lots of off-line support, and last but not the
least Marcelo
Arbore
's nice blog showing how to install href="http://blogs.sun.com/arbore/entry/glassfish_zone_zfs_isolation_over">GlassFish
in an Open Solaris zone.



This blog is going to focus on installing couple of non-global
containers/zones in the Virtual Box image with all gory details. A
later blog will show how to leverage these zones to demonstrate href="http://blogs.sun.com/arungupta/entry/totd_67_how_to_front">GlassFish
High Availability.



Lets get started!



To begin with, there is one global zone always installed as shown below
(user
inputs highligted in bold):


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
arun@opensolaris:~# zoneadm
list -vi


  ID
NAME            
STATUS    
PATH                          
BRAND    IP

   0
global          
running   
/                             
native   shared



Lets install the zone. The IP address is specified in 192.168.0.XXX
range ...


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
arun@opensolaris:~# zonecfg
-z zone1


zone1: No such zone configured

Use 'create' to begin configuring a new zone.

zonecfg:zone1> create

zonecfg:zone1> set
zonepath=/export/home/zone1


zonecfg:zone1> set
autoboot=true


zonecfg:zone1> add
net


zonecfg:zone1:net> set
address=192.168.0.99/24


zonecfg:zone1:net> set
physical=e1000g0


zonecfg:zone1:net> end

zonecfg:zone1> commit

zonecfg:zone1> exit

arun@opensolaris:~# zoneadm
-z zone1 install


A ZFS file system has been created for this zone.

  Authority: Using http://pkg.opensolaris.org/release/.

      Image: Preparing at
/export/home/zone1/root ... done.

      Cache: Using
/var/pkg/download.

 Installing: (output follows)

DOWNLOAD                                   
PKGS      
FILES     XFER (MB)

Completed                                 
52/52   7862/7862   72.41/72.41



PHASE                                       
ACTIONS

Install
Phase                           
12939/12939

PHASE                                         
ITEMS

Reading Existing
Index                          
9/9

Indexing
Packages                             
52/52



       Note: Man
pages can be obtained by installing SUNWman

Postinstall: Copying SMF seed repository ... done.

Postinstall: Working around
http://defect.opensolaris.org/bz/show_bug.cgi?id=741

       Done:
Installation completed in 165.652 seconds.



 Next Steps: Boot the zone, then log into the zone console

            
(zlogin -C) to complete the configuration process

arun@opensolaris:~# zoneadm
-z zone1 boot


arun@opensolaris:~# zlogin
-C zone1


[Connected to zone 'zone1' console]

68/68

Reading ZFS config: done.

Mounting ZFS filesystems: (6/6)



Specify the type of terminal ...


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
What type of terminal are you using?

 1) ANSI Standard CRT

 2) DEC VT100

 3) PC Console

 4) Sun Command Tool

 5) Sun Workstation

 6) X Terminal Emulator (xterms)

 7) Other

Type the number of your choice and press Return: style="font-weight: bold;">1

Creating new rsa public/private host key pair

Creating new dsa public/private host key pair

Configuring network interface addresses: e1000g0.



Configure NIC ...


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
- Host Name for e1000g0:1
------------------------------------------------------

  Enter the host name which identifies this system on the
network.  The name

  must be unique within your domain; creating a duplicate host
name will cause

  problems on the network after you install Solaris.



  A host name must have at least one character; it can contain
letters,

  digits, and minus signs (-).





    Host name for e1000g0:1 style="font-weight: bold;">zone1











- Confirm Information for e1000g0:1
--------------------------------------------

  > Confirm the following information.  If it
is correct, press F2;

    to change any information, press F4.





    Host name: style="font-weight: bold;">zone1



No Kerberos ...


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
- Configure Security Policy:
---------------------------------------------------

  Specify Yes if the system will use the Kerberos security
mechanism.



  Specify No if this system will use standard UNIX security.



      Configure Kerberos
Security

     
---------------------------

      [ ] Yes

      [X] No





- Confirm Information
----------------------------------------------------------

  > Confirm the following information.  If it
is correct, press F2;

    to change any information, press F4.





    Configure Kerberos Security: No



Specify the name service, domain, and domain resolver ...


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
- Name Service
-----------------------------------------------------------------

  On this screen you must provide name service
information.  Select the name

  service that will be used by this system, or None if your
system will either

  not use a name service at all, or if it will use a name
service not listed

  here.



  > To make a selection, use the arrow keys to
highlight the option

    and press Return to mark it [X].





      Name service

      ------------

      [ ] NIS+

      [ ] NIS

      [ style="font-weight: bold;">X] DNS

      [ ] LDAP

      [ ] None





- Domain Name
------------------------------------------------------------------

  On this screen you must specify the domain where this system
resides.  Make

  sure you enter the name correctly including capitalization
and punctuation.





    Domain name: style="font-weight: bold;">sfbay.sun.com









- DNS Server Addresses
---------------------------------------------------------

  On this screen you must enter the IP address of your DNS
server(s).  You

  must enter at least one address.  IP addresses must
contain four sets of

  numbers separated by periods (for example 129.200.9.1).







    Server's IP address: style="font-weight: bold;">10.0.2.3

    Server's IP address:

    Server's IP address:



The value of IP address for your DNS server is copied from
"/etc/resolv.conf" in the global zone. Specify DNS search list and
confirm the information ...


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
- DNS Search List
--------------------------------------------------------------

  On this screen you can enter a list of domains that will be
searched when a

  DNS query is made.  If you do not enter any
domains, DNS will only search

  the DNS domain chosen for this system.  The domains
entered, when

  concatenated, may not be longer than 250 characters.







    Search domain:

    Search domain:

    Search domain:

    Search domain:

    Search domain:

    Search domain:







- Confirm Information
----------------------------------------------------------

  > Confirm the following information.  If it
is correct, press F2;

    to change any information, press F4.





         
Name service: DNS

          
Domain name: sfbay.sun.com

    Server address(es): 10.0.2.3



No need to create an address entry for the zone ...


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
- Name Service Error
-----------------------------------------------------------

  Unable to find an address entry for zone1 with the specified
DNS

  configuration.





      Enter new name
service information?

     
-----------------------------------

      [ ] Yes

      [ style="font-weight: bold;">X] No



Specify and confirm NFSv4 domain name ...


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
- NFSv4 Domain Name
------------------------------------------------------------

  NFS version 4 uses a domain name that is automatically
derived from the

  system's naming services. The derived domain name is
sufficient for most

  configurations. In a few cases, mounts that cross domain
boundaries might

  cause files to appear to be owned by "nobody" due to the
lack of a common

  domain name.



  The current NFSv4 default domain is: "sfbay.sun.com"





      NFSv4 Domain
Configuration

     
----------------------------------------------

      [X] Use the NFSv4
domain derived by the system

      [ ] Specify a
different NFSv4 domain





- Confirm Information for NFSv4 Domain
-----------------------------------------

  > Confirm the following information.  If it
is correct, press F2;

    to change any information, press F4.





    NFSv4 Domain Name: 
<< Value to be derived dynamically >>



Timezone ...


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
- Confirm Information
----------------------------------------------------------

  > Confirm the following information.  If it
is correct, press F2;

    to change any information, press F4.





    Time zone: Pacific Time

              
(US/Pacific)



Specify the root password and then see the comment as:


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
System identification is completed.



This comment indicates successful creation of the zone.



Login to "zone1" as:


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
zone1 console login: style="font-weight: bold;">root

Password:

Feb  8 16:12:10 zone1 login: ROOT LOGIN /dev/console

Sun Microsystems Inc.   SunOS
5.11     
snv_101b       
November 2008



Check the network configuration ...


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
root@zone1:~# ifconfig
-a


lo0:1:
flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL>

mtu 8232 index 1

       
inet 127.0.0.1 netmask ff000000

e1000g0:1:
flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS>

mtu 1500 index 2

       
inet 192.168.0.99 netmask ffffff00 broadcast 192.168.0.255

root@zone1:~#



After "zone1" is completely installed, then it can be viewed as:


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
arun@opensolaris:~$ zoneadm list -vi

  ID
NAME            
STATUS    
PATH                          
BRAND    IP

   0
global          
running   
/                             
native   shared

   1
zone1           
running   
/export/home/zone1            
ipkg     shared



And then install "zone2" using the steps described above and check it's
network configuration as:


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
root@zone2:~# ifconfig -a

lo0:2:
flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL>

mtu 8232 index 1

       
inet 127.0.0.1 netmask ff000000

e1000g0:2:
flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS>

mtu 1500 index 2

       
inet 192.168.0.98 netmask ffffff00 broadcast 192.168.0.255

root@zone2:~#



And it's shown in the list of zones as:


style="text-align: left; background-color: rgb(204, 204, 255); width: 100%;"
cellpadding="2" cellspacing="2">
arun@opensolaris:~# zoneadm list -vi

  ID
NAME            
STATUS    
PATH                          
BRAND    IP

   0
global          
running   
/                             
native   shared

   1
zone1           
running   
/export/home/zone1            
ipkg     shared

   2
zone2           
running   
/export/home/zone2            
ipkg     shared



OK, so we installed 2 non-global zones in an Open Solaris image running
as guest in Virtual Box.



Typing "~." takes you back to the global zone.



Please leave suggestions on other TOTD (Tip Of The Day) that
you'd like to see.
A complete archive of all tips is available href="http://blogs.sun.com/arungupta/tags/totd">here.



Technorati: totd
opensolaris
zones href="http://technorati.com/tag/containers">containers
solaris
virtualbox
glassfish

Related Topics >>