Solaris 11 – New Features & Capabilities of Zones

Lingesh

11 years ago

Solaris 11 zones have some many differences from Solaris 10 zones.Oracle tried to make zone as completely independent virtual machines and they succeed on that.Oracle introduced many utilities and new features in Solaris 11 local zones.some of the key features are,

1. zonestat

2. beadm in zones

3. anet, the new auto-configuring zone network interface type

4. Preconfigure zones

5. Read-only zones (immutable zones)

6. zonep2vchk
7. Zone as NFS server.
8. Exclusive IP
9. Limitations to zones.
10. Zone Filesystem status

1.zonestat:

zonestat is a new utility which is available in Solaris 11 for zone resource monitoring. In Solaris 10 we don’t have such command but we have an zonestat script to do the same work.It will give you a repeating snapshot over time of relevant resources being used, where you tell it the interval between each output.This can be achieved using prstat -Z command as well,but it will in ps style.

In addition to that , the new zonestat tool has many more options, and its output is
focused purely on entire zone-level usage.The zonestat lets you know each zone’s total CPU, memory, and network bandwidth usage.You can also to run the zonestat command within a zone, but you will only see statistics for that zone.

2.beadm in zones
Liveupgrade’ “lu” commands has been replaced using “beadm” command in solaris 11 and its is supported inside a non-global zone.Now you can create a own boot environment under local zone.

3.Automatic Network Interfaces – the anet resource:

The old “net” resource has been replaced using “anet”(Automatically network Interface).

From Solaris 11 onwards. zones now,by default, have a network type of exclusive rather than shared.Solaris 11 zones make use of new VNIC and zone to have standard procedure for a zone to have its own VNIC. This VNIC is similar to vmware workstation or virtual box virtual network interface.The VNIC device usually has its own automatically generated Ethernet address and so it can be a fully functional direct member of your network.

Sample of zone’s network configuration:
anet:
linkname: net1
lower-link: auto

linkname – Device name in local zone
lower-link – global-zone level device.If you set “auto” , randomly choose which physical device to create a VNIC on top of it.

Another important thing in Solaris 11 is that allocated anet and IP address will not be show in global zone “ifconfig -a” and “ipadm show-addr”. If you want to see zone’s VNIC, use “dladm show-vnic” or “dladm show-link”.

You have option to change the zone IP address from zone itself if you didn’t set allowed-address property on the anet resource.

4. Pre-configuring zones
Sysconfig related information:In Solaris 11,we have option to configure the zone while installing itself using predefined system profile which is generated using sysconfig command.
Ex:
# zoneadm -z Arenazone install -c /var/tmp/sysconfig.xml
# zoneadm -z Arenazone clone -c /var/tmp/sysconfig.xml oldzone

The two important things here are that you must give the full path to the XML file and
that if you are cloning the existing zone, you must give the old zone name last on the command line option.

Initial zonecfg defaults:In Solaris 11, you can make predefined settings when you creating new local zone using template except the zonepath. The default zonecfg template is /etc/zones/SYSdefault.xml .

Note:Do not edit system default template.Its better to copy the template to new name and edit it .
#cp /etc/zones/SYSdefault.xml /etc/zones/Arenazonecfg.xml

To make use of your new template in zonecfg, use create -t as follows:
# zonecfg -z Sol11zone ‘create -t Arenazonecfg;set zonepath=/zones/Sol11zone’

If you want to make the Arenazone template as default template ,you need to change the zone ‘s SMF property.
Service Name: “svc:/system/zones:default”
# svccfg -s zones setprop zonecfg/default_template = Arenazonecfg

Initial package content of zones:
In Solaris 11,zone will not copy all the packages from global zone and it will not get updated when you add or remove packages on global zone.By default, the filesystems locally controlled by a zone and the package contents of a new zone are determined by file /usr/share/auto_install/manifest/zone_default.xml .This XML file will be read by zoneadm at the time that you run zoneadm install.

Here is an example of fully pre-configured zone creation.

# zonecfg -z Arenazone ‘create -t Arenazonecfg ;set zonepath=/zones/Arenazone’

# zoneadm -z Arenazone install -m /usr/share/auto_install/manifest/zone_large.xml -c /path/to/sysprofile.xml.

5.Read-only zones (immutable zones)

In Solaris 10, zones will be created by default as /usr read-only filesystem (SPARSE ROOT).

From Solaris 11 onwards, we have an immutable zone instead of sparse root zone.

Any zone can be turned into an immutable zone by using the following commands:

# zonecfg -z ZONE_NAME ‘set file-mac-profile=fixed-configuration’

Note:The read-only settings of file-mac-profile do not apply to any additional ZFS pools or other filesystems manually added onto the zone configuration in zonecfg.

6.zonep2vchk

An additional interesting tool in Solaris 11 is zonep2vchk. This tool will help you
to migrate physical server to virtual.Its default mode is to look at installed services to see if they are compatible with running in a local zone.And also you can use “zonep2vchk -s” to do an in-depth scan of ELF binaries to attempt to detect non-portable binaries.
This tool is similar to vmware P2V .

7.Zones as NFS servers:
From Solaris 11 onwards , you can use zone as NFS servers.

8.Exclusive IP:
In Solaris 11,by default zone will be configured with exclusive IP using VNIC. Now you can safely run snoop on local zone itself.We have to say big thanks to oracle network engineering team to make it possible.

9.Limitations to zones.
We have seen many advantages in Solaris 11 zones part. Here you have limitation as well.Oracle restricted to use only Solaris 10 & Solaris 11 as zones where as in Solaris 10, you can run Solaris 10,Solaris 9,Solaris 8 and some Linux versions as zones.

10.Zone File-system status:
In Solaris 11, the OS-related ZFS filesystems for a zone remain mounted and visible
for the global zone(using df command),even after the local zone has been halted. Other filesystems, such as /export/home, do not show up in df but do show up with mount -p command from global zone.

Thank you for reading this article.Please leave a comment if you have any doubt.