In Oracle Solaris 11.2,we have new type of zone called kernel zone. This zone is almost similar to SPARC VM (LDOM) guests which can run on its own patch level and completely isolated from global zone. These kernel branded zones are support on both SPARC & X86 hardwares. But processors should support virtulization technology(VT) .In X86 hardwares, you have to enable this option in system BIOS,if your hardware is upported for VT.Let’s see how we can configure and install kernel zones on Solaris 11.2 .
1. Login to Solaris 11.2 global zone and check whether the system is supporting kernel zones or not.
UA_GLOBAL# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared UA_GLOBAL#uname -a SunOS SAN 5.11 11.2 i86pc i386 i86pc UA_GLOBAL#virtinfo NAME CLASS vmware current non-global-zone supported kernel-zone supported
As per the above command output,this hardware will support kernel-zone.
2.System should have atleast 8GB physical memory and 2 virtual processor(2 cores) & 16GB free space for virtual disk.
UA_GLOBAL#prtconf -v |head -4 System Configuration: Oracle Corporation i86pc Memory size: 8780 Megabytes System Peripherals (Software Nodes): UA_GLOBAL#psrinfo |wc -l 2 UA_GLOBAL#
3.Create a new kernel zone and check the zones configuration.
UA_GLOBAL#zonecfg -z UAKLZ1 create -t SYSsolaris-kz
UA_GLOBAL#zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / solaris shared
- UAKLZ1 configured - solaris-kz excl
UA_GLOBAL#zonecfg -z UAKLZ1 info
zonename: UAKLZ1
brand: solaris-kz
autoboot: false
autoshutdown: shutdown
bootargs:
pool:
scheduling-class:
hostid: 0x28c3c78d
tenant:
anet:
lower-link: auto
allowed-address not specified
configure-allowed-address: true
defrouter not specified
allowed-dhcp-cids not specified
link-protection: mac-nospoof
mac-address: auto
mac-prefix not specified
mac-slot not specified
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specified
rxfanout not specified
vsi-typeid not specified
vsi-vers not specified
vsi-mgrid not specified
etsbw-lcl not specified
cos not specified
evs not specified
vport not specified
id: 0
device:
match not specified
storage: dev:/dev/zvol/dsk/rpool/VARSHARE/zones/UAKLZ1/disk0
id: 0
bootpri: 0
capped-memory:
physical: 2G
UA_GLOBAL#
4.Here is the available zpool on my system. As per previous command output,kernel zone is going to create virtual disk under rpool.
UA_GLOBAL#zpool list NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT cloudS 23.8G 0G 23.8G 0% 1.00x ONLINE - rpool 15.6G 11.6G 4.06G 74% 1.00x ONLINE - UA_GLOBAL#
In rpool, we do not have 16GB free space. So let me modify the zone’s configuration to point cloudS zpool.
5.Invoke zonecfg command to modify the virtual disk.
UA_GLOBAL#zonecfg -z UAKLZ1
zonecfg:UAKLZ1> select device id=0
zonecfg:UAKLZ1:device> info
device:
match not specified
storage.template: dev:/dev/zvol/dsk/%{global-rootzpool}/VARSHARE/zones/%{zonename}/disk%{id}
storage: dev:/dev/zvol/dsk/rpool/VARSHARE/zones/UAKLZ1/disk0
id: 0
bootpri: 0
zonecfg:UAKLZ1:device> set storage=dev:/dev/zvol/dsk/cloudS/zones/UAKLZ1/disk0
zonecfg:UAKLZ1:device> info
device:
match not specified
storage: dev:/dev/zvol/dsk/cloudS/zones/UAKLZ1/disk0
id: 0
bootpri: 0
zonecfg:UAKLZ1:device> end
zonecfg:UAKLZ1> commit
zonecfg:UAKLZ1> exit
UA_GLOBAL#
6.You need IPS repository to install the kernel zone. If you do not have a local repository, just set to oracle IPS repo.
UA_GLOBAL# pkg publisher PUBLISHER TYPE STATUS P LOCATION solaris origin online F http://pkg.oracle.com/solaris/release/ UA_GLOBAL#
You can set the above repository using ,
UA_GLOBAL#pkg set-publisher -O http://pkg.oracle.com/solaris/release solaris
7.Install the kernel zone using below command.
UA_GLOBAL#zoneadm -z UAKLZ1 install
Progress being logged to /var/log/zones/zoneadm.20140806T194800Z.UAKLZ1.install
pkg cache: Using /var/pkg/publisher.
Install Log: /system/volatile/install.8393/install_log
AI Manifest: /tmp/zoneadm7814.pza40p/devel-ai-manifest.xml
SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
Installation: Starting ...
Creating IPS image
Installing packages from:
solaris
origin: http://pkg.oracle.com/solaris/release/
The following licenses have been accepted and not displayed.
Please review the licenses for the following packages post-install:
consolidation/osnet/osnet-incorporation
Package licenses may be viewed using the command:
pkg info --license <pkg_fmri>
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 483/483 64276/64276 543.7/543.7 126k/s
PHASE ITEMS
Installing new actions 87530/87530
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Installation: Succeeded
Done: Installation completed in 1355.389 seconds.
UA_GLOBAL#zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / solaris shared
- UAKLZ1 installed - solaris-kz excl
UA_GLOBAL#
8.There may be chance that zone may failed to boot due to insufficient resources.
UA_GLOBAL#zoneadm -z UAKLZ1 boot zone 'UAKLZ1': error: boot failed zone 'UAKLZ1': error: Failed to create VM: Not enough space zone 'UAKLZ1': error: allocation of guest RAM failed zoneadm: zone UAKLZ1: call to zoneadmd(1M) failed: zoneadmd(1M) returned an error 1 (unspecified error) UA_GLOBAL#
In this case, i just added one more CPU core and booted it.
9.Boot the kernel zone and login to zone’s console for initial setup .
root@UA-GLOBAL:~# zoneadm -z UAKLZ1 boot root@UA-GLOBAL:~# zlogin -C UAKLZ1 [Connected to zone 'UAKLZ1' console] SC profile successfully generated as: /etc/svc/profile/sysconfig/sysconfig-20140806-203628/sc_profile.xml Exiting System Configuration Tool. Log is available at: /system/volatile/sysconfig/sysconfig.log.300 Hostname: UAKLZ1 UAKLZ1 console login: root Password: Aug 7 02:15:40 UAKLZ1 login: ROOT LOGIN /dev/console Oracle Corporation SunOS 5.11 11.2 June 2014 root@UAKLZ1:~#
10.Here is the interesting output of kernel zones.
root@UAKLZ1:~# zonename global root@UAKLZ1:~# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared root@UAKLZ1:~# virtinfo NAME CLASS kernel-zone current non-global-zone supported root@UAKLZ1:~#
Kernel zone will be showing as global if you type “zonename”and you can install non-global zone under the kernel zones.
11. You can login to the using zlogin from global without providing the username /password like other non-global zones.
root@SAN:~# zlogin UAKLZ1
[Connected to zone 'UAKLZ1' pts/2]
Oracle Corporation SunOS 5.11 11.2 June 2014
root@UAKLZ1:~# df -h
Filesystem Size Used Available Capacity Mounted on
rpool/ROOT/solaris 15G 2.1G 11G 16% /
/devices 0K 0K 0K 0% /devices
/dev 0K 0K 0K 0% /dev
ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 1.7G 1.5M 1.7G 1% /system/volatile
objfs 0K 0K 0K 0% /system/object
sharefs 0K 0K 0K 0% /etc/dfs/sharetab
/dev/kz/sdir/shared@0
6.9G 1.7M 6.9G 1% /system/shared
/usr/lib/libc/libc_hwcap1.so.1
13G 2.1G 11G 16% /lib/libc.so.1
fd 0K 0K 0K 0% /dev/fd
rpool/ROOT/solaris/var
15G 122M 11G 2% /var
swap 1.7G 0K 1.7G 0% /tmp
rpool/VARSHARE 15G 2.4M 11G 1% /var/share
rpool/VARSHARE/zones 15G 31K 11G 1% /system/zones
rpool/export 15G 32K 11G 1% /export
rpool/export/home 15G 31K 11G 1% /export/home
rpool 15G 32K 11G 1% /rpool
rpool/VARSHARE/pkg 15G 32K 11G 1% /var/share/pkg
rpool/VARSHARE/pkg/repositories
15G 31K 11G 1% /var/share/pkg/repositories
root@UAKLZ1:~#
12.You mange the network using ipadm in kernel zone itself.
root@UAKLZ1:~# ipadm NAME CLASS/TYPE STATE UNDER ADDR lo0 loopback ok -- -- lo0/v4 static ok -- 127.0.0.1/8 lo0/v6 static ok -- ::1/128 net0 ip ok -- -- net0/v4 static ok -- 192.168.2.59/24 net0/v6 addrconf ok -- fe80::8:20ff:fe24:543/10
13.You need to configure package repository for kernel zone like global for any additional package installation and non-global zone installation.
root@UAKLZ1:~# pkg publisher PUBLISHER TYPE STATUS P LOCATION solaris origin online F http://pkg.oracle.com/solaris/release/ root@UAKLZ1:~#
14.In Solaris 11.2 , you can suspend the zone and resume it when you needed. This is similar to VMware ‘s VM suspend and resume functionality. You need to set the suspend file path .
root@SAN:~# zonecfg -z UAKLZ1
zonecfg:UAKLZ1> select suspend
zonecfg:UAKLZ1:suspend> set path=/cloudS/UAKLZ1_suspend
zonecfg:UAKLZ1:suspend> end
zonecfg:UAKLZ1> commit
zonecfg:UAKLZ1> exit
root@UA-GLOBAL:~# zonecfg -z UAKLZ1 info suspend
suspend:
path: /cloudS/UAKLZ1_suspend
storage not specified
root@UA-GLOBAL:~# zoneadm -z UAKLZ1 suspend
root@UA-GLOBAL:~# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / solaris shared
- UAKLZ1 installed - solaris-kz excl
root@SAN:~#
15.You can resume the zone using boot command .Once the zone ‘s resumed , the suspend file will be removed.You can also migrate the suspended zone from one global zone to another global zone.
root@UA-GLOBAL:~# cd /cloudS/ root@SAN:/cloudS# ls -lrt total 507776 drwxr-xr-x 2 root root 2 Aug 7 02:25 other -rw------- 1 root root 260046848 Aug 7 16:43 UAKLZ1_suspend root@UA-GLOBAL:/cloudS# du -sh UAKLZ1_suspend 248M UAKLZ1_suspend root@UA-GLOBAL:/cloudS# zoneadm -z UAKLZ1 boot root@UA-GLOBAL:/cloudS# ls -lrt total 3 drwxr-xr-x 2 root root 2 Aug 7 02:25 other root@UA-GLOBAL:/cloudS# root@UA-GLOBAL:/cloudS# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / solaris shared 3 UAKLZ1 running - solaris-kz excl root@UA-GLOBAL:/cloudS# zlogin UAKLZ1 uptime 4:49pm up 14:21, 0 users, load average: 0.71, 0.82, 0.39 root@UA-GLOBAL:/cloudS#
Hope now you got some idea about kernel zone’s configuration, installation and other features.
Share it ! Comment it !! Be Sociable !!!
virender says
I’ve my local repo which is http based, still its failing ..any ideas
15:40:16 73% Transferring contents
15:40:22 77% Transferring contents
15:40:31 84% Transferring contents
15:40:41 86% Transferring contents
15:40:43 87% Transferring contents
15:40:45 88% Transferring contents
15:40:47 Completed transfer of stream: ‘e375780b-a9e7-4220-8602-d7ec7a864133-0.zfs’ from file:///system/shared/uafs/OVA
15:40:49 Archive transfer completed
15:41:28 89% generated-transfer-954-1 completed.
15:41:28 89% Beginning IPS transfer
15:41:28 Setting post-install publishers to:
15:41:28 solaris
15:41:28 origin: http://x.x.x.x::8080/
15:41:28 89% generated-transfer-954-2 completed.
15:41:29 Changing target pkg variant. This operation may take a while
15:41:34 Error occurred during execution of ‘apply-pkg-variant’ checkpoint.
15:41:34 100% None
15:41:35 Failed Checkpoints:
15:41:35 apply-pkg-variant
15:41:35 Checkpoint execution error:
15:41:35 Command ‘[‘/usr/bin/pkg’, ‘-R’, ‘/a’, ‘change-variant’, ‘-I’, ‘–accept’, ‘variant.opensolaris.zone=global’]’ returned unexpected exit status 1
15:41:35 pkg: 0/1 catalogs successfully updated:
15:41:35 Unable to contact valid package repository
15:41:35 Encountered the following error(s):
15:41:35 Unable to contact any configured publishers.
15:41:35 This is likely a network configuration problem.
15:41:35 Framework error: code: 7
15:41:35 URL: ‘http://172.17.81.201:8080’ (happened 4 times)
15:41:35 Automated Installation Failed. See install log at /system/volatile/install_log
Automated Installation failed
Please refer to the /system/volatile/install_log file for details
[ Apr 1 15:41:36 Method “start” exited with status 95. ]
[ Apr 1 15:44:19 Leaving maintenance because clear requested. ]
[ Apr 1 15:44:20 Enabled. ]
[ Apr 1 15:44:20 Executing start method (“/lib/svc/method/auto-installer”). ]
Lingeswaran R says
The issue with publishers. Please fix it. You could also unconfigure the publishers and reconfigure it.
Regards
Lingesh
Vijendra Padwal says
Thank you very much for explaining it in very detailed & easiest way.
Wishing You A Happy-Healthy-Wealthy-Prosperous Peaceful Life & Very Bright Career Ahead..
Take Care
Parameswara Rao says
Thank you very much to explained easily to understand.