Al Hoang

With the announcement of OpenSolaris 2009.06 I thought it would be appropriate to blog a little about a tool I had been writing to help myself play with Zones a bit easier.

My overall goals were the following:

• Have each zone configured with its own virtual NIC (Crossbow)
• Allow easy creation of zones without having to type zonecfg crap over and over again
• Make it a stepping stone to automatically creating zones
• See how well ipkg branded Zones work
• Allow a Zone to get its IP and DNS configuration from DHCP

I had tried going through tutorials that I found on the web (See references below) for setting up Zones but sadly none of them worked to my frustration. After a lot of experimentation I finally pieced together a way to create zones quickly and (almost) automatically for simple configurations.

Howto

1. Create a template zone that will be used as the main clone Zone
2. Download setup-zone-exclusive.sh and modify lines 34-35 to match the name of your template zone and the real interface you want the zones to bind to
3. Download the DHCP event hook script from here and name it dhcp-client-event.sh if you want DHCP configuration
4. Run setup-zone-exclusive with the zonename and the virtual nic interface that you want

In more detail here are the steps below

First create a template zone (I call it barebones here)

# Create /zones as its own ZFS filesystem
$ pfexec zfs create rpool/zones
$ pfexec zfs set mountpoint=/zones rpool/zones
$ pfexec zfs create rpool/zones/barebones
$ pfexec chmod 0700 /zones/barebones
$ pfexec dladm create-vnic -l $REAL_IF vnic0
$ pfexec zonecfg -z barebones
barebones: No such zone configured
Use ‘create’ to begin configuring a new zone.
zonecfg:barebones> create
zonecfg:barebones> set zonepath=/zones/barebones
zonecfg:barebones> set ip-type=exclusive
zonecfg:barebones> add net
zonecfg:barebones:net> set physical=vnic0
zonecfg:barebones:net> end
zonecfg:barebones> exit

$ pfexec zoneadm -z barebones install

Get the script

I would suggest you create a project directory to hold things such as zonecreations.

Download from Github gists here. Name it setup-zone-exclusive.sh. Don’t forget to chmod +x the file so you can execute it

Download the DHCP event hook script

You can get that here. Make sure this script is in the same directory as wherever you saved setup-zone-exclusive.sh

Create a zone

You can now create zones like this:

cd zonecreations
pfexec ./setup-zone-exclusive.sh mycoolnewzone virtualnic1

Have fun!

Update: Fixed an error in the example for using dladm. It should be correct now. Thanks!

References

Downloads

http://gist.github.com/122220 (setup-zone-exclusive.sh)
A DHCP event script to make sure DNS is configured when DHCP acquires an IP

Older docs on setting up Zones on Solaris

How to use sysidcfg file in OpenSolaris 2008.11
Internal Zone Configuration docs
Performing the Initial Zone configuration
Preconfiguring with sysidcfg file
OpenSolaris FAQ on sysidcfg
Ben Rockwood’s blogpost on Zone creation
About /etc/.UNCONFIGURED

Helpful for understanding Zones and Crossbow

Crossbow on vnics

Finding out that there is a change in policy for setting root_password in sysidcfg files

PASSREQ is enforced
zlogin failure after zone setup

The following helped in understanding the role of IPS and ipkg inside a non-global Zone

Updating Zones in OpenSolaris 2008.x
A field guide to Zones in OpenSolaris 2008.05
OpenSolaris forum on sysidcfg and Zones

After looking at /etc/inet/hosts I noticed a loghost entry.

Being a Solaris newbie I was curious to see why this entry was there. A quick Google brought up this nice discussion:
 http://opensolaris.org/jive/thread.jspa?…

Summary, don’t delete it.

On small LAN networks that do not have an internal DNS server. There is a nice technology called ZeroConf that uses multicast to enable name lookup resolution. It has been baked into OS X for quite some time now. Linux and other UNIX flavors have been picking this up as well. OpenSolaris also includes this but enabling it is not on by default (At least with 2008.11). Here is a quick howto.

Edit the file /etc/nsswitch.conf and make sure that the line that begins with

hosts:

contains the following

hosts: files dns mdns

Then you should be able to ping any machine that uses Bonjour. For example, if you have a Mac that is named mycoolmac then you should be able to ping mycoolmac.local

References

• Heads-up Multicast DNS and discovery

After having dain bramaged myself for years with Linux usage. I had gotten spoiled into believing an OS should make it simple to do the following:

1. Shutdown computer
2. Swap around hardware components
3. Restart
4. Life is good

However any techie should tell you this is a pipe dream on Windows. Mac users probably have no clue since they never change hardware components and just buy new Macs to solve their problems. Which leaves the lucky OSS *nix variants to try stunts like this.

Being the stubborn person I am, I attempted this with OpenSolaris by swapping out my motherboard. I wanted to do this in order to take advantage of the E7400 Core 2 Duo that I bought awhile back. Things almost worked however on reboot I was given the dreaded console login screen with a useless keyboard. The following as far as I know don´t work…

1. CTRL-ALT-BACKSPACE
2. CTRL-ALT-Fn
3. CTRL-ALT-DEL

Your best bet is to ssh somehow and try to look for clues. Here is what I did…

1. Swap motherboard and stare at dark screen
2. Find out how to boot into single user mode and make sure the kernel isn’t PO-ed or something and find my IP address
3. Move away the X11 configuration that I configured (dual-display) and try rebooting
4. Reboot and find out it isn’t working
5. ssh in and realize it still isn’t working. Move the old dual display X11 config back to /etc/X11/xorg.conf
6. Try restarting gdm with svcadm restart gdm and watch it fail
7. Scritch head some more
8. Try starting X from the SSH session and whoah it works
9. Restart gdm (svcadm restart gdm) and now I get a login screen
10. Realize that I disconnected the left monitor (VGA) to help debug and want it back
11. Logout and log back in. I now have dual screens and a working Solaris install again!

References

• How to boot into Single User Mode for OpenSolaris
• Finding device faults with Fault Manager
• Debugging problems with nvidia driver on bootup

I’ve been silently scanning some Solaris blogs and skimming some of the appropriate websites for documentation on some of the more interesting features of Solaris for awhile now. One thing that requires time to adjust to is the number of acronyms that the Solaris community has to describe their technologies. One of these is called L2ARC.

At first I thought it was some hardware device however after a bit more searching it turns out that it is part of the ZFS technology suite. L2ARC stands for second level ARC where ARC is a read cache system for ZFS that uses a system´s main memory for holding the cache. While ARC uses the hardware´s main memory, L2ARC is designed to take advantage of faster I/O media such as SSD devices to provide faster read throughput than what a typical hard drive can offer.

Brendan Gregg has an excellent overview explaining what the L2ARC is and some of the benefits it can give in accelerating random reads.

It seems that with most default UNIX-like installations outside of FreeBSD just include craptastic manpages.

This really puts a dent in RTFM. In Linux-land this has been a serious PITA for years (Yes, I know how to hunt around for the packages to install the manpages in Redhat-ish and Debian lang but it is still an irritation). It seems my forays with OpenSolaris mirror the fun of Linux. Ah well..

$  man ps
Reformatting page.  Please Wait... done

Miscellaneous                                          missing(x)

     missing - Missing Manual Page

DESCRIPTION
     Unfortunately, this OpenSolaris Developer Preview  does  not
     include  the  manual  page you are looking for.  We're sorry
     and hope to improve upon this situation in future releases.

     Online versions  of  many  manual  pages  are  available  at
     http://docs.sun.com/app/docs/coll/40.17.

SunOS 5.11            Last change: 07/10/25