Learning Solaris 10 Check out the Zones F.A.Q. !

Google


Lab : Solaris 10 Zones solution  

Posted on January 10th, 2006. About Uncategorized.

SA225 : Extra Lab : Working with zones
================================
SOLUTIONS
===========

1. Creating the first zone

# zonecfg -z zone1 info

zonename: zone1
zonepath: /zones/zone1
autoboot: false
pool:
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
fs:
dir: /maxtor
special: /maxtor
raw not specified
type: lofs
options: [ro]
net:
address: 10.104.1.201/24
physical: bge0

# ls /etc/zones
SUNWblank.xml SUNWdefault.xml index zone1.xml

# tail -5 /etc/zones/index
# DO NOT EDIT: this file is automatically generated by zoneadm(1M)
# and zonecfg(1M). Any manual changes will be lost.
#
global:installed:/
zone1:configured:/zones/zone1

# zoneadm -z zone1 install
Preparing to install zone .
Creating list of files to copy from the global zone.
Copying <8462> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <982> packages on the zone.
Initialized <982> packages on zone.
Zone is initialized.
The file contains a log of the zone installation.

# tail -2 /etc/zones/index
global:installed:/
zone1:installed:/zones/zone1

# cd /zones/zone1
# find root | cpio -oc > ../zone1.cpio
379040 blocks
# ls -lh /zones
total 379266
drwx—— 2 root root 8.0K Dec 13 21:21 lost+found
drwx—— 3 root root 512 Jan 9 15:20 zone1
-rw-r–r– 1 root root 185M Jan 9 15:39 zone1.cpio

# zoneadm -z zone1 ready

# ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849 mtu 8232 index 1
zone zone1
inet 127.0.0.1 netmask ff000000
bge0: flags=1004843 mtu 1500 index 2
inet 10.104.82.167 netmask ffffff00 broadcast 10.104.82.255
ether 0:14:22:c4:2a:3c
bge0:1: flags=1000843 mtu 1500 index 2
zone zone1
inet 10.104.1.201 netmask ffffff00 broadcast 10.104.1.255

# grep lofs /etc/mnttab
/usr/lib/libc/libc_hwcap1.so.1 /lib/libc.so.1 lofs dev=1980000 1136797561
/zones/zone1/dev /zones/zone1/root/dev lofs zonedevfs,dev=4640001 1136817697
/lib /zones/zone1/root/lib lofs ro,nodevices,nosub,dev=1980000 1136817697
/maxtor /zones/zone1/root/maxtor lofs ro,dev=1741002 1136817697
/platform /zones/zone1/root/platform lofs ro,nodevices,nosub,dev=1980000 1136817697
/sbin /zones/zone1/root/sbin lofs ro,nodevices,nosub,dev=1980000 1136817697
/usr /zones/zone1/root/usr lofs ro,nodevices,nosub,dev=1980000 1136817697

# zoneadm -z zone1 boot

# zlogin -C zone1
[Connected to zone ‘zone1′ console]

(…)
System identification is completed.

rebooting system due to change(s) in /etc/default/init

[NOTICE: Zone rebooting]

SunOS Release 5.11 Version snv_24 32-bit
Copyright 1983-2005 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
Hostname: zone1
zone1 console login: root
Password:
Jan 9 15:53:33 zone1 login: ROOT LOGIN /dev/console
#

global# zoneadm list -cv
ID NAME STATUS PATH
0 global running /
2 zone1 running /zones/zone1

zone1# cp /etc/apache2/httpd.conf-example /etc/apache2/httpd.conf
zone1# svcadm enable apache2

global# tail -2 /etc/zones/index
global:installed:/
zone1:installed:/zones/zone1

global# zoneadm list -cv
ID NAME STATUS PATH
0 global running /
2 zone1 running /zones/zone1

2. Creating the second zone
“”"”"”"”"”"”"”"”"”"”"”"”"”"”

global#zonecfg -z zone1 export > /tmp/zone2.cfg

global#vi /tmp/zone2.cfg (–> new IP & new zonepath)

global# zonecfg -z zone2 -f /tmp/zone2.cfg

global# tail -3 /etc/zones/index
global:installed:/
zone1:installed:/zones/zone1
zone2:configured:/zones/zone2

global# cd /zones

global# mkdir zone2
global# chmod 700 zone2
global# mv zone1.cpio zone2
global# cd zone2
global# cat zone1.cpio | cpio -ic

global# ls -l /zones
total 20
drwx—— 2 root root 8192 Dec 13 21:21 lost+found
drwx—— 4 root root 512 Jan 9 15:41 zone1
drwx—— 3 root root 512 Jan 9 16:53 zone2

global# cat /zones/zone2/root/etc/sysidcfg
timeserver=localhost
system_locale=C
network_interface=primary { hostname=zone2 }
timezone=MET
terminal=vt100
name_service=none
security_policy=none
root_password=”zooyBaeYvTRGE”

global# touch /zones/zone2/root/etc/.NFS4inst_state.domain

global# tail -3 /etc/zones/index
global:installed:/
zone1:installed:/zones/zone1
zone2:installed:/zones/zone2

global# zoneadm -z zone2 boot
global# zoneadm list -cv
ID NAME STATUS PATH
0 global running /
2 zone1 running /zones/zone1
3 zone2 running /zones/zone2

global# ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849 mtu 8232 index 1
zone zone1
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849 mtu 8232 index 1
zone zone2
inet 127.0.0.1 netmask ff000000
bge0: flags=1004843 mtu 1500 index 2
inet 10.104.82.167 netmask ffffff00 broadcast 10.104.82.255
ether 0:14:22:c4:2a:3c
bge0:1: flags=1000843 mtu 1500 index 2
zone zone1
inet 10.104.1.201 netmask ffffff00 broadcast 10.104.1.255
bge0:2: flags=1000843 mtu 1500 index 2
zone zone2
inet 10.104.1.202 netmask ffffff00 broadcast 10.104.1.255

global# zlogin zone2
[Connected to zone ‘zone2′ pts/9]
Sun Microsystems Inc. SunOS 5.11 snv_24 October 2007
#
#
# svcs apache2
STATE STIME FMRI
disabled 8:29:30 svc:/network/http:apache2

zone2# cp /etc/apache2/httpd.conf-example /etc/apache2/httpd.conf
zone2# svcadm enable apache2

3. Blocking traffic between zones
“”"”"”"”"”"”"”"”"”"”"”"”"”"”"”"”"”"
global# ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849 mtu 8232 index 1
zone zone1
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849 mtu 8232 index 1
zone zone2
inet 127.0.0.1 netmask ff000000
bge0: flags=1004843 mtu 1500 index 2
inet 10.104.82.167 netmask ffffff00 broadcast 10.104.82.255
ether 0:14:22:c4:2a:3c
bge0:1: flags=1000843 mtu 1500 index 2
zone zone1
inet 10.104.1.201 netmask ffffff00 broadcast 10.104.1.255
bge0:2: flags=1000843 mtu 1500 index 2
zone zone2
inet 10.104.1.202 netmask ffffff00 broadcast 10.104.1.255

global# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
——————– ——————– —– —– —— ———
10.104.82.0 10.104.82.167 U 1 114 bge0
224.0.0.0 10.104.82.167 U 1 0 bge0
default 10.104.82.2 UG 1 1932 bge0
127.0.0.1 127.0.0.1 UH 4 129 lo0

global# route add -reject 10.104.1.202 10.104.1.201
add host 10.104.1.202: gateway 10.104.1.201

global# route add -reject 10.104.1.201 10.104.1.202
add host 10.104.1.201: gateway 10.104.1.202

zone1# ping 10.104.1.202
ICMP Host Unreachable from gateway zone1 (10.104.1.201)
for icmp from zone1 (10.104.1.201) to 10.104.1.202

zone2# ping 10.104.1.201
ICMP Host Unreachable from gateway zone2 (10.104.1.202)
for icmp from zone2 (10.104.1.202) to 10.104.1.201

Side effect :

global# ping 10.104.1.201
ICMP Host Unreachable from gateway nemirov (10.104.82.167)


Learning Solaris 10 is powered by WordPress 1.5.2 and delivered to you in 0.424 seconds.
Design by Matthew & modified by JC.