Learning Solaris 10 Check out the Zones F.A.Q. !

SA225 : Extra Lab : Working with zones
================================

Note : please send comments, suggestions and remarks to nieuwenj@learningsolaris.com
Last edited on January 10, 2006

This lab will take you through a basic configuration where two non-global zones will be installed. To illustrate the use of some of the zones configuration files, the second zone will be created by cloning the first one. DISCLAIMER : modifying the file /etc/zones/index without going through the proper interfaces is absolutely NOT supported. It does work but you can have no certainty that it will work in the future. Just use that trick to get an understanding of how zones are installed.

Other points that are introduced include the automatic configuration of zones and the existence of a separate port namespace within each zone, allowing us to start 2 webservers listening on port 80 on the same machine.

Exercise 3 illustrates the only current way of blocking inter-zone traffic.

You can also have a look at the lab solution !

0. Before starting
“”"”"”"”"”"”"”"”"”"
Check that you have got enough space :

# df -h /zones
Filesystem size used avail capacity Mounted on
/dev/dsk/c0d0s4 6.4G 6.5M 6.3G 1% /zones

My zones are going to be located in the slice c0d0s4 ( /zones ).
My network interface is bge0.

1. Creating the first zone
“”"”"”"”"”"”"”"”"”"”"”"”"”"

Create a zone :
- in the 10.104.1.0 (sub)network
- which has read-only access to the global /maxtor directory

Check the /etc/zones directory and the files contained in it.

Install the zone.

Check the /etc/zones directory and the files contained in it.

Before booting the zone, take a cpio archive of the directory hierarchy of the first zone, starting from the zonepath.

Put the zone in the ready state. What’s changed?

Boot, Log into the zone console and configure the zone.

Start Apache2 in zone1. Using another machine or the global zone, check that you can access your new webserver from a web browser.

Check the /etc/zones directory and the files contained in it.

2. Creating the second zone
“”"”"”"”"”"”"”"”"”"”"”"”"”"”"”

Your second zone will be installed by manually cloning the first one using the cpio archive created in Step 1.

First, create zone2 from zone1’s configuration by using the ‘export’ and ‘-f’ options of the zonecfg command.

Check the /etc/zones directory and the files contained in it.

Copy the archive in your /zones directory and un-archive it into zone2’s zonepath ( after having created the directory ! ).

You know have to make the system know that the second zone is installed. You can do that very unofficially by editing /etc/zones/index and replace ‘configured’ by ‘installed’.

Before booting the second zone, you will now create a sysidcfg file that will be used to automatically configure the machine so that answering the sysidtool questions is not needed. Store that file in zone2’s /etc directory.

The last question has to do with NFSv4 and cannot be replied to using sysidcfg. For information about how to proceed, check this docs.sun.com page.

Boot the second zone and watch it being booted in a matter of seconds, completely automatically.

You now have (in an unsupported way) a second zone running in which you can start another apache2 webserver listening to port 80.

3. Blocking traffic between zones
“”"”"”"”"”"”"”"”"”"”"”"”"”"”"”"”"”"

Since IPFilter may not be used ( see Zones F.A.Q. ), you’ll need to use the route command.