Effortless Upgrade: Solaris 8 System to Solaris 8 Container
By Jeff Victor-Oracle on Apr 09, 2008
Since 2005, Solaris 10 has offered the Solaris Containers feature set, creating isolated virtual Solaris environments for Solaris 10 applications. Although almost all Solaris 8 applications run unmodified in Solaris 10 Containers, sometimes it would be better to just move an entire Solaris 8 system - all of its directories and files, configuration information, etc. - into a Solaris 10 Container. This has become very easy - just three commands.
Sun offers a Solaris Binary Compatibility Guarantee which demonstrates the significant effort that Sun invests in maintaining compatibility from one Solaris version to the next. Because of that effort, almost all applications written for Solaris 8 run unmodified on Solaris 10, either in a Solaris 10 Container or in the Solaris 10 global zone.
However, there are still some data centers with many Solaris 8 systems. In some situations it is not practical to re-test all of those applications on Solaris 10. It would be much easier to just move the entire contents of the Solaris 8 file systems into a Solaris Container and consolidate many Solaris 8 systems into a much smaller number of Solaris 10 systems.
For those types of situations, and some others, Sun now offers Solaris 8 Containers. These use the "Branded Zones" framework available in OpenSolaris and first released in Solaris 10 in August 2007. A Solaris 8 Container provides an isolated environment in which Solaris 8 binaries - applications and libraries - can run without modification. To a user logged in to the Container, or to an application running in the Container, there is very little evidence that this is not a Solaris 8 system.
The Solaris 8 Container technology rests on a very thin layer of software which performs system call translations - from Solaris 8 system calls to Solaris 10 system calls. This is not binary emulation, and the number of system calls with any difference is small, so the performance penalty is extremely small - typically less than 3%.
Not only is this technology efficient, it's very easy to use. There are five steps, but two of them can be combined into one:
- install Solaris 8 Containers packages on the Solaris 10 system
- patch systems if necessary
- archive the contents of the Solaris 8 system
- move the archive to the Solaris 10 system (if step 3 placed the archive on a file system accessible to the Solaris 10 system, e.g. via NFS, this step is unnecessary)
- configure and install the Solaris 8 Container, using the archive
Almost any Solaris 8 revision or patch level will work, but Sun strongly recommends applying the most recent patches to that system. The Solaris 10 system must be running Solaris 10 8/07, and requires the following minimum patch levels:
- Kernel patch: 127111-08 (-11 is now available) which needs
- Solaris 8 Branded Zones patch: 128548-05
s10-system# pkgadd -d . SUNWs8brandr SUNWs8brandu SUNWs8p2vNow we can patch the Solaris 10 system, using the patches listed above.
After patches have been applied, it's time to archive the Solaris 8 system. In order to remove the "archive transfer" step I'll turn the Solaris 10 system into an NFS server and mount it on the Solaris 8 system. The archive can be created by the Solaris 8 system, but stored on the Solaris 10 system. There are several tools which can be used to create the archive: Solaris flash archive tools, cpio, pax, etc. In this example I used flarcreate, which first became available on Solaris 8 2/04.
s10-system# share /export/home/s8-archives
s8-system# mount s10-system:/export/home/s8-archives /mnt s8-system# flarcreate -S -n atl-sewr-s8 /mnt/atl-sewr-s8.flarCreation of the archive takes longer than any other step - 15 minutes to an hour, or even more, depending on the size of the Solaris 8 file systems.
With the archive in place, we can configure and install the Solaris 8 Container. In this demonstration the Container was "sys-unconfig'd" by using the -u option. The opposite of that is -p, which preserves the system configuration information of the Solaris 8 system.
s10-system# zonecfg -z test8 zonecfg:test8> create -t SUNWsolaris8 zonecfg:test8> set zonepath=/zones/roots/test8 zonecfg:test8> add net zonecfg:test8:net> set address=188.8.131.52 zonecfg:test8:net> set physical=vnet0 zonecfg:test8:net> end zonecfg:test8> exit s10-system# zoneadm -z test8 install -u -a /export/home/s8-archives/atl-sewr-s8.flar Log File: /var/tmp/test8.install.995.log Source: /export/home/s8-archives/atl-sewr-s8.flar Installing: This may take several minutes... Postprocessing: This may take several minutes... Result: Installation completed successfully. Log File: /zones/roots/test8/root/var/log/test8.install.995.logThis step should take 5-10 minutes. After the Container has been installed, it can be booted.
s10-system# zoneadm -z test8 boot s10-system# zlogin -C test8At this point I was connected to the Container's console. It asked the usual system configuration questions, and then rebooted:
[NOTICE: Zone rebooting] SunOS Release 5.8 Version Generic_Virtual 64-bit Copyright 1983-2000 Sun Microsystems, Inc. All rights reserved Hostname: test8 The system is coming up. Please wait. starting rpc services: rpcbind done. syslog service starting. Print services started. Apr 1 18:07:23 test8 sendmail: My unqualified host name (test8) unknown; sleeping for retry The system is ready. test8 console login: root Password: Apr 1 18:08:04 test8 login: ROOT LOGIN /dev/console Last login: Tue Apr 1 10:47:56 from vpn-129-150-80- Sun Microsystems Inc. SunOS 5.8 Generic Patch February 2004 # bash bash-2.03# psrinfo 0 on-line since 04/01/2008 03:56:38 1 on-line since 04/01/2008 03:56:38 2 on-line since 04/01/2008 03:56:38 3 on-line since 04/01/2008 03:56:38 bash-2.03# ifconfig -a lo0:1: flags=1000849At this point the Solaris 8 Container exists. It's accessible on the local network, existing applications can be run in it, or new software can be added to it, or existing software can be patched.
mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 vnet0:1: flags=1000843 mtu 1500 index 2 inet 184.108.40.206 netmask ffffff00 broadcast 220.127.116.11
To extend the example, here is the output from the commands I used to limit this Solaris 8 Container to only use a subset of the 32 virtual CPUs on that Sun Fire T2000 system.
s10-system# zonecfg -z test8 zonecfg:test8> add dedicated-cpu zonecfg:test8:dedicated-cpu> set ncpus=2 zonecfg:test8:dedicated-cpu> end zonecfg:test8> exit bash-3.00# zoneadm -z test8 reboot bash-3.00# zlogin -C test8 Console: [NOTICE: Zone rebooting] SunOS Release 5.8 Version Generic_Virtual 64-bit Copyright 1983-2000 Sun Microsystems, Inc. All rights reserved Hostname: test8 The system is coming up. Please wait. starting rpc services: rpcbind done. syslog service starting. Print services started. Apr 1 18:14:53 test8 sendmail: My unqualified host name (test8) unknown; sleeping for retry The system is ready. test8 console login: root Password: Apr 1 18:15:24 test8 login: ROOT LOGIN /dev/console Last login: Tue Apr 1 18:08:04 on console Sun Microsystems Inc. SunOS 5.8 Generic Patch February 2004 # psrinfo 0 on-line since 04/01/2008 03:56:38 1 on-line since 04/01/2008 03:56:38Finally, to learn more about Solaris 8 Containers: