zlogin is not an ssh substitute

I'm workin' on a highly available web application configuration on my laptop. So far I have 5 zones on my 2GB RAM laptop:

  • Administration zone: Application Server Admin server and a directory server for LDAP authentication
  • Application Server zone(s): 2 Zones, with application servers running, along with HADB
  • Web Server Zone: A web server running, load balancing across 2 application server zones.
Yes, I could run all of those services in one zone, but hey, what would the Clingan Zone be without lots of zones?

I had been starting most services automatically via rc scripts and inittab, per product instructions. I could run them via SMF if I write my own (or google for them), but I haven't gotten around to it yet.

Everything had been working fine. I had installed and run the web server successfully all via zlogin and by launching the RC script. Wait a second, why was I starting the web server by hand? I selected "launch at startup" on the installer screen. Hmm, my web server rc script wasn't being called, because it existed. So I ran zlogin, as I usually do, to get to my zone of choice. Turns out zlogin can be a bad idea as my pseudo-default login method. Here's why.

svcs -x showed that sysidtool was running and that a boatload of services were waiting on it. Huh? Lemme think. After creating the zone, didn't I log in with "zlogin -C" and finish configuring the zone? Obviously not. What was interesting is that I've gone on for a while running the Java Enterprise System Web server in a zone that hadn't even been configured.

Note, the interface was plumbed and up by the global zone upon zone boot, and I had copied a host file to all zones, so host names were resolving.

You may ask why I would take the trouble to "su root" to even be able to run zlogin? Why not just ssh in the first place? Well, since this was run on my laptop, I don't want to autoboot zones. I boot them when I need them.

That means root. That means zlogin. Until now.
Comments:

John, remember you can avoid using su(1) by using RBAC instead: # usermod -K "profiles=Zone Management" somebody Anyway, we're thinking about ways of making it easier to remember the sysidtool(1) step or perhaps make it easier to specify a sysidcfg(4) file as part of the provisioning effort.

Posted by David Comay on May 24, 2006 at 04:44 PM PDT #

David, good idea. The only problem is that I seem to be constantly giving myself additional rights. Soon, there won't be much of a difference between "jclingan" and "root" :)

Actually, I do this often enough that I will probably take your advice and give myself the rights for zone management. I think I've earned it :)

On the sysid front, I muck with zones often enough that I'm surprised that this scenario hadn't occured long ago. All it takes is one phone call during the middle of a provisioning and my artificial alzheimers kicks in. Nonetheless, I think making sysidtool more visible in a zones context is a good idea. Until yesterday, I wouldn't have thought so.

Posted by John Clingan on May 24, 2006 at 11:14 PM PDT #

John, The script I use to automate a zone build does a check to see if the utmpd daemon is running. After that it will continue adding things like appservers and webservers. Alternatively, you could poll "who -r" in the zone to check the run level.
function testcommand {
        [ "$#" -lt 1 ] && return 1

        eval "$\*"  >/dev/null 2>&1
        return $?
}
.
.
.

  zoneadm -z ${ZONE} boot
  utmp=
  echo -n "Booting "
  while ! testcommand "/usr/bin/pgrep -z ${ZONE} utmpd"
  do
        echo -n "."
        sleep 2
  done
  sleep 5
  echo "done"

Posted by Doug Scott on May 25, 2006 at 11:38 AM PDT #

John, with the type of applications (java app servers) you are running across multiple zones, what sort of memory usage are you seeing on the whole machine?

-M

Posted by Moazam Raja on May 25, 2006 at 03:45 PM PDT #

Post a Comment:
Comments are closed for this entry.
About

John Clingan

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today