Ours Goes To 11 - Features of Oracle Solaris 11

In my last installment I promised I would blog on a few Solaris 11 features, so in honor of the new year, 2011 I'll describe a nifty feature that lets you move Solaris 10 environments into "Solaris 10 brand" zones under Solaris 11.

Solaris 11 zones - fundamentals

Zones, also called Solaris Containers, are a lightweight virtualization feature of Solaris, introduced with Solaris 10 and widely deployed by customers. Zones behave like private instances of Solaris, and have negligible overhead and native performance. They need much less CPU, memory, and disk space than full virtual machines, and are an ideal technology for consolidating Solaris systems and applications.

Zones in Solaris 11 differ from Solaris 10 in several respects. One difference is that the distinction in Solaris 10 between "whole root" vs. "sparse root" goes away. In Solaris 10, "sparse root" zones conserve disk space and permit fast zone creation by sharing a single instance of key file systems (like /usr) read-only among multiple zones. In Solaris 11, the root file system is ZFS and zone creation leverages ZFS clones for similar space and time savings. As a result system administrators no longer have to choose between different types of zone.

To demonstrate this, let's build a regular S11 zone first. This is running in a Solaris 11 guest in VirtualBox hosted on Solaris 11 on a Acer desktop system. Note that the brand is now called 'ipkg', instead 'native' as on Solaris 10.

root@s11:# zoneadm list -civ
  ID NAME             STATUS     PATH                           BRAND    IP    
   0 global           running    /                              ipkg     shared
root@s11:# zonecfg -z s11zone1
s11zone1: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:s11zone1> create
zonecfg:s11zone1> set zonepath=/zones/s11zone1
zonecfg:s11zone1> set autoboot=false
zonecfg:s11zone1> add net
zonecfg:s11zone1:net> set physical=e1000g0
zonecfg:s11zone1:net> set address=192.168.56.205
zonecfg:s11zone1:net> end
zonecfg:s11zone1> verify
zonecfg:s11zone1> commit
zonecfg:s11zone1> exit
root@s11:# zoneadm list -civ
  ID NAME             STATUS     PATH                           BRAND    IP    
   0 global           running    /                              ipkg     shared
   - s11zone1         configured /zones/s11zone1                ipkg     shared
root@s11:# zoneadm -z s11zone1 install
A ZFS file system has been created for this zone.
   Publisher: Using solaris (file:///mnt/repo/repo/ ).
       Image: Preparing at /zones/s11zone1/root.
Sanity Check: Looking for 'entire' incorporation.
  Installing: Core System (output follows)
------------------------------------------------------------
Package: pkg://solaris/consolidation/osnet/osnet-incorporation@0.5.11,5.11-0.151.0.1:20101104T230646Z
License: usr/src/pkg/license_files/lic_OTN

Oracle Technology Network Developer License Agreement

Oracle Solaris, Oracle Solaris Cluster and Oracle Solaris

... many lines of text about downloads, licenses and export control omitted...
...
...
  Next Steps: Boot the zone, then log into the zone console (zlogin -C)
              to complete the configuration process. 
root@s11:#  zoneadm list -civ
  ID NAME             STATUS     PATH                           BRAND    IP    
   0 global           running    /                              ipkg     shared
   - s11zone1         installed  /zones/s11zone1                ipkg     shared

Hey - what's this "noise" all about? Another difference is that Solaris 11 use a different style of packaging, and inhales software (from a network repository) necessary to build its "brand."

Installing the zone takes several minutes and a few hundred MB of disk space. Cloning this zone took under 15 seconds elapsed time, under 3 seconds of CPU time, and had a disk footprint of only a few megabytes. Cloning is the most efficient way to create new virtual instances. More important, it makes it easy to create 'cookie cutter' virtual environments populated with application software by doing software installation and customization once in the prototype zone, and then making as many copies as needed. This is not new with Solaris 11: Solaris 10 has this feature as well.

root@s11:# time zonecfg -z newzone1 
 ... dialog much like the previous zonecfg ...
root@s11:# time zoneadm -z newzone1 clone s11zone1

real	0m14.614s
user	0m1.062s
sys	0m1.859s
root@s11:# zoneadm list -civ
  ID NAME             STATUS     PATH                           BRAND    IP    
   0 global           running    /                              ipkg     shared
   - s11zone1         installed  /zones/s11zone1                ipkg     shared
   - newzone1         installed  /zones/newzone1                ipkg     shared

... take a few seconds to boot the zone and initialize its services, then ...

root@s11:# zfs list  rpool/export/home/zones/newzone1
NAME                               USED  AVAIL  REFER  MOUNTPOINT
rpool/export/home/zones/newzone1  6.06M  9.98G    34K  /zones/newzone1

Moving Solaris 10 systems into Solaris 11

So far, all of this is completely mundane. Let's get to the "10 under 11" content now. We have two different types of migration, both of which permit a Solaris 10 environment to be moved to a zone under Solaris 11, while retaining its Solaris 10 identity.

  1. Virtual to virtual (V2V): Move a non-global zone from a Solaris 10 system into a Solaris 10 Container under Solaris 11
  2. Physical to virtual (P2V): Move a Solaris 10 global zone (entire system) into a Solaris 10 Container under Solaris 11

In both cases you first create an archive - an image of the system to move - and then use the archive contents to build a Solaris 10 Container under Solaris 11.

Note that zones don't "nest" - a zone does not itself contain zones. If we are moving a Solaris 10 system that contains zones, we move each zone to a Solaris 11 zone, and then (if it has any applications itself) move the global zone too.

Before we actually install the first Solaris 10 zone we must install prerequisite software for the brand:

root@s11:/# pkg install system/zones/brand/s10
               Packages to install:     1
           Create boot environment:    No
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                                  1/1       35/35      0.4/0.4

PHASE                                        ACTIONS
Install Phase                                  63/63 

PHASE                                          ITEMS
Package State Update Phase                       1/1 
Image State Update Phase                         2/2 

V2V: moving a zone from Solaris 10 to Solaris 11

The next step is to log into the Solaris 10 system and create an archive of the Solaris 10 zone. I'm storing the archive on an NFS server that is also accessed by the Solaris 11 system that will host the zone.

s10# zoneadm -z s10zone1 ready 
s10# zoneadm list -civ
  ID NAME             STATUS     PATH                           BRAND    IP    
   0 global           running    /                              native   shared
   4 s10zone1         ready      /zones/s10zone1                native   shared
s10# cd /zones
s10# find s10zone1 -print | cpio -oP@ | gzip >/mnt/s10flar/s10zone1.cpio.gz 
5746740 blocks

The zone is defined on Solaris 11 in the usual way, with one exception: the brand. Note how you specify it in the zonecfg command and how it appears in zoneadm list. Note: In full Solaris 11, the brand was renamed to SYSsolaris10.

root@s11:/# zonecfg -z s10zone1
s10zone1: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:s10zone1> create -t SUNWsolaris10 
zonecfg:s10zone1> set zonepath=/zones/s10zone1
zonecfg:s10zone1> set autoboot=false
zonecfg:s10zone1> add net
zonecfg:s10zone1:net> set physical=e1000g0
zonecfg:s10zone1:net> set address=192.168.56.201
zonecfg:s10zone1:net> end
zonecfg:s10zone1> verify
zonecfg:s10zone1> commit
zonecfg:s10zone1> exit
root@s11:/# zoneadm list -civ
  ID NAME             STATUS     PATH                           BRAND    IP    
   0 global           running    /                              ipkg     shared
   - s11zone1         installed  /zones/s11zone1                ipkg     shared
   - s10zone1         configured /zones/s10zone1                solaris10 shared

At this point we can attach the zone pointing to the archive file created previously. The syntax says "attach the zone's contents using the specified archive." This feature is available in Solaris 10 to permit planned movement of zones between servers; it is now enhanced to preserve Solaris 10 identity under a Solaris 11 kernel.

root@s11:/# zoneadm  -z s10zone1 attach -a /mnt/away/s10flar/s10zone1.cpio.gz
Log File: /var/tmp/s10zone1.attach_log.NKaWve
Attaching...

Attach complete.
Log File: /zones/s10zone1/root/var/log/s10zone1.attach2131.log
root@s11:/# zoneadm -z s10zone1 boot
root@s11:/# zoneadm list -civ
  ID NAME             STATUS     PATH                           BRAND    IP    
   0 global           running    /                              ipkg     shared
   2 s10zone1         running    /zones/s10zone1                solaris10 shared
   - s11zone1         installed  /zones/s11zone1                ipkg     shared
I logged into the new zone's console and let it boot up - voila! It thinks its Solaris 10.
root@s11:# zlogin -C s10zone1
[Connected to zone 's10zone1' console]

[NOTICE: Zone booting up]


SunOS Release 5.10 Version Generic_Virtual 64-bit
Copyright (c) 1983, 2010, Oracle and/or its affiliates. All rights reserved.
Hostname: s10zone1
Loading smf(5) service descriptions: 1/1

s10zone1 console login:  root
Password: 
Dec  9 11:50:10 s10zone1 login: ROOT LOGIN /dev/console
Last login: Wed Dec  8 13:14:23 on console
Oracle Corporation      SunOS 5.10      Generic Patch   January 2005
# bash
s10# uname -a
SunOS s10zone1 5.10 Generic_Virtual i86pc i386 i86pc
s10# zonename -a
s10zone1

Whatever applications were installed on the zone under Solaris 10 have been migrated to the Solaris 10 zone running under Solaris 11. This makes it possible to quickly exploit new Solaris 11 features (such as network virtualization, ZFS deduplication, or ZFS encryption) in a compatible environment without the need to reinstall.

P2V: moving a Solaris 10 global zone to a Solaris 11 zone

Since that was so much fun, let's do the same for the full Solaris 10 system at the global zone. First, let's start collecting the flash archive. The following command, executed in the Solaris 10 global zone, creates an archive file and places it in an NFS filesystem.

s10gz# flarcreate -S -n s10guest -L cpio /mnt/s10flar/s10guest.flar
Archive format requested is cpio
This archiver format is NOT VALID for flash installation of ZFS root pool.
This format is useful for installing the system image into a zone.
Reissue command without -L option to produce an archive for root pool install.
Full Flash
Checking integrity...
Integrity OK.
Running precreation scripts...
Precreation scripts done.
Creating the archive...
6153384 blocks
Archive creation complete.
Running postcreation scripts...
Postcreation scripts done.

Running pre-exit scripts...
Pre-exit scripts done.
s10gz# ls -l /mnt/s10flar/s10guest.flar
-rw-r--r--+  1 root     root     3150542187 Dec  8 14:20 /mnt/s10flar/s10guest.flar

That process takes several minutes - so while it's cooking I defined the zone under Solaris 11 via zonecfg. In practice I would capture configuration data from the source system, including IP addresses and hostids. Otherwise, except for the brand (see where I highlight it below), this is the same as defining a regular zone. Again note that in full Solaris 11 the brand has been renamed to SYSsolaris10.

root@s11:/# zonecfg -z s10guest
s10guest: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:s10guest> create -t SUNWsolaris10
zonecfg:s10guest> set autoboot=false
zonecfg:s10guest> set zonepath=/zones/s10guest
zonecfg:s10guest> add net
zonecfg:s10guest:net> set physical=e1000g0
zonecfg:s10guest:net> set address=192.168.56.200
zonecfg:s10guest:net> end
zonecfg:s10guest> verify
zonecfg:s10guest> commit
zonecfg:s10guest> exit
root@s11:/# zoneadm list -civ
  ID NAME             STATUS     PATH                           BRAND    IP    
   0 global           running    /                              ipkg     shared
   2 s10zone1         running    /zones/s10zone1                solaris10 shared
   - s11zone1         installed  /zones/s11zone1                ipkg     shared
   - s10guest         configured /zones/s10guest                solaris10 shared

Now I'll build the zone from the Solaris 10 system archive. The syntax is slightly different from importing a Solaris 10 zone, since this time we're not migrating a zone to a zone, but encapsulating a physical OS instance within a zone.

root@s11:# time zoneadm -z s10guest install -u -a /mnt/s10flar/s10guest.flar
A ZFS file system has been created for this zone.
      Log File: /var/tmp/s10guest.install_log.h6aOzc
    Installing: This may take several minutes...
Postprocessing: This may take a while...
   Postprocess: Updating the image to run within a zone

        Result: Installation completed successfully.
      Log File: /zones/s10guest/root/var/log/s10guest.install1151.log

real    12m22.426s
user    0m49.506s
sys     2m49.831s
root@s11:# zoneadm list -civ
  ID NAME             STATUS     PATH                           BRAND    IP    
   0 global           running    /                              ipkg     shared
   - s11zone1         installed  /zones/s11zone1                ipkg     shared
   - s10zone1         installed  /zones/s10zone1                solaris10 shared
   - s10guest         installed  /zones/s10guest                solaris10 shared

At this point I can just start the zone via zoneadm boot. At the zone's console I answer the usual configuration questions (I could have had it preconfigured if I wanted too), and then see a Solaris 10 boot sequence.

root@s11# zlogin -C s10guest
[Connected to zone 's10guest' console]

[NOTICE: Zone booting up]

SunOS Release 5.10 Version Generic_Virtual 64-bit
Copyright (c) 1983, 2010, Oracle and/or its affiliates. All rights reserved.
Hostname: s10guest
Loading smf(5) service descriptions: 1/1

... skip over typical  configuration questions ...

s10guest console login: root
Password: 
Dec 11 11:40:48 s10guest login: ROOT LOGIN /dev/console
Last login: Tue Dec  7 14:00:34 on console
Oracle Corporation      SunOS 5.10      Generic Patch   January 2005
# cat /etc/release
                    Oracle Solaris 10 9/10 s10x_u9wos_14a X86
     Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
                            Assembled 11 August 2010
# uname -a
SunOS s10guest 5.10 Generic_Virtual i86pc i386 i86pc

As with the Solaris 10 zone moved to Solaris 11, this new zone has a Solaris 10 identity under a Solaris 11 OS level, with all its applications, customization, and userids defined and ready to run.

Summary

In this exercise, I described zones' properties, and demonstrated how to install Solaris 11 zones under Solaris 11, and how to move non-global zones or complete global zone environments from Solaris 10. Zones are an extremely powerful and useful server virtualization technology, enhanced several ways in Solaris 11.

One of the new features is the ability to import virtualized Solaris 10 environments under a Solaris 11 kernel - making it easier to quickly migrate to Solaris 11 and start leveraging its new capabilities. This applies whether an application is running in a non-global zone under Solaris 10, or in the global zone. Later, when convenient, the application contents can be migrated to a regular Solaris 11 zone.

Comments:

are they ok for all operating system?

Posted by andrew on January 02, 2011 at 03:30 PM MST #

Zones are a feature of Solaris - it doesn't apply to other operating systems.

Posted by Jeffrey Savit on January 02, 2011 at 11:49 PM MST #

You say: "In Solaris 10, "sparse root" zones conserve disk space and permit fast zone creation by sharing a single instance of key file systems (like /usr) read-only among multiple zones. ". The other big value in sparse root zones, that seems to have been overlooked in all the OpenSolaris/Solaris 11 talk is the ability to patch once in the global zone and all the sparse root zones get patched. How does the new zone model replace this? Does it still enable me to save on administrator effort, or do I now have to manage patches on a per zone basis?

Saving disk space and saving installation time are pretty small wins if it means more admin time in patching - that's the bigger cost to the organization.

Thank you for the write up.

Posted by Liam on January 05, 2011 at 02:15 AM MST #

Hi Liam,

I absolutely agree with you that the big savings to aim for is administrative effort. My understanding is that \*at this moment\* - for \*now\* - you don't get the "apply one package update and it covers all your zones" benefit. Please look at document 821-1460 "System Administration Guide: Oracle Solaris Zones, Oracle Solaris 10 Containers, and Resource Management" page 302, which suggests a workaround of doing the pkg image-update in global zone, and then after reboot doing a "zoneadm detach" followed by "zoneadm attach" with "-u" option. I'm hoping that a more elegant (or automated) solution arrives.

Posted by Jeffrey Savit on January 05, 2011 at 05:30 AM MST #

Post a Comment:
Comments are closed for this entry.
About

jsavit

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today