Ours Goes To 11 - Features of Oracle Solaris 11
By jsavit on Jan 02, 2011
Solaris 11 zones - fundamentals
Zones, also called Solaris Containers, are a lightweight virtualization feature of Solaris, introduced with Solaris 10 and widely deployed by customers. Zones behave like private instances of Solaris, and have negligible overhead and native performance. They need much less CPU, memory, and disk space than full virtual machines, and are an ideal technology for consolidating Solaris systems and applications.
Zones in Solaris 11 differ from Solaris 10 in several respects.
One difference is that the distinction in Solaris 10 between "whole root" vs. "sparse root" goes away.
In Solaris 10, "sparse root" zones conserve disk space and permit fast zone creation
by sharing a single instance of key file systems (like
/usr) read-only among multiple zones.
In Solaris 11, the root file system is ZFS and zone creation leverages ZFS
clones for similar space and time savings.
As a result system administrators no longer have to choose between different types of zone.
To demonstrate this, let's build a regular S11 zone first. This is running in a Solaris 11 guest in VirtualBox hosted on Solaris 11 on a Acer desktop system. Note that the brand is now called 'ipkg', instead 'native' as on Solaris 10.
root@s11:# zoneadm list -civ ID NAME STATUS PATH BRAND IP 0 global running / ipkg shared root@s11:# zonecfg -z s11zone1 s11zone1: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:s11zone1> create zonecfg:s11zone1> set zonepath=/zones/s11zone1 zonecfg:s11zone1> set autoboot=false zonecfg:s11zone1> add net zonecfg:s11zone1:net> set physical=e1000g0 zonecfg:s11zone1:net> set address=192.168.56.205 zonecfg:s11zone1:net> end zonecfg:s11zone1> verify zonecfg:s11zone1> commit zonecfg:s11zone1> exit root@s11:# zoneadm list -civ ID NAME STATUS PATH BRAND IP 0 global running / ipkg shared - s11zone1 configured /zones/s11zone1 ipkg shared root@s11:# zoneadm -z s11zone1 install A ZFS file system has been created for this zone. Publisher: Using solaris (file:///mnt/repo/repo/ ). Image: Preparing at /zones/s11zone1/root. Sanity Check: Looking for 'entire' incorporation. Installing: Core System (output follows) ------------------------------------------------------------ Package: pkg://firstname.lastname@example.org,5.11-0.151.0.1:20101104T230646Z License: usr/src/pkg/license_files/lic_OTN Oracle Technology Network Developer License Agreement Oracle Solaris, Oracle Solaris Cluster and Oracle Solaris ... many lines of text about downloads, licenses and export control omitted... ... ... Next Steps: Boot the zone, then log into the zone console (zlogin -C) to complete the configuration process. root@s11:# zoneadm list -civ ID NAME STATUS PATH BRAND IP 0 global running / ipkg shared - s11zone1 installed /zones/s11zone1 ipkg shared
Hey - what's this "noise" all about? Another difference is that Solaris 11 use a different style of packaging, and inhales software (from a network repository) necessary to build its "brand."
Installing the zone takes several minutes and a few hundred MB of disk space. Cloning this zone took under 15 seconds elapsed time, under 3 seconds of CPU time, and had a disk footprint of only a few megabytes. Cloning is the most efficient way to create new virtual instances. More important, it makes it easy to create 'cookie cutter' virtual environments populated with application software by doing software installation and customization once in the prototype zone, and then making as many copies as needed. This is not new with Solaris 11: Solaris 10 has this feature as well.
root@s11:# time zonecfg -z newzone1 ... dialog much like the previous zonecfg ... root@s11:# time zoneadm -z newzone1 clone s11zone1 real 0m14.614s user 0m1.062s sys 0m1.859s root@s11:# zoneadm list -civ ID NAME STATUS PATH BRAND IP 0 global running / ipkg shared - s11zone1 installed /zones/s11zone1 ipkg shared - newzone1 installed /zones/newzone1 ipkg shared ... take a few seconds to boot the zone and initialize its services, then ... root@s11:# zfs list rpool/export/home/zones/newzone1 NAME USED AVAIL REFER MOUNTPOINT rpool/export/home/zones/newzone1 6.06M 9.98G 34K /zones/newzone1
Moving Solaris 10 systems into Solaris 11
So far, all of this is completely mundane. Let's get to the "10 under 11" content now. We have two different types of migration, both of which permit a Solaris 10 environment to be moved to a zone under Solaris 11, while retaining its Solaris 10 identity.
- Virtual to virtual (V2V): Move a non-global zone from a Solaris 10 system into a Solaris 10 Container under Solaris 11
- Physical to virtual (P2V): Move a Solaris 10 global zone (entire system) into a Solaris 10 Container under Solaris 11
In both cases you first create an archive - an image of the system to move - and then use the archive contents to build a Solaris 10 Container under Solaris 11.
Note that zones don't "nest" - a zone does not itself contain zones. If we are moving a Solaris 10 system that contains zones, we move each zone to a Solaris 11 zone, and then (if it has any applications itself) move the global zone too.
Before we actually install the first Solaris 10 zone we must install prerequisite software for the brand:
root@s11:/# pkg install system/zones/brand/s10 Packages to install: 1 Create boot environment: No DOWNLOAD PKGS FILES XFER (MB) Completed 1/1 35/35 0.4/0.4 PHASE ACTIONS Install Phase 63/63 PHASE ITEMS Package State Update Phase 1/1 Image State Update Phase 2/2
V2V: moving a zone from Solaris 10 to Solaris 11
The next step is to log into the Solaris 10 system and create an archive of the Solaris 10 zone. I'm storing the archive on an NFS server that is also accessed by the Solaris 11 system that will host the zone.
s10# zoneadm -z s10zone1 ready s10# zoneadm list -civ ID NAME STATUS PATH BRAND IP 0 global running / native shared 4 s10zone1 ready /zones/s10zone1 native shared s10# cd /zones s10# find s10zone1 -print | cpio -oP@ | gzip >/mnt/s10flar/s10zone1.cpio.gz 5746740 blocks
The zone is defined on Solaris 11 in the usual way, with one exception: the brand.
Note how you specify it in the
zonecfg command and how it appears
zoneadm list. Note: In full Solaris 11, the brand was renamed to SYSsolaris10.
root@s11:/# zonecfg -z s10zone1 s10zone1: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:s10zone1> create -t SUNWsolaris10 zonecfg:s10zone1> set zonepath=/zones/s10zone1 zonecfg:s10zone1> set autoboot=false zonecfg:s10zone1> add net zonecfg:s10zone1:net> set physical=e1000g0 zonecfg:s10zone1:net> set address=192.168.56.201 zonecfg:s10zone1:net> end zonecfg:s10zone1> verify zonecfg:s10zone1> commit zonecfg:s10zone1> exit root@s11:/# zoneadm list -civ ID NAME STATUS PATH BRAND IP 0 global running / ipkg shared - s11zone1 installed /zones/s11zone1 ipkg shared - s10zone1 configured /zones/s10zone1 solaris10 shared
At this point we can attach the zone pointing to the archive file created previously. The syntax says "attach the zone's contents using the specified archive." This feature is available in Solaris 10 to permit planned movement of zones between servers; it is now enhanced to preserve Solaris 10 identity under a Solaris 11 kernel.
root@s11:/# zoneadm -z s10zone1 attach -a /mnt/away/s10flar/s10zone1.cpio.gz Log File: /var/tmp/s10zone1.attach_log.NKaWve Attaching... Attach complete. Log File: /zones/s10zone1/root/var/log/s10zone1.attach2131.log root@s11:/# zoneadm -z s10zone1 boot root@s11:/# zoneadm list -civ ID NAME STATUS PATH BRAND IP 0 global running / ipkg shared 2 s10zone1 running /zones/s10zone1 solaris10 shared - s11zone1 installed /zones/s11zone1 ipkg sharedI logged into the new zone's console and let it boot up - voila! It thinks its Solaris 10.
root@s11:# zlogin -C s10zone1 [Connected to zone 's10zone1' console] [NOTICE: Zone booting up] SunOS Release 5.10 Version Generic_Virtual 64-bit Copyright (c) 1983, 2010, Oracle and/or its affiliates. All rights reserved. Hostname: s10zone1 Loading smf(5) service descriptions: 1/1 s10zone1 console login: root Password: Dec 9 11:50:10 s10zone1 login: ROOT LOGIN /dev/console Last login: Wed Dec 8 13:14:23 on console Oracle Corporation SunOS 5.10 Generic Patch January 2005 # bash s10# uname -a SunOS s10zone1 5.10 Generic_Virtual i86pc i386 i86pc s10# zonename -a s10zone1
Whatever applications were installed on the zone under Solaris 10 have been migrated to the Solaris 10 zone running under Solaris 11. This makes it possible to quickly exploit new Solaris 11 features (such as network virtualization, ZFS deduplication, or ZFS encryption) in a compatible environment without the need to reinstall.
P2V: moving a Solaris 10 global zone to a Solaris 11 zone
Since that was so much fun, let's do the same for the full Solaris 10 system at the global zone. First, let's start collecting the flash archive. The following command, executed in the Solaris 10 global zone, creates an archive file and places it in an NFS filesystem.
s10gz# flarcreate -S -n s10guest -L cpio /mnt/s10flar/s10guest.flar Archive format requested is cpio This archiver format is NOT VALID for flash installation of ZFS root pool. This format is useful for installing the system image into a zone. Reissue command without -L option to produce an archive for root pool install. Full Flash Checking integrity... Integrity OK. Running precreation scripts... Precreation scripts done. Creating the archive... 6153384 blocks Archive creation complete. Running postcreation scripts... Postcreation scripts done. Running pre-exit scripts... Pre-exit scripts done. s10gz# ls -l /mnt/s10flar/s10guest.flar -rw-r--r--+ 1 root root 3150542187 Dec 8 14:20 /mnt/s10flar/s10guest.flar
That process takes several minutes - so while it's cooking I defined the zone under Solaris 11
In practice I would capture configuration data from the source system, including IP addresses and hostids.
Otherwise, except for the brand (see where I highlight it below), this is the same as defining a regular zone.
Again note that in full Solaris 11 the brand has been renamed to SYSsolaris10.
root@s11:/# zonecfg -z s10guest s10guest: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:s10guest> create -t SUNWsolaris10 zonecfg:s10guest> set autoboot=false zonecfg:s10guest> set zonepath=/zones/s10guest zonecfg:s10guest> add net zonecfg:s10guest:net> set physical=e1000g0 zonecfg:s10guest:net> set address=192.168.56.200 zonecfg:s10guest:net> end zonecfg:s10guest> verify zonecfg:s10guest> commit zonecfg:s10guest> exit root@s11:/# zoneadm list -civ ID NAME STATUS PATH BRAND IP 0 global running / ipkg shared 2 s10zone1 running /zones/s10zone1 solaris10 shared - s11zone1 installed /zones/s11zone1 ipkg shared - s10guest configured /zones/s10guest solaris10 shared
Now I'll build the zone from the Solaris 10 system archive. The syntax is slightly different from importing a Solaris 10 zone, since this time we're not migrating a zone to a zone, but encapsulating a physical OS instance within a zone.
root@s11:# time zoneadm -z s10guest install -u -a /mnt/s10flar/s10guest.flar A ZFS file system has been created for this zone. Log File: /var/tmp/s10guest.install_log.h6aOzc Installing: This may take several minutes... Postprocessing: This may take a while... Postprocess: Updating the image to run within a zone Result: Installation completed successfully. Log File: /zones/s10guest/root/var/log/s10guest.install1151.log real 12m22.426s user 0m49.506s sys 2m49.831s root@s11:# zoneadm list -civ ID NAME STATUS PATH BRAND IP 0 global running / ipkg shared - s11zone1 installed /zones/s11zone1 ipkg shared - s10zone1 installed /zones/s10zone1 solaris10 shared - s10guest installed /zones/s10guest solaris10 shared
At this point I can just start the zone via
At the zone's console I answer the usual configuration questions (I could have had it preconfigured
if I wanted too), and then see a Solaris 10 boot sequence.
root@s11# zlogin -C s10guest [Connected to zone 's10guest' console] [NOTICE: Zone booting up] SunOS Release 5.10 Version Generic_Virtual 64-bit Copyright (c) 1983, 2010, Oracle and/or its affiliates. All rights reserved. Hostname: s10guest Loading smf(5) service descriptions: 1/1 ... skip over typical configuration questions ... s10guest console login: root Password: Dec 11 11:40:48 s10guest login: ROOT LOGIN /dev/console Last login: Tue Dec 7 14:00:34 on console Oracle Corporation SunOS 5.10 Generic Patch January 2005 # cat /etc/release Oracle Solaris 10 9/10 s10x_u9wos_14a X86 Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. Assembled 11 August 2010 # uname -a SunOS s10guest 5.10 Generic_Virtual i86pc i386 i86pc
As with the Solaris 10 zone moved to Solaris 11, this new zone has a Solaris 10 identity under a Solaris 11 OS level, with all its applications, customization, and userids defined and ready to run.
In this exercise, I described zones' properties, and demonstrated how to install Solaris 11 zones under Solaris 11, and how to move non-global zones or complete global zone environments from Solaris 10. Zones are an extremely powerful and useful server virtualization technology, enhanced several ways in Solaris 11.
One of the new features is the ability to import virtualized Solaris 10 environments under a Solaris 11 kernel - making it easier to quickly migrate to Solaris 11 and start leveraging its new capabilities. This applies whether an application is running in a non-global zone under Solaris 10, or in the global zone. Later, when convenient, the application contents can be migrated to a regular Solaris 11 zone.