Solaris 10 Branded Zones

One of the powerful features of Solaris 11 is the ability to run a Solaris 10 environment in a zone. Solaris 10 allows you to run Solaris 8 and 9 environments in zones, but only on SPARC. 

Unfortunately, you can't just create a Solaris 10 zone from scratch - you have to have an existing Solaris 10 environment. That environment can be either a Solaris 10 instance or a Solaris 10 zone. 

Step 1: Pick a Solaris 10 Instance to Migrate

For this exercise, I'm going to migrate a complete Solaris 10 installation (not a Solaris 10 zone). The Solaris 10 9/10 VirtualBox VM is a great candidate, so that's what I'm going to use. If you're interested in migrating a Solaris 10 zone, see: Migrating an Oracle Solaris 10 native Non-Global Zone Into an Oracle Solaris 10 Container.

Step 2: Set Up Common Storage

We need to create an archive of the Solaris 10 system. Ideally, that archive would be written to and read from the same location. Since we're using VirtualBox, the host system makes a great common storage location. So, on the host system, set up an NFS share if you don't already have one.

Step 3: Create the Archive

As documented in Assessing an Oracle Solaris 10 System and Creating an Archive, note the Solaris 10 system's hostid:

bash-3.00# hostid
3198b62f

Then create the image, writing the archive to the NFS share on the host system:

bash-3.00# flarcreate -S -n s10-system -L cpio /net/10.0.1.3/export/home/bleonard/share/s10-system.flar Archive format requested is cpio
This archiver format is NOT VALID for flash installation of ZFS root pool.
This format is useful for installing the system image into a zone.
Reissue command without -L option to produce an archive for root pool install.
Full Flash
Checking integrity...
Integrity OK.
Running precreation scripts...
Precreation scripts done.
Creating the archive...
6917057 blocks
Archive creation complete.
Running postcreation scripts...
Postcreation scripts done.

Running pre-exit scripts...
Pre-exit scripts done.

The 3.3G file takes about 30 minutes to create.

Step 4: Install the s10 Package

The s10 package provides support for the Solaris 10 Branded Zone. Just click Install to install it.

Step 5: Create a ZFS File System for the Zones

If you already have a ZFS file system for your zones, you can skip this step:

bleonard@solaris:~$ sudo zfs create -o mountpoint=/zones rpool/zones
Password:

Step 6: Create a VNIC for the Zone

This is optional as you could elect to use shared networking, but why not take advantage of network virtualization?

bleonard@solaris:~$ sudo dladm create-vnic -l e1000g0 s10zone0

Step 7: Configure the Zone

The key difference here from creating a standard zone is the zone type is set to SUNWsolaris10:

bleonard@solaris:~$ sudo zonecfg -z s10-zone
s10-zone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:s10-zone> create -t SUNWsolaris10
zonecfg:s10-zone> set zonepath=/zones/s10-zone
zonecfg:s10-zone> set ip-type=exclusive
zonecfg:s10-zone> add net
zonecfg:s10-zone:net> set physical=s10zone0
zonecfg:s10-zone:net> end
zonecfg:s10-zone> set hostid=<solaris 10 host id>
zonecfg:s10-zone> verify
zonecfg:s10-zone> commit
zonecfg:s10-zone> exit

Step 8: Install the Zone

You'll be installing the zone from the flash archive that was created in step 3. I'll be installing the zone unconfigured (If you wish to preserve the zone configuration, replace the -u with -p, but I've had mixed luck with this approach):

bleonard@solaris:~$ sudo zoneadm -z s10-zone install -a /export/home/bleonard/share/s10-system.flar -u
A ZFS file system has been created for this zone.
      Log File: /var/tmp/s10-zone.install_log.fUa4Lh
    Installing: This may take several minutes...
Postprocessing: This may take a while...
   Postprocess: Updating the image to run within a zone

        Result: Installation completed successfully.
      Log File: /zones/s10-zone/root/var/log/s10-zone.install3809.log

The installation should take about 25 minutes to complete.

Step 9: Configure Solaris 10

This step can be done interactively when the zone is first booted, but I like to automate it by providing a sysidcfg file. See How to Use an /etc/sysidcfg for more information:

bleonard@solaris:~$ sudo cat /zones/s10-zone/root/etc/sysidcfg
system_locale=C
terminal=xterms
network_interface=s10zone0 {
	hostname=s10-zone
	ip_address=10.0.2.25
        default_route=NONE
	netmask=255.255.255.0
 	protocol_ipv6=no}
security_policy=none
name_service=NONE
nfs4_domain=domain
timezone=US/Eastern
root_password=N4l3cWQb/s9zY 

The above root password is "solaris".

Step 10: Boot the Zone

bleonard@solaris:~$ sudo zoneadm -z s10-zone boot
Password:

Step 11: Log Into the Zone

If you attempt to log in immediately after the boot command, you'll need to wait a couple of minutes for the Solaris 10 system configuration to complete before the login prompt appears. Don't fear the message about s10zone0 not being a valid network interface - it configures just fine:

bleonard@solaris:~$ sudo zlogin -C s10-zone bleonard@solaris:~$ sudo zlogin -C s10-zone
[Connected to zone 's10-zone' console]
Hostname: s10-zone
Loading smf(5) service descriptions: 1/1
 network_interface=s10zone0 {
 \^                 
s10zone0 is not a valid network interface  line 3 position 19
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair
Configuring network interface addresses: s10zone0.
Mar 10 13:32:14 s10-zone sendmail[7277]: My unqualified host name (s10-zone) unknown; sleeping for retry

s10-zone console login: root
Password: solaris
Mar 10 13:32:32 s10-zone login: ROOT LOGIN /dev/console
Last login: Thu Feb 24 13:50:44 on console
Oracle Corporation      SunOS 5.10      Generic Patch   January 2005
-bash-3.00# cat /etc/release 
                    Oracle Solaris 10 9/10 s10x_u9wos_14a X86
     Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
                            Assembled 11 August 2010

To get rid of the "unqualified host name" messages from sendmail, add s10-zone.local to /etc/inet/hosts as follows:

-bash-3.00# cat /etc/hosts
#
# Internet host table
#
127.0.0.1       localhost       
::1     localhost       
10.0.2.25       s10-zone        loghost s10-zone.local

Step 12: Use

Now that you have a Solaris 10 zone, it's up to you to decide what to do with it. If you migrated over a Solaris 10 system with applications, then you should be able to quickly get them up and running in the zone. One of the nice benefits of running a Solaris 10 zone in Solaris 11 is the ability to take advantage of new features like network virtualization and zonestat:

bleonard@solaris:~$ zonestat 5
Collecting data for first interval...
Interval: 1, Duration: 0:00:05
SUMMARY                    Cpus/Online: 1/1   Physical: 1535M    Virtual: 2512M
                    ----------CPU---------- ----PHYSICAL----- -----VIRTUAL-----
               ZONE  USED %PART  %CAP %SHRU  USED   PCT  %CAP  USED   PCT  %CAP
            [total]  0.22 22.8%     -     - 1113M 72.4%     - 1338M 53.2%     -
           [system]  0.08 8.73%     -     -  423M 27.5%     -  728M 29.0%     -
             global  0.12 12.8%     -     -  543M 35.3%     -  453M 18.0%     -
           s10-zone  0.01 1.22%     -     -  146M 9.55%     -  156M 6.22%     -

For a great introdution to zonestat, check out Jeff Victor's blog entries: All New Zonestat!, and All New Zonestat - Part 2.

Comments:

If my Solaris 10 system has combination of sparse and whole root zones, can I actually run this solaris 10 system under Solaris 11 ?

Posted by Ubersol on March 12, 2011 at 07:06 AM GMT #

No, because zones cannot be nested. You would move the individual zones over one at a time followed by the global zone if you need that as well.

Posted by W Brian Leonard on March 12, 2011 at 02:19 PM GMT #

If only it was this easy. Does not seem to work.

zoneadm install complains that zonepath is not a dataset.
zonecfg won't allow you to set zonepath to a dataset.

Posted by Isaac Behrens on March 15, 2011 at 09:59 AM GMT #

Isaac, it should be this easy (I've repeated these steps several times). Did you do step 5, creating a ZFS file system for the zone? What are you trying to set your zonepath to?

Posted by W Brian Leonard on March 15, 2011 at 12:21 PM GMT #

machine-name$ uname -a
SunOS sdps-ibehr 5.11 snv_151a i86pc i386 i86pc Solaris

Trying to adjust zonecfg:
machine-name$ pfexec zonecfg -z solaris10u9
zonecfg:solaris10u9> set zonepath=datapl/zones/solaris10u9
datapl/zones/solaris10u9 is not an absolute path.

Zonecfg:
machine-name$ pfexec zonecfg -z solaris10u9 info
zonename: solaris10u9
zonepath: /zones/solaris10u9
brand: solaris10
autoboot: false
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
hostid: 0001009
fs-allowed:
net:
address not specified
allowed-address not specified
physical: vnic10u9
defrouter not specified

Zone install command:
pfexec zoneadm -z solaris10u9 install -a /net/<server>/export/install/flar10u9.x4470.zfs.flar -u /tmp/sysidcfg

Posted by Isaac Behrens on March 15, 2011 at 02:31 PM GMT #

Sorry left this out....

machine-name$ pfexec zoneadm -z solaris10u9 install -a /net/<server>/export>
Log File: /var/tmp/solaris10u9.install_log.H.a4_N
ERROR: No zonepath dataset; the zonepath must be a ZFS dataset.

Posted by Isaac Behrens on March 15, 2011 at 02:49 PM GMT #

Do you know if there is an open bug for using zoneadm to clone a solaris10 branded zone?

It doesn't appear to create a snapshot for the zone, like it does for solaris9 or solaris8.

IOW, doing this:

zoneadm -z s10-zone-clone clone s10-zone

does NOT produce a snapshot like this:

pool/s10-zone@SUNWzone1

which is suitable for cloning with the '-s' option of the zoneadm command.

Also, the -s option produces the following message:

/usr/lib/brand/solaris10/clone: -s: unknown option
solaris10 brand usage: clone {sourcezone}.
usage: clone [-m method] [-s <ZFS snapshot>] [brand-specific args] zonename

(There was an similar bug for the ipkg brand on OpenSolaris: https://defect.opensolaris.org/bz/show_bug.cgi?id=17387)

Posted by Doug on March 16, 2011 at 05:34 PM GMT #

Is this strictly for OpenSolaris on x86? Can you do this with SPARC?

Posted by svrocket on March 16, 2011 at 10:35 PM GMT #

I've only tried SPARC so far:

SunOS sumo 5.11 snv_151a sun4u sparc SUNW,Sun-Fire-V240 Solaris

Posted by Doug on March 16, 2011 at 10:49 PM GMT #

BTW, it seems to be working on Solaris 10 (1009):

bash-3.00# zoneadm -z s10-zone-02 clone s10-zone-01
Cloning snapshot rpool/zones/s10-zone-01@SUNWzone1
Instead of copying, a ZFS clone has been created for this zone.
grep: can't open /a/etc/dumpadm.conf

bash-3.00# zoneadm -z s10-zone-03 clone -s rpool/zones/s10-zone-01@SUNWzone1 s10-zone-01
Cloning snapshot rpool/zones/s10-zone-01@SUNWzone1
grep: can't open /a/etc/dumpadm.conf

bash-3.00# zoneadm -z s10-zone-03 boot

bash-3.00# zoneadm list -v
ID NAME STATUS PATH BRAND IP
0 global running / native shared
19 s9-zone-01 running /zones/s9-zone-01 solaris9 shared
20 s9-zone-02 running /zones/s9-zone-02 solaris9 shared
21 s9-zone-03 running /zones/s9-zone-03 solaris9 shared
22 s8-zone-01 running /zones/s8-zone-01 solaris8 shared
23 s8-zone-02 running /zones/s8-zone-02 solaris8 shared
26 s10-zone-03 running /zones/s10-zone-03 native shared

bash-3.00# zlogin s10-zone-03
[Connected to zone 's10-zone-03' pts/2]
Oracle Corporation SunOS 5.10 Generic Patch January 2005
# exec bash
bash-3.00# hostname
s10-zone-03

Posted by Doug on March 17, 2011 at 11:25 AM GMT #

Of course, that was a native Solaris 10 zone. It worked as well for the solaris9 and solaris8 brands.

Posted by Doug on March 17, 2011 at 11:31 AM GMT #

Isaac,

What's the output of:

$ zfs list datapl/zones

You want to set your zonepath to the MOUNTPOINT listed in the output of that command plus the zone name. Instead, you are incorrectly setting your zonepath to the dataset name.

Regards
Brian

Posted by William Leonard on March 17, 2011 at 11:54 AM GMT #

I have tried both setting the dataset and its mount point. My point is that when I do the zoneadm install it says I have to set it to a dataset not a direct path but zonecfg only lets me set the direct path/mount point.

ibehr@sdps-ibehr:/export/home/ibehr$ zfs list | grep datapl/zones
datapl/zones 99K 178G 37K /zones
datapl/zones/solaris10u6 31K 178G 31K /zones/solaris10u6
datapl/zones/solaris10u9 31K 178G 31K /zones/solaris10u9

See the following output of the install:
machine-name$ pfexec zoneadm -z solaris10u9 install -a /net/<server>/export/install/flar/10u9.x4470.zfs.flar -u /tmp/sysidcfg
Log File: /var/tmp/solaris10u9.install_log.1Ua44S
ERROR: No zonepath dataset; the zonepath must be a ZFS dataset.

Posted by Isaac Behrens on March 17, 2011 at 12:37 PM GMT #

Isaac,

Have you been able to create standard zones successfully and you're just seeing this problem with the Solaris 10 branded zone?

/Brian

Posted by W Brian Leonard on March 17, 2011 at 02:27 PM GMT #

Normal zones build fine.

Posted by Isaac Behrens on March 18, 2011 at 07:23 AM GMT #

Doug, I just created a bug on our internal system for your issue. The ID is 7028718.

Regards,
Brian

Posted by W Brian Leonard on March 18, 2011 at 07:26 AM GMT #

I could setup a Solaris 10 zone on my Solaris 11 SPARC system with the steps given above. Thanks a lot for that. I have a question though regarding the backup/copy of this zone for two requirements. First, let's say I lose/corrupt this zone for some reason and I would want to restore this zone again. Second, I want to just copy this zone to another Solaris 11 system to avoid setting up zone again.

How can I achieve this? Are steps the same for the two requirements above?

Posted by sandeep on November 29, 2013 at 07:20 AM GMT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

The Observatory is a blog for users of Oracle Solaris. Tune in here for tips, tricks and more as we explore the Solaris operating system from Oracle.

Connect with Oracle Solaris:


Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today