Solaris Zone 及体会

mar9212

Solaris Zones>Solaris Zone 的类型?  - Global Zone:    你在一台物理机器上安装的第一个Solaris操作系统实例,我们用它处理系统级别的管理控制工作.它的zone id恒为0,名字恒为global.    只有在Global Zone(需要root权限),才能对一个Non-Global Zone进行配置,安装,监控,管理及卸载.    只有Global Zone才从系统物理层启动.系统层的管理工作,比如:物理设备,路由,或者动态配置(Dynamic Reconfiguration),只可能在Global Zone进行. （比如：要更改一个local zone的IP,就只能在global zone更改）
  - Non-globar (local) Zone:    Local zone, 运行于Global Zone之上,理论上一个Global Zone上可最多运行8192个Local Zone,实际上受物理硬件条件的限制,可能达不到此数目,也无此必要,否则管理上就太难~了.    以文件系统来源来划分,Local Zone可分为Sparse Root Zone和Whole Root Zone.   
Sparse Root Zone: 默认的Local Zone的文件系统模式.它直接和Global Zone共享Global
Zone的四个核心文件目录(/usr,/lib,/platform及/sbin),所以安装此模式zone所需要的磁盘空间较小(100MB左右),
相应地带来定制灵活度较低的缺点.它只有自己的/etc和/var目~录.    Whole Root Zone:拥有最大的灵活度。拷贝global zone的所有系统文件，可随意定制。不利因素是需较大的磁盘空间。
    备注：local zone的软件包集决定于global zone. 比如:global zone装的是SUNWCuser,local zone是不可能是SUNWCprog.(这个我没有测试过，我猜测的依据是patch的安装，因为大部分的补丁要在global zone上安装的；另一个依据是local zone安装的时候并没有提问需安装的软件包集合。）Zone的资源及属性类型Global Property

• Zonename

unique; case-sensitive; begin with character(a-z,0-9,_,-,.); SUNW* & global是保留字，不能用.

• zonepath

The non-global zone's root path is one level lower. It must be owned by root (global) with the mode 755.
global# mkdir -p -m 700 /etc/zones/my-zone
Path
Description
/etc/zones/my-zone -->(owned by global root with permission 700)
zonecfg zonepath
/etc/zones/my-zone/root
Root of the zone (at global zone)
/etc/zones/my-zone/dev
Devices created for the zone

• autoboot

The zone is automatically booted when the global zone is booted if this property is set to true. Make sure the service svc:/system/zones:default is enabled.

• bootargs (from Solaris 10 8/07)

It
is used to set a boot argument for the zone. It is applied unless
overridden by the reboot, zoneadm boot, or zoneadm reboot commands.

• pool

This
property is used to associate the zone with a resource pool on the
system. Multiple zones can share the resources of one pool.

• limitpriv (from Solaris 10 11/06)

This property is used to specify a privilege mask other than the default.

• scheduling-class (from Solaris 10 8/07)

This property sets the scheduling class for the zone.
You can use the fair share scheduler
(FSS) to control the allocation of available CPU resources among zones,
based on the importance of the workloads in the zone. The workload
importance is expressed by the number of shares of CPU resources that you assign to each zone.
When you explicitly set the cpu-shares
property, the FSS will be used as the scheduling class for the zone.
However, the preferred way to use FSS in this case is to set FSS to be
the system default scheduling class with the dispadmin command.

• ip-type

This property is required to be set only if the zone is an exclusive-IP zone.
Resource

• dedicated-cpu (ncpus, [importance])
  

It specifies that a subset of the system's processors should be dedicated to a non-global zone while it is running.
zonecfg:myzone> add dedicated-cpu
zonecfg:myzone:dedicated-cpu> set ncpus=2-40
zonecfg:myzone:dedicated-cpu> set importance=2
zonecfg:myzone:dedicated-cpu> end
Note: If you specify a range because you want dynamic resource pool behavior,
you must set the importance property && enable the poold
service.

• capped-memory (physical, swap, locked)

Specify the memory limits for the zone. Each limit is optional, but at least one must be set.
zonecfg:my-zone> add capped-memory
zonecfg:my-zone:capped-memory> set physical=50m
zonecfg:my-zone:capped-memory> set swap=100m
zonecfg:my-zone:capped-memory> set locked=30m
zonecfg:my-zone:capped-memory> end

• dataset (name)
  

Adding
a ZFS file system dataset resource enables the delegation of storage
administration to a non-global zone. The zone administrator can create,
modify and destroy file systems within that dataset (ONLY).
#
The following specify that the dataset sales is to be visible and
mounted in the non-global zone and no longer visible in the global zone.
zonecfg:myzone> add dataset
zonecfg:myzone> set name=tank/sales
zonecfg:myzone> end

• fs (dir, special, raw, type, options)
  

This resource parameters supply the values that determines how and where to mount file systems.
When file systems are mounted from within a zone, the nodevices option applies.
PCFS,
TMPFS, UDFS, UFS, LOFS, HSFS, FDFS, XMEMFS --> can be mounted using
zonecfg, can be manually mounted from the global zone into a non-global
zone, can be mounted from within the zone.
NFS, AutoFS, MNTFS, PROCFS --> can NOT be mounted using zonecfg, can be mounted from within the zone

dir - specifies the mount point for the file system

special - specifies the block special device name or directory from the global zone to mount

raw - specifies the raw device on which to run fsck before mounting the file system

type - spcifies file system type

options - specifies mount optionszonecfg:myzone> add fs
zonecfg:myzone:fs> set dir=/mnt
zonecfg:myzone:fs> set special=/dev/dsk/c0t0d0s2
zonecfg:myzone:fs> set raw=/dev/rdsk/c0t0d0s2
zonecfg:myzone:fs> set type=ufs
zonecfg:myzone:fs> set options [nodevices,logging]
zonecfg:myzone:fs> end

• inherit-pkg-dir (dir)
  

This resource should NOT be configured in a whole root zone.
The
contents of software packages transferred into the inherit-pkg-dir
directory are inherited in READ-ONLY mode by the non-global zone. These
resources cannot be modified or removed after the zone has been
installed using zoneadm.
There are four default inherit-pkg-dir resource (/lib, /platform, /sbin, & /usr)are included in the configuration.
### The following specify that /opt/sfw is to be loopback mounted from the global zone.
zonecfg:myzone> add inherit-pkg-dir
zonecfg:myzone:inherit-pkg-dir> set dir=/opt/sfw
zonecfg:myzone:inherit-pkg-dir> end

• net (address, physical)

Note:
For a shared-IP zone, both the IP & the device are specified. For
an exclusive-IP zone, only the physical interface is specified.
### Shared-IP zone. To determine which physical interface to use, type ifconfig -a on your system.
zonecfg:myzone> add net
zonecfg:myzone:net> set physical=hme0
zonecfg:myzone:net> set address=192.168.1.1
zonecfg:myzone:net> end
### Exclusive-IP zone. To determine which data-links are available, use the command dladm show-link.
The data-link must be GLDv3 to be used with exclusive-IP zones, and
non-GLDv3 data-links appear as type: legacy in the dladm show-link
output. Note that ip-type=exclusive must be specified.
zonecfg:myzone> set ip-type=exclusive
zonecfg:myzone> add net
zonecfg:myzone:net> set physical=bge32001
zonecfg:myzone:net> end

• device (match)

### a /dev/pts device is included in a zone.
zonecfg:myzone> add device
zonecfg:myzone:device> set match=/dev/pts*
zonecfg:myzone:device> end

• rctl (name, value)
  

The
rctl resource is used for zone-wide resource controls. The controls are
enabled when the zone transitions from the installed state to the ready
state.
resource_controls:= zone.cpu-shares (preferred: cpu-shares),
zone.max-locked-memory, zone.max-lwps (max-lwps), zone.max-msg-ids
(max-msg-ids), zone.max-sem-ids (max-sem-ids), zone.max-shm-ids
(max-shm-ids), zone.max-shm-memory (max-shm-memory), zone.max-swap
In a zone configuration, the rctl resource type consists of three name/values pairs. The names are priv, limit, and action. Each of the names takes a simple value.
zonecfg:myzone> add rctl
zonecfg:myzone:rctl> set name=zone.cpu-shares
zonecfg:myzone:rctl> add value (priv=privileged,limit=10,action=none)
zonecfg:myzone:rctl> end
zonecfg:myzone> add rctl
zonecfg:myzone:rctl> set name=zone.max-lwps
zonecfg:myzone:rctl> add value (priv=privileged,limit=100,action=deny)
zonecfg:myzone:rctl> end

• attr (name, type, value)
  

### a comment about a zone is added
zonecfg:myzone> add attr
zonecfg:myzone:attr> set name=comment
zonecfg:myzone:attr> set type=string
zonecfg:myzone:attr> set value="Production Zone"
zonecfg:myzone:attr> end
Zonecfgzonecfg -z zonename
zonecfg -z zonename subcommand
zonecfg -z zonename -f command_file
本命令的最终结果就是在global zone的/etc/zones下生成一个.xml文件，此文件包含此的配置参数，系统用此xml文件里的信息来配置zone.
OPTIONS
-f command_file -- Specify the name of zonecfg command file （a text file, one command per line）.
-z zonename     -- Specify the name of a zone.
SUBCOMMANDS

add resource-type (global scope)

add property-name property-value (resource scope)
In the global scope, begin the specification for a given resource type.
In the resource scope, add a property of the given name with the given value.

cancel
End the resource specification and reset scope to global.

commit
Commit the current configuration from memory to stable storage.  The configuration must be committed to be used by zoneadm.

create [-F] [-b | -t template]
Create an in-memory configuration for the specified zone.  Use create to begin to configure a new zone.
If you are overwriting an existing configuration, specify the -F option to force the action.
Specify the -t template option to create a configuration identical to template, where template is the name of a configured zone.
Use the -b option to create a blank configuration.
Without arguments,  create applies the Sun default settings.

delete [-F]
Delete the specified configuration from memory and stable storage.

end
End the resource specification. This subcommand is only applicable in the resource scope.

export [-f output-file]
Print configuration to standard output.

help [usage] [subcommand] [syntax] [command-name]
Print general help or help about given topic.

info zonename | zonepath | autoboot | pool

info [resource-type [property-name=property-value]*]
Display information about the current configuration.

remove resource-type{property-name=property-value}(global scope)

remove property-nameproperty-value (resource scope)
In the global scope, removes the specified resource.
In the resource scope, removes the given property name from the current resource.

select resource-type {property-name=property-value}
Select the resource of the given type which matches the given property-name property-value pair criteria, for
###如何修改local zone的IP地址。（通过zonecfg来修改一个正在运行的local zone的配置参数，要重新启动local zone才会生效。）
zonecfg:myzone> select net address=192.168.1.1
zonecfg:myzone:net> set address=192.168.1.100
zonecfg:myzone:net> end
zonecfg:myzone> commit
zonecfg:myzone> exit
global# zoneadm -z myzone reboot
global# zlogin myzone ifconfig -a
or
vi /etc/zone/myzone.xml ; edit related entries

set property-name=property-value
Set a given property name to the given value.

verify
Verify the current configuration for correctness:

revert [-F]
Revert the configuration back to the last committed state.

exit [-F]
Exit the zonecfg session. A commit is automatically attempted if needed.
Zoneadm
               
               
               

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u1/40653/showart_370013.html