Sun and Oracle Channel Sun How to Buy Log In United States [Change] English

BigAdmin System Administration Portal
Sun Docs
Print-friendly VersionPrint-friendly Version

Managing Solaris Containers Using Sun xVM Ops Center 2.0

Shanthi Srinivasan, March 2009

This article describes how to manage Solaris Containers by using Sun xVM Ops Center 2.0.

Introduction to Solaris Containers

Solaris Containers are an integral part of the Solaris 10 Operating System (OS). Solaris Containers isolate software applications and services using flexible software-defined boundaries. They enable you to create many private execution environments within a single instance of the Solaris 10 OS. Each environment has its own identity that is separate from the underlying hardware. Each environment behaves independently as if running on its own system, making consolidation simple, safe, and secure.

You can build Solaris Containers by using the following technologies:

  • Solaris Resource Manager

  • Solaris Zones partitioning technology

This article focuses on managing Solaris Zones by using Sun xVM Ops Center.

Solaris Zones

A zone is a virtualized operating system environment created within a single instance of the Solaris OS. With the zones feature, the operating system is represented to the applications as virtual operating system environments that are isolated and secure. The applications run in different zones with complete isolation while the underlying operating system resources are centrally managed and administered.

The Solaris Operating System supports two types of zones:

  • Global zone

  • Non-global zone

The global zone is the default operating system and has control over all the processes. A global zone always exists even when no other zones are configured. Non-global zones are configured inside the global zone. Non-global zones are isolated from the physical hardware characteristics of the machine by the virtual platform layer.

Non-global zones include the following types of zones:

  • Sparse root zones: When you create a sparse root zone, it contains a read/write copy of only a portion of the file system existing on the global zone. The other portion of the file systems are mounted as read-only from the global zone. By default, the /lib, /platform, /sbin, and /usr directories are shared as read-only file systems. All the packages that are installed on the global zone are made available to the sparse root zones. All the files in the mounted file system are shared with the zone. Each sparse root zone requires about 100 megabytes of free space in the global zone file system.

  • Whole root zones: When a whole root zone is created, it contains a read/write copy of the entire file system existing on the global zone. All the packages installed on the global zone are made available to the whole root zones. All the files are copied to the whole root zone and exist for independent use of the zone. Whole root zones require as much disk space as a full installation.

Apart from this, you also have the branded zones which contain non-native operating systems. Branded zones (BrandZ) provide the framework to create non-global zones that contain non-native operating environments that are used for running applications.

Sun xVM Ops Center

Sun xVM Ops Center is a highly-scalable data center management tool that enables you to discover, provision, patch, and monitor the assets of your data center from a single console. Using Sun xVM Ops Center, you can perform the following tasks:

  • Discover physical assets

  • Provision bare-metal systems with Solaris and Linux OS

  • Provision systems with Solaris and Linux OS

  • Manage and monitor all your hardware and software

  • Automate patching and updates for Solaris and Linux OS

  • Generate a variety of reports

For more information about Sun xVM Ops Center 2.0, see the Sun xVM Information Exchange site.

You can use Sun xVM Ops Center to discover, manage, patch, and monitor the global and non-global zones in your data center. You can also provision an OS with zones on bare-metal systems. The following sections describe how to perform these functions in Sun xVM Ops Center.

Note - Manually configure and install non-global zones by using zonecfg and zoneadm commands. The non-global zones must be in the running state.

For procedures that describe configuring and installing zones, see System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.

Discovering Zones

You can discover a global zone and a non-global zone in the same way that you discover other gear in Sun xVM Ops Center. In Sun xVM Ops Center 2.0, the non-global zones are displayed under the related global zone in the gear tree. This gives you a clear representation of the zones and helps you to manage the zones efficiently.

Note - Solaris 8 OS does not come with SSH packages installed by default. If the branded zone has Solaris 8 OS, you must install the SSH packages to discover the zone. To manage the Solaris 8 OS through Sun xVM Ops Center, either install the SSH packages or install the agent manually on the OS.

Discovering Global and Non-Global Zones

When discovering zones, discover the global zone first and then the non-global zone.

You can discover a global zone or a non-global zone in Sun xVM Ops Center by using the following methods:

  • Custom discovery: This discovery method lets you discover the gear by using IP address, IP range, subnet or host name. This method uses the standard protocols such as SSH, Telnet, IPMI and SNMP.

  • Automatic discovery: This discovery method lets you discover the gear using Sun Service Tags. A service tag uniquely identifies each tagged piece of gear, and allows information about the gear to be shared over a local network in a standard XML format. This method searches the subnet associated with the configured network interfaces of each Proxy Controller for embedded service tags. Refer to Sun Service Tags FAQ for more information about service tags.

  • Declare gear: This discovery method uses the discovery file. The discovery file contains the IP address of any gear that you want to discover.

Use the appropriate discovery method as per your requirement. When you discover an OS, Sun xVM Ops Center is notified whether it is a global zone during the discovery process. Discover the non-global zones after discovering the global zone. Non-global zones are automatically grouped under the global zone after discovery.

Note - If you discover a non-global zone before discovering a global zone, the non-global zone appears as any other managed system in the gear tree. The underlying hardware for the non-global zone is also discovered and managed.

The non-global zones are not discovered automatically when you discover a global zone. You must discover each non-global zone to manage them through Sun xVM Ops Center, even if you create them after the discovery of the global zones.

Custom Discovery

This article describes how to do a custom discovery of the managed systems. You can refer to the other discovery procedures here.

Custom Discovery enables you to discover gear by IP address, IP range, or subnet. The discovery process either uses the provided credentials or the factory default credentials to discover the specified addresses. A service tag discovery is also performed on those addresses.

To Run a Custom Discovery Job

  1. Log in to the Sun xVM Ops Center user interface.
  2. Click All Gear in the Gear section of the Navigation panel.
  3. Click Custom Discovery in the Actions panel.
  4. Click the New Criteria icon to create a new criteria.

    Enter the following new criteria details:

    • Discovery criteria name.

    • One or more IP addresses or subnets to scan. You can enter the address as a comma-separated list, an IP range specified by (starting address)-(end address), or a subnet specified by (network address)/(bit mask).

    • (Optional) Service tag passphrase, if the service tag has been configured to be encrypted.

    • (Optional) Service tag port, if the service tag has been configured to use a port other than the default port 6481.

    • (Optional) Service tag timeout. The default value is 20 seconds.

    • Type of resource that is discovered.

    • Type of protocols and the corresponding credentials.

  5. Click the Save icon to save the discovery details.
  6. Select one or more discovery criteria from the list.
  7. Click Discover Gear.

    A Custom Discovery job is started for each set of criteria that you submit.

Managing Zones

After you discover zones, you need to manage the zones to utilize the other functions of Sun xVM Ops Center, for example, patching. The discovered gear is listed in the Available to be Managed Gear tab of the Gear section. Select the gear from the list and click Manage Gear. A job is initiated to install and configure the agent.

You must manage the global zone first and then the non-global zone.

When you manage the global zone, the agent is installed on the global zone. The agent installs packages and patches in the /usr directory which is read-only for the sparse root zones. Since the directories for sparse root zones are inherited from the global zone, you must first perform the manage gear option in the global zone. The manage gear job fails if the sparse root zone is managed first.

Though the whole root zones and branded zones do not inherit directories from the global zone, you should always manage the global zone first.

Unmanaging Zones

To unmanage or remove a global zone from Sun xVM Ops Center, ensure that you have unmanaged the non-global zones that are grouped under it.

Note - When you unmanage a global zone without unmanaging the non-global zones, the job fails and the global zone is not removed from Sun xVM Ops Center.

Provisioning an OS With Zones

In Sun xVM Ops Center 2.0, you can provision an OS with non-global zones on a new system. You can perform only bare-metal provisioning in Sun xVM Ops Center 2.0.

Before You Begin

Discover the system that you want to provision, create the appropriate OS profiles, and import or download the required Solaris OS image. You can refer to Preparing to Provision an OS for the set of preparatory procedures before provisioning an OS.

Complete the following preparations before you provision an OS with non-global zones:

  1. Download the Jumpstart Enterprise Toolkit (JET) modules that include the JETZones package. You need to manually install the JET modules, such as JETZones, apart from the modules that are installed by default. Refer to Installing JET Modules for more information about installing the JETZones package. Install the JETZones package in the Proxy Controller.

  2. In the /opt/SUNWjet/bin directory on the Enterprise Controller, type the following command to create a template for the zone in the /opt/SUNWjet/Templates directory:

    ./make_zone_template template_name

  3. Navigate to the /opt/SUNWjet/Templates directory on the Enterprise Controller. Refer to Importing a JET Template for more information about importing a JET template.

  4. Open the template in a text editor. Complete the OS information and specify the zone parameters, such as zone name and zone path. For a shared IP non-global zone, provide the IP address.

  5. Refer to OS Provisioning for information about creating OS profiles with the JET templates. Use this OS profile to provision an OS on a bare-metal system.

To Provision an OS on a Bare-Metal System

  1. Log in to the Sun xVM Ops Center user interface.
  2. In the Navigation panel, select the target system from the Gear section.

    The target system is a bare-metal system which does not have an OS.

  3. Select the hardware in the Gear section.

    In the Actions panel, the available options for the gear are displayed.

  4. Click Provision OS in the Actions panel.

    The Provision OS wizard appears.

  5. In the Provision OS wizard, select the OS profile from the list of OS profiles.
  6. Click Next to type the details in the Configuration window.

    The selected gear appears in the target field of the Configuration window. Depending on the OS profile selected, different fields appear in the Configuration window. Enter information in the fields as required. See OS Provisioning for a Single System for more information about the different fields.

  7. Complete the Provision OS wizard.

    The provision job starts. You can view the status of the job from View OS Jobs menu.

Patching Zones

You can patch the global zone and non-global zones by using Sun xVM Ops Center. However, you must first understand how patches are installed in Sun xVM Ops Center. The parameters in the patches and packages decide the installation in the global and non-global zone.

Packages and Patches Overview

Solaris patches are collections of files and directories that replace or update existing files and directories that prevent correct execution of the software. In Sun xVM Ops Center 2.0, you can install packages and patches on a zone. The patches are a set of packages that need to be installed on the OS.

The installation of the packages on the zones depend on the package parameters. The parameter values can be true or false. The values set for the following parameters and the combination of their values determine whether a package should be installed on the global zone or the non-global zone.

  • SUNW_PKG_ALLZONES: If the value of the parameter is set to true, the package is installed on the global zone and non-global zone.

  • SUNW_PKG_HOLLOW: If the value of the parameter is set to true, the package information is propagated to the non-global zones. The package information is made available in all the non-global zones though it is not installed.

  • SUNW_PKG_THISZONE: If the value of the parameter is set to true, the package is installed only in that zone.

Configuring patchadd and pkgadd Commands

In Sun xVM Ops Center, packages and patches of Solaris are installed or uninstalled by using the pkgadd, pkgrm, patchadd, and patchrm commands in the background. By default, these commands are implemented without the -G option. This implementation results in installation of the patches and packages on both the global and non-global zones.

You can enable the -G option depending on how the packages and patches should be installed on the zones. For example, when you install a patch on the global zone, then the patch should be installed on all the non-global zones. To enable the -G option, edit the uce.rc file in the /opt/SUNWuce/agent/bin directory of the managed OS.

To Edit the uce.rc File

  1. Open the uce.rc file in the /opt/SUNWuce/agent/bin directory of the managed system.
  2. Add the following lines to the uce.rc file:

    ( all ) (invisible.__is_patchadd_g_specified, false)

    ( all ) (invisible.__is_patchremove_g_specified, false)

    ( all ) ( invisible.__is_pkgadd_g_specified, false)

  3. Set the -G option to true for the action that you want to perform.
  4. Restart the services by typing the following commands for the changes to take effect on the managed system:

    svcadm disable -s update-agent

    svcadm enable -s update-agent

Updating a Global Zone

When you install a patch or package on a global zone, the result of the install job depends on the package parameters value, the combination of the package parameter values, and the use of -G option.

Table 1 shows the result of the update job on a global zone.

Table 1: Update Job on a Global Zone
SUNW_PKG_ALLZONES SUNW_PKG_THISZONE SUNW_PKG_HOLLOW Impact Impact With -G Option
False False False The package is installed on the global zone and all non-global zones. The package is installed only in the global zone.
True False False The package is installed on the global zone and all non-global zones. The -G option cannot override the SUNW_PKG_ALLZONES parameter, and the package is installed in all zones.
True False True The package is installed on the global zone and the package information is made available on all non-global zones. The -G option cannot override the SUNW_PKG_ALLZONES parameter, and the package is installed in all zones.
False True False The package is installed only on the global zone. The package is installed only on the global zone.

Note - Take care when enabling the -G option on a host with sparse root zones. Packages that are inherited from the global zone, and have the SUNW_ALL_ZONES parameter value set to false cannot be patched within the zone.

Updating a Non-Global Zone

As a zone administrator, you can install packages and patches on non-global zones. Use the patchadd and pkgadd commands without any options.

Table 2 shows the result of the update job on a non-global zone.

Table 2: Update Job on a Non-Global Zone
SUNW_PKG_ALLZONES SUNW_PKG_THISZONE SUNW_PKG_HOLLOW Impact
False False False The package is installed on the target non-global zone.
True False False The package installation fails.
True False True The package installation fails.
False True False The package is installed only on the target non-global zone.

If the SUNW_PKG_ALLZONES parameter is set to true in any of the packages, the patch installation fails. For a successful patch installation, ensure that none of the packages have the SUNW_PKG_ALLZONES parameter set to true.

Note - Ensure that you do not configure the -G option with the patchadd and pkgadd commands while updating non-global zones.

Updating your operating system is performed by submitting a job. The necessary parameters of a job include an OS update profile, an OS update policy, and a target system.

To Run an Update Job

  1. Log in to the Sun xVM Ops Center user interface.
  2. Click Gear from the Navigation panel.
  3. Select an OS from the gear list.
  4. Click New Update OS Job from the Actions panel.

    The Update OS wizard appears.

  5. Complete the Update OS wizard by selecting the profile, policy, and other job parameters.

    An update job is submitted.

    The update job starts. You can view the status of the job in the Jobs section.

Monitoring Zones

Zone monitoring starts after discovery. Sun xVM Ops Center displays charts for zones on CPU, network, and memory resource usage. The chart displayed for a zone on a resource reflects the usage by all the zones sharing the resource in the zone's pool. Per zone utilization data is not available in this release. See Charts for more information about how to read a chart.

Summary

Sun xVM Ops Center 2.0 has improved Solaris Zones support. You can easily discover, identify and manage zones in the user interface. Patching the zones is also simplified in this release. You can manage zones efficiently using Sun xVM Ops Center.


For More Information

Here are additional resources.

Solaris OS Resources

Sun Virtualization Resources

General Sun Links

Comments (latest comments first)

Discuss and comment on this resource in the BigAdmin Wiki

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.


BigAdmin
  
»  Search the HCL
 
BigAdmin Upgrade Hub
BigAdmin Wiki
Discuss and comment on this resource in the wiki.
 
BigAdmin Subscriptions
BigAdmin Areas
BigAdmin Sun Center
BigAdmin Topics