Solaris Containers Optimizing Resource Utilization Oz Melamed E&M Computing
1
Reduce IT infrastructure costs z z z
z z
Escalating costs of managing vast networks of servers and software components. Better manage end-user service levels. Server consolidation and virtualization techniques help by enabling systems within data centers to be visualized and managed as interconnected computing resources. Better ways must be found to provision applications and ensure shared resources are not compromised. Companies must be able to manage their applications independently, control resource utilization according to business need, isolate faults, and ensure security between multiple applications.
2
Key Feature Highlights z z z z
z
Provides many virtualized operating systems with secure boundaries. Isolates applications from each other. Provides resource containment and control. Allocates resources, such as CPU, physical memory, network bandwidth, and more, based on workload and business conditions. Safely isolates errors should they occur.
3
Key Benefit Highlights z z z
z z
Reduces system administration complexity. System resources can be allocated to where the business need is the greatest. Improves service levels by managing applications independently, as if they are running on a dedicated system. Ensures predictable service levels through better capacity planning and resource utilization. Lowers administrative costs by safely combining multiple applications on a single system. 4
Key Benefit Highlights z z z z
Reduces conflicts between applications running on the same system by isolating them from one another. Minimizes fault propagation and unplanned downtime. Enhances security by preventing unauthorized access and unintended intrusions. Maximizes resource utilization for best possible return on investment (ROI).
5
Introducing Solaris Containers z
z
z
As an integral part of the Solaris 10 Operating System (OS), Solaris Containers (formerly N1 Grid Containers) isolate software applications and services using flexible, software-defined boundaries. A breakthrough approach to virtualization and software partitioning, Solaris Containers let many private execution environments be created within a single instance of the Solaris OS. Each environment has its own identity, separate from the underlying hardware, yet behaves as if it is running on its own system, making consolidation simple, safe, and secure. 6
Zones Server Consolidation Example
7
How Zones Work z z z
z
z
Every Solaris system contains a global zone. The global zone has a dual function. The global zone is both the default zone for the system and the zone used for system-wide administrative control. All processes run in the global zone if no non-global zones, referred to simply as zones, are created by the global administrator. The global zone is the only zone from which a nonglobal zone can be configured, installed, managed, or uninstalled. 8
The global zone z
z z
z
The global zone is the only zone from which a nonglobal zone can be configured, installed, managed, or uninstalled. Only the global zone is bootable from the system hardware. Administration of the system infrastructure, such as physical devices, routing, or dynamic reconfiguration (DR), is only possible in the global zone. Appropriately privileged processes running in the global zone can access objects associated with other zones. 9
Zone names z z z
z
Each zone, including the global zone, is assigned a zone name. The global zone always has the name global. Each zone is also given a unique numeric identifier, which is assigned by the system when the zone is booted. The global zone is always mapped to ID 0.
10
How Non-Global Zones Are Created z
z
z
z
The global administrator uses the zonecfg command to configure a zone by specifying various parameters for the zone’s virtual platform and application environment. The zone is then installed by the global administrator, who uses the zone administration command zoneadm to install software at the package level into the file system hierarchy established for the zone. The global administrator can log in to the installed zone by using the zlogin command. At first login, the internal configuration for the zone is completed. The zoneadm command is then used to boot the zone. 11
Commands That Affect Zone State
12
Summary of Zone Features
13
Summary of Zone Features
14
Non-Global Zone Configuration
Configure
Install
boot 15
How to Configure the Zone z
z
z
z
Set up a zone configuration with the zone name you have chosen : z global# zonecfg -z my-zone Create the new zone configuration : z zonecfg:my-zone> create Set the zone path, /export/home/my-zone in this procedure : z zonecfg:my-zone> set zonepath=/export/home/my-zone Set the autoboot value : z zonecfg:my-zone> set autoboot=true
16
Add a file system. z
Add a file system : z zonecfg:my-zone> add fs z Set the mount point for the file system, /usr/local in this procedure : z zonecfg:my-zone:fs> set dir=/usr/local z Specify that /opt/local in the global zone is to be mounted as /usr/local in the zone being configured: z zonecfg:my-zone:fs> set special=/opt/local z Specify the file system type, lofs in this procedure : z zonecfg:my-zone:fs> set type=lofs z zonecfg:my-zone:fs> end 17
Add a network virtual interface.
z
Add a network virtual interface : z zonecfg:my-zone> add net z zonecfg:my-zone:net> set address=192.168.0.1 z zonecfg:my-zone:net> set physical=hme0 z zonecfg:my-zone:net> end
18
Add a comment
z
Add a comment by using the attr resource type : z zonecfg:my-zone> add attr z z z z
zonecfg:my-zone:attr> set name=comment zonecfg:my-zone:attr> set type=string zonecfg:my-zone:attr> set value="This is my work zone." zonecfg:my-zone:attr> end
19
Verify the zone configuration z
z
z
Verify the zone configuration for the zone : z zonecfg:my-zone> verify Commit the zone configuration for the zone : z zonecfg:my-zone> commit Exit the zonecfg command : z zonecfg:my-zone> exit
20
How to Install a Configured Zone z
z
Install the configured zone my-zone : z global# zoneadm -z my-zone install z global# zoneadm -z my-zone list –v Uninstall the configured zone my-zone : z global# zoneadm -z my-zone uninstall z global# zoneadm list -iv
21
22
Ready State (Optional) z
z
Transitioning into the ready state prepares the virtual platform to begin running user processes. Zones in the ready state do not have any user processes executing in them. You can skip this procedure if you want to boot the zone and use it immediately. The transition through the ready state is performed automatically when you boot the zone. z global# zoneadm -z my-zone ready
23
How to Boot a Zone z
Use the zoneadm command with the -z option, the name of the zone, which is my-zone, and the boot subcommand to boot the zone. z global# zoneadm -z my-zone boot z global# zoneadm list -v
24
Loopback-Mounted File Systems
25
How to Halt a Zone z
Use the zoneadm command with the -z option, the name of the zone, for example, my-zone, and the halt subcommand to halt the given zone : z
global# zoneadm list –v
z
global# zoneadm -z my-zone halt
26
How to Reboot a Zone z
Use the zoneadm command with the -z reboot option to reboot the zone my-zone : z global# zoneadm list -v z global# zoneadm -z my-zone reboot
27
How to Uninstall a Zone z
Use the zoneadm command with the -z uninstall option to remove the zone my-zone : z global# zoneadm -z my-zone uninstall -F z global# zoneadm list -v
28
Deleting a Non-Global Zone z
z
z
z
Shut down the zone my-zone : z global# zlogin my-zone shutdown Remove the root file system for my-zone: z global# zoneadm -z my-zone uninstall -F Delete the configuration for my-zone: z global# zonecfg -z my-zone delete -F List the zones on the system, to verify that my-zone is no longer listed : z global# zoneadm list -iv
29
Non-Global Zone Login z z z
z
After you install a zone, you must log in to the zone to complete its application environment. You might log in to the zone to perform administrative tasks as well. Unless the -C option is used to connect to the zone console, logging in to a zone using zlogin starts a new task. A task cannot span two zones. The zlogin command is used to log in from the global zone to any zone that is in the running state or the ready state. 30
Internal Zone Configuration z z
z
When a zone is booted for the first time after installation, the zone is in an unconfigured state. The zone does not have an internal configuration for naming services, its locale and time zone have not been set, and various other configuration tasks have not been performed. Therefore, the sysidtool programs are run the first time a zone is booted.
31
Zone Console z
Use the zlogin command with the -C option and the name of the zone, my-zone in this procedure : z
z
global# zlogin -C my-zone
The first time you log in to the console, you are prompted to answer a series of questions. Your screen will look similar to this:
32
Interactive Mode to Access a Zone z
At the global zone prompt, type tty: z global# tty z
z
z
/dev/pts/3
From the global zone, log in to the zone, for example, my-zone : z global# zlogin my-zone At the my-zone prompt, type tty : z my-zone# tty z
/dev/pts/2
33
Failsafe Mode z
z
When connection to the zone is denied, the zlogin command can be used with the -S option to enter a minimal environment in the zone. From the global zone, use the zlogin command with the -S option to access the zone, for example, myzone : z global# zlogin -S my-zone
34
Commands Used in the Solaris Zones Environment
35
DEMO
36