Solaris 10 Zones

Zoning concept in solaris 10 is one of the interesting topic for me. I learned more about Zones by knowing the answers for my questions about it ...that's it nothing more than that ..hence As like my previous posts about other technical stuff i am going to post this as well in FAQ's manner only.
And I will share links as well as some pdf's to here.
Solaris zones are a major new feature of Solaris 10 and provides additional facilities that were not available in previous releases of the Operating Environment. Zones allow virtual environments to run on the same physical system. Previously, the only way of compartmenting an environment was to purchase a separate server, or use an expensive high-end server, capable of physical partitioning, such as the E10K or E15K. Now you can create virtual environments on any machine capable of running the Solaris 10 Operating Environment.
Zones provide a virtual operating system environment within a single physical instance of Solaris 10. Applications can run in an isolated, and secure environment. This isolation prevents an application running in one zone from monitoring or affecting an application running in a different zone. A further important aspect of zones is that a failing application, such as one that would traditionally have leaked all available memory, or exhausted all CPU resources, can be limited to only affect the zone in which it is running. This is achieved by limiting the amount of physical resources on the system that the zone can use.
What is a zone?
A zone is a virtual operating system abstraction that provides a protected environment in which applications run. The applications are protected from each other to provide software fault isolation. To ease the labor of managing multiple applications and their environments, they co-exist within one operating system instance, and are usually managed as one entity.
What is a container?
A zone which also uses the operating system's resource management facility is then called a container. Many people use the two words 'zone' and 'container' interchangeably.
This is incorrect because containers are a technology that comprises the resource management features, such as resource pools and Solaris zones. Solaris zones are a subset of containers, so the two terms should not be used interchangeably.
How many containers can one copy of Solaris have?
While the theoretical limit is over 8,000, the practical limit depends on:
The amount of hardware resources used by the applications versus the amount available in the system. This includes the number and processing power of CPUs, memory size, NICs, HBAs, etc.
What portion of the installed zones are actually in use. For example, you can create 100 zones, each ready to offer a web service, but only boot the 10 that you need this month. The unbooted zones take up disk space, but do not cause the use of any extra CPU power, RAM, or I/O.
Consider these examples which worked:
40 zones, each running five copies of the Apache web service, on an E250 with two 300MHz CPUs, 512MB RAM, and three hard disk drives totalling 40GB. With all zones running and a load consisting of multiple simultaneous HTTP requests to each zone, the overhead of using zones was so small it wasn't measurable 
What is a global zone? Sparse-root zone? Whole-root zone? Local zone?
After installing Solaris 10 on a system, but before creating any zones, all processes run in the global zone. After you create a zone, it has processes which are associated with that zone and no other zone. Any process created by a process in a non-global zone is also associated with that non-global zone. Any zone which is not the global zone is called a non-global zone. Some people call non-global zones simply "zones." Others call them "local zones" but this is discouraged.
The default zone filesystem model is called "sparse-root." This model emphasizes efficiency at the cost of some configuration flexibility. Sparse-root zones optimize physical memory and disk space usage by sharing some directories, like /usr and /lib. Sparse-root zones have their own private file areas for directories like /etc and /var. Whole-root zones increase configuration flexibility but increase resource usage. They do not use shared filesystems for /usr, /lib, and a few others.
Waht are the types of Zones ?
There are two types of zones, global and non-global. Think of a global zone as the server itself, the traditional view of a Solaris system as we all know it, where you can login as root and have full control of the entire system. The global zone is the default zone and is used for system-wide configuration and control. Every system contains a global zone and there can only be one global zone on a physical Solaris server.

A non-global zone is created from the global zone and also managed by it. You can have up to 8192 non-global zones on a single physical systemthe only real limitation is the capability of the server itself. Applications that run in a non-global zone are isolated from applications running in a separate non-global zone, allowing multiple versions of the same application to run on the same physical server.

Non-global zones are referred to simply as zones and can be in a number of states depending on the current state of configuration or readiness for operation. You should note that zone states only refer to non-global zones because the global zone is always running and represents the system itself. The only time the global zone is not running is when the server has been shut down.
What are Non-Global Zone Root File System Models ? 
A non-global zone contains its own root (/) file system. The size and contents of this file system depend on how you configure the global zone and the amount of configuration flexibility that is required.

There is no limit on how much disk space a zone can use, but the zone administrator, normally the system administrator, must ensure that sufficient local storage exists to accommodate the requirements of all non-global zones being created on the system.

The system administrator can restrict the overall size of the non-global zone file system by using any of the following:

  • Standard disk partitions on a disk can be used to provide a separate file system for each non-global zone
  • Soft partitions can be used to divide disk slices or logical volumes into a number of partitions. Soft partitions - "Virtual File Systems, Swap Space, and Core Dumps."
  • Use a lofi-mounted file system to place the zone on. For further information on the loopback device driver see the manual pages for lofi and lofiadm.
Sparse Root Zones
When you create a non-global zone, you have to decide how much of the global zone file system you want to be inherited from the global zone. A sparse root zone optimizes sharing by implementing read-only loopback file systems from the global zone and only installing a subset of the system root packages locally. The majority of the root file system is shared (inherited) from the global zone. Generally this model would require about 100 Megabytes of disk space when the global zone has all of the standard Solaris packages installed. A sparse root zone uses the inherit-pkg-dir resource, where a list of inherited directories from the global zone are specified.

Whole Root Zones
This model provides the greatest configuration flexibility because all of the required (and any other selected) Solaris packages are copied to the zone's private file system, unlike the sparse root model where loopback file systems are used. The disk space requirement for this model is considerably greater and is determined by evaluating the space used by the packages currently installed in the global zone.

Can I create a zone which shares ("inherits") some, but not all of /usr, /lib, /platform, /sbin?
The original design of Solaris Containers assumes that those four directories are either all shared ("inherited") or all not shared. Sharing some and not others will lead to undefined and/or unpredictable behavior.
Can a zone include multiple zones (aka "is the containment model hierarchical")?
No, the model is stricly two-level: one global zones and one or more non-global zones. Only the global zone can create non-global zones, and each non-global zone must be contained within the global zone.
Can zones in one computer communicate via the network?
Both shared-IP and exclusive-IP zones can communicate via the network. The network traffic for shared-IP zones that communicate between themselves on the same machine will not leave the host, whereas network traffic will leave the host when using exclusive-IP zones.
Full IP-level functionality is available in an exclusive-IP zone. Currently exclusive-IP zones communicate with each other over the network--no communication local to the system. That communication can be restriced using IP Filter just as it can for a separate system. For shared-IP zones in one computer that communicate using IP networking,the following applies:
Inter-zone network latency is extremely small, and bandwidth is extremely high.
Can each zone run a different Solaris version?
No. All of the zones use a single underlying kernel. The version of the kernel determines the version of every container in that domain.
Can a zone include multiple zones (aka "is the containment model hierarchical")?
No, the model is stricly two-level: one global zones and one or more non-global zones. Only the global zone can create non-global zones, and each non-global zone must be contained within the global zone.
Will my software run in a zone or container?
Most Solaris software will run unmodified in a zone, without needing to re-compile.
Installation software must not assume that it can write into shared, read-only filesystems, e.g. /usr. This can be circumvented by adding a writable filesystem to the zone (e.g. at /usr/local) or using a whole-root zone.
Can some local zones be in different time zones?
Yes. Each non-global zone has its own copy of /etc/default/init, which contains the timezone setting. You can change the line starting with "TZ=". The recognized names of timezones are in /usr/share/lib/zoneinfo. For example, Eastern Standard Time in the USA is defined in the file /usr/share/lib/zoneinfo/US/Eastern. To set a non-global zone's timezone to that timezone, the line in /etc/default/init would look like this:
Can some non-global zones have different date and/or time settings (i.e. different clocks)?
Although different zones can have 'be' in different time zones, each zone gets its date and time clock from the same source. This means that the time zone setting gets applied after the current time data is obtained from the kernel.
If you would like the ability to have different clock sources per zone, please add a call record to RFE 5033497. [August 2005]

Command to see the configured zones on a Solaris 10 machine ?

root@sanfrancisco # zoneadm list -v
  ID NAME             STATUS     PATH                           BRAND    IP
   0 global           running    /                              native   shared
   2 sanfranciscoz2   running    /sfrandb_pool/sfranz2          solaris9 shared
   3 sanfranciscoz3   running    /sfrandb_pool/sfranz3          solaris9 shared
  13 sanfranciscoz1   running    /sfrandb_pool/sfranz1          solaris9 shared
  14 sanfranciscoz4   running    /sfrandb_pool/sfranz4          native   shared

Related posts on Solaris 10 Zones 

2 comments to "Solaris 10 Zones"

Post a Comment

Whoever writes Inappropriate/Vulgar comments to context, generally want to be anonymous …So I hope U r not the one like that?
For lazy logs, u can at least use Name/URL option which doesn’t even require any sign-in, The good thing is that it can accept your lovely nick name also and the URL is not mandatory too.
Thanks for your patience
~Krishna(I love "Transparency")

Popular Posts

Enter your email address:

Buffs ...


Powered by WidgetsForFree