Sun Virtualization: Solaris 10 Containers Administration Student Guide SA-355-S10 Rev A.1 D61772GC11 Edition 1.1 D65087
Copyright 2009, 2010, Oracle and/or its affiliates. All rights reserved. Disclaimer This document contains proprietary information, is provided under a license agreement containing restrictions on use and disclosure, and is protected by copyright and other intellectual property laws. You may copy and print this document solely for your own use in an Oracle training course. The document may not be modified or altered in any way. Except as expressly permitted in your license agreement or allowed by law, you may not use, share, download, upload, copy, print, display, perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization of Oracle. The information contained in this document is subject to change without notice. If you find any problems in the document, please report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not warranted to be error-free. Sun Microsystems, Inc. Disclaimer This training manual may include references to materials, offerings, or products that were previously offered by Sun Microsystems, Inc. Certain materials, offerings, services, or products may no longer be offered or provided.oracle and its affiliates cannot be held responsible for any such references should they appear in the text provided. Restricted Rights Notice If this documentation is delivered to the U.S. Government or anyone using the documentation on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS The U.S. Government s rights to use, modify, reproduce, release, perform, display, or disclose these training materials are restricted by the terms of the applicable Oracle license agreement and/or the applicable U.S. Government contract. Trademark Notice Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. UNIX is a registered trademark licensed through X/Open Company, Ltd.
Table of Contents About This Course...Preface-i Course Goals... Preface-i Topics Not Covered...Preface-iii How Prepared Are You?...Preface-iv Introductions...Preface-v How to Use Course Materials...Preface-vi Conventions...Preface-vii Typographical Conventions... Preface-ix Additional Conventions... Preface-x Virtualization Trends in the Datacenter...1-1 Objectives... 1-1 Additional Resources... 1-2 Introduction to Server Virtualization... 1-3 What is Server Virtualization... 1-4 Virtualization Benefits: the Dynamic Datacenter... 1-6 Virtualization Technologies by Sun Microsystems... 1-8 Describing Solaris Zones and Containers...2-1 Objectives... 2-1 Additional Resources... 2-2 Solaris Zones... 2-3 Zone Features... 2-5 When to Use Solaris Zones... 2-6 Solaris Zones and Solaris Containers... 2-13 Guidelines for Deploying Solaris Containers... 2-13 Zone Concepts... 2-16 Zone Types... 2-16 Zone Daemons... 2-19 Zone Models... 2-20 Zone Networking... 2-23 Zone States... 2-24 Creating, Installing and Booting Zones...3-1 vii
Objectives... 3-1 Additional Resources... 3-2 Configuring Zones... 3-3 Using the zonecfg Command to Configure Zones... 3-4 Identifying the zonecfg Command Scope... 3-4 Using zonecfg Subcommands... 3-5 Using zonecfg Resource and Property Parameters... 3-6 Zone Configuration Walk-Through... 3-12 Viewing the Zone Configuration... 3-16 Exporting the Zone Configuration... 3-17 Using the zoneadm Command... 3-19 Verifying a Configured Zone... 3-19 Installing a Configured Zone... 3-20 Booting a Zone... 3-20 Rebooting a Zone... 3-21 Halting a Zone... 3-21 Using the zlogin Command... 3-22 Modes of Operation... 3-22 Logging In to the Zone s Virtual Console First Time... 3-23 Using Failsafe Mode to Access a Zone... 3-24 Using the init Command... 3-25 Using the shutdown Command... 3-25 Using an /etc/sysidcfg File to Perform Initial Zone System Identification... 3-26 Connecting Storage to Zones... 4-1 Objectives... 4-1 Additional Resources... 4-2 Storage in Non-Global Zones... 4-3 Direct Attached Storage, Network Attached Storage, and Storage Area Networks... 4-3 Assigning File Systems to Zones... 4-4 Unmounting File Systems from Zones... 4-5 Working With Loopback File Systems (LOFS)... 4-6 Working With Solaris ZFS File Systems... 4-8 Working With UNIX File Systems... 4-10 Working With Network File Systems... 4-11 Security Restrictions and File System Behavior... 4-12 Additional File System Considerations... 4-15 Accessing Direct Devices... 4-15 Using the -o nosuid Option... 4-16 Mounting Read-Only File Systems... 4-16 Sharing File Systems... 4-16 Managing Packages and Patches Within Zones... 5-1 Objectives... 5-1 Additional Resources... 5-2 viii Sun Virtualization: Solaris 10 Containers Administration
Package Management and Solaris Zones Technology... 5-3 How Zone State Affects Package Operations... 5-4 Package Parameters for Zones... 5-5 Adding Packages in Zones... 5-10 Using pkgadd in the Global Zone... 5-10 Using pkgadd in a Non-Global Zone... 5-14 Removing Packages from Zones... 5-15 Using pkgrm in the Global Zone... 5-15 Using pkgrm in a Non-Global Zone... 5-17 Adding Patches in Zones... 5-18 Using patchadd in the Global Zone... 5-18 Using Parallel Patching to Reduce Patching Time... 5-21 Using patchadd in a Non-Global Zone... 5-22 Removing Patches from Zones... 5-24 Using patchrm in the Global Zone... 5-24 Using patchrm in a Non-Global Zone... 5-24 Upgrading Systems With Non-Global Zones Installed... 5-25 Configuring Persistent Resource Pools...6-1 Objectives... 6-1 Additional Resources... 6-2 Introducing Resource Management... 6-3 Resource Containment... 6-3 Resource Management Control Mechanisms... 6-4 Managing Workloads... 6-5 Defining Workloads... 6-6 Introducing Resource Pools... 6-8 When to Use Resource Pools... 6-9 Resource Pools Framework... 6-11 The Pool Daemon... 6-12 The /etc/pooladm.conf Configuration File... 6-13 Implementing Pools on a System... 6-15 Configuring Resource Pools... 6-16 Enabling and Disabling the Resource Pools Service... 6-16 Configuring Pools... 6-18 Moving CPUs Between Processor Sets... 6-28 Validate a Configuration... 6-28 Binding to a Resource Pool... 6-29 Monitoring Statistics for Pool-Related Resources... 6-31 Remove a Pools Configuration... 6-32 Configuring Resource Management With Zones...7-1 Objectives... 7-1 Additional Resources... 7-2 Introducing Resource Management With Zones... 7-3 Enhancing Solaris Containers With Newer Solaris 10 Features Used With zonecfg... 7-3 ix
Managing Scheduling Classes and the Fair Share Scheduler... 7-5 Describing CPU Shares... 7-6 Combining FSS With Other Scheduling Classes... 7-7 Configuring FSS... 7-10 Configuring CPU Shares for Zones... 7-14 Using the cpu-shares Zone Property... 7-14 Using prctl to Configure CPU Shares... 7-18 Monitoring the Effect of CPU Shares Using prstat... 7-19 Configuring Temporary Resource Pools... 7-20 Using the dedicated-cpu Zone Resource... 7-20 Displaying Temporary Resource Pool Configurations... 7-23 Configuring the capped-cpu Resource for Zones... 7-26 Configuring Memory Capping for Zones... 7-27 How Resource Capping Works... 7-27 Resource Capping Guidelines... 7-28 Enabling and Disabling the rcap Service... 7-29 Using zonecfg to Configure Memory Caps... 7-30 Using rcapadm to Configure Memory Caps... 7-31 Monitoring the Effect of Memory Caps Using rcapstat. 7-31 Setting the Memory Cap Enforcement Threshold... 7-32 Performing Zone Advanced Network Management... 8-1 Objectives... 8-1 Additional Resources... 8-2 Introducing IPMP... 8-3 Using IPMP on a System With Zones Installed... 8-5 IPMP in Shared-IP Zones... 8-5 IPMP in Exclusive-IP Non-Global Zones... 8-13 Renaming, Moving, Cloning, and Migrating Zones... 9-1 Objectives... 9-1 Additional Resources... 9-2 Renaming a Zone... 9-3 Moving a Zone... 9-4 Cloning a Zone... 9-5 Clone a Zone... 9-5 Migrating a Zone... 9-8 Migrate a Non-Global Zone... 9-9 How to Validate a Zone Migration Before the Migration Is Performed... 9-11 Performing Zone Backups and Restores... 10-1 Objectives... 10-1 Additional Resources... 10-2 Creating Backups on Systems With Installed Zones... 10-3 Relating Non-Global Zone Configurations to Backup and Recovery Requirements... 10-3 x Sun Virtualization: Solaris 10 Containers Administration
Making Zone Backups From the Global Zone... 10-7 Making Backups From Within a Non-Global Zone... 10-11 Backing Up Loopback File System Directories... 10-11 Saving and Restoring Non-Global Zone Configuration Information... 10-12 Recovering Individual Non-Global Zones... 10-13 Configuring the lx Branded Zone...11-1 Objectives... 11-1 Additional Resources... 11-2 Branded Zones Technology... 11-3 Linux Distribution Support... 11-4 Planning the lx Branded Zone Configuration... 11-5 System and Space Requirements... 11-5 Branded Zone Network Address... 11-6 Managing the lx Branded Zone Resources... 11-6 Determining the Zone Name and Zone Path... 11-6 Configuring the lx Branded Zone... 11-8 Configuring the lx Branded Zone Walk-Through... 11-8 Displaying the Configuration of a Branded Zone... 11-10 Installing the lx Branded Zone... 11-12 Obtaining the Linux Archives... 11-13 lx Branded Zone Software Installation Walk-Through.. 11-14 Booting the lx Branded Zone... 11-16 Boot an lx Branded Zone... 11-16 Enable Networking in an lx Branded Zone... 11-17 Administering Applications in lx Branded Zones... 11-18 IPMP Overview... A-1 Objective... A-1 Introducing IPMP... A-1 Probe-Based IPMP... A-2 Configuring Probe-Based IPMP Using the Command Line... A-4 Link-Based IPMP Configuration... A-10 Configuring Link-Based IPMP Using Files... A-10 xi