Solaris 10 branded zone VM Templates for Solaris 11 on OTN
- by jsavit
Early this year I wrote the article
Ours Goes To 11
which describes the ability to import Solaris 10 systems into a "Solaris 10 branded zone" under Oracle Solaris 11.
I did this using Solaris 11 Express, and the capability remains in Solaris 11 with only slight changes.
This important tool lets you painlessly inhaling a Solaris Container from Solaris 10 or entire Solaris 10 systems ("the global zone") into virtualized environments on a Solaris 11 OS.
Just recently, Oracle provided Oracle VM Templates for Oracle Solaris 10 Zones to let you create Solaris 10
branded zones for Solaris 11 even if you don't currently have access to install media or a running Solaris 10 system.
To use this, just download the Oracle VM Template for Oracle Solaris Zone 10 from OTN at
http://www.oracle.com/technetwork/server-storage/solaris11/downloads/virtual-machines-1355605.html.
This page contains images of Oracle Solaris 10 8/11 (the recent update to Solaris 10) in SPARC and x86 formats
suitable for creating branded zones.
The same page also has a VirtualBox image you can download for a complete Solaris 10 install in a guest virtual machine you can run on any host OS that supports VirtualBox.
Both sets of downloads provide a quick - and extremely easy - way to set up a virtual Solaris 10 environment.
In the case of the Oracle VM Templates, they illustrate several advanced features of Solaris 11.
To start, just go to the above link, download the template for the hardware platform (SPARC or x86) you want,
and download the README file also linked from that page.
Install prerequisites
The README file tells you to install the prerequisite Solaris 11 package that implements the Solaris 10 brand.
Then you can install instances of zones with that brand.
# pkg install pkg:/system/zones/brand/brand-solaris10
Packages to install: 1
Create boot environment: No
Create backup boot environment: Yes
DOWNLOAD PKGS FILES XFER (MB)
Completed 1/1 44/44 0.4/0.4
PHASE ACTIONS
Install Phase 74/74
PHASE ITEMS
Package State Update Phase 1/1
Image State Update Phase 2/2
That took only a few minutes, and didn't require a reboot.
Install the Solaris 10 zone
Now it's time to run the downloaded template file.
First make it executable via the chmod command, of course.
I found that (unlike stated in the README) there was no need to rename the downloaded file to remove the
.bin.
When you run it you provide several parameters to describe the zone configuration:
-a IP address - the IP address and optional netmask for the zone. This is the only mandatory parameter.
-z zonename - the name of the zone you would like to create.
-i interface - the package will create an exclusive-IP zone using a virtual NIC (vnic)
based on this physical interface. In my case, I have a NIC called rge0.
-p PATH - specifies the path in which you want the zoneroot to be placed. In my case,
I have a ZFS dataset mounted at /zones, and this will create a zoneroot at /zones/s10u10.
Kicking it off, you will see a copyright message, and then messages showing progress building the zone,
which only takes a few minutes.
# ./solaris-10u10-x86.bin -p /zones -a 192.168.1.100 -i rge0 -z s10u10
...
...
Checking disk-space for extraction
Ok
Extracting in /export/home/CDimages/s10zone/bootimage.ihaqvh ...
100% [===============================]
Checking data integrity
Ok
Checking platform compatibility
The host and the image do not have the same Solaris release:
host Solaris release: 5.11
image Solaris release: 5.10
Will create a Solaris 10 branded zone.
Warning: could not find a defaultrouter
Zone won't have any defaultrouter configured
IMAGE: ./solaris-10u10-x86.bin
ZONE: s10u10
ZONEPATH: /zones/s10u10
INTERFACE: rge0
VNIC: vnicZBI13379
MAC ADDR: 2:8:20:5c:1a:cc
IP ADDR: 192.168.1.100
NETMASK: 255.255.255.0
DEFROUTER: NONE
TIMEZONE: US/Arizona
Checking disk-space for installation
Ok
Installing in /zones/s10u10 ...
100% [===============================]
Using a static exclusive-IP
Attaching s10u10
Booting s10u10
Waiting for boot to complete
booting...
booting...
booting...
Zone s10u10 booted
The zone's root password has been set using the
root password of the local host.
You can change the zone's root password to
further harden the security of the zone: being
root, log into the zone from the local host
with the command 'zlogin s10u10'.
Once logged in, change the root password with the
command 'passwd'.
The nifty part in my opinion (besides being so easy),
is that the zone was created as an exclusive-IP zone on a virtual NIC.
This network configuration lets you enforce traffic isolation from other zones,
enforce network Quality of Service, and even let the zone set its own characteristics
like IP address and packet size.
Independence of the zone's network characteristics
from the global zone is one of the enhancements in Solaris 10 that make it easier to consolidate
zones while preserving their autonomy, yet provide control in a consolidated environment.
Let's see what the virtual network environment looks like by issuing commands
from the Solaris 11 global zone. First I'll use Old School ifconfig, and then
I'll use the new ipadm and dladm commands.
# ifconfig -a4
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
rge0: flags=1004943<UP,BROADCAST,RUNNING,PROMISC,MULTICAST,DHCP,IPv4> mtu 1500 index 2
inet 192.168.1.3 netmask ffffff00 broadcast 192.168.1.255
ether 0:14:d1:18:ac:bc
vboxnet0: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3
inet 192.168.56.1 netmask ffffff00 broadcast 192.168.56.255
ether 8:0:27:f8:62:1c
# dladm show-phys
LINK MEDIA STATE SPEED DUPLEX DEVICE
yge0 Ethernet unknown 0 unknown yge0
yge1 Ethernet unknown 0 unknown yge1
rge0 Ethernet up 1000 full rge0
vboxnet0 Ethernet up 1000 full vboxnet0
# dladm show-link
LINK CLASS MTU STATE OVER
yge0 phys 1500 unknown --
yge1 phys 1500 unknown --
rge0 phys 1500 up --
vboxnet0 phys 1500 up --
vnicZBI13379 vnic 1500 up rge0
s10u10/vnicZBI13379 vnic 1500 up rge0
s10u10/net0 vnic 1500 up rge0
# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VID
vnicZBI13379 rge0 1000 2:8:20:5c:1a:cc random 0
s10u10/vnicZBI13379 rge0 1000 2:8:20:5c:1a:cc random 0
s10u10/net0 rge0 1000 2:8:20:9d:d0:79 random 0
# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
rge0/_a dhcp ok 192.168.1.3/24
vboxnet0/_a static ok 192.168.56.1/24
lo0/v6 static ok ::1/128
Log into the zone
The install step already booted the zone, so lets log into it. Notice how you have to be
appropriately privileged to log into a zone. This is my home system so I'm being a bit
cavalier, but in a production environment you can give granular control of who can login
to which zones. Voila! a Solaris 10 environment under a Solaris 11 kernel.
Notice the output from the uname -a and ifconfig commands, and
output from a ping to a nearby host.
$ zlogin s10u10
zlogin: You lack sufficient privilege to run this command (all privs required)
savit@home:~$ sudo zlogin s10u10
Password:
[Connected to zone 's10u10' pts/5]
Oracle Corporation SunOS 5.10 Generic Patch January 2005
# uname -a
SunOS s10u10 5.10 Generic_Virtual i86pc i386 i86pc
# ifconfig -a4
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
vnicZBI13379: flags=1000843 mtu 1500 index 2
inet 192.168.1.100 netmask ffffff00 broadcast 192.168.1.255
ether 2:8:20:5c:1a:cc
# bash
bash-3.2# ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
vnicZBI13379: flags=1000843 mtu 1500 index 2
inet 192.168.1.100 netmask ffffff00 broadcast 192.168.1.255
ether 2:8:20:5c:1a:cc
bash-3.2# ping 192.168.1.2
192.168.1.2 is alive
For fun, I configured Apache (setting its configuration file in /etc/apache2) and brought it up. Easy - took just a few minutes.
bash-3.2# svcs apache2
STATE STIME FMRI
disabled 12:38:46 svc:/network/http:apache2
bash-3.2# svcadm enable apache2
Summary
In just a few minutes, I built a functioning virtual Solaris 10 environment under by Solaris 11 system.
It was... easy! While I can still do it the manual way (creating and using a system archive), this
is a low-effort way to create a Solaris 10 zone on Solaris 11.
