zones

  • En este artículo explico como conseguir una zona de Solaris 11 intentando utilizar la menor cantidad de recursos posibles. Para ello, utilizo la red y los sistemas de ficheros de la zona global, y no arranco los servicios SMF. 

    Primero configuro una zona normal, que servirá para establecer las ganancias posteriores.

    Defino una variable con el nombre de la zona por comodidad

    # export ZONENAME=zone1

    Configuro la zona

    # zonecfg -z ${ZONENAME}
    create -b
    set brand=solaris
    set ip-type=shared
    add net
    set address=192.168.170.253/24
    set physical=vlan170
    end
    commit
    exit

    Ahora, en vez de instalar con los valores por defecto, aprovecho para ir recortando espacio y servicios, en el manifest y el config de la zona

    # vi mainfest.xml
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE auto_install SYSTEM "file:///usr/share/install/ai.dtd.1">
    <auto_install>
        <ai_instance name="zone_default">
            <target>
                <logical>
                    <zpool name="rpool">
                        <be name="zbe">
                            <options>
                                <option name="compression" value="on"/>
                            </options>
                        </be>
                    </zpool>
                </logical>
            </target>
            <software type="IPS">
                <software_data action="install">
                    <name>core-os</name>
                </software_data>
            </software>
        </ai_instance>
    </auto_install>

     

    # vi config.xml
    <?xml version='1.0' encoding='US-ASCII'?>
    <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
    <!-- Auto-generated by sysconfig -->
    <service_bundle name="sysconfig" type="profile">
      <service name="system/identity" type="service" version="1">
        <instance enabled="true" name="cert"/>
        <instance enabled="true" name="node">
          <property_group name="config" type="application">
            <propval name="nodename" type="astring" value="solaris"/>
          </property_group>
        </instance>
      </service>
      <service name="system/name-service/cache" type="service" version="1">
        <instance enabled="true" name="default"/>
      </service>
      <service name="system/name-service/switch" type="service" version="1">
        <property_group name="config" type="application">
          <propval name="default" type="astring" value="files"/>
        </property_group>
        <instance enabled="true" name="default"/>
      </service>
      <service name="system/keymap" type="service" version="1">
        <instance enabled="true" name="default">
          <property_group name="keymap" type="application">
            <propval name="layout" type="astring" value="Spanish"/>
          </property_group>
        </instance>
      </service>
      <service name="system/environment" type="service" version="1">
        <instance enabled="true" name="init">
          <property_group name="environment" type="application">
            <propval name="LANG" type="astring" value="C"/>
          </property_group>
        </instance>
      </service>
      <service name="system/timezone" type="service" version="1">
        <instance enabled="true" name="default">
          <property_group name="timezone" type="application">
            <propval name="localtime" type="astring" value="UTC"/>
          </property_group>
        </instance>
      </service>
      <service name="system/config-user" type="service" version="1">
        <instance enabled="true" name="default">
          <property_group name="root_account" type="application">
            <propval name="password" type="astring" value="$5$rounds=10000$lDL4x5q8$IlHsdf·Re3f$·iP5AAK8Jj6YF/wnigr$·"d9O825MC"/>
            <propval name="type" type="astring" value="normal"/>
            <propval name="login" type="astring" value="root"/>
          </property_group>
        </instance>
      </service>
    </service_bundle>

    Instalación de la zona

    # zoneadm -z ${ZONENAME} install -m manifest.xml -c config.xml
    The following ZFS file system(s) have been created:
        rpool/VARSHARE/zones/zone1
    Progress being logged to /var/log/zones/zoneadm.20200304T094644Z.zone1.install
           Image: Preparing at /system/zones/zone1/root.
    
     Install Log: /system/volatile/install.14837/install_log
     AI Manifest: /tmp/manifest.xml.KwahVa
      SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
        Zonename: zone1
    Installation: Starting...
    
            Creating IPS image
    Startup linked: 1/1 done
            Installing packages from:
                solaris
                    origin:  http://pkg.gestio.sys/oracle/
    DOWNLOAD                                PKGS         FILES    XFER (MB)   SPEED
    Completed                            306/306   47432/47432  327.0/327.0  6.5M/s
    
    PHASE                                          ITEMS
    Installing new actions                   66258/66258
    Updating package state database                 Done 
    Updating package cache                           0/0 
    Updating image state                            Done 
    Creating fast lookup database                   Done 
    Updating package cache                           1/1 
    Installation: Succeeded
     done.
    
            Done: Installation completed in 248.885 seconds.
    
    
      Next Steps: Boot the zone, then log into the zone console (zlogin -C)
    
                  to complete the configuration process.
    
    Log saved in non-global zone as /system/zones/zone1/root/var/log/zones/zoneadm.20200304T094644Z.zone1.install

    Vemos lo que ocupa (Solo el paquete core-os, que es lo mínimo que podemos instalar)

    # du -sh /system/zones/${ZONENAME}  
     717M   /system/zones/zone1
    

    Hacemos un primer arranque para que configure los servicios

    # zoneadm -z ${ZONENAME} boot

    Instalamos apache

    # zlogin ${ZONENAME} pkg install apache-24
    # zlogin ${ZONENAME} svcadm enable apache24

    Vemos los procesos arrancados y los recursos utilizados:

    # ptree -z ${ZONENAME}
    17019 zsched
      17093 /usr/sbin/init
    17101 /lib/svc/bin/svc.startd
      17507 /usr/sbin/ttymon -g -d /dev/console -l console -m ldterm,ttcompat -h -p solaris console login: 
    17103 /lib/svc/bin/svc.configd
    17177 /usr/sbin/sysobjd -d 0 -b 300 -t 300 -n 5
    17191 /lib/crypto/kcfd
    17202 /usr/lib/pfexecd
    17224 /usr/lib/utmpd
    17232 /sbin/sh /lib/svc/method/net-ipmgmt start
      17233 sleep 3600
    17265 /lib/svc/bin/svc.periodicd
    17270 /usr/lib/rad/rad -sp
    17361 /usr/lib/zones/zoneproxy-client -s localhost:1008
    17375 /usr/sbin/rpcbind -w
    17389 /usr/lib/fm/fmd/fmd
    17437 /usr/sbin/cron
    17443 /usr/lib/inet/inetd start
    17463 /usr/lib/sstore/bin/sstored --events --repo-path /var/share/sstore/repo --max-repo-size 2048
    17471 /usr/sbin/nscd
    17489 /usr/sbin/syslogd
    17537 /usr/lib/sstore/bin/sysstatd --max-process-size=268435456
    17577 /usr/apache2/2.4/bin/httpd -k start
      17578 /usr/apache2/2.4/bin/httpd -k start
      17579 /usr/apache2/2.4/bin/httpd -k start
      17580 /usr/apache2/2.4/bin/httpd -k start
    # zonestat 5
    Collecting data for first interval...
    Interval: 1, Duration: 0:00:05
    SUMMARY                   Cpus/Online: 8/8   PhysMem: 8192M  VirtMem: 9215M
                        ----------CPU---------- --PhysMem-- --VirtMem-- --PhysNet--
                   ZONE  USED %PART  STLN %STLN  USED %USED  USED %USED PBYTE %PUSE
                [total]  0.01 0.14%  0.00 0.00% 2442M 29.8% 2602M 28.2%  2576 0.00%
               [system]  0.00 0.02%  0.00 0.00% 1858M 22.6% 1926M 20.8%     -     -
                 global  0.00 0.10%     -     -  351M 4.29%  431M 4.68%  2576 0.00%
                  zone1  0.00 0.01%     -     -  232M 2.83%  244M 2.65%     0 0.00%

    Apagamos la zona

    # zoneadm -z ${ZONENAME} halt

    Lo primero que vamos a hacer es desahabilitar el SMF y arrancamos directamente el Apache:

    # echo "run::sysinit:/etc/rc.local >/dev/msglog 2>&1 </dev/console" > /system/zones/${ZONENAME}/root/etc/inittab
    
    # vi /system/zones/${ZONENAME}/root/etc/rc.local
    #!/bin/bash
    
    zfs mount rpool/VARSHARE
    ZONENAME=$(zoneadm list)
    zoneadm -z ${ZONENAME} mark -a goals-online
    /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start
    zoneadm -z ${ZONENAME} mark -a goals-maintenance
    
    # chmod +x /system/zones/${ZONENAME}/root/etc/rc.local

    En el script de arranque (rc.local), tenemos que montar el /var/share para poder utilizar el comando zoneadm. Con el comando zoneadm marcamos que la zona ha llegado al estado goals-online con lo que el servicio denominado svc:/system/zones/zone:${ZONENAME} de la zona global pasa al estado online. 

    # zoneadm -z ${ZONENAME} boot
    
    # ptree -z ${ZONENAME}
    18387 zsched
      18461 /usr/sbin/init
        18463 /bin/bash /etc/rc.local
          18473 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start
            18474 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start
            18475 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start
            18476 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start
    
    
    # zonestat 5
    Collecting data for first interval...
    Interval: 1, Duration: 0:00:05
    SUMMARY                   Cpus/Online: 8/8   PhysMem: 8192M  VirtMem: 9215M
                        ----------CPU---------- --PhysMem-- --VirtMem-- --PhysNet--
                   ZONE  USED %PART  STLN %STLN  USED %USED  USED %USED PBYTE %PUSE
                [total]  0.00 0.10%  0.00 0.00% 2216M 27.0% 2357M 25.5%  2188 0.00%
               [system]  0.00 0.02%  0.00 0.00% 1849M 22.5% 1906M 20.6%     -     -
                 global  0.00 0.08%     -     -  351M 4.29%  432M 4.69%  2188 0.00%
                  zone1  0.00 0.00%     -     - 15.3M 0.18% 18.1M 0.19%     0 0.00%

    Ahora vemos que hay muchos menos procesos ejecutaádose en la zona, y la memoria a disminuido considerablemente. 

    Ahora podemos ahorrarnos todo el disco de los binarios, que son exactamente iguales que los de la zona global, para eso montamos los sistemas de ficheros de la zona global (similar a las zonas SMALL de Solaris 10).

    Configuramos la zona para montar /usr, /lib y /platform de la zona global:

    # zonecfg -z ${ZONENAME}
    add fs
    set dir=/usr
    set special=/usr
    set type=lofs
    add options ro
    end
    add fs
    set dir=/lib
    set special=/lib
    set type=lofs
    add options ro
    end
    add fs
    set dir=/platform
    set special=/platform
    set type=lofs
    add options ro
    end
    commit 
    exit
    

    Borramos los ficheros de la zona:

    # rm -rf /system/zones/${ZONENAME}/root/usr/* /system/zones/${ZONENAME}/root/lib/* /system/zones/${ZONENAME}/root/platform/*

    Vemos que se ha liberado el espacio:

    # du -sh /system/zones/${ZONENAME}  
     144M   /system/zones/zone1

    Por último podemos borrar los snapshots de la instalación:

    # zfs destroy -r rpool/VARSHARE/zones/${ZONENAME}/rpool/ROOT/zbe@install
  • In this article, we will try to get a Solaris 11 zone with the minimum amount of resources as posible. In order to acomplish it, we will use the global zone's network and filesystems, and we don't start the SMF's services

    First we configure a normal zone, this will be the baseline for comparisson.

    We define the zonename as a variable

    # export ZONENAME=zone1

    We configure the zone

    # zonecfg -z ${ZONENAME}
    create -b
    set brand=solaris
    set ip-type=shared
    add net
    set address=192.168.170.253/24
    set physical=vlan170
    end
    commit
    exit


    Now, instead of installing with default values, we start cutting some space and services in the zone's manifest and config

    # vi mainfest.xml
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE auto_install SYSTEM "file:///usr/share/install/ai.dtd.1">
    <auto_install>
        <ai_instance name="zone_default">
            <target>
                <logical>
                    <zpool name="rpool">
                        <be name="zbe">
                            <options>
                                <option name="compression" value="on"/>
                            </options>
                        </be>
                    </zpool>
                </logical>
            </target>
            <software type="IPS">
                <software_data action="install">
                    <name>core-os</name>
                </software_data>
            </software>
        </ai_instance>
    </auto_install>

     

    # vi config.xml
    <?xml version='1.0' encoding='US-ASCII'?>
    <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
    <!-- Auto-generated by sysconfig -->
    <service_bundle name="sysconfig" type="profile">
      <service name="system/identity" type="service" version="1">
        <instance enabled="true" name="cert"/>
        <instance enabled="true" name="node">
          <property_group name="config" type="application">
            <propval name="nodename" type="astring" value="solaris"/>
          </property_group>
        </instance>
      </service>
      <service name="system/name-service/cache" type="service" version="1">
        <instance enabled="true" name="default"/>
      </service>
      <service name="system/name-service/switch" type="service" version="1">
        <property_group name="config" type="application">
          <propval name="default" type="astring" value="files"/>
        </property_group>
        <instance enabled="true" name="default"/>
      </service>
      <service name="system/keymap" type="service" version="1">
        <instance enabled="true" name="default">
          <property_group name="keymap" type="application">
            <propval name="layout" type="astring" value="Spanish"/>
          </property_group>
        </instance>
      </service>
      <service name="system/environment" type="service" version="1">
        <instance enabled="true" name="init">
          <property_group name="environment" type="application">
            <propval name="LANG" type="astring" value="C"/>
          </property_group>
        </instance>
      </service>
      <service name="system/timezone" type="service" version="1">
        <instance enabled="true" name="default">
          <property_group name="timezone" type="application">
            <propval name="localtime" type="astring" value="UTC"/>
          </property_group>
        </instance>
      </service>
      <service name="system/config-user" type="service" version="1">
        <instance enabled="true" name="default">
          <property_group name="root_account" type="application">
            <propval name="password" type="astring" value="$5$rounds=10000$lDL4x5q8$IlHsdf·Re3f$·iP5AAK8Jj6YF/wnigr$·"d9O825MC"/>
            <propval name="type" type="astring" value="normal"/>
            <propval name="login" type="astring" value="root"/>
          </property_group>
        </instance>
      </service>
    </service_bundle>

    Zone installation

    # zoneadm -z ${ZONENAME} install -m manifest.xml -c config.xml
    The following ZFS file system(s) have been created:
        rpool/VARSHARE/zones/zone1
    Progress being logged to /var/log/zones/zoneadm.20200304T094644Z.zone1.install
           Image: Preparing at /system/zones/zone1/root.
    
     Install Log: /system/volatile/install.14837/install_log
     AI Manifest: /tmp/manifest.xml.KwahVa
      SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
        Zonename: zone1
    Installation: Starting...
    
            Creating IPS image
    Startup linked: 1/1 done
            Installing packages from:
                solaris
                    origin:  http://pkg.gestio.sys/oracle/
    DOWNLOAD                                PKGS         FILES    XFER (MB)   SPEED
    Completed                            306/306   47432/47432  327.0/327.0  6.5M/s
    
    PHASE                                          ITEMS
    Installing new actions                   66258/66258
    Updating package state database                 Done 
    Updating package cache                           0/0 
    Updating image state                            Done 
    Creating fast lookup database                   Done 
    Updating package cache                           1/1 
    Installation: Succeeded
     done.
    
            Done: Installation completed in 248.885 seconds.
    
    
      Next Steps: Boot the zone, then log into the zone console (zlogin -C)
    
                  to complete the configuration process.
    
    Log saved in non-global zone as /system/zones/zone1/root/var/log/zones/zoneadm.20200304T094644Z.zone1.install

    The minimum package we can install is core-os, it takes 717Mb

    # du -sh /system/zones/${ZONENAME}  
     717M   /system/zones/zone1
    

    We make a first boot in order to configure the services

    # zoneadm -z ${ZONENAME} boot

    We install and start apache

    # zlogin ${ZONENAME} pkg install apache-24
    # zlogin ${ZONENAME} svcadm enable apache24

    Now we see all the processes and how much memory it takes in the zone

    # ptree -z ${ZONENAME}
    17019 zsched
      17093 /usr/sbin/init
    17101 /lib/svc/bin/svc.startd
      17507 /usr/sbin/ttymon -g -d /dev/console -l console -m ldterm,ttcompat -h -p solaris console login: 
    17103 /lib/svc/bin/svc.configd
    17177 /usr/sbin/sysobjd -d 0 -b 300 -t 300 -n 5
    17191 /lib/crypto/kcfd
    17202 /usr/lib/pfexecd
    17224 /usr/lib/utmpd
    17232 /sbin/sh /lib/svc/method/net-ipmgmt start
      17233 sleep 3600
    17265 /lib/svc/bin/svc.periodicd
    17270 /usr/lib/rad/rad -sp
    17361 /usr/lib/zones/zoneproxy-client -s localhost:1008
    17375 /usr/sbin/rpcbind -w
    17389 /usr/lib/fm/fmd/fmd
    17437 /usr/sbin/cron
    17443 /usr/lib/inet/inetd start
    17463 /usr/lib/sstore/bin/sstored --events --repo-path /var/share/sstore/repo --max-repo-size 2048
    17471 /usr/sbin/nscd
    17489 /usr/sbin/syslogd
    17537 /usr/lib/sstore/bin/sysstatd --max-process-size=268435456
    17577 /usr/apache2/2.4/bin/httpd -k start
      17578 /usr/apache2/2.4/bin/httpd -k start
      17579 /usr/apache2/2.4/bin/httpd -k start
      17580 /usr/apache2/2.4/bin/httpd -k start
    # zonestat 5
    Collecting data for first interval...
    Interval: 1, Duration: 0:00:05
    SUMMARY                   Cpus/Online: 8/8   PhysMem: 8192M  VirtMem: 9215M
                        ----------CPU---------- --PhysMem-- --VirtMem-- --PhysNet--
                   ZONE  USED %PART  STLN %STLN  USED %USED  USED %USED PBYTE %PUSE
                [total]  0.01 0.14%  0.00 0.00% 2442M 29.8% 2602M 28.2%  2576 0.00%
               [system]  0.00 0.02%  0.00 0.00% 1858M 22.6% 1926M 20.8%     -     -
                 global  0.00 0.10%     -     -  351M 4.29%  431M 4.68%  2576 0.00%
                  zone1  0.00 0.01%     -     -  232M 2.83%  244M 2.65%     0 0.00%

    Now we turn off the zone

    # zoneadm -z ${ZONENAME} halt

    We will now disable SMF by starting Apache from inittab

    # echo "run::sysinit:/etc/rc.local >/dev/msglog 2>&1 </dev/console" > /system/zones/${ZONENAME}/root/etc/inittab
    
    # vi /system/zones/${ZONENAME}/root/etc/rc.local
    #!/bin/bash
    
    zfs mount rpool/VARSHARE
    ZONENAME=$(zoneadm list)
    zoneadm -z ${ZONENAME} mark -a goals-online
    /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start
    zoneadm -z ${ZONENAME} mark -a goals-maintenance
    
    # chmod +x /system/zones/${ZONENAME}/root/etc/rc.local

    In the start script (rc.local) we have to mount /var/share because it is needed by zoneadm. With zoneadm we mark that the zone arrived to the goals-online service, then the service named  svc:/system/zones/zone:${ZONENAME} at the global zone goes to the online state.

    # zoneadm -z ${ZONENAME} boot
    
    # ptree -z ${ZONENAME}
    18387 zsched
      18461 /usr/sbin/init
        18463 /bin/bash /etc/rc.local
          18473 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start
            18474 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start
            18475 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start
            18476 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start
    
    
    # zonestat 5
    Collecting data for first interval...
    Interval: 1, Duration: 0:00:05
    SUMMARY                   Cpus/Online: 8/8   PhysMem: 8192M  VirtMem: 9215M
                        ----------CPU---------- --PhysMem-- --VirtMem-- --PhysNet--
                   ZONE  USED %PART  STLN %STLN  USED %USED  USED %USED PBYTE %PUSE
                [total]  0.00 0.10%  0.00 0.00% 2216M 27.0% 2357M 25.5%  2188 0.00%
               [system]  0.00 0.02%  0.00 0.00% 1849M 22.5% 1906M 20.6%     -     -
                 global  0.00 0.08%     -     -  351M 4.29%  432M 4.69%  2188 0.00%
                  zone1  0.00 0.00%     -     - 15.3M 0.18% 18.1M 0.19%     0 0.00%

    Now we see that we have just a few processes and the memory footprint of the zone is a lot less than before

    Then we can delete some directories and use the global zone. We mount the files from the global zone (similarly as we used to do with solaris 10 SMALL zones)

    Now we configure the zone

    # zonecfg -z ${ZONENAME}
    add fs
    set dir=/usr
    set special=/usr
    set type=lofs
    add options ro
    end
    add fs
    set dir=/lib
    set special=/lib
    set type=lofs
    add options ro
    end
    add fs
    set dir=/platform
    set special=/platform
    set type=lofs
    add options ro
    end
    commit 
    exit
    

    We delete the files

    # rm -rf /system/zones/${ZONENAME}/root/usr/* /system/zones/${ZONENAME}/root/lib/* /system/zones/${ZONENAME}/root/platform/*

    We deleted 600Mb

    # du -sh /system/zones/${ZONENAME}  
     144M   /system/zones/zone1

    We can now delete the snapshots made by the install command:

    # zfs destroy -r rpool/VARSHARE/zones/${ZONENAME}/rpool/ROOT/zbe@install
   
© Copyright © 2020 Web de Guillermo Adrián Molina. All Rights Reserved.