Powered by NETWORK.COM  
Open Source Software for Solaris
An OpenSolaris Community Site 		Current Software Packages
Open Bug Tracking		 
    · Home of “Community Software for Solaris” ( CSW )
  
The Solaris 8 Container & Solaris 9 Container : A Brief Introduction

Figure 1 : Migrate from Solaris 8 Hardware to New Solaris 10 Virtualization
Migrate from old Solaris 8 Hardware to New Solaris 10 Virtualization


Overview :
    Solaris™ is a true and venerable UNIX® system and the UNIX® logo inspires great trust in those that use Solaris. Long term stability and reliability are both clear indications of strict adherance to well engineered standards and testing methods. The only drawback to such steadfast and loyal standards compliance is that Solaris servers tend to outlast all those that surround them. System longevity is further magnified when we combine the Solaris Operating System with Sun Hardware and then ensure that the power and cooling systems are well provided for. Carefully planned IT infrastructure often results in production servers that are over ten years old and still running three hundred and sixty five days a year flawlessly. How then does one escape the dread of critical production loss? How will an IT manager finally be able to safely migrate away from servers that were purchased in 1998? The solution is to be found in Solaris 10 and a virtualization technology called the “Solaris Container”. Thanks to the release of “Solaris Containers” we may now migrate away from Solaris 8 both fearlessly and effortlessly. This article gives a brief overview of this new technology and illustrates how one may perform a backup and restore operation which results in the Solaris 8 production server running within a resource controlled “Solaris Container”.

Resources Required : Software and Hardware
    In order to take advantage of a Solaris 8 Container or Solaris 9 Container you will need reasonable Sun UltraSparc based hardware as well as an up to date revision of Solaris 10. You will also need the “Solaris Containers” software which enables Solaris 10 to virtualize a Solaris 8 or Solaris 9 instance. All of these software resources may be downloaded from the Sun website :

  1. Get the Solaris 10 Operating System - Free Solaris 10 5/08 download
  2. Get Solaris 8 Containers - formerly known as Solaris 8 Migration Assistant, this software allows you to run Solaris 8 applications, unchanged, on the latest SPARC systems and Solaris 10.
  3. Get Solaris 9 Containers - Solaris 9 Containers allow Solaris 9 based applications to run on the latest SPARC systems within Solaris 10.

Take Note :
  • Solaris 9 Containers software requires a SPARC system running Solaris 10 8/07 or later with patch #127111-01 or later revisions.
  • Solaris 8 Containers require Solaris 10 8/07 ( update 4 ) and kernel rev 127111-01 or -02 or -03 as a minimum.


Preliminary Setup : Install Solaris 10 Update 5
    You will need a recent copy of Solaris 10. At the very least you need Solaris 10 Update 4 with recent patches applied:
# uname -a SunOS jupiter 5.10 Generic_127111-11 sun4u sparc SUNW,Sun-Fire-480R # cat /etc/release Solaris 10 8/07 s10s_u4wos_12b SPARC Copyright 2007 Sun Microsystems, Inc. All Rights Reserved. Use is subject to license terms. Assembled 16 August 2007
    The best way to proceed is to use the recently released Solaris 10 Update 5 :
# uname -a SunOS jupiter 5.10 Generic_127127-11 sun4u sparc SUNW,Sun-Fire-480R # cat /etc/release Solaris 10 5/08 s10s_u5wos_10 SPARC Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. Use is subject to license terms. Assembled 24 March 2008
    There are many variables involved in installing and configuring Solaris 10 and a complete discussion is beyond the scope of this document. Suffice it to say that you will need enough memory and processors and storage to handle the creation of your Solaris 8 Containers. In this particular example we will employ a Sun Fire V480R server with four 900MHz UltraSparc processors and 8 GB of memory. This server will be running Solaris 10 5/08 with ZFS based redundant storage for the Solaris 8 Container. Therefore we may say that the “global zone” is running Solaris 10 5/08 and within that “global zone” we will then create virtual operating system containers. These are NOT BSD Jails nor just chrooted environments. If you think that way then you are sadly mistaken and you are making a very common mistake. The Solaris Zone technology is a server virtualization implementation that allows dynamic resource control and allocation.


Figure 2 : Solaris 10 Zones or Virtualization Containers
Solaris 10 Zones or Virtualization Containers


Test Case One : Sun Netra 034 in Rack 05 : Webserver and Database Server
    The Solaris 8 server that will be “virtualized” is a Telco certified Sun Netra class machine which hosts an Apache 2.2.6 web server with PHP 5.2.4 and PostgreSQL 8.2.6. MySQL 5.0.51 is also installed and the unit has been in use for four years. The important point here is that this is not simply a demonstration example but an actual Solaris 8 server that will be moved into a Solaris 8 Container. It should be pointed out that the older Netra server has only one UltraSparc processor at 440MHz and 512MB of memory. The server was used for software testing and for database development work.
    Due to rack space and power usage issues the server was backed up on the 8th of February 2008 and then left powered off until required. Thus we have a few ufsdump output files on NFS based storage :
# ls -l /export/nfs/backup/host-pluto-netra034-rack05 total 1025856 -rw------- 1 root root 29774450 Feb 8 18:22 export_home_slice7.dump.bz2 -rw------- 1 root root 44036477 Feb 8 18:16 opt_slice5.dump.bz2 -rw------- 1 root root 451130522 Feb 8 18:04 root_slice0.dump.bz2
    Very basic data is required in order to restore this server into a Solaris 8 Container :
  • hostname
  • hostid
  • total disk space used by all UFS filesystems
  • amount of swap space typically used by the server
  • amount of memory in the server
  • essential network configuration such as
    1. TCP/IP Address
    2. netmask
    3. default router
    4. DNS and Name Server or Name Resolution data

Setup ZFS Storage :
    The Solaris 8 server with hostname “pluto” was quite small in terms of disk space requirements. It will require no more than 8 GB of disk space in a ZFS filesystem. Please see the zfs (1M) manpage for details about the options used below :
# zfs create -o aclinherit=passthrough \ > -o aclmode=passthrough \ > -o compression=on \ > -o devices=on \ > -o exec=on \ > -o mountpoint=/zone/z_001 \ > -o quota=8G \ > -o setuid=on \ > -o xattr=on \ > zone_pool/z_001
    Ensure that the new ZFS filesystem is only accessible to the root user :
# chown root:root /zone/z_001 # chmod 0700 /zone/z_001
    Review the ZFS filesystem that will contain the Solaris 8 Container :
# zfs list zone_pool/z_001 NAME USED AVAIL REFER MOUNTPOINT zone_pool/z_001 24.5K 8.00G 24.5K /zone/z_001 # zfs get all zone_pool/z_001 NAME PROPERTY VALUE SOURCE zone_pool/z_001 type filesystem - zone_pool/z_001 creation Mon Apr 14 21:37 2008 - zone_pool/z_001 used 24.5K - zone_pool/z_001 available 8.00G - zone_pool/z_001 referenced 24.5K - zone_pool/z_001 compressratio 1.00x - zone_pool/z_001 mounted yes - zone_pool/z_001 quota 8G local zone_pool/z_001 reservation none default zone_pool/z_001 recordsize 128K default zone_pool/z_001 mountpoint /zone/z_001 local zone_pool/z_001 sharenfs off default zone_pool/z_001 checksum on default zone_pool/z_001 compression on local zone_pool/z_001 atime on default zone_pool/z_001 devices on local zone_pool/z_001 exec on local zone_pool/z_001 setuid on local zone_pool/z_001 readonly off default zone_pool/z_001 zoned off default zone_pool/z_001 snapdir hidden default zone_pool/z_001 aclmode passthrough local zone_pool/z_001 aclinherit passthrough local zone_pool/z_001 canmount on default zone_pool/z_001 shareiscsi off default zone_pool/z_001 xattr on local

Install Solaris 8 Container Software :
    First, here is the up to date file list for both Solaris 8 Containers and Solaris 9 Containers :
bash-3.1$ ls -l total 1758644 -rw-r--r-- 1 dclarke csw 257 Jun 4 14:45 md5sum_s8containers-1_0-07.list -rw-r--r-- 1 dclarke www 259 Jun 4 13:37 md5sum_s9containers-1_0-rr.list -rw-r--r-- 1 dclarke csw 22135867 Jun 4 14:26 s8containers-1_0-07-solaris10-sparc.tar.gz -rw-r--r-- 1 dclarke www 21710669 Jun 4 13:37 s9containers-1_0-rr-solaris10-sparc.tar.gz -rw-r--r-- 1 dclarke csw 576538362 Jun 4 14:45 solaris8-image.flar -rw-r--r-- 1 dclarke csw 1179504752 Jun 4 14:06 solaris9-image.flar bash-3.1$ digest -v -a md5 s9containers-1_0-rr-solaris10-sparc.tar.gz md5 (s9containers-1_0-rr-solaris10-sparc.tar.gz) = 148a9c8518c0091c4e0910d3b832f214 bash-3.1$ digest -v -a md5 s9containers-1_0-rr-solaris10-sparc.tar.gz md5 (s9containers-1_0-rr-solaris10-sparc.tar.gz) = 148a9c8518c0091c4e0910d3b832f214
    Extract the Solaris 8 Container software packages and install thus :
# ls -lap total 10 drwxr-xr-x 5 root root 512 Mar 4 17:24 ./ drwxr-xr-x 3 root root 512 Mar 4 17:25 ../ drwxr-xr-x 4 root root 512 Mar 4 17:24 SUNWs8brandr/ drwxr-xr-x 4 root root 512 Mar 4 17:24 SUNWs8brandu/ drwxr-xr-x 4 root root 512 Mar 4 17:24 SUNWs8p2v/ # pkgadd -d `pwd` SUNWs8brandr SUNWs8brandu Processing package instance <SUNWs8brandr> from </eTude/s8ma-1_0-03/Product> Solaris 8 Migration Assistant: solaris8 brand support (Root)(sparc) 11.10.0,REV=2007.10.08.16.51 Copyright 2007 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Using </> as the package base directory. ## Processing package information. ## Processing system information. 7 package pathnames are already properly installed. ## Verifying package dependencies. ## Verifying disk space requirements. ## Checking for conflicts with packages already installed. ## Checking for setuid/setgid programs. Installing Solaris 8 Migration Assistant: solaris8 brand support (Root) as <SUNWs8brandr> ## Installing part 1 of 1. /etc/zones/SUNWsolaris8.xml /platform/sun4u/kernel/brand/sparcv9/s8_brand /platform/sun4v/kernel/brand/sparcv9/s8_brand [ verifying class <none> ] Installation of <SUNWs8brandr> was successful. Processing package instance <SUNWs8brandu> from </eTude/s8ma-1_0-03/Product> Solaris 8 Migration Assistant: solaris8 brand support (Usr)(sparc) 11.10.0,REV=2007.10.08.16.51 Copyright 2007 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Using </> as the package base directory. ## Processing package information. ## Processing system information. 7 package pathnames are already properly installed. ## Verifying package dependencies. ## Verifying disk space requirements. ## Checking for conflicts with packages already installed. ## Checking for setuid/setgid programs. This package contains scripts which will be executed with super-user permission during the process of installing this package. Do you want to continue with the installation of <SUNWs8brandu> [y,n,?] y Installing Solaris 8 Migration Assistant: solaris8 brand support (Usr) as <SUNWs8brandu> ## Installing part 1 of 1. /usr/lib/brand/solaris8/32 <symbolic link> /usr/lib/brand/solaris8/64 <symbolic link> /usr/lib/brand/solaris8/config.xml /usr/lib/brand/solaris8/files/init.d/afbinit <symbolic link> /usr/lib/brand/solaris8/files/init.d/buildmnttab <symbolic link> /usr/lib/brand/solaris8/files/init.d/cachefs.root <symbolic link> /usr/lib/brand/solaris8/files/init.d/cacheos <symbolic link> /usr/lib/brand/solaris8/files/init.d/capture_uptime <symbolic link> /usr/lib/brand/solaris8/files/init.d/cpudiagd <symbolic link> /usr/lib/brand/solaris8/files/init.d/devfsadm <symbolic link> /usr/lib/brand/solaris8/files/init.d/dhcpagent /usr/lib/brand/solaris8/files/init.d/icfa_pvr_runner <symbolic link> /usr/lib/brand/solaris8/files/init.d/ifbinit <symbolic link> /usr/lib/brand/solaris8/files/init.d/inetinit /usr/lib/brand/solaris8/files/init.d/inetsvc /usr/lib/brand/solaris8/files/init.d/init.srm <symbolic link> /usr/lib/brand/solaris8/files/init.d/initpcihpc <symbolic link> /usr/lib/brand/solaris8/files/init.d/initusb <symbolic link> /usr/lib/brand/solaris8/files/init.d/jfbinit <symbolic link> /usr/lib/brand/solaris8/files/init.d/keymap <symbolic link> /usr/lib/brand/solaris8/files/init.d/mipagent <symbolic link> /usr/lib/brand/solaris8/files/init.d/ncakmod <symbolic link> /usr/lib/brand/solaris8/files/init.d/network /usr/lib/brand/solaris8/files/init.d/nfs.server <symbolic link> /usr/lib/brand/solaris8/files/init.d/power <symbolic link> /usr/lib/brand/solaris8/files/init.d/pppd <symbolic link> /usr/lib/brand/solaris8/files/init.d/qlog-startup <symbolic link> /usr/lib/brand/solaris8/files/init.d/reboot_config_pvr_runner <symbolic link> /usr/lib/brand/solaris8/files/init.d/reboot_pvr_runner <symbolic link> /usr/lib/brand/solaris8/files/init.d/rootusr <symbolic link> /usr/lib/brand/solaris8/files/init.d/savecore <symbolic link> /usr/lib/brand/solaris8/files/init.d/standardmounts /usr/lib/brand/solaris8/files/init.d/sysid.net /usr/lib/brand/solaris8/files/init.d/sysid.sys /usr/lib/brand/solaris8/files/init.d/syslog /usr/lib/brand/solaris8/files/init.d/volmgt <symbolic link> /usr/lib/brand/solaris8/files/init.d/vras-vradmind.sh <symbolic link> /usr/lib/brand/solaris8/files/init.d/vxfsldlic <symbolic link> /usr/lib/brand/solaris8/files/init.d/vxnm-host_infod <symbolic link> /usr/lib/brand/solaris8/files/init.d/vxnm-vxnetd <symbolic link> /usr/lib/brand/solaris8/files/init.d/vxrsyncd.sh <symbolic link> /usr/lib/brand/solaris8/files/init.d/vxvm-reconfig <symbolic link> /usr/lib/brand/solaris8/files/init.d/vxvm-recover <symbolic link> /usr/lib/brand/solaris8/files/init.d/vxvm-shutdown <symbolic link> /usr/lib/brand/solaris8/files/init.d/vxvm-startup1 <symbolic link> /usr/lib/brand/solaris8/files/init.d/vxvm-startup2 <symbolic link> /usr/lib/brand/solaris8/files/init.d/vxvm-startvc <symbolic link> /usr/lib/brand/solaris8/files/init.d/vxvm-sysboot <symbolic link> /usr/lib/brand/solaris8/files/patches/109147-44.zip /usr/lib/brand/solaris8/files/patches/109221-01.zip /usr/lib/brand/solaris8/files/patches/111023-03.zip /usr/lib/brand/solaris8/files/patches/111431-01.zip /usr/lib/brand/solaris8/files/patches/112050-04.zip /usr/lib/brand/solaris8/files/patches/112605-04.zip /usr/lib/brand/solaris8/files/patches/order /usr/lib/brand/solaris8/files/rc0 /usr/lib/brand/solaris8/files/rc2 /usr/lib/brand/solaris8/files/rc2.d/S95cst <symbolic link> /usr/lib/brand/solaris8/files/rc3 /usr/lib/brand/solaris8/files/rcS /usr/lib/brand/solaris8/mods/S20_apply_patches /usr/lib/brand/solaris8/mods/S31_fix_net /usr/lib/brand/solaris8/mods/S32_fix_nfs /usr/lib/brand/solaris8/mods/S33_fix_vfstab /usr/lib/brand/solaris8/mods/S34_fix_inittab /usr/lib/brand/solaris8/mods/S35_fix_crontab /usr/lib/brand/solaris8/mods/S36_fix_pam_conf /usr/lib/brand/solaris8/mods/S40_setup_preload /usr/lib/brand/solaris8/netifs /usr/lib/brand/solaris8/platform.xml /usr/lib/brand/solaris8/s8_boot /usr/lib/brand/solaris8/s8_install /usr/lib/brand/solaris8/s8_ksyms /usr/lib/brand/solaris8/s8_lockd /usr/lib/brand/solaris8/s8_native /usr/lib/brand/solaris8/s8_netifs /usr/lib/brand/solaris8/s8_p2v /usr/lib/brand/solaris8/s8_postclone /usr/lib/brand/solaris8/s8_preload.so.1 /usr/lib/brand/solaris8/s8_prtconf /usr/lib/brand/solaris8/s8_psrinfo /usr/lib/brand/solaris8/s8_servicetag /usr/lib/brand/solaris8/s8_statd /usr/lib/brand/solaris8/s8_support /usr/lib/brand/solaris8/s8_system /usr/lib/brand/solaris8/sparcv9/s8_preload.so.1 /usr/lib/s8_brand.so.1 /usr/lib/s8_npreload.so.1 /usr/lib/sparcv9/s8_brand.so.1 /usr/lib/sparcv9/s8_npreload.so.1 /usr/share/man/man5/solaris8.5 [ verifying class <none> ] ## Executing postinstall script. Adding service tags for installed solaris8 zones: Installation of <SUNWs8brandu> was successful. #
    You may also install Solaris 9 Container software packages also. Please see details here.

Apply Patch 128548-05 ( or later rev if available ) :
    In order to use the Solaris 8 Container technology you need to apply patch 128548-05 ( or later). If you do not apply this patch then you are quite firmly stuck with Solaris 10 8/07 ( update 4 ) and kernel rev 127111-01 or -02 or -03 and that is it. Do the smart thing and just update all your patches or better yet, just upgrade to the latest rev of Solaris 10 which is Solaris 10 5/08 from this year. You will need to have a Solaris Maintenance Contract in order to access the full range of patches and services available at Sunsolve. Once you have patch 128548-05 then apply it :
# patchadd -M /patch 128548-05 Validating patches... Loading patches installed on the system... Done! Loading patches requested to install. Done! Checking patches that you specified for installation. Done! Approved patches will be installed in this order: 128548-05 Checking installed patches... Executing prepatch script... Verifying sufficient filesystem capacity (dry run method)... Installing patch packages... Patch 128548-05 has been successfully installed. See /var/sadm/patch/128548-05/log for details Patch packages installed: SUNWs8brandr SUNWs8brandu
    Look at the files in /usr/lib/brand/solaris8 and ensure that their dates are the same or newer than the following :
# ls -lap /usr/lib/brand/ total 74 drwxr-xr-x 5 root bin 512 Jun 4 18:05 ./ drwxr-xr-x 131 root bin 33280 Jun 4 18:05 ../ drwxr-xr-x 2 root sys 512 Apr 16 13:39 native/ drwxr-xr-x 5 root sys 1024 Apr 17 21:14 solaris8/ drwxr-xr-x 5 root sys 1024 Jun 4 18:05 solaris9/ # ls -lap /usr/lib/brand/solaris9/ total 284 drwxr-xr-x 5 root sys 1024 Jun 4 18:05 ./ drwxr-xr-x 5 root bin 512 Jun 4 18:05 ../ lrwxrwxrwx 1 root root 1 Jun 4 18:05 32 -> ./ lrwxrwxrwx 1 root root 7 Jun 4 18:05 64 -> sparcv9/ -r--r--r-- 1 root bin 3547 Apr 24 05:30 config.xml drwxr-xr-x 8 root sys 512 Jun 4 18:05 files/ drwxr-xr-x 2 root sys 512 Jun 4 18:05 mods/ -rwxr-xr-x 1 root bin 9904 Apr 24 05:32 netifs -r--r--r-- 1 root bin 4315 Apr 24 05:30 platform.xml -rwxr-xr-x 1 root bin 9524 Apr 24 05:30 s9_boot -rwxr-xr-x 1 root bin 21196 Apr 24 05:30 s9_install -rwxr-xr-x 1 root bin 958 Apr 24 05:32 s9_ipsecconf -rwxr-xr-x 1 root bin 955 Apr 24 05:32 s9_ipseckey -r--r--r-- 1 root sys 10880 Apr 24 05:32 s9_ksyms -rwxr-xr-x 1 root bin 901 Apr 24 05:32 s9_lockd -rwxr-xr-x 1 root bin 164 Apr 24 05:32 s9_native -rwxr-xr-x 1 root bin 914 Apr 24 05:32 s9_netifs -rwxr-xr-x 1 root bin 904 Apr 24 05:32 s9_netstat -rwxr-xr-x 1 root bin 10945 Apr 24 05:30 s9_p2v -rwxr-xr-x 1 root bin 1388 Apr 24 05:30 s9_postclone -rwxr-xr-x 1 root bin 2108 Apr 24 05:32 s9_prctl -rwxr-xr-x 1 root bin 16952 Apr 24 21:27 s9_prctl.so.1 -rwxr-xr-x 1 root bin 13244 Apr 24 05:31 s9_preload.so.1 -rwxr-xr-x 1 root bin 968 Apr 24 05:32 s9_prtconf -rwxr-xr-x 1 root bin 288 Apr 24 05:32 s9_prtdiag -rwxr-xr-x 1 root bin 905 Apr 24 05:32 s9_psrinfo -rwxr-xr-x 1 root bin 4946 Apr 24 05:30 s9_servicetag -rwxr-xr-x 1 root bin 901 Apr 24 05:32 s9_statd -rwxr-xr-x 1 root bin 10436 Apr 24 05:31 s9_support -rwxr-xr-x 1 root bin 1627 Apr 24 05:30 s9_system drwxr-xr-x 2 root bin 512 Jun 4 18:05 sparcv9/ # ls -lap /usr/lib/brand/solaris8/ total 240 drwxr-xr-x 5 root sys 1024 Apr 17 21:14 ./ drwxr-xr-x 4 root bin 512 Apr 17 19:37 ../ lrwxrwxrwx 1 root root 1 Apr 17 19:37 32 -> ./ lrwxrwxrwx 1 root root 7 Apr 17 19:37 64 -> sparcv9/ -r--r--r-- 1 root bin 3548 Oct 8 2007 config.xml drwxr-xr-x 8 root sys 512 Apr 17 19:37 files/ drwxr-xr-x 2 root sys 512 Apr 17 21:14 mods/ -rwxr-xr-x 1 root bin 9916 Jan 8 22:41 netifs -r--r--r-- 1 root bin 4330 Oct 8 2007 platform.xml -rwxr-xr-x 1 root bin 9647 Mar 18 16:32 s8_boot -rwxr-xr-x 1 root bin 20969 Jan 25 18:16 s8_install -r--r--r-- 1 root sys 10888 Jan 8 22:41 s8_ksyms -rwxr-xr-x 1 root bin 901 Oct 8 2007 s8_lockd -rwxr-xr-x 1 root bin 164 Oct 8 2007 s8_native -rwxr-xr-x 1 root bin 914 Oct 8 2007 s8_netifs -rwxr-xr-x 1 root bin 904 Mar 13 18:01 s8_netstat -rwxr-xr-x 1 root bin 10953 Oct 11 2007 s8_p2v -rwxr-xr-x 1 root bin 1388 Oct 8 2007 s8_postclone -rwxr-xr-x 1 root bin 13256 Jan 8 22:41 s8_preload.so.1 -rwxr-xr-x 1 root bin 968 Mar 13 18:01 s8_prtconf -rwxr-xr-x 1 root bin 288 Mar 13 18:01 s8_prtdiag -rwxr-xr-x 1 root bin 905 Oct 17 2007 s8_psrinfo -rwxr-xr-x 1 root bin 4955 Oct 8 2007 s8_servicetag -rwxr-xr-x 1 root bin 901 Oct 8 2007 s8_statd -rwxr-xr-x 1 root bin 10368 Mar 13 18:02 s8_support -rwxr-xr-x 1 root bin 1627 Oct 8 2007 s8_system drwxr-xr-x 2 root bin 512 Apr 17 19:37 sparcv9/

Configure the Solaris 8 Container :
    This next step has been well documented for native Solaris 10 zones. Everything that you will see here has been done before with the exception of the brand of the zone. We will set this zone to be a “solaris8” brand with the very first subcommand create -t SUNWsolaris8 and then set various resources such as network interface, CPU limits, memory and swap as well as a few privileges added for example.
# zonecfg -z z_001 z_001: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:z_001> create -t SUNWsolaris8 zonecfg:z_001> set zonepath=/zone/z_001 zonecfg:z_001> set autoboot=true zonecfg:z_001> set ip-type=exclusive zonecfg:z_001> add net zonecfg:z_001:net> set physical=ce0 zonecfg:z_001:net> end zonecfg:z_001> add attr zonecfg:z_001:attr> set name=hostid zonecfg:z_001:attr> set type=string zonecfg:z_001:attr> set value=80c1ee98 zonecfg:z_001:attr> end zonecfg:z_001> set limitpriv="default,cpc_cpu,proc_clock_highres" zonecfg:z_001> add capped-cpu zonecfg:z_001:capped-cpu> set ncpus=1 zonecfg:z_001:capped-cpu> end zonecfg:z_001> add capped-memory zonecfg:z_001:capped-memory> set physical=512m zonecfg:z_001:capped-memory> set swap=1024m zonecfg:z_001:capped-memory> end zonecfg:z_001> set max-lwps=384 zonecfg:z_001> info zonename: z_001 zonepath: /zone/z_001 brand: solaris8 autoboot: true bootargs: pool: limitpriv: default,cpc_cpu,proc_clock_highres scheduling-class: ip-type: exclusive [max-lwps: 384] net: address not specified physical: ce0 capped-cpu: [ncpus: 1.00] capped-memory: physical: 512M [swap: 1G] attr: name: hostid type: string value: 80c1ee98 rctl: name: zone.cpu-cap value: (priv=privileged,limit=100,action=deny) rctl: name: zone.max-swap value: (priv=privileged,limit=1073741824,action=deny) rctl: name: zone.max-lwps value: (priv=privileged,limit=384,action=deny) zonecfg:z_001> verify zonecfg:z_001> commit zonecfg:z_001> exit #
    Now use the zoneadm command the look at the current zones and their states :
# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / native shared - z_001 configured /zone/z_001 solaris8 excl
    Since we are using a backup image from a real server we should verify that the hostid in the new Solaris 8 Container will be the same as the real hardware :
# zonecfg -z z_001 info attr attr: name: hostid type: string value: 80c1ee98 #
    Now we finally get to the interesting part. This is where we use the zoneadm command to restore the Solaris 8 server state from the backup files into our Solaris 8 Container. A few words on the options available and why I did my restore with the “preserve state” option. If you look at the command you will see a number of options with the usual -z zonename as well as an obvious -v option for verbose output. The option to most concerned about is the -u which will reset the configuration of the server to a factory installed or “blank” unconfigured state. Not a good idea if you are trying to take a real server that works just fine and make it into a virtual Solaris 8 Container which will also work just fine. For all the details be sure to see the solaris8(5) manpage or simply see options available below : 
                  Installer Options : 

                        Option          Description

                        -a filepath     Location of archive from which to copy system image.
                                        Full flash archive and cpio, gzip compressed cpio,
                                        bzip compressed cpio, and level 0 ufsdump are
                                        supported. Refer to the gzip man page available in the
                                        SUNWsfman package.

                        -d              Location of directory from which to copy system image.

                        -p              Preserve system identity.

                        -s              Install silently.

                        -u              sys-unconfig the zone to an unconfigured state.

                        -v              Verbose output.
    There are three ufsdump files to choose from but we are only interested in the root filesystem at this time.
# zoneadm -z z_001 install -v -p -a /export/nfs/backup/host-pluto-netra034-rack05/root_slice0.dump Log File: /var/tmp/z_001.install.1185.log Product: Solaris 8 Migration Assistant 1.0 Installer: solaris8 brand installer 1.21 Zone: z_001 Path: /zone/z_001 Source: /export/nfs/backup/host-pluto-netra034-rack05/root_slice0.dump Media Type: ufsdump archive Installing: This may take several minutes... Sanity Check: Passed. Looks like a Solaris 8 system. Postprocessing: This may take several minutes... Postprocess: Gathering information about zone z_001 Postprocess: Creating mount points Postprocess: Processing /etc/system Postprocess: Booting zone to single user mode Postprocess: Applying p2v module S20_apply_patches S20_apply_patches: Unpacking patch: 109147-44 S20_apply_patches: Installing patch: 109147-44 S20_apply_patches: Unpacking patch: 111023-03 S20_apply_patches: Installing patch: 111023-03 S20_apply_patches: Unpacking patch: 111431-01 S20_apply_patches: Installing patch: 111431-01 S20_apply_patches: Unpacking patch: 112605-04 S20_apply_patches: Installing patch: 112605-04 S20_apply_patches: Unpacking patch: 112050-04 S20_apply_patches: Installing patch: 112050-04 S20_apply_patches: Unpacking patch: 109221-01 S20_apply_patches: Installing patch: 109221-01 Postprocess: Applying p2v module S31_fix_net Cannot update /etc/hostname.{net} file Postprocess: Applying p2v module S32_fix_nfs Postprocess: Applying p2v module S33_fix_vfstab Postprocess: Applying p2v module S34_fix_inittab Postprocess: Applying p2v module S35_fix_crontab Postprocess: Applying p2v module S36_fix_pam_conf Postprocess: Applying p2v module S40_setup_preload Postprocess: Halting zone Postprocess: Postprocessing successful. Result: Postprocessing complete. Service Tag: Gathering information about zone z_001 Service Tag: Adding service tag: urn:st:2ac5ea1a-ab15-6ab4-b94d-a3276facb9ab Service Tag: Operation successful. Result: Installation completed successfully. Log File: /zone/z_001/root/var/log/z_001.install.1185.log # # zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / native shared - z_001 installed /zone/z_001 solaris8 excl #

Physical to Virtual Zone Migration and Initial Boot Magic
    The next command is a bit mysterious in that it is the fairy godmother's magic wand which will transform the mouse into a horse. This one command seems to run about through various places in the Solaris 8 Container and ensures that inappropriate configuration data is corrected. The most obvious of these transformations is the cleanup of the /etc/system file that contained a number of kernel variable modifications. The Solaris 10 kernel is quite dynamic and there is no need to specify max_nprocs ( maximum number of processes ) or maxuprc ( maximum number of processes per user ). These resources are controlled by the global zone along with a collection of old Solstice Disksuite settings that have no place on a modern ZFS based virtual zone. Here then is a very typical example of what you will see when you run s8_p2v ( Solaris 8 Physical to Virtual ) :
# /usr/lib/brand/solaris8/s8_p2v z_001 NOTICE: /etc/system directive 'set reserved_procs = 128'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'set max_nprocs = 512'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'set maxuprc = 96'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'set md_mirror:md_resync_bufsz = 2048'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'forceload: misc/md_trans'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'forceload: misc/md_raid'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'forceload: misc/md_hotspares'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'forceload: misc/md_sp'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'forceload: misc/md_stripe'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'forceload: misc/md_mirror'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'forceload: drv/pcipsy'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'forceload: drv/simba'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'forceload: drv/glm'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'forceload: drv/sd'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'rootdev:/pseudo/md@0:0,0,blk'; is not applicable in the virtual environment. NOTICE: /etc/system directive 'set md:mddb_bootlist1="sd:4:16 sd:4:1050 sd:12:16 sd:12:1050"'; is not applicable in the virtual environment. [Thu Apr 17 21:20:52 EDT 2008] S20_apply_patches: Unpacking patch: 109147-44 [Thu Apr 17 21:20:52 EDT 2008] S20_apply_patches: Installing patch: 109147-44 Checking installed patches... Patch 109147-44 has already been applied. See patchadd(1M) for instructions. Patchadd is terminating. [Thu Apr 17 21:20:56 EDT 2008] S20_apply_patches: Unpacking patch: 111023-03 [Thu Apr 17 21:20:56 EDT 2008] S20_apply_patches: Installing patch: 111023-03 Checking installed patches... Patch 111023-03 has already been applied. See patchadd(1M) for instructions. Patchadd is terminating. [Thu Apr 17 21:21:00 EDT 2008] S20_apply_patches: Unpacking patch: 111431-01 [Thu Apr 17 21:21:00 EDT 2008] S20_apply_patches: Installing patch: 111431-01 Checking installed patches... This patch is obsoleted by patch 108993-67 which has already been applied to this system. Patchadd is terminating. [Thu Apr 17 21:21:03 EDT 2008] S20_apply_patches: Unpacking patch: 112605-04 [Thu Apr 17 21:21:03 EDT 2008] S20_apply_patches: Installing patch: 112605-04 Checking installed patches... This patch is obsoleted by patch 108993-67 which has already been applied to this system. Patchadd is terminating. [Thu Apr 17 21:21:06 EDT 2008] S20_apply_patches: Unpacking patch: 112050-04 [Thu Apr 17 21:21:06 EDT 2008] S20_apply_patches: Installing patch: 112050-04 Checking installed patches... Patch 112050-04 has already been applied. See patchadd(1M) for instructions. Patchadd is terminating. [Thu Apr 17 21:21:09 EDT 2008] S20_apply_patches: Unpacking patch: 109221-01 [Thu Apr 17 21:21:09 EDT 2008] S20_apply_patches: Installing patch: 109221-01 Checking installed patches... This patch is obsoleted by patch 109318-39 which has already been applied to this system. Patchadd is terminating.
    Since the old UFS filesystems and their mount requirements no long bear any importance in the modern Solaris 8 Container it would be reasonable to assume that s8_p2v recognized this and fixed it. Let us therefore look at the /etc/vfstab file. We can do this from the Solaris 10 global zone thus :
# cat /zone/z_001/root/etc/vfstab #device device mount FS fsck mount mount #to mount to fsck point type pass at boot options # fd - /dev/fd fd - no - /proc - /proc proc - no - # /dev/md/dsk/d1 - - swap - no - # /dev/md/dsk/d0 /dev/md/rdsk/d0 / ufs 1 no - # /dev/md/dsk/d4 /dev/md/rdsk/d4 /export/home ufs 2 yes - # /dev/md/dsk/d5 /dev/md/rdsk/d5 /opt ufs 2 yes - swap - /tmp tmpfs - yes - # Modified by p2v Thu Apr 17 21:10:26 EDT 2008
    The most important thing that must happen next is that we restore the remaining filesystem data from the backup files :
# ls -lap /mnt/backup/host-pluto-netra034-rack05/ total 2556240 drwxr-xr-x 2 root root 512 Apr 17 19:50 ./ drwxr-xr-x 3 root root 512 Apr 17 20:12 ../ -rw------- 1 root root 30212096 Apr 17 19:44 export_home_slice7.dump -rw------- 1 root root 169574400 Apr 17 19:44 opt_slice5.dump -rw------- 1 root root 1108312064 Apr 17 19:44 root_slice0.dump # cd /zone/z_001/root/opt # ufsrestore rf /mnt/backup/host-pluto-netra034-rack05/opt_slice5.dump # cd /zone/z_001/root/export/home # ufsrestore rf /mnt/backup/host-pluto-netra034-rack05/export_home_slice7.dump
    This particular Solaris 8 Container is using an exclusive mode IP-stack. Because the network interface name has changed from the legacy hme0 ( happy meal ) to the gigabit ce0 we will need to tweak the network interface names :
# ls -lap /zone/z_001/root/etc/hostname* -rw-r--r-- 1 root root 6 Oct 18 2007 /zone/z_001/root/etc/hostname.hme0 # mv /zone/z_001/root/etc/hostname.hme1 /zone/z_001/root/etc/hostname.ce0

Boot and then Login to the Solaris 8 Container :
    This next step is what we have been working towards. Simply boot the zone with the zoneadm command and then login via zlogin :

( pay close attention to the Last login output from the console )

# zoneadm -z z_001 boot # zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / native shared 3 z_001 running /zone/z_001 solaris8 excl # zlogin -e\@ -C z_001 [Connected to zone 'z_001' console] pluto console login: root Password: Apr 17 21:34:30 pluto login: ROOT LOGIN /dev/console Last login: Sat Jan 26 21:11:40 on console Sun Microsystems Inc. SunOS 5.8 Generic Patch February 2004 # uname -a SunOS pluto 5.8 Generic_Virtual sun4u sparc SUNW,Sun-Fire-480R # cat /etc/release Solaris 8 2/04 s28s_hw4wos_05a SPARC Copyright 2004 Sun Microsystems, Inc. All Rights Reserved. Assembled 08 January 2004
    If you looked closely you would see that last login was Sat Jan 26. That is just to let you know that the machine was a real machine once upon a time and you, the root user, were logged in on the console back in January. Some time has passed and now you are back again, on the console. As far as your server is concerned, if it were self aware, nothing has changed other than it feels faster and has a lot more memory to work with.

A Few Thoughts About The Solaris Process Privilege Model and Zone Limitations :
    This section is optional information that may help to explain some privilege rights decisions.

    The Solaris Operating System has implemented a very fine grained privilege control mechanism such that processes may escape the wildly bi-polar “all or nothing” model of security. Historically we have seen systems admins grant root level rights to users such that they may do various actions on a Solaris system. We have also seen the usage of the set-uid-root incantation to allow a binary executable to run with full privileges. This sort of traditional approach has resulted in junior systems admins being granted full control of a production server. It also results in a systems programmer being given the ability to set a process to execute as if it were authroized by the root user. Both of these approaches have resulted in extensive downtime and lost revenue to industry because of simple, and often innocent, errors.

    Solaris Zones do not necessarily expose a full set of privilege options to processes that execute in the non-global zone. This stands to reason because one does not want a sysadmin with root level privileges in a non-global zone to destroy a file system or reset the global system clock. It would be equally offensive to have a Solaris 10 server with many virtual zones allow one of those zones to execute CPU and memory intensive code with real-time execution priority. Such a scenario would rapidly starve all other virtual zones of all resources. Therefore the Solaris 8 Container has limitations that may be unfamiliar and seemingly restrictive. Once you take a real piece of hardware and bring it into a virtual zone you will no longer have the ability to format disks or configure network interfaces at a whim. Your new Solaris 8 Container will be resource controlled as well as, possibly, restricted in terms of privilege rights. These new levels of control and resource management are benefits to the IT infrastructure because it means that a small server with few requirements will get what it needs and no more. Larger servers with large requirements will get all that they need but not at the expense of other virtual servers.

Limitations in the Solaris 8 Container :
Please review privileges(5) and take particular note of PRIV_CPC_CPU :
privileges(5) tells us : PRIV_CPC_CPU Allow a process to access per-CPU hardware performance counters.
    I wish to highlight this particular privilege because PRIV_CPC_CPU is not included in the Solaris 8 Container at this time. You may freely use the CPU Performance Counters Library Functions as described in the manpage for cpc(3CPC) within native Solaris 10 Zones. Any attempt to use such functions in the Solaris 8 Container will result in a Segmentation Fault and core dump. This is hardly a limitation but it does need to be brought to your attention.

    Here is a trivial example of code that will determine the performance counter interface string and print it to the console. First we will look at a Solaris 10 native zone :
$ zonename z_002 $ uname -a SunOS ceres 5.10 Generic_127127-11 sun4u sparc SUNW,Sun-Fire-480R $ cat cpc.c #include <libcpc.h> #include <stdio.h> int main(int argc, char *argv[]) { cpc_t *cpc_data; /* initializes libcpc */ cpc_data = cpc_open ( CPC_VER_CURRENT ); /* get a printable description of the processor * performance counter interfaces */ printf("\nprocessor perf counter interface : %s\n", cpc_cciname(cpc_data)); /* releases all cpc resources */ /* just FYI : cpc_close() function always returns 0 */ return(cpc_close(cpc_data)); } $ /opt/SUNWspro/bin/cc -c -o cpc.o cpc.c $ /opt/SUNWspro/bin/cc -o cpc cpc.o -lcpc $ ./cpc processor perf counter interface : UltraSPARC III+ & IV
    Now we see a similar result on a real Solaris 8 server :
$ uname -a SunOS ra 5.8 Generic_117350-53 sun4u sparc SUNW,Sun-Blade-1000 $ cat /etc/release Solaris 8 2/04 s28s_hw4wos_05a SPARC Copyright 2004 Sun Microsystems, Inc. All Rights Reserved. Assembled 08 January 2004 $ cat cpc_sol8.c /* Version for Solaris 8 */ #include <libcpc.h> #include <stdio.h> int main(int argc, char *argv[]) { int cpc_data; cpc_data = cpc_getcpuver(); /* get a printable description of the processor * performance counter interfaces */ printf("\nprocessor perf counter interface : %s\n", cpc_getcciname(cpc_data)); return(0); } $ /opt/SUNWspro/bin/cc -c -o cpc_sol8.o cpc_sol8.c $ /opt/SUNWspro/bin/cc -o cpc_sol8 cpc_sol8.o -lcpc $ ./cpc_sol8 processor perf counter interface : UltraSPARC III+ & IV
    The exact same source code compiles and runs on a Solaris 8 x86 server also :
$ uname -a SunOS titan 5.8 Generic_117351-53 i86pc i386 i86pc $ ./cpc_sol8 processor perf counter interface : Pentium Pro with MMX, Pentium II
    The exact same sparc binary from above does not quite work in a Solaris 8 Container :
$ uname -a SunOS pluto 5.8 Generic_Virtual sun4u sparc SUNW,Sun-Fire-480R $ ./cpc_sol8 Segmentation Fault - core dumped $ ls -lap core -rw------- 1 dclarke csw 3006277 Apr 21 00:18 core $ file core core: ELF 32-bit MSB core file SPARC Version 1, from 'cpc_sol8' $ mdb core mdb: warning: core file is from SunOS 5.10 Generic_127127-11; shared text mappings may not match installed libraries Loading modules: [ ] > $c libc.so.1`strlen+0x80(0, ffbffc08, 0, ff1bf789, 0, 10cce) libc.so.1`printf+0xf4(10ca8, ff1c0284, ff1c3a54, 0, 21ec4, ff11bc20) main+0x2c(1, ffbffc8c, ffbffc94, 20c00, 7d8, ffbffd70) _start+0x108(0, ffbffc8c, ff2c0284, ffffff00, ff3ec7f4, ff3ec000) >
    Some other interesting behavior that has been seen with the Solaris 8 Container is the fact that you can install the latest Java Development Kit but you can not use that JDK or JRE to then install Sun Studio 11 which has a Java based installer. The installer for Sun Studio 11 must run with a valid JRE in the environment and the presence of JDK 1.6.0_06 does not seem to work within the solaris8 branded zone. I had spent about a day of work trying to install Sun Studio 11 within the Solaris 8 Container to no avail and eventually gave up. You can see some final details of my attempts here.

    Extracting the Studio 11 tarball is trivial and once this is done you may feel free to use the Solaris 8 Container for development work. In my case I was curious to see if I could produce a statically linked binary within the solaris 8 branded zone. You can see the details of this test here as well as the summary below :

bash-3.2$ uname -a SunOS pluto 5.8 Generic_Virtual sun4u sparc SUNW,Sun-Fire-480R bash-3.2$ file add_int add_int: ELF 32-bit MSB executable SPARC32PLUS Version 1, V8+ Required, statically linked, not stripped

Final Words :
    As I have shown above you can ufsdump a real Solaris 8 server and then restore it inside a solaris8 brand zone without issue. Once the virtual Solaris 8 server is up and running you will find that everything is more or less where you left it with the exception of some things like psrinfo and prtdiag. Those sort of utilities no longer have direct access to the real hardware and thus if you look around inside your Solaris 8 Container you will see replacements for those bits. You can do software development work in that zone, if you choose. You can create a statically linked binary in that zone. You can even build a larger application like Samba 3.0.28a if you choose. See details about that here.

    The real server that I shut down and backed up was a real web server with Apache and both MySQL and PostgreSQL up and running. If you choose to see that this machine is still running as a Solaris 8 Container at http://pluto.blastwave.org/.


Dennis Clarke
Sun Apr 27 21:55:12 GMT 2008



LAST UPDATED : Sun Apr 27 21:55:12 GMT 2008

W3C Quality Assurance
 OpenSolaris and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.      UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd.      All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.      All other logos and trademarks are registered through their respective owners.      ©2002-2008 blastwave.org™      See “Terms of Use”      Sun™ Logo and OpenSolaris™ Published with Permission from Sun Microsystems, Inc.
This Page Is Valid HTML 4.01 Transitional
This Page Is Valid CSS