Solaris 11 zones have some many differences from Solaris 10 zones.Oracle tried to make zone as completely independent virtual machines and they succeed on that.Oracle introduced many utilities and new features in Solaris 11 local zones.some of the key features are,
7. Zone as NFS server.
8. Exclusive IP
9. Limitations to zones.
10. Zone Filesystem status
In addition to that , the new zonestat tool has many more options, and its output is
focused purely on entire zone-level usage.The zonestat lets you know each zone’s total CPU, memory, and network bandwidth usage.You can also to run the zonestat command within a zone, but you will only see statistics for that zone.
2.beadm in zones
Liveupgrade’ “lu” commands has been replaced using “beadm” command in solaris 11 and its is supported inside a non-global zone.Now you can create a own boot environment under local zone.
anet:
linkname: net1
lower-link: auto
linkname – Device name in local zone
lower-link – global-zone level device.If you set “auto” , randomly choose which physical device to create a VNIC on top of it.
Another important thing in Solaris 11 is that allocated anet and IP address will not be show in global zone “ifconfig -a” and “ipadm show-addr”. If you want to see zone’s VNIC, use “dladm show-vnic” or “dladm show-link”.
You have option to change the zone IP address from zone itself if you didn’t set allowed-address property on the anet resource.
4. Pre-configuring zones
Sysconfig related information:In Solaris 11,we have option to configure the zone while installing itself using predefined system profile which is generated using sysconfig command.
Ex:
# zoneadm -z Arenazone install -c /var/tmp/sysconfig.xml
# zoneadm -z Arenazone clone -c /var/tmp/sysconfig.xml oldzone
The two important things here are that you must give the full path to the XML file and
that if you are cloning the existing zone, you must give the old zone name last on the command line option.
Initial zonecfg defaults:In Solaris 11, you can make predefined settings when you creating new local zone using template except the zonepath. The default zonecfg template is /etc/zones/SYSdefault.xml .
Note:Do not edit system default template.Its better to copy the template to new name and edit it .
#cp /etc/zones/SYSdefault.xml /etc/zones/Arenazonecfg.xml
To make use of your new template in zonecfg, use create -t as follows:
# zonecfg -z Sol11zone ‘create -t Arenazonecfg;set zonepath=/zones/Sol11zone’
If you want to make the Arenazone template as default template ,you need to change the zone ‘s SMF property.
Service Name: “svc:/system/zones:default”
# svccfg -s zones setprop zonecfg/default_template = Arenazonecfg
Initial package content of zones:
In Solaris 11,zone will not copy all the packages from global zone and it will not get updated when you add or remove packages on global zone.By default, the filesystems locally controlled by a zone and the package contents of a new zone are determined by file /usr/share/auto_install/manifest/zone_default.xml .This XML file will be read by zoneadm at the time that you run zoneadm install.
5.Read-only zones (immutable zones)
to migrate physical server to virtual.Its default mode is to look at installed services to see if they are compatible with running in a local zone.And also you can use “zonep2vchk -s” to do an in-depth scan of ELF binaries to attempt to detect non-portable binaries.
This tool is similar to vmware P2V .
7.Zones as NFS servers:
From Solaris 11 onwards , you can use zone as NFS servers.
8.Exclusive IP:
In Solaris 11,by default zone will be configured with exclusive IP using VNIC. Now you can safely run snoop on local zone itself.We have to say big thanks to oracle network engineering team to make it possible.
9.Limitations to zones.
We have seen many advantages in Solaris 11 zones part. Here you have limitation as well.Oracle restricted to use only Solaris 10 & Solaris 11 as zones where as in Solaris 10, you can run Solaris 10,Solaris 9,Solaris 8 and some Linux versions as zones.
10.Zone File-system status:
In Solaris 11, the OS-related ZFS filesystems for a zone remain mounted and visible
for the global zone(using df command),even after the local zone has been halted. Other filesystems, such as /export/home, do not show up in df but do show up with mount -p command from global zone.
Thank you for reading this article.Please leave a comment if you have any doubt.
shirish shukla says
IS it possible to detect new vnic on local zone without reboot.
Gabriel says
Hi nice article.
Is it possible use a vnic in a zone that its already associated to another nic??? .We use in work OpsCenter for management the ldom host, it is not very impressive at the moment, but anyway. The question is related to Mac Address with the zones. If i do what i asking it is possible to create a problem?