This week I went off the beaten track to get back to my first love – Solaris. Now that Oracle owns it, it shall be known as Oracle Solaris. I am working on a small project based on (Oracle) Solaris Containers and I must say, I am intrigued by it. And I felt good punching the good ‘ol command lines in Solaris again.
Oracle actually offers a lot of virtualization technologies – Oracle VM, Oracle VM Dynamic Domains, Oracle Solaris Logical Domains (LDOMs), Oracle Solaris Containers (aka Zones) and Oracle VirtualBox. Other than VirtualBox, the other VE (Virtualized Environment) solutions are enterprise solutions but unfortunately, they lack the pizazz of VMware at this point in time. From my perspective, they are also very Oracle/Solaris-centric, making them less appealing to the industry at this moment
Here’s an old Sun diagram of what Sun virtualization solutions are:
What I am working on this week is Solaris Containers or Zones. The Containers solution is rather similar to VMware’s gamut of Tier-2 Virtualization solutions that are host-based. Solutions that fall into this category are VMware Server, VMware Workstation, VMware Player, VMware ACE and VMware Fusion for MacOS. Therefore, it requires a host OS to run the Solaris Containers.
I did not have a Solaris Resource Manager software to run the GUI stuff, so I had to get back to basics with CLI, which is good for me. In fact, I liked it even more and with the CLI, I could pretty much create zones with ease. And given the fact that the host OS is Solaris 10, I could instantly feel the robustness, the performance, the stability and the power of Solaris 10, unlike the flaky Windows hosting VMware host-based virtualization solutions or the iffiness of Linux.
A more in depth look of Solaris Containers/Zones is shown below.
At first touch, 2 things impressed me
- The isolation of each Container and its global master domain is very well defined. What can be done, and what cannot be done; what can be configured and what cannot, is very clear and the configurability of each parameter is quickly acknowledged and controlled by the Solaris kernel. From what I read, Solaris Containers has achieved the highest level of security with its Trusted Extension component, which is a re-implementation of Trusted Solaris. Solaris 10 has received the highest commercial level of Common Criteria Certification. This is known as EAL4+ and has been accepted by the U.S DoD (Department of Defense).
- It’s simplicity in administering compute and memory resources to the Containers. I will share that in CLI with you later.
To start, we acknowledge that there is likely a global zone that has been created when Solaris 10 was first installed.
To create a zone and configuring it with CLI, it is pretty straightforward. Here’s a glimpse of what I did yesterday.
# zonecfg –z perf-rac1
Use ‘create’ to be configuring a zone
zonecfg:perf-rac1> set zonepath=rpool/perfzones/perf-rac1
zonecfg:perf-rac1> set autoboot=true
zonecfg:perf-rac1> remove inherit-pkg-dir dir=/lib
zonecfg:perf-rac1> remove inherit-pkg-dir dir=/sbin
zonecfg:perf-rac1> remove inherit-pkg-dir dir=/usr
zonecfg:perf-rac1> remove inherit-pkg-dir dir=/usr/local
zonecfg:perf-rac1> add net
zonecfg:perf-rac1:net> set address=<input from parameter>
zonecfg:perf-rac1:net> set physical=<bge0|or correct Ethernet interface>
zonecfg:perf-rac1> add dedicated-cpu
zonecfg:perf-rac1:dedicated-cpu> set ncpus=2-4 (or any potential cpus on sun box)
zonecfg:perf-rac1> add capped-memory
zonecfg:perf-rac1:capped-memory> set physical=4g
The command zonecfg -z <zonename> triggers a configuration prompt where I run create to create the zone. I set the zonepath to list where the zone files will be contained and set the autoboot=true so that it will automatically start during a reboot.
Solaris Containers is pretty cool where it has the ability to either inherit or share the common directories such as /usr, /lib, /sbin and others or create its own set of directories separate from the global root directory tree. Here I choose to remove the inheritance and allow the Solaris in the Container to have its own independent directories.
The commands add net sends me into another sub-category where I can configure the network interface as well as the network address. Nothing spectacular there. I end the configuration and do a couple of cool things which are related to resource management.
I have added add dedicated-cpu and set ncpus=2-4 and also add capped-memory of physical=4g, swap=1gb, locked=1gb. What I have done is to allocate a minimum of 2 CPU resources and a maximum of 4 CPU resources (if resource permits) to the zone called perf-rac1. Additionally, I have allowed it to have a capped memory of at most 4GB of RAM, with assured of 1GB of RAM. Swap space wis set at 1GB.
This resource management allows me to build a high performance Solaris Container for Oracle 11g RAC. Of course, you are free to create as many containers as long as the system resources allow it. Note that I did not include the shared memory and semaphores parameters required for Oracle 11g RAC but go ahead and consult your favourite Oracle DBA (have fun doing so!)
After the perf-rac1 zone/container has been created (and configured), I just need to run the following
# zoneadm –z perf-rac1 install
# zoneadm –z perf-rac1 boot
These 2 commands will install the zone and start the installation process. It will copy all the packages from the global zone and start the installation as per normal. Once the “installation” is complete, there will be the usual Solaris configuration form where information such as timezone, IP address, root login/password and so on are input. That will take about 20-40 minutes, depending on the amount of things to be installed and of course, the power of the Sun system. I am running an old Sun V210 with 512MB, so it took a while.
When it’s done, we can just login into the zone with the command
# zlogin –C perf-rac1
and I get into another Solaris OS in the Solaris Container.
What I liked what the fact that Solaris Containers is rather simple to understand but the flexibility to configure computing resources to it is pretty impressive. It’s fun working on this stuff again after years away from Solaris. (This was after I took my RedHat RHCE certification and I pretty much left Sun Solaris for quite a while).
More testing to be done, but overall I am quite happy to be back as a Solaris virgin again.