Disabling copy of /etc/rc scripts to non-global zones

Similar Messages

• List of configuration files copied to non-global zone

  I understand that when a non-global zone is installed, the zone installation process uses "pristine" copies of quite a few configurable files (/etc/profile, /etc/syslog.conf, etc..) instead of the files which are configured in the global zone. Does anyone know exactly which configuration files are copied from their "pristine" versions instead of the files actually used by the global zone? Is there a list of all of these files somewhere? Where are the "pristine" versions kept in the global zone?
  Thank you.

  Where all information concerning specific packages is being kept. Namely /var/sadm/pkg.

• Non-Global Zones and startup scripts

  Created a non-global zone on a Solaris 10 box.
  Boots up ok and I can login with zlogin.
  It doesn't seem to run any of the scripts in /etc/rc2.d or /etc/rc3.d
  I know Solaris 10 uses "Service Management Facility" for most services now,
  but could still run legacy scripts in /etc/init.d ?
  Also I can't get sshd to start on the non-global zone.
  # svcs -a |grep ssh2
  offline 11:44:58 svc:/network/ssh:default
  # svcadm enable -t svc:/network/ssh:default
  # svcs -a |grep ssh2
  offline 11:44:58 svc:/network/ssh:default
  Anyone got any ideas?
  Michael

  These services are off-line in the non-global zone, which is why non of the
  rc2.d or rc3.d scripts are being run:
  offline Dec_12 svc:/milestone/multi-user-server:default
  offline Dec_12 svc:/milestone/multi-user:default
  Any idea how to enable these, and why they are offline?
  Michael
  Created a non-global zone on a Solaris 10 box.
  Boots up ok and I can login with zlogin.
  It doesn't seem to run any of the scripts in
  /etc/rc2.d or /etc/rc3.d
  I know Solaris 10 uses "Service Management Facility"
  for most services now,
  but could still run legacy scripts in /etc/init.d ?
  Also I can't get sshd to start on the non-global
  zone.
  # svcs -a |grep ssh2
  offline 11:44:58 svc:/network/ssh:default
  # svcadm enable -t svc:/network/ssh:default
  # svcs -a |grep ssh2
  offline 11:44:58 svc:/network/ssh:default
  Anyone got any ideas?
  Michael

• How to enable GUI in a non global zone in solaris11?

  How to enable graphical logon in a non global zone in solaris11, so the zone can be login by Xmanager? Thanks!

  This guide will cover how to setup a basic VNC connection to a Solaris 11 machine. There is also an optional step to allow for persistent VNC connections.
  Step 1
  Configure GDM to include ‘[security] DisallowTCP=false’ and ‘[xdmcp] Enable=true’.
  $ sudo gedit /etc/gdm/custom.conf
  # GDM configuration storage
  [daemon]
  [security]
  DisallowTCP=false
  [xdmcp]
  Enable=true
  [greeter]
  [chooser]
  [debug]
  Step 2
  Configure X-Server to accept remote connections.
  # svccfg -s application/x11/x11-server
  svc:/application/x11/x11-server> setprop options/tcp_listen = boolean: true
  svc:/application/x11/x11-server> end
  Step 3
  Configure the VNC service (you could change the ‘-geometry 1280×720′ to whatever resolution you would like).
  # svccfg -s xvnc-inetd
  svc:/application/x11/xvnc-inetd> setprop inetd_start/exec = astring: "/usr/bin/Xvnc -desktop sol11:0 -geometry 1024x768 -inetd -query localhost -once securitytypes=none"
  svc:/application/x11/xvnc-inetd> setprop inetd/wait = boolean: true
  svc:/application/x11/xvnc-inetd> end
  ** The line highlighted red is optional – only do this if you want your VNC connection to persist (as well as any potential security issues)
  or
  # svccfg -s xvnc-inetd
  svc:/application/x11/xvnc-inetd> editprop
  search for # setprop inetd_start/exec = astring: "/usr/bin/Xvnc
  copy the line, uncomment the copy, makethe changes above, write the file out.
  svcadm refresh xvnc-inetd
  Step 4
  Disable and the re-enable the GDM and VNC-inetd services for the changes to take effect.
  $ su root
  Password:
  # svcadm disable gdm xvnc-inetd; svcadm enable gdm xvnc-inetd
  If still in maintenance, reboot (I had to, don't know why).
  Step 5
  Point your favourite VNC client at your Solaris server and test if it accepts your VNC connection – you should be presented with a Username/Password login screen.
  If you performed the optional step to make your connections persist – close your favourite VNC client and then reconnect – if you remained logged in you have a persistent connections.
  Greg on said:
  After a fresh text install of Solaris-11 (11/11) both xvnc-inetd and gdm are not present. After installing them (# pkg install xvnc-inetd gdm) I can’t get gdm to start:
  # svcadm enable gdm
  # svcs gdm
  offline 10:24:03 svc:/application/graphical-login/gdm:default
  Any thoughts?
  Ron on said:
  You are missing some X packages. Do the following:
  pkg install slim_install           # installs 400+ packages
  svcadm enable gdm && exit      # gdm now works
  pkg uninstall slim_install           # uninstalls the installer package only

• Enable gdm in Solaris 11 non-global zone

  I am trying to enable gdm in a fresh solaris 11 NGZ. I installed slim_install and solaris-desktop. gdm will not start, and shows the following:
  # svcs -xv gdm
  svc:/application/graphical-login/gdm:default (GNOME Display Manager)
  State: offline since Thu Jun 14 10:56:54 2012
  Reason: Service svc:/system/hal:default is in an invalid state.
  See: http://sun.com/msg/SMF-8000-GE
  Path: svc:/application/graphical-login/gdm:default
  svc:/system/hal:default
  Reason: Service svc:/system/dbus:default is temporarily disabled.
  See: http://sun.com/msg/SMF-8000-GE
  Path: svc:/application/graphical-login/gdm:default
  svc:/system/dbus:default
  See: man -M /usr/share/man -s 1m gdm
  Impact: This service is not running.
  # svcs -xv dbus
  svc:/system/dbus:default (D-BUS message bus)
  State: disabled since Thu Jun 14 12:47:15 2012
  Reason: Temporarily disabled by an administrator.
  See: http://sun.com/msg/SMF-8000-1S
  See: man -M /usr/man -s 1 dbus-daemon
  See: /var/svc/log/system-dbus:default.log
  Impact: 2 dependent services are not running:
  svc:/application/graphical-login/gdm:default
  # uname -a
  SunOS test-host 5.11 11.0 sun4v sparc sun4v
  I gather from reading other threads that dbus will not run in a NGZ, so how can I get gnome desktop manager to start?

  Hello,
  if you still have not got any answer from oracle support like us, perhaps i can give you a hin to fix this ...
  First we changed /etc/gdm/custom.conf
  [xdmcp]
  Enable=true
  Then we changed smf service layout for svc:/application/graphical-login/gdm:default
  We deleted dependencies for hal, consolekit and dbus in /lib/svc/manifest/application/graphical-login/gdm.xml
  After that we started gdm service, but it failed. THe gdm-binary needs a socket from dbus ...
  So we modified dbus start script.
  Just comment check for "non-global zone" out in /lib/svc/method/svc-dbus
  #if smf_is_nonglobalzone; then
  # /usr/sbin/svcadm disable -t svc:/system/dbus
  # echo "dbus-daemon cannot be run in non-global zones"
  # sleep 5 &
  # exit $SMF_EXIT_OK
  #fi
  then start dbus service and gdm service ...
  hope that helps...
  Just contact Oracle to deliver update for you !
  thanks
  Christian

• Non-global zone network configuration

  Hi,
  Zones are a new thing for me so please excuse me if this is a basic query... I have recently jumpstarted a system using a jumpstart script that was developed by somebody else. It creates two non-global zones and configures their network interfaces.
  I have unplumbed one of the virtual interfaces for a particular zone because the IP address it was using is actually being used by another system on the network. However, when I reboot the zone, the interface is re-assigned the same IP address again. The IP address in question is not in /etc/hosts on any of the zones, and in the non-global zones the "hostname.<interface>" files do not exist at all. Also, the IP address is not in sysidcfg in any of the zones.
  So basically, interface e1000g0:2 is being assigned an IP address that was configured by the jumpstart script, so perhaps the jumpstart script has placed that IP address in some file that is read when the zone is booting. I have even checked rc scripts just in case but I cannot find the IP address anywhere. Would anybody please be able to tell me where the configuration information could be coming from in this scenario (nsswitch.conf specifies only files).
  Thank you in advance...

  its in the zone config.
  zonecfg -z <zone in question> info
  it should list a net address and physical device. you can then use:
  zonecfg -z <zone in question>
  from here you can remove the net statements, or change the address if you want to keep using the net card in your zone.

• Non-Global Zone Routing

  I have a V20z running a global zone on an IANA private network of 172.30.0.x and nic bge0
  I also have a non-global zone on a public IP of 207.246.20.169 and nic bge1.
  I am unable to ping from one zone to the next via a gateway. Normally the global zone would use a standard gateway for that network and my public network would also use a standard gateway for that network.
  What appears to be happening is that despite what is in my /etc/defaultrouter the zone itself is the gateway.
  For example, to ping something from either zone which would require the gateway results in:
  ICMP Host Unreachable from gateway 'zone name' (zone ip address)
  What I want to happen is that the global zone honors the gateway that is normally used in this network and the non-global zone uses/honors the gateway that is normally used in that network.
  It doesn't seem to matter if I have the normal internal gateway in my /etc/defaultrouter or if I have the normal public gateway in /etc/defaultrouter or if I have both in /etc/defaultrouter (all in the global zone of course).
  Do I need to use routed to achieve this? Am I missing something here?

  I hammered the problem out by adding a static route in the global zone:
  route add 172.30.0.0 207.246.20.161
  Where 207.246.20.161 is my gateway on the public side.
  I slapped this into an /etc/init.d script in the global zone and ran it from /etc/rc2.d like the article below suggests:
  http://www.sun.com/bigadmin/content/submitted/persistent_routing.html

• Non-global zones and unix sockets

  Hello, I have a problem with local zones and unix socket sharing. I've created directory in global zone for ex. /zones/shared. Added it to zones via 'add fs, type=lofs' . In one zone I'm putting mysql socket in it and I want that other local zones could use it. Is it possible to share socket between zones?
  After all my experiments I'm always getting 'can't connect to mysql ... (146)' , 146 is 'connection refused' error.

  These services are off-line in the non-global zone, which is why non of the
  rc2.d or rc3.d scripts are being run:
  offline Dec_12 svc:/milestone/multi-user-server:default
  offline Dec_12 svc:/milestone/multi-user:default
  Any idea how to enable these, and why they are offline?
  Michael
  Created a non-global zone on a Solaris 10 box.
  Boots up ok and I can login with zlogin.
  It doesn't seem to run any of the scripts in
  /etc/rc2.d or /etc/rc3.d
  I know Solaris 10 uses "Service Management Facility"
  for most services now,
  but could still run legacy scripts in /etc/init.d ?
  Also I can't get sshd to start on the non-global
  zone.
  # svcs -a |grep ssh2
  offline 11:44:58 svc:/network/ssh:default
  # svcadm enable -t svc:/network/ssh:default
  # svcs -a |grep ssh2
  offline 11:44:58 svc:/network/ssh:default
  Anyone got any ideas?
  Michael

• How to retrieve #  on-line procs in a non-global zone with resource pool

  Is there any way to retrieve the #of on line processors of the machine running in a non global zone with resource pool ?
  sysconf does not return this value. In fact this is an excerpt of the man:
  "If the caller is in a non-global zone and the pools facility is active, sysconf(_SC_NPROCESSORS_CONF) and sysconf_SC_NPROCESSORS_ONLN) return the number of processors in the processor set of the pool to which the zone is bound."

  So, from within a local zone that's in a pool (i.e. in a pool with 8 CPUs) , you want to query how many CPUs really exist in the global zone (i.e. the global zone may actually have 16 CPUs)? I don't think that's possible: in fact for security reasons it's probably intentionally disabled.
  A quick workaround would be a script/cron-job in the global zone that writes a small file in the filesystem of the local zone... then from within that zone you could read the CPU count.
  I'm interested though: what are you trying to set up?
  Regards,
  [email protected]

• PHP in Solaris 10 and Non-Global Zones: Problem of performance?

  Hi friends
  We are feeling a poor performance with applications developed with PHP in Solaris 10, with non-global and global zones, while Intel platform (Xeon and Pentium), performance is very good. Difference between both platforms is about 200% aprox, one second in Intel to 9, 12 or 20 seconds in Solaris depending of model.
  Our tests were developed in:
  1. SF T2000 server Solaris 10 global zone
  2. SF T2000 server Solaris 10 non-global zone
  3. SF280R server Solaris 10 non-global zone
  4. V240 server with 1 GB memory, 1*US III-i 1.0 GHz and Solaris 9 (really this version for test and comparisons)
  5. V240 server with 8GB memory, 2*US III-i 1.5Ghz and Solaris 9 (really this version for test and comparisons too)
  Intel platforms were:
  1. Intel Pentium 4 2GHz 2GB memory, Linux Fedora and PHP 4.4.4
  2. Intel Xeon 2 core, 2.33GHz 2GB memory, Linux Fedora and PHP 4.4.3
  Versions of products are:
  1. Solaris 9 or Solaris 10
  2. PHP 4.4.7 downloaded from http://www.php.net/downloads.php
  3. Apache 2.0.59
  4. MySQL 4.1.15-log
  Our php compilation and installation were:
  ./configure --prefix=/usr/local/php-4.4.7 \
  --with-pear \
  --with-openssl=/usr/local/ssl \
  --with-gettext \
  --with-ldap=/usr/local \
  --with-iconv \
  --enable-ftp \
  --with-dom \
  --with-mime-magic \
  --enable-mbstring \
  --with-zlib \
  --enable-track-vars \
  --enable-sigchild \
  --disable-ctype \
  --disable-overload \
  --disable-tokenizer \
  --disable-posix \
  --with-gd \
  --with-apxs2=/usr/local/apache2.0.53/bin/apxs \
  --with-mysql  \
  --with-pgsql \
  --with-oci8=/oracle/product/9.2.0 \
  --with-oracle=/oracle/product/9.2.0  \
  --with-png-dir=/usr/local \
  --with-zlib-dir=/usr/local \
  --with-freetype-dir=/usr/local \
  --with-jpeg-dir=/usr/local
  make
  make install
  Questions:
  Is there any problem of PHP with SunFire T2000 servers or 64-bits platforms?
  Is there any flag of PHP would be use to compilarion PHP in 64-bits or multithread?
  I wait for any comments or suggestions about our problem with PHP compilation and performance in Solaris 10. Thanks a lot.
  Sergio.

  I presume you compiled php on the Sun server, was this done using gcc or the Sun One C compiler.
  If the latter then you can also use the flag: --enable-nonportable-atomics when you run configure                                                                                                                                                                                                                                                                                                                                                                                                   

• Non-Global Zones - how can I tell what the Global Zone is

  Hi,
  I have a host that I know is a non-global zone (ngz). I can ssh to the ngz as root or a non-privileged user.
  But once there how do I know what the host name for the global zone is?
  I could probably run a script from all global zones to report all running zones and so I'd know that way but I have a specific need to know from inside the ngz.
  Thanks!
  Brian

  bdunbar wrote:
  That's a built-in security feature; and I know of no way to circumvent this mechanism.
  I had some hope that there was a way to 'see' at least the global-zone information from the zone. From the shell the 'zone' commands are available ..
  :# zoneadm list -cv
  ID NAME             STATUS         PATH                         
  48 hostname_svn   running        /  So it's at least aware that it is a zone, even if it can't tell me anything else about itself. I can still go the long way around to get the information for my need, thanks.
  The global zone is the only thing that can see everything. The non-global zones can only see information specific to their zone.
  This is by design and it really is a security mechanism. You don't want the zones running outside of their boundaries and information about the global zone (or any other zone) is outside the boundaries of a non-global zone.
  Cheers,

• Ssh takes me to the global zone instead of the non-global zone

  I have set up my first Solaris 10 server with a new zone. The ce device is set up on the zone as well as the global zone.
  Output from ifconfig on the global zone:
  # ifconfig -a
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  inet 127.0.0.1 netmask ff000000
  ce0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  inet 172.16.1.217 netmask ffffff00 broadcast 172.16.1.255
  ether 0:3:ba:f2:a1:54
  ce1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
  inet 172.16.1.199 netmask ffffff00 broadcast 172.16.1.255
  ether 0:3:ba:f2:a1:54
  Output from the non-global zone:
  # ifconfig -a
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  inet 127.0.0.1 netmask ff000000
  ce1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  inet 172.16.1.199 netmask ffff0000 broadcast 172.16.255.255
  ether 0:3:ba:f2:a1:54
  When I ssh into the non-global zone, I end up in the global zone? Can I ssh straight into the non-global zone? Am I missing something in the zone setup that keeps me from being able to ssh into the non-global zone?
  Any help is appreciated. I have been racking my brain on this for several hours.
  Thanks ahead of time.

  TAdriver wrote:
  The one thing I have found in the documentation is that if you set the network as an exclusive IP, you can only assign the physical name using zonecfg. You can't set the IP address or the default router. In fact, if you try to set either of those, you get an error saying you can't set those using an exclusive IP type.Correct. When doing a shared-IP zone, the zone has no privileges to do IP-level things. So the global zone (via the zone configuration) creates the virtual interface and sets the IP address. Then when the zone is booted, the interface is given to it.
  With an exclusive-IP zone, the zone can do all this work itself. From its perspective, it's handed an interface like a regular machine. So the IP settings are done within the zone (/etc/hosts, /etc/hostname.XXX, /etc/netmasks).
  Darren

• Can I import one non-global zone from one machine to another?

  If create a non-global zone on one disk on machine A, is it possible to make a copy of that disk, and import the non-global zone to machine B? If yes, how to import the non-global zone?
  Thanks!

  It should be possible if your machines are installed at the same way, because you need the same environment (patches, packages,..).
  If this is true you should export your zone definition on machine A (zonecfg export) and import it on machine B (zonecfg -f ...).
  Then create the new zone on B. If finished get your zonepath with all data on A an copy it to B. That should be all.
  With this solution I hope it would be possible to have a shadow instance on B and the aktiv instance on A. If you have your whole zonepath on external disks like EMC, you only have to mount your disks on B and start your zone.
  harruh

• How to know global zone in case non global zone is hung

  ....I have nongloabazone1,nongloabazone1,nongloabazone2,nongloabazone3...
  i am working on nongloabazone1 ..
  suppose i am giving remote support ...
  if my nongloabazone1 is hung ..i need to know the global zone on which this nongloabazone1 is installed and reboot from there ...if my nongloabazone1 is hung i cannot apply #arp -a and check it out by trial and error method and know the global zone....
  in this case how can i reboot the nongloabazone1 .....i have the same question in case of Ldoms also..............
  Thanks in Advance.......

  Hi.
  It's not clear what means "non global zone is hung".
  In case it realy hangs you can't do anythins in this zone.
  1) In case you have access to global zone. You can get list all zones running on this host:
  zoneadm list -cv
  For reboot local zone from global zone just need: zoneadm -z <zone_name> reboot
  2) Zones not support live migration. So after zone started it can not change global zone.
  Create script that put global zone name in file. When need - just read content of this file.
  This file can be created from global zone when start (or create/move) local zone.
  In case zone migration is not quickly operation, just create file (or database) for list what zone started on which host.
  For LDOM it look wery same.
  Regards.

• Adding a cdrw to a non-global zone

  Hi all,
  I am attempting to add a cdrw on a laptop running Solaris 10 to a
  non-global zone via the following (after browsing the archives of this
  list as well as related forums and documentation):
  "cdrw -l" when run in the global zone reports
  "/dev/rdsk/c1t0d0s2" as the sole CD writer attached. I have previously
  burnt cdr(s) using this, so the functionality of the drive is not an issue.
  I then proceeded to configure a zone, "zulu01", and added a device via
  the following using zonecfg (I have omitted the other configuration data
  which is standard, root path, standard inherit-pkg-dir)
  "add device"
  "set match=/dev/rdsk/*"
  "end"
  "commit"
  "verify"
  I then installed the zone
  "zoneadm -z zulu01 install"
  zoneadm does the usual and reports success.
  I boot the zone
  "zoneadm -z zulu01 boot"
  and login via "zlogin -C zulu01"
  Inside zulu01, running "cdrw -l"
  reports "No CD Writers found."
  a "ls /dev/rdsk" shows that c1t0d0s2 is present.
  I am aware that adding such a device is not recommended, but it is
  supposedly possible?
  Please advise on what I am doing wrong, or is it not possible to add a
  cdrw to a non-local zone?
  Thanks in advance.
  Regards,
  Jeremy.

  This should work. A shot in the dark: can you try with another tool than cdrw, cdrecord for example? Also make sure that volume management is not running in the global zone (/etc/init.d/volmgt stop).
  Blaise