FSS shares and the global zone

zonecfg allows me to set an RCTL on the number of FSS shares a zone can use.
How do I set the total number of FSS shares that are available to all the processes in the global zone.
For instance if I have a machine with the global zone and two non-global zones how do I configure the CPU shares so that all the zones get an equal amount of the CPU.
I can balence the two non-global zone equally but how do I balence the non-global zones against the global zone?

zonecfg allows me to set an RCTL on the number of FSS shares a zone can use.
How do I set the total number of FSS shares that are available to all the processes in the global zone.You can use the prctl(1M) utility for now, although you'll need to renew the setting each time you
reboot the system. In the future we hope to have a nicer user interface for this.
For instance if I have a machine with the global zone and two non-global zones how do I configure
the CPU shares so that all the zones get an equal amount of the CPU.Well, that one is easy-- give each zone one share. Then the machine will divide up 1/3, 1/3, 1/3.
Or, use prctl(1M) to give the global zone 2 shares; the machine will divide up 1/2, 1/4, 1/4.
Does that help? Please note also that prctl has some problems with setting zone resource controls;
these are fixed in build 59, which should appear as Solaris 10, Beta5, in another month or so.
Anyway, the incantation which works for me is:
prctl -n zone.cpu-shares -r -v 2 -i process 1
That means: "change zone.cpu-shares, replacing the current value with the new value, 2, and
apply the change to process 1 (init). This is slightly a hack-- and works because the zone.cpu-shares
resource control is shared across all processes in the given zone-- so I've chosen PID 1 as a "representative" of the global zone.
When the aforementioned bug is fixed in build 59, you will be able to instead say:
prctl -n zone.cpu-shares -r -v 2 -i zone global
Which is a little more sensible.
Please accept my apologies for our excessively long delay in answering these questions!

Similar Messages

NFS and non global zones

Hi,
Ive read numerous threads about mounting NFS shares to non global zones but have still not been able to successfully resolve my issue.
I have 5 T3-2's which are being used as standalone SAP servers running Solaris 10u9 and numerous sparse non global zones. Basically I have a 1Tb HDS LUN presented to 1 T3-2 and have NFS shared this out as /stage to the remaining 4 global zones which works as expected.
However I am unable to mount the shared NFS filesystem to the non global zones.
When I try to mount the NFS share from the non global zone itself I receive RPC errors, I have also tried configuring the non global zone with the NFS mount (from the global zone) as lofs but the zone wont boot and also manually mounting the NFS mount from the global zone which looks like it works but when I do a df on the non global zone I receive stat erros.
Ive even tried linking the NFS share on the global zone to the non global zone directory but that produces a strange linkage when the zone is booted.
Numerous threads say this is not supported but I cant believe Oracle after ~6/7 years of zones and numerous threads on the subject wouldnt have resolved this issue.
I could easily locally mount the storage locally and lofs it to the non global zone but unfortunately dont have the storage capacity available which is why I thought NFS mounting to the non global zone would work!!
Any suggestions would be gratefully received!
Thanks.

If you are trying to mount NFS file system on non-global zone from global zone of the same server, use lofs instead.
You can mount the same file system to all non-global zones using lofs and all non-global zones have read/write access to it.
If it is global zone of some other server then you can use NFS. But before that check the way it is exported on NFS server whether the client from which you are trying to mount it has permissions to do so.

To break out of a non-global zone and become root user in the global zone

Hi folks
"to break out of a non-global zone and become root user in the global zone through a kernel bug exploit"
Is this possible and has SUN allready a fix/workaround/patch for that?
Cheers

Is it possible there's a bug in the kernel? Sure.
Someone would need to find and identify such a bug before it could be fixed. I've not heard of the discovery of a bug like this. You could check the bug database at www.opensolaris.org.
Darren

Lucreate not working with ZFS and non-global zones

I replied to this thread: Re: lucreate and non-global zones as to not duplicate content, but for some reason it was locked. So I'll post here... I'm experiencing the exact same issue on my system. Below is the lucreate and zfs list output.
# lucreate -n patch20130408
Creating Live Upgrade boot environment...
Analyzing system configuration.
No name for current boot environment.
INFORMATION: The current boot environment is not named - assigning name <s10s_u10wos_17b>.
Current boot environment is named <s10s_u10wos_17b>.
Creating initial configuration for primary boot environment <s10s_u10wos_17b>.
INFORMATION: No BEs are configured on this system.
The device </dev/dsk/c1t0d0s0> is not a root device for any boot environment; cannot get BE ID.
PBE configuration successful: PBE name <s10s_u10wos_17b> PBE Boot Device </dev/dsk/c1t0d0s0>.
Updating boot environment description database on all BEs.
Updating system configuration files.
Creating configuration for boot environment <patch20130408>.
Source boot environment is <s10s_u10wos_17b>.
Creating file systems on boot environment <patch20130408>.
Populating file systems on boot environment <patch20130408>.
Temporarily mounting zones in PBE <s10s_u10wos_17b>.
Analyzing zones.
WARNING: Directory </zones/APP> zone <global> lies on a filesystem shared between BEs, remapping path to </zones/APP-patch20130408>.
WARNING: Device <tank/zones/APP> is shared between BEs, remapping to <tank/zones/APP-patch20130408>.
WARNING: Directory </zones/DB> zone <global> lies on a filesystem shared between BEs, remapping path to </zones/DB-patch20130408>.
WARNING: Device <tank/zones/DB> is shared between BEs, remapping to <tank/zones/DB-patch20130408>.
Duplicating ZFS datasets from PBE to ABE.
Creating snapshot for <rpool/ROOT/s10s_u10wos_17b> on <rpool/ROOT/s10s_u10wos_17b@patch20130408>.
Creating clone for <rpool/ROOT/s10s_u10wos_17b@patch20130408> on <rpool/ROOT/patch20130408>.
Creating snapshot for <rpool/ROOT/s10s_u10wos_17b/var> on <rpool/ROOT/s10s_u10wos_17b/var@patch20130408>.
Creating clone for <rpool/ROOT/s10s_u10wos_17b/var@patch20130408> on <rpool/ROOT/patch20130408/var>.
Creating snapshot for <tank/zones/DB> on <tank/zones/DB@patch20130408>.
Creating clone for <tank/zones/DB@patch20130408> on <tank/zones/DB-patch20130408>.
Creating snapshot for <tank/zones/APP> on <tank/zones/APP@patch20130408>.
Creating clone for <tank/zones/APP@patch20130408> on <tank/zones/APP-patch20130408>.
Mounting ABE <patch20130408>.
Generating file list.
Finalizing ABE.
Fixing zonepaths in ABE.
Unmounting ABE <patch20130408>.
Fixing properties on ZFS datasets in ABE.
Reverting state of zones in PBE <s10s_u10wos_17b>.
Making boot environment <patch20130408> bootable.
Population of boot environment <patch20130408> successful.
Creation of boot environment <patch20130408> successful.
# zfs list
NAME USED AVAIL REFER MOUNTPOINT
rpool 16.6G 257G 106K /rpool
rpool/ROOT 4.47G 257G 31K legacy
rpool/ROOT/s10s_u10wos_17b 4.34G 257G 4.23G /
rpool/ROOT/s10s_u10wos_17b@patch20130408 3.12M - 4.23G -
rpool/ROOT/s10s_u10wos_17b/var 113M 257G 112M /var
rpool/ROOT/s10s_u10wos_17b/var@patch20130408 864K - 110M -
rpool/ROOT/patch20130408 134M 257G 4.22G /.alt.patch20130408
rpool/ROOT/patch20130408/var 26.0M 257G 118M /.alt.patch20130408/var
rpool/dump 1.55G 257G 1.50G -
rpool/export 63K 257G 32K /export
rpool/export/home 31K 257G 31K /export/home
rpool/h 2.27G 257G 2.27G /h
rpool/security1 28.4M 257G 28.4M /security1
rpool/swap 8.25G 257G 8.00G -
tank 12.9G 261G 31K /tank
tank/swap 8.25G 261G 8.00G -
tank/zones 4.69G 261G 36K /zones
tank/zones/DB 1.30G 261G 1.30G /zones/DB
tank/zones/DB@patch20130408 1.75M - 1.30G -
tank/zones/DB-patch20130408 22.3M 261G 1.30G /.alt.patch20130408/zones/DB-patch20130408
tank/zones/APP 3.34G 261G 3.34G /zones/APP
tank/zones/APP@patch20130408 2.39M - 3.34G -
tank/zones/APP-patch20130408 27.3M 261G 3.33G /.alt.patch20130408/zones/APP-patch20130408

I replied to this thread: Re: lucreate and non-global zones as to not duplicate content, but for some reason it was locked. So I'll post here...The thread was locked because you were not replying to it.
You were hijacking that other person's discussion from 2012 to ask your own new post.
You have now properly asked your question and people can pay attention to you and not confuse you with that other person.

Non-Global Zones - how can I tell what the Global Zone is

Hi,
I have a host that I know is a non-global zone (ngz). I can ssh to the ngz as root or a non-privileged user.
But once there how do I know what the host name for the global zone is?
I could probably run a script from all global zones to report all running zones and so I'd know that way but I have a specific need to know from inside the ngz.
Thanks!
Brian

bdunbar wrote:
That's a built-in security feature; and I know of no way to circumvent this mechanism.
I had some hope that there was a way to 'see' at least the global-zone information from the zone. From the shell the 'zone' commands are available ..
:# zoneadm list -cv
ID NAME STATUS PATH
48 hostname_svn running / So it's at least aware that it is a zone, even if it can't tell me anything else about itself. I can still go the long way around to get the information for my need, thanks.
The global zone is the only thing that can see everything. The non-global zones can only see information specific to their zone.
This is by design and it really is a security mechanism. You don't want the zones running outside of their boundaries and information about the global zone (or any other zone) is outside the boundaries of a non-global zone.
Cheers,

Ssh takes me to the global zone instead of the non-global zone

I have set up my first Solaris 10 server with a new zone. The ce device is set up on the zone as well as the global zone.
Output from ifconfig on the global zone:
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ce0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 172.16.1.217 netmask ffffff00 broadcast 172.16.1.255
ether 0:3:ba:f2:a1:54
ce1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 172.16.1.199 netmask ffffff00 broadcast 172.16.1.255
ether 0:3:ba:f2:a1:54
Output from the non-global zone:
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ce1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 172.16.1.199 netmask ffff0000 broadcast 172.16.255.255
ether 0:3:ba:f2:a1:54
When I ssh into the non-global zone, I end up in the global zone? Can I ssh straight into the non-global zone? Am I missing something in the zone setup that keeps me from being able to ssh into the non-global zone?
Any help is appreciated. I have been racking my brain on this for several hours.
Thanks ahead of time.

TAdriver wrote:
The one thing I have found in the documentation is that if you set the network as an exclusive IP, you can only assign the physical name using zonecfg. You can't set the IP address or the default router. In fact, if you try to set either of those, you get an error saying you can't set those using an exclusive IP type.Correct. When doing a shared-IP zone, the zone has no privileges to do IP-level things. So the global zone (via the zone configuration) creates the virtual interface and sets the IP address. Then when the zone is booted, the interface is given to it.
With an exclusive-IP zone, the zone can do all this work itself. From its perspective, it's handed an interface like a regular machine. So the IP settings are done within the zone (/etc/hosts, /etc/hostname.XXX, /etc/netmasks).
Darren

Lsof and non-global zones

Hi - wonder if someone could help with an issue I'm trying to troubleshoot. I have a number of T2000 servers all running multiple zones and at peak periods I'm seeing issues with a particular application access a plain text log file. The server although busy is coping well and not particularly loaded. I've wondered if I'm hitting some sort of open file limit on the server but am unsure on how to check this. I can see that ulimit -n reports 256.
I've also been trying to use lsof to see what open files an application has but this doesn't appear to work when logged into the non-global zone, all I get is:
lsof -p 5508
lsof-5.10: can't read namelist from /dev/ksyms
If I run the same command on the global zone I can see various output about the zone but non relate to the applications log file which is currently being written to.
Does anyone have any ideas on how to do this or what else I could check?
Thanks - Julian.

For security/isolation reasons, /dev/ksyms is not presented to zones. You must run your lsof commands at the global zone. Sorry.

Zfs package difference in Global and Non-Global zones

I have a T2000 hosting many zones. The Global zone and all but one Non-Global zone has 3 zfs packages installed SUNWzfskr, SUNWzfsr, SUNWzfsu). Becuase this one non-global zone is missing the zfs packages, kernel patch 120011-14 also didn't install on that single non-global zone.
I am curious, can i install SUNWzfskr, SUNWzfsr, SUNWzfsu on the non-global zone that is missing the packages?
Any ideas how to resolve the kernel patch descrepancy between the global and non-global zone?

patch 122640-05 installs the SUNWzfskr SUNWzfsr SUNWzfsu packages if they are not already installed on the system.

How do you create a new local zone w/o all the global zone packages

I have serveral servers with hundreds of packages added w/o the pkgadd -G option. Everytime I create a new local zone, the local zone inherits all the global zone packages. Is there a way to modify maybe the packaging DB to stop the automatic inhertitance of packages to create new empty local zone ?
Edited by: cslew on Feb 4, 2008 8:02 PM

Not really.
If we're talking about sparse zones, they share the root partition with the global zone anyway, so regardless of whether the packages were 'registered' with the zones, they would get the software anyway.
Of course, not registering the packages would speed up the patching process as it wouldnt have to futz around updating all the local package repositories.
So it would be an advantage in some respects.
If we're talking about a full root zone, then it ought to be possible in theory.
But I'm not aware of a way to do it in practice.

Disabling the global zone ?

Hi,
I wanted to remove/disable the global zone in Solaris 10. Someone told me that the only thing I needed to do is removing the following three packages:
- SUNWluzone
- SUNWzoner
- SUNWzoneu
I've done it and it seems that there is no global zone, but I still wonder if it is a good method and what are the consequences of such behavior.
Thank you for any response.
Best regards,
foxrafi

Hi Foxrafi
I think you may have been misinformed. You cannot remove the global zone. The global zone is the installation of Solaris that you boot when you power on your server. So don't fear the global zone! Just think of 'global zone' as an alias for your normal Solaris installation.
Therefore the only way of removing the global zone is to uninstall Solaris itself.
What you have done by removing the three packages you mention is remove the utilities that allow you to create and administer non-global zones on the server. However the 'global' zone is still there. You haven't done any harm by removing those packages, however as they are part of the core cluster they are probably best left installed. It will also stop any confusion to your users who may run 'zonename' at somepoint and be surprised to find the command is not there (I haven't checked, but am assuming zonename is part of one of the packages you mention).

Route between global and non-global zones

Hi Folks,
I haven't been able to find an answer to this question searching the archives, so I'll try here. My global zone gets her IP (10.153.197.n) via DHCP, and I've had to use 192.168.1.n addresses for the non global zones. Is there a simple route statement I can issue to allow communication between the global and non global zones? I'm running Solaris 10 x86 03/2005.
Thanks very much,
-Adam vonNieda

If you're only interested in passing traffic between the global zone and the non-global zones, just add a virtual interface to the global zone.
For example, in the global zone:
ifconfig ce0:4 plumb 192.168.1.x netmask + broadcast + up
Then you will be able to pass traffic between the global and non-global zones.
If you're looking for the global zone to proxy traffic between the non-global zones and the rest of the network, take a look at http://balance.sf.net

Running commands across global and non-global zones

Other than using ssh and public key access, is there better way to run a command in both the global and non-global zone? I need to disable some services (svcadm disable ... ) in both the global and non-global zones.
Thanks,
Roger S.

You can run commands in the non-global zone with the "zlogin" command from the global zone.
Running commands in a non-global zone from a non global zone works only with ssh, (or any other method using network)

If you have an itunes acct that was not set up to share and the lap top it was on is no longer working, is there a way to open up the old itunes acct to get music and photos? This was before icloud was available, can you reset your password?

If you have an itunes acct that was not set up to share and the lap top it was on is no longer working, is there a way to open up the old itunes acct to get music and photos off of it? This was before Icloud was available. Can you reset your itunes password somehow?

iTunes and the iTunes Store won't have anything to do with your photos. Those would be stored only on your laptop unless you made a backup of some sort. If you didn't, and the hard drive in your laptop has failed, then your photos are gone unless you wish to pay a disk recovery service a lot of money to try and get them back.
As to your music, if you purchased it from the iTunes Store you can probably re-download it. Go to the iTunes Store, log into your account, and click the Purchases link under the Quick Links. From there you should be able to re-download some or all of your purchased content. Note that not all content has been licensed for re-downloading in all countries at this time. You can see what content you can download here:
http://support.apple.com/kb/HT5085
You can also re-download content using an iOS device.
For full instructions, see:
http://support.apple.com/kb/ht2519
Regards.

The shipping conditions, the delivering plant and the transportation zone

Hi Experts
How to determine/Path/Tcode - The shipping conditions, the delivering plant and the transportation zone determine the route in the STO.
Thanks in Advance
Prashanth

Hi,
Shipping Conditions :
SPRO-> Logistics Execution ->Shipping -> Basic Shipping Functions ->Shipping Point and Goods Receiving Point Determination -> Define Shippping Conditions.
Transportation Zone :
SPRO-> Logistics Execution ->Shipping -> Basic Shipping Functions -> Routes -> Route Determination -> Define Transportation Zones.

PHP in Solaris 10 and Non-Global Zones: Problem of performance?

Hi friends
We are feeling a poor performance with applications developed with PHP in Solaris 10, with non-global and global zones, while Intel platform (Xeon and Pentium), performance is very good. Difference between both platforms is about 200% aprox, one second in Intel to 9, 12 or 20 seconds in Solaris depending of model.
Our tests were developed in:
1. SF T2000 server Solaris 10 global zone
2. SF T2000 server Solaris 10 non-global zone
3. SF280R server Solaris 10 non-global zone
4. V240 server with 1 GB memory, 1*US III-i 1.0 GHz and Solaris 9 (really this version for test and comparisons)
5. V240 server with 8GB memory, 2*US III-i 1.5Ghz and Solaris 9 (really this version for test and comparisons too)
Intel platforms were:
1. Intel Pentium 4 2GHz 2GB memory, Linux Fedora and PHP 4.4.4
2. Intel Xeon 2 core, 2.33GHz 2GB memory, Linux Fedora and PHP 4.4.3
Versions of products are:
1. Solaris 9 or Solaris 10
2. PHP 4.4.7 downloaded from http://www.php.net/downloads.php
3. Apache 2.0.59
4. MySQL 4.1.15-log
Our php compilation and installation were:
./configure --prefix=/usr/local/php-4.4.7 \
--with-pear \
--with-openssl=/usr/local/ssl \
--with-gettext \
--with-ldap=/usr/local \
--with-iconv \
--enable-ftp \
--with-dom \
--with-mime-magic \
--enable-mbstring \
--with-zlib \
--enable-track-vars \
--enable-sigchild \
--disable-ctype \
--disable-overload \
--disable-tokenizer \
--disable-posix \
--with-gd \
--with-apxs2=/usr/local/apache2.0.53/bin/apxs \
--with-mysql \
--with-pgsql \
--with-oci8=/oracle/product/9.2.0 \
--with-oracle=/oracle/product/9.2.0 \
--with-png-dir=/usr/local \
--with-zlib-dir=/usr/local \
--with-freetype-dir=/usr/local \
--with-jpeg-dir=/usr/local
make
make install
Questions:
Is there any problem of PHP with SunFire T2000 servers or 64-bits platforms?
Is there any flag of PHP would be use to compilarion PHP in 64-bits or multithread?
I wait for any comments or suggestions about our problem with PHP compilation and performance in Solaris 10. Thanks a lot.
Sergio.

I presume you compiled php on the Sun server, was this done using gcc or the Sun One C compiler.
If the latter then you can also use the flag: --enable-nonportable-atomics when you run configure

FSS shares and the global zone

Similar Messages

Maybe you are looking for