Persistent Resource Config in Non-global Zones

Similar Messages

• How to retrieve #  on-line procs in a non-global zone with resource pool

  Is there any way to retrieve the #of on line processors of the machine running in a non global zone with resource pool ?
  sysconf does not return this value. In fact this is an excerpt of the man:
  "If the caller is in a non-global zone and the pools facility is active, sysconf(_SC_NPROCESSORS_CONF) and sysconf_SC_NPROCESSORS_ONLN) return the number of processors in the processor set of the pool to which the zone is bound."

  So, from within a local zone that's in a pool (i.e. in a pool with 8 CPUs) , you want to query how many CPUs really exist in the global zone (i.e. the global zone may actually have 16 CPUs)? I don't think that's possible: in fact for security reasons it's probably intentionally disabled.
  A quick workaround would be a script/cron-job in the global zone that writes a small file in the filesystem of the local zone... then from within that zone you could read the CPU count.
  I'm interested though: what are you trying to set up?
  Regards,
  [email protected]

• Make non-global zone svcs persistant accross reboots

  Q: Solaris 10 services such as telnet will need to be enabled after installation of non-glabal zones. Command "svcs enable telnet" did not leave telnet enabled after rebooting a non-global zone. Any suggestions? Thanks.

  Did you do the "svcs enable telnet" while zlogin'ed to the zone.
  If so it should have worked.

• Installing multiple MySQLs in Non-Global Zones

  Hi all,
  We have db01 and db02 physical servers with latest Solaris and Sun Cluster software installed. Each one has the following zones:
  db01z001 - db02z001
  db01z002 - db02z002
  db01z003 - db02z003
  db01z004 - db02z004
  db01zXXX - db02zXXX
  Every zone is installed on zpool zones (on local disks):
  root@db01:~$ zpool status zones
  pool: zones
  state: ONLINE
  scrub: none requested
  config:
  NAME STATE READ WRITE CKSUM
  zones ONLINE 0 0 0
  mirror ONLINE 0 0 0
  c2t0d0 ONLINE 0 0 0
  c2t1d0 ONLINE 0 0 0
  We want to install and configure a different MySQL application and data service in every pair of non-global zones.
  We want to use two SAN logical devices for mysql data:
  d3 db02:/dev/rdsk/c4t600508B4000906990001100000E70000d0
  d3 db01:/dev/rdsk/c4t600508B4000906990001100000E70000d0
  d7 db02:/dev/rdsk/c4t600508B40009069900011000008E0000d0
  d7 db01:/dev/rdsk/c4t600508B40009069900011000008E0000d0
  Is there any way to use this configuration for N pairs or we can only use 2?
  Thanks,
  George

  Hi George,
  You might get away creating global monunts, create directories below the mount pint. Now comes the trick, you create HAStoragePlus resources with filesystem_mountpoints=/global_mountmount/mysql1, you must set AffinityOn to false.
  This creates a lofs mount into the zone.
  I must admit, that I never tried this myself, but it should work. Of cause you will get a performance penalty if you create tables over the wire. Creating tables means creating small files. It is wortha a
  It would be better, if you would have more and smaller luns, so that you could restrict on lun to a pair of zones.
  Kind Regards
  Detlef

• How to enable GUI in a non global zone in solaris11?

  How to enable graphical logon in a non global zone in solaris11, so the zone can be login by Xmanager? Thanks!

  This guide will cover how to setup a basic VNC connection to a Solaris 11 machine. There is also an optional step to allow for persistent VNC connections.
  Step 1
  Configure GDM to include ‘[security] DisallowTCP=false’ and ‘[xdmcp] Enable=true’.
  $ sudo gedit /etc/gdm/custom.conf
  # GDM configuration storage
  [daemon]
  [security]
  DisallowTCP=false
  [xdmcp]
  Enable=true
  [greeter]
  [chooser]
  [debug]
  Step 2
  Configure X-Server to accept remote connections.
  # svccfg -s application/x11/x11-server
  svc:/application/x11/x11-server> setprop options/tcp_listen = boolean: true
  svc:/application/x11/x11-server> end
  Step 3
  Configure the VNC service (you could change the ‘-geometry 1280×720′ to whatever resolution you would like).
  # svccfg -s xvnc-inetd
  svc:/application/x11/xvnc-inetd> setprop inetd_start/exec = astring: "/usr/bin/Xvnc -desktop sol11:0 -geometry 1024x768 -inetd -query localhost -once securitytypes=none"
  svc:/application/x11/xvnc-inetd> setprop inetd/wait = boolean: true
  svc:/application/x11/xvnc-inetd> end
  ** The line highlighted red is optional – only do this if you want your VNC connection to persist (as well as any potential security issues)
  or
  # svccfg -s xvnc-inetd
  svc:/application/x11/xvnc-inetd> editprop
  search for # setprop inetd_start/exec = astring: "/usr/bin/Xvnc
  copy the line, uncomment the copy, makethe changes above, write the file out.
  svcadm refresh xvnc-inetd
  Step 4
  Disable and the re-enable the GDM and VNC-inetd services for the changes to take effect.
  $ su root
  Password:
  # svcadm disable gdm xvnc-inetd; svcadm enable gdm xvnc-inetd
  If still in maintenance, reboot (I had to, don't know why).
  Step 5
  Point your favourite VNC client at your Solaris server and test if it accepts your VNC connection – you should be presented with a Username/Password login screen.
  If you performed the optional step to make your connections persist – close your favourite VNC client and then reconnect – if you remained logged in you have a persistent connections.
  Greg on said:
  After a fresh text install of Solaris-11 (11/11) both xvnc-inetd and gdm are not present. After installing them (# pkg install xvnc-inetd gdm) I can’t get gdm to start:
  # svcadm enable gdm
  # svcs gdm
  offline 10:24:03 svc:/application/graphical-login/gdm:default
  Any thoughts?
  Ron on said:
  You are missing some X packages. Do the following:
  pkg install slim_install           # installs 400+ packages
  svcadm enable gdm && exit      # gdm now works
  pkg uninstall slim_install           # uninstalls the installer package only

• LDAP Client Configuration in Non Global Zone

  I have configured 3 non global zones (different ip addresses and different names from global zone), installed LDAP client 2 on each, which worked fine, until the zones were rebooted. The ldapcachemgr was running, but authentication does not work--have to reinstall ldapclient each time.
  Does anyone have any suggestions?

  Here are a few things to check:
  1. /var/ldap/ldap_client_file - Does it have the info you're expecting? If not, it could be the config profile in the Direcotry Server is incorrect.
  2. /etc/nsswitch.conf - Is it configured correctly?
  3. /etc/pam.conf - Is that configured correctly?
  4. If the above files appear OK, check the access logs on the Directory Server.
  HTH,
  Roger S.

• Dynamically adding a device to a non-global zone

  How can you add a new device to a non-global zone without having
  to reboot the zone ? Obviously using zonecfg and then rebooting the
  zone works but often rebooting the zone would be very user unfriendly.
  In particular we occasionally need to add a new disk mirror in the global
  zone and then let the non-global zone have access to it.

  So each zone has a /dev tree that's private in <zoneroot>/dev which gets lofs mounted to /dev in the zone. You can mknod a new device in here and it appears instantly in the zone. Use the same major and minor numbers that device has in the global zone. If it's a disk device, make sure to major both the block and character device.
  Of course, you want to edit the zone config to make it permanent (though I suspect it may actually be permanent if you mknod the device...)

• Non-global zone network configuration

  Hi,
  Zones are a new thing for me so please excuse me if this is a basic query... I have recently jumpstarted a system using a jumpstart script that was developed by somebody else. It creates two non-global zones and configures their network interfaces.
  I have unplumbed one of the virtual interfaces for a particular zone because the IP address it was using is actually being used by another system on the network. However, when I reboot the zone, the interface is re-assigned the same IP address again. The IP address in question is not in /etc/hosts on any of the zones, and in the non-global zones the "hostname.<interface>" files do not exist at all. Also, the IP address is not in sysidcfg in any of the zones.
  So basically, interface e1000g0:2 is being assigned an IP address that was configured by the jumpstart script, so perhaps the jumpstart script has placed that IP address in some file that is read when the zone is booting. I have even checked rc scripts just in case but I cannot find the IP address anywhere. Would anybody please be able to tell me where the configuration information could be coming from in this scenario (nsswitch.conf specifies only files).
  Thank you in advance...

  its in the zone config.
  zonecfg -z <zone in question> info
  it should list a net address and physical device. you can then use:
  zonecfg -z <zone in question>
  from here you can remove the net statements, or change the address if you want to keep using the net card in your zone.

• Non-global zone in "shutting_down" state.. Hung in this state

  Hi.. My server is running in Sol10. It has got two non-global zones hosted in it in which the database is running.
  There was some complain from the database team that they were not able to login to the server. When I checked, it the status of the local zones were fine. But when tried to "# zlogin" to them, it got hung. So i tried to " # zlogin -S <zone_name>" and i was able to login in the failsafe mode but not able to execute any command in it. Any command from "uptime", "zfs list", gets hung and i had to forcefully logout.
  So I tried to halt the non-global zones first and then boot it. But here, it got stuck in "shutting_down" state.
  When tried to kill the processes of the non-global zones using "kill -9", it failed to kill the processes.
  so I rebooted the global zone which fixed the issue. But then, 10 days later, the same issue came up.
  I followed the same steps to fix the issue but i'm afraid this issue might come up again since i think rebooting the global zone server is a temporary fix.
  I logged a call with Oracle Support for this, but the server looks fine from the explorer output that was provided.
  Has anyone faced this same problem? What can i do to fix this issue permanantly?

  If you encounter the issue again in future, please get a system crash dump by panicing the global zone. This will allow us (support) to review the crash dump and understand why the zone failed to shut down. It will have been waiting on a resource and without the dump there's simply no way to know what or why.
  IIRC we recently (with the past month) did a putback of a bug (which I can't find the ID of right now) whereby if a zone doesn't hang on the way down we'll fork a new instance of the zone and leave the old refs in their hung state. So it's worth ensuring that you're running the latest Patchset.

• Non-global zone networking

  I've created a non-global zone with a pair of anet devices. I plan to do IPMP inside the non-global zone to manage interface redundancy. The anet config is rather simple -- I have a net0 and net1 whose lower-link's are net2 and net3 respectively.
  Inside the zone, it looks like everything is ready to go. My two VNICs are up.
  zone# dladm show-link
  LINK CLASS MTU STATE OVER
  net0 vnic 1500 up ?
  net1 vnic 1500 up ?
  So I try to plumb them (if I can still use that term).
  zone# ipadm create-ip net0
  zone# ipadm create-ip net1
  zone# ipadm show-if
  IFNAME CLASS STATE ACTIVE OVER
  lo0 loopback ok yes --
  net0 ip down no --
  net1 ip down no --
  That's strange -- why are they not up?
  zone# ifconfig net0 up; ifconfig net1 up
  zone# ipadm show-if
  IFNAME CLASS STATE ACTIVE OVER
  lo0 loopback ok yes --
  net0 ip ok yes --
  net1 ip ok yes --
  Aaah. Much better. Now I can get on with my life.
  # ipadm create-ipmp -i net0 -i net1 ipmp0
  # ipadm create-addr -T static -a 192.168.1.104/24 ipmp0/v4
  So my quesion is why did I have to resort to running an ifconfig up on these interfaces? ifconfig is dead to me -- or so I'd like to think. :)
  What is the "right" way to deal with this problem?

  Figured this out.
  The issue was that I had just done a zlogin to the zone after it was built (which was 3 weeks ago). I had completely forgotten that I had not yet completed the system configuration so the svc:/milestone/config:default service was offline, along with it's many dependancies.
  Basically I manually configured the network information before I had told the system config that I was going to do so.
  Strange behaviour -- but that's what happens when you don't follow order of operation.

• FilesystemMountPoints for ufs disks mounted to non-global zones

  Hello,
  I have a SAN ufs disk to be used as a failover storage, mounted to non-global zones (NGZ).
  Solaris 10 nodes using Cluster 3.2
  I'm looking for the correct value for the property FilesystemMountPoints and the vfstab entry required for a failover disk mounted to a NGZ.
  Should the path NOT include the NGZ root path?
  From the man page for SUNW.HAStoragePlus, for the property FilesystemMountPoints:
  You can specify both the path in a non-global zone and the path in a global zone, in this format:
  Non-GlobalZonePath:GlobalZonePath
  The global zone path is optional. If you do not specify a global zone path, Sun Cluster assumes that the path in
  the non-global zone and in the global zone are the same. If you specify the path as
  Non-GlobalZonePath:GlobalZonePath, you must specify Global-ZonePath in the global zone's /etc/vfstab.
  The default setting for this property is an empty list.
  You can use the SUNW.HAStoragePlus resource type to make a file system available to a non-global zone. To enable
  the SUNW.HAStoragePlus resource type to do this, you must create a mount point in the global zone and in the
  non-global zone. The SUNW.HAStoragePlus resource type makes the file system available to the non-global zone
  by mounting the file system in the global zone. The resource type then performs a loopback mount in the
  non-global zone.
  Each file system mount point should have an equivalent entry in /etc/vfstab on all cluster nodes and in all
  global zones. The SUNW.HAStoragePlus resource type does not check /etc/vfstab in non-global zones.
  SUNW.HAStoragePlus resources that specify local file systems can only belong in a failover resource group
  with affinity switchovers enabled. These local file systems can therefore be termed failover file systems. You
  can specify both local and global file system mounts points at the same time.
  Any file system whose mount point is present in the FilesystemMountPoints extension property is assumed to
  be local if its /etc/vfstab entry satisfies both of the following conditions:
  1. The non-global mount option is specified.
  2. The "mount at boot" field for the entry is set to "no."
  In my situation, I want to mount the disk to /mysql_data on the NGZ called ftp_zone. So, which is the correct setup?
  a. FilesystemMountPoints=/mysql_data:/zones/ftp_zone/root/mysql_data
  Global zone vfstab entry /dev/md/ftpabin/dsk/d110 /dev/md/ftpabin/rdsk/d110 /zones/ftp_zone/root/mysql_data ufs 1 no logging
  NGZ mount point /mysql_data
  OR
  b. FilesystemMountPoints=/mysql_data:/mysql_data (can be condensed to simply /mysql_data)
  Global zone vfstab entry /dev/md/ftpabin/dsk/d110 /dev/md/ftpabin/rdsk/d110 /mysql_data ufs 1 no logging
  NGZ mount point /mysql_data
  Should the path NOT include the NGZ root path?
  And should the fsck pass # be 1 or 2?
  Looking at this example from p. 26 of
  http://wikis.sun.com/download/attachments/24543510/820-4690.pdf
  This example doesn't mention the entry in vfstab.
  Create a resource group that can holds services in nodea zonex and nodeb zoney
  nodea# clresourcegroup create -n nodea:zonex,nodeb:zoney test-rg
  Make sure the HAStoragePlus resource is registered
  nodea# clresourcetype register SUNW.HAStoragePlus
  Now add a UFS [or VxFS] fail-over file system: mount /bigspace1 to failover/export/install in NGZ
  nodea# clresource create -t SUNW.HAStoragePlus -g test-rg \
  -p FilesystemMountPoints=/fail-over/export/install:/bigspace1 \
  ufs-hasp-rs
  Thank you!

  Hi,
  /zones/oracle-z is my root directory of the zone.
  * add the device to the zone :
  root@mpbxapp1 # zonecfg -z oracle-z
  zonecfg:oracle-z> add device
  zonecfg:oracle-z:device> set match=/dev/global/dsk/d12s0
  zonecfg:oracle-z:device> end
  zonecfg:oracle-z> add device
  zonecfg:oracle-z:device> set match=/dev/global/rdsk/d12s0
  zonecfg:oracle-z:device> end
  zonecfg:oracle-z> exit
  * add FS to NGZ's /etc/vfstab : ( You may omit this step, I don't know why but it works without this step :) )
  root@mpbxapp1 # vi /zones/oracle-z/root/etc/vfstab
  /dev/global/dsk/d12s0 /dev/global/rdsk/d12s0 /global/oracle ufs 1 no logging
  * add FS to global zone's /etc/vfstab :
  root@mpbxapp1 # vi /etc/vfstab
  /dev/global/dsk/d12s0 /dev/global/rdsk/d12s0 /zonefs/oracle ufs 1 no logging
  * set the FilesystemMountPoints property :
  root@mpbxapp1 # /usr/cluster/bin/clresource set -p FilesystemMountPoints=/global/oracle:/zonefs/oracle oracle-hastp
  Whit this configuration you may ensure that the FS is not directly accessible from master zone. Actually, it's accessible but with a different PATH. For example, for Oracle, from the master zone Oracle can not be started/stopped because the controlfile can not be accessed. :)
  Hope this helps,
  Murat

• Unexpected behavior: Solaris10 , vlan , ipmp, non-global zones

  I've configured a System with several non-global zones.
  Each of them has ip - connection via a seperate vlan (1 vlan for each nonglobal zone). The vlans are established by the global zone. They are additionally brought under control of ipmp.
  I followed the instructions described at:
  http://forum.sun.com/thread.jspa?threadID=21225&messageID=59653#59653
  to create the defaultrouters for the non-global zones.
  In addition to that, I've created the default route for the 2nd ipmp-interface. (to keep the route in the non-global Zone in case of ipmp-failover)
  ie:
  route add default  172.16.3.1 -ifp ce1222000
  route add default  172.16.3.1 -ifp ce1222002Furthermore, i' ve put the 172.16.3.1 in the /etc/defaultrouter of the global zone, to ensure it will be the 1st entry in the routing table (because it's the defaultrouter for the global zone)
  Here the unexpected:
  Tried to reach a ip-target ouside the configured subnets, say 172.16.1.3 , via icmp. The router 172.16.3.1 knows the proper route to get it. The 1st tries (can't remember the exact number) went through ce1222000 and associated icmp-replies travelled back trough ce1222000. But suddenly the outgoing interface changed to ce1322000 or ce1122000 ! The defaultrouters configured on these vlans are not aware of the 172.16.1.3 (172.16.1.0/24), and there was no answer. The defaultroutes seemed to be "cycled" between the configured.
  Furthermore the connection from the outside to the nonglobal-zones (wich do have only 1 defaultrouter configured: the one of the vlan the non-global Zone belongs to) was broken intermittent.
  So, how to get the combination of VLAN ,IPMP, diff. defaultrouters, non-global Zones running?
  Got the following config visible in the global zone:
  (the 172.13.x.y are sc3.1u4 priv. interconnect)
  netstat -rn
  Routing Table: IPv4
    Destination           Gateway           Flags  Ref   Use   Interface
  172.31.193.1         127.0.0.1            UH        1      0  lo0
  172.16.19.0          172.16.19.6          U         1   4474  ce1322000
  172.16.19.0          172.16.19.6          U         1      0  ce1322000:1
  172.16.19.0          172.16.19.6          U         1   1791  ce1322002
  172.31.1.0           172.31.1.2           U         1 271194  ce5
  172.31.0.128         172.31.0.130         U         1 271158  ce1
  172.16.11.0          172.16.11.6          U         1   8715  ce1122000
  172.16.11.0          172.16.11.6          U         1      0  ce1122000:1
  172.16.11.0          172.16.11.6          U         1   7398  ce1122002
  172.16.3.0           172.16.3.6           U         1   4888  ce1222000
  172.16.3.0           172.16.3.6           U         1      0  ce1222000:1
  172.16.3.0           172.16.3.6           U         1   4236  ce1222002
  172.16.27.0          172.16.27.6          U         1      0  ce1411000
  172.16.27.0          172.16.27.6          U         1      0  ce1411000:1
  172.16.27.0          172.16.27.6          U         1      0  ce1411002
  192.168.0.0          192.168.0.62         U         1  24469  ce3
  172.31.193.0         172.31.193.2         U         1    651  clprivnet0
  172.16.11.0          172.16.11.6          U         1      0  ce1122002:1
  224.0.0.0            192.168.0.62         U         1      0  ce3
  default              172.16.3.1           UG        1   1454
  default              172.16.19.1          UG        1      0  ce1322000
  default              172.16.19.1          UG        1      0  ce1322002
  default              172.16.11.1          UG        1      0  ce1122000
  default              172.16.11.1          UG        1      0  ce1122002
  default              172.16.3.1           UG        1      0  ce1222000
  default              172.16.3.1           UG        1      0  ce1222002
  127.0.0.1            127.0.0.1            UH        41048047  lo
  #ifconfig -a
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
  index 1
          inet 127.0.0.1 netmask ff000000
  lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
  index 1
          zone Z-BTO1-1
          inet 127.0.0.1 netmask ff000000
  lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
  index 1
          zone Z-BTO1-2
          inet 127.0.0.1 netmask ff000000
  lo0:3: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
  index 1
          zone Z-ITR1-1
          inet 127.0.0.1 netmask ff000000
  lo0:4: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
  index 1
          zone Z-TDN1-1
          inet 127.0.0.1 netmask ff000000
  lo0:5: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
  index 1
          zone Z-DRB1-1
          inet 127.0.0.1 netmask ff000000
  ce1: flags=1008843<UP,BROADCAST,RUNNING,MULTICAST,PRIVATE,IPv4> mtu 1500
  index 10
          inet 172.31.0.130 netmask ffffff00 broadcast 172.31.0.255
          ether 0:3:ba:f:63:95
  ce3: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 8
          inet 192.168.0.62 netmask ffffff00 broadcast 192.168.0.255
          groupname ipmp0
          ether 0:3:ba:f:68:1
  ce5: flags=1008843<UP,BROADCAST,RUNNING,MULTICAST,PRIVATE,IPv4> mtu 1500
  index 9
          inet 172.31.1.2 netmask ffffff00 broadcast 172.31.1.127
          ether 0:3:ba:d5:b1:44
  ce1122000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500
  index 2
          inet 172.16.11.6 netmask ffffff00 broadcast 172.16.11.127
          groupname ipmp2
          ether 0:3:ba:f:63:94
  ce1122000:1:
  flags=209040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,CoS>
  mtu 1500 index 2
          inet 172.16.11.7 netmask ffffff00 broadcast 172.16.11.127
  ce1122002:
  flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu
  1500 index 3
          inet 172.16.11.8 netmask ffffff00 broadcast 172.16.11.127
          groupname ipmp2
          ether 0:3:ba:f:68:0
  ce1122002:1: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
  mtu 1500 index 3
          inet 172.16.11.10 netmask ffffff00 broadcast 172.16.11.255
  ce1122002:2: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
  mtu 1500 index 3
          zone Z-ITR1-1
          inet 172.16.11.9 netmask ffffff00 broadcast 172.16.11.255
  ce1222000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500
  index 4
          inet 172.16.3.6 netmask ffffff00 broadcast 172.16.3.127
          groupname ipmp3
          ether 0:3:ba:f:63:94
  ce1222000:1:
  flags=209040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,CoS>
  mtu 1500 index 4
          inet 172.16.3.7 netmask ffffff00 broadcast 172.16.3.127
  ce1222002:
  flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu
  1500 index 5
          inet 172.16.3.8 netmask ffffff00 broadcast 172.16.3.127
          groupname ipmp3
          ether 0:3:ba:f:68:0
  ce1222002:1: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
  mtu 1500 index 5
          zone Z-BTO1-1
          inet 172.16.3.9 netmask ffffff00 broadcast 172.16.3.255
  ce1222002:2: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
  mtu 1500 index 5
          zone Z-BTO1-2
          inet 172.16.3.10 netmask ffffff00 broadcast 172.16.3.255
  ce1322000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500
  index 6
          inet 172.16.19.6 netmask ffffff00 broadcast 172.16.19.127
          groupname ipmp1
          ether 0:3:ba:f:63:94
  ce1322000:1:
  flags=209040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,CoS>
  mtu 1500 index 6
          inet 172.16.19.7 netmask ffffff00 broadcast 172.16.19.127
  ce1322002:
  flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu
  1500 index 7
          inet 172.16.19.8 netmask ffffff00 broadcast 172.16.19.127
          groupname ipmp1
          ether 0:3:ba:f:68:0
  ce1322002:1: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
  mtu 1500 index 7
          zone Z-TDN1-1
          inet 172.16.19.9 netmask ffffff00 broadcast 172.16.19.255
  ce1411000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500
  index 12
          inet 172.16.27.6 netmask ffffff00 broadcast 172.16.27.255
          groupname ipmp4
          ether 0:3:ba:f:63:94
  ce1411000:1:
  flags=209040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,CoS>
  mtu 1500 index 12
          inet 172.16.27.7 netmask ffffff00 broadcast 172.16.27.255
  ce1411002:
  flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu
  1500 index 13
          inet 172.16.27.8 netmask ffffff00 broadcast 172.16.27.255
          groupname ipmp4
          ether 0:3:ba:f:68:0
  ce1411002:1: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
  mtu 1500 index 13
          zone Z-DRB1-1
          inet 172.16.27.9 netmask ffffff00 broadcast 172.16.27.255
  clprivnet0:
  flags=1009843<UP,BROADCAST,RUNNING,MULTICAST,MULTI_BCAST,PRIVATE,IPv4> mtu
  1500 index 11
          inet 172.31.193.2 netmask ffffff00 broadcast 172.31.193.255
          ether 0:0:0:0:0:2

• Always install applications into non-global zones?

  I am planning on taking full advantage of Containers and Zones as I migrate servers and applications to Solaris 10. During this migration process, I believe that I will have a need to initially just run just one application on a server. I fear that if I do this in the global zone I will lose flexibility down the road for future projects and workloads. So, should I consider always installing applications in a non-global zone and never install applications in the global zone? This would keep the global zone as the controller of the non-global zones and ensure that I can always add more non-global zones later without having to worry about what is running in the global zone.
  Are there any thoughts or comments on this topic?

  Yes we've found it's best to run the applications in non-global zones. Here are a few benefits, basically we only put an application in the global zone if it requires it (like Oracle RAC). Note non-RAC instances of Oracle will run in a non-global zone just fine.
  Reasons to put applications in non-global zones
  o Increased security (self contained environment)
  o Increased flexibility for provisioning resources (CPU, memory, etc) when/if we decide to run multiple applications on the same hardware
  o Increased flexibility in starting up temporary environments to debug issues in parallel to the primary environment (i.e. in another non-global zone on the same server)
  o Works well with Sun Cluster (i.e. we cluster the non-global zones so that they can run across several hosts)
  o Improved trouble shooting and performance diagnosis as the applications are isolated to a non-global zone
  o Simplified environment for the application admins as the environment can be fine tuned for their needs (i.e. only let them see what they need)
  o Disaster recovery is much faster for a non-global zone

• /boot not preent in Non-Global zones

  Hi,
  /boot directory is not present in non-global zones. Is there any specific reason for that?
  On sun x86 uses /boot/solaris/bootenv.rc to duplicate the “eeprom” functionality. Since bootenv.rc is used for boot prom functionality and /boot itself not present in zones, because of that eeprom command failing on x86 zones.
  Is there any specific reason why /boot is not present in Zones ?
  Thanks in advance,
  Chanthu

  Hi George,
  You might get away creating global monunts, create directories below the mount pint. Now comes the trick, you create HAStoragePlus resources with filesystem_mountpoints=/global_mountmount/mysql1, you must set AffinityOn to false.
  This creates a lofs mount into the zone.
  I must admit, that I never tried this myself, but it should work. Of cause you will get a performance penalty if you create tables over the wire. Creating tables means creating small files. It is wortha a
  It would be better, if you would have more and smaller luns, so that you could restrict on lun to a pair of zones.
  Kind Regards
  Detlef

• Non-global zones on a SAN???

  Hi everyone, i have a question that's probably been asked before and i'm sure many others are interested in knowing the answer.
  Is it possible to store non-global zone(s) on a SAN? The idea being that if the server hosting the non-global zone(s) dies, the non-global zone(s) can be brought up on another server that also has access to the same SAN. This is sort of what vmware can do. It would be great if Solaris 10 non-global zones could also do it.
  Stewart

  Yes it is possible to do this. In fact if you use Sun Cluster (now free) it can be setup so that the zones automatically start on another node within the cluster. Basically any application that can run in a non-global zone can be clustered.
  This also helps greatly with resource balancing as you can move zones between servers as needed. Note the zone does have to shutdown as start again but that usually takes less than a minute.