Solaris 11 - zones and repos

Similar Messages

• LDOMs, Solaris zones and Live Migration

  Hi all,
  If you are planning to use Solaris zones inside a LDOM and using an external zpool as Solaris zone disk, wouldn't this break one of the requirements for being able to do a Live Migration ? If so, do you have any ideas on how to use Solaris zones inside an LDOM and at the same time be able to do a Live Migration or is it impossible ? I know this may sound as a bad idea but I would very much like to know if it is doable.

  Thanks,
  By external pool I am thinking of the way you probably are doing it, separate LUNs mirrored in a zpool for the zones coming from two separate IO/Service domains. So even if this zpool exist inside the LDOM as zone storage this will not prevent LM ? That's good news. The requirement "no zpool if Live Migration" must then only be valid for the LDOM storage itself and not for storage attached to the running LDOM. I am also worried about a possible performance penalty introducing an extra layer of virtualisation. Have you done any tests regarding this ?

• Solaris Zones and NFS mounts

  Hi all,
  Got a customer who wants to seperate his web environments on the same node. The release of apache, Java and PHP are different so kind of makes sense. Seems a perfect opportunity to implement zoning. It seems quite straight forward to setup (I'm sure I'll find out its not). The only concern I have is that all Zones will need access to a single NFS mount from a NAS storage array that we have. Is this going to be a problem to configure and how would I get them to mount automatically on boot.
  Cheers

  Not necessarily, you can create (from Global zone) a /zone/zonename/etc/dfs/dfstab (NOT a /zone/[i[zonename[/i]/root/etc/dfs/dfstab notice you don't use the root dir) and from global do a shareall and the zone will start serving. Check your multi-level ports and make sure they are correct. You will run into some problems if you are running Trusted Extensions or the NFS share is ZFS but they can be overcome rather easily.
  EDIT: I believe you have to be running TX for this to work. I'll double check.
  Message was edited by:
  AdamRichards

• Solaris zone and IBM DB2

  We have a container in T3-1 in which IBM DB2 running it. Recently we migrated the container to T4-1 server. The container is up and running but unable to start DB2. The container configuration is similar as in T3-1. Did anyone faced similar issue while running DB2 on T4-1 server ?

  You can refer
  App Server 9.0 developer guide
  http://docs.sun.com/app/docs/doc/819-3659
  making driver .jar files accessible :
  http://docs.sun.com/app/docs/doc/819-3659/6n5s6m5bk?a=view#beamn
  IBM DB2 8.2 datasource configuration
  http://docs.sun.com/app/docs/doc/819-3658/6n5s5nklk?a=view#beanc
  If you are still not able to setup:
  can you post
  1) con pool configuration from domain.xml
  2) the error message that you get in domains/<domainname>logs/server.log
  Thanks,
  -Jagadish

• Recommendations for Solaris Zones for NW2004S?

  I'm new to Solaris zones and would appreciate any recommendations from you regarding the setup of zones to run NW2004S. I did a scan of SapNet and SDN, but found nothing.
  So, for example, would you insist on running a Prod instance in the global zone?  For an SAP that runs in a zone, which file-systems would you share from the global zone?
  Another tips/traps you have would be greatly appreciated.

  We consolidated already 7 systems:
  root@consbig / >zoneadm list -vi
    ID NAME             STATUS         PATH                         
     0 global           running        /                            
    22 srmtest          running        /zone/srmtest                
    23 nwdi_ext_1       running        /zone/nwdi_ext_1             
    32 bbbcpy           running        /zone/bbbcpy                 
    35 icht             running        /zone/icht                   
    40 osiris           running        /zone/osiris                 
    42 bi_oracle_test   running        /zone/biorat                 
    43 hpvm             running        /zone/hpvm      
  This is a HP DL585 with 4 CPUs and 48 GB RAM (Opteron, not SPARC).

• Dedicating physical CPUs to a zone and migrating a Solaris 8 box to a zone?

  If I have a machine with a large number of cores (say 24), and dedicate 4 of the CPUs to the zone, psrinfo shows the number of CPU's dedicated to that zone as 4, however, the global zone still shows 24.
  Does this mean that if there's enough stuff running in global that it can preempt the stuff running inside the zone? The concern here is that the stuff we want to run in the zone is a bit more critical than in global, so we wouldn't want global to eat up CPU resources of the zone. (I suppose we could repurpose the stuff running inside global and the zone, but then we'd get the reverse isolation issue at some other point.)
  The other questions is that there's an old E450 running Solaris 8 and it's got a bunch of stuff installed on it. Would it be possible to somehow convert all the software and data of that E450 into a container or zone and run that on a more modern machine - say a T5420 which runs Solaris 10 (without upgrading the stuff running under the E450 to Solaris 10?)

  you can create a flar archive of the entire system and then import it as a solaris 8 zone. if you are doing this on a cool threads system, beware of the processor. it does well with threads. if what you run on the 450 is mostly single threaded or needs a decent cpu, the coolthreads servers are not a good fit.

• Solaris 10 Zones and networking..

  My machine has only one NIC card (rtls0) and also only one public ipv4 IP. I am at the moment unable to get more than one public IP. I've also created a few zones on the machine which I have assigned an internal IP. Now, I can connect (say SSH for example) internally to these zones just fine using their internal IP from the global zone. However, obviously the outside world would not be able to do so. So I decided to simply use the built in firewall/nat tech in Solaris in order to port forward certain ports to internal zones. (Like say set up port 2223 on the global level to forward ssh to one of my created zones' ssh) I looked up and down everywhere with the ipf and ipv4 port forwarding down to enabling it via routeadm and also setting the value of /dev/tcp ip_forwarding to 1. Then when I add the following rule to ipnat:
  rdr rtls0 PUBLIC_IP/32 port 2223 -> 192.168.1.2 port 22 tcp
  It still has zero effect on the forwarding. It fails to forward, and nothing I've done works. I'm on my last leg here with this issue. Am I doing something wrong with ipfilter or is there a better way to go about doing this with Solaris Zones? (I mean surely there must be an easier way to create self contained zones with applications that still run services without having to resort to assigning it its own IP, no?) Any help is appreciated, thanks.

  First thing to check is if your zone can access the global zone (try pinging). If this isn't the case you probably need to setup a routing entry allowing the non-global zone some access.
  For example, say the global is 10.0.0.1 and the non-global 192.168.0.1 on eri0 you'd use something like:
  route add 10.0.0.1 192.168.0.1 -iface
  This tells your non-global zone that it can reach the global zone through the eri0 interface. Ofcourse you can also expand this to networks and such.
  Another very important factor to keep in mind when dealing with internet is trying to access it from the non-global zone (as a test). Your ipnat.conf entry should be enough, my guess for to the reason for not routing the data is a non-static arp entry of your internet gateway. Now, this is a mere guess but if you have a default route in your routing table setup for Internet access (netstat -rn) make sure that the host to which the default route is pointing also has a static arp entry (man arp). If this is indeed the case you may also need to setup a routing entry as mentioned above to allow your zone access to this remote gateway.
  After that things should work as usual. Hope this helps.

• EM 12c and Solaris Zone Monitoring

  Hi all,
  I am using Oracle EM 12c to monitor Oracle database server which run on Solaris zone, which is capped to run using only 4 cores.
  BUT the Host management home page is still showing "Total Cores" of 8 (I am using Sun T4-1).
  Is there some configuration which required to be done to reflect the number of capped CPU.
  Also is there a way to isolate the CPU, Memory, Filesystem and Network utilization to only look at the local zone?
  I suspect what I see now represent the resource utilization of the physical machine.
  Thank you.
  -Joel

  Loc,
  I've opened quite a few SRs, some handled well, some not. My biggest issue perhaps is that SRs are needed at all. We are a small shop that relied on OEM 10.2 for a long time, skipped over 11G and went right to 12R2. It was a culture shock, and I'm not sure if skipping the version added to our woes.
  There are 3 DBAs here, with Oracle experience between 13 and 18 years, we are not newbies. I took the em12c class from Oracle.
  But still, acceptance of its use has not been high, mostly because it's no longer the quick, targeted place we 'go to'. It's a huge product now, with much built-in. We are finding we need a mind adjustment to use it and the transition period related to how much time we can spend on that. Our intent, though, was to make things easier, not harder.
  Case in point is our implementation of DataGuard. This project was new to us and I made EM12C upgrade as a predecessor project because I needed its help. I ultimately abandoned it, we hired a consultant, we learned manual steps, and that's what we use today. Everything is homegrown.
  I feel as through the purpose for EM moved from a DBA monitoring tool. Remember OEM 10.2 and its initial summary page that showed the overall health of everything on one shot? I can't do that in em12c, or at least haven't found that.
  Here are some SRs:
  SR 3-6392247151
  Sr 3-7159111371
  SR 3-6645421051
  * SR 3-6608820051
  SR 3-6667182071
  * Covers "invalid objects" missing, something we previously relied on.
  Back to the original question of this post - I understand now that if we use EM to switch our databases, the role reversal will show. We would have loved to rely on EM for everything. Now that we must do everything manually, I have to then manually drop the target being monitored and re-add it. Again, something that should make our jobs easier is now harder.
  Thanks for listening. Am I really the only DBA that says EM12C is harder to use for basic functionality?
  Sherrie

• SAP Java and Solaris Zones SolMan 4.0

  May require Solaris Zones experience to continue.
  I have three SAP database instances/central instances running in three sparse Solaris zones with no problem.
  I have created a new sparse zone for a new SAP installation (Solution Manager 4.0) and started the installation. SAP requires a 1.4.2 SDK even though Java 1.5 comes with Solaris 10. The 1.4.2 SDK is in /usr/j2se. The installation in the sparse zone errors out because it can't get "write" rights to /usr/j2se/jre/lib/security/local_policy.jar as it is trying to install some security encryption JCE component.
  I have thought about creating a /usr/j2se_zonename file system, copying the contents of /usr/j2se into it and then mounting /usr/j2se_zonename in the zone as a lofs with the name /usr/j2se. However when I do the copy of /usr/j2se I get some recursion errors.
  Any thoughts about how to add a writable /usr/j2se into the sparse zone with the least amount of effort ? Otherwise plan B would be to create a "large" zone with a writable /usr directory.
  Received a great answer, that while it may not be architecturally "pure" it may get the job done.
  You might just download the relevant JDK tarball and unpack that
  somewhere in your zone (anywhere you like), and point SAP at it...
  http://java.sun.com/j2se/1.4.2/download.html
  Get the one called "self extracting file"-- you can unpack that anywhere
  you want.
  Message was edited by: Atis Purins

  Hi Russ,
  no you only have to generate two RFCs to your R/3 and assign them in SMSY to for system monitoring
  Then you need a Solution, assign your R/3 to the Solution, setup the system monitoring.
  Regards,
  uDo

• Resource Management and Solaris Zones Developer Guide

  Solaris Information Products ("Pubs") is creating a
  developer guide for resource management and Solaris Zones.
  The department is seeking input on content from application
  developers and ISVs.
  We plan to discuss the different categories of applications
  that can take advantage of Solaris resource management
  features, and provide implementation examples that discuss
  the particular RM features that can be used.
  Although running in a zone poses no differences to most
  applications, we will describe any possible limitations and
  offer appropriate workarounds. We will also provide
  information needed by the ISV, such as determining
  the appropriate system calls to use in a non-global zone.
  We plan to use case studies to document the zones material.
  We would like to know the sorts of topics that you would
  like to see covered. We want to be sure that we address
  your specific development concerns with regard to these
  features.
  Thank you for your comments and suggestions.

  Hi there, i'm using solaris resource management in a
  server with more thant 2thousand acounts.
  Created profiles for users, defaul, staff, root and
  services.Seeing the contents of your /etc/project file could be helpful.
  But while using rctladm to enable syslog'ing, I set up
  global flags of "deny" and "no-local-action" in almos
  everything.The flags on the right hand side of the rctladm(1M) output are read-only:
  they are telling you the characteristics of the resource control in question (what
  operations the system will allow the resource control to take).
  Now, many aplications don't work because they are
  denied enough process.max-stack-size and
  process.max-file-descriptor for them to work.
  Applications such has prstat.If prstat(1) is failing due to the process.max-file-descriptor control value, that's
  probably a bug. prstat(1) is more likely bumping into the limit to assess how many file
  descriptors are available, and then carrying on--you're just seeing a log message since
  prstat(1) tested the file descriptor limit, and you've enabled syslog for that control. Please
  post the prstat(1) output, and we'll figure out if something's breaking.
  I don't find a way to disable the global flags. You can't. I would disable the syslog action on the process.max-stack-size control first;
  there is an outstanding bug on this control, in that it will report a false triggering event--
  no actual effect to the process. (If you send me some mail, I will add you as a call record
  on the bug.)
  Can anyone tell me:
  how to disable global flags?
  how to disable and enable solaris resource management
  all together?You could raise all of the control values, but the resource control facility (like the resource
  limit facility it superseded) is always active. Let's figure out if you're hitting the bug I mentioned,
  and then figure out how to proceed.
  - Stephen
  Stephen Hahn, PhD Solaris Kernel Development, Sun Microsystems
  [email protected]

• OSB and Solaris Zones

  Hi,
  Does anybody have any experience of running OSB inside a Solaris zone?
  I'm experimenting with this at the moment and would like to share the OSB installation with the global zone, but keep the /usr/etc and /usr/tmp directories where the host-specific stuff is stored private.
  Thanks.

  I following Oracle® Secure Backup Installation and Configuration Guide
  Release 10.3 :
  - To Viewing SCSI Bus Name-Instance Parameter Values in Solaris :
  # cd /usr/local/oracle/backup/install
  # installdriver
  bash: installdriver: command not found
  # ./installdriver
  case: Too many arguments
  How could i can run the installdriver script for SCSI information
  Best Regards
  Ch

• Jumbo Frames within Solaris 10 zones and multiple interfaces...

  We have Jumbo Frames working in the Global Zone, and have the MaxFrameSize=3,3,3 etc...
  We also have our AGGR's built correctly and defined aggr1:1 and aggr1:2
  the problem is on boot-up, if all the name files (hostname.aggr1 and hostname.aggr1:1) are defined in the /etc directory, then you can't start the zones....?
  and if you place the files in the /export/zones/<machinename>/root/etc/ directory, than the interfaces do not start-up automatically..... ?
  So If I want all the interfaces in the global zone to be seen by the other zones, and for the interfaces to come live when the zones are booted.... where do the hostname.interface files live....???

  Darren:
  I understand where you're coming from from a technical perspective. But there is a way you could work around it.
  For argument's sake, zones a+b with e1000g0 - e1000g3
  From an implementation perspective, what's to stop you from:
  e1000g0 / e1000g1 shared between all
  e1000g2 plumbed at global, only assigned to zone a.
  e1000g3 plumbed at global, only assigned to zone b.
  You can certainly have an empty interface file (i.e. cp /dev/null /etc/hostname.e1000g2 ; cp /dev/null /etc/hostname.e1000g3). The interface will plumb but have no IP information configured.
  This doesn't give truly exclusive interfaces to either zone, but it operates effectively as though it were.
  Warning: I haven't actually tested this, but I see no reason that it wouldn't work.

• Is it possible to patch Global Zone and only specific Non-Global Zones?

  Hi Champs,
  Is it possible to patch Global Zone and only specific Non-Global Zones? Idea is to patch DEV-zones only on the system & test applications and then patch only the STG-zones on same server!
  Not sure if it is possible but just throwing a question...
  Cheers,
  Nitin

  M10vir wrote:
  Yes, if you have branded (non-sparse) zone!Branded zones and sparse zones don't have the relation that you imply. In Solaris 10, native zones can be sparse or whole-root (non-sparse, as you say). Zones that are not native zones are branded zones. Branded zones on Solaris 10 include Solaris Legacy Containers, previously known as Solaris 8 Containers and Solaris 9 Containers. That add-on product allows you to run Solaris 8 and Solaris 9 application environments under a thin layer of virtualization provided by the brands framework. solaris8 and solaris9 branded zones can be patched independently of each other and of the global zone.
  Solaris 11 has no "native zones" - all zones use the brands framework. The "solaris" brand does no emulation and in that respect is very similar to native zones on Solaris 10. Solaris 11 also provides Solaris 10 Zones via the solaris10 brand. This allows zones or the global zone from a Solaris 10 system to be transferred to a Solaris 11 system and run as solaris10 zones. When running on Solaris 11, solaris10 zones can each be patched independently from each other and the Solaris 11 global zone. Technically, Solaris 11 doesn't have patches - it just has newer versions of packages to which the system is updated.

• Solaris 10 and multi-installs of SPS 5.1

  Is there a way to install 2 SPS 5.1 Master Servers on the same Solaris 10 global zone?
  We tried to use the pkgroot workaround that Sun Professional Services provided for Solaris 8, but Solaris 10 ignored the ksh commands. So, we created a full root zone and installed the 2nd SPS 5.1 Master Server there successfully.
  Now, we want to test SPS 6.0, but must first prove it performs at least as well if not better than SPS 5.1. To do that, we must provide monitoring data from the full root zone during checkins and deploys. However, we have just learned that our OVO does not support monitoring Solaris 10 zones.
  So, we are back to square one. How to install SPS 5.1 2x on the same Solaris 10 global zone.
  Thanks,
  Mike

  IGNORE ABOVEIt has been fixed, so I do run Hardware RAID-1 with Solaris 10.
  But I wonder if there is any way to see disk health from Solaris ? Without entering BIOS each time.
  Today when pull a disk out, Solaris does not say anything. This is dangerous. What happen if one disk fails and Solaris does not tell ???
  raidctl does not say anything, I dont think it works for my controller (http://www.sun.com/bigadmin/hcl/data/sol/systems/details/806.html)
  dmesg and var/adm/messages does not show anything either.
  Thank you!

• Oracle licensing in Solaris zones

  Hi all,
  I've read a few documents about Oracle licensing :
  http://www.sun.com/third-party/global/oracle/consolidation/Containers_Oracle_041305.pdf
  http://www.oracle.com/corporate/pricing/partitioning.pdf
  However, there's one thing not clear to me. In Solaris zones, you dedicate threads (usually referred to as 'CPU' on Solaris) to zones. Oracle licensing is always about the number of cores used by the partition, not the number of threads. How do you convert from threads to cores?
  I'll give an example:
  A T2 system with 2 processors, 8 cores each, 8 threads each (128 threads in total). You create a resource pool with 2 CPUs (threads): 1 thread from one core, and 1 thread from another one (or they are assigned like that for you) and associate a zone that runs Oracle.
  I can think of two ways of calculating the number of cores used:
  1) divide the number of dedicated threads by the number of threads per core: 2 / 8 = 0.25 (optionally round it up to 1) -- This is how IBM does its licensing.
  2) count the number of physical cores that are being used by the zone. In this case this is 2, as the threads are not running on the same core.
  Can anyone help me figuring this out?
  Thanks!
  Regards,
  Mathieu

  Hi Dezutterm,
  I'm not a sales guy, but from how I understand things... you've already figured it out yourself:
  dezutterm wrote:
  I'll give an example:
  A T2 system with 2 processors, 8 cores each, 8 threads each (128 threads in total). You create a resource pool with 2 CPUs (threads): 1 thread from one core, and 1 thread from another one (or they are assigned like that for you) and associate a zone that runs Oracle.
  I can think of two ways of calculating the number of cores used:
  1) divide the number of dedicated threads by the number of threads per core: 2 / 8 = 0.25 (optionally round it up to 1) -- This is how IBM does its licensing.
  2) count the number of physical cores that are being used by the zone. In this case this is 2, as the threads are not running on the same core.
  Can anyone help me figuring this out?Like you've seen, Oracle cares about how many cores are running Oracle software, not threads (from "Processor" definition here: http://www.oracle.com/corporate/pricing/technology-price-list.pdf). If you have 2 cores running Oracle software, you take "2" and multiple by the Core Processor Licensing Factor for that model of CPU (http://www.oracle.com/corporate/contracts/library/processor-core-factor-table.pdf) which for a T2 is 0.25... meaning you need 2 x 0.25 = 0.5 processor licenses. If you would have used both threads from the same core, you would need 0.25.
  If this isn't correct, somebody please let us know, thanks!
  [email protected]