hot Linux on Solaris action

Posted by Dick on March 20, 2007

We were talking about BrandZ
(linux-flavoured Solaris zones) when I realised I hadn’t got round to trying it out yet.

So I did.
It seems to mostly work like a linux box, except
apps that need direct access to the kernel/proc/devices etc can have problems.

As usual, I’m just putting up my notes. If you need more general (or better written) docs,
I recommend

First thing to do is add the linux brand packages (so ‘create -t’ works).

pkgadd -d . SUNWlxu SUNWlxr

Configure the zone like any other, but pass a flag to ‘create’:

vera # zonecfg -z lux
lux: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:lux> create -t SUNWlx
zonecfg:lux> set zonepath=/zones/lux
zonecfg:lux> add net
zonecfg:lux:net> set address=10.9.8.7/24
zonecfg:lux:net> set physical=iprb0
zonecfg:lux:net> end
zonecfg:lux> commit
zonecfg:lux> exit

install (and tweak) the linux distro

This isn’t a Solaris zone so you need to install linux into the zonepath.
Sun have a CentOS 3.x
image on their website containing X, gnome, etc.

Bizarrely, Suns tar can’t unpack it ,
so you need to install gtar before zoneadm can use it.
This is still less hassle than burning ISOs in my book.

vera # wget http://dlc.sun.com/osol/brandz/downloads/centos_fs_image.tar.bz2
vera # mount /cdrom && pkgadd -d /cdrom/Solaris_11/Product/ SUNWgtar

Now you install linux into the zone (note /zones is on ZFS here, so we get compression/snapshots/cloning for free). This does, indeed, take several minutes:


   vera # zoneadm -z lux install -d centos_fs_image.tar.bz2
   A ZFS file system has been created for this zone.
   Installing zone 'lux' at root directory '/zones/lux'
   from archive '/zones/centos_fs_image.tar.bz2'

   This process may take several minutes.

   Setting up the initial lx brand environment.
   System configuration modifications complete.

   Installation of zone 'lux' completed successfully.

   Details saved to log file:
       "/zones/lux/root/var/log/lux.install.9440.log" 

   vera # zoneadm list -iv
     ID NAME             STATUS         PATH                           BRAND
      0 global           running        /                              native
      - lux              installed      /zones/lux                     lx

Setting up the network is easy:

vera # cat > /zones/lux/root/etc/sysconfig/network
NETWORKING="yes"
HOSTNAME=lux.whatever.com
^D
vera # cat > /zones/lux/root/etc/resolv.conf
search whatever.com
nameserver 1.2.3.4
nameserver 1.2.3.5
^D

Since I’m a big fan of RSA authentication, I set that up too:

vera # echo 'PermitRootLogin without-password' >> /zones/lux/etc/ssh/sshd_config
vera # mkdir -p /zones/lux/root/root/.ssh/
vera # chmod 700 /zones/lux/root/root/.ssh/
me@mydesktop $ scp ~/.ssh/id_dsa.pub root@vera:/zones/lux/root/root/.ssh/authorized_keys

I also edit /zones/lux/root/etc/shadow and set roots password field to ‘NP’, since neither zlogin or ssh need it to be set.

boot it

vera # zoneadm -z lux boot

It takes a minute or two for rc to finish running,
then you can ‘zlogin lux’ or ‘ssh root@lux.whatever.com’ into it.

constrainers for your containers

Standard resource controls work as you’d expect. Here I’m setting a maximum numbers of processes (LWPs):

vera # zonecfg -z lux
zonecfg:lux> add rctl
zonecfg:lux:rctl> set max-lwps=60
zonecfg:lux> exit
vera # prctl -s -n zone.max-lwps -v 60 -t priv -e deny -i zone lux

(the ‘prctl’ line avoids us having to reboot the zone)

‘prstat -LZ’ in the global zone shows LWPs per zones nicely. As expected, starting a load of processes
in ‘lux’ gives -bash: fork: Resource temporarily unavailable errors at 60 LWPS.

decide it’s not really your cup of tea (optional)

Personally, I’ll stick to plain Solaris zones.
I’m over the worst of the Solaris learning curve.
I’m looking at Solaris for servers and most of the apps I want to run are open source.
It’s a lot less hassle to build from source (or use blastwave) than to maintain Yet Another
OS Instance just to run the same apps against glibc.

Zones gives you multiple environments without the hassle of multiple OSes to maintain, which most
virtualization solutions seem to overlook.
In addition, Solaris resource management is very fine grained inside a zone (per-project limits can co-exist with per-zone limits). I can’t say
the same for other OSes I’ve tried. This helps to minimize the number of zones you need.

Of course, YMMV. If you have something
linux-only (benr mentions acroread)
that you need this could be really handy. Similarly it might be a lot easier to keep your developers
happy if they can run their apps on linux.

If you want to make the zone start at boot, you’ll need to

vera # zonecfg -z lux
zonecfg:lux> set autoboot=true
zonecfg:lux> commit
zonecfg:lux> exit
Trackbacks

Use this link to trackback from your own site.

Comments

Leave a response

  1. Martin Craner Sun, 08 Apr 2007 23:55:03 GMT

    I just wanted to say thank you - you’re a great writer, I get a ton of insight out of the content of your blogs.

    I really appreciate it - just wanted to make sure I said so. And my management is totally digging the consolidation I’m driving with what I’m learning :-)!!!

  2. Dick Davies Mon, 09 Apr 2007 11:55:43 GMT

    Aw, thanks Martin.

    This is all first and foremost for my own benefit. I used to write this kind of thing in a notebook, but it turns out my handwriting is so dreadful even I can’t read it.
    So thanks for the comment, I don’t get many and it’s good to know it’s intelligible to others :)

Comments