We have ahost a host with the only external IP-address. We want to install many non-global zones to buld build the system and to port packages or for other services. The crossbow helps us to solve this problem. Let’s look at the diagram of the host:
...
In this host we have a physical NIC atge atge0 which connected to an external hardware switch. A virtual interface ext0 (VNIC) was created over the physical NIC (for example, to make a tagged packets). Let’s see at the real example:
...
The interface int0 has created, but it will not forward anything outside. NAT and ip forwarding is are not yet configured. Let’s configure one as it was described here :
| Code Block |
|---|
lenovo# cat /etc/ipf/ipnat.conf map ext0 10.68.0.0/24 -> 0/32 proxy port ftp ftp/tcp map ext0 10.68.0.0/24 -> 0/32 portmap tcp/udp auto map ext0 10.68.0.0/24 -> 0/32 |
...
Now it is enabled, configure the first zone to test the result. Here we do not explain step by step configuring of a non-global zone, it was described here , just do it:
| Code Block |
|---|
lenovo# zonecfg -z zone01 zone01: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:zone01> create zonecfg:zone01> set zonename=zone01 zonecfg:zone01> set zone set zonename= set zonepath= zonecfg:zone01> set zonepath=/zones/zone01 zonecfg:zone01> set autoboot=false zonecfg:zone01> set ip-type=exclusive zonecfg:zone01> add net zonecfg:zone01:net> set physical=iz0 zonecfg:zone01:net> set global-nic=vsw0 zonecfg:zone01:net> add property (name=ip,value="10.68.0.2") zonecfg:zone01:net> add property (name=gateway,value="10.68.0.1") zonecfg:zone01:net> add property (name=netmask,value="255.255.255.0") zonecfg:zone01:net> add property (name=primary,value="true") zonecfg:zone01:net> end zonecfg:zone01> add attr zonecfg:zone01:attr> set name=resolvers zonecfg:zone01:attr> set type=string zonecfg:zone01:attr> set value=192.168.0.1 zonecfg:zone01:attr> end zonecfg:zone01> verify zonecfg:zone01> commit zonecfg:zone01> exit |
The only I would like to comment here is the lines 1210-1513.
In line 12 10 we specified a physical VNIC which will be created at zone boot time over the global nic vsw0 (line13line 11), instead of a global nic we specified an etherstub (virtual switch), in line 14 12 we assign an IP-address from our internal private network. As we remember from the previous step, we configured first IP-address on the interface int0 to forward the traffic from our zones. In line 15 13 we use the int0 as the default gateway. In line 22 20 I specified an IP-address of name server (external for the host, it could be google’s public addresses: 8.8.8.8, 8.8.4.4).
...
Let’s install the second zone (zone02) using the same template:
| Code Block |
|---|
lenovo# zonecfg -z zone02
zone02: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:zone02> create
zonecfg:zone02> set zonename=zone02
zonecfg:zone02> set zonepath=/zones/zone02
zonecfg:zone02> set autoboot=false
zonecfg:zone02> set ip-type=exclusive
zonecfg:zone02> add net
zonecfg:zone02:net> set physical=iz1
zonecfg:zone02:net> set global-nic=vsw0
zonecfg:zone02:net> add property (name=ip,value="10.68.0.3")
zonecfg:zone02:net> add property (name=gateway,value="10.68.0.1")
zonecfg:zone02:net> add property (name=netmask,value="255.255.255.0")
zonecfg:zone02:net> add property (name=primary,value="true")
zonecfg:zone02:net> end
zonecfg:zone02> add attr
zonecfg:zone02:attr> set name=resolvers
zonecfg:zone02:attr> set type=string
zonecfg:zone02:attr> set value="192.168.0.1,8.8.8.8"
zonecfg:zone02:attr> end
zonecfg:zone02> verify
zonecfg:zone02> commit
zonecfg:zone02> exit
|
Install and boot it as the zone01:
| Code Block |
|---|
lenovo# zoneadm -z zone02 install
A ZFS file system has been created for this zone.
Image: Preparing at /zones/zone02/root.
Installing: Packages (output follows)
/* cut the logs */
Postinstall: Copying SMF seed repository ... done.
Postinstall: Applying workarounds.
Done: Installation completed in 61 seconds.
Next Steps: Boot the zone, then log into the zone console (zlogin -C)
to complete the configuration process.
lenovo# zoneadm -z zone02 boot
zone 'zone02': /zones/zone02/root |
Login in the second zone:
| Code Block |
|---|
lenovo# zlogin zone02
[Connected to zone 'zone02' pts/2]
zlogin from global
The programs included with the DilOS 2.0.2 system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
DilOS 2.0.2 comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
|
Examining the network:
| Code Block |
|---|
root@zone02:~# ifconfig
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
iz1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 9000 index 2
inet 10.68.0.3 netmask ffffff00 broadcast 10.68.0.255
ether 2:8:20:9f:99:97
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
root@zone02:~# ping 192.168.0.1
192.168.0.1 is alive
root@zone02:~# ping 8.8.8.8
8.8.8.8 is alive |
And now ping the first zone:
| Code Block |
|---|
root@zone02:~# ping 10.68.0.2
10.68.0.2 is alive |
Yes, we can communicate the neighbour zones.
Try to setup the zone03 from the figure as an exercise to understand every step in this article.