...
| Code Block |
|---|
zfs create -o mountpoint=/zones rpool/zones
|
Use zonecfg(1M) command to configure a new DPKG zone:
| Code Block |
|---|
zonecfg -z t4
zonecfg:t4> create -t SUNWdpkg
zonecfg:t4> set zonepath=/zones/t4
zonecfg:t4> add net
zonecfg:t4:net> set address=172.16.92.4/16
zonecfg:t4:net> set defrouter=172.16.90.1
zonecfg:t4:net> set physical=e1000g0
zonecfg:t4:net> end
zonecfg:t4> add fs
zonecfg:t4:fs> set dir=/export/home/admin
zonecfg:t4:fs> set special=/export/home/admin
zonecfg:t4:fs> set type=lofs
zonecfg:t4:fs> end
zonecfg:t4> add fs
zonecfg:t4:fs> set dir=/export/builds
zonecfg:t4:fs> set special=/export/builds
zonecfg:t4:fs> set type=lofs
zonecfg:t4:fs> end
zonecfg:t4> commit
zonecfg:t4> verify
zonecfg:t4> exit |
In this example we configured a shared IP-address, this means that the zone will share the IP stack with the host system. From time to time you may want to assign an exclusive IP-address.
In this case the net block could look like:
| Code Block |
|---|
|
zonecfg:t4> set ip-type="exclusive"
zonecfg:t4> add net
zonecfg:t4:net> set physical=vnic0
zonecfg:t4:net> set mac-addr=""
zonecfg:t4:net> set global-nic="vsw0"
zonecfg:t4:net> add property (name="gateway",value="172.16.0.1")
zonecfg:t4:net> add property (name="netmask",value="255.255.255.0")
zonecfg:t4:net> add property (name="ip",value="172.16.0.2")
zonecfg:t4:net> add property (name="primary",value="true")
zonecfg:t4:net> end
|
Like above we need to specify a link that will be used by the zone (vnic0). We mean that the nic is virtual (aka vnic) which has a parent interface, in this example it is a virtual switch (vsw0) or etherstub that is marked as global-nic. So, you MUST configure this virtual switch or etherstub (as described in How to configure NAT with etherstub) before use it for zone configuration. We can generate some MAC-address for the new NIC or leave this field empty, it will be filled automatically. Also we need to specify network properties (gateway, usualy it is IP-address in the host; netmask; ip is the address that will be assigned to the NIC inside the zone)
Also you can add a name server to the zone:
| Code Block |
|---|
|
zonecfg:t4> add attr
zonecfg:t4:attr> set name=resolvers
zonecfg:t4:attr> set type=string
zonecfg:t4:attr> set value="192.168.0.1"
zonecfg:t4:attr> end |
Install the zone:
| Code Block |
|---|
zoneadm -z t4 install |
And boot it:
| Code Block |
|---|
zoneadm -z t4 boot |
Login to the zone for configuration:
| Code Block |
|---|
zlogin -e\# -C t4 |
| Info |
|---|
Hint: type '#.' for exit from 'zlogin' |
The root's password by default is "123". You can do "zlogin <zonename>" to log in into the new zone and then you can change the root password by the command passwd.
Login by 'root' for next modifications:
| Code Block |
|---|
|
t4 console login:root
Password: <your own> |
You can add local 'admin' user with the same UID/GID from global zone.
| Info |
|---|
INFO: Before steps below you have to identify UID and GID of user 'admin' on global zone by command: # id admin uid=1000(admin) gid=10(staff) groups=10(staff) |
| Code Block |
|---|
# useradd -u 1000 -g staff -d /export/home/admin -s /bin/bash admin
# passwd admin |
You be able to login to your new zone by SSH from global zone or another comp by command:
| Code Block |
|---|
$ ssh admin@<your ip> |
Creating dpkg zone from zfs stream
use the zfs list command to find a dataset with your zone:
...
| language | bash |
|---|
| title | zfs list |
|---|
...
Since the version of DilOS 2.0.2.94 you can use IPv6, DHCP and domain name in the zone.
| Code Block |
|---|
|
zonecfg:t4> set ip-type="exclusive"
zonecfg:t4> add net
zonecfg:t4:net> set physical=vnic0
zonecfg:t4:net> set global-nic="vsw0"
zonecfg:t4:net> add property (name="ip",value="dhcp")
zonecfg:t4:net> add property (name="primary",value="true")
zonecfg:t4:net> end |
Configuring IPv6 in a non-global zone:
| Code Block |
|---|
|
zonecfg:ltest01> set ip-type="exclusive"
zonecfg:ltest01> add net
zonecfg:ltest01:net> set physical=vnic0
zonecfg:ltest01:net> set global-nic=atge0
zonecfg:ltest01:net> add property (name="ip",value="dhcp")
zonecfg:ltest01:net> add property (name="ip6",value="2001:b08:4:4::10")
zonecfg:ltest01:net> add property (name="prefix",value="64")
zonecfg:ltest01:net> end |
...
...
...
...
...
...
...
now using zfs get all you need to find the active be for this zone:
...
| language | bash |
|---|
| title | zfs get all |
|---|
...
| Note |
|---|
| title | IPv6 default gateway |
|---|
|
At this moment we do not support the default gateway for IPv6. |
After the zone booted we will see in the zone console:
| Code Block |
|---|
|
[NOTICE: Zone booting up]
DilOS Version 2.0.2.94 64-bit
Copyright 2011-2022, DilOS. All rights reserved.
Hostname: ltest01
DilOS 2.0.2 \n \l
ltest01 console login: root
Password:
Last login: Tue Jan 11 17:45:59 MSK 2022 on console
/* skipped */
root@ltest01:~# ifconfig
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
vnic0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 index 2
inet 192.168.0.136 netmask ffffff00 broadcast 192.168.0.255
ether 2:8:20:35:a5:4f
|
...
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
|
...
vnic0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
|
...
after finding the active dataset, you can create a snapshot:
...
...
inet6 fe80::8:20ff:fe35:a54f/10
ether 2:8:20:35:a5:4f
vnic0:1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
|
...
inet6 2001:b08:4:4::10/64
|
...
vnic0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
|
...
...
...
now you need to prepare the dataset for copying the zone:
| Code Block |
|---|
|
#sudo zfs create -o mountpoint=/zones/copy_t4 rpool/zones/copy_t4
#mkdir -p /zones/copy_t4/root
#chmod 700 /zones/copy_t4
#chmod 755 /zones/copy_t4/root
#sudo zfs create -o mountpoint=legacy rpool/zones/copy_t4/ROOT
#sudo zfs create -o mountpoint=legacy rpool/zones/copy_t4/ROOT/zbe |
now you need to export the zone configuration to a file:
| Code Block |
|---|
|
#sudo zonecfg -z t4 export -f /var/tmp/copy_t4.cmd
#cat /var/tmp/copy_t4.cmd
create -b
set zonepath=/zones/t4
set brand=dpkg
set autoboot=false
set ip-type=exclusive
set uuid=da66d114-f97b-4b2b-a969-219ebcf56a19
add fs
set dir="/export/home/admin"
set special="/export/home/admin"
set type="lofs"
end
add fs
set dir="/export/builds"
set special="/export/builds"
set type="lofs"
end
add net
set physical="vnic1"
set mac-addr="02:08:20:1b:ea:6b"
set global-nic="stub0"
add property (name=ip,value="192.168.0.1")
add property (name=netmask,value="255.255.255.0")
add property (name=gateway,value="192.168.0.254")
add property (name=primary,value="true")
end
add attr
set name="resolvers"
set type="string"
set value="192.168.0.254"
end
|
now let's change this configuration so that we can create a zone via zonecfg.
...
inet6 2001:b08:4:4:8:20ff:fe35:a54f/64
|
| Code Block |
|---|
| title | Inspect the routing table |
|---|
|
root@ltest01:~# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 192.168.0.1 UG 1 0 vnic0
127.0.0.1 127.0.0.1 UH 2 0 lo0
192.168.0.0 192.168.0.136 U 3 9 vnic0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--------------------------- --------------------------- ----- --- ------- -----
::1 ::1 UH 2 0 lo0
2001:b08:4:4::/64 2001:b08:4:4:8:20ff:fe35:a54f U 3 2 vnic0
2001:b08:4:4::/64 2001:b08:4:4::10 U 2 0 vnic0
fe80::/10 fe80::8:20ff:fe35:a54f U 3 2 vnic0
default fe80::8:20ff:fee0:cb3e UG 2 1 vnic0
|
| Code Block |
|---|
| title | Add a static default gateway for IPv6 network |
|---|
|
root@ltest01:~# route -p add -inet6 default 2001:b08:4:4::2
add net default: gateway 2001:b08:4:4::2
add persistent net default: gateway 2001:b08:4:4::2
root@ltest01:~# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 192.168.0.1 UG 1 0 vnic0
127.0.0.1 127.0.0.1 UH 2 0 lo0
192.168.0.0 192.168.0.136 U 3 9 vnic0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--------------------------- --------------------------- ----- --- ------- -----
::1 ::1 UH 2 0 lo0
2001:b08:4:4::/64 2001:b08:4:4:8:20ff:fe35:a54f U 3 2 vnic0
2001:b08:4:4::/64 2001:b08:4:4::10 U 2 0 vnic0
fe80::/10 fe80::8:20ff:fe35:a54f U 3 2 vnic0
default 2001:b08:4:4::2 UG 1 0
default fe80::8:20ff:fee0:cb3e UG 2 1 vnic0
|
| Code Block |
|---|
| title | Ping something to test IPv6 |
|---|
|
root@ltest01:~# ping ipv6.google.com
ipv6.google.com is alive
|
Also, if you have an IPv6 DNS server you can add it to the resolvers attributes:
| Code Block |
|---|
|
zonecfg:ltest01> add attr
zonecfg:ltest01:attr> set name=resolvers
zonecfg:ltest01:attr> set type=string
zonecfg:ltest01:attr> set value="192.168.0.1,2001:b08:4:4::2"
zonecfg:ltest01:attr> end |
| Code Block |
|---|
| title | /etc/resolv.conf result |
|---|
|
root@ltest01:~# cat /etc/resolv.conf
# AUTOMATIC ZONE CONFIG
nameserver 192.168.0.1
nameserver 2001:b08:4:4::2
root@ltest01:~# host ipv6.google.com 2001:b08:4:4::2
Using domain server:
Name: 2001:b08:4:4::2
Address: 2001:b08:4:4::2#53
Aliases:
ipv6.google.com is an alias for ipv6.l.google.com.
ipv6.l.google.com has IPv6 address 2a00:1450:4010:c1e::65
ipv6.l.google.com has IPv6 address 2a00:1450:4010:c1e::71
ipv6.l.google.com has IPv6 address 2a00:1450:4010:c1e::64
ipv6.l.google.com has IPv6 address 2a00:1450:4010:c1e::8a
|
Another new feature in a non-global zone is a default domain. It is used to resolve local resources, for example:
| Code Block |
|---|
| title | resolve local resources |
|---|
|
root@ltest01:~# host ns
Host ns not found: 3(NXDOMAIN)
|
Our resolver does not know the default domain. Let's configure it for the zone:
| Code Block |
|---|
|
zonecfg:ltest01> add attr
zonecfg:ltest01:attr> set name=domain
zonecfg:ltest01:attr> set type=string
zonecfg:ltest01:attr> set value="loc"
zonecfg:ltest01:attr> end
|
Boot the zone (see below) and login, let's test the resolver again:
| Code Block |
|---|
| title | resolve local resource |
|---|
|
root@ltest01:~# host ns
ns.loc has address 192.168.0.1
ns.loc has address 192.168.1.1
ns.loc has IPv6 address 2001:b08:4:4::2
ns.loc has IPv6 address 2001:b08:4:4::1
root@ltest01:~# cat /etc/resolv.conf
# AUTOMATIC ZONE CONFIG
nameserver 192.168.0.1
nameserver 2001:b08:4:4::2
domain loc |
End of 2.0.2.94 features update
...
| Code Block |
|---|
zoneadm -z t4 install |
And boot it:
| Code Block |
|---|
zoneadm -z t4 boot |
Login to the zone for configuration:
| Code Block |
|---|
zlogin -e\# -C t4 |
| Info |
|---|
Hint: type '#.' for exit from 'zlogin' |
The root's password by default is "123". You can do "zlogin <zonename>" to log in into the new t4 zone and then you can change the root password by the command passwd.
Login by 'root' for next modifications:
| Code Block |
|---|
|
t4 console login:root
Password: <your own> |
You can add local 'admin' user with the same UID/GID from the global zone.
| Info |
|---|
INFO: Before steps below you have to identify UID and GID of user 'admin' on the global zone by command: # id admin uid=1000(admin) gid=10(staff) groups=10(staff) |
| Code Block |
|---|
# useradd -u 1000 -g staff -d /export/home/admin -s /bin/bash admin
# passwd admin |
You be able to login to your new zone by SSH from global zone or another comp by command:
| Code Block |
|---|
$ ssh admin@<your ip> |
Creating dpkg zone
Use the zfs list command from the global zone to find a dataset with your zone:
| Code Block |
|---|
| language | bash |
|---|
| title | zfs list |
|---|
|
#sudo zfs list | grep t4
rpool/zones/t4 400M 27.0G 31.5K /zones/build_zone
rpool/zones/t4/ROOT 400M 27.0G 24K legacy
rpool/zones/t4/ROOT/zbe 400M 27.0G 400M legacy
|
Now using zfs get all you need to find the active be for this zone:
| Code Block |
|---|
| language | bash |
|---|
| title | zfs get all |
|---|
|
#sudo zfs get all | grep active
rpool/zones/t4/ROOT/zbe org.opensolaris.libbe:active on local
|
After finding the active dataset, you can create a snapshot:
You must extinguish the zone before taking the snapshot!!!
| Code Block |
|---|
|
#sudo zoneadm -z t4 halt
#sudo zfs snapshot rpool/zones/t4/ROOT/zbe@copy_t4
#sudo zfs list -t snapshot | grep zbe@copy_t4
rpool/zones/t4/ROOT/zbe@copy_t4 0B - 400M
|
If you'd like to install your zone from a data stream you have to do the following set of commands to prepare the dataset for copying the zone:
| Code Block |
|---|
|
#sudo zfs send rpool/zones/t4/ROOT/zbe@copy_t4 > /var/tmp/copy_t4.zfs
#sudo zfs create -o mountpoint=/zones/copy_t4 rpool/zones/copy_t4
#mkdir -p /zones/copy_t4/root
#chmod 700 /zones/copy_t4
#chmod 755 /zones/copy_t4/root
#sudo zfs create -o mountpoint=legacy rpool/zones/copy_t4/ROOT
#sudo zfs create -o mountpoint=legacy rpool/zones/copy_t4/ROOT/zbe |
If you'd like to install your copy_t4 zone just by cloning the t4 zone you don't need to do that block of commands.
Now you need to export the zone configuration to a file:
| Code Block |
|---|
|
#sudo zonecfg -z t4 export -f /var/tmp/copy_t4.cmd
#cat /var/tmp/copy_t4.cmd
create -b
set zonepath=/zones/t4
set brand=dpkg
set autoboot=false
set ip-type=exclusive
set uuid=da66d114-f97b-4b2b-a969-219ebcf56a19
add fs
set dir="/export/home/admin"
set special="/export/home/admin"
set type="lofs"
end
add fs
set dir="/export/builds"
set special="/export/builds"
set type="lofs"
end
add net
set physical="vnic1"
set mac-addr="02:08:20:1b:ea:6b"
set global-nic="stub0"
add property (name=ip,value="192.168.0.1")
add property (name=netmask,value="255.255.255.0")
add property (name=gateway,value="192.168.0.254")
add property (name=primary,value="true")
end
add attr
set name="resolvers"
set type="string"
set value="192.168.0.254"
end
|
Now let's change this configuration so that we can create a zone via zonecfg.
You must remove the following settings from the template:
- delete uuid because it is generated and registered in the zone configuration file when it starts (/etc/zones/name_zone.xml).
- delete mac address because it is generated and registered in the zone configuration file when it starts (/etc/zones/name_zone.xml).
- change name global vnic
- change ip address
- change zonepath
| Code Block |
|---|
|
create -b
set zonepath=/zones/copy_t4
set brand=dpkg
set autoboot=false=false
set ip-type=exclusive
add fs
set dir="/export/home/admin"
set special="/export/home/admin"
set ip-type=exclusive"lofs"
end
add fs
set dir="/export/home/adminbuilds"
set special="/export/home/adminbuilds"
set type="lofs"
end"
end
add net
set physical="vnic2"
set global-nic="stub0"
add property (name=ip,value="192.168.0.2")
add fs
set dir="/export/builds"
set special="/export/builds"
set type="lofs"property (name=netmask,value="255.255.255.0")
add property (name=gateway,value="192.168.0.254")
add property (name=primary,value="true")
end
add netattr
set physicalname="vnic2resolvers"
set global-nictype="stub0string"
add property (name=ip,set value="192.168.0.2254")
addend
property (name=netmask,value="255.255.255.0")
add property (name=gateway,value="192.168.0.254")
add property (name=primary,value="true")
end
add attr
set name="resolvers"
set type="string"
set value="192.168.0.254"
end
|
...
Now use the zonecfg command to create a zone:
| Code Block |
|---|
|
#zonecfg -z copy_t4 -f /var/tmp/copy_t4.cmd |
To install copy_t4 zone from the data stream use the following commands:
| Code Block |
|---|
|
#zoneadm -z copy_t4 install -u -a /var/tmp/copy_t4.zfs
#zoneadm -z copy_t4 boot |
Otherwise, to install copy_t4 zone by cloning t4 zone do:
| Code Block |
|---|
|
#zonecfg#zoneadm -z copy_t4 -f /var/tmp/copy_t4.cmdhalt
#zoneadm -z copy_t4 clone t4
install
-u#zoneadm -az /var/tmp/copy_t4.zfs boot
#zoneadm -z copy_t4 boot
|