How to setup DPKG zone
- Igor Kozhukhov(dilos)
- Vasiliy Feoktistov (Deactivated)
- Vitaly Shaburov
zfs create -o mountpoint=/zones rpool/zones
Use zonecfg(1M) command to configure a new DPKG zone:
zonecfg -z t4 zonecfg:t4> create -t SUNWdpkg zonecfg:t4> set zonepath=/zones/t4 zonecfg:t4> add net zonecfg:t4:net> set address=172.16.92.4/16 zonecfg:t4:net> set defrouter=172.16.90.1 zonecfg:t4:net> set physical=e1000g0 zonecfg:t4:net> end zonecfg:t4> add fs zonecfg:t4:fs> set dir=/export/home/admin zonecfg:t4:fs> set special=/export/home/admin zonecfg:t4:fs> set type=lofs zonecfg:t4:fs> end zonecfg:t4> add fs zonecfg:t4:fs> set dir=/export/builds zonecfg:t4:fs> set special=/export/builds zonecfg:t4:fs> set type=lofs zonecfg:t4:fs> end zonecfg:t4> commit zonecfg:t4> verify zonecfg:t4> exit
In this example we configured a shared IP-address, this means that the zone will share the IP stack with the host system. From time to time you may want to assign an exclusive IP-address.
In this case the net block could look like:
zonecfg:t4> set ip-type="exclusive" zonecfg:t4> add net zonecfg:t4:net> set physical=vnic0 zonecfg:t4:net> set mac-addr="" zonecfg:t4:net> set global-nic="vsw0" zonecfg:t4:net> add property (name="gateway",value="172.16.0.1") zonecfg:t4:net> add property (name="netmask",value="255.255.255.0") zonecfg:t4:net> add property (name="ip",value="172.16.0.2") zonecfg:t4:net> add property (name="primary",value="true") zonecfg:t4:net> end
Like above we need to specify a link that will be used by the zone (vnic0). We mean that the nic is virtual (aka vnic) which has a parent interface, in this example it is a virtual switch (vsw0) or etherstub that is marked as global-nic. So, you MUST configure this virtual switch or etherstub (as described in How to configure NAT with etherstub) before use it for zone configuration. We can generate some MAC-address for the new NIC or leave this field empty, it will be filled automatically. Also we need to specify network properties (gateway, usualy it is IP-address in the host; netmask; ip is the address that will be assigned to the NIC inside the zone)
Also you can add a name server to the zone:
zonecfg:t4> add attr zonecfg:t4:attr> set name=resolvers zonecfg:t4:attr> set type=string zonecfg:t4:attr> set value="192.168.0.1" zonecfg:t4:attr> end
Since the version of DilOS 2.0.2.94 you can use IPv6, DHCP and domain name in the zone.
zonecfg:t4> set ip-type="exclusive" zonecfg:t4> add net zonecfg:t4:net> set physical=vnic0 zonecfg:t4:net> set global-nic="vsw0" zonecfg:t4:net> add property (name="ip",value="dhcp") zonecfg:t4:net> add property (name="primary",value="true") zonecfg:t4:net> end
Configuring IPv6 in a non-global zone:
zonecfg:ltest01> set ip-type="exclusive" zonecfg:ltest01> add net zonecfg:ltest01:net> set physical=vnic0 zonecfg:ltest01:net> set global-nic=atge0 zonecfg:ltest01:net> add property (name="ip",value="dhcp") zonecfg:ltest01:net> add property (name="ip6",value="2001:b08:4:4::10") zonecfg:ltest01:net> add property (name="prefix",value="64") zonecfg:ltest01:net> end
IPv6 default gateway
At this moment we do not support the default gateway for IPv6.
After the zone booted we will see in the zone console:
[NOTICE: Zone booting up]
DilOS Version 2.0.2.94 64-bit
Copyright 2011-2022, DilOS. All rights reserved.
Hostname: ltest01
DilOS 2.0.2 \n \l
ltest01 console login: root
Password:
Last login: Tue Jan 11 17:45:59 MSK 2022 on console
/* skipped */
root@ltest01:~# ifconfig
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
vnic0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 index 2
inet 192.168.0.136 netmask ffffff00 broadcast 192.168.0.255
ether 2:8:20:35:a5:4f
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
vnic0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
inet6 fe80::8:20ff:fe35:a54f/10
ether 2:8:20:35:a5:4f
vnic0:1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
inet6 2001:b08:4:4::10/64
vnic0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
inet6 2001:b08:4:4:8:20ff:fe35:a54f/64
root@ltest01:~# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ---------- --------- default 192.168.0.1 UG 1 0 vnic0 127.0.0.1 127.0.0.1 UH 2 0 lo0 192.168.0.0 192.168.0.136 U 3 9 vnic0 Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If --------------------------- --------------------------- ----- --- ------- ----- ::1 ::1 UH 2 0 lo0 2001:b08:4:4::/64 2001:b08:4:4:8:20ff:fe35:a54f U 3 2 vnic0 2001:b08:4:4::/64 2001:b08:4:4::10 U 2 0 vnic0 fe80::/10 fe80::8:20ff:fe35:a54f U 3 2 vnic0 default fe80::8:20ff:fee0:cb3e UG 2 1 vnic0
root@ltest01:~# route -p add -inet6 default 2001:b08:4:4::2 add net default: gateway 2001:b08:4:4::2 add persistent net default: gateway 2001:b08:4:4::2 root@ltest01:~# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ---------- --------- default 192.168.0.1 UG 1 0 vnic0 127.0.0.1 127.0.0.1 UH 2 0 lo0 192.168.0.0 192.168.0.136 U 3 9 vnic0 Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If --------------------------- --------------------------- ----- --- ------- ----- ::1 ::1 UH 2 0 lo0 2001:b08:4:4::/64 2001:b08:4:4:8:20ff:fe35:a54f U 3 2 vnic0 2001:b08:4:4::/64 2001:b08:4:4::10 U 2 0 vnic0 fe80::/10 fe80::8:20ff:fe35:a54f U 3 2 vnic0 default 2001:b08:4:4::2 UG 1 0 default fe80::8:20ff:fee0:cb3e UG 2 1 vnic0
root@ltest01:~# ping ipv6.google.com ipv6.google.com is alive
Also, if you have an IPv6 DNS server you can add it to the resolvers attributes:
zonecfg:ltest01> add attr zonecfg:ltest01:attr> set name=resolvers zonecfg:ltest01:attr> set type=string zonecfg:ltest01:attr> set value="192.168.0.1,2001:b08:4:4::2" zonecfg:ltest01:attr> end
root@ltest01:~# cat /etc/resolv.conf # AUTOMATIC ZONE CONFIG nameserver 192.168.0.1 nameserver 2001:b08:4:4::2 root@ltest01:~# host ipv6.google.com 2001:b08:4:4::2 Using domain server: Name: 2001:b08:4:4::2 Address: 2001:b08:4:4::2#53 Aliases: ipv6.google.com is an alias for ipv6.l.google.com. ipv6.l.google.com has IPv6 address 2a00:1450:4010:c1e::65 ipv6.l.google.com has IPv6 address 2a00:1450:4010:c1e::71 ipv6.l.google.com has IPv6 address 2a00:1450:4010:c1e::64 ipv6.l.google.com has IPv6 address 2a00:1450:4010:c1e::8a
Another new feature in a non-global zone is a default domain. It is used to resolve local resources, for example:
root@ltest01:~# host ns Host ns not found: 3(NXDOMAIN)
Our resolver does not know the default domain. Let's configure it for the zone:
zonecfg:ltest01> add attr zonecfg:ltest01:attr> set name=domain zonecfg:ltest01:attr> set type=string zonecfg:ltest01:attr> set value="loc" zonecfg:ltest01:attr> end
Boot the zone (see below) and login, let's test the resolver again:
root@ltest01:~# host ns ns.loc has address 192.168.0.1 ns.loc has address 192.168.1.1 ns.loc has IPv6 address 2001:b08:4:4::2 ns.loc has IPv6 address 2001:b08:4:4::1 root@ltest01:~# cat /etc/resolv.conf # AUTOMATIC ZONE CONFIG nameserver 192.168.0.1 nameserver 2001:b08:4:4::2 domain loc
End of 2.0.2.94 features update
Install the zone:
zoneadm -z t4 install
And boot it:
zoneadm -z t4 boot
Login to the zone for configuration:
zlogin -e\# -C t4
Hint:
type '#.' for exit from 'zlogin'
The root's password by default is "123". You can do "zlogin <zonename>" to log in into the new t4 zone and then you can change the root password by the command passwd.
Login by 'root' for next modifications:
t4 console login:root Password: <your own>
You can add local 'admin' user with the same UID/GID from the global zone.
INFO:
Before steps below you have to identify UID and GID of user 'admin' on the global zone by command:
# id admin
uid=1000(admin) gid=10(staff) groups=10(staff)
# useradd -u 1000 -g staff -d /export/home/admin -s /bin/bash admin # passwd admin
You be able to login to your new zone by SSH from global zone or another comp by command:
$ ssh admin@<your ip>
Creating dpkg zone
Use the zfs list command from the global zone to find a dataset with your zone:
#sudo zfs list | grep t4 rpool/zones/t4 400M 27.0G 31.5K /zones/build_zone rpool/zones/t4/ROOT 400M 27.0G 24K legacy rpool/zones/t4/ROOT/zbe 400M 27.0G 400M legacy
Now using zfs get all you need to find the active be for this zone:
#sudo zfs get all | grep active rpool/zones/t4/ROOT/zbe org.opensolaris.libbe:active on local
After finding the active dataset, you can create a snapshot:
You must extinguish the zone before taking the snapshot!!!
#sudo zoneadm -z t4 halt #sudo zfs snapshot rpool/zones/t4/ROOT/zbe@copy_t4 #sudo zfs list -t snapshot | grep zbe@copy_t4 rpool/zones/t4/ROOT/zbe@copy_t4 0B - 400M
If you'd like to install your zone from a data stream you have to do the following set of commands to prepare the dataset for copying the zone:
#sudo zfs send rpool/zones/t4/ROOT/zbe@copy_t4 > /var/tmp/copy_t4.zfs #sudo zfs create -o mountpoint=/zones/copy_t4 rpool/zones/copy_t4 #mkdir -p /zones/copy_t4/root #chmod 700 /zones/copy_t4 #chmod 755 /zones/copy_t4/root #sudo zfs create -o mountpoint=legacy rpool/zones/copy_t4/ROOT #sudo zfs create -o mountpoint=legacy rpool/zones/copy_t4/ROOT/zbe
If you'd like to install your copy_t4 zone just by cloning the t4 zone you don't need to do that block of commands.
Now you need to export the zone configuration to a file:
#sudo zonecfg -z t4 export -f /var/tmp/copy_t4.cmd #cat /var/tmp/copy_t4.cmd create -b set zonepath=/zones/t4 set brand=dpkg set autoboot=false set ip-type=exclusive set uuid=da66d114-f97b-4b2b-a969-219ebcf56a19 add fs set dir="/export/home/admin" set special="/export/home/admin" set type="lofs" end add fs set dir="/export/builds" set special="/export/builds" set type="lofs" end add net set physical="vnic1" set mac-addr="02:08:20:1b:ea:6b" set global-nic="stub0" add property (name=ip,value="192.168.0.1") add property (name=netmask,value="255.255.255.0") add property (name=gateway,value="192.168.0.254") add property (name=primary,value="true") end add attr set name="resolvers" set type="string" set value="192.168.0.254" end
Now let's change this configuration so that we can create a zone via zonecfg.
You must remove the following settings from the template:
- delete uuid because it is generated and registered in the zone configuration file when it starts (/etc/zones/name_zone.xml).
- delete mac address because it is generated and registered in the zone configuration file when it starts (/etc/zones/name_zone.xml).
- change name global vnic
- change ip address
- change zonepath
create -b set zonepath=/zones/copy_t4 set brand=dpkg set autoboot=false set ip-type=exclusive add fs set dir="/export/home/admin" set special="/export/home/admin" set type="lofs" end add fs set dir="/export/builds" set special="/export/builds" set type="lofs" end add net set physical="vnic2" set global-nic="stub0" add property (name=ip,value="192.168.0.2") add property (name=netmask,value="255.255.255.0") add property (name=gateway,value="192.168.0.254") add property (name=primary,value="true") end add attr set name="resolvers" set type="string" set value="192.168.0.254" end
Now use the zonecfg command to create a zone:
#zonecfg -z copy_t4 -f /var/tmp/copy_t4.cmd
To install copy_t4 zone from the data stream use the following commands:
#zoneadm -z copy_t4 install -u -a /var/tmp/copy_t4.zfs #zoneadm -z copy_t4 boot
Otherwise, to install copy_t4 zone by cloning t4 zone do:
#zoneadm -z t4 halt #zoneadm -z copy_t4 clone t4 #zoneadm -z copy_t4 boot #zoneadm -z t4 boot