How to setup DPKG zone

Create a dataset for your zones if you have not done it (do it ones)


zfs create -o mountpoint=/zones rpool/zones

Use zonecfg(1M) command to configure a new DPKG zone:


zonecfg -z t4

zonecfg:t4> create -t SUNWdpkg
zonecfg:t4> set zonepath=/zones/t4

zonecfg:t4> add net
zonecfg:t4:net> set address=172.16.92.4/16
zonecfg:t4:net> set defrouter=172.16.90.1
zonecfg:t4:net> set physical=e1000g0
zonecfg:t4:net> end

zonecfg:t4> add fs
zonecfg:t4:fs> set dir=/export/home/admin
zonecfg:t4:fs> set special=/export/home/admin
zonecfg:t4:fs> set type=lofs
zonecfg:t4:fs> end

zonecfg:t4> add fs
zonecfg:t4:fs> set dir=/export/builds
zonecfg:t4:fs> set special=/export/builds
zonecfg:t4:fs> set type=lofs
zonecfg:t4:fs> end

zonecfg:t4> commit
zonecfg:t4> verify
zonecfg:t4> exit

In this example we configured a shared IP-address, this means that the zone will share the IP stack with the host system. From time to time you may want to assign an exclusive IP-address.

In this case the net block could look like:

exclusive IP
zonecfg:t4> set ip-type="exclusive"
zonecfg:t4> add net
zonecfg:t4:net> set physical=vnic0
zonecfg:t4:net> set mac-addr=""
zonecfg:t4:net> set global-nic="vsw0"
zonecfg:t4:net> add property (name="gateway",value="172.16.0.1")
zonecfg:t4:net> add property (name="netmask",value="255.255.255.0")
zonecfg:t4:net> add property (name="ip",value="172.16.0.2")
zonecfg:t4:net> add property (name="primary",value="true")
zonecfg:t4:net> end

Like above we need to specify a link that will be used by the zone (vnic0). We mean that the nic is virtual (aka vnic) which has a parent interface, in this example it is a virtual switch (vsw0) or etherstub that is marked as global-nic. So, you MUST configure this virtual switch or etherstub (as described in How to configure NAT with etherstub) before use it for zone configuration. We can generate some MAC-address for the new NIC or leave this field empty, it will be filled automatically. Also we need to specify network properties (gateway, usualy it is IP-address in the host; netmask; ip is the address that will be assigned to the NIC inside the zone)

Also you can add a name server to the zone:

add resolver
zonecfg:t4> add attr
zonecfg:t4:attr> set name=resolvers
zonecfg:t4:attr> set type=string
zonecfg:t4:attr> set value="192.168.0.1"
zonecfg:t4:attr> end                    

Since the version of DilOS 2.0.2.94 you can use IPv6, DHCP and domain name in the zone.

DHCP
zonecfg:t4> set ip-type="exclusive"
zonecfg:t4> add net
zonecfg:t4:net> set physical=vnic0
zonecfg:t4:net> set global-nic="vsw0"
zonecfg:t4:net> add property (name="ip",value="dhcp")
zonecfg:t4:net> add property (name="primary",value="true")
zonecfg:t4:net> end

Configuring IPv6 in a non-global zone:

IPv6
zonecfg:ltest01> set ip-type="exclusive"
zonecfg:ltest01> add net
zonecfg:ltest01:net> set physical=vnic0
zonecfg:ltest01:net> set global-nic=atge0
zonecfg:ltest01:net> add property (name="ip",value="dhcp")
zonecfg:ltest01:net> add property (name="ip6",value="2001:b08:4:4::10")
zonecfg:ltest01:net> add property (name="prefix",value="64")
zonecfg:ltest01:net> end                                    

IPv6 default gateway

At this moment we do not support the default gateway for IPv6.

After the zone booted we will see in the zone console:

IPv6 routing
[NOTICE: Zone booting up]


DilOS Version 2.0.2.94 64-bit
Copyright 2011-2022, DilOS. All rights reserved.
Hostname: ltest01

DilOS 2.0.2 \n \l

ltest01 console login: root
Password: 
Last login: Tue Jan 11 17:45:59 MSK 2022 on console

/* skipped */

root@ltest01:~# ifconfig 
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
vnic0: flags=1004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4> mtu 1500 index 2
        inet 192.168.0.136 netmask ffffff00 broadcast 192.168.0.255
        ether 2:8:20:35:a5:4f 
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
        inet6 ::1/128 
vnic0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
        inet6 fe80::8:20ff:fe35:a54f/10 
        ether 2:8:20:35:a5:4f 
vnic0:1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
        inet6 2001:b08:4:4::10/64 
vnic0:2: flags=2080841<UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
        inet6 2001:b08:4:4:8:20ff:fe35:a54f/64 

Inspect the routing table
root@ltest01:~# netstat -rn

Routing Table: IPv4
  Destination            Gateway          Flags  Ref     Use     Interface 
-------------------- -------------------- ----- ----- ---------- --------- 
default              192.168.0.1          UG        1          0 vnic0     
127.0.0.1            127.0.0.1            UH        2          0 lo0       
192.168.0.0          192.168.0.136        U         3          9 vnic0     

Routing Table: IPv6
  Destination/Mask            Gateway                   Flags Ref   Use    If   
--------------------------- --------------------------- ----- --- ------- ----- 
::1                         ::1                         UH      2       0 lo0   
2001:b08:4:4::/64           2001:b08:4:4:8:20ff:fe35:a54f U       3       2 vnic0 
2001:b08:4:4::/64           2001:b08:4:4::10            U       2       0 vnic0 
fe80::/10                   fe80::8:20ff:fe35:a54f      U       3       2 vnic0 
default                     fe80::8:20ff:fee0:cb3e      UG      2       1 vnic0 

Add a static default gateway for IPv6 network
root@ltest01:~# route -p add -inet6 default 2001:b08:4:4::2
add net default: gateway 2001:b08:4:4::2
add persistent net default: gateway 2001:b08:4:4::2
root@ltest01:~# netstat -rn

Routing Table: IPv4
  Destination            Gateway          Flags  Ref     Use     Interface 
-------------------- -------------------- ----- ----- ---------- --------- 
default              192.168.0.1          UG        1          0 vnic0     
127.0.0.1            127.0.0.1            UH        2          0 lo0       
192.168.0.0          192.168.0.136        U         3          9 vnic0     

Routing Table: IPv6
  Destination/Mask            Gateway                   Flags Ref   Use    If   
--------------------------- --------------------------- ----- --- ------- ----- 
::1                         ::1                         UH      2       0 lo0   
2001:b08:4:4::/64           2001:b08:4:4:8:20ff:fe35:a54f U       3       2 vnic0 
2001:b08:4:4::/64           2001:b08:4:4::10            U       2       0 vnic0 
fe80::/10                   fe80::8:20ff:fe35:a54f      U       3       2 vnic0 
default                     2001:b08:4:4::2             UG      1       0       
default                     fe80::8:20ff:fee0:cb3e      UG      2       1 vnic0 

Ping something to test IPv6
root@ltest01:~# ping ipv6.google.com
ipv6.google.com is alive

Also, if you have an IPv6 DNS server you can add it to the resolvers attributes:

IPv6 resolvers
zonecfg:ltest01> add attr
zonecfg:ltest01:attr> set name=resolvers
zonecfg:ltest01:attr> set type=string   
zonecfg:ltest01:attr> set value="192.168.0.1,2001:b08:4:4::2"
zonecfg:ltest01:attr> end                                    
/etc/resolv.conf result
root@ltest01:~# cat /etc/resolv.conf 
# AUTOMATIC ZONE CONFIG
nameserver 192.168.0.1
nameserver 2001:b08:4:4::2

root@ltest01:~# host ipv6.google.com 2001:b08:4:4::2
Using domain server:
Name: 2001:b08:4:4::2
Address: 2001:b08:4:4::2#53
Aliases: 

ipv6.google.com is an alias for ipv6.l.google.com.
ipv6.l.google.com has IPv6 address 2a00:1450:4010:c1e::65
ipv6.l.google.com has IPv6 address 2a00:1450:4010:c1e::71
ipv6.l.google.com has IPv6 address 2a00:1450:4010:c1e::64
ipv6.l.google.com has IPv6 address 2a00:1450:4010:c1e::8a

Another new feature in a non-global zone is a default domain. It is used to resolve local resources, for example:

resolve local resources
root@ltest01:~# host ns
Host ns not found: 3(NXDOMAIN)

Our resolver does not know the default domain. Let's configure it for the zone:

add default domain
zonecfg:ltest01> add attr
zonecfg:ltest01:attr> set name=domain
zonecfg:ltest01:attr> set type=string
zonecfg:ltest01:attr> set value="loc"
zonecfg:ltest01:attr> end            

Boot the zone (see below) and login, let's test the resolver again:

resolve local resource
root@ltest01:~# host ns
ns.loc has address 192.168.0.1
ns.loc has address 192.168.1.1
ns.loc has IPv6 address 2001:b08:4:4::2
ns.loc has IPv6 address 2001:b08:4:4::1

root@ltest01:~# cat /etc/resolv.conf 
# AUTOMATIC ZONE CONFIG
nameserver 192.168.0.1
nameserver 2001:b08:4:4::2
domain loc

End of 2.0.2.94 features update


Install the zone:

zoneadm -z t4 install

And boot it:

zoneadm -z t4 boot

Login to the zone for configuration:

zlogin -e\# -C t4

Hint:

type '#.' for exit from 'zlogin'

The root's password by default is "123". You can do "zlogin <zonename>" to log in into the new t4 zone and then you can change the root password by the command passwd.

Login by 'root' for next modifications:

t4 console login:root
Password: <your own>

You can add local 'admin' user with the same UID/GID from the global zone.

INFO:

Before steps below you have to identify UID and GID of user 'admin' on the global zone by command:

# id admin

uid=1000(admin) gid=10(staff) groups=10(staff)

# useradd -u 1000 -g staff -d /export/home/admin -s /bin/bash admin
# passwd admin

You be able to login to your new zone by SSH from global zone or another comp by command:

$ ssh admin@<your ip>

Creating dpkg zone


Use the zfs list command from the global zone to find a dataset with your zone:

zfs list
#sudo zfs list | grep t4

rpool/zones/t4            400M  27.0G     31.5K  /zones/build_zone
rpool/zones/t4/ROOT       400M  27.0G       24K  legacy
rpool/zones/t4/ROOT/zbe   400M  27.0G      400M  legacy

Now using zfs get all you need to find the active be for this zone:

zfs get all
#sudo zfs get all | grep active

rpool/zones/t4/ROOT/zbe                   org.opensolaris.libbe:active    on                                                local

After finding the active dataset, you can create a snapshot:

You must extinguish the zone before taking the snapshot!!!

#sudo zoneadm -z t4 halt

#sudo zfs snapshot  rpool/zones/t4/ROOT/zbe@copy_t4

#sudo zfs list -t snapshot | grep zbe@copy_t4

rpool/zones/t4/ROOT/zbe@copy_t4           0B      -      400M  

If you'd like to install your zone from a data stream you have to do the following set of commands to prepare the dataset for copying the zone:

#sudo zfs send rpool/zones/t4/ROOT/zbe@copy_t4 > /var/tmp/copy_t4.zfs

#sudo zfs create -o mountpoint=/zones/copy_t4 rpool/zones/copy_t4

#mkdir -p /zones/copy_t4/root

#chmod 700 /zones/copy_t4

#chmod 755 /zones/copy_t4/root

#sudo zfs create -o mountpoint=legacy rpool/zones/copy_t4/ROOT

#sudo zfs create -o mountpoint=legacy rpool/zones/copy_t4/ROOT/zbe

If you'd like to install your copy_t4 zone just by cloning the t4 zone you don't need to do that block of commands.

Now you need to export the zone configuration to a file:

#sudo zonecfg -z t4 export -f /var/tmp/copy_t4.cmd

#cat /var/tmp/copy_t4.cmd

create -b
set zonepath=/zones/t4
set brand=dpkg
set autoboot=false
set ip-type=exclusive
set uuid=da66d114-f97b-4b2b-a969-219ebcf56a19
add fs
set dir="/export/home/admin"
set special="/export/home/admin"
set type="lofs"
end
add fs
set dir="/export/builds"
set special="/export/builds"
set type="lofs"
end
add net
set physical="vnic1"
set mac-addr="02:08:20:1b:ea:6b"
set global-nic="stub0"
add property (name=ip,value="192.168.0.1")
add property (name=netmask,value="255.255.255.0")
add property (name=gateway,value="192.168.0.254")
add property (name=primary,value="true")
end
add attr
set name="resolvers"
set type="string"
set value="192.168.0.254"
end

Now let's change this configuration so that we can create a zone via zonecfg.

You must remove the following settings from the template:

  1. delete uuid because it is generated and registered in the zone configuration file when it starts (/etc/zones/name_zone.xml).
  2. delete mac address because it is generated and registered in the zone configuration file when it starts (/etc/zones/name_zone.xml).
  3. change name global vnic
  4. change ip address
  5. change zonepath
create -b
set zonepath=/zones/copy_t4
set brand=dpkg
set autoboot=false
set ip-type=exclusive
add fs
set dir="/export/home/admin"
set special="/export/home/admin"
set type="lofs"
end
add fs
set dir="/export/builds"
set special="/export/builds"
set type="lofs"
end
add net
set physical="vnic2"
set global-nic="stub0"
add property (name=ip,value="192.168.0.2")
add property (name=netmask,value="255.255.255.0")
add property (name=gateway,value="192.168.0.254")
add property (name=primary,value="true")
end
add attr
set name="resolvers"
set type="string"
set value="192.168.0.254"
end

Now use the zonecfg command to create a zone:

#zonecfg -z copy_t4 -f /var/tmp/copy_t4.cmd

To install copy_t4 zone from the data stream use the following commands:

#zoneadm -z copy_t4 install -u -a /var/tmp/copy_t4.zfs

#zoneadm -z copy_t4 boot

Otherwise, to install copy_t4 zone by cloning t4 zone do:

#zoneadm -z t4 halt

#zoneadm -z copy_t4 clone t4

#zoneadm -z copy_t4 boot

#zoneadm -z t4 boot