Solaris Containers

Print
Details
Category: Solaris
Hits: 1376

In this article, we will try to get a Solaris 11 zone with the minimum amount of resources as posible. In order to acomplish it, we will use the global zone's network and filesystems, and we don't start the SMF's services

First we configure a normal zone, this will be the baseline for comparisson.

We define the zonename as a variable

# export ZONENAME=zone1

We configure the zone

# zonecfg -z ${ZONENAME}
create -b
set brand=solaris
set ip-type=shared
add net
set address=192.168.170.253/24
set physical=vlan170
end
commit
exit


Now, instead of installing with default values, we start cutting some space and services in the zone's manifest and config

# vi mainfest.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE auto_install SYSTEM "file:///usr/share/install/ai.dtd.1">
<auto_install>
    <ai_instance name="zone_default">
        <target>
            <logical>
                <zpool name="rpool">
                    <be name="zbe">
                        <options>
                            <option name="compression" value="on"/>
                        </options>
                    </be>
                </zpool>
            </logical>
        </target>
        <software type="IPS">
            <software_data action="install">
                <name>core-os</name>
            </software_data>
        </software>
    </ai_instance>
</auto_install>

 

# vi config.xml
<?xml version='1.0' encoding='US-ASCII'?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!-- Auto-generated by sysconfig -->
<service_bundle name="sysconfig" type="profile">
  <service name="system/identity" type="service" version="1">
    <instance enabled="true" name="cert"/>
    <instance enabled="true" name="node">
      <property_group name="config" type="application">
        <propval name="nodename" type="astring" value="solaris"/>
      </property_group>
    </instance>
  </service>
  <service name="system/name-service/cache" type="service" version="1">
    <instance enabled="true" name="default"/>
  </service>
  <service name="system/name-service/switch" type="service" version="1">
    <property_group name="config" type="application">
      <propval name="default" type="astring" value="files"/>
    </property_group>
    <instance enabled="true" name="default"/>
  </service>
  <service name="system/keymap" type="service" version="1">
    <instance enabled="true" name="default">
      <property_group name="keymap" type="application">
        <propval name="layout" type="astring" value="Spanish"/>
      </property_group>
    </instance>
  </service>
  <service name="system/environment" type="service" version="1">
    <instance enabled="true" name="init">
      <property_group name="environment" type="application">
        <propval name="LANG" type="astring" value="C"/>
      </property_group>
    </instance>
  </service>
  <service name="system/timezone" type="service" version="1">
    <instance enabled="true" name="default">
      <property_group name="timezone" type="application">
        <propval name="localtime" type="astring" value="UTC"/>
      </property_group>
    </instance>
  </service>
  <service name="system/config-user" type="service" version="1">
    <instance enabled="true" name="default">
      <property_group name="root_account" type="application">
        <propval name="password" type="astring" value="$5$rounds=10000$lDL4x5q8$IlHsdf·Re3f$·iP5AAK8Jj6YF/wnigr$·"d9O825MC"/>
        <propval name="type" type="astring" value="normal"/>
        <propval name="login" type="astring" value="root"/>
      </property_group>
    </instance>
  </service>
</service_bundle>

Zone installation

# zoneadm -z ${ZONENAME} install -m manifest.xml -c config.xml
The following ZFS file system(s) have been created:
    rpool/VARSHARE/zones/zone1
Progress being logged to /var/log/zones/zoneadm.20200304T094644Z.zone1.install
       Image: Preparing at /system/zones/zone1/root.

 Install Log: /system/volatile/install.14837/install_log
 AI Manifest: /tmp/manifest.xml.KwahVa
  SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
    Zonename: zone1
Installation: Starting ...

        Creating IPS image
Startup linked: 1/1 done
        Installing packages from:
            solaris
                origin:  http://pkg.gestio.sys/oracle/
DOWNLOAD                                PKGS         FILES    XFER (MB)   SPEED
Completed                            306/306   47432/47432  327.0/327.0  6.5M/s

PHASE                                          ITEMS
Installing new actions                   66258/66258
Updating package state database                 Done 
Updating package cache                           0/0 
Updating image state                            Done 
Creating fast lookup database                   Done 
Updating package cache                           1/1 
Installation: Succeeded
 done.

        Done: Installation completed in 248.885 seconds.


  Next Steps: Boot the zone, then log into the zone console (zlogin -C)

              to complete the configuration process.

Log saved in non-global zone as /system/zones/zone1/root/var/log/zones/zoneadm.20200304T094644Z.zone1.install

The minimum package we can install is core-os, it takes 717Mb

# du -sh /system/zones/${ZONENAME}  
 717M   /system/zones/zone1

We make a first boot in order to configure the services

# zoneadm -z ${ZONENAME} boot

We install and start apache

# zlogin ${ZONENAME} pkg install apache-24
# zlogin ${ZONENAME} svcadm enable apache24

Now we see all the processes and how much memory it takes in the zone

# ptree -z ${ZONENAME}
17019 zsched
  17093 /usr/sbin/init
17101 /lib/svc/bin/svc.startd
  17507 /usr/sbin/ttymon -g -d /dev/console -l console -m ldterm,ttcompat -h -p solaris console login: 
17103 /lib/svc/bin/svc.configd
17177 /usr/sbin/sysobjd -d 0 -b 300 -t 300 -n 5
17191 /lib/crypto/kcfd
17202 /usr/lib/pfexecd
17224 /usr/lib/utmpd
17232 /sbin/sh /lib/svc/method/net-ipmgmt start
  17233 sleep 3600
17265 /lib/svc/bin/svc.periodicd
17270 /usr/lib/rad/rad -sp
17361 /usr/lib/zones/zoneproxy-client -s localhost:1008
17375 /usr/sbin/rpcbind -w
17389 /usr/lib/fm/fmd/fmd
17437 /usr/sbin/cron
17443 /usr/lib/inet/inetd start
17463 /usr/lib/sstore/bin/sstored --events --repo-path /var/share/sstore/repo --max-repo-size 2048
17471 /usr/sbin/nscd
17489 /usr/sbin/syslogd
17537 /usr/lib/sstore/bin/sysstatd --max-process-size=268435456
17577 /usr/apache2/2.4/bin/httpd -k start
  17578 /usr/apache2/2.4/bin/httpd -k start
  17579 /usr/apache2/2.4/bin/httpd -k start
  17580 /usr/apache2/2.4/bin/httpd -k start
# zonestat 5
Collecting data for first interval...
Interval: 1, Duration: 0:00:05
SUMMARY                   Cpus/Online: 8/8   PhysMem: 8192M  VirtMem: 9215M
                    ----------CPU---------- --PhysMem-- --VirtMem-- --PhysNet--
               ZONE  USED %PART  STLN %STLN  USED %USED  USED %USED PBYTE %PUSE
            [total]  0.01 0.14%  0.00 0.00% 2442M 29.8% 2602M 28.2%  2576 0.00%
           [system]  0.00 0.02%  0.00 0.00% 1858M 22.6% 1926M 20.8%     -     -
             global  0.00 0.10%     -     -  351M 4.29%  431M 4.68%  2576 0.00%
              zone1  0.00 0.01%     -     -  232M 2.83%  244M 2.65%     0 0.00%

Now we turn off the zone

# zoneadm -z ${ZONENAME} halt

We will now disable SMF by starting Apache from inittab

# echo "run::sysinit:/etc/rc.local >/dev/msglog 2>&1 </dev/console" > /system/zones/${ZONENAME}/root/etc/inittab

# vi /system/zones/${ZONENAME}/root/etc/rc.local
#!/bin/bash

zfs mount rpool/VARSHARE
ZONENAME=$(zoneadm list)
zoneadm -z ${ZONENAME} mark -a goals-online
/usr/apache2/2.4/bin/httpd -DFOREGROUND -k start
zoneadm -z ${ZONENAME} mark -a goals-maintenance

# chmod +x /system/zones/${ZONENAME}/root/etc/rc.local

In the start script (rc.local) we have to mount /var/share because it is needed by zoneadm. With zoneadm we mark that the zone arrived to the goals-online service, then the service named  svc:/system/zones/zone:${ZONENAME} at the global zone goes to the online state.

# zoneadm -z ${ZONENAME} boot

# ptree -z ${ZONENAME}
18387 zsched
  18461 /usr/sbin/init
    18463 /bin/bash /etc/rc.local
      18473 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start
        18474 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start
        18475 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start
        18476 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start


# zonestat 5
Collecting data for first interval...
Interval: 1, Duration: 0:00:05
SUMMARY                   Cpus/Online: 8/8   PhysMem: 8192M  VirtMem: 9215M
                    ----------CPU---------- --PhysMem-- --VirtMem-- --PhysNet--
               ZONE  USED %PART  STLN %STLN  USED %USED  USED %USED PBYTE %PUSE
            [total]  0.00 0.10%  0.00 0.00% 2216M 27.0% 2357M 25.5%  2188 0.00%
           [system]  0.00 0.02%  0.00 0.00% 1849M 22.5% 1906M 20.6%     -     -
             global  0.00 0.08%     -     -  351M 4.29%  432M 4.69%  2188 0.00%
              zone1  0.00 0.00%     -     - 15.3M 0.18% 18.1M 0.19%     0 0.00%

Now we see that we have just a few processes and the memory footprint of the zone is a lot less than before

Then we can delete some directories and use the global zone. We mount the files from the global zone (similarly as we used to do with solaris 10 SMALL zones)

Now we configure the zone

# zonecfg -z ${ZONENAME}
add fs
set dir=/usr
set special=/usr
set type=lofs
add options ro
end
add fs
set dir=/lib
set special=/lib
set type=lofs
add options ro
end
add fs
set dir=/platform
set special=/platform
set type=lofs
add options ro
end
commit 
exit

We delete the files

# rm -rf /system/zones/${ZONENAME}/root/usr/* /system/zones/${ZONENAME}/root/lib/* /system/zones/${ZONENAME}/root/platform/*

We deleted 600Mb

# du -sh /system/zones/${ZONENAME}  
 144M   /system/zones/zone1

We can now delete the snapshots made by the install command:

# zfs destroy -r rpool/VARSHARE/zones/${ZONENAME}/rpool/ROOT/zbe@install