mario heimel wrote:
Hello,
Congratulations on a job well done.
http://docs.sun.com/app/docs/doc/820-2914?l=ja
when i read the details, i think we need a solaris 10 branded zone.
with a branded zone the central patching from the global zone is not applied.
there is no SUNW_PKG_ALLZONES
Erik Vanden Meersch wrote:
Jerry
A question that I repeatedly get from customers is directly
related to what you write:
S10 is still a very dynamic
release so the interpositioning layer would need constant
work to cope with the on-going changes in the
kernel/user-land boundary.
Is
Stefhen Hovland wrote:
Hi,
I have an already installed zone, and i would like to change its
installation location and zonepath. Is this possible via the commands
below? I am just looking to change the zone name and installation dir
on the disk. I would like to preserve all data.
It looks
Philip wrote:
After I had created a new zone for the first time under kernel 120011-14 (on
sparc 6/06), I found that sysidtool would not run automatically at the first
boot; and so I was not being allowed to finish setting up the zone with the
time zone, DNS, hostname, etc. The zone boot
Jerry Kemp wrote:
I have a Sun T2000 running Solaris 10u2, all UFS file systems that has
been in place for several months. This morning during a reboot, I had a
zone that would not come back up. It failed to boot due to an inability
to mount /svc with an error of failed with exit code 32.
Jim,
Jim Mauro wrote:
Does Zone migration factor in resource allocations?
If I have zoneA on sysA, and have configured
zone.cpu-shares, or some other resource control,
does the migration process, and/or the dry-run feature
check for availability of configured resources, or is this
simply
Enda O'Connor ( Sun Micro Systems Ireland) wrote:
I tried build 74,
add device
set match=/dev/dsk/c0t0d0s7
end
add device
set match=/dev/rdsk/c0t0d0s7
end
rebooted zone and device is there ( verified it wasn't before hand )
We need the user case that fails.
Enda,
I thought the
Konstantin Gremliza wrote:
/Hi,
I created a zone like this using memory-caps:/
zonecfg -z zone-a
zonecfg:zone-a add capped-memory
zonecfg:zone-a:capped-memory set swap=512m
zonecfg:zone-a:capped-memory set physical=512m
zonecfg:zone-a:capped-memory end
zonecfg:zone-a exit
/When I
Brian Kolaci wrote:
Thanks Lou.
Is there anything in the works that you know of? rcapd also doesn't work
properly due to this issue. The customer has several other systems
with zones that also do alot of shared memory that aren't oracle. They
were actually looking for this in SunMC or some
Steve Zinck wrote:
I'm going to open a
call with Sun, what information should I gather for them? halt -d?
Yes, a system crash dump of the system in this state is what is needed.
Thanks,
Jerry
___
zones-discuss mailing list
Oscar wrote:
bash-3.00# zoneadm -z myzones install
Preparing to install zone myzones.
Checking ufs file system on device /dev/rdsk/c1t0d0s7 to be mounted at
/ho
ERROR: file system check /usr/lib/fs/ufs/fsck of /dev/rdsk/c1t0d0s7
failed:d
ERROR: cannot setup zone myzones inherited and
Russ Petruzzelli wrote:
In a script I'd like to run prtdiag if I am in a global zone.
Is there a zoneadm command to tell me what kind of zone I'm in? It's
not jumping out at me in the zoneadm help.
eg:
if [[ globalzone == true ]]; then
OR is there a way to get this to run
Nicolas Williams wrote:
I've a customer who wants to be able to attach a downrev zone and patch
it. They want to know when (and in what S10 update) this will be
possible.
This is
6480464 RFE: zoneadm attach should patch/update the zone to the new hosts level
There is currently no date for
F.V.(Phil)Porcella wrote:
Hi Edna,
OK so having the zoneroot be under / is NOT required, (thank you),
and from what you said, having it on its own mount point is NOT a problem.
If fact, you indicate that having the zones under /export may be the best
practice.
I think having zones on a
Jim Bob wrote:
Hi,
we just received a couple of T1000's and i am trying to create a few zones on
the boxes.
after configuring the zone, i type the zone install command and receive the
following error:
[EMAIL PROTECTED] # zoneadm -z oracle-zone install
Waiting for up to 300 seconds for zone
Jason Bradfield wrote:
I have done some more reading around and found the following.. can you
please confirm this..
I have read in several blogs that ipfilter(within a non global zone) has
been possible since early this year.. Then when I looked at our zone and
the ipf.conf and the ipfilter
Mike,
Mike Gerdts wrote:
This seems to imply I can do something along the lines of:
lucreate -n newbe ...
for zone in $allzones ; do
zoneadm -z $zone halt
zoneadm -z $zone detach
done
luupgrade -t -n newbe -s /tmp/10_Recommended ...
luactivate newbe
init 6
for zone in $allzones ; do
Ellis, Mike wrote:
Thanks for the note and discussion jerry...
I'm not a huge fan of LU (historical bagage on my part I guess) I recently
started seeing its use as a some sort of means to an end.
The interesting thing is that what you're proposing here (which is much more of an patch-upgrade
Gael wrote:
With the current thread about upgrades, I was wondering if it would be
possible to upgrade our currents frames to U4 as I would like to use the
memory capping capabilities of U4...
the one apparent issue here is that we are using Veritas for BOTH the BE
and
the zones filesystems
Enclosed is a draft of an ARC fast-track proposal I have been
working on recently, in-between a few other things. I would
like to submit this for ARC review shortly but I wanted to
send this out to see if anybody had any comments before I
do that. I have cc-ed the install-discuss alias as well,
Jeff,
I trimmed most of the original email.
Jeff Victor wrote:
This is probably out of scope for this project, but software delivery
via zones creates a potential security risk: software delivered via
this method could have a limitpriv setting which is inappropriate in
certain environments.
James,
James Carlson wrote:
Jerry Jelinek writes:
to upgrade to. Pkg operations on pkgs with the SUNW_ALLZONES attribute
set must be run from the global zone, the operation will be performed on
all native zones, and this behavior is built-in to the pkg commands.
This document
roush wrote:
Hi Jerry,
This proposal mentions native zones.
Please ensure that the cluster brand is treated
as a native brand, as noted in PSARC 2007/304.
Ellard,
Will do.
Thanks,
Jerry
___
zones-discuss mailing list
zones-discuss@opensolaris.org
James Carlson wrote:
Jerry Jelinek writes:
This document describes in detail how the packaging bits will be taken
care of. But how are patches re-run to update the zone on attach? We
don't have copies of the patch metadata (the scripts) around in usable
form, do we? Do we just 'assume
James Carlson wrote:
Is that your understanding as well? So maybe
there could be an issue if we had a patch that was not suitable for use in
a Solaris update but that was issued asynchronously?
... or that was just handled differently in the update. I know we've
done some special things in
F.V.(Phil)Porcella wrote:
***Im getting some strange errors from zoneadmin install
bash-3.00# zoneadm -z CIS2 install
Preparing to install zone CIS2.
Creating list of files to copy from the global zone.
Copying 213 files to the zone.
Initializing zone product registry.
ERROR: Read-only file
Andrew Dishong wrote:
Getting the following error after trying to uninstall a zone,any ideas?
[lab-15k-c]:~\ # zoneadm -z test1 uninstall
Are you sure you want to uninstall zone test1 (y/[n])? y
rm: Unable to remove directory /zonesHA/test1/test1/root/usr/lib/cpu:
File exists
rm: Unable to
The Real Warren Belfer wrote:
Jerry Jelinek wrote:
Andrew Dishong wrote:
Getting the following error after trying to uninstall a zone,any ideas?
[lab-15k-c]:~\ # zoneadm -z test1 uninstall
Are you sure you want to uninstall zone test1 (y/[n])? y
rm: Unable to remove directory /zonesHA/test1
Bill Casale wrote:
Can anybody tell me how to remove pool definitions within the zonecfg
utility? I've tried variations of zonecfg remove poolname with no
luck. I can't find any syntax expamples in the documentation for
doing this.
It depends what release you are running. This is bug:
Jeff Victor wrote:
With all of that, should default values be minima or maxima? The goal I
have in mind is default values that will protect a zone from DoS
attacks, or the equivalent symptom, caused by bad software.
Although we could assign default values to caps, they would be
arbitrary,
Mads Toftum wrote:
On Fri, May 11, 2007 at 10:48:04AM -0600, Jerry Jelinek wrote:
The requirement for the RM defaults should be that a misbehaving
zone can't effectively bring down the whole system. You want to
be able to get on the global zone and clean up the misbehaving zone
and any other
Jeff Victor wrote:
Wouldn't this lead to a waste of resources on systems with only one
non-global zone? It may not be the most common setup, but still makes a
lot of sense for a higher level of security.
No, since this is only a cap, not a partitioning of resources, so
everything
is still
Jeff Victor wrote:
By default, Solaris Containers do not have resource controls. Up through
S10 11/06 you could add many resource controls to Containers, directly
or indirectly, but some of them were... 'challenging' to use. ;-)
S10 7/07 improves the situation greatly, moving many of the
Bob Netherton wrote:
I see where you are going with this Jeff, and there are some good ideas
behind all of this. I have a great desire to rephrase your question
without the reference to zones - how well is Solaris itself
protected against the various forms of DoS attack ? Do the controls
Tirthankar wrote:
Why is mount command disallowed for a branded zone ?
I can boot the zone, using the normal zoneadm -z cz2 boot command
The mount command is an undocumented command that is used primarily
to support safe zone upgrades.
If you look at the spec for the scratch zone in
DJR wrote:
Hi,
What would be the best way/easiest way to limit an amount of a 8core CPU to a
specific zone.
Can I do it in such a way to limit 2 of 8 cores, or does it have to be in a
percentage bases.
Im assuming it would be done with zonecfg, any help is appreciated.
Some folks have
Zoram Thanga wrote:
Hi,
What changes, if any, have been made in our patching/packaging
infrastructure to deal with branded zones? It is of course
understandable that patchadd/pkgadd will skip lx types of brands that
emulate entirely different operating environments.
However, it is also
Krzys wrote:
Is there any way to replicate zone from one server to another without
actually bringing down the original zone down? I have a production
server that I want to duplicate and I do not want to bring that zone
down but I would like to duplicate it to another server in entire state...
Krzys wrote:
Hello folks, I have a question, here is a situation.
I did build a new server environment in one location (TX) and I have
setup multiple zones and they are on a zfs. My goal is to take zone
configuration with all zone content that is on zfs and duplicate it on
into another
Niclas Sodergard wrote:
Hi everyone,
Sorry for crossposting but it seems I have stumbled upon a problem
that affects both. I have a V490 running Solaris 10u3 with a 16x750GB
raid array connected to it. I've created an 8TB zfs filesystem called
data1 and created a zfs filesystem called
Mark Huff wrote:
If I understand what your customer did, then I think you left out
a step above. You said they changed their zonepath and IP address for
the new host. However, based on the names above, it also looks like
they changed the lofs mounted filesystem configuration for the new zone.
Mark Huff wrote:
IHAC who is pretty excited about the clone option in Solaris 10 11/06
(U3), however they're running into problems in the execution of the
clone option for zoneadm. Here are the step-by-step procedures they are
following
For example they have a zone called bluto-zone1
I wanted to let everyone know about a small enhancement to
the zoneadm 'attach' command that we integrated yesterday.
Currently, before you attach a zone to a host, it must have
been detached from the original host. The detach process
generates the information we need to validate the attach on
Paul Davis wrote:
Rodney, you have some great ideas for an RFE.
We do already have the following open RFE for folks who
are interested in this topic.
5089475 RFE: provide control over zones boot sequence at system boot
Jerry
___
zones-discuss
Robert Thurlow wrote:
In a related area, and to address an earlier question I raised, I don't
think getting a filesystem via a lofs mount should entitle you to share
it - you should have device access delegated to your zone in order to do
that. Zones folks may disagree.
Rob,
In general we
Robert Gordon wrote:
...
I'd even go further and say that any user
in the global zone would not have access to /export/z1.
...
This is already the case. The mode on the final zonepath
directory must be 700. This is set when zoneadm installs
the zone and verified when you do normal zone
Ivan Buetler wrote:
Is this true for OpenSolaris? My experience:
I was trying to upgrade from SunOS 5.11 snv_28 to SunOS 5.11 snv_54 where
my NGZ zone roots were set to a zfs mount point like below:
NAME USED AVAIL REFER MOUNTPOINT
zpool 93.8G 40.1G26K
Ivan Buetler wrote:
Jerry, Thank you for your response. See my zonecfg of the named NGZ here:
[EMAIL PROTECTED] ~ # zonecfg -z named export
create -b
set zonepath=/zpool/zones/named
set autoboot=true
add inherit-pkg-dir
set dir=/lib
end
add inherit-pkg-dir
set dir=/platform
end
add
Rich,
Rich Teer wrote:
Hi all,
Last time I checked, having one's zone roots (zonepaths) on
ZFS file systems was not a recommended practice, despite the
fact that this works. IIRC, the problem was that the upgrade
code didn't grok zfs and would therefore get terribly confused
should the zone
John Clingan wrote:
This is incorrect. All S10 updates have supported upgrading systems
with zones. I believe what you are thinking of is that live-upgrade
does not support upgrading systems with zones. This is being
fixed in the next S10 update. It is already fixed in nevada.
Which Nevada
Mike,
Mike Gerdts wrote:
One of the effects of setting capped-memory resource control for swap
is that the size of /tmp is also limited. Unlike when a tmpfs size
limit is set with the size=... mount option, df /tmp does not
display a value that is reflective of the limits that are put in
Matt Cohen wrote:
Hi.
We have a zone currently setup on one of our Solaris 10 servers, but it wasn't
configured quite properly.
Is there a way to go back and add an inherited dir to a zone that's already
configured and has been running for a couple of weeks?
You are not allowed to change
Mark Koeller wrote:
Can you obtain S10 Update3 zones (move, copy, rename) features by adding
zones patches to S10 Update 2?
Must you run Solaris 10 Update 3/Nevada to get these new zones features?
You can patch your way up. The x86 zones jumbo patch is 122661
and sparc zones jumbo patch
Tim Cook wrote:
So essentially at this time blastwave is just a *bad idea* for global
zones. Is something like sunfreeware ok then? I assume the -G option
should work with those packages?
I don't know a lot of the details of blastwave and how
many different options it gives you.
However, in
[EMAIL PROTECTED] wrote:
FYI, you can also use create -b (blank) so you don't have to run
remove-pkg-dir 4 times.
Actually, the documented way to create a whole-root zone *is* to remove
the default inherit-pkg-dir resources. The reason for this is create
-b says to use a blank template -
I know b56 is just getting out but for people who will be
using duckhorn (the improved zones-rm project) some
of the associated man page changes did not make it into
b56. Specifically, the section 1M changes (zonecfg,
rcapd, prtstat rcapadm) were omitted. I wanted to
let everyone know these
Steffen Weiberle wrote:
Is it safe to generalize that non-LOFS file systems in Solaris 10 do not
allow cross-zone interaction? procfs does not. namefs does not. tmpfs
does not. sockfs does not. doors does not. What about all the others (I
can't even name them all)?
Steffen,
One issue to be
Steffen Weiberle wrote:
This new rctl is part of the overall zones/rm improvement project
we have been working on for a while now.
Thanks, Jerry! I am waiting with open arms :) for this, and memory sets,
and swap sets, and IP instances! Oh, and CPU caps.
Wait, does this replace swap sets?
Chris Greenman wrote:
That was kinda my thinking too but I guess an lofs
mount would do the same thing. Quick question though,
what is the major different between an inherit-pkg-dir
and an lofs mount? This is one area of zones I
haven't really researched that well.
There are several
Chris Greenman wrote:
Hello, I've got a problem I hope someone can help me
with. I have two identical E250s (both jumpstarted
identically) and I'm having problems installing a zone
on one of them. The problem appears to center around
some loopback filesystems I'm trying to create. The
config
Detlef Drewanz wrote:
Thanks Jerry,
that makes very much sense to do that in this way. But we should keep in
mind that checking a filesystem during zonesboot might be required
(esspecially after a crash or a cluster switch).
With add device the raw device is in the zone available to do the
Menno Lageman wrote:
Hi,
doing a dry-run attach of a detached zone fails with the message
zoneadm: missing or invalid brand and exit code 1. Attaching the zone
for real succeeds though. I would expect the dry-run to succeed too
because the zone was created on this system so everything
Menno Lageman wrote:
Menno Lageman wrote:
Hi,
doing a dry-run attach of a detached zone fails with the message
zoneadm: missing or invalid brand and exit code 1. Attaching the
zone for real succeeds though. I would expect the dry-run to succeed
too because the zone was created on this
Detlef Drewanz wrote:
Hi,
is there a way to check a filesystem during a zones boot that was
configured with zonecfg ?
Sorry for the delayed response to this question. I have
gotten a bit behind.
I don't know of a way to do this when you add a file system
in zonecfg using the fs resource.
Mike,
Mike Gerdts wrote:
On 6/26/06, Gerald A. Jelinek [EMAIL PROTECTED] wrote:
Attached is a description of a project we have been refining for
a while now. The idea is to improve the integration of zones
with some of the existing resource management features in Solaris.
In the proposal
Rayson Ho wrote:
It's being worked on:
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=4964859
IIRC, it is currently not supported because the kernel part of NFS
server does not understand the concept of zones...
In order to help the NFS team understand the importance of this
issue
Jens Elkner wrote:
I've created a zone which should mount the /pool1/flexlm.ulo zfs via lofs:
+ zfs create pool1/flexlm.ulo
+ zfs set atime=off pool1/flexlm.ulo
+ zfs set sharenfs=off pool1/flexlm.ulo
+ zonecfg -z flexlm
...
add fs
set dir=/usr/local
set
Christine Tran wrote:
The zones.cpu-shares rctl has a set of threshhold actions: none, deny
and signal=. Say if I set the action as signal=TERM, who actually gets
signaled? Is it the process in the zone that's currently queuing to get
on CPU, or is it zoneadmd (which presumably will pass it
Bill Casale wrote:
Is there a reason the hardware optimized libraries shouldn't be mounted
in a local zone?
They should be. This was bug
6407767 libc_psr does not get mounted in a zone
which was integrated into b41. What build are you running?
Jerry
Bill Casale wrote:
Hi Jerry,
Thanks for your reply, I did see that bug but this is happening
on a V440 running Solaris 10 1/06 with KU 118833-23.
It looks like this was also fixed in S10u3 build 4. I am not sure
if it is in a patch yet.
Jerry
___
Gregory Edwards - Software Support wrote:
SunOS wasoaf04 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Fire
# cat /etc/release Solaris 10 1/06 s10s_u1wos_19a
SPARC
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved.
Use is subject
Jens Elkner wrote:
Is there a feature, which allows me to configure or tell zone install to NOT
install certain packages?
E.g. I've a machine with StarOffice installed. For obvious reasons I don not
want to inherit the StarOffice packages into a none-global zone. Finding the
appropriate
Mark Mulligan wrote:
Hi Community,
I was wondering if any customers had done an evaluation on the
administrative time or cost (same thing really) improved by using the
efficiencies of Solaris Containers vs. managing individual servers with
just one Solaris 10 global zone or one Solaris 8/9
Steffen Weiberle wrote:
Jeff Victor wrote On 09/14/06 10:35,:
[EMAIL PROTECTED] wrote:
Does it make any difference as to where or what kind of fs that the
zoneroot is mounted? and is there any difference with a whole root
zone?
The situation is the same for both sparse and whole-root
Marlanne DeLaSource wrote:
Hi again,
I'm still playing with zones...
I was having a look at the clingan zone, and there is a snapshot of a tool here
: http://blogs.sun.com/jclingan/resource/global_create.gif
This tool has a nice display and seems to manage containers.
I have installed sun
Marlanne DeLaSource wrote:
Sorry about this question that may be stupid, but I wasn't able to display the
cpu-shares afterwards.
I set up the rctl cpu-shares in the various zones, used dispadminand prctl (I
also rebooted). It worked nicely. But I wanted to check the cpu-shares given to
the 3
Phil Cordier wrote:
Posted this question on the general zones group at got a deafening silence in
response - anyone here have any possible answers?
http://forum.sun.com/jive/thread.jspa?forumID=299threadID=100707
It is possible that prstat and rcapd are counting shared memory multiple times,
Peter Guthrie wrote:
FYI, I just found this thread when I Google'd for the same problem. This is on
a w2100z running B44.
In my case the zone installed perfectly and I was able to login to it. After a
reboot I found it in the 'mounted' state.
As the previous posts in this thread indicate,
Christine Tran wrote:
Hi,
I came across a zone example that looks like this:
fs:
dir: /tmp
special: swap
raw not specified
type: tmpfs
options: [size=1024]
Hmm ... I think I know what the person is trying to do,
Christine Tran wrote:
zonecfg doesn't know about every option on every filesystem, bundled
and unbundled, that is available on Solaris. zoneadm does some
basic validation of fs entries but it too does not know about all
of the special options each filesystem might have.
Well, is this worth at
Steffen,
Steffen Weiberle wrote:
Jerry Jelinek wrote On 08/16/06 18:14,:
Steffen,
Thanks for your comments. Responses in-line.
Steffen Weiberle wrote:
Hi Jerry, this is great.
I have a few comments below.
Thanks
Steffen
1) Hard vs. Soft RM configuration within zonecfg
We
Chun-Huan Freesia Shen wrote:
Hi experts,
This is chunhuan from SC.
I have a question to consult you.
How can I confirm that the zones (global/non-global) status is ok or not
through explorer file gathered by version 5.5 ?
The explorer file is at the following site:
Steffen,
Thanks for your comments. Responses in-line.
Steffen Weiberle wrote:
Hi Jerry, this is great.
I have a few comments below.
Thanks
Steffen
1) Hard vs. Soft RM configuration within zonecfg
We will enhance zonecfg(1M) so that the user can configure basic RM
capabilities in
Doug Scott wrote:
Doug Scott wrote On 08/04/06 11:42,:
create a zfs filesystem in the global zone for the
zone. Something like
$ zfs create mypool/export/zones/zone1
$ mkdir -p /export/zones/zone1
$ zfs set mountpoint=/export/zones/zone1
mypool/export/zones/zone1
With zonecfg set your
Steffen Weiberle wrote:
If anything like Jave ES applications (directory, web, app server, etc.)
you need a full root zone to install into. I.e., remove all your
inherit-pkg-dir parts.
Or, you may be able to use this technique from the zones FAQ if
you only need a writable subdirectory in
Dave Bevans wrote:
Hi All,
I have a customer who wants to assign 1 cpu and 1 Gb of memory for each
zone they have created. What is the best way for the customer to
approach this? Is this possible?
You can use a processor set pool to assign 1 cpu to the zone.
We do not yet have the ability
Paul Kraus wrote:
On 7/31/06, Steffen Weiberle [EMAIL PROTECTED] wrote:
Home directories are more problematic; you will need to loopback mount
them into the local zones.
Is the underlying problem being worked on, or is it worth an RFE to
make this transparent (automount
if remote,
Matty wrote:
It sounds like you might be interested in the zoneadm clone option.
This feature is currently in Solaris Express, and I am hopeful it will
make Solaris 10 update 3. Does anyone from Sun happen to know if the
attach, detach and clone features could be released as a patch for
Jeff,
Thanks for your comments. I have a few responses in-line.
Jeff Victor wrote:
1) General comment: I agree that this will provide needed clarity to the
seemingly unorganized RM features that we have scattered through Solaris
during the last decade. The automation of certain activities
201 - 289 of 289 matches
Mail list logo