Solaris 10
#routeadm -e ipv4-forwarding (use -d to disable)
#routeadm -e ipv4-forwarding (use -d to disable)
#routeadm qfe0 router (ipv4, enable forwarding, put -router to disable forwarding)
#routeadm qfe0 inet6 router (ipv6, put -router to disable forwarding)
Note: In solaris 8/9, use 'ndd set
Processor
#psrinfo
#which psradm
#psradm -f
#psradm -n
From Sun docs
In order to create a zone or container in Solaris 10, few things need to be done
Here's the steps to follow
a) Create a new processor set, which you need to define how many processor (min and max) per processor set.
b) Create new resource pool. Resource pool contains your newly define processor set in a). Enable, save and activate this pool.
c) Once the resource pool is created, now create a new zone using zonecfg. In this new zone, you need to define the zone name, the directory or fs where the zoning files will be located at, the network address and the network interface used, and finally assign this zone to the resource pool in b). Make sure you verify and commit this zonecfg config
d) Your zone is now ready. Now install the zone OS.Once finished, try to boot the zone.
e) Once the zone booted succesfully, login to the zone and do initial setup fro the zone.
f) DOne
Solaris 10 : Creating a New Resource Pool
1. global# pooladm -e (Enable the resource pools )
2. global# pooladm -s (Save the current configuration )
3. global# pooladm (See if any pools already exist on the system)
Create a processor set (pset) called “email-pset” with a min. 1 CPU and max. of 1 CPU.
4. global# poolcfg -c 'create pset email-pset (uint pset.min=1; uint pset.max=1)'
5. global# poolcfg -c 'create pool email-pool' (Create a resource pool for the psr set. )
Link the pool to the processor set.)
6. global# poolcfg -c 'associate pool email-pool (pset email-pset)'
7. global# pooladm -c (Activate the configuration. )
8. global# pooladm ( Verify the existence of the resource pool)
Creating the Zone on the New Resource Pool
Steps required. Zone with FSS will have more options.
• Configuration—Define the zone properties(fs, network interfaces etc)
• Installation—Create the zone (by installing and populating param for the zone)
• Virtual platform management—Use zone tools to boot, halt, or reboot the zone
• Zone login—Move in and out of the zone to perform administrative tasks
Configuration
To configure and define a new zone:
1. global# zonecfg -z email-zone (Enter the zone configuration tool.)
2. zonecfg:email-zone> create (Create new zone definition)
3. zonecfg:email-zone> set zonepath=/export/home/zones/email-zone (Assign to fs)
4. zonecfg:my-zone> set autoboot=true
5. Configure networking parameters, using the add net command and its subcommands.
zonecfg:email-zone> add net
zonecfg:email-zone:net> set address=10.0.0.1
zonecfg:email-zone:net> set physical=eri0
zonecfg:email-zone:net> end
6. zonecfg:email-zone> set pool=email-pool (Assign the zone to the email pool.)
7. zonecfg:email-zone> verify (Verify the config. syntax correct)
8. Write the in-memory configuration to stable memory, using the commit command, and then exit the shell
zonecfg:email-zone> commit
zonecfg:email-zone> exit (or ^D [Ctrl ”d”])
A standard zone automatically shares the /usr, /lib, /platform, and /sbin file systems with the global zone. It is important to note that a standard zone configuration mounts all global file systems as read-only.
As a result, an attempt to install an application to any of these directories will fail. See the section Creating the First Web Server Container (page 9) to learn how to mount a global zone file system with write permissions in the directory in which the application is installed.
Installation
9. Install the zone.
global# zoneadm -z email-zone install
Virtual Platform Management
When the installation is complete, the zone is ready to be booted. While the zone is now installed, the system identification internal to the zone has not run. At this point the administrator can configure things like the root password to the zone and the name server with which it should connect. The first time the zone is booted, the system automatically interacts with the user to configure this system identification. First time booting after installation, standard system identification questions must be answered via zone's console.
10. Boot the zone, using the zoneadm(1M) boot command.
global# zoneadm -z email-zone boot
Zone Login
11. Log on to the zone Console using the zlogin (After system identification is complete & rebooted)
global# zlogin -C email-zone
[Connected to zone email-zone console]
[This will now show the same type of output as when a normal system boots.
...
boot passwd = (Your choice)
12. Disconnect from the console using ~. (tilde dot) as in tip(1).
The zone can now be accessed over the network using the telnet(1), rlogin(1) or ssh(1) commands, like a standard Solaris OS system.
Note that each zone created on the system must be installed, configured, and booted. In addition, a sysidcfg(4) file can be used to automate the identification process. See the http://docs.sun.com site for details.
Enabling the FSS on the Web Server Resource Pool
Once the Container for the email server application is created, installed, and booted, you will create another Container for the first Web server. While this new Container is similar to the one created for the email server application, it also utilizes the Fair Share Scheduler to set CPU usage guarantees.
To set the Fair Share Scheduler:
1. Set the scheduler for the default pool to the Fair Share Scheduler.
global# poolcfg -c 'modify pool pool_default (string pool.scheduler="FSS")'
2. Create an instance of the configuration
global# pooladm -c
3. Move all the processes in the default pool and its assoc. zones under the FSS.
global# priocntl -s -c FSS -i class TS
global# priocntl -s -c FSS -i pid 1
If you don't want to reboot the system you can use priocntl(1). This step could also be done by rebooting the system.
Creating the First Web Server Container
Installing this zone will be slightly more sophisticated. You will assign three Fair Share shares to it as well as provide read-write access to the /usr/local file system.
To create the zone:
1. Define the zone for the first Web server.
global# zonecfg -z Web1-zone
Web1-zone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:Web1-zone> create
zonecfg:Web1-zone> set zonepath=/export/home/zones/Web1-zone
zonecfg:Web1-zone:net> set address=10.0.0.2
zonecfg:Web1-zone:net> set physical=eri0
zonecfg:Web1-zone:net> end
zonecfg:Web1-zone> set pool=pool_default
Remember, the two Web servers share the CPU resources of the default pool with each other as well as the global zone, so you need to specify how those resources should be shared using the Fair Share Scheduler (FSS).
With FSS, the relative importance of applications is expressed by allocating CPU resources based on shares—a portion of the system's CPU resources assigned to an application. The larger the number of shares assigned to an application, the more CPU resources it receives from the FSS software relative to other applications. The number of shares an application receives is not absolute—what is important is how many shares it has relative to other applications, and whether they will compete with it for CPU resources.
2. Assign three shares to this zone
zonecfg:Web1-zone> add rctl
zonecfg:Web1-zone:rctl> set name=zone.cpu-shares
zonecfg:Web1-zone:rctl> add value (priv=privileged,limit=3,action=none)
zonecfg:Web1-zone:rctl> end
zonecfg:Web1-zone> exit
In the case of a standard zone install—like the email server—the /usr directory is configured to be read-only. In some cases an application may need to be installed into a sub-directory under /usr like /usr/local (i.e., open source software often installs here). A standard zone install will not allow this. However, this can be done by changing the zone configuration so that it mounts an additional directory on the /usr/local directory in the zone, as read-write.
In this example, the first Web server is installed in /usr/local/bin, which means we need to configure the zone to support this.
To configure a read-write /usr/local directory:
3. In the global zone, create the directory to be exported to the zone.
global# mkdir -p /export/home/zones/Web1-zone/local
4. Set the permissions such that only root in the global zone can enter this directory.
global# chmod 700 /export/home/zones/Web1-zone
5. Create the dir on which the file system is to be mounted if it doesn't already exist (otherwise skip).
global# mkdir /usr/local
6. Enter the zone configuration tool for this zone.
global# zonecfg -z Web1-zone
7. Add a file system to the zone, using the add fs command.
zonecfg:Web1-zone> add fs
8. Specify a directory in the zone on which the file system can be mounted.
zonecfg:Web1-zone:fs> set dir=/usr/local
9. Export the directory from the global zone to the new zone.
zonecfg:Web1-zone:fs> set special=/export/home/zones/Web1-zone/local
10. Set the file system type to the loopback file system.
zonecfg:Web1-zone:fs> set type=lofs
11. Set the directory to have read and write permissions.
zonecfg:Web1-zone:fs> set options=[rw,nodevices]
12. End the configuration.
zonecfg:Web1-zone:fs> end
13. Be sure to verify and commit the configuration, and then install and boot the zone.
zonecfg:Web1-zone> verify
zonecfg:Web1-zone> commit
zonecfg:Web1-zone> exit
global# zoneadm -z email-zone install
global# [output omitted here for brevity]
global# zoneadm -z Web1-zone boot
global# zlogin -C Web1-zone
global# zoneadm list -cv is a quick way to see what state the zone is in.
Creating the Second Web Server Container
Once the Container for the first Web server is created, installed, and booted, a Container can be created for the second Web server. This Container is similar to the one just created, but will be assigned a different amount of FSS shares, and also includes access to a CD-ROM device and a raw disk partition.
To create the second Container:
1. Create the zone for the second Web site using the same process used to create the Web1-zone zone. Be sure to change the name of the zone, its location, the name of the pool used, and the IP address.
#zonecfg -z Web2-zone
Web2-zone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:Web2-zone> create
zonecfg:Web2-zone> set zonepath=/export/home/zones/Web2-zone
zonecfg:Web2-zone> add net
zonecfg:Web2-zone:net> set address=10.0.0.3
zonecfg:Web2-zone:net> set physical=eri0
zonecfg:Web2-zone:net> end...
zonecfg:Web2-zone> set pool=pool_default
2. Specify the use of the Fair Share Scheduler, and assign two shares to the zone.
zonecfg:Web2-zone> add rctl
zonecfg:Web2-zone:rctl> set name=zone.cpu-shares
zonecfg:Web2-zone:rctl> add value (priv=privileged,limit=2,action=none)
zonecfg:Web2-zone:rtcl> end
To give the users of the Container access to the CD-ROM device:
3. Add a file system to the zone, using add fs.
zonecfg:Web2-zone> add fs
4. Specify the CD-ROM directory for the zone.
zonecfg:Web2-zone:fs> set dir=/cdrom
5. Export the directory from the global zone to the new zone.
zonecfg:Web2-zone:fs> set special=/cdrom
6. Use the loopback file system.
zonecfg:Web2-zone:fs> set type=lofs
7. Set the directory to have read only permission because it is a read only CD device.
zonecfg:Web2-zone:fs> set options=[nodevices]
8. zonecfg:Web2-zone:fs> end End the configuration.
To configure the zone to access a raw device (raw disk partition) perform the following steps:
9. Add the block device for the raw partition to the zone.
zonecfg:Web2-zone> add device
zonecfg:Web2-zone:device> set match=/dev/dsk/c0t0d0s6
zonecfg:Web2-zone:device> end
10. Add the character device for the raw partition to the zone.
zonecfg:Web2-zone> add device
zonecfg:Web2-zone:device> set match=/dev/rdsk/c0t0d0s6
zonecfg:Web2-zone:device> end
zonecfg:Web2-zone> verify
zonecfg:Web2-zone> commit
zonecfg:Web2-zone> exit
The global zone administrator must ensure the disk partition is not exported to other zones for the duration of this process. Failure to do so may result in data corruption.
11. Install , boot, and configure.
The email server will run on its own guaranteed CPU, protected from the other applications on this system, while the Webservers share the remaining three CPUs. To clarify the FSS share usage, the first Web server application has three out of the total six shares, entitling it to 1.5 CPUs worth of the three CPUs (3*3/6=1.5); the second has two of the six shares, giving it one CPUs worth; and the global zone gets the remaining 0.5 CPUs worth.
