1z0-821 Oracle Solaris 11 System Administration – Administering Oracle Solaris Zones

  • By
  • February 21, 2023
0 Comment

6. Zone Configuration pt. 3

In continuing our discussion on configuring an Oracle solaris zone, let’s go ahead and take a look at actually configuring it. We’ve created it, we’ve installed it. Now let’s configure it. We’ve created and installed our zone. Now let’s go ahead and boot into it and then log into the console and go ahead and configure it. Now we use Zone admin in or zone adm to go ahead and boot into it. And we’ll use developer boot. This actually boots the zone into use the first time. Now remember that we set the auto boot parameter when we created the zone. So that means the next time the system boots, that zone will start up automatically. Now let’s log into it and we’re going to log in to the console to actually configure it. We have to give the services time to start up here for a second and then we should get to the console. And once we get to the console, basically we’re configuring the zone. Now understand that this is sort of a mini instance of Solaris Eleven.

It’s not the global zone. Only the global zone can boot from the actual hardware. Only the global zone can be used to create another zone or to configure a zone. You can’t do that within the zone itself. All you can do within the zone itself is do whatever work you’ve designed the zone for, maybe install an application or whatever. Okay, if this looks familiar, it’ll look like the text installer that we did for Solaris Eleven and basically it’s going to take us to the same menus. It’ll ask us a few questions and it’ll configure the zone. It’s actually very easy to do. Let’s go ahead and hit F two and we want to create our zone. Let’s call it Dev and let’s hit the tab key and we’ll hit F two. To continue. We’ll automatically configure our network and we can arrow down and set our location and time zone and so forth.

Again, this looks almost just like setting up our Solaris Eleven Texas dollar. We’re just going to go with eastern time root password. We’ll go ahead and set it. Let’s go ahead and type in. There we go. How to get rid of caps lock off of there. And we’ve got that configured. We have two to continue and basically we can apply all these changes and keep going. Again, this looks very similar to what we configured earlier. Now this is going to take a minute or two, so let’s go ahead and pause the recording time lapse it for you and I’ll pick it up when it finishes because this can take several minutes to actually exit the system configuration tool and write the log. It completed.

It came up and told us what the host name was and it asked for the console login. I used the login Bobby that I created when I was configuring the zone and then it’s allowed us to log in there now all we have to really do is do whatever we created the zone for. We can install different packages, we can install services. We can make this an Apache web server. If we want an NFS server, we can have it do all kinds of things. We can use this for a development environment, which is the context of what we install it for. And we can run code in here that won’t interfere with the actual machine. We can do development work without hurting the operating system, the global zone, if you will, that this zone resides in. So there’s a lot of different things we can do with this now. So now we have our own virtual environment, if you’re wheel, that lives inside a global zone. And this global zone is the actual bootable zone for Solaris Eleven. So that was configuring the zone. We created it, we installed it and then we configured it.

7. Resource Utilization

Now let’s talk about resource utilization within zones. Now resources actually belong to the global zone and to the system itself, but they can be allocated to zones for zones to use them. And it doesn’t have to be on an exclusive basis either. There can be resource sharing between zones, between each other, and between the zones and the global zone, in other words, the system. Now what are resources that can be shared? Well, hardware, file systems and so forth. Now resources that are added to a zone become part of the zone data set. However, they’re also part of the child data set for the global zone. So they actually sit in two data sets. They sit in the global zones data set, child data set, and the data set for the zone itself. However, the global zone obviously has priority over resources. Now resources that are located in one zone but are needed in another zone don’t need to be duplicated. What you do really is you’re referencing resources in one zone to another.

So references to the resource that are in the global zone can be made in a non global zone. Now for example, I’m going to give you a few examples on some of the ways you can share resources within zones. For example, file systems can be mounted using the loopback file system or lofts mount. You can also add hardware devices like CDROM drives. Now how do you do these things? Well, it’s actually very easy. You use the Zone CFG or Zone Config command. That was the same command that we used to create the zone in the first place. So we just have to know a few more switches and options for it. So let’s go ahead and take a look at adding resources to a zone. Now let’s go ahead and look at adding a resource to a zone. We have to use Zone config, so let’s go zone CFG Developer well actually we need to put the Dash Z in there as well. Now we’re in the developer context. Now Zone CFG is a context driven command set. You can change contexts and what you can do in the context depends upon where you’re at. So now we’re in the developer context so we want to maybe add a device and that changes our context to the device context.

And if you go help you can kind of see what you can do in there. So these are the commands that you can run within the device context. So let’s go ahead and just do something like set match equals and we’re going to do devlpone and actually we need to go ahead and put that in quotes as well. Okay. And we can actually go ahead and set partitions and raw device names in here as well. We don’t have to do that right now. So we’ve added LP one line printer one to the resource of the zone so we can go ahead and end and that gets us back to the developer context. Now let’s go ahead and look at adding a file system. So we could go add FS and that puts us in the file system context. And if we do a help from here we’ll see that there are other commands that we can use within this context. So there’s three particular things we need to do to add a file system and we can go set directory equals and this could be like slash data and then we can say set special and this will also be slash data.

And one more thing we need to do actually before we do that, let’s go ahead and try to end it. It will actually tell you what you’re missing if you try to end it without putting all the information in there you need. So let’s go ahead and set the type. The type in this case is going to be solaris. So we enter that and it accepts it. And now we can go in and we’ve set resources within the developer zone. And from here we can exit out from the zone CFG command. So that’s how easy it is to set up resources within a zone. And of course there’s other things you can do as well. You can remove devices, obviously and so forth. You can remove file systems and things of that nature. So you can use the zone config command to manage devices, to manage file systems, systems that are added as resources to zones. And there’s other things you can do too, like set properties on them, discuss how to share them, make them exclusive and so forth. But we won’t go into that for the purposes of this particular course. So there you go with resource Utilization and management in zones.

8. Administering Zones

Now let’s discuss a little bit more about Oracle Solaris zones, specifically just some of the general things that you may do to administer a zone day to day. Now, we’ve already seen some of these things that we’ll talk about and we’ve used most of the commands we’ll talk about. There’s one that we’ll take a look at when we get into our Solaris Eleven installation. Now again, there are several tasks involved in administering string a zone and I’ve actually broken them down by the command itself, because that’s probably the most practical way to do it. With the Zone Admin or Zone Adm command, you can attach and detach zones. And what that is for is when you want to move a zone, you don’t really copy it, you detach it from one system and you attach it to another using the Zone Adm command. So you can actually move a zone to a different server if you like, if you need more disk space, if the hardware is better and so forth.

With Zone Adm, you can also reboot and shut down the zone, and that might be necessary sometimes if you have issues, if you change the configuration and you need to reboot it or shut it down, you can also make a zone ready for an application to be installed. And ready is another status like you would see when it’s created, installed, configured, and then there’s ready as well. You can also clone a zone, and a clone basically is an exact copy or replica of the zone. And what it does is enables you to have a backup of the zone. If something goes wrong, you’ve cloned it. You can restore that clone and restore the zone. A clone also may allow you to create another instance of the zone somewhere else. It’s actually a very useful command and again, it’s an option.

With the Zone Adm command, we’ve also looked at the Zone CFG Command or Zone Config command a little bit too, and we already saw where we can create zones and set their properties. We also actually looked at adding and removing resources, file systems and devices to a zone. We can also use a Zone Config command to delete a zone if something happens and the zone didn’t quite install or configure the way we needed it to, and we just want to start over, we can delete a zone as well. Now, you can also verify the changes to a zone, and then once you verify them, you can commit those changes. Now if you verify them and then decide you don’t want to go through with them, you can revert changes. A revert option and Zone Config will undo the changes. So you have verify, commit and revert. The Z login command we saw as well, and we’ve only used that for a couple of different things basically to the log into the system itself, the Z login. First we used it to log into the console to configure the system after we had installed it, but we also use it just to log into the system on a general basis as well. To log into a Zone, we can also use a couple of different options and view the default privileges that are set on the Zone. And you can actually change those privileges through Zone config once you can view them with Z log in. Now, one command we haven’t really talked about yet is Zone stat.

It’s basically just kind of a performance type of monitoring command. It gives you a lot of usage data, performance data and so forth for Zone. And we’re actually going to take a look at that now and kind of just show you what it does and how it works. Okay, we’re at our terminal prompt and I am logged in as route, and what I’d like to do first is just run the Zone stat command and it can show you the different options and things that it can do. And let’s scroll a little bit so we get everything. What we use it for with the Z switch, of course, is to get particular performance and usage data at different intervals. And what we do is specify the Z and then the Zone name itself and an interval. And the interval will give us performance information, every x number of seconds, for example. And we can get different options out of here. Different reports have to do with resources such as virtual and physical memory processors and so forth, processor usage, so a lot of different information we can get out of here. And this basically also gives you information on how to parse it and format it if you need to. Lots of different information we can get out of Zonestat. In fact, let’s go ahead and run it zone stat z, I’m going to say developer, and let’s make our interval five. That will give it to us every 5 seconds or so. So it collects data for a few seconds and then it starts. And what you can see is interval one duration, 5 seconds. And then it scrolls, obviously. And you see the Zone, the percent used, the percent CPU time, physical memory used, and the percentage, the virtual memory used in percentage and the physical networks. And that’s the usage. So you can use this actually, if you’re having performance issues with the Zone, it’ll go ahead and give you these stats. And you can use this in conjunction with other tools, other performance monitoring tools and so forth, to kind of get an idea of what’s going on with your system. And maybe you can actually look at performance bottlenecks or troubleshoot issues for bad or faulty hardware or things that are going wrong with the system. So that is Zone Stat, and it gives us information on a particular Zone.

9. Zone and Resource Issues

Now that we’ve talked about zones, what they are and how to administer them, let’s look at some of the issues that can happen with zones and their resources and talk about how you would troubleshoot those issues. Some of the issues that we would see associated with the zone are file system issues, the same as you might see with a global zone or with a system corrupt file systems and so forth. Also may see permissions issues with the file system and typically those are fairly easy to resolve. Resource sharing might be an issue in that the zone may want to use exclusive use of the resource and you can’t allow that. So you have to deal with resource sharing issues and it really depends upon the application that’s in the zone itself.

One of the most serious issues in dealing with zones is zone corruption and loss. And this actually may be a configuration issue where the zone did not get installed or configured properly, or it may be a file issue with the zone files themselves. Typically what will help that is a good backup. Resource issues that you could have with the zone include sharing issues, just like I mentioned, sharing versus exclusive use. Those could be issues if an application in different zones needs to use the resource exclusively, or if you have shared those resources with many zones, there could be some issues, some concurrency issues. Permissions again could be an issue with resources. You have to make sure that your permissions are set correctly for the global zone resource and the resource as it’s mapped inside the zone, because those permissions could be different and you may have different user accounts that have different permissions. There also could be resource problems in the global zone itself.

The issue may not be the zone, it may be the global zone. Maybe the file system is corrupt, maybe the device is corrupt or the hardware is not working and so forth. So try to troubleshoot down and figure out exactly where the problem is happening. You would troubleshoot using existing zone tools that we’ve talked about zone adm, zone CFG, Z login and so forth, zone stat, and also system tools. You might want to use system tools to troubleshoot issues when they occur either in the zone or in the global zone in the system. Now one of the first things you have to do is determine where the issue is, where the problem is happening at. If the issue is within the zone, then you can make some changes to the application itself that’s in the zone or some parameters that have to be set with the zone CFG command with the zone. You also may see that the problems may be with the connection, the logical connection from the zone to the system or with the global zone. There may be issues with that, how the global zone sees the zone itself, maybe with the zone path and so forth. So you have to troubleshoot those as well. The issue could also be with the global zone itself. Maybe there’s an issue with the system that is affecting the zone, how it’s booting up, how it’s working, its configuration, and so forth. So you’ve kind of got to troubleshoot each piece separately and figure out exactly where the problem is. And then you’ll be better equipped to fix it either with a system command or with one of the zone commands. Now, the actual best defense against zone issues that you can do is data backups. You need to just back up the data and you can back up the application or the data within the zone itself. And you can use normal backup procedures of that.

You can copy it, you can do a tar backup or whatever gzip. You can also back up the zone file system itself, the zone files, and there are many different ways to do that as well. You can clone the zone, and we know that we use zone adm for that. And basically that gives us a full replicable copy of the zone that can be restored in case of a backup. So if you lose the zone, you can use the clone to restore the zone from the clone. You can also use the clone to add a zone to another system as well, an exact copy of the zone. You can also back up the entire system. And of course we recommend that because that’s just good sense and good system administrator practice anyway. But then you would wind up restoring the entire system just to get the zone back, and that might not be very practical sometimes. So you would restore these backups as necessary.

And you might want to take a combination of these backups because you may not necessarily need to restore an entire system just to fix the problem with the zone or the zone application. So it’d be a good idea to back up on many different levels with the zone, with the application data, and with the system itself. So that gives you many different options to restore. So those are some of the issues that we talk about when we look at troubleshooting zone issues, both resource issues and problems with the zone itself. You may see that you have issues when you’re first installing a zone because it wasn’t created properly or it’s not configured properly marked as incomplete. So again, the zone config and zone adm commands will help you out with that. Those are some of the things that we can do to help us resolve zoning resource issues.

10. For the Exam

We’ve covered a lot of ground with administering Oracle Solaris Zones, and we talked about several things. We met exam objectives, but we also covered a few things that aren’t covered on the exam specifically, but things you need to know anyway to help you out with the exam objectives. Things like Virtualization Basics, which we talked about in depth. We covered concepts of virtualization, we talked about what it actually is and how it works in most operating systems. We even talked about hypervisors type one and type two and what the differences were. Again, you don’t necessarily need to know those things for the exam, but they really help you understand what Oracle Solaris Zones are and what they are not. Now, speaking of Oracle Solaris Zones, what they are is really more of an environment for an application to operate in. It’s really not true virtualization in the sense that we understand it day to day. It is virtualization in the sense that it abstracts the operating system from the application.

So you actually have an environment that is good for application and service separation from the operating system. In any case, zones serve to help you run different applications and services inside their own protected zone that actually uses core pieces of the operating system. We also looked at zone configuration, and we know that there are several steps to this. First we created a zone with a Zone CFG command, and then we installed it using the Zone Adm command. And then we configured it using the Zone Adm and Z login commands. And we saw that that’s a little bit of an effort. You create it, which is actually pretty easy, then you install it, which can take a lot of time, and it can actually use about between 203 hundred megabytes of hard disk space because it’s actually installing a subset of the operating system files.

And then we configured it and that’s actually not a difficult process, but it can take a little time as well. And we saw how it’s pretty much like the Oracle Solaris eleven text installer screens and it asks for locale information, root, password, username and so forth. Then we looked at resource utilization and what you want to know for the exam is how to add resources to the zone. And we typically do that with Zone config, Zone CFG, and you can add devices, you can add file systems and so forth to the zone. You can manage them, you can actually remove them as well. Then we looked at administering zones. We’ve covered most of these topics already, so we just looked at the different commands that you can use to administer zones day to day, creating, install and configuring. We did that. You can also clone a zone, and you could do that with the Zone config and Zone Adm commands. And a clone basically is an exact copy that you can copy it and put it in another global zone, another system or you can create another zone on its own in the same global operating system, same global zone, and you can also use clones for backup and restoral.

We also look at attaching and detaching zones in that if you want to move a zone to another global zone, to another operating system, you have to detach it and then attach it using the zone commands. Then we also talked about looking at the status of zones with the zone stat command and it gives you a lot of good information on the zone and its health and its performance. Then we also talked about troubleshooting zone and resource issues. You kind of need to know where to troubleshoot. Is it the zone itself, is it the application in the zone? Is it the communication between the zone and the global zone? Or could it even be a problem in the global zone itself and have nothing to do with the zone? So you actually have to start troubleshooting and working your way back to find out where the problem actually is. The troubleshooting tools are typically the ones that we’ve already talked about. Zone adm, zone CFG, Zlog, in zone stat will help you out with troubleshooting.

But there are also global zone tools, the typical solaris eleven system tools that can help you troubleshoot as well. And we know that when disaster strikes, if we have a good backup of either the application itself that goes into the zone or the data or the zone itself, if we have a good clone of it, then we can restore it and go ahead and get us back up and running with that zone. There’s not a lot to troubleshoot with zone issues and there’s not a lot to do. You can fix it except basically restore the zone somehow. So that’s pretty much your big troubleshooting advice right there with zones. So all these things you need to know for the exam, go through and study the commands indepth. Practice, practice, practice on your own solaris eleven system and make sure that you understand all of the different concepts, definitions, terms associated with zones, how they work and how the commands work within them. So that’s all you really have to know for the exam is everything.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img