Linux zones on Solaris Express X86
There are 3 ways to run Linux binaries on a Solaris Express X86 server.
- xVM VirtualBox
- xVM Server
- Linux Branded Zone
This post takes a look at the interesting world of the Linux branded zone. I’ve posted about VirtualBox before and I hope to take a look at xVM Server (Xen) in a future post. Read on for my first steps with Linux branded zones.
I’ve used Solaris Express (SXCE) Build 106 here as it delivers this fix which is pretty much required for running a 2.6 kernel in a branded zone. The OpenSolairs pkg repository does not yet appear to be updated to Build 106 at the moment.
Linux branded zones are perhaps the screwball option for running Linux binaries on Solaris. Rather than provide a fully self contained Linux environment it provides a Linux compatible zone in this case based on CentOS 5.2 i386. Currently the only install method for a Linux 2.6 based distribution is to install the OS somewhere else then create a tarball of the image and use that as the source media. Installing direct from the distribution iso files is not yet supported.
You must disable SELinux in the image you are going to create. You can either do this during the install or select ‘Administration’ / ‘Security Level and Firewall’ and disable SELinux.
So to start we need a running 32-bit CentOS 5.2 image, it’s trivial to install one in VirtualBox. Then create an tarball of the running image like so:
tar -jcf /net/192.168.0.10/iso/centos5.2.i386.tar.bz --exclude dev --exclude proc --exclude sys --exclude boot --exclude media --exclude net *
To begin configuring the zone you need to download a Linux 2.6 zone template file, simply do this
cd /etc/zones wget http://www.opensolaris.org/os/community/brandz/files/SUNWlx26.xml
Then create the zone, the difference between this process and a normal Solaris zone is that the Linux 2.6 template must be specified
bash-3.2# zonecfg -z centos52 centos52: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:centos52> create -t SUNWlx26 zonecfg:centos52> set zonepath=/vm/zones/centos52 zonecfg:centos52> add net zonecfg:centos52:net> set address=192.168.0.50 zonecfg:centos52:net> set physical=e1000g0 zonecfg:centos52:net> end zonecfg:centos52> commit zonecfg:centos52> verify zonecfg:centos52> exit
The install the archive into the zone
bash-3.2# zoneadm -z centos52 install -d /net/192.168.0.10/iso/centos/centos5.2.i386.tar
A ZFS file system has been created for this zone.
Installing zone 'centos52' at root directory '/vm/zones/centos52'
from archive '/net/192.168.0.10/mnt/usbdisk1/iso/centos/centos5.2.i386.tar'
This process may take several minutes.
Setting up the initial lx brand environment.
System configuration modifications complete.
Setting up the initial lx brand environment.
System configuration modifications complete.
Installation of zone 'centos52' completed successfully.
Details saved to log file:
"/vm/zones/centos52/root/var/log/centos52.install.1615.log"
Check that it is installed
bash-3.2# zoneadm list -cv ID NAME STATUS PATH BRAND IP 0 global running / native shared - centos52 installed /vm/zones/centos52 lx shared
The boot it up
bash-3.2# zoneadm -z centos52 boot zone 'centos52': WARNING: e1000g0:1: no matching subnet found in netmasks(4) for 192.168.0.50; using default of 255.255.255.0. bash-3.2# zlogin -C centos52 [Connected to zone 'centos52' console] Entering non-interactive startup --snip start up messages--- CentOS release 5.2 (Final) Kernel 2.6.18 on an i686 centos52 login: root Password: Last login: Mon Jan 26 22:56:35 on :0 [root@centos52 ~]# uname -a Linux centos52 2.6.18 BrandZ fake linux i686 i686 i386 GNU/Linux
Then processes running in the zone
[root@centos52 ~]# ps -ef UID PID PPID C STIME TTY TIME CMD xfs 3120 2688 0 Jan27 ? 00:00:00 xfs -droppriv -daemon root 3228 1 0 Jan27 ? 00:00:00 /bin/login -- root root 1 0 0 Jan27 ? 00:00:00 /sbin/init root 3141 2688 0 Jan27 ? 00:00:00 /usr/sbin/atd root 2891 2688 0 Jan27 ? 00:00:00 klogd -x root 3229 3228 0 Jan27 ? 00:00:00 -bash root 2688 2688 0 Jan27 ? 00:00:00 [zsched] root 3253 3229 0 Jan27 ? 00:00:00 ps -ef root 3131 2688 0 Jan27 ? 00:00:00 anacron -s root 3052 2688 0 Jan27 ? 00:00:00 /usr/sbin/sshd root 2888 2688 0 Jan27 ? 00:00:00 syslogd -m 0 -p /var/run/syslog root 3063 2688 0 Jan27 ? 00:00:00 cupsd root 3003 2688 0 Jan27 ? 00:00:00 pcscd root 3089 2688 0 Jan27 ? 00:00:00 crond root 3173 2688 0 Jan27 ? 00:00:00 /usr/bin/python -tt /usr/sbin/yu root 3175 2688 0 Jan27 ? 00:00:00 /usr/libexec/gam_server [root@centos52 ~]#
And the related processes in the global zone
# ps -efZ | grep centos52 centos52 0000043 3120 1 0 23:30:05 ? 0:00 xfs -droppriv -daemon global root 2687 1 0 23:29:19 ? 0:00 zoneadmd -z centos52 centos52 root 3228 2702 0 23:31:06 ? 0:00 /bin/login -- root centos52 root 2702 2688 0 23:29:19 ? 0:00 /sbin/init centos52 root 3141 1 0 23:30:05 ? 0:00 /usr/sbin/atd global root 2822 1551 0 23:29:21 pts/3 0:00 zlogin -C centos52 centos52 root 2891 1 0 23:29:32 ? 0:00 klogd -x centos52 root 3229 3228 0 23:31:37 zoneconsole 0:00 -bash centos52 root 2688 1 0 23:29:19 ? 0:00 zsched centos52 root 3131 1 0 23:30:05 ? 0:00 anacron -s centos52 root 3052 1 0 23:29:34 ? 0:00 /usr/sbin/sshd centos52 root 2888 1 0 23:29:22 ? 0:00 syslogd -m 0 -p /var/run/syslog centos52 root 3063 1 0 23:29:34 ? 0:00 cupsd centos52 root 3003 1 0 23:29:33 ? 0:00 pcscd centos52 root 3089 1 0 23:30:04 ? 0:00 crond centos52 root 3173 1 0 23:30:05 ? 0:00 /usr/bin/python -tt /usr/sbin/yum-updatesd centos52 root 3175 1 0 23:30:05 ? 0:00 /usr/libexec/gam_server
Notably you can see that ‘init’ in process ’1′ in the zone but process ’2702′ in the global zone, presumably to maintain compatibility.
Due to this being a zone rather than a full on emulation you still only have one running kernel, the Solaris one, so you can presumably manage resources for this processes like you can for any normal Solaris zone, notably the memory space is shared as are the file systems, this has the potential to provide better performance than adding a full virtualisation layer and running a Linux kernel. Hopefully I’ll have a chance to do some rudimentary tests in the next week or so.