SUN SolarisResources, Zones & Container
Michael Schöbel
June 26, 2008 – Server Operating Systems
Server Operating Systems | SUN Solaris | June 26, 2008
2
Agenda
■ SUN Solaris - Overview / Definitions
■ Resource Management
■ Zones / Containers
■ Summary
Server Operating Systems | SUN Solaris | June 26, 2008
3
Workload Entities
■ “System“
■ One server machine
■ Container
■ Zone + resource management
■ Zone
■ Virtualized operating system instance
■ Project
■ Process group, set of tasks
■ Task
■ Collection of processes, assigned to project
■ Process / Lightweight processes (LWP)
■ Application instance
Server Operating Systems | SUN Solaris | June 26, 2008
4
Resource Types
■ Resource types in SUN Solaris
■ CPU
■ Network endpoints
■ Memory
■ Swap space
■ Storage space
■ ...
Server Operating Systems | SUN Solaris | June 26, 2008
5
Resource Assignment
■ Resource assignment
■ Partitioning
□ Disjoint sets of resource shares
□ May be hardware supported
□ Partition = unit of resource assignment
■ Capping
□ Limiting amount of usable resources
■ (Fair-) sharing
□ Relative weights of concurrent activities
□ Applied if utilization reaches 100%
Server Operating Systems | SUN Solaris | June 26, 2008
6
Agenda
■ SUN Solaris - Overview / Definitions
■ Resource Management
■ Zones / Containers
■ Summary
Server Operating Systems | SUN Solaris | June 26, 2008
7
Resource Management – Pools
■ Pool = dynamic resource collection
■ Scheduled independently and isolated from other pools
■ Processor set and importance
■ Configuration commands
□ psrset
◊ Manage processor sets
□ poolbind
◊ Bind zones, projects or tasks to resource pools
□ poolcfg / pooladm
◊ Manage/assign pools and processor sets
Server Operating Systems | SUN Solaris | June 26, 2008
8
Resource Managment – Capping
■ rcapd – resource cap enforcement daemon
■ Manage RSS (resident set size == working set)
■ Applicable to processes, projects, tasks, and zones
■ Configuration commands
□ rcapd
□ rcapadm
◊ rcapadm –z <zone> -m <size>
□ prctlstate: enabled
memory cap enforcement threshold: 0%process scan rate (sec): 15
reconfiguration rate (sec): 60report rate (sec): 5
RSS sampling rate (sec): 5
Server Operating Systems | SUN Solaris | June 26, 2008
9
Resource Management – (Fair-)Sharing
■ Ensure certain CPU share (if CPU utilization reaches 100%)
■ Activate Fair Share Scheduler (FSS) for resource pool
■ Assign CPU shares
□ prctl command
□ Zone configuration file
# poolcfg –c ‘modify pool pool_default (string pool.scheduler=“FSS”)’# pooladm –c
# priocntl –s –c FSS –i class TS# priocntl –s –c FSS –i pid 1
Server Operating Systems | SUN Solaris | June 26, 2008
10
Agenda
■ SUN Solaris - Overview / Definitions
■ Resource Management
■ Zones / Containers
■ Summary
Server Operating Systems | SUN Solaris | June 26, 2008
11
SUN Solaris Zones
■ Virtualized/isolated operating system environments
■ Sparse root zones
□ Shared data (e.g. /lib or /usr) on disk and in memory
□ Patches and updates can be applied to global zone
□ Requires ~ 70 MByte disk space
■ Whole root zones
□ Complete copy of system files and data
□ Shared kernel
□ Allow for different patch level and application versions
□ Requires ~ 2500 MByte disk space
■ Tools: zonecfg and zoneadm
Server Operating Systems | SUN Solaris | June 26, 2008
12
Zones – Lifecycle (I)
■ Zones state model
■ Configured
□ Zone configuration specified and saved to stable storage
■ Installed
□ Unique root file system is instantiated for zone
■ Ready
□ Virtual platform has been established (zsched process)
■ Running
□ init daemon is running and starts application environment
■ Shutting Down
■ Down
Server Operating Systems | SUN Solaris | June 26, 2008
13
Zones – Lifecycle (II)
Server Operating Systems | SUN Solaris | June 26, 2008
14
Zones – Configuration (I)
■ Zone templates (XML files) in /etc/zones/
■ File: index – currently configured zones
■ File: SUNWdefault.xml – default configuration
global:installed:/test_zone:installed:/zones/test_zone:07dae8f1-0eda-cc62-e45c-9922ebf9769f
<?xml version="1.0"?>
<!DOCTYPE zone PUBLIC "-//Sun Microsystems Inc//DTD Zones//EN" "file:///usr/share/lib/xml/dtd/zonecfg.dtd.1">
<zone name="default" zonepath="" autoboot="false"><inherited-pkg-dir directory="/lib"/><inherited-pkg-dir directory="/platform"/><inherited-pkg-dir directory="/sbin"/><inherited-pkg-dir directory="/usr"/>
</zone>
Server Operating Systems | SUN Solaris | June 26, 2008
15
Zones – Configuration (II)
■ Configure zones: zonecfg
■ Can not affect running zone reboot required
■ Configure resources and properties
■ Resources
□ attr, capped-cpu, capped-memory, inherit-pgk-dir, …
■ Properties
□ Global
◊ zonename, zonepath, autoboot, …
□ Resource related
◊ capped-cpu: ncpus
◊ capped-memory: physical, swapped, locked
◊ …
Server Operating Systems | SUN Solaris | June 26, 2008
16
Zone – Configuration (III)
# zonecfg -z test_zonetest_zone: No such zone configuredUse 'create' to begin configuring a new zone.zonecfg:test_zone> createzonecfg:test_zone> set zonepath=/zones/test_zonezonecfg:test_zone> set autoboot=truezonecfg:test_zone> set pool=test_poolzonecfg:test_zone> verifyzonecfg:test_zone> commitzonecfg:test_zone> exit
Server Operating Systems | SUN Solaris | June 26, 2008
17
Zone – Installation
# zoneadm -z test_zone installPreparing to install zone <test_zone>.Creating list of files to copy from the global zone.Copying <14195> files to the zone.Initializing zone product registry.Determining zone package initialization order.Preparing to initialize <1196> packages on the zone.Initialized <1196> packages on zone.Zone <test_zone> is initialized.Installation of <1> packages was skipped.The file </zones/test_zone/root/var/sadm/system/logs/install_log> contains a log of the zone installation.# zoneadm list -civ
ID NAME STATUS PATH BRAND IP0 global running / native shared- test_zone installed /zones/test_zone native shared
Server Operating Systems | SUN Solaris | June 26, 2008
18
Zone – Booting
# zoneadm -z test_zone boot# zoneadm list -civ
ID NAME STATUS PATH BRAND IP0 global running / native shared25 test_zone running /zones/test_zone native shared
Server Operating Systems | SUN Solaris | June 26, 2008
19
Zone – Console access
■ Switching to console of zone installation (of Solaris OS)
■ System configuration of newly created Solaris OS (timezone, …)
■ Disconnect from console with ~. (tilde dot)
■ Access zone via network: telnet, rlogin, ssh, …
# zlogin –C test_zone[Connected to zone `test_zone` console]
Select a language…
Server Operating Systems | SUN Solaris | June 26, 2008
20
Zone – Halt
# zoneadm –z test_zone halt# zoneadm list -civ
ID NAME STATUS PATH BRAND IP0 global running / native shared- test_zone installed /zones/test_zone native shared
■ Connect to console and halt/reboot virtual system
Server Operating Systems | SUN Solaris | June 26, 2008
21
Zone – Uninstall / Remove
# zoneadm -z test_zone uninstallAre you sure you want to uninstall zone test_zone (y/[n])? y# zoneadm list -civ
ID NAME STATUS PATH BRAND IP0 global running / native shared- test_zone configured /zones/test_zone native shared
# zonecfg -z test_zone deleteAre you sure you want to delete zone test_zone (y/[n])? y# zoneadm list -civ
ID NAME STATUS PATH BRAND IP0 global running / native shared
# ls /etc/zones/SUNWblank.xml SUNWdefault.xml SUNWtsoldef.xml index
Server Operating Systems | SUN Solaris | June 26, 2008
22
Zone – Further Aspects
■ BrandZ
■ Install Linux in Solaris zone
■ RedHat, CentOS, [and Debian]
■ Migration of zones
■ Detach/Attach operations (installed state <-> configured state)
■ Requires same patch level in global zone
■ No live migration
■ Zone clustering
■ Temporary pools and psets
■ …
Server Operating Systems | SUN Solaris | June 26, 2008
23
Solaris Container
■ Container = zone + resource control
■ Zone provides isolated and secure environment
□ File system, process hierarchy
■ Resource control allows to define inter-zone relations
□ Manage resource dependencies
■ Use cases
□ Server consolidation (e.g. web hosting)
□ Isolation of development and production systems
□ …
Server Operating Systems | SUN Solaris | June 26, 2008
24
Agenda
■ SUN Solaris - Overview / Definitions
■ Resource Management
■ Zones / Containers
■ Summary
Server Operating Systems | SUN Solaris | June 26, 2008
25
Summary
■ Solaris container / zones
■ Lightweight virtualization approach
■ Different possible usage scenarios
■ Flexible resource assignment to applications
Server Operating Systems | SUN Solaris | June 26, 2008
26
Assignment
■ SUN Solaris experiments
■ Host: SPARC 4 CPU machine - tb3.asg-platform.org
■ Linux accounts, password = username
■ Alternative: SUN Solaris VMWare Image (see references)
■ Task
□ Diagnosis: DTrace, prstat, ...
□ Configure new zone in serveros pool
□ Create workload
□ Change assigned CPU share for your zone
□ Add/remove one CPU to serveros resource pset
□ Try memory capping
Server Operating Systems | SUN Solaris | June 26, 2008
27
References
■ SUN Solaris documentation
■ Solaris Containers Learning Centerhttp://www.sun.com/software/solaris/containers_learning_center.jsp
■ Solaris 10 Container Leitfadenhttp://de.sun.com/teleweb/virtualisierung/pdf/ptt-leitfaden-solaris-container-v2.0.pdf
■ Price, Tucker:„Solaris Zones: Operating System Support for ConsolidatingCommercial Workloads“https://www.sun.com/bigadmin/content/zones/zones_lisa.pdf
■ Links / other resources
■ Solaris Express Developer Edition – VMWare Imagehttp://developers.sun.com/sxde/download.jsp