Académique Documents
Professionnel Documents
Culture Documents
Kimberly Chang
OS Ambassador
Solaris 10 Adoption, US Client Solutions
http://webhome.sfbay/kchangs
http://blogs.sun.com/kchangs
Server Virtualization
Solaris Containers and Solaris Dynamic System Domains
Container 4 Container 5
Domain 1 Domain 2
Sun Server
Server Virtualization
• Consolidates multiple applications
• Provides security perimeter between applications
and underlying system
• Makes more effective use of hardware
• Simplifies administration
• Adds flexibility to resource management
• Can be hardware- or software- based
Container Components
• Full Resource Containment - SRM (Solaris 9)
> Provides predictable service levels
• Isolation -Zones (Solaris 10)
> Prevent unauthorized access (security boundary)
> Minimize fault propagation (fault boundary)
• Service Management Application
> Ease of management – GUI Container Manager
Zones
zoneadmd zoneadmd
zone management
zonecfg(1M), zoneadm(1M), zlogin(1), ...
/usr /opt
/aux0/redspace
• Solairs Containers =
Zones + Resource Management
• Oracle license honor Containers (Zones+RM)
> http://oracle.com/corporate/pricing/specialtopics.html
> Running Oracle Database in Solaris 10 Containers Best Practices
- Metalink# 317257.1
FSS Scheduling Class
• CPU allocation is based on “shares” assigned to
projects or zones
> Share defines a guaranteed floor, rather than a cap
> Only impose a limit when there is a shortage of CPU
> Default share value is 1 share
• FSS works within a processor set
• Avoid mixing scheduling classes within a pset
• FSS class can be used for workloads having
different CPU utilization patterns
> e.g. OLTP, DSS, java
Solaris Container
Resource Management – Fair Share Scheduler
App C
App A 20% App A
30% 20% App D
33%
App B App B
33% App C
50%
14%
4
3
5
2
twilight
4
drop
fracture 1 Database
3
Project
global
6
Shares Allocated
to Zones Shares Allocated by
Zone Administrator
2 6 2 6 6
x = x = ~ 7.8%
(3+1+2+1) (4+5+4+3+6) 7 22 77
Enabling FSS Scheduler
• Set FSS to be default scheduler class unpon next reboot
> # dispadmin -d FSS
> 'dispadmin -d' creates /etc/dispadmin.conf
• Dynamically switch to FSS scheduler
> Sysetup init script
> # dispadmin -d FSS
> # /etc/init.d/sysetup start
> 'priocntl' command
> # priocntl -s -c FSS -i all
> # priocntl -s -c FSS -i pid 1
• Verify
> # ps -cafe
> # ps -ef -o user,pid,class,comm
Examples
Single Application Containers
Environment
Application
network services network services network services network services
(named) (Apache, Tomcat) (IWS) (sendmail, IMAP)
hme0:2
hme0:3
zcons
zcons
zcons
zcons
ce0:1
ce0:2
ce0:3
ce1:1
Platform
10 30 60
/usr
/usr
/usr
/usr
Virtual
zoneadmd zoneadmd zoneadmd zoneadmd
storage complex
network device network device network device
(hme0) (ce0) (ce1)
Examples
Multiple Application Containers
global zone (v1280-room3-rack12-2; 129.76.4.24)
oracle1 zone (oracle_ops) oracle2 zone (ora_ta) mail zone (mailserver)
zone root: /zone/oracle1 zone root: /zone/oracle2 zone root: /zone/mail1
15 web service project 60 ora_ops project 70 ora_ta project login services
(Apache 1.3.22) (oracle) (oracle) (SSH sshd)
Environment
Application
10 app service project 0 backup project 20 dba users proj network services
(IAS, J2SE) (sqlplus) (sh, bash, prstat) (sendmail, IMAP)
hme0:2
hme0:1
zcons
zcons
zcons
ce0:2
ce0:3
ce1:1
ce0:1
Platform
70 10
/usr
/usr
/usr
Virtual
zoneadmd zoneadmd zoneadmd
storage complex
network device network device network device
(hme0) (ce0) (ce1)
Sun™ MC – Solaris Container Manager
Manage systems that run the
Solaris 8, 9, and 10 OS
Create/Delete/Modify
Projects
Automatic discovery
of new objects
Recreate a Container on
another system
Manage Solaris Zones
Create new
Zones through a
single wizard
➔This will mount the /local directory from the global to a mount point of
/opt/local in the zone
➔ Useful to share data between zones, using the global zones as a go-between
Example: Zones + UFS
global# zonecfg -z dbzone
zonecfg:red> add fs
zonecfg:red:fs> set dir=/opt/local
zonecfg:red:fs> set special=/dev/dsk/c0d0s7
zonecfg:red:fs> set raw=/dev/rdsk/c0d0s7
zonecfg:red:fs> set type=ufs
zonecfg:red:fs> end
zonecfg:red> verify
zonecfg:red> commit
zonecfg:red> ^D
> Mounts the UFS disk slice /dev/dsk/c0t0d0s7 as /opt/local in the non-
global zone.
> No exposed mount point for this file system in the global zone.
Example: Zones + Raw Devices
global#zonecfg -z zone1
zonecfg:zone1> add device
zonecfg:zone1:device> set match=/dev/rdsk/c0d0s6
zonecfg:zone1:device> end
zonecfh:zone1> add device
zonecfg:zone1:device> set match=/dev/dsk/c0d0s6
zonecfg:zone1:device> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> ^D
pool dbpool
int pool.sys_id 3
boolean pool.active true
boolean pool.default false
int pool.importance 1
string pool.comment
pset dbset
pool pool_default
int pool.sys_id 0
boolean pool.active true
boolean pool.default true
int pool.importance 1
string pool.comment
pset pset_default
Pools Example (Cont.)
pset dbset
int pset.sys_id 1
boolean pset.default false
uint pset.min 1
uint pset.max 1
string pset.units population
uint pset.load 0
uint pset.size 1
string pset.comment
cpu
int cpu.sys_id 0
string cpu.comment
string cpu.status on-line
pset pset_default
int pset.sys_id -1
boolean pset.default true
uint pset.min 1
uint pset.max 1
string pset.units population
uint pset.load 0
uint pset.size 1
string pset.comment
cpu
int cpu.sys_id 1
string cpu.comment
string cpu.status on-line
Pools and Zone
• Bind a zone to a pool
> # poolbind -p dbpool -i zoneid dbzone
• Which pool are you binding to?
> dbzone# poolbind -q $$
25177 dbpool
System Parameter Changes in S10
• Many removed and obsoleleted parameters
> http://docs.sun.com/app/docs/doc/817-0404/6mg74vs90?a=view
• Removed System V IPC parameters
Message Queues Semaphores Shared Memory
msgsys:msginfo_msgmap semsys:seminfo_semmaem shmsys:shminfo_shmmin
msgsys:msginfo_msgmax semsys:seminfo_semmap shmsys:shminfo_shmseg
msgsys:msginfo_msgseg semsys:seminfo_semmns
msgsys:msginfo_msgssz semsys:seminfo_semmnu
semsys:seminfo_semvmx
semsys:seminfo_semume
semsys:seminfo_semusz
Oracle Required
Parameter Recommendation in S10 Resource Control Default Value
SEMNI
(semsys:seminfo_semmni) 100 Yes project.max-sem-ids 128
SEMMNS
(semsys:seminfo_semmns) 1024 No N/A N/A
SEMMSL
(semsys:seminfo_semmsl) 256 Yes project.max-sem-nsems 512
SHMMAX ¼ of physical
(shmsys:shminfo_shmmax) Yes project.max-shm-memory RAM
SHMMIN
(shmsys:shminfo_shmmin) 1 No
SHMMNI
(shmsys:shminfo_shmmni) 100 Yes project.max-shm-ids 128
SHMSEG
(shmsys:shminfo_shmseg) 10 No N/A N/A
Resource Control Commands
• System V IPC parameters not need to be set in /etc/system
• Set on a per-process or per-project basis
• prctl(1)
> # prctl -n process.max-file-descriptor <pid>
> # prctl -n project.cpu-shares -v 10 -r -i project db_project
> # prctl -n project.max-shm-memory -v 10g -r -i project user.oracle
> # prctl -n project.max-shm-memory -i project user.oracle
> # prctl -i project user.oracle
• rctladm (1)
> # rctladm -l
Zones FAQ/Blogs/Info
• http://www.opensolaris.org/os/community/zones/faq
• http://blogs.sun.com/<whomever>
> David Comay (comay)
> Dan Price (dp)
> John Beck (jbeck)
> Andy Tucker (tucker)
• http://www.sun.com/bigadmin/content/zones
• http://www.sun.com/blueprints/
SOLARIS 10 CONTAINERS
Kimberly Chang
kimberly.chang@sun.com
http://webhome.sfbay/kchangs
http://blogs.sun.com/kchangs