Hard vs. Soft Partitioned Zones

A customer recently asked me to explain the difference between hard partitioning versus soft partitioning for Solaris zones.  The context of course was around software licensing because almost all Oracle software is sold and licensed according to the CPU count.  I directed the customer to the following two resources that define Oracle's stance software licensing as it applies to virtual contexts.

http://www.oracle.com/us/corporate/pricing/partitioning-070609.pdf

http://www.sun.com/third-party/global/oracle/consolidation/Containers_Oracle_041305.pdf


The bottom line is that if you use soft partitioning, you will have to pay for all CPU resources in the physical server regardless of the subset that you use for your software.  However, if you use hard partitioning, you only have to pay for the quantity of CPU resources actually used.

Solaris zones supports both partitioning methods.  Before getting into the difference between the two partitioning types, please see my blog post on CPU counting techniques for various UNIX operating systems.

Now back to the topic at hand.  What is the difference between hard partitioning versus soft partitioning as it relates to Solaris zones.  In general terms, a hard partition is a virtual context in which a physical CPU, CPU core or CPU thread is dedicated to a zone.  Once the CPU resource is assigned to the zone, no other zone can use that CPU resource.  Also, when you are logged into the zone, you can only see one CPU resource.

A soft partitioned zone on the other had can have a portion of one or more CPU resources assigned to a zone.  If you were to login to the zone, you would be able to see all available CPU resources.

Let's look at a couple examples using the Zone Manager to create zones and look at the CPU counts from within the zone.

Dedicated CPU Resource Constraint Method

In this example I create a hard partitioned zone by assigning a dedicated CPU ( -p 'dcpu|1) to it.  Then I look at its zone configuration to ensure that it has a single dedicated CPU assigned to it.  Then, I look at the CPU count from within the zone.

# zonemgr -a add -n zt -P password -p 'dcpu|1' -F                                                                            

Zone zt will be placed in the following directory: /zones/zt

Preparing to install zone .

Creating list of files to copy from the global zone.

Copying <7503> files to the zone.

Initializing zone product registry.

Determining zone package initialization order.

Preparing to initialize <1104> packages on the zone.

Initialized <1104> packages on zone.                                 

Zone is initialized.

The file contains a log of the zone installation.

Creating the sysidcfg file for automated zone configuration.

Booting zone for the first time.

Booting zone 'zt'

Waiting for first boot tasks to complete.

Waiting for automatic post-install reboot to complete

Generating ssh host keys.  Details in the (/root/.zonemgr/zone1204-ssh.log) file.

Zone zt is complete and ready to use.

# zonecfg -z zt info dedicated-cpu

dedicated-cpu:

ncpus: 1

# zlogin zt "psrinfo"

0 on-line   since 05/05/2010 01:06:09

Capped CPU Resource Constraint Method

In this example I create a hard partitioned zone by assigning a capped CPU ( -p 'cpu|1) to it.  Then I look at its zone configuration to ensure that it has a single capped CPU assigned to it.  Then, I look at the CPU count from within the zone.

# zonemgr -a add -n zt -P password -p 'cpu|1' -F 

Zone zt will be placed in the following directory: /zones/zt

Preparing to install zone .

Creating list of files to copy from the global zone.

Copying <7503> files to the zone.

Initializing zone product registry.

Determining zone package initialization order.

Preparing to initialize <1104> packages on the zone.

Initialized <1104> packages on zone.                                 

Zone is initialized.

The file contains a log of the zone installation.

Creating the sysidcfg file for automated zone configuration.

Booting zone for the first time.

Booting zone 'zt'

Waiting for first boot tasks to complete.

Waiting for automatic post-install reboot to complete

Generating ssh host keys.  Details in the (/root/.zonemgr/zone7258-ssh.log) file.

# zonecfg -z zt info capped-cpu                                               

capped-cpu:

[ncpus: 1.00]

# zlogin zt "psrinfo"

0 on-line   since 05/05/2010 01:06:09

1 on-line   since 05/05/2010 01:06:20

2 on-line   since 05/05/2010 01:06:20

3 on-line   since 05/05/2010 01:06:22

4 on-line   since 05/05/2010 01:06:24

5 on-line   since 05/05/2010 01:06:26

6 on-line   since 05/05/2010 01:06:28

7 on-line   since 05/05/2010 01:06:30

Now that you understand the fundamental difference between the two partitioning types, perhaps you would like to know how to assign a dedicated CPU count to an existing zone.  That too is very easy with the Zone Manager.  The following example assigns 3 dedicated CPU resources to the zone named "myzone".


# zonemgr -a modify -n myzone -p 'dcpu|3' -F

Note that this assignment isn't adding 3 additional CPU resources to whatever amount that it previously had.  It is designating that total number of CPU resources assigned to the zone is just 3.

To learn more about how to use the Zone Manager, go through the Zone Manager University blog post series.  You can download the Zone Manager by clicking here to try it out for yourself.

That is it for this blog post.

Have a great day!

Brad

Zoned Courier IMAPS In 2 Steps

If you have ever wondered how easy it can be to setup your own private and secure e-mail storage that you access via the secure (e.g. over SSL) Internet Message Access Protocol (IMAP ) protocol, look no further.  This blog post walks you through how to quickly setup a zoned mail store with Courier IMAP delivered by Blastwave.

The first step is to create the non-global zone via the Zone Manager. (download available here).

# zonemgr -a add -F -n imapBrad -s jail -G courier_imap -r /bits \
   -I "192.168.0.88|e1000g1|24|imapbrad" \
   -X /bits/imapSetup -X "/bits/imapUserAdd brad /export/brad"

This invocation of the Zone Manager accomplishes the following:
 1. (-a add) adds a sparse root non-global zone,

 2. (-F) does not prompt for assurance,

 3. (-n imapBrad) names the zone imapBrad,

 4. (-s jail) disables all un-necessary services of the zone,

 5. (-G...) installs Courier imap in the zone,

 6. (-r /bits) read-only mounts the /bits directory from the global zone into the non-global zone,

 7. (-I ...) adds a network interface to the zone,
 8. (-X ...) runs the imapSetup and imapUserAdd scripts in the zone.

Once the imapBrad zone is created, the second step is to login to the imapBrad zone (e.g. zlogin imapBrad) and set the user's password specified by the imapUserAdd script. In my case the user name was brad.  So, I run "passwd brad" in the zone and set brad's password.

Now, you can connect to the IMAP server with your favorite mail client.

Surprisingly, the imapSetup script is very simple.  It does the following six things.

   1. It sets SSLPORT to 993,143,

   2. It sets TLS_PROTOCOL to SSL23,

   3. It sets TLS_STARTTLS_PROTOCOL to SSL3,

   4. it sets IMAPDSSLSTART to YES,
   5. it enables rpc/bind service,
   6. it completes the setup of the famd service (running inetconv).

Here is the contents of the imapSetup script

#!/usr/bin/bash

# Enable SSL2 on TLS so OSX Mail.app will work with IMAP

cd /opt/csw/etc/courier-imap
cp -p imapd-ssl imapd-ssl.new

sed -e "s/^TLS_PROTOCOL=.*/TLS_PROTOCOL=SSL23/g" \
    -e "s/^SSLPORT=.*/SSLPORT=993,143/g" \
    -e "s/^TLS_STARTTLS_PROTOCOL=.*/TLS_STARTTLS_PROTOCOL=SSL3/g" \
    -e "s/^IMAPDSSLSTART=NO.*/IMAPDSSLSTART=YES/g" \
   < imapd-ssl.new > imapd-ssl

rm -f imapd-ssl.new

# Enalbe famd to work properly
svcadm enable rpc/bind
/usr/sbin/inetconv

The imapUserAdd script is also very simple and straight forward.  It simply adds the user with a specific home directory, creates the Maildir directory structure, and sets the permissions of the Maildir directory tree.  Here is the contetnts of the imapUserAdd script
#!/usr/bin/bash

user="${1}"
group='other'
homedir="${2}"
parentdir=$(dirname ${homedir})
mkdir -p "${parentdir}"
useradd -m -d "${homedir}" -s /bin/false ${user}
/opt/csw/bin/maildirmake "${homedir}/Maildir"
chown -R ${user}:${group} "${homedir}/Maildir"

If you would like to further refine the IMAPS configuration, the configuration file (e.g. imapd-ssl) is located in /opt/csw/etc/courier-imap.  The one configuraiton parameter within this file that I needed to configure was the TLS_PROTOCOL.  Note that the configuration changes that I made were what was required to get an iPhone, iPod, iPad and the Mail.app to all use the IMAPS e-mail store properly.

By default, the Courier IMAP software creates a self signed certificate.  It certainly would be more secure to buy and install a CA signed cert instead of using the self signed cert.

Now that you have your own Secure IMAP message store, you will most likely want a fast and efficient way to copy all of your data to the new IMAP server.  One way is to configure your Mail client to connect to both IMAP servers and then drag and drop the folders between the IMAP servers.  However, there is another tool that you could just as easily add to your IMAP server to streamline and simplify the process.  That tool is called imapsync.  To add imapsync to your zone, simply run the following zone manager command.

# zonemgr -F -a modify -n imapBrad -G imapsync

This will download and install imapsync and all of the requisite software from Blastwave. Once imapsync is installed, syncing the contents of for example your GMail account to your new IMAP server could be as easy as running something similar to the following.
/opt/csw/bin/imapsync --noauthmd5 --ssl1 --ssl2 \

   --authmech1 PLAIN --authmech2 PLAIN \

   --host1 imap.gmail.com --user1 brad \

   --host2 192.168.0.88 --user2 brad \

   --passfile1 /export/brad/pw1 \
   --passfile2 /export/brad/pw2 \


In this example, I stored the clear text password for my GMail account in /export/brad/pw1 and the password for my imapBrad account in /export/brad/pw2.  The rest is relatively self explanatory.  To see the full usage of the imapsync command, run imapsync --help.

The imapSetup and imapUserAdd sample scripts are available on the zonemgr download server.

I hope you find this useful.

Have a very blessed day!

Brad

PS: As always, the sample scripts provided are for reference and are not supported in any way.

ZMU 102: How To Manage Zone State

This blog post is the second in a series titled Zone Manager University (a.k.a. ZMU).  Like the previous in the ZMU series, this blog post will demonstrate through examples how to use the Zone Manager.

In this blog post, we will examine how to manage the state of the zone.  By state, I mean is the zone booted or shut down.  Thus, we will be looking at how to boot, reboot, shutdown, halt and some other unqiue state management features of the Zone Manager.

List Zones

In this section, you will learn how to list zones and show the state for each zone.  The Zone Manager provides two actions for determining the state of one or more zones.  The first action shown in this section is the 'list' action.  The zone state information is included in the second column of the output.

Example 1 - List All Zones

# zonemgr -a list

  ID NAME       STATUS     PATH              BRAND    IP    

  39 zone0004   running    /zones/zone0004   native   shared

  40 zone0002   running    /zones/zone0002   native   shared

  41 zone0003   running    /zones/zone0003   native   shared

  42 zone0001   running    /zones/zone0001   native   shared

  43 z1         running    /zones/z1         native   shared
  44 z2         running    /zones/z2         native   shared

Example 2 - List A Specific Zone

# zonemgr -a list -n z1

  ID NAME       STATUS     PATH              BRAND    IP    

  43 z1         running    /zones/z1         native   shared

Example 3 - List Multiple Specific Zones

# zonemgr -a list -n "z1|z2"

  ID NAME       STATUS     PATH              BRAND    IP    

  43 z1         running    /zones/z1         native   shared

Example 4 - List Multiple Zones By Pattern Matching

# zonemgr -a list -n "^z*1$"

  ID NAME       STATUS     PATH              BRAND    IP    

  42 zone0001   running    /zones/zone0001   native   shared

  43 z1         running    /zones/z1         native   shared

Show Zones Status

In this section, you will learn how to show the status of one or more zones. The 'status' action lists the zone name, state, CPU count, CPU type, and uptime per zone.

Example 1 - Show Status Of All Zones

# zonemgr -a status

Zone       State       Cores          Uptime                                

zone0004   running     7 2333 MHz     2:31am  up  1:30,  0 users,  load average: 0.01, 0.04, 0.07

zone0002   running     7 2333 MHz     2:31am  up  1:30,  0 users,  load average: 0.01, 0.04, 0.07

zone0003   running     7 2333 MHz     2:31am  up  1:30,  0 users,  load average: 0.01, 0.04, 0.07

zone0001   running     7 2333 MHz     2:31am  up  1:30,  0 users,  load average: 0.01, 0.04, 0.07

z1         running     7 2333 MHz     2:31am  up  1:27,  0 users,  load average: 0.01, 0.04, 0.07

z2         running     7 2333 MHz     2:31am  up 14 min(s),  0 users,  load average: 0.01, 0.04, 0.07

In this example, we see the status of all the zones.

Example 2 - Show Status Of A Specific Zone

# zonemgr -a status -n z1

Zone       State       Cores          Uptime                                

z1         running     7 2333 MHz     2:31am  up  1:27,  0 users,  load average: 0.01, 0.04, 0.07

In this example, we see the status of a specific zone, z1.

Example 3 - Show Status Of Multiple Specific Zones

# zonemgr -a status -n "z1|z2"

Zone       State       Cores          Uptime                                

z1         running     7 2333 MHz     2:31am  up  1:27,  0 users,  load average: 0.01, 0.04, 0.07

z2         running     7 2333 MHz     2:31am  up 14 min(s),  0 users,  load average: 0.01, 0.04, 0.07

In this example, we see the status of two specific zones, z1 and z2.

Example 4 - Show Status Of Multiple Zones By Pattern Matching

# zonemgr -a status -n "$z*1$"

Zone       State       Cores          Uptime                                

zone0001   running     7 2333 MHz     2:31am  up  1:30,  0 users,  load average: 0.01, 0.04, 0.07

z1         running     7 2333 MHz     2:31am  up  1:27,  0 users,  load average: 0.01, 0.04, 0.07

In this example, we see the status of all zones whose zone names begin with the letter z and end with the number 1.

Booting Or Reboot Zones

In this section, you will learn through four examples how to to boot or reboot one or more zones.

Example 1 - Boot Or Reboot A Single Specified Zone

# zonemgr -F -a boot -n z1

   or

# zonemgr -F -a reboot -n z1

In this example, you boot  or reboot zone z1.

Example 2 - Boot Multiple Specific Zones

# zonemgr -F -a boot -n "z1|z2"

   or

# zonemgr -F -a reboot -n "z1|z2"

In this example, you boot two or reboot zones named z1 and z2.

Example 3 - Boot All Non-Global Zones

# zonemgr -F -a boot -n "*"

   or

# zonemgr -F -a reboot -n "*"

In this example, you boot or reboot all non-global zones on the server.

Example 4 - Boot Multiple Zones By Pattern Matching

# zonemgr -F -a boot -n "^z*1"

   or

# zonemgr -F -a reboot -n "^z*1"

In this example, you boot or reboot all zones whose zone names begin with the letter z and end with the number 1.

Shutdown Or Halt Zones

In this section, you will learn through four examples how to shutdown or halt one or more zones.  Note that shutdown and halt are not the same thing.  Shutdown will attempt to gracefully stop all running processes before halting the server.  The halt action on the other hand forces the zone down in a much less graceful way.

Example 1 - Shutdown Or Halt A Single Specified Zone

# zonemgr -F -a shutdown -n z1

   or

# zonemgr -F -a halt -n z1

In this example, you shutdown  or halt zone z1.

Example 2 - Shutdown or Halt Multiple Specific Zones

# zonemgr -F -a shutdown -n "z1|z2"

   or

# zonemgr -F -a halt -n "z1|z2"

In this example, you shutdown two or halt zones named z1 and z2.

Example 3 - Shutdown or Halt All Non-Global Zones

# zonemgr -F -a shutdown -n "*"

   or

# zonemgr -F -a halt -n "*"

In this example, you boot or halt all non-global zones on the server.

Example 4 - Shutdown or Halt Multiple Zones By Pattern Matching

# zonemgr -F -a shutdown -n "^z*1"

   or

# zonemgr -F -a halt -n "^z*1"

In this example, you shutdown or halt all zones whose zone names begin with the letter z and end with the number 1.

Make Sure Only Specific Zones Are Running

One unique state management feature of the Zone Manager is the "only" action.  The "only" action shuts down all non-global zones but those specified by -n and then boots any of the specified zones that are           not already running.

Example 1 - Shutdown All But A Specific Zone And Boot That Zone

# zonemgr -F -a only -n z1

In this example, you shutdown all but z1 and boot z1 if it was not already running.

Example 2 - Shutdown All But A Specific Zones And Boot Those Zones

# zonemgr -F -a only -n "z1|z2"

In this example, you shutdown all but z1 and z2 and boot z1 and z2 if they were not already running.

Example 3 - Shutdown All But A Pattern Matched Zones And Boot Those Zones

# zonemgr -F -a only -n "^z*1"

In this shutdown all but the pattern matched zones and boot those pattern matched zones if they were not already running.

Conclusion

In this blog post you learned how to mange the state of one or more zones using the Zone Manager. 

The next blog post will look at managing zone networking.

Until next time, have a great day!

Brad