Using IP Network Multipathing on a Solaris System With Zones Installed

How to Extend IP Network Multipathing Functionality to Non-Global Zones

Use this procedure to configure IP Network Multipathing (IPMP) in the global zone and extend its functionality to non-global zones.

Each address, or logical interface, should be associated with a non-global zone when you configure the zone. See Using the zonecfg Command and How to Configure the Zone for instructions.

This procedure accomplishes the following:

• The cards bge0 and hme0 are configured together in a group.

• Address 192.168.0.1 is associated with the non-global zone my-zone.

• The bge0 card is set as the physical interface. Thus, the IP address is hosted in the group that contains the bge0 and hme0 cards.

In a running zone, you can use the ifconfig command to make the association. See Network Interfaces and the ifconfig(1M) man page.

You must be the global administrator in the global zone to perform this procedure.

1. Become superuser, or assume the Primary Administrator role.

   To create the role and assign the role to a user, see "Using the Solaris Management Tools With RBAC (Task Map)" in System Administration Guide: Basic Administration.

2. In the global zone, configure IPMP groups as described in "Configuring IPMP Groups" in System Administration Guide: IP Services.

3. Use the zonecfg command to configure the zone. When you configure the net resource, add address 192.168.0.1 and physical interface bge0 to the zone my-zone:

   zonecfg:my-zone> add net zonecfg:my-zone:net> set address=192.168.0.1 zonecfg:my-zone:net> set physical=bge0 zonecfg:my-zone:net> end

   
   

   Only bge0 would be visible in non-global zone my-zone.

More Information
If bge0 Subsequently Fails

If bge0 subsequently fails and the bge0 data addresses fail over to hme0 in the global zone, the my-zone addresses migrate as well.

If address 192.168.0.1 moves to hme0, then only hme0 would now be visible in non-global zone my-zone. This card would be associated with address 192.168.0.1, and bge0 would no longer be visible.

Using the Fair Share Scheduler on a Solaris System With Zones Installed

Limits specified through the prctl command are not persistent. The limits are only in effect until the system is rebooted. To set shares in a zone permanently, see How to Configure the Zone and How to Set zone.cpu-shares in the Global Zone.

How to Set FSS Shares in the Global Zone Using the prctl Command

The global zone is given one share by default. You can use this procedure to change the default allocation. Note that you must reset shares allocated through the prctl command whenever you reboot the system.

You must be the global administrator in the global zone to perform this procedure.

1. Become superuser, or assume the Primary Administrator role.

   To create the role and assign the role to a user, see "Using the Solaris Management Tools With RBAC (Task Map)" in System Administration Guide: Basic Administration.

2. Use the prctl utility to assign two shares to the global zone:

   # prctl -n zone.cpu-shares -v 2 -r -i zone global

   
   

3. (Optional) To verify the number of shares assigned to the global zone, type:

   # prctl -n zone.cpu-shares -i zone global

   
   

See Also

For more information on the prctl utility, see the prctl(1) man page.

How to Change the zone.cpu-shares Value in a Zone Dynamically

You must be the global administrator in the global zone to perform this procedure.

1. Become superuser, or assume the Primary Administrator role.

   To create the role and assign the role to a user, see "Using the Solaris Management Tools With RBAC (Task Map)" in System Administration Guide: Basic Administration

2. Use the prctl command to specify a new value for cpu-shares.

   # prctl -i idtype -n zone.cpu-shares -r -v value

   
   

   idtype is either the zonename or the zoneid. value is the new value.

Using Rights Profiles in Zone Administration

This section covers tasks associated with using rights profiles in non-global zones.

How to Assign the Zone Management Profile

The Zone Management profile grants the power to manage all of the non-global zones on the system to a user.

You must be the global administrator in the global zone to perform this procedure.

1. Become superuser, or assume the Primary Administrator role.

   To create the role and assign the role to a user, see "Using the Solaris Management Tools With RBAC (Task Map)" in System Administration Guide: Basic Administration.

2. Create a role that includes the Zone Management rights profile, and assign the role to a user.

   • To create and assign the role by using the Solaris Management Console, see "Configuring RBAC (Task Map)" in System Administration Guide: Security Services. Refer to the task "How to Create and Assign a Role By Using the GUI."

   • To create and assign the role on the command line, see "Managing RBAC" in System Administration Guide: Security Services. Refer to the task "How to Create a Role From the Command Line."

Example--Using Profile Shells With Zone Commands

You can execute zone commands in a profile using the pfexec program. The program executes commands with the attributes specified by the user's profiles in the exec_attr database. The program is invoked by the profile shells pfksh, pfcsh, and pfsh.

Use the pfexec program to log in to a zone, for example, my-zone.

machine$ pfexec zlogin my-zone

Backing Up a Solaris System With Installed Zones

The following procedures can be used to back up files in zones. Remember to also back up the zones' configuration files.