Create a VNIC on Solaris Nevada (Solaris Express) Builds, and Use It for an Exclusive IP Stack in Zones

July 17th, 2008

Given that I discovered quite a while ago that you can create vnic’s WITHOUT crossbow, in the early 80’s builds (b83+ appears to work), I decided today to try using the vnic’s for exclusive ip stacks in zones. The good news is, it works! The bad news is, besides already being unsupported (as this is Solaris Express), doing things like this is probably super, super unsupported.

So, lets do it.

Create a VNIC:

/usr/lib/vna <physicalAdapter> <fakeMacAddress>

You will get the vnic name returned as “vnic0”, then vnic1, and so on the more times you do this. Always use a different mac address of course, else, fail.

Create a new zone, and when configuring it, set the physical NIC to vnic0, and DO NOT set an address on it.

So, either type the commands below into zonecfg when creating a new zone:

# zonecfg -z <zoneName>
zonecfg:<zoneName>> set ip-type=exclusive
zonecfg:<zoneName>> add net
zonecfg:<zoneName>:net> set physical=vnic0
zonecfg:<zoneName>:net> end
zonecfg:<zoneName>> commit

OR remove the NIC config from an existing zone, and configure the new nic

zonecfg -z <zoneName> "remove net; set ip-type=exclusive; add net; set physical=vnic0; end"

Good to go – now boot the zone, and get on the zone console:

zlogin -C -e \# <zoneName>

Login as root, and then plumb the interface to verify it works:

ifconfig vnic0 plumb

And now, configure the zone like a regular Solaris 10 host, creating the /etc/hostname.vnic0 file, with a hostname in it, editing /etc/hosts, setting up /etc/resolv.conf, /etc/netmasks, /etc/defaultrouter and so on, and you should be good to go!

You may also wish to write a startup script that runs before the zones come up at boot, to avoid the zone boot failing. It will simply need to contain the /usr/lib/vna lines you used above to configure the vnic’s in the first place.

Quick and Easy Way to Build Solaris 10 / Solaris Express Zones

June 24th, 2008

So, maybe you don’t want to spend any time installing JET (JumpStart Enterprise Toolkit) but you do want to build zones in a jumpstart-ish way, that is – quickly and consistently on say, your laptop for example… oh yeah and you want to do it right now!

Well, there’s probably a boat load of other people who have done something similar to this before, but, whatever. I’ve written a quick script to add and remove zones from a solaris 10 (or in this case, a Solaris Express) machine, with very little thought and virtually no questions asked.

The newZone.ksh script will:

  • Perform basic verification that your input is sane, such as checking the NIC is plumbed, IP is valid-ish, Zone doesn’t exist
  • Default to autoboot the zone
  • Use your existing /etc/sysidcfg, changing only the hostname (easily modifiable for more complex setups)
  • Allow for post-install scripts to be run, but you must add them yourself (or ask and I’ll give you my basic one).

The rmZone.ksh has basically no error checking, and the script will simply:

  • Halt the running zone immediately
  • Uninstall the zone
  • Delete the zone’s config

The scripts should be relatively easy to follow, and modifable as you see fit. Please don’t redistribute a modified version without my permission.

UPDATE 14 July 2008: Zone Creation Scripts updated to:

  • Improve handling of invalid input
  • Resolve bug with sparse zone creation

Additional notes added to this post you must read if you have not installed the zone host from jumpstart (you will need to create a sysidcfg similar to the example)

You can grab the scripts in the tar file at:
http://unixsysadmin.net/files/zone-scripts.tar

Usage:

newZone.ksh <zoneName> <physicalNIC> <zoneIP> [whole | sparse]
rmZone.ksh <zoneName>

Sample run:

bash-3.2# ./newZone.sh ldapm1 rtls0 192.168.0.2 whole
INFO: Zone does not exist, OK to create
INFO: Physical NIC exists, OK to use
INFO: IP Address is probably OK
INFO: ZoneType is OK
INFO: Configuring Zone...
INFO: Creating a whole zone in /export/zones/ldapm1
Preparing to install zone <ldapm1>.
Creating list of files to copy from the global zone.
Copying <206279> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <1358> packages on the zone.
Initialized <1358> packages on zone.
Zone <ldapm1> is initialized.
.
.
.
[NOTICE: Zone rebooting]

SunOS Release 5.11 Version snv_92 64-bit
Copyright 1983-2008 Sun Microsystems, Inc.  All rights reserved.
Use is subject to license terms.
Hostname: ldapm1
Reading ZFS config: done.
ldapm1 console login:

And we’re good to go!

NOTE for Non-Jumpstarted Machines: The scripts assume the host of your zones was jumpstarted, and as such, has an /etc/sysidcfg file. If it does not, you will want to have one somewhere, by default it looks at /etc/sysidcfg.

For simplicity, you could create one that looks something like this (with the correct paramaters, of course)

  system_locale=en_AU.ISO8859-1
  timezone=Australia/Sydney
  timeserver=localhost
  terminal=vt100
  name_service=DNS {domain_name=<your domain>
                        name_server=<your name server>
                        search=<your search domain>}
  security_policy=NONE
  root_password=<a crypt version of your password>
  network_interface=primary {hostname=<your host name>
                        netmask=<your netmask>
                        protocol_ipv6=no
                        default_route=<your default route>}
  nfs4_domain=<your domain name>

replacing all the bits in the < >, and the <hostname> bit with your systems hostname – this is important as the script uses sed to replace this value with your zone’s hostname, if you do not do this, you will get asked all the questions from the installer, and all of a sudden, the automated build isn’t so automated!

Random Script of the week – I’m not your friend, guy!

May 21st, 2008

You may of recently viewed a South Park Episode where the Canadians decide to go on strike, because they need more money.

Now, you can reminisce with this small script and a bash shell. Just grab sp.sh and you’re good to go, hoorah.