Jeff Victor Jeff Isaac Rozenfeld Guide to Harry J. Foxwell Harry J. Sreekanth Setty Sreekanth Menno Lageman Virtualization in the Joost Pronk van Hoogeveen van Joost Pronk Solaris Operating System Solaris Operating Solaris™ Containers The Sun BluePrints™ Sun The
BLUEPRINTS
© 2006 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 USA
All rights reserved.
This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers.
Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California.
Sun, Sun Microsystems, the Sun logo, Sun BluePrints, SunSolve, SunSolve Online, docs.sun.com, Java, UltraSPARC, Sun Fire, and Solaris are trademarks, registered trademarks, or service marks of Sun Microsystems, Inc. in the U.S. and other countries.
UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd.
All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.
AMD and Opteron are trademarks or registered trademarks of Advanced Micro Devices, Inc.
The OPEN LOOK and Sun™ Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non- exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun’s licensees who implement OPEN LOOK GUIs and otherwise comply with Sun’s written license agreements.
RESTRICTED RIGHTS: Use, duplication, or disclosure by the U.S. Government is subject to restrictions of FAR 52.227-14(g)(2)(6/87) and FAR 52.227- 19(6/87), or DFAR 252.227-7015(b)(6/95) and DFAR 227.7202-3(a). DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS HELD TO BE LEGALLY INVALID.
Part No. 820-0001-10 Revision 1.0, 10/11/06
Please Recycle
Contents
Chapter 1: Introduction...... 1 Solaris Containers Technology...... 2 Scope ...... 2
Chapter 2: Resource Management Concepts...... 3 Resource Containment ...... 3 Workload Classification ...... 4 Resource Controls ...... 6 Differentiated Services ...... 6 Virtualization and Containment ...... 7 Application Isolation ...... 8
Chapter 3: An In-Depth Look at Containment and Virtualization...... 11 Containing Services ...... 12 Approaches to Containment ...... 13 Software-Based Containment...... 15 Solaris Containers...... 16 Containment and Virtualization Trade-Offs...... 18 Guidelines for Deploying Solaris Containers...... 20
Chapter 4: Managing Workloads ...... 23 Projects ...... 24 Using Projects to Define Workloads ...... 24 The Project Database ...... 25 Commands ...... 26 Extended Accounting ...... 26 Commands ...... 27
The Fair Share Scheduler ...... 27 CPU Shares ...... 28 CPU Shares Configuration...... 29 Resource Controls ...... 30 Administering Resource Controls ...... 30 Available Resource Controls ...... 31 Determining Thresholds...... 33 Commands ...... 33 Managing Workloads — An Example ...... 33 Requirements ...... 34 Defining the Projects ...... 34 Installing Oracle and Creating the Databases ...... 37 Running Oracle Instances in Different Projects...... 38 Controlling CPU Consumption ...... 40 Using Extended Accounting ...... 44
Chapter 5: Managing Resources...... 49 Processor Sets...... 49 Resource Pools ...... 50 Binding Processes To Pools...... 51 Fair Share Scheduler and Processor Sets ...... 52 Dynamic Resource Pools ...... 52 Automated Resource Allocation ...... 53 Configuration Objectives ...... 54 Monitoring Resource Pools ...... 55 Commands ...... 55 Resource Pools — An Example ...... 55 Creating a Pool...... 58 Binding to a Pool ...... 61 Transferring CPUs ...... 62 Adapting to Load ...... 62 Saving the Dynamic Configuration ...... 64
Chapter 6: Isolating Applications ...... 65 Zones Overview ...... 66 Administering Zones ...... 67 Zone Configuration ...... 68
Contents • October 2006
Installing Zones ...... 68 Virtual Platform Management ...... 69 Zone Login...... 69 Commands ...... 70 Zone Administration ...... 71 File Systems ...... 71 Resource Management ...... 72 Resource Pools...... 72 Extended Accounting...... 72 Fair Share Scheduler and Zones...... 73 Resource Controls ...... 73 Using Zones — An Example ...... 73 Requirements ...... 74 Preparation ...... 74 Creating the First Zone...... 75 Creating the Second Zone ...... 79 Controlling CPU Consumption of Zones...... 83 Controlling CPU Consumption Inside Zones ...... 85 Halting Zones...... 87
Chapter 7: Creating Solaris Containers...... 89 Container Construction...... 91 Creating the Pools ...... 91 Binding Zones to Pools ...... 94 Creating Development Zones...... 94 Creating Development Users and Projects...... 96 Verifying the Configuration...... 97
Chapter 8: Integrating Solaris Containers into the Environment...... 101 Storage Configuration ...... 102 File System Structure ...... 102 File Systems versus Raw Devices ...... 103 Selecting Direct Attached Storage, Network Attached Storage, and Storage Area Networks ...... 103 File System Types ...... 103 General File System Considerations ...... 109 Ability to Mount Read-Write versus Read-Only ...... 109 Backup and Restore ...... 112
Tape Backup...... 113 Disk Snapshot...... 115 Network Configuration...... 115 Dynamic Host Configuration Protocol...... 116 Changing the IP Address for a Zone ...... 116 Routing...... 117 Firewalls and Filters...... 118 Internet Protocol Multi-Pathing and Sun Trunking ...... 118 Subnet Masks ...... 118 Printing ...... 119 Security Risks...... 119 Resource Management ...... 119 Resource Capping ...... 120 Resource Management Using Kernel Parameters ...... 123 Provisioning and Installation ...... 125 Sparse versus Whole Root Models ...... 126 Package Management and Solaris Containers Technology ...... 126 Patch Management and Solaris Containers Technology ...... 127 Flash Archives ...... 127 Security...... 127 Process Rights Management ...... 127 Auditing and Access Control ...... 128 Namespace Isolation and Naming Services ...... 129
Chapter 9: Managing the Environment ...... 131 Sun Management Center Software...... 131 Solaris Container Manager Software ...... 131 Consolidation Tool for Sun Fire Servers ...... 132 Predictive Self-Healing Technology ...... 132 Solaris Containers and Predictive Self-Healing Technology...... 133 Solaris Service Manager Software ...... 134 Working with SMF ...... 137 WorkingTogether ...... 144
Chapter 10: Troubleshooting ...... 147 Methods to Access a Troubled Zone ...... 147 Telnet and Shells ...... 147
Contents • October 2006
User Login with the zlogin Command ...... 148 Zone Console Login ...... 149 Safe-Mode Login ...... 149 Boot Single User...... 150 Network Troubleshooting...... 150
Chapter 11: Putting It All Together—Deploying Sun Java Enterprise System 2005-Q4 on the Sun Fire T2000 Server Using Solaris Containers ...... 151 Deploying Java ES 2005-Q4 on a Sun Fire T2000 Server Using Solaris Zones ...... 152 Configuring Solaris Zones ...... 154 Monitoring and Managing Zones...... 157 Overview of Deploying Sun Java Enterprise System 2005-Q4 on Solaris Zones ...... 158 Deploying Directory Server in Zone-1 ...... 158 Deploying Access Manager in Zone-2...... 160 Deploying Portal Server in Zone-3 ...... 162 Preparing Directory Server for Messaging and Calendar Server Installations ...... 164 Configuring Delegated Admin and Communications CLI for Creating Users ...... 165 Deploying the Messaging Server in Zone-4...... 167 Deploying Calendar Server in Zone-5 ...... 170 Installing Communications Express and Messenger Express in Zone-6 ...... 171 Deploying Messenger Express in Zone-6 ...... 173 Deploying Communications Express in Zone-6 ...... 175 Configuring Single Sign-On for Communications Services Products...... 178 Tuning Sun Java Enterprise System Software for Improved Performance ...... 180 Tuning the Directory Server...... 180 Tuning a Web Container ...... 181 Tuning Access Manager...... 182 Tuning the Portal Server ...... 184 Tuning the Messaging Server...... 185 Tuning the Calendar Server ...... 186 Tuning Communications Express ...... 186 Tuning the Solaris Operating System ...... 186 Sun Java Enterprise System Performance Test Case ...... 187 Overview of the JESMark Benchmark ...... 188 Calendar Workload ...... 188 Logical Architecture...... 189
Testing Scenario...... 190 Performance Results...... 190
Chapter 12: About the Authors...... 193
Chapter 13: Glossary ...... 195
Chapter 14: References ...... 199
Chapter 15: Index...... 203
Contents • October 2006
Acknowledgments
A great deal of effort goes into any book. While it is impossible to name everyone who contributed to, or influenced, the content of this book, it is important to thank those individuals who most directly impacted this significant body of work. In particular, Glenn Brunette, James Carlson, David Collier-Brown, David Comay, Mark de Groot, Mark Huff, Paul Kraus, Holger Leister, John Meyer, Dan Price, and Ray Voight provided keen insight and careful review of the material presented.
In addition, the authors would like to recognize the several groups at Sun, including the Performance, Availability, and Architecture Engineering (PAE) group, Portal Server Performance team, Messaging Server QA team, Java Performance group, Ireland Performance group, Information Products group (IPG), Communications Marketing team, and Solutions Deployment Engineering (SDE) group for their contributions to this book.
Lastly, a special thanks is due to Margaret Bierman and Kemer Thomson, for without them, this book would not exist.
i
ii Acknowledgments • October 2006
Preface
How This Book is Organized