Contenedores Solaris

En este artículo explico como conseguir una zona de Solaris 11 intentando utilizar la menor cantidad de recursos posibles. Para ello, utilizo la red y los sistemas de ficheros de la zona global, y no arranco los servicios SMF.

Primero configuro una zona normal, que servirá para establecer las ganancias posteriores.

Defino una variable con el nombre de la zona por comodidad

# export ZONENAME=zone1

Configuro la zona

# zonecfg -z ${ZONENAME} create -b set brand=solaris set ip-type=shared add net set address=192.168.170.253/24 set physical=vlan170 end commit exit

Ahora, en vez de instalar con los valores por defecto, aprovecho para ir recortando espacio y servicios, en el manifest y el config de la zona

# vi mainfest.xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE auto_install SYSTEM "file:///usr/share/install/ai.dtd.1"> <auto_install> <ai_instance name="zone_default"> <target> <logical> <zpool name="rpool"> <be name="zbe"> <options> <option name="compression" value="on"/> </options> </be> </zpool> </logical> </target> <software type="IPS"> <software_data action="install"> <name>core-os</name> </software_data> </software> </ai_instance> </auto_install>

# vi config.xml <?xml version='1.0' encoding='US-ASCII'?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <!-- Auto-generated by sysconfig --> <service_bundle name="sysconfig" type="profile"> <service name="system/identity" type="service" version="1"> <instance enabled="true" name="cert"/> <instance enabled="true" name="node"> <property_group name="config" type="application"> <propval name="nodename" type="astring" value="solaris"/> </property_group> </instance> </service> <service name="system/name-service/cache" type="service" version="1"> <instance enabled="true" name="default"/> </service> <service name="system/name-service/switch" type="service" version="1"> <property_group name="config" type="application"> <propval name="default" type="astring" value="files"/> </property_group> <instance enabled="true" name="default"/> </service> <service name="system/keymap" type="service" version="1"> <instance enabled="true" name="default"> <property_group name="keymap" type="application"> <propval name="layout" type="astring" value="Spanish"/> </property_group> </instance> </service> <service name="system/environment" type="service" version="1"> <instance enabled="true" name="init"> <property_group name="environment" type="application"> <propval name="LANG" type="astring" value="C"/> </property_group> </instance> </service> <service name="system/timezone" type="service" version="1"> <instance enabled="true" name="default"> <property_group name="timezone" type="application"> <propval name="localtime" type="astring" value="UTC"/> </property_group> </instance> </service> <service name="system/config-user" type="service" version="1"> <instance enabled="true" name="default"> <property_group name="root_account" type="application"> <propval name="password" type="astring" value="$5$rounds=10000$lDL4x5q8$IlHsdf·Re3f$·iP5AAK8Jj6YF/wnigr$·"d9O825MC"/> <propval name="type" type="astring" value="normal"/> <propval name="login" type="astring" value="root"/> </property_group> </instance> </service> </service_bundle>

Instalación de la zona

# zoneadm -z ${ZONENAME} install -m manifest.xml -c config.xml The following ZFS file system(s) have been created: rpool/VARSHARE/zones/zone1 Progress being logged to /var/log/zones/zoneadm.20200304T094644Z.zone1.install Image: Preparing at /system/zones/zone1/root. Install Log: /system/volatile/install.14837/install_log AI Manifest: /tmp/manifest.xml.KwahVa SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml Zonename: zone1 Installation: Starting ... Creating IPS image Startup linked: 1/1 done Installing packages from: solaris origin: http://pkg.gestio.sys/oracle/ DOWNLOAD PKGS FILES XFER (MB) SPEED Completed 306/306 47432/47432 327.0/327.0 6.5M/s PHASE ITEMS Installing new actions 66258/66258 Updating package state database Done Updating package cache 0/0 Updating image state Done Creating fast lookup database Done Updating package cache 1/1 Installation: Succeeded done. Done: Installation completed in 248.885 seconds. Next Steps: Boot the zone, then log into the zone console (zlogin -C) to complete the configuration process. Log saved in non-global zone as /system/zones/zone1/root/var/log/zones/zoneadm.20200304T094644Z.zone1.install

Vemos lo que ocupa (Solo el paquete core-os, que es lo mínimo que podemos instalar)

# du -sh /system/zones/${ZONENAME} 717M /system/zones/zone1

Hacemos un primer arranque para que configure los servicios

# zoneadm -z ${ZONENAME} boot

Instalamos apache

# zlogin ${ZONENAME} pkg install apache-24 # zlogin ${ZONENAME} svcadm enable apache24

Vemos los procesos arrancados y los recursos utilizados:

# ptree -z ${ZONENAME} 17019 zsched 17093 /usr/sbin/init 17101 /lib/svc/bin/svc.startd 17507 /usr/sbin/ttymon -g -d /dev/console -l console -m ldterm,ttcompat -h -p solaris console login: 17103 /lib/svc/bin/svc.configd 17177 /usr/sbin/sysobjd -d 0 -b 300 -t 300 -n 5 17191 /lib/crypto/kcfd 17202 /usr/lib/pfexecd 17224 /usr/lib/utmpd 17232 /sbin/sh /lib/svc/method/net-ipmgmt start 17233 sleep 3600 17265 /lib/svc/bin/svc.periodicd 17270 /usr/lib/rad/rad -sp 17361 /usr/lib/zones/zoneproxy-client -s localhost:1008 17375 /usr/sbin/rpcbind -w 17389 /usr/lib/fm/fmd/fmd 17437 /usr/sbin/cron 17443 /usr/lib/inet/inetd start 17463 /usr/lib/sstore/bin/sstored --events --repo-path /var/share/sstore/repo --max-repo-size 2048 17471 /usr/sbin/nscd 17489 /usr/sbin/syslogd 17537 /usr/lib/sstore/bin/sysstatd --max-process-size=268435456 17577 /usr/apache2/2.4/bin/httpd -k start 17578 /usr/apache2/2.4/bin/httpd -k start 17579 /usr/apache2/2.4/bin/httpd -k start 17580 /usr/apache2/2.4/bin/httpd -k start # zonestat 5 Collecting data for first interval... Interval: 1, Duration: 0:00:05 SUMMARY Cpus/Online: 8/8 PhysMem: 8192M VirtMem: 9215M ----------CPU---------- --PhysMem-- --VirtMem-- --PhysNet-- ZONE USED %PART STLN %STLN USED %USED USED %USED PBYTE %PUSE [total] 0.01 0.14% 0.00 0.00% 2442M 29.8% 2602M 28.2% 2576 0.00% [system] 0.00 0.02% 0.00 0.00% 1858M 22.6% 1926M 20.8% - - global 0.00 0.10% - - 351M 4.29% 431M 4.68% 2576 0.00% zone1 0.00 0.01% - - 232M 2.83% 244M 2.65% 0 0.00%

Apagamos la zona

# zoneadm -z ${ZONENAME} halt

Lo primero que vamos a hacer es desahabilitar el SMF y arrancamos directamente el Apache:

# echo "run::sysinit:/etc/rc.local >/dev/msglog 2>&1 </dev/console" > /system/zones/${ZONENAME}/root/etc/inittab # vi /system/zones/${ZONENAME}/root/etc/rc.local #!/bin/bash zfs mount rpool/VARSHARE ZONENAME=$(zoneadm list) zoneadm -z ${ZONENAME} mark -a goals-online /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start zoneadm -z ${ZONENAME} mark -a goals-maintenance # chmod +x /system/zones/${ZONENAME}/root/etc/rc.local

En el script de arranque (rc.local), tenemos que montar el /var/share para poder utilizar el comando zoneadm. Con el comando zoneadm marcamos que la zona ha llegado al estado goals-online con lo que el servicio denominado svc:/system/zones/zone:${ZONENAME} de la zona global pasa al estado online.

# zoneadm -z ${ZONENAME} boot # ptree -z ${ZONENAME} 18387 zsched 18461 /usr/sbin/init 18463 /bin/bash /etc/rc.local 18473 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start 18474 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start 18475 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start 18476 /usr/apache2/2.4/bin/httpd -DFOREGROUND -k start # zonestat 5 Collecting data for first interval... Interval: 1, Duration: 0:00:05 SUMMARY Cpus/Online: 8/8 PhysMem: 8192M VirtMem: 9215M ----------CPU---------- --PhysMem-- --VirtMem-- --PhysNet-- ZONE USED %PART STLN %STLN USED %USED USED %USED PBYTE %PUSE [total] 0.00 0.10% 0.00 0.00% 2216M 27.0% 2357M 25.5% 2188 0.00% [system] 0.00 0.02% 0.00 0.00% 1849M 22.5% 1906M 20.6% - - global 0.00 0.08% - - 351M 4.29% 432M 4.69% 2188 0.00% zone1 0.00 0.00% - - 15.3M 0.18% 18.1M 0.19% 0 0.00%

Ahora vemos que hay muchos menos procesos ejecutaádose en la zona, y la memoria a disminuido considerablemente.

Ahora podemos ahorrarnos todo el disco de los binarios, que son exactamente iguales que los de la zona global, para eso montamos los sistemas de ficheros de la zona global (similar a las zonas SMALL de Solaris 10).

Configuramos la zona para montar /usr, /lib y /platform de la zona global:

# zonecfg -z ${ZONENAME} add fs set dir=/usr set special=/usr set type=lofs add options ro end add fs set dir=/lib set special=/lib set type=lofs add options ro end add fs set dir=/platform set special=/platform set type=lofs add options ro end commit exit

Borramos los ficheros de la zona:

# rm -rf /system/zones/${ZONENAME}/root/usr/* /system/zones/${ZONENAME}/root/lib/* /system/zones/${ZONENAME}/root/platform/*

Vemos que se ha liberado el espacio:

# du -sh /system/zones/${ZONENAME} 144M /system/zones/zone1

Por último podemos borrar los snapshots de la instalación: