Container (Solaris)

from Wikipedia, the free encyclopedia

Solaris containers or Solaris zones are the implementation of the operating system - virtualization for x86 - and SPARC systems, which was introduced by Sun Microsystems in 2005 as part of Solaris 10. The terms container and zone are usually used interchangeably; Strictly speaking, only a zone with resource management (i.e. limitation and distributed allocation of CPU , memory and network ) is called a container .

Zones act as completely isolated virtual servers within an operating system instance. By consolidating groups of application services on a system and placing them individually in isolated containers, system administrators can reduce the overall cost of a system while providing the protection mechanisms that would otherwise require separate machines.

terminology

There is always at least one zone, the so-called global zone . The other zones are managed by this and are called non-global zones . The term local zone has become established, but the manufacturer advises against its use.

The global zone contains all of the system's processes, including those that run in a non-global zone. The word zone (for example also in this article) often stands for non-global zone .

description

Each zone is assigned its own host name , virtual network cards , and storage. There is no requirement as to which hardware is allocated to the zone other than the disk space required to store the zone configuration. In particular, no dedicated CPUs, memory areas, physical network cards or host bus adapters need to be assigned to a zone , although this is entirely possible.

Each zone is surrounded by a security boundary that prevents any process in one zone from interacting with or observing others. Each zone can be configured with its own list of user accounts . Conflicts of numerical user IDs are automatically resolved by the system; For example, two zones of a system can each have a user defined with the identifier 10000; both would have their own global identifier in the overall system.

A zone can be assigned to a resource pool (a number of processors and a priority class), or its resource shares can be obtained via fair share scheduling . A zone can be in one of the following states:

  • Configured : The configuration is complete and saved
  • Incomplete : Intermediate state during installation or deinstallation
  • Installed : The packages are fully installed
  • Ready : The virtual platform has been created
  • Running (active): The zone was successfully started up and is now running
  • Shutting down (when shutting down): Intermediate state: The zone is being shut down; the state ends in the Down state.
  • Down (switched off): Intermediate state: The zone has been completely shut down; the status eventually changes to Installed .

Some programs cannot be run from non-global zones. Since a zone does not have its own kernel (in contrast to a virtual machine ), applications that manipulate the system kernel or have to access the memory area of ​​the system kernel directly cannot run within a container.

Resource requirements

The additional CPU and memory load caused by the zones is very low. 8191 non-global zones can be created within a single operating system instance. Sparse zones , in which most of the file system content is shared with the global zone, can get by with just 50 megabytes of disk space. Whole root zones , where each zone contains its own set of operating system files, can be anywhere from a few hundred megabytes to several gigabytes, depending on the software installed.

Even with whole root zones, the disk space requirement can be negligible if the file system of the zone is a ZFS clone of the memory image of the global zone, since only the blocks that differ from the snapshot image need to be saved on the disk. This process also enables the creation of new zones in a few seconds.

Branded Zones

Although all zones use the kernel together, the branded zones (or BrandZ ) allow the creation of zones that have an operating system that differs from the global zone. The supported types ( brands ) fall into two categories (as of October 2009):

  • Brands that do not require translation of operating system calls:
    • native , the default for Solaris 10
    • ipkg , the default setting for OpenSolaris
    • cluster , the Solaris for cluster is used
    • labeled for zones in a Solaris Trusted Extensions environment
  • Brands with translation of operating system calls:
    • solaris8 provides a Solaris 8 environment on a Solaris 10 system (only for SPARC systems)
    • solaris9 provides a Solaris 9 environment on a Solaris 10 system (only for SPARC systems)
    • lx provides an environment with Red Hat Enterprise Linux 3 on a Solaris 10 system (only for x86 systems)
    • s10brand provides a Solaris 10 environment on OpenSolaris or Oracle Solaris 11.

The fire in a zone is determined when it is created.

Limitation for NFS

The standard NFS server from Solaris is implemented in the kernel and can therefore not be used for exports to non-global zones. Third-party NFS servers that are not implemented in the Solaris kernel may work.

Individual evidence

  1. PTT Guide ( Memento of the original from August 13, 2011 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. , 2.1.1 @1@ 2Template: Webachiv / IABot / www.dvs.tu-darmstadt.de
  2. Zones and Containers FAQ ( Memento of the original from April 21, 2011 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.  @1@ 2Template: Webachiv / IABot / hub.opensolaris.org
  3. OpenSolaris Project: s10brand. (No longer available online.) OpenSolaris Project, archived from the original on June 5, 2009 ; Retrieved May 10, 2009 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / opensolaris.org
  4. RFE: Zones should be able to be NFS servers. (No longer available online.) In: OpenSolaris BugTracker. December 7, 2003, archived from the original on September 27, 2007 ; Retrieved February 20, 2007 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / bugs.opensolaris.org
  5. NFS server in zones. (No longer available online.) In: zones-discuss. February 14, 2007, archived from the original on September 29, 2007 ; Retrieved February 20, 2007 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.opensolaris.org

Web links