Description
1. About Solaris Zones
Solaris Zones is a software partitioning technology, which provides a means of virtualizing operating system services to create an isolated environment for running applications. This isolation prevents processes that are running in one zone from monitoring or affecting processes running in other zones
After installing Oracle Solaris 10 on a system, but before creating any zones, all processes run in the global zone. After you create a zone, it has processes that are associated with that zone and no other zone. Any process created by a process in a non-global zone is also associated with that non-global zone. Any zone which is not the global zone is called a non-global zone.
The default native zone file system model on Oracle Solaris 10 is called "sparse-root." Sparse-root zones optimize physical memory and disk space usage by sharing some directories, like /usr and /lib. Sparse-root zones have their own private file areas for directories like /etc and /var. Whole-root zones increase configuration flexibility but increase resource usage. They do not use shared file systems for /usr, /lib, and a few others
2. File Systems
Each non-global zone has its own file system name space, although a file system can be shared among zones. The global zone file systems can be loopback-mounted into a zone using lofs. In addition to lofs, file systems can be locally mounted in a non-global zone.
2.1. Shared access to file systems
File systems that were previously created in the global zone can be made available in the non-global zone using a loopback file system mount. This functionality is especially useful when the sole purpose of making the file system available in the non-global zone is to share access of this file system with one or more non-global zones.
Let’s assume, we want to share a file system /mnt/fs1 from global zone with the non global zone myzone. The following commands in the global zone share access of file system with the non-global zone myzone :
global# zonecfg -z myzone
zonecfg:myzone> add fs
zonecfg:myzone:fs> set dir=/fs1
zonecfg:myzone:fs> set special=/mnt1/fs1
zonecfg:myzone:fs> set type=lofs
zonecfg:myzone:fs> end
zonecfg:myzone> commit
The file system is mounted in the non global zone in /fs1 directory. The value of dir is a directory in the non-global zone where the file system will be mounted. The value of special is a directory in the global zone which is to be mounted in the non-global zone.
2.2. Exclusive access to file systems in non-global zone
Exclusive access of a file system can be delegated to a non-global zone by direct mounting the file system in the non-global zone. Using direct mounts limits the visibility of and access to the file system to only the non-global zone that has direct mounted this file system. To direct mount a file system in a non-global zone, the directory to mount must be in the non-global zone and the mount must take place from the global zone
global# mount -F vxfs /dev/vx/dsk/dg/vol1 /zonedir/zone1/root/dirmnt
3. Devices
Devices, in general, are shared resources in a system. To make devices available in a non-global zone, therefore, requires some restrictions so that system security is not compromised.
The
/dev name space consists of symbolic links (logical paths) to the physical paths in
/devices . The
/devices name space, which is available only in the global zone, reflects the current state of attached device instances created by the driver. Only the logical path
/dev is visible in a non-global zone.
To export the device to the non global zone, run the following commands in the global zone:
zonecfg:myzone> add device
zonecfg:myzone:device> set match=/dev/rdsk/c1t0d0s0
zonecfg:myzone:fs> end
zonecfg:myzone> add device
zonecfg:myzone:device> set match=/dev/dsk/c1t0d0s0
zonecfg:myzone:fs> end
zonecfg:myzone:fs> commit
To mount the device in the non-global zone, run the following commands in non global zone:
myzone# newfs /dev/rdsk/c1t0d0s0
myzone# mount /dev/dsk/c1t0d0s0 /usr/mystuff
4. Netbackup RealTime Client on Solaris Zones
The Veritas Netbackup RealTime client will always be running in the Solaris global zone when the HBA’s are present in global zone. To create an application for the data in the non global zones and protecting that application, user can use approaches mentioned below:
Ø Install the Netbackup client in global zone.
Ø Install the Netbackup RealTime client in global zone.
Ø Share the file system between global zone and non global zone (refer to commands mentioned in section 2.1 above).
Ø Specify global zone file system as the backup selection from Netbackup client.
Netbackup RealTime client requires the user to handle the sharing of file systems between global zone and non global zone at backup as well as restore time.
5. Protecting Oracle database in Solaris non-global zones
Netbackup Realtime does not currently support RMAN / DB agent based backups for this configuration. It supports file system based backups as described below.
Ø Install the Netbackup client in global zone.
Ø Install the Netbackup RealTime client in global zone.
Ø Share the file systems between global zone and non global zone by referring 2.1 above. The Oracle datafile, controlfiles, redo logs and archived redo logs will reside on these file systems
File system in global zone: /mnt/fs1
File system in non global zone: /fs1
Ø The Oracle files will be accessible from the /fs1mount point in the non global zone.
Ø Create a standard Netbackup policy. Assume the policy name is OraclePolicy, then set the following policy attributes:
o Set the policy attributes for Snapshot client.
o Select the Snapshot method as CDP and provide the Netbackup RealTime appliance host name.
o Select the file system from the global zone which is shared with the non global zone and contains the Oracle files. This file system will be protected by the Netbackup client.
o Add the host name of the global zone in the client list of the Netbackup policy.
Ø For the backup of Oracle database in the local zone, perform the following steps:
o From the global zone, connect to the database in the non global zone and put the database in backup mode.
o Take a snapshot of the file system from the global zone using policy OraclePolicy.
o From the global zone, connect to the database in the non global zone and put the database out of the backup mode.
o For performing the database operations from the global zone, the pre and post snapshot scripts can be used.
