Sponsored Content
Operating Systems Solaris Network / global zones (Solaris 10 / 8) config recommendations Post 302864011 by BradJM on Tuesday 15th of October 2013 03:48:44 PM
Old 10-15-2013
My /etc/zones/server1.xml file for the zones that I want to communicate with.

Code:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE zone PUBLIC "-//Sun Microsystems Inc//DTD Zones//EN" "file:///usr/shar
e/lib/xml/dtd/zonecfg.dtd.1">
<!--
    DO NOT EDIT THIS FILE.  Use zonecfg(1M) instead.
-->
<zone name="server1" zonepath="/zpool2/server1" autoboot="false" brand="solaris8
">
  <network address="10.10.1.21/24" physical="bge0"/>
  <filesystem special="/install" directory="/install" type="lofs"/>
</zone>
---------------------------- second zone xml file --------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE zone PUBLIC "-//Sun Microsystems Inc//DTD Zones//EN" "file:///usr/shar
e/lib/xml/dtd/zonecfg.dtd.1">
<!--
    DO NOT EDIT THIS FILE.  Use zonecfg(1M) instead.
-->
<zone name="server2" zonepath="/zpool2/server2" autoboot="false" brand="solaris8
">
  <network address="10.10.1.22/24" physical="bge0"/>
  <filesystem special="/install" directory="/install" type="lofs"/>
</zone>

All of the zones will be configured based on the above template xml file. I am looking for something simple; The "/install" is a shared location on the global zone for s/w installs.

global zone is configured on the 192.168.xx.xx network.

The bge1 interface is currently not used / plumbed.


SmilieAhh - found my error for zones not talking between each other; I had a bad IP address in one of the xml files. This overides the non-global host /etc/inet/hosts file entry.

I now have the internal non-global zones talking to each other; the next step is to have two sets of servers configured with a similar zone.xml file (unique IP addresses). From what I remember the 10.10.xx.xx is a private network address so the router/switch will either drop the packets; or not be able to figure out the route to the other machine(s).

So now I have the zones talking to each other; so the next step is to get a few machines running this configuration.

Code:
Sever 1                                                   Server 2
 192.168.x.1     < switch/router>                        192.168.x.2
     10.10.1.1                                            10.10.1.2
     10.10.1.3                                            10.10.1.4
     10.10.1.20                                           10.10.1.40

 

6 More Discussions You Might Find Interesting

1. Solaris

How to access ENV variables of non global zones in global zone???

Hi Guys, My requirement is I have file called /opt/orahome/.profile in non global zone. PATH=/usr/bin:/usr/ucb:/etc:/usr/sbin:/usr/local/bin:/usr/openwin/bin:. export PATH PS1="\${ORACLE_SID}:`hostname`:\$PWD$ " export PS1 EDITOR=vi export EDITOR ENV=/opt/orahome/.kshrc export ENV... (1 Reply)
Discussion started by: vijaysachin
1 Replies

2. Solaris

How to see global hostname by logging in non global zones?

Hi guru Could any one help me by letting me know, how to see global hostname by logging in non global zones Regards (2 Replies)
Discussion started by: girish.batra
2 Replies

3. Solaris

Advanced Sysconfig use when building non-global zones in Solaris 11

I'm in an LDOM. I'm building non-global IP exclusive zones. I am using manifests and profiles to configure the system after install so I don't have to tab through the sysconfig startup dialog everytime I boot a system the first time for settings that never change (DNS, regional data, NTP etc). I... (0 Replies)
Discussion started by: os2mac
0 Replies

4. Solaris

Solaris non-global zone network vlan

Have 2 nics on physical system net0 phys 1500 up -- net1 phys 1500 up -- 1. I want to create a link aggregation with LACP enabled with above 2 nics 2. Create port-group(Like we create on ESXi) with VLAN-ID 2141 3. And assign this... (0 Replies)
Discussion started by: Shirishlnx
0 Replies

5. Solaris

Solaris 10 - rexplorer and Non-Global zones

Hi all - not really a problem as such, but just hoping someone can shed some light. We point rexplorer to multiple Global zones and it works as expected. However, each Non-Global zone get around a hundred of root su'ing to root messages, i.e.: SU 07/14 03:02 + ??? root-root SU 07/14 03:02 +... (5 Replies)
Discussion started by: dlam
5 Replies

6. Solaris

Solaris Global/Zones patching

Issue is : We have Solaris Global with 12 Zones and some have 15 Zones. All the OS version are10. Is it possible to apply patch at Zone level instead of patching at Global level? Please let me know. (10 Replies)
Discussion started by: baladelaware73
10 Replies
SHOREWALL-EXCLUSION(5)						  [FIXME: manual]					    SHOREWALL-EXCLUSION(5)

NAME
exclusion - Exclude a set of hosts from a definition in a shorewall configuration file. SYNOPSIS
!address-or-range[,address-or-range]... !zone-name[,zone-name]... DESCRIPTION
The first form of exclusion is used when you wish to exclude one or more addresses from a definition. An exclaimation point is followed by a comma-separated list of addresses. The addresses may be single host addresses (e.g., 192.168.1.4) or they may be network addresses in CIDR format (e.g., 192.168.1.0/24). If your kernel and iptables include iprange support, you may also specify ranges of ip addresses of the form lowaddress-highaddress No embedded whitespace is allowed. Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the first list and then removing the addresses defined in the exclusion. Beginning in Shorewall 4.4.13, the second form of exclusion is allowed after all and any in the SOURCE and DEST columns of /etc/shorewall/rules. It allows you to omit arbitrary zones from the list generated by those key words. Warning If you omit a sub-zone and there is an explicit or explicit CONTINUE policy, a connection to/from that zone can still be matched by the rule generated for a parent zone. For example: /etc/shorewall/zones: #ZONE TYPE z1 ip z2:z1 ip ... /etc/shorewall/policy: #SOURCE DEST POLICY z1 net CONTINUE z2 net REJECT /etc/shorewall/rules: #ACTION SOURCE DEST PROTO DEST # PORT(S) ACCEPT all!z2 net tcp 22 In this case, SSH connections from z2 to net will be accepted by the generated z1 to net ACCEPT rule. In most contexts, ipset names can be used as an address-or-range. Beginning with Shorewall 4.4.14, ipset lists enclosed in +[...] may also be included (see shorewall-ipsets[1] (5)). The semantics of these lists when used in an exclusion are as follows: o !+[set1,set2,...setN] produces a packet match if the packet does not match at least one of the sets. In other words, it is like NOT match set1 OR NOT match set2 ... OR NOT match setN. o +[!set1,!set2,...!setN] produces a packet match if the packet does not match any of the sets. In other words, it is like NOT match set1 AND NOT match set2 ... AND NOT match setN. EXAMPLES
Example 1 - All IPv4 addresses except 192.168.3.4 !192.168.3.4 Example 2 - All IPv4 addresses except the network 192.168.1.0/24 and the host 10.2.3.4 !192.168.1.0/24,10.1.3.4 Example 3 - All IPv4 addresses except the range 192.168.1.3-192.168.1.12 and the network 10.0.0.0/8 !192.168.1.3-192.168.1.12,10.0.0.0/8 Example 4 - The network 192.168.1.0/24 except hosts 192.168.1.3 and 192.168.1.9 192.168.1.0/24!192.168.1.3,192.168.1.9 Example 5 - All parent zones except loc any!loc FILES
/etc/shorewall/hosts /etc/shorewall/masq /etc/shorewall/rules /etc/shorewall/tcrules SEE ALSO
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5) NOTES
1. shorewall-ipsets http://www.shorewall.net/manpages/shorewall-ipsets.html [FIXME: source] 06/28/2012 SHOREWALL-EXCLUSION(5)
All times are GMT -4. The time now is 02:36 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy