Clustering Solaris Zones/Containers Post: 302187563

Sponsored Content

Operating Systems Solaris Clustering Solaris Zones/Containers Post 302187563 by trouphaz on Monday 21st of April 2008 12:47:43 PM

04-21-2008

Registered User

Quote:

Originally Posted by DukeNuke2

imho this is no knowledge to serach in a forum. this is mission critical and should be done by specialised consultants!

hehe, yeah, when it comes to the implementation phase i'll probably be hitting up Sun for more assistance. at this point i'm trying to find out what others are doing out there to see if has been done before. my preference is to drop the whole virtualization idea entirely and just cluster applications with virtual IPs. i'm willing to give zones (and even LDOMs for that matter) a chance, but so far i don't think either one will give us the availability that we're looking for. basically i want an HA environment that meets the following needs:

1 - can handle hardware failures
2 - can handle OS issues such as panics
3 - needs minimal downtime for system maintenance
4 - provide ability to store application logs all together
5 - can dynamically expand filesystems or add storage to a live system.

so, 1 is straight forward and can be handled by a normal app cluster, clustered zones and clustered ldoms.
2 is straight forward and can be handled by app cluster and clustered zones in a particular configuration. ldoms have the issue that if anything happens to that OS, the app will be down until it can be repaired or restored.
3 can be handled by an app cluster and with clustered zones in a particular config. ldoms can't do this because you have one OS that you are stuck with through failures, patches, etc.
4. app cluster works with this again. if we configure zone cluster so that 2 and 3 are met, then this one can't be without some sort of shared storage option (say NFS or some sort of clustered filesystem). ldoms are fine with this because everything is stuck together anyway, app, os and everything.
5. app cluster is fine with this. ldoms completely fail at this because you need a reboot to modify filesystems or storage. i'm not sure about zones. since zones just remap local filesystems, will they recognize if a filesystem has grown?

By the way, the particular configuration that I mentioned for zones is that you have your zones local instead of on shared storage that you fail over. This is what Symantec recommends for clustered zones. So, you have zone A on server 1 with some hostname. Then you have zone B on server 2 with the same hostname. Then, you just start up the IP on whichever zone you want your end users/clients to connect to. Now you have two separate environments that you maintain which allows for patching of the offline zone while the other one is still servicing clients. The only problem I have then is that I can't seem to find a nice way to migrate the application data between these two zones with the IP and we can't have application logs spread between two zones.

trouphaz

View Public Profile for trouphaz

Find all posts by trouphaz

5 More Discussions You Might Find Interesting

1. Solaris

solaris containers/zones reboot order

Hi, I'm running containers/zones on Solaris 10: SunOS be2900 5.10 Generic_118833-33 sun4u sparc SUNW,Netra-T12 zoneadm list -vc gives: ID NAME STATUS PATH 0 global running / 1 bvsmapp01 running /zones/bvsmapp01 2...

2. Solaris

need help on containers/zones

Hello, I have been using sparc workstations :SUNW,Ultra-5_10 Total 4 such machines. Users use it for mpich programming and all run solaris 8 but I always have hard time maintaining these machines. Authentication for these machines work from solaris 10 using NIS and there are nfs mounts on...

3. Solaris

Solaris 8 Containers

While installing a Solaris 8 zone to a Solaris container I received this message. Anyone have this problem? Patchadd is terminating. Postprocess: Applying p2v module S31_fix_net Postprocess: Applying p2v module S32_fix_nfs Postprocess: Applying p2v module S33_fix_vfstab ...

4. Solaris

difference between zones and containers

Hi Expects, Can broadly explain difference between Zones and containers.

5. Red Hat

Looking for equivalent of Solaris containers/zones in RHEL7 Linux

Hi, I come from a legacy Solaris background with lots of experience with Solaris Containers/zones that we use for network and process isolation from each other. Currently we have a RHEL7 Linux VM running on VMWare, but we would like to segment that VM with some form of containers and achieve...

LEARN ABOUT DEBIAN

shorewall6-nesting

SHOREWALL6-NESTING(5)						  [FIXME: manual]					     SHOREWALL6-NESTING(5)

NAME

       nesting - shorewall6 Nested Zones

SYNOPSIS

       child-zone[:parent-zone[,parent-zone]...]

DESCRIPTION

       In shorewall6-zones[1](5), a zone may be declared to be a sub-zone of one or more other zones using the above syntax. The child-zone may be
       neither the firewall zone nor a vserver zone. The firewall zone may not appear as a parent zone, although all vserver zones are handled as
       sub-zones of the firewall zone.

       Where zones are nested, the CONTINUE policy in shorewall6-policy[2](5) allows hosts that are within multiple zones to be managed under the
       rules of all of these zones.

EXAMPLE

       /etc/shorewall6/zones:

		   #ZONE    TYPE	OPTION
		   fw	    firewall
		   net	    ipv6
		   sam:net  ipv6
		   loc	    ipv6

       /etc/shorewall6/interfaces:

		   #ZONE     INTERFACE	   BROADCAST	 OPTIONS
		   -	     eth0	   detect	 blacklist
		   loc	     eth1	   detect

       /etc/shorewall6/hosts:

		   #ZONE     HOST(S)			 OPTIONS
		   net	     eth0:[::]
		   sam	     eth0:[2001:19f0:feee::dead:beef:cafe]

       /etc/shorewall6/policy:

		   #SOURCE	DEST	    POLICY	 LOG LEVEL
		   loc		net	    ACCEPT
		   sam		all	    CONTINUE
		   net		all	    DROP	 info
		   all		all	    REJECT	 info

       The second entry above says that when Sam is the client, connection requests should first be processed under rules where the source zone is
       sam and if there is no match then the connection request should be treated under rules where the source zone is net. It is important that
       this policy be listed BEFORE the next policy (net to all). You can have this policy generated for you automatically by using the
       IMPLICIT_CONTINUE option in shorewall6.conf[3](5).

       Partial /etc/shorewall6/rules:

		   #ACTION   SOURCE    DEST		     PROTO    DEST PORT(S)
		   ...
		   ACCEPT    sam       loc:2001:19f0:feee::3 tcp      ssh
		   ACCEPT    net       loc:2001:19f0:feee::5 tcp      www
		   ...

       Given these two rules, Sam can connect with ssh to 2001:19f0:feee::3. Like all hosts in the net zone, Sam can connect to TCP port 80 on
       2001:19f0:feee::5. The order of the rules is not significant.

FILES

       /etc/shorewall6/zones

       /etc/shorewall6/interfaces

       /etc/shorewall6/hosts

       /etc/shorewall6/policy

       /etc/shorewall6/rules

SEE ALSO

       shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
       shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5),
       shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),
       shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)

NOTES

	1. shorewall6-zones
	   http://www.shorewall.net/manpages6/shorewall-zones.html

	2. shorewall6-policy
	   http://www.shorewall.net/manpages6/shorewall6-policy.html

	3. shorewall6.conf
	   http://www.shorewall.net/manpages6/shorewall6.conf.html

[FIXME: source] 						    06/28/2012						     SHOREWALL6-NESTING(5)