uplink-gemini/articles/2016-10-12_000-linux-zone-v-omnios.gmi

# Linux zone v Omnios

Torej … Zone. To je lahka virtualizacija znotraj Solarisa. Gre za … jaile iz FreeBSD na stereoidih, kontainerje … Lahko so tipa solaris, ali pa linux (LX brand). No, takšne solarisove je enostavno narediti, ta funkcionalnost je delovala že ves čas. Ta mesec pa so razvijalci v Omnios dodali tudi možnost Linux zone. V bistvu je ta funkcionalnst nekoč, pred davnimi časi, že delovala. Vendar je po tem, ko je Oracle opustil OpenSolaris, malo propadala. Nihče je ni posodabljal in popravljal problemov, ki so nastali z razvojem Linuxa. No, pred kratkim so funkcionalnost obudili pri Joyent Smartos, zdaj pa je na voljo tudi v Omnios. Funkcionalnost nam omogoča, da na Omnios znotraj kontejnerja poženemo Linux, znotraj tega pa Linux software, ki ni na voljo za Omnios. Zone je tako lahka virtualizacija, da v bistvu ne izgubimo performansov (kot bi jih pri polni virtualizaciji z npr. KVM ali virtualBox). Deluje s hitrostjo sistema na “bare metal”. Poleg tega pa ohranimo vse prednosti ZFS in Omnios okolja

Pa začnimo. Najprej naredimo virtualni omrežni adapter:

```
root@server:/root# dladm create-vnic -l bge0 lxzone0
```

Pred začetkom bo treba namestiti paket s podporo za lx branded zones:

```
root@server:/root# pkg install lx
```

Nadaljujemo z ustvarjanjem datotečnega sistema na katrem bomo imeli zone:

```
root@server:/root# zfs create /tank/zones
```

In zdaj ustvarimo opis virtualnega strežnika:

```
root@server:/root# zonecfg -z lxzone export
lxzone: No such zone configured
root@server:/root# zonecfg -z lxzone
lxzone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:lxzone> create -b
zonecfg:lxzone> set zonepath=/tank/zones/lxzone
zonecfg:lxzone> set brand=lx
zonecfg:lxzone> set autoboot=false
zonecfg:lxzone> set ip-type=exclusive
zonecfg:lxzone> add net
zonecfg:lxzone:net> set physical=lxzone0
zonecfg:lxzone:net> add property (name=gateway,value="192.168.5.1")
zonecfg:lxzone:net> add property (name=ips,value="192.168.5.69/24")
zonecfg:lxzone:net> add property (name=primary,value="true")
zonecfg:lxzone:net> end
zonecfg:lxzone> add attr
zonecfg:lxzone:attr> set name=dns-domain
zonecfg:lxzone:attr> set type=string
zonecfg:lxzone:attr> set value=lxzone
zonecfg:lxzone:attr> end
zonecfg:lxzone> add attr
zonecfg:lxzone:attr> set name=resolvers
zonecfg:lxzone:attr> set type=string
zonecfg:lxzone:attr> set value=192.168.5.1
zonecfg:lxzone:attr> end
zonecfg:lxzone> add attr
zonecfg:lxzone:attr> set name=kernel-version
zonecfg:lxzone:attr> set type=string
zonecfg:lxzone:attr> set value=2.6.32
zonecfg:lxzone:attr> end
zonecfg:lxzone> verify
zonecfg:lxzone> commit
zonecfg:lxzone> exit
```

S spleta prenesmo sliko sistema:

Na voljo so slike na tej strani: https://docs.joyent.com/public-cloud/instances/infrastructure/images/ubuntu#ubuntu-1604

```
root@server:/root# wget https://images.joyent.com/images/0be607d2-8b61-11e6-bf98-03750d422a79/file
--2016-10-12 16:58:47--  https://images.joyent.com/images/0be607d2-8b61-11e6-bf98-03750d422a79/file
Resolving images.joyent.com (images.joyent.com)... 165.225.156.123
Connecting to images.joyent.com (images.joyent.com)|165.225.156.123|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 286693599 (273M) [application/octet-stream]
Saving to: ‘file’

file                100%[===================>] 273,41M   667KB/s    in 7m 3s   

2016-10-12 17:05:52 (662 KB/s) - ‘file’ saved [286693599/286693599]

root@server:/root# mv file centos68.gz
```

Inštaliramo zone iz slike sistema, ki smo jo prenesli s spleta:

```
root@server:/root# zoneadm -z lxzone install -s /root/centos68.gz
A ZFS file system has been created for this zone.
```

Zdaj, ko je vse nameščeno, lahko virtualni strežnik zaženemo:

```
root@server:/root# zoneadm -z lxzone boot
zone 'lxzone': SELINUX=enforcing
zone 'lxzone': 
```

Zdaj se lahko prijavimo v sistem in izvedemo osnovne nastavitve …

```
root@server:/root# zlogin lxzone
[Connected to zone 'lxzone' pts/4]
   __        .                   .
 _|  |_      | .-. .  . .-. :--. |-
|_    _|     ;|   ||  |(.-' |  | |
  |__|   `--'  `-' `;-| `-' '  ' `-'
                   /  ;  Instance (CentOS 6.8 20161006)
                   `-'   https://docs.joyent.com/images/container-native-linux

[root@lxzone ~]# ifconfig -a
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MULTICAST  MTU:8232  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lxzone0   Link encap:Ethernet  HWaddr 02:08:20:DB:A8:94  
          inet addr:192.168.5.69  Bcast:192.168.5.255  Mask:255.255.255.0
          inet6 addr: fe80::8:20ff:fedb:a894/10 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:101 errors:0 dropped:0 overruns:0 frame:0
          TX packets:55 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:6708 (6.5 KiB)  TX bytes:4045 (3.9 KiB)

[root@lxzone ~]# ping server.dev
PING server.dev (192.168.5.105) 56(84) bytes of data.
64 bytes from server.dev (192.168.5.105): icmp_seq=1 ttl=255 time=0.234 ms
64 bytes from server.dev (192.168.5.105): icmp_seq=2 ttl=255 time=0.163 ms
64 bytes from server.dev (192.168.5.105): icmp_seq=3 ttl=255 time=0.191 ms
^C
--- server.dev ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2817ms
rtt min/avg/max/mdev = 0.163/0.196/0.234/0.029 ms
[root@lxzone ~]# ping www.arnes.si
PING lajnar.arnes.si (193.2.1.67) 56(84) bytes of data.
64 bytes from lajnar.arnes.si (193.2.1.67): icmp_seq=1 ttl=250 time=2.25 ms
64 bytes from lajnar.arnes.si (193.2.1.67): icmp_seq=2 ttl=250 time=2.30 ms
64 bytes from lajnar.arnes.si (193.2.1.67): icmp_seq=3 ttl=250 time=1.81 ms
64 bytes from lajnar.arnes.si (193.2.1.67): icmp_seq=4 ttl=250 time=1.69 ms
^C
--- lajnar.arnes.si ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3739ms
rtt min/avg/max/mdev = 1.696/2.015/2.300/0.266 ms
[root@lxzone ~]# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is 1c:36:52:2b:be:ed:b3:2e:12:3e:eb:dd:95:57:46:1d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[root@lxzone ~]# adduser matjaz
[root@lxzone ~]# passwd matjaz
Changing password for user matjaz.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[root@lxzone ~]# logout

[Connection to zone 'lxzone' pts/4 closed]
root@server:/root# zlogin lxzone
root@server:/root#
```

Za omogočenje oddaljene ssh prijave, je treba urediti nastavitve sshd strežnika.

```
[root@lxzone ~]# vi /etc/ssh/sshd_config
```

Nastavitev PasswordAuthentication je treba omogočiti in nastaviti na yes. Nastavitve shranimo in ponovno zaženemo sshd:

```
[root@lxzone ~]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]
```

Zdaj se lahko prijavimo v virtualni strežnik s ssh:

```
macbook:~ matjaz$ ssh matjaz@192.168.5.69
matjaz@192.168.5.69's password: 
Last login: Wed Oct 12 17:57:39 2016 from macbook.dev
   __        .                   .
 _|  |_      | .-. .  . .-. :--. |-
|_    _|     ;|   ||  |(.-' |  | |
  |__|   `--'  `-' `;-| `-' '  ' `-'
                   /  ;  Instance (CentOS 6.8 20161006)
                   `-'   https://docs.joyent.com/images/container-native-linux

[matjaz@lxzone ~]$ uname -a
Linux lxzone 2.6.32 BrandZ virtual linux x86_64 x86_64 x86_64 GNU/Linux
[matjaz@lxzone ~]$ 
```

In … deluje :)