1

Solaris and OpenSolaris

Virtualization
Philip Torchinsky
Solaris Evangelist
Sun Microsystems, Inc.
1
Slide 2
Types of System Virtualization
Solaris Virtualization examples
New in Solaris 1 !"#
$penSolaris %!.& 'emo
What You Will Hear Today
Slide 3
Terminology and Taxonomy
V1%N (( Virtualization
)*S (( )elia+ility, *ccessi+ility,
Scala+ility
,ifferent aspects of V1%N wit- 'ifferent
+enefits, limitations, an' capa+ilities
> .artition / 'ivi'e resources among
wor0loa's " $Ses
> *+straction / -i'e un'erlying 'etails from
wor0loa' " $S
Slide 4
Server Virtualization Categories
Hard Partitions
Virtual Machines OS Virtualization
Resource Mgmt.
Server
$S
*pp
Trend to flexiility
Multiple OS!s Single OS
Trend to isolation
>Very 1ig- )*S
>Very Scala+le
>Mature
Tec-nology
>*+ility to run
'ifferent $S
versions
>*+ility to live
migrate an $S
>*+ility to run
'ifferent $S
versions an'
types
>Very scala+le an'
low over-ea'
>Single $S to manage
>2leanly 'ivi'es
system an'
application
a'ministration
>3ine graine'
resource
management
>Very scala+le
an' low
over-ea'
>Single $S to
manage
>3ine graine'
resource
management
Slide 5
Logical Domains
Server
$S
*pplication
Server
Mail
Ser"
er
#e
Ser"
er
$ile
Ser"
er
*llows
'ifferent $S
versions an'
types
,evices s-are'
+etween
'omains, +ut
some over-ea'
*vaila+le on
all sun%"
platforms
Negligi+le
over-ea' for
-ypervisor
Slide 6
Solaris x! Virtual "achine
Server
$S
*pplication
Server
Mail
Ser"er
#e
Ser"er
$ile
Ser"er
Solaris,
4inux an'
5in'ows
support
Solaris sta+ility
an' functionality
en-ances xVM
4everage x!6
community
1ypervisor
S-are 'evices,
+ut wit- I"$
over-ea'
Slide 7
#ull vs$ %ara&Virtualization
3ull virtualization7
> )uns +inary image of 8metal9
$S
> Must emulate real i"o 'evices
> 2an +e slow"nee' -elp from
-ar'ware
> May use trap an' emulate or
rewriting
.ara:virtualization7
> )uns $S porte' to special arc-
> 2an +e more efficient since it
is -ypervisor aware
Mail
Ser"er
#e
Ser"er
$ile
Ser"er
Server
$S
*pp
Mail
Ser"er
#e
Ser"er
$ile
Ser"er
Server
$S
*pp
$ull Virtualization
Para Virtualization
&ontrol 'omain
Slide 8
OS Virtualization' Solaris zones
Server
$S
*pplication
)esource an'
namespace
isolation
Very
scala+le
1ar'ware
in'epen'ent
&alendar
Ser"er
'ataase
#e
Ser"er
Single $S
eliminates
re'un'ant
a'ministration
Slide 9
> Container = zone + resource control
> Solaris Containers for Linu !""lications #$rand%&
> Solaris 8 in a zone
> Co''ands( zonead'#1&) zonecf*#1&) zlo*in#1&
> +" to 8192 zones in a s,ste'
> -deal for la.s) /ostin* "ro0iders) etc1
Solaris zones
Slide 12
(e) *or +ones in Solaris ,- .-/
Simplifie' 2ontainer )esource Management
> ,e'icate' 2.;s
> 2appe' Memory
> Simplifie' )esource 2ontrols
Networ0 Virtualization / I. Instances
Solaris 2ontainers for 4inux *pplications <=ran'>?
=oot arguments for zones
,Trace in a zone
Slide 11
+ones %rinciples o* Operation
Ma0e resource controls 'ea' simple to set
> rctl aliases for common resource controls, per:
zone
.latform a'min controls 82appe'9 an' 8,e'icate'9
resources
> &apped7 ;pper limit on consumption
>.-ysical memory, loc0e' memory, swap space
> 'edicated7 @ou -ave it, only you -ave it, itAs all
you get
>,ynamically configure' processor pools
*uto:ena+le t-e infrastructure nee'e' for user:
reBueste' features
Slide 12
3e'o( creatin* a zone
Slide 13
0esource Control 1rctl2 3liases
rctl aliases feature ai's setting resource
controls7
Integrate settings for glo+al zone7
zonecfg:endzone> set max-lwps=500
zonecfg:endzone> set cpu-shares=5
zonecfg:endzone> set max-shm-memory=10M
# zonecfg -z global
zonecfg:global> set cpu-shares=10
Slide 14
Dedicated C%4s
New resource7 'e'icate':cpu / one per zone, wit-
multiple properties
Specifies a Buantity of 2.;s availa+le to a zone
;ses new 8temporary pools9
2onfigure' an' enforce' +y t-e glo+al zone
>onecfg syntax7
add dedicated-cpu
set ncpus=1-3
set importance=3
end
Slide 15
Capped "emory
rcap' can now +e use' in t-e glo+al zone to cap
non:glo+al zones
> *utomatically ena+le' w-en cappe' zone +oots
> $+serva+ility via rcapstat
> ;nli0e 0ernel resource controls, rcap' must
actively pus- pages out, so it can lag.
Eventually it ten's to prevail.
New zone resource7 8cappe':memory9
> 2an limit )*M, swap, loc0e' memory using
natural units
> 4imits can +e 'ynamically c-ange'
> Summary memory usage can +e 'isplaye' via
0stat
Slide 16
%hysical "emory Cap
Enforces a maximum amount of physical memory
availa+le to a zone
2onfigure' an' enforce' in t-e glo+al zone
* zoneAs processes can temporarily excee' t-e cap
>onecfg syntax7
add capped-memory
set physical=500m
end
T-is cap can +e mo'ifie' w-ile t-e zone runs7
GZ# rcapadm -z twilight -m 200m
Slide 17
S)ap Space Cap
Specifies a maximum amount of swap space
availa+le to a zone
2onfigure' an' enforce' +y t-e glo+al zone
*n overly aggressive swap cap causes apps to fail
>onecfg syntax7
add capped-memory
set swap=1g end
Swap<1M? not zone:aware
T-is limit can +e c-ange' w-ile t-e zone is
running7
GZ# prctl -n zone!max-swap -" 2g -t #
pri"ileged -r -e deny -i zone twilight
Slide 18
Loc5ed "emory Cap
4imits amount of memory t-at is specifically
mar0e' Anot eligi+le for pagingA
*ffects 'evice:loc0e' memory, ISM, an' mloc0<C2?:
style loc0ing <,ISM, SysV an' mmap<%??
;se of t-is limit is encouraged +ecause t-e
privilege
proc$loc%$memory
will +e in t-e 'efault
set of zone privileges
>onecfg syntax7
add capped-memory
set loc%ed-memory=100m
end
Slide 19
%utting 6t 3ll Together
zonecfg:z1> set max-lwps=500
zonecfg:z1> set cpu-shares=5
zonecfg:z1> set max-shm-memory=10M
zonecfg:z1> add capped-memory
zonecfg:z1:capped-memory> set physical=500m
zonecfg:z1:capped-memory> set swap=2g
zonecfg:z1:capped-memory> set loc%ed-memory=100m
zonecfg:z1:capped-memory> end
zonecfg:z1> add dedicated-cpu
zonecfg:z1:dedicated-cpu> set ncpus=2-&
zonecfg:z1:dedicated-cpu> set importance=3
zonecfg:z1:dedicated-cpu> end
Slide 22
7asy zone cloning )ith +#S
Ma0ing a zone zonecfg -z zone create
Installing a zone zoneadm -z zone install
Clonin* a zone(
zonecfg -z clone1 create -t master
zonecfg -z clone1 set zonepath=/test/opt/clone1
zoneadm -z clone1 clone master
Slide 21
3e'o( clonin* a zone
Slide 22
Solaris Containers *or Linux 3pps
3irst supporte' non:native +ran' / lx
Support for )e' 1at Enterprise 4inux C, 2ent$S
> )1 reBuires license for eac- zone
> )eBuires all of t-e files for t-e 'istri+ution / per
zone
> Sun provi'es no +inaries or 'istri+ution, nor 'o
we c-ange t-e $S to run in =ran'>
Ena+les 4inux +inary applications to run
unc-ange'
2reates a zone for 4inux application execution
> >one -as only 4inux software D runs 4inux init E
scripts
> ,Trace / 4inux .I, an' syscall
Slide 23
Virtual8ox and Solaris
1ost can +e Solaris, 4inux, 5in'ows
Fuest can +e Solaris, 4inux, 5in'ows, etc.
No paravirtualization
1ar'ware virtualization support
Slide 24
3e'o( 4"enSolaris in 5irtual$o
Slide 25
0esources
-ttp7""+logs.sun.com"G+lognameH
> +o+n, Ieffv, +mc, a-l, relling, Ionat-an, 'p,
marc-amilton, a -ost of ot-ers
-ttp7""sun.com"+iga'min
> Sys*'min .ortal / >ones, SM3, 124, 1ow:Tos,
etc.
-ttp7""opensolaris.org
> 2ommunities, user groups, +logs
-ttp7""'evelopers.sun.com
> Solaris ,eveloper Networ0
-ttp7""'ocs.sun.com
> 85-atAs New in Solaris 19
26
Solaris and OpenSolaris
Virtualization
26
Philip.Torchinsky(sun.com