Child pages
  • Building in zones
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Creating a zone for building software

We recommend building all software inside zones, so you can set up a clean development environment and not "pollute" your main operating environment.

This guide below assumes you are on a LAN with DHCP. We will create a crossbow VNIC on your primary network interface (assumed to be e1000g0 here, adapt as necessary), which will operate as if the VNIC was plugged directly into your local LAN.
It is also possible to set up static network addressing on a VNIC, as well as use "shared networking" where the local zone's interface would be an alias of one available to the global zone (a guide mentioning this is available here:
HOW-TO Setup referential build zone for OpenIndiana Addon Consolidations).

Distro Constructor

The Distribution Constructor (the software that produces the final ISO Image) does not work inside a local zone.

Create a zfs filesystem

Here, we are disabling atime and sync to speed up builds. Note that setting sync=disabled may result in data loss in a power loss/system crash scenario, so only enable it for your build environment if you don't mind losing data (from recent writes just before the crash):

pfexec zfs create -o compression=on -o mountpoint=/zones rpool/zones
pfexec zfs create -o sync=disabled -o atime=off rpool/zones/build
Create a crossbow VNIC

If your primary interface is not e1000g0, please substitute for the one that is in use. You can normally find this via "dladm show-phys" or "ifconfig -a".

pfexec dladm create-vnic -l e1000g0 vnic0

If needed, you can also specify binding of the VNIC to a particular VLAN of your external network with -v parameter.

Create the zone
pfexec zonecfg -z zone1
create
set autoboot=true
set zonepath=/zones/build/zone1
set ip-type=exclusive
add net
set physical=vnic0
end
exit
Install the zone

This step will install the zone by downloading packages from the internet:

pfexec zoneadm -z zone1 install
Create a sysidcfg file

This step answers questions you would otherwise have to answer manually via a console-based wizard.

Mount the zone's ZFS dataset so we can access it by running:

sudo zoneadm -z zone1 ready

Now create the sysidcfg file:

pfexec cat <<EOF > /zones/build/zone1/root/etc/sysidcfg
terminal=xterms
network_interface=PRIMARY {dhcp protocol_ipv6=no}
security_policy=none
name_service=NONE
nfs4_domain=dynamic
timezone=UTC
root_password=fto/dU8MKwQRI
EOF

Remark: the encrypted root password shown here is: abc123

Note also that in the example above, your zone will try to receive networking settings via DHCP. It is possible to set static IP addressing for an "ip-type=exclusive" local zone by using traditional Solaris methods with files (relative to zone root): /etc/defaultrouter/etc/hostname.vnic0/etc/netmasks and so on; in this case you might want to disable nwam and dhcp-client in the zone. You may also want to make sure that in the zone's /etc/hosts file the static IP address would be associated with the zone's network name (short hostname and full FQDN), and that name should be used in /etc/hostname.vnic0 instead of an IP address directly.

You can also configure individual ipfilter firewall in the "ip-type=exclusive" zone (GZ's firewall doesn't apply to non-shared LZ networking).

Boot your zone
pfexec zoneadm -z zone1 boot

You will now want to attach to the zone's console and watch it boot, and answer any questions if prompted:

pfexec zlogin -C zone1

You can detach from the console by issuing "~." without quotes (or "~~." over chained Unix ssh).

DNS configuration in the zone

Once the zone has booted, you can copy the DNS resolution settings from GZ into the local zone (if networking is the same):

pfexec cp /etc/resolv.conf /etc/nsswitch.conf /zones/zone1/root/etc/
Final checks

You can now zlogin into the local zone with:

pfexec zlogin zone1

Try pinging some hosts on the internet. Remember to update the root password.

VNIC

  • No labels