Solaris Specialist's blog: Migration of Native Solaris Zone (NGZ) to Kernel Zone (KZ)/Logical Domain (LDOM)

Earlier 2 parts of these posts are here:

Part 1: http://solariscat.blogspot.com/2016/05/migration-of-native-solaris-zone-ngz-to.html

Part 2: http://solariscat.blogspot.com/2016/05/migration-of-native-solaris-zone-ngz-to_18.html

Converting a Kernel Zone to a LDOM is a different game altogether.

Unified Archive 101:

To create a Unified Archive of a Native Zone – it doesn’t matter is the native zone is Running or halted.

But to create a Unified Archive of a Kernel Zone – the Kernel zone MUST be Running.

If the Kernel Zone is “down” and you run the archiveadm against it, you will get the below message

root@SolA:~# zoneadm list -icv

ID NAME STATUS PATH BRAND IP

0 global running / solaris shared

- zone1-ngz installed /zones/zone1-ngz solaris excl

- zone1-kz installed - solaris-kz excl

root@SolA:~# archiveadm create -re -z zone1-kz /backup/zone1-kz_reco.uar

Initializing Unified Archive creation resources... Archive creation failed: The following 'solaris-kz' branded zones must be running or excluded from archive creation:

zone1-kz. See /system/volatile/archive_log.1284 on the host system for details.

root@SolA:~#

Bootup the Kernel Zone – zone1-kz & run the archiveadm against it

root@SolA:~# zoneadm -z zone1-kz boot

root@SolA:~# zoneadm list -icv

ID NAME STATUS PATH BRAND IP

0 global running / solaris shared

1 zone1-kz running - solaris-kz excl

- zone1-ngz installed /zones/zone1-ngz solaris excl

root@SolA:~#

Archiveadm will fail!!!

root@SolA:~# archiveadm create -re -z zone1-kz /backup/zone1-kz_reco.uar

Unified Archive initialized: /backup/zone1-kz_reco.uar \

Logging to: /system/volatile/archive_log.1715

Dataset discovery completey... /

Cleaning up archive creation resources, please wait.

Archive creation failed: Guest operation failed: Unable to revert packages. Please check publishers. See /system/volatile/archive_log.2041 in the guest for details.

. See /system/volatile/archive_log.1715 on the host system for details.

root@SolA:~#

Ooops!!! OK. Now login into the Kernel zone to investigate.

root@SolA:~# zlogin zone1-kz

[Connected to zone 'zone1-kz' pts/2]

Last login: Wed May 18 10:29:00 2016 on kz/term

Oracle Corporation SunOS 5.11 11.3 March 2016

root@zone1-ngz:~#

root@zone1-ngz:~# ipadm

NAME CLASS/TYPE STATE UNDER ADDR

lo0 loopback ok -- --

lo0/v4 static ok -- 127.0.0.1/8

lo0/v6 static ok -- ::1/128

net0 ip ok -- --

net0/v4 static ok -- 192.9.200.11/24

net0/v6 addrconf ok -- fe80::8:20ff:fe60:b394/10

As you can see above, this kernel zone has taken up the exact IP address of the Native zone which we used for the conversion. So where is the issue?

Lets look at the publisher status as the archiveadm failed due to “package” related issues.

root@zone1-ngz:~# pkg publisher

PUBLISHER TYPE STATUS P LOCATION

solaris origin online F http://1.1.1.1:10081/

solaris origin online F http://1.1.1.1:10082/

root@zone1-ngz:~#

ahaaaa… now we know the issue!!! Our Kernel Zone zone1-kz doesn’t have an additional NIC (vnic from the etherstub) with 1.1.1.X IP address.

So lets fix it.

Exit and go back to the global zone and get the zone configuration of zone1-kz kernel zone.

root@zone1-ngz:~# exit

logout

[Connection to zone 'zone1-kz' pts/2 closed]

root@SolA:~#

root@SolA:~# zonecfg -z zone1-kz

zonecfg:zone1-kz> info

zonename: zone1-kz

brand: solaris-kz

autoboot: false

autoshutdown: shutdown

bootargs:

pool:

scheduling-class:

hostid: 0x1c3db0c8

tenant:

anet 0:

lower-link: stub0

allowed-address not specified

configure-allowed-address: true

defrouter not specified

allowed-dhcp-cids not specified

link-protection: mac-nospoof

mac-address: auto

auto-mac-address: 2:8:20:60:b3:94

mac-prefix not specified

mac-slot not specified

vlan-id not specified

priority not specified

rxrings not specified

txrings not specified

mtu not specified

maxbw not specified

bwshare not specified

rxfanout not specified

vsi-typeid not specified

vsi-vers not specified

vsi-mgrid not specified

etsbw-lcl not specified

cos not specified

pkey not specified

linkmode not specified

evs not specified

vport not specified

iov: off

lro: auto

id: 0

device 0:

match not specified

storage: dev:/dev/zvol/dsk/zones/zone1-kz/rootdisk0

id: 0

bootpri: 0

virtual-cpu:

ncpus: 2

capped-memory:

physical: 2G

keysource:

raw redacted

zonecfg:zone1-kz>

As you can see, etherstub vnic is already allocated, but after the unified archive was restored on to the Kernel zone zone1-kz, it changed the IP address to that of the native zone zone1-ngz, since the zone1-ngz didn’t have 1.1.1.X IP Address.

Lets add a Vnic from Net0 now & update the zone.

zonecfg:zone1-kz> add anet

zonecfg:zone1-kz:anet> set lower-link=net0

zonecfg:zone1-kz:anet> end

zonecfg:zone1-kz> commit

zonecfg:zone1-kz> exit

root@SolA:~# zoneadm -z zone1-kz apply

zone 'zone1-kz': Checking: Adding anet id=1

zone 'zone1-kz': Checking: Modifying anet id=0

zone 'zone1-kz': Applying the changes

root@SolA:~#

Go back to the zone and make the changes to the IP address.

Net0 should now use dhcp. Net1 shuld use the IP that ha sbeen allocated to Net0 currently.

root@SolA:~# zlogin zone1-kz

[Connected to zone 'zone1-kz' pts/3]

Last login: Thu May 19 10:50:18 2016 on kz/term

Oracle Corporation SunOS 5.11 11.3 March 2016

root@zone1-ngz:~#

root@zone1-ngz:~# ipadm

NAME CLASS/TYPE STATE UNDER ADDR

lo0 loopback ok -- --

lo0/v4 static ok -- 127.0.0.1/8

lo0/v6 static ok -- ::1/128

net0 ip ok -- --

net0/v4 static ok -- 192.9.200.11/24

net0/v6 addrconf ok -- fe80::8:20ff:fe60:b394/10

root@zone1-ngz:~# dladm

LINK CLASS MTU STATE OVER

net0 phys 9000 up --

net1 phys 1500 up --

root@zone1-ngz:~# ipadm

NAME CLASS/TYPE STATE UNDER ADDR

lo0 loopback ok -- --

lo0/v4 static ok -- 127.0.0.1/8

lo0/v6 static ok -- ::1/128

net0 ip ok -- --

net0/v4 static ok -- 192.9.200.11/24

net0/v6 addrconf ok -- fe80::8:20ff:fe60:b394/10

root@zone1-ngz:~# ipadm delete-ip net0

root@zone1-ngz:~# ipadm create-ip net0

root@zone1-ngz:~# ipadm create-ip net1

root@zone1-ngz:~# ipadm create-addr -T dhcp net0

net0/v4

root@zone1-ngz:~# ipadm create-addr -T static -a local=192.9.200.11/24 net1/v4

root@zone1-ngz:~# ipadm

NAME CLASS/TYPE STATE UNDER ADDR

lo0 loopback ok -- --

lo0/v4 static ok -- 127.0.0.1/8

lo0/v6 static ok -- ::1/128

net0 ip ok -- --

net0/v4 dhcp ok -- 1.1.1.10/27

net1 ip ok -- --

net1/v4 static ok -- 192.9.200.11/24

root@zone1-ngz:~# ping 1.1.1.1

1.1.1.1 is alive

root@zone1-ngz:~# ping -s 1.1.1.1

PING 1.1.1.1: 56 data bytes

64 bytes from 1.1.1.1: icmp_seq=0. time=0.771 ms

64 bytes from 1.1.1.1: icmp_seq=1. time=0.239 ms

64 bytes from 1.1.1.1: icmp_seq=2. time=0.361 ms

----1.1.1.1 PING Statistics----

3 packets transmitted, 3 packets received, 0% packet loss

round-trip (ms) min/avg/max/stddev = 0.239/0.457/0.771/0.279

root@zone1-ngz:~#

As you can see, net0 now has 1.1.1.X IP Address and Net1 has the IP address that was previously assigned to net0. Also 1.1.1.1 (the Repository) is now reachable

Lets run Archiveadm once again.

root@SolA:~# archiveadm create -re -z zone1-kz /backup/zone1-kz_reco.uar

Unified Archive initialized: /backup/zone1-kz_reco.uar -

Logging to: /system/volatile/archive_log.1809

Dataset discovery completey... |

Archive stream creation completen... /

Archive creation completessembly...

root@SolA:~#

Now, convert this Unified Archive file into an ISO format

root@SolA:~# cd /backup/

root@SolA:/backup# ls -al

total 3476348

drwxr-xr-x 2 root root 4 May 19 11:53 .

drwxr-xr-x 27 root sys 30 May 19 09:47 ..

-rw-r--r-- 1 root root 926310400 May 19 11:27 zone1-kz_reco.uar

-rw-r--r-- 1 root root 876001280 May 17 20:30 zone1-ngz_reco.uar

root@SolA:/backup# archiveadm create-media -f iso zone1-kz_reco.uar

Initiating media creation...

Image preparation completet... --

Cleaning up...ckup/AI_Archive.iso...

root@SolA:/backup#

With this the ISO image of the Kernel-Zone is Completed.

A file called AI_Arvhive.iso file is created in the /backup location.

Transport this ISO file to another location where you need to create a new LDOM. In my case this is a new VM, I will ftp the file to my laptop.

Point to note: if you have lots of data in your datasets residing in rpool, then the Unified Archive file size will swell significantly. The maximum file size of the Unified Archive File to be successfully converted into an ISO file is 4GB.

In that case, you can skip particular datasets while creating the Unified Archive. Archiveadm provides “-D dataset” option to do this task.

Now, lets see how this ISO image is used to complete the conversion task from Kernel Zone to LDOM/VM.

Create a new LDOM. In my case, it will be a VM over VMware – called SolB.