Inside the Zone

Task: You have to install some application packages in the zone and create users.

Lab: Log in in the zone, create a user and install a web server application.

root@solaris:~# zlogin zone1 
root@zone1:~# 

Play around with the usual sysadmin commands. How can you tell if you are in a zone or not? First, try ps -ef. Do you see anything unusual? Yes, you are right, the process IDs don't start with 0, but with some big number. Other than that, no visible difference between the normal Solaris installation and the zone. Try uname -a, psrinfo, cat /etc/release... Check if you can access the Internet by pinging oracle.com.

Now let's do something useful with the zone. Like running a web server, for example. Let's install and run Apache.

root@zone1:~# pkg list -a *apache* 
. . .Skipped. . . 
web/server/apache-22 2.2.22-0.175.1.0.0.24.0  ---. 
. .Skipped. . . 
root@zone1:~# pkg install apache-22 
. . .Skipped. . . 

We've installed it successfully, but it's not running yet.

root@zone1:~# svcs -a | grep apache 
disabled 6:31:42 svc:/network/http:apache22 

Start the Apache web server:

root@zone1:~# svcadm enable apache22 
root@zone1:~# svcs -a | grep apache 
online 6:34:03 svc:/network/http:apache22 

Check if it's working from your global Solaris zone (your Solaris desktop): start Firefox and enter your zone's IP address into the URL field: 10.0.2.21. It works! -- the page usually reads.

Check if it's your zone who is talking. Go back to the zone's terminal window and change your web server homepage (I'm using vi here, as we don't have many choices in a freshly installed zone. If you are not familiar with vi, check our Vi Quick Reference below):

root@zone1:~# vi /var/apache2/2.2/htdocs/index.html 

Write here something like "This is Zone1 and it works!" and save the file. Make sure you use w! (with the exclamation sign) to save the read-only file. Now reload the page in Firefox in your Solaris desktop. Did it work? Congratulations!

Vi Quick Reference

If you're unfamiliar with vi, following are a few common keyboard commands to get you through this exercise:
i = switch to Insert mode
Use Insert mode to type in your text.
Esc = switch to Command mode
In Command mode use:
k = up
j = down
w = right or forward one word
b = left or back one word
l = right 1 char
h = left 1 char
x = delete 1 char
u = undo
dd = delete entire current line
:w = write (save) the current file
:wq = write and quit
:w! = write to a read-only file
:q! = quite ignoring changes (do not write)

What else do we need? Try to create users in the zone.

root@zone1:~# useradd -m jack 
root@zone1:~# passwd jack
New Password: oracle1 (will not be displayed) 
Re-enter new Password: oracle1 (will not be displayed) 
passwd: password successfully changed for jack 
root@zone1:~# su - jack 
Oracle Corporation  SunOS 5.11  11.0    November 2011
jack@zone1:~$ ls
local.cshrc    local.login    local.profile
jack@zone1:~$ 

Looks good! Try to login from your global zone (open another window on your Solaris desktop):

lab@solaris:~$ ssh -l jack 10.0.2.21

(It's a small letter L here, not the digit 'one')

Exit from the ssh session and return back to the global zone. Let's see how zones look from the global zone's perspective. From here you can watch processes in non-global zones by using -Z command line argument in ps(1). Try this:

root@solaris:~# ps -efZ
.....Skipped long output...
zone1     root  4807     1   0 11:47:33 ?           0:00 /usr/lib/ssh/sshd
zone1     root  4132     1   0 11:47:13 ?           0:00 /usr/lib/rad/rad -sp
zone1     root  4736     1   0 11:47:30 ?           0:00 /usr/lib/autofs/automountd
zone1     root  4737  4736   0 11:47:30 ?           0:00 /usr/lib/autofs/automountd
global     root  4921  1636   0 12:25:04 pts/1       0:00 ps -efZ
zone1     root  4869     1   0 11:47:37 ?           0:00 /sbin/dhcpagent

All processes are tagged with a zone name: it's either zone1 or global. Remember to try this command again when you have more zones running (in our next exercises).

Now login again into the zone and try 'ps -efZ' inside it. Check if you can see global zone processes from inside the zone. Remember to check this again when you have more zones running.

You may also try the prstat(1M) command with -Z argument and see what happens.

For your homework: compare global and non-global zones installations. How many packages are installed in both?How many services are running? Check if you can login into the global zone with the zone user's (jack) credentials. Check if you can use your zone's root password in the global zone (of course, if they are different).