Networking to a zone - I'm stuck!
in [Solaris]
|
Prev: ** Beginner Question ** How to extend logging to 90 days in ?/var/adm/messages
Next: client: searching for jumpstart directory: not found. No entry in rules file.
From: Dave on 18 Dec 2009 19:24 I've installed a zone named 'sage' on a Sun T5240 running Solaris 10 update 6. I want to run a server for some maths software http://www.sagemath.org/ called 'Sage' - hence 'sage' seemed an appropriate name for the zone. I've set the IP address of the zone to be 192.168.1.2 (I've stuck the zone configuration file at the end of the post). I'm not really sure what I'm doing here with the networking, but taking some information from: http://www.sun.com/bigadmin/features/articles/solaris_zones.jsp which is by far the most readable thing I've found on zones, the zone is set up. I can boot it, log into the console, configure the country, timezone, root password etc. The zone looks ok. It's mounted /usr/local as I wanted it to do, which contains a few files I need to have. In the zone, I see: bash-3.00# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ---------- --------- 192.168.2.0 192.168.2.1 U 1 0 nxge0:2 127.0.0.1 127.0.0.1 UH 4 129 lo0:1 It is obvious there is an ssh server running on this zone, as 'ssh localhost' asks for a password. But from the global zone, any attempt to ssh to the non-global zone just hangs. I clearly do not have the networking set up properly, but neither do I know how to!. I tried to add the route using: # ifconfig nxge0:1 plumb 192.168.2.1 netmask 255.255.255.0 zone sage up ifconfig: unknown zone 'sage' # zoneadm -z sage boot zoneadm: zone 'sage': WARNING: nxge0:2: no matching subnet found in netmasks(4) for 192.168.2.1; using default of 255.255.255.0. # ifconfig -aZ lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 nxge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 128.208.128.194 netmask ffffff80 broadcast 128.208.128.255 ether 0:14:4f:e8:b6:f6 nxge0:1: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.2.1 netmask ffffff00 broadcast 192.168.2.255 lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1 inet6 ::1/128 nxge0: flags=2004841<UP,RUNNING,MULTICAST,DHCP,IPv6> mtu 1500 index 2 inet6 fe80::214:4fff:fee8:b6f6/10 ether 0:14:4f:e8:b6:f6 In the global zone, I see: # netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ---------- --------- default 128.208.128.129 UG 1 39 128.208.128.128 128.208.128.194 U 1 8 nxge0 224.0.0.0 128.208.128.194 U 1 0 nxge0 224.0.0.0 192.168.2.1 U 1 0 nxge0:1 127.0.0.1 127.0.0.1 UH 5 118 lo0 Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If --------------------------- --------------------------- ----- --- ------- ----- fe80::/10 fe80::214:4fff:fee8:b6f6 U 1 0 nxge0 ff00::/8 fe80::214:4fff:fee8:b6f6 U 1 0 nxge0 ::1 ::1 UH 1 21 lo0 which does not make a lot of sense to me. That seems to imply the gateway is via the IP address of the zone, but is that supposed to be? Can anyone tell me what commands I should type, so I can connect to the zone via ssh from the global zone. I'm really not sure whether I need 'ifconfig', 'route' and certainly are unsure of the exact syntax. Once I can connect to a server running on port 22 properly, I'll next address setting my own server up in the zone, and connecting to that. But for now, just being able to ssh to the zone would be nice. I'm puzzled why I see nxge0:1 in the global zone, and nxge0:2 in the non-global zone. Basically I'm out of my depth here. Any help appreciated. Dave -- I respectfully request that this message is not archived by companies as unscrupulous as 'Experts Exchange' . In case you are unaware, 'Experts Exchange' take questions posted on the web and try to find idiots stupid enough to pay for the answers, which were posted freely by others. They are leeches.
From: Dave on 18 Dec 2009 19:27 Dave wrote: > I've installed a zone named 'sage' on a Sun T5240 running Solaris 10 > update 6. > > I want to run a server for some maths software > > http://www.sagemath.org/ > > called 'Sage' - hence 'sage' seemed an appropriate name for the zone. > > I've set the IP address of the zone to be 192.168.1.2 (I've stuck the > zone configuration file at the end of the post). I forgot to put the configuration file. Here it is: # cat sage.cfg create -b set zonepath=/zones/sage set autoboot=true set ip-type=shared add inherit-pkg-dir set dir=/lib end add inherit-pkg-dir set dir=/platform end add inherit-pkg-dir set dir=/sbin end add inherit-pkg-dir set dir=/usr end add fs set dir=/usr/local set special=/rootpool2/usr_local set type=lofs add options ro add options nodevices end add fs set dir=/usr/sfw set special=/usr/sfw set type=lofs add options ro add options nodevices end add net set address=192.168.2.1 set physical=nxge0 end add capped-memory set physical=5G end -- I respectfully request that this message is not archived by companies as unscrupulous as 'Experts Exchange' . In case you are unaware, 'Experts Exchange' take questions posted on the web and try to find idiots stupid enough to pay for the answers, which were posted freely by others. They are leeches.
From: Alexander J. Maidak on 19 Dec 2009 00:11 On Sat, 19 Dec 2009 00:24:19 +0000, Dave wrote: > In the global zone, I see: > > # netstat -rn > > Routing Table: IPv4 > Destination Gateway Flags Ref Use > Interface > -------------------- -------------------- ----- ----- ---------- > --------- default 128.208.128.129 UG 1 > 39 128.208.128.128 128.208.128.194 U 1 8 > nxge0 224.0.0.0 128.208.128.194 U 1 0 > nxge0 224.0.0.0 192.168.2.1 U 1 0 > nxge0:1 127.0.0.1 127.0.0.1 UH 5 118 > lo0 > > Routing Table: IPv6 > Destination/Mask Gateway Flags Ref Use > If > --------------------------- --------------------------- ----- --- > ------- ----- fe80::/10 fe80::214:4fff:fee8:b6f6 U > 1 0 nxge0 ff00::/8 > fe80::214:4fff:fee8:b6f6 U 1 0 nxge0 ::1 > ::1 UH 1 21 lo0 > You're global zone is going to send any packets for 192.168.2.1 to 128.208.128.129. Unless 128.208.129.129 has a route to send the data back to you this isn't going to work. The simplest thing to do to is set you're IP address for you're zone to something like 128.208.128.195, this will work fine as it will share the IP space with you're primary nic. Otherwise I'd advise you to use a an exclusive stack IP zone on nxge1 and join that to the 192.168.2.0/24 network, still the 128.208.128 and 192.168.2.0/24 networks will require some kind of router to transfer data between them. -Alex
From: Dave on 19 Dec 2009 05:22 Alexander J. Maidak wrote: > On Sat, 19 Dec 2009 00:24:19 +0000, Dave wrote: > > >> In the global zone, I see: >> >> # netstat -rn >> >> Routing Table: IPv4 >> Destination Gateway Flags Ref Use >> Interface >> -------------------- -------------------- ----- ----- ---------- >> --------- default 128.208.128.129 UG 1 >> 39 128.208.128.128 128.208.128.194 U 1 8 >> nxge0 224.0.0.0 128.208.128.194 U 1 0 >> nxge0 224.0.0.0 192.168.2.1 U 1 0 >> nxge0:1 127.0.0.1 127.0.0.1 UH 5 118 >> lo0 >> >> Routing Table: IPv6 >> Destination/Mask Gateway Flags Ref Use >> If >> --------------------------- --------------------------- ----- --- >> ------- ----- fe80::/10 fe80::214:4fff:fee8:b6f6 U >> 1 0 nxge0 ff00::/8 >> fe80::214:4fff:fee8:b6f6 U 1 0 nxge0 ::1 >> ::1 UH 1 21 lo0 >> > > > You're global zone is going to send any packets for 192.168.2.1 to > 128.208.128.129. Unless 128.208.129.129 has a route to send the data > back to you this isn't going to work. > > The simplest thing to do to is set you're IP address for you're zone to > something like 128.208.128.195, this will work fine as it will share the > IP space with you're primary nic. Thank you Alex. Would that not cause problems if there was a machine at 128.208.128.195? (There is one alive at this minute!) There is not alive currently at 128.208.128.196, but I've not been allocated that IP address, so its anyone's guess what hassles I would cause using that IP. Getting another static IP is probably not out of the question, but I'd rather not do that. I believe it must be possible to do this without having numerous static IPs. One might typically want to run an ftp server, web server etc all in zones - have static IPs for each would be a bit wasteful. > Otherwise I'd advise you to use a an exclusive stack IP zone on nxge1 and > join that to the 192.168.2.0/24 network, still the 128.208.128 and > 192.168.2.0/24 networks will require some kind of router to transfer data > between them. I was hoping to do that with ipfilter. I added the following two rules to /etc/ipf/ipnat.conf: rdr nxge0 128.208.128.194/32 port 23 -> 192.168.2.1 port 23 rdr nxge0 128.208.128.129/32 port 23 -> 192.168.2.1 port 23 and hoped that would route port 23 to the zone. When I enabled telnet in the zone # svcadm enable telnet I was unable to connect via telnet to the zone from the global zone. I would have thought that running a web server in a zone would be quite a common thing for people to do, and so there be some HOWTO or similar on it. But I can't seem to find anything with Google. Tons of stuff about zones, and tons of stuff about apache, but I can't find anything about how to set up a web server in a zone. Dave -- I respectfully request that this message is not archived by companies as unscrupulous as 'Experts Exchange' . In case you are unaware, 'Experts Exchange' take questions posted on the web and try to find idiots stupid enough to pay for the answers, which were posted freely by others. They are leeches.
From: Alexander J. Maidak on 19 Dec 2009 11:08
On Sat, 19 Dec 2009 10:22:09 +0000, Dave wrote: > Alexander J. Maidak wrote: >> On Sat, 19 Dec 2009 00:24:19 +0000, Dave wrote: >> >> >>> In the global zone, I see: >>> >>> # netstat -rn >>> >>> Routing Table: IPv4 >>> Destination Gateway Flags Ref Use >>> Interface >>> -------------------- -------------------- ----- ----- ---------- >>> --------- default 128.208.128.129 UG 1 39 >>> 128.208.128.128 128.208.128.194 U 1 8 nxge0 >>> 224.0.0.0 128.208.128.194 U 1 0 nxge0 >>> 224.0.0.0 192.168.2.1 U 1 0 >>> nxge0:1 127.0.0.1 127.0.0.1 UH 5 >>> 118 lo0 >>> >>> Routing Table: IPv6 >>> Destination/Mask Gateway Flags Ref >>> Use >>> If >>> --------------------------- --------------------------- ----- --- >>> ------- ----- fe80::/10 fe80::214:4fff:fee8:b6f6 >>> U >>> 1 0 nxge0 ff00::/8 >>> fe80::214:4fff:fee8:b6f6 U 1 0 nxge0 ::1 >>> ::1 UH 1 21 lo0 >>> >>> >> >> You're global zone is going to send any packets for 192.168.2.1 to >> 128.208.128.129. Unless 128.208.129.129 has a route to send the data >> back to you this isn't going to work. >> >> The simplest thing to do to is set you're IP address for you're zone to >> something like 128.208.128.195, this will work fine as it will share >> the IP space with you're primary nic. > > > Thank you Alex. > > Would that not cause problems if there was a machine at 128.208.128.195? > (There is one alive at this minute!) There is not alive currently at > 128.208.128.196, but I've not been allocated that IP address, so its > anyone's guess what hassles I would cause using that IP. > > Getting another static IP is probably not out of the question, but I'd > rather not do that. I believe it must be possible to do this without > having numerous static IPs. One might typically want to run an ftp > server, web server etc all in zones - have static IPs for each would be > a bit wasteful. > >> Otherwise I'd advise you to use a an exclusive stack IP zone on nxge1 >> and join that to the 192.168.2.0/24 network, still the 128.208.128 and >> 192.168.2.0/24 networks will require some kind of router to transfer >> data between them. > > I was hoping to do that with ipfilter. > > I added the following two rules to /etc/ipf/ipnat.conf: > > rdr nxge0 128.208.128.194/32 port 23 -> 192.168.2.1 port 23 rdr > nxge0 128.208.128.129/32 port 23 -> 192.168.2.1 port 23 > > > > and hoped that would route port 23 to the zone. When I enabled telnet in > the zone > > # svcadm enable telnet > > I was unable to connect via telnet to the zone from the global zone. > > I would have thought that running a web server in a zone would be quite > a common thing for people to do, and so there be some HOWTO or similar > on it. But I can't seem to find anything with Google. Tons of stuff > about zones, and tons of stuff about apache, but I can't find anything > about how to set up a web server in a zone. > > Dave If you just want to get at it from the globalzone you could just put the zone on you're loopback interface like so: zonecfg:zone100> add net zonecfg:zone100:net> set physical=lo0 zonecfg:zone100:net> set address=127.0.0.100 zonecfg:zone100:net> end Then you can address the zone from the global zone by connecting to 127.0.0.100 I'm not sure what solaris metacluster you've installed is, but if you selected SUNWCXall or similiar you should have apache2 installed by default, in which case: # cp /etc/apache2/httpd.conf-example /etc/apache2/httpd.conf # svcadm enable svc:/network/http:apache2 will enable a simple apache2 server on port 80. -Alex |