Skip Navigation Links | |
Exit Print View | |
man pages section 1M: System Administration Commands Oracle Solaris 11.1 Information Library |
System Administration Commands - Part 1
System Administration Commands - Part 2
- check a global zone's configuration for physical to virtual migration into non-global zone
zonep2vchk -V
zonep2vchk [-T release] -c
zonep2vchk [-T release] [-P] [-b] [ -s path[,path...] ] [-S file] [ -r {time}(h|m|s} ] [-x] [-e execname[,execname...] ] [-E file]
The zonep2vchk utility is used to evaluate a global zone's configuration before the process of physical-to-virtual (p2v) migration into a non-global zone.
The p2v process involves archiving a global zone (source), and then installing a non-global zone (target) using that archive. See the install -a documentation in the solaris(5) and solaris10(5) man pages.
zonep2vchk serves two functions. First, it can be used to report issues on the source which might prevent a successful p2v migration. Second, it can output a template zonecfg, which can be used to assist in configuring the non-global zone target.
zonep2vchk can be executed on a Solaris 10 or later global zone. To execute on Solaris 10, copy the zonep2vchk utility to the Solaris 10 source global zone.
The zonep2vchk utility must be run with an effective user id of zero. It interrogates the configuration state of a variety of Solaris subsystems.
The following options are supported:
Display the command version and exit.
Specify the target release. The defaults are:
Global Zone Default Target Solaris 10 S10 Solaris 11 S11
Any configuration files generated by zonep2chk will be applicable to the target release. See -c below.
When run on Solaris 10, a target release of S11 can be specified, which will check for p2v into a Solaris 10 Branded zone.
When the target is S10, it is assumed that a shared stack will be used. Any issues that will require an exclusive IP stack will be reported.
When the target is S11, it is assumed that an exclusive IP stack will be used.
If a particular feature in use by the global zone requires a particular patch/update level of the target to function, this information will be printed in the zonep2vchk output.
Generate machine-parseable output. See the section “Parseable Output Format” below.
Display a template zone configuration on stdout in the form of zonecfg(1M) export output. This configuration will contain resource limits and network configuration based on the source host's physical resources and networking configuration.
Perform basic checks. This will check the global zone for issues that could prevent a successful p2v. This is the default behavior if none of -b, -c, -s, -S, -r, -x are specified.
Perform runtime checks for the specified duration. This will analyze the currently executing processes in the global zone, and report issues that could prevent successful execution inside a non-global zone. Issues reported reflect actions made by the processes during the time in which zonep2vchk was executing.
Perform runtime checks (as with -r) until SIGINT is received, such as is delivered by Ctrl-c from most shells.
When performing runtime analysis (-r, -x), limit inspected programs to those matching the specified list of execnames. The execname is the name of process, as returned by ps -o comm. It is not necessary for named processes to exist when zonep2vchk is invoked. Any matching processes created while zonep2vchk is running will be inspected.
Similar to -e, but reads the list of execnames from file, one per line.
Perform static binary analysis on the files or directories specified. This will inspect ELF binaries for system and library calls that might affect function inside a zone. Directories will be recursed, and non-ELF files will be ignored.
Similar to -s, but reads the path list from file, one per line.
zonep2vchk will ouput a single line of parseable output for each issue detected. The line format is:
category:issue:field1:[field2:...]
Each field is delimited by a colon (:). Colon characters escaped with a backslash (\:) should not be treated as field delimiters.
Multiple instances of the same issue can be reported, each with fields describing the particular instance of the issue.
Below the existing categories and issues are defined. Future versions of zonep2vchk might include additional categories and issues. Existing issues might have new fields added after the existing fields for existing issues.
The header category lists information about the source, target, and zonep2vchk version. The issues in this category are:
The version of the zonep2vchk command.
The version of the zonep2vchk command.
Information about the source system.
The nodename of the source system.
The /etc/release version of the source system.
The kernel version of the source system.
The platform of the source system.
Information about the specified target of the p2v check.
The Solaris version of the target.
The brand type that would be used on the target.
The ip-type of the expected zone on the target.
The footer category lists final summary information. The issues in this category are:
A summary of the number of issues found.
The number of issues detected.
The incompatible category represents issues that will not function in a non-global zone. The issues in this category are:
An /etc/system tunable exists. These tunables do not function inside a zone. The /etc/system tunable can be transferred to the target global zone, but it will affect the entire system, including all zones and the global zone. If there is an alternate tunable that can be configured from within the zone, this tunable is described.
The /etc/system tunable setting.
One of:
There is no alternate tunable from within a non-global zone.
The tunable is obsolete on the target. It no longer serves any function.
The tunable has been replaced on the target. The replacement is configured in the global zone, and described by fields 3 and 4.
An alternate tunable exists. This tunable can be configured from within a non-global zone. The tunable is described by fields 3 and 4.
zonep2vchk is not knowledgeable of the tunable. Tunable likely has no alternate inside a zone.
Type of alternate/replacement tunable.
Description of alternate/replacement tunable.
More than one boot environment exists. Only the active boot environment will be transferable to the non-global zone.
The name of the non-active boot environment.
A feature is enabled that will not function in a zone.
The mobile IP agent, which does not function in a zone, is configured. See mipagent(1M) for details.
The system is sharing a filesystem by means of NFS. Native zones on Solaris 10 and Solaris 10 zones on Solaris 11 cannot share by means of NFS.
Path of file system being shared.
The system is sharing a filesystem by means of in-kernel smb/cifs. Zones cannot share filesystems by means of SMB.
Path of file system being shared.
A package delivering software known not to work in a zone is installed.
Name of the package.
The system is exporting an ISCSI target. Zones cannot export iSCSI targets.
Name of the iSCSI target.
The system has configured an FCOE target. Zones cannot configure FCOE targets.
Ethernet device used.
WWN of the FCOE target.
The system has configured an Fiberchannel target. Zones cannot configure Fiberchannel targets.
WWN of the Fiberchannel target.
The system has configured a virtual NPIV HBA. Zones cannot configure virtual HBAs.
Physical WWN hosting the virtual HBA.
Virtual WWN.
The system has configured an SCSI block device. Zones cannot configure scsi block devices.
Object configured as a SCSI device.
A service is enabled that will not function in a zone.
Name of the service.
A Solaris resource pool is configured. Zones cannot configure resource pools.
Name of the pool.
A processor set is configured. Zones cannot configure processor sets.
Processor set ID.
List of CPU IDs in the processor set.
Zones are configured. A zone cannot host zones. Any zones will not exist in the target non-global zone after p2v. Zones can be migrated separately using the detach/attach features in zoneadm(1M).
Name of the zone.
State of the zone.
A lofi device is configured. A zone cannot configure lofi devices.
Name of the lofi device.
Path of the file backing the device.
A binary makes a system or library call that cannot be made from a zone.
Name of the the binary file.
Name of the system or library call.
A binary makes a system or library call that cannot be made from a zone if called with certain arguments.
Name of the system or library call.
See regular output (no -P) for details on disallowed arguments.
A binary links with a library that cannot be used inside a zone.
Name of the binary file.
Name of the disallowed library.
A privilege is used by a process that cannot be added to a zone.
Name of the process.
Name of the privilege.
A device is opened by a process that cannot be added to a zone.
Name of the process.
Name of the device.
The configuration category represents issues that will require a configuration setting to allow the issue to function inside the non-global zone. This could be a zonecfg(1M) configuration setting, a configuration change in the global zone, or both.
The issues in this category are:
A datalink feature is configured that cannot be configured from within a zone. The datalink feature must be configured in the global zone, and if necessary, delegated to the zone using zonecfg add anet (Solaris 11 only) or zonecfg add net.
Name of the datalink feature. One of:
Aggregation.
Infiniband interface.
Infiniband partition.
Virtual NIC.
Ethernet stub.
A bridge instance.
A wireless WPA or WEB security object.
Datalink object name.
The host is a DHCP server. To provide DHCP service, a zone must have ip-type=exclusive, or have the the privilege net_rawaccess and the device /dev/ip. Note that this will allow a shared stack zone to read and write raw IP packets on the network, similar to an exclusive stack zone or global zone.
FMRI of the DHCP server service.
An NTP client service is enabled. This service updates the system clock. Since all zones share the same system clock, this service is disabled automatically during p2v. If it is desired that the zone update the system clock on the target host, the zone will need the privilege sys_time, and the service will need to be enabled inside the zone after p2v.
FMRI of the client service.
A networking device contains configuration settings in its .conf file. Zones cannot configure drivers. The driver must be configured in the global zone. Some network driver settings might be configurable using dladm(1M) instead of editing a driver configuration file.
Path of the configuration file.
An existing configuration file will be impacted by the change of a network device name. For example, an /etc/hostname.bge0 file will be impacted if the network device given to the target non-global zone is not bge0.
Path of the impacted file.
The system is accessing an iSCSI target as a client. Zones cannot access iSCSI targets. The global zone must be the iSCSI initiator. The device can then be added to the zone using zonecfg add device.
iSCSI target being accessed.
The system has an FCOE initiator configured. A zone cannot configure an FCOE initiator. The global zone must configure the FCOE initiator, and make the SCSI target devices available to the zone using zonecfg add fs or zonecfg add device.
Ethernet network device.
WWN of the initiator.
The system has an HBA Fiberchannel port online. A zone cannot access a Fiberchannel target. The target must be accessed from the global zone and made available to the zone.
Fiberchannel HBA port WWN.
Datalink properties are configured. A zone cannot configure datalink properties. They must be configured from the global zone.
Name of the datalink.
Property name
Property value.
Tunables that cannot be configured by a zone have been configured using ndd. These tunables must be configured from the global zone.
File or script setting the tunable.
Driver being tuned.
Tunable parameter.
One or more dynamically assigned IP addresses are configured on a network interface. These addresses are not supported with shared-IP zones. These IP addresses could change as a result of MAC address changes. You may need to modify this system's address information on the DHCP server and on the DNS, LDAP, or NIS name servers.
Field1 can be one of:
Configured DHCP address. In this case, Field2 is the name of the interface configured for DHCP.
IPv6 stateless address configuration is enabled. In this case, Field2 is the name of the interface with IPv6 auto configuration.
Reverse ARP assigned address is enabled. In this case, Field2 is the name of the interface with reverse ARP enabled.
A patch is required before p2v into a non-global zone.
The patch required.
A physical interface exists on the source system that will have to be replaced with a dedicated physical or VLAN interface on the destination system if migrating to an exclusive-IP zone.
Name of the interface on the source system.
The system is configured with a default scheduling class. The default scheduling class of a non-global zone can be configured using the zonecfg set scheduler property. This will be provided in the -c output.
The configured default scheduling class.
If migrating to a shared-IP zone, the following networking features will need to be configured from the global zone on behalf of the zone.
Field1 can be one of:
An IPMP group is configured. If IPMP is required, it must be configured from the global zone. In this case, Field2 is the IPMP group name.
A virtual network interface is configured. These must be configured from the global zone. In this case, Field2 is the VNI interface name.
IP forwarding (v4 or v6) is configured on an interface. In this case, Field2 is the interface with IP forwarding configured.
Static routes are configured. Static routes must be configured from the global zone.
A networking feature is configured that is not supported for use with shared-IP zones. The feature will work without modification in exclusive-IP zones.
A IPv4, IPv6, or 6to4 tunnel interface has been plumbed.
Name of the tunnel interface.
A networking feature is configured that is not supported in an exclusive-IP zone. When migrating to a shared-IP zone, the feature must be configured in the global zone to support communication.
A Carrier Grade Transport Protocol interface has been plumbed.
Name of the CGTP interface.
A networking feature requires its underlying device be allocated to the zone with the zonecfg(1M) add device command. This feature is not supported with shared-IP zones.
Can be :
Point-to-Point Protocol (PPP). PPP configuration files exist under /etc/ppp. The underlying device that needs to be allocated to the zone is either a serial port or, in the case of pppoe, an Ethernet physical or VNIC interface.
A service is enabled that will require an exclusive-IP zone.
Name of the service FMRI.
A service is enabled that will require additional privileges be added to the zone using the zonecfg(1M) limitpriv property.
FMRI of the service.
List of the privileges required by the service.
A Solaris Volume Manager metadevice is configured. Metadevices must be configured in the global zone, and made available to the non-global zone using zonecfg(1M) add device, add fs, or add dataset.
Name of the metadevice.
A ramdisk device is configured. A zone cannot configure ramdisk devices.
Ramdisk device path.
A filesystem mount is configured by means of /etc/vfstab. The filesystem must be migrated to the target global zone and made available to the non-global zone.
Device being mounted.
Mountpoint.
The system has additional zpools configured. These zpools must be migrated to the target global zone, and made available to the zone using zonecfg add dataset or zonecfg add fs.
Name of the pool.
A process used a privilege that requires and exclusive-IP stack. See zonecfg(1M) for a description of the ip-type property.
Name of the process.
Privilege used.
A process opened a device that requires an exclusive IP stack. See zonecfg(1M) for a description of the ip-type property.
Name of the process.
Name of the device.
A process used a privilege that requires additional privilege be added to the target non-global zone. See zonecfg(1M) for a description of the limitpriv property.
Name of the process.
Privilege used.
A process opened a device that is not available in a zone by default. See zonecfg(1M) for a description of the add device resource.
Name of the process.
Path of the device.
A binary makes a system or library call that might require additional privilege be added to the target non-global zone. See zonecfg(1M) for a description of the limitpriv property. See the non-parseable output for details concerning the system or library call.
Path of the binary
Name of the system call.
A binary makes a system or library call that might require an exclusive-ip stack. See zonecfg(1M) for a description of the ip-type property. See the non-parseable output for details concerning the system or library call.
Path of the binary
Name of the system call.
Example 1 Performing Static Binary Analysis
The following command performs static analysis on all ELF binaries in two application directory trees:
# zonep2vchk -s /opt/myapplication,/usr/local
Example 2 Generating a Template for the Target Zone
The following command will generate a template zone configuration for Solaris 11 when run on a Solaris 10 global zone.
# zonep2vchk T S11 -c
Example 3 Analyzing Running Applications for a Period
The following command will analyze the process named myapplication for one hour and report any activity that might not function in a zone.
# zonep2vchk -s 1h -e myapplication
Example 4 Performing Basic Checks
The following command will analyze the global zone for configuration and Solaris features in use that might not function in a zone. Each discovered issue will be reported as a single line of parseable output.
# zonep2vchk -bP
The following exit values are returned:
Successful completion, no issues detected.
An internal error occurred.
Invalid usage.
One or more issues were detected.
See attributes(5) for descriptions of the following attributes:
|
Command invocation and parseable output is Committed. Human readable output (default output) is Uncommitted.
dladm(1M), mipagent(1M), zoneadm(1M), zonecfg(1M), attributes(5), solaris(5), solaris10(5), zones(5)
The static (-s and -f) checks make use of the elfdump(1) utility, which is delivered by the following package:
developer/base-developer-utilities
SUNWbtool
The runtime (-r) checks make use of the dtrace(1M) utility, which is delivered by the following package:
system/dtrace
SUNWdtrc