Projects / Tasks / Zones

sbk1972 · August 17, 2009, 5:56am

Hi there

Created some zones on my m5000, both going to be used for oracle. Been reading up about how solaris 10 has made tuning of the /etc/system file redundant and the use of rctladm / projects have taken over.

Been reading the manuals, but my head is about to explode. Thought I would come and ask a few questions, in hope of some simple explanations / help.

so, in my global zone, I create two new projects, one for each zone. Whatdo I do now ? How do I assign zones to the prpjects ?

Im assuming I create users within each zone, do I assign these to the projects in the global zone ??

Or do I set up users / projects within each zone, and that manages what the zones uses ?? However, when you create azone, zonecfg, you can give it some resources controls via that ?

Any tips on the works / set up of users in local zones, how they relate to the global zone / projects etc etc.

Cheers

SBK

rhfrommn · August 19, 2009, 12:28pm

I think the key concept you're missing is that non-global zones are completely independent. Each zone knows nothing of the global zone or any other non-global zones. In fact, you can reboot a non-global zone (or destroy it for that matter) without any other zone caring one bit about that happening.

The users in each of your 2 zones are entirely contained within the zone - that zone knows nothing of users in the global zone or the other of the 2 non-global zones. Thus for sure the users have to be created for each of them.

I've not done projects before, but I would think they are the same deal. Each zone has it's own projects and can't see them from the global zone. There is a small chance I'm wrong about that but I doubt it. Instead of creating the 2 projects in the global zone and trying to assign them to the zones, create a project for each zone from within that zone.

sbk1972 · August 24, 2009, 2:34am

Hi all

Thanks rhfromn for your reply. After asking that question I then learnt up about zones / projects / tasks.

When I asked you about global zone and the projects defined on them whether they replicate down to the zones, nope they dont. From zonecfg you can set various rctl controls, but only relating to cpus / memory / swap space and other phyiscal resources, things that will `shape` the setup of the zone.

Things like file descriptors, number of processes, etc, that were once controlled by /etc/system, are now done via projects / tasks and have to be done within the zone using the prctl command, or via projects.

You can set them on the fly :-
# ulimit -a
# prctl -n process.max-file-descriptor -v 400 $$
# ulimit -a

Or you can set them into the default project which is used if the user you log in as, hasn�t been defined a project. You can projmod / projadd, or you can just manually alter the /etc/project file. Its like the /etc/passwd file, despite having useradd / userdel, you can still manually alter it.

system:0::::
user.root:1::::
noproject:2::::
default:3::::
group.staff:10::::
group.bodi:103:Bodi Environments:bodi1173:bodi:process.max-file-descriptor=(basic,1024,deny)

Or you can set up a project and add the application users to it, or add the group they belong to, to the project. Instead of updating the /etc/passwd with more fields, solaris updates the users within the /etc/user_attr.

To add users to projects :-

# Usermod -K project=group.bodi sbk ( updates /etc/user_attr file)

Or

# projmod -p 103 -U bodi1173 group.bodi ( updates the /etc/project file)

If your adding two users, then you need to do :-

# projmod -p 103 -U bodi1173,bodi553 group.bodi

If you dont add them on the same line, then you over write the previous user.

So, there you go. A quick run down on projects, taks, zones and controlling the setup.

Thanks for your help.

SBK