Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> General >> Talk to the Sysop

solaris 10 zone mounted FS

I am wondering if there is a "best practice" for setting the zonepath in Solaris 10.

I created two zones on the /opt file system. Then, when attempting to apply patches while in single user mode, the patchadd failed because the system could not mount the zones.

Applying the patches while in multi-user mode, there were no failures. However, Sun recommends the system be in a single-user state when applying patches, especially when applying the 10_Recommened patch cluster.

I would prefer not to locate the zones on the root file system.

[570 byte] By [sgtrock] at [2007-11-25 23:38:14]
«« SFv240
»» metareplace script
# 1
/opt isn't mounted automatically when you stop at single user if it's a separate filesystem.You can mount it manually before you install patches if you do them at that time.-- Darren
Darren_Dunham at 2007-7-5 18:22:09 > top of Java-index,General,Talk to the Sysop...
# 2
I know about the automatic mounts and that does not answer the question.I want to know if there is a best practice for setting zonepaths.
sgtrock at 2007-7-5 18:22:09 > top of Java-index,General,Talk to the Sysop...
# 3

I haven't seen one yet.

I don't see any problems with what you're doing. I tend to put them in /export or something like that. (I rarely have /opt as a separate filesystem.) If you patch in single-user, you just need to mount any filesystem containing them first.

There's many folks that put zones on external storage for the (unsupported) ability to move the zone to another machine.

--

Darren

Darren_Dunham at 2007-7-5 18:22:09 > top of Java-index,General,Talk to the Sysop...
# 4

My reccommendation is to put the zone path under its own directory, eg /zones. Below that, put each zone in its own filesystem. Of course, if you're not running a volume manager, you're limited to the number of FSes. But, the advantage of putting each zone in its own FS is that you can treat each zone as a distinct entity from the device level to file level.

My $.02

Roger S.

Jo_nage at 2007-7-5 18:22:09 > top of Java-index,General,Talk to the Sysop...
# 5

And just to add to this discussion... My approach on servers is always to setup a specific data partition which is mounted in a way to disallow suid, exec and the use of devices. Naturally this isn't going to work for zone roots so I keep all my zones on a seperate slice which is mounted "normally". To keep maintenance of these zones easy I keep several inherited directories and use lofs to setup places like /usr/sadm, /usr/local and sometimes data directories (/var/apache/htdocs for example). All of them are located on the data partition I mentioned above and setup as lofs.

This approach allows me easy access to a zone's "/usr/local" if I need it (only used to copy / remove files in and out of the zone) while I also keep my security policy in check (it is amazing IMO since the zone's functionality isn't affected by having its /usr/local/bin mounted through lofs and physically residing on a 'nosuid' partition).

I agree with the others; there is no best method. It depends on your situation, your specific needs and the way you wish to have it setup.

LionO at 2007-7-5 18:22:09 > top of Java-index,General,Talk to the Sysop...
General
Talk to the Sysop

General New Topic

General Hot Topic

General

All Classified