zonep2vchk(1M) - check a global zone's configuration for p2v migration into non-global zone
-
System Administration Commands zonep2vchk(1M) NAME zonep2vchk - check a global zone's configuration for physical to vir- tual migration into non-global zone SYNOPSIS zonep2vchk -V zonep2vchk [-T release] -c zonep2vchk [-T release] [-P] [-b] [ -s path[,path...] ] [-S file] [ -r {time}(h|m|s} ] [-x] [-e execname[,execname...] ] [-E file] DESCRIPTION The zonep2vchk utility is used to evaluate a global zone's configura- tion before the process of physical-to-virtual (p2v) migration into a non-global zone. The p2v process involves archiving a global zone (source), and then installing a non-global zone (target) using that archive. See the install -a documentation in the solaris(5) and solaris10(5) man pages. zonep2vchk serves two functions. First, it can be used to report issues on the source which might prevent a successful p2v migration. Second, it can output a template zonecfg, which can be used to assist in con- figuring the non-global zone target. zonep2vchk can be executed on a Solaris 10 or later global zone. To execute on Solaris 10, copy the zonep2vchk utility to the Solaris 10 source global zone. SECURITY The zonep2vchk utility must be run with an effective user id of zero. It interrogates the configuration state of a variety of Solaris subsys- tems. OPTIONS The following options are supported: -V Display the command version and exit. -T release Specify the target release. The defaults are: Global Zone Default Target Solaris 10 S10 Solaris 11 S11 Any configuration files generated by zonep2chk will be applicable to the target release. See -c below. When run on Solaris 10, a target release of S11 can be specified, which will check for p2v into a Solaris 10 Branded zone. When the target is S10, it is assumed that a shared stack will be used. Any issues that will require an exclusive IP stack will be reported. When the target is S11, it is assumed that an exclusive IP stack will be used. If a particular feature in use by the global zone requires a par- ticular patch/update level of the target to function, this informa- tion will be printed in the zonep2vchk output. -P Generate machine-parseable output. See the section "Parseable Out- put Format" below. -c Display a template zone configuration on stdout in the form of zonecfg(1M) export output. This configuration will contain resource limits and network configuration based on the source host's physi- cal resources and networking configuration. -b Perform basic checks. This will check the global zone for issues that could prevent a successful p2v. This is the default behavior if none of -b, -c, -s, -S, -r, -x are specified. -r{time} (h|m|s) Perform runtime checks for the specified duration. This will ana- lyze the currently executing processes in the global zone, and report issues that could prevent successful execution inside a non- global zone. Issues reported reflect actions made by the processes during the time in which zonep2vchk was executing. -x Perform runtime checks (as with -r) until SIGINT is received, such as is delivered by Ctrl-c from most shells. -e execname[,execname...] When performing runtime analysis (-r, -x), limit inspected programs to those matching the specified list of execnames. The execname is the name of process, as returned by ps -o comm. It is not necessary for named processes to exist when zonep2vchk is invoked. Any match- ing processes created while zonep2vchk is running will be inspected. -E file Similar to -e, but reads the list of execnames from file, one per line. -s path[,path...] Perform static binary analysis on the files or directories speci- fied. This will inspect ELF binaries for system and library calls that might affect function inside a zone. Directories will be recursed, and non-ELF files will be ignored. -S file Similar to -s, but reads the path list from file, one per line. PARSEABLE OUTPUT FORMAT zonep2vchk will ouput a single line of parseable output for each issue detected. The line format is: category:issue:field1:[field2:...] Each field is delimited by a colon (:). Colon characters escaped with a backslash (\:) should not be treated as field delimiters. Multiple instances of the same issue can be reported, each with fields describing the particular instance of the issue. Below the existing categories and issues are defined. Future versions of zonep2vchk might include additional categories and issues. Existing issues might have new fields added after the existing fields for exist- ing issues. header Category The header category lists information about the source, target, and zonep2vchk version. The issues in this category are: version The version of the zonep2vchk command. Field1: The version of the zonep2vchk command. source Information about the source system. Field1: The nodename of the source system. Field2: The /etc/release version of the source system. Field3: The kernel version of the source system. Field4: The platform of the source system. target Information about the specified target of the p2v check. Field1: The Solaris version of the target. Field2: The brand type that would be used on the target. Field3: The ip-type of the expected zone on the target. footer Category The footer category lists final summary information. The issues in this category are: issues A summary of the number of issues found. Field1: The number of issues detected. incompatible Category The incompatible category represents issues that will not function in a non-global zone. The issues in this category are: etcsystem An /etc/system tunable exists. These tunables do not function inside a zone. The /etc/system tunable can be transferred to the target global zone, but it will affect the entire system, including all zones and the global zone. If there is an alternate tunable that can be configured from within the zone, this tunable is described. Field1: The /etc/system tunable setting. Field2: One of: noalternate There is no alternate tunable from within a non- global zone. obsolete The tunable is obsolete on the target. It no longer serves any function. replaced The tunable has been replaced on the target. The replacement is configured in the global zone, and described by fields 3 and 4. alternate An alternate tunable exists. This tunable can be configured from within a non-global zone. The tunable is described by fields 3 and 4. noinfo zonep2vchk is not knowledgeable of the tunable. Tunable likely has no alternate inside a zone. Field3: Type of alternate/replacement tunable. Field4: Description of alternate/replacement tunable. be More than one boot environment exists. Only the active boot envi- ronment will be transferable to the non-global zone. Field1: The name of the non-active boot environment. unsupported A feature is enabled that will not function in a zone. Field1: mobileip The mobile IP agent, which does not function in a zone, is configured. nfs (S10 sources only) The system is sharing a filesystem by means of NFS. Native zones on Solaris 10 and Solaris 10 zones on Solaris 11 cannot share by means of NFS. Field1: Path of file system being shared. smb The system is sharing a filesystem by means of in-kernel smb/cifs. Zones cannot share filesystems by means of SMB. Field1: Path of file system being shared. pkg A package delivering software known not to work in a zone is installed. Field1: Name of the package. iscsi-target The system is exporting an ISCSI target. Zones cannot export iSCSI targets. Field1: Name of the iSCSI target. fcoe-target The system has configured an FCOE target. Zones cannot configure FCOE targets. Field1: Ethernet device used. Field2: WWN of the FCOE target. fc-target The system has configured an Fiberchannel target. Zones cannot con- figure Fiberchannel targets. Field1: WWN of the Fiberchannel target. npiv The system has configured a virtual NPIV HBA. Zones cannot config- ure virtual HBAs. Field1: Physical WWN hosting the virtual HBA. Field2: Virtual WWN. scsi The system has configured an SCSI block device. Zones cannot con- figure scsi block devices. Field1: Object configured as a SCSI device. svcnotallowed A service is enabled that will not function in a zone. Field1: Name of the service. resourcepool A Solaris resource pool is configured. Zones cannot configure resource pools. Field1: Name of the pool. pset A processor set is configured. Zones cannot configure processor sets. Field1: Processor set ID. Field2: List of CPU IDs in the processor set. zones Zones are configured. A zone cannot host zones. Any zones will not exist in the target non-global zone after p2v. Zones can be migrated separately using the detach/attach features in zoneadm(1M). Field1: Name of the zone. Field2: State of the zone. lofi (Solaris 10 targets only) A lofi device is configured. A zone cannot configure lofi devices. Field1: Name of the lofi device. Field2: Path of the file backing the device. syscall (generated by -s and -f) A binary makes a system or library call that cannot be made from a zone. Field1: Name of the the binary file. Field2: Name of the system or library call. syscallargs (generated by -s and -f) A binary makes a system or library call that cannot be made from a zone if called with certain arguments. Field1: Name of the system or library call. See regular output (no -P) for details on disallowed arguments. lib (generated by -s and -f) A binary links with a library that cannot be used inside a zone. Field1: Name of the binary file. Field2: Name of the disallowed library. privnotallowed (generated by -r and -x) A privilege is used by a process that cannot be added to a zone. Field1: Name of the process. Field2: Name of the privilege. devnotallowed (generated by -r and -x) A device is opened by a process that cannot be added to a zone. Field1: Name of the process. Field2: Name of the device. configuration Category The configuration category represents issues that will require a con- figuration setting to allow the issue to function inside the non-global zone. This could be a zonecfg(1M) configuration setting, a configura- tion change in the global zone, or both. The issues in this category are: datalink A datalink feature is configured that cannot be configured from within a zone. The datalink feature must be configured in the global zone, and if necessary, delegated to the zone using zonecfg add anet (Solaris 11 only) or zonecfg add net. Field1: Name of the datalink feature. One of: aggr Aggregation. ibiface Infiniband interface. ibpart Infiniband partition. vnic Virtual NIC. etherstub Ethernet stub. bridge A bridge instance. secobj A wireless WPA or WEB security object. Field2: Datalink object name. dhcp-server (Solaris 10 targets only) The host is a DHCP server. To provide DHCP service, a zone must have ip-type=exclusive, or have the the privilege net_rawaccess and the device /dev/ip. Note that this will allow a shared stack zone to read and write raw IP packets on the network, similar to an exclusive stack zone or global zone. Field1: FMRI of the DHCP server service. ntp-client An NTP client service is enabled. This service updates the system clock. Since all zones share the same system clock, this service is disabled automatically during p2v. If it is desired that the zone update the system clock on the target host, the zone will need the privilege sys_time, and the service will need to be enabled inside the zone after p2v. Field1: FMRI of the client service. driverconf A networking device contains configuration settings in its .conf file. Zones cannot configure drivers. The driver must be configured in the global zone. Some network driver settings might be config- urable using dladm(1M) instead of editing a driver configuration file. Field1: Path of the configuration file. ifname (Solaris 10 targets only) An existing configuration file will be impacted by the change of a network device name. For example, an /etc/hostname.bge0 file will be impacted if the network device given to the target non-global zone is not bge0. Field1: Path of the impacted file. iscsi-initiator The system is accessing an iSCSI target as a client. Zones cannot access iSCSI targets. The global zone must be the iSCSI initiator. The device can then be added to the zone using zonecfg add device. Field1: iSCSI target being accessed. fcoe-initiator The system has an FCOE initiator configured. A zone cannot config- ure an FCOE initiator. The global zone must configure the FCOE initiator, and make the SCSI target devices available to the zone using zonecfg add fs or zonecfg add device. Field1: Ethernet network device. Field2: WWN of the initiator. fc-initiator The system has an HBA Fiberchannel port online. A zone cannot access a Fiberchannel target. The target must be accessed from the global zone and made available to the zone. Field1: Fiberchannel HBA port WWN. linkprop Datalink properties are configured. A zone cannot configure datalink properties. They must be configured from the global zone. Field1: Name of the datalink. Field2: Property name Field3: Property value. ndd Tunables that cannot be configured by a zone have been configured using ndd. These tunables must be configured from the global zone. Field1: File or script setting the tunable. Field2: Driver being tuned. Field3: Tunable parameter. dynaddr One or more dynamically assigned IP addresses are configured on a network interface. These addresses are not supported with shared-IP zones. These IP addresses could change as a result of MAC address changes. You may need to modify this system's address information on the DHCP server and on the DNS, LDAP, or NIS name servers. Field1 can be one of: dhcp Configured DHCP address. In this case, Field2 is the name of the interface configured for DHCP. v6autoconf IPv6 stateless address configuration is enabled. In this case, Field2 is the name of the interface with IPv6 auto configura- tion. rarp (Solaris 10 source only) Reverse ARP assigned address is enabled. In this case, Field2 is the name of the interface with reverse ARP enabled. patch (Solaris 10 source with Solaris 11+ target only) A patch is required before p2v into a non-global zone. Field1: The patch required. physif (Solaris 10 targets only) A physical interface exists on the source system that will have to be replaced with a dedicated physical or VLAN interface on the des- tination system if migrating to an exclusive-IP zone. Field1: Name of the interface on the source system. sched The system is configured with a default scheduling class. The default scheduling class of a non-global zone can be configured using the zonecfg set scheduler property. This will be provided in the -c output. Field1: The configured default scheduling class. sharedip (Solaris 10 targets only) If migrating to a shared-IP zone, the following networking features will need to be configured from the global zone on behalf of the zone. Field1 can be one of: ipmpgroup An IPMP group is configured. If IPMP is required, it must be configured from the global zone. In this case, Field2 is the IPMP group name. vni A virtual network interface is configured. These must be configured from the global zone. In this case, Field2 is the VNI interface name. v4forwarding IP forwarding (v4 or v6) is configured on an inter- v6forwarding face. In this case, Field2 is the interface with IP forwarding configured. staticroute Static routes are configured. Static routes must be configured from the global zone. exclusiveonly (Solaris 10 targets only) A networking feature is configured that is not supported for use with shared-IP zones. The feature will work without modification in exclusive-IP zones. Field1: iptun A IPv4, IPv6, or 6to4 tunnel interface has been plumbed. Field2: Name of the tunnel interface. sharedonly A networking feature is configured that is not supported in an exclusive-IP zone. When migrating to a shared-IP zone, the feature must be configured in the global zone to support communication. Field1: cgtp A Carrier Grade Transport Protocol interface has been plumbed. Field2: Name of the CGTP interface. netdevalloc A networking feature requires its underlying device be allocated to the zone with the zonecfg(1M) add device command. This feature is not supported with shared-IP zones. Field1: Can be : ppp Point-to-Point Protocol (PPP). PPP configuration files exist under /etc/ppp. The underlying device that needs to be allocated to the zone is either a serial port or, in the case of pppoe, an Ether- net physical or VNIC interface. svcexlip (Solaris 10 targets only) A service is enabled that will require an exclusive-IP zone. Field1: Name of the service FMRI. svcpriv A service is enabled that will require additional privileges be added to the zone using the zonecfg(1M) limitpriv property. Field1: FMRI of the service. Field2: List of the privileges required by the service. svm A Solaris Volume Manager metadevice is configured. Metadevices must be configured in the global zone, and made available to the non- global zone using zonecfg(1M) add device, add fs, or add dataset. Field1: Name of the metadevice. ramdisk A ramdisk device is configured. A zone cannot configure ramdisk devices. Field1: Ramdisk device path. vfstab A filesystem mount is configured by means of /etc/vfstab. The filesystem must be migrated to the target global zone and made available to the non-global zone. Field1: Device being mounted. Field2: Mountpoint. zpool The system has additional zpools configured. These zpools must be migrated to the target global zone, and made available to the zone using zonecfg add dataset or zonecfg add fs. Field1: Name of the pool. privexclip (Solaris 10 targets only) A process used a privilege that requires and exclusive-IP stack. See zonecfg(1M) for a description of the ip-type property. Field1: Name of the process. Field2: Privilege used. devexclip (Solaris 10 targets only) A process opened a device that requires an exclusive IP stack. See zonecfg(1M) for a description of the ip-type property. Field1: Name of the process. Field2: Name of the device. privoptional A process used a privilege that requires additional privilege be added to the target non-global zone. See zonecfg(1M) for a description of the limitpriv property. Field1: Name of the process. Field2: Privilege used. devoptional A process opened a device that is not available in a zone by default. See zonecfg(1M) for a description of the add device resource. Field1: Name of the process. Field2: Path of the device. syscallpriv (generated by -s and -f) A binary makes a system or library call that might require addi- tional privilege be added to the target non-global zone. See zonecfg(1M) for a description of the limitpriv property. See the non-parseable output for details concerning the system or library call. Field1: Path of the binary Field2: Name of the system call. syscallexclip (generated by -s and -f) A binary makes a system or library call that might require an exclusive-ip stack. See zonecfg(1M) for a description of the ip- type property. See the non-parseable output for details concerning the system or library call. Field1: Path of the binary Field2: Name of the system call. EXAMPLES Example 1 Performing Static Binary Analysis The following command performs static analysis on all ELF binaries in two application directory trees: # zonep2vchk -s /opt/myapplication,/usr/local Example 2 Generating a Template for the Target Zone The following command will generate a template zone configuration for Solaris 11 when run on a Solaris 10 global zone. # zonep2vchk T S11 -c Example 3 Analyzing Running Applications for a Period The following command will analyze the process named myapplication for one hour and report any activity that might not function in a zone. # zonep2vchk -s 1h -e myapplication Example 4 Performing Basic Checks The following command will analyze the global zone for configuration and Solaris features in use that might not function in a zone. Each discovered issue will be reported as a single line of parseable output. # zonep2vchk -bP EXIT STATUS The following exit values are returned: 0 Successful completion, no issues detected. 1 An internal error occurred. 2 Invalid usage. 3 One or more issues were detected. ATTRIBUTES See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |system/zones | +-----------------------------+-----------------------------+ |Interface Stability |See below | +-----------------------------+-----------------------------+ Command invocation and parseable output is Committed. Human readable output (default output) is Uncommitted. SEE ALSO dladm(1M), zoneadm(1M), zonecfg(1M), attributes(5), solaris(5), solaris10(5), zones(5) NOTES The static (-s and -f) checks make use of the elfdump(1) utility, which is delivered by the following package: Solaris 11 developer/base-developer-utilities Solaris 10 SUNWbtool The runtime (-r) checks make use of the dtrace(1M) utility, which is delivered by the following package: Solaris 11 system/dtrace Solaris 10 SUNWdtrc SunOS 5.11 1 Jul 2011 zonep2vchk(1M)
© Lightnetics 2024