Thursday, July 06, 2017

Running LX zones with Tribblix

I mentioned a few months ago a little project I had been working on - nicknamed omnitribblix, it's regular Tribblix with the illumos components coming from illumos-omnios (now via OmniOS Community Edition) rather than vanilla illumos-gate.

One of the changes I made in the recent Milestone 20 update was to split out the release packages to give more flexibility.

Thiis allowed me to release a micro update to Milestone 20 (imaginatively called m20.1 or update 1), which updates the illumos bits but shares the same main package repository as the main Milestone 20 release.

And the other thing I can now do is build variant releases. So Tribblix has an LX variant!

You can download the omnitribblix ISO image from the Tribblix download page. It installs, operates, and is packaged just like regular Tribblix. If you don't use LX zones, you probably wouldn't notice the difference.

(It's versioned as m20lx.1 - the update 1 there means that it's a parallel release to the regular Tribblix Milestone 20 update 1.)

You can also update to the LX variant from either the regular Milestone 20 or Milestone 20 update 1 releases, in the normal way. It's a micro update, or sidegrade perhaps, but uses the same upgrade process as regular upgrades.

And, because of the magic of boot environments, if there's a problem you can roll back.

Anyway, once you have omnitribblix installed, how do you create an LX zone? Very easily, in the same way you create and destroy other zones on Tribblix, using the zap utility.

Before you can do that, though, you need a Linux image of some sort to install.

I've been using the same images I use under Docker. So, for example, if I want Alpine then I would go:

docker run alpine uname -a

and then get the name of the container

docker ps -a

and then export that with

docker export romantic_galileo > alpine.tar

Then copy the alpine.tar file to your omnitribblix system. If you want something a bit richer, then Ubuntu will work. But generally exporting a Docker container like this will work, and the image characteristics will be a good fit for a zone.

And then all you do to create the zone is use zap, specifying that it's an lx brand and telling it where the tarball is:

zap create-zone -z alpine -t lx \
-x -I /tmp/alpine.tar

and just zlogin to it as normal.

There are constraints around networking - you have to be exclusive-ip (the -x flag) and zap will create (and destroy) the vnic for you automatically. But the networking in the zone won't actually be configured. (While you specify the IP address in the command, that just tells zap how to configure the network plumbing and the vnic.) You'll have to log in to the zone and use the native tools to identify and configure the network, like so:

/native/sbin/ifconfig -a
/native/sbin/ifconfig znic0 inet up
/native/usr/sbin/route add net default

And off you go. Sitting on an illumos box with all its goodness, with access to the wide variety of the Linux ecosystem at your fingertips.


BSD_daemon said...

Thanks. For the clarification. Zap utility is the ninja killer in Tribblix. No longer needed to remember all these variables when doing zonecfg. When I find my self. Always having to go back and forth from the man pages. Can we run FreeBSD images?

BSD_daemon said...

Can we do freebsd images?

Peter Tribble said...

Not having nice easy to use wrappers or automation interfaces was always a weakness in the Solaris world. Fantastic foundations, much better than elsewehere, but not a lot of attention to making those facilities easy to use. There's really no way you can expect to get people to manually run zonecfg if they're going to configure 100k zones, and expecting people to write XML manifests for SMF was ludicrous. The zone integration in zap isn't complete, but it gets rid of a lot of the drudgery.

As for a FreeBSD brand, I really have no idea. It's not something I've even seen discussed, so it's not going to work right now, and I don't know how feasible it would be to implement.

BSD_daemon said...

When I meant FBSD images. I meet smartos images. I used smartos for quite sometime now. I now call zones containers. :) I assume since smartos uses a different user land. Than omnios ce. That would not be possible. Also, boot2docker doesn't run in vmware. Had to use vbox.

Off Topic:
I believe zap create zone has the option to boot iso's. This is just illumos iso's? Or can one boot an old Solaris 10? Your comment about using zonecfg to create mass deployment zones. Is on point. When I used zap to create my zone. I was actually took back at the simplicity of it. Zap = pkg 2.0!

Peter Tribble said...

Tribblix has alien zones, which are for a different illumos distro. It knows how to unpack some illumos distributions (not smartos or current omnios, but it wouldn't be too hard to add rules for those).

In theory we can run S10, there's a separate S10 brand. I'm not sure anyone has actually run that for a while, so it's completely untested. If it's like the old S8 and S9 containers then the idea is that you P2V a running system, it was never designed for installation from scratch. But it's entirely possible to put together a simple installer that would populate a filesystem using the packages on one of the S10 ISO images, if anything that's easier than trying to unpick an OpenSolaris style live CD.