Solaris zones or Solaris containers dependent on where you work and how you use it have been available in since the initial release of Solaris 10 in 2005. It has worked well for isolating workloads and creating virtual execution environments inside a single kernel with minimal overhead. There have however been a few bumps along the way, especially when it comes to patches and upgrades. With the new Solaris 10 9/10 I feel that most of the problems have been solved so here is a summary of the road behind us.
The upgrade scenario for zones was all but forgotten at the time of the first Solaris 10 release and the first update only supported upgrades when booting from DVD and no live upgrade support.
Sun however realized that this was quite a problem for both them and their customers, so project ZULU was created to solve the problem (Zones Upgrade Live Upgrade, PSARC/2006/167).
ZULU was delivered with Solaris 10 update 4 which was the first release to support real upgrades of zones including live upgrade, but ZFS was still not supported as underlying filesystem for zones and live upgrade did not know how to handle such zones.
ZFS is a key component for easy live upgrade of zones. With zones on ZFS there is no need to copy all OS/Zone instances to a separate filesystem, possible requiring additional disks and overhead of administration. Live upgrade creates a ZFS clone of the needed filesystems and uses them for the upgrade. The support for Zones on ZFS was delivered with Solaris 10 10/08 (Update 6).
Live upgrade was only part of the solution, if you where unable to use live upgrade or if you where forced to have customer applications down even with live upgrade you where still in trouble. The largest problem was the time it took to update a system with many zones, it could take days(!) to update a system with, lets say 30 zones on it. The upgrade/patching process was sequential and on top of that is was very time consuming. This has today been fixed by a couple of enhancements, we now have zones parallel patching that enables several zones to be patched in parallel. The package system have also been updated with "Turbo charged SVR4 packages" making it faster, especially for zone installations and upgrades.
Lastly there is the "update on attach" function making it possible to move zones to a updated machine (or detach the zones and upgrade the current host) then have them updated in parallel when attached to the system with the new OS/patch level. The "update on attach" functionality was delivered in two steps, the first one made sure the zone was in the minimum supported state for running on the host. The second step which came with the latest update of Solaris delivers something more like what most customers would want, all packages are updated which makes it more like an upgrade.
In short, you are implementing zones today, use Solaris 10 9/10, put all zones on ZFS and use Live Upgrade/Update on attach. This will make it easy to upgrade while minimize both the time for the upgrade and the downtime.
Short history of Zone features in Solaris updates:
Solaris 10 11/06 (Update 3)
Zone renaming
Zone move and clone
zone attach/detach
Privileges in zone configuration
Solaris 10 8/07 (Update 4)
Upgrades, Live upgrades (ZULU)
IP Instances (dedicated NIC/separate TCP/IP stack)
Resource setting for memory/CPU
Solaris 10 5/08 (Update 5)
Dry run of zone migration (zoneadm -n)
CPU caps for zones
Solaris 10 10/08 (Update 6)
Update on attach
Default router in shared stack
Full ZFS support for zones
Solaris 10 10/09 (Update 8)
Turbo-Charged SVR4 Packaging
Zones Parallel Patching
Solaris 10 9/10 (Update 9)
Zones P2V (Physical to Virtual)
Host ID Emulation
"Upgrade on attach"
Jerry's blog Zones P2V
Patching zones goes zoom
PSARC/2009/173 Turbo-charging SVr4 package install
Austin API Summit Wrap-up
2 days ago
No comments:
Post a Comment