svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
zonep2vchk(8)
System Administration Commands zonep2vchk(8)
NAME
zonep2vchk - check a global zone's configuration for physical to vir‐
tual migration into non-global zone
SYNOPSIS
zonep2vchk -V
zonep2vchk [-T release] -c
zonep2vchk [-T release] [-P] [-b] [ -s path[,path...] ] [-S file]
[ -r {time}(h|m|s} ] [-x] [-e execname[,execname...] ]
[-E file]
DESCRIPTION
The zonep2vchk utility is used to evaluate a global zone's configura‐
tion before the process of physical-to-virtual (p2v) migration into a
non-global zone.
The p2v process involves archiving a global zone (source), and then
installing a non-global zone (target) using that archive. For more
information, see the "install -a" documentation in the zoneadm(8) man
page.
zonep2vchk serves two functions. First, it can be used to report issues
on the source which might prevent a successful p2v migration. Second,
it can output a template zonecfg, which can be used to assist in con‐
figuring the non-global zone target.
zonep2vchk can be executed on a Solaris 10 or later global zone. To
execute on Solaris 10, copy the zonep2vchk utility to the Solaris 10
source global zone.
SECURITY
The zonep2vchk utility must be run with an effective user ID of zero.
It interrogates the configuration state of a variety of Solaris subsys‐
tems.
OPTIONS
The following options are supported:
-V
Display the command version and exit.
-T release
Specify the target release. The defaults are:
Global Zone Default Target
Solaris 10 S10
Solaris 11 S11
Any configuration files generated by zonep2chk will be applicable
to the target release. See -c below.
When run on Solaris 10, a target release of S11 can be specified,
which will check for p2v into a Solaris 10 Branded zone.
When the target is S11, it is assumed that an exclusive IP stack
will be used.
If a particular feature in use by the global zone requires a par‐
ticular patch/update level of the target to function, this informa‐
tion will be printed in the zonep2vchk output.
-P
Generate machine-parseable output. See the section "Parseable Out‐
put Format" below.
-c
Display a template zone configuration on stdout in the form of
zonecfg(8) export output. This configuration will contain resource
limits and network configuration based on the source host's physi‐
cal resources and networking configuration.
-b
Perform basic checks. This will check the global zone for issues
that could prevent a successful p2v. This is the default behavior
if none of -b, -c, -s, -S, -r, -x are specified.
-r{time} (h|m|s)
Perform runtime checks for the specified duration. This will ana‐
lyze the currently executing processes in the global zone, and
report issues that could prevent successful execution inside a non-
global zone. Issues reported reflect actions made by the processes
during the time in which zonep2vchk was executing.
-x
Perform runtime checks (as with -r) until SIGINT is received, such
as is delivered by Ctrl-c from most shells.
-e execname[,execname...]
When performing runtime analysis (-r, -x), limit inspected programs
to those matching the specified list of execnames. The execname is
the name of process, as returned by ps -o comm. It is not neces‐
sary for named processes to exist when zonep2vchk is invoked. Any
matching processes created while zonep2vchk is running will be
inspected.
-E file
Similar to -e, but reads the list of execnames from file, one per
line.
-s path[,path...]
Perform static binary analysis on the files or directories speci‐
fied. This will inspect ELF binaries for system and library calls
that might affect function inside a zone. Directories will be
recursed, and non-ELF files will be ignored.
-S file
Similar to -s, but reads the path list from file, one per line.
PARSEABLE OUTPUT FORMAT
zonep2vchk will output a single line of parseable output for each issue
detected. The line format is:
category:issue:field1:[field2:...]
Each field is delimited by a colon (:). Colon characters escaped with a
backslash (\:) should not be treated as field delimiters.
Multiple instances of the same issue can be reported, each with fields
describing the particular instance of the issue.
Below the existing categories and issues are defined. Future versions
of zonep2vchk might include additional categories and issues. Existing
issues might have new fields added after the existing fields for exist‐
ing issues.
header Category
The header category lists information about the source, target, and
zonep2vchk version. The issues in this category are:
version
The version of the zonep2vchk command.
Field1: The version of the zonep2vchk command.
source
Information about the source system.
Field1: The nodename of the source system.
Field2: The /etc/release version of the source system.
Field3: The kernel version of the source system.
Field4: The platform of the source system.
target
Information about the specified target of the p2v check.
Field1: The Solaris version of the target.
Field2: The brand type that would be used on the target.
Field3: The ip-type of the expected zone on the target.
footer Category
The footer category lists final summary information. The issues in this
category are:
issues
A summary of the number of issues found.
Field1: The number of issues detected.
incompatible Category
The incompatible category represents issues that will not function in a
non-global zone. The issues in this category are:
etcsystem
An /etc/system tunable exists. These tunables do not function
inside a zone. The /etc/system tunable can be transferred to the
target global zone, but it will affect the entire system, including
all zones and the global zone. If there is an alternate tunable
that can be configured from within the zone, this tunable is
described.
Field1:
The /etc/system tunable setting.
Field2:
One of:
noalternate There is no alternate tunable from within a non-
global zone.
obsolete The tunable is obsolete on the target. It no
longer serves any function.
replaced The tunable has been replaced on the target. The
replacement is configured in the global zone,
and described by fields 3 and 4.
alternate An alternate tunable exists. This tunable can be
configured from within a non-global zone. The
tunable is described by fields 3 and 4.
noinfo zonep2vchk is not knowledgeable of the tunable.
Tunable likely has no alternate inside a zone.
Field3:
Type of alternate/replacement tunable.
Field4:
Description of alternate/replacement tunable.
be
More than one boot environment exists. Only the active boot envi‐
ronment will be transferable to the non-global zone.
Field1: The name of the non-active boot environment.
unsupported
A feature is enabled that will not function in a zone.
Field1: mobileip The mobile IP agent, which does not function in
a zone, is configured.
smb
The system is sharing a filesystem by means of in-kernel smb/cifs.
Zones cannot share filesystems by means of SMB.
Field1: Path of file system being shared.
pkg
A package delivering software known not to work in a zone is
installed.
Field1: Name of the package.
iscsi-target
The system is exporting an ISCSI target. Zones cannot export iSCSI
targets.
Field1: Name of the iSCSI target.
fcoe-target
The system has configured an FCOE target. Zones cannot configure
FCOE targets.
Field1: Ethernet device used.
Field2: WWN of the FCOE target.
fc-target
The system has configured an Fiberchannel target. Zones cannot con‐
figure Fiberchannel targets.
Field1: WWN of the Fiberchannel target.
npiv
The system has configured a virtual NPIV HBA. Zones cannot config‐
ure virtual HBAs.
Field1: Physical WWN hosting the virtual HBA.
Field2: Virtual WWN.
scsi
The system has configured an SCSI block device. Zones cannot con‐
figure scsi block devices.
Field1: Object configured as a SCSI device.
svcnotallowed
A service is enabled that will not function in a zone.
Field1: Name of the service.
resourcepool
A Solaris resource pool is configured. Zones cannot configure
resource pools.
Field1: Name of the pool.
pset
A processor set is configured. Zones cannot configure processor
sets.
Field1: Processor set ID.
Field2: List of CPU IDs in the processor set.
zones
Zones are configured. A zone cannot host zones. Any zones will not
exist in the target non-global zone after p2v. Zones can be
migrated separately using the detach/attach features in zoneadm(8).
Field1: Name of the zone.
Field2: State of the zone.
syscall (generated by -s and -f)
A binary makes a system or library call that cannot be made from a
zone.
Field1: Name of the binary file.
Field2: Name of the system or library call.
syscallargs (generated by -s and -f)
A binary makes a system or library call that cannot be made from a
zone if called with certain arguments.
Field1: Name of the system or library call.
See regular output (no -P) for details on disallowed arguments.
lib (generated by -s and -f)
A binary links with a library that cannot be used inside a zone.
Field1: Name of the binary file.
Field2: Name of the disallowed library.
privnotallowed (generated by -r and -x)
A privilege is used by a process that cannot be added to a zone.
Field1: Name of the process.
Field2: Name of the privilege.
devnotallowed (generated by -r and -x)
A device is opened by a process that cannot be added to a zone.
Field1: Name of the process.
Field2: Name of the device.
configuration Category
The configuration category represents issues that will require a con‐
figuration setting to allow the issue to function inside the non-global
zone. This could be a zonecfg(8) configuration setting, a configuration
change in the global zone, or both.
The issues in this category are:
datalink
A datalink feature is configured that cannot be configured from
within a zone. The datalink feature must be configured in the
global zone, and if necessary, delegated to the zone using zonecfg
add anet (Solaris 11 only) or zonecfg add net.
Field1: Name of the datalink feature. One of:
aggr Aggregation.
ibiface Infiniband interface.
ibpart Infiniband partition.
vnic Virtual NIC.
etherstub Ethernet stub.
bridge A bridge instance.
secobj A wireless WPA or WEB security object.
Field2: Datalink object name.
ntp-client
An NTP client service is enabled. This service updates the system
clock. Since all zones share the same system clock, this service is
disabled automatically during p2v. If it is desired that the zone
update the system clock on the target host, the zone will need the
privilege sys_time, and the service will need to be enabled inside
the zone after p2v.
Field1: FMRI of the client service.
driverconf
A networking device contains configuration settings in its .conf
file. Zones cannot configure drivers. The driver must be configured
in the global zone. Some network driver settings might be config‐
urable using dladm(8) instead of editing a driver configuration
file.
Field1: Path of the configuration file.
iscsi-initiator
The system is accessing an iSCSI target as a client. Zones cannot
access iSCSI targets. The global zone must be the iSCSI initiator.
The device can then be added to the zone using zonecfg add device.
Field1: iSCSI target being accessed.
fcoe-initiator
The system has an FCOE initiator configured. A zone cannot config‐
ure an FCOE initiator. The global zone must configure the FCOE ini‐
tiator, and make the SCSI target devices available to the zone
using zonecfg add fs or zonecfg add device.
Field1: Ethernet network device.
Field2: WWN of the initiator.
fc-initiator
The system has an HBA Fiberchannel port online. A zone cannot
access a Fiberchannel target. The target must be accessed from the
global zone and made available to the zone.
Field1: Fiberchannel HBA port WWN.
linkprop
Datalink properties are configured. A zone cannot configure
datalink properties. They must be configured from the global zone.
Field1: Name of the datalink.
Field2: Property name
Field3: Property value.
ndd
Tunables that cannot be configured by a zone have been configured
using ndd. These tunables must be configured from the global zone.
Field1: File or script setting the tunable.
Field2: Driver being tuned.
Field3: Tunable parameter.
dynaddr
One or more dynamically assigned IP addresses are configured on a
network interface. These addresses are not supported with shared-IP
zones. These IP addresses could change as a result of MAC address
changes. You may need to modify this system's address information
on the DHCP server and on the DNS, LDAP, or NIS name servers.
Field1 can be one of:
dhcp Configured DHCP address. In this case, Field2 is the
name of the interface configured for DHCP.
v6autoconf IPv6 stateless address configuration is enabled. In
this case, Field2 is the name of the interface with
IPv6 auto configuration.
sched
The system is configured with a default scheduling class. The
default scheduling class of a non-global zone can be configured
using the zonecfg set scheduler property. This will be provided in
the -c output.
Field1: The configured default scheduling class.
sharedonly
A networking feature is configured that is not supported in an
exclusive-IP zone. When migrating to a shared-IP zone, the feature
must be configured in the global zone to support communication.
Field1:
cgtp A Carrier Grade Transport Protocol interface has
been plumbed.
Field2: Name of the CGTP interface.
netdevalloc
A networking feature requires its underlying device be allocated to
the zone with the zonecfg add device command. This feature is not
supported with shared-IP zones.
svcpriv
A service is enabled that will require additional privileges be
added to the zone using the zonecfg(8) limitpriv property.
Field1: FMRI of the service.
Field2: List of the privileges required by the service.
svm
A Solaris Volume Manager metadevice is configured. Metadevices must
be configured in the global zone, and made available to the non-
global zone using zonecfg(8) add device, add fs, or add dataset.
Field1: Name of the metadevice.
ramdisk
A ramdisk device is configured. A zone cannot configure ramdisk
devices.
Field1: ramdisk device path.
vfstab
A filesystem mount is configured by means of /etc/vfstab. The
filesystem must be migrated to the target global zone and made
available to the non-global zone.
Field1: Device being mounted.
Field2: Mountpoint.
zpool
The system has additional zpools configured. These zpools must be
migrated to the target global zone, and made available to the zone
using zonecfg add dataset or zonecfg add fs.
Field1: Name of the pool.
privoptional
A process used a privilege that requires additional privilege be
added to the target non-global zone. See zonecfg(8) for a descrip‐
tion of the limitpriv property.
Field1: Name of the process.
Field2: Privilege used.
devoptional
A process opened a device that is not available in a zone by
default. See zonecfg(8) for a description of the add device
resource.
Field1: Name of the process.
Field2: Path of the device.
syscallpriv (generated by -s and -f)
A binary makes a system or library call that might require addi‐
tional privilege be added to the target non-global zone. See the
zonecfg(8) man page for a description of the limitpriv property.
See the non-parseable output for details concerning the system or
library call.
Field1: Path of the binary
Field2: Name of the system call.
syscallexclip (generated by -s and -f)
A binary makes a system or library call that might require an
exclusive-ip stack. See zonecfg(8) for a description of the ip-type
property. See the non-parseable output for details concerning the
system or library call.
Field1: Path of the binary
Field2: Name of the system call.
EXAMPLES
Example 1 Performing Static Binary Analysis
The following command performs static analysis on all ELF binaries in
two application directory trees:
# zonep2vchk -s /opt/myapplication,/usr/local
Example 2 Generating a Template for the Target Zone
The following command will generate a template zone configuration for
Solaris 11 when run on a Solaris 10 global zone.
# zonep2vchk -T S11 -c
Example 3 Analyzing Running Applications for a Period
The following command will analyze the process named myapplication for
one hour and report any activity that might not function in a zone.
# zonep2vchk -s 1h -e myapplication
Example 4 Performing Basic Checks
The following command will analyze the global zone for configuration
and Solaris features in use that might not function in a zone. Each
discovered issue will be reported as a single line of parseable output.
# zonep2vchk -bP
EXIT STATUS
The following exit values are returned:
0
Successful completion, no issues detected.
1
An internal error occurred.
2
Invalid usage.
3
One or more issues were detected.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/zones _ Interface StabilitySee below
Command invocation and parseable output is Committed. Human readable
output (default output) is Uncommitted.
SEE ALSO
attributes(7), dladm(8), solaris(7), zoneadm(8), zonecfg(8), zones(7)
NOTES
The static (-s and -f) checks make use of the elfdump(1) utility, which
is delivered by the following package:
Solaris 11 developer/base-developer-utilities
The runtime (-r) checks make use of the dtrace(8) utility, which is
delivered by the following package:
Solaris 11 system/dtrace
Oracle Solaris 11.4 16 May 2018 zonep2vchk(8)