Monitoring UNIX Virtualization – Oracle Solaris Containers

There are occasions where I have been asked this question from customers asking how to use HP Ops Agent to monitor Solaris zones. So here's an article on this.

 

Unlike VMware, Solaris Container virtualization is pure unadulterated OS virtualization. Basically the sys-admin creates partitions (or containers or ‘zones’) within the system wherein users can run individual workloads in water-tight compartments. The base OS is called the global zone and the smaller containers are called non-global zones. Note here that the base OS kernel and many of its services are shared with the non-global zones.

 

Think about it.. How cool would it be if you could create a smaller windows desktop within your desktop, for testing a new app – at the end of the day, you don’t have to worry about your desktop being affected as the test is done within your smaller container desktop, and when you delete this container, it is all gone – no trace of the container or its apps left on your system.

 

Note also that this allows running some older version of the Solaris OS (like Solaris 8 and Solaris 9) as ‘legacy containers’.

 

To take the above example further, you can run windows NT/Server 2003 apps within containers in your desktop, if you had this feature. Again, cool stuff, if you really need that app to do something important for you.

 

For folks from HP-UX world, closest to this is HP-UX SRPs (secure resource partitions or ‘HP-UX containers’) and HP 9000 containers for PA-RISC apps running on pre-integrity HP-UX OS versions such as 11.11 or so.

 

NOTE: Zones are different from logical domains (lDoms, in short). Logical domains or Oracle VM Servers are a complementary offering from Oracle for kernel separation between virtual machines, which is unlike the case with containers (which run within a single kernel space on a box). To understand further differences read this blog post.

 

HP’s similar offering in this area is HP vPAR Virtual machines for HP-UX. 

 

So what's important to monitor in Solaris containers?

 

Of course the base OS (a.k.a global zone) and beneath it, the hardware is important to monitor. Then it is important to monitor the containers/partitions and apps running within the containers. Here’s a schematic showing what’s important to monitor.

 

 solaris-container-monitoring.png

 

NOTE: Image above shows SPARC/Intel as the processor for simplicity - even though Solaris supports running on Intel x86 family of processors do note that lDoms are not supported on Intel x86 servers. If a customer is running Solaris on Intel processors, the logical domain ring is not present and should be ignored. Containers however are supported on both SPARC and Intel architectures.

 

Basically this shows how monitoring is required at all levels for compute resource (CPU and memory) usage and IOPS (disk and network), and this is not just because I am from HP that I am saying this. As long as your apps are critical it is important to monitor them too.

 

So in effect you need to monitor typically all aspects of your infrastructure and then, the apps that run on top.

 

  1. Hardware monitoring
  2. Logical domains
  3. Global zones
  4. Non-global zones
  5. Apps running within the zones

 

What's the deployment picture?

 

solaris-zones-deployment-3.png

 

As you would see above the HP Operations Agent can be deployed on the global zone for close ended monitoring of the SPARC server and the Solaris zones. The OM agent works fine on non-global zones but you may choose not to install to reduce additional CPU cycles used for monitoring, in each zone. If you do not install OM agent in a non-global zone, for monitoring disk space within non-global zones, HP SiteScope may be used.

 

To monitor lDoms (logical domains) which are partitions within a SPARC server one needs to be operating in the control domain on the SPARC server. As of today it is not supported to run agent software within a control domain. As a result, it is not possible to monitor logical domains from the control domain. However again, SiteScope or other custom agentless solutions may be used in this context.

 

-          To monitor the logical domains, you can use SiteScope with the ssh script monitor, and send out threshold alerts on the data obtained or use SNMP trap interceptor policies with HP Ops Manager and Agents (http://docs.oracle.com/cd/E35434_01/html/E23807/monitorldoms.html#queryldomsmibhttp://docs.oracle.com/cd/E19053-01/ldoms.mgr10/820-2319-10/chapter1.html)

 

NOTE: You can use the very nifty 'mib2pol' script to create a SNMP trap interceptor OM policy directly from the mibfile.

 

-          To monitor global and non-global zones and apps running within the zones, install the HP operations agent.

 

You could build your own policies to monitor the zones or use the HP OM Virtualization SPI (VISPI). VISPI provides the following policies to monitor the non-global and global zones.

 

  • CPU, Memory and Swap utilization monitors (for non-global zones)
  • CPU, Memory, Process monitors (for global zone)
  • Zone state monitor (deploy to Global zone) - alerts when a zone is shutdown for instance

In addition there are SISPI policies which provide monitoring for global and non-global zones alike - if you have the VISPI policies deployed to the global zone, obviously you don't want to have SISPI policies deployed into non-global zones - that's redundant monitoring.

 

Monitoring CPU pools and zones with shared resources is done most effectively from the global zone.

  

References, Links

 

 

Comments
| ‎08-12-2013 08:22 AM

Really useful!

 

Thanks.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Ramkumar Devanathan (twitter: @rdevanathan) works in the IOM-Customer Assist Team (CAT) providing technical assistance to HP Software pre-sa...
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.