How to migrate a zone with shared to exclusive IP-stack

“Old” Solaris approach: a zone with exclusive IP-stack requires a separate physical network interface.

“New” Solaris 11 (project Crossbow, beginning b105) approach: you have one physical interface and you do with it whatever you want. You can create a whole network within your single box and a single network card.

Here’s an example on how to migrate your existing zones with shared stack to “independent” zones.

Old configuration: one global zone (system name xeon), one non-global zone (dmz), one physical interface (e1000g0), two VLAN’s (1 and 10):

xeon# ifconfig -a


e1000g1000:  #VLAN 1 (global zone)
flags=201000843 mtu 9000 index 3
inet 10.0.1.100 netmask ffffff00 broadcast 10.0.1.255
ether 0:18:f3:ef:2a:d0

e1000g1000:1: #VLAN 1 (zone dmz)
flags=201000843 mtu 9000 index 3
inet 10.0.1.101 netmask ffffff00 broadcast 10.0.1.255
ether 0:18:f3:ef:2a:d0

e1000g10000:  #VLAN 10 (zone dmz)
flags=201000842 mtu 9000 index 5
inet 10.0.0.100 netmask 0
ether 0:18:f3:ef:2a:d0

xeon# cd /etc/zones
xeon# more dmz.xml
. . .

. . .

“Defrouters” are defined in the global zone. So, if the global zone has a defaultrouter set to 10.0.1.1, you will have this route in zone “dmz”. You can’t get rid of it and force the traffic to 10.0.0.1. Instead you will have two default routes in both zones.

Now, let’s have a look at the virtual interfaces (a part of the new concept).
Currently we do not have any:

xeon# dladm show-vnic
xeon#

Let’s create two virtual interfaces, each of them will belong to a separate VLAN. You can choose a name for a virtual interface and call it whatever (almost ;-) ) you want:

xeon# dladm create-vnic -l e1000g0 -v 10 dmz0
xeon# dladm create-vnic -l e1000g0 -v 1 dmz1


xeon# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VID
dmz1 e1000g0 1000 2:8:20:fb:6a:82 random 1
dmz0 e1000g0 1000 2:8:20:52:8e:c5 random 10

Now we have two virtual interfaces:

  • dmz1 – VLAN 1
  • dmz0 – VLAN 10

with randomly assigned MAC addresses. You can assign an arbitrary MAC address to a virtual interface or use a factory one. (see man dladm).

Reconfigure the zone:

xeon# zonecfg -z dmz
zonecfg:dmz> info
. . .
net:
address: 10.0.0.100
physical: e1000g10000
defrouter: 10.0.0.1
net:
address: 10.0.1.101
physical: e1000g1000
defrouter: 10.0.1.1
. . .
zonecfg:dmz> set ip-type=exclusive
zonecfg:dmz> remove net address=10.0.0.100
zonecfg:dmz> remove net address=10.0.1.10
zonecfg:dmz> add net
zonecfg:dmz:net> set physical=dmz0
zonecfg:dmz:net> end
zonecfg:dmz> add net
zonecfg:dmz:net> set physical=dmz1
zonecfg:dmz:net> end
zonecfg:dmz> info
. . .
ip-type: exclusive
. . .
net:
address not specified
physical: dmz0
defrouter not specified
net:
address not specified
physical: dmz1
defrouter not specified
zonecfg:dmz> commit
zonecfg:dmz> exit

Now, (re)boot your zone and configure the network interfaces and default routes as if they were on a standalone system.

xeon# netstat -rn | fgrep defa
default 10.0.1.1 UG 1 12408
xeon# zlogin -C dmz
. . .
dmz# ifconfig -a
dmz0: flags=201000843 mtu 9000 index 2
inet 10.0.0.100 netmask ffffff00 broadcast 10.0.0.255
ether 2:8:20:52:8e:c5


dmz1: flags=201000843 mtu 9000 index 3
inet 10.0.1.101 netmask ffffff00 broadcast 10.0.1.255
ether 2:8:20:fb:6a:82

dmz# netstat -rn | fgrep defa
default 10.0.0.1 UG 1 5156

Nice! I love Solaris …

Bluefish 1.3.3 under OpenSolaris or Solaris Nevada

To speed things up Bluefish 1.3.3 has static inline functions. However, GCC thinks that the “inlineness” is defined twice:

bftextview2_scanner.c:257: error: duplicate `inline’
bftextview2_scanner.c:305: error: duplicate `inline’
bftextview2_scanner.c:339: error: duplicate `inline’
bftextview2_scanner.c:383: error: duplicate `inline’
bftextview2_scanner.c:432: error: duplicate `inline’
gmake[3]: *** [bftextview2_scanner.o] Error 1
gmake[3]: Leaving directory `/var/tmp/bluefish-unstable-1.3.3/src’
gmake[2]: *** [all-recursive] Error 1
gmake[2]: Leaving directory `/var/tmp/bluefish-unstable-1.3.3/src’
gmake[1]: *** [all] Error 2
gmake[1]: Leaving directory `/var/tmp/bluefish-unstable-1.3.3/src’
gmake: *** [all-recursive] Error 1

This is an excerpt from the source:

#ifdef __GNUC__
__inline__
#endif

static inline void paint_margin_line(BluefishTextView *btv,
GdkEventExpose * event,
gint w,gint height) {

To fix remove one of the inline definitions for all functions. For example, change from:

static inline void paint_margin_line(BluefishTextView *btv,
GdkEventExpose * event,
gint w,gint height) {

to

static void paint_margin_line(BluefishTextView *btv,
GdkEventExpose * event,
gint w,gint height) {

Also see the previous post (/archives/432) on Bluefish.

How to compile Bluefish 1.3.x under OpenSolaris or Solaris Nevada

  1. Get intltool package (for example, from blastwave)

    If you use the bundled intltool, you will get the following error:

    Undefined first referenced
    symbol in file
    libintl_bind_textdomain_codeset bluefish.o
    libintl_gettext bf_lib.o
    libintl_textdomain bluefish.o
    libintl_bindtextdomain bluefish.o
    libintl_ngettext file.o
    ld: fatal: symbol referencing errors. No output written to bluefish-unstable
    collect2: ld returned 1 exit status
    gmake[3]: *** [bluefish-unstable] Error 1
    gmake[3]: Leaving directory `/var/tmp/bluefish-unstable-1.3.2/src’
    gmake[2]: *** [all-recursive] Error 1
    gmake[2]: Leaving directory `/var/tmp/bluefish-unstable-1.3.2/src’
    gmake[1]: *** [all] Error 2
    gmake[1]: Leaving directory `/var/tmp/bluefish-unstable-1.3.2/src’
    gmake: *** [all-recursive] Error 1
  2. Set the LIBS variable:
    export LIBS=”-lsocket -lnsl -L/usr/csw/lib -lintl”
  3. Put /usr/gnu/bin directory in the first place in PATH. For example:
    export PATH=/usr/gnu/bin:/usr/bin:/usr/sbin:/usr/openwin/bin:
    /sbin:/usr/dt/bin:/usr/sfw/bin:/usr/csw/bin:/usr/local/bin

    The reason is two different xgettext programs. The configure script wants the GNU version:

    checking for xgettext… (cached) /usr/bin/xgettext
    checking for msgmerge… /usr/bin/msgmerge
    checking for msgfmt… (cached) /usr/bin/msgfmt
    /usr/bin/xgettext: illegal option — version
    Usage: xgettext [-a [-x exclude-file]] [-jns][-c comment-tag]
    [-d default-domain] [-m prefix] [-M suffix] [-p pathname] files …
    xgettext -h
    ERROR: Cannot open file –version.
    configure: error: GNU gettext tools not found; required for intltool

Compiling Wine 1.1.14 for OpenSolaris or Solaris Nevada

Update 15.02.2009 @ 14:04: Same for wine 1.1.15…

The following error:

ipstats.c: In function `getInterfaceStatsByName’:
ipstats.c:279: error: called object is not a function
ipstats.c: In function `getICMPStats’:
ipstats.c:472: error: called object is not a function
ipstats.c: In function `getIPStats’:
ipstats.c:641: error: called object is not a function
ipstats.c: In function `getTCPStats’:
ipstats.c:778: error: called object is not a function
ipstats.c: In function `getUDPStats’:
ipstats.c:862: error: called object is not a function
ipstats.c: In function `getNumWithOneHeader’:
ipstats.c:985: error: called object is not a function
ipstats.c: In function `getRouteTable’:
ipstats.c:1255: error: called object is not a function
ipstats.c: In function `getTcpTable’:
ipstats.c:1607: error: called object is not a function
gmake[2]: *** [ipstats.o] Error 1
gmake[2]: Leaving directory `/var/tmp/wine-1.1.14/dlls/iphlpapi’
gmake[1]: *** [iphlpapi] Error 2
gmake[1]: Leaving directory `/var/tmp/wine-1.1.14/dlls’
gmake: *** [dlls] Error 2

Is caused by redefinition of the ERR function in the wrong place. To fix move #include “wine/debug.h” behind all includes in dlls/iphlpapi/ipstats.c:

From (line 24):
. . .
#include “config.h”
#include “wine/port.h”
#include “wine/debug.h”

#include
#include
. . .

to (line 126):

. . .
#include “windef.h”
#include “winbase.h”
#include “iprtrmib.h”
#include “ifenum.h”
#include “ipstats.h”
#include “wine/debug.h”
. . .