| Solaris |
|
|
Test Plan for txzonemgr
Test Plan for Txzonemgr
Preliminary Steps
Before running txzonemgr it is necessary to install and enable Trusted Extensions. This version of txzonemgr is designed to work with the legacy network service, network/physical:default. Ensure that this service is enabled and that nwam is disabled by running the following commands:
svcadm disable network/physical:nwam
svcadm enable network/physical:default
To test the network options you will need at least two IP addresses, one for the global zone and one or more for non-global zones.
Follow the steps described in Running Trusted Extensions Using the OpenSolarisDev Repository
up to the point of assuming the root role. Then follow the steps on this page. You must have the most recent version of txzonemgr installed in /usr/sbin. Make sure you also have the program tgnome-selectlabel installed.
First Time Usage
From a root role Terminal window, enter txzonemgr. Assuming you have not created any zone yet, you should see the following dialog:
Do you want to create the public zone using default settings?
Click OK. A Terminal window should pop up displaying the title Installing public zone. After this completes and exits, another Terminal window displaying the title Zone Terminal Console: public should pop up. The zone should automatically boot, initialize and prompt for the root password. Enter F2 twice since the password is automatically the same as the current root password in the global zone. The zone will reboot again. There may be a message about the DNS multicast service failing which can be ignored.
You should also see a zenity dialog showing the state and options for the public zone. Select the following:
Halt
You should see the message [Notice: Zone Halted] in the Zone Console window. In public zone command list, do the following:
Select another zone...
Global Zone Configurations
Select the global zone. Then select
Configure Network Interfaces..
Select the interface corresponding to your hostname. It should be listed with a type of physical, a valid IP address, a template of cipso and the state Up. From the list of commands, select
Share with Shared-IP Zones
Create Logical Interface.
A notice should pop up identifying the name of the new logical interface. It should be the same as your primary interface with a :1 appended to it. After dismissing the notice, you should see a list of options for this this new interface. Select
Set IP address
You will be prompted for a new hostname to associate with this interface. Enter a valid hostname. If the hostname is not already defined in your local hosts file or your network name service, you will be prompted to enter an IP address corresponding to this hostname. Enter an invalid IP address and confirm that you get a reasonable error message. Then redo the command with a valid IP address. You should be prompted for a netmask. Enter the netmask for the corresponding network. Then select
Bring Up
Cancel
to pop back to the list of networks. Confirm that the information you entered is correctly displayed in the table. Then select the logical interface, and select
Remove Logical Interface
Verify that it is now removed from the table.
Then select Cancel to pop back to the global zone command list. If you have other systems running Trusted Extensions on your network, you can add access to them by selecting
Add Multilevel Access to Remote Host...
and entering the IP address of the other TX system. You will need to run the corresponding commands on that system, too, specifying the peer's IP address. As a test of txzonemgr, you can add and delete entries to the single and multilevel remote host lists. Verify the lists are updated with the values you have entered.
Now repeat the procedure for configuring network interfaces in the global zone, but this time select
Create Virtual Interface (VNIC)...
You should be prompted for the VNIC name. Use vnic0. Use the same values for hostname, IP address, and netmask as before. Click cancel to pop back to the updated network configuration table. After verifying that the information is correctly displayed in the table, select the vnic0 interphase and select
Remove Physical Interface
Cloning the First Labeled Zone
The public zone should still be halted. Select
Create a new zone...
You should be prompted to
Enter Zone Name:
Enter snapshot as the zone name. Then you should see a list of options for the snapshot zone. Choose
Clone...
You should see the name public in the list of installed zones. Select public by doubling clicking it or by single clicking and clicking OK. The snapshot zone is not supposed to be run automatically, so select
Set Manual Booting
The snapshot zone doesn't need a label if it is never booted. Verify the Boot option is not available.
Shared Interface Networking
Select another zone
and choose public*. Select the following:
Add Single-level Access to Remote Host...
Enter the IP address of a system on your network not running TX. Then enter
Boot
You see the zone booting messages in the Zone Console window. Login as root, and run
ifconfig -a
Verify that the primary interface and IP address are available in this zone. Verify that you can ping the host to which you previously added remote access. Now logout and close the Zone Console window.
Shared IP Stack Networking
Select
Select another zone
Choose global and then select
Create a new zone:
You should be prompted to
Enter Zone Name:
Specify internal. Then you should see a list of options for the internal zone. Choose
Select Label...
A label selection dialog should pop up. Select :INTERNAL USE ONLY from the Sensitivity column, and click OK. Select
Configure Network Interfaces...
From the table, select the Add a logical interface with the same interface you previously used to create a logical interface for the global zone. However, this time you are creating it for the internal zone. Specify the same hostname, IP address and netmask that you used before.
In the list of options for the internal zone, select
Clone...
Then select snapshot from the list of installed zones. It should be the only item in the list. Then select
Zone Console
Boot
After the zone is booted, login as root. Run the command
ifconfig -a
and verify that the logical interface you specified is correctly configured. Use the command Add Single-level Access to Remote Host. to verify you can reach a remote host using ping. Then use the Remove Access to Remote Host... and verify that you can no longer ping that host. Logout and close the Zone Console window.
From the list of internal zone commands select
Halt
Uninstall
Delete
Exclusive IP Stack Networking
Select the global zone from the list of zones and recreate the internal zone by repeating the steps to
Create a new zone..
Select Label...
Configure Network Interface...
This time select Add a virtual interface (VNIC) using the same physical interface. Then select
Clone...
You should be prompted for the hostname, IP address, and netmask again. Use the same answers as before. Then select
Configure Multilevel Ports...
Double click on the Private Interface: row until a blinking text cursor appears. Enter the following text:
80/tcp
Then shift click until that entire row turns blue (highlighted), and click OK. Confirm that the message Multilevel ports for the internal zone will be interpreted on next boot is displayed. After dismissing it, a label selection dialog should pop up. Select PUBLIC for the minimum network label for the zone. After clicking OK, another dialog for the maximum network label should appear. Select NEED TO KNOW, and OK. Then select
Zone Console..
Boot
After the zone is booted, login as root. Run the command
ifconfig -a
and verify that an interface named internal0 is available in the zone with the proper IP address and netmask values that you specified. Then run the command
tninfo -m internal
and verify that the port 80/tcp is included in the private entries list.
Then enter the command
tninfo -t internal_cipso
and verify that the min_sl and max_sl values correspond to what you entered in the previous dialogs.
Use the command Add Single-level Access to Remote Host. to verify you can reach a remote host using ping. Then use the Remove Access to Remote Host... and verify that you can no longer ping that host. Logout and close the Zone Console window.
Select Cancel twice to exit txzonemgr.
Terms of Use
|
Privacy
|
Trademarks
|
Copyright Policy
|
Site Guidelines
|
Site Map
|
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
© 2012, Oracle Corporation and/or its affiliates.