tech/work { spoofing hostids in solaris 10 native zones

So at work we have an application suite that uses a licensing tool that is bound to specific hostids. This can pose a problem as in Solaris 10, the non-global zones inherit the hostid of the global (or source) zone, meaning you could only have one copy of this software running at a time, not cool if you want to leverage zones.

With the new Solaris 8 and 9 branded zones, you can embed a string in the XML config file like this:

add attr
set name=hostid
set type=string
set value=80001234

and it will reassign the hostid. This was put in place so you could pick up and move Solaris 8/9 install and move them to within a zone. Good idea, useful feature...only it doesn't work for native Solaris 10 zones. I didn't read the docs fully and was dismayed as I thought this was part of Solaris 10 Update 4. It isn't. I then went on a two day search for a solution. The first day was pursuing official SUN channels. This only resulted in a response that a RFE (request for enhancement) has been made and it will appear in an update of Solaris 10 in the future. Not good for my more immediate needs.

Day two was spent with the swiss army knife for sys admins, google. I really only spent two hours researching it but in that time I found a few things. One is that this is not a new need, people have been looking to do this since 2005 when Solaris 10 was released. Secondly there are some easy ways to do it and some less than ideal ways to do it. Eventually what helped me solved my problem was this post here (http://tinyurl.com/6fa63z). I tried the compile your own newhostid.so library and it worked, but I had problems with other shared libraries not working, mostly because of the LD_PRELOAD flag needs to have all your system libraries for proper functioning. That page also had a link to someone who put together a dtrace script that let you spoof host ids on the fly. He has a dtrace script called zhostid with the source found here (http://tinyurl.com/62wjq5). This was exactly what I was looking for as it let me add more zones to the list as I built more, could be start/stopped at anytime with seemingly minimal impact on the system. And it works fine in a clustered environment, which is where these zones are running. You just need to put this script into a start script for boot time in both nodes (or as many as you have). Now this is the part I don't like. I generally don't like using nohup for scripts, but for now it was the only way I can get this script to start and background and keep running. I'm researching putting this into SMF if I can.

For now I made a


start script that just basically called this script and backgrounded via nohup. I then linked the script old school into rc3.d until (if I can) put it into SMF.

cd /etc/rc3.d ; ln -s /etc/init.d/zhostid S99zhostid

Some caveats.

First off this script isn't supported. Its meant for demonstration purposes and the author states this clearly in his comments in the script, and its released under GPL, so make sure to credit it properly if you make changes. SUN generally doesn't support host id spoofing, I guess with the exception of in branded zones, but they also at this time do not provide functionality to easily do this.

Secondly, you are modifying the running system and modifying a system call. Dangers are inherent with procedures like this. But I feel in this instance it is fairly safe and non-destructive. You just need to be aware this could cause some oddities if you're ever troubleshooting.

But it works. And seems to work well for the needs I had.

No comments: