Back to the main page
syslog-ng installation on Solaris non-global zone
Installing syslog-ng on a zone requires little bit more exercise, so you can combine this document with this one.
First install syslog-ng on the global zone (I assume there is no non-global zone yet).
If you need help, see previously mentioned document (I'll "call" this document couple of times).
Okay, so syslog-ng is installed in the global zone. There are many approaches what to do next.
Maybe configure syslog-ng in the global zone and then install non-global zone or do not configure anything in the global zone but install non-global zone and configure syslog-ng there.
Maybe good idea is to configure syslog-ng in the global zone since this can be possibly syslog-ng client in future. Remember that syslog-ng server is going to be in our non-global zone.
Okay, let's go with approach of installing and configuring syslog-ng in the global zone before installing non-global zone.
Basically repeat whole steps from mentioned link (this will install and configure syslog-ng in global zone; also integrate syslog-ng as new Solaris service).
Now, install the non-global zone. I will write in details about this somewhere else.
For now let's just see information about non-global zone (called gek)
# zonecfg -z gek info
zonename: gek
zonepath: /zones/gek
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
inherit-pkg-dir:
dir: /opt
net:
address: 192.168.etc.etc
physical: e1000g0
defrouter not specified
|
We see that non-global zone inherits five directories from global zone, and they are read-only as you can see below.
{gek}/usr/local> touch 1
touch: cannot create 1: Read-only file system
|
Also try this command just to get more info about inherited directories that are actually now loopback file systems.
# df -F lofs -h
Filesystem size used avail capacity Mounted on
/dev 67G 23M 67G 1% /dev
/lib 3.9G 1.7G 2.2G 43% /lib
/opt 3.9G 1.7G 2.2G 43% /opt
/platform 3.9G 1.7G 2.2G 43% /platform
/sbin 3.9G 1.7G 2.2G 43% /sbin
/usr 3.9G 1.7G 2.2G 43% /usr
|
Our syslog-ng.conf file is in /usr/local/etc and we certainly need write permissions there.
So how are we going to fix this? Well, let's try this exercise:
1. Rsync content from /usr/local/etc to /etc/local (/etc is not inherited directory so we can write there)
|
# /opt/csw/bin/rsync -aH /usr/local/etc /etc/local
|
2. Add the line in /etc/vfstab file (basically we create new loopback file system)
|
/etc/local - /usr/local/etc lofs - yes -
|
3. Mount directory with command:
Now we are able to write to /usr/local/etc and edit syslog-ng.conf file.
Same steps can be performed for other "read-only" directories, like /opt (you may have other configuration files in /opt/csw/etc and you can create loopback file system /etc/csw that mounts /opt/csw/etc).
Login to non-global zone with zlogin zone_name
Same as in global zone, system-log is "free" of dependants who will now depend on syslog-ng.
# svcs -D system-log
STATE STIME FMRI
online 16:32:52 svc:/milestone/multi-user:default
Now you can use again previously mention link and integrate syslog-ng in Service Management Facility.
You'll have to alter only /var/svc/manifest/system/syslog-ng.xml file.
No need to alter the executable (method file) /lib/svc/method/syslog-ng since it is in inherited /lib and it was already taken care of in global zone, remember?
Disable system-log service.
Validate and import syslog-ng.xml
# svccfg
svc:> validate /var/svc/manifest/system/syslog-ng.xml
svc:> import /var/svc/manifest/system/syslog-ng.xml
svc:> quit
|
Enable syslog-ng service.
# svcadm -v enable -r syslog-ng
And this should be it. Once again, you may want to verify ownership and permissions of .xml and method files to be in line with other services' files.
PostScript:
Once I started working more seriously with syslog-ng on non-global zones, I realized there is also one important step I didn't mention in this document.
Where are you going to login? Right! Here is the deal (just example from my work).
I have SF X4200 with 2 x 73G and 2 x 146G.
The OS was installed with zfs as boot file system (I will elaborate this in other documents) on 2 x 73G and other two disks will be for logging.
Just to get better picture, zpool history command shows:
zpool create space1 mirror c0t2d0 c0t3d0
zfs set compression=on space1
zfs create -o mountpoint=/logs space1/logs
|
And you can also use zfs list
NAME USED AVAIL REFER MOUNTPOINT
space1 236K 134G 18K /space1
space1/logs 108K 134G 108K /logs
Okay, so you see, I want logging to /logs. But this is in global zone. So here is how to allow non-global zone to access this file system in global zone.
In the example, syslog-dc is name of non-global zone (this is my syslog-ng server).
Basically we add loopback mounted file system.
# zonecfg -z syslog-dc
zonecfg:syslog-dc> add fs
zonecfg:syslog-dc:fs> set dir=/logs
zonecfg:syslog-dc:fs> set special=/logs
zonecfg:syslog-dc:fs> set type=lofs
zonecfg:syslog-dc:fs> end
zonecfg:syslog-dc> commit
zonecfg:syslog-dc> exit
# zoneadm -z syslog-dc reboot
# zlogin syslog-dc
{syslog-dc}/> df -F lofs -h
Filesystem size used avail capacity Mounted on
/dev 8.0G 15M 8.0G 1% /dev
/lib 4.0G 1.3G 2.7G 34% /lib
/logs 134G 109K 134G 1% /logs
/opt 4.0G 1.3G 2.7G 34% /opt
/platform 4.0G 1.3G 2.7G 34% /platform
/sbin 4.0G 1.3G 2.7G 34% /sbin
/usr 4.0G 1.3G 2.7G 34% /usr
/etc/csw 8.0G 15M 8.0G 1% /opt/csw/etc
/etc/local 8.0G 15M 8.0G 1% /usr/local/etc
|
Happy logging!
Back to the main page