http://thegeekdiary.com/how-to-create-and-configure-solaris-10-zones/
Solaris zones enables a software partitioning of solaris 10 OS to support multiple independent, secure OS environments to run in the same OS. Each environment has separate process space, resource allocation and users. Zones is widely used in production environments as it is easy to setup and doesn’t require any special hardware like ldoms does.
Zone types
Global zone – every installed OS acts like a global zone, which is present by default. All non-global zones can only be intalled, configured and administered from global zone.
Non-global zone – They share the functioning of the kernel booted under the global zone. All the software and other resources are inherited from the global zone.
Whole Root zone (Big zone) – It gets their own writable copy of all the file systems like /opt, /usr. It takes more disk space.
Sparse root zone (Small zone) – File systems like /opt, /usr are shared from global zone as loopback file-system (you only have a read-only access to these directories in non-global zone). It takes very less disk space.
Branded zones – These are solaris 8 or solaris 9 zones on the solaris 10 global zones.
Configuring a zone with minimal settings
Let us create a new zone with a minimal resources and settings required to get it up and running. We’ll see how to add other resources like cpu, memory, file system etc later in this post.We would be creating a sparse root zone in this case. To create a whole root zone we just have to use create -b instead of just create in the configuration prompt.
global# mkdir -p /zones/zone01 global# chmod 700 /zones/zone01 global# zonecfg -z zone01 zone01: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:zone01> create zonecfg:zone01> set zonepath=/zones/zone01 zonecfg:zone01> set autoboot=true zonecfg:zone01> verify zonecfg:zone01> commit zonecfg:zone01> exit
Install and boot the zone
Now install the zone and boot it. Upon booting we can login into the console of the zoen to configure it.
global# zoneadm -z zone01 verify global# zoneadm -z my-zone install global# zoneadm -z my-zone list -ivc ID NAME STATUS PATH BRAND IP 0 global running / native shared - zone01 installed /zones/zone01 native shared global# zoneadm -z my-zone boot global# zoneadm list -v ID NAME STATUS PATH BRAND IP 0 global running / native shared 1 my-zone running /zones/zone01 native shared global# zlogin -C zone01 global # zlogin zone01
-C here connects you to the console of the zone. This has to be done only once to get the zone configured with hostname, timezone and other basic settings.
Resource configuration examples
Below are some most commonly used examples of resource configuration in a zone.
CPU
1. Dedicated CPU
To see the CPU information in the global zone you can use
global# psrinfo -v
global# psrinfo -vp
After you have confirmed the CPUs you want to use, you can add a fixed no of CPUs to the zone.
zonecfg:zone01> add dedicated-cpu zonecfg:zone01:dedicated-cpu> set ncpus=1-2 zonecfg:zone01:dedicated-cpu> set importance=10 (optional, default is 1) zonecfg:zone01:dedicated-cpu> end
Memory
Capped Memory
zonecfg:my-zone> add capped-memory zonecfg:zone01:capped-memory> set physical=50m [max memory that can be used by this zone] zonecfg:zone01:capped-memory> set swap=100m zonecfg:zone01:capped-memory> set locked=30m [memory locked for use by this zone] zonecfg:zone01:capped-memory> end
File system
a. Loopback FS
zonecfg:zone01> add fs zonecfg:zone01:fs> set dir=/usr/local zonecfg:zone01:fs> set special=/opt/zones/my-zone/local zonecfg:zone01:fs> set type=lofs zonecfg:zone01:fs> end
here /usr/local will be readable and writable in non-global zone
b. Normal file system
zonecfg:zone01> add fs zonecfg:zone01:fs> set dir=/data01 zonecfg:my-zone01:fs> set special=/dev/dsk/c1t1d0s0 zonecfg:my-zone01:fs> set raw=/dev/rdsk/c1t1d0s0 zonecfg:my-zone01:fs> add options [logging, nosuid] (optional) zonecfg:my-zone01:fs> end
ZFS dataset
When we delegate a dataset to a non-global zone we can do any operation on that dataset inside of the zone without requiring global zone to configure it all the time.
zonecfg:zone01> add dataset zonecfg:zone01> set name=tank/sales zonecfg:zone01> end
Inherit package (sparse root zone only)
Now in case of sparse root zone we can inherit some of the packages from the global zone.
zonecfg:my-zone> add inherit-pkg-dir zonecfg:my-zone:inherit-pkg-dir> set dir=/opt/sfw zonecfg:my-zone:inherit-pkg-dir> end
NOTE: These resources can not be modified once the zone is installed
IP
We can either give an exclusive IP using a dedicated interface to a non-global zone or use an existing interface in the global zone to share it with the non-global zone. When we configure an exclusive IP we have to configure IP address inside of the non-global zone and not during the configuration.
a. Exclusive IP
zonecfg:my-zone> set ip-type=exclusive zonecfg:zone01> add net zonecfg:zone01:net> set physical=hme0
NOTE: No need to specify IP here you can control everything from inside of the non-global zone
b. Shared IP
In this case zone uses a shared interface which is already plumbed and being used in the global zone.
zonecfg:zone01> add net zonecfg:zone01:net> set address=192.168.1.2 zonecfg:zone01:net> set physical=hme0 zonecfg:zone01:net> set defrouter=10.0.0.1 [optional] zonecfg:zone01:net> end
Device
We can also directly assign a physical device like disk to a non-global disk.
zonecfg:zone01> add device zonecfg:zone01:device> set match=/dev/rdsk/c0t1d0 zonecfg:zone01:device> end
Comments
In case you want to add some comments like function of the non-global zone or anything else for that matter.
zonecfg:zone01> add attr zonecfg:zone01:attr> set name=comment zonecfg:zone01:attr> set type=string zonecfg:zone01:attr> set value="Hello World. This is my zone" zonecfg:zone01:attr> end
Other
Other settings like scheduling class of the CPU in the non-global zone can also be configured from the global zone.
zonecfg:zone01> set limitpriv="default,sys_time" zonecfg:zone01> set scheduling-class=FSS
Other administrative commands
To reboot a zone : # zoneadm -z reboot To halt a zone : # zoneadm -z zone halt To uninstalling a zone : # zoneadm -z zone uninstall -F To delete an uninstalled zone : # zoneadm -z zone delete -F Get all configuration info : # zonecfg -z zone info login into a zone in safe mode : # zlogin -S zone prstat on all zones : # prstat -Z prstat on a single zone : # prstat -z zone