1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding Trusted Extensions Software to the Solaris OS (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
6. Configuring a Headless System With Trusted Extensions (Tasks)
B. Using CDE Actions to Install Zones in Trusted Extensions
Associating Network Interfaces With Zones by Using CDE Actions (Task Map)
Specify Two IP Addresses for the System by Using a CDE Action
Specify One IP Address for the System by Using a CDE Action
Preparing to Create Zones by Using CDE Actions (Task Map)
Specify Zone Names and Zone Labels by Using a CDE Action
Creating Labeled Zones by Using CDE Actions (Task Map)
Resolve Local Zone to Global Zone Routing in Trusted CDE
Customize a Booted Zone in Trusted Extensions
Use the Copy Zone Method in Trusted Extensions
Use the Clone Zone Method in Trusted Extensions
Because zone creation involves copying an entire operating system, the process is time-consuming. A faster process is to create one zone, make the zone a template for other zones, and then copy or clone that zone template.
You have completed Specify Zone Names and Zone Labels by Using a CDE Action.
If you are using LDAP as your naming service, you have completed Make the Global Zone an LDAP Client in Trusted Extensions.
If you are going to clone zones, you have completed Create ZFS Pool for Cloning Zones. In the following procedure, you install the zone that you prepared.
This action creates a labeled virtual operating system. This step takes some time to finish. Do not do other tasks on the system while Install Zone is running.
# zone-name: Install Zone Preparing to install zone <zone-name> Creating list of files to copy from the global zone Copying <total> files to the zone Initializing zone product registry Determining zone package initialization order. Preparing to initialize <subtotal> packages on the zone. Initializing package <number> of <subtotal>: percent complete: percent Initialized <subtotal> packages on zone. Zone <zone-name> is initialized. The file /zone/internal/root/var/sadm/system/logs/install_log contains a log of the zone installation. *** Select Close or Exit from the window menu to close this window ***
Zone name: Type the name of the installed zone Host name for the zone: Type the host name for this zone
For example, on a system with a shared logical interface, the values would be similar to the following:
Zone name: public Host name for the zone: machine1-zones
This action makes the labeled zone an LDAP client of the same LDAP server that serves the global zone. The action is complete when the following information appears:
zone-name zone will be LDAP client of IP-address zone-name is ready for booting Zone label is LABEL *** Select Close or Exit from the window menu to close this window ***
The manual procedure in Trusted Extensions is identical to the procedure for the Solaris OS. If the system has at least one all-zones interface, then the hostname for all the zones must match the global zone's hostname. In general, the answers to the questions during zone initialization are the same as the answers for the global zone.
Supply the host information by doing one of the following:
Your answers are used to populate the sysidcfg file in the zone.
Note - You must ensure that a route for the Trusted CDE desktop exists from the labeled zone to the global zone. For the procedure, see Resolve Local Zone to Global Zone Routing in Trusted CDE.
Answer the prompt.
Zone name: Type the name of the zone that you are configuring
This action boots the zone, then starts all the services that run in the zone. For details about the services, see the smf(5) man page.
The Zone Terminal Console tracks the progress of booting the zone. Messages that are similar to the following appear in the console:
[Connected to zone 'public' console] [NOTICE: Zone booting up] ... Hostname: zonename Loading smf(5) service descriptions: number/total Creating new rsa public/private host key pair Creating new dsa public/private host key pair rebooting system due to change(s) in /etc/default/init [NOTICE: Zone rebooting]
Before continuing with Customize a Booted Zone in Trusted Extensions, make sure that the zone has rebooted. The following console login prompt indicates that the zone has rebooted.
hostname console login:
For Install Zone: If warnings that are similar to the following are displayed: Installation of these packages generated errors: SUNWpkgname, read the install log and finish installing the packages.