Installing and Configuring Zones
The following introduction provides high-level planning information for global and non-global zones. For overview and planning information and specific procedures, see Chapter 16, Introduction to Solaris Zones, in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.
Solaris Zones Partitioning Technology (Overview)
After the Solaris OS is installed, you can install and configure zones. The global zone is the single instance of the operating system that is running and is contained on every Solaris system. The global zone is both the default zone for the system and the zone that is used for system-wide administrative control. A non-global zone is a virtualized operating system environment.
Solaris Zones are a software partitioning technology used to virtualize operating system services and provide an isolated and secure environment for running applications. When you create a zone, you produce an application execution environment in which processes are isolated from all other zones. This isolation prevents processes that are running in one zone from monitoring or affecting processes that are running in any other zones. Even a process running in a non-global zone with superuser credentials cannot view or affect activity in any other zones. A process running in the global zone with superuser credentials can affect any process in any zone.
Understanding Global and Non-Global Zones
The global zone is the only zone from which a non-global zone can be configured, installed, managed, or uninstalled. Only the global zone is bootable from the system hardware. Administration of the system infrastructure, such as physical devices, routing, or dynamic reconfiguration (DR), is only possible in the global zone. Appropriately privileged processes running in the global zone can access objects associated with any or all other zones. The following table summarizes the characteristics of both global and non-global zones.
|
Global Zone |
Non-Global Zone |
|---|---|
|
Is assigned ID 0 by the system |
Is assigned a zone ID by the system when the zone is booted |
|
Provides the single instance of the Solaris kernel that is bootable and running on the system |
Shares operation under the Solaris kernel booted from the global zone |
|
Contains a complete installation of the Solaris system software packages |
Contains an installed subset of the complete Solaris Operating System software packages |
|
Can contain additional software packages or additional software, directories, files, and other data not installed through packages |
Contains Solaris software packages shared from the global zone |
|
Provides a complete and consistent product database that contains information about all software components installed in the global zone |
Can contain additional installed software packages not shared from the global zone Can contain additional software, directories, files, and other data created on the non-global zone that are not installed through packages or shared from the global zone |
|
Holds configuration information specific to the global zone only, such as the global zone host name and file system table |
Has configuration information specific to that non-global zone only, such as the non-global zone host name and file system table |
|
Is the only zone that is aware of all devices and all file systems |
Has a complete and consistent product database that contains information about all software components installed on the zone, whether present on the non-global zone or shared read-only from the global zone |
|
Is the only zone with knowledge of non-global zone existence and configuration |
Is not aware of the existence of any other zones |
|
Is the only zone from which a non-global zone can be configured, installed, managed, or uninstalled |
Cannot install, manage, or uninstall other zones, including itself |
For more information, see the following:
Solaris Zones (Planning)
After the Solaris OS is installed, you can install and configure zones. The global zone is the single instance of the operating system that is running and is contained on every Solaris system. The global zone is both the default zone for the system and the zone that is used for system-wide administrative control. A non-global zone is a virtualized operating system environment.
Caution – Any command that accepts an alternate root (/) file system by using the -R option or equivalent must not be used if the following are true:
-
The command is run in the global zone.
-
The alternative root (/) file system refers to any path within a non-global zone.
An example is the -R root_path option to the pkgadd utility run from the global zone with a path to the root (/) file system in a non-global zone.
For a list of utilities that accept an alternate root (/) file system and more information about zones, see Restriction on Accessing A Non-Global Zone From the Global Zone in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.
Installing and Upgrading When Using Non-global Zones
When the Solaris OS is installed, the software group installed in the global zone is the set of packages that is shared by all the non-global zones. For example, if you install the Entire software group, all zones contain these packages. By default, any additional packages installed in the global zone also populate the non-global zones. You can segregate into non-global zones any applications, namespaces, servers, and network connections such as NFS and DHCP as well as other software. Each non-global zone is unaware of other non-global zones and each can operate independently. For example, you might have installed the Entire software group on the global zone and have running on separate non-global zones the Java Enterprise System Messaging Server, a database, DHCP, and a web server. When installing non-global zones remember the performance requirements of the applications running in each non-global zone.
Caution – A Solaris Flash archive cannot be properly created when a non-global zone is installed. The Solaris Flash feature is not compatible with Solaris Zones partitioning technology. If you create a Solaris Flash archive, the resulting archive is not installed properly when the archive is deployed under these conditions:
-
The archive is created In a non-global zone
-
The archive is created in a global zone that has non-global zones installed
Upgrading When Non-Global Zones Are Installed
Starting with the Solaris 10 1/06 release, when you are upgrading the Solaris OS, you can upgrade a system that has non-global zones installed. The Solaris interactive installation program and custom JumpStart programs enable an upgrade.
-
With the Solaris interactive installation program, you can upgrade a system with non-global zones by selecting the Upgrade Install on the Select Upgrade or Initial Install panel. The installation program then analyzes your system to determine if your system is upgradable, and provides you a summary of the analysis. The installation program then prompts you to continue the upgrade. You can use this program with the following limitations:
-
You cannot customize your upgrade. For example, you cannot install additional software products, install additional locale packages, or modify the disk layout.
-
You must use the Solaris Operating System DVD or a DVD-created network installation image. You cannot use the Solaris Software CDs to upgrade a system. For more information about installing with this program, see Chapter 2, Installing With the Solaris Installation Program (Tasks), in Solaris 10 Installation Guide: Basic Installations.
-
-
With the custom JumpStart installation program, you can upgrade by using only the install_type and root_device keywords.
Because some keywords affect non-global zones, some keywords cannot be included in a profile. For example, using keywords that add packages, reallocate disk space, or add locales would affect non-global zones. If you use these keywords, they are ignored or cause the JumpStart upgrade to fail. For a list of these keywords, see Limiting Profile Keywords When Upgrading With Non-Global Zones.
Caution – You cannot use Solaris Live Upgrade to upgrade a system when non-global zones are installed. You can create a boot environment with the lucreate command, but if you use the luupgrade command, the upgrade fails. An error message is displayed.
Disk Space Requirements for Non-Global Zones
When installing the global zone, be sure to reserve enough disk space for all of the zones you might create. Each non-global zone might have unique disk space requirements. The following description is a brief overview of planning information. For complete planning requirements and recommendations, see Chapter 18, Planning and Configuring Non-Global Zones (Tasks), in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.
No limits are placed on how much disk space can be consumed by a zone. The global zone administrator is responsible for space restriction. Even a small uniprocessor system can support a number of zones running simultaneously.
The characteristics of the packages installed in the global zone affect the space requirements of the non-global zones that are created. The number of packages and space requirements are factors. The following are general disk space guidelines.
-
Approximately 100 Mbytes of free disk space is suggested when the global zone has been installed with all of the standard Solaris packages. Increase this amount if additional packages are installed in the global zone. By default, any additional packages installed in the global zone also populate the non-global zones. The directory location in the non-global zone for these additional packages is specified through the inherit-pkg-dir resource.
-
Add 40 Mbytes of RAM per zone if the system has sufficient swap space. This addition is recommended to make each zone operational. When planning your system size, consider this addition of RAM.
- © 2010, Oracle Corporation and/or its affiliates