JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Oracle Solaris Zones, Oracle Solaris 10 Containers, and Resource Management     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information

Preface

Part I Oracle Solaris Resource Management

1.  Introduction to Resource Management

2.  Projects and Tasks (Overview)

3.  Administering Projects and Tasks

4.  Extended Accounting (Overview)

5.  Administering Extended Accounting (Tasks)

6.  Resource Controls (Overview)

7.  Administering Resource Controls (Tasks)

8.  Fair Share Scheduler (Overview)

9.  Administering the Fair Share Scheduler (Tasks)

10.  Physical Memory Control Using the Resource Capping Daemon (Overview)

11.  Administering the Resource Capping Daemon (Tasks)

12.  Resource Pools (Overview)

13.  Creating and Administering Resource Pools (Tasks)

14.  Resource Management Configuration Example

Part II Oracle Solaris Zones

15.  Introduction to Oracle Solaris Zones

16.  Non-Global Zone Configuration (Overview)

17.  Planning and Configuring Non-Global Zones (Tasks)

Planning and Configuring a Non-Global Zone (Task Map)

Evaluating the Current System Setup

Disk Space Requirements

Restricting Zone Size

Determine the Zone Host Name and the Network Requirements

Zone Host Name

Shared-IP Zone Network Address

IPv4 Zone Network Address

IPv6 Zone Network Address

Exclusive-IP Zone Network Address

File System Configuration

Creating, Revising, and Deleting Non-Global Zone Configurations (Task Map)

Configuring, Verifying, and Committing a Zone

How to Configure the Zone

Where to Go From Here

Script to Configure Multiple Zones

How to Display the Configuration of a Non-Global Zone

Using the zonecfg Command to Modify a Zone Configuration

How to Modify a Resource Type in a Zone Configuration

How to Clear a Property Type in a Zone Configuration

How to Rename a Zone

How to Add a Dedicated Device to a Zone

How to Set zone.cpu-shares in the Global Zone

Using the zonecfg Command to Revert or Remove a Zone Configuration

How to Revert a Zone Configuration

How to Delete a Zone Configuration

18.  About Installing, Halting, Uninstalling, and Cloning Non-Global Zones (Overview)

19.  Installing, Booting, Halting, Uninstalling, and Cloning Non-Global Zones (Tasks)

20.  Non-Global Zone Login (Overview)

21.  Logging In to Non-Global Zones (Tasks)

22.  Moving and Migrating Non-Global Zones (Tasks)

23.  About Packages on an Oracle Solaris 11 Express System With Zones Installed

24.  Oracle Solaris Zones Administration (Overview)

25.  Administering Oracle Solaris Zones (Tasks)

26.  Troubleshooting Miscellaneous Oracle Solaris Zones Problems

Part III Oracle Solaris 10 Zones

27.  Introduction to Oracle Solaris 10 Zones

28.  Assessing an Oracle Solaris 10 System and Creating an Archive

29.  (Optional) Migrating an Oracle Solaris 10 native Non-Global Zone Into an Oracle Solaris 10 Container

30.  Configuring the solaris10 Branded Zone

31.  Installing the solaris10 Branded Zone

32.  Booting a Zone and Zone Migration

33.  solaris10 Branded Zone Login and Post-Installation Configuration

Glossary

Index

Configuring, Verifying, and Committing a Zone

The zonecfg command described in the zonecfg(1M) man page is used to perform the following actions.

The zonecfg command can also be used to persistently specify the resource management settings for the global zone.

While configuring a zone with the zonecfg utility, you can use the revert subcommand to undo the setting for a resource. See How to Revert a Zone Configuration.

A script to configure multiple zones on your system is provided in Script to Configure Multiple Zones.

To display a non-global zone's configuration, see How to Display the Configuration of a Non-Global Zone.

How to Configure the Zone

Note that the only required elements to create a non-global zone are the zonename and zonepath properties. Other resources and properties are optional. Some optional resources also require choices between alternatives, such as the decision to use either the dedicated-cpu resource or the capped-cpu resource. See Zone Configuration Data for information on available zonecfg properties and resources.

You must be the global administrator or a user with appropriate authorizations in the global zone to perform this procedure.

  1. Be superuser, or have the correct rights profile.

    For more information about roles, see Configuring and Using RBAC (Task Map) in System Administration Guide: Security Services.

  2. Set up a zone configuration with the zone name you have chosen.

    The name my-zone is used in this example procedure.

    global# zonecfg -z my-zone

    If this is the first time you have configured this zone, you will see the following system message:

    my-zone: No such zone configured
    Use 'create' to begin configuring a new zone.
  3. Create the new zone configuration.

    This procedure uses the Sun default settings.

    zonecfg:my-zone> create
  4. Set the zone path, /zones/my-zone in this procedure.
    zonecfg:my-zone> set zonepath=/zones/my-zone

    The zone must reside on a ZFS dataset. The ZFS dataset will be created automatically when the zone is installed or attached. If a ZFS dataset cannot be created, the zone will not install or attach. Note that the parent directory of the zone path must also be a dataset.

  5. Set the autoboot value.

    If set to true, the zone is automatically booted when the global zone is booted. Note that for the zones to autoboot, the zones service svc:/system/zones:default must also be enabled. The default value is false.

    zonecfg:my-zone> set autoboot=true
  6. Set persistent boot arguments for a zone.
    zonecfg:my-zone> set bootargs="-m verbose"
  7. Dedicate one CPU to this zone.
    zonecfg:my-zone> add dedicated-cpu
    1. Set the number of CPUs.
      zonecfg:my-zone:dedicated-cpu> set ncpus=1-2
    2. (Optional) Set the importance.
      zonecfg:my-zone:dedicated-cpu> set importance=10

      The default is 1.

    3. End the specification.
      zonecfg:my-zone:dedicated-cpu> end
  8. Revise the default set of privileges.
    zonecfg:my-zone> set limitpriv="default,sys_time"

    This line adds the ability to set the system clock to the default set of privileges.

  9. Set the scheduling class to FSS.
    zonecfg:my-zone> set scheduling-class=FSS
  10. Add a memory cap.
    zonecfg:my-zone> add capped-memory
    1. Set the memory cap.
      zonecfg:my-zone:capped-memory> set physical=50m
    2. Set the swap memory cap.
      zonecfg:my-zone:capped-memory> set swap=100m
    3. Set the locked memory cap.
      zonecfg:my-zone:capped-memory> set locked=30m
    4. End the memory cap specification.
      zonecfg:my-zone:capped-memory> end
  11. Add a file system.
    zonecfg:my-zone> add fs
    1. Set the mount point for the file system, /usr/local in this procedure.
      zonecfg:my-zone:fs> set dir=/usr/local
    2. Specify that /opt/local in the global zone is to be mounted as /usr/local in the zone being configured.
      zonecfg:my-zone:fs> set special=/opt/local

      In the non-global zone, the /usr/local file system will be readable and writable.

    3. Specify the file system type, lofs in this procedure.
      zonecfg:my-zone:fs> set type=lofs

      The type indicates how the kernel interacts with the file system.

    4. End the file system specification.
      zonecfg:my-zone:fs> end

    This step can be performed more than once to add more than one file system.

  12. Set the hostid if necessary.
    zonecfg:my-zone> set hostid=80f0c086
  13. Add a ZFS dataset named sales in the storage pool tank
    zonecfg:my-zone> add dataset
    1. Specify the path to the ZFS dataset sales.
      zonecfg:my-zone> set name=tank/sales
    2. End the dataset specification.
      zonecfg:my-zone> end

    The zone administrator can create and destroy file systems within the dataset, and modify properties of the dataset.

  14. (Optional) If you are creating an exclusive-IP zone, set the ip-type.
    zonecfg:my-zone> set ip-type=exclusive

    Note - Only the physical device type will be specified in the add net step. The physical property can be a VNIC, as described in Part IV, Network Virtualization and Resource Management, in System Administration Guide: Network Interfaces and Network Virtualization.


  15. Add a network interface.
    zonecfg:my-zone> add net
    1. (shared-IP only) Set the IP address for the network interface, 192.168.0.1 in this procedure.
      zonecfg:my-zone:net> set address=192.168.0.1
    2. Set the physical device type for the network interface, the hme device in this procedure.
      zonecfg:my-zone:net> set physical=hme0
    3. (shared-IP only) Set the default router for the network interface, in this procedure.
      zonecfg:my-zone:net> set defrouter=10.0.0.1

      Setting the defrouter property for the net resource is optional.

    4. End the specification.
      zonecfg:my-zone:net> end

    This step can be performed more than once to add more than one network interface.

  16. Add a device.
    zonecfg:my-zone> add device
    1. Set the device match, /dev/sound/* in this procedure.
      zonecfg:my-zone:device> set match=/dev/sound/*
    2. End the device specification.
      zonecfg:my-zone:device> end

    This step can be performed more than once to add more than one device.

  17. Add a zone-wide resource control by using the property name.
    zonecfg:my-zone> set max-sem-ids=10485200

    This step can be performed more than once to add more than one resource control.

  18. Add a comment by using the attr resource type.
    zonecfg:my-zone> add attr
    1. Set the name to comment.
      zonecfg:my-zone:attr> set name=comment
    2. Set the type to string.
      zonecfg:my-zone:attr> set type=string
    3. Set the value to a comment that describes the zone.
      zonecfg:my-zone:attr> set value="This is my work zone."
    4. End the attr resource type specification.
      zonecfg:my-zone:attr> end
  19. Verify the zone configuration for the zone.
    zonecfg:my-zone> verify
  20. Commit the zone configuration for the zone.
    zonecfg:my-zone> commit
  21. Exit the zonecfg command.
    zonecfg:my-zone> exit

    Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.

Using Multiple Subcommands From the Command Line

Tip - The zonecfg command also supports multiple subcommands, quoted and separated by semicolons, from the same shell invocation.

global# zonecfg -z my-zone "create ; set zonepath=/zones/my-zone"

Where to Go From Here

See Installing and Booting Zones to install your committed zone configuration.

Script to Configure Multiple Zones

You can use this script to configure and boot multiple zones on your system. The script takes the following parameters:

You must be the global administrator with superuser privileges in the global zone or a user with the correct rights profile to execute the script.

#!/bin/ksh
#
# Copyright 2006-2010 Oracle Corporation. All rights reserved.
# Use is subject to license terms.
#
#ident    "%Z%%M%    %I%    %E% SMI"

if [[ -z "$1" || -z "$2" || -z "$3" ]]; then
       echo "usage: $0 <#-of-zones> <zonename-prefix> <basedir>"
       exit 2
fi

if [[ ! -d $3 ]]; then
      echo "$3 is not a directory"
       exit 1
fi

nprocs=`psrinfo | wc -l`
nzones=$1
prefix=$2
dir=$3

ip_addrs_per_if=`ndd /dev/ip ip_addrs_per_if`
if [ $ip_addrs_per_if -lt $nzones ]; then
       echo "ndd parameter ip_addrs_per_if is too low ($ip_addrs_per_if)"
      echo "set it higher with 'ndd -set /dev/ip ip_addrs_per_if <num>"
     exit 1
fi

i=1
while [ $i -le $nzones ]; do
    zoneadm -z $prefix$i list > /dev/null 2>&1
    if [ $? != 0 ]; then
        echo configuring $prefix$i
        F=$dir/$prefix$i.config
        rm -f $F
        echo "create" > $F
        echo "set zonepath=$dir/$prefix$i" >> $F
        zonecfg -z $prefix$i -f $dir/$prefix$i.config 2>&1 | \
            sed 's/^/    /g' 
    else
        echo "skipping $prefix$i, already configured"
    fi
    i=`expr $i + 1`
done

i=1
while [ $i -le $nzones ]; do
    j=1
    while [ $j -le $nprocs ]; do
        if [ $i -le $nzones ]; then
            if [ `zoneadm -z $prefix$i list -p | \
                cut -d':' -f 3` != "configured" ]; then
                echo "skipping $prefix$i, already installed"
            else
                echo installing $prefix$i
                mkdir -pm 0700 $dir/$prefix$i
                chmod 700 $dir/$prefix$i
                zoneadm -z $prefix$i install > /dev/null 2>&1 &
                sleep 1    # spread things out just a tad
            fi
        fi
        i=`expr $i + 1`
        j=`expr $j + 1`
    done
    wait
done

i=1
while [ $i -le $nzones ]; do
    echo setting up sysid for $prefix$i
    cfg=$dir/$prefix$i/root/etc/sysidcfg
    rm -f $cfg
    echo "network_interface=NONE {hostname=$prefix$i}" > $cfg
    echo "system_locale=C" >> $cfg
    echo "terminal=xterms" >> $cfg
    echo "security_policy=NONE" >> $cfg
    echo "name_service=NONE" >> $cfg
    echo "timezone=US/Pacific" >> $cfg
    echo "root_password=Qexr7Y/wzkSbc" >> $cfg  # 'l1a'
    i=`expr $i + 1`
done

i=1
para=`expr $nprocs \* 2`
while [ $i -le $nzones ]; do
    date
    j=1
    while [ $j -le $para ]; do
        if [ $i -le $nzones ]; then
            echo booting $prefix$i
            zoneadm -z $prefix$i boot &
        fi
        j=`expr $j + 1`
        i=`expr $i + 1`
    done
    wait
done

How to Display the Configuration of a Non-Global Zone

You must be the global administrator in the global zone or a user with the correct rights profile to perform this procedure.

  1. Be superuser, or have the correct rights profile.

    For more information about roles, see Configuring and Using RBAC (Task Map) in System Administration Guide: Security Services.

  2. Display the configuration of a zone.
    global# zonecfg -z zonename info