JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones     Oracle Solaris 10 1/13 Information Library
search filter icon
search icon

Document Information

Preface

Part I Resource Management

1.  Introduction to Solaris 10 Resource Management

2.  Projects and Tasks (Overview)

3.  Administering Projects and Tasks

4.  Extended Accounting (Overview)

5.  Administering Extended Accounting (Tasks)

6.  Resource Controls (Overview)

7.  Administering Resource Controls (Tasks)

8.  Fair Share Scheduler (Overview)

9.  Administering the Fair Share Scheduler (Tasks)

10.  Physical Memory Control Using the Resource Capping Daemon (Overview)

11.  Administering the Resource Capping Daemon (Tasks)

12.  Resource Pools (Overview)

13.  Creating and Administering Resource Pools (Tasks)

14.  Resource Management Configuration Example

15.  Resource Control Functionality in the Solaris Management Console

Part II Zones

16.  Introduction to Solaris Zones

17.  Non-Global Zone Configuration (Overview)

18.  Planning and Configuring Non-Global Zones (Tasks)

19.  About Installing, Halting, Cloning, and Uninstalling Non-Global Zones (Overview)

20.  Installing, Booting, Halting, Uninstalling, and Cloning Non-Global Zones (Tasks)

21.  Non-Global Zone Login (Overview)

22.  Logging In to Non-Global Zones (Tasks)

23.  Moving and Migrating Non-Global Zones (Tasks)

24.  Oracle Solaris 10 9/10: Migrating a Physical Oracle Solaris System Into a Zone (Tasks)

25.  About Packages and Patches on an Oracle Solaris System With Zones Installed (Overview)

26.  Adding and Removing Packages and Patches on an Oracle Solaris System With Zones Installed (Tasks)

27.  Oracle Solaris Zones Administration (Overview)

28.  Oracle Solaris Zones Administration (Tasks)

29.  Upgrading an Oracle Solaris 10 System That Has Installed Non-Global Zones

30.  Troubleshooting Miscellaneous Oracle Solaris Zones Problems

Part III lx Branded Zones

31.  About Branded Zones and the Linux Branded Zone

32.  Planning the lx Branded Zone Configuration (Overview)

System and Space Requirements

Restricting the Size of the Branded Zone

Branded Zone Network Address

lx Branded Zone Configuration Process

lx Branded Zone Configuration Components

Zone Name and Zone Path in an lx Branded Zone

Zone Autoboot in an lx Branded Zone

Resource Pool Association in an lx Branded Zone

Specifying the dedicated-cpu Resource

Oracle Solaris 10 5/08: Specifying the capped-cpu Resource

Scheduling Class in a Zone

capped-memory Resource

Zone Network Interfaces in an lx Branded Zone

Mounted File Systems in an lx Branded Zone

Zone-Wide Resource Controls in an lx Branded Zone

Configurable Privileges in an lx Branded Zone

attr Resource in an lx Branded Zone

Resources Included in the Configuration by Default

Configured Devices in lx Branded Zones

File Systems Defined in lx Branded Zones

Privileges Defined in lx Branded Zones

Using the zonecfg Command to Create an lx Branded Zone

zonecfg Modes

zonecfg Interactive Mode

zonecfg Command-File Mode

Branded Zone Configuration Data

Resource and Property Types

Resource Type Properties in the lx Branded Zone

33.  Configuring the lx Branded Zone (Tasks)

34.  About Installing, Booting, Halting, Cloning, and Uninstalling lx Branded Zones (Overview)

35.  Installing, Booting, Halting, Uninstalling and Cloning lx Branded Zones (Tasks)

36.  Logging In to lx Branded Zones (Tasks)

37.  Moving and Migrating lx Branded Zones (Tasks)

38.  Administering and Running Applications in lx Branded Zones (Tasks)

Glossary

Index

lx Branded Zone Configuration Components

This section covers the following components:

Zone Name and Zone Path in an lx Branded Zone

You must choose a name and a path for your zone.

Zone Autoboot in an lx Branded Zone

The autoboot property setting determines whether the zone is automatically booted when the global zone is booted.

Resource Pool Association in an lx Branded Zone

If you have configured resource pools on your system as described in Chapter 13, Creating and Administering Resource Pools (Tasks), you can use the pool property to associate the zone with one of the resource pools when you configure the zone.

If you do not have resource pools configured, you can still specify that a subset of the system's processors be dedicated to a non-global zone while it is running by using the dedicated-cpu resource. The system will dynamically create a temporary pool for use while the zone is running.


Note - A zone configuration using a persistent pool set through the pool property is incompatible with a temporary pool configured through the dedicated-cpu resource. You can set only one of these two properties.


Specifying the dedicated-cpu Resource

The dedicated-cpu resource specifies that a subset of the system's processors should be dedicated to a non-global zone while it is running. When the zone boots, the system will dynamically create a temporary pool for use while the zone is running.

The dedicated-cpu resource sets limits for ncpus, and optionally, importance.

ncpus

Specify the number of CPUs or specify a range, such as 2–4 CPUs. If you specify a range because you want dynamic resource pool behavior, also do the following:

importance

If you are using a CPU range to achieve dynamic behavior, also set the importance property, The importance property, which is optional, defines the relative importance of the pool. This property is only needed when you specify a range for ncpus and are using dynamic resource pools managed by poold. If poold is not running, then importance is ignored. If poold is running and importance is not set, importance defaults to 1. For more information, see pool.importance Property Constraint.


Note - The cpu-shares rctl and the dedicated-cpu resource are incompatible.


Oracle Solaris 10 5/08: Specifying the capped-cpu Resource

The capped-cpu resource provides an absolute limit on the amount of CPU resources that can be consumed by a project or a zone. The capped-cpu resource has a single ncpus property that is a positive decimal with two digits to the right of the decimal. This property corresponds to units of CPUs. The resource does not accept a range. The resource does accept a decimal number. When specifying ncpus, a value of 1 means 100 percent of a CPU. A value of 1.25 means 125 percent, because 100 percent corresponds to one full CPU on the system.


Note - The capped-cpu resource and the dedicated-cpu resource are incompatible.


Scheduling Class in a Zone

You can use the fair share scheduler (FSS) to control the allocation of available CPU resources among zones, based on their importance. This importance is expressed by the number of shares of CPU resources that you assign to each zone.

When you explicitly set the cpu-shares property, the fair share scheduler (FSS) will be used as the scheduling class for that zone. However, the preferred way to use FSS in this case is to set FSS to be the system default scheduling class with the dispadmin command. That way, all zones will benefit from getting a fair share of the system CPU resources. If cpu-shares is not set for a zone, the zone will use the system default scheduling class. The following actions set the scheduling class for a zone:

Note that you can use the priocntl described in the priocntl(1) man page to move running processes into a different scheduling class without changing the default scheduling class and rebooting.

capped-memory Resource

The capped-memory resource sets limits for physical, swap, and locked memory. Each limit is optional, but at least one must be set.


Note - Applications generally do not lock significant amounts of memory, but you might decide to set locked memory if the zone's applications are known to lock memory. If zone trust is a concern, you can also consider setting the locked memory cap to 10 percent of the system's physical memory, or 10 percent of the zone's physical memory cap.


For more information, see Chapter 10, Physical Memory Control Using the Resource Capping Daemon (Overview), Chapter 11, Administering the Resource Capping Daemon (Tasks), and How to Configure the lx Branded Zone.

Zone Network Interfaces in an lx Branded Zone

Only shared-IP network configurations are supported in an lx branded zone.

Each zone that requires network connectivity must have one or more dedicated IP addresses. These addresses are associated with logical network interfaces. Network interfaces configured by the zonecfg command will automatically be set up and placed in the zone when it is booted. Starting with the Oracle Solaris 10 10/08 release, optionally, you can also set the default router for the network interface through the defrouter property.

Mounted File Systems in an lx Branded Zone

Generally, the file systems mounted in a zone include the following:

This can include, for example, the following file systems:

Certain restrictions are placed on mounts performed from within the application environment. These restrictions prevent the zone administrator from denying service to the rest of the system, or otherwise negatively impacting other zones.

There are security restrictions associated with mounting certain file systems from within a zone. Other file systems exhibit special behavior when mounted in a zone. See File Systems and Non-Global Zones for more information.

Zone-Wide Resource Controls in an lx Branded Zone

The preferred, simpler method for setting a zone-wide resource control is to use the property name instead of the rctl resource. These limits are specified for both the global and non-global zones.

The global administrator can also set privileged zone-wide resource controls for a zone by using the rctl resource.

Zone-wide resource controls limit the total resource usage of all process entities within a zone. These limits are specified for both the global and non-global zones by using the zonecfg command. For instructions, see How to Configure the lx Branded Zone.

The following resource controls are currently available:

Table 32-1 Zone-Wide Resource Controls

Control Name
Global Property Name
Description
Default Unit
Value Used For
zone.cpu-cap
In the Oracle Solaris 10 5/08 release, sets an absolute limit on the amount of CPU resources for this zone. A value of 100 means 100 percent of one CPU as the project.cpu-cap setting. A value of 125 is 125 percent, because 100 percent corresponds to one full CPU on the system when using CPU caps.
Quantity (number of CPUs)
zone.cpu-shares
cpu-shares
Number of fair share scheduler (FSS) CPU shares for this zone
Quantity (shares)
zone.max-locked-memory
Total amount of physical locked memory available to a zone.
Size (bytes)
locked property of capped-memory
zone.max-lwps
max-lwps
Maximum number of LWPs simultaneously available to this zone
Quantity (LWPs)
zone.max-msg-ids
max-msg-ids
Maximum number of message queue IDs allowed for this zone
Quantity (message queue IDs)
zone.max-sem-ids
max-sem-ids
Maximum number of semaphore IDs allowed for this zone
Quantity (semaphore IDs)
zone.max-shm-ids
max-shm-ids
Maximum number of shared memory IDs allowed for this zone
Quantity (shared memory IDs)
zone.max-shm-memory
max-shm-memory
Total amount of System V shared memory allowed for this zone
Size (bytes)
zone.max-swap
Total amount of swap that can be consumed by user process address space mappings and tmpfs mounts for this zone.
Size (bytes)
swap property of capped-memory

Configurable Privileges in an lx Branded Zone

The limitpriv property is used to specify a privilege mask other than the predefined default set. When a zone is booted, a default set of privileges is included in the brand configuration. These privileges are considered safe because they prevent a privileged process in the zone from affecting processes in other non-global zones on the system or in the global zone. You can use the limitpriv property to do the following:


Note - There are a few privileges that cannot be removed from the zone's default privilege set, and there are also a few privileges that cannot be added to the set at this time.


For more information, see Privileges Defined in lx Branded Zones, Privileges in a Non-Global Zone and privileges(5).

attr Resource in an lx Branded Zone

You can use the attr resource type to enable access to an audio device present in the global zone. For instructions, see Step 12 of How to Configure, Verify, and Commit the lx Branded Zone.

You can also add a comment for a zone by using the attr resource type.