About Configuring and Customizing Kernel Zone Resources
Zones configuration resources enable you to manage the system resources for a zone. You specify resources when creating a zone configuration. Some resources are supported only for kernel zones or only for native zones.
-
Kernel zone CPUs. See Managing Kernel Zone CPUs .
-
Kernel zone memory. See Managing Kernel Zone Memory .
-
Kernel zone storage devices. See Managing Kernel Zone Storage Devices and Boot Order.
-
Kernel zone network devices and network configuration. See Managing Kernel Zone Network Devices and Configuration.
-
Kernel zone network virtualization. See Managing Single-Root I/O NIC Virtualization on Kernel Zones.
-
Kernel zone verified boot. See Using Verified Boot to Secure an Oracle Solaris Kernel Zone.
-
Kernel zone suspend resources. See Configuring the suspend Resource.
This section describes how to configure resources to add additional support for the following components:
You use the zonecfg command on the global zone to set or to modify kernel zone resources.
Note - You must be the global administrator or a user with appropriate authorization in the global zone to use the zonecfg command.
See Oracle Solaris Zones Configuration Resources and the solaris-kz(5) man page for additional information about zone resources.
Managing Kernel Zone CPUs
By default, a kernel zone is given four virtual CPUs upon creation. You can change the number of virtual CPUs by using any of the following methods to configure the number of kernel zone CPUs:
-
Adding and modifying the dedicated-cpu resource
-
Adding and modifying the virtual-cpu resource
-
Adding CPUs from an anet latency group
See Chapter 1, How to Plan and Configure Non-Global Zones in Creating and Using Oracle Solaris Zones for general information on how to set the virtual-cpu and dedicated-cpu zone resources.
Adding the dedicated-cpu Resource
Configuring the dedicated-cpu resource property is recommended for best performance. Setting this value designates the kernel zone to run only on those selected CPUs. No other processes on the system can run on the CPUs that are dedicated to the kernel zone.
You can assign the CPU value in terms of available cores or processors. Use psrinfo -vp to obtain processor information on the system. For example, the following psrinfo -vp output shows that there are four available cores on the system global:
global# psrinfo -vp
The physical processor has 4 virtual processors (0-3)
x86 (GenuineIntel 206D7 family 6 model 45 step 7 clock 2400 MHz)
Intel(r) Xeon(r) CPU E5-2609 0 @ 2.40GHz
Note - By default, setting dedicated-cpu:ncpus does not provide any control over which of the system's CPUs are allocated. This can lead to inconsistent results if the system is rebooted. Use dedicated-cpu:cpus to specify the exact CPU to use. For more information, see dedicated-cpu Zone Resource in Oracle Solaris Zones Configuration Resources.
See Chapter 1, How to Plan and Configure Non-Global Zones in Creating and Using Oracle Solaris Zones for general information on the dedicated-cpu zone resource.
Example 1 Adding a Dedicated CPU to a Kernel ZoneThis example shows how to add a dedicated CPU to the kernel zone kzone1.
global$ zonecfg -z kzone1
zonecfg:kzone1> info dedicated-cpu
zonecfg:kzone1> add dedicated-cpu
zonecfg:kzone1:dedicated-cpu> set ncpus=8
zonecfg:kzone1:dedicated-cpu> end
zonecfg:kzone1> info dedicated-cpu
ncpus: 8
zonecfg:kzone1> exit
Adding the virtual-cpu Resource
The virtual-cpu resource specifies the number of virtualized CPUs visible to the kernel zone. On the host, virtualized CPUs share CPU time with other zones. Setting the virtual-cpu resource is beneficial for consolidation, but can affect system performance.
If you have already defined the dedicated-cpu resource, the default number of virtual CPUs configured matches the lower value of the ncpus range inside the dedicated-cpu resource. If both resources exist, they are cross-checked for consistency. See the zonecfg(1M) man page for further information.
Example 2 Adding Virtual CPUs to a Kernel ZoneThis example shows how to add virtual CPUs to the kernel zone kzone1 using the virtual-cpu resource.
global$ zonecfg -z kzone1
zonecfg:kzone1> info virtual-cpu
zonecfg:kzone1> add virtual-cpu
zonecfg:kzone1:virtual-cpu> set ncpus=8
zonecfg:kzone1:virtual-cpu> end
zonecfg:kzone1> info virtual-cpu
virtual-cpu:
ncpus: 8
zonecfg:kzone1> exit
Adding CPUs from a Latency Group
You can specify CPUs from a latency group. Specifying CPUs from a latency group can improve network performance if the latency group is the same as the underlying network device.
For more information about working with latency groups, see Chapter 2, Creating and Managing Virtual Networks in Managing Network Virtualization and Network Resources in Oracle Solaris 11.3.
Managing Kernel Zone Memory
You must allocate a fixed amount of physical RAM to the kernel zone virtual platform. You can define this amount by setting the kernel zone capped-memory resource type's physical property.
The physical memory assigned to a kernel zone is allocated in its entirety when the zone boots. The memory allocated is for the exclusive use of the kernel zone. Once a kernel zone is booted, all of the memory specified in the capped-memory resource appears to be in use to the host operating system.
The default kernel zone memory size (capped-memory:physical) is 4 Gbytes. It is recommended that the memory size be increased to manage larger workloads.
The default CPU and memory configuration for kernel zones is 4 VCPUs and 4 Gbytes of memory, to facilitate running applications. An additional kernel zone template, SYSsolaris-kz-minimal, provides the minimal supported kernel zone configuration of 1 VCPU and 2 Gbytes of memory.
On an x86 based system, the capped-memory resource must be set in increments of 2 Mbytes.
On a SPARC based system, the capped-memory resource must be set in increments of 256 Mbytes.
The zone allocates the capped-memory resource when the zone boots. This amount remains fixed while the zone is running.
The capped-memory:pagesize-policy property specifies the policy for allocating page size for the kernel zone's physical memory. By default a kernel zone uses the largest page size available to enable best performance. See About Memory Page Size Policy and Physical Memory for more information.
Note - The zone template SYSsolaris-kz-minimal provides the minimal supported kernel zone configuration of 1 VCPU and 2 Gbytes of memory. On Fujitsu SPARC M12 servers, Fujitsu M10 servers, or SPARC M10 servers, a kernel zone created with this template might not be bootable because of insufficient memory. If the kernel zone cannot be booted, increase the memory assigned to the kernel zone through the physical property of the capped-memory resource.
See Chapter 1, How to Plan and Configure Non-Global Zones in Creating and Using Oracle Solaris Zones for general information on how to set the capped-memory zone resource.
For detailed information about setting the capped-memory zone resource, see solaris-kz Zones and the capped-memory Resource in Oracle Solaris Zones Configuration Resources.
If you increase kernel zone memory size prior to installation, you must also increase the kernel zone root disk size to account for the larger swap and dump devices. If you do not explicitly add a disk to a kernel zone, a zvol is created and used as the root disk. By default, the zvol is 16GB in size. If you require a different root disk size, use the zoneadm install –x install-size command to specify the correct disk size at creation. For example, to specify a 32GB root disk size for the kernel zone kzone1, you would use the following command when you install:
global$ zoneadm -z kzone1 install -x install-size=32G
To modify the disk size after installation, change the volume size of the kernel zone from the global zone. Then, in the kernel zone, set the autoexpand property of the root pool to on and reboot the zone. For an example of setting the autoexpand property, see How to Configure a Mirrored Root Pool (SPARC or x86/EFI (GPT)) in Managing ZFS File Systems in Oracle Solaris 11.3.
Example 3 Setting the capped-memory Resource on a SPARC Based SystemThis example shows how to specify 2048 Mbytes of memory by setting the physical property of the capped-memory resource type on a SPARC based system.
global$ zonecfg -z kzone1 zonecfg:kzone1> select capped-memory zonecfg:kzone1:capped-memory> set physical=2048m zonecfg:kzone1:capped-memory> end zonecfg:kzone1> exitExample 4 Setting the capped-memory Resource on an x86 Based System
This example shows how to specify 16 Gbytes of memory by setting the physical property of the capped-memory resource on an x86 based system.
global$ zonecfg -z kzone1 zonecfg:kzone1> select capped-memory zonecfg:kzone1:capped-memory> set physical=16g zonecfg:kzone1:capped-memory> end zonecfg:kzone1> exit
About Memory Page Size Policy and Physical Memory
The pagesize-policy property of the capped-memory resource controls how the system selects a page size for a kernel zone.
The default kernel zone template SYSsolaris-kz sets the pagesize-policy property to largest-available, which is the recommended value for best performance. This setting enables the system to select the appropriate page size to use with the kernel zone's amount of physical memory. The physical memory size must be a multiple of the page size, so the system selects the largest page size that aligns with the amount of physical memory specified for the kernel zone. Booting with pagesize-policy=largest-available always succeeds.
You can get best performance by setting an appropriate amount of physical memory to enable the largest page size to be selected when pagesize-policy=largest-available is set.
If a kernel zone's pagesize-policy property is cleared or not set, the kernel zone uses the lowest allowable page size required to boot on the particular hardware platform on which it is running. This page size might not be appropriate. The physical property must be set to an amount that is a multiple of the largest page size supported, as shown in Example 5, Setting Physical Memory to Use Largest Page Size.
-
If the target system has a smaller page size than the source system.
-
If the source kernel zone was created in an update of Oracle Solaris 11.3 and the target is an Oracle Solaris release that does not support the pagesize-policy property, such as the initial release of Oracle Solaris 11.3.
The amount of memory allocated must align perfectly with the page size being requested. Therefore, you must clear pagesize-policy if either of the following conditions apply:
See Example 31, Clearing the pagesize-policy Property Before Migration.
Example 5 Setting Physical Memory to Use Largest Page SizeOn a SPARC T5 system you can see in the output below that various page sizes are supported, The largest is 2147483648 bytes or 2 Gbytes.
To use the 2147483648 page size, the capped-memory:physical property is set to 8 Gbytes, a value that is a multiple of 2 Gbytes so the largest page size can be used when pagesize-policy=largest-available.
global$ pagesize -a
8192
65536
4194304
268435456
2147483648
global$ zonecfg -z kzone1
zonecfg:kzone1> select capped-memory
zonecfg:kzone1:capped-memory> set physical=8G
zonecfg:kzone1:capped-memory> info
capped-memory:
physical: 8G
pagesize-policy: largest-available
zonecfg:kzone1:capped-memory> end
zonecfg:kzone1> exit
Example 6 Failure to Boot When Largest Page SizeNot Aligned With Physical Memory
This example shows a failure to boot on x86 with pagesize-policy=largest-only. The zone cannot boot because the largest page size is 2147483648 bytes or 2048 Mbytes, and the physical memory is 15 Gbytes which is not size aligned with the 2048 Mbyte largest pagesize.
global$ pagesize -a
8192
65536
4194304
268435456
2147483648
global$ zonecfg -z kzone1 info capped-memory
capped-memory:
physical: 15G
pagesize-policy: largest-only
global$ zoneadm -z kzone1 boot
zone 'kzone1': error: capped-memory physical value 16106127360 must be 2048Mb aligned
zoneadm: zone kzone1: call to zoneadmd(8) failed: zoneadmd(8) returned an error 9
(zone state change failed)
When the amount of physical memory is changed to a multiple of 2048 Mbytes, 16 Gbytes, the zone successfully boots while using the largest page size.
global$ zonecfg -z kzone1
zonecfg:kzone1> select capped-memory
zonecfg:kzone1:capped-memory> set physical=16g
zonecfg:kzone1:capped-memory> info
capped-memory:
physical: 16G
pagesize-policy: largest-only
zonecfg:kzone1:capped-memory> end
zonecfg:kzone1> commit
zonecfg:kzone1> exit
global$ zoneadm -z kzone1 boot
global$
See solaris-kz Zones and the capped-memory Resource in Oracle Solaris Zones Configuration Resources for more information about setting physical and pagesize-policy properties.
Managing Kernel Zone Storage Devices and Boot Order
A kernel zone root is always accessible. By default, a kernel zone installation uses a 16GB ZFS volume for the root disk. You can specify a different size at zone installation time by using the zoneadm -z install command with the –x install-size option. For example, to increase the ZFS size to 32 Gbytes on the kernel zone kzone1:
global$ zoneadm -z kzone1 install -x install-size=32g
You can add additional storage devices to a kernel zone by using the add device resource. Devices are portable across systems and provide increased performance over ZFS volumes. Additional kernel zone storage devices have the following requirements:
-
The full storage device path (for example, /dev/rdsk/c9t0d0) must be specified.
-
The storage device must be defined by only one of the following:
-
The add device match resource property. If you specify a storage device for the add device match resource property, you must specify a device that is present in /dev/rdsk, /dev/zvol/rdsk, or /dev/did/rdsk.
-
A valid storage URI.
-
-
The storage device must be a whole disk or LUN.
Use the bootpri resource property to specify the boot order of each storage device. The bootpri resource property must be set to any positive integer value.
 | Caution - The bootpri resource property must be set only if the device is to be used as a boot device. If the bootpri resource property is set on devices other than boot devices, data corruption might result. |
To unset the bootpri resource property, use the zonecfg clear bootpri command.
If multiple bootable devices are present during installation, the devices will be used for a mirrored ZFS pool in the zone.
The default boot order of each device is determined by sorting devices first by bootpri, then by id if multiple devices have the same bootpri.
Example 7 Adding Additional Storage Devices to a Kernel ZoneThis example shows how to add the additional storage device /dev/rdsk/c9t0d0 to the kernel zone kzone1.
global$ zonecfg -z kzone1 zonecfg:kzone1> add device zonecfg:kzone1:device> set match=/dev/rdsk/c9t0d0 zonecfg:kzone1:device> set bootpri=4 zonecfg:kzone1:device> endExample 8 Changing the Kernel Zone Default Boot Device to Use a Storage URI:
This example shows how to change the default boot device on the kernel zone kzone1 to use a storage URI located at iscsi://zfssa/luname.naa.600144F0DBF8AF19000052E820D60003.
global$ zonecfg -z kzone1
zonecfg:kzone1> select device id=0
zonecfg:kzone1:device> set storage=iscsi://zfssa/luname.naa.600144F0DBF8AF19000053482CC00029
zonecfg:kzone1:device> end
zonecfg:kzone1> info device
device:
match not specified
storage: iscsi://zfssa/luname.naa.600144F0DBF8AF19000052E820D60003
id: 0
bootpri: 0
Managing Kernel Zone Network Devices and Configuration
Kernel zones provide network access in kernel zones by adding net or anet resources. See Configurable Resources and Properties for Zones in Oracle Solaris Zones Configuration Resources for more information about these two resource types.
Note - It is recommended to use an anet resource with kernel zones.
Exclusive-IP zones must be used for kernel zones. See Exclusive-IP Zone Network Address in Creating and Using Oracle Solaris Zones for more information about exclusive-IP zones.
You can supply additional MAC addresses to support nested zones, or zones where a kernel zone hosts non-global solaris and solaris10 branded zones. See Managing Nested Zones for more information about nested zones.
You can optionally specify a network device ID to identify the VNIC address from inside the zone and determine the order in which the network interfaces are presented to the kernel zone. This process is similar to moving a NIC from one physical slot to another.
See Chapter 1, How to Plan and Configure Non-Global Zones in Creating and Using Oracle Solaris Zones for general information on how to set network zone resources.
Example 9 Adding Network Devices to a Kernel ZoneThis example shows how to add a network device to the kernel zone kzone1. The ID is set to 3 to determine the order in which the new anet interface is presented to the kernel zone.
global$ zonecfg -z kzone1 zonecfg:kzone1> add anet zonecfg:kzone1:anet> set id=3 zonecfg:kzone1:anet> end zonecfg:kzone1> exitExample 10 Removing Network Devices From a Kernel Zone
This example shows how to remove a network device from the kernel zone kzone1. The information on the existing anet resources is listed and the anet device with the value of 1 is deleted.
global$ zonecfg -z kzone1 info anet
anet:
lower-link: auto
allowed-address not specified
allowed-dhcp-cids not specified
link-protection: mac-nospoof
mac-address: random
mac-prefix not specified
mac-slot not specified
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specified
rxfanout not specified
vsi-typeid not specified
vsi-vers not specified
vsi-mgrid not specified
etsbw-lcl not specified
cos not specified
id: 0
anet:
lower-link: auto
allowed-address not specified
allowed-dhcp-cids not specified
link-protection: mac-nospoof
mac-address: default
mac-prefix not specified
mac-slot not specified
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specified
rxfanout not specified
vsi-typeid not specified
vsi-vers not specified
vsi-mgrid not specified
etsbw-lcl not specified
cos not specified
id: 1
global$ zonecfg -z kzone1 remove anet id=1