Go to main content

Creating and Using Oracle® Solaris Zones

Exit Print View

Updated: April 2019
 
 

How to Configure the Zone

Note that the only required elements to create a non-global zone are the zonename and zonepath properties for zones with a rootzpool resource. Other resources and properties are optional. Some optional resources also require choices between alternatives, such as the decision to use either the dedicated-cpu resource or the capped-cpu resource. See Zone Configuration Data in Oracle Solaris Zones Configuration Resources for information on available zonecfg properties and resources.

  1. Become a zone administrator.

    For more information, see Assigning Limited Rights to Zone Administrators.

  2. Set up a zone configuration with the zone name you have chosen.

    The name my-zone is used in this example procedure.

    global$ zonecfg -z my-zone

    If this is the first time you have configured this zone, you will see the following system message:

    Use 'create' to begin configuring a new zone.
  3. Create the new zone configuration.

    This procedure uses the default settings.

    zonecfg:my-zone> create
create: Using system default template 'SYSdefault'

zonecfg:my-zone> info
    zonename: my-zone
     zonepath.template: /system/zones/%{zonename}
     zonepath: /system/zones/my-zone
  ...
    Note -  If you choose a path for your zone by using set zonepath=, the zone must reside on a ZFS dataset. The ZFS dataset will be created automatically when the zone is installed or attached. If a ZFS dataset cannot be created, the zone will not install or attach. Note that if the parent directory of the zone path exists, it must be the mount point of a mounted dataset.
  4. Set the autoboot value.

    If set to true, the zone is automatically booted when the global zone is booted. The default value is false. Note that for the zones to autoboot, the zones service svc:/system/zones:default must also be enabled. This service is enabled by default.

    zonecfg:my-zone> set autoboot=true
  5. Set persistent boot arguments for a zone. 
    zonecfg:my-zone> set bootargs="-m verbose"
  6. Dedicate one CPU to this zone. 
    zonecfg:my-zone> add dedicated-cpu
    1. Set the number of CPUs. 
      zonecfg:my-zone:dedicated-cpu> set ncpus=1-2
    2. (Optional) Set the importance. 
      zonecfg:my-zone:dedicated-cpu> set importance=10

      The default is 1.

    3. End the specification. 
      zonecfg:my-zone:dedicated-cpu> end
  7. Revise the default set of privileges. 
    zonecfg:my-zone> set limitpriv="default,sys_time"

    This line adds the ability to set the system clock to the default set of privileges.

  8. Set the scheduling class to FSS. 
    zonecfg:my-zone> set scheduling-class=FSS
  9. Add a memory cap. 
    zonecfg:my-zone> add capped-memory
    1. Set the memory cap. 
      zonecfg:my-zone:capped-memory> set physical=1g
    2. Set the swap memory cap. 
      zonecfg:my-zone:capped-memory> set swap=2g
    3. Set the locked memory cap. 
      zonecfg:my-zone:capped-memory> set locked=500m
    4. End the memory cap specification. 
      zonecfg:my-zone:capped-memory> end
    Note -  To use the capped-memory resource, the resource-cap package must be installed in the global zone.
  10. Add a file system. 
    zonecfg:my-zone> add fs
    1. Set the mount point for the file system, /usr/local in this procedure. 
      zonecfg:my-zone:fs> set dir=/usr/local
    2. Specify that /opt/local in the global zone is to be mounted as /usr/local in the zone being configured. 
      zonecfg:my-zone:fs> set special=/opt/local

      In the non-global zone, the /usr/local file system will be readable and writable.

    3. Specify the file system type, lofs in this procedure. 
      zonecfg:my-zone:fs> set type=lofs

      The type indicates how the kernel interacts with the file system.

    4. End the file system specification. 
      zonecfg:my-zone:fs> end

    This step can be performed more than once to add more than one file system.

  11. Set the hostid if necessary. 
    zonecfg:my-zone> set hostid=80f0c086
  12. Add a ZFS dataset named sales in the storage pool tank. 
    zonecfg:my-zone> add dataset
    1. Specify the path to the ZFS dataset sales. 
      zonecfg:my-zone> set name=tank/sales
    2. End the dataset specification. 
      zonecfg:my-zone> end

    The only dataset type that should be used with a dataset resource is a ZFS file system. The zone administrator can create child file systems and clones of its descendants. The zone administrator can modify properties of the dataset, and control compression and encryption.

  13. Create an exclusive-IP zone with an automatic VNIC. 
    zonecfg:my-zone> set ip-type=exclusive
zonecfg:my-zone> add anet
    1. Specify auto as the underlying link for the link to be created. 
      zonecfg:my-zone:anet> set lower-link=auto

      The zoneadmd daemon automatically selects the link over which the VNIC will be created each time the zone boots. The IPoIB links are skipped when selecting the datalink.

    2. End the specification. 
      zonecfg:my-zone:anet> end
  14. Add a device. 
    zonecfg:my-zone> add device
    1. Set the device match, /dev/sound/* in this procedure. 
      zonecfg:my-zone:device> set match=/dev/sound/*
    2. End the device specification. 
      zonecfg:my-zone:device> end

    This step can be performed more than once to add more than one device.

  15. Add Open Fabrics User Verbs (OFUV) devices for components of OFUV other than IB diagnostic tools. 
    zonecfg:my-zone> add device
    1. Set the device match, infiniband/ofs/* in this procedure. 
      zonecfg:my-zone:device> set match=infiniband/ofs/*
    2. End the device specification. 
      zonecfg:my-zone:device> end

    IB diagnostic tools are not supported in non-global zones. Devices added can be used with components of OFUV, such as verbs and rdma_cm.

    This step can be performed more than once to add more than one device.

  16. Add OFUV devices for components of OFUV other than IB diagnostic tools. 
    zonecfg:my-zone> add device
    1. Set the device match, infiniband/hca/* in this procedure. 
      zonecfg:my-zone:device> set match=infiniband/hca/*
    2. End the device specification. 
      zonecfg:my-zone:device> end

    IB diagnostic tools are not supported in non-global zones. Devices added can be used with components of OFUV, such as verbs and rdma_cm.

    This step can be performed more than once to add more than one device.

  17. To allow disk labeling with the format command, an entire disk/LUN should be delegated to a zone, and the allow-partition property should be set. 
    zonecfg:my-zone> add device
    1. Set the device match, /dev/*dsk/c2t40d3* in this procedure. 
      zonecfg:my-zone:device> set match=/dev/*dsk/c2t40d3*
    2. Set allow-partition to be true. 
      zonecfg:my-zone:device> set allow-partition=true
    3. End the device specification. 
      zonecfg:my-zone:device> end

    This step can be performed more than once to add more than one device.

  18. To allow uscsi operations on a disk, the allow-raw-io property should be set. 
    zonecfg:my-zone> add device
    1. Set the device match, /dev/*dsk/c2t40d3* in this procedure. 
      zonecfg:my-zone:device> set match=/dev/*dsk/c2t40d3*
    2. Set allow-raw-io to be true. 
      zonecfg:my-zone:device> set allow-raw-io=true
    3. End the device specification. 
      zonecfg:my-zone:device> end
      Caution

      Caution  -  Allowing a zone to perform uscsi operations on a disk also allows the zone to access any other device connected to the same bus as the disk. Therefore, enabling this capability could create a security risk and allow for attacks against the global zone or other zones that use resources on the same bus. For more information, see uscsi(7I).

    This step can be performed more than once to add more than one device.

  19. Add a zone-wide resource control by using the property name. 
    zonecfg:my-zone> set max-sem-ids=10485200

    This step can be performed more than once to add more than one resource control.

  20. Add a comment by using the attr resource type. 
    zonecfg:my-zone> add attr
    1. Set the name to comment. 
      zonecfg:my-zone:attr> set name=comment
    2. Set the type to string. 
      zonecfg:my-zone:attr> set type=string
    3. Set the value to a comment that describes the zone. 
      zonecfg:my-zone:attr> set value="This is my work zone."
    4. End the attr resource type specification. 
      zonecfg:my-zone:attr> end
  21. Verify the zone configuration for the zone. 
    zonecfg:my-zone> verify
  22. Commit the zone configuration for the zone. 
    zonecfg:my-zone> commit
  23. Exit the zonecfg command. 
    zonecfg:my-zone> exit

    Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.

Using Multiple Subcommands From the Command Line

Tip  -  The zonecfg command also supports multiple subcommands, quoted and separated by semicolons, from the same shell invocation. 
global$ zonecfg -z my-zone "create ; set zonepath=/zones/my-zone"
For shared-IP zones, a static address can only be assigned in a zonecfg net resource. It cannot be supplied on the command line.
Copyright © 2004, 2019, Oracle and/or its affiliates. All rights reserved. 
Previous
Next