This chapter describes how to install and boot a non-global zone. A method for using cloning to install a zone on the same system is also provided. Other tasks associated with installation, such as halting, rebooting, and uninstalling zones, are addressed. The procedure to completely delete a zone from a system is also included.
For general information about zone installation and related operations, see Chapter 18, About Installing, Halting, Uninstalling, and Cloning Non-Global Zones (Overview).
For information about lx branded zone installation and cloning, see Chapter 32, About Installing, Booting, Halting, Cloning, and Uninstalling lx Branded Zones (Overview) and Chapter 33, Installing, Booting, Halting, Uninstalling and Cloning lx Branded Zones (Tasks).
Task |
Description |
For Instructions |
---|---|---|
(Optional) Verify a configured zone prior to installing the zone. |
Ensure that a zone meets the requirements for installation. If you skip this procedure, the verification is performed automatically when you install the zone. |
(Optional) How to Verify a Configured Zone Before It Is Installed |
Install a configured zone. |
Install a zone that is in the configured state. | |
Obtain the universally unique identifier (UUID) for the zone. |
This separate identifier, assigned when the zone is installed, is an alternate way to identify a zone. | |
(Optional) Transition an installed zone to the ready state. |
You can skip this procedure if you want to boot the zone and use it immediately. |
(Optional) How to Transition the Installed Zone to the Ready State |
Boot a zone. |
Booting a zone places the zone in the running state. A zone can be booted from the ready state or from the installed state. Note that you must perform the internal zone configuration when you log in to the zone after booting it for the first time. |
How to Boot a Zone, Internal Zone Configuration, Performing the Initial Internal Zone Configuration |
Boot a zone in single-user mode. |
Boots only to milestone svc:/milestone/single-user:default. This milestone is equivalent to init level s. See the init(1M) and svc.startd(1M) man pages. |
Use the zoneadm command described in the zoneadm(1M) man page to perform installation tasks for a non-global zone. You must be the global administrator to perform the zone installation. The examples in this chapter use the zone name and zone path established in Configuring, Verifying, and Committing a Zone.
You can verify a zone prior to installing it. One of the checks performed is a check for sufficient disk size. If you skip this procedure, the verification is performed automatically when you install the zone.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Verify a configured zone named my-zone by using the -z option with the name of the zone and the verify subcommand.
global# zoneadm -z my-zone verify |
This message regarding verification of the zone path will be displayed:
Warning: /export/home/my-zone does not exist, so it cannot be verified. When 'zoneadm install' is run, 'install' will try to create /export/home1/my-zone, and 'verify' will be tried again, but the 'verify' may fail if: the parent directory of /export/home/my-zone is group- or other-writable or /export/home1/my-zone overlaps with any other installed zones. |
However, if an error message is displayed and the zone fails to verify, make the corrections specified in the message and try the command again.
If no error messages are displayed, you can install the zone.
This procedure is used to install a configured non-global zone.
You must be the global administrator in the global zone to perform this procedure.
In Step 2, if the zonepath is on ZFS, the zoneadm install command automatically creates a ZFS file system (dataset) for the zonepath when the zone is installed. You can block this action by including the -x nodataset parameter.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Install the configured zone my-zone by using the zoneadm command with the install option.
Install the zone, automatically creating a ZFS file system if the zonepath is on ZFS.
global# zoneadm -z my-zone install |
The system will display:
A ZFS file systm has been created for this zone. |
Install the zone that has a zonepath on ZFS, but do not automatically create the ZFS file system.
global# zoneadm -z my-zone install -x nodataset |
You will see various messages as the files and directories needed for the zone's root file system are installed under the zone's root path.
(Optional) If an error message is displayed and the zone fails to install, type the following to get the zone state:
global# zoneadm -z my-zone list -v |
If the state is listed as configured, make the corrections specified in the message and try the zoneadm install command again.
If the state is listed as incomplete, first execute this command:
global# zoneadm -z my-zone uninstall |
Then make the corrections specified in the message, and try the zoneadm install command again.
When the installation completes, use the list subcommand with the -i and -v options to list the installed zones and verify the status.
global# zoneadm list -iv |
You will see a display that is similar to the following:
ID NAME STATUS PATH BRAND IP 0 global running / native shared - my-zone installed /export/home/my-zone native shared |
If a zone installation is interrupted or fails, the zone is left in the incomplete state. Use uninstall -F to reset the zone to the configured state.
This zone was installed with the minimal network configuration described in Chapter 17, Managing Services (Tasks), in System Administration Guide: Basic Administration by default. You can switch to the open network configuration, or enable or disable individual services, when you log in to the zone. See Switching the Non-Global Zone to a Different Networking Service Configuration for details.
A universally unique identifier (UUID) is assigned to a zone when it is installed. The UUID can be obtained by using zoneadm with the list subcommand and the -p option. The UUID is the fifth field of the display.
View the UUIDs for zones that have been installed.
global# zoneadm list -p |
You will see a display similar to the following:
0:global:running:/:native 6:my-zone:running:/export/home/my-zone:61901255-35cf-40d6-d501-f37dc84eb504:native |
global# zoneadm -z my-zone -u 61901255-35cf-40d6-d501-f37dc84eb504 list -v |
If both -u uuid-match and -z zonename are present, the match is done based on the UUID first. If a zone with the specified UUID is found, that zone is used, and the -z parameter is ignored. If no zone with the specified UUID is found, then the system searches by the zone name.
Zones can be uninstalled and reinstalled under the same name with different contents. Zones can also be renamed without the contents being changed. For these reasons, the UUID is a more reliable handle than the zone name.
For more information, see zoneadm(1M) and libuuid(3LIB).
If administrative changes on the system have rendered a zone unusable or inconsistent, it is possible to change the state of an installed zone to incomplete.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Mark the zone testzone incomplete.
global# zoneadm -z testzone mark incomplete |
Use the list subcommand with the -i and -v options to verify the status.
global# zoneadm list -iv |
You will see a display that is similar to the following:
ID NAME STATUS PATH BRAND IP 0 global running / native shared - my-zone installed /export/home/my-zone native shared - testzone incomplete /export/home/testzone native shared |
The -R root option can be used with the mark and list subcommands of zoneadm to specify an alternate boot environment. See zoneadm(1M) for more information.
Marking a zone incomplete is irreversible. The only action that can be taken on a zone marked incomplete is to uninstall the zone and return it to the configured state. See How to Uninstall a Zone.
Transitioning into the ready state prepares the virtual platform to begin running user processes. Zones in the ready state do not have any user processes executing in them.
You can skip this procedure if you want to boot the zone and use it immediately. The transition through the ready state is performed automatically when you boot the zone.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Use the zoneadm command with the -z option, the name of the zone, which is my-zone, and the ready subcommand to transition the zone to the ready state.
global# zoneadm -z my-zone ready |
At the prompt, use the zoneadm list command with the -v option to verify the status.
global# zoneadm list -v |
You will see a display that is similar to the following:
ID NAME STATUS PATH BRAND IP 0 global running / native shared 1 my-zone ready /export/home/my-zone native shared |
Note that the unique zone ID 1 has been assigned by the system.
Booting a zone places the zone in the running state. A zone can be booted from the ready state or from the installed state. A zone in the installed state that is booted transparently transitions through the ready state to the running state. Zone login is allowed for zones in the running state.
Note that you perform the internal zone configuration when you initially log in to the zone. This is described in Performing the Initial Internal Zone Configuration.
If you plan to use an /etc/sysidcfg file to perform initial zone configuration, as described in How to Use an /etc/sysidcfg File to Perform the Initial Zone Configuration, create the sysidcfg file and place it the zone's /etc directory before you boot the zone.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Use the zoneadm command with the -z option, the name of the zone, which is my-zone, and the boot subcommand to boot the zone.
global# zoneadm -z my-zone boot |
When the boot completes, use the list subcommand with the -v option to verify the status.
global# zoneadm list -v |
You will see a display that is similar to the following:
ID NAME STATUS PATH BRAND IP 0 global running / native shared 1 my-zone running /export/home/my-zone native shared |
Boot a zone using the -m verbose option:
global# zoneadm -z my-zone boot -- -m verbose |
Reboot a zone using the -m verbose boot option:
global# zoneadm -z my-zone reboot -- -m verbose |
Zone administrator reboot of the zone my-zone, using the -m verbose option:
my-zone# reboot -- -m verbose |
If a message indicating that the system was unable to find the netmask to be used for the IP address specified in the zone's configuration displays, see netmasks Warning Displayed When Booting Zone. Note that the message is only a warning and the command has succeeded.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Boot the zone in single-user mode.
global# zoneadm -z my-zone boot -- -s |
To log in to the zone and perform the initial internal configuration, see Chapter 20, Non-Global Zone Login (Overview) and Chapter 21, Logging In to Non-Global Zones (Tasks).
Task |
Description |
For Instructions |
---|---|---|
Halt a zone. |
The halt procedure is used to remove both the application environment and the virtual platform for a zone. The procedure returns a zone in the ready state to the installed state. To cleanly shut down a zone, see How to Use zlogin to Shut Down a Zone. | |
Reboot a zone. |
The reboot procedure halts the zone and then boots it again. | |
Uninstall a zone. |
This procedure removes all of the files in the zone's root file system. Use this procedure with caution. The action is irreversible. | |
Provision a new non-global zone based on the configuration of an existing zone on the same system. |
Cloning a zone is an alternate, faster method of installing a zone. You must still configure the new zone before you can install it. | |
Delete a non-global zone from the system. |
This procedure completely removes a zone from a system. |
The halt procedure is used to remove both the application environment and the virtual platform for a zone. To cleanly shut down a zone, see How to Use zlogin to Shut Down a Zone.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
List the zones running on the system.
global# zoneadm list -v |
You will see a display that is similar to the following:
ID NAME STATUS PATH BRAND IP 0 global running / native shared 1 my-zone running /export/home/my-zone native shared |
Use the zoneadm command with the -z option, the name of the zone, for example, my-zone, and the halt subcommand to halt the given zone.
global# zoneadm -z my-zone halt |
List the zones on the system again, to verify that my-zone has been halted.
global# zoneadm list -iv |
You will see a display that is similar to the following:
ID NAME STATUS PATH BRAND IP 0 global running / native shared - my-zone installed /export/home/my-zone native shared |
Boot the zone if you want to restart it.
global# zoneadm -z my-zone boot |
If the zone does not halt properly, see Zone Does Not Halt for troubleshooting tips.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
List the zones running on the system.
global# zoneadm list -v |
You will see a display that is similar to the following:
ID NAME STATUS PATH BRAND IP 0 global running / native shared 1 my-zone running /export/home/my-zone native shared |
Use the zoneadm command with the -z reboot option to reboot the zone my-zone.
global# zoneadm -z my-zone reboot |
List the zones on the system again to verify that my-zone has been rebooted.
global# zoneadm list -v |
You will see a display that is similar to the following:
ID NAME STATUS PATH BRAND IP 0 global running / native shared 2 my-zone running /export/home/my-zone native shared |
Note that the zone ID for my-zone has changed. The zone ID generally changes after a reboot.
Use this procedure with caution. The action of removing all of the files in the zone's root file system is irreversible.
The zone cannot be in the running state. The uninstall operation is invalid for running zones.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
List the zones on the system.
global# zoneadm list -v |
You will see a display that is similar to the following:
ID NAME STATUS PATH BRAND IP 0 global running / native shared - my-zone installed /export/home/my-zone native shared |
Use the zoneadm command with the -z uninstall option to remove the zone my-zone.
You can also use the -F option to force the action. If this option is not specified, the system will prompt for confirmation.
global# zoneadm -z my-zone uninstall -F |
Note that when you uninstall a zone that has its own ZFS file system for the zonepath, the ZFS file system is destroyed.
List the zones on the system again, to verify that my-zone is no longer listed.
global# zoneadm list -iv |
You will see a display that is similar to the following:
ID NAME STATUS PATH BRAND IP 0 global running / native shared |
If a zone uninstall is interrupted, the zone is left in the incomplete state. Use the zoneadm uninstall command to reset the zone to the configured state.
Use the uninstall command with caution because the action is irreversible.
Cloning is used to provision a new zone on a system by copying the data from a source zonepath to a target zonepath.
When the source zonepath and the target zonepath both reside on ZFS and are in the same pool, the zoneadm clone command automatically uses ZFS to clone the zone. However, you can specify that the ZFS zonepath be copied and not ZFS cloned.
You must configure the new zone before you can install it. The parameter passed to the zoneadm create subcommand is the name of the zone to clone. This source zone must be halted.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Halt the source zone to be cloned, which is my-zone in this procedure.
global# zoneadm -z my-zone halt |
Start configuring the new zone by exporting the configuration of the source zone my-zone to a file, for example, master.
global# zonecfg -z my-zone export -f /export/zones/master |
You can also create the new zone configuration using the procedure How to Configure the Zone instead of modifying an existing configuration. If you use this method, skip ahead to Step 6 after you create the zone.
Edit the file master. Set different properties and resources for the components that cannot be identical for different zones. For example, you must set a new zonepath. For a shared-IP zone, the IP addresses in any net resources must be changed. For an exclusive-IP zone, the physical property of any net resources must be changed.
Create the new zone, zone1, by using the commands in the file master.
global# zonecfg -z zone1 -f /export/zones/master |
Install the new zone, zone1, by cloning my-zone.
global# zoneadm -z zone1 clone my-zone |
The system displays:
Cloning zonepath /export/home/my-zone... |
If the source zonepath is on a ZFS pool, for example, zeepool, the system displays:
Cloning snapshot zeepool/zones/my-zone@SUNWzone1 Instead of copying, a ZFS clone has been created for this zone. |
List the zones on the system.
ID NAME STATUS PATH BRAND IP 0 global running / native shared - my-zone installed /export/home/my-zone native shared - zone1 installed /export/home/zone1 native shared |
When the zoneadm command clones a source zonepath that is on its own ZFS file system, the following actions are performed:
The zoneadm command takes a software inventory.
The zoneadm command takes a ZFS snapshot and names it SUNWzoneX, for example, SUNWzone1.
The zoneadm command uses ZFS clone to clone the snapshot.
You can clone a source zone multiple times from an existing snapshot that was originally taken when you cloned a zone.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Configure the zone zone2.
Specify that an existing snapshot be used to create new-zone2.
global# zoneadm -z zone2 clone -s zeepool/zones/my-zone@SUNWzone1 my-zone |
The system displays:
Cloning snapshot zeepool/zones/my-zone@SUNWzone1 |
The zoneadm command validates the software from the snapshot SUNWzone1, and clones the snapshot.
List the zones on the system.
ID NAME STATUS PATH BRAND IP 0 global running / native shared - my-zone installed /zeepool/zones/my-zone native shared - zone1 installed /zeepool/zones/zone1 native shared - zone2 installed /zeepool/zones/zone2 native shared |
Use this procedure to prevent the automatic cloning of a zone on a ZFS file system by specifying that the zonepath should be copied instead.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Specify that the zonepath on ZFS be copied and not ZFS cloned.
global# zoneadm -z zone1 clone -m copy my-zone |
The procedure described in this section completely deletes a zone from a system.
Shut down the zone my-zone.
global# zlogin my-zone shutdown -y -g0 -i0 my-zone |
Remove the root file system for my-zone.
global# zoneadm -z my-zone uninstall -F |
Delete the configuration for my-zone.
global# zonecfg -z my-zone delete -F |
List the zones on the system, to verify that my-zone is no longer listed.
global# zoneadm list -iv |
You will see a display that is similar to the following:
ID NAME STATUS PATH BRAND IP 0 global running / native shared |