This chapter covers general administration tasks and provides usage examples.
Adding Non-Global Zone Access to Specific File Systems in the Global Zone
Using IP Network Multipathing on a Solaris System With Zones Installed
Using the Fair Share Scheduler on a Solaris System With Zones Installed
See Chapter 26, Solaris Zones Administration (Overview) for general zone administration topics.
Use the ppriv utility to display the zone's privileges.
 How to List Solaris Privileges in the Global Zone
How to List Solaris Privileges in the Global ZoneUse the ppriv utility with the -l option to list the privileges available on the system.
At the prompt, type ppriv -l zone to report the set of privileges available in the zone.
| global# ppriv -l zone | 
You will see a display similar to this:
| contract_event contract_observer cpc_cpu . . . | 
 How to List the Non-Global Zone's Privilege
Set
How to List the Non-Global Zone's Privilege
SetUse the ppriv utility with the -l option and the expression zone to list the zone's privileges.
Log into the non-global zone. This example uses a zone named my-zone.
At the prompt, type ppriv -l zone to report the set of privileges available in the zone.
| my-zone# ppriv -l zone | 
You will see a display similar to this:
| contract_event contract_observer file_chown . . . | 
 How to List a Non-Global Zone's Privilege
Set With Verbose Output
How to List a Non-Global Zone's Privilege
Set With Verbose OutputUse the ppriv utility with the -l option, the expression zone, and the -v option to list the zone's privileges.
Log into the non-global zone. This example uses a zone named my-zone.
At the prompt, type ppriv -l -v zone to report the set of privileges available in the zone, with a description of each privilege.
| my-zone# ppriv -lv zone | 
You will see a display similar to this:
| contract_event
        Allows a process to request critical events without limitation.
        Allows a process to request reliable delivery of all events on
        any event queue.
contract_observer
        Allows a process to observe contract events generated by
        contracts created and owned by users other than the process's
        effective user ID.
        Allows a process to open contract event endpoints belonging to
        contracts created and owned by users other than the process's
        effective user ID.
file_chown
        Allows a process to change a file's owner user ID.
        Allows a process to change a file's group ID to one other than
        the process' effective group ID or one of the process'
        supplemental group IDs.
.
.
. | 
Perform the following steps to use DTrace functionality as described in Running DTrace in a Non-Global Zone.
 How to Use DTrace
How to Use DTraceUse the zonecfg limitpriv property to add the dtrace_proc and dtrace_user privileges.
| global# zonecfg -z my-zone zonecfg:my-zone> set limitpriv="default,dtrace_proc,dtrace_user" zonecfg:my-zone> exit | 
Depending on your requirements, you can add either privilege, or both privileges.
Boot the zone.
| global# zoneadm -z my-zone boot | 
Log in to the zone.
| global# zlogin my-zone | 
Run the DTrace program.
| my-zone# dtrace -l | 
To check the status of SMF services in a native non-global zone, use the zlogin command.
 How to Check the Status of SMF Services From the Command
Line
How to Check the Status of SMF Services From the Command
LineBecome superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
From the command line, type the following to show all services, including disabled ones.
| global# zlogin my-zone svcs -a | 
For more information, see Chapter 21, Logging In to Non-Global Zones (Tasks) and svcs(1).
 How to Check the Status of SMF Services From Within
a Zone
How to Check the Status of SMF Services From Within
a ZoneBecome superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Log in to the zone.
| global# zlogin my-zone | 
Run the svcs command with the -a option to show all services, including disabled ones.
| my-zone# svcs -a | 
For more information, see Chapter 21, Logging In to Non-Global Zones (Tasks) and svcs(1).
You can mount file systems in a running non-global zone. The following procedures are covered.
As the global administrator in the global zone, you can import raw and block devices into a non-global zone. After the devices are imported, the zone administrator has access to the disk. The zone administrator can then create a new file system on the disk and perform one of the following actions:
Mount the file system manually
Place the file system in /etc/vfstab so that it will be mounted on zone boot
As the global administrator, you can also mount a file system from the global zone into the non-global zone.
 SX Only: How to Import Raw and Block Devices
by Using zonecfg
SX Only: How to Import Raw and Block Devices
by Using zonecfg
This procedure uses the lofi file driver, which exports a file as a block device.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Change directories to /usr/tmp.
| global# cd /usr/tmp | 
Create a new UFS file system.
| global# mkfile 10m fsfile | 
Attach the file as a block device.
The first available slot, which is /dev/lofi/1 if no other lofi devices have been created, is used.
| global# lofiadm -a `pwd`/fsfile | 
You will also get the required character device.
Import the devices into the zone my-zone.
| global# zonecfg -z my-zone zonecfg:my-zone> add device zonecfg:my-zone:device> set match=/dev/rlofi/1 zonecfg:my-zone:device> end zonecfg:my-zone> add device zonecfg:my-zone:device> set match=/dev/lofi/1 zonecfg:my-zone:device> end | 
Reboot the zone.
| global# zoneadm -z my-zone boot | 
Log in to the zone and verify that the devices were successfully imported.
| my-zone# ls -l /dev/*lofi/* | 
You will see a display that is similar to this:
| brw------- 1 root sys 147, 1 Jan 7 11:26 /dev/lofi/1 crw------- 1 root sys 147, 1 Jan 7 11:26 /dev/rlofi/1 | 
For more information, see the lofiadm(1M) and lofi(7D) man pages.
 How to Mount the File System Manually
How to Mount the File System ManuallyYou must be the zone administrator and have the Zone Management profile to perform this procedure. This procedure uses the newfs command, which is described in the newfs(1M) man page.
Become superuser, or have the Zone Management rights profile in your list of profiles.
In the zone my-zone, create a new file system on the disk.
| my-zone# newfs /dev/lofi/1 | 
Respond yes at the prompt.
| newfs: construct a new file system /dev/rlofi/1: (y/n)? y | 
You will see a display that is similar to this:
| /dev/rlofi/1:   20468 sectors in 34 cylinders of 1 tracks, 602 sectors
        10.0MB in 3 cyl groups (16 c/g, 4.70MB/g, 2240 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
 32, 9664, 19296, | 
Check the file system for errors.
| my-zone# fsck -F ufs /dev/rlofi/1 | 
You will see a display that is similar to this:
| ** /dev/rlofi/1 ** Last Mounted on ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 2 files, 9 used, 9320 free (16 frags, 1163 blocks, 0.2% fragmentation) | 
Mount the file system.
| my-zone# mount -F ufs /dev/lofi/1 /mnt | 
Verify the mount.
| my-zone# grep /mnt /etc/mnttab | 
You will see a display similar to this:
| /dev/lofi/1 /mnt ufs rw,suid,intr,largefiles,xattr,onerror=panic,zone=foo,dev=24c0001 1073503869 | 
 How to Place a File System in /etc/vfstab to Be Mounted When the Zone Boots
How to Place a File System in /etc/vfstab to Be Mounted When the Zone BootsThis procedure is used to mount the block device /dev/lofi/1 on the file system path /mnt. The block device contains a UFS file system. The following options are used:
logging is used as the mount option.
yes tells the system to automatically mount the file system when the zone boots.
/dev/rlofi/1 is the character (or raw) device. The fsck command is run on the raw device if required.
Become superuser, or have the Zone Management rights profile in your list of profiles.
In the zone my-zone, add the following line to /etc/vfstab:
| /dev/lofi/1 /dev/rlofi/1 /mnt ufs 2 yes logging | 
 How to Mount a File System From the Global
Zone Into a Non-Global Zone
How to Mount a File System From the Global
Zone Into a Non-Global ZoneAssume that a zone has the zonepath /export/home/my-zone. You want to mount the disk /dev/lofi/1 from the global zone into /mnt in the non-global zone.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
To mount the disk into /mnt in the non-global zone, type the following from the global zone:
| global# mount -F ufs /dev/lofi/1 /export/home/my-zone/root/mnt | 
For information about lofi, see the lofiadm(1M) and lofi(7D) man pages.
 How to Add Access to CD or DVD Media in a Non-Global
Zone
How to Add Access to CD or DVD Media in a Non-Global
ZoneThis procedure enables you to add read-only access to CD or DVD media in a non-global zone. The Volume Management file system is used in the global zone for mounting the media. A CD or DVD can then be used to install a product in the non-global zone. This procedure uses a DVD named jes_05q4_dvd.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Determine whether the Volume Management file system is running in the global zone.
| global# svcs volfs STATE STIME FMRI online Sep_29 svc:/system/filesystem/volfs:default | 
(Optional) If the Volume Management file system is not running in the global zone, start it.
| global# svcadm volfs enable | 
Insert the media.
Check for media in the drive.
| global# volcheck | 
Test whether the DVD is automounted.
| global# ls /cdrom | 
You will see a display similar to the following:
| cdrom cdrom1 jes_05q4_dvd | 
Loopback mount the file system with the options ro,nodevices (read-only and no devices) in the non-global zone.
| global# zonecfg -z my-zone zonecfg:my-zone> add fs zonecfg:my-zone:fs> set dir=/cdrom zonecfg:my-zone:fs> set special=/cdrom zonecfg:my-zone:fs> set type=lofs zonecfg:my-zone:fs> add options [ro,nodevices] zonecfg:my-zone:fs> end zonecfg:my-zone> commit zonecfg:my-zone> exit | 
Reboot the non-global zone.
| global# zoneadm -z my-zone reboot | 
Use the zoneadm list command with the -v option to verify the status.
| global# zoneadm list -v | 
You will see a display that is similar to the following:
| ID NAME STATUS PATH BRAND IP 0 global running / native shared 1 my-zone running /export/home/my-zone native shared | 
Log in to the non-global zone.
| global# zlogin my-zone | 
Verify the DVD-ROM mount.
| my-zone# ls /cdrom | 
You will see a display similar to this:
| cdrom cdrom1 jes_05q4_dvd | 
Install the product as described in the product installation guide.
Exit the non-global zone.
| my-zone# exit | 
You might want to retain the /cdrom file system in your non-global zone. The mount will always reflect the current contents of the CD-ROM drive, or an empty directory if the drive is empty.
(Optional) If you want to remove the /cdrom file system from the non-global zone, use the following procedure.
| global# zonecfg -z my-zone zonecfg:my-zone> remove fs dir=/cdrom zonecfg:my-zone> commit zonecfg:my-zone> exit | 
 How to Add a Writable Directory under /usr in
a Non-Global Zone
How to Add a Writable Directory under /usr in
a Non-Global ZoneIn a native sparse root zone, /usr is mounted read-only from the global zone. You can use this procedure to add a writable directory, such as /usr/local, under /usr in your zone.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Create the directory /usr/local in the global zone.
| global# mkdir -p /usr/local | 
Specify a directory in the global zone to serve as the backing store for the zone's /usr/local directory.
| global# mkdir -p /storage/local/my-zone | 
Edit the configuration for the zone my-zone.
| global# zonecfg -z my-zone | 
Add the loopback-mounted filesystem.
| zonecfg:my-zone> add fs
zonecfg:my-zone:fs> set dir=/usr/local
        zonecfg:my-zone:fs> set special=/storage/local/my-zone
        zonecfg:my-zone:fs> set type=lofs
        zonecfg:my-zone:fs> end
        zonecfg:my-zone> commit
        zonecfg:my-zone> exit
 | 
Boot the zone.
 How to Export Home Directories in the Global Zone
Into a Non-Global Zone
How to Export Home Directories in the Global Zone
Into a Non-Global ZoneThis procedure is used to export home directories or other file systems from the global zone into non-global zones on the same system.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Add the loopback-mounted filesystem.
| global# zonecfg -z my-zone zonecfg:my-zone> add fs zonecfg:my-zone:fs> set dir=/export/home zonecfg:my-zone:fs> set special=/export/home zonecfg:my-zone:fs> set type=lofs zonecfg:my-zone:fs> set options=nodevices zonecfg:my-zone:fs> end zonecfg:my-zone> commit zonecfg:my-zone> exit | 
Add the following line to the zone's /etc/auto_home file:
| $HOST:/export/home/& | 
 How to Use IP Network Multipathing in Exclusive-IP
Non-Global Zones
How to Use IP Network Multipathing in Exclusive-IP
Non-Global ZonesIP Network Multipathing (IPMP) in an exclusive-IP zone is configured as it is in the global zone.
You can configure one or more physical interfaces into an IP multipathing group, or IPMP group. After configuring IPMP, the system automatically monitors the interfaces in the IPMP group for failure. If an interface in the group fails or is removed for maintenance, IPMP automatically migrates, or fails over, the failed interface's IP addresses. The recipient of these addresses is a functioning interface in the failed interface's IPMP group. The failover feature of IPMP preserves connectivity and prevents disruption of any existing connections. Additionally, IPMP improves overall network performance by automatically spreading out network traffic across the set of interfaces in the IPMP group. This process is called load spreading.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Configure IPMP groups as described in Configuring IPMP Groups in System Administration Guide: Network Interfaces and Network Virtualization.
 How to Extend IP Network Multipathing Functionality
to Shared-IP Non-Global Zones
How to Extend IP Network Multipathing Functionality
to Shared-IP Non-Global ZonesUse this procedure to configure IPMP in the global zone and extend the IPMP functionality to non-global zones.
Each address, or logical interface, should be associated with a non-global zone when you configure the zone. See Using the zonecfg Command and How to Configure the Zone for instructions.
This procedure accomplishes the following:
The cards bge0 and hme0 are configured together in a group.
Address 192.168.0.1 is associated with the non-global zone my-zone.
The bge0 card is set as the physical interface. Thus, the IP address is hosted in the group that contains the bge0 and hme0 cards.
In a running zone, you can use the ifconfig command to make the association. See Shared-IP Network Interfaces and the ifconfig(1M) man page.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
In the global zone, configure IPMP groups as described in Configuring IPMP Groups in System Administration Guide: Network Interfaces and Network Virtualization.
Use the zonecfg command to configure the zone. When you configure the net resource, add address 192.168.0.1 and physical interface bge0 to the zone my-zone:
| zonecfg:my-zone> add net zonecfg:my-zone:net> set address=192.168.0.1 zonecfg:my-zone:net> set physical=bge0 zonecfg:my-zone:net> end | 
Only bge0 would be visible in non-global zone my-zone.
If bge0 subsequently fails and the bge0 data addresses fail over to hme0 in the global zone, the my-zone addresses migrate as well.
If address 192.168.0.1 moves to hme0, then only hme0 would now be visible in non-global zone my-zone. This card would be associated with address 192.168.0.1, and bge0 would no longer be visible.
The dladm command is used from the global zone to administer data-links.
 How to Use dladm show-linkprop
How to Use dladm show-linkprop
The dladm command can be used with the show-linkprop subcommand to show the assignment of data-links to running exclusive-IP zones.
You must be the global administrator in the global zone to administer data-links.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Show the assignment of data-links on the system.
| global# dladm show-linkprop | 
In the first screen, zone 49bge, which is assigned bge0 has not been booted
| global# dladm show-linkprop LINK PROPERTY VALUE DEFAULT POSSIBLE bge0 zone -- -- -- ath0 channel 6 -- -- ath0 powermode ? off off,fast,max ath0 radio ? on on,off ath0 speed 11 -- 1,2,5.5,6,9,11,12,18,24,36,48,54 ath0 zone -- -- -- | 
Zone 49bge is booted.
| global# zoneadm -z 49bge boot | 
The command dladm show-linkprop is run again. Note that the bge0 link is now assigned to 49bge.
| global# dladm show-linkprop LINK PROPERTY VALUE DEFAULT POSSIBLE bge0 zone 49bge -- -- ath0 channel 6 -- -- ath0 powermode ? off off,fast,max ath0 radio ? on on,off ath0 speed 11 -- 1,2,5.5,6,9,11,12,18,24,36,48,54 ath0 zone -- -- -- | 
 How to Use dladm set-linkprop
How to Use dladm set-linkprop
The dladm command can be used with the set-linkprop subcommand to temporarily assign data-links to running exclusive-IP zones. Persistent assignment must be made through the zonecfg command.
You must be the global administrator in the global zone to administer data-links.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Use dladm set-linkprop with the -t to add bge0 to a running zone called excl.
| global# dladm set-linkprop -t -p zone=excl bge0 LINK PROPERTY VALUE DEFAULT POSSIBLE bge0 zone excl -- -- | 
The -p option produces a display using a stable machine-parseable format.
 How to Use dladm reset-linkprop
How to Use dladm reset-linkprop
The dladm command can be used with the reset-linkprop subcommand to reset the bge0 link value to unassigned.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Use dladm reset-linkprop with the -t to undo the zone assignment of the bge0 device.
| global# dladm set-linkprop -t -p zone=excl bge0 LINK PROPERTY VALUE DEFAULT POSSIBLE bge0 zone excl -- -- | 
The -p option produces a display using a stable machine-parseable format.
If the running zone is using the device, the reassignment fails and an error message is displayed. See Exclusive-IP Zone Is Using Device, so dladm reset-linkprop Fails.
Limits specified through the prctl command are not persistent. The limits are only in effect until the system is rebooted. To set shares in a zone permanently, see How to Configure the Zone and How to Set zone.cpu-shares in the Global Zone.
 How to Set FSS Shares in the Global Zone
Using the prctl Command
How to Set FSS Shares in the Global Zone
Using the prctl CommandThe global zone is given one share by default. You can use this procedure to change the default allocation. Note that you must reset shares allocated through the prctl command whenever you reboot the system.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Use the prctl utility to assign two shares to the global zone:
| # prctl -n zone.cpu-shares -v 2 -r -i zone global | 
(Optional) To verify the number of shares assigned to the global zone, type:
| # prctl -n zone.cpu-shares -i zone global | 
For more information on the prctl utility, see the prctl(1) man page.
 How to Change the zone.cpu-shares Value
in a Zone Dynamically
How to Change the zone.cpu-shares Value
in a Zone DynamicallyThis procedure can be used for any zone, not just the global zone.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration
Use the prctl command to specify a new value for cpu-shares.
| # prctl -n zone.cpu-shares -r -v value -i zone zonename | 
idtype is either the zonename or the zoneid. value is the new value.
This section covers tasks associated with using rights profiles in non-global zones.
 How to Assign the Zone Management Profile
How to Assign the Zone Management ProfileThe Zone Management profile grants the power to manage all of the non-global zones on the system to a user.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Create a role that includes the Zone Management rights profile, and assign the role to a user.
To create and assign the role by using the Solaris Management Console, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. Refer to the task “How to Create and Assign a Role By Using the GUI.”
To create and assign the role on the command line, see Managing RBAC in System Administration Guide: Security Services. Refer to the task “How to Create a Role From the Command Line.”
You can execute zone commands in a profile using the pfexec program. The program executes commands with the attributes specified by the user's profiles in the exec_attr database. The program is invoked by the profile shells pfksh, pfcsh, and pfsh.
Use the pfexec program to log in to a zone, for example, my-zone.
| machine$ pfexec zlogin my-zone | 
The following procedures can be used to back up files in zones. Remember to also back up the zones' configuration files.
 How to Use ufsdump to Perform Backups
How to Use ufsdump to Perform BackupsYou can perform full or incremental backups using the ufsdump command. This procedure backs up the zone /export/my-zone to /backup/my-zone.ufsdump, where my-zone is replaced with the name of a zone on your system. You might want to have a separate file system, for example, a file system mounted on /backup, to hold the backups.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
(Optional) Shut down the zone to put the zone in a quiescent state and to avoid creating backups of shared file systems.
| global# zlogin -S my-zone init 0 | 
Check the zone's status.
| global# zoneadm list -cv | 
You will see a display similar to the following:
| ID NAME STATUS PATH BRAND IP 0 global running / native shared - my-zone installed /export/home/my-zone native shared | 
Perform the backup.
| global# ufsdump 0f /backup/my-zone.ufsdump /export/my-zone | 
You will see a display similar to the following:
| DUMP: Date of this level 0 dump: Wed Aug 10 16:13:52 2005 DUMP: Date of last level 0 dump: the epoch DUMP: Dumping /dev/rdsk/c0t0d0s0 (bird:/) to /backup/my-zone.ufsdump. DUMP: Mapping (Pass I) [regular files] DUMP: Mapping (Pass II) [directories] DUMP: Writing 63 Kilobyte records DUMP: Estimated 363468 blocks (174.47MB). DUMP: Dumping (Pass III) [directories] DUMP: Dumping (Pass IV) [regular files] DUMP: 369934 blocks (180.63MB) on 1 volume at 432 KB/sec DUMP: DUMP IS DONE | 
Boot the zone.
| global# zoneadm -z my-zone boot | 
 How to Create a UFS Snapshot Using fssnap
How to Create a UFS Snapshot Using fssnap
This approach uses the fssnap command, which creates a temporary image of a file system intended for backup operations.
This method can be used to provide a clean, consistent backup of the zone files only, and it can be executed while zones are running. However, it is a good idea to suspend or checkpoint active applications that are updating files when the snapshot is created. An application updating files when the snapshot is created might leave these files in an internally inconsistent, truncated, or otherwise unusable state.
In the example procedure below, note the following:
There is a zone named my-zone under /export/home.
/export/home is a separate file system.
The destination backup is /backup/my-zone.ufs. You must create the directory backup under /.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Create the snapshot.
| global# fssnap -o bs=/export /export/home | 
You will see a display similar to the following:
| dev/fssnap/0 | 
Mount the snapshot.
| global# mount -o ro /dev/fssnap/0 /mnt | 
Back up my-zone from the snapshot.
| global# ufsdump 0f /backup/my-zone.ufsdump /mnt/my-zone | 
You will see a display similar to the following:
| DUMP: Date of this level 0 dump: Thu Oct 06 15:13:07 2005 DUMP: Date of last level 0 dump: the epoch DUMP: Dumping /dev/rfssnap/0 (pc2:/mnt) to /backup/my-zone.ufsdump. DUMP: Mapping (Pass I) [regular files] DUMP: Mapping (Pass II) [directories] DUMP: Writing 32 Kilobyte records DUMP: Estimated 176028 blocks (85.95MB). DUMP: Dumping (Pass III) [directories] DUMP: Dumping (Pass IV) [regular files] DUMP: 175614 blocks (85.75MB) on 1 volume at 2731 KB/sec DUMP: DUMP IS DONE | 
Unmount the snapshot.
| global# umount /mnt | 
Delete the snapshot.
| global# fssnap -d /dev/fssnap/0 | 
Note that the snapshot is also removed from the system when the system is rebooted.
 How to Use find and cpio to
Perform Backups
How to Use find and cpio to
Perform BackupsBecome superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Change directories to the root directory.
| global# cd / | 
Back up my-zone files that are not loopback mounted to /backup/my-zone.cpio.
| global# find export/my-zone -fstype lofs -prune -o -local | cpio -oc -O /backup/my-zone.cpio type as one line | 
Verify the results.
| global# ls -l backup/my-zone.cpio | 
You will see a display similar to the following:
| -rwxr-xr-x 1 root root 99680256 Aug 10 16:13 backup/my-zone.cpio | 
 How to Print a Copy of a Zone Configuration
How to Print a Copy of a Zone ConfigurationYou should create backup files of your non-global zone configurations. You can use the backups to recreate the zones later if necessary. Create the copy of the zone's configuration after you have logged in to the zone for the first time and have responded to the sysidtool questions. This procedure uses a zone named my-zone and a backup file named my-zone.config to illustrate the process.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Print the configuration for the zone my-zone to a file named my-zone.config.
| global# zonecfg -z my-zone export > my-zone.config | 
 How to Restore an Individual Non-Global Zone
How to Restore an Individual Non-Global ZoneYou can use the backup files of your non-global zone configurations to restore non-global zones, if necessary. This procedure uses a zone named my-zone and a backup file named my-zone.config to illustrate the process of restoring a zone.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Specify that my-zone.config be used as the zonecfg command file to recreate the zone my-zone.
| global# zonecfg -z my-zone -f my-zone.config | 
Install the zone.
| global# zoneadm -z my-zone install | 
To prevent the system from displaying the sysidtool questions upon initial zone login, delete the file zonepath/root/etc/.UNCONFIGURED, for example:
| global# rm /export/home/my-zone/root/etc/.UNCONFIGURED | 
If you have any zone-specific files to restore, such as application data, manually restore (and possibly hand-merge) files from a backup into the newly created zone's root file system.