test

System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones

Resource Type Properties

Resources also have properties to configure. The following properties are associated with the resource types shown.

dedicated-cpu

ncpus, importance

Solaris 10 8/07: Specify the number of CPUs and, optionally, the relative importance of the pool. The following example specifies a CPU range for use by the zone my-zone. importance is also set.


zonecfg:my-zone> add dedicated-cpu
zonecfg:my-zone:dedicated-cpu> set ncpus=1-3
zonecfg:my-zone:dedicated-cpu> set importance=2
zonecfg:my-zone:dedicated-cpu> end
capped-cpu

ncpus

Specify the number of CPUs. The following example specifies a CPU cap of 3.5 CPUs for the zone my-zone.


zonecfg:my-zone> add capped-cpu
zonecfg:my-zone:capped-cpu> set ncpus=3.5
zonecfg:my-zone:capped-cpu> end
capped-memory

physical, swap, locked

Specify the memory limits for the zone my-zone. Each limit is optional, but at least one must be set.


zonecfg:my-zone> add capped-memory
zonecfg:my-zone:capped-memory> set physical=50m
zonecfg:my-zone:capped-memory> set swap=100m
zonecfg:my-zone:capped-memory> set locked=30m
zonecfg:my-zone:capped-memory> end
fs

dir, special, raw, type, options

The fs resource parameters supply the values that determine how and where to mount file systems. The fs parameters are defined as follows:

dir

Specifies the mount point for the file system

special

Specifies the block special device name or directory from the global zone to mount

raw

Specifies the raw device on which to run fsck before mounting the file system

type

Specifies the file system type

options

Specifies mount options similar to those found with the mount command

The lines in the following example specify that /dev/dsk/c0t0d0s2 in the global zone is to be mounted as /mnt in a zone being configured. The raw property specifies an optional device on which the fsck command is to be run before an attempt is made to mount the file system. The file system type to use is UFS. The options nodevices and logging are added.


zonecfg:my-zone> add fs
zonecfg:my-zone:fs> set dir=/mnt
zonecfg:my-zone:fs> set special=/dev/dsk/c0t0d0s2
zonecfg:my-zone:fs> set raw=/dev/rdsk/c0t0d0s2
zonecfg:my-zone:fs> set type=ufs
zonecfg:my-zone:fs> add options [nodevices,logging]
zonecfg:my-zone:fs> end

For more information, see The -o nosuid Option, Security Restrictions and File System Behavior, and the fsck(1M) and mount(1M) man pages. Also note that section 1M man pages are available for mount options that are unique to a specific file system. The names of these man pages have the form mount_filesystem.

Note –

To add a ZFS file system using the fs resource property, see Adding ZFS File Systems to a Non-Global Zone in Oracle Solaris ZFS Administration Guide.

dataset

name

The lines in the following example specify that the dataset sales is to be visible and mounted in the non-global zone and no longer visible in the global zone.


zonecfg:my-zone> add dataset
zonecfg:my-zone> set name=tank/sales
zonecfg:my-zone> end
inherit-pkg-dir

dir

The lines in the following example specify that /opt/sfw is to be loopback mounted from the global zone.


zonecfg:my-zone> add inherit-pkg-dir
zonecfg:my-zone:inherit-pkg-dir> set dir=/opt/sfw
zonecfg:my-zone:inherit-pkg-dir> end
net

address, physical, defrouter

Note –

For a shared-IP zone, both the IP address and the device are specified. Optionally, the default router can be set.

  • The defrouter property can be used to set a default route when the non-global zone is on a subnet that is not configured in the global zone.

  • Any zone that has the defrouter property set must be on a subnet that is not configured in the global zone.

When shared IP zones exist on different subnets, do not configure a data-link in the global zone.

For an exclusive-IP zone, only the physical interface is specified. The physical property can be a VNIC.

In the following example for a shared-IP zone, the IP address 192.168.0.1 is added to the zone. An hme0 card is used for the physical interface. To determine which physical interface to use, type ifconfig -a on your system. Each line of the output, other than loopback driver lines, begins with the name of a card installed on your system. Lines that contain LOOPBACK in the descriptions do not apply to cards.


zonecfg:my-zone> add net
zonecfg:my-zone:net> set physical=hme0
zonecfg:my-zone:net> set address=192.168.0.1
zonecfg:my-zone:net> end

In the following example for an exclusive-IP zone, a bge32001 link is used for the physical interface. To determine which data-links are available, use the command dladm show-link. The data-link must be GLDv3 to be used with exclusive-IP zones, and non-GLDv3 data-links appear as type: legacy in the dladm show-link output. Note that ip-type=exclusive must also be specified.


zonecfg:my-zone> set ip-type=exclusive
zonecfg:my-zone> add net
zonecfg:my-zone:net> set physical=bge32001
zonecfg:my-zone:net> end
device

match

In the following example, a /dev/pts device is included in a zone.


zonecfg:my-zone> add device
zonecfg:my-zone:device> set match=/dev/pts*
zonecfg:my-zone:device> end
rctl

name, value

Solaris 10 8/07: New resource controls for this release are zone.max-locked-memory, zone.max-msg-ids, zone.max-sem-ids, zone.max-shm-ids, zone.max-shm-memory, and zone.max-swap.

The following zone-wide resource controls are available:

  • zone.cpu-shares (preferred: cpu-shares)

  • zone.max-locked-memory

  • zone.max-lwps (preferred: max-lwps)

  • zone.max-msg-ids (preferred: max-msg-ids)

  • zone.max-sem-ids (preferred: max-sem-ids)

  • zone.max-shm-ids (preferred: max-shm-ids)

  • zone.max-shm-memory (preferred: max-shm-memory)

  • zone.max-swap

Note that the preferred, simpler method for setting a zone-wide resource control is to use the property name instead of the rctl resource, as shown in How to Configure the Zone. If zone-wide resource control entries in a zone are configured using add rctl, the format is different than resource control entries in the project database. In a zone configuration, the rctl resource type consists of three name/value pairs. The names are priv, limit, and action. Each of the names takes a simple value.


zonecfg:my-zone> add rctl
zonecfg:my-zone:rctl> set name=zone.cpu-shares
zonecfg:my-zone:rctl> add value (priv=privileged,limit=10,action=none)zonecfg:my-zone:rctl> end


zonecfg:my-zone> add rctl
zonecfg:my-zone:rctl> set name=zone.max-lwps
zonecfg:my-zone:rctl> add value (priv=privileged,limit=100,action=deny)
zonecfg:my-zone:rctl> end

For general information about resource controls and attributes, see Chapter 6, Resource Controls (Overview) and Resource Controls Used in Non-Global Zones.

attr

name, type, value

In the following example, a comment about a zone is added.


zonecfg:my-zone> add attr
zonecfg:my-zone:attr> set name=comment
zonecfg:my-zone:attr> set type=string
zonecfg:my-zone:attr> set value="Production zone"
zonecfg:my-zone:attr> end

You can use the export subcommand to print a zone configuration to standard output. The configuration is saved in a form that can be used in a command file.