test

System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones

Chapter 18 Planning and Configuring Non-Global Zones (Tasks)

This chapter describes what you need to do before you can configure a zone on your system. This chapter also describes how to configure a zone, modify a zone configuration, and delete a zone configuration from your system.

For an introduction to the zone configuration process, see Chapter 17, Non-Global Zone Configuration (Overview).

Planning and Configuring a Non-Global Zone (Task Map)

Before you set up your system to use zones, you must first collect information and make decisions about how to configure the zones. The following task map summarizes how to plan and configure a zone.

Task 

Description 

For Instructions 

Plan your zone strategy. 

  • Evaluate the applications running on your system to determine which applications you want to run in a zone.

  • Assess the availability of disk space to hold the files that are unique in the zone.

  • If you are also using resource management features, determine how to align the zone with the resource management boundaries.

Refer to historical usage. Also see Disk Space Requirements and Resource Pools Used in Zones.

Determine the name for the zone. 

Decide what to call the zone based on the naming conventions. 

See Zone Configuration Data and Zone Host Name.

Determine the zone path. 

Each zone has a path to its root directory that is relative to the global zone's root directory. 

See Zone Configuration Data.

Evaluate the need for CPU restriction if you are not configuring resource pools. 

Review your application requirements. 

See Solaris 10 8/07: dedicated-cpu Resource.

Evaluate the need for memory allocation if you plan to cap memory for the zone by using rcapd from the global zone.

Review your application requirements. 

See Chapter 10, Physical Memory Control Using the Resource Capping Daemon (Overview), Chapter 11, Administering the Resource Capping Daemon (Tasks), and Solaris 10 8/07: Physical Memory Control and the capped-memory Resource.

Make the FSS the default scheduler on the system. 

Give each zone CPU shares to control the zone's entitlement to CPU resources. The FSS guarantees a fair dispersion of CPU resources among zones that is based on allocated shares. 

Chapter 8, Fair Share Scheduler (Overview), Scheduling Class in a Zone.

Determine whether the zone will be a shared-IP zone or an exclusive-IP zone. 

For a shared-IP zone, which is the default, obtain or configure IP addresses for the zone. Depending on your configuration, you must obtain at least one IP address for each non-global zone that you want to have network access. 

For an exclusive-IP zone, determine the data-link that will be assigned to the zone. The zone requires exclusive access to one or more network interfaces. The interface could be a separate LAN such as bge1, or a separate VLAN such as bge2000. The data-link must be GLDv3. A data-link that is not GLDv3 is identified as type: legacy in the output of the dladm show-link command.

See Determine the Zone Host Name and Obtain the Network Address, How to Configure the Zone, and System Administration Guide: IP Services.

For more information on GLDv3 interfaces, see Oracle Solaris Interface Types in System Administration Guide: IP Services.

Determine which file systems you want to mount in the zone. 

Review your application requirements. 

See File Systems Mounted in Zones for more information.

Determine which network interfaces should be made available in the zone. 

Review your application requirements. 

See Shared-IP Network Interfaces for more information.

Determine whether you must alter the default set of non-global zone permissions. 

Check the set of privileges: default, privileges that can be added and removed, and privileges that cannot be used at this time. 

See Privileges in a Non-Global Zone.

Determine which devices should be configured in each zone. 

Review your application requirements. 

Refer to the documentation for your application. 

Configure the zone. 

Use zonecfg to create a configuration for the zone.

See Configuring, Verifying, and Committing a Zone.

Verify and commit the configured zone. 

Determine whether the resources and properties specified are valid on a hypothetical system. 

See Configuring, Verifying, and Committing a Zone.

Evaluating the Current System Setup

Zones can be used on any machine that runs the Solaris 10 release. The following primary machine considerations are associated with the use of zones.

Disk Space Requirements

There are no limits on how much disk space can be consumed by a zone. The global administrator is responsible for space restriction. The global administrator must ensure that local storage is sufficient to hold a non-global zone's root file system. Even a small uniprocessor system can support a number of zones running simultaneously.

The nature of the packages installed in the global zone affects the space requirements of the non-global zones that are created. The number of packages and space requirements are factors.

Sparse Root Zones

In the Solaris 10 release, non-global zones that have inherit-pkg-dir resources are called sparse root zones.

The sparse root zone model optimizes the sharing of objects in the following ways:

In this model, all packages appear to be installed in the non-global zone. Packages that do not deliver content into read-only loopback mount file systems are fully installed. There is no need to install content delivered into read-only loopback mounted file systems since that content is inherited (and visible) from the global zone.

An additional 40 megabytes of RAM per zone are suggested, but not required on a machine with sufficient swap space.

Whole Root Zones

The whole root zone model provides the maximum configurability. All of the required and any selected optional Solaris packages are installed into the private file systems of the zone. The advantages of this model include the capability for global administrators to customize their zones file system layout. This would be done, for example, to add arbitrary unbundled or third-party packages.

The disk requirements for this model are determined by the disk space used by the packages currently installed in the global zone.

Note –

If you create a sparse root zone that contains the following inherit-pkg-dir directories, you must remove these directories from the non-global zone's configuration before the zone is installed to have a whole root zone:

See How to Configure the Zone.

Restricting Zone Size

The following options can be used to restrict zone size:

Determine the Zone Host Name and Obtain the Network Address

You must determine the host name for the zone. Then, you must assign an IPv4 address or manually configure and assign an IPv6 address for the zone if you want it to have network connectivity.

Zone Host Name

The host name you select for the zone must be defined either in the hosts database or in the /etc/inet/hosts database, as specified by the /etc/nsswitch.conf file in the global zone. The network databases are files that provide network configuration information. The nsswitch.conf file specifies which naming service to use.

If you use local files for the naming service, the hosts database is maintained in the /etc/inet/hosts file. The host names for zone network interfaces are resolved from the local hosts database in /etc/inet/hosts. Alternatively, the IP address itself can be specified directly when configuring a zone so that no host name resolution is required.

For more information, see TCP/IP Configuration Files in System Administration Guide: IP Services and Network Databases and the nsswitch.conf File in System Administration Guide: IP Services.

Shared-IP Zone Network Address

Each shared-IP zone that requires network connectivity has one or more unique IP addresses. Both IPv4 and IPv6 addresses are supported.

IPv4 Zone Network Address

If you are using IPv4, obtain an address and assign the address to the zone.

A prefix length can also be specified with the IP address. The format of this prefix is address/prefix-length, for example, 192.168.1.1/24. Thus, the address to use is 192.168.1.1 and the netmask to use is 255.255.255.0, or the mask where the first 24 bits are 1-bits.

IPv6 Zone Network Address

If you are using IPv6, you must manually configure the address. Typically, at least the following two types of addresses must be configured:

Link-local address

A link-local address is of the form fe80::64-bit interface ID/10. The /10 indicates a prefix length of 10 bits.

Address formed from a global prefix configured on the subnet

A global unicast address is based off a 64–bit prefix that the administrator configures for each subnet, and a 64-bit interface ID. The prefix can also be obtained by running the ifconfig command with the -a6 option on any system on the same subnet that has been configured to use IPv6.

The 64–bit interface ID is typically derived from a system's MAC address. For zones use, an alternate address that is unique can be derived from the global zone's IPv4 address as follows:

16 bits of zero:upper 16 bits of IPv4 address:lower 16 bits of IPv4 address:a zone-unique number

For example, if the global zone's IPv4 address is 192.168.200.10, a suitable link-local address for a non-global zone using a zone-unique number of 1 is fe80::c0a8:c80a:1/10. If the global prefix in use on that subnet is 2001:0db8:aabb:ccdd/64, a unique global unicast address for the same non-global zone is 2001:0db8:aabb:ccdd::c0a8:c80a:1/64. Note that you must specify a prefix length when configuring an IPv6 address.

For more information about link-local and global unicast addresses, see the inet6(7P) man page.

Exclusive-IP Zone Network Address

Inside an exclusive-IP zone, configure addresses as you do for the global zone. Note that DHCP and IPv6 stateless address autoconfiguration can be used to configure addresses.

See sysidcfg(4) for more information.

File System Configuration

You can specify a number of mounts to be performed when the virtual platform is set up. File systems that are loopback-mounted into a zone by using the loopback virtual file system (LOFS) virtual file system should be mounted with the nodevices option. For information on the nodevices option, see File Systems and Non-Global Zones.

LOFS lets you create a new virtual file system so that you can access files by using an alternative path name. In a non-global zone, a loopback mount makes the file system hierarchy look as though it is duplicated under the zone's root. In the zone, all files will be accessible with a path name that starts from the zone's root. LOFS mounting preserves the file system name space.

Figure 18–1 Loopback-Mounted File Systems

Illustration shows loopback-mounted file systems.

See the lofs(7S) man page for more information.

Creating, Revising, and Deleting Non-Global Zone Configurations (Task Map)

Task 

Description 

For Instructions 

Configure a non-global zone. 

Use the zonecfg command to create a zone, verify the configuration, and commit the configuration.

You can also use a script to configure and boot multiple zones on your system. You can use the zonecfg command to display a non-global zone's configuration.

Configuring, Verifying, and Committing a Zone, Script to Configure Multiple Zones

Modify a zone configuration. 

Use this procedure to modify a resource type in a zone configuration or add a dedicated device to a zone. 

Using the zonecfg Command to Modify a Zone Configuration

Revert a zone configuration or delete a zone configuration. 

Use the zonecfg command to undo a resource setting made to a zone configuration or to delete a zone configuration.

Using the zonecfg Command to Revert or Remove a Zone Configuration

Delete a zone configuration. 

Use the zonecfg command with the delete subcommand to delete a zone configuration from the system.

How to Delete a Zone Configuration

Configuring, Verifying, and Committing a Zone

You use the zonecfg command described in the zonecfg(1M) man page to perform the following actions.

The zonecfg command can also be used to persistently specify the resource management settings for the global zone.

While configuring a zone with the zonecfg utility, you can use the revert subcommand to undo the setting for a resource. See How to Revert a Zone Configuration.

A script to configure multiple zones on your system is provided in Script to Configure Multiple Zones.

To display a non-global zone's configuration, see How to Display the Configuration of a Non-Global Zone.

ProcedureHow to Configure the Zone

Note that the only required elements to create a native non-global zone are the zonename and zonepath properties. Other resources and properties are optional. Some optional resources also require choices between alternatives, such as the decision to use either the dedicated-cpu resource or the capped-cpu resource. See Zone Configuration Data for information on available zonecfg properties and resources.

You must be the global administrator in the global zone to perform this procedure.

  1. Become superuser, or assume the Primary Administrator role.

    To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

  2. Set up a zone configuration with the zone name you have chosen.

    The name my-zone is used in this example procedure.


    global# zonecfg -z my-zone

    If this is the first time you have configured this zone, you will see the following system message:


    my-zone: No such zone configured
Use 'create' to begin configuring a new zone.

  3. Create the new zone configuration.

    This procedure uses the default settings.


    zonecfg:my-zone> create

  4. Set the zone path, /export/home/my-zone in this procedure.


    zonecfg:my-zone> set zonepath=/export/home/my-zone

    Do not place the zonepath on ZFS for releases prior to the Solaris 10 10/08 release.

  5. Set the autoboot value.

    If set to true, the zone is automatically booted when the global zone is booted. Note that for the zones to autoboot, the zones service svc:/system/zones:default must also be enabled. The default value is false.


    zonecfg:my-zone> set autoboot=true

  6. Set persistent boot arguments for a zone.


    zonecfg:my-zone> set bootargs="-m verbose"

  7. Dedicate one CPU to this zone.


    zonecfg:my-zone> add dedicated-cpu

    1. Set the number of CPUs.


      zonecfg:my-zone:dedicated-cpu> set ncpus=1-2

    2. (Optional) Set the importance.


      zonecfg:my-zone:dedicated-cpu> set importance=10

      The default is 1.

    3. End the specification.


      zonecfg:my-zone:dedicated-cpu> end

  8. Revise the default set of privileges.


    zonecfg:my-zone> set limitpriv="default,sys_time"

    This line adds the ability to set the system clock to the default set of privileges.

  9. Set the scheduling class to FSS.


    zonecfg:my-zone> set scheduling-class=FSS

  10. Add a memory cap.


    zonecfg:my-zone> add capped-memory

    1. Set the memory cap.


      zonecfg:my-zone:capped-memory> set physical=50m

    2. Set the swap memory cap.


      zonecfg:my-zone:capped-memory> set swap=100m

    3. Set the locked memory cap.


      zonecfg:my-zone:capped-memory> set locked=30m

    4. End the memory cap specification.


      zonecfg:my-zone:capped-memory> end

  11. Add a file system.


    zonecfg:my-zone> add fs

    1. Set the mount point for the file system, /usr/local in this procedure.


      zonecfg:my-zone:fs> set dir=/usr/local

    2. Specify that /opt/zones/my-zone/local in the global zone is to be mounted as /usr/local in the zone being configured.


      zonecfg:my-zone:fs> set special=/opt/zones/my-zone/local

      In the non-global zone, the /usr/local file system will be readable and writable.

    3. Specify the file system type, lofs in this procedure.


      zonecfg:my-zone:fs> set type=lofs

      The type indicates how the kernel interacts with the file system.

    4. End the file system specification.


      zonecfg:my-zone:fs> end

    This step can be performed more than once to add more than one file system.

  12. (Optional) Set the hostid.


    zonecfg:my-zone> set hostid=80f0c086

  13. Add a ZFS dataset named sales in the storage pool tank.


    zonecfg:my-zone> add dataset

    1. Specify the path to the ZFS dataset sales.


      zonecfg:my-zone> set name=tank/sales

    2. End the dataset specification.


      zonecfg:my-zone> end

  14. (Sparse Root Zone Only) Add a shared file system that is loopback-mounted from the global zone.

    Do not perform this step to create a whole root zone, which does not have any shared file systems. See the discussion for whole root zones in Disk Space Requirements.


    zonecfg:my-zone> add inherit-pkg-dir

    1. Specify that /opt/sfw in the global zone is to be mounted in read-only mode in the zone being configured.


      zonecfg:my-zone:inherit-pkg-dir> set dir=/opt/sfw
      Note –

      The zone's packaging database is updated to reflect the packages. These resources cannot be modified or removed after the zone has been installed using zoneadm.

    2. End the inherit-pkg-dir specification.


      zonecfg:my-zone:inherit-pkg-dir> end

    This step can be performed more than once to add more than one shared file system.

    Note –

    If you want to create a whole root zone but default shared file systems resources have been added by using inherit-pkg-dir, you must remove these default inherit-pkg-dir resources using zonecfg before you install the zone:

    • zonecfg:my-zone> remove inherit-pkg-dir dir=/lib

    • zonecfg:my-zone> remove inherit-pkg-dir dir=/platform

    • zonecfg:my-zone> remove inherit-pkg-dir dir=/sbin

    • zonecfg:my-zone> remove inherit-pkg-dir dir=/usr

  15. (Optional) If you are creating an exclusive-IP zone, set the ip-type.


    zonecfg:my-zone> set ip-type=exclusive
    Note –

    Only the physical device type will be specified in the add net step.

  16. Add a network interface.


    zonecfg:my-zone> add net

    1. (shared-IP only) Set the IP address for the network interface, 192.168.0.1 in this procedure.


      zonecfg:my-zone:net> set address=192.168.0.1

    2. Set the physical device type for the network interface, the hme device in this procedure.


      zonecfg:my-zone:net> set physical=hme0

    3. Solaris 10 10/08: (Optional, shared-IP only) Set the default router for the network interface, 10.0.0.1 in this procedure.


      zonecfg:my-zone:net> set defrouter=10.0.0.1

    4. End the specification.


      zonecfg:my-zone:net> end

    This step can be performed more than once to add more than one network interface.

  17. Add a device.


    zonecfg:my-zone> add device

    1. Set the device match, /dev/sound/* in this procedure.


      zonecfg:my-zone:device> set match=/dev/sound/*

    2. End the device specification.


      zonecfg:my-zone:device> end

    This step can be performed more than once to add more than one device.

  18. Add a zone-wide resource control by using the property name.


    zonecfg:my-zone> set max-sem-ids=10485200

    This step can be performed more than once to add more than one resource control.

  19. Add a comment by using the attr resource type.


    zonecfg:my-zone> add attr

    1. Set the name to comment.


      zonecfg:my-zone:attr> set name=comment

    2. Set the type to string.


      zonecfg:my-zone:attr> set type=string

    3. Set the value to a comment that describes the zone.


      zonecfg:my-zone:attr> set value="This is my work zone."

    4. End the attr resource type specification.


      zonecfg:my-zone:attr> end

  20. Verify the zone configuration for the zone.


    zonecfg:my-zone> verify

  21. Commit the zone configuration for the zone.


    zonecfg:my-zone> commit

  22. Exit the zonecfg command.


    zonecfg:my-zone> exit

    Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.

Using Multiple Subcommands From the Command Line
Tip –

The zonecfg command also supports multiple subcommands, quoted and separated by semicolons, from the same shell invocation.


global# zonecfg -z my-zone "create ; set zonepath=/export/home/my-zone"

Where to Go From Here

See Installing and Booting Zones to install your committed zone configuration.

Script to Configure Multiple Zones

You can use this script to configure and boot multiple zones on your system. The script takes the following parameters:

You must be the global administrator in the global zone to execute the script. The global administrator has superuser privileges in the global zone or assumes the Primary Administrator role.


#!/bin/ksh
#
# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident	"%Z%%M%	%I%	%E% SMI"

if [[ -z "$1" || -z "$2" || -z "$3" ]]; then
		echo "usage: $0 <#-of-zones> <zonename-prefix> <basedir>"
		exit 2
fi

if [[ ! -d $3 ]]; then
		echo "$3 is not a directory"
		exit 1
fi

nprocs=`psrinfo | wc -l`
nzones=$1
prefix=$2
dir=$3

ip_addrs_per_if=`ndd /dev/ip ip_addrs_per_if`
if [ $ip_addrs_per_if -lt $nzones ]; then
		echo "ndd parameter ip_addrs_per_if is too low ($ip_addrs_per_if)"
		echo "set it higher with 'ndd -set /dev/ip ip_addrs_per_if <num>"
		exit 1
fi

i=1
while [ $i -le $nzones ]; do
	zoneadm -z $prefix$i list > /dev/null 2>&1
	if [ $? != 0 ]; then
		echo configuring $prefix$i
		F=$dir/$prefix$i.config
		rm -f $F
		echo "create" > $F
		echo "set zonepath=$dir/$prefix$i" >> $F
		zonecfg -z $prefix$i -f $dir/$prefix$i.config 2>&1 | \
		    sed 's/^/    /g' 
	else
		echo "skipping $prefix$i, already configured"
	fi
	i=`expr $i + 1`
done

i=1
while [ $i -le $nzones ]; do
	j=1
	while [ $j -le $nprocs ]; do
		if [ $i -le $nzones ]; then
			if [ `zoneadm -z $prefix$i list -p | \
			    cut -d':' -f 3` != "configured" ]; then
				echo "skipping $prefix$i, already installed"
			else
				echo installing $prefix$i
				mkdir -pm 0700 $dir/$prefix$i
				chmod 700 $dir/$prefix$i
				zoneadm -z $prefix$i install > /dev/null 2>&1 &
				sleep 1	# spread things out just a tad
			fi
		fi
		i=`expr $i + 1`
		j=`expr $j + 1`
	done
	wait
done

i=1
while [ $i -le $nzones ]; do
	echo setting up sysid for $prefix$i
	cfg=$dir/$prefix$i/root/etc/sysidcfg
	rm -f $cfg
	echo "network_interface=NONE {hostname=$prefix$i}" > $cfg
	echo "system_locale=C" >> $cfg
	echo "terminal=xterms" >> $cfg
	echo "security_policy=NONE" >> $cfg
	echo "name_service=NONE" >> $cfg
	echo "timezone=US/Pacific" >> $cfg
	echo "root_password=Qexr7Y/wzkSbc" >> $cfg  # 'l1a'
	i=`expr $i + 1`
done

i=1
para=`expr $nprocs \* 2`
while [ $i -le $nzones ]; do
	date
	j=1
	while [ $j -le $para ]; do
		if [ $i -le $nzones ]; then
			echo booting $prefix$i
			zoneadm -z $prefix$i boot &
		fi
		j=`expr $j + 1`
		i=`expr $i + 1`
	done
	wait
done

ProcedureHow to Display the Configuration of a Non-Global Zone

You must be the global administrator in the global zone to perform this procedure.

  1. Become superuser, or assume the Primary Administrator role.

    To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

  2. Display the configuration of a zone.


    global# zonecfg -z zonename info

Using the zonecfg Command to Modify a Zone Configuration

You can also use the zonecfg command to do the following:

ProcedureHow to Modify a Resource Type in a Zone Configuration

You can select a resource type and modify the specification for that resource.

Note that the contents of software packages in the inherit-pkg-dir directory cannot be modified or removed after the zone has been installed with zoneadm.

You must be the global administrator in the global zone to perform this procedure.

  1. Become superuser, or assume the Primary Administrator role.

    To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

  2. Select the zone to be modified, my-zone in this procedure.


    global# zonecfg -z my-zone

  3. Select the resource type to be changed, for example, a resource control.


    zonecfg:my-zone> select rctl name=zone.cpu-shares

  4. Remove the current value.


    zonecfg:my-zone:rctl> remove value (priv=privileged,limit=20,action=none)

  5. Add the new value.


    zonecfg:my-zone:rctl> add value (priv=privileged,limit=10,action=none)

  6. End the revised rctl specification.


    zonecfg:my-zone:rctl> end

  7. Commit the zone configuration for the zone.


    zonecfg:my-zone> commit

  8. Exit the zonecfg command.


    zonecfg:my-zone> exit

    Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.

    Committed changes made through zonecfg take effect the next time the zone is booted.

ProcedureSolaris 10 8/07: How to Clear a Property Type in a Zone Configuration

Use this procedure to reset a standalone property.

  1. Become superuser, or assume the Primary Administrator role.

    To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

  2. Select the zone to be modified, my-zone in this procedure.


    global# zonecfg -z my-zone

  3. Clear the property to be changed, the existing pool association in this procedure.


    zonecfg:my-zone> clear pool

  4. Commit the zone configuration for the zone.


    zonecfg:my-zone> commit

  5. Exit the zonecfg command.


    zonecfg:my-zone> exit

    Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.

    Committed changes made through zonecfg take effect the next time the zone is booted.

ProcedureSolaris 10 3/05 Through Solaris 10 11/06: How to Modify a Property Type in a Zone Configuration

Use this procedure to reset a standalone property that does not have related properties to configure. For example, to remove the existing pool association, you can reset the pool resource to null.

  1. Become superuser, or assume the Primary Administrator role.

    To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

  2. Select the zone to be modified, my-zone in this procedure.


    global# zonecfg -z my-zone

  3. Reset the property to be changed, the existing pool association in this procedure.


    zonecfg:my-zone> set pool=""

  4. Commit the zone configuration for the zone.


    zonecfg:my-zone> commit

  5. Exit the zonecfg command.


    zonecfg:my-zone> exit

    Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.

    Committed changes made through zonecfg take effect the next time the zone is booted.

ProcedureSolaris 10 8/07: How to Rename a Zone

This procedure can be used to rename zones that are in either the configured state or the installed state.

You must be the global administrator in the global zone to perform this procedure.

  1. Become superuser, or assume the Primary Administrator role.

    To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

  2. Select the zone to be renamed, my-zone in this procedure.


    global# zonecfg -z my-zone

  3. Change the name of the zone, for example, to newzone.


    zonecfg:my-zone> set zonename=newzone

  4. Commit the change.


    zonecfg:newzone> commit

  5. Exit the zonecfg command.


    zonecfg:newzone> exit

    Committed changes made through zonecfg take effect the next time the zone is booted.

ProcedureHow to Add a Dedicated Device to a Zone

The following specification places a scanning device in a non-global zone configuration.

You must be the global administrator in the global zone to perform this procedure.

  1. Become superuser, or assume the Primary Administrator role.

    To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

  2. Add a device.


    zonecfg:my-zone> add device

  3. Set the device match, /dev/scsi/scanner/c3t4* in this procedure.


    zonecfg:my-zone:device> set match=/dev/scsi/scanner/c3t4*

  4. End the device specification.


    zonecfg:my-zone:device> end

  5. Exit the zonecfg command.


    zonecfg:my-zone> exit

ProcedureHow to Set zone.cpu-shares in the Global Zone

This procedure is used to persistently set shares in the global zone.

You must be the global administrator in the global zone to perform this procedure.

  1. Become superuser, or assume the Primary Administrator role.

    To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

  2. Use the zonecfg command .


    # zonecfg -z global

  3. Set five shares for the global zone.


    zonecfg:global> set cpu-shares=5

  4. Exit zonecfg.


    zonecfg:global> exit

Using the zonecfg Command to Revert or Remove a Zone Configuration

Use the zonecfg command described in zonecfg(1M) to revert a zone's configuration or to delete a zone configuration.

ProcedureHow to Revert a Zone Configuration

While configuring a zone with the zonecfg utility, use the revert subcommand to undo a resource setting made to the zone configuration.

You must be the global administrator in the global zone to perform this procedure.

  1. Become superuser, or assume the Primary Administrator role.

    To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

  2. While configuring a zone called tmp-zone, type info to view your configuration:


    zonecfg:tmp-zone> info

    The net resource segment of the configuration displays as follows:


    .
.
.
fs:
        dir: /tmp
        special: swap
        type: tmpfs
net:
        address: 192.168.0.1
        physical: eri0
device
        match: /dev/pts/*
.
.
.

  3. Remove the net address:


    zonecfg:tmp-zone> remove net address=192.168.0.1

  4. Verify that the net entry has been removed.


    zonecfg:tmp-zone> info


    .
.
.
fs:
        dir: /tmp
        special: swap
        type: tmpfs
device
        match: /dev/pts/*
.
.
.

  5. Type revert.


    zonecfg:tmp-zone> revert

  6. Answer yes to the following question:


    Are you sure you want to revert (y/[n])? y

  7. Verify that the net address is once again present:


    zonecfg:tmp-zone> info


    .
.
.
fs:
        dir: /tmp
        special: swap
        type: tmpfs
net:
        address: 192.168.0.1
        physical: eri0
device
        match: /dev/pts/*
.
.
.

ProcedureHow to Delete a Zone Configuration

Use zonecfg with the delete subcommand to delete a zone configuration from the system.

You must be the global administrator in the global zone to perform this procedure.

  1. Become superuser, or assume the Primary Administrator role.

    To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

  2. Delete the zone configuration for the zone a-zone by using one of the following two methods:

    • Use the -F option to force the action:


      global# zonecfg -z a-zone delete -F

    • Delete the zone interactively by answering yes to the system prompt:


      global# zonecfg -z a-zone delete
Are you sure you want to delete zone a-zone (y/[n])? y