Chapter 22 Logging In to Non-Global Zones (Tasks)
This chapter provides procedures for completing the configuration of an installed zone, logging into a zone from the global zone, and shutting down a zone. This chapter also shows how to use the zonename command to print the name of the current zone
For an introduction to the zone login process, see Chapter 21, Non-Global Zone Login (Overview).
Initial Zone Boot and Zone Login Procedures (Task Map)
|
Task |
Description |
For Instructions |
|---|---|---|
|
Perform the internal configuration. |
Log in to the zone console or use an /etc/sysidcfg file to perform the initial zone configuration. | |
|
Log in to the zone. |
You can log into a zone through the console, by using interactive mode to allocate a pseudo-terminal, or by supplying a command to be run in the zone. Supplying a command to be run does not allocate a pseudo-terminal. You can also log in by using failsafe mode when a connection to the zone is denied. | |
|
Exit a non-global zone. |
Disconnect from a non-global zone. | |
|
Shut down a zone. |
Shut down a zone by using the shutdown utility or a script. | |
|
Print the zone name. |
Print the zone name of the current zone. |
Performing the Initial Internal Zone Configuration
You must configure the zone using one of the following methods:
-
Log into the zone and configure it as described in Internal Zone Configuration.
-
Configure the zone using an /etc/sysidcfg file as described in How to Use an /etc/sysidcfg File to Perform the Initial Zone Configuration.
Tip –
After you have performed the internal configuration, it is a good idea to make a copy of the non-global zone's configuration. You can use this backup to restore the zone in the future. As superuser or Primary Administrator, print the configuration for the zone my-zone to a file. This example uses a file named my-zone.config.
global# zonecfg -z my-zone export > my-zone.config |
See How to Restore an Individual Non-Global Zone for more information.
How to Log In to the Zone Console to Perform
the Internal Zone Configuration
You must be the global administrator in the global zone to perform this procedure.
-
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
-
Use the zlogin command with the -C option and the name of the zone, my-zone in this procedure.
global# zlogin -C my-zone
-
From another terminal window, boot the zone.
global# zoneadm -z my-zone boot
You will see a display similar to the following in the zlogin window:
[NOTICE: Zone booting up]
-
The first time you log in to the console, you are prompted to answer a series of questions. Your screen will look similar to this:
SunOS Release 5.10 Version Generic 64-bit Copyright 1983-2006 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Hostname: my-zone Loading smf(5) service descriptions: Select a Language 1. English 2. es 2. fr Please make a choice (0 - 1), or press h or ? for help: Select a Locale 1. English (C - 7-bit ASCII) 2. Canada (English) (UTF-8) 4. U.S.A. (UTF-8) 5. U.S.A. (en_US.ISO8859-1) 6. U.S.A. (en_US.ISO8859-15) 7. Go Back to Previous Screen Please make a choice (0 - 9), or press h or ? for help: What type of terminal are you using? 1) ANSI Standard CRT 2) DEC VT52 3) DEC VT100 4) Heathkit 19 5) Lear Siegler ADM31 6) PC Console 7) Sun Command Tool 8) Sun Workstation 9) Televideo 910 10) Televideo 925 11) Wyse Model 50 12) X Terminal Emulator (xterms) 13) CDE Terminal Emulator (dtterm) 14) Other Type the number of your choice and press Return: 13 . . .For the complete list of questions you must answer, see Internal Zone Configuration.
-
(Optional) If you are not using two windows as described in step 3, you might have missed the initial prompt for configuration information. If you see the following system message at zone login instead of a prompt:
[connected to zone zonename console]
Press Return to display the prompt again.
If you enter an incorrect response and try to restart the configuration, you might experience difficulty when you attempt the process again. This occurs because the sysidtools can store your previous responses.
If this happens, use the following workaround from the global zone to restart the configuration process.
global# zlogin -S zonename /usr/sbin/sys-unconfig
For more information on the sys-unconfig command, see the sys-unconfig(1M) man page.
How to Use an /etc/sysidcfg File
to Perform the Initial Zone Configuration
Solaris 10 8/07: The keyword nfs4_domain was added. Example files show this keyword. Step 4 below shows an additional step if you are running an earlier release.
You must be the global administrator in the global zone to perform this procedure.
-
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
-
From the global zone, change directories to the non-global zone's /etc directory:
global# cd /export/home/my-zone/root/etc
-
Create the sysidcfg file and place it in this directory.
The file will look similar to the following:
-
For a shared-IP zone:
system_locale=C terminal=dtterm network_interface=primary { hostname=my-zone } security_policy=NONE name_service=NIS { domain_name=special.example.com name_server=bird(192.168.112.3) } nfs4_domain=domain.com timezone=US/Central root_password=m4qtoWN -
For an exclusive-IP zone with a static IP configuration:
system_locale=C terminal=dtterm network_interface=primary { hostname=my-zone default_route=10.10.10.1 ip_address=10.10.10.13 netmask=255.255.255.0 } nfs4_domain=domain.com timezone=US/Central root_password=m4qtoWN -
For an exclusive-IP zone with DHCP and IPv6 option:
system_locale=C terminal=dtterm network_interface=primary { dhcp protocol_ipv6=yes } security_policy=NONE name_service=DNS { domain_name=example.net name_server=192.168.224.11,192.168.224.33 } nfs4_domain=domain.com timezone=US/Central root_password=m4qtoWN
-
-
If you are running a release earlier than Solaris 10 8/07, you will not have the keyword nfs4_domain in your sysidcfg file. By default, a separate module will request the NFSv4 domain parameter used by the nfsmapid command. To complete a hands-off initial zone configuration, edit the file default/nfs, uncomment the NFSMAPID_DOMAIN parameter, and set the domain to the desired NFSv4 domain:
global# vi default/nfs . . . NFSMAPID_DOMAIN=domain
Create the file .NFS4inst_state.domain in this directory to indicate that the NFSv4 domain has been set:
global# touch .NFS4inst_state.domain
For more information on the NFSv4 domain parameter, see the nfsmapid(1M) man page.
-
Boot the zone.
See Also
See the sysidcfg(4) man page for more information.
Logging In to a Zone
Use the zlogin command to log in from the global zone to any zone that is running or in the ready state. See the zlogin(1) man page for more information.
You can log in to a zone in various ways, as described in the following procedures. You can also log in remotely, as described in Remote Login.
How to Log In to the Zone Console
You must be the global administrator in the global zone to perform this procedure.
-
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
-
Use the zlogin command with the -C option and the name of the zone, for example, my-zone.
global# zlogin -C my-zone
Note –If you start the zlogin session immediately after issuing the zoneadm boot command, boot messages from the zone will display:
SunOS Release 5.10 Version Generic 64-bit Copyright 1983-2005 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. starting rpc services: rpcbind done. syslog service starting. The system is ready.
-
When the zone console displays, log in as root, press Return, and type the root password when prompted.
my-zone console login: root Password:
How to Use Interactive Mode to Access a Zone
In interactive mode, a new pseudo-terminal is allocated for use inside the zone.
You must be the global administrator in the global zone to perform this procedure.
-
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
-
From the global zone, log in to the zone, for example, my-zone.
global# zlogin my-zone
Information similar to the following will display:
[Connected to zone 'my-zone' pts/2] Last login: Wed Jul 3 16:25:00 on console Sun Microsystems Inc. SunOS 5.10 Generic June 2004
-
Type exit to close the connection.
You will see a message similar to the following:
[Connection to zone 'my-zone' pts/2 closed]
How to Use Non-Interactive Mode to Access
a Zone
Non-interactive mode is enabled when the user supplies a command to be run inside the zone. Non-interactive mode does not allocate a new pseudo-terminal.
Note that the command or any files that the command acts upon cannot reside on NFS.
You must be the global administrator in the global zone to perform this procedure.
-
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
-
From the global zone, log in to the my-zone zone and supply a command name.
The command zonename is used here.
global# zlogin my-zone zonename
You will see the following output:
my-zone
How to Exit a Non-Global Zone
See Also
For more information about zlogin command options, see zlogin(1).
How to Use Failsafe Mode to Enter a Zone
When a connection to the zone is denied, the zlogin command can be used with the -S option to enter a minimal environment in the zone.
You must be the global administrator in the global zone to perform this procedure.
-
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
-
From the global zone, use the zlogin command with the -S option to access the zone, for example, my-zone.
global# zlogin -S my-zone
How to Use zlogin to
Shut Down a Zone
Note –
Running init 0 in the global zone to cleanly shut down a Solaris system also runs init 0 in each of the non-global zones on the system. Note that init 0 does not warn local and remote users to log off before the system is taken down.
Use this procedure to cleanly shut down a zone. To halt a zone without running shutdown scripts, see How to Halt a Zone.
You must be the global administrator in the global zone to perform this procedure.
-
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
-
Log in to the zone to be shut down, for example, my-zone, and specify shutdown as the name of the utility and init 0 as the state.
global# zlogin my-zone shutdown -y -g0 -i 0
Your site might have its own shutdown script, tailored for your specific environment.
Using shutdown in Non-Interactive Mode
You cannot use the shutdown command in non-interactive mode to place the zone in single-user state at this time. See CR 6214427 for more information.
You can use an interactive login as described in How to Use Interactive Mode to Access a Zone.
Switching the Non-Global Zone to a Different Networking Service Configuration
This zone was installed with the open networking configuration described in Chapter 19, Managing Services (Tasks), in System Administration Guide: Basic Administration. You can switch the zone to the limited networking configuration, or enable or disable individual services in the zone.
How to Switch the Zone to the Limited Networking Service
Configuration
-
From the global zone, log in to the zone, for example, my-zone.
global# zlogin my-zone
-
Run the netservices command to switch the zone to the limited networking configuration.
my-zone# /usr/sbin/netservices limited
You will see a display similar to the following. Respond y to the prompt to restart dtlogin.
restarting syslogd restarting sendmail dtlogin needs to be restarted. Restart now? [Y] y restarting dtlogin
How to Enable a Specific Service in a Zone
-
From the global zone, log in to the zone, for example, my-zone.
global# zlogin my-zone
-
Run the svcadm command to enable physical memory control using the resource capping daemon.
my-zone# svcadm enable svc:/system/rcap:default
-
List the services to verify that rcapd is enabled.
my-zone# svcs -a . . . online 14:04:21 svc:/system/rcap:default . . .
Printing the Name of the Current Zone
The zonename command described in the zonename(1) man page prints the name of the current zone. The following example shows the output when zonename is used in the global zone.
# zonename global |
- © 2010, Oracle Corporation and/or its affiliates