Oracle Solaris Trusted Extensions Configuration Guide

ProcedureInstall, Initialize, and Boot a Labeled Zone by Using CDE Actions

Because zone creation involves copying an entire operating system, the process is time-consuming. A faster process is to create one zone, make the zone a template for other zones, and then copy or clone that zone template.

Before You Begin

You have completed Specify Zone Names and Zone Labels by Using a CDE Action.

If you are using LDAP as your naming service, you have completed Make the Global Zone an LDAP Client in Trusted Extensions.

If you are going to clone zones, you have completed Create ZFS Pool for Cloning Zones. In the following procedure, you install the zone that you prepared.

  1. In the Trusted_Extensions folder, double-click the Install Zone action.

    1. Type the name of the zone that you are installing.

      This action creates a labeled virtual operating system. This step takes some time to finish. Do not do other tasks on the system while Install Zone is running.

      # zone-name: Install Zone
      Preparing to install zone <zone-name>
      Creating list of files to copy from the global zone
      Copying <total> files to the zone
      Initializing zone product registry
      Determining zone package initialization order.
      Preparing to initialize <subtotal> packages on the zone.
      Initializing package <number> of <subtotal>: percent complete: percent
      Initialized <subtotal> packages on zone.
      Zone <zone-name> is initialized.
      The file /zone/internal/root/var/sadm/system/logs/install_log 
      contains a log of the zone installation.
      *** Select Close or Exit from the window menu to close this window ***
    2. Open a console to monitor events in the installed zone.

      1. Double-click the Zone Terminal Console action.

      2. Type the name of the zone that was just installed.

  2. Initialize the zone.

    • If you are using LDAP, double-click the Initialize Zone for LDAP action.

      Zone name:              Type the name of the installed zone
      Host name for the zone: Type the host name for this zone

      For example, on a system with a shared logical interface, the values would be similar to the following:

      Zone name:              public
      Host name for the zone: machine1-zones

      This action makes the labeled zone an LDAP client of the same LDAP server that serves the global zone. The action is complete when the following information appears:

      zone-name zone will be  LDAP client of IP-address
      zone-name is ready for booting
      Zone label is LABEL
      *** Select Close or Exit from the window menu to close this window ***
    • If you are not using LDAP, initialize the zone manually by doing one of the following steps.

      The manual procedure in Trusted Extensions is identical to the procedure for the Solaris OS. If the system has at least one all-zones interface, then the hostname for all the zones must match the global zone's hostname. In general, the answers to the questions during zone initialization are the same as the answers for the global zone.

      Supply the host information by doing one of the following:

      • After you start the zone in Step 3, answer the questions in the Zone Terminal Console about system characteristics.

        Your answers are used to populate the sysidcfg file in the zone.

        Note –

        You must ensure that a route for the Trusted CDE desktop exists from the labeled zone to the global zone. For the procedure, see Resolve Local Zone to Global Zone Routing in Trusted CDE.

      • Place a custom sysidcfg file in the zone's /etc directory before booting the zone in Step 3.

  3. Double-click the Start Zone action.

    Answer the prompt.

    Zone name: Type the name of the zone that you are configuring

    This action boots the zone, then starts all the services that run in the zone. For details about the services, see the smf(5) man page.

    The Zone Terminal Console tracks the progress of booting the zone. Messages that are similar to the following appear in the console:

    [Connected to zone 'public' console]
    [NOTICE: Zone booting up]
    Hostname: zonename
    Loading smf(5) service descriptions: number/total
    Creating new rsa public/private host key pair
    Creating new dsa public/private host key pair
    rebooting system due to change(s) in /etc/default/init
    [NOTICE: Zone rebooting]
  4. Monitor the console output.

    Before continuing with Customize a Booted Zone in Trusted Extensions, make sure that the zone has rebooted. The following console login prompt indicates that the zone has rebooted.

    hostname console login:

For Install Zone: If warnings that are similar to the following are displayed: Installation of these packages generated errors: SUNWpkgname, read the install log and finish installing the packages.