You use the zonecfg command described in the zonecfg(1M) man page to perform the following actions.
Create the zone configuration
Verify that all required information is present
Commit the non-global zone configuration
The zonecfg command can also be used to persistently specify the resource management settings for the global zone.
While configuring a zone with the zonecfg utility, you can use the revert subcommand to undo the setting for a resource. See How to Revert a Zone Configuration.
A script to configure multiple zones on your system is provided in Script to Configure Multiple Zones.
To display a non-global zone's configuration, see How to Display the Configuration of a Non-Global Zone.
Note that the only required elements to create a native non-global zone are the zonename and zonepath properties. Other resources and properties are optional. Some optional resources also require choices between alternatives, such as the decision to use either the dedicated-cpu resource or the capped-cpu resource. See Zone Configuration Data for information on available zonecfg properties and resources.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Set up a zone configuration with the zone name you have chosen.
The name my-zone is used in this example procedure.
global# zonecfg -z my-zone |
If this is the first time you have configured this zone, you will see the following system message:
my-zone: No such zone configured Use 'create' to begin configuring a new zone. |
Create the new zone configuration.
This procedure uses the default settings.
zonecfg:my-zone> create |
Set the zone path, /export/home/my-zone in this procedure.
zonecfg:my-zone> set zonepath=/export/home/my-zone |
Do not place the zonepath on ZFS for releases prior to the Solaris 10 10/08 release.
Set the autoboot value.
If set to true, the zone is automatically booted when the global zone is booted. Note that for the zones to autoboot, the zones service svc:/system/zones:default must also be enabled. The default value is false.
zonecfg:my-zone> set autoboot=true |
Set persistent boot arguments for a zone.
zonecfg:my-zone> set bootargs="-m verbose" |
Dedicate one CPU to this zone.
zonecfg:my-zone> add dedicated-cpu |
Revise the default set of privileges.
zonecfg:my-zone> set limitpriv="default,sys_time" |
This line adds the ability to set the system clock to the default set of privileges.
Set the scheduling class to FSS.
zonecfg:my-zone> set scheduling-class=FSS |
Add a memory cap.
zonecfg:my-zone> add capped-memory |
Add a file system.
zonecfg:my-zone> add fs |
Set the mount point for the file system, /usr/local in this procedure.
zonecfg:my-zone:fs> set dir=/usr/local |
Specify that /opt/zones/my-zone/local in the global zone is to be mounted as /usr/local in the zone being configured.
zonecfg:my-zone:fs> set special=/opt/zones/my-zone/local |
In the non-global zone, the /usr/local file system will be readable and writable.
Specify the file system type, lofs in this procedure.
zonecfg:my-zone:fs> set type=lofs |
The type indicates how the kernel interacts with the file system.
End the file system specification.
zonecfg:my-zone:fs> end |
This step can be performed more than once to add more than one file system.
(Optional) Set the hostid.
zonecfg:my-zone> set hostid=80f0c086 |
Add a ZFS dataset named sales in the storage pool tank.
zonecfg:my-zone> add dataset |
(Sparse Root Zone Only) Add a shared file system that is loopback-mounted from the global zone.
Do not perform this step to create a whole root zone, which does not have any shared file systems. See the discussion for whole root zones in Disk Space Requirements.
zonecfg:my-zone> add inherit-pkg-dir |
Specify that /opt/sfw in the global zone is to be mounted in read-only mode in the zone being configured.
zonecfg:my-zone:inherit-pkg-dir> set dir=/opt/sfw |
The zone's packaging database is updated to reflect the packages. These resources cannot be modified or removed after the zone has been installed using zoneadm.
End the inherit-pkg-dir specification.
zonecfg:my-zone:inherit-pkg-dir> end |
This step can be performed more than once to add more than one shared file system.
If you want to create a whole root zone but default shared file systems resources have been added by using inherit-pkg-dir, you must remove these default inherit-pkg-dir resources using zonecfg before you install the zone:
zonecfg:my-zone> remove inherit-pkg-dir dir=/lib
zonecfg:my-zone> remove inherit-pkg-dir dir=/platform
zonecfg:my-zone> remove inherit-pkg-dir dir=/sbin
zonecfg:my-zone> remove inherit-pkg-dir dir=/usr
(Optional) If you are creating an exclusive-IP zone, set the ip-type.
zonecfg:my-zone> set ip-type=exclusive |
Only the physical device type will be specified in the add net step.
Add a network interface.
zonecfg:my-zone> add net |
(shared-IP only) Set the IP address for the network interface, 192.168.0.1 in this procedure.
zonecfg:my-zone:net> set address=192.168.0.1 |
Set the physical device type for the network interface, the hme device in this procedure.
zonecfg:my-zone:net> set physical=hme0 |
Solaris 10 10/08: (Optional, shared-IP only) Set the default router for the network interface, 10.0.0.1 in this procedure.
zonecfg:my-zone:net> set defrouter=10.0.0.1 |
End the specification.
zonecfg:my-zone:net> end |
This step can be performed more than once to add more than one network interface.
Add a device.
zonecfg:my-zone> add device |
Set the device match, /dev/sound/* in this procedure.
zonecfg:my-zone:device> set match=/dev/sound/* |
End the device specification.
zonecfg:my-zone:device> end |
This step can be performed more than once to add more than one device.
Add a zone-wide resource control by using the property name.
zonecfg:my-zone> set max-sem-ids=10485200 |
This step can be performed more than once to add more than one resource control.
Add a comment by using the attr resource type.
zonecfg:my-zone> add attr |
Set the name to comment.
zonecfg:my-zone:attr> set name=comment |
Set the type to string.
zonecfg:my-zone:attr> set type=string |
Set the value to a comment that describes the zone.
zonecfg:my-zone:attr> set value="This is my work zone." |
End the attr resource type specification.
zonecfg:my-zone:attr> end |
Verify the zone configuration for the zone.
zonecfg:my-zone> verify |
Commit the zone configuration for the zone.
zonecfg:my-zone> commit |
Exit the zonecfg command.
zonecfg:my-zone> exit |
Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.
The zonecfg command also supports multiple subcommands, quoted and separated by semicolons, from the same shell invocation.
global# zonecfg -z my-zone "create ; set zonepath=/export/home/my-zone" |
See Installing and Booting Zones to install your committed zone configuration.
You can use this script to configure and boot multiple zones on your system. The script takes the following parameters:
The number of zones to be created
The zonename prefix
The directory to use as the base directory
You must be the global administrator in the global zone to execute the script. The global administrator has superuser privileges in the global zone or assumes the Primary Administrator role.
#!/bin/ksh # # Copyright 2006 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "%Z%%M% %I% %E% SMI" if [[ -z "$1" || -z "$2" || -z "$3" ]]; then echo "usage: $0 <#-of-zones> <zonename-prefix> <basedir>" exit 2 fi if [[ ! -d $3 ]]; then echo "$3 is not a directory" exit 1 fi nprocs=`psrinfo | wc -l` nzones=$1 prefix=$2 dir=$3 ip_addrs_per_if=`ndd /dev/ip ip_addrs_per_if` if [ $ip_addrs_per_if -lt $nzones ]; then echo "ndd parameter ip_addrs_per_if is too low ($ip_addrs_per_if)" echo "set it higher with 'ndd -set /dev/ip ip_addrs_per_if <num>" exit 1 fi i=1 while [ $i -le $nzones ]; do zoneadm -z $prefix$i list > /dev/null 2>&1 if [ $? != 0 ]; then echo configuring $prefix$i F=$dir/$prefix$i.config rm -f $F echo "create" > $F echo "set zonepath=$dir/$prefix$i" >> $F zonecfg -z $prefix$i -f $dir/$prefix$i.config 2>&1 | \ sed 's/^/ /g' else echo "skipping $prefix$i, already configured" fi i=`expr $i + 1` done i=1 while [ $i -le $nzones ]; do j=1 while [ $j -le $nprocs ]; do if [ $i -le $nzones ]; then if [ `zoneadm -z $prefix$i list -p | \ cut -d':' -f 3` != "configured" ]; then echo "skipping $prefix$i, already installed" else echo installing $prefix$i mkdir -pm 0700 $dir/$prefix$i chmod 700 $dir/$prefix$i zoneadm -z $prefix$i install > /dev/null 2>&1 & sleep 1 # spread things out just a tad fi fi i=`expr $i + 1` j=`expr $j + 1` done wait done i=1 while [ $i -le $nzones ]; do echo setting up sysid for $prefix$i cfg=$dir/$prefix$i/root/etc/sysidcfg rm -f $cfg echo "network_interface=NONE {hostname=$prefix$i}" > $cfg echo "system_locale=C" >> $cfg echo "terminal=xterms" >> $cfg echo "security_policy=NONE" >> $cfg echo "name_service=NONE" >> $cfg echo "timezone=US/Pacific" >> $cfg echo "root_password=Qexr7Y/wzkSbc" >> $cfg # 'l1a' i=`expr $i + 1` done i=1 para=`expr $nprocs \* 2` while [ $i -le $nzones ]; do date j=1 while [ $j -le $para ]; do if [ $i -le $nzones ]; then echo booting $prefix$i zoneadm -z $prefix$i boot & fi j=`expr $j + 1` i=`expr $i + 1` done wait done |
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.
Display the configuration of a zone.
global# zonecfg -z zonename info |