test

System Administration Guide: Oracle Solaris 9 Containers

Chapter 1 Introduction to Solaris 9 Containers

BrandZ provides the framework to create containers that contain non-native operating environments. These containers are branded zones used in the Solaris Operating System to run applications that cannot be run in a native environment. The brand described here is the solaris9 brand, Solaris 9 Containers.

Note –

If you want to create solaris9 zones now, go to Assess the Solaris 9 System.

About Branded Zones

By default, a non-global zone has the same characteristics as the operating system in the global zone, which is running the Solaris 10 Operating System or later Solaris 10 release. These native non-global zones and the global zone share their conformance to standards, runtime behavior, command sets, and performance traits in common.

It is also possible to run a different operating environment inside of a non-global zone. The branded zone (BrandZ) framework extends the Solaris Zones infrastructure to include the creation of brands, or alternative sets of runtime behaviors. Brand can refer to a wide range of operating environments. For example, the non-global zone can emulate another version of the Solaris Operating System, or an operating environment such as Linux. Or, it might augment the native brand behaviors with additional characteristics or features. Every zone is configured with an associated brand.

The brand defines the operating environment that can be installed in the zone and determines how the system will behave within the zone so that the non-native software installed in the zone functions correctly. In addition, a zone's brand is used to identify the correct application type at application launch time. All branded zone management is performed through extensions to the native zones structure. Most administration procedures are identical for all zones.

You can change the brand of a zone in the configured state. Once a branded zone has been installed, the brand cannot be changed or removed.

BrandZ extends the zones tools in the following ways:

Note –

Although you can configure and install branded zones on a Solaris Trusted Extensions system that has labels enabled, you cannot boot branded zones on this system configuration.

Components Defined by the Brand

The following components available in a branded zone are defined by the brand.

Processes Running in a Branded Zone

Branded zones provide a set of interposition points in the kernel that are only applied to processes executing in a branded zone.

A brand can also provide a plug-in library for librtld_db. The plug-in library allows Solaris tools such as the debugger, described in mdb(1), and DTrace, described in dtrace(1M), to access the symbol information of processes running inside a branded zone.

General Zones Characteristics

The container provides a virtual mapping from the application to the platform resources. Zones allow application components to be isolated from one another even though the zones share a single instance of the Solaris Operating System. Resource management features permit you to allocate the quantity of resources that a workload receives.

The container establishes boundaries for resource consumption, such as CPU utilization. These boundaries can be expanded to adapt to changing processing requirements of the application running in the container.

General Zones Concepts

For additional information not in this guide, also refer to the System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones. That book provides a complete overview of Solaris Zones and branded zones.

You should be familiar with the following zones and resource management concepts, which are discussed in the guide:

About Solaris 9 Branded Zones

A Solaris 9 branded zone (solaris9) is a complete runtime environment for Solaris 9 applications on SPARC machines running the Solaris 10 8/07 Operating System or later. The brand supports the execution of 32-bit and 64-bit Solaris 9 applications.

solaris9 branded zones are based on the whole root zone model. Each zone's file system contains a complete copy of the software that comprises the operating system. However, solaris9 zones are different from native whole root zones in that central patching is not applied.

Solaris 10 Features Available to Zones

Many Solaris 10 capabilities are available to the solaris9 zones, including the following:

Limitations

Some functionality available in Solaris 9 is not available inside of Solaris Zones.

General Non-Global Zone Limitations

The following features cannot be configured in a non-global zone:

In addition, a non-global zone cannot be an NFS server, and dynamic reconfiguration (DR) operations can only be done from the global zone.

Limitations Specific to solaris9 Branded Zones

The following limitations apply to solaris9 branded zones:

The following DTrace providers do not work:

Using ZFS

Although the zone cannot use a delegated ZFS dataset, the zone can reside on a ZFS file system. You can add a ZFS file system to share with the global zone through the zonecfg fs resource. See Step 7 in How to Configure a solaris9 Branded Zone.

Note that the setfacl and getfacl commands cannot be used with ZFS. When a cpio archive with ACLs set on the files is unpacked, the archive will receive warnings about not being able to set the ACLs, although the files will be unpacked successfully. These commands can be used with UFS.

Adding Components

You can add the following components to a solaris9 branded zone through the zonecfg command:

Ability to Directly Migrate Installed Systems Into Zones

An existing Solaris 9 system can be directly migrated into a solaris9 branded zone. For more information, see Creating the Image for Directly Migrating Solaris 9 Systems Into Zones.

Figure 1–1 Solaris 9 System Migrated Into a solaris9 Zone

Illustration shows a Solaris 9 system being migrated into a solaris9 container.