This chapter discusses logging in to zones, using sysidcfg to complete system identification, making modifications to /etc/system, and using ssh X11 forwarding in a solaris9 zone.
Note that you perform the internal zone configuration when you log in to the sys-unconfig zone for the first time. This is described in Internal Zone Configuration in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones.
When responding to the system question asking whether the time is correct, do not modify the time displayed. If you modify the time, the system identification will fail and return to the time setting prompt, because non-global zones cannot modify the system clock by default. You must also accept the network configuration already specified in zonecfg for shared-IP zones.
If you plan to use an /etc/sysidcfg file to perform initial zone configuration, as described in How to Use an /etc/sysidcfg File to Perform the Initial Zone Configuration in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones, create the sysidcfg file and place it the zone's /etc directory before you boot the zone.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
Use the zlogin command with the -C option and the name of the zone, s9-zone in this procedure.
global# zlogin -C s9-zone |
From another terminal window, boot the zone.
global# zoneadm -z s9-zone boot |
You will see a display similar to the following in the zlogin window:
[NOTICE: Zone booting up] |
The first time you log in to the console, you are prompted to answer a series of questions. Your screen will look similar to this:
SunOS Release 5.9 Version Generic_Virtual 64-bit Copyright 1983-2000 Sun Microsystems, Inc. All rights reserved Use is subject to license terms. Hostname: s9-zone Select a Language 0. English 1. fr Please make a choice (0 - 1), or press h or ? for help: Select a Locale 0. English (C - 7-bit ASCII) 1. Canada-English (ISO8859-1) 2. Thai 3. U.S.A. (en_US.ISO8859-1) 4. U.S.A. (en_US.ISO8859-15) 5. Go Back to Previous Screen Please make a choice (0 - 5), or press h or ? for help: What type of terminal are you using? 1) ANSI Standard CRT 2) DEC VT52 3) DEC VT100 4) Heathkit 19 5) Lear Siegler ADM31 6) PC Console 7) Sun Command Tool 8) Sun Workstation 9) Televideo 910 10) Televideo 925 11) Wyse Model 50 12) X Terminal Emulator (xterms) 13) Other Type the number of your choice and press Return: 12 . . . |
For the approximate list of questions you must answer, see Internal Zone Configuration in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones.
(Optional) If you are not using two windows as described in step 3, you might have missed the initial prompt for configuration information. If you see the following system message at zone login instead of a prompt:
[connected to zone zonename console] |
Press Return to display the prompt again.
If you enter an incorrect response and try to restart the configuration, you might experience difficulty when you attempt the process again. This occurs because the sysidtools can store your previous responses.
If this happens, use the following workaround from the global zone to restart the configuration process.
global# zlogin -S zonename /usr/sbin/sys-unconfig |
For more information on the sys-unconfig command, see the sys-unconfig(1M) man page.
Solaris 9 patches can be applied to the Solaris 9 environment from within the container, using the same process as on a standalone system. Obtain the patch and, while running in the solaris9 zone, run patchadd to install the patch. Note that because the kernel is actually a Solaris 10 kernel, patches that alter any Solaris 9 kernel bits will not take effect. In this case, the equivalent Solaris 10 patch should be applied in the global zone if needed. Even though Solaris 9 patches delivering kernel updates have no effect within the zone, they are still required to satisfy patch dependencies.
For more information on patching Solaris 9 systems, see Chapter 24 Managing Solaris Patches (Overview) in System Administration Guide: Basic Administration.
In Solaris 9, System V and file descriptor limits are tuned by modifying /etc/system and rebooting the machine to have the modifications take effect. In Solaris 10, these limits can be tuned dynamically through resource controls.
For a solaris9 branded zone, the contents of /etc/system are used to set project and process resource controls when the zone boots. If /etc/system is not tuned, the default file descriptor and System V limits from Solaris 9 are used.
The effective limits within the zone will be the lower of the zone's /etc/system or the zone's zonecfg settings. To view the effective limits, run the sysdef command described in the sysdef(1M) in the zone.
You must be the zone administrator to modify /etc/system within the solaris9 branded zone. and reboot it to have the changes take effect. Because /etc/systemcan be modified within the zone, the global administrator can use the zonecfg command from the global zone to set limits for the zone.
Use the prctl command from the global zone to view the default resource control settings. The example shows that the default settings on the init process restrict the System V limits.
global# prctl `pgrep -x init -z s9zone` ... process.max-msg-messages privileged 40 - deny - system 4.29G max deny - process.max-msg-qbytes privileged 4.00KB - deny - system 16.0EB max deny - process.max-sem-ops privileged 10 - deny - system 2.15G max deny - process.max-sem-nsems privileged 25 - deny - system 32.8K max deny - process.max-file-descriptor basic 256 - deny 10485 privileged 1.02K - deny - system 2.15G max deny - ... project.max-shm-memory privileged 100MB - deny - system 16.0EB max deny - project.max-shm-ids privileged 100 - deny - system 16.8M max deny - project.max-msg-ids privileged 50 - deny - system 16.8M max deny - project.max-sem-ids privileged 10 - deny - system 16.8M max deny - ... |
For applications that require these tunings to be increased, the zone administrator can modify /etc/system within the solaris9 branded zone, and reboot it. This procedure is identical to that used to increase tunings on a native Solaris 9 system.
The zonecfg command can be used from the global zone to restrict the System V limits within the zone.
You must be the global administrator in the global zone to perform these procedures.
global# zonecfg -z mys9zone set max-shm-memory=100m |
If you use zonecfg after initial zone creation, reboot the zone to have the change take effect.
global# zoneadm -z mys9zone reboot |
ssh X11 forwarding is the preferred method for running Solaris 9 X11 applications, including 3-D and graphics intensive applications, within a solaris9 zone. 3-D applications can only be run on a system that supports 3-D graphics in the global zone.
To use X11 forwarding, you must meet the following requirements:
Networking must be enabled for the solaris9 zone
Because Solaris 9 does not include the ssh login by default, ssh must be downloaded and installed in the zone.
Become superuser, or assume the Primary Administrator role.
Enable networking in the zone as described in How to Configure a solaris9 Branded Zone.
Download ssh from www.openssh.org, www.sunfreeware.com or www.blastwave.com and install it in the zone.
When ssh is running in the zone, log directly into the X server running on the console of the global zone.
To enable ssh X11 forwarding and run X applications remotely, use the following command:
# ssh -X zone_host_name |
Any application that delivers its own Xserver extensions will not work with ssh -X forwarding and is not currently supported within solaris9 branded zones.