The solaris brand uses the branded zones framework described in brands(5) to run zones installed with the same software as is installed in the global zone. The system software must always be in sync with the global zone when using a solaris brand. The system software packages within the zone are managed using the image packaging system. See pkg(5).
The solaris brand supports the whole root non-global zone model. All of the required system software and any additional packages are installed into the private file systems of the zone. The zone must reside on its own zfs (1M) dataset and only ZFS is supported. The ZFS dataset is created automatically when the zone is installed or attached. If a ZFS dataset cannot be created, the zone is not installed or attached.
The following zonecfg(1M) resources and properties are supported by the live zone reconfiguration for this brand:
anet (with exceptions stated below) capped-memory dedicated-cpu device fs net (with exceptions stated below) pool scheduling-class zone.* rctls
The following zonecfg(1M) resources and properties are not supported by the live zone reconfiguration for this brand:
admin anet:allowed-address anet:configure-allowed-address anet:defrouter dataset file-mac-profile fs-allowed limitpriv net:allowed-address net:configure-allowed-address net:defrouter zpool
Any changes made to the listed unsupported resources and properties in the persistent configuration will be ignored by the live zone reconfiguration if they are applied to the running zone.
Any attempts to directly modify listed unsupported resources and properties in the live configuration will be refused.
The following zonecfg(1M) resources and properties are not supported by the solaris brand:
autoshutdown=suspend anet:id device:id net:id virtual-cpu anet:mac
There are specific defaults for properties supported for solaris brand as listed below:
Resource Property Default Value
global zonepath /system/zones/%{zonename}
autoboot false
ip-type exclusive
auto-shutdown shutdown
net configure-allowed-address true
anet mac-address auto
lower-link auto
link-protection mac-nospoof
The following zoneadm (1M) resources and properties are supported by the live zone reconfiguration for solaris brand:
anet (with exceptions stated below) capped-memory dedicated-cpu device fs net (with exceptions stated below) pool scheduling-class zone.* rctls zpool
The following zoneadm (1M) resources and properties are not supported by the live zone reconfiguration for solaris brand:
admin anet:allowed-address anet:configure-allowed-address anet:defrouter dataset file-mac-profile fs-allowed limitpriv net:allowed-address net:configure-allowed-address net:defrouter anet:mac
Any changes made to the listed unsupported resources and properties in the persistent configuration will be ignored by the live zone reconfiguration if they are applied to the running zone.
Any attempts to modify the listed unsupported resources and properties in the live configuration will be refused.
The following solaris brand-specific subcommand options are supported by zoneadm(1M) .
Attach the specified solaris branded zone image into the zone. zoneadm checks package levels on the machine to which the zone is to be attached. If the packages that the zone depends on from the global zone are different (have different revision numbers) from the dependent packages on the source machine, zoneadm reports these conflicts and does not perform the attach.
If the destination system has only newer dependent packages (higher revision numbers) than those on the source system, you can use the –u or –U option to update the dependent packages to match the revision of the packages that exist on the new system.
When attaching a zone, multiple zone boot environments (ZBE s) can exist and the attach subcommand must determine which one to attach. The selection criteria is as follows, with the first match being used.
If the –z option is used to specify a ZBE, it is selected.
If there is only one active ZBE associated with this global zone boot environment, it is selected.
If there is only one active ZBE, it is selected.
If there is only one ZBE, it is selected.
Last booted ZBE is selected.
If there is only one ZBE associated with this global zone boot environment, it is selected.
If the selected ZBE is associated with another global zone boot environment the ZBE is cloned and the clone of the selected ZBE is attached. See beadm(1M) for more information regarding boot environments.
Update the minimal number of packages within the zone to allow the zone's packages to be compatible with the packages installed in the global zone.
Update all packages within the zone to their latest versions which are compatible with the packages installed in the global zone.
Attach the specified existing zone boot environment. If the specified zone boot environment is associated with a different global zone, the specified ZBE is cloned and a clone of the ZBE is attached.
Provides a profile or a directory of profiles to apply after installation from the repository.
All profiles must have an .xml extension.
The solaris brand installer supports installing the zone from either the software repository or from an image of an installed system running the same release. This can be a cpio(1) , pax(1) xustar, or ZFS archive. The cpio or ZFS archive can be compressed with gzip or bzip2. The image can also be a path to the top-level of a system's root tree, or a pre-existing zone path.
If neither the –a nor –d options are specified, the zone is installed from the repository. To install additional packages in a zone the default zone manifest, /usr/share/auto_install/manifest/zone_default.xml , can be copied and edited to include the needed packages. This modified manifest should be specified to install with the –m option.
To install the zone from a system or zone image, either the – a or –d options is required. If required, the software in the image's active ZBE will be updated with the minimal changes required to make it compatible with the global zone's packages. If the –U option is specified, all software in the image's active ZBE will be updated to the latest version compatible with the active ZBE. If either the –a or –d options is used, either the –u or –p option is also required.
The path or file, http, or https URI of a Unified Archive. Alternatively, the path of a cpio(1) , pax(1) xustar, or ZFS archive of an installed global zone or non-global zone.
If a Unified Archive is specified, the –z option may be used to select which archived zone is to be installed. If the Unified Archive is on a secure web server (https URI), –x may be used to specify the path to a PEM-encoded certificate, CA certificate, and/or a key. When installing from a Unified Archive, if neither – u nor –p are specified, the default –p is implied if the archive is a recovery archive. Otherwise, –u is implied.
If a ZFS archive contains multiple boot environments, the active boot environment are installed. If install is unable to determine which boot environment is the active boot environment, install provides a list of boot environments extracted and suggest an attach command that uses the –z option to attach a specific boot environment.
cpio and ZFS archives can be compressed using gzip or bzip2.
Provides a profile or a directory of profiles to apply after installation from the repository.
All profiles must have an .xml extension.
The path to the zonepath directory of a solaris branded zone's zonepath or Solaris 11 global zone root directory.
Manifest file to be specified to the automated installer.
Preserve the system configuration after installing the zone from an archive or a path. If installing from a Unified Archive and the archive is a recovery archive, –p is implied but can be overridden with –u.
-x cert=/path/cert.pem -x cacert=/path/cacert.pem -x key=/path/key.pem
Use the specified certificate, CA certificate, and/or key for https access to the Unified Archive.
If the archive is not a recovery archive, –p will have no effect because the system configuration is not present in the archive.
Install silently.
Unconfigure the system after installing it. If installing from a Unified Archive and the archive is not a recovery archive, this is the default.
Update all packages within the zone to their latest versions which are compatible with the packages installed in the global zone. The –U option may only be used if either of the –a or –d options is used.
Verbose output from the install process.
The following example shows how to create an archive of a global zone, then use that archive to configure and install a non-global zone. The installation process transforms the image of a global zone such that it can work as a non-global zone. This process is commonly referred to as P2V (physical to virtual).
To ensure that the data in the archive does not become stale, it is suggested that applications on the source system be stopped before creating the archive. If this is not done, it may be necessary to synchronize application data after the zone is installed.
First, create a recovery archive of the source system. This assumes the source system has no non-global zones installed.
root@web-1# archiveadm create --recovery /net/images/web-1.uar
Next, configure the zone on the target system using the archive. It may be necessary to further customize the configuration. See examples in zonecfg(1M). Finally, install the zone from the archive.
root@t4-1# zonecfg -z web-1 Use 'create' to begin configuring a new zone. zonecfg:web-1> create -a /net/images/web-1.uar zonecfg:web-1> set zonepath=/zones/web-1 zonecfg:web-1> exit
If there is a preference for not using the interactive mode, you can use the following command:
# zonecfg -z web-1 "create -a /net/images/web-1.uar; set zonepath=/zones/web-1"
If both the source system and newly installed zone have the same IP address or have other potential conflicts, be sure that only one of them is running at a time.
Finally, generate a ZFS replication stream archive that is compressed with gzip. In this example, it is stored on a remote NFS server.
# zfs send -R rpool@p2v | gzip > /net/somehost/p2v/p2v.zfs.gzExample 2 Zone Migration Using a Unified Archive
To ensure that the data in the archive does not become stale, it is suggested that applications on the source zone be stopped or the zone is shutdown before creating the archive. If this is not done, it may be necessary to synchronize application data after the zone is installed.
First, create a recovery archive of the zone. This is best performed from the global zone. If it is performed within the zone, the zone will not be able to be configured from the archive.
root@t4-1# archiveadm create -r -z web-1 /net/images/v2v/web-1.uar
Next, configure the zone on the target system using the archive.
root@t4-2# zonecfg -z web-1 create -a /net/images/v2v/web-1.uar
Finally, install the zone from the archive.
root@t4-2# zoneadm -z web-1 install -a /net/images/v2v/web-1.uar
Be sure to shutdown the zone on the source system before booting it on the target system.
See attributes(5) for a description of the following attributes:
|
cpio(1) , pax(1) , archiveadm(1M) , beadm (1M), sysconfig(1M) , zfs (1M), zlogin(1), zonename(1), zoneadm(1M), zonecfg(1M), attributes(5), brands(5), privileges(5), zones(5)
pkg(5), available in the IPS consolidation