This section contains examples of how to set selected zone properties and resources. All the examples assume the following:
You have been granted the appropriate rights or role.
You are in a profile shell.
You apply the settings either through the zoneadm apply command or by rebooting the zone.
The examples also show how to display the configurations that you set by using the zonecfg info syntax as described in Using the zonecfg Command.
Limiting the resources that a zone can use helps you to manage resource usage between the non-global zone and the global zone, or among multiple zones on the host. You can better allocate resources among the different zones so that each zone has only what it needs to fulfill its purpose.
This example shows how to dedicate specific CPUs or assign a range of CPUs for the zone to use.
global$ zonecfg -z zoneA zonecfg:zoneA> add dedicated-cpu zonecfg:zoneA:dedicated-cpu> set ncpus=1-2 zonecfg:zoneA:dedicated-cpu> set importance=10 zonecfg:zoneA:dedicated-cpu> end zonecfg:zoneA> info ... dedicated-cpu: ncpus: 1-2 importance: 10 ... zonecfg:zoneA> exit global$ Reboot or run zoneadm apply command.Example 4 Making Persistent Changes to a Running Zone
This example specifies zonecfg commands to set the cpu-shares resource, clear the pool resource settings, and add an anet resource for the running zone zone1, then applies the changes to the persistent zone configuration.
global$ pfbash zonecfg -z zone1 "set cpu-shares=4;clear pool;add anet;" global$ zoneadm -z zone1 apply zone1: Checking: set property cpu-shares=4 zone1: Checking: clear property pool zone1: Checking: add anet linkname=myanet0 zone1: Applying changes
This example shows how to set limits for memory, swap memory, and locked memory.
global$ zonecfg -z zoneA zonecfg:zoneA> add capped-memory zonecfg:zoneA:capped-memory> set physical=1g zonecfg:zoneA:capped-memory> set swap=2g zonecfg:zoneA:capped-memory> set locked=500m zonecfg:zoneA:capped-memory> end zonecfg:zoneA> info ... capped-memory: physical: 1G [swap: 2G] [locked: 500M] rctl 0: name: zone.max-swap value: (priv=privileged,limit=2147483648,action=deny) rctl 1: name: zone.max-locked-memory value: (priv=privileged,limit=524288000,action=deny) ... zonecfg:zoneA> exit global$ Reboot or run zoneadm apply command.
You can add multiple file systems for zone use through the fs resource. This resource has multiple file system types. The following examples show how to use the LOFS and UFS file types. For examples of using ZFS, the default file system type, see Configuring the dataset Property on solaris Zones.Example 5 Sharing a Directory With the Global Zone
This example specifically involves the type called loopback file system (lofs) which enables a zone to share a directory with the global zone. The lofs file system type is also used to grant zone access to media such as a DVD drive.
Suppose that you want to grant zone access to the /opt/mysoftware directory in the global zone. In the example's different commands, special identifies the global directory to be shared, dir specifies the mount point in the zone through which the global directory is accessed, and options specifies the zone permissions (read-only) in the shared directory. The read-only permission prevents users in the non-global zone from making changes to the global zone directory.
global$ zonecfg -z zoneA zonecfg:zoneA> add fs zonecfg:zoneA:fs> set type=lofs zonecfg:zoneA:fs> set special=/opt/mysoftware zonecfg:zoneA:fs> set dir=/usr/software zonecfg:zoneA:fs> set options=ro zonecfg:zoneA:fs> end zonecfg:zoneA> info ... fs 0: dir: /usr/software special: /opt/mysoftware raw not specified type: lofs options: [ro] ... zonecfg:zoneA> exit global$ Reboot or run zoneadm apply command.Example 6 Assigning a UNIX File System to a Zone
The fs resource also supports UNIX file systems (UFS). Suppose that you have a UFS file system on the slice /dev/rdsk/c1t1d0s0. This example shows how to make that file system available to the zone.
In the example, special identifies the block device path of the UFS file system, raw is the raw device path where the fsck process is run, and dir is the mount point of the file system for the zone.
global$ zonecfg -z zoneA zonecfg:zoneA> add fs zonecfg:zoneA:fs> set type=ufs zonecfg:zoneA:fs> set special=/dev/dsk/c1t1d0s0 zonecfg:zoneA:fs> set raw=/dev/rdsk/c1t1d0s0 zonecfg:zoneA:fs> set dir=/data zonecfg:zoneA:fs> end zonecfg:zoneA> exit global$ zonecfg -z zoneA info ... fs 0 dir: /usr/software special: /opt/mysoftware raw not specified type: lofs options: [ro] fs 1 dir: /data special: /dev/dsk/c1t1d0s0 raw: /dev/rdsk/c1t1d0s0 type: ufs options: [ ] ... global$Reboot or run zoneadm apply command.
The hwprovider property indicates the current hardware manufacturer string. To determine the value in a solaris10 branded zone, review the output of the prtconf command or the sysinfo(SI_HW_PROVIDER, ..) system call. You can also use the zonecfg -z solaris10brandedzonename info -a command.
Use the zonecfg command to set or clear the string in the zone.
To set the string in the zone, use the following command:
zonecfg> set hwprovider = "Sun_Microsystems"
To clear the string and use the global zone string:
zonecfg> clear hwprovider
For more information, see hwprovider Global Property (solaris10 Only) in Oracle Solaris Zones Configuration Resources.
You can set time values in non-global zones that are different from the value in the global zone by using the Network Time Protocol (NTP). Two features interact, the global-time property for the zone and the sys_time privilege on the time-setting process. While you can set different times in non-global zones, if the time is changed in the global zone, the non-global zones time are offset by the same amount.
NTP can be run from any zone, affecting only the zone in which the command is run. When running NTP across a system with non-global zones that have different times, run NTP in the global zone to synchronize all the non- global zone clocks that just run at an offset. The effect of NTP changing the time through clock modulation in the global zone will transfer to a non global-zone as well.
When NTP is run inside the zone with global-time set to false, the ntp_adjtime() and adjtime() system calls cannot be used to make corrections to the zone time. When global-time is set to false, NTP synchronizes the time by adjusting the clock to a given value.
When NTP is run inside the zone with global-time set to true, NTP can modulate the system clock through the ntp_adjtime() and adjtime() system calls. The true setting preserves keeping system time in tight synchronization with the zone.
For more information about the global-time property, see global-time Global Property (solaris and solaris10 Only) in Oracle Solaris Zones Configuration Resources. For information about setting the time, see the date(1) man page. For more information about privileges, see Privileges in a Non-Global Zone. For more information about adjtime() and ntp_adjtime(), see the adjtime(2) and ntp_adjtime(2) man pages.