Solaris Zones

Solaris Zones
• Introduction to Zones
• Types of zones
• Zone States
• Zone Features
• Configuring a Zone
• Installing a Zone
 Introduction to Zones
• New feature of Solaris 10
• Provide a virtual operating system
environment within a physical instance of
Solaris 10
• Applications can run in an isolated, and
secure environment.
• Even a privileged user in a zone can’t
monitor or access process running in a
different zone.
 Types of Zones
• Global
• Default zone – used for system wide configuration
and control – Every system contains a global zone
and there can be only one Global zone on a
physical Solaris Server.
• Non-Global
• Created from Global zone & managed by it – 8192
non-Global zones on a single physical system
 Zone States
• Configured
• When the configuration is completed & the storage is committed.
• Incomplete
• A zone is set to this state during an install or uninstall operation.
Upon completion of the operation, it changes to the correct state.
• Installed
• Confirmed configuration-packages are installed under zone’s root
path-but no virtual platform associated with it.
• Ready
• Virtual platform is established. The kernel creates the zsched
process-network interfaces are plumbed & file system are mounted-
The system assigns a zone ID-but no processes associated with
this zone.
• Running
• A zone enters this state when the first user process is created. This
is the normal state for an operational zone.
• Shutting Down + Down
• Transitional states that are only visible while a zone is in the
process of being halted. If a zone can’t shutdown for any reason,
then it will lso display this state.
 Global Zone Features
• Assigned zone ID 0 (zero) by the system.
• Provides the single bootable instance of the Solaris
Operating Environment that runs on the system
• Contains a full installation of Solaris system packages.
• Contains a complete product database of all installed
software components
• Holds configuration information specific to the global
zone, such as global zone hostname and the file system
table
• Only zone aware of all file systems, devices on the
system, non-global zones, configuration of non-global
zones.
• From this zone, non-global zone can be configured,
installed, managed and uninstalled.
 Non-Global Zone Features
• Assigned a zone ID by the system when it is booted.
• Shares the Solaris kernel that is booted from the global
zone.
• Contains a subset of the installed Solaris system packages
• Can contain additional software packages, shared or not
shared from the global zone.
• Includes software that was installed independently of the
global zone as well as software shared from the global
zone.
• Not aware of the existence of other zones
• Can’t install, manage or uninstall other zones, including
itself.
• Contains configuration information specific to itself, the
non-global zone, such as non-global zone hostname and
file system table.
 Zone Daemons
• Two daemon processes, zoneadmd & zsched
• Zoneadmd
• Starts when a zone needs to be managed – an instance of
zoneadmd will be started for each zone – started
automatically by SMF and is also shutdown automatically
when no longer required – allocates zone ID – sets system-
wide resource controls – prepares the zone’s devices –
plumbs the virtual network interface – mounts any loop back
or conventional file systems
• Zsched
• Started by zoneadmd – exists for each active zone – used to
keep track of kernel threads running within the zone – aka
zone scheduler
 Configuring a Zone using zonecfg command

• zonecfg command is used to

• Create, or delete a zone configuration
• Add, or remove, resources in a configuration
• Set the properties for a resource in the
configuration
• Query and verify a configuration
• Commit a configuration
• Revert to a previous configuration
• Exit from a zonecfg session
 Creating a zone
• Zone name is testzone.
• Zone path is /export/zones/testzone
• Ip address is 100.10.20.30
• This zone is sparse root zone with no
additional file systems being mounted from
the global zone.
• 1. mkdir –p /export/zones/testzone
• chmod 700 /export/zones/testzone
2. Enter the zonecfg command to configure the new zone.
#zonecfg –z testzone
zonecfg:testzone>create
zonecfg:testzone>set zonepath=/export/zones/testzone
zonecfg:testzone>set autoboot=true
zonecfg:testzone>add net
zonecfg:testzone:net>set physical=hme0
zonecfg:testzone:net>set address=100.10.20.30
zonecfg:testzone:net>end
zonecfg:testzone>add rctl
zonecfg:testzone:rctl>set name=zone.cpu-shares
zonecfg:testzone:rctl>add value (priv=privileged,limit=20,action=none)
zonecfg:testzone:rctl>end
zonecfg:testzone>add attr
zonecfg:testzone:attr>set name=comment
zonecfg:testzone:attr>set type=string
zonecfg:testzone:attr>set value=“First zone – Testzone”
zonecfg:testzone:attr>end
To check the existence of zone
3. #zoneadm –z testzone list –v

No such zone configured.

 Why?
• Because the zone configuration is not
saved to disk.
4. How to save it?
zonecfg:testzone>verify
zonecfg:testzone>commit
zonecfg:testzone>exit
#zoneadm –z testzone list -v
 Verify zone configuration
5. #zoneadm –z testzone verify
 Install the zone
#zoneadm –z testzone install
Change the zone state to ready
7. #zoneadm –z testzone ready
#zoneadm –z testzone list –v
#zoneadm –z testzone boot
#zoneadm –z testzone list -v
 View the configuration data
8. #zonecfg –z testzone export

or

vi /etc/zones/<zonename>.xml
 Creating whole root zone
• 1. mkdir –p /export/zones/zone1
chmod 700 /export/zones/zone1

2. Zonecfg –z zone1
>create
>set zonepath=/export/zones/zone1
>set autoboot=true
>add net
>set address=100.10.20.40
>set physical=hme0
>end
>add rctl
>set name=zone.cpu-shares
>add value (priv=privileged,limit=20,action=none)
>end
>add attr
>set name=comment
>set type=string
>set value=“Whole root zone”
>end
>remove inherit-pkg-dir dir=/lib
>remove inherit-pkg-dir dir=/platform
>remove inherit-pkg-dir dir=/sbin
>remove inherit-pkg-dir dir=/usr
>verify
>commit
>exit
3. #zoneadm –z zone1 list –v
4. #zoneadm –z zone1 verify
5. #zoneadm –z zone1 install
6. #zoneadm –z zone1 ready
#zoneadm –z zone1 boot
7. #zlogin –C zone1
DEMO