Back to the main page

Non-global Solaris 10 zones 

Sun's solution for virtualization is Solaris Containers. Actually this solution has two categories: 

1. Zones - application isolation
2. Resource management

This doc is about Zones only. 

Zone is virtualized OS environment within single instance of Solaris OS. 

Every Solaris 10 system contains a global zone (default zone for system and for managing other non-global zones).

# zoneadm list -v
  ID NAME             STATUS     PATH     BRAND    IP
   0 global           running    /        native   shared


Zone features: 

1. Each zone has zone name
2. Each zone also has node name - /etc/nodename (can be different than zone name)
3. Global zone always has name global 
4. Each zone has unique number (assigned by system when zone boots)
5. Global zone always has number ID 0
6. Non-global zone's path to root directory is relative to global zone's root dir (/)

Non-global zones features: 

1. Contains s/w packages shared from global zone
2. Contain additional s/w packaged not shared from global zone
3. Not aware of other zones
4. Has specific non-global zone FS table 
5. Communicate over each zone's IP network connection (shared or exclusive)

See  state of non-global zones  and specific commands for each zone state. 

Note: 

Since non-global zone is like "separate machine", sometimes you don't want to boot it at same time as global zone. 
To do this, disable zones service. 

# svcadm -v disable zones
svc:/system/zones:default disabled.

# svcs zones
STATE          STIME    FMRI
disabled       15:24:37 svc:/system/zones:default


What is disk space requirement for zones? 

Regarding to this, here we have two type of zones: 

1. Spare root zone - Read-only loopbacks FS (specified by inherit-pkg-dir) from global zone, say needs 100MB (more if you install lots of additional packages later) 
2. Whole Root zone - maximum configurability, since all packages are installed in private FS

Tip: use separate partitions as non-global zone's root in order to limit disk consumptions per zone. 
 
Configuring non-global zone

Only two mandatory elements are: zonename and zonepath. 

# zonecfg -z zone-1
zone-1: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:zone-1> create
zonecfg:zone-1> set zonepath=/.0/zone-1
zonecfg:zone-1> add net
zonecfg:zone-1:net> set physical=eri0
zonecfg:zone-1:net> set address=192.168.etc.etc
zonecfg:zone-1:net> end
zonecfg:zone-1> verify
zonecfg:zone-1> commit
zonecfg:zone-1> exit


Previous verify didn't say anything but as per below, there is warning about zone path's ownership. 

# zoneadm -z zone-1 verify
/.0/zone-1 must not be group readable.
/.0/zone-1 must not be group executable.
/.0/zone-1 must not be world readable.
/.0/zone-1 must not be world executable.
could not verify zonepath /.0/zone-1 because of the above errors.
zoneadm: zone zone-1 failed to verify


Fix this to be 700. 

Check the zone info and see inherited directories. 
By default, zone doesn't boot at same time as global zone - see autoboot. 

# zonecfg -z zone-1 info
zonename: zone-1
zonepath: /.0/zone-1
brand: native
autoboot: false
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
inherit-pkg-dir:
        dir: /lib
inherit-pkg-dir:
        dir: /platform
inherit-pkg-dir:
        dir: /sbin
inherit-pkg-dir:
        dir: /usr
net:
        address: 192.168.x.x
        physical: eri0
        defrouter not specified


So zone is just configured now. There is still nothing in zone path directory /.0/zone-1. 

Installing non-global zone


# zoneadm -z zone-1 install
Preparing to install zone <zone-1>.
Creating list of files to copy from the global zone.
Copying <9161> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <426> packages on the zone.
Initialized <426> packages on zone.
Zone <zone-1> is initialized.
The file </.0/zone-1/root/var/sadm/system/logs/install_log> contains a log of the zone installation 


See below list of zones. Zone-1 doesn't have ID, will get it upon reboot. 

# zoneadm list -vi
  ID NAME             STATUS     PATH                           BRAND    IP
   0 global           running    /                            native   shared
   - zone-1           installed  /.0/zone-1                   native   shared


This zone doesn't have associated virtual platform. Associate virtual platform by making zone ready. 

# zoneadm -z zone-1 ready

# zoneadm list -vi
  ID NAME             STATUS     PATH                           BRAND    IP
   0 global           running    /                           native   shared
   1 zone-1           ready      /.0/zone-1                   native   shared


Zone-1 now has ID=1.

Booting zone

The zone can be booted from ready or even installed state (virtual platform will be associated automatically before boot). 

Tip: use sysidcfg file to automatically configure OS in zone, otherwise you need to do it manually when first login to zone. 
Before booting zone, create and place sysidcfg file in /.0/zone-1/root/etc directory.

See man sysidcfg.

# zoneadm -z zone-1 boot

# zoneadm list -vi
  ID NAME             STATUS     PATH                           BRAND    IP
   0 global           running    /                              native   shared
   4 zone-1           running    /.0/zone-1                     native   shared

 
After zone boots, login to the zone's console first.  

# zlogin -C zone-1

[Connected to zone 'zone-1' console]
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair
Configuring network interface addresses:.
rebooting system due to change(s) in /etc/default/init

[NOTICE: Zone rebooting]

SunOS Release 5.10 Version Generic_139555-08 64-bit
Copyright 1983-2009 Sun Microsystems, Inc.  All rights reserved.
Use is subject to license terms.
Hostname: zone-1-zone
Reading ZFS config: done.

zone-1-zone console login: 


Notice that zone's name is different then hostname - not convenient but done like this only for this presentation. 

Exit from console with ~.

Also login to zone like: 

# zlogin zone-1


Deleting/Removing zone 

First shut it down: 

# zlogin zone-1 shutdown

# zoneadm list -vi
  ID NAME             STATUS     PATH                           BRAND    IP
   0 global           running    /                              native   shared
   - zone-1           installed  /.0/zone-1                     native   shared


Uninstall it. 

# zoneadm -z zone-1 uninstall -F

# zoneadm list -vi
  ID NAME             STATUS     PATH                           BRAND    IP
   0 global           running    /                              native   shared


But info about zone's configuration is still there, even directory /.0/zone-1 is deleted.  

# zonecfg -z zone-1 info
zonename: zone-1
zonepath: /.0/zone-1
brand: native
autoboot: false
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
inherit-pkg-dir:
        dir: /lib
inherit-pkg-dir:
        dir: /platform
inherit-pkg-dir:
        dir: /sbin
inherit-pkg-dir:
        dir: /usr


Delete zone's configuration. 

# zonecfg -z zone-1 delete -F

#  zonecfg -z zone-1 info
zone-1: No such zone configured
Back to the main page