Solaris Zones

Solaris Zones
• • • • • • Introduction to Zones Types of zones Zone States Zone Features Configuring a Zone Installing a Zone

Introduction to Zones
• New feature of Solaris 10 • Provide a virtual operating system environment within a physical instance of Solaris 10 • Applications can run in an isolated, and secure environment. • Even a privileged user in a zone can’t monitor or access process running in a different zone.

Types of Zones
• Global
• Default zone – used for system wide configuration and control – Every system contains a global zone and there can be only one Global zone on a physical Solaris Server.

• Non-Global
• Created from Global zone & managed by it – 8192 non-Global zones on a single physical system

Zone States
• Configured
• When the configuration is completed & the storage is committed.

• Incomplete
• A zone is set to this state during an install or uninstall operation. Upon completion of the operation, it changes to the correct state.

• Installed
• Confirmed configuration-packages are installed under zone’s root path-but no virtual platform associated with it.

• Ready
• Virtual platform is established. The kernel creates the zsched process-network interfaces are plumbed & file system are mountedThe system assigns a zone ID-but no processes associated with this zone.

• Running
• A zone enters this state when the first user process is created. This is the normal state for an operational zone.

• Shutting Down + Down
• Transitional states that are only visible while a zone is in the process of being halted. If a zone can’t shutdown for any reason, then it will lso display this state.

Global Zone Features
• Assigned zone ID 0 (zero) by the system. • Provides the single bootable instance of the Solaris Operating Environment that runs on the system • Contains a full installation of Solaris system packages. • Contains a complete product database of all installed software components • Holds configuration information specific to the global zone, such as global zone hostname and the file system table • Only zone aware of all file systems, devices on the system, non-global zones, configuration of non-global zones. • From this zone, non-global zone can be configured, installed, managed and uninstalled.

Non-Global Zone Features
• Assigned a zone ID by the system when it is booted. • Shares the Solaris kernel that is booted from the global zone. • Contains a subset of the installed Solaris system packages • Can contain additional software packages, shared or not shared from the global zone. • Includes software that was installed independently of the global zone as well as software shared from the global zone. • Not aware of the existence of other zones • Can’t install, manage or uninstall other zones, including itself. • Contains configuration information specific to itself, the non-global zone, such as non-global zone hostname and file system table.

Zone Daemons
• Two daemon processes, zoneadmd & zsched • Zoneadmd
• Starts when a zone needs to be managed – an instance of zoneadmd will be started for each zone – started automatically by SMF and is also shutdown automatically when no longer required – allocates zone ID – sets systemwide resource controls – prepares the zone’s devices – plumbs the virtual network interface – mounts any loop back or conventional file systems

• Zsched
• Started by zoneadmd – exists for each active zone – used to keep track of kernel threads running within the zone – aka zone scheduler

Configuring a Zone using zonecfg command

• zonecfg command is used to
• Create, or delete a zone configuration • Add, or remove, resources in a configuration • Set the properties for a resource in the configuration • Query and verify a configuration • Commit a configuration • Revert to a previous configuration • Exit from a zonecfg session

Creating a zone
• • • • Zone name is testzone. Zone path is /export/zones/testzone Ip address is 100.10.20.30 This zone is sparse root zone with no additional file systems being mounted from the global zone. • 1. mkdir –p /export/zones/testzone • chmod 700 /export/zones/testzone

2. Enter the zonecfg command to configure the new zone. #zonecfg –z testzone zonecfg:testzone>create zonecfg:testzone>set zonepath=/export/zones/testzone zonecfg:testzone>set autoboot=true zonecfg:testzone>add net zonecfg:testzone:net>set physical=hme0 zonecfg:testzone:net>set address=100.10.20.30 zonecfg:testzone:net>end zonecfg:testzone>add rctl zonecfg:testzone:rctl>set name=zone.cpu-shares zonecfg:testzone:rctl>add value (priv=privileged,limit=20,action=none) zonecfg:testzone:rctl>end zonecfg:testzone>add attr zonecfg:testzone:attr>set name=comment zonecfg:testzone:attr>set type=string zonecfg:testzone:attr>set value=“First zone – Testzone” zonecfg:testzone:attr>end

To check the existence of zone
3. #zoneadm –z testzone list –v No such zone configured.

Why?
• Because the zone configuration is not saved to disk. 4. How to save it? zonecfg:testzone>verify zonecfg:testzone>commit zonecfg:testzone>exit #zoneadm –z testzone list -v

Verify zone configuration
5. #zoneadm –z testzone verify

Install the zone
#zoneadm –z testzone install

Change the zone state to ready
7. #zoneadm –z testzone ready #zoneadm –z testzone list –v #zoneadm –z testzone boot #zoneadm –z testzone list -v

View the configuration data
8. #zonecfg –z testzone export or vi /etc/zones/<zonename>.xml

Creating whole root zone
• 1. mkdir –p /export/zones/zone1
chmod 700 /export/zones/zone1 2. Zonecfg –z zone1 >create >set zonepath=/export/zones/zone1 >set autoboot=true >add net >set address=100.10.20.40 >set physical=hme0 >end >add rctl >set name=zone.cpu-shares >add value (priv=privileged,limit=20,action=none) >end >add attr >set name=comment >set type=string >set value=“Whole root zone” >end >remove inherit-pkg-dir dir=/lib >remove inherit-pkg-dir dir=/platform >remove inherit-pkg-dir dir=/sbin >remove inherit-pkg-dir dir=/usr >verify >commit >exit

3. #zoneadm –z zone1 list –v 4. #zoneadm –z zone1 verify 5. #zoneadm –z zone1 install 6. #zoneadm –z zone1 ready #zoneadm –z zone1 boot 7. #zlogin –C zone1

DEMO

Sign up to vote on this title
UsefulNot useful