LDOMS & Zones

 Home
 LDOM
 Zones
 How-To-Docs-LDOM
 How-To-Docs-Zones

Introduction to Solaris Zones

Introduction Of Solaris Zones

A zone is a virtualized OS which is created within a single instance of Solaris 10. Each
environment has its own identification that is separate from the primary hardware. Each
environment works independently as if running on its own system, making consolidation simple,
safe, and secure. In this article, we will discuss about the Solaris Zones/container in detail.
whenever we go to the new topic, there are 3 questions will raise, what ? why ? and how? let we
can find the answers...

Advantages of ZONES
Reduce costs by running multiple instances
workloads on the same system
Better hardware utilization
Reduced infrastructure overhead
Lesser administration costs (admins/workload)
Resource controls
Security isolation
Software package administration

ZONE FEATURES

Zones can run on any number of available CPUs and amount of available
Granularity
memory.
Isolate Run the Multiple application on same Global Zone.
Hacking one zone does not compromise applications running in other
Security
zones.
Applications do not need to be recompiled to run in zones (except for
Transparency
some privileged operations)
Virtualization Hide configuration information from applications
Memory Capping Manage the memory usage of zones
Dynamic Resource
Assign CPUs to Zones
Pools
Fair share scheduler Grant a zone minimal CPU usage.
Key Points :-

• Depends on our hardware capability we can create the non-global zones up to 8191.
• Each zone has an ID assigned by system when it's booted with the global zone, always listed as
zone ID 0.
• Only the global zone contains a bootable Solaris kernel and is aware of all devices, file
systems, zones.
Types Of ZONES : Zones come in two flavors:

Global Zone
• Global zones controls the hardware resources and are administrating the Non-Global
Zones.

Non-Global Zone
• Virtualized Solaris execution environments, but that look and feel just like a normal
standalone servers and also its called as Local Zones. There are 3 types Of Local Zones.

Types Of Local Zones

Sparse Root Zones

• Share binaries with the global zone and also called as Native Zones.
• /usr, /platform, /sbin, /lib are the FS are shared from global zone as read-only loopback
filesystem.
• Very Less disk Space is sufficient for creating this type of Zones.
• Quick and Very less time is required to create this type of Zones.

Whole Root Zones

• Contain a complete copy of the Solaris binaries that are installed in the global zone
• Approximately its required 3 GB space for creating this type of zones.

Branded Zone
• Supports different versions of Solaris OS. For example, you can install Solaris 8 or 9 in a
branded
zone.
ZONE States

As shown in below image we can understand the flow of zone states clearly.
ZONE States
Configured Configuration was completed and Committed
Incomplete Transition state during install or uninstall Operations
Installed The packages have been successfully installed
Ready The virtual platform has been established
Running The zone booted successfully and is now running
Shutting The zone is in the process of shutting down - this is a temporary state, leading to
down "Down"
The zone has completed the shut down process and is down - this is a temporary
Down
state, leading to "Installed"

Zone Daemons There are 2 Daemons associated with Zone.

Zoneadmd

• Zoneadmd daemon starts whenever zones requires to be managed.

• Each zones have single instance of Zoneadmd ( ie zoneadmd -z zonename)
• Its started automatically by SMF and its stop automatically when no longer required.
• Allocates the zone ID and starts the zsched process
• Sets system-wide resource controls
• Plumbs the virtual network interface
• Mounts any loopback or conventional file systems
Zsched

• The zsched process is started by zoneadmd.

• The zsched job is to keep the track of kernel threads running within the zone.
• It is also known as the zone scheduler.

Frequently Using Zone Commands

zonecfg

• Add/Delete/Modify/info zone configuration

# zonecfg -z zone-name: Interactive mode; can be used to remove properties of the following
types: fs, device, rctl, net, attr
# zonecfg -z zone-name commit
# zonecfg -z zone-name create
# zonecfg -z zone-name delete
# zonecfg -z zone-name verify

zoneadm

• Change the Zone states or Administration of Zones

# zoneadm -z zone-name boot

# zoneadm -z zone-name halt
# zoneadm -z zone-name install
# zoneadm -z zone-name ready
# zoneadm -z zone-name reboot
# zoneadm -z zone-name uninstall
# zoneadm -z zone-name verify

zlogin

• Login non-global from global zone

# zlogin zone-name
# zlogin -C zone-name ( Login to zone console)

Zone
Definition
Components
zonepath Path of the zone root which is from global zone's file space.
Autoboot Define whether we need automatically boot the zone
pool Associate the zone with a resource pool; multiple zones may share a pool.
net Network interface of Zone
 File systems from the zone's /etc/vfstab, automounted file systems configured
fs within the zone, manually mounted file systems or ZFS mounts from within the
zone
dataset To manage non-global zone with ZFS file system.
In a sparse root zone, represents directories containing packaged software that a
inherit-pkg-
non-global zone shares with the global zone. (Should not be used in a whole
dir
root zone.)
device Devices that should be configured in a non-global zone.
rctl Zone-wide resource controls such as zone.cpu-shares andzone.max-lwps
attr Zone comments

also please note the below "sub commands", this will also important while configuration the
zone.

SUB
COMMANDS
add Add the specified resource or components
Ends the resource specification and returns to the global scope without
cancel
retaining partially specified resources.
commit Save the current configuration to the disk.
create Create new zone configurations
delete Destroy configuration.
end Ends the resource specification
exit Ends the zonecfg session.
info Display information about the configuration of the current scope.
remove Remove the specified resource
revert Return to the last state written to disk.
set Set the specified property to the specified value
verify Verify the current configuration for correctness.

Let we can see how to add the listed zone components with using "zonecfg" command

* Set zonepath and Autoboot (the zones servicesvc:/system/zones:defaultmust also be enabled

when we go for autoboot=true)
zonecfg:zone1> set zonepath=/export/home/zone1
zonecfg:zone1> set autoboot=true
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit

* In the following example, Filesystem is added into the non-global zone

bash-3.00# zonecfg -z zone1
zonecfg:zone1> add fs
zonecfg:zone1:fs> set dir=/test/mnt
zonecfg:zone1:fs> set special=/dev/vx/dsk/zonedg/vol1
zonecfg:zone1:fs> set raw=/dev/vx/rdsk/zonedg/vol1
zonecfg:zone1:fs> set type=vxfs
zonecfg:zone1:fs> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit

* In the following example, Network is added into the non-global zone

zonecfg:zone1> add net
zonecfg:zone1:net> set physical=e1000g0
zonecfg:zone1:net> set address=192.168.10.35
zonecfg:zone1:net> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit

* In the following example, ZFS Dataset filesystem is added into the non-global zone
bash-3.00# zonecfg -z zone1
zonecfg:zone1> add dataset
zonecfg:zone1:dataset> set name=zonepool/zone1vol
zonecfg:zone1:dataset> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit

* In this example, Specify the Memory Limits. Each limit is optional, but at least one must be
set.
zonecfg:zone1> add capped-memory
zonecfg:zone1:capped-memory> set physical=50m
zonecfg:zone1:capped-memory> set swap=100m
zonecfg:zone1:capped-memory> set locked=30m
zonecfg:zone1:capped-memory> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit

* In this example, Assigning Dedicated CPU (1-3). we can set the importance as well.
zonecfg:zone1> add dedicated-cpu
zonecfg:zone1:dedicated-cpu> set ncpus=1-3
zonecfg:zone1:dedicated-cpu> set importance=2
zonecfg:zone1:dedicated-cpu> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit

*In this example, specifies Capped CPU of 3.5 CPUs for the zone1
zonecfg:zone1> add capped-cpu
zonecfg:zone1:capped-cpu> set ncpus=3.5
zonecfg:zone1:capped-cpu> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit
create local zones:
=====================================================================
=
Create a zone

To create a zone we must consider that the name starts with an alphanumeric character; the
maximum length is 64 characters; the name accepts alphanumerics, underlining, hyphens and
periods; the GLOBAL name is reserved and can not be started by SUNW; the name of the zone
must be unique and not exist previously.

Then, for creating a zone follow these steps:

Create the directory where there is space in the global zone.

Choose the name of the zone, we set "my-zone" for this guide.
Create the zone with the chosen name (my-zone).
Configure the directory for the storage /export/zonas/my-zone.
Configure the network interface.
Assign dedicated CPU.
Allocate memory.

Then, execute the following commands for creating the zone:

global#mkdir –p /export/zones/my-zone
global#chmod 700 /export/zones
global#zonecfg -z my-zone
zonecfg:my-zone> create
zonecfg:my-zone> set zonepath=/export/zones/my-zone
zonecfg:my-zone> set autoboot=false
zonecfg:my-zone> add net
zonecfg:my-zone:net> set address=10.1.1.10
zonecfg:my-zone:net> set defrouter=10.1.1.1
zonecfg:my-zone:net> set physical=hme0
zonecfg:my-zone:net> end
zonecfg:my-zone> add dedicated-cpu
zonecfg:my-zone:dedicated-cpu> set ncpus=1-3
zonecfg:my-zone:dedicated-cpu> set importance=2
zonecfg:my-zone:dedicated-cpu> end
zonecfg:my-zone> add capped-memory
zonecfg:my-zone:capped-memory> set physical=500m
zonecfg:my-zone:capped-memory> set swap=100m
zonecfg:my-zone:capped-memory> set locked=50m
zonecfg:my-zone:capped-memory> end
zonecfg:my-zone> verify
zonecfg:my-zone> commit
zonecfg:my-zone> exit
global#zoneadm -z my-zone install
global#zoneadm -z my-zone boot

Connect to a zone

To connect to a zone, use the command:

#zlogin my-zone

To start a zone

To start a zone, use the command:

#zoneadm –z my-zone boot

To stop a zone

To stop a zone, use the command:

#zoneadm –z my-zone halt

To restart a zone

To restart a zone, use the command:

#zoneadm –z my-zone reboot

Uninstall a zone

When a zone is uninstalled it goes to STATUS configured.

#zoneadm -z my-zone uninstall -F

Delete a zone

Remove the zone with the command:

#zonecfg -z my-zone delete -F

Show the name of the zone

This command prints in the console the name of the zone where we are logged:

#zonename
=====================================================================
=====

How to create and configure solaris 10 zones

Solaris zones enables a software partitioning of solaris 10 OS to support multiple independent,
secure OS environments to run in the same OS. Each environment has separate process space,
resource allocation and users. Zones is widely used in production environments as it is easy to
setup and doesn’t require any special hardware like ldoms does.

Zone types

Global zone – every installed OS acts like a global zone, which is present by default. All non-
global zones can only be intalled, configured and administered from global zone.
Non-global zone – They share the functioning of the kernel booted under the global zone. All the
software and other resources are inherited from the global zone.
Whole Root zone (Big zone) – It gets their own writable copy of all the file systems like /opt,
/usr. It takes more disk space.
Sparse root zone (Small zone) – File systems like /opt, /usr are shared from global zone as
loopback file-system (you only have a read-only access to these directories in non-global zone).
It takes very less disk space.
Branded zones – These are solaris 8 or solaris 9 zones on the solaris 10 global zones.

Configuring a zone with minimal settings

Let us create a new zone with a minimal resources and settings required to get it up and running.
We’ll see how to add other resources like cpu, memory, file system etc later in this post.We
would be creating a sparse root zone in this case. To create a whole root zone we just have to use
create -b instead of just create in the configuration prompt.

global# mkdir -p /zones/zone01

global# chmod 700 /zones/zone01
global# zonecfg -z zone01
zone01: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:zone01> create
zonecfg:zone01> set zonepath=/zones/zone01
zonecfg:zone01> set autoboot=true
zonecfg:zone01> verify
zonecfg:zone01> commit
zonecfg:zone01> exit

Install and boot the zone

Now install the zone and boot it. Upon booting we can login into the console of the zoen to
configure it.

global# zoneadm -z zone01 verify

global# zoneadm -z my-zone install
global# zoneadm -z my-zone list -ivc
ID NAME STATUS PATH BRAND IP
0 global running / native shared
- zone01 installed /zones/zone01 native shared
global# zoneadm -z my-zone boot
global# zoneadm list -v
ID NAME STATUS PATH BRAND IP
0 global running / native shared
1 my-zone running /zones/zone01 native shared
global# zlogin -C zone01
global # zlogin zone01

-C here connects you to the console of the zone. This has to be done only once to get the zone
configured with hostname, timezone and other basic settings.
Resource configuration examples

Below are some most commonly used examples of resource configuration in a zone.
CPU
1. Dedicated CPU
To see the CPU information in the global zone you can use

global# psrinfo -v
global# psrinfo -vp

After you have confirmed the CPUs you want to use, you can add a fixed no of CPUs to the
zone.

zonecfg:zone01> add dedicated-cpu

zonecfg:zone01:dedicated-cpu> set ncpus=1-2
zonecfg:zone01:dedicated-cpu> set importance=10 (optional, default is 1)
zonecfg:zone01:dedicated-cpu> end

Memory
Capped Memory

zonecfg:my-zone> add capped-memory

zonecfg:zone01:capped-memory> set physical=50m [max memory that can be used by this
zone]
zonecfg:zone01:capped-memory> set swap=100m
zonecfg:zone01:capped-memory> set locked=30m [memory locked for use by this zone]
zonecfg:zone01:capped-memory> end
File system
a. Loopback FS

zonecfg:zone01> add fs
zonecfg:zone01:fs> set dir=/usr/local
zonecfg:zone01:fs> set special=/opt/zones/my-zone/local
zonecfg:zone01:fs> set type=lofs
zonecfg:zone01:fs> end

here /usr/local will be readable and writable in non-global zone

b. Normal file system

zonecfg:zone01> add fs
zonecfg:zone01:fs> set dir=/data01
zonecfg:my-zone01:fs> set special=/dev/dsk/c1t1d0s0
zonecfg:my-zone01:fs> set raw=/dev/rdsk/c1t1d0s0
zonecfg:my-zone01:fs> add options [logging, nosuid] (optional)
zonecfg:my-zone01:fs> end

ZFS dataset
When we delegate a dataset to a non-global zone we can do any operation on that dataset inside
of the zone without requiring global zone to configure it all the time.

zonecfg:zone01> add dataset

zonecfg:zone01> set name=tank/sales
zonecfg:zone01> end

Inherit package (sparse root zone only)

Now in case of sparse root zone we can inherit some of the packages from the global zone.

zonecfg:my-zone> add inherit-pkg-dir

zonecfg:my-zone:inherit-pkg-dir> set dir=/opt/sfw
zonecfg:my-zone:inherit-pkg-dir> end

NOTE: These resources can not be modified once the zone is installed

IP
We can either give an exclusive IP using a dedicated interface to a non-global zone or use an
existing interface in the global zone to share it with the non-global zone. When we configure an
exclusive IP we have to configure IP address inside of the non-global zone and not during the
configuration.
a. Exclusive IP

zonecfg:my-zone> set ip-type=exclusive

zonecfg:zone01> add net
zonecfg:zone01:net> set physical=hme0

NOTE: No need to specify IP here you can control everything from inside of the non-global zone

b. Shared IP
In this case zone uses a shared interface which is already plumbed and being used in the global
zone.

zonecfg:zone01> add net

zonecfg:zone01:net> set address=192.168.1.2
zonecfg:zone01:net> set physical=hme0
zonecfg:zone01:net> set defrouter=10.0.0.1 [optional]
zonecfg:zone01:net> end

Device
We can also directly assign a physical device like disk to a non-global disk.

zonecfg:zone01> add device

zonecfg:zone01:device> set match=/dev/rdsk/c0t1d0
zonecfg:zone01:device> end

Comments
In case you want to add some comments like function of the non-global zone or anything else for
that matter.

zonecfg:zone01> add attr

zonecfg:zone01:attr> set name=comment
zonecfg:zone01:attr> set type=string
zonecfg:zone01:attr> set value="Hello World. This is my zone"
zonecfg:zone01:attr> end

Other
Other settings like scheduling class of the CPU in the non-global zone can also be configured
from the global zone.

zonecfg:zone01> set limitpriv="default,sys_time"

zonecfg:zone01> set scheduling-class=FSS

Other administrative commands

To reboot a zone : # zoneadm -z reboot

To halt a zone : # zoneadm -z zone halt
To uninstalling a zone : # zoneadm -z zone uninstall -F
To delete an uninstalled zone : # zoneadm -z zone delete -F
Get all configuration info : # zonecfg -z zone info
login into a zone in safe mode : # zlogin -S zone
prstat on all zones : # prstat -Z
prstat on a single zone : # prstat -z zone