Solaris Zones

Zones are virtual process environments in Solaris 10 (and newer) that allow system administrator to isolate process in one zone from processes in another zone. Zones have their own (chroot) storage environment which again separates data between zones. This document is an introduction into Solaris zones. Please read the solaris_zones_commands quick_referenec for actual commands involved in managing zones.

Zone Features
Granularity Zones can run on any number of available CPUs and amount of available memory Isolate Run the same application with different configurations Security Hacking one zone does not compromise applications running in other zones Transparency Applications do not need to be recompiled to run in zones (except for some privileged operations) Virtualization Hide configuration information from applications Memory capping Manage the memory usage of zones Dynamic resource pools Assign CPUs to zones Fair share scheduler Grant a zone minimal CPU usage

A zone doesn't have to be booted into the ready state before it can enter the running state. Issuing the zoneadm -z zone boot command on a zone in the installed state will have the zone be booted into the running state

Directories
Directory /etc/zones Content Zone configuration files

Zone daemons
Daemon Function zoneadmd Responsible for booting and shutting down zones zsched Keeps track of kernel threads belonging to zones

Zone types
Type Container Abbr. Definition Zone with resource management controls Global zone GZ The base OS installation. Is always present. Local zone LZ Any zone created manually by the administrator. Aka. nonglobal zone Non-global zone NGZ Any zone created manually by the administrator. Aka. local zone

Zone states
Undefined zonecfg -z zone zone: > create zonecfg -z zone delete Configured zoneadm -z zone install zoneadm -z uninstall Installed

Zone software package parameters

Parameter Function SUNW_PKG_ALLZONES Determines the type of zone in which a package can be installed SUNW_PKG_HOLLOW Determines the visibility of the package in a zone SUNW_PKG_THISZONE Determines if the package must be installed in the current zone only

Zone storage models

Model Definition Sparse root model Any zone that shares any of the /lib, /platform, /sbin or /usr directories with the GZ is called a sparse root model zone. Whole root model Any zone not sharing directories with the GZ is called a whole root model zone.

zoneadm -z zone ready Ready zoneadm -z zone boot

zoneadm -z zone halt

Running zoneadm -z zone reboot Running

Commands
Path Command /usr/sbin/zlogin /usr/sbin/zoneadm /usr/sbin/zonecfg /usr/bin/zonename Usage Log in to zones Administer zones (re)Configure zones Print current zonename

A running zone cannot be brought back to the ready state. A halt on a running zone will bring the zone back to the installed state.

Zone configuration
Basic zone configuration # zonecfg -z zone zonecfg:zone>create zonecfg:zone>set zonepath=/zones/zone zonecfg:zone>set autoboot=true zonecfg:zone>set pool=zone_pool

zonecfg:zone:> add device zonecfg:zone:device>set match=/dev/zvol/rdsk/pool/volume zonecfg:zone:device> end Storage configuration Inherit-pkg-dir zonecfg:zone>add inherit-pkg-dir zonecfg:zone:inherit-pkg-dir> set dir=/opt zonecfg:zone:inherit-pkg-dir> end

Colophon Author Peter van Gemert Name solaris_zones_intro.pdf Location http://www2.petervg.nl/quick_reference Created 10 July 2007 Modified 18 July 2007

Storage configuration UFS zonecfg:zone> add fs zonecfg:zone:fs> set dir=/ufs zonecfg:zone:fs> set special=/dev/dsk/c1t0d0s0 zonecfg:zone:fs> set raw=/dev/rdsk/c1t0d0s0 zonecfg:zone:fs> set type=ufs zonecfg:zone:fs> set options=ro zonecfg:zone:fs> end

Network configuration zonecfg:zone> add net zonecfg:zone:net>set physical=hme0 zonecfg:zone:net> set address=10.0.0.1/24 zonecfg:zone:net> end

Storage configuration LOFS zonecfg:zone> add fs zonecfg:zone:fs> set dir=/lofs zonecfg:zone:fs> set special=/global/dir zonecfg:zone:fs> set type=lofs zonecfg:zone:fs> end

Device configuration zonecfg:zone> add device zonecfg:zone:device> set match=/dev/sound/* zonecfg:zone:device> end

Storage configuration ZFS file systems zonecfg:zone> add fs zonecfg:zone:fs> set dir=/zfs zonecfg:zone:fs> set special=pool/data zonecfg:zone:fs> set type=zfs zonecfg:zone:fs> end

Resource configuration Fair Share Scheduler (FSS) zonecfg:zone> add rctl zonecfg:zone:rctl> set name=zone.cpu-shares zonecfg:zone:rctl> add value (priv=privileged,limit=20,action=none) zonecfg:zone:rctl> end

Storage configuration ZFS dataset zonecfg:zone> add dataset zonecfg:zone:dataset> set name=pool/dataset zonecfg:zone:dataset> end

Extra attributes zonecfg:zone> add attr zonecfg:zone:attr> set name=creator zonecfg:zone:attr> set type=string zonecfg:zone:attr> set value="Sys Admin" zonecfg:zone:attr> end

Save configuration zonecfg:zone> commit zonecfg:zone> exit

Storage configuration ZFS volume zonecfg:zone> add device zonecfg:zone:device> set match=/dev/zvol/dsk/pool/volume zonecfg:zone:device> end