Solaris 10 Zone Basics

8/9/2019 Solaris 10 Zone Basics

1/12

F. Mohaideen Abdul KaderQuick Reference

Solaris 1 Zones

In its simple form, a zone is a virtual operating system environment created within a single instance of the Solaris operating system. Efficient

resource utilization is the main goal of this technology.

Solaris 10's zone partitioning technology can be used to create local zones that behave like virtual servers. All local zones are controlled from the

system's global zone. Processes running in a zone are completely isolated from the rest of the system. This isolation prevents processes that are

running in one zone from monitoring or affecting processes that are running in other zones. Note that processes running in a local zone can be

monitored from global zone; but the processes running in a global zone or even in another local zone cannot be monitored from a local zone.

As of now, the upper limit for the number of zones that can be created/run on a system is 8192; of course, depending on the resource

availability, a single system may or may not run all the configured zones effectively.

Global Zone

When we install Solaris 10, a global zone gets installed automatically; and the core operating system runs under global zone. To list all the

configured zones, we can use zoneadm command:

% zoneadm list -v

ID NAME STATUS PATH

0 global running /

Global zone is the only one:

Bootable from the system hardware

To be used for system-wide administrative control, such as physical devices, routing, or dynamic reconfiguration (DR). ie., global zone is

the only zone that is aware of all devices and all file systems

From which a non-global zone can be configured, installed, managed, or uninstalled. ie., global zone is the only zone that is aware of the

existence of non-global (local) zones and their configurations. It is not possible to create local zones, within a local zone

Steps to create a Local Zone

Prerequisites:

Plenty of disk space to hold the newly installed zone. It needs at least 2G space to copy the essential files to the local zone, and of course

the disk space needed by the application(s) you are planning to run, in this zone; and A dedicated IP for network connectivity

Basic Zone creation steps with examples:

1. Check the disk space & network configuration

% df -h /

Filesystem size used avail capacity Mounted on

/dev/dsk/c1t1d0s0 29G 22G 7.1G 76% /

% ifconfig -a

lo0: flags=2001000849 mtu 8232 index 1

inet 127.0.0.1 netmask ff000000

eri0: flags=1000843 mtu 1500 index 2

HOME STORAGES & SAN SWITCHES OS SERVER LEARNINGS USEFUL PDF FILES TAPE LIBRARIES & BACKUP EC DATA

Page 1 of 12Solaris 10 Zone Basics - Quick Reference

1/23/2014http://quickreference.weebly.com/solaris-10-zone-basics.html


2/12

inet 192.168.74.217 netmask fffffe00 broadcast 192.168.75.255

1. Since there is more than 5G free space, I've decided to install a local zone under /zones.

% mkdir /zones

1. Next step is to define/create the zone root. This is the path to zone's root directory that is relative to the global zone's root directory. Zone

root must be owned by root user with the mode 700. This will be used in setting the zonepath property, during the zone creation process

% cd /zones

% mkdir appserver

% chmod 700 appserver

% ls -l

total 2

drwx------ 2 root root 512 Feb 17 12:46 appserver

1. Create & configure a new 'sparse root' local zone, with root privileges

% zonecfg -z appserv

appserv: No such zone configured

Use 'create' to begin configuring a new zone.

zonecfg:appserv> create

zonecfg:appserv> set zonepath=/zones/appserver

zonecfg:appserv> set autoboot=true

zonecfg:appserv> add net

zonecfg:appserv:net> set physical=eri0

zonecfg:appserv:net> set address=192.168.175.126

zonecfg:appserv:net> end

zonecfg:appserv> add fs

zonecfg:appserv:fs> set dir=/repo2

zonecfg:appserv:fs> set special=/dev/dsk/c2t40d1s6

zonecfg:appserv:fs> set raw=/dev/rdsk/c2t40d1s6

zonecfg:appserv:fs> setzonecfg:appserv:fs> set options noforcedirectio

zonecfg:appserv:fs> end

zonecfg:appserv> add inherit-pkg-dir

zonecfg:appserv:inherit-pkg-dir> set dir=/opt/csw

zonecfg:appserv:inherit-pkg-dir> end

zonecfg:appserv> info

zonepath: /zones/appserver

autoboot: true

pool:

inherit-pkg-dir:

dir: /lib

inherit-pkg-dir:

dir: /platform

inherit-pkg-dir:

dir: /sbin

inherit-pkg-dir:

dir: /usr

inherit-pkg-dir:

dir: /opt/csw

net:

address: 192.168.175.126

physical: eri0

zonecfg:appserv> verify

zonecfg:appserv> commit

zonecfg:appserv> exit

Sparse Root Zone Vs Whole Root Zone

In a Sparse Root Zone, the directories /usr, /sbin, /lib and /platform will be mounted as loopback file systems. That is, although all those

directories appear as normal directories under the sparse root zone, they will be mounted as read-only file systems. Any change to those




3/12

directories in the global zone can be seen from the sparse root zone.

However if you need the ability to write into any of those directories listed above, you may need to configure a Whole Root Zone. For example,

softwares like ClearCase need write permissions to /usr directory. In that case configuring a Whole Root Zone is the way to go. The steps for

creating and configuring a new 'Whole Root' local zone are as follows:

% zonecfg -z appserv

appserv: No such zone configuredUse 'create' to begin configuring a new zone.

zonecfg:appserv> create

zonecfg:appserv> set zonepath=/zones/appserver

zonecfg:appserv> set autoboot=true

zonecfg:appserv> add net

zonecfg:appserv:net> set physical=eri0

zonecfg:appserv:net> set address=192.168.175.126

zonecfg:appserv:net> end

zonecfg:appserv> add inherit-pkg-dir

zonecfg:appserv:inherit-pkg-dir> set dir=/opt/csw

zonecfg:appserv:inherit-pkg-dir> end

zonecfg:appserv> remove inherit-pkg-dir dir=/usr

zonecfg:appserv> remove inherit-pkg-dir dir=/sbin

zonecfg:appserv> remove inherit-pkg-dir dir=/lib

zonecfg:appserv> remove inherit-pkg-dir dir=/platform

zonecfg:appserv> info

zonepath: /zones/appserver

autoboot: true

pool:

inherit-pkg-dir:

dir: /opt/csw

net:

address: 192.168.175.126

physical: eri0




Brief explanation of the properties that I added:

\* zonepath=/zones/appserver

Local zone's root directory, relative to global zone's root directory. ie., local zone will have all the bin, lib, usr, dev, net, etc, var, opt etc.,

directories physically under /zones/appserver directory

\* autoboot=true

boot this zone automatically when the global zone is booted

\* physical=eri0

eri0 card is used for the physical interface

\* address=192.168.175.126

192.168.175.126 is the IP address. It must have all necessary DNS entries

[Added 08/25/08] The whole add fs section adds the file system to the zone. In this example, the file system that is being exported to the zone

is an existing UFS file system.

\* set dir=/repo2

/repo2 is the mount point in the local zone

\* set special=/dev/dsk/c2t40d1s6 set raw=/dev/rdsk/c2t40d1s6

Grant access to the block (/dev/dsk/c2t40d1s6) and raw (/dev/rdsk/c2t40d1s6) devices so the file system can be mounted in the non-global




4/12

zone. Make sure the block device is not mounted anywhere right before installing the non-global zone. Otherwise, the zone installation may fail

with ERROR: file system check of failed: exit status : run fsck manually. In that case,

unmount the file system that is being exported, uninstall the partially installed zone (zoneadm -z uninstall) then install the zone from the

scratch (no need to re-configure the zone, just do a re-install).

\* set

The file system is of type UFS

\* set options noforcedirectio

Mount the file system with the option noforcedirectio[/Added 08/25/08]

\* dir=/opt/csw

read-only path, will be lofs'd (loop back mounted) from global zone. Note: it works for sparse root zone only -- whole root zone cannot have any

shared file systems

zonecfg commands verify and commit, verifies and commits the zone configuration for the zone, respectively. Note that it is not necessary to

commit the zone configuration; it will be done automatically when we exit from zonecfg tool. info displays information about the current

configuration

Check the state of the newly created/configured zone

% zoneadm list -cv

ID NAME STATUS PATH

0 global running /

- appserv configured /zones/appserver

Next step is to install the configured zone. It takes a while to install the necessary packages

% zoneadm -z appserv install

/zones must not be group writable.

could not verify zonepath /zones/appserver because of the above errors.

zoneadm: zone appserv failed to verify

% ls -ld /zones

drwxrwxr-x 3 root root 512 Feb 17 12:46 /zones

Since /zones must not be group writable, let's change the mode to 700.

% chmod 700 /zones

% ls -ld /zones

drwx------ 3 root root 512 Feb 17 12:46 /zones

% zoneadm -z appserv install

Preparing to install zone .Creating list of files to copy from the global zone.

Copying files to the zone.

Initializing zone product registry.

Determining zone package initialization order.

Preparing to initialize packages on the zone.

Initialized packages on zone.

Zone is initialized.

Installation of these packages generated errors:

Installation of packages was skipped.

Installation of these packages generated warnings:

The file contains a log of the zone installation.




5/12

1. Verify the state of the appserv zone, one more time

% zoneadm list -cv

ID NAME STATUS PATH

0 global running /

- appserv installed /zones/appserver

1. Boot up the appserv zone. Let's note down the ifconfig output to see how it changes after the local zone boots up. Also observe that thereis no answer from the server yet, since it is not up

% ping 192.168.175.126

no answer from 192.168.175.126

% ifconfig -a





ether 0:3:ba:2d:0:84

% zoneadm -z appserv boot

zoneadm: zone 'appserv': WARNING: eri0:1: no matching subnet found in netmasks(4) for 192.168.175.126;

using default of 255.255.0.0.

% zoneadm list -cv

ID NAME STATUS PATH

0 global running /

1 appserv running /zones/appserver

% ping 192.168.175.126

192.168.175.126 is alive

% ifconfig -a


inet 127.0.0.1 netmask ff000000lo0:1: flags=2001000849 mtu 8232 index 1

zone appserv




ether 0:3:ba:2d:0:84

eri0:1: flags=1000843 mtu 1500 index 2

zone appserv

inet 192.168.175.126 netmask ffff0000 broadcast 192.168.255.255

Observe that the zone appserv has it's own virtual instance of lo0, the system's loopback interface and the zone's IP address is also being served

by the eri0 network interface

1. Login to the Zone {console} and performing the internal zone configuration. zlogin utility can be used to enter a zone. The first time we log

in to the console, we get a chance to answer a series of questions for the desired zone configuraton. -C option of zlogin can be used to log

in to the Zone console.

% zlogin -C -e [ appserv

[Connected to zone 'appserv' console]

Select a Language

0. English

1. es

2. fr

Please make a choice (0 - 2), or press h or ? for help: 0

Select a Locale




6/12

0. English (C - 7-bit ASCII)

1. Canada (English) (UTF-8)

2. Canada-English (ISO8859-1)

3. U.S.A. (UTF-8)

4. U.S.A. (en_US.ISO8859-1)

5. U.S.A. (en_US.ISO8859-15)

6. Go Back to Previous Screen

Please make a choice (0 - 6), or press h or ? for help: 0

...

Enter the host name which identifies this system on the network. The name

must be unique within your domain; creating a duplicate host name will cause

problems on the network after you install Solaris.

A host name must have at least one character; it can contain letters,

digits, and minus signs (-).

Host name for eri0:1 appserv v440appserv

...

...

System identification is completed.

...

rebooting system due to change(s) in /etc/default/init

[NOTICE: Zone rebooting]

SunOS Release 5.11 Version snv_23 64-bit

Copyright 1983-2005 Sun Microsystems, Inc. All rights reserved.

Use is subject to license terms.

Hostname: v440appserv

v440appserv console login: root

Password:

Feb 17 15:15:30 v440appserv login: ROOT LOGIN /dev/console

Sun Microsystems Inc. SunOS 5.11 snv_23 October 2007

%

That is all there is in the creation of a local zone. Now simply login to the newly created zone, just like connecting to any other system in the

network.

Mounting file systems in a non-global zone

Sometimes it might be necessary to export file systems or create new file systems when the zone is already running. This section's focus is on

exporting block devices and the raw devices in such situations i.e., when the local zone is already configured.

Exporting the Raw Device(s) to a non-global zone

If the file system does not exist on the device, raw devices can be exported as they are, so the file system can be created inside the non-global

zone using the normal newfs command.

The following example shows how to export the raw device to a non-global zone when the zone is already configured.

# zonecfg -z appserv

zonecfg:appserv> add device

zonecfg:appserv:device> set match=/dev/rdsk/c5t0d0s6

zonecfg:appserv:device> endzonecfg:appserv> verify






7/12

In this example /dev/rdsk/c5t0d0s6 is being exported.

After the zonecfg step, reboot the non-global zone to make the raw device visible inside the non-global zone. After the reboot, check the

existence of the raw device.

# hostname

v440appserv

# ls -l /dev/rdsk/c5t0d0s6

crw-r----- 1 root sys 118, 126 Aug 27 14:33 /dev/rdsk/c5t0d0s6

Now that the raw device is accessible within the non-global zone, we can use the regular Solaris commands to create any file system like UFS.

eg.,

# newfs -v c5t0d0s6

newfs: construct a new file system /dev/rdsk/c5t0d0s6: (y/n)? y

mkfs -F ufs /dev/rdsk/c5t0d0s6 1140260864 -1 -1 8192 1024 251 1 120 8192 t 0 -1 8 128 n

Warning: 4096 sector(s) in last cylinder unallocated

/dev/rdsk/c5t0d0s6: 1140260864 sectors in 185590 cylinders of 48 tracks, 128 sectors

556768.0MB in 11600 cyl groups (16 c/g, 48.00MB/g, 5824 i/g)

super-block backups (for fsck -F ufs -o b=#) at:

32, 98464, 196896, 295328, 393760, 492192, 590624, 689056, 787488, 885920,

Initializing cylinder groups:

...............................................................................

...............................................................................

.........................................................................

super-block backups for last 10 cylinder groups at:

1139344160, 1139442592, 1139541024, 1139639456, 1139737888, 1139836320,

1139934752, 1140033184, 1140131616, 1140230048

Exporting the Block Device(s) to a non-global zone

If the file system exists on the device, block devices can be exported as they are, so the file system can be mounted inside the non-global zone

using the normal Solaris command, mount.

The following example shows how to export the block device to a non-global zone when the zone is already configured.

# zonecfg -z appserv

zonecfg:appserv> add device

zonecfg:appserv:device> set match=/dev/dsk/c5t0d0s6

zonecfg:appserv:device> end




In this example /dev/dsk/c5t0d0s6 is being exported.

After the zonecfg step, reboot the non-global zone to make the block device visible inside the non-global zone. After the reboot, check the

existence of the block device; and mount the file system within the non-global zone.

# hostname

v440appserv

# ls -l /dev/dsk/c5t0d0s6

brw-r----- 1 root sys 118, 126 Aug 27 14:40 /dev/dsk/c5t0d0s6

# fstyp /dev/dsk/c5t0d0s6

ufs

# mount /dev/dsk/c5t0d0s6 /mnt

# df -h /mnt

Filesystem size used avail capacity Mounted on

/dev/dsk/c5t0d0s6 535G 64M 530G 1% /mnt




8/12


9/12

1. Shutdown the local zone

% zoneadm -z appserv halt

% zoneadm list -cv

ID NAME STATUS PATH

0 global running /

- appserv installed /zones/appserver

1. Uninstall the local zone -- remove the root file system

% zoneadm -z appserv uninstall

Are you sure you want to uninstall zone appserv (y/[n])? y

zoneadm list -cv

ID NAME STATUS PATH

0 global running /

- appserv configured /zones/appserver

1. Delete the configured local zone

% zonecfg -z appserv delete

Are you sure you want to delete zone appserv (y/[n])? y

zoneadm list -cv

ID NAME STATUS PATH

0 global running /

Cloning a Non-Global Zone

The following instructions are for cloning a non-global zone on the same system. The example shown below clones the siebeldb zone. After the

cloning process, a brand new zone oraclebi emerges as a replica of siebeldb zone.

eg.,

# zoneadm list -cv

ID NAME STATUS PATH BRAND IP

0 global running / native shared

- siebeldb installed /zones/dbserver native excl

1. Export the configuration of the zone that you want to clone/copy

# zonecfg -z siebeldb export > /tmp/siebeldb.config.cfg

1. Change the configuration of the new zone that differ from the existing one -- for example, IP address, data set names, network interface

etc. To make these changes, edit /tmp/siebeldb.config.cfg

1. Create the zone root directory for the new zone being created

# mkdir /zones3/oraclebi

# chmod 700 /zones3/oraclebi

# ls -ld /zones3/oraclebi

drwx------ 2 root root 512 Mar 12 15:41 /zones3/oraclebi

1. Create a new (empty, non-configured) zone in the usual manner with the edited configuration file as an input

# zonecfg -z oraclebi -f /tmp/siebeldb.config.cfg

# zoneadm list -cv ID NAME STATUS PATH BRAND IP


- siebeldb installed /zones/dbserver native excl




10/12

- oraclebi configured /zones3/oraclebi native excl

1. Ensure that the zone you intend to clone/copy is not running

# zoneadm -z siebeldb halt

1. Clone the existing zone

# zoneadm -z oraclebi clone siebeldb

Cloning zonepath /zones/dbserver...

This step takes at least 5 minutes to clone the whole zone. Larger zones may take longer to complete the cloning process.

1. Boot the newly created zone

# zoneadm -z oraclebi boot

Bring up the halted zone (the source zone) as well, if wish.

1. Login to the console of the new zone to configure IP, networking, etc., and you are done.

# zlogin -C oraclebi

Migrating a Non-Global Zone from One Host to Another

The following instructions demonstrate how to migrate the non-global zone, orabi to another server with examples.

# zoneadm list -cv



4 siebeldb running /zones/dbserver native excl

- orabi installed /zones3/orabi native shared

1. Halt the zone to be migrated, if running

# zoneadm -z orabi halt

1. Detach the zone. Once detached, it will be in the configured state

# zoneadm -z orabi detach

# zoneadm list -cv



4 siebeldb running /zones/dbserver native excl

- orabi configured /zones3/orabi native shared

1. Move the zonepath for the zone to be migrated from the old host to the new host.

Do the following on the old host:

# cd /zones3

# tar -Ecf orabi.tar orabi

# compress orabi.tar

# sftp newhost

Connecting to newhost...

sftp> cd /zones3

sftp> put orabi.tar.Z

Uploading orabi.tar.Z to /zones3/orabi.tar.Z

sftp> quit




11/12


12/12


- orabi installed /zones3/orabi native shared

Note: It is possible to force the attach operation without performing the validation. You can do so with the help of -F option

# zoneadm -z orabi attach -F

Be careful when using this option because it could lead to an incorrect configuration; and an incorrect configuration could result in undefined

behavior

Tip: How to find out whether connected to the primary OS instance or the virtual instance?

If the command zonename returns global, then you are connected to the OS instance that was booted from the physical hardware. If you see

any string other than global, you might have connected to the virtual OS instance.

Alternatively try running prstat -Z or zoneadm list -cv commands. If you see exactly one non-zero Zone ID, it is an indication that you are

connected to a non-global zone.

Create a withfree website


Solaris 10 Zone Basics

Documents

Transcript of Solaris 10 Zone Basics