Solaris 10 zones – it’s a virtualization technology which allows you to create isolated and secure environments for running applications. For end-users these environments look just like separate abstract machines with Solaris 10 installed on them. Inside each zone, all the processes don’t see anything happening in all the other zones on a system. Isolation is done on such a level that processes of one zone can’t see or affect processes of any other zone.
All of this is done on a software level, and by default every Solaris 10 machine has a global zone – only from this zone you can view processes of all the rest zones on your system. You probably didn’t even notice, but upon the completion of your Solaris 10 install, you’re immediately put into the global zone. It’s very easy to see this zone:
Global zone – every installed OS acts like a global zone, which is present by default. All non-global zones can only be intalled, configured and administered from global zone.
Non-global zone – They share the functioning of the kernel booted under the global zone. All the software and other resources are inherited from the global zone.
Whole Root zone (Big zone) – It gets their own writable copy of all the file systems like /opt, /usr. It takes more disk space.
Sparse root zone (Small zone) – File systems like /opt, /usr are shared from global zone as loopback file-system (you only have a read-only access to these directories in non-global zone). It takes very less disk space.
Branded zones – These are solaris 8 or solaris 9 zones on the solaris 10 global zones.
- Configured Configuration has been completed and storage has been committed. Additional configuration is still required.
- Incomplete Zone is in this state when it is being installed or uninstalled.
- Installed The zone has a confirmed configuration, zoneadm is used to verify the configuration, Solaris packages have been installed, even through it has been installed, it still has no virtual platform associated with it.
- Ready (active) Zone’s virtual platform is established. The kernel creates the zsched process, the network interfaces are plumbed and filesystems mounted. The system also assigns a zone ID at this state, but no processes are associated with this zone.
- Running (active) A zone enters this state when the first user process is created. This is the normal state for an operational zone.
- Shutting down + Down (active) Normal state when a zone is being shutdown.
Zone Deamons :
- zoneadm : Each zone will have a zoneadm associated with it and carries out the following actions:
allocates the zone ID and starts the zsched process
sets system-wide resource controls
prepares the zone’s devices if any specified in the zone configuration
plumbs the virtual network interface
mounts any loopback or conventional filesystems
- zsched The job of the zsched is to keep track of kernel threads running within the zone.
There are many ways to create a zone. This will show one possible approach to create a working zone.
First create 2 new filesystems for your zone. One for its root area and one for its data area. You can use the newfs command to do this once you determine which partitions are available for use.
For this example, we will use /dev/dsk/c0t1d0s0 and /dev/dsk/c0t1d0s3 for the root and data areas respectively.
# newfs /dev/rdsk/c0t1d0s0 # newfs /dev/rdsk/c0t1d0s3
Next add an entry as follows for the root area in your vfstab:
/dev/dsk/c0t1d0s0 /dev/rdsk/c0t1d0s0 /export/zone1 ufs 1 yes -
Next mount the filesytem and ensure correct permissions:
# mkdir /export/zone1 # chown root:root /export # mount /export/zone1 # chmod 700 /export/zone1
Now we can create the zone configuration.
# zonecfg -z zone1 zone1: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:zone1> create zonecfg:zone1> set zonepath=/export/zone1 zonecfg:zone1> set autoboot=true zonecfg:zone1> add fs zonecfg:zone1:fs> set dir=/dir1 zonecfg:zone1:fs> set special=/dev/dsk/c0t1d0s3 zonecfg:zone1:fs> set raw=/dev/rdsk/c0t1d0s3 zonecfg:zone1:fs> set type=ufs zonecfg:zone1:fs> end zonecfg:zone1> add net zonecfg:zone1:net> set physical=eri0 zonecfg:zone1:net> set address=192.168.201.121 zonecfg:zone1:net> end zonecfg:zone1> add attr zonecfg:zone1:attr> set name=comment zonecfg:zone1:attr> set type=string zonecfg:zone1:attr> set value="zone one" zonecfg:zone1:attr> end zonecfg:zone1> verify zonecfg:zone1> commit zonecfg:zone1> info zonecfg:zone1> exit
You can use this procedure for multiple zones making sure that the filesystem, network, and attribute configurations are appropriately modified. I have created an additional zone in this manner called zone2 as you will see in the following zoneadm command outputs.
# zoneadm list -i global
Notice that your new zone does not show up. It isn’t installed yet, it is just configured. Next we will install it.
# zoneadm -z zone1 install
Once complete, you can see the zones are installed:
# zoneadm list -iv ID NAME STATUS PATH 0 global running / - zone1 installed /export/zone1 - zone2 installed /export/zone2 # zoneadm -z zone1 ready # zoneadm -z zone1 boot # zoneadm list -iv ID NAME STATUS PATH 0 global running / 5 zone1 running /export/zone1 - zone2 installed /export/zone2
To log into a running zone use the zlogin command.
# zlogin -C zone1 [Connected to zone 'zone1' console] 117/117
Halting a zone
# zoneadm –z zone1 halt # zoneadm list –cv ID NAME STATUS PATH 0 global running / - zone1 installed /zones/zone1
Rebooting a zone
# zoneadm –z zone1 reboot # zoneadm list –cv ID NAME STATUS PATH 0 global running / 1 zone1 running /zones/zone1
Uninstalling a zone
# zoneadm –z zone1 uninstall -F
Deleting a zone
# zoneadm –z zone1 delete -F