Create and Configure the Solaris 10 Zones

Solaris 10 zones – it’s a virtualization technology which allows you to create isolated and secure environments for running applications. For end-users these environments look just like separate abstract machines with Solaris 10 installed on them. Inside each zone, all the processes don’t see anything happening in all the other zones on a system. Isolation is done on such a level that processes of one zone can’t see or affect processes of any other zone.

All of this is done on a software level, and by default every Solaris 10 machine has a global zone – only from this zone you can view processes of all the rest zones on your system. You probably didn’t even notice, but upon the completion of your Solaris 10 install, you’re immediately put into the global zone. It’s very easy to see this zone:

Zone types

Global zone – every installed OS acts like a global zone, which is present by default. All non-global zones can only be intalled, configured and administered from global zone.
Non-global zone – They share the functioning of the kernel booted under the global zone. All the software and other resources are inherited from the global zone.
Whole Root zone (Big zone) – It gets their own writable copy of all the file systems like /opt, /usr. It takes more disk space.
Sparse root zone (Small zone) – File systems like /opt, /usr are shared from global zone as loopback file-system (you only have a read-only access to these directories in non-global zone). It takes very less disk space.
Branded zones – These are solaris 8 or solaris 9 zones on the solaris 10 global zones.

Zone states:

  1. Configured Configuration has been completed and storage has been committed. Additional configuration is still required.
  2. Incomplete Zone is in this state when it is being installed or uninstalled.
  3. Installed The zone has a confirmed configuration, zoneadm is used to verify the configuration, Solaris packages have been installed, even through it has been installed, it still has no virtual platform associated with it.
  4. Ready (active) Zone’s virtual platform is established. The kernel creates the zsched process, the network interfaces are plumbed and filesystems mounted. The system also assigns a zone ID at this state, but no processes are associated with this zone.
  5. Running (active) A zone enters this state when the first user process is created. This is the normal state for an operational zone.
  6. Shutting down + Down (active) Normal state when a zone is being shutdown.

Zone Deamons : 

  1. zoneadm : Each zone will have a zoneadm associated with it and carries out the following actions:
    allocates the zone ID and starts the zsched process
    sets system-wide resource controls
    prepares the zone’s devices if any specified in the zone configuration
    plumbs the virtual network interface
    mounts any loopback or conventional filesystems
  2. zsched The job of the zsched is to keep track of kernel threads running within the zone.

There are many ways to create a zone. This will show one possible approach to create a working zone.
First create 2 new filesystems for your zone. One for its root area and one for its data area. You can use the newfs command to do this once you determine which partitions are available for use.
For this example, we will use /dev/dsk/c0t1d0s0 and /dev/dsk/c0t1d0s3 for the root and data areas respectively.

# newfs /dev/rdsk/c0t1d0s0
# newfs /dev/rdsk/c0t1d0s3

Next add an entry as follows for the root area in your vfstab:

/dev/dsk/c0t1d0s0  /dev/rdsk/c0t1d0s0 /export/zone1 ufs   1   yes  -

Next mount the filesytem and ensure correct permissions:

# mkdir /export/zone1
# chown root:root /export
# mount /export/zone1
# chmod 700 /export/zone1

Now we can create the zone configuration.

# zonecfg -z zone1
zone1: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:zone1> create
zonecfg:zone1> set zonepath=/export/zone1
zonecfg:zone1> set autoboot=true
zonecfg:zone1> add fs
zonecfg:zone1:fs> set dir=/dir1
zonecfg:zone1:fs> set special=/dev/dsk/c0t1d0s3
zonecfg:zone1:fs> set raw=/dev/rdsk/c0t1d0s3
zonecfg:zone1:fs> set type=ufs
zonecfg:zone1:fs> end
zonecfg:zone1> add net
zonecfg:zone1:net> set physical=eri0
zonecfg:zone1:net> set address=192.168.201.121
zonecfg:zone1:net> end
zonecfg:zone1> add attr
zonecfg:zone1:attr> set name=comment
zonecfg:zone1:attr> set type=string
zonecfg:zone1:attr> set value="zone one"
zonecfg:zone1:attr> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> info
zonecfg:zone1> exit

You can use this procedure for multiple zones making sure that the filesystem, network, and attribute configurations are appropriately modified. I have created an additional zone in this manner called zone2 as you will see in the following zoneadm command outputs.

# zoneadm list -i
global

Notice that your new zone does not show up. It isn’t installed yet, it is just configured. Next we will install it.

# zoneadm -z zone1 install

Once complete, you can see the zones are installed:

# zoneadm list -iv
 ID NAME STATUS PATH
 0 global running /
 - zone1 installed /export/zone1
 - zone2 installed /export/zone2

# zoneadm -z zone1 ready

# zoneadm -z zone1 boot

# zoneadm list -iv
 ID NAME STATUS PATH
 0 global running /
 5 zone1 running /export/zone1
 - zone2 installed /export/zone2

To log into a running zone use the zlogin command.

# zlogin -C zone1
[Connected to zone 'zone1' console]
117/117

Halting a zone

# zoneadm –z zone1 halt 
# zoneadm list –cv

ID NAME STATUS PATH 
0 global running / 
- zone1 installed /zones/zone1

Rebooting a zone

# zoneadm –z zone1 reboot 
# zoneadm list –cv

ID NAME STATUS PATH 
0 global running / 
1 zone1 running /zones/zone1

Uninstalling a zone

# zoneadm –z zone1 uninstall -F

Deleting a zone

# zoneadm –z zone1 delete -F