Documente Academic
Documente Profesional
Documente Cultură
feature included in the SolarisTM 10 Operating System (Solaris 10 OS). The Solaris
Zones and Solaris 10 Resource Manager technologies comprise the set of system
management services known as Solaris Containers.
Zones allow application components to be isolated from one another even though
the zones share a single instance of the Solaris Operating System. Resource
management features permit you to allocate the quantity of resources that a
workload receives.
Solaris
Zones
Solaris Zones
Zone Concepts
Zone types
Zone daemons
Zone file systems
Zone networking
Zone states
Zone Concepts
Zone Types The Solaris Operating System supports two types of zones:
Global
Non-global
Zone Concepts
The Global Every Solaris system contains a global zone. The global zone has
Zone two functions: it is both the default zone for the system, and the
zone used for system-wide administrative control. The global
zone is the only zone from which a non-global zone can be
configured, installed, managed, or uninstalled. All processes run
in the global zone if no non-global zones are created.
The global zone is the only zone from which a non-global zone
can be configured, installed, managed, or uninstalled.
Appropriately privileged processes running in the global zone can
access objects associated with non-global zones. Unprivileged
processes in the global zone might be able to perform operations
not allowed to privileged processes in a non-global zone. For
example, users in the global zone can view information about
every process in the system. If this capability presents a problem
for your site, you can restrict access to the global zone.
Zone Concepts
Zone Concepts
Zone Concepts
Zone File There are two models for populating root file system space in
Systems non-global zones, the sparse root model and the whole root
model.
Zone Concepts
Sparse Root The sparse root model installs a minimal number of files from the
Model global zone when you initialize a non-global zone. In this model,
only certain root packages are installed in the non-global zone.
These include a subset of the required root packages that are
normally installed in the global zone, and additional root
packages that the global administrator might have selected. Files
that need to be shared between a non-global zone and the global
zone are mounted through read-only loopback file systems.
For files that are mounted using a loopback file system, removing
a critical file from the global zone would have an effect similar to
that in a typical client-server situation. The non-global zone's
dependence on the file would determine how removing the file
would affect the zone.
Zone Concepts
Whole Root The whole root model provides the maximum configurability. All
Model of the required and any selected optional Solaris packages are
installed into the private file systems of the zone. The advantages
of this model include the capability for global zone
administrators to customize their zones file system layout. This
would be done, for example, to add arbitrary unbundled or third-
party packages. The disk requirements for this model are
determined by the disk space used by the packages currently
installed in the global zone.
Zone Concepts
Zone Each non-global zone that requires network connectivity has one
Networking or more dedicated IP addresses. These addresses are associated
with logical network interfaces that can be placed in a zone by
using theifconfig command. For example, if the primary
network interface in the global zone is ce0, then the non-global's
logical network interface might be ce0:1. Logical interfaces are
automatically assigned the next available identifier, for
example, ce0:2, ce0:3.
You can configure IPMP in the global zone, then extend its
function to non-global zones. You extend this function by placing
the non-global zone's IP address in an IPMP group when you
configure the zone. Then, if one of the interfaces in the global
zone fails, the non-global zone addresses migrate to another
network interface card.
Zone Concepts
Zone To understand how zones operate, we need to understand that zones can
States exist in various states, and what those states mean. Non-global zones
behave like typical Solaris 10 OS installations, but they do not have
resources such as a power-on self-test (POST) or an OpenBoot
Programmable Read-Only Memory (OBP). These resources are
managed by the global zone. As you configure a non-global zone, bring
it into operation, use the zone, reboot, or shut it down, the state that
the zoneadm command reports for that zone changes. The image shows
the zone states.
Configuring Zones
Configuring Zones
Identifying Zone When planning zones for your environment, you must consider
Components the components that make up each zone's configuration. These
components include:
A zone name
A path to the zone's root
The zone network interfaces
The file systems mounted in zones
The configured devices in zones
Configuring Zones
Configuring Zones
Allocating File There are no limits on how much disk space can be consumed by
System Space a zone. The global zone administrator is responsible for space
restriction. Even a small uniprocessor system can support a
number of zones running simultaneously. The nature of the
packages installed in the global zone affects the space
requirements of the non-global zones that are created. The
number of packages and space requirements are factors.
Assigning Zones A "one zone, one pool" rule applies to non-global zones.
to Resource Processes within a non-global zone are bound only to the pool to
Pools which the non-global zone is bound. Processes within a non-
global zone cannot be bound to other pools. Processes in the
global zone, however, can be bound by a sufficiently privileged
process to any pool.
Although a zone can only be associated with one pool, the pool
need not be exclusively assigned to a particular zone.
Configuring Zones
CPU_allocation_% =
non_global_zone_limit/(non_global_zone_limit +
other_zone_limit...) * 100
Command Description
Using zonecfgResource Resource types within the zonecfg utility include the
Parameters following:
Line 5 - This is the name of the resource pool that this zone must
be bound to when booted. The example lists the system default
pool, but you can specify a different pool that you configured for
this zone.
Line 7 - This line sets the mount point for the file system, which
is/mnt in this example.
Line 10 - This line specifies that the file system type is UFS.
Line 24 - This line sets the name of the resource control, which
iszone.cpu-shares in this procedure.
Line 25 - This line sets the resource control parameter values to:
privileged calls, a limit of 20 CPU shares, and no action to be
taken when that threshold is reached.
Line 28 - This line sets the name of the name of the attribute,
which iscomment in this procedure.
Line 34 - This line exits the zonecfg session. You can use the -
F(force) option with exit.
Viewing the You can use the zonecfg command to view the zone
Zone configuration.
Configuration # zonecfg -z work-zone info
zonepath: /export/work-zone
autoboot: true
pool: pool_default
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
inherit-pkg-dir:
dir: /opt/sfw
fs:
dir: /mnt
special: /dev/dsk/c0t0d0s7
raw: /dev/rdsk/c0t0d0s7
type: ufs
options: [logging]
net:
address: 192.168.0.1
physical: ce0
device
match: /dev/sound/*
rctl:
name: zone.cpu-shares
value:
(priv=privileged,limit=20,action=none)
attr:
name: comment
type: string
value: "The work zone."
#
Introduction The zoneadm command is the primary tool used to install and
administer non-global zones. Operations using
the zoneadm command must be run from the global zone. The
following tasks can be performed using thezoneadm command:
Verifying a You can verify a zone before you install it. If you skip this
Configured procedure, the verification is performed automatically when you
Zone install the zone. You must be the global administrator in the
global zone to perform this procedure.
You use the zoneadm list -iv command to list the installed
zones and verify the status:
Booting a Zone
Booting a zone places the zone in the running state. If you set
theautoboot resource property in a zone's configuration to true,
that zone automatically boots when the global zone boots. The
default setting isfalse.
Logging In to After you boot the zone for the first time, it is important to
the Zone connect to the zone's virtual console and complete the zone's
Console system identification before you can begin using the zone. To log
in to the zone's virtual console and begin the zone's system
identification process, use the zlogin command with the -
C option.
The first time that you connect to the zone's virtual console, the
system identification process starts automatically. You are asked
to select a language and locale, and the terminal type. A graphical
user interface (GUI) then starts and presents questions regarding
the zone's host name, Kerberos security, name services, time
zone, root password, and NFS version 4 domain name. When this
identification process completes, the zone automatically reboots.
zlogin -C -e \^ work-zone
Halting a Zone The zoneadm halt command is used to remove both the
application environment and the virtual platform for a zone. The
zone is then brought back to the installed state. All processes are
killed, devices are unconfigured, network interfaces are
unplumbed, file systems are unmounted, and the kernel data
structures are destroyed.
The halt command does not run any shutdown scripts within the
zone.
Zone IDs are assigned when the non-global zones boot, and
change when they reboot.
# zlogin -C work-zone
[Connected to zone 'work-zone' console]
After using the console interface to log in to the zone, take a look
at how the operating system views its resources.
twilight# hostname
twilight
twilight# uname -a
SunOS twilight 5.10 s10_54 sun4u sparc SUNW,Netra-
T12
twilight# df -k
File system kbytes used avail
capacity Mounted on
/ 678457 69941 547455 12%
/
/dev 678457 69941 547455 12%
/dev
/lib 33265565 1893804 31039106 6%
/lib
/platform 33265565 1893804 31039106 6%
/platform
/sbin 33265565 1893804 31039106 6%
/sbin
/usr 33265565 1893804 31039106 6%
/usr
proc 0 0 0 0%
/proc
mnttab 0 0 0 0%
/etc/mnttab
fd 0 0 0 0%
/dev/fd
swap 7949040 32 7949008 1%
/var/run
swap 7949008 0 7949008 0%
/tmp
twilight# ps -ef |grep z
UID PID PPID C STIME TTY TIME
CMD
root 6965 6965 0 12:35:38 ? 0:00
zsched
twilight# ifconfig -a
lo0:1:
flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4>
mtu 8232 index
1 inet 127.0.0.1 netmask ff000000
ce0:1:
flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4>
mtu 1500 index
2 inet 192.168.0.1 netmask ffffff00 broadcast
192.168.0.255
twilight# ~.
[Connection to zone 'work-zone' console closed]
Note: The zone is now up and running. If you add (or delete)
resources to the running zone using the zonecfg command, you
must restart the zone for the changes to take effect.
# zonecfg -z work-zone
zonecfg:work-zone> remove net physical=ce0
zonecfg:work-zone> commit
zonecfg:work-zone> exit
Deleting a Zone When deleting a zone, be sure to back up any files that you want
to keep. The first stage in deleting a zone is halting the Solaris 10
OS and freeing the system memory.
At this point, the zone is not using system resources other than
file system space. Uninstall the zone to remove the zone's file
usage.
The final step is to delete the configuration of the zone from the
global system with the delete subcommand.
Configuring The poold daemon in the global zone is necessary for the
Resource Pools dynamic resource pool feature to function. The poold daemon
starts when you enable, and stops when you disable, the pool
facility.
poolcfgComman You can use poolcfg to view the current pool configuration
d Examples directly from the kernel state:
You can use poolcfg to read a pool configuration that has been
saved to a file, typically /etc/pooladm.conf.
Configuring Zone
Resources
Using The pooladm command provides administrative operations
the pooladmCommand on pools and sets. pooladm reads the specified file name
and attempts to activate the pool configuration contained in
it. Before updating the current pool run-time
configuration, pooladm validates the configuration for
correctness. Without options, pooladm prints out the current
running pools configuration.
# pooladm -e
# pooladm -s /etc/pooladm.conf
The /etc/pooladm.conf file does not exist by default.
# pooladm -c
# pooladm -x
Configuring Zone
Resources
regtool:101:Regtool example::registry:recap.max-
rss=1024000
For example:
$ rcapstat
id project nproc vm rss cap at
avgat pg avgpg
101 regtool 3 4408K 792K 1000K 0K
0K 0K 0K
...
The value of rss (792K) is less than the value of cap (1000K)
and the paging indicators show no paging (0K). This indicates the
memory cap is effective.
# pkgparam -v SUNWzoneu
CLASSES='none'
BASEDIR='/'
LANG='C'
PATH='/sbin:/usr/sbin:/usr/bin:/usr/sadm/install/bin'
OAMBASE='/usr/sadm/sysadm'
PKG='SUNWzoneu'
NAME='Solaris Zones (Usr)'
ARCH='sparc'
VERSION='11.10.0,REV=2005.01.21.15.53'
SUNW_PRODNAME='SunOS'
SUNW_PRODVERS='5.10/Generic'
SUNW_PKGTYPE='usr'
MAXINST='1000'
CATEGORY='system'
DESC='Solaris Zones Configuration and Administration'
VENDOR='Sun Microsystems, Inc.'
HOTLINE='Please contact your local service provider'
EMAIL=''
SUNW_PKGVERS='1.0'
SUNW_PKG_ALLZONES='true'
SUNW_PKG_HOLLOW='false'
PSTAMP='gaget20050121155950'
PKGINST='SUNWzoneu'
PKGSAV='/var/sadm/pkg/SUNWzoneu/save'
INSTDATE='Jan 26 2005 10:21'
#
Package If the package is not currently installed in the global zone and not
Operations currently installed in any non-global zone, the package can be
Possible in the installed according to the following guidelines:
Global Zone
Only in the global zone, if
SUNW_PKG_ALLZONES=false
In the global zone and all non-global zones
Package The package operations possible in any non-global zone are the
Operations following:
Possible in a
If a package is not currently installed in the non-global
Non-Global
zone, the package can be installed only if
Zone SUNW_PKG_ALLZONES=false.
If a package is currently installed in the non-global zone,
the following guidelines apply:
o The package can be installed over the existing
instance of the package only if
SUNW_PKG_ALLZONES=false.
o The package can be removed from the non-global
zone only if SUNW_PKG_ALLZONES=false.