如何创建和配置Solaris10 zones (ZT)

http://thegeekdiary.com/how-to-create-and-configure-solaris-10-zones/

Solaris zones enables a software partitioning of solaris 10 OS to support multiple independent, secure OS environments to run in the same OS. Each environment has separate process space, resource allocation and users. Zones is widely used in production environments as it is easy to setup and doesn’t require any special hardware like ldoms does.

Zone types

Global zone – every installed OS acts like a global zone, which is present by default. All non-global zones can only be intalled, configured and administered from global zone.
Non-global zone – They share the functioning of the kernel booted under the global zone. All the software and other resources are inherited from the global zone.
Whole Root zone (Big zone) – It gets their own writable copy of all the file systems like /opt, /usr. It takes more disk space.
Sparse root zone (Small zone) – File systems like /opt, /usr are shared from global zone as loopback file-system (you only have a read-only access to these directories in non-global zone). It takes very less disk space.
Branded zones – These are solaris 8 or solaris 9 zones on the solaris 10 global zones.

Configuring a zone with minimal settings

Let us create a new zone with a minimal resources and settings required to get it up and running. We’ll see how to add other resources like cpu, memory, file system etc later in this post.We would be creating a sparse root zone in this case. To create a whole root zone we just have to use create -b instead of just create in the configuration prompt.

global# mkdir -p /zones/zone01

global# chmod 700 /zones/zone01

global# zonecfg -z zone01

zone01: No such zone configured

Use 'create' to begin configuring a new zone.

zonecfg:zone01> create

zonecfg:zone01> set zonepath=/zones/zone01

zonecfg:zone01> set autoboot=true

zonecfg:zone01> verify

zonecfg:zone01> commit

zonecfg:zone01> exit

Install and boot the zone

Now install the zone and boot it. Upon booting we can login into the console of the zoen to configure it.

global# zoneadm -z zone01 verify

global# zoneadm -z my-zone install

global# zoneadm -z my-zone list -ivc

ID  NAME     STATUS       PATH                 BRAND      IP

 0  global   running      /                    native     shared

 -  zone01   installed    /zones/zone01        native     shared

global# zoneadm -z my-zone boot

global# zoneadm list -v

ID  NAME     STATUS       PATH                 BRAND      IP

 0  global   running      /                    native     shared

 1  my-zone  running      /zones/zone01        native     shared

global# zlogin -C zone01

global # zlogin zone01

-C here connects you to the console of the zone. This has to be done only once to get the zone configured with hostname, timezone and other basic settings.

Resource configuration examples

Below are some most commonly used examples of resource configuration in a zone.

CPU

1. Dedicated CPU

To see the CPU information in the global zone you can use

global# psrinfo -v

global# psrinfo -vp

After you have confirmed the CPUs you want to use, you can add a fixed no of CPUs to the zone.

zonecfg:zone01> add dedicated-cpu

zonecfg:zone01:dedicated-cpu> set ncpus=1-2

zonecfg:zone01:dedicated-cpu> set importance=10   (optional, default is 1)

zonecfg:zone01:dedicated-cpu> end

Memory

Capped Memory

zonecfg:my-zone> add capped-memory

zonecfg:zone01:capped-memory> set physical=50m  [max memory that can be used by this zone]

zonecfg:zone01:capped-memory> set swap=100m

zonecfg:zone01:capped-memory> set locked=30m  [memory locked for use by this zone]

zonecfg:zone01:capped-memory> end

File system

a. Loopback FS

zonecfg:zone01> add fs

zonecfg:zone01:fs> set dir=/usr/local

zonecfg:zone01:fs> set special=/opt/zones/my-zone/local

zonecfg:zone01:fs> set type=lofs

zonecfg:zone01:fs> end

here /usr/local will be readable and writable in non-global zone

b. Normal file system

zonecfg:zone01> add fs

zonecfg:zone01:fs> set dir=/data01

zonecfg:my-zone01:fs> set special=/dev/dsk/c1t1d0s0

zonecfg:my-zone01:fs> set raw=/dev/rdsk/c1t1d0s0

zonecfg:my-zone01:fs> add options [logging, nosuid]    (optional)

zonecfg:my-zone01:fs> end

ZFS dataset

When we delegate a dataset to a non-global zone we can do any operation on that dataset inside of the zone without requiring global zone to configure it all the time.

zonecfg:zone01> add dataset

zonecfg:zone01> set name=tank/sales

zonecfg:zone01> end

Inherit package (sparse root zone only)

Now in case of sparse root zone we can inherit some of the packages from the global zone.

zonecfg:my-zone> add inherit-pkg-dir

zonecfg:my-zone:inherit-pkg-dir> set dir=/opt/sfw

zonecfg:my-zone:inherit-pkg-dir> end

NOTE: These resources can not be modified once the zone is installed

We can either give an exclusive IP using a dedicated interface to a non-global zone or use an existing interface in the global zone to share it with the non-global zone. When we configure an exclusive IP we have to configure IP address inside of the non-global zone and not during the configuration.

a. Exclusive IP

zonecfg:my-zone> set ip-type=exclusive

zonecfg:zone01> add net

zonecfg:zone01:net> set physical=hme0

NOTE: No need to specify IP here you can control everything from inside of the non-global zone

b. Shared IP

In this case zone uses a shared interface which is already plumbed and being used in the global zone.

zonecfg:zone01> add net

zonecfg:zone01:net> set address=192.168.1.2

zonecfg:zone01:net> set physical=hme0

zonecfg:zone01:net> set defrouter=10.0.0.1   [optional]

zonecfg:zone01:net> end

Device

We can also directly assign a physical device like disk to a non-global disk.

zonecfg:zone01> add device

zonecfg:zone01:device> set match=/dev/rdsk/c0t1d0

zonecfg:zone01:device> end

Comments

In case you want to add some comments like function of the non-global zone or anything else for that matter.

zonecfg:zone01> add attr

zonecfg:zone01:attr> set name=comment

zonecfg:zone01:attr> set type=string

zonecfg:zone01:attr> set value="Hello World. This is my zone"

zonecfg:zone01:attr> end

Other

Other settings like scheduling class of the CPU in the non-global zone can also be configured from the global zone.

zonecfg:zone01> set limitpriv="default,sys_time"

zonecfg:zone01> set scheduling-class=FSS

Other administrative commands

To reboot a zone :                 # zoneadm -z  reboot

To halt a zone :                   # zoneadm -z zone halt

To uninstalling a zone :           # zoneadm -z zone uninstall -F

To delete an uninstalled zone :    # zoneadm -z zone delete -F

Get all configuration info :       # zonecfg -z zone info

login into a zone in safe mode :   # zlogin -S zone

prstat on all zones :              # prstat -Z

prstat on a single zone :          # prstat -z zone