Documentation: Zones
The following are a few examples for the configuration of Solaris 10 Zones. Currently with a focus on Resource Controls. Note: This document is not written by Sun. Brendan Gregg, 17-Jan-2005, version 2.30.
What is a Zone?
Virtual instance of Solaris Software partition for the OS. A large SunFire server with hardware domains allows many isolated systems to be created. Zones achieve this in software and is far more flexible - it is easy to move individual CPUs between zones as needed, or to configure a more sophisticated way to share CPUs and memory.
Contents
Zone 1 - Small-Zone demo, the default zone that shares many filesystems.
Zone 2 - Big-Zone demo, a zone on a separate slice with it's own OS files.
Scripts 1 - Scripts 1. Handy scripts to make zone administration easier.
Resource Control Summary - Resource Control Summary.
Commands 1 - Commands 1. A cheatsheet of common resource control commands.
Commands 2 - Commands 2. How to manage resource control configs.
Resource CPU Intro - CPU Resource control Intro.
Resource CPU 1 - CPU Resource control example 1. Fixed CPUs per zone.
Resource CPU 2 - CPU Resource control example 2. Varying CPUs per zone.
Resource CPU 3 - CPU Resource control example 3. Fair Share Scheduler (FSS).
Resource Mem Intro - Memory Resource control Intro.
Resource Mem 1 - Memory Resource control example 1. Projects for applications.
Resource Mem 2 - Memory Resource control example 2. Modifying the system project.
Resource Disk Size Intro - Disk Size Resource control Intro.
Resource Disk Throughput Intro - Disk Throughput Resource control Intro.
Resource Network Intro - Network Resource control Intro.
Resource Network 1 - Network Resource control example 1. Separate NICs per zone.
Zone Recommendations - Some suggestions on how best to manage zones.
Zone Backups - Methods to backup zones.
Zone Patching - Strategies to patch zones.
Zone Packages - Strategies to add packages zones.
Screenshots Ultra 5 - Screen shots of an 11 zone UltraSPARC 5.
Links on Zones - Essential links for further info on Zones.
Operating Systems
This document is based on the first customer release of Solaris 10. In the later revisions, many of the commands and syntax may be improved. Check the "what's new" sections on docs.sun.com to keep up to date with changes.
Examples
The following are examples that demonstrate a particular function of Zones.
Small-Zone
This demonstrates creating a simple zone that uses the default settings which share most of the operating system with the global zone. The final layout will be like the following,
To create such a zone involves letting the system pick default settings, which includes the loopback filesystem (lofs) read only mounts that share most of the OS. The following commands were used,
# zonecfg -z small-zone
small-zone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:small-zone> create
zonecfg:small-zone> set autoboot=true
zonecfg:small-zone> set zonepath=/export/small-zone
zonecfg:small-zone> add net
zonecfg:small-zone:net> set address=192.168.2.101
zonecfg:small-zone:net> set physical=hme0
zonecfg:small-zone:net> end
zonecfg:small-zone> info
zonepath: /export/small-zone
autoboot: true
pool:
inherit-pkg-dir: dir: /lib
inherit-pkg-dir: dir: /platform
inherit-pkg-dir: dir: /sbin
inherit-pkg-dir: dir: /usr
net: address: 192.168.2.101
physical: hme0
zonecfg:small-zone> verify
zonecfg:small-zone> commit
zonecfg:small-zone> exit
#
# zoneadm list -cv
ID NAME STATUS PATH
0 global running /
- small-zone configured /export/small-zone
The new zone is in a configured state. Those inherited-pkg-dir's are filesystems that will be shared lofs (loopback filesystem) readonly from the global; this saves copying the entire operating system over during install, but can make adding packages to the small-zone difficult as /usr is readonly. (See the big-zone example that uses a different approach).
We can see the zonecfg command has saved the info to an XML file in /etc/zones,
# cat /etc/zones/small-zone.xml
Next we begin the zone install, it takes around 10 minutes to initialise the packages it needs for the new zone. A verify is run first to check our zone config is ok, then we run the install, then boot the zone,
# mkdir /export/small-zone
# chmod 700 /export/small-zone
#
# zoneadm -z small-zone verify
#
# zoneadm -z small-zone install
Preparing to install zone
Creating list of files to copy from the global zone.
Copying <2574> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <987> packages on the zone.
Initialized <987> packages on zone.
Zone
Installation of these packages generated warnings:
The file contains a log of the zone installation.
#
# zoneadm list -cv
ID NAME STATUS PATH
0 global running /
- small-zone installed /export/small-zone
#
# zoneadm -z small-zone boot
#
# zoneadm list -cv
ID NAME STATUS PATH
0 global running /
1 small-zone running /export/small-zone
We can see small-zone is up and running. Now we login for the first time to the console, so we can answer system identification questions such as timezone,
# zlogin -C small-zone[Connected to zone 'small-zone' console] 100/100
What type of terminal are you using?
1) ANSI Standard CRT
2) DEC VT52
3) DEC VT100
4) Heathkit 19
5) Lear Siegler ADM31
6) PC Console
7) Sun Command Tool
8) Sun Workstation
9) Televideo 910
10) Televideo 925
11) Wyse Model 50
12) X Terminal Emulator (xterms)
13) CDE Terminal Emulator (dtterm)
14) OtherType the number of your choice and press Return: 13 ...standard questions...
The system then reboots. To get an idea of what this zone actually is, lets poke around it's zonepath from the global zone,
/> cd /export/small-zone
/export/small-zone> ls
dev root
/export/small-zone> cd root
/export/small-zone/root> ls
bin etc home mnt opt proc system usrdev export lib net platform sbin tmp var
/export/small-zone/root> grep lofs /etc/mnttab
/export/small-zone/dev /export/small-zone/root/dev lofs zonedevfs,dev=4e40002 1110446770
/lib /export/small-zone/root/lib lofs
ro,nodevices,nosub,dev=2200008 1110446770
/platform /export/small-zone/root/platform lofs
ro,nodevices,nosub,dev=2200008 1110446770
/sbin /export/small-zone/root/sbin lofs
ro,nodevices,nosub,dev=2200008 1110446770
/usr /export/small-zone/root/usr lofs
ro,nodevices,nosub,dev=2200008 1110446770
/export/small-zone/root> du -hs etc var
38M etc
30M var
/export/small-zone/root>
From the directories that are not lofs shared from the global zone, the main ones are /etc and /var. They add up to around 70Mb, which is roughly how much extra disk space was required to create this small-zone.
