Previous
Chapter 31
Configuring the lx Branded Zone (Tasks)
This chapter describes how to configure an lx branded zone on your x64 or x86 based system. The process is basically the same as the procedure to configure a Solaris Zone. A few of the properties are not needed to configure a branded zone.
Planning and Configuring an lx Branded Zone (Task Map)
Before you set up your system to use zones, you must first collect information and make decisions about how to configure the zones. The following task map summarizes how to plan and configure an lx zone.
Task | Description | For Instructions |
|---|---|---|
Plan your zone strategy. |
| See System and Space Requirements and Resource Pools Used in Zones. |
Determine the name and the path for the zone. | Decide what to call the zone based on the naming conventions. A path on a Zetabyte File System (ZFS) is recommended. When the source zonepath and the target zonepath both reside on ZFS and are in the same pool, the zoneadm clone command automatically uses ZFS to clone the zone. | See Resource and Property Types and Solaris ZFS Administration Guide. |
Obtain or configure IP addresses for the zone. | Depending on your configuration, you must obtain at least one IP address for each non-global zone that you want to have network access. | See Determine the Zone Host Name and Obtain the Network Address and System Administration Guide: IP Services. |
Determine if you want to mount file systems in the zone. | Review your application requirements. | See File Systems Mounted in Zones for more information. |
Determine which network interfaces should be plumbed in the zone. | Review your application requirements. | See Network Interfaces for more information. |
Determine whether you must alter the default set of non-global zone permissions. | Check the set of privileges: default, privileges that can be added and removed, and privileges that cannot be used at this time. | See Resource and Property Types and Privileges in a Non-Global Zone. |
Configure the zone. | Use zonecfg to create a configuration for the zone. | See How to Configure, Verify, and Commit the lx Branded Zone. |
Verify and commit the configured zone. | Determine whether the resources and properties specified are valid on a hypothetical system. | See How to Configure, Verify, and Commit the lx Branded Zone. |
How to Configure the lx Branded Zone
You use the zonecfg command described in the zonecfg(1M) man page to perform the following actions.
Create the zone configuration
Verify that all required information is present
Commit the non-global zone configuration
Tip - If you know you will be using CDs or DVDs to install applications in an lx branded zone, use add fs to add read-only access to CD or DVD media in the global zone when you initially configure the branded zone. A CD or DVD can then be used to install a product in the branded zone.
While configuring a zone with the zonecfg utility, you can use the revert subcommand to undo the setting for a resource. See How to Revert a Zone Configuration.
A script to configure multiple zones on your system is provided in Script to Configure Multiple lx Branded Zones.
To display a non-global zone's configuration, see How to Display the Configuration of a Branded Zone.
Tip - After you have configured the branded zone, it is a good idea to make a copy of the zone's configuration. You can use this backup to restore the zone in the future. As superuser or Primary Administrator, print the configuration for the zone lx-zone to a file. This example uses a file named lx-zone.config.
global# zonecfg -z lx-zone export > lx-zone.config |
See How to Restore an Individual Non-Global Zone for more information.
How to Configure, Verify, and Commit the lx Branded
Zone
Note that you cannot use lx branded zones on a Trusted Solaris system where labels are enabled. The zoneadm command will not verify the configuration.
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see "Using the Solaris Management Tools With RBAC (Task Map)" in System Administration Guide: Basic Administration.
Set up a zone configuration with the zone name you have chosen.
The name lx-zone is used in this example procedure.
global# zonecfg -z lx-zone
If this is the first time you have configured this zone, you will see the following system message:
lx-zone: No such zone configured Use 'create' to begin configuring a new zone.
Create the new lx zone configuration by using the SUNWlx template.
zonecfg:lx-zone> create -t SUNWlx
Alternatively, you can create a blank zone and explicitly set the brand:
zonecfg:lx-zone> create -b zonecfg:lx-zone> set brand=lx
Set the zone path, /export/home/lx-zone in this procedure.
zonecfg:lx-zone> set zonepath=/export/home/lx-zone
Set the autoboot value.
If set to true, the zone is automatically booted when the global zone is booted. Note that for the zones to autoboot, the zones service svc:/system/zones:default must also be enabled. The default value is false.
zonecfg:lx-zone> set autoboot=true
Set persistent boot arguments for a zone.
zonecfg:lx-zone> set bootargs="-i=altinit"
If resource pools are enabled on your system, associate a pool with the zone.
This example uses the default pool, named pool_default.
zonecfg:lx-zone> set pool=pool_default
Because a resource pool can have an optional scheduling class assignment, you can use the pools facility to set a default scheduler other than the system default for a non-global zone. For instructions, see How to Associate a Pool With a Scheduling Class and Creating the Configuration.
Revise the default set of privileges.
zonecfg:lx-zone> set limitpriv="default,proc_priocntl"
The proc_priocntl privilege is used to run processes in the real-time class.
Set the scheduling class to FSS.
zonecfg:lx> set scheduling-class=FSS
Set five CPU shares.
zonecfg:lx-zone> set cpu-shares=5
Add a memory cap.
zonecfg:lx-zone> add capped-memory
Set the physical memory cap.
zonecfg:lx-zone:capped-memory> set physical=50m
Set the swap memory cap.
zonecfg:lx-zone:capped-memory> set swap=100m
Set the locked memory cap.
zonecfg:lx-zone:capped-memory> set locked=30m
Add a file system.
zonecfg:lx-zone> add fs
Set the mount point for the file system, /export/linux/local in this procedure.
zonecfg:lx-zone:fs> set dir=/export/linux/local
Specify that /opt/local in the global zone is to be mounted as /usr/local in the zone being configured.
zonecfg:lx-zone:fs> set special=/opt/local
In the non-global zone, the /usr/local file system will be readable and writable.
Specify the file system type, lofs in this procedure.
zonecfg:lx-zone:fs> set type=lofs
The type indicates how the kernel interacts with the file system.
End the file system specification.
zonecfg:lx-zone:fs> end
This step can be performed more than once to add more than one file system.
Add a network virtual interface.
zonecfg:lx-zone> add net
Set the IP address in the form ip address of zone/netmask. In this procedure, 10.6.10.233/24 is used.
zonecfg:lx-zone:net> set address=10.6.10.233/24
Set the physical device type for the network interface, the bge device in this procedure.
zonecfg:lx-zone:net> set physical=bge0
End the specification.
zonecfg:lx-zone:net> end
This step can be performed more than once to add more than one network interface.
Add a zone-wide resource control.
zonecfg:lx-zone> add rctl
Set the name of the resource control, zone.cpu-shares in this procedure.
zonecfg:lx-zone:rctl> set name=zone.cpu-shares
Add values for the privilege, the share limit, and the action to be taken when that threshold is reached.
zonecfg:lx-zone:rctl> add value (priv=privileged,limit=20,action=none)
End the rctl specification.
zonecfg:lx-zone:rctl> end
This step can be performed more than once to add more than one resource control.
Enable an audio device present in the global zone in this zone by using the attr resource type.
zonecfg:lx-zone> add attr
Verify the zone configuration for the zone.
zonecfg:lx-zone> verify
Commit the zone configuration for the zone.
zonecfg:lx-zone> commit
Exit the zonecfg command.
zonecfg:lx-zone> exit
Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.
More Information
Using Multiple Subcommands From the Command Line
Tip - The zonecfg command also supports multiple subcommands, quoted and separated by semicolons, from the same shell invocation.
global# zonecfg -z lx-zone "create -t SUNWlx; set zonepath=/export/home/lx-zone" |