Previous
Determine the Zone Host Name and Obtain the Network Address
You must determine the host name for the zone. Then, you must assign an IPv4 address or manually configure and assign an IPv6 address for the zone if you want it to have network connectivity.
Zone Host Name
The host name you select for the zone must be defined either in the hosts database or in the /etc/inet/hosts database, as specified by the /etc/nsswitch.conf file in the global zone. The network databases are files that provide network configuration information. The nsswitch.conf file specifies which naming service to use.
If you use local files for the naming service, the hosts database is maintained in the /etc/inet/hosts file. The host names for zone interfaces are resolved from the local hosts database in /etc/inet/hosts. Alternatively, the IP address itself can be specified directly when configuring a zone so that no host name resolution is required.
For more information, see "TCP/IP Configuration Files" in System Administration Guide: IP Services and "Network Databases and the nsswitch.conf File" in System Administration Guide: IP Services.
Zone Network Address
Each zone that requires network connectivity has one or more unique IP addresses. Both IPv4 and IPv6 addresses are supported.
IPv4 Zone Network Address
If you are using IPv4, obtain an address and assign the address to the zone.
A prefix length can also be specified with the IP address. The format of this prefix is address/prefix-length, for example, 192.168.1.1/24. Thus, the address to use is 192.168.1.1 and the netmask to use is 255.255.255.0, or the mask where the first 24 bits are 1-bits.
IPv6 Zone Network Address
If you are using IPv6, you must manually configure the address. Typically, at least the following two types of addresses must be configured:
Link-local address | A link-local address is of the form fe80::64-bit interface ID/10. The /10 indicates a prefix length of 10 bits. |
Address formed from a global prefix configured on the subnet | A global unicast address is based off a 64-bit prefix that the administrator configures for each subnet, and a 64-bit interface ID. The prefix can also be obtained by running the ifconfig command with the -a6 option on any system on the same subnet that has been configured to use IPv6. The 64-bit interface ID is typically derived from a system's MAC address. For zones use, an alternate address that is unique can be derived from the global zone's IPv4 address as follows: 16 bits of zero:upper 16 bits of IPv4 address:lower 16 bits of IPv4 address:a zone-unique number For example, if the global zone's IPv4 address is 192.168.200.10, a suitable link-local address for a non-global zone using a zone-unique number of 1 is fe80::c0a8:c80a:1/10. If the global prefix in use on that subnet is 2001:0db8:aabb:ccdd/64, a unique global unicast address for the same non-global zone is 2001:0db8:aabb:ccdd::c0a8:c80a:1/64. Note that you must specify a prefix length when configuring an IPv6 address. |
For more information about link-local and global unicast addresses, see the inet6(7P) ma page.
File System Configuration
You can specify a number of mounts to be performed when the virtual platform is set up. File systems that are loopback-mounted into a zone by using the loopback virtual file system (LOFS) file system should be mounted with the nodevices option. For information on the nodevices option, see File Systems and Non-Global Zones.
LOFS lets you create a new virtual file system so that you can access files by using an alternative path name. In a non-global zone, a loopback mount makes the file system hierarchy look as though it is duplicated under the zone's root. In the zone, all files will be accessible with a path name that starts from the zone's root. LOFS mounting preserves the file system name space.
Figure 18-1 Loopback-Mounted File Systems
See the lofs(7S) man page for more information.
Creating, Revising, and Deleting Non-Global Zone Configurations (Task Map)
Task | Description | For Instructions |
|---|---|---|
Configure a non-global zone. | Use the zonecfg command to create a zone, verify the configuration, and commit the configuration. You can also use a script to configure and boot multiple zones on your system. You can use the zonecfg command to display the configuration of a non-global zone. | Configuring, Verifying, and Committing a Zone, Script to Configure Multiple Zones |
Modify a zone configuration. | Use these procedures to modify a resource type in a zone configuration, modify a property type such as the name of a zone, or add a dedicated device to a zone. | |
Revert a zone configuration or delete a zone configuration. | Use the zonecfg command to undo a resource setting made to a zone configuration or to delete a zone configuration. | Using the zonecfg Command to Revert or Remove a Zone Configuration |
Delete a zone configuration. | Use the zonecfg command with the delete subcommand to delete a zone configuration from the system. |
Configuring, Verifying, and Committing a Zone
You use the zonecfg command described in the zonecfg(1M) man page to perform the following actions.
Create the zone configuration
Verify that all required information is present
Commit the non-global zone configuration
The zonecfg command can also be used to persistently specify the resource management settings for the global zone.
While configuring a zone with the zonecfg utility, you can use the revert subcommand to undo the setting for a resource. See How to Revert a Zone Configuration.
A script to configure multiple zones on your system is provided in Script to Configure Multiple Zones.
To display a non-global zone's configuration, see How to Display the Configuration of a Non-Global Zone.
How to Configure the Zone
You must be the global administrator in the global zone to perform this procedure.
Become superuser, or assume the Primary Administrator role.
To create the role and assign the role to a user, see "Using the Solaris Management Tools With RBAC (Task Map)" in System Administration Guide: Basic Administration.
Set up a zone configuration with the zone name you have chosen.
The name my-zone is used in this example procedure.
global# zonecfg -z my-zone
If this is the first time you have configured this zone, you will see the following system message:
my-zone: No such zone configured Use 'create' to begin configuring a new zone.
Create the new zone configuration.
This procedure uses the Sun default settings.
zonecfg:my-zone> create
Set the zone path, /export/home/my-zone in this procedure.
zonecfg:my-zone> set zonepath=/export/home/my-zone
Set the autoboot value.
If set to true, the zone is automatically booted when the global zone is booted. Note that for the zones to autoboot, the zones service svc:/system/zones:default must also be enabled. The default value is false.
zonecfg:my-zone> set autoboot=true
Set persistent boot arguments for a zone.
zonecfg:my-zone> set bootargs="-m verbose"
If resource pools are enabled on your system, associate a pool with the zone.
This example uses the default pool, named pool_default.
zonecfg:my-zone> set pool=pool_default
Because a resource pool can have an optional scheduling class assignment, you can use the pools facility to set a default scheduler other than the system default for a non-global zone. For instructions, see How to Associate a Pool With a Scheduling Class and Creating the Configuration.
Revise the default set of privileges.
zonecfg:my-zone> set limitpriv="default,sys_time"
This line adds the ability to set the system clock to the default set of privileges.
Set the scheduling class to FSS.
zonecfg:my-zone> set scheduling-class=FSS
Set five CPU shares.
zonecfg:my-zone> set cpu-shares=5
Add a memory cap.
zonecfg:my-zone> add capped-memory
Set the physical memory cap.
zonecfg:my-zone:capped-memory> set physical=50m
Set the swap memory cap.
zonecfg:my-zone:capped-memory> set swap=100m
Set the locked memory cap.
zonecfg:my-zone:capped-memory> set locked=30m
Add a file system.
zonecfg:my-zone> add fs
Set the mount point for the file system, /usr/local in this procedure.
zonecfg:my-zone:fs> set dir=/usr/local
Specify that /opt/local in the global zone is to be mounted as /usr/local in the zone being configured.
zonecfg:my-zone:fs> set special=/opt/local
In the non-global zone, the /usr/local file system will be readable and writable.
Specify the file system type, lofs in this procedure.
zonecfg:my-zone:fs> set type=lofs
The type indicates how the kernel interacts with the file system.
End the file system specification.
zonecfg:my-zone:fs> end
This step can be performed more than once to add more than one file system.
Add a ZFS dataset named sales in the storage pool tank
zonecfg:my-zone> add dataset
Specify the path to the ZFS dataset sales.
zonecfg:my-zone> set name=tank/sales
End the dataset specification.
zonecfg:my-zone> end
(Sparse Root Zone Only) Add a shared file system that is loopback-mounted from the global zone.
Do not perform this step to create a whole root zone, which does not have any shared file systems. See the discussion for whole root zones in Disk Space Requirements.
zonecfg:my-zone> add inherit-pkg-dir
Specify that /opt/sfw in the global zone is to be mounted in read-only mode in the zone being configured.
zonecfg:my-zone:inherit-pkg-dir> set dir=/opt/sfw
Note - The zone's packaging database is updated to reflect the packages. These resources cannot be modified or removed after the zone has been installed using zoneadm.
End the inherit-pkg-dir specification.
zonecfg:my-zone:inherit-pkg-dir> end
This step can be performed more than once to add more than one shared file system.
Note - If you want to create a whole root zone but default shared file systems resources have been added by using inherit-pkg-dir, you must remove these default inherit-pkg-dir resources using zonecfg before you install the zone:
zonecfg:my-zone> remove inherit-pkg-dir dir=/lib
zonecfg:my-zone> remove inherit-pkg-dir dir=/platform
zonecfg:my-zone> remove inherit-pkg-dir dir=/sbin
zonecfg:my-zone> remove inherit-pkg-dir dir=/usr
Add a network virtual interface.
zonecfg:my-zone> add net
Set the IP address for the network interface, 192.168.0.1 in this procedure.
zonecfg:my-zone:net> set address=192.168.0.1
Set the physical device type for the network interface, the hme device in this procedure.
zonecfg:my-zone:net> set physical=hme0
End the specification.
zonecfg:my-zone:net> end
This step can be performed more than once to add more than one network interface.
Add a device.
zonecfg:my-zone> add device
Set the device match, /dev/sound/* in this procedure.
zonecfg:my-zone:device> set match=/dev/sound/*
End the device specification.
zonecfg:my-zone:device> end
This step can be performed more than once to add more than one device.
Add a zone-wide resource control.
zonecfg:my-zone> add rctl
Set the name of the resource control, zone.max-locked-memory in this procedure.
zonecfg:my-zone:rctl> set name=zone.max-locked-memory
Add values for the privilege, a 100-megabyte limit, and the action to be taken when that threshold is reached.
zonecfg:my-zone:rctl> add value (priv=privileged,limit=104857600,action=deny)
End the rctl specification.
zonecfg:my-zone:rctl> end
This step can be performed more than once to add more than one resource control.
Add a comment by using the attr resource type.
zonecfg:my-zone> add attr
Verify the zone configuration for the zone.
zonecfg:my-zone> verify
Commit the zone configuration for the zone.
zonecfg:my-zone> commit
Exit the zonecfg command.
zonecfg:my-zone> exit
Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.
More Information
Using Multiple Subcommands From the Command Line
Tip - The zonecfg command also supports multiple subcommands, quoted and separated by semicolons, from the same shell invocation.
global# zonecfg -z my-zone "create ; set zonepath=/export/home/my-zone" |