Backing Up Application Data Only
If application data is kept in a particular part of the file system, you might decide to perform regular backups of this data only. The zone's root file system might not have to be backed up as often because it changes less frequently.
You will have to determine where the application places its files. Locations where files can be stored include the following:
Users' home directories
/etc for configuration data files
/var
Assuming the application administrator knows where the data is stored, it might be possible to create a system in which a per-zone writable directory is made available to each zone. Each zone can then store its own backups, and the global administrator can make this location one of the places on the system to back up.
General Database Backup Operations
If the database application data is not under its own directory, the following rules apply:
Ensure that the databases are in a consistent state first.
Databases must be quiesced because they have internal buffers to flush to disk. Make sure that the databases in non-global zones have come down before starting the backup from the global zone.
Within each zone, use file system features to make a snapshot of the data, then back up the snapshots directly from the global zone.
This process will minimize elapsed time for the backup window and remove the need for backup clients/modules in all of the zones.
Tape Backups
Each non-global zone can take a snapshot of its private file systems when it is convenient for that zone and the application has been briefly quiesced. Later, the global zone can back up each of the snapshots and put them on tape after the application is back in service.
This method has the following advantages:
Fewer tape devices are needed.
There is no need for coordination between the non-global zones.
There is no need to assign devices directly to zones, which improves security.
Generally, this method keeps system management in the global zone, which is preferred.
About Restoring Non-Global Zones
In the case of a restore where the backups were done from the global zone, the global administrator can reinstall the affected zones and then restore that zone's files. Note that this assumes the following:
The zone being restored has the same configuration as it did when the backup was done.
The global zone has not been upgraded or patched between the time when the backup was done and the time when the zone is restored.
Otherwise, the restore could overwrite some files that should be merged by hand.
For example, you might need to merge files by hand if a global zone has been patched after the backup, but prior to the restore of the non-global zone. In this case, you would have to be careful when restoring a zone's files that were backed up since a backed up file might not be compatible with the newly installed zone that was built after the patches were applied to the global zone. In this case, you would have to examine the files individually and compare them to the copies in the newly installed zone. In most cases, you will find that the file can be copied directly in, but in some cases, you must merge the changes originally made to the file into the newly installed or patched copy in the zone.
Note - If all file systems in the global zone are lost, restoring everything in the global zone restores the non-global zones as well, as long as the respective root file systems of the non-global zones were included in the backup.
Commands Used on a Solaris System With Zones Installed
The commands identified in the table Commands Used to Administer Zones provide the primary administrative interface to the zones facility.
Table 26-3 Commands Used With Zones
Command Reference | Description |
---|---|
zlogin(1) | Log in to a non-global zone |
zonename(1) | Prints the name of the current zone |
zoneadm(1M) | Administers zones on a system |
zonecfg(1M) | Used to set up a zone configuration |
getzoneid(3C) | Used to map between zone ID and name |
zones(5) | Provides description of zones facility |
zcons(7D) | Zone console device driver |
The zoneadmd daemon is the primary process for managing the zone's virtual platform. The man page for the zoneadmd daemon is zoneadmd(1M). The daemon does not constitute a programming interface.
The commands in the next table are used with the resource capping daemon.
Table 26-4 Commands Used With rcapd
Command Reference | Description |
---|---|
rcapstat(1) | Monitors the resource utilization of capped projects. |
rcapadm(1M) | Configures the resource capping daemon, displays the current status of the resource capping daemon if it has been configured, and enables or disables resource capping |
rcapd(1M) | The resource capping daemon. |
The commands identified in the following table have been modified for use on a Solaris system with zones installed. These commands have options that are specific to zones or present information differently.
Table 26-5 Commands Modified for Use on a Solaris System With Zones Installed
Command Reference | Description |
---|---|
ipcrm(1) | Added -z zone option. This option is only useful when the command is executed in the global zone. |
ipcs(1) | Added -z zone option. This option is only useful when the command is executed in the global zone. |
pgrep(1) | Added -z zoneidlist option. This option is only useful when the command is executed in the global zone. |
ppriv(1) | Added the expression zone for use with the -l option to list all privileges available in the current zone. Also use the option -v after zone to obtain verbose output. |
priocntl(1) | Zone ID can be used in idlist and -i idtype to specify processes. You can use the priocntl -i zoneid command to move running processes into a different scheduling class in a non-global zone. |
proc(1) | Added -z zone option to ptree only. This option is only useful when the command is executed in the global zone. |
ps(1) | Added zonename and zoneid to list of recognized format names used with the -o option. Added -z zonelist to list only processes in the specified zones. Zones can be specified either by zone name or by zone ID. This option is only useful when the command is executed in the global zone. Added -Z to print the name of the zone associated with the process. The name is printed under an additional column header, ZONE. |
renice(1) | Added zoneid to list of valid arguments used with the -i option. |
sar(1) | If executed in a non-global zone in which the pools facility is enabled, the -b, -c -g, -m, -p, -u, -w, and -y options display values only for processors that are in the processor set of the pool to which the zone is bound. |
auditconfig(1M) | Added zonename token. |
auditreduce(1M) | Added -z zone-name option. Added ability to get an audit log of a zone. |
coreadm(1M) | Added variable %z to identify the zone in which process executed. |
df(1M) | Added -Z option to display mounts in all visible zones. This option has no effect in a non-global zone. |
ifconfig(1M) | Added zone option for global zone use (the default), and -zone zonename for non-global zone use. |
iostat(1M) | If executed in a non-global zone in which the pools facility is enabled, information is provided only for those processors that are in the processor set of the pool to which the zone is bound. |
kstat(1M) | If executed in the global zone, kstats are displayed for all zones. If executed in a non-global zone, only kstats with a matching zoneid are displayed. |
mpstat(1M) | If executed in a non-global zone in which the pools facility is enabled, command only displays lines for the processors that are in the processor set of the pool to which the zone is bound. |
ndd(1M) | When used in the global zone, displays information for all zones. |
netstat(1M) | Displays information for the current zone only. |
nfsstat(1M) | Displays statistics for the current zone only. |
poolbind(1M) | Added zoneid list. Also see Resource Pools Used in Zones for information about using zones with resource pools. |
prstat(1M) | Added -z zoneidlist option. Also added -Z option. If executed in a non-global zone in which the pools facility is enabled, the percentage of recent CPU time used by the process is displayed only for the processors in the processor set of the pool to which the zone is bound. Output of the -a, -t, -T, -J, and -Z options displays SWAP instead of SIZE column. The swap reported is the total swap consumed by the zone's processes and tmpfs mounts. This value assists in monitoring the swap reserved by each zone, which can be used to choose a reasonable zone.max-swap setting. |
psrinfo(1M) | If executed in a non-global zone, only information about the processors visible to the zone is displayed. |
traceroute(1M) | Usage change. When specified from within a non-global zone, the -F option has no effect because the "don't fragment" bit is always set. |
vmstat(1M) | When executed in a non-global zone in which the pools facility is enabled, statistics are reported only for the processors in the processor set of the pool to which the zone is bound. Applies to output from the -p option and the page, faults, and cpu report fields. |
auditon(2) | Added AUDIT_ZONENAME to generate a zone ID token with each audit record. |
priocntl(2) | Added P_ZONEID id argument. |
processor_info(2) | If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned. |
p_online(2) | If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned. |
pset_bind(2) | Added P_ZONEID as idtype. Added zone to possible choices for P_MYID specification. Added P_ZONEID to valid idtype list in EINVAL error description. |
pset_info(2) | If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned. |
pset_list(2) | If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned. |
pset_setattr(2) | If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned. |
sysinfo(2) | Changed PRIV_SYS_CONFIG to PRIV_SYS_ADMIN. |
umount(2) | ENOENT is returned if file pointed to by file is not an absolute path. |
getloadavg(3C) | If the caller is in a non-global zone and the pools facility is enabled, the behavior is equivalent to calling with a psetid of PS_MYID. |
getpriority(3C) | Added zone IDs to target processes that can be specified. Added zone ID to EINVAL error description. |
priv_str_to_set(3C) | Added "zone" string for the set of all privileges available within the caller's zone. |
pset_getloadavg(3C) | If the caller is in a non-global zone and the pools facility is enabled, but the processor is not in the processor set of the pool to which the zone is bound, an error is returned. |
sysconf(3C) | If the caller is in a non-global zone and the pools facility enabled, sysconf(_SC_NPROCESSORS_CONF) and sysconf(_SC_NPROCESSORS_ONLN) return the number of total and online processors in the processor set of the pool to which the zone is bound. |
ucred_get(3C) | Added ucred_getzoneid() function, which returns the zone ID of the process or -1 if the zone ID is not available. |
core(4) | Added n_type: NT_ZONENAME. This entry contains a string that describes the name of the zone in which the process was running. |
pkginfo(4) | Now provides optional parameters and an environment variable in support of zones. |
proc(4) | Added capability to obtain information on processes running in zones. |
audit_syslog(5) | Added in<zone name> field that is used if the zonename audit policy is set. |
privileges(5) | Added PRIV_PROC_ZONE, which allows a process to trace or send signals to processes in other zones. See zones(5). |
if_tcp(7P) | Added zone ioctl() calls. |
cmn_err(9F) | Added zone parameter. |
ddi_cred(9F) | Added crgetzoneid(), which returns the zone ID from the user credential pointed to by cr. |