Now that we know how to create non-global zones in Solaris, it’s probably time to learn some basics of zones configuration. Most work is done with zonecfg which has been mentioned in my Solaris zones: a working example post.
Example of fully configuring a Solaris 10 zone
For starters, let’s have a look at the full configuration of our zone. You’ve probably guessed by now, that we only specified the minimal number of parameters when creating our zone. Now I’ll show you how to get a full view of our zone’s configuration, and I’ll also talk a bit about types of resources you can allocate to a non-global zone.
Start zonecfg with export command to get a full configuration (export is a command line parameter in my example, but if you like, you can do zonecfg -z zone1 and then type export when prompted for a command):
solaris# zonecfg -z zone1 export create -b set zonepath=/sr/zones/1 set autoboot=false add inherit-pkg-dir set dir=/lib end add inherit-pkg-dir set dir=/platform end add inherit-pkg-dir set dir=/sbin end add inherit-pkg-dir set dir=/usr end add net set address=192.168.0.5 set physical=bge0 end
As you can guess from the name of the command –export, we’re getting a full list of commands for zonecfg to create a similar zone. We’re exporting the config. I’ll talk about this a bit more some other time.
Lookinf at the output, you can recognize some of the commands we’ve actually typed following the instructions from my previous entry, but there are also few new commands. Particularly, they are the file-system (packages) related ones. I’ll definitely have a separate blog entry on file systems in zones, but for now I’ll just talk about resources for zones.
Each non-global zone can be allocated any resources you have on your actual system. Resources are added with an add command, which you can see now in the output I’ve given. This commands takes a parameter – a resource type.
Resource types in Solaris 10 configuration
- net – a network interface. As you remember, when adding such a resource, you have to specify a physically present network adapter card you have in your box, and zone’s network interface will be a virtual interface on this network adapter.
- device – any additional device. Using device names mask (for instance, /dev/pts*), you can allow a non-global zone access any devices you have on your actual system.
- fs – a file system. You can grant access to a physical disk or any directory of your actual system to any non-global zone. You can specify a file system type along with mount options, which is very convenient.
- inherit-pkg-dir – a globa zone root filesystem directory which is inherited by a non-global zone. Specifying a directory name, you’re pointing to the fact that all the files from this directory of your actual system (global zone) will not be physically copied into the non-global zone, but insteal will be inherited. The fact is, files from these directories will be accessible through a read-only loopback filesystem in your non-global zone (thanks, Dan!)
- attr – an attribute. With resources of this type you can create text comments for your zones – these comments might come in handy when you get back to reconfiguring your zone some time later.
- rctl – a zone-wide resource control. At this stage, there are only two parameters of this type –zone.cpu-shares and zone.max-lwps, but there will be more in the future. These parameters allow you to limit a CPU time given to a zone, and limit a max number of lwp processes which can be created in a zone.