How to configure ZFS (zoning) in Solaris 10

Zones in Solaris server in some way serves the same purpose as virtualization where you are allowed to create several zones which will act as an individual machine.

These are the features of zones in Solaris:

  • Virtualization
  • Solaris Zones can host only instances of Solaris. Not other OSs.
  • Limit of 8192 zones per Solaris host
  • Primary zone(global) has access to ALL zones
  • Non-global zones, do NOT have access to other non-global zones
  • Default non-global zones derive packages from global zone
  • Program isolation - zone1(Apache), zone2(MySQL)
  • Provides 'z' commands to manage zones: zlogin, zonename, zoneadm,zonecfg

Features of Global zone:

  • Solaris ALWAYS boots(cold/warm) to the global zone
  • Knows about ALL hardware devices attached to the system
  • Knows about ALL non-global zones

Features of Non-Global zones:

  • Installed at a location on the filesystem of the GLOBAL zone 'zone root path' /export/home/zones/{zone1,zone2,zone3,...}
  •  Share packages with GLOBAL zone
  •  Manage distinct hostname and tables files
  •  Cannot communicate with other non-global zones by default. NIC must be used, which means, use standard network API(TCP)
  •  Global zone admin can delegate non-global zone administration

Steps for configuring non-global zone:

# mkdir /export/home/zones
# chmod 700 /export/home/zones/testzone1

Creating a zone:

# zonecfg -z testzone1
zonecfg:testzone1> set zonepath=/export/home/zones/testzone1
zonecfg:testzone1> add net
zonecfg:testzone1:net> set address=
zonecfg:testzone1:net> set physical=e1000g0
zonecfg:testzone1:net> set defrouter=
zonecfg:testzone1:net> info
physical: e1000g0

zonecfg:testzone1:net> exit
Resource incomplete; really quit (y/[n])? n
zonecfg:testzone1:net> end
zonecfg:testzone1> verify
zonecfg:testzone1> commit
zonecfg:testzone1> exit

Configuring a zone:

# zonecfg -z testzone1 info
zonename: testzone1
zonepath: /export/home/zones/testzone1
brand: native
autoboot: false
ip-type: shared
dir: /lib
dir: /platform
dir: /sbin
dir: /usr
physical: e1000g0

Installing a zone:

bash-3.00# zoneadm -z testzone1 install
Preparing to install zone <testzone1>.
Creating list of files to copy from the global zone.
Preparing to initialize <1090> packages on the zone.
Initializing package <622> of <1090>: percent complete: 57%
Initialized <1090> packages on zone.
Zone <testzone1> is initialized.
The file  </export/home/zones/testzone1/root/var/sadm/system/logs/install_log>
contains a log of the zone installation.

Booting the zone

bash-3.00# zoneadm -z testzone1 boot
bash-3.00# zoneadm list -iv
0  global    running   /    native shared
1  testzone1 running   /    export/home/zones/testzone1 native shared

Zlogin is used to login to zones

NOTE: each non-global zone maintains a console. Use 'zlogin -C zonename' after installing zone to complete zone configuration

NOTE: Zlogin permits login to non-global zone via the following:

 1. Interactive - i.e. zlogin -l username zonename
 2. Non-interactive - zlogin options command
 3. Console mode - zlogin -C zonename
 4. Safe mode - zlogin -S

Now login to your zone and complete the installation using this command

# zlogin -C testzone1

To reboot the zone

# zoneadm -z testzone1 reboot

To shutdown the zone

# zlogin testzone1 shutdown

Related Articles

Follow the below links for more tutorials

Secure data transfer using GPG key between Linux machines
Configure Red Hat Cluster using VMware, Quorum Disk, GFS2, Openfiler
Tutorial for Monitoring Tools SAR and KSAR with examples in Linux
How to configure Samba 4 Secondary Domain Controller
How to secure Apache web server in Linux using password (.htaccess)
How to register Red Hat Linux with RHN (Red Hat Network )
Red hat Enterprise Linux 5.5 Installation Guide (Screenshots)
15 tips to enhance security of your Linux machine
Why is Linux more secure than windows and any other OS
What is the difference between "su" and "su -" in Linux?
What is swappiness and how do we change its value?
How to log iptables messages in different log file
What are the s and k scripts in the etc rcx.d directories
How to check all the currently running services in Linux