This tech doc contains an overview of zones found in Solaris 10 and some useful links.
In the Solaris 10 OS, Sun introduces new enhancements to Solaris Containers (formally N1 Grid Containers) called Zones. They provide the ability to run multiple virtualized OS instances on the single instance of the real OS with enhanced security, fault isolation, and flexible resource boundaries.
The Solaris Zone partitioning technology is used to virtualize operating system services and provide an isolated and secure environment for running applications. A zone is a virtualized operating system environment created within a single instance of the Solaris Operating System. When you create a zone, you produce an environment in which processes are isolated from the rest of the system by providing a separate name space, including its own IP address, file system, unique root and user password file, name server, and so on.
There are two classifications of zones: global and non-global. Every Solaris system contains one global zone and can have a number of non-global zones.
The global zone is both the default zone for the system and the zone used for system-wide administrative control. All processes run in the global zone if no non-global zones, referred to simply as zones, are created.
The global zone is the only zone from which a non-global zone can be configured, installed, managed, or uninstalled. Only the global zone is bootable from the system hardware. Administration of physical devices, routing, or dynamic reconfiguration (DR), is only possible in the global zone.
There are two types of non-global zone root file system models: sparse and whole root.
Sparse Root Zones (Partial Zones)
The sparse root zone model optimizes the sharing of objects in the following ways:
- Only subsets of the root packages are installed.
- Read-only loopback file systems are used to gain access to other files.
In this model, only certain root packages are installed in the non-global zone. This includes a subset of the required root packages that are normally installed in the global zone, and any additional root packages that the global administrator might select. Access to other files will be through read-only loopback file systems, identified as inherit-pkg-dir resources. Thus, zones that have inherit-pkg-dir resources are called sparse root zones.
Whole Root Zones
The whole root zone model provides the maximum configurability. All of the required and any selected optional Solaris packages are installed into the private file systems of the zone. The advantages of this model include the capability for global zone administrators to customize their zones file system layout. This would be done, for example, to add arbitrary unbundled or third-party packages.
Identifying Zone Characteristics
The zonecfg command is used to create the configuration and to determine whether the specified resources and properties are valid on a hypothetical system.
You can determine the type and configuration of a non-global zone by entering the following Solaris zonecfg command from within the global zone:
zonecfg-z non-global-zone-name info
Sample output of the zonecfg command:
global # zonecfg -z sz0401 info
value: (priv=privileged,limitprivileged, limit=10,action=none)
TEC366118 Installing CA XCOM for Oracle Solaris with zones.
For additional information regarding Solaris Zones and the zonecfg commands, please see the Sun Product Documentation:
System Administration Guide: Solaris Containers-Resource Management and Solaris Zones Guide.
Some Useful Zone Commands
|exit||Return to the global zone|
|zlogin -l user non-global-zone-name||Login to the non-global zone specified|
|zoneadm -z zonename boot||Boot zone to bring up runtime environment|
|zoneadm -z zonename halt||Stop zone|
|zoneadm help||List zoneadm commands|
|zoneadm -z zonename install||Install|
|zoneadm [-z zonename] list -v||List all zones|
|zonecfg -z my-zone||Configure non-global-zone called my-zone|