Solaris 10 Zones

 

Installation / Setup of Zones

Create the filesystem for the zone

The first thing that I do is create a filesystem area for the new zone to reside in. I also mount it under a mount point named /zone/1 and I ensure that only the root user has access to it thus:

$ ls -lap /zone
total 8
drwxr-xr-x   3 root     other        512 Feb 26 12:42 ./
drwxr-xr-x  22 root     root         512 Feb 26 12:42 ../
drwx------   5 root     root         512 Feb 26 13:27 1/

 

Setup the zone

We use zonecfg to create a new zone. Do this from the global zone and as the root user.

bash-2.05b# zonecfg -z zone1
zone1: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:zone1> create
zonecfg:zone1> set zonepath=/zone/1
zonecfg:zone1> set autoboot=true
zonecfg:zone1> add net
zonecfg:zone1:net> set address=192.168.35.210
zonecfg:zone1:net> set physical=hme1
zonecfg:zone1:net> end
zonecfg:zone1> info
zonepath: /zone/1
autoboot: true
pool:
inherit-pkg-dir:
        dir: /lib
inherit-pkg-dir:
        dir: /platform
inherit-pkg-dir:
        dir: /sbin
inherit-pkg-dir:
        dir: /usr
net:
        address: 192.168.35.210
       physical: hme1
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> ^D

Simple really. The zonecfg tool is interactive and I specified that I want to “create” a zone. The filesystem that I created is the new “zonepath” and I want this new virtual server to boot along with the global zone when the “real” server boots. Who can tell what is “real” and what isn’t? It won’t matter anymore. I also set the ip address for the zone as well as the interface to bind to. Finally I asked for zonecfg to show me what I just did via the simple “info” command. I then used “verify” and “commit” to ensure that the config is complete. That is all. Nothing fancy.

Verify the zone setup

I then used zonecfg and zoneadm to verify that in fact what I had just done was in fact, er, well, done. Really I just like playing with new technology and so will you!

bash-2.05b# zonecfg -z zone1 info
zonepath: /zone/1
autoboot: true
pool:
inherit-pkg-dir:
        dir: /lib
inherit-pkg-dir:
        dir: /platform
inherit-pkg-dir:
        dir: /sbin
inherit-pkg-dir:
       dir: /usr
net:
        address: 192.168.35.210
        physical: hme1
bash-2.05b# zoneadm list -vc
  ID NAME             STATUS         PATH
   0 global           running        /
   - zone1            configured     /zone/1

Install the zone

The next step to perform is to “install” the zone.

bash-2.05b# zoneadm -z zone1 install
Preparing to install zone <zone1>.
Creating list of files to copy from the global zone.
Copying <2521> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <808> packages on the zone.
Initializing package <7> of <808>: percent complete: 0%
.
.  < this goes on for some time >
.
Initialized <808> packages on zone.
Successfully initialized zone <zone1>.
bash-2.05b# df -ak /zone/1
Filesystem            kbytes    used   avail capacity  Mounted on
/dev/dsk/c0t1d0s0    1972734   76238 1797860     5%    /zone/1

Verify the installation of the zone

Again I use zoneadm to see the results of my actions :

bash-2.05b# zoneadm list -vc
  ID NAME             STATUS         PATH
   0 global           running        /
   - zone1            installed      /zone/1

See that? The STATUS is now “installed”.

Boot the zone

Now lets boot that new virtual server that we created!

bash-2.05b# zoneadm -z zone1 boot
bash-2.05b# zoneadm list -vc
  ID NAME             STATUS         PATH
   0 global           running        /
   2 zone1            running        /zone/1

 

Ping the zone

I now have a virtual server running? Really? Let’s ping it :

bash-2.05b# ping 192.168.35.210
192.168.35.210 is alive

Working with Zones

Listing zones

  • List all installed zones
root@airlock:/[70] # zoneadm list -vc
  ID NAME             STATUS         PATH
   0 global           running        /
   1 mgt              running        /zone/mgt
   2 int              running        /zone/int
   3 auth             running        /zone/auth
   4 mgt_ext          running        /zone/mgt_ext
  14 ext              running        /zone/ext
root@airlock:/[71] #
  • List all installed zones
root@airlock:/[72] # zoneadm list
global
mgt
int
auth
mgt_ext
ext
root@airlock:/[73] #

Login to a zone

usage: zlogin [ -CES ] [ -e cmdchar ] [-l user] zonename [command [args ...] ]
root@airlock:/[74] # zlogin mgt
[Connected to zone 'mgt' pts/1]
Last login: Wed Dec 27 16:08:30 on pts/1
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
root@air-mgt_mgt:/[4] # exit
logout

[Connection to zone 'mgt' pts/1 closed]
root@airlock:/[75] #

Links

Most of this guide was copied from: Get in the Zone

Another nice Article about Solaris Zones: Solaris 10 Zones document written by Brendan Gregg

This entry was posted in Solaris. Bookmark the permalink.

2 Responses to Solaris 10 Zones

  1. Heinz says:

    Great summary of zones, thank you. The system you demonstrate it on, is that an actual Visonys Airlock? Must be quite an old one, not sure if it’s save to use in a productive environment any more. 🙂

    • fsormok says:

      Sure you’re right! It’s Airlock, and yes, it’s really old (~4 Years ago). The reason because this article has such a new date is because it was migrated from our old blog. As you my have noticed, most articles on this blog are quiet old, because of the same reason. But we are working on the new stuff 🙂

      BTW: This system wasn’t in production at any time. But it was a great platform for working and studying zones because they (have?) used them extensively. And it’s a great WAF if you spend some time in fine tuning your rule set.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.