Chapter 18 Planning and Configuring Non-Global Zones (Tasks)

This chapter describes what you need to do before you can configure a zone on your system. This chapter also describes how to configure a zone, modify a zone configuration, and delete a zone configuration from your system.

For an introduction to the zone configuration process, see Chapter 17, Non-Global Zone Configuration (Overview).

Planning and Configuring a Non-Global Zone (Task Map)

Before you set up your system to use zones, you must first collect information and make decisions about how to configure the zones. The following task map summarizes how to plan and configure a zone.

Evaluating the Current System Setup

Zones can be used on any machine that runs the Solaris 10 release. The following primary machine considerations are associated with the use of zones.

• The performance requirements of the applications running within each zone.

• The availability of disk space to hold the files that are unique within each zone.

Disk Space Requirements

There are no limits on how much disk space can be consumed by a zone. The global administrator is responsible for space restriction. The global administrator must ensure that local storage is sufficient to hold a non-global zone's root file system. Even a small uniprocessor system can support a number of zones running simultaneously.

The nature of the packages installed in the global zone affects the space requirements of the non-global zones that are created. The number of packages and space requirements are factors.

Sparse Root Zones

Non-global zones that have inherit-pkg-dir resources are called sparse root zones.

The sparse root zone model optimizes the sharing of objects in the following ways:

• Only a subset of the packages installed in the global zone are installed directly into the non-global zone.

• Read-only loopback file systems, identified as inherit-pkg-dir resources, are used to gain access to other files.

In this model, all packages appear to be installed in the non-global zone. Packages that do not deliver content into read-only loopback mount file systems are fully installed. There is no need to install content delivered into read-only loopback mounted file systems since that content is inherited (and visible) from the global zone.

• As a general guideline, a zone requires about 100 megabytes of free disk space per zone when the global zone has been installed with all of the standard Solaris packages.

• By default, any additional packages installed in the global zone also populate the non-global zones. The amount of disk space required might be increased accordingly, depending on whether the additional packages deliver files that reside in the inherit-pkg-dir resource space.

An additional 40 megabytes of RAM per zone are suggested, but not required on a machine with sufficient swap space.

Whole Root Zones

The whole root zone model provides the maximum configurability. All of the required and any selected optional Solaris packages are installed into the private file systems of the zone. The advantages of this model include the capability for global administrators to customize their zones file system layout. This would be done, for example, to add arbitrary unbundled or third-party packages.

The disk requirements for this model are determined by the disk space used by the packages currently installed in the global zone.

If you create a sparse root zone that contains the following inherit-pkg-dir directories, you must remove these directories from the non-global zone's configuration before the zone is installed to have a whole root zone:

• /lib

• /platform

• /sbin

• /usr

See How to Configure the Zone.

Restricting Zone Size

The following options can be used to restrict zone size:

• You can place the zone on a lofi-mounted partition. This action will limit the amount of space consumed by the zone to that of the file used by lofi. For more information, see the lofiadm(1M) and lofi(7D) man pages.

• You can use soft partitions to divide disk slices or logical volumes into partitions. You can use these partitions as zone roots, and thus limit per-zone disk consumption. The soft partition limit is 8192 partitions. For more information, see Chapter 12, Soft Partitions (Overview), in Solaris Volume Manager Administration Guide.

• You can use the standard partitions of a disk for zone roots, and thus limit per-zone disk consumption.

Determine the Zone Host Name and Obtain the Network Address

You must determine the host name for the zone. Then, you must assign an IPv4 address or manually configure and assign an IPv6 address for the zone if you want it to have network connectivity.

Zone Host Name

The host name you select for the zone must be defined either in the hosts database or in the /etc/inet/hosts database, as specified by the /etc/nsswitch.conf file in the global zone. The network databases are files that provide network configuration information. The nsswitch.conf file specifies which naming service to use.

If you use local files for the naming service, the hosts database is maintained in the /etc/inet/hosts file. The host names for zone network interfaces are resolved from the local hosts database in /etc/inet/hosts. Alternatively, the IP address itself can be specified directly when configuring a zone so that no host name resolution is required.

For more information, see TCP/IP Configuration Files in System Administration Guide: IP Services and Network Databases and the nsswitch.conf File in System Administration Guide: IP Services.

Shared-IP Zone Network Address

Each shared-IP zone that requires network connectivity has one or more unique IP addresses. Both IPv4 and IPv6 addresses are supported.

IPv4 Zone Network Address

If you are using IPv4, obtain an address and assign the address to the zone.

A prefix length can also be specified with the IP address. The format of this prefix is address/prefix-length, for example, 192.168.1.1/24. Thus, the address to use is 192.168.1.1 and the netmask to use is 255.255.255.0, or the mask where the first 24 bits are 1-bits.

IPv6 Zone Network Address

If you are using IPv6, you must manually configure the address. Typically, at least the following two types of addresses must be configured:

Link-local address

A link-local address is of the form fe80::64-bit interface ID/10. The /10 indicates a prefix length of 10 bits.

Address formed from a global prefix configured on the subnet

A global unicast address is based off a 64–bit prefix that the administrator configures for each subnet, and a 64-bit interface ID. The prefix can also be obtained by running the ifconfig command with the -a6 option on any system on the same subnet that has been configured to use IPv6.

The 64–bit interface ID is typically derived from a system's MAC address. For zones use, an alternate address that is unique can be derived from the global zone's IPv4 address as follows:

16 bits of zero:upper 16 bits of IPv4 address:lower 16 bits of IPv4 address:a zone-unique number

For example, if the global zone's IPv4 address is 192.168.200.10, a suitable link-local address for a non-global zone using a zone-unique number of 1 is fe80::c0a8:c80a:1/10. If the global prefix in use on that subnet is 2001:0db8:aabb:ccdd/64, a unique global unicast address for the same non-global zone is 2001:0db8:aabb:ccdd::c0a8:c80a:1/64. Note that you must specify a prefix length when configuring an IPv6 address.

For more information about link-local and global unicast addresses, see the inet6(7P) man page.

Exclusive-IP Zone Network Address

Inside an exclusive-IP zone, configure addresses as you do for the global zone. Note that DHCP and IPv6 stateless address autoconfiguration can be used to configure addresses.

See sysidcfg(4) for more information.

File System Configuration

You can specify a number of mounts to be performed when the virtual platform is set up. File systems that are loopback-mounted into a zone by using the loopback virtual file system (LOFS) virtual file system should be mounted with the nodevices option. For information on the nodevices option, see File Systems and Non-Global Zones.

LOFS lets you create a new virtual file system so that you can access files by using an alternative path name. In a non-global zone, a loopback mount makes the file system hierarchy look as though it is duplicated under the zone's root. In the zone, all files will be accessible with a path name that starts from the zone's root. LOFS mounting preserves the file system name space.

Figure 18–1 Loopback-Mounted File Systems

See the lofs(7S) man page for more information.

Creating, Revising, and Deleting Non-Global Zone Configurations (Task Map)

Configuring, Verifying, and Committing a Zone

You use the zonecfg command described in the zonecfg(1M) man page to perform the following actions.

• Create the zone configuration

• Verify that all required information is present

• Commit the non-global zone configuration

The zonecfg command can also be used to persistently specify the resource management settings for the global zone.

While configuring a zone with the zonecfg utility, you can use the revert subcommand to undo the setting for a resource. See How to Revert a Zone Configuration.

A script to configure multiple zones on your system is provided in Script to Configure Multiple Zones.

To display a non-global zone's configuration, see How to Display the Configuration of a Non-Global Zone.

How to Configure the Zone

Note that the only required elements to create a native non-global zone are the zonename and zonepath properties. Other resources and properties are optional. Some optional resources also require choices between alternatives, such as the decision to use either the dedicated-cpu resource or the capped-cpu resource. See Zone Configuration Data for information on available zonecfg properties and resources.

You must be the global administrator in the global zone to perform this procedure.

1. Become superuser, or assume the Primary Administrator role.

   To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

2. Set up a zone configuration with the zone name you have chosen.

   The name my-zone is used in this example procedure.

   global# zonecfg -z my-zone

   If this is the first time you have configured this zone, you will see the following system message:

   my-zone: No such zone configured Use 'create' to begin configuring a new zone.

3. Create the new zone configuration.

   This procedure uses the Sun default settings.

   zonecfg:my-zone> create

4. Set the zone path, /export/home/my-zone in this procedure.

   zonecfg:my-zone> set zonepath=/export/home/my-zone

   Do not place the zonepath on ZFS for releases prior to the Solaris 10 10/08 release.

5. Set the autoboot value.

   If set to true, the zone is automatically booted when the global zone is booted. Note that for the zones to autoboot, the zones service svc:/system/zones:default must also be enabled. The default value is false.

   zonecfg:my-zone> set autoboot=true

6. Set persistent boot arguments for a zone.

   zonecfg:my-zone> set bootargs="-m verbose"

7. Dedicate one CPU to this zone.

   zonecfg:my-zone> add dedicated-cpu

   1. Set the number of CPUs.

      zonecfg:my-zone:dedicated-cpu> set ncpus=1-2

   2. (Optional) Set the importance.

      zonecfg:my-zone:dedicated-cpu> set importance=10

      The default is 1.

   3. End the specification.

      zonecfg:my-zone:dedicated-cpu> end

8. Revise the default set of privileges.

   zonecfg:my-zone> set limitpriv="default,sys_time"

   This line adds the ability to set the system clock to the default set of privileges.

9. Set the scheduling class to FSS.

   zonecfg:my-zone> set scheduling-class=FSS

10. Add a memory cap.

    zonecfg:my-zone> add capped-memory

    1. Set the memory cap.

       zonecfg:my-zone:capped-memory> set physical=50m

    2. Set the swap memory cap.

       zonecfg:my-zone:capped-memory> set swap=100m

    3. Set the locked memory cap.

       zonecfg:my-zone:capped-memory> set locked=30m

    4. End the memory cap specification.

       zonecfg:my-zone:capped-memory> end

11. Add a file system.

    zonecfg:my-zone> add fs

    1. Set the mount point for the file system, /usr/local in this procedure.

       zonecfg:my-zone:fs> set dir=/usr/local

    2. Specify that /opt/zones/my-zone/local in the global zone is to be mounted as /usr/local in the zone being configured.

       zonecfg:my-zone:fs> set special=/opt/zones/my-zone/local

       In the non-global zone, the /usr/local file system will be readable and writable.

    3. Specify the file system type, lofs in this procedure.

       zonecfg:my-zone:fs> set type=lofs

       The type indicates how the kernel interacts with the file system.

    4. End the file system specification.

       zonecfg:my-zone:fs> end

    This step can be performed more than once to add more than one file system.

12. Add a ZFS dataset named sales in the storage pool tank.

    zonecfg:my-zone> add dataset

    1. Specify the path to the ZFS dataset sales.

       zonecfg:my-zone> set name=tank/sales

    2. End the dataset specification.

       zonecfg:my-zone> end

13. (Sparse Root Zone Only) Add a shared file system that is loopback-mounted from the global zone.

    Do not perform this step to create a whole root zone, which does not have any shared file systems. See the discussion for whole root zones in Disk Space Requirements.

    zonecfg:my-zone> add inherit-pkg-dir

    1. Specify that /opt/sfw in the global zone is to be mounted in read-only mode in the zone being configured.

       zonecfg:my-zone:inherit-pkg-dir> set dir=/opt/sfw

       ---

       Note –

       The zone's packaging database is updated to reflect the packages. These resources cannot be modified or removed after the zone has been installed using zoneadm.

       ---

    2. End the inherit-pkg-dir specification.

       zonecfg:my-zone:inherit-pkg-dir> end

    This step can be performed more than once to add more than one shared file system.

    ---

    Note –

    If you want to create a whole root zone but default shared file systems resources have been added by using inherit-pkg-dir, you must remove these default inherit-pkg-dir resources using zonecfg before you install the zone:

    • zonecfg:my-zone> remove inherit-pkg-dir dir=/lib

    • zonecfg:my-zone> remove inherit-pkg-dir dir=/platform

    • zonecfg:my-zone> remove inherit-pkg-dir dir=/sbin

    • zonecfg:my-zone> remove inherit-pkg-dir dir=/usr

    ---

14. (Optional) If you are creating an exclusive-IP zone, set the ip-type.

    zonecfg:my-zone> set ip-type=exclusive

    ---

    Note –

    Only the physical device type will be specified in the add net step.

    ---

15. Add a network interface.

    zonecfg:my-zone> add net

    1. (shared-IP only) Set the IP address for the network interface, 192.168.0.1 in this procedure.

       zonecfg:my-zone:net> set address=192.168.0.1

    2. Set the physical device type for the network interface, the hme device in this procedure.

       zonecfg:my-zone:net> set physical=hme0

    3. Solaris 10 10/08: (Optional, shared-IP only) Set the default router for the network interface, in this procedure.

       zonecfg:my-zone:net> set defrouter=10.0.0.1

    4. End the specification.

       zonecfg:my-zone:net> end

    This step can be performed more than once to add more than one network interface.

16. Add a device.

    zonecfg:my-zone> add device

    1. Set the device match, /dev/sound/* in this procedure.

       zonecfg:my-zone:device> set match=/dev/sound/*

    2. End the device specification.

       zonecfg:my-zone:device> end

    This step can be performed more than once to add more than one device.

17. Add a zone-wide resource control by using the property name.

    zonecfg:my-zone> set max-sem-ids=10485200

    This step can be performed more than once to add more than one resource control.

18. Add a comment by using the attr resource type.

    zonecfg:my-zone> add attr

    1. Set the name to comment.

       zonecfg:my-zone:attr> set name=comment

    2. Set the type to string.

       zonecfg:my-zone:attr> set type=string

    3. Set the value to a comment that describes the zone.

       zonecfg:my-zone:attr> set value="This is my work zone."

    4. End the attr resource type specification.

       zonecfg:my-zone:attr> end

19. Verify the zone configuration for the zone.

    zonecfg:my-zone> verify

20. Commit the zone configuration for the zone.

    zonecfg:my-zone> commit

21. Exit the zonecfg command.

    zonecfg:my-zone> exit

    Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.

Using Multiple Subcommands From the Command Line

The zonecfg command also supports multiple subcommands, quoted and separated by semicolons, from the same shell invocation.

global# zonecfg -z my-zone "create ; set zonepath=/export/home/my-zone"

Where to Go From Here

See Installing and Booting Zones to install your committed zone configuration.

Script to Configure Multiple Zones

You can use this script to configure and boot multiple zones on your system. The script takes the following parameters:

• The number of zones to be created

• The zonename prefix

• The directory to use as the base directory

You must be the global administrator in the global zone to execute the script. The global administrator has superuser privileges in the global zone or assumes the Primary Administrator role.

#!/bin/ksh
#
# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident	"%Z%%M%	%I%	%E% SMI"

if [[ -z "$1" || -z "$2" || -z "$3" ]]; then
		echo "usage: $0 <#-of-zones> <zonename-prefix> <basedir>"
		exit 2
fi

if [[ ! -d $3 ]]; then
		echo "$3 is not a directory"
		exit 1
fi

nprocs=`psrinfo | wc -l`
nzones=$1
prefix=$2
dir=$3

ip_addrs_per_if=`ndd /dev/ip ip_addrs_per_if`
if [ $ip_addrs_per_if -lt $nzones ]; then
		echo "ndd parameter ip_addrs_per_if is too low ($ip_addrs_per_if)"
		echo "set it higher with 'ndd -set /dev/ip ip_addrs_per_if <num>"
		exit 1
fi

i=1
while [ $i -le $nzones ]; do
	zoneadm -z $prefix$i list > /dev/null 2>&1
	if [ $? != 0 ]; then
		echo configuring $prefix$i
		F=$dir/$prefix$i.config
		rm -f $F
		echo "create" > $F
		echo "set zonepath=$dir/$prefix$i" >> $F
		zonecfg -z $prefix$i -f $dir/$prefix$i.config 2>&1 | \
		    sed 's/^/    /g' 
	else
		echo "skipping $prefix$i, already configured"
	fi
	i=`expr $i + 1`
done

i=1
while [ $i -le $nzones ]; do
	j=1
	while [ $j -le $nprocs ]; do
		if [ $i -le $nzones ]; then
			if [ `zoneadm -z $prefix$i list -p | \
			    cut -d':' -f 3` != "configured" ]; then
				echo "skipping $prefix$i, already installed"
			else
				echo installing $prefix$i
				mkdir -pm 0700 $dir/$prefix$i
				chmod 700 $dir/$prefix$i
				zoneadm -z $prefix$i install > /dev/null 2>&1 &
				sleep 1	# spread things out just a tad
			fi
		fi
		i=`expr $i + 1`
		j=`expr $j + 1`
	done
	wait
done

i=1
while [ $i -le $nzones ]; do
	echo setting up sysid for $prefix$i
	cfg=$dir/$prefix$i/root/etc/sysidcfg
	rm -f $cfg
	echo "network_interface=NONE {hostname=$prefix$i}" > $cfg
	echo "system_locale=C" >> $cfg
	echo "terminal=xterms" >> $cfg
	echo "security_policy=NONE" >> $cfg
	echo "name_service=NONE" >> $cfg
	echo "timezone=US/Pacific" >> $cfg
	echo "root_password=Qexr7Y/wzkSbc" >> $cfg  # 'l1a'
	i=`expr $i + 1`
done

i=1
para=`expr $nprocs \* 2`
while [ $i -le $nzones ]; do
	date
	j=1
	while [ $j -le $para ]; do
		if [ $i -le $nzones ]; then
			echo booting $prefix$i
			zoneadm -z $prefix$i boot &
		fi
		j=`expr $j + 1`
		i=`expr $i + 1`
	done
	wait
done

How to Display the Configuration of a Non-Global Zone

You must be the global administrator in the global zone to perform this procedure.

1. Become superuser, or assume the Primary Administrator role.

   To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

2. Display the configuration of a zone.

   global# zonecfg -z zonename info

Using the zonecfg Command to Modify a Zone Configuration

You can also use the zonecfg command to do the following:

• Modify a resource type in a zone configuration

• Clear a property value in a zone configuration

• Add a dedicated device to a zone

How to Modify a Resource Type in a Zone Configuration

You can select a resource type and modify the specification for that resource.

Note that the contents of software packages in the inherit-pkg-dir directory cannot be modified or removed after the zone has been installed with zoneadm.

You must be the global administrator in the global zone to perform this procedure.

1. Become superuser, or assume the Primary Administrator role.

   To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

2. Select the zone to be modified, my-zone in this procedure.

   global# zonecfg -z my-zone

3. Select the resource type to be changed, for example, a resource control.

   zonecfg:my-zone> select rctl name=zone.cpu-shares

4. Remove the current value.

   zonecfg:my-zone:rctl> remove value (priv=privileged,limit=20,action=none)

5. Add the new value.

   zonecfg:my-zone:rctl> add value (priv=privileged,limit=10,action=none)

6. End the revised rctl specification.

   zonecfg:my-zone:rctl> end

7. Commit the zone configuration for the zone.

   zonecfg:my-zone> commit

8. Exit the zonecfg command.

   zonecfg:my-zone> exit

   Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.

   Committed changes made through zonecfg take effect the next time the zone is booted.

Solaris 10 8/07: How to Clear a Property Type in a Zone Configuration

Use this procedure to reset a standalone property.

1. Become superuser, or assume the Primary Administrator role.

   To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

2. Select the zone to be modified, my-zone in this procedure.

   global# zonecfg -z my-zone

3. Clear the property to be changed, the existing pool association in this procedure.

   zonecfg:my-zone> clear pool

4. Commit the zone configuration for the zone.

   zonecfg:my-zone> commit

5. Exit the zonecfg command.

   zonecfg:my-zone> exit

   Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.

   Committed changes made through zonecfg take effect the next time the zone is booted.

Solaris 10 3/05 Through Solaris 10 11/06: How to Modify a Property Type in a Zone Configuration

Use this procedure to reset a standalone property that does not have related properties to configure. For example, to remove the existing pool association, you can reset the pool resource to null.

1. Become superuser, or assume the Primary Administrator role.

   To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

2. Select the zone to be modified, my-zone in this procedure.

   global# zonecfg -z my-zone

3. Reset the property to be changed, the existing pool association in this procedure.

   zonecfg:my-zone> set pool=""

4. Commit the zone configuration for the zone.

   zonecfg:my-zone> commit

5. Exit the zonecfg command.

   zonecfg:my-zone> exit

   Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.

   Committed changes made through zonecfg take effect the next time the zone is booted.

Solaris 10 8/07: How to Rename a Zone

This procedure can be used to rename zones that are in either the configured state or the installed state.

You must be the global administrator in the global zone to perform this procedure.

1. Become superuser, or assume the Primary Administrator role.

   To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

2. Select the zone to be renamed, my-zone in this procedure.

   global# zonecfg -z my-zone

3. Change the name of the zone, for example, to newzone.

   zonecfg:my-zone> set zonename=newzone

4. Commit the change.

   zonecfg:newzone> commit

5. Exit the zonecfg command.

   zonecfg:newzone> exit

   Committed changes made through zonecfg take effect the next time the zone is booted.

How to Add a Dedicated Device to a Zone

The following specification places a scanning device in a non-global zone configuration.

You must be the global administrator in the global zone to perform this procedure.

1. Become superuser, or assume the Primary Administrator role.

   To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

2. Add a device.

   zonecfg:my-zone> add device

3. Set the device match, /dev/scsi/scanner/c3t4* in this procedure.

   zonecfg:my-zone:device> set match=/dev/scsi/scanner/c3t4*

4. End the device specification.

   zonecfg:my-zone:device> end

5. Exit the zonecfg command.

   zonecfg:my-zone> exit

How to Set zone.cpu-shares in the Global Zone

This procedure is used to persistently set shares in the global zone.

You must be the global administrator in the global zone to perform this procedure.

1. Become superuser, or assume the Primary Administrator role.

   To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

2. Use the zonecfg command .

   # zonecfg -z global

3. Set five shares for the global zone.

   zonecfg:global> set cpu-shares=5

4. Exit zonecfg.

   zonecfg:global> exit

Using the zonecfg Command to Revert or Remove a Zone Configuration

Use the zonecfg command described in zonecfg(1M) to revert a zone's configuration or to delete a zone configuration.

How to Revert a Zone Configuration

While configuring a zone with the zonecfg utility, use the revert subcommand to undo a resource setting made to the zone configuration.

You must be the global administrator in the global zone to perform this procedure.

1. Become superuser, or assume the Primary Administrator role.

   To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

2. While configuring a zone called tmp-zone, type info to view your configuration:

   zonecfg:tmp-zone> info

   The net resource segment of the configuration displays as follows:

   . . . fs: dir: /tmp special: swap type: tmpfs net: address: 192.168.0.1 physical: eri0 device match: /dev/pts/* . . .

3. Remove the net address:

   zonecfg:tmp-zone> remove net address=192.168.0.1

4. Verify that the net entry has been removed.

   zonecfg:tmp-zone> info

   . . . fs: dir: /tmp special: swap type: tmpfs device match: /dev/pts/* . . .

5. Type revert.

   zonecfg:tmp-zone> revert

6. Answer yes to the following question:

   Are you sure you want to revert (y/[n])? y

7. Verify that the net address is once again present:

   zonecfg:tmp-zone> info

   . . . fs: dir: /tmp special: swap type: tmpfs net: address: 192.168.0.1 physical: eri0 device match: /dev/pts/* . . .

How to Delete a Zone Configuration

Use zonecfg with the delete subcommand to delete a zone configuration from the system.

You must be the global administrator in the global zone to perform this procedure.

1. Become superuser, or assume the Primary Administrator role.

   To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration.

2. Delete the zone configuration for the zone a-zone by using one of the following two methods:

   • Use the -F option to force the action:

     global# zonecfg -z a-zone delete -F

   • Delete the zone interactively by answering yes to the system prompt:

     global# zonecfg -z a-zone delete Are you sure you want to delete zone a-zone (y/[n])? y