Chapter 4 Configuring a Solaris9 Zone

This chapter discusses configuring the Solaris9 branded zone.

Preconfiguration Tasks

You will need the following:

• A SPARC based system running Solaris 10 8/07 or later update release. All SPARC systems capable of running Solaris 10 are supported.

• For zones that require network connectivity, you will need to provide the following information when you create the zone configuration.

  • For a shared-IP zone, you will need one or more unique IPv4 addresses for each zone you want to create. You must also specify the physical interface.

  • For an exclusive-IP zone, you must set the ip-type property to exclusive. You must also assign a data-link using the physical property of the net resource. The zone requires exclusive access to one or more network interfaces. The interface could be a separate LAN such as bge1, or a separate VLAN such as bge2000. The data-link must be of the GLDv3 type. For more information on GLDv3 interfaces, see Solaris OS Interface Types in System Administration Guide: IP Services. Note that the address property of the net resource is not set in an exclusive-IP zone.

    ---

    Note –

    Exclusive-IP zones are a new feature in the Solaris 10 8/07 release. If you are not familiar with this feature, see the System Administration Guide: Solaris Containers-Resource Management and Solaris Zones for more information.

    ---

• (Optional) A SPARC based machine running the Solaris 9 operating system that you want to migrate into a solaris9 container. You can generate your own images from existing systems. The process is described in Creating the Image for Directly Migrating Solaris 9 Systems Into Zones.

  A sample Solaris 9 based image that can be used to create a solaris9 container is also available. See Step 5 of Installing the Solaris 9 Containers 1.0.1 Software on the Solaris 10 Host System.

solaris9 Branded Zone Configuration Process

The zonecfg command is used to do the following:

• Set the brand for the zone.

• Create the configuration for the solaris9 zone. Refer to the information you gathered in Assess the Solaris 9 System.

• Verify the configuration to determine whether the specified resources and properties are allowed and internally consistent on a hypothetical SPARC based system.

• Perform a brand-specific verification. The verification ensures that the zone does not have any inherited package directories or ZFS datasets.

The check performed by the zonecfg verify command for a given configuration verifies the following:

• Ensures that a zone path is specified

• Ensures that all of the required properties for each resource are specified

• Ensures that brand requirements are met

For more information about the zonecfg command, see the zonecfg(1M) man page.

Resources Included in the Configuration by Default

File Systems Defined in solaris9 Branded Zones

The file systems that are required for a branded zone are defined in the brand. You can add additional Solaris file systems to a solaris9 branded zone by using the fs resource property.

Privileges Defined in solaris9 Branded Zones

Processes are restricted to a subset of privileges. Privilege restriction prevents a zone from performing operations that might affect other zones. The set of privileges limits the capabilities of privileged users within the zone.

Default, required default, optional, and prohibited privileges are defined by each brand. You can also add or remove certain privileges by using the limitpriv property. See Privileges in a Non-Global Zone in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones for information on Solaris privileges with respect to zones.

For more information about privileges, see the ppriv(1) man page and System Administration Guide: Security Services.

Configure the solaris9 Zone

You must be the global administrator in the global zone to perform these procedures.

How to Configure a solaris9 Branded Zone

Use the zonecfg command to create an s9 zone.

You must be the global administrator in the global zone to perform this procedure.

The zonecfg prompt is of the following form:

zonecfg:zonename>

When you are configuring a specific resource type, such as a file system, that resource type is also included in the prompt:

zonecfg:zonename:fs>

Resource controls are set to the Solaris 9 defaults. Review these settings to see whether they should be adjusted.

If you know you will be using CDs or DVDs to install applications in a solaris9 branded zone, use add fs to add read-only access to CD or DVD media in the global zone when you initially configure the branded zone. A CD or DVD can then be used to install a product in the branded zone. See How to Add Access to CD or DVD Media in a Non-Global Zone in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones for more information.

This procedure describes configuring a shared-IP zone. To configure an exclusive-IP zone, see Resource Type Properties in System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.

1. Become superuser, or assume the Primary Administrator role.

2. Set up a shared-IP zone configuration with the zone name you have chosen.

   The name s9-zone is used in this example procedure.

   global# zonecfg -z s9-zone

   If this is the first time you have configured this zone, you will see the following system message:

   s9-zone: No such zone configured Use 'create' to begin configuring a new zone.

3. Create the new solaris9 zone configuration by using the SUNWsolaris9 template.

   zonecfg:s9-zone> create -t SUNWsolaris9

4. Set the zone path, /export/home/s9-zone in this procedure.

   zonecfg:s9-zone> set zonepath=/export/home/s9-zone

5. Set the autoboot value.

   If set to true, the zone is automatically booted when the global zone is booted. Note that for the zones to autoboot, the zones service svc:/system/zones:default must also be enabled. The default value is false.

   zonecfg:s9-zone> set autoboot=true

6. Add a network virtual interface.

   zonecfg:s9-zone> add net

   1. Set the IP address. In this procedure, 10.6.10.233 is used.

      zonecfg:s9-zone:net> set address=10.6.10.233

   2. Set the physical device type for the network interface, the bge device in this procedure.

      zonecfg:s9-zone:net> set physical=bge0

   3. End the specification.

      zonecfg:s9-zone:net> end

   This step can be performed more than once to add more than one network interface.

7. Add a ZFS file system shared with the global zone.

   zonecfg:s9-zone> add fs

   1. Set the type to zfs.

      zonecfg:s9-zone:fs> set type=zfs

   2. Set the directory to mount from the global zone.

      zonecfg:s9-zone:fs> set special=share/zone/s9-zone

   3. Specify the mount point.

      zonecfg:s9-zone:fs> set dir=/export/shared

   4. End the specification.

      zonecfg:s9-zone:fs> end

   This step can be performed more than once to add more than one file system.

8. (Optional) Set the hostid to be the hostid of the source system.

   zonecfg:s9-zone> add attr

   1. Set the attribute name to hostid.

      zonecfg:s9-zone:attr> set name=hostid

   2. Set the type to string.

      zonecfg:s9-zone:attr> set type=string

   3. Set the value to the hostid.

      zonecfg:s9-zone:attr> set value=8325f14d

   4. End the specification.

      zonecfg:s9-zone:attr> end

9. (Optional) Set the machine name returned by uname to always be sun4u.

   zonecfg:s9-zone> add attr

   1. Set the attribute name to machine.

      zonecfg:s9-zone:attr> set name=machine

   2. Set the type to string.

      zonecfg:s9-zone:attr> set type=string

   3. Set the value to sun4u.

      zonecfg:s9-zone:attr> set value=sun4u

   4. End the specification.

      zonecfg:s9-zone:attr> end

10. Verify the zone configuration for the zone.

    zonecfg:s9-zone> verify

11. Commit the zone configuration for the zone.

    zonecfg:s9-zone> commit

12. Exit the zonecfg command.

    zonecfg:s9-zone> exit

    Note that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.

13. Use the info subcommand to check that the brand is set to solaris9.

    global# zonecfg -z s9-zone info

14. (Optional) Use the info subcommand to check the hostid:

    global# zonecfg -z s9-zone info attr

Next Steps

After you have configured the branded zone, it is a good idea to make a copy of the zone's configuration. You can use this backup to restore the zone in the future. As superuser or Primary Administrator, print the configuration for the zone s9-zone to a file. This example uses a file named s9-zone.config.

global# zonecfg -z s9-zone export > s9-zone.config

See Also

For additional components that can be configured using zonecfg, see System Administration Guide: Solaris Containers-Resource Management and Solaris Zones. The guide also provides information on using the zonecfg command in either command-line or command-file mode. For more information about adding ZFS file systems, see Adding ZFS File Systems to a Non-Global Zone in Solaris ZFS Administration Guide