Solaris Virtualization: Using Zones
Solaris has the ability to do two types of Virtualization, if you are using SPARC hardware you can use Logical Domains, which has been re-branded as Oracle VM for SPARC. Or regardless of your architecture you can use Solaris Zones, which is really much more like Linux-VServer, OpenVZ, and Linux Containers (LXC) than a “full” hypervisor solution. Essentially you create a section of the file system on the host (in the case of ZFS a separate file system) and this is used by the “Zone” as the “root” or / and that is as far as the guest system can go. This is a very fast form of virtualization because it doesn’t really virtualize anything.
In this article I will be going over fairly vanilla configurations of zones. I will not be going into branded zones, which will allow you to run a different operating environment from the global zone. This article will be large enough to not need the additional complexity of those tasks. I will however have follow up articles as time permits, which will take deeper dives into this aspect of Solaris.
List Zones
By default we will only list running zones, also it is important to note that, a standard installation creates a “global” zone, this is the operating system that you are used to interacting with, all others are considered “non-global” zones (or just zones). The key thing to remember is that all non-global zones are part of the global zone, but the reverse is not true.
# zoneadm list
We can also use the following parameter to list only installed zones.
# zoneadm list -i
The final state that they can be in is configured, this means that the configuration exists but they may not be installed yet. This is the fullest list of zones.
# zoneadm list -c
Any of the above lists can be passed with a verbose parameter, this will give us the ID, Name, Status, Path, Brand, and IP.
# zoneadm list -v
List Specific Zone Configuration
# zonecfg -z testzone info
Zone Configuration
Here is a quick and dirty way to configure a new zone.
# zonecfg -z zone001 "create;set zonepath=/export/zones/zone001"
For more complex configurations you will need to enter the zonecfg prompt.
# zonecfg -z zone001 zone001: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:zone001> create create: Using system default template 'SYSdefault' zonecfg:zone001> set zonepath=/export/zones/zone001 zonecfg:zone001> add attr zonecfg:zone001:attr> set name=comment zonecfg:zone001:attr> set type=string zonecfg:zone001:attr> set value="this is a comment" zonecfg:zone001:attr> end zonecfg:zone001> add net zonecfg:zone001:net> set physical=zone001vnic0 zonecfg:zone001:net> end zonecfg:zone001> add dataset zonecfg:zone001:dataset> set name=rpool/zonedata zonecfg:zone001:dataset> end zonecfg:zone001> verify zonecfg:zone001> commit zonecfg:zone001> exit
At the end we performed a verify to look for any problems with out configuration. If we for example forgot to define a zonepath, then we would receive a notice similar to this…
zonepath cannot be empty. zone001: Required resource missing
This can be resolved by providing the missing zonepath.
Create Zone Dataset
The install process will create the ZFS dataset for the zonepath, however since we have defined an additional dataset then we must pre-create that dataset.
# zfs create rpool/zonedata
Create Virtual Networking Card
Solaris 11 using exclusive networking by default, meaning, one zone per device. This allows you to limit traffic to a particular zone. Additionally there is a shared-type which you will assign the zone to use the physical network card. When using the exclusive method we must create a vnic.
# dladm create-vnic -l net0 zone001vnic0
Installation of a Zone
When doing a default install it will use the IPS repositories from the host, so make sure that your host connectivity is worked out.
# zoneadm -z zone001 install Progress being logged to /var/log/zones/zoneadm.20120520T172618Z.zone001.install Image: Preparing at /export/zones/zone001/root. Install Log: /system/volatile/install.1980/install_log AI Manifest: /tmp/manifest.xml.zuaa2d SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml Zonename: zone001 Installation: Starting ... Creating IPS image Installing packages from: solaris origin: http://pkg.oracle.com/solaris/release/ DOWNLOAD PKGS FILES XFER (MB) Completed 167/167 32062/32062 175.8/175.8 PHASE ACTIONS Install Phase 44313/44313 PHASE ITEMS Package State Update Phase 167/167 Image State Update Phase 2/2 Installation: Succeeded Note: Man pages can be obtained by installing pkg:/system/manual done. Done: Installation completed in 668.825 seconds. Next Steps: Boot the zone, then log into the zone console (zlogin -C) to complete the configuration process. Log saved in non-global zone as /export/zones/zone001/root/var/log/zones/zoneadm.20120520T172618Z.zone001.install
Renaming a Zone
It is almost certain that you will at some point need to change the name of a zone.
zonecfg -z testzone "set zonename=newname'
Connect to the Console of the Zone
On first start up after install you will want to use two shells, and connect to the console from one first, then using the other shell, boot the zone.
zlogin -C zone001 [Connected to zone 'zone001' console] [NOTICE: Zone booting up]
After booting up you should see something like this…
System Configuration Tool System Configuration Tool enables you to specify the following configuration parameters for your newly-installed Oracle Solaris 11 system: - network, time zone, user and root accounts, name services System Configuration Tool produces an SMF profile file in /system/volatile/scit_profile.xml. How to navigate through this tool: - Use the function keys listed at the bottom of each screen to move from screen to screen and to perform other operations. - Use the up/down arrow keys to change the selection or to move between input fields. - If your keyboard does not have function keys, or they do not respond, press ESC; the legend at the bottom of the screen will change to show the ESC keys for navigation and other functions. F2_Continue F6_Help F9_Quit
Follow this through the initial setup. I set my computer name to zone001 to match the zone name, I also set the network connection to be configured Automatically. After the configuration is complete you should see something like this.
Exiting System Configuration Tool. Log is available at: /var/tmp/install/sysconfig.log Hostname: zone001 zone001 console login:
To disconnect we can use the ~. keystroke. That is tilde + period.
Start/Boot a Zone
zoneadm -z zone001 boot
Reboot a Zone
zoneadm -z zone001 reboot
Shutdown a Zone
zoneadm -z zone001 shutdown
Halt a Zone
This is a forced power off of the zone, equivalent to a power unplug.
zoneadm -z zone001 halt
UPDATE
December 30, 2012
One minor thing I have noticed, is that when connecting to a Solaris machine via ssh and then disconnecting from a zone console connection using the ~. (tilde and period) hot key you will actually disconnect not only from the console, but also from the SSH session on your machine. To avoid this second disconnection and only disconnect from the zone console session instead use the ~~. (tilde and tilde and period) hot key. This will leave your SSH session intact, and allow you to change between zone consoles.
UPDATE
January 2, 2012
When using the method outlined in my article “SSH Hop Through Multiple Hosts” and the ~~. hot key you will find that your SSH connection is still disconnected. For this use case simple append one more tilde. So if you are connecting from Machine A through Machine B to Machine C, then you will need ~~~. (tilde and tilde and tilde and period) or one for each machine (including the SSH client and server.
Great article. One tip – you can use -e to specify an escape sequence when connecting to the zone console with zlogin -C to save yourself some ~~~. pain
# zlogin -C -e ‘#.’
Then just use #. to jump out of the console.
Cheers,
Toki