Create Whole Root Solaris Zone

Description:  This procedure describes how to setup a full root Zone in Solaris 10 which does not use inherited packages.

Prerequisites:  Super user access

 Access to the global zone server
 Loopback files system not disabled (e.g. /etc/system).

Notes:  Loopback files system must be enabled. Some Solaris10 installation may have loopback file systems disabled in the
/etc/system file (e.g. 'exclude: lofs'). Make sure that this comment does not exist.
 There are three commands that are used to create and enable a zone. There are in this order:
o zonecfg - set up zone configuration.
o zoneadm - administer zones (install zone)
o zlogin - set up zone host parameters (using -C option)
 Creation of a Solaris Zone fall into two classes:
o inherited package zone
o self containted zone

A self-contain zone makes copies of the from the global zone of the /usr, /lib, /sbin and /platform directories.

 A self contain zone will require individual patch for OS updates and is independent of the Global Zone OS and patch
updates.
  There must be sufficient mounted disk space available pf approximately 3GB for creation of a self-contained zone

References:  Create Basic Solaris Zone

 Solaris Containers-Resource Management and Solaris Zones ( )

St
Action Description
ep
User zonecfg to configure
1 a Inherited Pacakage
Zone
Start the zonecfg command with a -z option followed by name of the zone that is to be created.

Zone names are case sensitive. Zone names must begin with an alphanumeric character and can contain
alphanumeric characters, the underscore (_) and the hyphen (-). The name global and all names beginning with
SUNW are reserved and cannot be used.
1a # zonecfg -z selfzone The prompt will change to zonecfg: selfzone> and issue a response to use the create option.
global# zonecfg -z selfzone
selfzone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:selfzone>
Use create parameter with the "b" option to begin the configuration of a new whole root zone.
global# zonecfg -z selfzone
selfzone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:selfzone> create -b
zonecfg:selfzone>
zonecfg:selfzone>
1b create -b Use of the "b" option creates a blank zone as compared to a sparse zone includes lof filesysrtems of the global zone
root. You can verify the it is indeed blank by peforming the info command
zonecfg:selfzone> info
zonename: selfzone
zonepath:
brand: native
autoboot: false
 bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
zonecfg:selfzone>
zonecfg:selfzone> set
zonepath=/zones/selfz
one
1c Use set zonepath command to set up the loopback filesystem for the zone that will be built on the global zone.
zonecfg:selfzone> set zonepath=/zones/home/selfzone
zonecfg:selfzone>
zonecfg:selfzone> set
autoboot=true

Use set autoboot= to set autoboot of the zone to either true or false.
1d zonecfg:selfzone> set autoboot=true
zonecfg:selfzone>
You can also set other parameters in this section such as limitpriv, scheduling-class, and ip-type. Set Setting Other Zone
Parameters. If not they will be set to the default.
zonecfg:selfzone> add
net
Setup the primary network by using the add net option. Set the interface ip address using the set
address=xxx.xxx.xxx.xxx/yyy where xxx.xxx.xxx.xxx is a valid ip address and yyy is the associated netmask
(e.g. 24 = 255.255.255.0). Next assign the physical interface using the set physical= and giving the name of a
physical interface. Finally defined a default router (e.g. defrouter=). Use end to complete the assignment of this
interface. Additional interface can be also defined at this point. Using the same physical device name for multiple
1e network interfaces will increment in order with a multiple plumb set (e.g. ie0:1, ie0:2, ie0:3).
zonecfg:selfzone> add net
zonecfg:selfzone:net> set address=192.168.3.41/24
zonecfg:selfzone:net> set physical=rtls0
zonecfg:selfzone:net> set defrouter=192.168.3.1
zonecfg:selfzone:net> end
zonecfg:selfzone>
 Display the configuration with the "info" option. Use "verify" to verify the current configuration has all of the
required properties and that a zonepath is specified. Use "commit" to move configuration from memory to
perminent storage. Use exit to complete the configuration and save it and exit the zonecfg command.
zonecfg:selfzone> info
zonepath: /export/home/selfzone
autoboot: true
pool:
limitpriv:
scheduling-class:
ip-type: shared
net:
address: 192.168.3.41
physical: rtls0
defrouter: 192.168.3.1
zonecfg:selfzone> verify
zonecfg:selfzone> commit
zonecfg:selfzone> zonecfg:selfzone> exit
1f commit
global#

Note:
"commit" also performs the verify function.
This configuration is saved in the /etc/zones directory as an xml file:
global# cat /etc/zones/selfzone.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE zone PUBLIC "-//Sun Microsystems Inc//DTD Zones//EN"
"file:///usr/share/lib/xml/dtd/zonecfg.dtd.1">
<!--
DO NOT EDIT THIS FILE. Use zonecfg(1M) instead.
-->
<zone name="selfzone" zonepath="/export/selfzone" autoboot="true">
<network address="192.168.3.41" physical="rtls0"/>
</zone>
global# /usr/sbin/zoneadm list -vc
 ID NAME STATUS PATH BRAND IP
0 global running / native shared
1 utility running /zones/utility native shared
2 rlogic running /zones/rlogic native shared
3 myzone running /zones/myzone native shared
- selfzone configured /export/selfzone native shared
global#
The index file in this directory also contains the entry:
global# cat /etc/zones/index
# ident "@(#)zones-index 1.3 05/06/08 SMI"
# Copyright 2005 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License"). You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
 #
# DO NOT EDIT: this file is automatically generated by zoneadm(1M)
# and zonecfg(1M). Any manual changes will be lost.
#
global:installed:/
rlogic:installed:/zones/rlogic
utility:installed:/zones/utility
myzone:installed:/zones/myzone
selfzone:configured:/export/home/selfzone
global#
Use zoneadm to verify
and install the new zone

Use zoneadm with the -z the zone name and the install option. This will generate an output showing the progress
as the file system is created and written.
global# zoneadm -z selfzone verify
WARNING: /export/home/selfzone does not exist, so it cannot be verified.
When 'zoneadm install' is run, 'install' will try to create
/export/home/selfzone, and 'verify' will be tried again,
but the 'verify' may fail if:
the parent directory of /export/home/selfzone is group- or other-writable
2 or
# zoneadm -z selfzone /export/home/selfzone overlaps with any other installed zones.
install global# zoneadm -z selfzone install
Preparing to install zone <selfzone>.
Creating list of files to copy from the global zone.
Copying <138878> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <1099> packages on the zone.
Initialized <1099> packages on zone.
Zone <selfzone> is initialized.
The file </export/home/selfzone/root/var/sadm/system/logs/install_log>
 contains a log of the zone installation.
global#

Notes:

Running the "zoneadm -z <zonename> verify" when the zone directory does not exist will issue the above
warniing message which is harmless in this case.
You may avoid the error message by creating the zonename directory and giving is a protection of 700.
Creation of a self contain zone to the zone directory the contents of /usr, /lib, /sbin and /platform directories of
the global zone. This typically is about 3gb of data.
If the <zonename> directory directory does not exist. It will be create with the right protection and ownership.

If the <zonename> directory directory does not exist. It will be create with the right protection and ownership.

After a zone is installed the index file in the /etc/zones will be updated.
global# pwd
/etc/zones
global# cat index
nd zonecfg(1M). Any manual changes will be lost.
....... ....... ........... .......... .........
....... ....... ........... .......... .........
global:installed:/
rlogic:installed:/zones/rlogic
utility:installed:/zones/utility
myzone:installed:/zones/myzone
selfzone:installed:/export/home/selfzone
global# /usr/sbin/zoneadm list -vi
ID NAME STATUS PATH BRAND IP
0 global running / native shared
1 utility running /zones/utility native shared
2 rlogic running /zones/rlogic native shared
3 myzone running /zones/myzone native shared
- selfzone installed /export/home/selfzone native shared
global#
 # zoneadm -z selfzone
boot
Boot the new zone by issuing zoneadm -z <zonename> boot.
global# zoneadm -z selfzone boot
global# /usr/sbin/zoneadm list -vi
ID NAME STATUS PATH BRAND IP
0 global running / native shared
1 utility running /zones/utility native shared
2 rlogic running /zones/rlogic native shared

3 3 myzone running /zones/myzone native shared

4 selfzone running /export/home/selfzone native shared
global#

Notes:

If for some reason the zone initiation fails or cannot be booted, you must uninstall the zone prior to
installing it again.

Use zoneadm -z <zonename> uninstall

Use zlogin to perform

initial setup up of new
zone
Use zlogin <zonename> -C to login to the new zone at its console.
This will take you through the normal configuration questions as it you had boot a new installation for the first
time.
You will be asked to set timezone, network and hostname.
4
global# zlogin -C selfzone
# zlogin -C selfzone [Connected to zone 'selfzone' console]
[NOTICE: Zone booting up]
SunOS Release 5.11 Version snv_23 64-bit
Copyright 1983-2005 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
Hostname: selfzone
Loading smf(5) service descriptions: 107/107

Select a Language
0. English
1. Czech Republic (ISO8859-2)
2. Czech Republic (UTF-8 + euro)
3. German
4. es
5. fr
6. Hungary (ISO8859-2)
7. Slovakia (ISO8859-2)
Please make a choice (0 - 7), or press h or ? for help:
..... ......... ........... ......... ........ .......
..... ......... ........... ......... ........ .......
..... ......... ........... ......... ........ .......
Using zlogin from the global zone is as if you had login from the console.
To exist this consol login and return to the global zone simply enter a tilda dot:
~.
This will return back to global zone.
selfzone console login: ~.
[Connection to zone 'selfzone' console closed]
gloabl#
 Use zoneadm list to show
status of current zone
# /usr/sbin/zoneadm
list -vi

On the global zone, use the zoneadm list -vi to show current status of the new zone
# /usr/sbin/zoneadm list -vi
5 ID NAME STATUS PATH BRAND IP
0 global running / native shared
1 rlogic running /zones/rlogic native shared
2 utility running /zones/utility native shared
3 myzone running /zones/myzone native shared
4 selfzone running /export/home/selfzone native shared
#