Solaris ZFS and Zones: Simple Example

The following is a simple example of creating a ZFS filesystem and using it to hold a newly-created Solaris Zone (Solaris Container). Zones are in Solaris 10 now. ZFS is a new filesystem in OpenSolaris that allows for large, more reliable filesystems. Tke three key advantages are:

  • Simple administration
  • Data integrity (64-bit checksums on data)
  • Large capacity format for future growth (2\*\*128 512-byte block files). That's 256 quadrillion zettabytes.
Other features are:
  • Filesystems built on virtual storage "pools"
  • Copy-on-write removes need for recovery (no fsck)
  • Dynamic striping and multiple block sizes optimizes throughput (512 to 128K)
  • Optional compression
  • No modifications needed for apps

ZFS software is in packages SUNWzfsr and SUNWzfsu.

Create a ZFS Pool

First, you need a virtual device for ZFS. Normally this would be raw disk (or raw disk slice, if you prefer). However, for testing/demonstration, I'll create a regular file (this takes a few minutes):

# mkfile 5g /virtualDeviceForZFS

Now I create a "ZFS Storage Pool" for one or more ZFS filesystems:

# zpool create poolForZones /virtualDeviceForZFS
# zpool list
NAME                    SIZE    USED   AVAIL    CAP  HEALTH     ALTROOT
poolForZones           4.97G   32.5K   4.97G     0%  ONLINE

To create a mirrored-pool use the keyword "pool" and specify two virtual devices.

Create a ZFS Filesystem

Now, I'll create a ZFS filesystem using the ZFS pool I just created:

# zfs create poolForZones/twilightZone
# zfs set mountpoint=/twilightZone poolForZones/twilightZone
# zpool status -z
  pool: poolForZones
 state: ONLINE
 scrub: none requested

        NAME                    STATE     READ WRITE CKSUM
        poolForZones            ONLINE       0     0     0
          /virtualDeviceForZFS  ONLINE       0     0     0

# mount |grep twilightZone
/twilightZone on poolForZones/twilightZone read/write/setuid/devices/exec/atime/dev=3f50004 on Mon Nov 14 12:34:37 2005
# df -k /twilightZone
Filesystem            kbytes    used   avail capacity  Mounted on
                     5169408       8 5169341     1%    /twilightZone
# ls -l /twilightZone
total 0

Note that /twilightZone is not in /etc/vfstab. Mounting is done automatically at boot time by ZFS:

# grep /twilightZone /etc/vfstab

If you want to allow the filesystem to be managed inside the zone, use the zfs zoned=on option when creating or modifying the filesystem.

Create a Solaris Zone

Use zonecfg to setup your zone:

# zonecfg -z twilightZone
twilightZone: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:twilightZone> create
zonecfg:twilightZone> set zonepath=/twilightZone
zonecfg:twilightZone> set autoboot=true
zonecfg:twilightZone> add net
zonecfg:twilightZone:net> set address=
zonecfg:twilightZone:net> set physical=ce0
zonecfg:twilightZone:net> end
zonecfg:twilightZone> verify
zonecfg:twilightZone> commit
zonecfg:twilightZone> exit

Install a Solaris Zone

Now install packages to your Solaris Zone:

# zoneadm -z twilightZone install
/twilightZone must not be group readable.
/twilightZone must not be group executable.
/twilightZone must not be world readable.
/twilightZone must not be world executable.
could not verify zonepath /twilightZone because of the above errors.
zoneadm: zone twilightZone failed to verify

Ooops. We need to set proper permissions. The directory must not be world or group read, write, or execute:

# ls -ld /twilightZone
drwxr-xr-x   2 root     sys            2 Nov 14 12:34 /twilightZone
# chmod go-rxw /twilightZone
# ls -ld /twilightZone
drwx------   2 root     sys            2 Nov 14 12:34 /twilightZone

Try install with zoneadm again.  This takes several minutes:

# zoneadm -z twilightZone install
Preparing to install zone <twilightZone>.
Creating list of files to copy from the global zone.
Copying <2808> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <946> packages on the zone.
Initializing package <252> of <946>: percent complete: 26%
. . .
Initialized <946> packages on zone.
Zone <twilightZone> is initialized.
The file </twilightZone/root/var/sadm/system/logs/install_log> contains a log of the zone installation.

Later, if you wish to halt, uninstall, or delete a zone, use these commands, respectively:

zoneadm -z twilightZone halt
zoneadm -z twilightZone uninstall
zonecfg -z twilightZone delete

By default zonecfg creates a "sparse" zone--that is read-only files are shared from the "global" zone. This saves a lot of space as shown below: only 68 MB is used (as opposed to the 4GB or so for the global zone):

# df -k /twilightZone
Filesystem            kbytes    used   avail capacity  Mounted on
                     5169408   68508 5100754     2%    /twilightZone

If a "sparse" zone isn't desired, use "create -b" instead of "create" in zonecfg above. This prevents the new zone from "inheriting" packages from the global zone. This is called a "whole root" configuration.

The zone has been created, but it won't show up until after the initial boot:

# zoneadm list -v
  ID NAME             STATUS         PATH
   0 global           running        /

Boot and Configure a Solaris Zone

Lets boot the zone and login to the console with zoneadm and zlogin. The initial boot prompts for basic configuration information (language, locale, terminal, hostname, name service, time zone, and root password):

# zoneadm -z twilightZone boot
# zlogin -C twilightZone
[Connected to zone 'twilightZone' console]
Loading smf(5) service descriptions:   1/108
. . .
twilightZone2 console login: root
. . .

Use "~." to disconnect from the console.

More Info

Technorati Tags: ZFS Zones Solaris OpenSolaris

<script type="text/javascript" src=""></script>
<script src=""></script>

You have:
zonecfg -z twilightZone halt
zonecfg -z twilightZone uninstall
zonecfg -z twilightZone delete
I think you mean:
zoneadm -z twilightZone halt
zoneadm -z twilightZone uninstall
zonecfg -z twilightZone delete
The latter is what works for me on snv_60.

Posted by Nigel Smith on May 04, 2007 at 06:21 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed

Solaris Verified Boot, cryptography, and security.


« June 2016