Solaris Zones

Hang on, let's go!

\* So what is a Solaris \*\*Zone\*\* ?

A "Zone" is  what you can imagine as a virtual machine. You can install
another Solaris operating system into and from the same host. It means
that the main operating system, named \*\*"Global Zone"\*\* will host one or
more OSes. You can see it like if the main OS is the father of many
children. But each child process are and behave like if they were
installed on a different host. The Global Zone has access to the hosted
(runned) zones but the zones themselves have no access to the host
(Global Zone).

Remember Vmware ? it's a true \*\*virtual\*\* computer, ok ? Well, Solaris 10
provide you "almost" the same thing but the differences are big!  Both
have one same main host.

You can launch or reboot any zones without rebooting the main OS
(Global Zone). Each of them will have a different IP address but
can/will use the network hardware interface you want.

So you can launch Apache from a single zone or in each zones you run.
Also you can run a zone with a different patches level than the Global
Zone has. From the \*\*Global Zone\*\*, you can "ssh" to one of the zones or
remote serial login in.

It's wonderful, many things are possible.

\* How to set it ? Prerequisites

The zone will use the files from the Global Zone... Understand ? it means you don't need a big file system. That's very useful.

So what you need are :

  2 hours of time (it depends of your machine, of course! Mine was the U10 with latest OBP release)
  300 Mb of RAM, at least,
  A Solaris 10 "already" installed OS.  (SPARC/X86-X64),
  The disk size is not very important (as it's virtual, it does not really consume the FS space),
  A free IP address (if the network is needed),
For our test, I used an ULTRA 10 Sparc computer, so the 1st real network interface is named : "hme0"
Take care to use a free IP address. I prefered to use an IP address which is on the same subnet. Also
note that by using "hme0" this IP address will be binded to the real hme0 (from the Global Zone : At the end of the document, you can see my ifconfig output from the main OS)

\* Let's start :

1 ) To check the available \*\*zones\*\*

#zoneadm list -vc
ID NAME             STATUS         PATH
   0 global           running        /

2 ) Create a folder

mkdir /my_zone1
chmod 700 /my_zone1

3 ) Create the new zone

Let's name it as "my_zone1", also we will use it for its hostname

(from the shell)

#zonecfg -z my_zone1
my_zone1: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:my_zone1> create
zonecfg:my_zone1> set zonepath=/my_zone1
zonecfg:my_zone1> set autoboot=true
zonecfg:my_zone1> add net
zonecfg:my_zone1:net> set address=
zonecfg:my_zone1:net> set physical=hme1
zonecfg:my_zone1:net> end
zonecfg:my_zone1> info
zonepath: /my_zone1
autoboot: true
        dir: /lib
        dir: /platform
        dir: /sbin
        dir: /usr
        physical: hme0
zonecfg:my_zone1> verify
zonecfg:my_zone1> commit
zonecfg:my_zone1> \^D   (yes a CTRL+D !)

OK so we are back to our shell. We are still at the first stage.

4 ) Let's check

#zoneadm -z my_zone1 verify     (it will check your settings)
#zoneadm list -civ         (it will check the zone status)
#zonecfg -z my_zone1 info

5 ) Let's boot it and \*\*finish\*\* the installation.

#zoneadm -z my_zone1 boot     ("boot" is the parameter)
#zlogin -C my_zone1         (the serial login command so you can interact)

At this step, you'll see the OS booting : You have to finish the \*\*instalation\*\* ;
It will just ask you the basic questions you already known : IP address (again), hostname, name services...
until the final reboot. The IP address must be the same you've set while using "zonecfg".

Thanks to zlogin, you are still connected, so you see your "virtual" OS rebooting, then you can login in and
create a new user account, so later you can use telnet or ssh commands.
Yes, you can \*\*ping\*\* it from the Global Zone or from any other computer within your LAN.

6 ) Some useful commands and tips

Boot the zone :
#zoneadm -z my_zone1 boot

Reboot the zone OS :  
#zoneadm -z my_zone1 reboot

Serial login to your zone :
#zlogin -C my_zone1
(under JDS, select "xterm" as console)
(under CDE, select "dtterm" as console)
TIP : this applies only for the use of zlogin at this step. Using telnet, you'll just have to set the correct "TERM" value regarding the console you use.

From the serial console, how to go back to your shell?
Using :    ~.

To check what is doing the "zoneadmd" deamon :
#ps -fea | grep zoneadmd

Don't forget by default you can't use the "root" user to connect to any zone using ssh nor telnet.
So the use of "zlogin" is very useful for the first time.

Later, regarding your architecture, the console or terminal you usually use, you'll have to find the correct
TERM value. eg, if you initiate a telnet from a CDE desktop, you'll probably have to try TERM=dtterm even
if you used a gnome-terminal to launch the telnet command !

Hey look, from the Global Zone, you can see my \*\*ifconfig\*\* output :

#ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        zone my_data1
        inet netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet netmask ffffff00 broadcast
        ether 8:0:20:d1:2c:9b
hme0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        zone my_data1
        inet netmask ffffff00 broadcast

On \*\*another\*\* Sparc U10, I have installed \*\*3\*\* zones. Look, it's very easy. Mine has 512MB of RAM and 8GB disk drive. With the 3 Zones running at the same time, the computer is still ok to be used. Yes, you have access to 4 instances of Solaris!
I let you imagine what you can do (eg. one will run Apache, another Mysql, and the rest could be used as Os backups).

#zoneadm list -vc
  ID NAME             STATUS         PATH
   0 global           running        /
   7 data3            running        /data3
   8 data1            running        /data1
   9 data2            running        /data2

By the way, have a look to your Global Zone process. You'll see that a deamon
named \*\*"zoneadmd"\*\* is running. This \*\*IS\*\* the process that will manage the zone.
You'll see one deamon per zones.

Zone is much more powerful : you can share the CPU time between the zone so it means, you can manage it.

Also you can share some "mounting points" from the Global Zone to be used within your zones.
For example, the /mnt mount point from your main OS (your Global Zone) can be published to be "zone aware", which means that /mnt will be binded and accessible from and within your zone.

\* Feel free to comment this article, I will improve it soon.

Enjoy :=)


<hr> <center>This is a bit old .. but ..</center> <hr> <big>H</big>ere is an article with the same steps from way back when Zones were released in Solaris 10 Express :


Posted by Dennis Clarke on February 01, 2007 at 04:08 PM CET #

Nice concise article. Couple of questions: - Don't you need to first "install" the zone before booting it. In step 5 you're booting it immediately after configuring it. - In step 3 you set IP address and physical to one value, but get different values when you run the "info" command. Is this a bug. - I'm using Solaris express build 72 under x86. Do you know what I should select for console in my case (i.e., xterm, dtterm etc.). I'm using the application "gnome-terminal" as my window terminal. I tried "xterm" but this doesn't seem to be the right choice...I get weird colors, and then anything I type is not correctly interpreted. I'm stuck at this point. Thanks! ChrisK

Posted by ChrisK on February 01, 2007 at 04:08 PM CET #

[Trackback] On Jimmy Andriambao's Weblog : Weblog there is a good intro to setting up a zone.

Posted by 42 on February 01, 2007 at 04:08 PM CET #

Hi, Thanks for the comments. I am actually doing the Solaris 10 Training in Madrid (Spain), in a SunED building. That's an amazing OS! Hey, is a very nice website. Very useful !!! (packages, tips and more)

Posted by jim on February 01, 2007 at 04:08 PM CET #

ChrisK, Thanks for the comments. I have fixed the document and I added more things. For your problem, I think you can try TERM=dtterm Regards,

Posted by jim on February 01, 2007 at 04:08 PM CET #

Hi there,

I want to run the SunRay s/w on one machine that will assign users to zones. Below is an example:

EG A user called PreSales1 puts his SmartCard into the SunRay and is assigned to a zone named presales-server.
After he has finished using the terminal he removes his smartcard and leaves.

Later user JohnAccountant inserts his smartcard. He is displayed the dtlogin prompt. He logs in as JohnAccountant and finds himself in the zone called AccountServer2.

Regards, z.

PS. The verb 'to bind' past participle is 'bound', and not 'binded' as you wrote.

Posted by zii on February 01, 2007 at 04:08 PM CET #

Post a Comment:
Comments are closed for this entry.

Principal Systems Technologist Engineer for Oracle Global IT. Sun Microsystems software and hardware specialist. I am based in Spain but currently manage projects and systems around the world. I am very often involved to mentor the new engineers joining the forces of Oracle. I come from the Linux sysadmin world... and will be definitively thankfulness for all the great things I've been learning the past 15 years...


« July 2016