Solaris Virtualization: Using Zones

Solaris Virtualization: Using Zones

Solaris has the ability to do two types of Virtualization, if you are using SPARC hardware you can use Logical Domains, which has been re-branded as Oracle VM for SPARC.  Or regardless of your architecture you can use Solaris Zones, which is really much more like Linux-VServer, OpenVZ, and Linux Containers (LXC) than a “full” hypervisor solution.  Essentially you create a section of the file system on the host (in the case of ZFS a separate file system) and this is used by the “Zone” as the “root” or / and that is as far as the guest system can go.  This is a very fast form of virtualization because it doesn’t really virtualize anything.

In this article I will be going over fairly vanilla configurations of zones.  I will not be going into branded zones, which will allow you to run a different operating environment from the global zone.  This article will be large enough to not need the additional complexity of those tasks.  I will however have follow up articles as time permits, which will take deeper dives into this aspect of Solaris.

List Zones

By default we will only list running zones, also it is important to note that, a standard installation creates a “global” zone, this is the operating system that you are used to interacting with, all others are considered “non-global” zones (or just zones).  The key thing to remember is that all non-global zones are part of the global zone, but the reverse is not true.

# zoneadm list

We can also use the following parameter to list only installed zones.

# zoneadm list -i

The final state that they can be in is configured, this means that the configuration exists but they may not be installed yet.  This is the fullest list of zones.

# zoneadm list -c

Any of the above lists can be passed with a verbose parameter, this will give us the ID, Name, Status, Path, Brand, and IP.

# zoneadm list -v

List Specific Zone Configuration

# zonecfg -z testzone info

Zone Configuration

Here is a quick and dirty way to configure a new zone.

# zonecfg -z zone001 "create;set zonepath=/export/zones/zone001"

For more complex configurations you will need to enter the zonecfg prompt.

# zonecfg -z zone001
zone001: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:zone001> create
create: Using system default template 'SYSdefault'
zonecfg:zone001> set zonepath=/export/zones/zone001
zonecfg:zone001> add attr
zonecfg:zone001:attr> set name=comment
zonecfg:zone001:attr> set type=string
zonecfg:zone001:attr> set value="this is a comment"
zonecfg:zone001:attr> end
zonecfg:zone001> add net
zonecfg:zone001:net> set physical=zone001vnic0
zonecfg:zone001:net> end
zonecfg:zone001> add dataset
zonecfg:zone001:dataset> set name=rpool/zonedata
zonecfg:zone001:dataset> end
zonecfg:zone001> verify
zonecfg:zone001> commit
zonecfg:zone001> exit

At the end we performed a verify to look for any problems with out configuration.  If we for example forgot to define a zonepath, then we would receive a notice similar to this…

 zonepath cannot be empty.
zone001: Required resource missing

This can be resolved by providing the missing zonepath.

Create Zone Dataset

The install process will create the ZFS dataset for the zonepath, however since we have defined an additional dataset then we must pre-create that dataset.

# zfs create rpool/zonedata

Create Virtual Networking Card

Solaris 11 using exclusive networking by default, meaning, one zone per device.  This allows you to limit traffic to a particular zone.  Additionally there is a shared-type which you will assign the zone to use the physical network card.  When using the exclusive method we must create a vnic.

# dladm create-vnic -l net0 zone001vnic0

Installation of a Zone

When doing a default install it will use the IPS repositories from the host, so make sure that your host connectivity is worked out.

# zoneadm -z zone001 install
Progress being logged to /var/log/zones/zoneadm.20120520T172618Z.zone001.install
Image: Preparing at /export/zones/zone001/root.

Install Log: /system/volatile/install.1980/install_log
AI Manifest: /tmp/manifest.xml.zuaa2d
SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
Zonename: zone001
Installation: Starting ...

Creating IPS image
Installing packages from:
solaris
origin:  http://pkg.oracle.com/solaris/release/
DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                              167/167 32062/32062  175.8/175.8

PHASE                                        ACTIONS
Install Phase                            44313/44313

PHASE                                          ITEMS
Package State Update Phase                   167/167
Image State Update Phase                         2/2
Installation: Succeeded

Note: Man pages can be obtained by installing pkg:/system/manual

done.

Done: Installation completed in 668.825 seconds.

Next Steps: Boot the zone, then log into the zone console (zlogin -C)

to complete the configuration process.

Log saved in non-global zone as /export/zones/zone001/root/var/log/zones/zoneadm.20120520T172618Z.zone001.install

Renaming a Zone

It is almost certain that you will at some point need to change the name of a zone.

zonecfg -z testzone "set zonename=newname'

Connect to the Console of the Zone

On first start up after install you will want to use two shells, and connect to the console from one first, then using the other shell, boot the zone.

zlogin -C zone001
[Connected to zone 'zone001' console]

[NOTICE: Zone booting up]

After booting up you should see something like this…

System Configuration Tool

System Configuration Tool enables you to specify the following
configuration parameters for your newly-installed Oracle Solaris 11
system:
- network, time zone, user and root accounts, name services

System Configuration Tool produces an SMF profile file in
/system/volatile/scit_profile.xml.

How to navigate through this tool:
- Use the function keys listed at the bottom of each screen to move
from screen to screen and to perform other operations.
- Use the up/down arrow keys to change the selection or to move
between input fields.
- If your keyboard does not have function keys, or they do not
respond, press ESC; the legend at the bottom of the screen will
change to show the ESC keys for navigation and other functions.

F2_Continue  F6_Help  F9_Quit                                                

Follow this through the initial setup.  I set my computer name to zone001 to match the zone name, I also set the network connection to be configured Automatically.  After the configuration is complete you should see something like this.

Exiting System Configuration Tool. Log is available at:
/var/tmp/install/sysconfig.log
Hostname: zone001
zone001 console login:

To disconnect we can use the ~. keystroke.  That is tilde + period.

Start/Boot a Zone

zoneadm -z zone001 boot

Reboot a Zone

zoneadm -z zone001 reboot

Shutdown a Zone

zoneadm -z zone001 shutdown

Halt a Zone

This is a forced power off of the zone, equivalent to a power unplug.

zoneadm -z zone001 halt

UPDATE
December 30, 2012

One minor thing I have noticed, is that when connecting to a Solaris machine via ssh and then disconnecting from a zone console connection using the ~. (tilde and period) hot key you will actually disconnect not only from the console, but also from the SSH session on your machine.  To avoid this second disconnection and only disconnect from the zone console session instead use the ~~. (tilde and tilde and period) hot key.  This will leave your SSH session intact, and allow you to change between zone consoles.

UPDATE
January 2, 2012

When using the method outlined in my article “SSH Hop Through Multiple Hosts” and the ~~. hot key you will find that your SSH connection is still disconnected.  For this use case simple append one more tilde.  So if you are connecting from Machine A through Machine B to Machine C, then you will need ~~~. (tilde and tilde and tilde and period) or one for each machine (including the SSH client and server.

One thought on “Solaris Virtualization: Using Zones

  1. Toki Winter

    Great article. One tip – you can use -e to specify an escape sequence when connecting to the zone console with zlogin -C to save yourself some ~~~. pain 🙂

    # zlogin -C -e ‘#.’

    Then just use #. to jump out of the console.

    Cheers,
    Toki