Zone Manager Version 2.0.6 Help
System Administration Commands zonemgr(1M)
NAME
zonemgr - set up and manage zones
SYNOPSIS
Normal usage:
zonemgr -a [options]
See proper usage:
zonemgr -h
Display the version:
zonemgr -v
Display the license:
zonemgr -l
DESCRIPTION
The purpose of zonemgr is to simplify Solaris 10 and
OpenSolaris zones management. There are many pre-defined
actions that can be applied to one or more zones
depending on the action.
OPTIONS
The following options are supported:
-a Specify the action to be performed
-n Specify the name of the zone
-h See this usage information
-l See the CDDL license
-v See the version number of this script
-f
Where the contents of the config_file
consists of normal command line arguments
with one flag/argument per line. Here is
the contents of a basic example config_file
example:
# zonemgr -f /data/m1_zone.cfg
The contents of /data/m1_zone.cfg are as follows:
<~-- File Begins Here ~-->
-a add
-n m1
-z "/zones"
-P "abc123"
-I "192.168.0.10|hme0|24|m1"
<~-- File Ends Here ~-->
ACTIONS
Actions which can result in data loss or can significantly
alter the server configuration will require authorization.
To confirm all such changes, you may use the -F flag to
answer yes to all such authorizations.
The following actions are supported:
info [-n ]
The "info" action displays configuration information
about one or more zones. If a zone name is not
provided, the info action displays the full
configuration for all non-global zones.
resinfo [-n ]
The "resinfo" action displays all resource management
configuration information about one or more zones. If
a zone name is not provided, the resinfo action
displays the resource management information for all
non-global zones.
add -n [add_options]
The "add" action adds a new non-global zone.
The following add_options are required:
-P ""
Unencrypted password of the root user
of this new non-global zone. The
password can either be specified in
a file or as a quoted string.
OR
-E ""
This is an alternate way from
-P of specifying the non-
global root users password via an
encrypted format. The encrypted
password can either be specified in
a file or as a quoted string. You
can copy and paste the users
password from /etc/shadow.
-z "||"
The zonepath is the subdirectory
below the zone root directory. For
example, specifying -z /myzones
would result in the following root
zone directory:
/myzones/
where is the name of
the zone you are creating.
If no zonepath is specified, the
default value of zonepath is /zones.
If the filesystem containing the
zonepath is a ZFS filesystem, a
new ZFS filesystem will be created
for the zone directory. If no
ZFS filesystem is specified in the
optional second pipe (|) delmited
field, the default value will be the
ZFS pool containing the root (/)
filesystem. In most cases this is
rpool. In this case, the ZFS
filesystem would be rpool/
Optionally, you may also specify
a semicolon (;) delimited list of ZFS
options in the third pipe (|) delimited
field as well. For example, the
following would create a ZFS filesystem
(rpool/z1) with the mountpoint of /z
and optional enables the gzip
compression algorithm and disables atime.
-z "/z|rpool/z1|compression=gzip;atime=off"
OR
-Z "||"
The zonedir is the zone root
directory. Specifying -Z /z1
will place the zone root directory
in /z1.
If no zonepath is specified, the
default value of zonepath is
/zones/
If the filesystem containing the
zonedir is a ZFS filesystem, a
new ZFS filesystem will be created
for the zone directory. If no
ZFS filesystem is specified in the
optional second pipe (|) delmited
field, the default value will be the
ZFS pool containing the root (/)
filesystem. In most cases this is
rpool. In this case, the ZFS
filesystem would be rpool/
Optionally, you may also specify
a semicolon (;) delimited list of ZFS
options in the third pipe (|) delimited
field as well. For example, the
following would create a ZFS filesystem
(rpool/z) with the mountpoint of /z,
enables the gzip compression algorithm
and disables atime.
-Z "/z|rpool/z|compression=gzip;atime=off"
The following add_options can be used as substitutes for
the required options:
The following optional add_options are supported:
-t Type of zone where w=Whole Root and
s=Sparse Root. A sparse root zone
inherits the following directories
from the global zone: /lib, /usr,
/sbin, and /platform. A whole root
zone does not inherit any directories
from the global zone. The default
value is sparse root (s).
OpenSolaris does not share the same
definitions of sparse and whole root
zones as Solaris 10. For OpenSolaris,
all zones whole root zones. Further,
the package set installed in a zone is
a significantly smaller subset of the
packages contained in the global zone.
This ensures that the zone is minimized
by default. Adding packages to
to OpenSolaris is significantly easier
though than it was for Solaris 10. More
on that feature through that feature
(-G "pkg|") later.
-I "||||[exclusive|default_router]"
IP Address of the non-global zone
plus the network interface for that
IP address, the netmask in CIDR
format, and the host name for that IP
address.
If not specified the default network
interface is the first non-loopback
interface listed by ifconfig. The
default netmask is the netmask that
corresponds to the IP address that
you specify. There is no default host
name.
If the word exclusive is optionally
added after the hostname, then all
network interfaces will be exclusive
to this zone. When the exclusive
option is invoked, it must be included
with each interface and, a default
router must be supplied for each
interface even if it is the same
default router for all interfaces.
Note that a zone can be created
without a network address.
-D "" DNS Domain Name. If a domain is
specified, then dns name servers must
also be specified.
Note also that the fully qualified host
name of the non-global zone must be
resolvable by the naming service.
-d ";;.."
Semicolon delimited ordered list of DNS
Name Servers. If domain name servers
are specified the domain name must also
be specified as well.
Note also that the fully qualified host
name of the non-global zone must be
resolvable by the naming service.
-r ""
or
-r "|"
or
-r "|"
Mount a directory or device from the global
zone into the non-global zone in readonly
mode. The inputs vary according to the type.
Note that for all filesystems but the
lofi/lofs filesystem, the device is mounted
for exclusive use of the non-global zone.
However, the root user in the global zone can
access the contents of the mounted filesystem
because the root mount point of the non-global
zone is accessible as a directory in the
global zone.
type = lofi or lofs
For this filesystem type, you are read-
only mounting a directory or device from
the global zone into a non-global zone
through the loopback device.
= Global zone directory
= Non-global zone directory
(mount point)
= Semicolon separated mount
options (ro is implied)
type = zfs
For this filesystem type, you are
read-only mounting an existing ZFS
filesystem from the global zone into
the non-global zone.
= The ZFS filesystem
= Non-global zone directory
(mount point)
= Semicolon separated zfs
options (ro is implied)
type = newzfs
For this filesystem type, you are
creating a new zfs filesystem in the
global zone and read-only mounting it
into the non-global zone.
= The ZFS filesystem
= Non-global zone directory
(mount point)
= Semicolon separated zfs
options (ro is implied)
type = zvol
For this filesystem type, you are making
an existing ZFS volume from the global
zone available within a non-global zone
in read-only mode.
= The ZFS filesystem
= Size
= Semicolon separated zfs
options (ro is implied)
type = newzvol
For this filesystem type, you are making
a new ZFS volume in the global zone and
then making that new ZFS volume
available within a non-global zone
in read-only mode.
= The ZFS filesystem
= Size
= Semicolon separated zfs
options (ro is implied)
type = ufs
For this filesystem type, you are read-
only mounting an existing UFS filesystem
from the global zone into the non-global
zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (ro is
implied)
type = pcfs
For this filesystem type, you are read-
only mounting an existing PCFS (DOS/VFAT)
filesystem from the global zone into the
non-global zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (ro is
implied)
type = newpcfs
For this filesystem type, you are creating
a new read-only pcfs (DOS/VFAT) filesystem
in the global zone and mounting it in the
non-global zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (ro is
implied)
type = hsfs
For this filesystem type, you are either
read-only mounting an existing HSFS
(CD-ROM/DVD-ROM) filesystem or creating
a new HSFS filesystem to be mounted in
read-only mode.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (ro is
implied)
-w ""
or
-w "|"
or
-w "|"
Mount a directory or device from the global
zone into the non-global zone in read/write
mode. The usage for each option varies
according to the type. Note that for all
filesystems but the lofi/lofs filesystem,
the device is mounted for exclusive use of
the non-global zone. However, the root
user in the global zone can access the
contents of the mounted filesystem because
the root mount point of the non-global zone
is accessible as a directory in the global
zone.
type = lofi or lofs
For this filesystem type, you are read-
write mounting a directory or device from
the global zone into a non-global zone
through the loopback device.
= Global zone directory
= Non-global zone directory
(mount point)
= Semicolon separated mount
options (rw is implied)
type = zfs
For this filesystem type, you are
read-write mounting an existing ZFS
filesystem from the global zone into
the non-global zone.
= The ZFS filesystem
= Non-global zone directory
(mount point)
= Semicolon separated zfs
options (rw is implied)
type = newzfs
For this filesystem type, you are
creating a new zfs filesystem in the
global zone and read-write mounting it
into the non-global zone.
= The ZFS filesystem
= Non-global zone directory
(mount point)
= Semicolon separated zfs
options (rw is implied)
type = zvol
For this filesystem type, you are making
an existing ZFS volume from the global
zone available within a non-global zone
in read-write mode.
= The ZFS filesystem
= Size
= Semicolon separated zfs
options (rw is implied)
type = newzvol
For this filesystem type, you are making
a new ZFS volume in the global zone and
then making that new ZFS volume
available within a non-global zone
in read-write mode.
= The ZFS filesystem
= Size
= Semicolon separated zfs
options (rw is implied)
type = dset
For this type, you are making a ZFS dataset
from the global zone accessible and
manageable from within the non-global zone.
= The ZFS filesystem
type = newdset
For this type, you are creating a new ZFS
filesystem in the global zone and making
that ZFS filesystem accessible and
manageable from within the non-global zone.
= The ZFS filesystem
type = ufs
For this filesystem type, you are read-
write mounting an existing UFS filesystem
from the global zone into the non-global
zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (rw is
implied)
type = pcfs
For this filesystem type, you are read-
write mounting an existing PCFS (DOS/VFAT)
filesystem from the global zone into the
non-global zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (rw is
implied)
type = newpcfs
For this filesystem type, you are creating
a new read-write pcfs (DOS/VFAT) filesystem
in the global zone and mounting it in the
non-global zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (rw is
implied)
-B "||[[image:]]"
Make the zone into a branded zone where
is the brand name, , is
the brand subset, and [[image:]] is the path
and file name of the brand archive. If
a media drive is being used, [[image:]] is
the path to the mounted media. e.g.
/cdrom/cdrom0
Available brands include Linux, Solaris
8 Containers, and Solaris 9 Containers.
-R "||"
This flag enables you to customize the
super user's (root) home directory
(), and optinally can
enable root login over ssh ()
which is disabled (off) by default.
-C "|"
or
-C "||"
This flag gives you the ability to copy
data from the global zone () to
the non-global zone ().
There are two phases of zone boot process
in which you can copy data into the non-
global. The first and default phase
(
{{{
) is before the zone boots for the
first time. The second phase ()
is after the zone complets its last
boot of the zone creation process.
Data copied from the global zone can be
a file or directory. All data will be
recursively copied from the global zone
into the non-global zone.
Note that filesystems specified with -r
and -w will not be created until after
the zone has completed its first boot.
Thus do not expect that pre-boot copies
will go into a filesystem that you have
specified with the -r or -w options.
-s "|"
This feature hardens the non-global
zone by disabling (or enabling)
un-necessary operating system
services of the non-global zone
according to the method specified.
Hardening methods and corresponding
arguments are as follows:
Secure by default:
Method: netservices or sbd
Arguments:
limited - Eliminate un-necessary services
open - Enable standard services
Service Management Facility Site
Profile:
Method: smf
Argument: /
JumpStart Architecture and Security
Scripts (aka Solaris Security
Toolkit):
Method: jass
Argument:
Basic service management:
Method: basic or enable or disable or lock or unlock
Argument: One of the following:
disable
lock
enable
unlock
disable|
lock|
enable|
unlock|
-S "" Restart specified service after
adding zone. A special case is
"reboot" to restart all services in
the zone.
-M [basic|] Minimize the non-global zone by
either excluding or removing un-
necessary packages. The optional
is a file containing a list
of packages that you would like
removed from the zone. If no
is specified, the following
categories will be removed with
pkgrm -Y :
JDS4 JDS3 JDS JDSosol GNOME2 CTL
ALE APOC CTL EVO146 G11NTOLS GLOW
JAI JAVAAPPS JDIC
Note that this option does not apply
to OpenSolaris because non-global
zones are minimized by default.
-X " "
Runs inside the non-global
zone once the zone is successfully
created. Note that you may need to
include the full path to the command
as well. And you can pass
(arguments) to the command if you
include them in the quoted the
command.
Note that the most common way to make
executables accessible to the zone is
to read-only (-r) or read-write (-w)
mount a directory from the global zone
into the non-global zone.
-G ""
or
-G "|"
This option provides automated
installation of remote packages
according to the respository type.
Repository = Blastwave(TM)
Type = csw
Args: or "csw|"
Solaris Example 1: top
Solaris Example 2: "csw|top"
OpenSolaris Example: "csw|IPSFWtop"
OpenSolaris IPS Repository:
http://blastwave.network.com:10000
Repository = SunFreeware.com(TM)
Type = sfw
Args for Solaris: "sfw|"
Args for OpenSolaris: "sfw|"
Solaris Example:
"sfw|ftp://ftp.sunfreeware.com/pub/freeware/intel/10/top-3.6.1-sol10-x86-local.gz"
OpenSolaris Example: "sfw|top"
OpenSolaris IPS Repository:
http://pkg.sunfreeware.com:9000
Repository = OpenSolaris.org
Type = pkg
Args: "pkg|"
Example: "pkg|SUNWtop"
OpenSolaris IPS Repository:
http://pkg.opensolaris.org/release
-L "[,,...]"
Specifies the limit set for privileges
allowed in this zone. See manual page
privileges for more info and list of
available privileges.
del -n [-F]
The del action deletes an existing zone
The "del" action supports the following optional option:
-F Don't confirm an action; Just do it.
modify -n
The "modify" action enables you to add, modify and delete
select zone properties. Zone properties that can be modified
include the following:
Modify the zone name:
-m "zonename:"
Modify the comment that describes the zone:
-m "comment:"
Modify the autoboot value. The autoboot property determines
whether or not the zone will boot when the global zone is
booted.
-m "autoboot:"
Modify the boot arguments of the zone:
-m "bootargs:"
Modify an existing filesystem (fs) property:
-m "fs:|:"
Where net resource types include the following:
dir - Global zone directory
special - Non-global zone directory
options - Filesystem mount options
Modify an existing network property:
-m "net:|:"
Where net resource types include the following:
address - Network address and netmask in CIDR format
physical - The network interface
Modify a resource management property:
-m "||"
Where action include the following:
add - Add a resource
del - Delete a resource
mod - Modify a resource
move - Move a resource from the existing zone to
another zone on the same system. When
using this action, you must also supply
the source zone name with the -y
parameter.
Where resource types include the following:
cpu - A CPU resource cap
dcpu - A dedicated CPU resource
ram - A memory resource cap
dram - A locked memory resource
swap - A virtual memory resource cap
Where the resource_arg is either a fixed number, a
range, or a scaled amount. The types for each
resource type are listed below:
For cpu and dcpu resource times, the resource_arg
is either a fixed number or a range of CPUs.
For ram, dram or swap resource, the resource_arg
is the amount and scale where the scale is
represnted by K, M, G, or T. For example, 1M is
one megabyte.
Zone properties that can be removed include the following:
Remove a filesystem from the zone configuration:
-m "del:fs:"
Remove a ZFS volume from the zone configuration:
-m "del:zvol:"
Remove a ZFS dataset from the zone configuration:
-m "del:dset:"
Remove a network interface from the zone configuration:
-m "del:net:"
In addition to modifying and deleting existing properties,
you can also add a few types of properties. The arguments
used to add these properties are listed below.
-I "||||[exclusive|default_router]"
IP Address of the non-global zone
plus the network interface for that
IP address, the netmask in CIDR
format, and the host name for that IP
address.
If not specified the default network
interface is the first non-loopback
interface listed by ifconfig. The
default netmask is the netmask that
corresponds to the IP address that
you specify. There is no default host
name.
If the word exclusive is optionally
added after the hostname, then all
network interfaces will be exclusive
to this zone. When the exclusive
option is invoked, it must be included
with each interface and, a default
router must be supplied for each
interface even if it is the same
default router for all interfaces.
Note that a zone can be created
without a network address.
-r ""
or
-r "|"
or
-r "|"
Mount a directory or device from the global
zone into the non-global zone in readonly
mode. The inputs vary according to the type.
Note that for all filesystems but the
lofi/lofs filesystem, the device is mounted
for exclusive use of the non-global zone.
However, the root user in the global zone can
access the contents of the mounted filesystem
because the root mount point of the non-global
zone is accessible as a directory in the
global zone.
type = lofi or lofs
For this filesystem type, you are read-
only mounting a directory or device from
the global zone into a non-global zone
through the loopback device.
= Global zone directory
= Non-global zone directory
(mount point)
= Semicolon separated mount
options (ro is implied)
type = zfs
For this filesystem type, you are
read-only mounting an existing ZFS
filesystem from the global zone into
the non-global zone.
= The ZFS filesystem
= Non-global zone directory
(mount point)
= Semicolon separated zfs
options (ro is implied)
type = newzfs
For this filesystem type, you are
creating a new zfs filesystem in the
global zone and read-only mounting it
into the non-global zone.
= The ZFS filesystem
= Non-global zone directory
(mount point)
= Semicolon separated zfs
options (ro is implied)
type = zvol
For this filesystem type, you are making
an existing ZFS volume from the global
zone available within a non-global zone
in read-only mode.
= The ZFS filesystem
= Size
= Semicolon separated zfs
options (ro is implied)
type = newzvol
For this filesystem type, you are making
a new ZFS volume in the global zone and
then making that new ZFS volume
available within a non-global zone
in read-only mode.
= The ZFS filesystem
= Size
= Semicolon separated zfs
options (ro is implied)
type = ufs
For this filesystem type, you are read-
only mounting an existing UFS filesystem
from the global zone into the non-global
zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (ro is
implied)
type = pcfs
For this filesystem type, you are read-
only mounting an existing PCFS (DOS/VFAT)
filesystem from the global zone into the
non-global zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (ro is
implied)
type = newpcfs
For this filesystem type, you are creating
a new read-only pcfs (DOS/VFAT) filesystem
in the global zone and mounting it in the
non-global zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (ro is
implied)
type = hsfs
For this filesystem type, you are either
read-only mounting an existing HSFS
(CD-ROM/DVD-ROM) filesystem or creating
a new HSFS filesystem to be mounted in
read-only mode.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (ro is
implied)
-w ""
or
-w "|"
or
-w "|"
Mount a directory or device from the global
zone into the non-global zone in read/write
mode. The usage for each option varies
according to the type. Note that for all
filesystems but the lofi/lofs filesystem,
the device is mounted for exclusive use of
the non-global zone. However, the root
user in the global zone can access the
contents of the mounted filesystem because
the root mount point of the non-global zone
is accessible as a directory in the global
zone.
type = lofi or lofs
For this filesystem type, you are read-
write mounting a directory or device from
the global zone into a non-global zone
through the loopback device.
= Global zone directory
= Non-global zone directory
(mount point)
= Semicolon separated mount
options (rw is implied)
type = zfs
For this filesystem type, you are
read-write mounting an existing ZFS
filesystem from the global zone into
the non-global zone.
= The ZFS filesystem
= Non-global zone directory
(mount point)
= Semicolon separated zfs
options (rw is implied)
type = newzfs
For this filesystem type, you are
creating a new zfs filesystem in the
global zone and read-write mounting it
into the non-global zone.
= The ZFS filesystem
= Non-global zone directory
(mount point)
= Semicolon separated zfs
options (rw is implied)
type = zvol
For this filesystem type, you are making
an existing ZFS volume from the global
zone available within a non-global zone
in read-write mode.
= The ZFS filesystem
= Size
= Semicolon separated zfs
options (rw is implied)
type = newzvol
For this filesystem type, you are making
a new ZFS volume in the global zone and
then making that new ZFS volume
available within a non-global zone
in read-write mode.
= The ZFS filesystem
= Size
= Semicolon separated zfs
options (rw is implied)
type = dset
For this type, you are making a ZFS dataset
from the global zone accessible and
manageable from within the non-global zone.
= The ZFS filesystem
type = newdset
For this type, you are creating a new ZFS
filesystem in the global zone and making
that ZFS filesystem accessible and
manageable from within the non-global zone.
= The ZFS filesystem
type = ufs
For this filesystem type, you are read-
write mounting an existing UFS filesystem
from the global zone into the non-global
zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (rw is
implied)
type = pcfs
For this filesystem type, you are read-
write mounting an existing PCFS (DOS/VFAT)
filesystem from the global zone into the
non-global zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (rw is
implied)
type = newpcfs
For this filesystem type, you are creating
a new read-write pcfs (DOS/VFAT) filesystem
in the global zone and mounting it in the
non-global zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (rw is
implied)
-C "|"
or
-C "||"
This flag gives you the ability to copy
data from the global zone () to
the non-global zone ().
There are two phases of zone boot process
in which you can copy data into the non-
global. The first and default phase
(
{{{
) is before the zone boots for the
first time. The second phase ()
is after the zone complets its last
boot of the zone creation process.
Data copied from the global zone can be
a file or directory. All data will be
recursively copied from the global zone
into the non-global zone.
Note that filesystems specified with -r
and -w will not be created until after
the zone has completed its first boot.
Thus do not expect that pre-boot copies
will go into a filesystem that you have
specified with the -r or -w options.
-s "|"
This feature hardens the non-global
zone by disabling (or enabling)
un-necessary operating system
services of the non-global zone
according to the method specified.
Hardening methods and corresponding
arguments are as follows:
Secure by default:
Method: netservices or sbd
Arguments:
limited - Eliminate un-necessary services
open - Enable standard services
Service Management Facility Site
Profile:
Method: smf
Argument: /
JumpStart Architecture and Security
Scripts (aka Solaris Security
Toolkit):
Method: jass
Argument:
Basic service management:
Method: basic or enable or disable or lock or unlock
Argument: One of the following:
disable
lock
enable
unlock
disable|
lock|
enable|
unlock|
-M [basic|] Minimize the non-global zone by
either excluding or removing un-
necessary packages. The optional
is a file containing a list
of packages that you would like
removed from the zone. If no
is specified, the following
categories will be removed with
pkgrm -Y :
JDS4 JDS3 JDS JDSosol GNOME2 CTL
ALE APOC CTL EVO146 G11NTOLS GLOW
JAI JAVAAPPS JDIC
Note that this option does not apply
to OpenSolaris because non-global
zones are minimized by default.
-X " "
Runs inside the non-global
zone once the zone is successfully
created. Note that you may need to
include the full path to the command
as well. And you can pass
(arguments) to the command if you
include them in the quoted the
command.
Note that the most common way to make
executables accessible to the zone is
to read-only (-r) or read-write (-w)
mount a directory from the global zone
into the non-global zone.
-G ""
or
-G "|"
This option provides automated
installation of remote packages
according to the respository type.
Repository = Blastwave(TM)
Type = csw
Args: or "csw|"
Solaris Example 1: top
Solaris Example 2: "csw|top"
OpenSolaris Example: "csw|IPSFWtop"
OpenSolaris IPS Repository:
http://blastwave.network.com:10000
Repository = SunFreeware.com(TM)
Type = sfw
Args for Solaris: "sfw|"
Args for OpenSolaris: "sfw|"
Solaris Example:
"sfw|ftp://ftp.sunfreeware.com/pub/freeware/intel/10/top-3.6.1-sol10-x86-local.gz"
OpenSolaris Example: "sfw|top"
OpenSolaris IPS Repository:
http://pkg.sunfreeware.com:9000
Repository = OpenSolaris.org
Type = pkg
Args: "pkg|"
Example: "pkg|SUNWtop"
OpenSolaris IPS Repository:
http://pkg.opensolaris.org/release
list
The "list" action lists all current zones
clone -n -y [clone_options]
The "clone" action clones an existing zone into a
new zone. The new zone can be tailored via the
optional arguments used when creating a new zone.
The "clone" action supports the following required
options:
The following clone_options are required:
-P ""
Unencrypted password of the root user
of this new non-global zone. The
password can either be specified in
a file or as a quoted string.
OR
-E ""
This is an alternate way from
-P of specifying the non-
global root users password via an
encrypted format. The encrypted
password can either be specified in
a file or as a quoted string. You
can copy and paste the users
password from /etc/shadow.
-z "||"
The zonepath is the subdirectory
below the zone root directory. For
example, specifying -z /myzones
would result in the following root
zone directory:
/myzones/
where is the name of
the zone you are creating.
If no zonepath is specified, the
default value of zonepath is /zones.
If the filesystem containing the
zonepath is a ZFS filesystem, a
new ZFS filesystem will be created
for the zone directory. If no
ZFS filesystem is specified in the
optional second pipe (|) delmited
field, the default value will be the
ZFS pool containing the root (/)
filesystem. In most cases this is
rpool. In this case, the ZFS
filesystem would be rpool/
Optionally, you may also specify
a semicolon (;) delimited list of ZFS
options in the third pipe (|) delimited
field as well. For example, the
following would create a ZFS filesystem
(rpool/z1) with the mountpoint of /z
and optional enables the gzip
compression algorithm and disables atime.
-z "/z|rpool/z1|compression=gzip;atime=off"
OR
-Z "||"
The zonedir is the zone root
directory. Specifying -Z /z1
will place the zone root directory
in /z1.
If no zonepath is specified, the
default value of zonepath is
/zones/
If the filesystem containing the
zonedir is a ZFS filesystem, a
new ZFS filesystem will be created
for the zone directory. If no
ZFS filesystem is specified in the
optional second pipe (|) delmited
field, the default value will be the
ZFS pool containing the root (/)
filesystem. In most cases this is
rpool. In this case, the ZFS
filesystem would be rpool/
Optionally, you may also specify
a semicolon (;) delimited list of ZFS
options in the third pipe (|) delimited
field as well. For example, the
following would create a ZFS filesystem
(rpool/z) with the mountpoint of /z,
enables the gzip compression algorithm
and disables atime.
-Z "/z|rpool/z|compression=gzip;atime=off"
The following optional clone_options are supported:
-F Don't confirm an action; Just do it.
-t Type of zone where w=Whole Root and
s=Sparse [default: s]
-d ",,.."
Ordered list of DNS Name Servers
-D "" DNS Domain Name
-A Disable autoboot (prevent zone from
booting when the server reboots).
-w ""
or
-w "|"
or
-w "|"
Mount a directory or device from the global
zone into the non-global zone in read/write
mode. The usage for each option varies
according to the type. Note that for all
filesystems but the lofi/lofs filesystem,
the device is mounted for exclusive use of
the non-global zone. However, the root
user in the global zone can access the
contents of the mounted filesystem because
the root mount point of the non-global zone
is accessible as a directory in the global
zone.
type = lofi or lofs
For this filesystem type, you are read-
write mounting a directory or device from
the global zone into a non-global zone
through the loopback device.
= Global zone directory
= Non-global zone directory
(mount point)
= Semicolon separated mount
options (rw is implied)
type = zfs
For this filesystem type, you are
read-write mounting an existing ZFS
filesystem from the global zone into
the non-global zone.
= The ZFS filesystem
= Non-global zone directory
(mount point)
= Semicolon separated zfs
options (rw is implied)
type = newzfs
For this filesystem type, you are
creating a new zfs filesystem in the
global zone and read-write mounting it
into the non-global zone.
= The ZFS filesystem
= Non-global zone directory
(mount point)
= Semicolon separated zfs
options (rw is implied)
type = zvol
For this filesystem type, you are making
an existing ZFS volume from the global
zone available within a non-global zone
in read-write mode.
= The ZFS filesystem
= Size
= Semicolon separated zfs
options (rw is implied)
type = newzvol
For this filesystem type, you are making
a new ZFS volume in the global zone and
then making that new ZFS volume
available within a non-global zone
in read-write mode.
= The ZFS filesystem
= Size
= Semicolon separated zfs
options (rw is implied)
type = dset
For this type, you are making a ZFS dataset
from the global zone accessible and
manageable from within the non-global zone.
= The ZFS filesystem
type = newdset
For this type, you are creating a new ZFS
filesystem in the global zone and making
that ZFS filesystem accessible and
manageable from within the non-global zone.
= The ZFS filesystem
type = ufs
For this filesystem type, you are read-
write mounting an existing UFS filesystem
from the global zone into the non-global
zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (rw is
implied)
type = pcfs
For this filesystem type, you are read-
write mounting an existing PCFS (DOS/VFAT)
filesystem from the global zone into the
non-global zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (rw is
implied)
type = newpcfs
For this filesystem type, you are creating
a new read-write pcfs (DOS/VFAT) filesystem
in the global zone and mounting it in the
non-global zone.
= Raw device /dev/rdsk/
or device
= Non-global zone directory
(mount point)
= Mount options (rw is
implied)
-p "|"
Resource allocated to this zone. Note
that although all of the following resource
types can be applied to a zone, only one
of each type can be specified per zone.
Resources are deleted by specifying a value
of 0 for the .
resource = cpu
The cpu resource type specifies the upper
limit (cap) by number (or range) of CPUs
for this zone.
Valid arguments for this resource type
include the following:
Maximum number: 3
Range: 2-4
Note that a zone cannot be assigned capped
and dedicated CPU resources at the same
time. You can use one or the other.
resource = dcpu
The dcpu resource type specifies the fixed
number (or range) of CPUs to dedicate to
this zone.
Valid arguments for this resource type
include the following:
Maximum number: 3
Range: 2-4
Note that a zone cannot be assigned capped
and dedicated CPU resources at the same
time. You can use one or the other.
resource = ram
The ram resource type specifies the maximum
amount of memory (e.g. RAM) that this zone
can consume.
Valid arguments for this resource type
specify the amount and scale of memory where
the scale is represnted by K (kilobyte),
M (megabyte), G (gigabyte), or T (terabyte).
For example, 1M is one megabyte.
resource = dram
The dram resource type specifies the specific
amount of memory (e.g. RAM) that is dedicated
to this zone.
Valid arguments for this resource type
specify the amount and scale of memory where
the scale is represnted by K (kilobyte),
M (megabyte), G (gigabyte), or T (terabyte).
For example, 1M is one megabyte.
resource = swap
The swap resource type specifies the maximum
amount of virtual memory (e.g. swap) that
this zone can consume.
Valid arguments for this resource type
specify the amount and scale of memory where
the scale is represnted by K (kilobyte),
M (megabyte), G (gigabyte), or T (terabyte).
For example, 1M is one megabyte.
move -n -Z [-F]
The "move" action moves an existing zone from its current
directory to a new directory.
The "move" action supports the following required
options:
The following options are required:
-Z "" New directory for this zone.
detach -n [-F]
The "detach" action detaches a zone so that it can be
attached to a different server.
The "detach" action supports the following required
options:
The following options are required:
-F Don't confirm an action; Just do it.
attach -n [-F]
The "attach" action attaches a detached zone.
The "attach" action supports the following required
options:
The following options are required:
-F Don't confirm an action; Just do it.
shutdown -n [-F]
The "shutdown" action shuts down a zone.
The "shutdown" action supports the following optional
option:
-F Don't confirm an action; Just do it.
boot -n
The "boot" action boots a zone.
The "boot" action supports the following optional
option:
-F Don't confirm an action; Just do it.
reboot -n [-F]
The "reboot" action reboots a zone.
The "reboot" action supports the following optional
option:
-F Don't confirm an action; Just do it.
halt -n [-F]
The "halt" action halts a zone.
The "halt" action supports the following optional
option:
-F Don't confirm an action; Just do it.
only -n [-F]
The "only" action halts all non-global zones but those
specified by -n " " and boot any of
these specified zones that are not currently running.
There are two zone name special cases.
bootall
This zone name makes sure all non-global zones
are booted.
haltall
This zone name makes sure all zones are halted.
The "only" action supports the following optional
option:
-F Don't confirm an action; Just do it.
runcmd -n -X "" [-F]
The "runcmd" action runs commands specified with the
-X "" flags in all non-global zones
specified by -n ";;" flag.
There is one zone name special case.
all
This zone name runs the specified commands on
all non-global zones.
The following options are required:
-n ";;..."
Specify the name of the zones
-X Runs inside the non-global
command once it is successfully
created. Note that you may need to
include the full path to the command
as well.
The "runcmd" action supports the following optional
option:
-F Don't confirm an action; Just do it.
EXAMPLES
Example 1: Create A Zone
The following command will create a non-global zone named
m1.
# zonemgr -a add -n m1 -P "abc123" \
-I "192.168.0.10|hme0|24|m1"
Example 2: Create A Zone With Custom ZFS Root Zone Directory
If the root filesystem (mount point = /) is a ZFS filesystem,
the Zone Manager will need to create a ZFS filesystem to serve
as the root zone directory. Since the zone root directory is
a ZFS filesystem, you can specify a specifi zpool in which to
create the filesystem as well as customize attributes of that
filesystem. Further, all options set for the ZFS based zone
root directory will be inherited by all ZFS filesystems below
the zone root directory. For example, the following command
will
1. create the zone m1
2. with a ZFS filesystem (zdata/m1) as the zone root directory
3. with a global zone mountpoint of /zones/m1
4. in the "zdata" ZFS pool,
5. and it will enable gzip compression of the zdata/m1 ZFS
filesystem
6. and the recordsize to 8k of the zdata/m1 ZFS filesystem
# zonemgr -a add -n m1 -P "abc123" \
-Z "/zones/m1|zdata/m1|compression=gzip;recordsize=8k"
Note that for the -z and -Z flags, that the ZFS filesystem
(the second pipe delimited field) is the ZFS filesystem that
will be used for the zone root directory and not as the base
plus the zone name. In other words, we are creating a zone
named m2 and have specified -z zdata, the resulting ZFS
filesystem will be just zdata and not be zdata/m2. This is a
very important distinction because -z flag appends the zone
name to the end of the base directory specified by the -z
flag but does not do so for the ZFS filesystem. The reason
for this decision is because some customers needed to
specify the ZFS filesystem independently of the zone name.
Example 3: Delete A Zone
The following command will delete the non-global zone named
m1 and it will not be prompted to continue because the
action is forced with the -F flag.
# zonemgr -F -a del -n m1
Example 4: Create A Zone With Multiple IP Addresses
The following command will create a non-global zone named
m1 with three IP addresses where each IP address is configured
on its own network interface. Note that the third option has
specified that it will exclusively use the bge1 network
interface. The other IP addresses are assigned to shared
network interfaces (hme0 and bge0).
# zonemgr -a add -n m1 -P "abc123" \
-I "192.168.0.10|hme0|24|m1" \
-I "192.168.5.27|bge0|24|m2" \
-I "192.168.10.5|bge1|24|m3|exclusive|192.168.10.5"
Example 5: A Complex Example
The following command will perform the details stated below.
# zonemgr -a add -n m2 -t w \
-P "abc123" -R /root \
-I "192.168.0.10|hme0|24|m2" \
-r "/ds/build11/bits|/bits" \
-w "/zones/m2|/ds/m2" \
-s "basic|lock" -S ssh \
-C /etc/ssh/sshd_config \
-L "default;dtrace_proc;dtrace_user"
1. Create a whole root zone named m2 in /zones/m2.
2. Set the root password of that zone to abc123.
3. Set the home directory of the root user of the non-global
zone to /root.
4. Set the IP address of the zone to 192.168.0.10, the
netmask to 255.255.255.0, assign it to interface hme0, and
assign it a host name of m2.
5. Read only mount /ds/build11/bits from the global zone to
/bits in the non-global zone.
6. Read write mount /zones/m2 from the global zone to /ds/m2
in the non-global zone.
7. Disable all un-necessary services in the non-global zone
and restart the ssh service once the lockdown is complete.
8. Copy the /etc/ssh/sshd_config, /etc/resolv.conf, and
/etc/nsswitch.conf files from the global zone to the
non-global zone. The resolv.conf and nsswitch.conf are
copied for convenience only if they are present in the
global zone.
9. Add the dtrace_proc and dtrace_user privileges to the
non-global zone
Example 6: List All Zones
The following command will list all available zones.
# zonemgr -a list
Example 7: Reboot A Zone
The following command will reboot non-global zone m1.
# zonemgr -a reboot -n m1
Example 8: Disable Un-necessary Services
The following command will disable all un-necessary services
of non-global zone m1.
# zonemgr -a modify -n m1 -s "basic|lock"
Example 9: Enable Un-necessary Services
The following command will enable all un-necessary services
of non-global zone m1.
# zonemgr -a modify -n m1 -s "basic|unlock"
Example 10: Manage State Of Multiple Zones
The following command will halt all non-global zones but
those specified by the -n parameter and will boot any of the
specified zones that are not currently running.
# zonemgr -a only -n "m1;m2"
Example 11: Halt All Zones
The following command will halt all non-global zones.
# zonemgr -a only -n "haltall"
Example 12: Boot All Zones
The following command will boot all non-global zones.
# zonemgr -a only -n "bootall"
Example 13: Creating A BrandZ (e.g. Linux) Zone
The following command will add a BrandZ zone
# zonemgr -a add -n m1 -P "abc123" \
-I "192.168.0.10|hme0|24|m1" \
-B "SUNWlx|all|/data/brandz/centos_fs_image.tar"
The parameters passed to -B break down as follows:
* SUNWlx: The zone brand (only lx is currently supported)
* On opensolaris ipkg is the default brand. Do not specify
ipkg it will be installed by default on opensolaris.
* all: The brand subset to install. Valid values include
desktop, applications, server, development, system,
and all. I don't yet have an idea as to how this
option will impact other distributions that folks come
up with. These options may or may not be valid. TBD.
* /data/brandz/centos_fs_image.tar: The path to the
brand bits. I simply pointed them to the BrandZ
community's CentOS image.
Example 14: Create A Zone AND Install MySQL5 From BlastWave
The following command will add a zone named m1, download and
install mysql5 and all requisite bits from Blastwave.org,
and install all those bits in the proper order in the m1
zone.
# zonemgr -a add -n m1 -P "abc123" \
-I "192.168.0.10|hme0|24|m1" -G "mysql5"
Example 15: Add A ZFS Filesystem To An Existing Zone
The following command will create a legacy mode ZFS
filesystem from the myzfspool pool, set the ZFS mount
point to /zfsdata, and mount that filesystem exclusively
within the m1 zone.
# zonemgr -a modify -n m1 -w "zfs|/zfsdata|zpool/m1data"
Example 16: Move A Zone
The following command will move a zone to a new directory.
# zonemgr -a move -n m1 -Z /zones/newm1
Example 17: Detach And Attach A Zone
The following two commands will detach a zone and then
re-attach it.
# zonemgr -a detach -n m1 -F
# zonemgr -a attach -n m1 -F
Example 18: Clone A Zone
The following command will move a zone to a new directory.
# zonemgr -a clone -n m1 -y m1clone -Z /zones/m1clone \
-P "pw"
Example 19: Apply CPU Containment To A Zone
The following command will put a zone into a CPU processor
set that will limit all process of the zone to running on
the specified number of CPUs.
# zonemgr -a modify -n m1 -p "cpu|1"
Example 20: Apply Memory Containment To A Zone
The following command will dedicate 1G of physical memory
to a zone.
# zonemgr -a modify -n m1 -p "dram|1g"
NOTES
Note that most parameters are multivalued. In other words,
you can specify the same parameter multiple times. For
example, to mount the /data1 and /data2 directories in read
only mode from the global zone to the non-global zone, add
the following to the add action:
-r "/data1" -r "/data2"
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
2 Invalid usage.
SEE ALSO
svcs(1), zlogin(1), zonename(1), svcadm(1M), svc.startd(1M)
and init(1M), svc.startd(1M), zoneadm(1M), zonecfg(1M),
attributes(5), smf(5), zones(5)
}}}
}}}
