Solaris Zones - Introduction

Solaris 10 has this excellent new feature called Zones. I was looking forward to this feature since a long time. I guess Sun was pretty late in implementing this technology on Solaris Platform. Earlier on i had worked with BSD Jails. However its implementation was a lil tricky. But in Solaris its all the more easier and involves fewer steps to quickly make it up and running. Below are some notes that i have compiled. It should give you a fair understanding of Solaris Zones.

Features:
1. Its Virtualization - i.e. VMWare, BSD Jails
2. As of now, they can host only instances of Solaris. Not other OSs.
3. Limit of 8192 zones per Solaris system
4. Primary zone (also called global zone) has access to ALL zones
5. Non-global zones, do NOT have access to other non-global zones
6. Default non-global zones derive packages from global zone
7. Program isolation - zone1(Apache), zone2(MySQL)
8. Provides 'z' commands to manage zones: zlogin, zonename, zoneadm,zonecfg

###Features of GLOBAL zone###
1. Solaris ALWAYS boots(cold/warm) to the global zone
2. Knows about ALL hardware devices attached to the system
3. Knows about ALL non-global zones

###Features of NON-GLOBAL zones###
1. Installed at a location on the filesystem of the GLOBAL zone 'zone root path' /export/home/zones/{zone1,zone2,zone3,...}
2. Share packages with GLOBAL zone
3. Manage distinct hostname and tables files
4. Cannot communicate with other non-global zones by default. NIC must be used, which means, use standard network API(TCP)
5. GLOBAL zone admin. can delegate non-global zone administration

###Zone Configuration###
Use: zonecfg - to configure zones
Note: zonecfg can be run: interactively, non-interactively, command-file modes

Requirements for non-global zones:
1. hostname
2. zone root path. i.e. /export/home/zones/testzone1
3. IP address - bound to logical or physical interface

Zone Types:
1. Sparse Root Zones - share key files with global zone
2. Whole Root Zones - require more storage

Steps for configuring non-global zone:
1. mkdir /export/home/zones/testzone1 && chmod 700 /export/home/zones/testzone1
2. zonecfg -z testzone1
3. create
4. set zonepath=/export/home/zones/testzone1 - sets root of zone
5. add net ; set address=192.168.1.60
6. set physical=e1000g0
7. (optional) set autoboot=true - testzone1 will be started when system boots
8. (optional) add attr ; set name=comment; set type=string; set value="TestZone1"
9. verify zone - verifies zone for errors
10. commit changes - commit

11. Zone Installation - zoneadm -z testzone1 install - places zone, 'testzone1' into 'installed' state. NOT ready for production
12. zoneadm -z testzone1 boot - boots the zone, changing its state

###Zlogin - is used to login to zones###
Note: each non-global zone maintains a console. Use 'zlogin -C zonename' after installing zone to complete zone configuration

Note: Zlogin permits login to non-global zone via the following:
1. Interactive - i.e. zlogin -l username zonename
2. Non-interactive - zlogin options command
3. Console mode - zlogin -C zonename
4. Safe mode - zlogin -S

zoneadm -z testzone1 reboot - reboots the zone
zlogin testzone1 shutdown