Creating A Zone (Solaris 10)

Simple steps to get a zone up and running.

The Easy Way -- ZoneBuilder
Ask Gord for a current copy of CWzonetools and run /opt/CWzonetools/bin/zonebuild and follow the instructions, this includes finish scripts and the like to build a standard build

The Manual Way
First for our standard build we have three volumes in a zone '/', '/var', and '/cust' (to be decided per customer).

Easist method to create these is to create one mirrored metadevice then create one soft partition for each 'metainit d(new device) -p d(underlying device) (size eg 2g)'.

Mount these at /zones/zone1, /zones/zone1/var, /zones/zone1/cust. You cannot mount /var and /cust under zone1/root (the eventual location of the root zone) as zone1/root must not exist when creating the zone.

Then create the zone using zonecfg. Here's an example session, it's all fairly obvious. Full details on page 235 in "Solcaris Containers - Resource Management and Solaris Zones"

bash-3.00# zonecfg -z zone1 zone1: No such zone configured Use 'create' to begin configuring a new zone. zonecfg:zone1> create zonecfg:zone1> set zonepath=/zones/zone1 zonecfg:zone1> set autoboot=true zonecfg:zone1> set scheduling-class=FSS zonecfg:zone1> add rctl zonecfg:zone1:rctl> set name=zone.cpu-shares zonecfg:zone1:rctl> add value (priv=privileged,limit=100,action=none) zonecfg:zone1> add fs zonecfg:zone1:fs> set dir=/var zonecfg:zone1:fs> set special=/zones/zone1/var zonecfg:zone1:fs> set type=lofs zonecfg:zone1:fs> end zonecfg:zone1> add fs zonecfg:zone1:fs> set dir=/cust zonecfg:zone1:fs> set special=/zones/zone1/cust zonecfg:zone1:fs> set type=lofs zonecfg:zone1:fs> end zonecfg:zone1> add net zonecfg:zone1:net> set address=10.144.131.144 zonecfg:zone1:net> set physical=hme0 zonecfg:zone1:net> end zonecfg:zone1> add net zonecfg:zone1:net> set address=127.0.0.101 zonecfg:zone1:net> set physical=lo0 zonecfg:zone1:net> end zonecfg:zone1> add attr zonecfg:zone1:attr> set name=comment zonecfg:zone1:attr> set type=string zonecfg:zone1:attr> set value="Gord's test zone" zonecfg:zone1:attr> end zonecfg:zone1> verify zonecfg:zone1> commit zonecfg:zone1> exit

At any stage you can now check the status of the zone:

bash-3.00# zoneadm -z zone1 list -v ID NAME            STATUS         PATH - zone1           configured     /zones/zone1

You now need to install the zone, this copies files to the zone and readies it for identification.

You should verify the status of the zone before you install it

bash-3.00# zoneadm -z zone1 verify /zones/zone1 must not be group readable. /zones/zone1 must not be group executable. /zones/zone1 must not be world readable. /zones/zone1 must not be world executable. could not verify zonepath /zones/zone1 because of the above errors. zoneadm: zone zone1 failed to verify

Fix any errors and rerun verify before you install.

Now install the zone

bash-3.00# zoneadm -z zone1 install Preparing to install zone. Creating list of files to copy from the global zone. Copying files to the zone. Initializing zone product registry. Determining zone package initialization order. Preparing to initialize packages on the zone. Initialized packages on zone. Zone is initialized. Installation of these packages generated errors:  Installation of <3> packages was skipped. Installation of these packages generated warnings:  The file  contains a log of the zone installation.

If you like you can trainsition the zone to the 'ready' state, but it'll do this automatically if you just boot the zone 'zoneadm -z zone1 ready'

If you want to give the zone it's identity manually you can now just boot the zone. Preferably tho create a 'sysidcfg' file at /zones/zone1/root/etc/sysidcfg. Similar to this:

system_locale=C terminal=dtterm network_interface=primary { hostname=zone1 } security_policy=NONE name_service=DNS { domain_name=localnet name_server=4.2.2.2,195.92.195.92 search=yoururl.com } timezone=GB root_password=H/h49DNFXYDU2

(that root_password will give you abc123)

If you don't have a real hostname configured for the box yet, set 'name_service=NONE' and sort out nsswitch.conf and resolv.conf at a later date.

Now set 'NFSMAPID_DOMAIN=zone1' (zone1 your hostname) in /zones/zone1/root/etc/default/nfs. Then do

touch .NFS4inst_state.domain

in the etc/default directory.

Now boot the zone

bash-3.00# zoneadm -z zone1 boot bash-3.00# zoneadm -z zone1 list -v ID NAME            STATUS         PATH 1 zone1           running        /zones/zone1

Now login to the zone on the console (-C) to configure the zone

bash-3.00# zlogin -C zone1 [Connected to zone 'zone1' console]

If you didn't do the sysidcfg you now need to give the box its identity:
 * hostname
 * Kerberos yes/no
 * Name Service (eg DNS)
 * Domain Name
 * DNS Servers
 * Search Domains
 * Time Zone
 * Root Password
 * Override NFS v4 Domain Name (choose 'no' generally)

The zone will now reboot and will then be ready to use.