📦 Solaris Zones and Containers
Solaris Zones provide OS-level virtualization, enabling multiple isolated environments on a single system. This technology offers lightweight virtualization with excellent performance and resource management capabilities.
🎯 Zones Architecture Overview
Core Concepts
Solaris Zones implement operating system-level virtualization:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 | # Zone Types
# - Global Zone: Primary zone hosting all others
# - Non-Global Zone: Isolated guest environment
# - Whole Root Zone: Complete filesystem copy
# - Sparse Root Zone: Shared filesystem with global zone
# Zone States
# - configured: Zone defined but not installed
# - incomplete: Partially installed zone
# - installed: Zone installed but not running
# - ready: Zone booted but not running
# - running: Zone actively running
# - shutting_down: Zone in shutdown process
# Zone Components
# - Zone configuration
# - Zone root filesystem
# - Zone dataset (ZFS)
# - Zone network interfaces
# - Zone resource management
|
Zone Benefits
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 | # Advantages of Zones
# - Lightweight virtualization
# - Excellent performance (near-native)
# - Fast provisioning
# - Efficient resource utilization
# - Strong isolation
# - Centralized management
# - Live migration capabilities
# Use Cases
# - Server consolidation
# - Development and testing
# - Multi-tenant environments
# - Security isolation
# - Application separation
# - Disaster recovery
|
🔧 Basic Zone Operations
Zone Administration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 | # Zone management commands
zoneadm # Zone administration
zonecfg # Zone configuration
zlogin # Login to zone
zonename # Show current zone name
# List zones
zoneadm list # List running zones
zoneadm list -v # Verbose zone list
zoneadm list -c # List configured zones
zoneadm list -i # List installed zones
# Check current zone
zonename # Show current zone name
zonename -c # Show current zone configuration
|
Zone Creation Process
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 | # Step 1: Configure zone
zonecfg -z myzone create
zonecfg -z myzone set zonepath=/zones/myzone
zonecfg -z myzone set autoboot=true
zonecfg -z myzone add net
zonecfg -z myzone set net physical=e1000g0
zonecfg -z myzone set net address=192.168.1.100
zonecfg -z myzone end
zonecfg -z myzone verify
zonecfg -z myzone commit
zonecfg -z myzone exit
# Step 2: Install zone
zoneadm -z myzone install
# Step 3: Boot zone
zoneadm -z myzone boot
# Step 4: Login to zone
zlogin myzone
# Alternative: Create from template
zonecfg -z template-zone export > zone-template.cfg
zonecfg -z new-zone create -t template-zone
|
📋 Zone Configuration
Zone Configuration Management
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25 | # Interactive configuration
zonecfg -z myzone # Enter zone configuration shell
zonecfg -z myzone info # Show zone configuration
zonecfg -z myzone export # Export configuration
# Non-interactive configuration
echo "create; set zonepath=/zones/myzone" | zonecfg -z myzone
# Configuration file approach
cat > myzone.cfg << 'EOF'
create
set zonepath=/zones/myzone
set autoboot=true
add net
set physical=e1000g0
set address=192.168.1.100
end
add fs
set dir=/export/data
set special=/dev/dsk/c0t1d0s0
set type=ufs
end
EOF
zonecfg -z myzone -f myzone.cfg
|
Zone Resource Configuration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29 | # CPU resource management
zonecfg -z myzone add capped-cpu
zonecfg -z myzone set capped-cpu ncpus=2.0
zonecfg -z myzone end
# Memory resource management
zonecfg -z myzone add capped-memory
zonecfg -z myzone set capped-memory physical=2G
zonecfg -z myzone set capped-memory swap=4G
zonecfg -z myzone end
# Network configuration
zonecfg -z myzone add net
zonecfg -z myzone set net physical=e1000g0
zonecfg -z myzone set net address=192.168.1.100
zonecfg -z myzone set net defrouter=192.168.1.1
zonecfg -z myzone end
# Filesystem configuration
zonecfg -z myzone add fs
zonecfg -z myzone set fs dir=/export/data
zonecfg -z myzone set fs special=/dev/dsk/c0t1d0s0
zonecfg -z myzone set fs type=ufs
zonecfg -z myzone end
# Dataset configuration (ZFS)
zonecfg -z myzone add dataset
zonecfg -z myzone set dataset name=rpool/myzone/data
zonecfg -z myzone end
|
🌐 Network Virtualization
Zone Network Interfaces
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23 | # Shared IP zones (default)
zonecfg -z myzone add net
zonecfg -z myzone set net physical=e1000g0
zonecfg -z myzone set net address=192.168.1.100/24
zonecfg -z myzone end
# Exclusive IP zones
zonecfg -z myzone set ip-type=exclusive
zonecfg -z myzone add net
zonecfg -z myzone set net physical=e1000g0
zonecfg -z myzone end
# Virtual network interfaces
zonecfg -z myzone add net
zonecfg -z myzone set net physical=vnic0
zonecfg -z myzone set net address=192.168.1.100/24
zonecfg -z myzone end
# Anet (automatic network)
zonecfg -z myzone add anet
zonecfg -z myzone set anet lower-link=auto
zonecfg -z myzone set anet allowed-address=192.168.1.100/24
zonecfg -z myzone end
|
Network Configuration in Zones
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 | # Configure network inside zone
zlogin myzone << 'EOF'
# Configure IP address
ifconfig e1000g0 192.168.1.100 netmask 255.255.255.0 up
# Set default route
route add default 192.168.1.1
# Configure DNS
echo "nameserver 8.8.8.8" > /etc/resolv.conf
EOF
# Network monitoring
zlogin myzone netstat -an # Inside zone
netstat -an | grep 192.168.1.100 # From global zone
|
🛠️ Zone Management
Zone Lifecycle Management
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 | # Zone state transitions
zoneadm -z myzone install # configured -> installed
zoneadm -z myzone boot # installed -> running
zoneadm -z myzone halt # running -> installed
zoneadm -z myzone ready # installed -> ready
zoneadm -z myzone uninstall # installed -> configured
# Zone cloning
zoneadm -z source-zone halt
zoneadm -z source-zone clone new-zone
# Zone snapshots (ZFS)
zfs snapshot -r rpool/zones/source-zone@snapshot1
zoneadm -z new-zone install -s rpool/zones/source-zone@snapshot1
# Zone packaging
zoneadm -z myzone shutdown
zoneadm -z myzone detach
zoneadm -z myzone attach
|
Zone Resource Management
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 | # Resource pools
poolcfg -c 'create pool mypool'
poolcfg -c 'create pset mypset (uint pset.min = 2; uint pset.max = 4)'
poolcfg -c 'associate pool mypool with pset mypset'
poolbind -p mypool $$
# Processor sets
psrset_create() {
local pset_id=$1
local cpus=$2
psrset -c $cpus
}
# Fair share scheduler
priocntl -s -c FSS -m 100 -p 50 $$
|
🎨 Advanced Zone Features
Zone Branding
1
2
3
4
5
6
7
8
9
10
11
12 | # Different zone brands
zonecfg -z myzone create -t SYSsolaris # Standard Solaris
zonecfg -z myzone create -t SUNWlxc # Linux Containers
zonecfg -z myzone create -t SUNWjoyent # SmartOS/Joyent
# Brand-specific features
# SYSsolaris: Native Solaris zones
# SUNWlxc: Linux binary compatibility
# SUNWjoyent: Illumos-based zones
# Check brand compatibility
zoneadm list -v | grep brand
|
Zone Templates and Profiles
1
2
3
4
5
6
7
8
9
10
11
12
13 | # Create zone template
zonecfg -z template-zone create
zonecfg -z template-zone set zonepath=/zones/template
zonecfg -z template-zone add net
zonecfg -z template-zone set net physical=auto
zonecfg -z template-zone end
zonecfg -z template-zone export > /etc/zones/template.xml
# Use template for new zones
zonecfg -z new-zone create -t template-zone
zonecfg -z new-zone set zonepath=/zones/new-zone
zonecfg -z new-zone set net address=192.168.1.101
zonecfg -z new-zone commit
|
Live Migration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 | # Zone migration prerequisites
# - Shared storage (SAN/NFS)
# - Compatible hardware
# - Network connectivity
# Prepare for migration
zoneadm -z myzone shutdown
zoneadm -z myzone detach
# Migrate zone data
rsync -av /zones/myzone/ target:/zones/myzone/
# Attach on target system
zoneadm -z myzone attach
# Resume zone
zoneadm -z myzone boot
|
🔍 Zone Monitoring and Troubleshooting
1
2
3
4
5
6
7
8
9
10
11
12
13
14 | # Zone resource usage
prstat -Z # Per-zone CPU usage
vmstat -z # Per-zone memory statistics
iostat -z # Per-zone I/O statistics
netstat -Z # Per-zone network statistics
# Zone-specific monitoring
zoneadm list -v # Zone status
zonestat # Zone resource statistics
zonep2vchk # Physical to virtual compatibility check
# Resource controls
prctl -P $$ # Process resource controls
projects # Project management
|
Common Issues and Solutions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 | # Zone won't boot
# 1. Check zone state: zoneadm list -v
# 2. Check logs: tail $(zoneadm -z zone list -v | grep zonepath)
# 3. Verify configuration: zonecfg -z zone info
# 4. Check dependencies: zoneadm -z zone verify
# Network issues in zone
# 1. Check network configuration: zonecfg -z zone info net
# 2. Verify physical interface: ifconfig -a
# 3. Test connectivity: zlogin zone ping target
# Resource constraints
# 1. Check resource limits: prctl -P $$
# 2. Adjust caps: zonecfg -z zone modify capped-memory
# 3. Monitor usage: prstat -Z
# Zone installation failures
# 1. Check available space: df -h
# 2. Verify media: ls /net/installserver/export/solaris
# 3. Check logs: /var/log/zones/
|
Zone Log Analysis
| # Zone log locations
/var/log/zones/ # Zone installation logs
/zones/zone-name/root/var/adm/messages # Zone system logs
/zones/zone-name/root/var/log/ # Zone application logs
# Log monitoring
tail -f /var/log/zones/* # Installation logs
zlogin zone-name tail -f /var/adm/messages # Zone logs
# Debug logging
zonecfg -z zone-name set logfile=/var/log/zone-debug.log
|
🧾 Summary Quick Reference
Essential Zone Commands
| Command |
Description |
zoneadm list |
List zones |
zoneadm -z zone boot |
Boot zone |
zoneadm -z zone halt |
Halt zone |
zonecfg -z zone create |
Create zone |
zonecfg -z zone info |
Show zone info |
zlogin zone |
Login to zone |
zonestat |
Zone statistics |
Zone States
| State |
Description |
| configured |
Zone defined but not installed |
| installed |
Zone installed but not running |
| ready |
Zone booted but not running |
| running |
Zone actively running |
| shutting_down |
Zone in shutdown process |
🧠 Best Practices
Zone Administration Guidelines
✅ Planning and Design:
- Plan zone resource requirements
- Design network topology
- Consider backup and recovery
- Plan for growth and scaling
- Document zone configurations
✅ Security Best Practices:
- Use separate zones for different applications
- Implement resource controls
- Regular security updates
- Monitor zone activity
- Secure zone communications
✅ Performance Optimization:
- Right-size resource allocations
- Monitor resource usage
- Implement proper sizing
- Use ZFS for zone storage
- Optimize network configuration
❌ Common Mistakes to Avoid:
- Over-provisioning resources
- Ignoring zone dependencies
- Not monitoring zone performance
- Poor network design
- Inadequate backup planning
Production Zone Management
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36 | # Production zone checklist:
# 1. Verify hardware requirements
# 2. Plan network addressing
# 3. Configure resource limits
# 4. Test zone creation
# 5. Implement monitoring
# 6. Plan backup strategy
# 7. Document configurations
# 8. Train administrators
# Zone health check script
zone_health_check() {
echo "=== Zone Health Check ==="
# Check zone states
echo "Zone States:"
zoneadm list -v
# Check resource usage
echo "Resource Usage:"
prstat -Z 1 1
# Check zone logs
echo "Recent Zone Events:"
tail -10 /var/log/zones/*
# Check network connectivity
for zone in $(zoneadm list); do
if [ "$zone" != "global" ]; then
echo "Testing zone: $zone"
zlogin $zone ping -c 1 8.8.8.8 2>/dev/null && echo " Network OK" || echo " Network FAILED"
fi
done
echo "=== Health Check Complete ==="
}
|
🧾 See Also