This chapter describes how to configure an lx branded zone on your x64 or x86 based system. The process is basically the same as the procedure to configure a Solaris Zone. A few of the properties are not needed to configure a branded zone. Before you set up your system to use zones, you must first collect information and make decisions about how to configure the zones. The following task map summarizes how to plan and configure an lx zone.Task Description For Instructions Plan your zone strategy. Determine which applications you want to run in zones. Assess the availability of disk space to hold the files in the zone. If you are also using resource management features, determine how to align the zone with the resource management boundaries. If you are using resource pools, configure the pools if necessary. See System and Space Requirements and Resource Pools Used in Zones. Determine the name and the path for the zone. Decide what to call the zone based on the naming conventions. A path on a Zetabyte File System (ZFS) is recommended. When the source zonepath and the target zonepath both reside on ZFS and are in the same pool, the zoneadm clone command automatically uses ZFS to clone the zone. See Resource and Property Types and Solaris ZFS Administration Guide. Obtain or configure IP addresses for the zone. Depending on your configuration, you must obtain at least one IP address for each non-global zone that you want to have network access. See Determine the Zone Host Name and Obtain the Network Address and System Administration Guide: IP Services. Determine if you want to mount file systems in the zone. Review your application requirements. See File Systems Mounted in Zones for more information. Determine which network interfaces should be made available in the zone. Review your application requirements. See Shared-IP Network Interfaces for more information. Determine whether you must alter the default set of non-global zone permissions. Check the set of privileges: default, privileges that can be added and removed, and privileges that cannot be used at this time. See Resource and Property Types and Privileges in a Non-Global Zone. Configure the zone. Use zonecfg to create a configuration for the zone. See How to Configure, Verify, and Commit the lx Branded Zone. Verify and commit the configured zone. Determine whether the resources and properties specified are valid on a hypothetical system. See How to Configure, Verify, and Commit the lx Branded Zone. You use the zonecfg command described in the zonecfg1M man page to perform the following actions.Create the zone configuration Verify that all required information is present Commit the non-global zone configuration If you know you will be using CDs or DVDs to install applications in an lx branded zone, use add fs to add read-only access to CD or DVD media in the global zone when you initially configure the branded zone. A CD or DVD can then be used to install a product in the branded zone. While configuring a zone with the zonecfg utility, you can use the revert subcommand to undo the setting for a resource. See How to Revert a Zone Configuration.A script to configure multiple zones on your system is provided in Script to Configure Multiple lx Branded Zones.To display a non-global zone's configuration, see How to Display the Configuration of a Branded Zone.After you have configured the branded zone, it is a good idea to make a copy of the zone's configuration. You can use this backup to restore the zone in the future. As superuser or Primary Administrator, print the configuration for the zone lx-zone to a file. This example uses a file named lx-zone.config.global# zonecfg -z lx-zone export > lx-zone.configSee How to Restore an Individual Non-Global Zone for more information. Note that you cannot use lx branded zones on a Trusted Solaris system where labels are enabled. The zoneadm command will not verify the configuration.You must be the global administrator in the global zone to perform this procedure. Become superuser, or assume the Primary Administrator role.To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration. Set up a zone configuration with the zone name you have chosen.The name lx-zone is used in this example procedure.global# zonecfg -z lx-zoneIf this is the first time you have configured this zone, you will see the following system message:lx-zone: No such zone configured Use 'create' to begin configuring a new zone. Create the new lx zone configuration by using the SUNWlx template.zonecfg:lx-zone> create -t SUNWlxAlternatively, you can create a blank zone and explicitly set the brand:zonecfg:lx-zone> create -b zonecfg:lx-zone> set brand=lx Set the zone path, /export/home/lx-zone in this procedure.zonecfg:lx-zone> set zonepath=/export/home/lx-zone Set the autoboot value.If set to true, the zone is automatically booted when the global zone is booted. Note that for the zones to autoboot, the zones service svc:/system/zones:default must also be enabled. The default value is false.zonecfg:lx-zone> set autoboot=true Set persistent boot arguments for a zone.zonecfg:lx-zone> set bootargs="-i=altinit" If resource pools are enabled on your system, associate a pool with the zone.This example uses the default pool, named pool_default.zonecfg:lx-zone> set pool=pool_defaultBecause a resource pool can have an optional scheduling class assignment, you can use the pools facility to set a default scheduler other than the system default for a non-global zone. For instructions, see How to Associate a Pool With a Scheduling Class and Creating the Configuration. Revise the default set of privileges.zonecfg:lx-zone> set limitpriv="default,proc_priocntl"The proc_priocntl privilege is used to run processes in the real-time class. Set five CPU shares.zonecfg:lx-zone> set cpu-shares=5 Add a memory cap.zonecfg:lx-zone> add capped-memorySet the memory cap.zonecfg:lx-zone:capped-memory> set =50m Set the swap memory cap.zonecfg:lx-zone:capped-memory> set swap=100m Set the locked memory cap.zonecfg:lx-zone:capped-memory> set locked=30m End the specification.zonecfg:lx-zone:capped-memory> end Add a file system.zonecfg:lx-zone> add fsSet the mount point for the file system, /export/linux/local in this procedure.zonecfg:lx-zone:fs> set dir=/export/linux/local Specify that /opt/local in the global zone is to be mounted as /usr/local in the zone being configured.zonecfg:lx-zone:fs> set special=/opt/localIn the non-global zone, the /usr/local file system will be readable and writable. Specify the file system type, lofs in this procedure.zonecfg:lx-zone:fs> set type=lofsThe type indicates how the kernel interacts with the file system. End the file system specification.zonecfg:lx-zone:fs> end This step can be performed more than once to add more than one file system. Add a network interface.zonecfg:lx-zone> add netSet the IP address in the form ip address of zone/netmask. In this procedure, 10.6.10.233/24 is used.zonecfg:lx-zone:net> set address=10.6.10.233/24 Set the physical device type for the network interface, the bge device in this procedure.zonecfg:lx-zone:net> set physical=bge0 (Optional) Set the default router for the network interface, in this procedure.zonecfg:my-zone:net> set defrouter=10.0.0.1 End the specification.zonecfg:lx-zone:net> end This step can be performed more than once to add more than one network interface. Enable an audio device present in the global zone in this zone by using the attr resource type.zonecfg:lx-zone> add attrSet the name to audio.zonecfg:lx-zone:attr> set name=audio Set the type to boolean.zonecfg:lx-zone:attr> set type=boolean Set the value to true.zonecfg:lx-zone:attr> set value=true End the attr resource type specification.zonecfg:lx-zone:attr> end Verify the zone configuration for the zone.zonecfg:lx-zone> verify Commit the zone configuration for the zone.zonecfg:lx-zone> commit Exit the zonecfg command.zonecfg:lx-zone> exitNote that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs. The zonecfg command also supports multiple subcommands, quoted and separated by semicolons, from the same shell invocation.global# zonecfg -z lx-zone "create -t SUNWlx; set zonepath=/export/home/lx-zone" See Installing and Booting lx Branded ZonesInstalling and Booting Zones to install your committed zone configuration. You can use this script to configure and boot multiple zones on your system. The script takes the following parameters:The number of zones to be created The zonename prefix The directory to use as the base directory You must be the global administrator in the global zone to execute the script. The global administrator has superuser privileges in the global zone or assumes the Primary Administrator role.#!/bin/ksh # # Copyright 2006 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "%Z%%M% %I% %E% SMI" if [[ -z "$1" || -z "$2" || -z "$3" || -z "$4" ]]; then echo "usage: $0 <#-of-zones> <zonename-prefix> <basedir> <template zone>" exit 2 fi if [[ ! -d $3 ]]; then echo "$3 is not a directory" exit 1 fi state=`zoneadm -z $4 list -p 2>/dev/null | cut -f 3 -d ":"` if [[ -z "$state" || $state != "installed" ]]; then echo "$4 must be an installed, halted zone" exit 1 fi template_zone=$4 nprocs=`psrinfo | wc -l` nzones=$1 prefix=$2 dir=$3 ip_addrs_per_if=`ndd /dev/ip ip_addrs_per_if` if [ $ip_addrs_per_if -lt $nzones ]; then echo "ndd parameter ip_addrs_per_if is too low ($ip_addrs_per_if)" echo "set it higher with 'ndd -set /dev/ip ip_addrs_per_if <num>" exit 1 fi i=1 while [ $i -le $nzones ]; do zoneadm -z $prefix$i clone $template_zone > /dev/null 2>&1 if [ $? != 0 ]; then echo configuring $prefix$i F=$dir/$prefix$i.config rm -f $F echo "create -t SUNWlx" > $F echo "set zonepath=$dir/$prefix$i" >> $F zonecfg -z $prefix$i -f $dir/$prefix$i.config 2>&1 | \ sed 's/^/ /g' else echo "skipping $prefix$i, already configured" fi i=`expr $i + 1` done i=1 while [ $i -le $nzones ]; do j=1 while [ $j -le $nprocs ]; do if [ $i -le $nzones ]; then if [ `zoneadm -z $prefix$i list -p | \ cut -d':' -f 3` != "configured" ]; then echo "skipping $prefix$i, already installed" else echo installing $prefix$i mkdir -pm 0700 $dir/$prefix$i chmod 700 $dir/$prefix$i zoneadm -z $prefix$i install -s -d /path/to/ISOs > /dev/null 2>&1 & sleep 1 # spread things out just a tad fi fi i=`expr $i + 1` j=`expr $j + 1` done wait done i=1 para=`expr $nprocs \* 2` while [ $i -le $nzones ]; do date j=1 while [ $j -le $para ]; do if [ $i -le $nzones ]; then echo booting $prefix$i zoneadm -z $prefix$i boot & fi j=`expr $j + 1` i=`expr $i + 1` done wait done You must be the global administrator in the global zone to perform this procedure. Become superuser, or assume the Primary Administrator role.To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration. Display the configuration of a zone.global# zonecfg -z zonename info The following sections contain procedures for modifying, reverting, or removing a zone configuration.How to Modify a Resource Type in a Zone Configuration How to Clear a Property Type in a Zone Configuration How to Rename a Zone How to Revert a Zone Configuration How to Delete a Zone Configuration