UN1X 


Solaris Zones

What's a Zone?

A zone is a virtual operating system Layer run by the Kernel to provide sharing of resources and a protected environment for Application. This allows for better usage of available Hardware resources and limits the damage from bad behaving Applications. A Zone isolates processes running in one Zone from another Zone. Each Zone has its own Name space with Accounts and other Settings. Solaris uses the term global Zone for the  primary Operating  System Layer, all other Zones are non global Zones.  Setting up a Zone in the standard way cost about 85 MB Disk space, a "full-root model" is about 500MB. Each Zones runs the same Solaris Version.

Why Zones ?
Zones are nice for Testing (setting up a zone vs installing a Test box), DMZ Setups and many more. Zones can run almost any Type of Application like
  1. NFS Server
  2. Mail Server
  3. Web server
  4. DNS Server
  5. etc.

After working some time with Linux Virtulalization i found the Solaris way (Zones) quite cool - easy to setup, manage and stable.  One difference to Linux/UML (its worked on) is that Firewall Configurations between Zones are not yet possible.

Right now i run two Solaris Boxes (Nevada Builds) with several Zones (fault isolation, security, went from 3 Boxes to just one) to get some Idea on how to efficiently use this stuff.

Zones Commands (quick ref)


Setup Example

Setting up a Zones is a matter  of a few simple commands.
mkdir /data/Zones                      # Zone FS
zonecfg -z webzone                   # new Zone
create                                       # use template
set zonepath=/data/Zones          # Basedir wereweb zone is stored
set autoboot=true                      # auto start
add net                                     #
set address=ip/msk
set physical=iprb0
verify
commit


zoneadm -z webzone install         # install the Zone
zoneadm -z webzone boot
zlogin -C webzone                       # final Configurations steps
                                                  # run with 1st Login !

Remove Example

zlogin webzone shutdown -y -i0 -g0    # shutdown
zoneadm -z webzone uninstall -F       # and remove
zonecfg -z webzone delete -F

Administration commands usually work from the global Zone. The global Zones sees and manipulates the non global Zones.

ps -a zone -ef                     # list  procs in zone
zonename                          # which zone

Links