C.5.2 Configuration Procedure for Kernel Zones

The following is an example of configuring Kernel Zones.

(1) Create a zone

The following example shows how to create NIC in the anet resource when the following Kernel Zone name is "zone0".

# zonecfg -z zone0
Use 'create' to begin configuring a new zone.
zonecfg:zone0> create -t SYSsolaris-kz
zonecfg:zone0> add anet  <- Create the anet interface.
zonecfg:zone0:anet> set lower-link=net1  <- Specify a physical NIC to connect.
zonecfg:zone0:anet> end
zonecfg:zone0> add anet  <- Create the anet interface.
zonecfg:zone0:anet> set lower-link=net2  <- Specify a physical NIC to connect.
zonecfg:zone0:anet> end
zonecfg:zone0> export <- Check the setting.
create -b
set autoboot=false
set autoshutdown=shutdown
set hostid=0x48bfa8db
add anet
set lower-link=auto
set configure-allowed-address=true
set link-protection=mac-nospoof
set mac-address=auto
set id=0
end
add anet
set lower-link=net1
set configure-allowed-address=true
set link-protection=mac-nospoof
set mac-address=auto
set id=1
end
add anet
set lower-link=net2
set configure-allowed-address=true
set link-protection=mac-nospoof
set mac-address=auto
set id=2
end
add device
set storage=dev:/dev/zvol/dsk/%{global-rootzpool}/VARSHARE/zones/%{zonename}/disk%{id}
set bootpri=0
set id=0
end
add capped-memory
set physical=2G
end
zone0: keysource not exported: does not exist
zonecfg:zone0> commit  <- Register a zone.
zonecfg:zone0> exit    <- Zone setting is completed.
# zoneadm list -vc     <- Check if the zone is properly registered.
  ID NAME             STATUS      PATH                         BRAND      IP
   0 global           running     /                            solaris    shared
   - zone0            configured  -                            solaris-kz excl

(2) Install the zone

You can install a zone using the following steps.

# zoneadm -z zone0 install
Progress being logged to /var/log/zones/zoneadm.20141014T053841Z.zone0.install
pkg cache: Using /var/pkg/publisher.
 Install Log: /system/volatile/install.4478/install_log
 AI Manifest: /tmp/zoneadm3888.5jaiki/devel-ai-manifest.xml
  SC Profile: /usr/share/auto_install/sc_profiles/enable_sci.xml
Installation: Starting ...
<snip.>
Installation: Succeeded
        Done: Installation completed in 237.304 seconds.
# zoneadm list -vc <- Check if the zone is installed properly.
  ID NAME             STATUS      PATH                         BRAND      IP
   0 global           running     /                            solaris    shared
   - zone0            installed   -                            solaris-kz excl

Note

When a zone is booted for the first time after installation, the zone is in an unconfigured state. Therefore, it is necessary to define an internal zone configuration. Please refer to the manual of Solaris for the definition methods.

(3) Start the zone

Start the zone using the following steps.

# zoneadm -z zone0 boot <- Start the zone.
# zoneadm list -vc
  ID NAME             STATUS      PATH                         BRAND      IP
   0 global           running     /                            solaris    shared
   1 zone0            running     -                            solaris-kz excl   <- Check if the zone is started properly.

(4) Log in to the zone

You can log in to the zone using the following steps.

# zlogin zone0
[Connected to zone 'zone0' pts/5]
Oracle Corporation      SunOS 5.11      11.2    June 2014
#

(5) Check the interface state

If you check the interface state on the zone, it will be displayed as follows.

# dladm show-link
LINK                CLASS     MTU    STATE    OVER
net0                phys      1500   up       --
net1                phys      1500   up       --
net2                phys      1500   up       --

(6) Log out of the zone

You can log out of the zone using the following steps.

# exit
logout

[Connection to zone 'zone0' pts/5 closed]

(7) Stop the zone

You can stop the zone using the following steps.

# zoneadm -z zone0 shutdown
# zoneadm list -vc 
  ID NAME             STATUS      PATH                         BRAND      IP
   0 global           running     /                            solaris    shared
   - zone0            installed   -                            solaris-kz excl

(8) Change the network setting

You can change the network setting using the following steps.

In the network setting when the zone name is "zone0", the following example shows how to change the physical NIC in the global-zone to be connected to net1 in the Kernel Zone from net1 to net3.

# zonecfg -z zone0
zonecfg:zone0> export <- Check the setting.
create -b
set brand=solaris-kz
set autoboot=false
set autoshutdown=shutdown
set hostid=0x48bfa8db
add anet
set lower-link=auto
set configure-allowed-address=true
set link-protection=mac-nospoof
set mac-address=auto
set id=0
end
add anet
set lower-link=net1
set configure-allowed-address=true
set link-protection=mac-nospoof
set mac-address=auto
set id=1
end
add anet
set lower-link=net2
set configure-allowed-address=true
set link-protection=mac-nospoof
set mac-address=auto
set id=2
end
add device
set storage=dev:/dev/zvol/dsk/%{global-rootzpool}/VARSHARE/zones/%{zonename}/disk%{id}
set bootpri=0
set id=0
end
add capped-memory
set physical=2G
end
add keysource
set raw="{base64}u7WpZB992vHOGnPggu8q6w=="
end
zonecfg:zone0> select anet id=1 <- Select the resource.
zonecfg:zone0:anet> set lower-link=net3 <-Change the physical NIC to net3.
zonecfg:zone0:anet> end
zonecfg:zone0> commit  <- Register a zone.
zonecfg:zone0> exit    <- Zone configuration is completed.

See

For further details, see the Solaris manual.