User ManualTable of Contents1. Introduction12. Functionality22.1. Solaris Containers and Solaris Zones22.1.1. Overview22.1.2. Zones and software installation42.1.3. Zones and security42.1.4. Zones and privileges42.1.5. Zones and resource management52.1.5.1. CPU resources52.1.5.2. Memory resource management62.1.5.3. Network resource management (IPQoS = IP Quality of Service)62.1.6. User interfaces for zones62.1.7. Zones and high availability72.1.8. Branded zones (Linux and Solaris 8/Solaris 9 compatibility)72.1.9. Solaris container cluster (aka "zone cluster")82.2. Virtualization technologies compared92.2.1. Domains/physical partitions102.2.2. Logical partitions112.2.3. Containers (Solaris zones) in an OS122.2.4. Consolidation in one computer132.2.5. Summary of virtualization technologies143. Use Cases163.1. Grid computing with isolation163.2. Small web servers173.3. Multi-network consolidation183.4. Multi-network monitoring193.5. Multi-network backup203.6. Consolidation development/test/integration/production213.7. Consolidation of test systems223.8. Training systems233.9. Server consolidation243.10. Confidentiality of data and processes253.11. Test systems for developers263.12. Solaris 8 and Solaris 9 containers for development273.13. Solaris 8 and Solaris 9 containers as revision systems283.14. Hosting for several companies on one computer293.15. SAP portals in Solaris containers303.16. Upgrade- and Patch-management in a virtual environment313.17. "Flying zones" – Service-oriented Solaris server infrastructure323.18. Solaris Container Cluster (aka "zone cluster")334. Best Practices344.1. Concepts344.1.1. Sparse-root zones344.1.2. Whole-root zones344.1.3. Comparison between sparse-root zones and whole-root zones354.1.4. Software in zones354.1.5. Software installations in Solaris and zones364.1.5.1. Software installation by the global zone – usage in all zones364.1.5.2. Software installation by the global zone – usage in a local zone364.1.5.3. Software installation by the global zone – usage in the global zone374.1.5.4. Installation by the local zone – usage in the local zone374.1.6. Storage concepts384.1.6.1. Storage for the root file system of the local zones384.1.6.2. Data storage384.1.6.3. Program/application storage384.1.6.4. Root disk layout394.1.6.5. ZFS within a zone394.1.6.6. Options for using ZFS in local zones404.1.6.7. NFS and local zones404.1.6.8. Volume manager in local zones404.1.7. Network concepts414.1.7.1. Introduction into networks and zones414.1.7.2. Network address management for zones414.1.7.3. Shared IP instance and routing between zones414.1.7.4. Exclusive IP instance424.1.7.5. Firewalls between zones (IP filter)424.1.7.6. Zones and limitations in the network434.1.8. Additional devices in zones444.1.8.1. Configuration of devices444.1.8.2. Static configuration of devices444.1.8.3. Dynamic configuration of devices444.1.9. Separate name services in zones454.1.9.1. hosts database454.1.9.2. User database (passwd, shadow, user_attr)454.1.9.3. Services454.1.9.4. Projects454.2. Paradigms464.2.1. Delegation of admin privileges to the application department464.2.2. Applications in local zones only464.2.3. One application per zone474.2.4. Clustered containers474.2.5. Solaris Container Cluster494.3. Configuration and administration504.3.1. Manual configuration of zones with zonecfg504.3.2. Manual installation of zones with zoneadm504.3.3. Manual uninstallation of zones with zoneadm504.3.4. Manual removal of a configured zone with zonecfg504.3.5. Duplication of an installed zone504.3.6. Standardized creation of zones504.3.7. Automatic configuration of zones by script514.3.8. Automated provisioning of services514.3.9. Installation and administration of a branded zone514.4. Lifecycle management524.4.1. Patching a system with local zones524.4.2. Patching with live upgrade524.4.3. Patching with upgrade server534.4.4. Patching with zoneadm attach -u534.4.5. Moving zones between architectures (sun4u/sun4v)534.4.6. Re-installation and service provisioning instead of patching544.4.7. Backup and recovery of zones544.4.8. Backup of zones with ZFS554.4.9. Migration of a zone to another system554.4.10. Moving a zone within a system554.5. Management and monitoring554.5.1. Using boot arguments in zones554.5.2. Consolidating log information of zones564.5.3. Monitoring zone workload564.5.4. Extended accounting with zones564.5.5. Auditing operations in the zone564.5.6. DTrace of processes within a zone574.6. Resource management584.6.1. Types of resource management584.6.2. CPU resources584.6.2.1. Capping of CPU time for a zone584.6.2.2. General resource pools584.6.2.3. Fair share scheduler (FSS)594.6.2.4. Fair share scheduler in a zone594.6.2.5. Dynamic resource pools594.6.2.6. Lightweight processes (LWP)594.6.3. Limiting memory resources604.6.3.1. Assessing memory requirements for global and local zones604.6.3.2. Limiting virtual memory604.6.3.3. Limiting a zone's physical memory requirement604.6.3.4. Limiting locked memory614.6.4. Network limitation (IPQoS)614.6.5. IPC limits (Semaphore, shared memory, message queues)614.6.6. Privileges and resource management614.7. Solaris container navigator625. Cookbooks655.1. Installation and configuration655.1.1. Configuration files655.1.2. Special commands for zones665.1.3. Root disk layout685.1.4. Configuring a sparse root zone: required Actions695.1.5. Configuring a whole root zone: required Actions705.1.6. Zone installation715.1.7. Zone initialization with sysidcfg715.1.8. Uninstalling a zone725.1.9. Configuration and installation of a Linux branded zone with CentOS725.1.10. Configuration and installation of a Solaris 8/Solaris 9 container735.1.11. Optional settings735.1.11.1. Starting zones automatically735.1.11.2. Changing the set of privileges of a zone735.1.12. Storage within a zone745.1.12.1. Using a device in a local zone745.1.12.2. The global zone supplies a file system per lofs to the local zone745.1.12.3. The global zone mounts a file system when the local zone is booted755.1.12.4. The local zone mounts a UFS file system from a device755.1.12.5. User level NFS server in a local zone765.1.12.6. Using a DVD drive in the local zone765.1.12.7. Dynamic configuration of devices765.1.12.8. Several zones share a file system785.1.12.9. ZFS in a zone785.1.12.10. User attributes for ZFS within a zone785.1.13. Configuring a zone by command file or template795.1.14. Automatic quick installation of zones795.1.15. Accelerated automatic creation of zones on a ZFS file system805.1.16. Zones hardening805.2. Network815.2.1. Change network configuration for shared IP instances815.2.2. Set default router for shared IP instance815.2.3. Network interfaces for exclusive IP instances815.2.4. Change network configuration from shared IP instance to exclusive IP instance825.2.5. IP filter between shared IP zones on a system825.2.6. IP filter between exclusive IP zones on a system835.2.7. Zones, networks and routing835.2.7.1. Global and local zone with shared network835.2.7.2. Zones in separate network segments using the shared IP instance845.2.7.3. Zones in separate network segments using exclusive IP instances855.2.7.4. Zones in separate networks using the shared IP instance865.2.7.5. Zones in separate networks using exclusive IP instances875.2.7.6. Zones connected to independent customer networks using the shared IP instance885.2.7.7. Zones connected to independent customer networks using exclusive IP instances905.2.7.8. Connection of zones via external routers using the shared IP instance915.2.7.9. Connection of zones through an external load balancing router using exclusive IP instances935.3. Lifecycle management955.3.1. Booting a zone955.3.2. Boot arguments in zones955.3.3. Software installation per mount965.3.4. Software installation with provisioning system975.3.5. Zone migration among systems975.3.6. Zone migration within a system985.3.7. Duplicating zones with zoneadm clone995.3.8. Duplicating zones with zoneadm detach/attach and zfs clone1015.3.9. Moving a zone between a sun4u and a sun4v system1025.3.10. Shutting down a zone1045.3.11. Using live upgrade to patch a system with local zones1045.4. Management and monitoring1065.4.1. DTrace in a local zone1065.4.2. Zone accounting1065.4.3. Zone audit1065.5. Resource management1075.5.1. Limiting the /tmp-size within a zone1075.5.2. Limiting the CPU usage of a zone (CPU capping)1075.5.3. Resource pools with processor sets1075.5.4. Fair share scheduler1085.5.5. Static CPU resource management between zones1085.5.6. Dynamic CPU resource management between zones1085.5.7. Static CPU resource management in a zone1085.5.8. Dynamic CPU resource management in a zone1085.5.9. Dynamic resource pools for zones1095.5.10. Limiting the physical main memory consumption of a project1105.5.11. Implementing memory resource management for zones110Supplement112A. Solaris Container in OpenSolaris112A.1. OpenSolaris – general112A.1. ipkg-Branded zones112A.1. Cookbook: Configuring an ipkg zone113A.2. Cookbook: Installing an ipkg zone113B. References114Size: 1010 KBPages: 121Language: EnglishOpen manual
