An OmniOS/Solaris (non-global) zone acts as completely isolated virtual server within a single operating system instance and shares the kernel with the global zone. It shares resources (CPU and memory) with the global zone and there is close to no overhead in performance. It is an ideal way to isolate different services on a server.
If you are planning on running multiple zones (e.g one for each service), you can save time and resources (disk space) by installing a template zone (base) and then cloning it to make new zones (see end of this post on how to clone an existing zone).
To create a new zone start by creating a zone configuration file (example.conf
):
1 2 3 4 5 6 7 8 |
|
A ZFS volume will be created at the zonepath /tank/zones/example
. The ip-type=exclusive
implies that the network stack is separate from the global-zone. The zone will boot upon system boot due to autoboot=true
. A single network interface (dmzexample0
) is available from within the zone.
Next create the network interface (in the global zone):
1
|
|
In this case the dmzexample0
VNIC uses the link aggr0
and is assigned to vlan 40
, since the zone is to reside in the DMZ.
Import the zone using zonecfg
(in this case the name of the zone will be example):
1
|
|
Next install the zone using zoneadm
(this takes a couple of minutes):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
|
Boot the zone and log in using zlogin
(to exit the zone just type exit
):
1 2 3 4 5 |
|
List available network interfaces:
1 2 3 |
|
Create the IP interface and setup static networking:
1 2 3 4 |
|
Setup routing (if using static networking):
1 2 3 |
|
Setup name resolution by adding nameservers to /etc/resolv.conf
:
1
|
|
Finally configure NSS to use DNS:
1 2 |
|
Verify internet access:
1 2 |
|
After having successfully installed the zone you might want to take a look at:
To clone an existing zone start by shutting down the zone (from the global zone):
1
|
|
Copy the configuration file (cp example.conf exampleclone.conf
) and modify as appropriate (at least zonepath
and physical
network):
1 2 3 4 5 6 7 8 |
|
Remember to create any new network interfaces:
1
|
|
Import the new configuration as a new zone:
1
|
|
And then clone the existing example
zone using zoneadm
and boot it:
1 2 |
|
Next, login and modify network settings (see above).
Finally, to delete a zone start by shutting it down:
1
|
|
Then uninstall
using zoneadm
:
1
|
|
And delete the configuration using zonecfg
:
1
|
|
Make sure the zone no longer appears in the list of zones:
1
|
|