Balling’s Bits

Creating and Cloning an OmniOS Zone

An OmniOS/Solaris (non-global) zone acts as completely isolated virtual server within a single operating system instance and shares the kernel with the global zone. It shares resources (CPU and memory) with the global zone and there is close to no overhead in performance. It is an ideal way to isolate different services on a server.

If you are planning on running multiple zones (e.g one for each service), you can save time and resources (disk space) by installing a template zone (base) and then cloning it to make new zones (see end of this post on how to clone an existing zone).

To create a new zone start by creating a zone configuration file (example.conf):

1
2
3
4
5
6
7
8
create -b
set zonepath=/tank/zones/example
set ip-type=exclusive
set autoboot=true
add net
set physical=dmzexample0
end
commit

A ZFS volume will be created at the zonepath /tank/zones/example. The ip-type=exclusive implies that the network stack is separate from the global-zone. The zone will boot upon system boot due to autoboot=true. A single network interface (dmzexample0) is available from within the zone.

Next create the network interface (in the global zone):

1
dladm create-vnic dmzexample0 -l aggr0 -v 40

In this case the dmzexample0 VNIC uses the link aggr0 and is assigned to vlan 40, since the zone is to reside in the DMZ.

Import the zone using zonecfg (in this case the name of the zone will be example):

1
zonecfg -z example -f example.conf

Next install the zone using zoneadm (this takes a couple of minutes):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
zoneadm -z example install
A ZFS file system has been created for this zone.
   Publisher: Using omnios (http://pkg.omniti.com/omnios/release/ ).
   Publisher: Using ms.omniti.com (http://pkg.omniti.com/omniti-ms/).
       Image: Preparing at /tank/zones/example/root.
       Cache: Using /var/pkg/publisher.
Sanity Check: Looking for 'entire' incorporation.
  Installing: Packages (output follows)
           Packages to install: 379
       Create boot environment:  No
Create backup boot environment:  No
            Services to change:   4

DOWNLOAD                                  PKGS       FILES    XFER (MB)
Completed                              379/379 38943/38943  249.4/249.4

PHASE                                        ACTIONS
Install Phase                            56633/56633

PHASE                                          ITEMS
Package State Update Phase                   379/379
Image State Update Phase                         2/2

        Note: Man pages can be obtained by installing pkg:/system/manual
 Postinstall: Copying SMF seed repository ... done.
        Done: Installation completed in 200.260 seconds.

  Next Steps: Boot the zone, then log into the zone console (zlogin -C)
              to complete the configuration process.

Boot the zone and log in using zlogin (to exit the zone just type exit):

1
2
3
4
5
zoneadm -z example boot
zlogin example
[Connected to zone 'example' pts/2]
OmniOS 5.11     006     June 2014
root@example:~#

List available network interfaces:

1
2
3
dladm show-vnic
LINK         OVER         SPEED  MACADDRESS        MACADDRTYPE         VID
dmzexample0  ?            1000   2:8:20:8:51:e9    random              40

Create the IP interface and setup static networking:

1
2
3
4
ipadm create-if dmzexample0
ipadm create-addr -T static -a 192.168.0.10/24 dmzexample0/v4static
# for DHCP use
# ipadm create-addr -T dhcp dmzexample0/v4

Setup routing (if using static networking):

1
2
3
route -p add default 192.168.0.1
# Additional routes can be set up using
# route -p add 10.0.0.0/24 192.168.0.2

Setup name resolution by adding nameservers to /etc/resolv.conf:

1
nameserver 192.168.0.1

Finally configure NSS to use DNS:

1
2
cp /etc/nsswitch.conf{,.bak}
cp /etc/nsswitch.{dns,conf}

Verify internet access:

1
2
ping google.com
google.com is alive

After having successfully installed the zone you might want to take a look at:

To clone an existing zone start by shutting down the zone (from the global zone):

1
zoneadm -z example halt

Copy the configuration file (cp example.conf exampleclone.conf) and modify as appropriate (at least zonepath and physical network):

1
2
3
4
5
6
7
8
create -b
set zonepath=/tank/zones/exampleconf
set ip-type=exclusive
set autoboot=true
add net
set physical=dmzexampleconf0
end
commit

Remember to create any new network interfaces:

1
dladm create-vnic dmzexampleclone0 -l aggr0 -v 40

Import the new configuration as a new zone:

1
zonecfg -z exampleclone -f exampleclone.conf

And then clone the existing example zone using zoneadm and boot it:

1
2
zoneadm -z exampleclone clone example
zoneadm -z exampleclone boot

Next, login and modify network settings (see above).

Finally, to delete a zone start by shutting it down:

1
zoneadm -z exampleclone halt

Then uninstall using zoneadm:

1
zoneadm -z exampleclone uninstall -F

And delete the configuration using zonecfg:

1
zonecfg -z exampleclone delete -F

Make sure the zone no longer appears in the list of zones:

1
zoneadm list -iv

Comments