|
|
Zone Manager Version 1.7 Help
System Administration Commands zonemgr(1M)
NAME
zonemgr - set up and manage zones
SYNOPSIS
zonemgr -a <action>
zonemgr -n <zonename> -a <action> [zZPEINBtrwRGdDCsfSAMXFhv]
zonemgr -h
zonemgr -v
DESCRIPTION
The purpose of zonemgr is to simplify Solaris 10 zones
management. There are many pre-defined actions that can be
applied to one or more zones depending on the action.
OPTIONS
The following options are supported:
-a <action> Specify the action to be performed
-n <zonename> Specify the name of the zone
-h See this usage information
-l See the CDDL license
-v See the version number of this script
ACTIONS
Actions which can result in destructive actions or loss
of work have a -F flag to force the action.
The following actions are supported:
add -n <zonename> -z <dir> [add_options]
The "add" action adds a new zone.
The following add_options are required:
-z "<dir>" Base directory for this zone.
-P "<file or password>"
Unencrypted password of the root user
of this new non-global zone. The
password can either be specified in
a file or as a quoted string.
The following add_options can be used as substitutes for
the required options:
-Z "<dir>" Root zone directory for this zone.
This is an alternate way from
-z <dir> of specifying the zones root
directory.
-E "<file or password>"
This is an alternate way from
-P <password> of specifying the non-
global root user's password via an
encrypted format. The encrypted
password can either be specified in
a file or as a quoted string. You
can copy and paste the user's
password from /etc/shadow).
The following optional add_options are supported:
-t <w or s> Type of zone where w=Whole Root and
s=Sparse Root. A sparse root zone
inherits the following directories
from the global zone: /lib, /usr,
/sbin, and /platform. A whole root
zone does not inherit any directories
from the global zone. The default
value is sparse root (s).
-A Disable autoboot (prevent zone from
booting when the server reboots).
-I "<IP Address>|<Interface>|<Netmask>|<Host name>"
IP Address of the non-global zone
plus the network interface for that
IP address, the netmask in CIDR
format, and the host name for that IP
address.
If not specified the default network
interface is the first non-loopback
interface listed by ifconfig. The
default netmask is the netmask that
corresponds to the IP address that
you specify. There is no default host
name.
Note that a zone can be created
without a network address.
-D "<domain>" DNS Domain Name. If a domain is
specified, then dns name servers must
also be specified. Note also that
the fully qualified host name of the
non-global zone must be resolvable by
the naming service.
-d "<ns1>,<ns2>,.."
Ordered list of DNS Name Servers. If
domain name servers are specified the
domain name must also be specified.
Note also that the fully qualified host
name of the non-global zone must be
resolvable by the naming service.
-r "<gdir>|<ldir>" Loopback mount global zone directory
(gdir) on a non-global zone directory
(ldir) in read only mode.
-w "<gdir>|<ldir>" Loopback mount global zone directory
(gdir) on a non-global zone directory
(ldir) in read write mode.
-N "<server>|<export_dir>|<mount_dir>|<options>"
Mount an NFS directory where <server>
is the NFS server host name or IP
address, <export_dir> is the NFS
exported directory, <mount_dir> is
the mount point within the non-global
zone to mount the NFS filesystem, and
<options> are the NFS mount options.
Note that zones only supports
mounting an NFS filesystem from a
host on a separate physical server.
e.g. You cannot at the present time
mount an NFS filesystem from another
zone on this physical server.
-B "<name>|<subset>|<img>"
Make the zone into a Linux branded
zone where <name> is the brand name,
<subset>, is the brand subset, and
<img> is the path and file name of
the brand archive. If a media drive
is being used, <img> is the path to
the mounted media. e.g.
/cdrom/cdrom0
-R "<dir>" Custom home directory for the root
user of the non-global zone.
-C "<source>|<destination>"
File/Directory to recursively copy
from the global zone into the non-
global zone. The <destination>
is an option to specify a different
location in the non-global zone that
presently exists in the global zone.
-s [enable or disable]
Enable (unlock) or disable (lock
down) operating system services of
the non-global zone.
-f "<file>" File containing a list of services
to enable or disable. The format
of the file is one service per line.
-S "<service>" Restart specified service after
adding zone. A special case is
'reboot' to restart all services in
the zone.
-M [<file>] Minimize the non-global zone by
either excluding or removing un-
necessary packages. The optional
<file> is a file containing a list
of packages that you would like
removed from the zone. If no <file>
is specified, the following
categories will be removed with
pkgrm -Y <category>:
JDS4 JDS3 JDS JDSosol GNOME2 CTL
ALE APOC CTL EVO146 G11NTOLS GLOW
JAI JAVAAPPS JDIC
-X "<command> <args>"
Runs <command> inside the non-global
command once it is successfully
created. Note that you may need to
include the full path to the command
as well. And you can pass <args>
(arguments) to the command if you
include them in the quoted the
command.
-G <package> Fully automates the installation of
specified BlastWave package. For a
full list of available BlastWave
packages, visit the following URL:
http://blastwave.org/packages
del -n <zonename> [-F]
The del action deletes an existing zone
The "del" action supports the following optional option:
-F Don't confirm an action; Just do it.
list
The "list" action lists all current zones
lock -n <zonename> [-F] [-f file]
The "lock" action disables all un-necessary services
The "lock" action supports the following optional options:
-F Don't confirm an action; Just do it.
-f "<file>" File containing services to enable
or disable
unlock -n <zonename> [-F] [-f file]
The "unlock" action enables all un-necessary services
The "unlock" action supports the following optional
options:
-F Don't confirm an action; Just do it.
-f "<file>" File containing services to enable
or disable
minimize -n <zonename> [-F] [-f file]
The "minimize" action ensures that all un-necessary
packages are either not installed or removed after
installation.
The "minimize" action supports the following optional
options:
-F Don't confirm an action; Just do it.
-f "<file>" File containing services to enable
or disable
clone -n <zonename> -y <sourceZoneName> [clone_options]
The "clone" action clones an existing zone into a
new zone. The new zone can be tailored via the
optional arguments used when creating a new zone.
The "clone" action supports the following required
options:
The following clone_options are required:
-z "<dir>" Base directory for this zone.
-P "<file or password>"
Unencrypted password of the root user
of this new non-global zone. The
password can either be specified in
a file or as a quoted string.
The following clone_options can be used as substitutes for
the required options:
-Z "<dir>" Root zone directory for this zone.
This is an alternate way from
-z <dir> of specifying the zones root
directory.
-E "<file or password>"
This is an alternate way from
-P <password> of specifying the non-
global root user's password via an
encrypted format. The encrypted
password can either be specified in
a file or as a quoted string. You
can copy and paste the user's
password from /etc/shadow).
The following optional clone_options are supported:
-F Don't confirm an action; Just do it.
-t <w or s> Type of zone where w=Whole Root and
s=Sparse [default: s]
-d "<ns1>,<ns2>,.."
Ordered list of DNS Name Servers
-D "<domain>" DNS Domain Name
-A Disable autoboot (prevent zone from
booting on system reboots)
-I "<IP Address>|<Interface>|<Netmask>|<Host name>"
IP Address of the non-global zone
plus the network interface for that
IP address, the netmask in CIDR
format, and the host name for that IP
address.
If not specified the default network
interface is the first non-loopback
interface listed by ifconfig. The
default netmask is the netmask that
corresponds to the IP address that
you specify. There is no default host
name.
Note that a zone can be created
without a network address.
-r "<gdir>|<ldir>" Mount global zone directory (gdir) on
a non-global zone directory (ldir) in
read only mode
-w "<gdir>|<ldir>" Mount global zone directory (gdir) on
a non-global zone directory (ldir) in
read write mode
-N "<server>|<export_dir>|<mount_dir>|<options>"
Mount an NFS directory where <server>
is the NFS server host name or IP
address, <export_dir> is the NFS
exported directory, <mount_dir> is
the mount point within the non-global
zone to mount the NFS filesystem, and
<options> are the NFS mount options.
Note that zones only supports
mounting an NFS filesystem from a
host on a separate physical server.
e.g. You cannot at the present time
mount an NFS filesystem from another
zone on this physical server.
shutdown -n <zonename> [-F]
The "shutdown" action shuts down a zone.
The "shutdown" action supports the following optional
option:
-F Don't confirm an action; Just do it.
boot -n <zonename>
The "boot" action boots a zone.
The "boot" action supports the following optional
option:
-F Don't confirm an action; Just do it.
reboot -n <zonename> [-F]
The "reboot" action reboots a zone.
The "reboot" action supports the following optional
option:
-F Don't confirm an action; Just do it.
halt -n <zonename> [-F]
The "halt" action halts a zone.
The "halt" action supports the following optional
option:
-F Don't confirm an action; Just do it.
only -n <zonename> [-F]
The "only" action halts all non-global zones but those
specified by -n "<zonename> <zonename>" and boot any of
these specified zones that are not currently running.
There are two zone name special cases.
bootall
This zone name makes sure all non-global zones
are booted.
haltall
This zone name makes sure all zones are halted.
The "only" action supports the following optional
option:
-F Don't confirm an action; Just do it.
runcmd -n <zonename> -X "<cmd_with_args>" [-F]
The "runcmd" action runs commands specified with the
-X "<cmd_with_args>" flags in all non-global zones
specified by -n "<zonename> <zonename>" flag.
There is one zone name special case.
all
This zone name runs the specified commands on
all non-global zones.
The following options are required:
-n "<zone1> <zone2> ..."
Specify the name of the zones
-X <command> Runs <command> inside the non-global
command once it is successfully
created. Note that you may need to
include the full path to the command
as well.
The "runcmd" action supports the following optional
option:
-F Don't confirm an action; Just do it.
EXAMPLES
Example 1: Create A Zone
The following command will create a non-global zone named
m1.
# zonemgr -a add -n m1 -z "/zones" -P "abc123" \
-I "192.168.0.10|hme0|24|myzonehost"
Example 2: Delete A Zone
The following command will delete the non-global zone named
m1 and it will not be prompted to continue because the
action is forced with the -F flag.
# zonemgr -F -a del -n m1
Example 3: Create A Zone With Multiple IP Addresses
The following command will create a non-global zone named
m1 with three IP addresses where each IP address is configured
on its own network interface.
# zonemgr -a add -n m1 -z "/zones" -P "abc123" \
-I "192.168.0.10|hme0|24|myzonehost1" \
-I "192.168.5.27|bge0|24|myzonehost2" \
-I "192.168.10.5|bge1|24|myzonehost3"
Example 4: A Complex Example
The following command will perform the details stated below.
# zonemgr -a add -n m2 -t w -z "/zones" \
-P "abc123" -R /root \
-I "192.168.0.10|hme0|24|myzonehost" \
-r "/ds/build11/bits|/bits" \
-w "/zones/m2|/ds/m2" \
-s lock -S ssh \
-C /etc/ssh/sshd_config -C /etc/resolv.conf \
-C /etc/nsswitch.conf
1. Create a whole root zone named m2 in /zones/m2.
2. Set the root password of that zone to abc123.
3. Set the home directory of the root user of the non-global
zone to /root.
4. Set the IP address of the zone to 192.168.0.10, the
netmask to 255.255.255.0, assign it to interface hme0, and
assign it a host name of myzonehost.
5. Read only mount /ds/build11/bits from the global zone to
/bits in the non-global zone.
6. Read write mount /zones/m2 from the global zone to /ds/m2
in the non-global zone.
7. Disable all un-necessary services in the non-global zone
and restart the ssh service once the lockdown is complete.
8. Copy the /etc/ssh/sshd_config, /etc/resolv.conf, and
/etc/nsswitch.conf files from the global zone to the
non-global zone
Example 5: List All Zones
The following command will list all available zones.
# zonemgr -a list
Example 6: Reboot A Zone
The following command will reboot non-global zone m1.
# zonemgr -a reboot -n m1
Example 7: Disable Un-necessary Services
The following command will disable all un-necessary services
of non-global zone m1.
# zonemgr -a lock -n m1
Example 8: Enable Un-necessary Services
The following command will enable all un-necessary services
of non-global zone m1.
# zonemgr -a unlock -n m1
Example 9: Manage State Of Multiple Zones
The following command will halt all non-global zones but
those specified by the -n parameter and will boot any of the
specified zones that are not currently running.
# zonemgr -a only -n "m1 m2"
Example 10: Halt All Zones
The following command will halt all non-global zones.
# zonemgr -a only -n "haltall"
Example 11: Boot All Zones
The following command will boot all non-global zones.
# zonemgr -a only -n "bootall"
Example 12: Creating A BrandZ (e.g. Linux) Zone
The following command will add a BrandZ zone
# zonemgr -a add -n m1 -z "/zones" -P "abc123" \
-I "192.168.0.10|hme0|24|myzonehost" \
-B "lx|all|/data/brandz/centos_fs_image.tar"
The parameters passed to -B break down as follwos:
* lx: The zone brand (only lx is currently supported)
* all: The brand subset to install. Valid values include
desktop, applications, server, development, system,
and all. I don't yet have an idea as to how this
option will impact other distributions that folks come
up with. These options may or may not be valid. TBD.
* /data/brandz/centos_fs_image.tar: The path to the
brand bits. I simply pointed them to the BrandZ
community's CentOS image.
Example 13: Create A Zone AND Install MySQL5 From BlastWave
The following command will add a zone named m1, download and
install mysql5 and all requisite bits from Blastwave.org,
and install all those bits in the proper order in the m1
zone.
# zonemgr -a add -n m1 -z "/zones" -P "abc123" \
-I "192.168.0.10|hme0|24|myzonehost" -G "mysql5"
NOTES
Note that most parameters are multivalued. In other words,
you can specify the same parameter multiple times. For
example, to mount the /data1 and /data2 directories in read
only mode from the global zone to the non-global zone, add
the following to the add action:
-r "/data1" -r "/data2"
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
2 Invalid usage.
SEE ALSO
svcs(1), zlogin(1), zonename(1), svcadm(1M), svc.startd(1M)
and init(1M), svc.startd(1M), zoneadm(1M), zonecfg(1M),
attributes(5), smf(5), zones(5)
|