1 ZONECFG(1M) Maintenance Commands ZONECFG(1M)
2
3
4
5 NAME
6 zonecfg - set up zone configuration
7
8 SYNOPSIS
9 zonecfg {-z zonename | -u uuid}
10
11
12 zonecfg {-z zonename | -u uuid} subcommand
13
14
15 zonecfg {-z zonename | -u uuid} -f command_file
16
17
18 zonecfg help
19
20
21 DESCRIPTION
22 The zonecfg utility creates and modifies the configuration of a zone.
23 Zone configuration consists of a number of resources and properties.
24
25
26 To simplify the user interface, zonecfg uses the concept of a scope.
27 The default scope is global.
28
29
30 The following synopsis of the zonecfg command is for interactive usage:
31
32 {-z zonename | -u uuid}
33 zonecfg {-z zonename | -u uuid} subcommand
34
35
36
37
38 Parameters changed through zonecfg do not affect a running zone. The
39 zone must be rebooted for the changes to take effect.
40
41
42 In addition to creating and modifying a zone, the zonecfg utility can
43 also be used to persistently specify the resource management settings
44 for the global zone.
45
46
47 In the following text, "rctl" is used as an abbreviation for "resource
48 control". See resource_controls(5).
49
50
51 Every zone is configured with an associated brand. The brand determines
52 the user-level environment used within the zone, as well as various
53 behaviors for the zone when it is installed, boots, or is shutdown.
177 (global)
178
179 max-shm-ids
180
181
182 (global)
183
184 max-shm-memory
185
186
187 (global)
188
189 scheduling-class
190
191
192 (global)
193
194 fs-allowed
195
196
197 (global)
198
199 zfs-io-priority
200
201
202 fs
203
204 dir, special, raw, type, options
205
206
207 net
208
209 address, allowed-address, defrouter, global-nic, mac-addr,
210 physical, property, vlan-id
211
212
213 device
214
215 match
216
217
218 rctl
219
220 name, value
221
222
223 attr
224
225 name, type, value
226
227
228 dataset
229
230 name
357
358 This property takes the values shared and exclusive.
359
360
361 global: hostid
362
363 A zone can emulate a 32-bit host identifier to ease system
364 consolidation. A zone's hostid property is empty by default,
365 meaning that the zone does not emulate a host identifier. Zone host
366 identifiers must be hexadecimal values between 0 and FFFFFFFE. A 0x
367 or 0X prefix is optional. Both uppercase and lowercase hexadecimal
368 digits are acceptable.
369
370
371 fs: dir, special, raw, type, options
372
373 Values needed to determine how, where, and so forth to mount file
374 systems. See mount(1M), mount(2), fsck(1M), and vfstab(4).
375
376
377 inherit-pkg-dir: dir
378
379 The directory path.
380
381
382 net: address, allowed-address, defrouter, global-nic, mac-addr,
383 physical, property, vlan-id
384
385 The network address and physical interface name of the network
386 interface. The network address is one of:
387
388 o a valid IPv4 address, optionally followed by "/" and a
389 prefix length;
390
391 o a valid IPv6 address, which must be followed by "/" and
392 a prefix length;
393
394 o a host name which resolves to an IPv4 address.
395 Note that host names that resolve to IPv6 addresses are not
396 supported.
397
398 The physical interface name is the network interface name.
399
400 The default router is specified similarly to the network address
401 except that it must not be followed by a / (slash) and a network
402 prefix length.
403
404 A zone can be configured to be either exclusive-IP or shared-IP.
405 For a shared-IP zone, you must set both the physical and address
406 properties; setting the default router is optional. The interface
407 specified in the physical property must be plumbed in the global
408 zone prior to booting the non-global zone. However, if the
409 interface is not used by the global zone, it should be configured
410 down in the global zone, and the default router for the interface
411 should be specified here.
412
413 The global-nic is used for exclusive stack zones which will use a
414 VNIC on-demand. When the zone boots, a VNIC named using the
415 physical property will be created on the global NIC. If provided,
416 the mac-addr and vlan-id will be set on this VNIC.
417
418 The property setting is a resource which can be used to set
419 arbitrary name/value pairs on the network. These name/value pairs
420 are made available to the zone's brand, which can use them as
421 needed to set up the network interface.
422
423 For an exclusive-IP zone, the physical property must be set and the
424 address and default router properties cannot be set.
425
426
427 device: match
428
429 Device name to match.
430
431
432 rctl: name, value
433
434 The name and priv/limit/action triple of a resource control. See
435 prctl(1) and rctladm(1M). The preferred way to set rctl values is
436 to use the global property name associated with a specific rctl.
437
438
439 attr: name, type, value
440
441 The name, type and value of a generic attribute. The type must be
442 one of int, uint, boolean or string, and the value must be of that
560 resource_controls(5).
561
562
563 global: fs-allowed
564
565 A comma-separated list of additional filesystems that may be
566 mounted within the zone; for example "ufs,pcfs". By default, only
567 hsfs(7fs) and network filesystems can be mounted. If the first
568 entry in the list is "-" then that disables all of the default
569 filesystems. If any filesystems are listed after "-" then only
570 those filesystems can be mounted.
571
572 This property does not apply to filesystems mounted into the zone
573 via "add fs" or "add dataset".
574
575 WARNING: allowing filesystem mounts other than the default may
576 allow the zone administrator to compromise the system with a
577 malicious filesystem image, and is not supported.
578
579
580 global: zfs-io-priority
581
582 Specifies a priority for this zone's ZFS I/O. The priority is used
583 by the ZFS I/O scheduler as in input to determine how to schedule
584 I/O across zones. By default all zones have a priority of 1. The
585 value can be increased for zones whose I/O is more critical. This
586 property is the preferred way to set the zone.zfs-io-priority rctl.
587
588
589
590 The following table summarizes resources, property-names, and types:
591
592 resource property-name type
593 (global) zonename simple
594 (global) zonepath simple
595 (global) autoboot simple
596 (global) bootargs simple
597 (global) pool simple
598 (global) limitpriv simple
599 (global) brand simple
600 (global) ip-type simple
601 (global) hostid simple
602 (global) cpu-shares simple
603 (global) max-lwps simple
604 (global) max-msg-ids simple
605 (global) max-sem-ids simple
606 (global) max-shm-ids simple
607 (global) max-shm-memory simple
608 (global) scheduling-class simple
609 (global) zfs-io-priority simple
610 fs dir simple
611 special simple
612 raw simple
613 type simple
614 options list of simple
615 net address simple
616 allowed-address simple
617 defrouter simple
618 global-nic simple
619 mac-addr simple
620 physical simple
621 property list of complex
622 name simple
623 value simple
624 vlan-id simple
625 device match simple
626 rctl name simple
627 value list of complex
628 attr name simple
629 type simple
630 value simple
631 dataset name simple
632 dedicated-cpu ncpus simple or range
633 importance simple
634
635 capped-memory physical simple with scale
636 swap simple with scale
637 locked simple with scale
638
639 capped-cpu ncpus simple
640
641
642
643
644 To further specify things, the breakdown of the complex property
740 See EXAMPLES for sample output from a kstat command.
741
742 OPTIONS
743 The following options are supported:
744
745 -f command_file
746
747 Specify the name of zonecfg command file. command_file is a text
748 file of zonecfg subcommands, one per line.
749
750
751 -z zonename
752
753 Specify the name of a zone. Zone names are case sensitive. Zone
754 names must begin with an alphanumeric character and can contain
755 alphanumeric characters, the underscore (_) the hyphen (-), and the
756 dot (.). The name global and all names beginning with SUNW are
757 reserved and cannot be used.
758
759
760 -u uuid
761
762 Specify the uuid of a zone instead of the Zone name.
763
764
765 SUBCOMMANDS
766 You can use the add and select subcommands to select a specific
767 resource, at which point the scope changes to that resource. The end
768 and cancel subcommands are used to complete the resource specification,
769 at which time the scope is reverted back to global. Certain
770 subcommands, such as add, remove and set, have different semantics in
771 each scope.
772
773
774 zonecfg supports a semicolon-separated list of subcommands. For
775 example:
776
777 # zonecfg -z myzone "add net; set physical=myvnic; end"
778
779
780
781
782 Subcommands which can result in destructive actions or loss of work
783 have an -F option to force the action. If input is from a terminal
784 device, the user is prompted when appropriate if such a command is
808 any partially specified resources. cancel is only applicable in the
809 resource scope.
810
811
812 clear property-name
813
814 Clear the value for the property.
815
816
817 commit
818
819 Commit the current configuration from memory to stable storage. The
820 configuration must be committed to be used by zoneadm. Until the
821 in-memory configuration is committed, you can remove changes with
822 the revert subcommand. The commit operation is attempted
823 automatically upon completion of a zonecfg session. Since a
824 configuration must be correct to be committed, this operation
825 automatically does a verify.
826
827
828 create [-F] [ -a path |-b | -t template] [-X]
829
830 Create an in-memory configuration for the specified zone. Use
831 create to begin to configure a new zone. See commit for saving this
832 to stable storage.
833
834 If you are overwriting an existing configuration, specify the -F
835 option to force the action. Specify the -t template option to
836 create a configuration identical to template, where template is the
837 name of a configured zone.
838
839 Use the -a path option to facilitate configuring a detached zone on
840 a new host. The path parameter is the zonepath location of a
841 detached zone that has been moved on to this new host. Once the
842 detached zone is configured, it should be installed using the
843 "zoneadm attach" command (see zoneadm(1M)). All validation of the
844 new zone happens during the attach process, not during zone
845 configuration.
846
847 Use the -b option to create a blank configuration. Without
848 arguments, create applies the Sun default settings.
849
850 Use the -X option to facilitate creating a zone whose XML
851 definition already exists on the host. The zone will be atomically
852 added to the zone index file.
853
854
855 delete [-F]
856
857 Delete the specified configuration from memory and stable storage.
858 This action is instantaneous, no commit is necessary. A deleted
859 configuration cannot be reverted.
860
861 Specify the -F option to force the action.
862
863
864 end
865
866 End the resource specification. This subcommand is only applicable
867 in the resource scope. zonecfg checks to make sure the current
868 resource is completely specified. If so, it is added to the in-
869 memory configuration (see commit for saving this to stable storage)
870 and the scope reverts to global. If the specification is
871 incomplete, it issues an appropriate error message.
872
873
874 export [-f output-file]
878 form suitable for use in a command file.
879
880
881 help [usage] [subcommand] [syntax] [command-name]
882
883 Print general help or help about given topic.
884
885
886 info zonename | zonepath | autoboot | brand | pool | limitpriv
887 info [resource-type [property-name=property-value]*]
888
889 Display information about the current configuration. If resource-
890 type is specified, displays only information about resources of the
891 relevant type. If any property-name value pairs are specified,
892 displays only information about resources meeting the given
893 criteria. In the resource scope, any arguments are ignored, and
894 info displays information about the resource which is currently
895 being added or modified.
896
897
898 remove [-F] resource-type [property-name=property-value]* (global
899 scope)
900 remove property-name property-value (resource scope)
901
902 In the global scope, removes the specified resource. The [] syntax
903 means 0 or more property name-value pairs. If you want to only
904 remove a single instance of the resource, you must specify enough
905 property name-value pairs for the resource to be uniquely
906 identified. If no property name-value pairs are specified, all
907 instances will be removed. If there is more than one pair
908 specified, a confirmation is required, unless you use the -F
909 option. Likewise, the -F option can be used to remove a resource
910 that does not exist (that is, no error will occur). In the resource
911 scope, remove the specified name-value pair.
912
913
914 select resource-type {property-name=property-value}
915
916 Select the resource of the given type which matches the given
917 property-name property-value pair criteria, for modification. This
918 subcommand is applicable only in the global scope. The scope is
919 changed to that resource type. The {} syntax means 1 or more of
920 whatever is inside the curly braces. You must specify enough
921 property -name property-value pairs for the resource to be uniquely
922 identified.
923
924
925 set property-name=property-value
926
927 Set a given property name to the given value. Some properties (for
928 example, zonename and zonepath) are global while others are
929 resource-specific. This subcommand is applicable in both the global
930 and resource scopes.
931
|
1 ZONECFG(1M) Maintenance Commands ZONECFG(1M)
2
3
4
5 NAME
6 zonecfg - set up zone configuration
7
8 SYNOPSIS
9 zonecfg -z zonename
10
11
12 zonecfg -z zonename subcommand
13
14
15 zonecfg -z zonename -f command_file
16
17
18 zonecfg help
19
20
21 DESCRIPTION
22 The zonecfg utility creates and modifies the configuration of a zone.
23 Zone configuration consists of a number of resources and properties.
24
25
26 To simplify the user interface, zonecfg uses the concept of a scope.
27 The default scope is global.
28
29
30 The following synopsis of the zonecfg command is for interactive usage:
31
32 zonecfg -z zonename subcommand
33
34
35
36
37 Parameters changed through zonecfg do not affect a running zone. The
38 zone must be rebooted for the changes to take effect.
39
40
41 In addition to creating and modifying a zone, the zonecfg utility can
42 also be used to persistently specify the resource management settings
43 for the global zone.
44
45
46 In the following text, "rctl" is used as an abbreviation for "resource
47 control". See resource_controls(5).
48
49
50 Every zone is configured with an associated brand. The brand determines
51 the user-level environment used within the zone, as well as various
52 behaviors for the zone when it is installed, boots, or is shutdown.
176 (global)
177
178 max-shm-ids
179
180
181 (global)
182
183 max-shm-memory
184
185
186 (global)
187
188 scheduling-class
189
190
191 (global)
192
193 fs-allowed
194
195
196 fs
197
198 dir, special, raw, type, options
199
200
201 net
202
203 address, physical, defrouter
204
205
206 device
207
208 match
209
210
211 rctl
212
213 name, value
214
215
216 attr
217
218 name, type, value
219
220
221 dataset
222
223 name
350
351 This property takes the values shared and exclusive.
352
353
354 global: hostid
355
356 A zone can emulate a 32-bit host identifier to ease system
357 consolidation. A zone's hostid property is empty by default,
358 meaning that the zone does not emulate a host identifier. Zone host
359 identifiers must be hexadecimal values between 0 and FFFFFFFE. A 0x
360 or 0X prefix is optional. Both uppercase and lowercase hexadecimal
361 digits are acceptable.
362
363
364 fs: dir, special, raw, type, options
365
366 Values needed to determine how, where, and so forth to mount file
367 systems. See mount(1M), mount(2), fsck(1M), and vfstab(4).
368
369
370 net: address, physical, defrouter
371
372 The network address and physical interface name of the network
373 interface. The network address is one of:
374
375 o a valid IPv4 address, optionally followed by "/" and a
376 prefix length;
377
378 o a valid IPv6 address, which must be followed by "/" and
379 a prefix length;
380
381 o a host name which resolves to an IPv4 address.
382 Note that host names that resolve to IPv6 addresses are not
383 supported.
384
385 The physical interface name is the network interface name.
386
387 The default router is specified similarly to the network address
388 except that it must not be followed by a / (slash) and a network
389 prefix length.
390
391 A zone can be configured to be either exclusive-IP or shared-IP.
392 For a shared-IP zone, you must set both the physical and address
393 properties; setting the default router is optional. The interface
394 specified in the physical property must be plumbed in the global
395 zone prior to booting the non-global zone. However, if the
396 interface is not used by the global zone, it should be configured
397 down in the global zone, and the default router for the interface
398 should be specified here.
399
400 For an exclusive-IP zone, the physical property must be set and the
401 address and default router properties cannot be set.
402
403
404 device: match
405
406 Device name to match.
407
408
409 rctl: name, value
410
411 The name and priv/limit/action triple of a resource control. See
412 prctl(1) and rctladm(1M). The preferred way to set rctl values is
413 to use the global property name associated with a specific rctl.
414
415
416 attr: name, type, value
417
418 The name, type and value of a generic attribute. The type must be
419 one of int, uint, boolean or string, and the value must be of that
537 resource_controls(5).
538
539
540 global: fs-allowed
541
542 A comma-separated list of additional filesystems that may be
543 mounted within the zone; for example "ufs,pcfs". By default, only
544 hsfs(7fs) and network filesystems can be mounted. If the first
545 entry in the list is "-" then that disables all of the default
546 filesystems. If any filesystems are listed after "-" then only
547 those filesystems can be mounted.
548
549 This property does not apply to filesystems mounted into the zone
550 via "add fs" or "add dataset".
551
552 WARNING: allowing filesystem mounts other than the default may
553 allow the zone administrator to compromise the system with a
554 malicious filesystem image, and is not supported.
555
556
557
558 The following table summarizes resources, property-names, and types:
559
560 resource property-name type
561 (global) zonename simple
562 (global) zonepath simple
563 (global) autoboot simple
564 (global) bootargs simple
565 (global) pool simple
566 (global) limitpriv simple
567 (global) brand simple
568 (global) ip-type simple
569 (global) hostid simple
570 (global) cpu-shares simple
571 (global) max-lwps simple
572 (global) max-msg-ids simple
573 (global) max-sem-ids simple
574 (global) max-shm-ids simple
575 (global) max-shm-memory simple
576 (global) scheduling-class simple
577 fs dir simple
578 special simple
579 raw simple
580 type simple
581 options list of simple
582 net address simple
583 physical simple
584 device match simple
585 rctl name simple
586 value list of complex
587 attr name simple
588 type simple
589 value simple
590 dataset name simple
591 dedicated-cpu ncpus simple or range
592 importance simple
593
594 capped-memory physical simple with scale
595 swap simple with scale
596 locked simple with scale
597
598 capped-cpu ncpus simple
599
600
601
602
603 To further specify things, the breakdown of the complex property
699 See EXAMPLES for sample output from a kstat command.
700
701 OPTIONS
702 The following options are supported:
703
704 -f command_file
705
706 Specify the name of zonecfg command file. command_file is a text
707 file of zonecfg subcommands, one per line.
708
709
710 -z zonename
711
712 Specify the name of a zone. Zone names are case sensitive. Zone
713 names must begin with an alphanumeric character and can contain
714 alphanumeric characters, the underscore (_) the hyphen (-), and the
715 dot (.). The name global and all names beginning with SUNW are
716 reserved and cannot be used.
717
718
719 SUBCOMMANDS
720 You can use the add and select subcommands to select a specific
721 resource, at which point the scope changes to that resource. The end
722 and cancel subcommands are used to complete the resource specification,
723 at which time the scope is reverted back to global. Certain
724 subcommands, such as add, remove and set, have different semantics in
725 each scope.
726
727
728 zonecfg supports a semicolon-separated list of subcommands. For
729 example:
730
731 # zonecfg -z myzone "add net; set physical=myvnic; end"
732
733
734
735
736 Subcommands which can result in destructive actions or loss of work
737 have an -F option to force the action. If input is from a terminal
738 device, the user is prompted when appropriate if such a command is
762 any partially specified resources. cancel is only applicable in the
763 resource scope.
764
765
766 clear property-name
767
768 Clear the value for the property.
769
770
771 commit
772
773 Commit the current configuration from memory to stable storage. The
774 configuration must be committed to be used by zoneadm. Until the
775 in-memory configuration is committed, you can remove changes with
776 the revert subcommand. The commit operation is attempted
777 automatically upon completion of a zonecfg session. Since a
778 configuration must be correct to be committed, this operation
779 automatically does a verify.
780
781
782 create [-F] [ -a path |-b | -t template]
783
784 Create an in-memory configuration for the specified zone. Use
785 create to begin to configure a new zone. See commit for saving this
786 to stable storage.
787
788 If you are overwriting an existing configuration, specify the -F
789 option to force the action. Specify the -t template option to
790 create a configuration identical to template, where template is the
791 name of a configured zone.
792
793 Use the -a path option to facilitate configuring a detached zone on
794 a new host. The path parameter is the zonepath location of a
795 detached zone that has been moved on to this new host. Once the
796 detached zone is configured, it should be installed using the
797 "zoneadm attach" command (see zoneadm(1M)). All validation of the
798 new zone happens during the attach process, not during zone
799 configuration.
800
801 Use the -b option to create a blank configuration. Without
802 arguments, create applies the Sun default settings.
803
804
805 delete [-F]
806
807 Delete the specified configuration from memory and stable storage.
808 This action is instantaneous, no commit is necessary. A deleted
809 configuration cannot be reverted.
810
811 Specify the -F option to force the action.
812
813
814 end
815
816 End the resource specification. This subcommand is only applicable
817 in the resource scope. zonecfg checks to make sure the current
818 resource is completely specified. If so, it is added to the in-
819 memory configuration (see commit for saving this to stable storage)
820 and the scope reverts to global. If the specification is
821 incomplete, it issues an appropriate error message.
822
823
824 export [-f output-file]
828 form suitable for use in a command file.
829
830
831 help [usage] [subcommand] [syntax] [command-name]
832
833 Print general help or help about given topic.
834
835
836 info zonename | zonepath | autoboot | brand | pool | limitpriv
837 info [resource-type [property-name=property-value]*]
838
839 Display information about the current configuration. If resource-
840 type is specified, displays only information about resources of the
841 relevant type. If any property-name value pairs are specified,
842 displays only information about resources meeting the given
843 criteria. In the resource scope, any arguments are ignored, and
844 info displays information about the resource which is currently
845 being added or modified.
846
847
848 remove resource-type{property-name=property -value}(global scope)
849
850 In the global scope, removes the specified resource. The [] syntax
851 means 0 or more of whatever is inside the square braces. If you
852 want only to remove a single instance of the resource, you must
853 specify enough property name-value pairs for the resource to be
854 uniquely identified. If no property name-value pairs are specified,
855 all instances will be removed. If there is more than one pair is
856 specified, a confirmation is required, unless you use the -F
857 option.
858
859
860 select resource-type {property-name=property-value}
861
862 Select the resource of the given type which matches the given
863 property-name property-value pair criteria, for modification. This
864 subcommand is applicable only in the global scope. The scope is
865 changed to that resource type. The {} syntax means 1 or more of
866 whatever is inside the curly braces. You must specify enough
867 property -name property-value pairs for the resource to be uniquely
868 identified.
869
870
871 set property-name=property-value
872
873 Set a given property name to the given value. Some properties (for
874 example, zonename and zonepath) are global while others are
875 resource-specific. This subcommand is applicable in both the global
876 and resource scopes.
877
|