Print this page
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1m/zonecfg.1m.man.txt
+++ new/usr/src/man/man1m/zonecfg.1m.man.txt
1 1 ZONECFG(1M) Maintenance Commands ZONECFG(1M)
2 2
3 3
4 4
5 5 NAME
6 6 zonecfg - set up zone configuration
7 7
8 8 SYNOPSIS
9 - zonecfg {-z zonename | -u uuid}
9 + zonecfg -z zonename
10 10
11 11
12 - zonecfg {-z zonename | -u uuid} subcommand
12 + zonecfg -z zonename subcommand
13 13
14 14
15 - zonecfg {-z zonename | -u uuid} -f command_file
15 + zonecfg -z zonename -f command_file
16 16
17 17
18 18 zonecfg help
19 19
20 20
21 21 DESCRIPTION
22 22 The zonecfg utility creates and modifies the configuration of a zone.
23 23 Zone configuration consists of a number of resources and properties.
24 24
25 25
26 26 To simplify the user interface, zonecfg uses the concept of a scope.
27 27 The default scope is global.
28 28
29 29
30 30 The following synopsis of the zonecfg command is for interactive usage:
31 31
32 - {-z zonename | -u uuid}
33 - zonecfg {-z zonename | -u uuid} subcommand
32 + zonecfg -z zonename subcommand
34 33
35 34
36 35
37 36
38 37 Parameters changed through zonecfg do not affect a running zone. The
39 38 zone must be rebooted for the changes to take effect.
40 39
41 40
42 41 In addition to creating and modifying a zone, the zonecfg utility can
43 42 also be used to persistently specify the resource management settings
44 43 for the global zone.
45 44
46 45
47 46 In the following text, "rctl" is used as an abbreviation for "resource
48 47 control". See resource_controls(5).
49 48
50 49
51 50 Every zone is configured with an associated brand. The brand determines
52 51 the user-level environment used within the zone, as well as various
53 52 behaviors for the zone when it is installed, boots, or is shutdown.
54 53 Once a zone has been installed the brand cannot be changed. The default
55 54 brand is determined by the installed distribution in the global zone.
56 55 Some brands do not support all of the zonecfg properties and resources.
57 56 See the brand-specific man page for more details on each brand. For an
58 57 overview of brands, see the brands(5) man page.
59 58
60 59 Resources
61 60 The following resource types are supported:
62 61
63 62 attr
64 63
65 64 Generic attribute.
66 65
67 66
68 67 capped-cpu
69 68
70 69 Limits for CPU usage.
71 70
72 71
73 72 capped-memory
74 73
75 74 Limits for physical, swap, and locked memory.
76 75
77 76
78 77 dataset
79 78
80 79 ZFS dataset.
81 80
82 81
83 82 dedicated-cpu
84 83
85 84 Subset of the system's processors dedicated to this zone while it
86 85 is running.
87 86
88 87
89 88 device
90 89
91 90 Device.
92 91
93 92
94 93 fs
95 94
96 95 file-system
97 96
98 97
99 98 net
100 99
101 100 Network interface.
102 101
103 102
104 103 rctl
105 104
106 105 Resource control.
107 106
108 107
109 108 Properties
110 109 Each resource type has one or more properties. There are also some
111 110 global properties, that is, properties of the configuration as a whole,
112 111 rather than of some particular resource.
113 112
114 113
115 114 The following properties are supported:
116 115
117 116 (global)
118 117
119 118 zonename
120 119
121 120
122 121 (global)
123 122
124 123 zonepath
125 124
126 125
127 126 (global)
128 127
129 128 autoboot
130 129
131 130
132 131 (global)
133 132
134 133 bootargs
135 134
136 135
137 136 (global)
138 137
139 138 pool
140 139
141 140
142 141 (global)
143 142
144 143 limitpriv
145 144
146 145
147 146 (global)
148 147
149 148 brand
150 149
151 150
152 151 (global)
153 152
154 153 cpu-shares
155 154
156 155
157 156 (global)
158 157
159 158 hostid
160 159
161 160
162 161 (global)
163 162
164 163 max-lwps
165 164
166 165
167 166 (global)
168 167
169 168 max-msg-ids
170 169
171 170
172 171 (global)
173 172
174 173 max-sem-ids
175 174
176 175
177 176 (global)
178 177
179 178 max-shm-ids
180 179
181 180
182 181 (global)
183 182
184 183 max-shm-memory
185 184
186 185
|
↓ open down ↓ |
143 lines elided |
↑ open up ↑ |
187 186 (global)
188 187
189 188 scheduling-class
190 189
191 190
192 191 (global)
193 192
194 193 fs-allowed
195 194
196 195
197 - (global)
198 -
199 - zfs-io-priority
200 -
201 -
202 196 fs
203 197
204 198 dir, special, raw, type, options
205 199
206 200
207 201 net
208 202
209 - address, allowed-address, defrouter, global-nic, mac-addr,
210 - physical, property, vlan-id
203 + address, physical, defrouter
211 204
212 205
213 206 device
214 207
215 208 match
216 209
217 210
218 211 rctl
219 212
220 213 name, value
221 214
222 215
223 216 attr
224 217
225 218 name, type, value
226 219
227 220
228 221 dataset
229 222
230 223 name
231 224
232 225
233 226 dedicated-cpu
234 227
235 228 ncpus, importance
236 229
237 230
238 231 capped-memory
239 232
240 233 physical, swap, locked
241 234
242 235
243 236 capped-cpu
244 237
245 238 ncpus
246 239
247 240
248 241
249 242 As for the property values which are paired with these names, they are
250 243 either simple, complex, or lists. The type allowed is property-
251 244 specific. Simple values are strings, optionally enclosed within
252 245 quotation marks. Complex values have the syntax:
253 246
254 247 (<name>=<value>,<name>=<value>,...)
255 248
256 249
257 250
258 251
259 252 where each <value> is simple, and the <name> strings are unique within
260 253 a given property. Lists have the syntax:
261 254
262 255 [<value>,...]
263 256
264 257
265 258
266 259
267 260 where each <value> is either simple or complex. A list of a single
268 261 value (either simple or complex) is equivalent to specifying that value
269 262 without the list syntax. That is, "foo" is equivalent to "[foo]". A
270 263 list can be empty (denoted by "[]").
271 264
272 265
273 266 In interpreting property values, zonecfg accepts regular expressions as
274 267 specified in fnmatch(5). See EXAMPLES.
275 268
276 269
277 270 The property types are described as follows:
278 271
279 272 global: zonename
280 273
281 274 The name of the zone.
282 275
283 276
284 277 global: zonepath
285 278
286 279 Path to zone's file system.
287 280
288 281
289 282 global: autoboot
290 283
291 284 Boolean indicating that a zone should be booted automatically at
292 285 system boot. Note that if the zones service is disabled, the zone
293 286 will not autoboot, regardless of the setting of this property. You
294 287 enable the zones service with a svcadm command, such as:
295 288
296 289 # svcadm enable svc:/system/zones:default
297 290
298 291
299 292 Replace enable with disable to disable the zones service. See
300 293 svcadm(1M).
301 294
302 295
303 296 global: bootargs
304 297
305 298 Arguments (options) to be passed to the zone bootup, unless options
306 299 are supplied to the "zoneadm boot" command, in which case those
307 300 take precedence. The valid arguments are described in zoneadm(1M).
308 301
309 302
310 303 global: pool
311 304
312 305 Name of the resource pool that this zone must be bound to when
313 306 booted. This property is incompatible with the dedicated-cpu
314 307 resource.
315 308
316 309
317 310 global: limitpriv
318 311
319 312 The maximum set of privileges any process in this zone can obtain.
320 313 The property should consist of a comma-separated privilege set
321 314 specification as described in priv_str_to_set(3C). Privileges can
322 315 be excluded from the resulting set by preceding their names with a
323 316 dash (-) or an exclamation point (!). The special privilege string
324 317 "zone" is not supported in this context. If the special string
325 318 "default" occurs as the first token in the property, it expands
326 319 into a safe set of privileges that preserve the resource and
327 320 security isolation described in zones(5). A missing or empty
328 321 property is equivalent to this same set of safe privileges.
329 322
330 323 The system administrator must take extreme care when configuring
331 324 privileges for a zone. Some privileges cannot be excluded through
332 325 this mechanism as they are required in order to boot a zone. In
333 326 addition, there are certain privileges which cannot be given to a
334 327 zone as doing so would allow processes inside a zone to unduly
335 328 affect processes in other zones. zoneadm(1M) indicates when an
336 329 invalid privilege has been added or removed from a zone's privilege
337 330 set when an attempt is made to either "boot" or "ready" the zone.
338 331
339 332 See privileges(5) for a description of privileges. The command
340 333 "ppriv -l" (see ppriv(1)) produces a list of all Solaris
341 334 privileges. You can specify privileges as they are displayed by
342 335 ppriv. In privileges(5), privileges are listed in the form
343 336 PRIV_privilege_name. For example, the privilege sys_time, as you
344 337 would specify it in this property, is listed in privileges(5) as
345 338 PRIV_SYS_TIME.
346 339
347 340
348 341 global: brand
349 342
350 343 The zone's brand type.
351 344
352 345
353 346 global: ip-type
354 347
355 348 A zone can either share the IP instance with the global zone, which
356 349 is the default, or have its own exclusive instance of IP.
357 350
358 351 This property takes the values shared and exclusive.
359 352
360 353
361 354 global: hostid
362 355
363 356 A zone can emulate a 32-bit host identifier to ease system
364 357 consolidation. A zone's hostid property is empty by default,
365 358 meaning that the zone does not emulate a host identifier. Zone host
366 359 identifiers must be hexadecimal values between 0 and FFFFFFFE. A 0x
|
↓ open down ↓ |
146 lines elided |
↑ open up ↑ |
367 360 or 0X prefix is optional. Both uppercase and lowercase hexadecimal
368 361 digits are acceptable.
369 362
370 363
371 364 fs: dir, special, raw, type, options
372 365
373 366 Values needed to determine how, where, and so forth to mount file
374 367 systems. See mount(1M), mount(2), fsck(1M), and vfstab(4).
375 368
376 369
377 - inherit-pkg-dir: dir
370 + net: address, physical, defrouter
378 371
379 - The directory path.
380 -
381 -
382 - net: address, allowed-address, defrouter, global-nic, mac-addr,
383 - physical, property, vlan-id
384 -
385 372 The network address and physical interface name of the network
386 373 interface. The network address is one of:
387 374
388 375 o a valid IPv4 address, optionally followed by "/" and a
389 376 prefix length;
390 377
391 378 o a valid IPv6 address, which must be followed by "/" and
392 379 a prefix length;
393 380
394 381 o a host name which resolves to an IPv4 address.
395 382 Note that host names that resolve to IPv6 addresses are not
396 383 supported.
397 384
398 385 The physical interface name is the network interface name.
399 386
400 387 The default router is specified similarly to the network address
401 388 except that it must not be followed by a / (slash) and a network
402 389 prefix length.
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
403 390
404 391 A zone can be configured to be either exclusive-IP or shared-IP.
405 392 For a shared-IP zone, you must set both the physical and address
406 393 properties; setting the default router is optional. The interface
407 394 specified in the physical property must be plumbed in the global
408 395 zone prior to booting the non-global zone. However, if the
409 396 interface is not used by the global zone, it should be configured
410 397 down in the global zone, and the default router for the interface
411 398 should be specified here.
412 399
413 - The global-nic is used for exclusive stack zones which will use a
414 - VNIC on-demand. When the zone boots, a VNIC named using the
415 - physical property will be created on the global NIC. If provided,
416 - the mac-addr and vlan-id will be set on this VNIC.
417 -
418 - The property setting is a resource which can be used to set
419 - arbitrary name/value pairs on the network. These name/value pairs
420 - are made available to the zone's brand, which can use them as
421 - needed to set up the network interface.
422 -
423 400 For an exclusive-IP zone, the physical property must be set and the
424 401 address and default router properties cannot be set.
425 402
426 403
427 404 device: match
428 405
429 406 Device name to match.
430 407
431 408
432 409 rctl: name, value
433 410
434 411 The name and priv/limit/action triple of a resource control. See
435 412 prctl(1) and rctladm(1M). The preferred way to set rctl values is
436 413 to use the global property name associated with a specific rctl.
437 414
438 415
439 416 attr: name, type, value
440 417
441 418 The name, type and value of a generic attribute. The type must be
442 419 one of int, uint, boolean or string, and the value must be of that
443 420 type. uint means unsigned , that is, a non-negative integer.
444 421
445 422
446 423 dataset: name
447 424
448 425 The name of a ZFS dataset to be accessed from within the zone. See
449 426 zfs(1M).
450 427
451 428
452 429 global: cpu-shares
453 430
454 431 The number of Fair Share Scheduler (FSS) shares to allocate to this
455 432 zone. This property is incompatible with the dedicated-cpu
456 433 resource. This property is the preferred way to set the zone.cpu-
457 434 shares rctl.
458 435
459 436
460 437 global: max-lwps
461 438
462 439 The maximum number of LWPs simultaneously available to this zone.
463 440 This property is the preferred way to set the zone.max-lwps rctl.
464 441
465 442
466 443 global: max-msg-ids
467 444
468 445 The maximum number of message queue IDs allowed for this zone. This
469 446 property is the preferred way to set the zone.max-msg-ids rctl.
470 447
471 448
472 449 global: max-sem-ids
473 450
474 451 The maximum number of semaphore IDs allowed for this zone. This
475 452 property is the preferred way to set the zone.max-sem-ids rctl.
476 453
477 454
478 455 global: max-shm-ids
479 456
480 457 The maximum number of shared memory IDs allowed for this zone. This
481 458 property is the preferred way to set the zone.max-shm-ids rctl.
482 459
483 460
484 461 global: max-shm-memory
485 462
486 463 The maximum amount of shared memory allowed for this zone. This
487 464 property is the preferred way to set the zone.max-shm-memory rctl.
488 465 A scale (K, M, G, T) can be applied to the value for this number
489 466 (for example, 1M is one megabyte).
490 467
491 468
492 469 global: scheduling-class
493 470
494 471 Specifies the scheduling class used for processes running in a
495 472 zone. When this property is not specified, the scheduling class is
496 473 established as follows:
497 474
498 475 o If the cpu-shares property or equivalent rctl is set,
499 476 the scheduling class FSS is used.
500 477
501 478 o If neither cpu-shares nor the equivalent rctl is set and
502 479 the zone's pool property references a pool that has a
503 480 default scheduling class, that class is used.
504 481
505 482 o Under any other conditions, the system default
506 483 scheduling class is used.
507 484
508 485 If the FX scheduling class is specified, then the optional fixed-
509 486 hi-pri attribute can be set to true. This causes all of the
510 487 processes in the zone to run at the highest FX priority. By default
511 488 processes under FX run at the lowest priority. See priocntl(2) for
512 489 details on each scheduling class.
513 490
514 491
515 492
516 493 dedicated-cpu: ncpus, importance
517 494
518 495 The number of CPUs that should be assigned for this zone's
519 496 exclusive use. The zone will create a pool and processor set when
520 497 it boots. See pooladm(1M) and poolcfg(1M) for more information on
521 498 resource pools. The ncpu property can specify a single value or a
522 499 range (for example, 1-4) of processors. The importance property is
523 500 optional; if set, it will specify the pset.importance value for use
524 501 by poold(1M). If this resource is used, there must be enough free
525 502 processors to allocate to this zone when it boots or the zone will
526 503 not boot. The processors assigned to this zone will not be
527 504 available for the use of the global zone or other zones. This
528 505 resource is incompatible with both the pool and cpu-shares
529 506 properties. Only a single instance of this resource can be added to
530 507 the zone.
531 508
532 509
533 510 capped-memory: physical, swap, locked
534 511
535 512 The caps on the memory that can be used by this zone. A scale (K,
536 513 M, G, T) can be applied to the value for each of these numbers (for
537 514 example, 1M is one megabyte). Each of these properties is optional
538 515 but at least one property must be set when adding this resource.
539 516 Only a single instance of this resource can be added to the zone.
540 517 The physical property sets the max-rss for this zone. This will be
541 518 enforced by rcapd(1M) running in the global zone. The swap
542 519 property is the preferred way to set the zone.max-swap rctl. The
543 520 locked property is the preferred way to set the zone.max-locked-
544 521 memory rctl.
545 522
546 523
547 524 capped-cpu: ncpus
548 525
549 526 Sets a limit on the amount of CPU time that can be used by a zone.
550 527 The unit used translates to the percentage of a single CPU that can
551 528 be used by all user threads in a zone, expressed as a fraction (for
552 529 example, .75) or a mixed number (whole number and fraction, for
553 530 example, 1.25). An ncpu value of 1 means 100% of a CPU, a value of
554 531 1.25 means 125%, .75 mean 75%, and so forth. When projects within a
555 532 capped zone have their own caps, the minimum value takes
556 533 precedence.
557 534
558 535 The capped-cpu property is an alias for zone.cpu-cap resource
559 536 control and is related to the zone.cpu-cap resource control. See
560 537 resource_controls(5).
561 538
562 539
563 540 global: fs-allowed
564 541
565 542 A comma-separated list of additional filesystems that may be
566 543 mounted within the zone; for example "ufs,pcfs". By default, only
567 544 hsfs(7fs) and network filesystems can be mounted. If the first
568 545 entry in the list is "-" then that disables all of the default
569 546 filesystems. If any filesystems are listed after "-" then only
|
↓ open down ↓ |
137 lines elided |
↑ open up ↑ |
570 547 those filesystems can be mounted.
571 548
572 549 This property does not apply to filesystems mounted into the zone
573 550 via "add fs" or "add dataset".
574 551
575 552 WARNING: allowing filesystem mounts other than the default may
576 553 allow the zone administrator to compromise the system with a
577 554 malicious filesystem image, and is not supported.
578 555
579 556
580 - global: zfs-io-priority
581 557
582 - Specifies a priority for this zone's ZFS I/O. The priority is used
583 - by the ZFS I/O scheduler as in input to determine how to schedule
584 - I/O across zones. By default all zones have a priority of 1. The
585 - value can be increased for zones whose I/O is more critical. This
586 - property is the preferred way to set the zone.zfs-io-priority rctl.
587 -
588 -
589 -
590 558 The following table summarizes resources, property-names, and types:
591 559
592 560 resource property-name type
593 561 (global) zonename simple
594 562 (global) zonepath simple
595 563 (global) autoboot simple
596 564 (global) bootargs simple
597 565 (global) pool simple
598 566 (global) limitpriv simple
599 567 (global) brand simple
600 568 (global) ip-type simple
601 569 (global) hostid simple
602 570 (global) cpu-shares simple
603 571 (global) max-lwps simple
604 572 (global) max-msg-ids simple
605 573 (global) max-sem-ids simple
606 574 (global) max-shm-ids simple
607 575 (global) max-shm-memory simple
608 576 (global) scheduling-class simple
609 - (global) zfs-io-priority simple
610 577 fs dir simple
611 578 special simple
612 579 raw simple
613 580 type simple
614 581 options list of simple
615 582 net address simple
616 - allowed-address simple
617 - defrouter simple
618 - global-nic simple
619 - mac-addr simple
620 583 physical simple
621 - property list of complex
622 - name simple
623 - value simple
624 - vlan-id simple
625 584 device match simple
626 585 rctl name simple
627 586 value list of complex
628 587 attr name simple
629 588 type simple
630 589 value simple
631 590 dataset name simple
632 591 dedicated-cpu ncpus simple or range
633 592 importance simple
634 593
635 594 capped-memory physical simple with scale
636 595 swap simple with scale
637 596 locked simple with scale
638 597
639 598 capped-cpu ncpus simple
640 599
641 600
642 601
643 602
644 603 To further specify things, the breakdown of the complex property
645 604 "value" of the "rctl" resource type, it consists of three name/value
646 605 pairs, the names being "priv", "limit" and "action", each of which
647 606 takes a simple value. The "name" property of an "attr" resource is
648 607 syntactically restricted in a fashion similar but not identical to zone
649 608 names: it must begin with an alphanumeric, and can contain
650 609 alphanumerics plus the hyphen (-), underscore (_), and dot (.)
651 610 characters. Attribute names beginning with "zone" are reserved for use
652 611 by the system. Finally, the "autoboot" global property must have a
653 612 value of "true" or "false".
654 613
655 614 Using Kernel Statistics to Monitor CPU Caps
656 615 Using the kernel statistics (kstat(3KSTAT)) module caps, the system
657 616 maintains information for all capped projects and zones. You can access
658 617 this information by reading kernel statistics (kstat(3KSTAT)),
659 618 specifying caps as the kstat module name. The following command
660 619 displays kernel statistics for all active CPU caps:
661 620
662 621 # kstat caps::'/cpucaps/'
663 622
664 623
665 624
666 625
667 626 A kstat(1M) command running in a zone displays only CPU caps relevant
668 627 for that zone and for projects in that zone. See EXAMPLES.
669 628
670 629
671 630 The following are cap-related arguments for use with kstat(1M):
672 631
673 632 caps
674 633
675 634 The kstat module.
676 635
677 636
678 637 project_caps or zone_caps
679 638
680 639 kstat class, for use with the kstat -c option.
681 640
682 641
683 642 cpucaps_project_id or cpucaps_zone_id
684 643
685 644 kstat name, for use with the kstat -n option. id is the project or
686 645 zone identifier.
687 646
688 647
689 648
690 649 The following fields are displayed in response to a kstat(1M) command
691 650 requesting statistics for all CPU caps.
692 651
693 652 module
694 653
695 654 In this usage of kstat, this field will have the value caps.
696 655
697 656
698 657 name
699 658
700 659 As described above, cpucaps_project_id or cpucaps_zone_id
701 660
702 661
703 662 above_sec
704 663
705 664 Total time, in seconds, spent above the cap.
706 665
707 666
708 667 below_sec
709 668
710 669 Total time, in seconds, spent below the cap.
711 670
712 671
713 672 maxusage
714 673
715 674 Maximum observed CPU usage.
716 675
717 676
718 677 nwait
719 678
720 679 Number of threads on cap wait queue.
721 680
722 681
723 682 usage
724 683
725 684 Current aggregated CPU usage for all threads belonging to a capped
726 685 project or zone, in terms of a percentage of a single CPU.
727 686
728 687
729 688 value
730 689
731 690 The cap value, in terms of a percentage of a single CPU.
732 691
733 692
734 693 zonename
735 694
736 695 Name of the zone for which statistics are displayed.
737 696
738 697
739 698
740 699 See EXAMPLES for sample output from a kstat command.
741 700
742 701 OPTIONS
743 702 The following options are supported:
744 703
745 704 -f command_file
746 705
747 706 Specify the name of zonecfg command file. command_file is a text
748 707 file of zonecfg subcommands, one per line.
749 708
|
↓ open down ↓ |
115 lines elided |
↑ open up ↑ |
750 709
751 710 -z zonename
752 711
753 712 Specify the name of a zone. Zone names are case sensitive. Zone
754 713 names must begin with an alphanumeric character and can contain
755 714 alphanumeric characters, the underscore (_) the hyphen (-), and the
756 715 dot (.). The name global and all names beginning with SUNW are
757 716 reserved and cannot be used.
758 717
759 718
760 - -u uuid
761 -
762 - Specify the uuid of a zone instead of the Zone name.
763 -
764 -
765 719 SUBCOMMANDS
766 720 You can use the add and select subcommands to select a specific
767 721 resource, at which point the scope changes to that resource. The end
768 722 and cancel subcommands are used to complete the resource specification,
769 723 at which time the scope is reverted back to global. Certain
770 724 subcommands, such as add, remove and set, have different semantics in
771 725 each scope.
772 726
773 727
774 728 zonecfg supports a semicolon-separated list of subcommands. For
775 729 example:
776 730
777 731 # zonecfg -z myzone "add net; set physical=myvnic; end"
778 732
779 733
780 734
781 735
782 736 Subcommands which can result in destructive actions or loss of work
783 737 have an -F option to force the action. If input is from a terminal
784 738 device, the user is prompted when appropriate if such a command is
785 739 given without the -F option otherwise, if such a command is given
786 740 without the -F option, the action is disallowed, with a diagnostic
787 741 message written to standard error.
788 742
789 743
790 744 The following subcommands are supported:
791 745
792 746 add resource-type (global scope)
793 747 add property-name property-value (resource scope)
794 748
795 749 In the global scope, begin the specification for a given resource
796 750 type. The scope is changed to that resource type.
797 751
798 752 In the resource scope, add a property of the given name with the
799 753 given value. The syntax for property values varies with different
800 754 property types. In general, it is a simple value or a list of
801 755 simple values enclosed in square brackets, separated by commas
802 756 ([foo,bar,baz]). See PROPERTIES.
803 757
804 758
805 759 cancel
806 760
807 761 End the resource specification and reset scope to global. Abandons
808 762 any partially specified resources. cancel is only applicable in the
809 763 resource scope.
810 764
811 765
812 766 clear property-name
813 767
814 768 Clear the value for the property.
815 769
816 770
817 771 commit
|
↓ open down ↓ |
43 lines elided |
↑ open up ↑ |
818 772
819 773 Commit the current configuration from memory to stable storage. The
820 774 configuration must be committed to be used by zoneadm. Until the
821 775 in-memory configuration is committed, you can remove changes with
822 776 the revert subcommand. The commit operation is attempted
823 777 automatically upon completion of a zonecfg session. Since a
824 778 configuration must be correct to be committed, this operation
825 779 automatically does a verify.
826 780
827 781
828 - create [-F] [ -a path |-b | -t template] [-X]
782 + create [-F] [ -a path |-b | -t template]
829 783
830 784 Create an in-memory configuration for the specified zone. Use
831 785 create to begin to configure a new zone. See commit for saving this
832 786 to stable storage.
833 787
834 788 If you are overwriting an existing configuration, specify the -F
835 789 option to force the action. Specify the -t template option to
836 790 create a configuration identical to template, where template is the
837 791 name of a configured zone.
838 792
839 793 Use the -a path option to facilitate configuring a detached zone on
|
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
840 794 a new host. The path parameter is the zonepath location of a
841 795 detached zone that has been moved on to this new host. Once the
842 796 detached zone is configured, it should be installed using the
843 797 "zoneadm attach" command (see zoneadm(1M)). All validation of the
844 798 new zone happens during the attach process, not during zone
845 799 configuration.
846 800
847 801 Use the -b option to create a blank configuration. Without
848 802 arguments, create applies the Sun default settings.
849 803
850 - Use the -X option to facilitate creating a zone whose XML
851 - definition already exists on the host. The zone will be atomically
852 - added to the zone index file.
853 804
854 -
855 805 delete [-F]
856 806
857 807 Delete the specified configuration from memory and stable storage.
858 808 This action is instantaneous, no commit is necessary. A deleted
859 809 configuration cannot be reverted.
860 810
861 811 Specify the -F option to force the action.
862 812
863 813
864 814 end
865 815
866 816 End the resource specification. This subcommand is only applicable
867 817 in the resource scope. zonecfg checks to make sure the current
868 818 resource is completely specified. If so, it is added to the in-
869 819 memory configuration (see commit for saving this to stable storage)
870 820 and the scope reverts to global. If the specification is
871 821 incomplete, it issues an appropriate error message.
872 822
873 823
874 824 export [-f output-file]
875 825
876 826 Print configuration to standard output. Use the -f option to print
877 827 the configuration to output-file. This option produces output in a
878 828 form suitable for use in a command file.
879 829
880 830
881 831 help [usage] [subcommand] [syntax] [command-name]
882 832
883 833 Print general help or help about given topic.
884 834
885 835
886 836 info zonename | zonepath | autoboot | brand | pool | limitpriv
887 837 info [resource-type [property-name=property-value]*]
|
↓ open down ↓ |
23 lines elided |
↑ open up ↑ |
888 838
889 839 Display information about the current configuration. If resource-
890 840 type is specified, displays only information about resources of the
891 841 relevant type. If any property-name value pairs are specified,
892 842 displays only information about resources meeting the given
893 843 criteria. In the resource scope, any arguments are ignored, and
894 844 info displays information about the resource which is currently
895 845 being added or modified.
896 846
897 847
898 - remove [-F] resource-type [property-name=property-value]* (global
899 - scope)
900 - remove property-name property-value (resource scope)
848 + remove resource-type{property-name=property -value}(global scope)
901 849
902 850 In the global scope, removes the specified resource. The [] syntax
903 - means 0 or more property name-value pairs. If you want to only
904 - remove a single instance of the resource, you must specify enough
905 - property name-value pairs for the resource to be uniquely
906 - identified. If no property name-value pairs are specified, all
907 - instances will be removed. If there is more than one pair
851 + means 0 or more of whatever is inside the square braces. If you
852 + want only to remove a single instance of the resource, you must
853 + specify enough property name-value pairs for the resource to be
854 + uniquely identified. If no property name-value pairs are specified,
855 + all instances will be removed. If there is more than one pair is
908 856 specified, a confirmation is required, unless you use the -F
909 - option. Likewise, the -F option can be used to remove a resource
910 - that does not exist (that is, no error will occur). In the resource
911 - scope, remove the specified name-value pair.
857 + option.
912 858
913 859
914 860 select resource-type {property-name=property-value}
915 861
916 862 Select the resource of the given type which matches the given
917 863 property-name property-value pair criteria, for modification. This
918 864 subcommand is applicable only in the global scope. The scope is
919 865 changed to that resource type. The {} syntax means 1 or more of
920 866 whatever is inside the curly braces. You must specify enough
921 867 property -name property-value pairs for the resource to be uniquely
922 868 identified.
923 869
924 870
925 871 set property-name=property-value
926 872
927 873 Set a given property name to the given value. Some properties (for
928 874 example, zonename and zonepath) are global while others are
929 875 resource-specific. This subcommand is applicable in both the global
930 876 and resource scopes.
931 877
932 878
933 879 verify
934 880
935 881 Verify the current configuration for correctness:
936 882
937 883 o All resources have all of their required properties
938 884 specified.
939 885
940 886 o A zonepath is specified.
941 887
942 888
943 889 revert [-F]
944 890
945 891 Revert the configuration back to the last committed state. The -F
946 892 option can be used to force the action.
947 893
948 894
949 895 exit [-F]
950 896
951 897 Exit the zonecfg session. A commit is automatically attempted if
952 898 needed. You can also use an EOF character to exit zonecfg. The -F
953 899 option can be used to force the action.
954 900
955 901
956 902 EXAMPLES
957 903 Example 1 Creating the Environment for a New Zone
958 904
959 905
960 906 In the following example, zonecfg creates the environment for a new
961 907 zone. /usr/local is loopback mounted from the global zone into
962 908 /opt/local. /opt/sfw is loopback mounted from the global zone, three
963 909 logical network interfaces are added, and a limit on the number of
964 910 fair-share scheduler (FSS) CPU shares for a zone is set using the rctl
965 911 resource type. The example also shows how to select a given resource
966 912 for modification.
967 913
968 914
969 915 example# zonecfg -z myzone3
970 916 my-zone3: No such zone configured
971 917 Use 'create' to begin configuring a new zone.
972 918 zonecfg:myzone3> create
973 919 zonecfg:myzone3> set zonepath=/export/home/my-zone3
974 920 zonecfg:myzone3> set autoboot=true
975 921 zonecfg:myzone3> add fs
976 922 zonecfg:myzone3:fs> set dir=/usr/local
977 923 zonecfg:myzone3:fs> set special=/opt/local
978 924 zonecfg:myzone3:fs> set type=lofs
979 925 zonecfg:myzone3:fs> add options [ro,nodevices]
980 926 zonecfg:myzone3:fs> end
981 927 zonecfg:myzone3> add fs
982 928 zonecfg:myzone3:fs> set dir=/mnt
983 929 zonecfg:myzone3:fs> set special=/dev/dsk/c0t0d0s7
984 930 zonecfg:myzone3:fs> set raw=/dev/rdsk/c0t0d0s7
985 931 zonecfg:myzone3:fs> set type=ufs
986 932 zonecfg:myzone3:fs> end
987 933 zonecfg:myzone3> add net
988 934 zonecfg:myzone3:net> set address=192.168.0.1/24
989 935 zonecfg:myzone3:net> set physical=eri0
990 936 zonecfg:myzone3:net> end
991 937 zonecfg:myzone3> add net
992 938 zonecfg:myzone3:net> set address=192.168.1.2/24
993 939 zonecfg:myzone3:net> set physical=eri0
994 940 zonecfg:myzone3:net> end
995 941 zonecfg:myzone3> add net
996 942 zonecfg:myzone3:net> set address=192.168.2.3/24
997 943 zonecfg:myzone3:net> set physical=eri0
998 944 zonecfg:myzone3:net> end
999 945 zonecfg:my-zone3> set cpu-shares=5
1000 946 zonecfg:my-zone3> add capped-memory
1001 947 zonecfg:my-zone3:capped-memory> set physical=50m
1002 948 zonecfg:my-zone3:capped-memory> set swap=100m
1003 949 zonecfg:my-zone3:capped-memory> end
1004 950 zonecfg:myzone3> exit
1005 951
1006 952
1007 953
1008 954 Example 2 Creating a Non-Native Zone
1009 955
1010 956
1011 957 The following example creates a new Linux zone:
1012 958
1013 959
1014 960 example# zonecfg -z lxzone
1015 961 lxzone: No such zone configured
1016 962 Use 'create' to begin configuring a new zone
1017 963 zonecfg:lxzone> create -t SUNWlx
1018 964 zonecfg:lxzone> set zonepath=/export/zones/lxzone
1019 965 zonecfg:lxzone> set autoboot=true
1020 966 zonecfg:lxzone> exit
1021 967
1022 968
1023 969
1024 970 Example 3 Creating an Exclusive-IP Zone
1025 971
1026 972
1027 973 The following example creates a zone that is granted exclusive access
1028 974 to bge1 and bge33000 and that is isolated at the IP layer from the
1029 975 other zones configured on the system.
1030 976
1031 977
1032 978
1033 979 The IP addresses and routing is configured inside the new zone using
1034 980 sysidtool(1M).
1035 981
1036 982
1037 983 example# zonecfg -z excl
1038 984 excl: No such zone configured
1039 985 Use 'create' to begin configuring a new zone
1040 986 zonecfg:excl> create
1041 987 zonecfg:excl> set zonepath=/export/zones/excl
1042 988 zonecfg:excl> set ip-type=exclusive
1043 989 zonecfg:excl> add net
1044 990 zonecfg:excl:net> set physical=bge1
1045 991 zonecfg:excl:net> end
1046 992 zonecfg:excl> add net
1047 993 zonecfg:excl:net> set physical=bge33000
1048 994 zonecfg:excl:net> end
1049 995 zonecfg:excl> exit
1050 996
1051 997
1052 998
1053 999 Example 4 Associating a Zone with a Resource Pool
1054 1000
1055 1001
1056 1002 The following example shows how to associate an existing zone with an
1057 1003 existing resource pool:
1058 1004
1059 1005
1060 1006 example# zonecfg -z myzone
1061 1007 zonecfg:myzone> set pool=mypool
1062 1008 zonecfg:myzone> exit
1063 1009
1064 1010
1065 1011
1066 1012
1067 1013 For more information about resource pools, see pooladm(1M) and
1068 1014 poolcfg(1M).
1069 1015
1070 1016
1071 1017 Example 5 Changing the Name of a Zone
1072 1018
1073 1019
1074 1020 The following example shows how to change the name of an existing zone:
1075 1021
1076 1022
1077 1023 example# zonecfg -z myzone
1078 1024 zonecfg:myzone> set zonename=myzone2
1079 1025 zonecfg:myzone2> exit
1080 1026
1081 1027
1082 1028
1083 1029 Example 6 Changing the Privilege Set of a Zone
1084 1030
1085 1031
1086 1032 The following example shows how to change the set of privileges an
1087 1033 existing zone's processes will be limited to the next time the zone is
1088 1034 booted. In this particular case, the privilege set will be the standard
1089 1035 safe set of privileges a zone normally has along with the privilege to
1090 1036 change the system date and time:
1091 1037
1092 1038
1093 1039 example# zonecfg -z myzone
1094 1040 zonecfg:myzone> set limitpriv="default,sys_time"
1095 1041 zonecfg:myzone2> exit
1096 1042
1097 1043
1098 1044
1099 1045 Example 7 Setting the zone.cpu-shares Property for the Global Zone
1100 1046
1101 1047
1102 1048 The following command sets the zone.cpu-shares property for the global
1103 1049 zone:
1104 1050
1105 1051
1106 1052 example# zonecfg -z global
1107 1053 zonecfg:global> set cpu-shares=5
1108 1054 zonecfg:global> exit
1109 1055
1110 1056
1111 1057
1112 1058 Example 8 Using Pattern Matching
1113 1059
1114 1060
1115 1061 The following commands illustrate zonecfg support for pattern matching.
1116 1062 In the zone flexlm, enter:
1117 1063
1118 1064
1119 1065 zonecfg:flexlm> add device
1120 1066 zonecfg:flexlm:device> set match="/dev/cua/a00[2-5]"
1121 1067 zonecfg:flexlm:device> end
1122 1068
1123 1069
1124 1070
1125 1071
1126 1072 In the global zone, enter:
1127 1073
1128 1074
1129 1075 global# ls /dev/cua
1130 1076 a a000 a001 a002 a003 a004 a005 a006 a007 b
1131 1077
1132 1078
1133 1079
1134 1080
1135 1081 In the zone flexlm, enter:
1136 1082
1137 1083
1138 1084 flexlm# ls /dev/cua
1139 1085 a002 a003 a004 a005
1140 1086
1141 1087
1142 1088
1143 1089 Example 9 Setting a Cap for a Zone to Three CPUs
1144 1090
1145 1091
1146 1092 The following sequence uses the zonecfg command to set the CPU cap for
1147 1093 a zone to three CPUs.
1148 1094
1149 1095
1150 1096 zonecfg:myzone> add capped-cpu
1151 1097 zonecfg:myzone>capped-cpu> set ncpus=3
1152 1098 zonecfg:myzone>capped-cpu>capped-cpu> end
1153 1099
1154 1100
1155 1101
1156 1102
1157 1103 The preceding sequence, which uses the capped-cpu property, is
1158 1104 equivalent to the following sequence, which makes use of the zone.cpu-
1159 1105 cap resource control.
1160 1106
1161 1107
1162 1108 zonecfg:myzone> add rctl
1163 1109 zonecfg:myzone:rctl> set name=zone.cpu-cap
1164 1110 zonecfg:myzone:rctl> add value (priv=privileged,limit=300,action=none)
1165 1111 zonecfg:myzone:rctl> end
1166 1112
1167 1113
1168 1114
1169 1115 Example 10 Using kstat to Monitor CPU Caps
1170 1116
1171 1117
1172 1118 The following command displays information about all CPU caps.
1173 1119
1174 1120
1175 1121 # kstat -n /cpucaps/
1176 1122 module: caps instance: 0
1177 1123 name: cpucaps_project_0 class: project_caps
1178 1124 above_sec 0
1179 1125 below_sec 2157
1180 1126 crtime 821.048183159
1181 1127 maxusage 2
1182 1128 nwait 0
1183 1129 snaptime 235885.637253027
1184 1130 usage 0
1185 1131 value 18446743151372347932
1186 1132 zonename global
1187 1133
1188 1134 module: caps instance: 0
1189 1135 name: cpucaps_project_1 class: project_caps
1190 1136 above_sec 0
1191 1137 below_sec 0
1192 1138 crtime 225339.192787265
1193 1139 maxusage 5
1194 1140 nwait 0
1195 1141 snaptime 235885.637591677
1196 1142 usage 5
1197 1143 value 18446743151372347932
1198 1144 zonename global
1199 1145
1200 1146 module: caps instance: 0
1201 1147 name: cpucaps_project_201 class: project_caps
1202 1148 above_sec 0
1203 1149 below_sec 235105
1204 1150 crtime 780.37961782
1205 1151 maxusage 100
1206 1152 nwait 0
1207 1153 snaptime 235885.637789687
1208 1154 usage 43
1209 1155 value 100
1210 1156 zonename global
1211 1157
1212 1158 module: caps instance: 0
1213 1159 name: cpucaps_project_202 class: project_caps
1214 1160 above_sec 0
1215 1161 below_sec 235094
1216 1162 crtime 791.72983782
1217 1163 maxusage 100
1218 1164 nwait 0
1219 1165 snaptime 235885.637967512
1220 1166 usage 48
1221 1167 value 100
1222 1168 zonename global
1223 1169
1224 1170 module: caps instance: 0
1225 1171 name: cpucaps_project_203 class: project_caps
1226 1172 above_sec 0
1227 1173 below_sec 235034
1228 1174 crtime 852.104401481
1229 1175 maxusage 75
1230 1176 nwait 0
1231 1177 snaptime 235885.638144304
1232 1178 usage 47
1233 1179 value 100
1234 1180 zonename global
1235 1181
1236 1182 module: caps instance: 0
1237 1183 name: cpucaps_project_86710 class: project_caps
1238 1184 above_sec 22
1239 1185 below_sec 235166
1240 1186 crtime 698.441717859
1241 1187 maxusage 101
1242 1188 nwait 0
1243 1189 snaptime 235885.638319871
1244 1190 usage 54
1245 1191 value 100
1246 1192 zonename global
1247 1193
1248 1194 module: caps instance: 0
1249 1195 name: cpucaps_zone_0 class: zone_caps
1250 1196 above_sec 100733
1251 1197 below_sec 134332
1252 1198 crtime 821.048177123
1253 1199 maxusage 207
1254 1200 nwait 2
1255 1201 snaptime 235885.638497731
1256 1202 usage 199
1257 1203 value 200
1258 1204 zonename global
1259 1205
1260 1206 module: caps instance: 1
1261 1207 name: cpucaps_project_0 class: project_caps
1262 1208 above_sec 0
1263 1209 below_sec 0
1264 1210 crtime 225360.256448422
1265 1211 maxusage 7
1266 1212 nwait 0
1267 1213 snaptime 235885.638714404
1268 1214 usage 7
1269 1215 value 18446743151372347932
1270 1216 zonename test_001
1271 1217
1272 1218 module: caps instance: 1
1273 1219 name: cpucaps_zone_1 class: zone_caps
1274 1220 above_sec 2
1275 1221 below_sec 10524
1276 1222 crtime 225360.256440278
1277 1223 maxusage 106
1278 1224 nwait 0
1279 1225 snaptime 235885.638896443
1280 1226 usage 7
1281 1227 value 100
1282 1228 zonename test_001
1283 1229
1284 1230
1285 1231
1286 1232 Example 11 Displaying CPU Caps for a Specific Zone or Project
1287 1233
1288 1234
1289 1235 Using the kstat -c and -i options, you can display CPU caps for a
1290 1236 specific zone or project, as below. The first command produces a
1291 1237 display for a specific project, the second for the same project within
1292 1238 zone 1.
1293 1239
1294 1240
1295 1241 # kstat -c project_caps
1296 1242
1297 1243 # kstat -c project_caps -i 1
1298 1244
1299 1245
1300 1246
1301 1247 EXIT STATUS
1302 1248 The following exit values are returned:
1303 1249
1304 1250 0
1305 1251
1306 1252 Successful completion.
1307 1253
1308 1254
1309 1255 1
1310 1256
1311 1257 An error occurred.
1312 1258
1313 1259
1314 1260 2
1315 1261
1316 1262 Invalid usage.
1317 1263
1318 1264
1319 1265 ATTRIBUTES
1320 1266 See attributes(5) for descriptions of the following attributes:
1321 1267
1322 1268
1323 1269
1324 1270
1325 1271 +--------------------+-----------------+
1326 1272 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
1327 1273 +--------------------+-----------------+
1328 1274 |Interface Stability | Volatile |
1329 1275 +--------------------+-----------------+
1330 1276
1331 1277 SEE ALSO
1332 1278 ppriv(1), prctl(1), zlogin(1), kstat(1M), mount(1M), pooladm(1M),
1333 1279 poolcfg(1M), poold(1M), rcapd(1M), rctladm(1M), svcadm(1M),
1334 1280 sysidtool(1M), zfs(1M), zoneadm(1M), priocntl(2), priv_str_to_set(3C),
1335 1281 kstat(3KSTAT), vfstab(4), attributes(5), brands(5), fnmatch(5), lx(5),
1336 1282 privileges(5), resource_controls(5), zones(5)
1337 1283
1338 1284
1339 1285 System Administration Guide: Solaris Containers-Resource Management,
1340 1286 and Solaris Zones
1341 1287
1342 1288 NOTES
1343 1289 All character data used by zonecfg must be in US-ASCII encoding.
1344 1290
1345 1291
1346 1292
1347 1293 November 4, 2015 ZONECFG(1M)
|
↓ open down ↓ |
426 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX