Print this page
OS-4915 want FX high priority zone configuration option
OS-4925 ps pri shows misleading value for zone in RT scheduling class
Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1m/zonecfg.1m.man.txt
+++ new/usr/src/man/man1m/zonecfg.1m.man.txt
1 1 ZONECFG(1M) Maintenance Commands ZONECFG(1M)
2 2
3 3
4 4
5 5 NAME
6 6 zonecfg - set up zone configuration
7 7
8 8 SYNOPSIS
9 9 zonecfg -z zonename
10 10
11 11
12 12 zonecfg -z zonename subcommand
13 13
14 14
15 15 zonecfg -z zonename -f command_file
16 16
17 17
18 18 zonecfg help
19 19
20 20
21 21 DESCRIPTION
22 22 The zonecfg utility creates and modifies the configuration of a zone.
23 23 Zone configuration consists of a number of resources and properties.
24 24
25 25
26 26 To simplify the user interface, zonecfg uses the concept of a scope.
27 27 The default scope is global.
28 28
29 29
30 30 The following synopsis of the zonecfg command is for interactive usage:
31 31
32 32 zonecfg -z zonename subcommand
33 33
34 34
35 35
36 36
37 37 Parameters changed through zonecfg do not affect a running zone. The
38 38 zone must be rebooted for the changes to take effect.
39 39
40 40
41 41 In addition to creating and modifying a zone, the zonecfg utility can
42 42 also be used to persistently specify the resource management settings
43 43 for the global zone.
44 44
45 45
46 46 In the following text, "rctl" is used as an abbreviation for "resource
47 47 control". See resource_controls(5).
48 48
49 49
50 50 Every zone is configured with an associated brand. The brand determines
51 51 the user-level environment used within the zone, as well as various
52 52 behaviors for the zone when it is installed, boots, or is shutdown.
53 53 Once a zone has been installed the brand cannot be changed. The default
54 54 brand is determined by the installed distribution in the global zone.
55 55 Some brands do not support all of the zonecfg properties and resources.
56 56 See the brand-specific man page for more details on each brand. For an
57 57 overview of brands, see the brands(5) man page.
58 58
59 59 Resources
60 60 The following resource types are supported:
61 61
62 62 attr
63 63
64 64 Generic attribute.
65 65
66 66
67 67 capped-cpu
68 68
69 69 Limits for CPU usage.
70 70
71 71
72 72 capped-memory
73 73
74 74 Limits for physical, swap, and locked memory.
75 75
76 76
77 77 dataset
78 78
79 79 ZFS dataset.
80 80
81 81
82 82 dedicated-cpu
83 83
84 84 Subset of the system's processors dedicated to this zone while it
85 85 is running.
86 86
87 87
88 88 device
89 89
90 90 Device.
91 91
92 92
93 93 fs
94 94
95 95 file-system
96 96
97 97
98 98 net
99 99
100 100 Network interface.
101 101
102 102
103 103 rctl
104 104
105 105 Resource control.
106 106
107 107
108 108 Properties
109 109 Each resource type has one or more properties. There are also some
110 110 global properties, that is, properties of the configuration as a whole,
111 111 rather than of some particular resource.
112 112
113 113
114 114 The following properties are supported:
115 115
116 116 (global)
117 117
118 118 zonename
119 119
120 120
121 121 (global)
122 122
123 123 zonepath
124 124
125 125
126 126 (global)
127 127
128 128 autoboot
129 129
130 130
131 131 (global)
132 132
133 133 bootargs
134 134
135 135
136 136 (global)
137 137
138 138 pool
139 139
140 140
141 141 (global)
142 142
143 143 limitpriv
144 144
145 145
146 146 (global)
147 147
148 148 brand
149 149
150 150
151 151 (global)
152 152
153 153 cpu-shares
154 154
155 155
156 156 (global)
157 157
158 158 hostid
159 159
160 160
161 161 (global)
162 162
163 163 max-lwps
164 164
165 165
166 166 (global)
167 167
168 168 max-msg-ids
169 169
170 170
171 171 (global)
172 172
173 173 max-sem-ids
174 174
175 175
176 176 (global)
177 177
178 178 max-shm-ids
179 179
180 180
181 181 (global)
182 182
183 183 max-shm-memory
184 184
185 185
186 186 (global)
187 187
188 188 scheduling-class
189 189
190 190
191 191 (global)
192 192
193 193 fs-allowed
194 194
195 195
196 196 fs
197 197
198 198 dir, special, raw, type, options
199 199
200 200
201 201 net
202 202
203 203 address, physical, defrouter
204 204
205 205
206 206 device
207 207
208 208 match
209 209
210 210
211 211 rctl
212 212
213 213 name, value
214 214
215 215
216 216 attr
217 217
218 218 name, type, value
219 219
220 220
221 221 dataset
222 222
223 223 name
224 224
225 225
226 226 dedicated-cpu
227 227
228 228 ncpus, importance
229 229
230 230
231 231 capped-memory
232 232
233 233 physical, swap, locked
234 234
235 235
236 236 capped-cpu
237 237
238 238 ncpus
239 239
240 240
241 241
242 242 As for the property values which are paired with these names, they are
243 243 either simple, complex, or lists. The type allowed is property-
244 244 specific. Simple values are strings, optionally enclosed within
245 245 quotation marks. Complex values have the syntax:
246 246
247 247 (<name>=<value>,<name>=<value>,...)
248 248
249 249
250 250
251 251
252 252 where each <value> is simple, and the <name> strings are unique within
253 253 a given property. Lists have the syntax:
254 254
255 255 [<value>,...]
256 256
257 257
258 258
259 259
260 260 where each <value> is either simple or complex. A list of a single
261 261 value (either simple or complex) is equivalent to specifying that value
262 262 without the list syntax. That is, "foo" is equivalent to "[foo]". A
263 263 list can be empty (denoted by "[]").
264 264
265 265
266 266 In interpreting property values, zonecfg accepts regular expressions as
267 267 specified in fnmatch(5). See EXAMPLES.
268 268
269 269
270 270 The property types are described as follows:
271 271
272 272 global: zonename
273 273
274 274 The name of the zone.
275 275
276 276
277 277 global: zonepath
278 278
279 279 Path to zone's file system.
280 280
281 281
282 282 global: autoboot
283 283
284 284 Boolean indicating that a zone should be booted automatically at
285 285 system boot. Note that if the zones service is disabled, the zone
286 286 will not autoboot, regardless of the setting of this property. You
287 287 enable the zones service with a svcadm command, such as:
288 288
289 289 # svcadm enable svc:/system/zones:default
290 290
291 291
292 292 Replace enable with disable to disable the zones service. See
293 293 svcadm(1M).
294 294
295 295
296 296 global: bootargs
297 297
298 298 Arguments (options) to be passed to the zone bootup, unless options
299 299 are supplied to the "zoneadm boot" command, in which case those
300 300 take precedence. The valid arguments are described in zoneadm(1M).
301 301
302 302
303 303 global: pool
304 304
305 305 Name of the resource pool that this zone must be bound to when
306 306 booted. This property is incompatible with the dedicated-cpu
307 307 resource.
308 308
309 309
310 310 global: limitpriv
311 311
312 312 The maximum set of privileges any process in this zone can obtain.
313 313 The property should consist of a comma-separated privilege set
314 314 specification as described in priv_str_to_set(3C). Privileges can
315 315 be excluded from the resulting set by preceding their names with a
316 316 dash (-) or an exclamation point (!). The special privilege string
317 317 "zone" is not supported in this context. If the special string
318 318 "default" occurs as the first token in the property, it expands
319 319 into a safe set of privileges that preserve the resource and
320 320 security isolation described in zones(5). A missing or empty
321 321 property is equivalent to this same set of safe privileges.
322 322
323 323 The system administrator must take extreme care when configuring
324 324 privileges for a zone. Some privileges cannot be excluded through
325 325 this mechanism as they are required in order to boot a zone. In
326 326 addition, there are certain privileges which cannot be given to a
327 327 zone as doing so would allow processes inside a zone to unduly
328 328 affect processes in other zones. zoneadm(1M) indicates when an
329 329 invalid privilege has been added or removed from a zone's privilege
330 330 set when an attempt is made to either "boot" or "ready" the zone.
331 331
332 332 See privileges(5) for a description of privileges. The command
333 333 "ppriv -l" (see ppriv(1)) produces a list of all Solaris
334 334 privileges. You can specify privileges as they are displayed by
335 335 ppriv. In privileges(5), privileges are listed in the form
336 336 PRIV_privilege_name. For example, the privilege sys_time, as you
337 337 would specify it in this property, is listed in privileges(5) as
338 338 PRIV_SYS_TIME.
339 339
340 340
341 341 global: brand
342 342
343 343 The zone's brand type.
344 344
345 345
346 346 global: ip-type
347 347
348 348 A zone can either share the IP instance with the global zone, which
349 349 is the default, or have its own exclusive instance of IP.
350 350
351 351 This property takes the values shared and exclusive.
352 352
353 353
354 354 global: hostid
355 355
356 356 A zone can emulate a 32-bit host identifier to ease system
357 357 consolidation. A zone's hostid property is empty by default,
358 358 meaning that the zone does not emulate a host identifier. Zone host
359 359 identifiers must be hexadecimal values between 0 and FFFFFFFE. A 0x
360 360 or 0X prefix is optional. Both uppercase and lowercase hexadecimal
361 361 digits are acceptable.
362 362
363 363
364 364 fs: dir, special, raw, type, options
365 365
366 366 Values needed to determine how, where, and so forth to mount file
367 367 systems. See mount(1M), mount(2), fsck(1M), and vfstab(4).
368 368
369 369
370 370 net: address, physical, defrouter
371 371
372 372 The network address and physical interface name of the network
373 373 interface. The network address is one of:
374 374
375 375 o a valid IPv4 address, optionally followed by "/" and a
376 376 prefix length;
377 377
378 378 o a valid IPv6 address, which must be followed by "/" and
379 379 a prefix length;
380 380
381 381 o a host name which resolves to an IPv4 address.
382 382 Note that host names that resolve to IPv6 addresses are not
383 383 supported.
384 384
385 385 The physical interface name is the network interface name.
386 386
387 387 The default router is specified similarly to the network address
388 388 except that it must not be followed by a / (slash) and a network
389 389 prefix length.
390 390
391 391 A zone can be configured to be either exclusive-IP or shared-IP.
392 392 For a shared-IP zone, you must set both the physical and address
393 393 properties; setting the default router is optional. The interface
394 394 specified in the physical property must be plumbed in the global
395 395 zone prior to booting the non-global zone. However, if the
396 396 interface is not used by the global zone, it should be configured
397 397 down in the global zone, and the default router for the interface
398 398 should be specified here.
399 399
400 400 For an exclusive-IP zone, the physical property must be set and the
401 401 address and default router properties cannot be set.
402 402
403 403
404 404 device: match
405 405
406 406 Device name to match.
407 407
408 408
409 409 rctl: name, value
410 410
411 411 The name and priv/limit/action triple of a resource control. See
412 412 prctl(1) and rctladm(1M). The preferred way to set rctl values is
413 413 to use the global property name associated with a specific rctl.
414 414
415 415
416 416 attr: name, type, value
417 417
418 418 The name, type and value of a generic attribute. The type must be
419 419 one of int, uint, boolean or string, and the value must be of that
420 420 type. uint means unsigned , that is, a non-negative integer.
421 421
422 422
423 423 dataset: name
424 424
425 425 The name of a ZFS dataset to be accessed from within the zone. See
426 426 zfs(1M).
427 427
428 428
429 429 global: cpu-shares
430 430
431 431 The number of Fair Share Scheduler (FSS) shares to allocate to this
432 432 zone. This property is incompatible with the dedicated-cpu
433 433 resource. This property is the preferred way to set the zone.cpu-
434 434 shares rctl.
435 435
436 436
437 437 global: max-lwps
438 438
439 439 The maximum number of LWPs simultaneously available to this zone.
440 440 This property is the preferred way to set the zone.max-lwps rctl.
441 441
442 442
443 443 global: max-msg-ids
444 444
445 445 The maximum number of message queue IDs allowed for this zone. This
446 446 property is the preferred way to set the zone.max-msg-ids rctl.
447 447
448 448
449 449 global: max-sem-ids
450 450
451 451 The maximum number of semaphore IDs allowed for this zone. This
452 452 property is the preferred way to set the zone.max-sem-ids rctl.
453 453
454 454
455 455 global: max-shm-ids
456 456
457 457 The maximum number of shared memory IDs allowed for this zone. This
458 458 property is the preferred way to set the zone.max-shm-ids rctl.
459 459
460 460
461 461 global: max-shm-memory
462 462
463 463 The maximum amount of shared memory allowed for this zone. This
464 464 property is the preferred way to set the zone.max-shm-memory rctl.
465 465 A scale (K, M, G, T) can be applied to the value for this number
466 466 (for example, 1M is one megabyte).
467 467
468 468
469 469 global: scheduling-class
470 470
471 471 Specifies the scheduling class used for processes running in a
472 472 zone. When this property is not specified, the scheduling class is
473 473 established as follows:
474 474
|
↓ open down ↓ |
474 lines elided |
↑ open up ↑ |
475 475 o If the cpu-shares property or equivalent rctl is set,
476 476 the scheduling class FSS is used.
477 477
478 478 o If neither cpu-shares nor the equivalent rctl is set and
479 479 the zone's pool property references a pool that has a
480 480 default scheduling class, that class is used.
481 481
482 482 o Under any other conditions, the system default
483 483 scheduling class is used.
484 484
485 + If the FX scheduling class is specified, then the optional fixed-
486 + hi-pri attribute can be set to true. This causes all of the
487 + processes in the zone to run at the highest FX priority. By default
488 + processes under FX run at the lowest priority. See priocntl(2) for
489 + details on each scheduling class.
485 490
486 491
487 492
488 493 dedicated-cpu: ncpus, importance
489 494
490 495 The number of CPUs that should be assigned for this zone's
491 496 exclusive use. The zone will create a pool and processor set when
492 497 it boots. See pooladm(1M) and poolcfg(1M) for more information on
493 498 resource pools. The ncpu property can specify a single value or a
494 499 range (for example, 1-4) of processors. The importance property is
495 500 optional; if set, it will specify the pset.importance value for use
496 501 by poold(1M). If this resource is used, there must be enough free
497 502 processors to allocate to this zone when it boots or the zone will
498 503 not boot. The processors assigned to this zone will not be
499 504 available for the use of the global zone or other zones. This
500 505 resource is incompatible with both the pool and cpu-shares
501 506 properties. Only a single instance of this resource can be added to
502 507 the zone.
503 508
504 509
505 510 capped-memory: physical, swap, locked
506 511
507 512 The caps on the memory that can be used by this zone. A scale (K,
508 513 M, G, T) can be applied to the value for each of these numbers (for
509 514 example, 1M is one megabyte). Each of these properties is optional
510 515 but at least one property must be set when adding this resource.
511 516 Only a single instance of this resource can be added to the zone.
512 517 The physical property sets the max-rss for this zone. This will be
513 518 enforced by rcapd(1M) running in the global zone. The swap
514 519 property is the preferred way to set the zone.max-swap rctl. The
515 520 locked property is the preferred way to set the zone.max-locked-
516 521 memory rctl.
517 522
518 523
519 524 capped-cpu: ncpus
520 525
521 526 Sets a limit on the amount of CPU time that can be used by a zone.
522 527 The unit used translates to the percentage of a single CPU that can
523 528 be used by all user threads in a zone, expressed as a fraction (for
524 529 example, .75) or a mixed number (whole number and fraction, for
525 530 example, 1.25). An ncpu value of 1 means 100% of a CPU, a value of
526 531 1.25 means 125%, .75 mean 75%, and so forth. When projects within a
527 532 capped zone have their own caps, the minimum value takes
528 533 precedence.
529 534
530 535 The capped-cpu property is an alias for zone.cpu-cap resource
531 536 control and is related to the zone.cpu-cap resource control. See
532 537 resource_controls(5).
533 538
534 539
535 540 global: fs-allowed
536 541
537 542 A comma-separated list of additional filesystems that may be
538 543 mounted within the zone; for example "ufs,pcfs". By default, only
539 544 hsfs(7fs) and network filesystems can be mounted. If the first
540 545 entry in the list is "-" then that disables all of the default
541 546 filesystems. If any filesystems are listed after "-" then only
542 547 those filesystems can be mounted.
543 548
544 549 This property does not apply to filesystems mounted into the zone
545 550 via "add fs" or "add dataset".
546 551
547 552 WARNING: allowing filesystem mounts other than the default may
548 553 allow the zone administrator to compromise the system with a
549 554 malicious filesystem image, and is not supported.
550 555
551 556
552 557
553 558 The following table summarizes resources, property-names, and types:
554 559
555 560 resource property-name type
556 561 (global) zonename simple
557 562 (global) zonepath simple
558 563 (global) autoboot simple
559 564 (global) bootargs simple
560 565 (global) pool simple
561 566 (global) limitpriv simple
562 567 (global) brand simple
563 568 (global) ip-type simple
564 569 (global) hostid simple
565 570 (global) cpu-shares simple
566 571 (global) max-lwps simple
567 572 (global) max-msg-ids simple
568 573 (global) max-sem-ids simple
569 574 (global) max-shm-ids simple
570 575 (global) max-shm-memory simple
571 576 (global) scheduling-class simple
572 577 fs dir simple
573 578 special simple
574 579 raw simple
575 580 type simple
576 581 options list of simple
577 582 net address simple
578 583 physical simple
579 584 device match simple
580 585 rctl name simple
581 586 value list of complex
582 587 attr name simple
583 588 type simple
584 589 value simple
585 590 dataset name simple
586 591 dedicated-cpu ncpus simple or range
587 592 importance simple
588 593
589 594 capped-memory physical simple with scale
590 595 swap simple with scale
591 596 locked simple with scale
592 597
593 598 capped-cpu ncpus simple
594 599
595 600
596 601
597 602
598 603 To further specify things, the breakdown of the complex property
599 604 "value" of the "rctl" resource type, it consists of three name/value
600 605 pairs, the names being "priv", "limit" and "action", each of which
601 606 takes a simple value. The "name" property of an "attr" resource is
602 607 syntactically restricted in a fashion similar but not identical to zone
603 608 names: it must begin with an alphanumeric, and can contain
604 609 alphanumerics plus the hyphen (-), underscore (_), and dot (.)
605 610 characters. Attribute names beginning with "zone" are reserved for use
606 611 by the system. Finally, the "autoboot" global property must have a
607 612 value of "true" or "false".
608 613
609 614 Using Kernel Statistics to Monitor CPU Caps
610 615 Using the kernel statistics (kstat(3KSTAT)) module caps, the system
611 616 maintains information for all capped projects and zones. You can access
612 617 this information by reading kernel statistics (kstat(3KSTAT)),
613 618 specifying caps as the kstat module name. The following command
614 619 displays kernel statistics for all active CPU caps:
615 620
616 621 # kstat caps::'/cpucaps/'
617 622
618 623
619 624
620 625
621 626 A kstat(1M) command running in a zone displays only CPU caps relevant
622 627 for that zone and for projects in that zone. See EXAMPLES.
623 628
624 629
625 630 The following are cap-related arguments for use with kstat(1M):
626 631
627 632 caps
628 633
629 634 The kstat module.
630 635
631 636
632 637 project_caps or zone_caps
633 638
634 639 kstat class, for use with the kstat -c option.
635 640
636 641
637 642 cpucaps_project_id or cpucaps_zone_id
638 643
639 644 kstat name, for use with the kstat -n option. id is the project or
640 645 zone identifier.
641 646
642 647
643 648
644 649 The following fields are displayed in response to a kstat(1M) command
645 650 requesting statistics for all CPU caps.
646 651
647 652 module
648 653
649 654 In this usage of kstat, this field will have the value caps.
650 655
651 656
652 657 name
653 658
654 659 As described above, cpucaps_project_id or cpucaps_zone_id
655 660
656 661
657 662 above_sec
658 663
659 664 Total time, in seconds, spent above the cap.
660 665
661 666
662 667 below_sec
663 668
664 669 Total time, in seconds, spent below the cap.
665 670
666 671
667 672 maxusage
668 673
669 674 Maximum observed CPU usage.
670 675
671 676
672 677 nwait
673 678
674 679 Number of threads on cap wait queue.
675 680
676 681
677 682 usage
678 683
679 684 Current aggregated CPU usage for all threads belonging to a capped
680 685 project or zone, in terms of a percentage of a single CPU.
681 686
682 687
683 688 value
684 689
685 690 The cap value, in terms of a percentage of a single CPU.
686 691
687 692
688 693 zonename
689 694
690 695 Name of the zone for which statistics are displayed.
691 696
692 697
693 698
694 699 See EXAMPLES for sample output from a kstat command.
695 700
696 701 OPTIONS
697 702 The following options are supported:
698 703
699 704 -f command_file
700 705
701 706 Specify the name of zonecfg command file. command_file is a text
702 707 file of zonecfg subcommands, one per line.
703 708
704 709
705 710 -z zonename
706 711
707 712 Specify the name of a zone. Zone names are case sensitive. Zone
708 713 names must begin with an alphanumeric character and can contain
709 714 alphanumeric characters, the underscore (_) the hyphen (-), and the
710 715 dot (.). The name global and all names beginning with SUNW are
711 716 reserved and cannot be used.
712 717
713 718
714 719 SUBCOMMANDS
715 720 You can use the add and select subcommands to select a specific
716 721 resource, at which point the scope changes to that resource. The end
717 722 and cancel subcommands are used to complete the resource specification,
718 723 at which time the scope is reverted back to global. Certain
719 724 subcommands, such as add, remove and set, have different semantics in
720 725 each scope.
721 726
722 727
723 728 zonecfg supports a semicolon-separated list of subcommands. For
724 729 example:
725 730
726 731 # zonecfg -z myzone "add net; set physical=myvnic; end"
727 732
728 733
729 734
730 735
731 736 Subcommands which can result in destructive actions or loss of work
732 737 have an -F option to force the action. If input is from a terminal
733 738 device, the user is prompted when appropriate if such a command is
734 739 given without the -F option otherwise, if such a command is given
735 740 without the -F option, the action is disallowed, with a diagnostic
736 741 message written to standard error.
737 742
738 743
739 744 The following subcommands are supported:
740 745
741 746 add resource-type (global scope)
742 747 add property-name property-value (resource scope)
743 748
744 749 In the global scope, begin the specification for a given resource
745 750 type. The scope is changed to that resource type.
746 751
747 752 In the resource scope, add a property of the given name with the
748 753 given value. The syntax for property values varies with different
749 754 property types. In general, it is a simple value or a list of
750 755 simple values enclosed in square brackets, separated by commas
751 756 ([foo,bar,baz]). See PROPERTIES.
752 757
753 758
754 759 cancel
755 760
756 761 End the resource specification and reset scope to global. Abandons
757 762 any partially specified resources. cancel is only applicable in the
758 763 resource scope.
759 764
760 765
761 766 clear property-name
762 767
763 768 Clear the value for the property.
764 769
765 770
766 771 commit
767 772
768 773 Commit the current configuration from memory to stable storage. The
769 774 configuration must be committed to be used by zoneadm. Until the
770 775 in-memory configuration is committed, you can remove changes with
771 776 the revert subcommand. The commit operation is attempted
772 777 automatically upon completion of a zonecfg session. Since a
773 778 configuration must be correct to be committed, this operation
774 779 automatically does a verify.
775 780
776 781
777 782 create [-F] [ -a path |-b | -t template]
778 783
779 784 Create an in-memory configuration for the specified zone. Use
780 785 create to begin to configure a new zone. See commit for saving this
781 786 to stable storage.
782 787
783 788 If you are overwriting an existing configuration, specify the -F
784 789 option to force the action. Specify the -t template option to
785 790 create a configuration identical to template, where template is the
786 791 name of a configured zone.
787 792
788 793 Use the -a path option to facilitate configuring a detached zone on
789 794 a new host. The path parameter is the zonepath location of a
790 795 detached zone that has been moved on to this new host. Once the
791 796 detached zone is configured, it should be installed using the
792 797 "zoneadm attach" command (see zoneadm(1M)). All validation of the
793 798 new zone happens during the attach process, not during zone
794 799 configuration.
795 800
796 801 Use the -b option to create a blank configuration. Without
797 802 arguments, create applies the Sun default settings.
798 803
799 804
800 805 delete [-F]
801 806
802 807 Delete the specified configuration from memory and stable storage.
803 808 This action is instantaneous, no commit is necessary. A deleted
804 809 configuration cannot be reverted.
805 810
806 811 Specify the -F option to force the action.
807 812
808 813
809 814 end
810 815
811 816 End the resource specification. This subcommand is only applicable
812 817 in the resource scope. zonecfg checks to make sure the current
813 818 resource is completely specified. If so, it is added to the in-
814 819 memory configuration (see commit for saving this to stable storage)
815 820 and the scope reverts to global. If the specification is
816 821 incomplete, it issues an appropriate error message.
817 822
818 823
819 824 export [-f output-file]
820 825
821 826 Print configuration to standard output. Use the -f option to print
822 827 the configuration to output-file. This option produces output in a
823 828 form suitable for use in a command file.
824 829
825 830
826 831 help [usage] [subcommand] [syntax] [command-name]
827 832
828 833 Print general help or help about given topic.
829 834
830 835
831 836 info zonename | zonepath | autoboot | brand | pool | limitpriv
832 837 info [resource-type [property-name=property-value]*]
833 838
834 839 Display information about the current configuration. If resource-
835 840 type is specified, displays only information about resources of the
836 841 relevant type. If any property-name value pairs are specified,
837 842 displays only information about resources meeting the given
838 843 criteria. In the resource scope, any arguments are ignored, and
839 844 info displays information about the resource which is currently
840 845 being added or modified.
841 846
842 847
843 848 remove resource-type{property-name=property -value}(global scope)
844 849
845 850 In the global scope, removes the specified resource. The [] syntax
846 851 means 0 or more of whatever is inside the square braces. If you
847 852 want only to remove a single instance of the resource, you must
848 853 specify enough property name-value pairs for the resource to be
849 854 uniquely identified. If no property name-value pairs are specified,
850 855 all instances will be removed. If there is more than one pair is
851 856 specified, a confirmation is required, unless you use the -F
852 857 option.
853 858
854 859
855 860 select resource-type {property-name=property-value}
856 861
857 862 Select the resource of the given type which matches the given
858 863 property-name property-value pair criteria, for modification. This
859 864 subcommand is applicable only in the global scope. The scope is
860 865 changed to that resource type. The {} syntax means 1 or more of
861 866 whatever is inside the curly braces. You must specify enough
862 867 property -name property-value pairs for the resource to be uniquely
863 868 identified.
864 869
865 870
866 871 set property-name=property-value
867 872
868 873 Set a given property name to the given value. Some properties (for
869 874 example, zonename and zonepath) are global while others are
870 875 resource-specific. This subcommand is applicable in both the global
871 876 and resource scopes.
872 877
873 878
874 879 verify
875 880
876 881 Verify the current configuration for correctness:
877 882
878 883 o All resources have all of their required properties
879 884 specified.
880 885
881 886 o A zonepath is specified.
882 887
883 888
884 889 revert [-F]
885 890
886 891 Revert the configuration back to the last committed state. The -F
887 892 option can be used to force the action.
888 893
889 894
890 895 exit [-F]
891 896
892 897 Exit the zonecfg session. A commit is automatically attempted if
893 898 needed. You can also use an EOF character to exit zonecfg. The -F
894 899 option can be used to force the action.
895 900
896 901
897 902 EXAMPLES
898 903 Example 1 Creating the Environment for a New Zone
899 904
900 905
901 906 In the following example, zonecfg creates the environment for a new
902 907 zone. /usr/local is loopback mounted from the global zone into
903 908 /opt/local. /opt/sfw is loopback mounted from the global zone, three
904 909 logical network interfaces are added, and a limit on the number of
905 910 fair-share scheduler (FSS) CPU shares for a zone is set using the rctl
906 911 resource type. The example also shows how to select a given resource
907 912 for modification.
908 913
909 914
910 915 example# zonecfg -z myzone3
911 916 my-zone3: No such zone configured
912 917 Use 'create' to begin configuring a new zone.
913 918 zonecfg:myzone3> create
914 919 zonecfg:myzone3> set zonepath=/export/home/my-zone3
915 920 zonecfg:myzone3> set autoboot=true
916 921 zonecfg:myzone3> add fs
917 922 zonecfg:myzone3:fs> set dir=/usr/local
918 923 zonecfg:myzone3:fs> set special=/opt/local
919 924 zonecfg:myzone3:fs> set type=lofs
920 925 zonecfg:myzone3:fs> add options [ro,nodevices]
921 926 zonecfg:myzone3:fs> end
922 927 zonecfg:myzone3> add fs
923 928 zonecfg:myzone3:fs> set dir=/mnt
924 929 zonecfg:myzone3:fs> set special=/dev/dsk/c0t0d0s7
925 930 zonecfg:myzone3:fs> set raw=/dev/rdsk/c0t0d0s7
926 931 zonecfg:myzone3:fs> set type=ufs
927 932 zonecfg:myzone3:fs> end
928 933 zonecfg:myzone3> add net
929 934 zonecfg:myzone3:net> set address=192.168.0.1/24
930 935 zonecfg:myzone3:net> set physical=eri0
931 936 zonecfg:myzone3:net> end
932 937 zonecfg:myzone3> add net
933 938 zonecfg:myzone3:net> set address=192.168.1.2/24
934 939 zonecfg:myzone3:net> set physical=eri0
935 940 zonecfg:myzone3:net> end
936 941 zonecfg:myzone3> add net
937 942 zonecfg:myzone3:net> set address=192.168.2.3/24
938 943 zonecfg:myzone3:net> set physical=eri0
939 944 zonecfg:myzone3:net> end
940 945 zonecfg:my-zone3> set cpu-shares=5
941 946 zonecfg:my-zone3> add capped-memory
942 947 zonecfg:my-zone3:capped-memory> set physical=50m
943 948 zonecfg:my-zone3:capped-memory> set swap=100m
944 949 zonecfg:my-zone3:capped-memory> end
945 950 zonecfg:myzone3> exit
946 951
947 952
948 953
949 954 Example 2 Creating a Non-Native Zone
950 955
951 956
952 957 The following example creates a new Linux zone:
953 958
954 959
955 960 example# zonecfg -z lxzone
956 961 lxzone: No such zone configured
957 962 Use 'create' to begin configuring a new zone
958 963 zonecfg:lxzone> create -t SUNWlx
959 964 zonecfg:lxzone> set zonepath=/export/zones/lxzone
960 965 zonecfg:lxzone> set autoboot=true
961 966 zonecfg:lxzone> exit
962 967
963 968
964 969
965 970 Example 3 Creating an Exclusive-IP Zone
966 971
967 972
968 973 The following example creates a zone that is granted exclusive access
969 974 to bge1 and bge33000 and that is isolated at the IP layer from the
970 975 other zones configured on the system.
971 976
972 977
973 978
974 979 The IP addresses and routing is configured inside the new zone using
975 980 sysidtool(1M).
976 981
977 982
978 983 example# zonecfg -z excl
979 984 excl: No such zone configured
980 985 Use 'create' to begin configuring a new zone
981 986 zonecfg:excl> create
982 987 zonecfg:excl> set zonepath=/export/zones/excl
983 988 zonecfg:excl> set ip-type=exclusive
984 989 zonecfg:excl> add net
985 990 zonecfg:excl:net> set physical=bge1
986 991 zonecfg:excl:net> end
987 992 zonecfg:excl> add net
988 993 zonecfg:excl:net> set physical=bge33000
989 994 zonecfg:excl:net> end
990 995 zonecfg:excl> exit
991 996
992 997
993 998
994 999 Example 4 Associating a Zone with a Resource Pool
995 1000
996 1001
997 1002 The following example shows how to associate an existing zone with an
998 1003 existing resource pool:
999 1004
1000 1005
1001 1006 example# zonecfg -z myzone
1002 1007 zonecfg:myzone> set pool=mypool
1003 1008 zonecfg:myzone> exit
1004 1009
1005 1010
1006 1011
1007 1012
1008 1013 For more information about resource pools, see pooladm(1M) and
1009 1014 poolcfg(1M).
1010 1015
1011 1016
1012 1017 Example 5 Changing the Name of a Zone
1013 1018
1014 1019
1015 1020 The following example shows how to change the name of an existing zone:
1016 1021
1017 1022
1018 1023 example# zonecfg -z myzone
1019 1024 zonecfg:myzone> set zonename=myzone2
1020 1025 zonecfg:myzone2> exit
1021 1026
1022 1027
1023 1028
1024 1029 Example 6 Changing the Privilege Set of a Zone
1025 1030
1026 1031
1027 1032 The following example shows how to change the set of privileges an
1028 1033 existing zone's processes will be limited to the next time the zone is
1029 1034 booted. In this particular case, the privilege set will be the standard
1030 1035 safe set of privileges a zone normally has along with the privilege to
1031 1036 change the system date and time:
1032 1037
1033 1038
1034 1039 example# zonecfg -z myzone
1035 1040 zonecfg:myzone> set limitpriv="default,sys_time"
1036 1041 zonecfg:myzone2> exit
1037 1042
1038 1043
1039 1044
1040 1045 Example 7 Setting the zone.cpu-shares Property for the Global Zone
1041 1046
1042 1047
1043 1048 The following command sets the zone.cpu-shares property for the global
1044 1049 zone:
1045 1050
1046 1051
1047 1052 example# zonecfg -z global
1048 1053 zonecfg:global> set cpu-shares=5
1049 1054 zonecfg:global> exit
1050 1055
1051 1056
1052 1057
1053 1058 Example 8 Using Pattern Matching
1054 1059
1055 1060
1056 1061 The following commands illustrate zonecfg support for pattern matching.
1057 1062 In the zone flexlm, enter:
1058 1063
1059 1064
1060 1065 zonecfg:flexlm> add device
1061 1066 zonecfg:flexlm:device> set match="/dev/cua/a00[2-5]"
1062 1067 zonecfg:flexlm:device> end
1063 1068
1064 1069
1065 1070
1066 1071
1067 1072 In the global zone, enter:
1068 1073
1069 1074
1070 1075 global# ls /dev/cua
1071 1076 a a000 a001 a002 a003 a004 a005 a006 a007 b
1072 1077
1073 1078
1074 1079
1075 1080
1076 1081 In the zone flexlm, enter:
1077 1082
1078 1083
1079 1084 flexlm# ls /dev/cua
1080 1085 a002 a003 a004 a005
1081 1086
1082 1087
1083 1088
1084 1089 Example 9 Setting a Cap for a Zone to Three CPUs
1085 1090
1086 1091
1087 1092 The following sequence uses the zonecfg command to set the CPU cap for
1088 1093 a zone to three CPUs.
1089 1094
1090 1095
1091 1096 zonecfg:myzone> add capped-cpu
1092 1097 zonecfg:myzone>capped-cpu> set ncpus=3
1093 1098 zonecfg:myzone>capped-cpu>capped-cpu> end
1094 1099
1095 1100
1096 1101
1097 1102
1098 1103 The preceding sequence, which uses the capped-cpu property, is
1099 1104 equivalent to the following sequence, which makes use of the zone.cpu-
1100 1105 cap resource control.
1101 1106
1102 1107
1103 1108 zonecfg:myzone> add rctl
1104 1109 zonecfg:myzone:rctl> set name=zone.cpu-cap
1105 1110 zonecfg:myzone:rctl> add value (priv=privileged,limit=300,action=none)
1106 1111 zonecfg:myzone:rctl> end
1107 1112
1108 1113
1109 1114
1110 1115 Example 10 Using kstat to Monitor CPU Caps
1111 1116
1112 1117
1113 1118 The following command displays information about all CPU caps.
1114 1119
1115 1120
1116 1121 # kstat -n /cpucaps/
1117 1122 module: caps instance: 0
1118 1123 name: cpucaps_project_0 class: project_caps
1119 1124 above_sec 0
1120 1125 below_sec 2157
1121 1126 crtime 821.048183159
1122 1127 maxusage 2
1123 1128 nwait 0
1124 1129 snaptime 235885.637253027
1125 1130 usage 0
1126 1131 value 18446743151372347932
1127 1132 zonename global
1128 1133
1129 1134 module: caps instance: 0
1130 1135 name: cpucaps_project_1 class: project_caps
1131 1136 above_sec 0
1132 1137 below_sec 0
1133 1138 crtime 225339.192787265
1134 1139 maxusage 5
1135 1140 nwait 0
1136 1141 snaptime 235885.637591677
1137 1142 usage 5
1138 1143 value 18446743151372347932
1139 1144 zonename global
1140 1145
1141 1146 module: caps instance: 0
1142 1147 name: cpucaps_project_201 class: project_caps
1143 1148 above_sec 0
1144 1149 below_sec 235105
1145 1150 crtime 780.37961782
1146 1151 maxusage 100
1147 1152 nwait 0
1148 1153 snaptime 235885.637789687
1149 1154 usage 43
1150 1155 value 100
1151 1156 zonename global
1152 1157
1153 1158 module: caps instance: 0
1154 1159 name: cpucaps_project_202 class: project_caps
1155 1160 above_sec 0
1156 1161 below_sec 235094
1157 1162 crtime 791.72983782
1158 1163 maxusage 100
1159 1164 nwait 0
1160 1165 snaptime 235885.637967512
1161 1166 usage 48
1162 1167 value 100
1163 1168 zonename global
1164 1169
1165 1170 module: caps instance: 0
1166 1171 name: cpucaps_project_203 class: project_caps
1167 1172 above_sec 0
1168 1173 below_sec 235034
1169 1174 crtime 852.104401481
1170 1175 maxusage 75
1171 1176 nwait 0
1172 1177 snaptime 235885.638144304
1173 1178 usage 47
1174 1179 value 100
1175 1180 zonename global
1176 1181
1177 1182 module: caps instance: 0
1178 1183 name: cpucaps_project_86710 class: project_caps
1179 1184 above_sec 22
1180 1185 below_sec 235166
1181 1186 crtime 698.441717859
1182 1187 maxusage 101
1183 1188 nwait 0
1184 1189 snaptime 235885.638319871
1185 1190 usage 54
1186 1191 value 100
1187 1192 zonename global
1188 1193
1189 1194 module: caps instance: 0
1190 1195 name: cpucaps_zone_0 class: zone_caps
1191 1196 above_sec 100733
1192 1197 below_sec 134332
1193 1198 crtime 821.048177123
1194 1199 maxusage 207
1195 1200 nwait 2
1196 1201 snaptime 235885.638497731
1197 1202 usage 199
1198 1203 value 200
1199 1204 zonename global
1200 1205
1201 1206 module: caps instance: 1
1202 1207 name: cpucaps_project_0 class: project_caps
1203 1208 above_sec 0
1204 1209 below_sec 0
1205 1210 crtime 225360.256448422
1206 1211 maxusage 7
1207 1212 nwait 0
1208 1213 snaptime 235885.638714404
1209 1214 usage 7
1210 1215 value 18446743151372347932
1211 1216 zonename test_001
1212 1217
1213 1218 module: caps instance: 1
1214 1219 name: cpucaps_zone_1 class: zone_caps
1215 1220 above_sec 2
1216 1221 below_sec 10524
1217 1222 crtime 225360.256440278
1218 1223 maxusage 106
1219 1224 nwait 0
1220 1225 snaptime 235885.638896443
1221 1226 usage 7
1222 1227 value 100
1223 1228 zonename test_001
1224 1229
1225 1230
1226 1231
1227 1232 Example 11 Displaying CPU Caps for a Specific Zone or Project
1228 1233
1229 1234
1230 1235 Using the kstat -c and -i options, you can display CPU caps for a
1231 1236 specific zone or project, as below. The first command produces a
1232 1237 display for a specific project, the second for the same project within
1233 1238 zone 1.
1234 1239
1235 1240
1236 1241 # kstat -c project_caps
1237 1242
1238 1243 # kstat -c project_caps -i 1
1239 1244
1240 1245
1241 1246
1242 1247 EXIT STATUS
1243 1248 The following exit values are returned:
1244 1249
1245 1250 0
1246 1251
1247 1252 Successful completion.
1248 1253
1249 1254
1250 1255 1
1251 1256
1252 1257 An error occurred.
1253 1258
1254 1259
1255 1260 2
1256 1261
1257 1262 Invalid usage.
1258 1263
1259 1264
1260 1265 ATTRIBUTES
1261 1266 See attributes(5) for descriptions of the following attributes:
1262 1267
1263 1268
1264 1269
|
↓ open down ↓ |
770 lines elided |
↑ open up ↑ |
1265 1270
1266 1271 +--------------------+-----------------+
1267 1272 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
1268 1273 +--------------------+-----------------+
1269 1274 |Interface Stability | Volatile |
1270 1275 +--------------------+-----------------+
1271 1276
1272 1277 SEE ALSO
1273 1278 ppriv(1), prctl(1), zlogin(1), kstat(1M), mount(1M), pooladm(1M),
1274 1279 poolcfg(1M), poold(1M), rcapd(1M), rctladm(1M), svcadm(1M),
1275 - sysidtool(1M), zfs(1M), zoneadm(1M), priv_str_to_set(3C),
1280 + sysidtool(1M), zfs(1M), zoneadm(1M), priocntl(2), priv_str_to_set(3C),
1276 1281 kstat(3KSTAT), vfstab(4), attributes(5), brands(5), fnmatch(5), lx(5),
1277 1282 privileges(5), resource_controls(5), zones(5)
1278 1283
1279 1284
1280 1285 System Administration Guide: Solaris Containers-Resource Management,
1281 1286 and Solaris Zones
1282 1287
1283 1288 NOTES
1284 1289 All character data used by zonecfg must be in US-ASCII encoding.
1285 1290
1286 1291
1287 1292
1288 - February 28, 2014 ZONECFG(1M)
1293 + November 4, 2015 ZONECFG(1M)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX