Oracle Solaris 11 Networking and Virtualization with Zones

This concise post is intended to be used as reference rather than a detailed explanation, so please excuse any apparent brevity.  A more comprehensive explanation can be found here.

The basic steps of creating a zone, installing a zone, installing services in a zone, cloning a zone and monitoring resource use are all set out below in the sequential, logical order that they would be performed.

Create a ZFS Filesystem, VNIC and Configure a Zone

Note:  You first “configure” a zone, then “install” the zone.  zoneadm list -cv displays their statuses as “installed” and “running” respectively.

zfs create -o mountpoint=/zones rpool/zones

zfs list rpool/zones

dladm create-vnic -l net0 vnic1

zonecfg -z zone1

zoneadm list -cv shows all zones on the system, namely the global zone and the zone1 zone created above.

Install the zone

Before installing the zone with its own instance of Solaris (that’s basically the definition of a zone, i.e. a cordoned off install of Solaris, running on the Solaris “global zone”), you should create a System Profile first.  A System Profile is an answer file in .xml format, built by answering the same on-screen questions as when you installed the Global Zone originally, i.e. hostname, NIC, IP Address, DNS addresses, Timezone and so on.

sysconfig create-profile -o zone1-profile.xml

F2 you’re way through the screens, filling in the fields as required before being dropped back to the command prompt.

Next, proceed with installing your zone…

zoneadm -z zone1 install -c /root/zone1-profile.xml

As you can see, it took about 10 minutes to install the first zone.  Subsequent zones, install much quicker.  Although installed, the zone is not automatically booted.

zoneadm list -cv

Boot the Zone

zoneadm -z zone1 boot

zoneadm list -cv

Login to Zone

zlogin -C zone1

Note that you cannot login as root.  This is because roles cannot log in to zones directly.  It’s part of the Secure-by-Default configuration’s Role Based Access Control feature’s Root-as-a-Role Security feature.

You must log in with the account created during the creation of the System Profile, prior to installing the zone.  The you can su – to the root user once logged in.  This is much like Linux with it’s sudoers mechanism.

View Network Status



Install Apache Web Server in the Zone.

pkg install apache-22

svcadm enable apache22

svcs apache22

Connect to the ip address of your zone from your web browser to see the “It Works!” message from Apache.

Note that this file is contained in /var/apache2/2.2/htdocs/index.html and can be modified to reflect the name of the zone youre logged into as proof its the zones webserver responding, not the global zone’s.

Create VNIC for second zone

Performed as root, logged on to the global zone.

dladm create -vnic -l net0 vnic2

zonecfs -z zone2


set zonepath=/zones/zone2

add net

set physical=nvic2



Clone a Zone

You can only clone a zone if it’s not online.  Halt the zone you want to clone.

zoneadm -z zone1 halt

zoneadm -z zone2 clone -c /root/zone2-profile.xml zone1

Run through the service profile screens completing the fields unique to the cloned zone, eg. hostname, VNIC and IP address.

zoneadm -z zone2 clone -c /root/zone2-profile.xml zone1

Within seconds you’ll see the clone process has completed.

Boot cloned zone

zoneadm -z zone2 boot

zoneadm list -cv

You can see that the zone1 is still down from when it was cloned, but zone2 is now running.  Don’t forget to reboot zone1 too if it’s intended to be online.

It takes a little while before the booted clone will have started all its network services.

Log in to Clone

Log into the cloned zone, and view the IP configuration.

zlogin zone2


Check apache is running…

svcs apache22

It’s running!  No need to install apache as the zone was cloned from an existing zone with apache already installed.

Monitoring zones

Start zone1 so that both zones are running

zoneadm -z zone1 boot

zoneadm -list -cv

You can monitor zones using a single command, zonestat

zonestat 2 (where 2 is the number of seconds between each monitoring interval/collection of resource use data)

Zonestat can be used to summarise resource use over a long period of time.





Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.