Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

System Administration Guide: Virtualization Using the Solaris Operating System
Previous Next

lx Branded Zone Configuration Components

This section covers the following components:

  • Zone resources and properties that can be configured using the zonecfg command

  • Resources included in the configuration by default

Zone Name and Zone Path in an lx Branded Zone

You must choose a name and a path for your zone.

Zone Autoboot in an lx Branded Zone

The autoboot property setting determines whether the zone is automatically booted when the global zone is booted.

Resource Pool Association in an lx Branded Zone

If you have configured resource pools on your system as described in Chapter 13, Creating and Administering Resource Pools (Tasks), you can use the pool property to associate the zone with one of the resource pools when you configure the zone.

If you do not have resource pools configured, you can still specify that a subset of the system's processors be dedicated to a non-global zone while it is running by using the dedicated-cpu resource. The system will dynamically create a temporary pool for use while the zone is running.

Note - A zone configuration using a persistent pool set through the pool property is incompatible with a temporary pool configured through the dedicated-cpu resource. You can set only one of these two properties.

Specifying the dedicated-cpu Resource

The dedicated-cpu resource specifies that a subset of the system's processors should be dedicated to a non-global zone while it is running. When the zone boots, the system will dynamically create a temporary pool for use while the zone is running.

Note that with specification in zonecfg, pool settings propagate during migrations.

The dedicated-cpu resource sets limits for ncpus, and optionally, importance.

ncpus

Specify the number of CPUs or specify a range, such as 2–4 CPUs. If you specify a range because you want dynamic resource pool behavior, also do the following:

importance

If you are using a CPU range to achieve dynamic behavior, also set the importance property, The importance property, which is optional, defines the relative importance of the pool. This property is only needed when you specify a range for ncpus and are using dynamic resource pools managed by poold. If poold is not running, then importance is ignored. If poold is running and importance is not set, importance defaults to 1. For more information, see pool.importance Property Constraint.

Caution - The cpu-shares rctl and the dedicated-cpu resource are incompatible.

Specifying the capped-cpu Resource

The capped-cpu resource provides an absolute limit on the amount of CPU resources that can be consumed by a project or a zone. The capped-cpu resource has a single ncpus property that is a positive decimal with two digits to the right of the decimal. This property corresponds to units of CPUs. The resource does not accept a range. The resource does accept a decimal number. When specifying ncpus, a value of 1 means 100 percent of a CPU. A value of 1.25 means 125 percent, because 100 percent corresponds to one full CPU on the system.

Note - The capped-cpu resource and the dedicated-cpu resource are incompatible.

Scheduling Class in a Zone

You can use the fair share scheduler (FSS) to control the allocation of available CPU resources among zones, based on the importance of the workloads in the zone. This importance is expressed by the number of shares of CPU resources that you assign to each zone. Even if you are not using FSS to manage CPU resource allocation between zones, you can set the zone's scheduling-class to use FSS so that you can set shares on projects within the zone.

When you explicitly set the cpu-shares property, the fair share scheduler (FSS) will be used as the scheduling class for that zone. However, the preferred way to use FSS in this case is to set FSS to be the system default scheduling class with the dispadmin command. That way, all zones will benefit from getting a fair share of the system CPU resources. If cpu-shares is not set for a zone, the zone will use the system default scheduling class. The following actions set the scheduling class for a zone:

  • You can use the scheduling-class property in zonecfg to set the scheduling class for the zone.

  • You can set the scheduling class for a zone through the resource pools facility. If the zone is associated with a pool that has its pool.scheduler property set to a valid scheduling class, then processes running in the zone run in that scheduling class by default. See Introduction to Resource Pools and How to Associate a Pool With a Scheduling Class.

  • If the cpu-shares rctl is set and FSS has not been set as the scheduling class for the zone through another action, zoneadmd sets the scheduling class to FSS when the zone boots.

  • If the scheduling class is not set through any other action, the zone inherits the system default scheduling class.

Note that you can use the priocntl described in the priocntl(1) man page to move running processes into a different scheduling class without changing the default scheduling class and rebooting.

capped-memory Resource

The capped-memory resource sets limits for physical, swap, and locked memory. Each limit is optional, but at least one must be set.

  • Determine values for this resource if you plan to cap memory for the zone by using rcapd from the global zone. The physical property of the capped-memory resource is used by rcapd as the max-rss value for the zone.

  • The swap property of the capped-memory resource is the preferred way to set the zone.max-swap resource control.

  • The locked property of the capped-memory resource is the preferred way to set the zone.max-locked-memory resource control.

For more information, see Chapter 10, Physical Memory Control Using the Resource Capping Daemon (Overview), Chapter 11, Administering the Resource Capping Daemon (Tasks), and How to Configure the lx Branded Zone.

Zone Network Interfaces in an lx Branded Zone

Only the shared-IP network configuration is supported in an lx branded zone.

Each zone that requires network connectivity must have one or more dedicated IP addresses. These addresses are associated with logical network interfaces. Network interfaces configured by the zonecfg command will automatically be set up and placed in the zone when it is booted.

Mounted File Systems in an lx Branded Zone

Generally, the file systems mounted in a zone include the following:

  • The set of file systems mounted when the virtual platform is initialized

  • The set of file systems mounted from within the zone itself

This can include, for example, the following file systems:

  • automount-triggered mounts

  • Mounts explicitly performed by a zone administrator

Certain restrictions are placed on mounts performed from within the application environment. These restrictions prevent the zone administrator from denying service to the rest of the system, or otherwise negatively impacting other zones.

There are security restrictions associated with mounting certain file systems from within a zone. Other file systems exhibit special behavior when mounted in a zone. See File Systems and Non-Global Zones for more information.

Zone-Wide Resource Controls in an lx Branded Zone

The preferred, simpler method for setting a zone-wide resource control is to use the property name instead of the rctl resource. These limits are specified for both the global and non-global zones.

The global administrator can also set privileged zone-wide resource controls for a zone by using the rctl resource.

Zone-wide resource controls limit the total resource usage of all process entities within a zone. These limits are specified for both the global and non-global zones by using the zonecfg command. For instructions, see How to Configure the lx Branded Zone.

The following resource controls are currently available:

Table 30-1 Zone-Wide Resource Controls

Control Name

Global Property Name

Description

Default Unit

Value Used For

zone.cpu-cap

Absolute limit on the amount of CPU resources for this zone. A value of 100 means 100 percent of one CPU as the project.cpu-cap setting. A value of 125 is 125 percent, because 100 percent corresponds to one full CPU on the system when using CPU caps.

Quantity (number of CPUs)

zone.cpu-shares

cpu-shares

Number of fair share scheduler (FSS) CPU shares for this zone.

Quantity (shares)

zone.max-locked-memory.

Total amount of physical locked memory available to a zone.

If the privilege priv_proc_lock_memory is assigned to a zone, consider setting this resource control as well, to prevent that zone from locking all memory.

Size (bytes)

locked property of capped-memory

zone.max-lwps

max-lwps

Maximum number of LWPs simultaneously available to this zone.

Quantity (LWPs)

zone.max-msg-ids

max-msg-ids

Maximum number of message queue IDs allowed for this zone.

Quantity (message queue IDs)

zone.max-sem-ids

max-sem-ids

Maximum number of semaphore IDs allowed for this zone.

Quantity (semaphore IDs)

zone.max-shm-ids

max-shm-ids

Maximum number of shared memory IDs allowed for this zone.

Quantity (shared memory IDs)

zone.max-shm-memory

max-shm-memory

Total amount of System V shared memory allowed for this zone.

Size (bytes)

zone.max-swap

Total amount of swap that can be consumed by user process address space mappings and tmpfs mounts for this zone.

Size (bytes)

swap property of capped-memory

Configurable Privileges in an lx Branded Zone

The limitpriv property is used to specify a privilege mask other than the predefined default set. When a zone is booted, a default set of privileges is included in the brand configuration. These privileges are considered safe because they prevent a privileged process in the zone from affecting processes in other non-global zones on the system or in the global zone. You can use the limitpriv property to do the following:

  • Add to the default set of privileges, understanding that such changes might allow processes in one zone to affect processes in other zones by being able to control a global resource.

  • Remove from the default set of privileges, understanding that such changes might prevent some processes from operating correctly if they require those privileges to run.

Note - There are a few privileges that cannot be removed from the zone's default privilege set, and there are also a few privileges that cannot be added to the set at this time.

For more information, see Privileges Defined in lx Branded Zones, Privileges in a Non-Global Zone and privileges(5).

attr Resource in an lx Branded Zone

You can use the attr resource type to enable access to an audio device present in the global zone. For instructions, see Step 12 of How to Configure, Verify, and Commit the lx Branded Zone.

You can also add a comment for a zone by using the attr resource type.
Previous Next

 
 
  Published under the terms fo the Public Documentation License Version 1.01. Design by Interspire