Print this page
manpage lint.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1m/zonecfg.1m
+++ new/usr/src/man/man1m/zonecfg.1m
1 1 '\" te
2 2 .\" Copyright (c) 2004, 2009 Sun Microsystems, Inc. All Rights Reserved.
3 3 .\" Copyright 2013 Joyent, Inc. All Rights Reserved.
4 4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
5 5 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
6 6 .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 7 .TH ZONECFG 1M "Feb 28, 2014"
8 8 .SH NAME
9 9 zonecfg \- set up zone configuration
10 10 .SH SYNOPSIS
11 11 .LP
12 12 .nf
13 13 \fBzonecfg\fR \fB-z\fR \fIzonename\fR
14 14 .fi
15 15
16 16 .LP
17 17 .nf
18 18 \fBzonecfg\fR \fB-z\fR \fIzonename\fR \fIsubcommand\fR
19 19 .fi
20 20
21 21 .LP
22 22 .nf
23 23 \fBzonecfg\fR \fB-z\fR \fIzonename\fR \fB-f\fR \fIcommand_file\fR
24 24 .fi
25 25
26 26 .LP
27 27 .nf
28 28 \fBzonecfg\fR help
29 29 .fi
30 30
31 31 .SH DESCRIPTION
32 32 .sp
33 33 .LP
34 34 The \fBzonecfg\fR utility creates and modifies the configuration of a zone.
35 35 Zone configuration consists of a number of resources and properties.
36 36 .sp
37 37 .LP
38 38 To simplify the user interface, \fBzonecfg\fR uses the concept of a scope. The
39 39 default scope is global.
40 40 .sp
41 41 .LP
42 42 The following synopsis of the \fBzonecfg\fR command is for interactive usage:
43 43 .sp
44 44 .in +2
45 45 .nf
46 46 zonecfg \fB-z\fR \fIzonename subcommand\fR
47 47 .fi
48 48 .in -2
49 49 .sp
50 50
51 51 .sp
52 52 .LP
53 53 Parameters changed through \fBzonecfg\fR do not affect a running zone. The zone
54 54 must be rebooted for the changes to take effect.
55 55 .sp
56 56 .LP
57 57 In addition to creating and modifying a zone, the \fBzonecfg\fR utility can
58 58 also be used to persistently specify the resource management settings for the
59 59 global zone.
60 60 .sp
61 61 .LP
62 62 In the following text, "rctl" is used as an abbreviation for "resource
63 63 control". See \fBresource_controls\fR(5).
64 64 .sp
65 65 .LP
66 66 Every zone is configured with an associated brand. The brand determines the
67 67 user-level environment used within the zone, as well as various behaviors for
68 68 the zone when it is installed, boots, or is shutdown. Once a zone has been
69 69 installed the brand cannot be changed. The default brand is determined by the
70 70 installed distribution in the global zone. Some brands do not support all of
71 71 the \fBzonecfg\fR properties and resources. See the brand-specific man page for
72 72 more details on each brand. For an overview of brands, see the \fBbrands\fR(5)
73 73 man page.
74 74 .SS "Resources"
75 75 .sp
76 76 .LP
77 77 The following resource types are supported:
78 78 .sp
79 79 .ne 2
80 80 .na
81 81 \fB\fBattr\fR\fR
82 82 .ad
83 83 .sp .6
84 84 .RS 4n
85 85 Generic attribute.
86 86 .RE
87 87
88 88 .sp
89 89 .ne 2
90 90 .na
91 91 \fB\fBcapped-cpu\fR\fR
92 92 .ad
93 93 .sp .6
94 94 .RS 4n
95 95 Limits for CPU usage.
96 96 .RE
97 97
98 98 .sp
99 99 .ne 2
100 100 .na
101 101 \fB\fBcapped-memory\fR\fR
102 102 .ad
103 103 .sp .6
104 104 .RS 4n
105 105 Limits for physical, swap, and locked memory.
106 106 .RE
107 107
108 108 .sp
109 109 .ne 2
110 110 .na
111 111 \fB\fBdataset\fR\fR
112 112 .ad
113 113 .sp .6
114 114 .RS 4n
115 115 \fBZFS\fR dataset.
116 116 .RE
117 117
118 118 .sp
119 119 .ne 2
120 120 .na
121 121 \fB\fBdedicated-cpu\fR\fR
122 122 .ad
123 123 .sp .6
124 124 .RS 4n
125 125 Subset of the system's processors dedicated to this zone while it is running.
126 126 .RE
127 127
128 128 .sp
129 129 .ne 2
130 130 .na
131 131 \fB\fBdevice\fR\fR
132 132 .ad
133 133 .sp .6
134 134 .RS 4n
135 135 Device.
136 136 .RE
137 137
138 138 .sp
139 139 .ne 2
140 140 .na
141 141 \fB\fBfs\fR\fR
142 142 .ad
143 143 .sp .6
144 144 .RS 4n
145 145 file-system
146 146 .RE
147 147
148 148 .sp
149 149 .ne 2
150 150 .na
151 151 \fB\fBnet\fR\fR
152 152 .ad
153 153 .sp .6
154 154 .RS 4n
155 155 Network interface.
156 156 .RE
157 157
158 158 .sp
159 159 .ne 2
160 160 .na
161 161 \fB\fBrctl\fR\fR
162 162 .ad
163 163 .sp .6
164 164 .RS 4n
165 165 Resource control.
166 166 .RE
167 167
168 168 .SS "Properties"
169 169 .sp
170 170 .LP
171 171 Each resource type has one or more properties. There are also some global
172 172 properties, that is, properties of the configuration as a whole, rather than of
173 173 some particular resource.
174 174 .sp
175 175 .LP
176 176 The following properties are supported:
177 177 .sp
178 178 .ne 2
179 179 .na
180 180 \fB(global)\fR
181 181 .ad
182 182 .sp .6
183 183 .RS 4n
184 184 \fBzonename\fR
185 185 .RE
186 186
187 187 .sp
188 188 .ne 2
189 189 .na
190 190 \fB(global)\fR
191 191 .ad
192 192 .sp .6
193 193 .RS 4n
194 194 \fBzonepath\fR
195 195 .RE
196 196
197 197 .sp
198 198 .ne 2
199 199 .na
200 200 \fB(global)\fR
201 201 .ad
202 202 .sp .6
203 203 .RS 4n
204 204 \fBautoboot\fR
205 205 .RE
206 206
207 207 .sp
208 208 .ne 2
209 209 .na
210 210 \fB(global)\fR
211 211 .ad
212 212 .sp .6
213 213 .RS 4n
214 214 \fBbootargs\fR
215 215 .RE
216 216
217 217 .sp
218 218 .ne 2
219 219 .na
220 220 \fB(global)\fR
221 221 .ad
222 222 .sp .6
223 223 .RS 4n
224 224 \fBpool\fR
225 225 .RE
226 226
227 227 .sp
228 228 .ne 2
229 229 .na
230 230 \fB(global)\fR
231 231 .ad
232 232 .sp .6
233 233 .RS 4n
234 234 \fBlimitpriv\fR
235 235 .RE
236 236
237 237 .sp
238 238 .ne 2
239 239 .na
240 240 \fB(global)\fR
241 241 .ad
242 242 .sp .6
243 243 .RS 4n
244 244 \fBbrand\fR
245 245 .RE
246 246
247 247 .sp
248 248 .ne 2
249 249 .na
250 250 \fB(global)\fR
251 251 .ad
252 252 .sp .6
253 253 .RS 4n
254 254 \fBcpu-shares\fR
255 255 .RE
256 256
257 257 .sp
258 258 .ne 2
259 259 .na
260 260 \fB(global)\fR
261 261 .ad
262 262 .sp .6
263 263 .RS 4n
264 264 \fBhostid\fR
265 265 .RE
266 266
267 267 .sp
268 268 .ne 2
269 269 .na
270 270 \fB(global)\fR
271 271 .ad
272 272 .sp .6
273 273 .RS 4n
274 274 \fBmax-lwps\fR
275 275 .RE
276 276
277 277 .sp
278 278 .ne 2
279 279 .na
280 280 \fB(global)\fR
281 281 .ad
282 282 .sp .6
283 283 .RS 4n
284 284 \fBmax-msg-ids\fR
285 285 .RE
286 286
287 287 .sp
288 288 .ne 2
289 289 .na
290 290 \fB(global)\fR
291 291 .ad
292 292 .sp .6
293 293 .RS 4n
294 294 \fBmax-sem-ids\fR
295 295 .RE
296 296
297 297 .sp
298 298 .ne 2
299 299 .na
300 300 \fB(global)\fR
301 301 .ad
302 302 .sp .6
303 303 .RS 4n
304 304 \fBmax-shm-ids\fR
305 305 .RE
306 306
307 307 .sp
308 308 .ne 2
309 309 .na
310 310 \fB(global)\fR
311 311 .ad
312 312 .sp .6
313 313 .RS 4n
314 314 \fBmax-shm-memory\fR
315 315 .RE
316 316
317 317 .sp
318 318 .ne 2
319 319 .na
320 320 \fB(global)\fR
321 321 .ad
322 322 .sp .6
323 323 .RS 4n
324 324 \fBscheduling-class\fR
325 325 .RE
326 326
327 327 .sp
328 328 .ne 2
329 329 .na
330 330 .B (global)
331 331 .ad
332 332 .sp .6
333 333 .RS 4n
334 334 .B fs-allowed
335 335 .RE
336 336
337 337 .sp
338 338 .ne 2
339 339 .na
340 340 \fB\fBfs\fR\fR
341 341 .ad
342 342 .sp .6
343 343 .RS 4n
344 344 \fBdir\fR, \fBspecial\fR, \fBraw\fR, \fBtype\fR, \fBoptions\fR
345 345 .RE
346 346
347 347 .sp
348 348 .ne 2
349 349 .na
350 350 \fB\fBnet\fR\fR
351 351 .ad
352 352 .sp .6
353 353 .RS 4n
354 354 \fBaddress\fR, \fBphysical\fR, \fBdefrouter\fR
355 355 .RE
356 356
357 357 .sp
358 358 .ne 2
359 359 .na
360 360 \fB\fBdevice\fR\fR
361 361 .ad
362 362 .sp .6
363 363 .RS 4n
364 364 \fBmatch\fR
365 365 .RE
366 366
367 367 .sp
368 368 .ne 2
369 369 .na
370 370 \fB\fBrctl\fR\fR
371 371 .ad
372 372 .sp .6
373 373 .RS 4n
374 374 \fBname\fR, \fBvalue\fR
375 375 .RE
376 376
377 377 .sp
378 378 .ne 2
379 379 .na
380 380 \fB\fBattr\fR\fR
381 381 .ad
382 382 .sp .6
383 383 .RS 4n
384 384 \fBname\fR, \fBtype\fR, \fBvalue\fR
385 385 .RE
386 386
387 387 .sp
388 388 .ne 2
389 389 .na
390 390 \fB\fBdataset\fR\fR
391 391 .ad
392 392 .sp .6
393 393 .RS 4n
394 394 \fBname\fR
395 395 .RE
396 396
397 397 .sp
398 398 .ne 2
399 399 .na
400 400 \fB\fBdedicated-cpu\fR\fR
401 401 .ad
402 402 .sp .6
403 403 .RS 4n
404 404 \fBncpus\fR, \fBimportance\fR
405 405 .RE
406 406
407 407 .sp
408 408 .ne 2
409 409 .na
410 410 \fB\fBcapped-memory\fR\fR
411 411 .ad
412 412 .sp .6
413 413 .RS 4n
414 414 \fBphysical\fR, \fBswap\fR, \fBlocked\fR
415 415 .RE
416 416
417 417 .sp
418 418 .ne 2
419 419 .na
420 420 \fB\fBcapped-cpu\fR\fR
421 421 .ad
422 422 .sp .6
423 423 .RS 4n
424 424 \fBncpus\fR
425 425 .RE
426 426
427 427 .sp
428 428 .LP
429 429 As for the property values which are paired with these names, they are either
430 430 simple, complex, or lists. The type allowed is property-specific. Simple values
431 431 are strings, optionally enclosed within quotation marks. Complex values have
432 432 the syntax:
433 433 .sp
434 434 .in +2
435 435 .nf
436 436 (<\fIname\fR>=<\fIvalue\fR>,<\fIname\fR>=<\fIvalue\fR>,...)
437 437 .fi
438 438 .in -2
439 439 .sp
440 440
441 441 .sp
442 442 .LP
443 443 where each <\fIvalue\fR> is simple, and the <\fIname\fR> strings are unique
444 444 within a given property. Lists have the syntax:
445 445 .sp
446 446 .in +2
447 447 .nf
448 448 [<\fIvalue\fR>,...]
449 449 .fi
450 450 .in -2
451 451 .sp
452 452
453 453 .sp
454 454 .LP
455 455 where each <\fIvalue\fR> is either simple or complex. A list of a single value
456 456 (either simple or complex) is equivalent to specifying that value without the
457 457 list syntax. That is, "foo" is equivalent to "[foo]". A list can be empty
458 458 (denoted by "[]").
459 459 .sp
460 460 .LP
461 461 In interpreting property values, \fBzonecfg\fR accepts regular expressions as
462 462 specified in \fBfnmatch\fR(5). See \fBEXAMPLES\fR.
463 463 .sp
464 464 .LP
465 465 The property types are described as follows:
466 466 .sp
467 467 .ne 2
468 468 .na
469 469 \fBglobal: \fBzonename\fR\fR
470 470 .ad
471 471 .sp .6
472 472 .RS 4n
473 473 The name of the zone.
474 474 .RE
475 475
476 476 .sp
477 477 .ne 2
478 478 .na
479 479 \fBglobal: \fBzonepath\fR\fR
480 480 .ad
481 481 .sp .6
482 482 .RS 4n
483 483 Path to zone's file system.
484 484 .RE
485 485
486 486 .sp
487 487 .ne 2
488 488 .na
489 489 \fBglobal: \fBautoboot\fR\fR
490 490 .ad
491 491 .sp .6
492 492 .RS 4n
493 493 Boolean indicating that a zone should be booted automatically at system boot.
494 494 Note that if the zones service is disabled, the zone will not autoboot,
495 495 regardless of the setting of this property. You enable the zones service with a
496 496 \fBsvcadm\fR command, such as:
497 497 .sp
498 498 .in +2
499 499 .nf
500 500 # \fBsvcadm enable svc:/system/zones:default\fR
501 501 .fi
502 502 .in -2
503 503 .sp
504 504
505 505 Replace \fBenable\fR with \fBdisable\fR to disable the zones service. See
506 506 \fBsvcadm\fR(1M).
507 507 .RE
508 508
509 509 .sp
510 510 .ne 2
511 511 .na
512 512 \fBglobal: \fBbootargs\fR\fR
513 513 .ad
514 514 .sp .6
515 515 .RS 4n
516 516 Arguments (options) to be passed to the zone bootup, unless options are
517 517 supplied to the "\fBzoneadm boot\fR" command, in which case those take
518 518 precedence. The valid arguments are described in \fBzoneadm\fR(1M).
519 519 .RE
520 520
521 521 .sp
522 522 .ne 2
523 523 .na
524 524 \fBglobal: \fBpool\fR\fR
525 525 .ad
526 526 .sp .6
527 527 .RS 4n
528 528 Name of the resource pool that this zone must be bound to when booted. This
529 529 property is incompatible with the \fBdedicated-cpu\fR resource.
530 530 .RE
531 531
532 532 .sp
533 533 .ne 2
534 534 .na
535 535 \fBglobal: \fBlimitpriv\fR\fR
536 536 .ad
537 537 .sp .6
538 538 .RS 4n
539 539 The maximum set of privileges any process in this zone can obtain. The property
540 540 should consist of a comma-separated privilege set specification as described in
541 541 \fBpriv_str_to_set\fR(3C). Privileges can be excluded from the resulting set by
542 542 preceding their names with a dash (-) or an exclamation point (!). The special
543 543 privilege string "zone" is not supported in this context. If the special string
544 544 "default" occurs as the first token in the property, it expands into a safe set
545 545 of privileges that preserve the resource and security isolation described in
546 546 \fBzones\fR(5). A missing or empty property is equivalent to this same set of
547 547 safe privileges.
548 548 .sp
549 549 The system administrator must take extreme care when configuring privileges for
550 550 a zone. Some privileges cannot be excluded through this mechanism as they are
551 551 required in order to boot a zone. In addition, there are certain privileges
552 552 which cannot be given to a zone as doing so would allow processes inside a zone
553 553 to unduly affect processes in other zones. \fBzoneadm\fR(1M) indicates when an
554 554 invalid privilege has been added or removed from a zone's privilege set when an
555 555 attempt is made to either "boot" or "ready" the zone.
556 556 .sp
557 557 See \fBprivileges\fR(5) for a description of privileges. The command "\fBppriv
558 558 -l\fR" (see \fBppriv\fR(1)) produces a list of all Solaris privileges. You can
559 559 specify privileges as they are displayed by \fBppriv\fR. In
560 560 \fBprivileges\fR(5), privileges are listed in the form
561 561 PRIV_\fIprivilege_name\fR. For example, the privilege \fIsys_time\fR, as you
562 562 would specify it in this property, is listed in \fBprivileges\fR(5) as
563 563 \fBPRIV_SYS_TIME\fR.
564 564 .RE
565 565
566 566 .sp
567 567 .ne 2
568 568 .na
569 569 \fBglobal: \fBbrand\fR\fR
570 570 .ad
571 571 .sp .6
572 572 .RS 4n
573 573 The zone's brand type.
574 574 .RE
575 575
576 576 .sp
577 577 .ne 2
578 578 .na
579 579 \fBglobal: \fBip-type\fR\fR
580 580 .ad
581 581 .sp .6
582 582 .RS 4n
583 583 A zone can either share the IP instance with the global zone, which is the
584 584 default, or have its own exclusive instance of IP.
585 585 .sp
586 586 This property takes the values \fBshared\fR and \fBexclusive\fR.
587 587 .RE
588 588
589 589 .sp
590 590 .ne 2
591 591 .na
592 592 \fBglobal: \fBhostid\fR\fR
593 593 .ad
594 594 .sp .6
595 595 .RS 4n
596 596 A zone can emulate a 32-bit host identifier to ease system consolidation. A
597 597 zone's \fBhostid\fR property is empty by default, meaning that the zone does
598 598 not emulate a host identifier. Zone host identifiers must be hexadecimal values
599 599 between 0 and FFFFFFFE. A \fB0x\fR or \fB0X\fR prefix is optional. Both
600 600 uppercase and lowercase hexadecimal digits are acceptable.
601 601 .RE
602 602
603 603 .sp
604 604 .ne 2
605 605 .na
606 606 \fB\fBfs\fR: dir, special, raw, type, options\fR
607 607 .ad
608 608 .sp .6
609 609 .RS 4n
610 610 Values needed to determine how, where, and so forth to mount file systems. See
611 611 \fBmount\fR(1M), \fBmount\fR(2), \fBfsck\fR(1M), and \fBvfstab\fR(4).
612 612 .RE
613 613
614 614 .sp
615 615 .ne 2
616 616 .na
617 617 \fB\fBnet\fR: address, physical, defrouter\fR
618 618 .ad
619 619 .sp .6
620 620 .RS 4n
621 621 The network address and physical interface name of the network interface. The
622 622 network address is one of:
623 623 .RS +4
624 624 .TP
625 625 .ie t \(bu
626 626 .el o
627 627 a valid IPv4 address, optionally followed by "\fB/\fR" and a prefix length;
628 628 .RE
629 629 .RS +4
630 630 .TP
631 631 .ie t \(bu
632 632 .el o
633 633 a valid IPv6 address, which must be followed by "\fB/\fR" and a prefix length;
634 634 .RE
635 635 .RS +4
636 636 .TP
637 637 .ie t \(bu
638 638 .el o
639 639 a host name which resolves to an IPv4 address.
640 640 .RE
641 641 Note that host names that resolve to IPv6 addresses are not supported.
642 642 .sp
643 643 The physical interface name is the network interface name.
644 644 .sp
645 645 The default router is specified similarly to the network address except that it
646 646 must not be followed by a \fB/\fR (slash) and a network prefix length.
647 647 .sp
648 648 A zone can be configured to be either exclusive-IP or shared-IP. For a
649 649 shared-IP zone, you must set both the physical and address properties; setting
650 650 the default router is optional. The interface specified in the physical
651 651 property must be plumbed in the global zone prior to booting the non-global
652 652 zone. However, if the interface is not used by the global zone, it should be
653 653 configured \fBdown\fR in the global zone, and the default router for the
654 654 interface should be specified here.
655 655 .sp
656 656 For an exclusive-IP zone, the physical property must be set and the address and
657 657 default router properties cannot be set.
658 658 .RE
659 659
660 660 .sp
661 661 .ne 2
662 662 .na
663 663 \fB\fBdevice\fR: match\fR
664 664 .ad
665 665 .sp .6
666 666 .RS 4n
667 667 Device name to match.
668 668 .RE
669 669
670 670 .sp
671 671 .ne 2
672 672 .na
673 673 \fB\fBrctl\fR: name, value\fR
674 674 .ad
675 675 .sp .6
676 676 .RS 4n
677 677 The name and \fIpriv\fR/\fIlimit\fR/\fIaction\fR triple of a resource control.
678 678 See \fBprctl\fR(1) and \fBrctladm\fR(1M). The preferred way to set rctl values
679 679 is to use the global property name associated with a specific rctl.
680 680 .RE
681 681
682 682 .sp
683 683 .ne 2
684 684 .na
685 685 \fB\fBattr\fR: name, type, value\fR
686 686 .ad
687 687 .sp .6
688 688 .RS 4n
689 689 The name, type and value of a generic attribute. The \fBtype\fR must be one of
690 690 \fBint\fR, \fBuint\fR, \fBboolean\fR or \fBstring\fR, and the value must be of
691 691 that type. \fBuint\fR means unsigned , that is, a non-negative integer.
692 692 .RE
693 693
694 694 .sp
695 695 .ne 2
696 696 .na
697 697 \fB\fBdataset\fR: name\fR
698 698 .ad
699 699 .sp .6
700 700 .RS 4n
701 701 The name of a \fBZFS\fR dataset to be accessed from within the zone. See
702 702 \fBzfs\fR(1M).
703 703 .RE
704 704
705 705 .sp
706 706 .ne 2
707 707 .na
708 708 \fBglobal: \fBcpu-shares\fR\fR
709 709 .ad
710 710 .sp .6
711 711 .RS 4n
712 712 The number of Fair Share Scheduler (FSS) shares to allocate to this zone. This
713 713 property is incompatible with the \fBdedicated-cpu\fR resource. This property
714 714 is the preferred way to set the \fBzone.cpu-shares\fR rctl.
715 715 .RE
716 716
717 717 .sp
718 718 .ne 2
719 719 .na
720 720 \fBglobal: \fBmax-lwps\fR\fR
721 721 .ad
722 722 .sp .6
723 723 .RS 4n
724 724 The maximum number of LWPs simultaneously available to this zone. This property
725 725 is the preferred way to set the \fBzone.max-lwps\fR rctl.
726 726 .RE
727 727
728 728 .sp
729 729 .ne 2
730 730 .na
731 731 \fBglobal: \fBmax-msg-ids\fR\fR
732 732 .ad
733 733 .sp .6
734 734 .RS 4n
735 735 The maximum number of message queue IDs allowed for this zone. This property is
736 736 the preferred way to set the \fBzone.max-msg-ids\fR rctl.
737 737 .RE
738 738
739 739 .sp
740 740 .ne 2
741 741 .na
742 742 \fBglobal: \fBmax-sem-ids\fR\fR
743 743 .ad
744 744 .sp .6
745 745 .RS 4n
746 746 The maximum number of semaphore IDs allowed for this zone. This property is the
747 747 preferred way to set the \fBzone.max-sem-ids\fR rctl.
748 748 .RE
749 749
750 750 .sp
751 751 .ne 2
752 752 .na
753 753 \fBglobal: \fBmax-shm-ids\fR\fR
754 754 .ad
755 755 .sp .6
756 756 .RS 4n
757 757 The maximum number of shared memory IDs allowed for this zone. This property is
758 758 the preferred way to set the \fBzone.max-shm-ids\fR rctl.
759 759 .RE
760 760
761 761 .sp
762 762 .ne 2
763 763 .na
764 764 \fBglobal: \fBmax-shm-memory\fR\fR
765 765 .ad
766 766 .sp .6
767 767 .RS 4n
768 768 The maximum amount of shared memory allowed for this zone. This property is the
769 769 preferred way to set the \fBzone.max-shm-memory\fR rctl. A scale (K, M, G, T)
770 770 can be applied to the value for this number (for example, 1M is one megabyte).
771 771 .RE
772 772
773 773 .sp
774 774 .ne 2
775 775 .na
776 776 \fBglobal: \fBscheduling-class\fR\fR
777 777 .ad
778 778 .sp .6
779 779 .RS 4n
780 780 Specifies the scheduling class used for processes running in a zone. When this
781 781 property is not specified, the scheduling class is established as follows:
782 782 .RS +4
783 783 .TP
784 784 .ie t \(bu
785 785 .el o
786 786 If the \fBcpu-shares\fR property or equivalent rctl is set, the scheduling
787 787 class FSS is used.
788 788 .RE
789 789 .RS +4
790 790 .TP
791 791 .ie t \(bu
792 792 .el o
793 793 If neither \fBcpu-shares\fR nor the equivalent rctl is set and the zone's pool
794 794 property references a pool that has a default scheduling class, that class is
795 795 used.
796 796 .RE
797 797 .RS +4
798 798 .TP
799 799 .ie t \(bu
800 800 .el o
801 801 Under any other conditions, the system default scheduling class is used.
802 802 .RE
803 803 .RE
804 804
805 805
806 806
807 807 .sp
808 808 .ne 2
809 809 .na
810 810 \fB\fBdedicated-cpu\fR: ncpus, importance\fR
811 811 .ad
812 812 .sp .6
813 813 .RS 4n
814 814 The number of CPUs that should be assigned for this zone's exclusive use. The
815 815 zone will create a pool and processor set when it boots. See \fBpooladm\fR(1M)
816 816 and \fBpoolcfg\fR(1M) for more information on resource pools. The \fBncpu\fR
817 817 property can specify a single value or a range (for example, 1-4) of
818 818 processors. The \fBimportance\fR property is optional; if set, it will specify
819 819 the \fBpset.importance\fR value for use by \fBpoold\fR(1M). If this resource is
820 820 used, there must be enough free processors to allocate to this zone when it
821 821 boots or the zone will not boot. The processors assigned to this zone will not
822 822 be available for the use of the global zone or other zones. This resource is
823 823 incompatible with both the \fBpool\fR and \fBcpu-shares\fR properties. Only a
824 824 single instance of this resource can be added to the zone.
825 825 .RE
826 826
827 827 .sp
828 828 .ne 2
829 829 .na
830 830 \fB\fBcapped-memory\fR: physical, swap, locked\fR
831 831 .ad
832 832 .sp .6
833 833 .RS 4n
834 834 The caps on the memory that can be used by this zone. A scale (K, M, G, T) can
835 835 be applied to the value for each of these numbers (for example, 1M is one
836 836 megabyte). Each of these properties is optional but at least one property must
837 837 be set when adding this resource. Only a single instance of this resource can
838 838 be added to the zone. The \fBphysical\fR property sets the \fBmax-rss\fR for
839 839 this zone. This will be enforced by \fBrcapd\fR(1M) running in the global zone.
840 840 The \fBswap\fR property is the preferred way to set the \fBzone.max-swap\fR
841 841 rctl. The \fBlocked\fR property is the preferred way to set the
842 842 \fBzone.max-locked-memory\fR rctl.
843 843 .RE
844 844
845 845 .sp
846 846 .ne 2
847 847 .na
848 848 \fB\fBcapped-cpu\fR: ncpus\fR
849 849 .ad
850 850 .sp .6
851 851 .RS 4n
852 852 Sets a limit on the amount of CPU time that can be used by a zone. The unit
853 853 used translates to the percentage of a single CPU that can be used by all user
854 854 threads in a zone, expressed as a fraction (for example, \fB\&.75\fR) or a
855 855 mixed number (whole number and fraction, for example, \fB1.25\fR). An
856 856 \fBncpu\fR value of \fB1\fR means 100% of a CPU, a value of \fB1.25\fR means
|
↓ open down ↓ |
856 lines elided |
↑ open up ↑ |
857 857 125%, \fB\&.75\fR mean 75%, and so forth. When projects within a capped zone
858 858 have their own caps, the minimum value takes precedence.
859 859 .sp
860 860 The \fBcapped-cpu\fR property is an alias for \fBzone.cpu-cap\fR resource
861 861 control and is related to the \fBzone.cpu-cap\fR resource control. See
862 862 \fBresource_controls\fR(5).
863 863 .RE
864 864
865 865 .sp
866 866 .ne 2
867 -.mk
868 867 .na
869 868 \fBglobal: \fBfs-allowed\fR\fR
870 869 .ad
871 870 .sp .6
872 871 .RS 4n
873 872 A comma-separated list of additional filesystems that may be mounted within
874 873 the zone; for example "ufs,pcfs". By default, only hsfs(7fs) and network
875 874 filesystems can be mounted. If the first entry in the list is "-" then
876 875 that disables all of the default filesystems. If any filesystems are listed
877 876 after "-" then only those filesystems can be mounted.
878 877
879 878 This property does not apply to filesystems mounted into the zone via "add fs"
880 879 or "add dataset".
881 880
882 881 WARNING: allowing filesystem mounts other than the default may allow the zone
883 882 administrator to compromise the system with a malicious filesystem image, and
884 883 is not supported.
885 884 .RE
886 885
887 886 .sp
888 887 .LP
889 888 The following table summarizes resources, property-names, and types:
890 889 .sp
891 890 .in +2
892 891 .nf
893 892 resource property-name type
894 893 (global) zonename simple
895 894 (global) zonepath simple
896 895 (global) autoboot simple
897 896 (global) bootargs simple
898 897 (global) pool simple
899 898 (global) limitpriv simple
900 899 (global) brand simple
901 900 (global) ip-type simple
902 901 (global) hostid simple
903 902 (global) cpu-shares simple
904 903 (global) max-lwps simple
905 904 (global) max-msg-ids simple
906 905 (global) max-sem-ids simple
907 906 (global) max-shm-ids simple
908 907 (global) max-shm-memory simple
909 908 (global) scheduling-class simple
910 909 fs dir simple
911 910 special simple
912 911 raw simple
913 912 type simple
914 913 options list of simple
915 914 net address simple
916 915 physical simple
917 916 device match simple
918 917 rctl name simple
919 918 value list of complex
920 919 attr name simple
921 920 type simple
922 921 value simple
923 922 dataset name simple
924 923 dedicated-cpu ncpus simple or range
925 924 importance simple
926 925
927 926 capped-memory physical simple with scale
928 927 swap simple with scale
929 928 locked simple with scale
930 929
931 930 capped-cpu ncpus simple
932 931 .fi
933 932 .in -2
934 933 .sp
935 934
936 935 .sp
937 936 .LP
938 937 To further specify things, the breakdown of the complex property "value" of the
939 938 "rctl" resource type, it consists of three name/value pairs, the names being
940 939 "priv", "limit" and "action", each of which takes a simple value. The "name"
941 940 property of an "attr" resource is syntactically restricted in a fashion similar
942 941 but not identical to zone names: it must begin with an alphanumeric, and can
943 942 contain alphanumerics plus the hyphen (\fB-\fR), underscore (\fB_\fR), and dot
944 943 (\fB\&.\fR) characters. Attribute names beginning with "zone" are reserved for
945 944 use by the system. Finally, the "autoboot" global property must have a value of
946 945 "true" or "false".
947 946 .SS "Using Kernel Statistics to Monitor CPU Caps"
948 947 .sp
949 948 .LP
950 949 Using the kernel statistics (\fBkstat\fR(3KSTAT)) module \fBcaps\fR, the system
951 950 maintains information for all capped projects and zones. You can access this
952 951 information by reading kernel statistics (\fBkstat\fR(3KSTAT)), specifying
953 952 \fBcaps\fR as the \fBkstat\fR module name. The following command displays
954 953 kernel statistics for all active CPU caps:
955 954 .sp
956 955 .in +2
957 956 .nf
958 957 # \fBkstat caps::'/cpucaps/'\fR
959 958 .fi
960 959 .in -2
961 960 .sp
962 961
963 962 .sp
964 963 .LP
965 964 A \fBkstat\fR(1M) command running in a zone displays only CPU caps relevant for
966 965 that zone and for projects in that zone. See \fBEXAMPLES\fR.
967 966 .sp
968 967 .LP
969 968 The following are cap-related arguments for use with \fBkstat\fR(1M):
970 969 .sp
971 970 .ne 2
972 971 .na
973 972 \fB\fBcaps\fR\fR
974 973 .ad
975 974 .sp .6
976 975 .RS 4n
977 976 The \fBkstat\fR module.
978 977 .RE
979 978
980 979 .sp
981 980 .ne 2
982 981 .na
983 982 \fB\fBproject_caps\fR or \fBzone_caps\fR\fR
984 983 .ad
985 984 .sp .6
986 985 .RS 4n
987 986 \fBkstat\fR class, for use with the \fBkstat\fR \fB-c\fR option.
988 987 .RE
989 988
990 989 .sp
991 990 .ne 2
992 991 .na
993 992 \fB\fBcpucaps_project_\fR\fIid\fR or \fBcpucaps_zone_\fR\fIid\fR\fR
994 993 .ad
995 994 .sp .6
996 995 .RS 4n
997 996 \fBkstat\fR name, for use with the \fBkstat\fR \fB-n\fR option. \fIid\fR is the
998 997 project or zone identifier.
999 998 .RE
1000 999
1001 1000 .sp
1002 1001 .LP
1003 1002 The following fields are displayed in response to a \fBkstat\fR(1M) command
1004 1003 requesting statistics for all CPU caps.
1005 1004 .sp
1006 1005 .ne 2
1007 1006 .na
1008 1007 \fB\fBmodule\fR\fR
1009 1008 .ad
1010 1009 .sp .6
1011 1010 .RS 4n
1012 1011 In this usage of \fBkstat\fR, this field will have the value \fBcaps\fR.
1013 1012 .RE
1014 1013
1015 1014 .sp
1016 1015 .ne 2
1017 1016 .na
1018 1017 \fB\fBname\fR\fR
1019 1018 .ad
1020 1019 .sp .6
1021 1020 .RS 4n
1022 1021 As described above, \fBcpucaps_project_\fR\fIid\fR or
1023 1022 \fBcpucaps_zone_\fR\fIid\fR
1024 1023 .RE
1025 1024
1026 1025 .sp
1027 1026 .ne 2
1028 1027 .na
1029 1028 \fB\fBabove_sec\fR\fR
1030 1029 .ad
1031 1030 .sp .6
1032 1031 .RS 4n
1033 1032 Total time, in seconds, spent above the cap.
1034 1033 .RE
1035 1034
1036 1035 .sp
1037 1036 .ne 2
1038 1037 .na
1039 1038 \fB\fBbelow_sec\fR\fR
1040 1039 .ad
1041 1040 .sp .6
1042 1041 .RS 4n
1043 1042 Total time, in seconds, spent below the cap.
1044 1043 .RE
1045 1044
1046 1045 .sp
1047 1046 .ne 2
1048 1047 .na
1049 1048 \fB\fBmaxusage\fR\fR
1050 1049 .ad
1051 1050 .sp .6
1052 1051 .RS 4n
1053 1052 Maximum observed CPU usage.
1054 1053 .RE
1055 1054
1056 1055 .sp
1057 1056 .ne 2
1058 1057 .na
1059 1058 \fB\fBnwait\fR\fR
1060 1059 .ad
1061 1060 .sp .6
1062 1061 .RS 4n
1063 1062 Number of threads on cap wait queue.
1064 1063 .RE
1065 1064
1066 1065 .sp
1067 1066 .ne 2
1068 1067 .na
1069 1068 \fB\fBusage\fR\fR
1070 1069 .ad
1071 1070 .sp .6
1072 1071 .RS 4n
1073 1072 Current aggregated CPU usage for all threads belonging to a capped project or
1074 1073 zone, in terms of a percentage of a single CPU.
1075 1074 .RE
1076 1075
1077 1076 .sp
1078 1077 .ne 2
1079 1078 .na
1080 1079 \fB\fBvalue\fR\fR
1081 1080 .ad
1082 1081 .sp .6
1083 1082 .RS 4n
1084 1083 The cap value, in terms of a percentage of a single CPU.
1085 1084 .RE
1086 1085
1087 1086 .sp
1088 1087 .ne 2
1089 1088 .na
1090 1089 \fB\fBzonename\fR\fR
1091 1090 .ad
1092 1091 .sp .6
1093 1092 .RS 4n
1094 1093 Name of the zone for which statistics are displayed.
1095 1094 .RE
1096 1095
1097 1096 .sp
1098 1097 .LP
1099 1098 See \fBEXAMPLES\fR for sample output from a \fBkstat\fR command.
1100 1099 .SH OPTIONS
1101 1100 .sp
1102 1101 .LP
1103 1102 The following options are supported:
1104 1103 .sp
1105 1104 .ne 2
1106 1105 .na
1107 1106 \fB\fB-f\fR \fIcommand_file\fR\fR
1108 1107 .ad
1109 1108 .sp .6
1110 1109 .RS 4n
1111 1110 Specify the name of \fBzonecfg\fR command file. \fIcommand_file\fR is a text
1112 1111 file of \fBzonecfg\fR subcommands, one per line.
1113 1112 .RE
1114 1113
1115 1114 .sp
1116 1115 .ne 2
1117 1116 .na
1118 1117 \fB\fB-z\fR \fIzonename\fR\fR
1119 1118 .ad
1120 1119 .sp .6
1121 1120 .RS 4n
1122 1121 Specify the name of a zone. Zone names are case sensitive. Zone names must
1123 1122 begin with an alphanumeric character and can contain alphanumeric characters,
1124 1123 the underscore (\fB_\fR) the hyphen (\fB-\fR), and the dot (\fB\&.\fR). The
1125 1124 name \fBglobal\fR and all names beginning with \fBSUNW\fR are reserved and
1126 1125 cannot be used.
1127 1126 .RE
1128 1127
1129 1128 .SH SUBCOMMANDS
1130 1129 .sp
1131 1130 .LP
1132 1131 You can use the \fBadd\fR and \fBselect\fR subcommands to select a specific
1133 1132 resource, at which point the scope changes to that resource. The \fBend\fR and
1134 1133 \fBcancel\fR subcommands are used to complete the resource specification, at
1135 1134 which time the scope is reverted back to global. Certain subcommands, such as
1136 1135 \fBadd\fR, \fBremove\fR and \fBset\fR, have different semantics in each scope.
1137 1136 .sp
1138 1137 .LP
1139 1138 \fBzonecfg\fR supports a semicolon-separated list of subcommands. For example:
1140 1139 .sp
1141 1140 .in +2
1142 1141 .nf
1143 1142 # \fBzonecfg -z myzone "add net; set physical=myvnic; end"\fR
1144 1143 .fi
1145 1144 .in -2
1146 1145 .sp
1147 1146
1148 1147 .sp
1149 1148 .LP
1150 1149 Subcommands which can result in destructive actions or loss of work have an
1151 1150 \fB-F\fR option to force the action. If input is from a terminal device, the
1152 1151 user is prompted when appropriate if such a command is given without the
1153 1152 \fB-F\fR option otherwise, if such a command is given without the \fB-F\fR
1154 1153 option, the action is disallowed, with a diagnostic message written to standard
1155 1154 error.
1156 1155 .sp
1157 1156 .LP
1158 1157 The following subcommands are supported:
1159 1158 .sp
1160 1159 .ne 2
1161 1160 .na
1162 1161 \fB\fBadd\fR \fIresource-type\fR (global scope)\fR
1163 1162 .ad
1164 1163 .br
1165 1164 .na
1166 1165 \fB\fBadd\fR \fIproperty-name property-value\fR (resource scope)\fR
1167 1166 .ad
1168 1167 .sp .6
1169 1168 .RS 4n
1170 1169 In the global scope, begin the specification for a given resource type. The
1171 1170 scope is changed to that resource type.
1172 1171 .sp
1173 1172 In the resource scope, add a property of the given name with the given value.
1174 1173 The syntax for property values varies with different property types. In
1175 1174 general, it is a simple value or a list of simple values enclosed in square
1176 1175 brackets, separated by commas (\fB[foo,bar,baz]\fR). See \fBPROPERTIES\fR.
1177 1176 .RE
1178 1177
1179 1178 .sp
1180 1179 .ne 2
1181 1180 .na
1182 1181 \fB\fBcancel\fR\fR
1183 1182 .ad
1184 1183 .sp .6
1185 1184 .RS 4n
1186 1185 End the resource specification and reset scope to global. Abandons any
1187 1186 partially specified resources. \fBcancel\fR is only applicable in the resource
1188 1187 scope.
1189 1188 .RE
1190 1189
1191 1190 .sp
1192 1191 .ne 2
1193 1192 .na
1194 1193 \fB\fBclear\fR \fIproperty-name\fR\fR
1195 1194 .ad
1196 1195 .sp .6
1197 1196 .RS 4n
1198 1197 Clear the value for the property.
1199 1198 .RE
1200 1199
1201 1200 .sp
1202 1201 .ne 2
1203 1202 .na
1204 1203 \fB\fBcommit\fR\fR
1205 1204 .ad
1206 1205 .sp .6
1207 1206 .RS 4n
1208 1207 Commit the current configuration from memory to stable storage. The
1209 1208 configuration must be committed to be used by \fBzoneadm\fR. Until the
1210 1209 in-memory configuration is committed, you can remove changes with the
1211 1210 \fBrevert\fR subcommand. The \fBcommit\fR operation is attempted automatically
1212 1211 upon completion of a \fBzonecfg\fR session. Since a configuration must be
1213 1212 correct to be committed, this operation automatically does a verify.
1214 1213 .RE
1215 1214
1216 1215 .sp
1217 1216 .ne 2
1218 1217 .na
1219 1218 \fB\fBcreate [\fR\fB-F\fR\fB] [\fR \fB-a\fR \fIpath\fR |\fB-b\fR \fB|\fR
1220 1219 \fB-t\fR \fItemplate\fR\fB]\fR\fR
1221 1220 .ad
1222 1221 .sp .6
1223 1222 .RS 4n
1224 1223 Create an in-memory configuration for the specified zone. Use \fBcreate\fR to
1225 1224 begin to configure a new zone. See \fBcommit\fR for saving this to stable
1226 1225 storage.
1227 1226 .sp
1228 1227 If you are overwriting an existing configuration, specify the \fB-F\fR option
1229 1228 to force the action. Specify the \fB-t\fR \fItemplate\fR option to create a
1230 1229 configuration identical to \fItemplate\fR, where \fItemplate\fR is the name of
1231 1230 a configured zone.
1232 1231 .sp
1233 1232 Use the \fB-a\fR \fIpath\fR option to facilitate configuring a detached zone on
1234 1233 a new host. The \fIpath\fR parameter is the zonepath location of a detached
1235 1234 zone that has been moved on to this new host. Once the detached zone is
1236 1235 configured, it should be installed using the "\fBzoneadm attach\fR" command
1237 1236 (see \fBzoneadm\fR(1M)). All validation of the new zone happens during the
1238 1237 \fBattach\fR process, not during zone configuration.
1239 1238 .sp
1240 1239 Use the \fB-b\fR option to create a blank configuration. Without arguments,
1241 1240 \fBcreate\fR applies the Sun default settings.
1242 1241 .RE
1243 1242
1244 1243 .sp
1245 1244 .ne 2
1246 1245 .na
1247 1246 \fB\fBdelete [\fR\fB-F\fR\fB]\fR\fR
1248 1247 .ad
1249 1248 .sp .6
1250 1249 .RS 4n
1251 1250 Delete the specified configuration from memory and stable storage. This action
1252 1251 is instantaneous, no commit is necessary. A deleted configuration cannot be
1253 1252 reverted.
1254 1253 .sp
1255 1254 Specify the \fB-F\fR option to force the action.
1256 1255 .RE
1257 1256
1258 1257 .sp
1259 1258 .ne 2
1260 1259 .na
1261 1260 \fB\fBend\fR\fR
1262 1261 .ad
1263 1262 .sp .6
1264 1263 .RS 4n
1265 1264 End the resource specification. This subcommand is only applicable in the
1266 1265 resource scope. \fBzonecfg\fR checks to make sure the current resource is
1267 1266 completely specified. If so, it is added to the in-memory configuration (see
1268 1267 \fBcommit\fR for saving this to stable storage) and the scope reverts to
1269 1268 global. If the specification is incomplete, it issues an appropriate error
1270 1269 message.
1271 1270 .RE
1272 1271
1273 1272 .sp
1274 1273 .ne 2
1275 1274 .na
1276 1275 \fB\fBexport [\fR\fB-f\fR \fIoutput-file\fR\fB]\fR\fR
1277 1276 .ad
1278 1277 .sp .6
1279 1278 .RS 4n
1280 1279 Print configuration to standard output. Use the \fB-f\fR option to print the
1281 1280 configuration to \fIoutput-file\fR. This option produces output in a form
1282 1281 suitable for use in a command file.
1283 1282 .RE
1284 1283
1285 1284 .sp
1286 1285 .ne 2
1287 1286 .na
1288 1287 \fB\fBhelp [usage] [\fIsubcommand\fR] [syntax] [\fR\fIcommand-name\fR\fB]\fR\fR
1289 1288 .ad
1290 1289 .sp .6
1291 1290 .RS 4n
1292 1291 Print general help or help about given topic.
1293 1292 .RE
1294 1293
1295 1294 .sp
1296 1295 .ne 2
1297 1296 .na
1298 1297 \fB\fBinfo zonename | zonepath | autoboot | brand | pool | limitpriv\fR\fR
1299 1298 .ad
1300 1299 .br
1301 1300 .na
1302 1301 \fB\fBinfo [\fR\fIresource-type\fR
1303 1302 \fB[\fR\fIproperty-name\fR\fB=\fR\fIproperty-value\fR\fB]*]\fR\fR
1304 1303 .ad
1305 1304 .sp .6
1306 1305 .RS 4n
1307 1306 Display information about the current configuration. If \fIresource-type\fR is
1308 1307 specified, displays only information about resources of the relevant type. If
1309 1308 any \fIproperty-name\fR value pairs are specified, displays only information
1310 1309 about resources meeting the given criteria. In the resource scope, any
1311 1310 arguments are ignored, and \fBinfo\fR displays information about the resource
1312 1311 which is currently being added or modified.
1313 1312 .RE
1314 1313
1315 1314 .sp
1316 1315 .ne 2
1317 1316 .na
1318 1317 \fB\fBremove\fR \fIresource-type\fR\fB{\fR\fIproperty-name\fR\fB=\fR\fIproperty
1319 1318 -value\fR\fB}\fR(global scope)\fR
1320 1319 .ad
1321 1320 .sp .6
1322 1321 .RS 4n
1323 1322 In the global scope, removes the specified resource. The \fB[]\fR syntax means
1324 1323 0 or more of whatever is inside the square braces. If you want only to remove a
1325 1324 single instance of the resource, you must specify enough property name-value
1326 1325 pairs for the resource to be uniquely identified. If no property name-value
1327 1326 pairs are specified, all instances will be removed. If there is more than one
1328 1327 pair is specified, a confirmation is required, unless you use the \fB-F\fR
1329 1328 option.
1330 1329 .RE
1331 1330
1332 1331 .sp
1333 1332 .ne 2
1334 1333 .na
1335 1334 \fB\fBselect\fR \fIresource-type\fR
1336 1335 \fB{\fR\fIproperty-name\fR\fB=\fR\fIproperty-value\fR\fB}\fR\fR
1337 1336 .ad
1338 1337 .sp .6
1339 1338 .RS 4n
1340 1339 Select the resource of the given type which matches the given
1341 1340 \fIproperty-name\fR \fIproperty-value\fR pair criteria, for modification. This
1342 1341 subcommand is applicable only in the global scope. The scope is changed to that
1343 1342 resource type. The \fB{}\fR syntax means 1 or more of whatever is inside the
1344 1343 curly braces. You must specify enough \fIproperty -name property-value\fR pairs
1345 1344 for the resource to be uniquely identified.
1346 1345 .RE
1347 1346
1348 1347 .sp
1349 1348 .ne 2
1350 1349 .na
1351 1350 \fB\fBset\fR \fIproperty-name\fR\fB=\fR\fIproperty\fR\fB-\fR\fIvalue\fR\fR
1352 1351 .ad
1353 1352 .sp .6
1354 1353 .RS 4n
1355 1354 Set a given property name to the given value. Some properties (for example,
1356 1355 \fBzonename\fR and \fBzonepath\fR) are global while others are
1357 1356 resource-specific. This subcommand is applicable in both the global and
1358 1357 resource scopes.
1359 1358 .RE
1360 1359
1361 1360 .sp
1362 1361 .ne 2
1363 1362 .na
1364 1363 \fB\fBverify\fR\fR
1365 1364 .ad
1366 1365 .sp .6
1367 1366 .RS 4n
1368 1367 Verify the current configuration for correctness:
1369 1368 .RS +4
1370 1369 .TP
1371 1370 .ie t \(bu
1372 1371 .el o
1373 1372 All resources have all of their required properties specified.
1374 1373 .RE
1375 1374 .RS +4
1376 1375 .TP
1377 1376 .ie t \(bu
1378 1377 .el o
1379 1378 A \fBzonepath\fR is specified.
1380 1379 .RE
1381 1380 .RE
1382 1381
1383 1382 .sp
1384 1383 .ne 2
1385 1384 .na
1386 1385 \fB\fBrevert\fR \fB[\fR\fB-F\fR\fB]\fR\fR
1387 1386 .ad
1388 1387 .sp .6
1389 1388 .RS 4n
1390 1389 Revert the configuration back to the last committed state. The \fB-F\fR option
1391 1390 can be used to force the action.
1392 1391 .RE
1393 1392
1394 1393 .sp
1395 1394 .ne 2
1396 1395 .na
1397 1396 \fB\fBexit [\fR\fB-F\fR\fB]\fR\fR
1398 1397 .ad
1399 1398 .sp .6
1400 1399 .RS 4n
1401 1400 Exit the \fBzonecfg\fR session. A commit is automatically attempted if needed.
1402 1401 You can also use an \fBEOF\fR character to exit \fBzonecfg\fR. The \fB-F\fR
1403 1402 option can be used to force the action.
1404 1403 .RE
1405 1404
1406 1405 .SH EXAMPLES
1407 1406 .LP
1408 1407 \fBExample 1 \fRCreating the Environment for a New Zone
1409 1408 .sp
1410 1409 .LP
1411 1410 In the following example, \fBzonecfg\fR creates the environment for a new zone.
1412 1411 \fB/usr/local\fR is loopback mounted from the global zone into
1413 1412 \fB/opt/local\fR. \fB/opt/sfw\fR is loopback mounted from the global zone,
1414 1413 three logical network interfaces are added, and a limit on the number of
1415 1414 fair-share scheduler (FSS) CPU shares for a zone is set using the \fBrctl\fR
1416 1415 resource type. The example also shows how to select a given resource for
1417 1416 modification.
1418 1417
1419 1418 .sp
1420 1419 .in +2
1421 1420 .nf
1422 1421 example# \fBzonecfg -z myzone3\fR
1423 1422 my-zone3: No such zone configured
1424 1423 Use 'create' to begin configuring a new zone.
1425 1424 zonecfg:myzone3> \fBcreate\fR
1426 1425 zonecfg:myzone3> \fBset zonepath=/export/home/my-zone3\fR
1427 1426 zonecfg:myzone3> \fBset autoboot=true\fR
1428 1427 zonecfg:myzone3> \fBadd fs\fR
1429 1428 zonecfg:myzone3:fs> \fBset dir=/usr/local\fR
1430 1429 zonecfg:myzone3:fs> \fBset special=/opt/local\fR
1431 1430 zonecfg:myzone3:fs> \fBset type=lofs\fR
1432 1431 zonecfg:myzone3:fs> \fBadd options [ro,nodevices]\fR
1433 1432 zonecfg:myzone3:fs> \fBend\fR
1434 1433 zonecfg:myzone3> \fBadd fs\fR
1435 1434 zonecfg:myzone3:fs> \fBset dir=/mnt\fR
1436 1435 zonecfg:myzone3:fs> \fBset special=/dev/dsk/c0t0d0s7\fR
1437 1436 zonecfg:myzone3:fs> \fBset raw=/dev/rdsk/c0t0d0s7\fR
1438 1437 zonecfg:myzone3:fs> \fBset type=ufs\fR
1439 1438 zonecfg:myzone3:fs> \fBend\fR
1440 1439 zonecfg:myzone3> \fBadd net\fR
1441 1440 zonecfg:myzone3:net> \fBset address=192.168.0.1/24\fR
1442 1441 zonecfg:myzone3:net> \fBset physical=eri0\fR
1443 1442 zonecfg:myzone3:net> \fBend\fR
1444 1443 zonecfg:myzone3> \fBadd net\fR
1445 1444 zonecfg:myzone3:net> \fBset address=192.168.1.2/24\fR
1446 1445 zonecfg:myzone3:net> \fBset physical=eri0\fR
1447 1446 zonecfg:myzone3:net> \fBend\fR
1448 1447 zonecfg:myzone3> \fBadd net\fR
1449 1448 zonecfg:myzone3:net> \fBset address=192.168.2.3/24\fR
1450 1449 zonecfg:myzone3:net> \fBset physical=eri0\fR
1451 1450 zonecfg:myzone3:net> \fBend\fR
1452 1451 zonecfg:my-zone3> \fBset cpu-shares=5\fR
1453 1452 zonecfg:my-zone3> \fBadd capped-memory\fR
1454 1453 zonecfg:my-zone3:capped-memory> \fBset physical=50m\fR
1455 1454 zonecfg:my-zone3:capped-memory> \fBset swap=100m\fR
1456 1455 zonecfg:my-zone3:capped-memory> \fBend\fR
1457 1456 zonecfg:myzone3> \fBexit\fR
1458 1457 .fi
1459 1458 .in -2
1460 1459 .sp
1461 1460
1462 1461 .LP
1463 1462 \fBExample 2 \fRCreating a Non-Native Zone
1464 1463 .sp
1465 1464 .LP
1466 1465 The following example creates a new Linux zone:
1467 1466
1468 1467 .sp
1469 1468 .in +2
1470 1469 .nf
1471 1470 example# \fBzonecfg -z lxzone\fR
1472 1471 lxzone: No such zone configured
1473 1472 Use 'create' to begin configuring a new zone
1474 1473 zonecfg:lxzone> \fBcreate -t SUNWlx\fR
1475 1474 zonecfg:lxzone> \fBset zonepath=/export/zones/lxzone\fR
1476 1475 zonecfg:lxzone> \fBset autoboot=true\fR
1477 1476 zonecfg:lxzone> \fBexit\fR
1478 1477 .fi
1479 1478 .in -2
1480 1479 .sp
1481 1480
1482 1481 .LP
1483 1482 \fBExample 3 \fRCreating an Exclusive-IP Zone
1484 1483 .sp
1485 1484 .LP
1486 1485 The following example creates a zone that is granted exclusive access to
1487 1486 \fBbge1\fR and \fBbge33000\fR and that is isolated at the IP layer from the
1488 1487 other zones configured on the system.
1489 1488
1490 1489 .sp
1491 1490 .LP
1492 1491 The IP addresses and routing is configured inside the new zone using
1493 1492 \fBsysidtool\fR(1M).
1494 1493
1495 1494 .sp
1496 1495 .in +2
1497 1496 .nf
1498 1497 example# \fBzonecfg -z excl\fR
1499 1498 excl: No such zone configured
1500 1499 Use 'create' to begin configuring a new zone
1501 1500 zonecfg:excl> \fBcreate\fR
1502 1501 zonecfg:excl> \fBset zonepath=/export/zones/excl\fR
1503 1502 zonecfg:excl> \fBset ip-type=exclusive\fR
1504 1503 zonecfg:excl> \fBadd net\fR
1505 1504 zonecfg:excl:net> \fBset physical=bge1\fR
1506 1505 zonecfg:excl:net> \fBend\fR
1507 1506 zonecfg:excl> \fBadd net\fR
1508 1507 zonecfg:excl:net> \fBset physical=bge33000\fR
1509 1508 zonecfg:excl:net> \fBend\fR
1510 1509 zonecfg:excl> \fBexit\fR
1511 1510 .fi
1512 1511 .in -2
1513 1512 .sp
1514 1513
1515 1514 .LP
1516 1515 \fBExample 4 \fRAssociating a Zone with a Resource Pool
1517 1516 .sp
1518 1517 .LP
1519 1518 The following example shows how to associate an existing zone with an existing
1520 1519 resource pool:
1521 1520
1522 1521 .sp
1523 1522 .in +2
1524 1523 .nf
1525 1524 example# \fBzonecfg -z myzone\fR
1526 1525 zonecfg:myzone> \fBset pool=mypool\fR
1527 1526 zonecfg:myzone> \fBexit\fR
1528 1527 .fi
1529 1528 .in -2
1530 1529 .sp
1531 1530
1532 1531 .sp
1533 1532 .LP
1534 1533 For more information about resource pools, see \fBpooladm\fR(1M) and
1535 1534 \fBpoolcfg\fR(1M).
1536 1535
1537 1536 .LP
1538 1537 \fBExample 5 \fRChanging the Name of a Zone
1539 1538 .sp
1540 1539 .LP
1541 1540 The following example shows how to change the name of an existing zone:
1542 1541
1543 1542 .sp
1544 1543 .in +2
1545 1544 .nf
1546 1545 example# \fBzonecfg -z myzone\fR
1547 1546 zonecfg:myzone> \fBset zonename=myzone2\fR
1548 1547 zonecfg:myzone2> \fBexit\fR
1549 1548 .fi
1550 1549 .in -2
1551 1550 .sp
1552 1551
1553 1552 .LP
1554 1553 \fBExample 6 \fRChanging the Privilege Set of a Zone
1555 1554 .sp
1556 1555 .LP
1557 1556 The following example shows how to change the set of privileges an existing
1558 1557 zone's processes will be limited to the next time the zone is booted. In this
1559 1558 particular case, the privilege set will be the standard safe set of privileges
1560 1559 a zone normally has along with the privilege to change the system date and
1561 1560 time:
1562 1561
1563 1562 .sp
1564 1563 .in +2
1565 1564 .nf
1566 1565 example# \fBzonecfg -z myzone\fR
1567 1566 zonecfg:myzone> \fBset limitpriv="default,sys_time"\fR
1568 1567 zonecfg:myzone2> \fBexit\fR
1569 1568 .fi
1570 1569 .in -2
1571 1570 .sp
1572 1571
1573 1572 .LP
1574 1573 \fBExample 7 \fRSetting the \fBzone.cpu-shares\fR Property for the Global Zone
1575 1574 .sp
1576 1575 .LP
1577 1576 The following command sets the \fBzone.cpu-shares\fR property for the global
1578 1577 zone:
1579 1578
1580 1579 .sp
1581 1580 .in +2
1582 1581 .nf
1583 1582 example# \fBzonecfg -z global\fR
1584 1583 zonecfg:global> \fBset cpu-shares=5\fR
1585 1584 zonecfg:global> \fBexit\fR
1586 1585 .fi
1587 1586 .in -2
1588 1587 .sp
1589 1588
1590 1589 .LP
1591 1590 \fBExample 8 \fRUsing Pattern Matching
1592 1591 .sp
1593 1592 .LP
1594 1593 The following commands illustrate \fBzonecfg\fR support for pattern matching.
1595 1594 In the zone \fBflexlm\fR, enter:
1596 1595
1597 1596 .sp
1598 1597 .in +2
1599 1598 .nf
1600 1599 zonecfg:flexlm> \fBadd device\fR
1601 1600 zonecfg:flexlm:device> \fBset match="/dev/cua/a00[2-5]"\fR
1602 1601 zonecfg:flexlm:device> \fBend\fR
1603 1602 .fi
1604 1603 .in -2
1605 1604 .sp
1606 1605
1607 1606 .sp
1608 1607 .LP
1609 1608 In the global zone, enter:
1610 1609
1611 1610 .sp
1612 1611 .in +2
1613 1612 .nf
1614 1613 global# \fBls /dev/cua\fR
1615 1614 a a000 a001 a002 a003 a004 a005 a006 a007 b
1616 1615 .fi
1617 1616 .in -2
1618 1617 .sp
1619 1618
1620 1619 .sp
1621 1620 .LP
1622 1621 In the zone \fBflexlm\fR, enter:
1623 1622
1624 1623 .sp
1625 1624 .in +2
1626 1625 .nf
1627 1626 flexlm# \fBls /dev/cua\fR
1628 1627 a002 a003 a004 a005
1629 1628 .fi
1630 1629 .in -2
1631 1630 .sp
1632 1631
1633 1632 .LP
1634 1633 \fBExample 9 \fRSetting a Cap for a Zone to Three CPUs
1635 1634 .sp
1636 1635 .LP
1637 1636 The following sequence uses the \fBzonecfg\fR command to set the CPU cap for a
1638 1637 zone to three CPUs.
1639 1638
1640 1639 .sp
1641 1640 .in +2
1642 1641 .nf
1643 1642 zonecfg:myzone> \fBadd capped-cpu\fR
1644 1643 zonecfg:myzone>capped-cpu> \fBset ncpus=3\fR
1645 1644 zonecfg:myzone>capped-cpu>capped-cpu> \fBend\fR
1646 1645 .fi
1647 1646 .in -2
1648 1647 .sp
1649 1648
1650 1649 .sp
1651 1650 .LP
1652 1651 The preceding sequence, which uses the capped-cpu property, is equivalent to
1653 1652 the following sequence, which makes use of the \fBzone.cpu-cap\fR resource
1654 1653 control.
1655 1654
1656 1655 .sp
1657 1656 .in +2
1658 1657 .nf
1659 1658 zonecfg:myzone> \fBadd rctl\fR
1660 1659 zonecfg:myzone:rctl> \fBset name=zone.cpu-cap\fR
1661 1660 zonecfg:myzone:rctl> \fBadd value (priv=privileged,limit=300,action=none)\fR
1662 1661 zonecfg:myzone:rctl> \fBend\fR
1663 1662 .fi
1664 1663 .in -2
1665 1664 .sp
1666 1665
1667 1666 .LP
1668 1667 \fBExample 10 \fRUsing \fBkstat\fR to Monitor CPU Caps
1669 1668 .sp
1670 1669 .LP
1671 1670 The following command displays information about all CPU caps.
1672 1671
1673 1672 .sp
1674 1673 .in +2
1675 1674 .nf
1676 1675 # \fBkstat -n /cpucaps/\fR
1677 1676 module: caps instance: 0
1678 1677 name: cpucaps_project_0 class: project_caps
1679 1678 above_sec 0
1680 1679 below_sec 2157
1681 1680 crtime 821.048183159
1682 1681 maxusage 2
1683 1682 nwait 0
1684 1683 snaptime 235885.637253027
1685 1684 usage 0
1686 1685 value 18446743151372347932
1687 1686 zonename global
1688 1687
1689 1688 module: caps instance: 0
1690 1689 name: cpucaps_project_1 class: project_caps
1691 1690 above_sec 0
1692 1691 below_sec 0
1693 1692 crtime 225339.192787265
1694 1693 maxusage 5
1695 1694 nwait 0
1696 1695 snaptime 235885.637591677
1697 1696 usage 5
1698 1697 value 18446743151372347932
1699 1698 zonename global
1700 1699
1701 1700 module: caps instance: 0
1702 1701 name: cpucaps_project_201 class: project_caps
1703 1702 above_sec 0
1704 1703 below_sec 235105
1705 1704 crtime 780.37961782
1706 1705 maxusage 100
1707 1706 nwait 0
1708 1707 snaptime 235885.637789687
1709 1708 usage 43
1710 1709 value 100
1711 1710 zonename global
1712 1711
1713 1712 module: caps instance: 0
1714 1713 name: cpucaps_project_202 class: project_caps
1715 1714 above_sec 0
1716 1715 below_sec 235094
1717 1716 crtime 791.72983782
1718 1717 maxusage 100
1719 1718 nwait 0
1720 1719 snaptime 235885.637967512
1721 1720 usage 48
1722 1721 value 100
1723 1722 zonename global
1724 1723
1725 1724 module: caps instance: 0
1726 1725 name: cpucaps_project_203 class: project_caps
1727 1726 above_sec 0
1728 1727 below_sec 235034
1729 1728 crtime 852.104401481
1730 1729 maxusage 75
1731 1730 nwait 0
1732 1731 snaptime 235885.638144304
1733 1732 usage 47
1734 1733 value 100
1735 1734 zonename global
1736 1735
1737 1736 module: caps instance: 0
1738 1737 name: cpucaps_project_86710 class: project_caps
1739 1738 above_sec 22
1740 1739 below_sec 235166
1741 1740 crtime 698.441717859
1742 1741 maxusage 101
1743 1742 nwait 0
1744 1743 snaptime 235885.638319871
1745 1744 usage 54
1746 1745 value 100
1747 1746 zonename global
1748 1747
1749 1748 module: caps instance: 0
1750 1749 name: cpucaps_zone_0 class: zone_caps
1751 1750 above_sec 100733
1752 1751 below_sec 134332
1753 1752 crtime 821.048177123
1754 1753 maxusage 207
1755 1754 nwait 2
1756 1755 snaptime 235885.638497731
1757 1756 usage 199
1758 1757 value 200
1759 1758 zonename global
1760 1759
1761 1760 module: caps instance: 1
1762 1761 name: cpucaps_project_0 class: project_caps
1763 1762 above_sec 0
1764 1763 below_sec 0
1765 1764 crtime 225360.256448422
1766 1765 maxusage 7
1767 1766 nwait 0
1768 1767 snaptime 235885.638714404
1769 1768 usage 7
1770 1769 value 18446743151372347932
1771 1770 zonename test_001
1772 1771
1773 1772 module: caps instance: 1
1774 1773 name: cpucaps_zone_1 class: zone_caps
1775 1774 above_sec 2
1776 1775 below_sec 10524
1777 1776 crtime 225360.256440278
1778 1777 maxusage 106
1779 1778 nwait 0
1780 1779 snaptime 235885.638896443
1781 1780 usage 7
1782 1781 value 100
1783 1782 zonename test_001
1784 1783 .fi
1785 1784 .in -2
1786 1785 .sp
1787 1786
1788 1787 .LP
1789 1788 \fBExample 11 \fRDisplaying CPU Caps for a Specific Zone or Project
1790 1789 .sp
1791 1790 .LP
1792 1791 Using the \fBkstat\fR \fB-c\fR and \fB-i\fR options, you can display CPU caps
1793 1792 for a specific zone or project, as below. The first command produces a display
1794 1793 for a specific project, the second for the same project within zone 1.
1795 1794
1796 1795 .sp
1797 1796 .in +2
1798 1797 .nf
1799 1798 # \fBkstat -c project_caps\fR
1800 1799
1801 1800 # \fBkstat -c project_caps -i 1\fR
1802 1801 .fi
1803 1802 .in -2
1804 1803 .sp
1805 1804
1806 1805 .SH EXIT STATUS
1807 1806 .sp
1808 1807 .LP
1809 1808 The following exit values are returned:
1810 1809 .sp
1811 1810 .ne 2
1812 1811 .na
1813 1812 \fB\fB0\fR\fR
1814 1813 .ad
1815 1814 .sp .6
1816 1815 .RS 4n
1817 1816 Successful completion.
1818 1817 .RE
1819 1818
1820 1819 .sp
1821 1820 .ne 2
1822 1821 .na
1823 1822 \fB\fB1\fR\fR
1824 1823 .ad
1825 1824 .sp .6
1826 1825 .RS 4n
1827 1826 An error occurred.
1828 1827 .RE
1829 1828
1830 1829 .sp
1831 1830 .ne 2
1832 1831 .na
1833 1832 \fB\fB2\fR\fR
1834 1833 .ad
1835 1834 .sp .6
1836 1835 .RS 4n
1837 1836 Invalid usage.
1838 1837 .RE
1839 1838
1840 1839 .SH ATTRIBUTES
1841 1840 .sp
1842 1841 .LP
1843 1842 See \fBattributes\fR(5) for descriptions of the following attributes:
1844 1843 .sp
1845 1844
1846 1845 .sp
1847 1846 .TS
1848 1847 box;
1849 1848 c | c
1850 1849 l | l .
1851 1850 ATTRIBUTE TYPE ATTRIBUTE VALUE
1852 1851 _
1853 1852 Interface Stability Volatile
1854 1853 .TE
1855 1854
1856 1855 .SH SEE ALSO
1857 1856 .sp
1858 1857 .LP
1859 1858 \fBppriv\fR(1), \fBprctl\fR(1), \fBzlogin\fR(1), \fBkstat\fR(1M),
1860 1859 \fBmount\fR(1M), \fBpooladm\fR(1M), \fBpoolcfg\fR(1M), \fBpoold\fR(1M),
1861 1860 \fBrcapd\fR(1M), \fBrctladm\fR(1M), \fBsvcadm\fR(1M), \fBsysidtool\fR(1M),
1862 1861 \fBzfs\fR(1M), \fBzoneadm\fR(1M), \fBpriv_str_to_set\fR(3C),
1863 1862 \fBkstat\fR(3KSTAT), \fBvfstab\fR(4), \fBattributes\fR(5), \fBbrands\fR(5),
1864 1863 \fBfnmatch\fR(5), \fBlx\fR(5), \fBprivileges\fR(5), \fBresource_controls\fR(5),
1865 1864 \fBzones\fR(5)
1866 1865 .sp
1867 1866 .LP
1868 1867 \fISystem Administration Guide: Solaris Containers-Resource Management, and
1869 1868 Solaris Zones\fR
1870 1869 .SH NOTES
1871 1870 .sp
1872 1871 .LP
1873 1872 All character data used by \fBzonecfg\fR must be in US-ASCII encoding.
|
↓ open down ↓ |
996 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX