Print this page
Code review comments from jeffpc
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1m/zonecfg.1m
+++ new/usr/src/man/man1m/zonecfg.1m
1 1 '\" te
2 2 .\" Copyright (c) 2004, 2009 Sun Microsystems, Inc. All Rights Reserved.
3 3 .\" Copyright 2013 Joyent, Inc. All Rights Reserved.
4 4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
5 5 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
6 6 .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 -.TH ZONECFG 1M "Feb 28, 2014"
7 +.TH ZONECFG 1M "Jun 6, 2016"
8 8 .SH NAME
9 9 zonecfg \- set up zone configuration
10 10 .SH SYNOPSIS
11 11 .LP
12 12 .nf
13 13 \fBzonecfg\fR \fB-z\fR \fIzonename\fR
14 14 .fi
15 15
16 16 .LP
17 17 .nf
18 18 \fBzonecfg\fR \fB-z\fR \fIzonename\fR \fIsubcommand\fR
19 19 .fi
20 20
21 21 .LP
22 22 .nf
23 23 \fBzonecfg\fR \fB-z\fR \fIzonename\fR \fB-f\fR \fIcommand_file\fR
24 24 .fi
25 25
26 26 .LP
27 27 .nf
28 28 \fBzonecfg\fR help
29 29 .fi
30 30
31 31 .SH DESCRIPTION
32 32 .LP
33 33 The \fBzonecfg\fR utility creates and modifies the configuration of a zone.
34 34 Zone configuration consists of a number of resources and properties.
35 35 .sp
36 36 .LP
37 37 To simplify the user interface, \fBzonecfg\fR uses the concept of a scope. The
38 38 default scope is global.
39 39 .sp
40 40 .LP
41 41 The following synopsis of the \fBzonecfg\fR command is for interactive usage:
42 42 .sp
43 43 .in +2
44 44 .nf
45 45 zonecfg \fB-z\fR \fIzonename subcommand\fR
46 46 .fi
47 47 .in -2
48 48 .sp
49 49
50 50 .sp
51 51 .LP
52 52 Parameters changed through \fBzonecfg\fR do not affect a running zone. The zone
53 53 must be rebooted for the changes to take effect.
54 54 .sp
55 55 .LP
56 56 In addition to creating and modifying a zone, the \fBzonecfg\fR utility can
57 57 also be used to persistently specify the resource management settings for the
58 58 global zone.
59 59 .sp
60 60 .LP
61 61 In the following text, "rctl" is used as an abbreviation for "resource
62 62 control". See \fBresource_controls\fR(5).
63 63 .sp
64 64 .LP
65 65 Every zone is configured with an associated brand. The brand determines the
66 66 user-level environment used within the zone, as well as various behaviors for
67 67 the zone when it is installed, boots, or is shutdown. Once a zone has been
68 68 installed the brand cannot be changed. The default brand is determined by the
69 69 installed distribution in the global zone. Some brands do not support all of
70 70 the \fBzonecfg\fR properties and resources. See the brand-specific man page for
71 71 more details on each brand. For an overview of brands, see the \fBbrands\fR(5)
72 72 man page.
73 73 .SS "Resources"
74 74 .LP
75 75 The following resource types are supported:
76 76 .sp
77 77 .ne 2
78 78 .na
79 79 \fB\fBattr\fR\fR
80 80 .ad
81 81 .sp .6
82 82 .RS 4n
83 83 Generic attribute.
84 84 .RE
85 85
86 86 .sp
87 87 .ne 2
88 88 .na
89 89 \fB\fBcapped-cpu\fR\fR
90 90 .ad
91 91 .sp .6
92 92 .RS 4n
93 93 Limits for CPU usage.
94 94 .RE
95 95
96 96 .sp
97 97 .ne 2
98 98 .na
99 99 \fB\fBcapped-memory\fR\fR
100 100 .ad
101 101 .sp .6
102 102 .RS 4n
103 103 Limits for physical, swap, and locked memory.
104 104 .RE
105 105
106 106 .sp
107 107 .ne 2
108 108 .na
109 109 \fB\fBdataset\fR\fR
110 110 .ad
111 111 .sp .6
112 112 .RS 4n
113 113 \fBZFS\fR dataset.
114 114 .RE
115 115
116 116 .sp
117 117 .ne 2
118 118 .na
119 119 \fB\fBdedicated-cpu\fR\fR
120 120 .ad
121 121 .sp .6
122 122 .RS 4n
123 123 Subset of the system's processors dedicated to this zone while it is running.
124 124 .RE
125 125
126 126 .sp
127 127 .ne 2
128 128 .na
129 129 \fB\fBdevice\fR\fR
130 130 .ad
131 131 .sp .6
132 132 .RS 4n
133 133 Device.
134 134 .RE
135 135
136 136 .sp
137 137 .ne 2
138 138 .na
139 139 \fB\fBfs\fR\fR
140 140 .ad
141 141 .sp .6
142 142 .RS 4n
143 143 file-system
144 144 .RE
145 145
146 146 .sp
147 147 .ne 2
148 148 .na
149 149 \fB\fBnet\fR\fR
150 150 .ad
151 151 .sp .6
152 152 .RS 4n
153 153 Network interface.
154 154 .RE
155 155
156 156 .sp
157 157 .ne 2
158 158 .na
159 159 \fB\fBrctl\fR\fR
160 160 .ad
161 161 .sp .6
162 162 .RS 4n
163 163 Resource control.
164 164 .RE
165 165
166 166 .sp
167 167 .ne 2
168 168 .na
169 169 \fB\fBsecurity-flags\fR\fR
170 170 .ad
171 171 .sp .6
172 172 .RS 4n
173 173 Process security flag settings.
174 174 .RE
175 175
176 176 .SS "Properties"
177 177 .LP
178 178 Each resource type has one or more properties. There are also some global
179 179 properties, that is, properties of the configuration as a whole, rather than of
180 180 some particular resource.
181 181 .sp
182 182 .LP
183 183 The following properties are supported:
184 184 .sp
185 185 .ne 2
186 186 .na
187 187 \fB(global)\fR
188 188 .ad
189 189 .sp .6
190 190 .RS 4n
191 191 \fBzonename\fR
192 192 .RE
193 193
194 194 .sp
195 195 .ne 2
196 196 .na
197 197 \fB(global)\fR
198 198 .ad
199 199 .sp .6
200 200 .RS 4n
201 201 \fBzonepath\fR
202 202 .RE
203 203
204 204 .sp
205 205 .ne 2
206 206 .na
207 207 \fB(global)\fR
208 208 .ad
209 209 .sp .6
210 210 .RS 4n
211 211 \fBautoboot\fR
212 212 .RE
213 213
214 214 .sp
215 215 .ne 2
216 216 .na
217 217 \fB(global)\fR
218 218 .ad
219 219 .sp .6
220 220 .RS 4n
221 221 \fBbootargs\fR
222 222 .RE
223 223
224 224 .sp
225 225 .ne 2
226 226 .na
227 227 \fB(global)\fR
228 228 .ad
229 229 .sp .6
230 230 .RS 4n
231 231 \fBpool\fR
232 232 .RE
233 233
234 234 .sp
235 235 .ne 2
236 236 .na
237 237 \fB(global)\fR
238 238 .ad
239 239 .sp .6
240 240 .RS 4n
241 241 \fBlimitpriv\fR
242 242 .RE
243 243
244 244 .sp
245 245 .ne 2
246 246 .na
247 247 \fB(global)\fR
248 248 .ad
249 249 .sp .6
250 250 .RS 4n
251 251 \fBbrand\fR
252 252 .RE
253 253
254 254 .sp
255 255 .ne 2
256 256 .na
257 257 \fB(global)\fR
258 258 .ad
259 259 .sp .6
260 260 .RS 4n
261 261 \fBcpu-shares\fR
262 262 .RE
263 263
264 264 .sp
265 265 .ne 2
266 266 .na
267 267 \fB(global)\fR
268 268 .ad
269 269 .sp .6
270 270 .RS 4n
271 271 \fBhostid\fR
272 272 .RE
273 273
274 274 .sp
275 275 .ne 2
276 276 .na
277 277 \fB(global)\fR
278 278 .ad
279 279 .sp .6
280 280 .RS 4n
281 281 \fBmax-lwps\fR
282 282 .RE
283 283
284 284 .sp
285 285 .ne 2
286 286 .na
287 287 \fB(global)\fR
288 288 .ad
289 289 .sp .6
290 290 .RS 4n
291 291 \fBmax-msg-ids\fR
292 292 .RE
293 293
294 294 .sp
295 295 .ne 2
296 296 .na
297 297 \fB(global)\fR
298 298 .ad
299 299 .sp .6
300 300 .RS 4n
301 301 \fBmax-sem-ids\fR
302 302 .RE
303 303
304 304 .sp
305 305 .ne 2
306 306 .na
307 307 \fB(global)\fR
308 308 .ad
309 309 .sp .6
310 310 .RS 4n
311 311 \fBmax-shm-ids\fR
312 312 .RE
313 313
314 314 .sp
315 315 .ne 2
316 316 .na
317 317 \fB(global)\fR
318 318 .ad
319 319 .sp .6
320 320 .RS 4n
321 321 \fBmax-shm-memory\fR
322 322 .RE
323 323
324 324 .sp
325 325 .ne 2
326 326 .na
327 327 \fB(global)\fR
328 328 .ad
329 329 .sp .6
330 330 .RS 4n
331 331 \fBscheduling-class\fR
332 332 .RE
333 333
334 334 .sp
335 335 .ne 2
336 336 .na
337 337 .B (global)
338 338 .ad
339 339 .sp .6
340 340 .RS 4n
341 341 .B fs-allowed
342 342 .RE
343 343
344 344 .sp
345 345 .ne 2
346 346 .na
347 347 \fB\fBfs\fR\fR
348 348 .ad
349 349 .sp .6
350 350 .RS 4n
351 351 \fBdir\fR, \fBspecial\fR, \fBraw\fR, \fBtype\fR, \fBoptions\fR
352 352 .RE
353 353
354 354 .sp
355 355 .ne 2
356 356 .na
357 357 \fB\fBnet\fR\fR
358 358 .ad
359 359 .sp .6
360 360 .RS 4n
361 361 \fBaddress\fR, \fBphysical\fR, \fBdefrouter\fR
362 362 .RE
363 363
364 364 .sp
365 365 .ne 2
366 366 .na
367 367 \fB\fBdevice\fR\fR
368 368 .ad
369 369 .sp .6
370 370 .RS 4n
371 371 \fBmatch\fR
372 372 .RE
373 373
374 374 .sp
375 375 .ne 2
376 376 .na
377 377 \fB\fBrctl\fR\fR
378 378 .ad
379 379 .sp .6
380 380 .RS 4n
381 381 \fBname\fR, \fBvalue\fR
382 382 .RE
383 383
384 384 .sp
385 385 .ne 2
386 386 .na
387 387 \fB\fBattr\fR\fR
388 388 .ad
389 389 .sp .6
390 390 .RS 4n
391 391 \fBname\fR, \fBtype\fR, \fBvalue\fR
392 392 .RE
393 393
394 394 .sp
395 395 .ne 2
396 396 .na
397 397 \fB\fBdataset\fR\fR
398 398 .ad
399 399 .sp .6
400 400 .RS 4n
401 401 \fBname\fR
402 402 .RE
403 403
404 404 .sp
405 405 .ne 2
406 406 .na
407 407 \fB\fBdedicated-cpu\fR\fR
408 408 .ad
409 409 .sp .6
410 410 .RS 4n
411 411 \fBncpus\fR, \fBimportance\fR
412 412 .RE
413 413
414 414 .sp
415 415 .ne 2
416 416 .na
417 417 \fB\fBcapped-memory\fR\fR
418 418 .ad
419 419 .sp .6
420 420 .RS 4n
421 421 \fBphysical\fR, \fBswap\fR, \fBlocked\fR
422 422 .RE
423 423
424 424 .sp
425 425 .ne 2
426 426 .na
427 427 \fB\fBcapped-cpu\fR\fR
428 428 .ad
429 429 .sp .6
430 430 .RS 4n
431 431 \fBncpus\fR
432 432 .RE
433 433
434 434 .sp
435 435 .ne 2
436 436 .na
437 437 \fB\fBsecurity-flags\fB\fB
438 438 .ad
439 439 .sp .6
440 440 .RS 4n
441 441 \fBlower\fR, \fBdefault\fR, \fBupper\fR.
442 442 .RE
443 443
444 444 .sp
445 445 .LP
446 446 As for the property values which are paired with these names, they are either
447 447 simple, complex, or lists. The type allowed is property-specific. Simple values
448 448 are strings, optionally enclosed within quotation marks. Complex values have
449 449 the syntax:
450 450 .sp
451 451 .in +2
452 452 .nf
453 453 (<\fIname\fR>=<\fIvalue\fR>,<\fIname\fR>=<\fIvalue\fR>,...)
454 454 .fi
455 455 .in -2
456 456 .sp
457 457
458 458 .sp
459 459 .LP
460 460 where each <\fIvalue\fR> is simple, and the <\fIname\fR> strings are unique
461 461 within a given property. Lists have the syntax:
462 462 .sp
463 463 .in +2
464 464 .nf
465 465 [<\fIvalue\fR>,...]
466 466 .fi
467 467 .in -2
468 468 .sp
469 469
470 470 .sp
471 471 .LP
472 472 where each <\fIvalue\fR> is either simple or complex. A list of a single value
473 473 (either simple or complex) is equivalent to specifying that value without the
474 474 list syntax. That is, "foo" is equivalent to "[foo]". A list can be empty
475 475 (denoted by "[]").
476 476 .sp
477 477 .LP
478 478 In interpreting property values, \fBzonecfg\fR accepts regular expressions as
479 479 specified in \fBfnmatch\fR(5). See \fBEXAMPLES\fR.
480 480 .sp
481 481 .LP
482 482 The property types are described as follows:
483 483 .sp
484 484 .ne 2
485 485 .na
486 486 \fBglobal: \fBzonename\fR\fR
487 487 .ad
488 488 .sp .6
489 489 .RS 4n
490 490 The name of the zone.
491 491 .RE
492 492
493 493 .sp
494 494 .ne 2
495 495 .na
496 496 \fBglobal: \fBzonepath\fR\fR
497 497 .ad
498 498 .sp .6
499 499 .RS 4n
500 500 Path to zone's file system.
501 501 .RE
502 502
503 503 .sp
504 504 .ne 2
505 505 .na
506 506 \fBglobal: \fBautoboot\fR\fR
507 507 .ad
508 508 .sp .6
509 509 .RS 4n
510 510 Boolean indicating that a zone should be booted automatically at system boot.
511 511 Note that if the zones service is disabled, the zone will not autoboot,
512 512 regardless of the setting of this property. You enable the zones service with a
513 513 \fBsvcadm\fR command, such as:
514 514 .sp
515 515 .in +2
516 516 .nf
517 517 # \fBsvcadm enable svc:/system/zones:default\fR
518 518 .fi
519 519 .in -2
520 520 .sp
521 521
522 522 Replace \fBenable\fR with \fBdisable\fR to disable the zones service. See
523 523 \fBsvcadm\fR(1M).
524 524 .RE
525 525
526 526 .sp
527 527 .ne 2
528 528 .na
529 529 \fBglobal: \fBbootargs\fR\fR
530 530 .ad
531 531 .sp .6
532 532 .RS 4n
533 533 Arguments (options) to be passed to the zone bootup, unless options are
534 534 supplied to the "\fBzoneadm boot\fR" command, in which case those take
535 535 precedence. The valid arguments are described in \fBzoneadm\fR(1M).
536 536 .RE
537 537
538 538 .sp
539 539 .ne 2
540 540 .na
541 541 \fBglobal: \fBpool\fR\fR
542 542 .ad
543 543 .sp .6
544 544 .RS 4n
545 545 Name of the resource pool that this zone must be bound to when booted. This
546 546 property is incompatible with the \fBdedicated-cpu\fR resource.
547 547 .RE
548 548
549 549 .sp
550 550 .ne 2
551 551 .na
552 552 \fBglobal: \fBlimitpriv\fR\fR
553 553 .ad
554 554 .sp .6
555 555 .RS 4n
556 556 The maximum set of privileges any process in this zone can obtain. The property
557 557 should consist of a comma-separated privilege set specification as described in
558 558 \fBpriv_str_to_set\fR(3C). Privileges can be excluded from the resulting set by
559 559 preceding their names with a dash (-) or an exclamation point (!). The special
560 560 privilege string "zone" is not supported in this context. If the special string
561 561 "default" occurs as the first token in the property, it expands into a safe set
562 562 of privileges that preserve the resource and security isolation described in
563 563 \fBzones\fR(5). A missing or empty property is equivalent to this same set of
564 564 safe privileges.
565 565 .sp
566 566 The system administrator must take extreme care when configuring privileges for
567 567 a zone. Some privileges cannot be excluded through this mechanism as they are
568 568 required in order to boot a zone. In addition, there are certain privileges
569 569 which cannot be given to a zone as doing so would allow processes inside a zone
570 570 to unduly affect processes in other zones. \fBzoneadm\fR(1M) indicates when an
571 571 invalid privilege has been added or removed from a zone's privilege set when an
572 572 attempt is made to either "boot" or "ready" the zone.
573 573 .sp
574 574 See \fBprivileges\fR(5) for a description of privileges. The command "\fBppriv
575 575 -l\fR" (see \fBppriv\fR(1)) produces a list of all Solaris privileges. You can
576 576 specify privileges as they are displayed by \fBppriv\fR. In
577 577 \fBprivileges\fR(5), privileges are listed in the form
578 578 PRIV_\fIprivilege_name\fR. For example, the privilege \fIsys_time\fR, as you
579 579 would specify it in this property, is listed in \fBprivileges\fR(5) as
580 580 \fBPRIV_SYS_TIME\fR.
581 581 .RE
582 582
583 583 .sp
584 584 .ne 2
585 585 .na
586 586 \fBglobal: \fBbrand\fR\fR
587 587 .ad
588 588 .sp .6
589 589 .RS 4n
590 590 The zone's brand type.
591 591 .RE
592 592
593 593 .sp
594 594 .ne 2
595 595 .na
596 596 \fBglobal: \fBip-type\fR\fR
597 597 .ad
598 598 .sp .6
599 599 .RS 4n
600 600 A zone can either share the IP instance with the global zone, which is the
601 601 default, or have its own exclusive instance of IP.
602 602 .sp
603 603 This property takes the values \fBshared\fR and \fBexclusive\fR.
604 604 .RE
605 605
606 606 .sp
607 607 .ne 2
608 608 .na
609 609 \fBglobal: \fBhostid\fR\fR
610 610 .ad
611 611 .sp .6
612 612 .RS 4n
613 613 A zone can emulate a 32-bit host identifier to ease system consolidation. A
614 614 zone's \fBhostid\fR property is empty by default, meaning that the zone does
615 615 not emulate a host identifier. Zone host identifiers must be hexadecimal values
616 616 between 0 and FFFFFFFE. A \fB0x\fR or \fB0X\fR prefix is optional. Both
617 617 uppercase and lowercase hexadecimal digits are acceptable.
618 618 .RE
619 619
620 620 .sp
621 621 .ne 2
622 622 .na
623 623 \fB\fBfs\fR: dir, special, raw, type, options\fR
624 624 .ad
625 625 .sp .6
626 626 .RS 4n
627 627 Values needed to determine how, where, and so forth to mount file systems. See
628 628 \fBmount\fR(1M), \fBmount\fR(2), \fBfsck\fR(1M), and \fBvfstab\fR(4).
629 629 .RE
630 630
631 631 .sp
632 632 .ne 2
633 633 .na
634 634 \fB\fBnet\fR: address, physical, defrouter\fR
635 635 .ad
636 636 .sp .6
637 637 .RS 4n
638 638 The network address and physical interface name of the network interface. The
639 639 network address is one of:
640 640 .RS +4
641 641 .TP
642 642 .ie t \(bu
643 643 .el o
644 644 a valid IPv4 address, optionally followed by "\fB/\fR" and a prefix length;
645 645 .RE
646 646 .RS +4
647 647 .TP
648 648 .ie t \(bu
649 649 .el o
650 650 a valid IPv6 address, which must be followed by "\fB/\fR" and a prefix length;
651 651 .RE
652 652 .RS +4
653 653 .TP
654 654 .ie t \(bu
655 655 .el o
656 656 a host name which resolves to an IPv4 address.
657 657 .RE
658 658 Note that host names that resolve to IPv6 addresses are not supported.
659 659 .sp
660 660 The physical interface name is the network interface name.
661 661 .sp
662 662 The default router is specified similarly to the network address except that it
663 663 must not be followed by a \fB/\fR (slash) and a network prefix length.
664 664 .sp
665 665 A zone can be configured to be either exclusive-IP or shared-IP. For a
666 666 shared-IP zone, you must set both the physical and address properties; setting
667 667 the default router is optional. The interface specified in the physical
668 668 property must be plumbed in the global zone prior to booting the non-global
669 669 zone. However, if the interface is not used by the global zone, it should be
670 670 configured \fBdown\fR in the global zone, and the default router for the
671 671 interface should be specified here.
672 672 .sp
673 673 For an exclusive-IP zone, the physical property must be set and the address and
674 674 default router properties cannot be set.
675 675 .RE
676 676
677 677 .sp
678 678 .ne 2
679 679 .na
680 680 \fB\fBdevice\fR: match\fR
681 681 .ad
682 682 .sp .6
683 683 .RS 4n
684 684 Device name to match.
685 685 .RE
686 686
687 687 .sp
688 688 .ne 2
689 689 .na
690 690 \fB\fBrctl\fR: name, value\fR
691 691 .ad
692 692 .sp .6
693 693 .RS 4n
694 694 The name and \fIpriv\fR/\fIlimit\fR/\fIaction\fR triple of a resource control.
695 695 See \fBprctl\fR(1) and \fBrctladm\fR(1M). The preferred way to set rctl values
696 696 is to use the global property name associated with a specific rctl.
697 697 .RE
698 698
699 699 .sp
700 700 .ne 2
701 701 .na
702 702 \fB\fBattr\fR: name, type, value\fR
703 703 .ad
704 704 .sp .6
705 705 .RS 4n
706 706 The name, type and value of a generic attribute. The \fBtype\fR must be one of
707 707 \fBint\fR, \fBuint\fR, \fBboolean\fR or \fBstring\fR, and the value must be of
708 708 that type. \fBuint\fR means unsigned , that is, a non-negative integer.
709 709 .RE
710 710
711 711 .sp
712 712 .ne 2
713 713 .na
714 714 \fB\fBdataset\fR: name\fR
715 715 .ad
716 716 .sp .6
717 717 .RS 4n
718 718 The name of a \fBZFS\fR dataset to be accessed from within the zone. See
719 719 \fBzfs\fR(1M).
720 720 .RE
721 721
722 722 .sp
723 723 .ne 2
724 724 .na
725 725 \fBglobal: \fBcpu-shares\fR\fR
726 726 .ad
727 727 .sp .6
728 728 .RS 4n
729 729 The number of Fair Share Scheduler (FSS) shares to allocate to this zone. This
730 730 property is incompatible with the \fBdedicated-cpu\fR resource. This property
731 731 is the preferred way to set the \fBzone.cpu-shares\fR rctl.
732 732 .RE
733 733
734 734 .sp
735 735 .ne 2
736 736 .na
737 737 \fBglobal: \fBmax-lwps\fR\fR
738 738 .ad
739 739 .sp .6
740 740 .RS 4n
741 741 The maximum number of LWPs simultaneously available to this zone. This property
742 742 is the preferred way to set the \fBzone.max-lwps\fR rctl.
743 743 .RE
744 744
745 745 .sp
746 746 .ne 2
747 747 .na
748 748 \fBglobal: \fBmax-msg-ids\fR\fR
749 749 .ad
750 750 .sp .6
751 751 .RS 4n
752 752 The maximum number of message queue IDs allowed for this zone. This property is
753 753 the preferred way to set the \fBzone.max-msg-ids\fR rctl.
754 754 .RE
755 755
756 756 .sp
757 757 .ne 2
758 758 .na
759 759 \fBglobal: \fBmax-sem-ids\fR\fR
760 760 .ad
761 761 .sp .6
762 762 .RS 4n
763 763 The maximum number of semaphore IDs allowed for this zone. This property is the
764 764 preferred way to set the \fBzone.max-sem-ids\fR rctl.
765 765 .RE
766 766
767 767 .sp
768 768 .ne 2
769 769 .na
770 770 \fBglobal: \fBmax-shm-ids\fR\fR
771 771 .ad
772 772 .sp .6
773 773 .RS 4n
774 774 The maximum number of shared memory IDs allowed for this zone. This property is
775 775 the preferred way to set the \fBzone.max-shm-ids\fR rctl.
776 776 .RE
777 777
778 778 .sp
779 779 .ne 2
780 780 .na
781 781 \fBglobal: \fBmax-shm-memory\fR\fR
782 782 .ad
783 783 .sp .6
784 784 .RS 4n
785 785 The maximum amount of shared memory allowed for this zone. This property is the
786 786 preferred way to set the \fBzone.max-shm-memory\fR rctl. A scale (K, M, G, T)
787 787 can be applied to the value for this number (for example, 1M is one megabyte).
788 788 .RE
789 789
790 790 .sp
791 791 .ne 2
792 792 .na
793 793 \fBglobal: \fBscheduling-class\fR\fR
794 794 .ad
795 795 .sp .6
796 796 .RS 4n
797 797 Specifies the scheduling class used for processes running in a zone. When this
798 798 property is not specified, the scheduling class is established as follows:
799 799 .RS +4
800 800 .TP
801 801 .ie t \(bu
802 802 .el o
803 803 If the \fBcpu-shares\fR property or equivalent rctl is set, the scheduling
804 804 class FSS is used.
805 805 .RE
806 806 .RS +4
807 807 .TP
808 808 .ie t \(bu
809 809 .el o
810 810 If neither \fBcpu-shares\fR nor the equivalent rctl is set and the zone's pool
811 811 property references a pool that has a default scheduling class, that class is
812 812 used.
813 813 .RE
814 814 .RS +4
815 815 .TP
816 816 .ie t \(bu
817 817 .el o
818 818 Under any other conditions, the system default scheduling class is used.
819 819 .RE
820 820 .RE
821 821
822 822
823 823
824 824 .sp
825 825 .ne 2
826 826 .na
827 827 \fB\fBdedicated-cpu\fR: ncpus, importance\fR
828 828 .ad
829 829 .sp .6
830 830 .RS 4n
831 831 The number of CPUs that should be assigned for this zone's exclusive use. The
832 832 zone will create a pool and processor set when it boots. See \fBpooladm\fR(1M)
833 833 and \fBpoolcfg\fR(1M) for more information on resource pools. The \fBncpu\fR
834 834 property can specify a single value or a range (for example, 1-4) of
835 835 processors. The \fBimportance\fR property is optional; if set, it will specify
836 836 the \fBpset.importance\fR value for use by \fBpoold\fR(1M). If this resource is
837 837 used, there must be enough free processors to allocate to this zone when it
838 838 boots or the zone will not boot. The processors assigned to this zone will not
839 839 be available for the use of the global zone or other zones. This resource is
840 840 incompatible with both the \fBpool\fR and \fBcpu-shares\fR properties. Only a
841 841 single instance of this resource can be added to the zone.
842 842 .RE
843 843
844 844 .sp
845 845 .ne 2
846 846 .na
847 847 \fB\fBcapped-memory\fR: physical, swap, locked\fR
848 848 .ad
849 849 .sp .6
850 850 .RS 4n
851 851 The caps on the memory that can be used by this zone. A scale (K, M, G, T) can
852 852 be applied to the value for each of these numbers (for example, 1M is one
853 853 megabyte). Each of these properties is optional but at least one property must
854 854 be set when adding this resource. Only a single instance of this resource can
855 855 be added to the zone. The \fBphysical\fR property sets the \fBmax-rss\fR for
856 856 this zone. This will be enforced by \fBrcapd\fR(1M) running in the global zone.
857 857 The \fBswap\fR property is the preferred way to set the \fBzone.max-swap\fR
858 858 rctl. The \fBlocked\fR property is the preferred way to set the
859 859 \fBzone.max-locked-memory\fR rctl.
860 860 .RE
861 861
862 862 .sp
863 863 .ne 2
864 864 .na
865 865 \fB\fBcapped-cpu\fR: ncpus\fR
866 866 .ad
867 867 .sp .6
868 868 .RS 4n
869 869 Sets a limit on the amount of CPU time that can be used by a zone. The unit
870 870 used translates to the percentage of a single CPU that can be used by all user
871 871 threads in a zone, expressed as a fraction (for example, \fB\&.75\fR) or a
872 872 mixed number (whole number and fraction, for example, \fB1.25\fR). An
873 873 \fBncpu\fR value of \fB1\fR means 100% of a CPU, a value of \fB1.25\fR means
874 874 125%, \fB\&.75\fR mean 75%, and so forth. When projects within a capped zone
875 875 have their own caps, the minimum value takes precedence.
876 876 .sp
877 877 The \fBcapped-cpu\fR property is an alias for \fBzone.cpu-cap\fR resource
878 878 control and is related to the \fBzone.cpu-cap\fR resource control. See
879 879 \fBresource_controls\fR(5).
880 880 .RE
881 881
882 882 .sp
883 883 .ne 2
884 884 .na
885 885 \fB\fBsecurity-flags\fR: lower, default, upper\fR
886 886 .ad
887 887 .sp .6
888 888 .RS 4n
889 889 Set the process security flags associated with the zone. The \fBlower\fR and
890 890 \fBupper\fR fields set the limits, the \fBdefault\fR field is set of flags all
891 891 zone processes inherit.
892 892 .RE
893 893
894 894 .sp
895 895 .ne 2
896 896 .na
897 897 \fBglobal: \fBfs-allowed\fR\fR
898 898 .ad
899 899 .sp .6
900 900 .RS 4n
901 901 A comma-separated list of additional filesystems that may be mounted within
902 902 the zone; for example "ufs,pcfs". By default, only hsfs(7fs) and network
903 903 filesystems can be mounted. If the first entry in the list is "-" then
904 904 that disables all of the default filesystems. If any filesystems are listed
905 905 after "-" then only those filesystems can be mounted.
906 906
907 907 This property does not apply to filesystems mounted into the zone via "add fs"
908 908 or "add dataset".
909 909
910 910 WARNING: allowing filesystem mounts other than the default may allow the zone
911 911 administrator to compromise the system with a malicious filesystem image, and
912 912 is not supported.
913 913 .RE
914 914
915 915 .sp
916 916 .LP
917 917 The following table summarizes resources, property-names, and types:
918 918 .sp
919 919 .in +2
920 920 .nf
921 921 resource property-name type
922 922 (global) zonename simple
923 923 (global) zonepath simple
924 924 (global) autoboot simple
925 925 (global) bootargs simple
926 926 (global) pool simple
927 927 (global) limitpriv simple
928 928 (global) brand simple
929 929 (global) ip-type simple
930 930 (global) hostid simple
931 931 (global) cpu-shares simple
932 932 (global) max-lwps simple
933 933 (global) max-msg-ids simple
934 934 (global) max-sem-ids simple
935 935 (global) max-shm-ids simple
936 936 (global) max-shm-memory simple
937 937 (global) scheduling-class simple
938 938 fs dir simple
939 939 special simple
940 940 raw simple
941 941 type simple
942 942 options list of simple
943 943 net address simple
944 944 physical simple
945 945 device match simple
946 946 rctl name simple
947 947 value list of complex
948 948 attr name simple
949 949 type simple
950 950 value simple
951 951 dataset name simple
952 952 dedicated-cpu ncpus simple or range
953 953 importance simple
954 954
955 955 capped-memory physical simple with scale
956 956 swap simple with scale
957 957 locked simple with scale
958 958
959 959 capped-cpu ncpus simple
960 960 security-flags lower simple
961 961 default simple
962 962 upper simple
963 963 .fi
964 964 .in -2
965 965 .sp
966 966
967 967 .sp
968 968 .LP
969 969 To further specify things, the breakdown of the complex property "value" of the
970 970 "rctl" resource type, it consists of three name/value pairs, the names being
971 971 "priv", "limit" and "action", each of which takes a simple value. The "name"
972 972 property of an "attr" resource is syntactically restricted in a fashion similar
973 973 but not identical to zone names: it must begin with an alphanumeric, and can
974 974 contain alphanumerics plus the hyphen (\fB-\fR), underscore (\fB_\fR), and dot
975 975 (\fB\&.\fR) characters. Attribute names beginning with "zone" are reserved for
976 976 use by the system. Finally, the "autoboot" global property must have a value of
977 977 "true" or "false".
978 978 .SS "Using Kernel Statistics to Monitor CPU Caps"
979 979 .LP
980 980 Using the kernel statistics (\fBkstat\fR(3KSTAT)) module \fBcaps\fR, the system
981 981 maintains information for all capped projects and zones. You can access this
982 982 information by reading kernel statistics (\fBkstat\fR(3KSTAT)), specifying
983 983 \fBcaps\fR as the \fBkstat\fR module name. The following command displays
984 984 kernel statistics for all active CPU caps:
985 985 .sp
986 986 .in +2
987 987 .nf
988 988 # \fBkstat caps::'/cpucaps/'\fR
989 989 .fi
990 990 .in -2
991 991 .sp
992 992
993 993 .sp
994 994 .LP
995 995 A \fBkstat\fR(1M) command running in a zone displays only CPU caps relevant for
996 996 that zone and for projects in that zone. See \fBEXAMPLES\fR.
997 997 .sp
998 998 .LP
999 999 The following are cap-related arguments for use with \fBkstat\fR(1M):
1000 1000 .sp
1001 1001 .ne 2
1002 1002 .na
1003 1003 \fB\fBcaps\fR\fR
1004 1004 .ad
1005 1005 .sp .6
1006 1006 .RS 4n
1007 1007 The \fBkstat\fR module.
1008 1008 .RE
1009 1009
1010 1010 .sp
1011 1011 .ne 2
1012 1012 .na
1013 1013 \fB\fBproject_caps\fR or \fBzone_caps\fR\fR
1014 1014 .ad
1015 1015 .sp .6
1016 1016 .RS 4n
1017 1017 \fBkstat\fR class, for use with the \fBkstat\fR \fB-c\fR option.
1018 1018 .RE
1019 1019
1020 1020 .sp
1021 1021 .ne 2
1022 1022 .na
1023 1023 \fB\fBcpucaps_project_\fR\fIid\fR or \fBcpucaps_zone_\fR\fIid\fR\fR
1024 1024 .ad
1025 1025 .sp .6
1026 1026 .RS 4n
1027 1027 \fBkstat\fR name, for use with the \fBkstat\fR \fB-n\fR option. \fIid\fR is the
1028 1028 project or zone identifier.
1029 1029 .RE
1030 1030
1031 1031 .sp
1032 1032 .LP
1033 1033 The following fields are displayed in response to a \fBkstat\fR(1M) command
1034 1034 requesting statistics for all CPU caps.
1035 1035 .sp
1036 1036 .ne 2
1037 1037 .na
1038 1038 \fB\fBmodule\fR\fR
1039 1039 .ad
1040 1040 .sp .6
1041 1041 .RS 4n
1042 1042 In this usage of \fBkstat\fR, this field will have the value \fBcaps\fR.
1043 1043 .RE
1044 1044
1045 1045 .sp
1046 1046 .ne 2
1047 1047 .na
1048 1048 \fB\fBname\fR\fR
1049 1049 .ad
1050 1050 .sp .6
1051 1051 .RS 4n
1052 1052 As described above, \fBcpucaps_project_\fR\fIid\fR or
1053 1053 \fBcpucaps_zone_\fR\fIid\fR
1054 1054 .RE
1055 1055
1056 1056 .sp
1057 1057 .ne 2
1058 1058 .na
1059 1059 \fB\fBabove_sec\fR\fR
1060 1060 .ad
1061 1061 .sp .6
1062 1062 .RS 4n
1063 1063 Total time, in seconds, spent above the cap.
1064 1064 .RE
1065 1065
1066 1066 .sp
1067 1067 .ne 2
1068 1068 .na
1069 1069 \fB\fBbelow_sec\fR\fR
1070 1070 .ad
1071 1071 .sp .6
1072 1072 .RS 4n
1073 1073 Total time, in seconds, spent below the cap.
1074 1074 .RE
1075 1075
1076 1076 .sp
1077 1077 .ne 2
1078 1078 .na
1079 1079 \fB\fBmaxusage\fR\fR
1080 1080 .ad
1081 1081 .sp .6
1082 1082 .RS 4n
1083 1083 Maximum observed CPU usage.
1084 1084 .RE
1085 1085
1086 1086 .sp
1087 1087 .ne 2
1088 1088 .na
1089 1089 \fB\fBnwait\fR\fR
1090 1090 .ad
1091 1091 .sp .6
1092 1092 .RS 4n
1093 1093 Number of threads on cap wait queue.
1094 1094 .RE
1095 1095
1096 1096 .sp
1097 1097 .ne 2
1098 1098 .na
1099 1099 \fB\fBusage\fR\fR
1100 1100 .ad
1101 1101 .sp .6
1102 1102 .RS 4n
1103 1103 Current aggregated CPU usage for all threads belonging to a capped project or
1104 1104 zone, in terms of a percentage of a single CPU.
1105 1105 .RE
1106 1106
1107 1107 .sp
1108 1108 .ne 2
1109 1109 .na
1110 1110 \fB\fBvalue\fR\fR
1111 1111 .ad
1112 1112 .sp .6
1113 1113 .RS 4n
1114 1114 The cap value, in terms of a percentage of a single CPU.
1115 1115 .RE
1116 1116
1117 1117 .sp
1118 1118 .ne 2
1119 1119 .na
1120 1120 \fB\fBzonename\fR\fR
1121 1121 .ad
1122 1122 .sp .6
1123 1123 .RS 4n
1124 1124 Name of the zone for which statistics are displayed.
1125 1125 .RE
1126 1126
1127 1127 .sp
1128 1128 .LP
1129 1129 See \fBEXAMPLES\fR for sample output from a \fBkstat\fR command.
1130 1130 .SH OPTIONS
1131 1131 .LP
1132 1132 The following options are supported:
1133 1133 .sp
1134 1134 .ne 2
1135 1135 .na
1136 1136 \fB\fB-f\fR \fIcommand_file\fR\fR
1137 1137 .ad
1138 1138 .sp .6
1139 1139 .RS 4n
1140 1140 Specify the name of \fBzonecfg\fR command file. \fIcommand_file\fR is a text
1141 1141 file of \fBzonecfg\fR subcommands, one per line.
1142 1142 .RE
1143 1143
1144 1144 .sp
1145 1145 .ne 2
1146 1146 .na
1147 1147 \fB\fB-z\fR \fIzonename\fR\fR
1148 1148 .ad
1149 1149 .sp .6
1150 1150 .RS 4n
1151 1151 Specify the name of a zone. Zone names are case sensitive. Zone names must
1152 1152 begin with an alphanumeric character and can contain alphanumeric characters,
1153 1153 the underscore (\fB_\fR) the hyphen (\fB-\fR), and the dot (\fB\&.\fR). The
1154 1154 name \fBglobal\fR and all names beginning with \fBSUNW\fR are reserved and
1155 1155 cannot be used.
1156 1156 .RE
1157 1157
1158 1158 .SH SUBCOMMANDS
1159 1159 .LP
1160 1160 You can use the \fBadd\fR and \fBselect\fR subcommands to select a specific
1161 1161 resource, at which point the scope changes to that resource. The \fBend\fR and
1162 1162 \fBcancel\fR subcommands are used to complete the resource specification, at
1163 1163 which time the scope is reverted back to global. Certain subcommands, such as
1164 1164 \fBadd\fR, \fBremove\fR and \fBset\fR, have different semantics in each scope.
1165 1165 .sp
1166 1166 .LP
1167 1167 \fBzonecfg\fR supports a semicolon-separated list of subcommands. For example:
1168 1168 .sp
1169 1169 .in +2
1170 1170 .nf
1171 1171 # \fBzonecfg -z myzone "add net; set physical=myvnic; end"\fR
1172 1172 .fi
1173 1173 .in -2
1174 1174 .sp
1175 1175
1176 1176 .sp
1177 1177 .LP
1178 1178 Subcommands which can result in destructive actions or loss of work have an
1179 1179 \fB-F\fR option to force the action. If input is from a terminal device, the
1180 1180 user is prompted when appropriate if such a command is given without the
1181 1181 \fB-F\fR option otherwise, if such a command is given without the \fB-F\fR
1182 1182 option, the action is disallowed, with a diagnostic message written to standard
1183 1183 error.
1184 1184 .sp
1185 1185 .LP
1186 1186 The following subcommands are supported:
1187 1187 .sp
1188 1188 .ne 2
1189 1189 .na
1190 1190 \fB\fBadd\fR \fIresource-type\fR (global scope)\fR
1191 1191 .ad
1192 1192 .br
1193 1193 .na
1194 1194 \fB\fBadd\fR \fIproperty-name property-value\fR (resource scope)\fR
1195 1195 .ad
1196 1196 .sp .6
1197 1197 .RS 4n
1198 1198 In the global scope, begin the specification for a given resource type. The
1199 1199 scope is changed to that resource type.
1200 1200 .sp
1201 1201 In the resource scope, add a property of the given name with the given value.
1202 1202 The syntax for property values varies with different property types. In
1203 1203 general, it is a simple value or a list of simple values enclosed in square
1204 1204 brackets, separated by commas (\fB[foo,bar,baz]\fR). See \fBPROPERTIES\fR.
1205 1205 .RE
1206 1206
1207 1207 .sp
1208 1208 .ne 2
1209 1209 .na
1210 1210 \fB\fBcancel\fR\fR
1211 1211 .ad
1212 1212 .sp .6
1213 1213 .RS 4n
1214 1214 End the resource specification and reset scope to global. Abandons any
1215 1215 partially specified resources. \fBcancel\fR is only applicable in the resource
1216 1216 scope.
1217 1217 .RE
1218 1218
1219 1219 .sp
1220 1220 .ne 2
1221 1221 .na
1222 1222 \fB\fBclear\fR \fIproperty-name\fR\fR
1223 1223 .ad
1224 1224 .sp .6
1225 1225 .RS 4n
1226 1226 Clear the value for the property.
1227 1227 .RE
1228 1228
1229 1229 .sp
1230 1230 .ne 2
1231 1231 .na
1232 1232 \fB\fBcommit\fR\fR
1233 1233 .ad
1234 1234 .sp .6
1235 1235 .RS 4n
1236 1236 Commit the current configuration from memory to stable storage. The
1237 1237 configuration must be committed to be used by \fBzoneadm\fR. Until the
1238 1238 in-memory configuration is committed, you can remove changes with the
1239 1239 \fBrevert\fR subcommand. The \fBcommit\fR operation is attempted automatically
1240 1240 upon completion of a \fBzonecfg\fR session. Since a configuration must be
1241 1241 correct to be committed, this operation automatically does a verify.
1242 1242 .RE
1243 1243
1244 1244 .sp
1245 1245 .ne 2
1246 1246 .na
1247 1247 \fB\fBcreate [\fR\fB-F\fR\fB] [\fR \fB-a\fR \fIpath\fR |\fB-b\fR \fB|\fR
1248 1248 \fB-t\fR \fItemplate\fR\fB]\fR\fR
1249 1249 .ad
1250 1250 .sp .6
1251 1251 .RS 4n
1252 1252 Create an in-memory configuration for the specified zone. Use \fBcreate\fR to
1253 1253 begin to configure a new zone. See \fBcommit\fR for saving this to stable
1254 1254 storage.
1255 1255 .sp
1256 1256 If you are overwriting an existing configuration, specify the \fB-F\fR option
1257 1257 to force the action. Specify the \fB-t\fR \fItemplate\fR option to create a
1258 1258 configuration identical to \fItemplate\fR, where \fItemplate\fR is the name of
1259 1259 a configured zone.
1260 1260 .sp
1261 1261 Use the \fB-a\fR \fIpath\fR option to facilitate configuring a detached zone on
1262 1262 a new host. The \fIpath\fR parameter is the zonepath location of a detached
1263 1263 zone that has been moved on to this new host. Once the detached zone is
1264 1264 configured, it should be installed using the "\fBzoneadm attach\fR" command
1265 1265 (see \fBzoneadm\fR(1M)). All validation of the new zone happens during the
1266 1266 \fBattach\fR process, not during zone configuration.
1267 1267 .sp
1268 1268 Use the \fB-b\fR option to create a blank configuration. Without arguments,
1269 1269 \fBcreate\fR applies the Sun default settings.
1270 1270 .RE
1271 1271
1272 1272 .sp
1273 1273 .ne 2
1274 1274 .na
1275 1275 \fB\fBdelete [\fR\fB-F\fR\fB]\fR\fR
1276 1276 .ad
1277 1277 .sp .6
1278 1278 .RS 4n
1279 1279 Delete the specified configuration from memory and stable storage. This action
1280 1280 is instantaneous, no commit is necessary. A deleted configuration cannot be
1281 1281 reverted.
1282 1282 .sp
1283 1283 Specify the \fB-F\fR option to force the action.
1284 1284 .RE
1285 1285
1286 1286 .sp
1287 1287 .ne 2
1288 1288 .na
1289 1289 \fB\fBend\fR\fR
1290 1290 .ad
1291 1291 .sp .6
1292 1292 .RS 4n
1293 1293 End the resource specification. This subcommand is only applicable in the
1294 1294 resource scope. \fBzonecfg\fR checks to make sure the current resource is
1295 1295 completely specified. If so, it is added to the in-memory configuration (see
1296 1296 \fBcommit\fR for saving this to stable storage) and the scope reverts to
1297 1297 global. If the specification is incomplete, it issues an appropriate error
1298 1298 message.
1299 1299 .RE
1300 1300
1301 1301 .sp
1302 1302 .ne 2
1303 1303 .na
1304 1304 \fB\fBexport [\fR\fB-f\fR \fIoutput-file\fR\fB]\fR\fR
1305 1305 .ad
1306 1306 .sp .6
1307 1307 .RS 4n
1308 1308 Print configuration to standard output. Use the \fB-f\fR option to print the
1309 1309 configuration to \fIoutput-file\fR. This option produces output in a form
1310 1310 suitable for use in a command file.
1311 1311 .RE
1312 1312
1313 1313 .sp
1314 1314 .ne 2
1315 1315 .na
1316 1316 \fB\fBhelp [usage] [\fIsubcommand\fR] [syntax] [\fR\fIcommand-name\fR\fB]\fR\fR
1317 1317 .ad
1318 1318 .sp .6
1319 1319 .RS 4n
1320 1320 Print general help or help about given topic.
1321 1321 .RE
1322 1322
1323 1323 .sp
1324 1324 .ne 2
1325 1325 .na
1326 1326 \fB\fBinfo zonename | zonepath | autoboot | brand | pool | limitpriv\fR\fR
1327 1327 .ad
1328 1328 .br
1329 1329 .na
1330 1330 \fB\fBinfo [\fR\fIresource-type\fR
1331 1331 \fB[\fR\fIproperty-name\fR\fB=\fR\fIproperty-value\fR\fB]*]\fR\fR
1332 1332 .ad
1333 1333 .sp .6
1334 1334 .RS 4n
1335 1335 Display information about the current configuration. If \fIresource-type\fR is
1336 1336 specified, displays only information about resources of the relevant type. If
1337 1337 any \fIproperty-name\fR value pairs are specified, displays only information
1338 1338 about resources meeting the given criteria. In the resource scope, any
1339 1339 arguments are ignored, and \fBinfo\fR displays information about the resource
1340 1340 which is currently being added or modified.
1341 1341 .RE
1342 1342
1343 1343 .sp
1344 1344 .ne 2
1345 1345 .na
1346 1346 \fB\fBremove\fR \fIresource-type\fR\fB{\fR\fIproperty-name\fR\fB=\fR\fIproperty
1347 1347 -value\fR\fB}\fR(global scope)\fR
1348 1348 .ad
1349 1349 .sp .6
1350 1350 .RS 4n
1351 1351 In the global scope, removes the specified resource. The \fB[]\fR syntax means
1352 1352 0 or more of whatever is inside the square braces. If you want only to remove a
1353 1353 single instance of the resource, you must specify enough property name-value
1354 1354 pairs for the resource to be uniquely identified. If no property name-value
1355 1355 pairs are specified, all instances will be removed. If there is more than one
1356 1356 pair is specified, a confirmation is required, unless you use the \fB-F\fR
1357 1357 option.
1358 1358 .RE
1359 1359
1360 1360 .sp
1361 1361 .ne 2
1362 1362 .na
1363 1363 \fB\fBselect\fR \fIresource-type\fR
1364 1364 \fB{\fR\fIproperty-name\fR\fB=\fR\fIproperty-value\fR\fB}\fR\fR
1365 1365 .ad
1366 1366 .sp .6
1367 1367 .RS 4n
1368 1368 Select the resource of the given type which matches the given
1369 1369 \fIproperty-name\fR \fIproperty-value\fR pair criteria, for modification. This
1370 1370 subcommand is applicable only in the global scope. The scope is changed to that
1371 1371 resource type. The \fB{}\fR syntax means 1 or more of whatever is inside the
1372 1372 curly braces. You must specify enough \fIproperty -name property-value\fR pairs
1373 1373 for the resource to be uniquely identified.
1374 1374 .RE
1375 1375
1376 1376 .sp
1377 1377 .ne 2
1378 1378 .na
1379 1379 \fB\fBset\fR \fIproperty-name\fR\fB=\fR\fIproperty\fR\fB-\fR\fIvalue\fR\fR
1380 1380 .ad
1381 1381 .sp .6
1382 1382 .RS 4n
1383 1383 Set a given property name to the given value. Some properties (for example,
1384 1384 \fBzonename\fR and \fBzonepath\fR) are global while others are
1385 1385 resource-specific. This subcommand is applicable in both the global and
1386 1386 resource scopes.
1387 1387 .RE
1388 1388
1389 1389 .sp
1390 1390 .ne 2
1391 1391 .na
1392 1392 \fB\fBverify\fR\fR
1393 1393 .ad
1394 1394 .sp .6
1395 1395 .RS 4n
1396 1396 Verify the current configuration for correctness:
1397 1397 .RS +4
1398 1398 .TP
1399 1399 .ie t \(bu
1400 1400 .el o
1401 1401 All resources have all of their required properties specified.
1402 1402 .RE
1403 1403 .RS +4
1404 1404 .TP
1405 1405 .ie t \(bu
1406 1406 .el o
1407 1407 A \fBzonepath\fR is specified.
1408 1408 .RE
1409 1409 .RE
1410 1410
1411 1411 .sp
1412 1412 .ne 2
1413 1413 .na
1414 1414 \fB\fBrevert\fR \fB[\fR\fB-F\fR\fB]\fR\fR
1415 1415 .ad
1416 1416 .sp .6
1417 1417 .RS 4n
1418 1418 Revert the configuration back to the last committed state. The \fB-F\fR option
1419 1419 can be used to force the action.
1420 1420 .RE
1421 1421
1422 1422 .sp
1423 1423 .ne 2
1424 1424 .na
1425 1425 \fB\fBexit [\fR\fB-F\fR\fB]\fR\fR
1426 1426 .ad
1427 1427 .sp .6
1428 1428 .RS 4n
1429 1429 Exit the \fBzonecfg\fR session. A commit is automatically attempted if needed.
1430 1430 You can also use an \fBEOF\fR character to exit \fBzonecfg\fR. The \fB-F\fR
1431 1431 option can be used to force the action.
1432 1432 .RE
1433 1433
1434 1434 .SH EXAMPLES
1435 1435 .LP
1436 1436 \fBExample 1 \fRCreating the Environment for a New Zone
1437 1437 .sp
1438 1438 .LP
1439 1439 In the following example, \fBzonecfg\fR creates the environment for a new zone.
1440 1440 \fB/usr/local\fR is loopback mounted from the global zone into
1441 1441 \fB/opt/local\fR. \fB/opt/sfw\fR is loopback mounted from the global zone,
1442 1442 three logical network interfaces are added, and a limit on the number of
1443 1443 fair-share scheduler (FSS) CPU shares for a zone is set using the \fBrctl\fR
1444 1444 resource type. The example also shows how to select a given resource for
1445 1445 modification.
1446 1446
1447 1447 .sp
1448 1448 .in +2
1449 1449 .nf
1450 1450 example# \fBzonecfg -z myzone3\fR
1451 1451 my-zone3: No such zone configured
1452 1452 Use 'create' to begin configuring a new zone.
1453 1453 zonecfg:myzone3> \fBcreate\fR
1454 1454 zonecfg:myzone3> \fBset zonepath=/export/home/my-zone3\fR
1455 1455 zonecfg:myzone3> \fBset autoboot=true\fR
1456 1456 zonecfg:myzone3> \fBadd fs\fR
1457 1457 zonecfg:myzone3:fs> \fBset dir=/usr/local\fR
1458 1458 zonecfg:myzone3:fs> \fBset special=/opt/local\fR
1459 1459 zonecfg:myzone3:fs> \fBset type=lofs\fR
1460 1460 zonecfg:myzone3:fs> \fBadd options [ro,nodevices]\fR
1461 1461 zonecfg:myzone3:fs> \fBend\fR
1462 1462 zonecfg:myzone3> \fBadd fs\fR
1463 1463 zonecfg:myzone3:fs> \fBset dir=/mnt\fR
1464 1464 zonecfg:myzone3:fs> \fBset special=/dev/dsk/c0t0d0s7\fR
1465 1465 zonecfg:myzone3:fs> \fBset raw=/dev/rdsk/c0t0d0s7\fR
1466 1466 zonecfg:myzone3:fs> \fBset type=ufs\fR
1467 1467 zonecfg:myzone3:fs> \fBend\fR
1468 1468 zonecfg:myzone3> \fBadd net\fR
1469 1469 zonecfg:myzone3:net> \fBset address=192.168.0.1/24\fR
1470 1470 zonecfg:myzone3:net> \fBset physical=eri0\fR
1471 1471 zonecfg:myzone3:net> \fBend\fR
1472 1472 zonecfg:myzone3> \fBadd net\fR
1473 1473 zonecfg:myzone3:net> \fBset address=192.168.1.2/24\fR
1474 1474 zonecfg:myzone3:net> \fBset physical=eri0\fR
1475 1475 zonecfg:myzone3:net> \fBend\fR
1476 1476 zonecfg:myzone3> \fBadd net\fR
1477 1477 zonecfg:myzone3:net> \fBset address=192.168.2.3/24\fR
1478 1478 zonecfg:myzone3:net> \fBset physical=eri0\fR
1479 1479 zonecfg:myzone3:net> \fBend\fR
1480 1480 zonecfg:my-zone3> \fBset cpu-shares=5\fR
1481 1481 zonecfg:my-zone3> \fBadd capped-memory\fR
1482 1482 zonecfg:my-zone3:capped-memory> \fBset physical=50m\fR
1483 1483 zonecfg:my-zone3:capped-memory> \fBset swap=100m\fR
1484 1484 zonecfg:my-zone3:capped-memory> \fBend\fR
1485 1485 zonecfg:myzone3> \fBexit\fR
1486 1486 .fi
1487 1487 .in -2
1488 1488 .sp
1489 1489
1490 1490 .LP
1491 1491 \fBExample 2 \fRCreating a Non-Native Zone
1492 1492 .sp
1493 1493 .LP
1494 1494 The following example creates a new Linux zone:
1495 1495
1496 1496 .sp
1497 1497 .in +2
1498 1498 .nf
1499 1499 example# \fBzonecfg -z lxzone\fR
1500 1500 lxzone: No such zone configured
1501 1501 Use 'create' to begin configuring a new zone
1502 1502 zonecfg:lxzone> \fBcreate -t SUNWlx\fR
1503 1503 zonecfg:lxzone> \fBset zonepath=/export/zones/lxzone\fR
1504 1504 zonecfg:lxzone> \fBset autoboot=true\fR
1505 1505 zonecfg:lxzone> \fBexit\fR
1506 1506 .fi
1507 1507 .in -2
1508 1508 .sp
1509 1509
1510 1510 .LP
1511 1511 \fBExample 3 \fRCreating an Exclusive-IP Zone
1512 1512 .sp
1513 1513 .LP
1514 1514 The following example creates a zone that is granted exclusive access to
1515 1515 \fBbge1\fR and \fBbge33000\fR and that is isolated at the IP layer from the
1516 1516 other zones configured on the system.
1517 1517
1518 1518 .sp
1519 1519 .LP
1520 1520 The IP addresses and routing is configured inside the new zone using
1521 1521 \fBsysidtool\fR(1M).
1522 1522
1523 1523 .sp
1524 1524 .in +2
1525 1525 .nf
1526 1526 example# \fBzonecfg -z excl\fR
1527 1527 excl: No such zone configured
1528 1528 Use 'create' to begin configuring a new zone
1529 1529 zonecfg:excl> \fBcreate\fR
1530 1530 zonecfg:excl> \fBset zonepath=/export/zones/excl\fR
1531 1531 zonecfg:excl> \fBset ip-type=exclusive\fR
1532 1532 zonecfg:excl> \fBadd net\fR
1533 1533 zonecfg:excl:net> \fBset physical=bge1\fR
1534 1534 zonecfg:excl:net> \fBend\fR
1535 1535 zonecfg:excl> \fBadd net\fR
1536 1536 zonecfg:excl:net> \fBset physical=bge33000\fR
1537 1537 zonecfg:excl:net> \fBend\fR
1538 1538 zonecfg:excl> \fBexit\fR
1539 1539 .fi
1540 1540 .in -2
1541 1541 .sp
1542 1542
1543 1543 .LP
1544 1544 \fBExample 4 \fRAssociating a Zone with a Resource Pool
1545 1545 .sp
1546 1546 .LP
1547 1547 The following example shows how to associate an existing zone with an existing
1548 1548 resource pool:
1549 1549
1550 1550 .sp
1551 1551 .in +2
1552 1552 .nf
1553 1553 example# \fBzonecfg -z myzone\fR
1554 1554 zonecfg:myzone> \fBset pool=mypool\fR
1555 1555 zonecfg:myzone> \fBexit\fR
1556 1556 .fi
1557 1557 .in -2
1558 1558 .sp
1559 1559
1560 1560 .sp
1561 1561 .LP
1562 1562 For more information about resource pools, see \fBpooladm\fR(1M) and
1563 1563 \fBpoolcfg\fR(1M).
1564 1564
1565 1565 .LP
1566 1566 \fBExample 5 \fRChanging the Name of a Zone
1567 1567 .sp
1568 1568 .LP
1569 1569 The following example shows how to change the name of an existing zone:
1570 1570
1571 1571 .sp
1572 1572 .in +2
1573 1573 .nf
1574 1574 example# \fBzonecfg -z myzone\fR
1575 1575 zonecfg:myzone> \fBset zonename=myzone2\fR
1576 1576 zonecfg:myzone2> \fBexit\fR
1577 1577 .fi
1578 1578 .in -2
1579 1579 .sp
1580 1580
1581 1581 .LP
1582 1582 \fBExample 6 \fRChanging the Privilege Set of a Zone
1583 1583 .sp
1584 1584 .LP
1585 1585 The following example shows how to change the set of privileges an existing
1586 1586 zone's processes will be limited to the next time the zone is booted. In this
1587 1587 particular case, the privilege set will be the standard safe set of privileges
1588 1588 a zone normally has along with the privilege to change the system date and
1589 1589 time:
1590 1590
1591 1591 .sp
1592 1592 .in +2
1593 1593 .nf
1594 1594 example# \fBzonecfg -z myzone\fR
1595 1595 zonecfg:myzone> \fBset limitpriv="default,sys_time"\fR
1596 1596 zonecfg:myzone2> \fBexit\fR
1597 1597 .fi
1598 1598 .in -2
1599 1599 .sp
1600 1600
1601 1601 .LP
1602 1602 \fBExample 7 \fRSetting the \fBzone.cpu-shares\fR Property for the Global Zone
1603 1603 .sp
1604 1604 .LP
1605 1605 The following command sets the \fBzone.cpu-shares\fR property for the global
1606 1606 zone:
1607 1607
1608 1608 .sp
1609 1609 .in +2
1610 1610 .nf
1611 1611 example# \fBzonecfg -z global\fR
1612 1612 zonecfg:global> \fBset cpu-shares=5\fR
1613 1613 zonecfg:global> \fBexit\fR
1614 1614 .fi
1615 1615 .in -2
1616 1616 .sp
1617 1617
1618 1618 .LP
1619 1619 \fBExample 8 \fRUsing Pattern Matching
1620 1620 .sp
1621 1621 .LP
1622 1622 The following commands illustrate \fBzonecfg\fR support for pattern matching.
1623 1623 In the zone \fBflexlm\fR, enter:
1624 1624
1625 1625 .sp
1626 1626 .in +2
1627 1627 .nf
1628 1628 zonecfg:flexlm> \fBadd device\fR
1629 1629 zonecfg:flexlm:device> \fBset match="/dev/cua/a00[2-5]"\fR
1630 1630 zonecfg:flexlm:device> \fBend\fR
1631 1631 .fi
1632 1632 .in -2
1633 1633 .sp
1634 1634
1635 1635 .sp
1636 1636 .LP
1637 1637 In the global zone, enter:
1638 1638
1639 1639 .sp
1640 1640 .in +2
1641 1641 .nf
1642 1642 global# \fBls /dev/cua\fR
1643 1643 a a000 a001 a002 a003 a004 a005 a006 a007 b
1644 1644 .fi
1645 1645 .in -2
1646 1646 .sp
1647 1647
1648 1648 .sp
1649 1649 .LP
1650 1650 In the zone \fBflexlm\fR, enter:
1651 1651
1652 1652 .sp
1653 1653 .in +2
1654 1654 .nf
1655 1655 flexlm# \fBls /dev/cua\fR
1656 1656 a002 a003 a004 a005
1657 1657 .fi
1658 1658 .in -2
1659 1659 .sp
1660 1660
1661 1661 .LP
1662 1662 \fBExample 9 \fRSetting a Cap for a Zone to Three CPUs
1663 1663 .sp
1664 1664 .LP
1665 1665 The following sequence uses the \fBzonecfg\fR command to set the CPU cap for a
1666 1666 zone to three CPUs.
1667 1667
1668 1668 .sp
1669 1669 .in +2
1670 1670 .nf
1671 1671 zonecfg:myzone> \fBadd capped-cpu\fR
1672 1672 zonecfg:myzone>capped-cpu> \fBset ncpus=3\fR
1673 1673 zonecfg:myzone>capped-cpu>capped-cpu> \fBend\fR
1674 1674 .fi
1675 1675 .in -2
1676 1676 .sp
1677 1677
1678 1678 .sp
1679 1679 .LP
1680 1680 The preceding sequence, which uses the capped-cpu property, is equivalent to
1681 1681 the following sequence, which makes use of the \fBzone.cpu-cap\fR resource
1682 1682 control.
1683 1683
1684 1684 .sp
1685 1685 .in +2
1686 1686 .nf
1687 1687 zonecfg:myzone> \fBadd rctl\fR
1688 1688 zonecfg:myzone:rctl> \fBset name=zone.cpu-cap\fR
1689 1689 zonecfg:myzone:rctl> \fBadd value (priv=privileged,limit=300,action=none)\fR
1690 1690 zonecfg:myzone:rctl> \fBend\fR
1691 1691 .fi
1692 1692 .in -2
1693 1693 .sp
1694 1694
1695 1695 .LP
1696 1696 \fBExample 10 \fRUsing \fBkstat\fR to Monitor CPU Caps
1697 1697 .sp
1698 1698 .LP
1699 1699 The following command displays information about all CPU caps.
1700 1700
1701 1701 .sp
1702 1702 .in +2
1703 1703 .nf
1704 1704 # \fBkstat -n /cpucaps/\fR
1705 1705 module: caps instance: 0
1706 1706 name: cpucaps_project_0 class: project_caps
1707 1707 above_sec 0
1708 1708 below_sec 2157
1709 1709 crtime 821.048183159
1710 1710 maxusage 2
1711 1711 nwait 0
1712 1712 snaptime 235885.637253027
1713 1713 usage 0
1714 1714 value 18446743151372347932
1715 1715 zonename global
1716 1716
1717 1717 module: caps instance: 0
1718 1718 name: cpucaps_project_1 class: project_caps
1719 1719 above_sec 0
1720 1720 below_sec 0
1721 1721 crtime 225339.192787265
1722 1722 maxusage 5
1723 1723 nwait 0
1724 1724 snaptime 235885.637591677
1725 1725 usage 5
1726 1726 value 18446743151372347932
1727 1727 zonename global
1728 1728
1729 1729 module: caps instance: 0
1730 1730 name: cpucaps_project_201 class: project_caps
1731 1731 above_sec 0
1732 1732 below_sec 235105
1733 1733 crtime 780.37961782
1734 1734 maxusage 100
1735 1735 nwait 0
1736 1736 snaptime 235885.637789687
1737 1737 usage 43
1738 1738 value 100
1739 1739 zonename global
1740 1740
1741 1741 module: caps instance: 0
1742 1742 name: cpucaps_project_202 class: project_caps
1743 1743 above_sec 0
1744 1744 below_sec 235094
1745 1745 crtime 791.72983782
1746 1746 maxusage 100
1747 1747 nwait 0
1748 1748 snaptime 235885.637967512
1749 1749 usage 48
1750 1750 value 100
1751 1751 zonename global
1752 1752
1753 1753 module: caps instance: 0
1754 1754 name: cpucaps_project_203 class: project_caps
1755 1755 above_sec 0
1756 1756 below_sec 235034
1757 1757 crtime 852.104401481
1758 1758 maxusage 75
1759 1759 nwait 0
1760 1760 snaptime 235885.638144304
1761 1761 usage 47
1762 1762 value 100
1763 1763 zonename global
1764 1764
1765 1765 module: caps instance: 0
1766 1766 name: cpucaps_project_86710 class: project_caps
1767 1767 above_sec 22
1768 1768 below_sec 235166
1769 1769 crtime 698.441717859
1770 1770 maxusage 101
1771 1771 nwait 0
1772 1772 snaptime 235885.638319871
1773 1773 usage 54
1774 1774 value 100
1775 1775 zonename global
1776 1776
1777 1777 module: caps instance: 0
1778 1778 name: cpucaps_zone_0 class: zone_caps
1779 1779 above_sec 100733
1780 1780 below_sec 134332
1781 1781 crtime 821.048177123
1782 1782 maxusage 207
1783 1783 nwait 2
1784 1784 snaptime 235885.638497731
1785 1785 usage 199
1786 1786 value 200
1787 1787 zonename global
1788 1788
1789 1789 module: caps instance: 1
1790 1790 name: cpucaps_project_0 class: project_caps
1791 1791 above_sec 0
1792 1792 below_sec 0
1793 1793 crtime 225360.256448422
1794 1794 maxusage 7
1795 1795 nwait 0
1796 1796 snaptime 235885.638714404
1797 1797 usage 7
1798 1798 value 18446743151372347932
1799 1799 zonename test_001
1800 1800
1801 1801 module: caps instance: 1
1802 1802 name: cpucaps_zone_1 class: zone_caps
1803 1803 above_sec 2
1804 1804 below_sec 10524
1805 1805 crtime 225360.256440278
1806 1806 maxusage 106
1807 1807 nwait 0
1808 1808 snaptime 235885.638896443
1809 1809 usage 7
1810 1810 value 100
1811 1811 zonename test_001
1812 1812 .fi
1813 1813 .in -2
1814 1814 .sp
1815 1815
1816 1816 .LP
1817 1817 \fBExample 11 \fRDisplaying CPU Caps for a Specific Zone or Project
1818 1818 .sp
1819 1819 .LP
1820 1820 Using the \fBkstat\fR \fB-c\fR and \fB-i\fR options, you can display CPU caps
1821 1821 for a specific zone or project, as below. The first command produces a display
1822 1822 for a specific project, the second for the same project within zone 1.
1823 1823
1824 1824 .sp
1825 1825 .in +2
1826 1826 .nf
1827 1827 # \fBkstat -c project_caps\fR
1828 1828
1829 1829 # \fBkstat -c project_caps -i 1\fR
1830 1830 .fi
1831 1831 .in -2
1832 1832 .sp
1833 1833
1834 1834 .SH EXIT STATUS
1835 1835 .LP
1836 1836 The following exit values are returned:
1837 1837 .sp
1838 1838 .ne 2
1839 1839 .na
1840 1840 \fB\fB0\fR\fR
1841 1841 .ad
1842 1842 .sp .6
1843 1843 .RS 4n
1844 1844 Successful completion.
1845 1845 .RE
1846 1846
1847 1847 .sp
1848 1848 .ne 2
1849 1849 .na
1850 1850 \fB\fB1\fR\fR
1851 1851 .ad
1852 1852 .sp .6
1853 1853 .RS 4n
1854 1854 An error occurred.
1855 1855 .RE
1856 1856
1857 1857 .sp
1858 1858 .ne 2
1859 1859 .na
1860 1860 \fB\fB2\fR\fR
1861 1861 .ad
1862 1862 .sp .6
1863 1863 .RS 4n
1864 1864 Invalid usage.
1865 1865 .RE
1866 1866
1867 1867 .SH ATTRIBUTES
1868 1868 .LP
1869 1869 See \fBattributes\fR(5) for descriptions of the following attributes:
1870 1870 .sp
1871 1871
1872 1872 .sp
1873 1873 .TS
1874 1874 box;
1875 1875 c | c
1876 1876 l | l .
1877 1877 ATTRIBUTE TYPE ATTRIBUTE VALUE
1878 1878 _
1879 1879 Interface Stability Volatile
1880 1880 .TE
1881 1881
1882 1882 .SH SEE ALSO
1883 1883 .LP
1884 1884 \fBppriv\fR(1), \fBprctl\fR(1), \fBzlogin\fR(1), \fBkstat\fR(1M),
1885 1885 \fBmount\fR(1M), \fBpooladm\fR(1M), \fBpoolcfg\fR(1M), \fBpoold\fR(1M),
1886 1886 \fBrcapd\fR(1M), \fBrctladm\fR(1M), \fBsvcadm\fR(1M), \fBsysidtool\fR(1M),
1887 1887 \fBzfs\fR(1M), \fBzoneadm\fR(1M), \fBpriv_str_to_set\fR(3C),
1888 1888 \fBkstat\fR(3KSTAT), \fBvfstab\fR(4), \fBattributes\fR(5), \fBbrands\fR(5),
1889 1889 \fBfnmatch\fR(5), \fBlx\fR(5), \fBprivileges\fR(5), \fBresource_controls\fR(5),
1890 1890 \fBsecurity-flags\fR(5), \fBzones\fR(5)
1891 1891 .sp
1892 1892 .LP
1893 1893 \fISystem Administration Guide: Solaris Containers-Resource Management, and
1894 1894 Solaris Zones\fR
1895 1895 .SH NOTES
1896 1896 .LP
1897 1897 All character data used by \fBzonecfg\fR must be in US-ASCII encoding.
|
↓ open down ↓ |
1880 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX