| Home | :: | About | :: | Download | :: | Install | :: | Use | :: | Blog |
A zone is a virtualized environment that looks a lot like a regular system. It has its own network, its own processes, its own file systems, and its own identity. As far as an application is concerned, it looks and behaves like a distinct computer. However, zones actually share the same instance of an operating system - in particular, there's just one kernel - so overhead is absolutely minimal.
While the traditional zone administration tools like zonecfg and zoneadm are still available, Tribblix uses zap to manage zones:
zap create-zone -z zone_name [-i ip_address] [other flags] zap destroy-zone -z zone_name
The real value of using zap is to control the software that's installed in a zone. The first interesting flag here is the type, to install a sparse-root or whole-root zone:
-t sparse -t whole
For a sparse-root zone, the software is essentially fixed
(as /usr is a read-only loopback mount). For a whole-root
zone, the default is for the zone to contain the same software as the
global zone, but this can be changed. Use the -o flag to
select the overlays to be copied from the global zone. For example:
-o develop -o java
will result in a zone that contains the java and develop overlays (and
any overlays needed for dependency resolution). Note that if you
specify an overlay that isn't installed in the global zone, then it
won't install that overlay - use the -O flag instead (see
below).
Furthermore, you can add
additional overlays with the -O flag, for example:
-O groovy
which will result in the groovy overlay being added to the new zone. (And any prerequisites.)
You can create a file system that should exist in the zone with
the -d flag. For example:
-d /data/www
will create a directory /data/www inside the zone, ready for you to fill with data.
The -U flag specifies a user account to be shared with
the zone. The account will be created in the zone with the same
details as in the global zone, and the home directory will be
shared. In addition, that user is delegated management of the zone,
including the ability to use zlogin to connect to the zone. Note that
this mechanism gives the delegated user full root access to the zone,
and potentially full root access to the global zone via shared file
systems, so should be used with caution.
A regular sparse-root zone has, by necessity, the same software installed as the global zone. A whole-root zone has its own independent set of software, so it can have any software installed that you like. Another option is to construct a zone template which, like a whole-root zone, has a completely independent set of software packages. You can then create sparse-root zones based on that template, allowing you to have a sparse-root zone that has different software to the global zone. To create a template:
zap create-zone-template -T template_name [-d extra_dir] [-o overlay] [-O overlay]
where the -d, -o, and -O flags
have the same meanings as before. Then you can use create-zone with
the extra -T flag to specify the template the zone should
be built from:
zap create-zone -z zone_name -T template_name [other flags]
Another zone variant is the alien zone. An alien-root zone contains file systems derived from an ISO image of an alternative illumos distribution. This assumes that the other distribution is compatible - generally illumos isn't making changes in the critical system interfaces, so it works if the other distribution is of similar vintage to the Tribblix system you're running, and if it's a distribution whose installation ISO is known to Tribblix. (Currently, this should handle OpenIndiana, OmniOS, and DilOS.)
To create an alien zone, the command is:
zap create-zone -z zone_name -t alien -I /path/to/iso/image [other flags]
where the -t flag must specify alien, and
the -I flag tells it where the iso image is to be
found. The file systems will be populated from the ISO, and the
installation will attempt to undo the customizations needed for a live
boot environment. For obvious reasons, the -o
and -O flags aren't appropriate.
The bhyve hypervisor allows you to run most operating systems in a virtual machine. For convenience, this is most easily managed inside a special lightweight zone.
To create an alien zone, the command is:
zap create-zone -z zone_name -t bhyve -V 8G -I /path/to/iso/image [other flags]
where the -t flag must specify bhve, and
the -I flag tells it where a bootable iso image is to be
found. The -V flags specifies the size of a ZFS volume
that will be presented to the virtual machine as a disk drive.