System Administration Commands zoneadm(1M)
NAME
zoneadm - administer zones
SYNOPSIS
zoneadm -z zonename subcommand [subcommand_options]
zoneadm [-z zonename] list [list_options]
DESCRIPTION
The zoneadm utility is used to administer system zones. A
zone is an application container that is maintained by the
operating system runtime.
SECURITY
Once a process has been placed in a zone other than zone 0,
the process or any of its children cannot change zones.
OPTIONS
The following options are supported:
-z zonename String identifier for a zone.
SUBCOMMANDS
Subcommands which can result in destructive actions or loss
of work have a -F flag to force the action. If input is from
a terminal device, the user is prompted if such a command is
given without the -F flag; otherwise, if such a command is
given without the -F flag, the action is disallowed, with a
diagnostic message written to standard error. If a zone ins-
tallation or uninstallation is interrupted, the zone is left
in the incomplete state. Use uninstall to reset such a zone
back to the configured state.
The following subcommands are supported:
boot [boot_options]
Boot (or activate) the specified zones.
The following boot_options are supported:
-s Boots only to milestone svc:/milestone/single-
user:default. This milestone is equivalent to
init level s. See svc.startd(1M) and init(1M).
halt
Halt the specified zones. halt bypasses running the
shutdown scripts inside the zone. It also removes run
time resources of the zone.
Use:
zlogin zone shutdown
to cleanly shutdown the zone by running the shutdown
scripts.
help [subcommand]
Display general help. If you specify subcommand,
displays help on subcommand.
install
Install the specified zone on the system. This subcom-
mand automatically attempts to verify first. It refuses
to install if the verify step fails. See the verify sub-
command.
list [list_options]
Display the name of the current zones, or the specified
zone if indicated.
By default, all running zones are listed. If you use
this subcommand with the zoneadm -z zonename option, it
lists only the specified zone, regardless of its state.
In this case, the -i and -c options are disallowed.
The following list_options are supported:
-c Display all configured zones.
-i Expand the display to all installed zones.
-p Request machine parsable output.
The -v and -p options are mutually exclusive.
If neither -v nor -p is used, just the zone
name is listed.
-v Display verbose information, including zone
name, id, current state, root directory and
options.
The -v and -p options are mutually exclusive.
If neither -v nor -p is used, just the zone
name is listed.
ready
Prepares a zone for running applications but does not
start any user processes in the zone.
reboot
Restart the zones. This is equivalent to a halt boot
sequence. This subcommand fails if the specified zones
are not active.
uninstall [-F]
Uninstall the specified zone from the system. Use this
subcommand with caution. It removes all of the files
under the zonepath of the zone in question. You can use
the -F flag to force the action.
verify
Check to make sure the configuration of the specified
zone can safely be installed on the machine. Following
is a break-down of the checks by resource/property type:
zonepath
zonepath and its parent directory exist and are
owned by root with appropriate modes . The appropri-
ate modes are that zonepath is 700, its parent is
not group or world-writable and so forth. zonepath
is not over an NFS mount. A sub-directory of the
zonepath named "root" does not exist.
If zonepath does not exist, the verify does not
fail, but merely warns that a subsequent install
will attempt to create it with proper permissions. A
verify subsequent to that might fail should anything
go wrong.
fs
Any fs resources have their type value checked. An
error is reported if the value is one of proc,
mntfs, autofs, cachefs, or nfs or the filesystem
does not have an associated mount binary at
/usr/lib/fs/<fstype>/mount.
It is an error for the directory to be a relative
path.
It is an error for the path specified by raw to be a
relative path or if there is no fsck binary for a
given filesystem type at /usr/lib/fs/<fstype>/fsck.
It is also an error if a corresponding fsck binary
exists but a raw path is not specified.
net
All physical network interfaces exist. All network
address resources are one of:
o a valid IPv4 address, optionally followed by
"/" and a prefix length;
o a valid IPv6 address, which must be followed by
"/" and a prefix length;
o a host name which resolves to an IPv4 address.
rctl
It also verifies that any defined resource control
values are valid on the current machine. This means
that the privilege level is privileged, the limit is
lower than the currently defined system value, and
that the defined action agrees with the actions that
are valid for the given resource control.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
2 Invalid usage.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWzoneu |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
SEE ALSO
svcs(1), zlogin(1), zonename(1), svcadm(1M), svc.startd(1M)
and init(1M), svc.startd(1M), zonecfg(1M), attributes(5),
smf(5), zones(5)
NOTES
The zones(5) service is managed by the service management
facility, smf(5), under the service identifier:
svc:/system/zones:default
Administrative actions on this service, such as enabling,
disabling, or requesting restart, can be performed using
svcadm(1M). The service's status can be queried using the
svcs(1) command.
The act of installing a new non-global zone is a fresh ins-
tallation of the Solaris operating system. A new installa-
tion of Solaris must not require interaction with the user
(that is, it must be "hands off"). Because of this, packages
installed in the global zone and all non-global zones cannot
contain request scripts (see pkgask(1M)). If a package did
have a request script, then the creation of a non-global
zone could not be done without user intervention. Any pack-
age that contains a request script is added to the global
zone only. See pkgadd(1M).
|
|
