1zoneadm(1M) System Administration Commands zoneadm(1M)
2
6 zoneadm - administer zones
7
9 zoneadm -z zonename [-u uuid-match] subcommand
10 [subcommand_options]
11 zoneadm [-R root] [-z zonename] [-u uuid-match] list
14 [list_options]
15 zoneadm [-R root] -z zonename [-u uuid-match] mark incomplete
18
21 The zoneadm utility is used to administer system zones. A zone is an
22 application container that is maintained by the operating system run‐
23 time.
24
26 Once a process has been placed in a zone other than zone 0, the process
27 or any of its children cannot change zones.
28
30 The following options are supported:
31 -R root
33 Specify an alternate root (boot environment). This option can only
35 be used in conjunction with the "list" and "mark" subcommands.
36 -u uuid-match
39 Unique identifier for a zone, as assigned by libuuid(3LIB). If this
41 option is present and the argument is a non-empty string, then the
42 zone matching the UUID is selected instead of the one named by the
43 -z option, if such a zone is present.
44 -z zonename
47 String identifier for a zone.
49
52 Subcommands which can result in destructive actions or loss of work
53 have a -F flag to force the action. If input is from a terminal device,
54 the user is prompted if such a command is given without the -F flag;
55 otherwise, if such a command is given without the -F flag, the action
56 is disallowed, with a diagnostic message written to standard error. If
57 a zone installation or uninstallation is interrupted, the zone is left
58 in the incomplete state. Use uninstall to reset such a zone back to the
59 configured state.
60 The following subcommands are supported:
63 attach [-F] [-n path] [brand-specific options]
65 The attach subcommand takes a zone that has been detached from one
67 system and attaches the zone onto a new system. Therefore, it is
68 advised (though not required) that the detach subcommand should be
69 run before the "attach" takes place. Once you have the new zone in
70 the configured state, use the attach subcommand to set up the zone
71 root instead of installing the zone as a new zone.
72 The -F option can be used to force the zone into the "installed"
74 state with no validation. This option should be used with care
75 since it can leave the zone in an unsupportable state if it was
76 moved from a source system to a target system that is unable to
77 properly host the zone. The -n option can be used to run the attach
78 subcommand, without executing the command. It uses the output of
79 the "detach -n" subcommand as input and is useful to identify any
80 conflicting issues, such as the network device being incompatible,
81 and can also determine whether the host is capable of supporting
82 the zone. The path can be "-", to read the input from standard
83 input.
84 The zone's brand may include additional options that govern how the
86 zone will be attached. See brands(5) for specific brand informa‐
87 tion.
88 The zone being attached must first be configured using the zonecfg
90 (see zonecfg(1M)) command. This does not apply when running "attach
91 -n".
92 Use the following command to attach a zone:
94 # zoneadm -z my-zone attach
96 boot [-- boot_options]
101 Boot (or activate) the specified zones.
103 The following boot_options are supported:
105 -i altinit
107 Select an alternative executable to be the primordial Process.
109 altinit is a valid path to an executable. The default primor‐
110 dial process is init(1M).
111 -m smf_options
114 The smf_options include two categories of options to control
116 booting behavior of the service management facility: recovery
117 options and messages options.
118 Message options determine the type and amount of messages that
120 smf(5) displays during boot. Service options determine the ser‐
121 vices which are used to boot the system. See kernel(1M) for a
122 listing of the -m suboptions.
123 -s
126 Boots only to milestone svc:/milestone/single-user:default.
128 This milestone is equivalent to init level s. See
129 svc.startd(1M) and init(1M).
130 clone [-m copy] [-s zfs_snapshot] source_zone
134 Install a zone by copying an existing installed zone. This subcom‐
136 mand is an alternative way to install the zone.
137 -m copy
139 Force the clone to be a copy, even if a "ZFS clone" is possi‐
141 ble.
142 -s zfs_snapshot
145 Specify the name of a ZFS snapshot to use as the source of the
147 clone. The snapshot must be a snapshot of the source zone taken
148 from a previous "zoneadm clone" installation.
149 The source zone must be halted before this subcommand can be used.
151 detach [-n]
154 Detach the specified zone. Detaching a zone is the first step in
156 moving a zone from one system to another. The full procedure to
157 migrate a zone is that the zone is detached, the zonepath directory
158 is moved to the new host, and then the zone is attached on the new
159 host. Once the zone is detached, it is left in the configured
160 state. If you try to install or clone to a configured zone that has
161 been detached, you will receive an error message and the install or
162 clone subcommand will not be allowed to proceed. The -n option can
163 be used to run the detach subcommand, without executing the com‐
164 mand. This generates the information needed for running the "attach
165 -n" subcommand, which is useful to identify any conflicting issues,
166 such as the network device being incompatible or if the host is
167 capable of supporting the zone. The information is sent to standard
168 output and can be saved to a file or piped to the "attach -n" sub‐
169 command.
170 Use the following command to detach a zone:
172 # zoneadm -z my-zone detach
174 The source zone must be halted before this subcommand can be used.
177 halt
180 Halt the specified zones. halt bypasses running the shutdown
182 scripts inside the zone. It also removes run time resources of the
183 zone.
184 Use:
186 zlogin zone shutdown
188 to cleanly shutdown the zone by running the shutdown scripts.
191 help [subcommand]
194 Display general help. If you specify subcommand, displays help on
196 subcommand.
197 install [-x nodataset] [brand-specific options]
200 Install the specified zone on the system. This subcommand automati‐
202 cally attempts to verify first. It refuses to install if the verify
203 step fails. See the verify subcommand.
204 -x nodataset
206 Do not create a ZFS file system.
208 The zone's brand may include additional options that govern how the
210 software will be installed in the zone. See brands(5) for specific
211 brand information.
212 list [list_options]
215 Display the name of the current zones, or the specified zone if
217 indicated.
218 By default, all running zones are listed. If you use this subcom‐
220 mand with the zoneadm -z zonename option, it lists only the speci‐
221 fied zone, regardless of its state. In this case, the -i and -c
222 options are disallowed.
223 If neither the -i or -c options are given, all running zones are
225 listed.
226 The following list_options are supported:
228 -c
230 Display all configured zones. This option overides the -i
232 option.
233 -i
236 Expand the display to all installed zones.
238 -p
241 Request machine parsable output. The output format is a list of
243 lines, one per zone, with colon- delimited fields. These fields
244 are:
245 zoneid:zonename:state:zonepath:uuid:brand:ip-type
247 If the zonepath contains embedded colons, they can be escaped
250 by a backslash (""), which is parsable by using the shell
251 read(1) function with the environmental variable IFS. The uuid
252 value is assigned by libuuid(3LIB) when the zone is installed,
253 and is useful for identifying the same zone when present (or
254 renamed) on alternate boot environments. Any software that
255 parses the output of the "zoneadm list -p" command must be able
256 to handle any fields that may be added in the future.
257 The -v and -p options are mutually exclusive. If neither -v nor
259 -p is used, just the zone name is listed.
260 -v
263 Display verbose information, including zone name, id, current
265 state, root directory, brand type, ip-type, and options.
266 The -v and -p options are mutually exclusive. If neither -v nor
268 -p is used, just the zone name is listed.
269 mark incomplete
273 Change the state of an installed zone to "incomplete." This command
275 may be useful in cases where administrative changes on the system
276 have rendered a zone unusable or inconsistent. This change cannot
277 be undone (except by uninstalling the zone).
278 move new_zonepath
281 Move the zonepath to new_zonepath. The zone must be halted before
283 this subcommand can be used. The new_zonepath must be a local file
284 system and normal restrictions for zonepath apply.
285 ready
288 Prepares a zone for running applications but does not start any
290 user processes in the zone.
291 reboot
294 Restart the zones. This is equivalent to a halt boot sequence. This
296 subcommand fails if the specified zones are not active.
297 uninstall [-F]
300 Uninstall the specified zone from the system. Use this subcommand
302 with caution. It removes all of the files under the zonepath of the
303 zone in question. You can use the -F flag to force the action.
304 verify
307 Check to make sure the configuration of the specified zone can
309 safely be installed on the machine. Following is a break-down of
310 the checks by resource/property type:
311 zonepath
313 zonepath and its parent directory exist and are owned by root
315 with appropriate modes . The appropriate modes are that
316 zonepath is 700, its parent is not group or world-writable and
317 so forth. zonepath is not over an NFS mount. A sub-directory of
318 the zonepath named "root" does not exist.
319 If zonepath does not exist, the verify does not fail, but
321 merely warns that a subsequent install will attempt to create
322 it with proper permissions. A verify subsequent to that might
323 fail should anything go wrong.
324 zonepath cannot be a symbolic link.
326 fs
329 Any fs resources have their type value checked. An error is
331 reported if the value is one of proc, mntfs, autofs, cachefs,
332 or nfs or the filesystem does not have an associated mount
333 binary at /usr/lib/fs/<fstype>/mount.
334 It is an error for the directory to be a relative path.
336 It is an error for the path specified by raw to be a relative
338 path or if there is no fsck binary for a given filesystem type
339 at /usr/lib/fs/<fstype>/fsck. It is also an error if a corre‐
340 sponding fsck binary exists but a raw path is not specified.
341 net
344 All physical network interfaces exist. All network address
346 resources are one of:
347 o a valid IPv4 address, optionally followed by "/" and
349 a prefix length;
350 o a valid IPv6 address, which must be followed by "/"
352 and a prefix length;
353 o a host name which resolves to an IPv4 address.
355 Note that hostnames that resolve to IPv6 addresses are not sup‐
356 ported.
357 The physical interface name is the network interface name.
359 A zone can be configured to be either exclusive-IP or shared-
361 IP. For a shared-IP zone, both the physical and address proper‐
362 ties must be set. For an exclusive-IP zone, the physical prop‐
363 erty must be set and the address property cannot be set.
364 rctl
367 It also verifies that any defined resource control values are
369 valid on the current machine. This means that the privilege
370 level is privileged, the limit is lower than the currently
371 defined system value, and that the defined action agrees with
372 the actions that are valid for the given resource control.
373
377 Example 1 Using the -m Option
378 The following command illustrates the use of the -m option.
381 # zoneadm boot -- -m verbose
384 Example 2 Using the -i Option
388 The following command illustrates the use of the -i option.
391 # zoneadm boot -- -i /sbin/init
394 Example 3 Using the -s Option
398 The following command illustrates the use of the -s option.
401 # zoneadm boot -- -s
404
408 The following exit values are returned:
409 0
411 Successful completion.
413 1
416 An error occurred.
418 2
421 Invalid usage.
423
426 See attributes(5) for descriptions of the following attributes:
427 ┌─────────────────────────────┬─────────────────────────────┐
432 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
433 ├─────────────────────────────┼─────────────────────────────┤
434 │Availability │SUNWzoneu │
435 ├─────────────────────────────┼─────────────────────────────┤
436 │Interface Stability │Committed │
437 └─────────────────────────────┴─────────────────────────────┘
438
440 read(1), svcs(1), zlogin(1), zonename(1), init(1M), kernel(1M),
441 svcadm(1M), svc.startd(1M), svc.startd(1M), zonecfg(1M), libuuid(3LIB),
442 attributes(5), brands(5), native(5), smf(5), zones(5)
443
445 The zones(5) service is managed by the service management facility,
446 smf(5), under the service identifier:
447 svc:/system/zones:default
449 Administrative actions on this service, such as enabling, disabling, or
454 requesting restart, can be performed using svcadm(1M). The service's
455 status can be queried using the svcs(1) command.
456 The act of installing a new non-global zone is a fresh installation of
459 the Solaris operating system. A new installation of Solaris must not
460 require interaction with the user (that is, it must be "hands off").
461 Because of this, packages installed in the global zone and all non-
462 global zones cannot contain request scripts (see pkgask(1M)). If a
463 package did have a request script, then the creation of a non-global
464 zone could not be done without user intervention. Any package that con‐
465 tains a request script is added to the global zone only. See
466 pkgadd(1M).
467SunOS 5.11 13 Feb 2009 zoneadm(1M)