1zoneadm(1M) System Administration Commands zoneadm(1M)
2
3
4
6 zoneadm - administer zones
7
9 zoneadm -z zonename [-u uuid-match] subcommand
10 [subcommand_options]
11
12
13 zoneadm [-R root] [-z zonename] [-u uuid-match] list
14 [list_options]
15
16
17 zoneadm [-R root] -z zonename [-u uuid-match] mark incomplete
18
19
21 The zoneadm utility is used to administer system zones. A zone is an
22 application container that is maintained by the operating system run‐
23 time.
24
26 Once a process has been placed in a zone other than zone 0, the process
27 or any of its children cannot change zones.
28
30 The following options are supported:
31
32 -R root
33
34 Specify an alternate root (boot environment). This option can only
35 be used in conjunction with the "list" and "mark" subcommands.
36
37
38 -u uuid-match
39
40 Unique identifier for a zone, as assigned by libuuid(3LIB). If this
41 option is present and the argument is a non-empty string, then the
42 zone matching the UUID is selected instead of the one named by the
43 -z option, if such a zone is present.
44
45
46 -z zonename
47
48 String identifier for a zone.
49
50
52 Subcommands which can result in destructive actions or loss of work
53 have a -F flag to force the action. If input is from a terminal device,
54 the user is prompted if such a command is given without the -F flag;
55 otherwise, if such a command is given without the -F flag, the action
56 is disallowed, with a diagnostic message written to standard error. If
57 a zone installation or uninstallation is interrupted, the zone is left
58 in the incomplete state. Use uninstall to reset such a zone back to the
59 configured state.
60
61
62 The following subcommands are supported:
63
64 attach [-F] [-n path] [brand-specific options]
65
66 The attach subcommand takes a zone that has been detached from one
67 system and attaches the zone onto a new system. Therefore, it is
68 advised (though not required) that the detach subcommand should be
69 run before the "attach" takes place. Once you have the new zone in
70 the configured state, use the attach subcommand to set up the zone
71 root instead of installing the zone as a new zone.
72
73 The -F option can be used to force the zone into the "installed"
74 state with no validation. This option should be used with care
75 since it can leave the zone in an unsupportable state if it was
76 moved from a source system to a target system that is unable to
77 properly host the zone. The -n option can be used to run the attach
78 subcommand, without executing the command. It uses the output of
79 the "detach -n" subcommand as input and is useful to identify any
80 conflicting issues, such as the network device being incompatible,
81 and can also determine whether the host is capable of supporting
82 the zone. The path can be "-", to read the input from standard
83 input.
84
85 The zone's brand may include additional options that govern how the
86 zone will be attached. See brands(5) for specific brand informa‐
87 tion.
88
89 The zone being attached must first be configured using the zonecfg
90 (see zonecfg(1M)) command. This does not apply when running "attach
91 -n".
92
93 Use the following command to attach a zone:
94
95 # zoneadm -z my-zone attach
96
97
98
99
100 boot [-- boot_options]
101
102 Boot (or activate) the specified zones.
103
104 The following boot_options are supported:
105
106 -i altinit
107
108 Select an alternative executable to be the primordial Process.
109 altinit is a valid path to an executable. The default primor‐
110 dial process is init(1M).
111
112
113 -m smf_options
114
115 The smf_options include two categories of options to control
116 booting behavior of the service management facility: recovery
117 options and messages options.
118
119 Message options determine the type and amount of messages that
120 smf(5) displays during boot. Service options determine the ser‐
121 vices which are used to boot the system. See kernel(1M) for a
122 listing of the -m suboptions.
123
124
125 -s
126
127 Boots only to milestone svc:/milestone/single-user:default.
128 This milestone is equivalent to init level s. See
129 svc.startd(1M) and init(1M).
130
131
132
133 clone [-m copy] [-s zfs_snapshot] source_zone
134
135 Install a zone by copying an existing installed zone. This subcom‐
136 mand is an alternative way to install the zone.
137
138 -m copy
139
140 Force the clone to be a copy, even if a "ZFS clone" is possi‐
141 ble.
142
143
144 -s zfs_snapshot
145
146 Specify the name of a ZFS snapshot to use as the source of the
147 clone. The snapshot must be a snapshot of the source zone taken
148 from a previous "zoneadm clone" installation.
149
150 The source zone must be halted before this subcommand can be used.
151
152
153 detach [-n]
154
155 Detach the specified zone. Detaching a zone is the first step in
156 moving a zone from one system to another. The full procedure to
157 migrate a zone is that the zone is detached, the zonepath directory
158 is moved to the new host, and then the zone is attached on the new
159 host. Once the zone is detached, it is left in the configured
160 state. If you try to install or clone to a configured zone that has
161 been detached, you will receive an error message and the install or
162 clone subcommand will not be allowed to proceed. The -n option can
163 be used to run the detach subcommand, without executing the com‐
164 mand. This generates the information needed for running the "attach
165 -n" subcommand, which is useful to identify any conflicting issues,
166 such as the network device being incompatible or if the host is
167 capable of supporting the zone. The information is sent to standard
168 output and can be saved to a file or piped to the "attach -n" sub‐
169 command.
170
171 Use the following command to detach a zone:
172
173 # zoneadm -z my-zone detach
174
175
176 The source zone must be halted before this subcommand can be used.
177
178
179 halt
180
181 Halt the specified zones. halt bypasses running the shutdown
182 scripts inside the zone. It also removes run time resources of the
183 zone.
184
185 Use:
186
187 zlogin zone shutdown
188
189
190 to cleanly shutdown the zone by running the shutdown scripts.
191
192
193 help [subcommand]
194
195 Display general help. If you specify subcommand, displays help on
196 subcommand.
197
198
199 install [-x nodataset] [brand-specific options]
200
201 Install the specified zone on the system. This subcommand automati‐
202 cally attempts to verify first. It refuses to install if the verify
203 step fails. See the verify subcommand.
204
205 -x nodataset
206
207 Do not create a ZFS file system.
208
209 The zone's brand may include additional options that govern how the
210 software will be installed in the zone. See brands(5) for specific
211 brand information.
212
213
214 list [list_options]
215
216 Display the name of the current zones, or the specified zone if
217 indicated.
218
219 By default, all running zones are listed. If you use this subcom‐
220 mand with the zoneadm -z zonename option, it lists only the speci‐
221 fied zone, regardless of its state. In this case, the -i and -c
222 options are disallowed.
223
224 If neither the -i or -c options are given, all running zones are
225 listed.
226
227 The following list_options are supported:
228
229 -c
230
231 Display all configured zones. This option overides the -i
232 option.
233
234
235 -i
236
237 Expand the display to all installed zones.
238
239
240 -p
241
242 Request machine parsable output. The output format is a list of
243 lines, one per zone, with colon- delimited fields. These fields
244 are:
245
246 zoneid:zonename:state:zonepath:uuid:brand:ip-type
247
248
249 If the zonepath contains embedded colons, they can be escaped
250 by a backslash (""), which is parsable by using the shell
251 read(1) function with the environmental variable IFS. The uuid
252 value is assigned by libuuid(3LIB) when the zone is installed,
253 and is useful for identifying the same zone when present (or
254 renamed) on alternate boot environments. Any software that
255 parses the output of the "zoneadm list -p" command must be able
256 to handle any fields that may be added in the future.
257
258 The -v and -p options are mutually exclusive. If neither -v nor
259 -p is used, just the zone name is listed.
260
261
262 -v
263
264 Display verbose information, including zone name, id, current
265 state, root directory, brand type, ip-type, and options.
266
267 The -v and -p options are mutually exclusive. If neither -v nor
268 -p is used, just the zone name is listed.
269
270
271
272 mark incomplete
273
274 Change the state of an installed zone to "incomplete." This command
275 may be useful in cases where administrative changes on the system
276 have rendered a zone unusable or inconsistent. This change cannot
277 be undone (except by uninstalling the zone).
278
279
280 move new_zonepath
281
282 Move the zonepath to new_zonepath. The zone must be halted before
283 this subcommand can be used. The new_zonepath must be a local file
284 system and normal restrictions for zonepath apply.
285
286
287 ready
288
289 Prepares a zone for running applications but does not start any
290 user processes in the zone.
291
292
293 reboot
294
295 Restart the zones. This is equivalent to a halt boot sequence. This
296 subcommand fails if the specified zones are not active.
297
298
299 uninstall [-F]
300
301 Uninstall the specified zone from the system. Use this subcommand
302 with caution. It removes all of the files under the zonepath of the
303 zone in question. You can use the -F flag to force the action.
304
305
306 verify
307
308 Check to make sure the configuration of the specified zone can
309 safely be installed on the machine. Following is a break-down of
310 the checks by resource/property type:
311
312 zonepath
313
314 zonepath and its parent directory exist and are owned by root
315 with appropriate modes . The appropriate modes are that
316 zonepath is 700, its parent is not group or world-writable and
317 so forth. zonepath is not over an NFS mount. A sub-directory of
318 the zonepath named "root" does not exist.
319
320 If zonepath does not exist, the verify does not fail, but
321 merely warns that a subsequent install will attempt to create
322 it with proper permissions. A verify subsequent to that might
323 fail should anything go wrong.
324
325 zonepath cannot be a symbolic link.
326
327
328 fs
329
330 Any fs resources have their type value checked. An error is
331 reported if the value is one of proc, mntfs, autofs, cachefs,
332 or nfs or the filesystem does not have an associated mount
333 binary at /usr/lib/fs/<fstype>/mount.
334
335 It is an error for the directory to be a relative path.
336
337 It is an error for the path specified by raw to be a relative
338 path or if there is no fsck binary for a given filesystem type
339 at /usr/lib/fs/<fstype>/fsck. It is also an error if a corre‐
340 sponding fsck binary exists but a raw path is not specified.
341
342
343 net
344
345 All physical network interfaces exist. All network address
346 resources are one of:
347
348 o a valid IPv4 address, optionally followed by "/" and
349 a prefix length;
350
351 o a valid IPv6 address, which must be followed by "/"
352 and a prefix length;
353
354 o a host name which resolves to an IPv4 address.
355 Note that hostnames that resolve to IPv6 addresses are not sup‐
356 ported.
357
358 The physical interface name is the network interface name.
359
360 A zone can be configured to be either exclusive-IP or shared-
361 IP. For a shared-IP zone, both the physical and address proper‐
362 ties must be set. For an exclusive-IP zone, the physical prop‐
363 erty must be set and the address property cannot be set.
364
365
366 rctl
367
368 It also verifies that any defined resource control values are
369 valid on the current machine. This means that the privilege
370 level is privileged, the limit is lower than the currently
371 defined system value, and that the defined action agrees with
372 the actions that are valid for the given resource control.
373
374
375
377 Example 1 Using the -m Option
378
379
380 The following command illustrates the use of the -m option.
381
382
383 # zoneadm boot -- -m verbose
384
385
386
387 Example 2 Using the -i Option
388
389
390 The following command illustrates the use of the -i option.
391
392
393 # zoneadm boot -- -i /sbin/init
394
395
396
397 Example 3 Using the -s Option
398
399
400 The following command illustrates the use of the -s option.
401
402
403 # zoneadm boot -- -s
404
405
406
408 The following exit values are returned:
409
410 0
411
412 Successful completion.
413
414
415 1
416
417 An error occurred.
418
419
420 2
421
422 Invalid usage.
423
424
426 See attributes(5) for descriptions of the following attributes:
427
428
429
430
431 ┌─────────────────────────────┬─────────────────────────────┐
432 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
433 ├─────────────────────────────┼─────────────────────────────┤
434 │Availability │SUNWzoneu │
435 ├─────────────────────────────┼─────────────────────────────┤
436 │Interface Stability │Committed │
437 └─────────────────────────────┴─────────────────────────────┘
438
440 read(1), svcs(1), zlogin(1), zonename(1), init(1M), kernel(1M),
441 svcadm(1M), svc.startd(1M), svc.startd(1M), zonecfg(1M), libuuid(3LIB),
442 attributes(5), brands(5), native(5), smf(5), zones(5)
443
445 The zones(5) service is managed by the service management facility,
446 smf(5), under the service identifier:
447
448 svc:/system/zones:default
449
450
451
452
453 Administrative actions on this service, such as enabling, disabling, or
454 requesting restart, can be performed using svcadm(1M). The service's
455 status can be queried using the svcs(1) command.
456
457
458 The act of installing a new non-global zone is a fresh installation of
459 the Solaris operating system. A new installation of Solaris must not
460 require interaction with the user (that is, it must be "hands off").
461 Because of this, packages installed in the global zone and all non-
462 global zones cannot contain request scripts (see pkgask(1M)). If a
463 package did have a request script, then the creation of a non-global
464 zone could not be done without user intervention. Any package that con‐
465 tains a request script is added to the global zone only. See
466 pkgadd(1M).
467
468
469
470SunOS 5.11 13 Feb 2009 zoneadm(1M)