A zone is a virtualized environment that looks a lot like a regular system. It has its own network, its own processes, its own file systems, and its own identity. As far as an application is concerned, it looks and behaves like a distinct computer. However, zones actually share the same instance of an operating system - in particular, there's just one kernel - so overhead is absolutely minimal.
While the traditional zone administration tools like zonecfg and zoneadm are still available, Tribblix uses zap to manage zones:
zap create-zone -z zone_name [-i ip_address] [other flags] zap destroy-zone -z zone_name
The real value of using zap is to control the software that's installed in a zone. The first interesting flag here is the type, to install a sparse-root or whole-root zone:
-t sparse -t wholeFor a sparse-root zone, the software is essentially fixed (as
/usris a read-only loopback mount). For a whole-root zone, the default is for the zone to contain the same software as the global zone, but this can be changed. Use the
-oflag to select the overlays to be copied from the global zone. For example:
-o develop -o javawill result in a zone that contains the java and develop overlays (and any overlays needed for dependency resolution). Note that if you specify an overlay that isn't installed in the global zone, then it won't install that overlay - use the
-Oflag instead (see below).
Furthermore, you can add
additional overlays with the
-O flag, for example:
-O groovywhich will result in the groovy overlay being added to the new zone. (And any prerequisites.)
You can create a file system that should exist in the zone with
-d flag. For example:
-d /data/wwwwill create a directory /data/www inside the zone, ready for you to fill with data.
-U flag specifies a user account to be shared with
the zone. The account will be created in the zone with the same
details as in the global zone, and the home directory will be
shared. In addition, that user is delegated management of the zone,
including the ability to use zlogin to connect to the zone. Note that
this mechanism gives the delegated user full root access to the zone,
and potentially full root access to the global zone via shared file
systems, so should be used with caution.
A regular sparse-root zone has, by necessity, the same software installed as the global zone. A whole-root zone has its own independent set of software, so it can have any software installed that you like. Another option is to construct a zone template which, like a whole-root zone, has a completely independent set of software packages. You can then create sparse-root zones based on that template, allowing you to have a sparse-root zone that has different software to the global zone. To create a template:
zap create-zone-template -T template_name [-d extra_dir] [-o overlay] [-O overlay]where the
-Oflags have the same meanings as before. Then you can use create-zone with the extra
-Tflag to specify the template the zone should be built from:
zap create-zone -z zone_name -T template_name [other flags]
Another zone variant is the alien zone. An alien-root zone contains file systems derived from an ISO image of an alternative illumos distribution. This assumes that the other distribution is compatible - generally illumos isn't making changes in the critical system interfaces, so it works if the other distribution is of similar vintage to the Tribblix system you're running, and if it's a distribution whose installation ISO is known to Tribblix. (Currently, this should handle OpenIndiana, OmniOS, and DilOS.)
To create an alien zone, the command is:
zap create-zone -z zone_name -t alien -I /path/to/iso/image [other flags]where the
-tflag must specify alien, and the
-Iflag tells it where the iso image is to be found. The file systems will be populated from the ISO, and the installation will attempt to undo the customizations needed for a live boot environment. For obvious reasons, the
-Oflags aren't appropriate.