- Solaris Containers
Solaris Containers (including Solaris Zones) is an implementation of
operating system-level virtualization technology first made available in 2005 as part ofSolaris 10 .A Solaris Container is the combination of system resource controls and the boundary separation provided by "zones". Zones act as completely isolated virtual servers within a single operating system instance. By consolidating multiple sets of application services onto one system and by placing each into isolated virtual server containers, system administrators can reduce cost and provide all the same protections of separate machines on a single machine.
Terminology
There is always one zone defined, named the "global" zone. Zones hosted by a global zone are known as "non-global zones" but are sometimes just called "zones." The term "local zone" is specifically discouraged, since in this usage "local" is not an antonym of "global." The global zone encompasses all processes running on the system, whether or not these processes are running within a non-global zone. Unless otherwise noted, "zone" will refer to non-global zones in this article.
Description
Each zone has its own node name, virtual network interfaces, and storage assigned to it; there is no requirement for a zone to have any minimum amount of dedicated hardware other than the disk storage necessary for its unique configuration. Specifically, it does not require a dedicated CPU, memory, physical network interface or HBA, although any of these can be allocated specifically to one zone.
Each zone has a security boundary surrounding it which prevents a process associated with one zone from interacting with or observing processes in other zones. Each zone can be configured with its own separate user list. The system automatically manages user ID conflicts; that is, two zones on a system could have a user ID 10000 defined, and each would be mapped to its own unique global identifier.
A zone can be assigned to a resource pool (processor set plus scheduling class) to guarantee certain usage, or can be given shares via
fair-share scheduling . A zone can be in one of the following states:
*Configured: configuration was completed and committed
*Installed: the packages have been successfully installed
*Ready: the virtual platform has been established
*Running: the zone booted successfully and is now running
*Shutting down: the zone is in the process of shutting down - this is a temporary state, leading to "Down"
*Down: the zone has completed the shut down process and is down - this is a temporary state, leading to "Installed"Some programs cannot be executed from within a non-global zone; typically this is because the application requires privileges that cannot be granted within a container. As a zone does not have its own separate kernel (in contrast to a hardware virtual machine), applications that require direct manipulation of kernel features, such as the ability to directly read or alter kernel memory space, may not work inside of a container.
Resources needed
Zones induce a very low overhead on CPU and memory. Currently a maximum of 8191 non-global zones can be created within a single operating system instance. "Sparse Zones", in which most filesystem content is shared with the global zone, can take as little as 50MB of disk space. "Whole Root Zones", in which each zone has its own copy of its operating system files, may occupy anywhere from several hundred megabytes to several gigabytes, depending on installed software.
Even with Whole Root Zones, disk space requirements can be negligible if the zone's OS file system is a
ZFS clone of the global zone image, since only the blocks different from a snapshot image need to be stored on disk; this method also makes it possible to create new zones in a few seconds.Branded zones
Although all zones on the system share a common kernel, an additional feature set has been added called "branded zones" ("BrandZ" for short), or "non-native zones". This allows individual zones to emulate an OS environment other than the native one of the global OS. [ cite web
url = http://www.opensolaris.org/os/community/brandz/brandz_lae_faq/
title = BrandZ/SCLA FAQ
accessdate = 2007-10-19
publisher = OpenSolaris Project] The non-native environment is dubbed a "brand", which plugs into the BrandZ framework.The brand for a zone is set at the time the zone is created, and is implemented with interposition points within the OS kernel that can be used to change the behavior of
syscall s, process loading, thread creation, and other elements.Three brands that have been implemented are "Solaris Containers for Linux Applications", "Solaris 8 Containers", and "Solaris 9 Containers". The first is available when Solaris is run on
x86 systems, and provides an environment that emulatesRed Hat Enterprise Linux 3 . Libraries from Red Hat 3 or an equivalent distribution such asCentOS are required to complete the emulated environment. The latter two brands allow an existing Solaris 8 or Solaris 9 environment to be copied and relocated in a Solaris 10 zone.Documentation
The Solaris operating system provides
man pages for Solaris Containers by default; more detailed documentation can be found at various on-line technical resources.The first published document and hands-on reference for Solaris Zones was written in February 2004 by Dennis Clarke at Blastwave.org, providing the essentials to getting started. [cite web
url = http://www.blastwave.org/articles/DMC-0002/
title = Get in the Zone
accessdate = 2008-04-21
author = Dennis Clarke
authorlink =
date = February 2004
work = blastwave.org] This document was greatly expanded upon by Brendan Gregg in July 2005. [cite web
url = http://www.solarisinternals.com/wiki/index.php/Zones
title = Zones
accessdate = 2008-04-21
date = November 6, 2007
work = Solaris Internals wiki] More extensive documentation may be found at the Sun Microsystems documentation site, [cite web
url = http://docs.sun.com
title = Sun Microsystems Documentation
accessdate = 2008-04-21
publisher = Sun Microsystems, Inc.] and the Sun Solaris Containers Learning Center. [cite web
url = http://sun.com/software/solaris/containers_learning_center.jsp
title = Solaris Containers Learning Center
accessdate = 2008-04-21
publisher = Sun Microsystems, Inc.]Implementation issues
The standard Solaris NFS server is implemented in the kernel, and cannot be used for exports within non-global zones. [cite web | title = RFE: Zones should be able to be NFS servers | date = 2003-12-07 | work = OpenSolaris BugTracker | accessdate = 2007-02-20 | url = http://bugs.opensolaris.org/view_bug.do?bug_id=4964859] [cite web | title = NFS server in zones | date = 2007-02-14 | work = zones-discuss | accessdate = 2007-02-20 | url = http://www.opensolaris.org/jive/thread.jspa?threadID=24136&tstart=0] Third party NFS server software that is not implemented in the Solaris kernel may work.
imilar technologies
Other implementations of
operating system-level virtualization technology includeOpenVZ /Virtuozzo ,Linux-VServer ,FreeBSD Jail s,FreeVPS and AIX Workload Partitions.References
See also
*
Operating system-level virtualization
*Comparison of virtual machines
*Virtual machines
*OpenSolaris
*Logical Domains
*Sun xVM External links
* [http://opensolaris.org/os/community/zones/ OpenSolaris Zones Community]
* [http://www.opensolaris.org/os/community/zones/faq/ Solaris Containers FAQ]
* [http://sun.com/software/solaris/containers_learning_center.jsp Solaris Containers Learning Center]
* [http://www.sun.com/software/solaris/ds/utilization.jsp Solaris Containers data sheet]
* [http://www.securitybulletins.com/mediawiki/index.php/Moving_Solaris_10_Zones Moving Solaris 10 Zones]
Wikimedia Foundation. 2010.
