Child pages
  • Building in zones

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: minor fixes

...

This guide below assumes you are on a LAN with DHCP. We will create a crossbow VNIC on your primary network interface (assumed to be e1000g0 here, adapt as necessary), which will operate as if the vnic VNIC was plugged directly into your local LAN.

...

Here, we are disabling atime and sync to speed up builds. Note that setting sync=disabled may result in dataloss data loss in a power loss/system crash scenario, so only enable it for your build environment if you don't mind losing data (necessary to separate the options into -o property=value blocks):

...

Code Block
pfexec dladm create-vnic -l e1000g0 vnic0

If needed, you can also specify binding of the VNIC to a particular VLAN of your external network with -v parameter.

Create the zone

...

Code Block
pfexec zonecfg -z zone1
create
set autoboot=true
set zonepath=/zones/build/zone1
set ip-type=exclusive
add net
set physical=vnic0
end
exit
Install the zone

...

This step will install the zone by downloading packages from the internet:

Code Block
pfexec zoneadm -z zone1 install
Create a sysidcfg file

...

This step answers questions you would otherwise have to answer manually via a console-based wizard.

...

Note also that in the example above, your zone will try to receive networking settings via DHCP. It is possible to set static IP addressing for an "ip-type=exclusive" local zone by using traditional Solaris methods with files (relative to zone root): /etc/defaultrouter/etc/hostname.vnic0/etc/netmasks and so on; in this case you might want to disable nwam and dhcp-client in the zone. You may also want to make sure that in the zone's /etc/hosts file the static IP address would be associated with the zone's network name (short hostname and full FQDN), and that name should be used in /etc/hostname.vnic0 instead of an IP address directly.

You can also configure configure individual ipfilter firewall in the "ip-type=exclusive" zone (GZ's firewall doesn't apply to non-shared LZ networking).

Boot your zone
Code Block
pfexec zoneadm -z zone1 boot

...

You can detach from the console by issuing "~." without quotes (or "~~." over chained Unix ssh).

DNS configuration in the zone

...

Once the Zone zone has booted, you can copy the DNS resolution settings from GZ into the local zone (if networking is the same):

Code Block
pfexec cp /etc/resolv.conf /etc/nsswitch.dnsconf /zones/zone1/root/etc/
Final checks

...

Try pinging some hosts on the internet. Remember to update the root password.

VNIC