Solaris Containers
   HOME

TheInfoList



OR:

Solaris Containers (including Solaris Zones) is an implementation of
operating system-level virtualization OS-level virtualization is an operating system (OS) paradigm in which the Kernel (computer science), kernel allows the existence of multiple isolated user space instances, called ''containers'' (LXC, Solaris Containers, Solaris containers, Docker ...
technology for x86 and SPARC systems, first released publicly in February 2004 in build 51 beta of
Solaris 10 Solaris is a proprietary Unix operating system originally developed by Sun Microsystems. After the Sun acquisition by Oracle in 2010, it was renamed Oracle Solaris. Solaris superseded the company's earlier SunOS in 1993, and became known for ...
, and subsequently in the first full release of Solaris 10, 2005. It is present in
illumos Illumos (stylized as illumos) is a partly free and open-source Unix operating system. It is based on OpenSolaris, which was based on System V Release 4 (SVR4) and the Berkeley Software Distribution (BSD). Illumos comprises a kernel, device ...
(formerly
OpenSolaris OpenSolaris () is a discontinued open-source computer operating system based on Solaris and created by Sun Microsystems. It was also, perhaps confusingly, the name of a project initiated by Sun to build a developer and user community around th ...
) distributions, such as
OpenIndiana OpenIndiana is a free and open-source illumos distribution Unix-derived System V SVR4 operating system, started as OpenSolaris continuation project. Forked from OpenSolaris after OpenSolaris was discontinued by Oracle Corporation, OpenIndiana ...
,
SmartOS SmartOS is a free and open-source SVR4 hypervisor based on the UNIX operating system that combines OpenSolaris technology with Linux's KVM virtualization. Its core kernel contributed to the illumos project. It features several technologies: C ...
, Tribblix and OmniOS, as well as in the official Oracle
Solaris Solaris may refer to: Arts and entertainment Literature, television and film * ''Solaris'' (novel), a 1961 science fiction novel by Stanisław Lem ** ''Solaris'' (1968 film), directed by Boris Nirenburg ** ''Solaris'' (1972 film), directed by ...
11 release. A Solaris Container is the combination of system resource controls and the boundary separation provided by ''zones''. Zones act as completely isolated virtual servers within a single operating system instance. By consolidating multiple sets of application services onto one system and by placing each into isolated virtual server containers, system administrators can reduce
cost In production, research, retail, and accounting, a cost is the value of money that has been used up to produce something or deliver a service, and hence is not available for use anymore. In business, the cost may be one of acquisition, in which ...
and provide most of the same protections of separate machines on a single machine.


Terminology

The name of this technology changed during development and the pre-launch public events. Before the launch of Solaris Zones in 2005, a Solaris Container was any type of workload constrained by Solaris resource management features. The latter had been a separate software package in earlier history. By 2007 the term Solaris Containers came to mean a Solaris Zone combined with resource management controls. Later, there was a gradual move such that Solaris Containers specifically referred to non-global zones, with or without additional Resource Management. Zones hosted by a global zone are known as "non-global zones" but are sometimes just called "zones". The term "local zone" is specifically discouraged, since in this usage "local" is not an antonym of "global". The global zone has visibility of all resource on the system, whether these are associated with the global zone or a non-global zone. Unless otherwise noted, "zone" will refer to non-global zones in this article. To simplify terminology, Oracle dropped the use of the term Container in Solaris 11, and has reverted to use of the term Solaris Zone irrespective of the use of resource management controls.


Description

Each zone has its own node name, access to virtual or physical network interfaces, and storage assigned to it; there is no requirement for a zone to have any minimum amount of dedicated hardware other than the disk storage necessary for its unique configuration. Specifically, it does not require a dedicated CPU, memory, physical network interface or HBA, although any of these can be allocated specifically to one zone. Each zone has a security boundary surrounding it which prevents a process associated with one zone from interacting with or observing processes in other zones. Each zone can be configured with its own separate user list. The system automatically manages user ID conflicts; that is, two zones on a system could have a user ID 10000 defined, and each would be mapped to its own unique global identifier. A zone can be in one of the following states: * Configured: Configuration was completed and committed. * Incomplete: Transition state during install or uninstall operation. * Installed: The packages have been successfully installed. * Ready: The virtual platform has been established. * Running: The zone booted successfully and is now running. * Shutting down: The zone is in the process of shutting down this is a temporary state, leading to "Down". * Down: The zone has completed the shut down process and is down this is a temporary state, leading to "Installed". Some programs cannot be executed from within a non-global zone; typically this is because the application requires privileges that cannot be granted within a container. As a zone does not have its own separate kernel (in contrast to a
hardware virtual machine In computing, hardware-assisted virtualization is a platform virtualization approach that enables efficient full virtualization using help from hardware capabilities, primarily from the host processors. A full virtualization is used to emulate a c ...
), applications that require direct manipulation of kernel features, such as the ability to directly read or alter kernel memory space, may not work inside of a container.


Resources needed

Zones induce a very low overhead on CPU and memory. Most types of zones share the global zone's virtual address space. A zone can be assigned to a resource pool (processor set plus scheduling class) to guarantee certain usage, or can be capped at a fixed compute capacity ("capped CPU") or can be given shares via
fair-share scheduling Fair-share scheduling is a scheduling algorithm for computer operating systems in which the CPU usage is equally distributed among system users or groups, as opposed to equal distribution of resources among processes. One common method of logical ...
. Currently a maximum of 8191 non-global zones can be created within a single operating system instance. "Sparse Zones", in which most filesystem content is shared with the global zone, can take as little as 50 MB of disk space. "Whole Root Zones", in which each zone has its own copy of its operating system files, may occupy anywhere from several hundred megabytes to several gigabytes, depending on installed software. The 8191 limits arises from the limit of 8,192 loopback connections per Solaris instance. Each zone needs a loopback connection. The global zone gets one, leaving 8,191 for the non-global zones. Even with Whole Root Zones, disk space requirements can be negligible if the zone's OS file system is a
ZFS ZFS (previously: Zettabyte File System) is a file system with volume management capabilities. It began as part of the Sun Microsystems Solaris operating system in 2001. Large parts of Solaris – including ZFS – were published under an ope ...
clone of the global zone image, since only the blocks different from a snapshot image need to be stored on disk; this method also makes it possible to create new zones in a few seconds.


Branded zones

Although all zones on the system share a common kernel, an additional feature set has been added called ''branded zones'' (''BrandZ'' for short). This allows individual zones to behave in a manner other than the default brand of the global zone. The existing brands (October 2009) can be grouped into two categories: * Brands which do not perform system call translation: ** 'native' is the default for Solaris 10 ** 'ipkg' is the default for
OpenSolaris OpenSolaris () is a discontinued open-source computer operating system based on Solaris and created by Sun Microsystems. It was also, perhaps confusingly, the name of a project initiated by Sun to build a developer and user community around th ...
,
OpenIndiana OpenIndiana is a free and open-source illumos distribution Unix-derived System V SVR4 operating system, started as OpenSolaris continuation project. Forked from OpenSolaris after OpenSolaris was discontinued by Oracle Corporation, OpenIndiana ...
, and OmniOS ** 'joyent' is the default for
SmartOS SmartOS is a free and open-source SVR4 hypervisor based on the UNIX operating system that combines OpenSolaris technology with Linux's KVM virtualization. Its core kernel contributed to the illumos project. It features several technologies: C ...
** 'cluster' is used for Solaris Cluster zones ** 'labeled' is used for zones in a
Solaris Trusted Extensions Solaris Trusted Extensions is a set of security extensions incorporated in the Solaris 10 operating system by Sun Microsystems, featuring a mandatory access control model. It succeeds Trusted Solaris, a family of security-evaluated operating syste ...
environment * Brands which perform system call translation: ** 'solaris8' provides a Solaris 8 environment on a Solaris 10 system, including translation from Solaris 8 system calls to Solaris 10 system calls (available only on
SPARC SPARC (Scalable Processor Architecture) is a reduced instruction set computer (RISC) instruction set architecture originally developed by Sun Microsystems. Its design was strongly influenced by the experimental Berkeley RISC system developed ...
systems) ** 'solaris9' provides a Solaris 9 environment on a Solaris 10 system, including translation from Solaris 9 system calls to Solaris 10 system calls (available only on SPARC systems) ** 'lx' provides a Red Hat Enterprise Linux 3 environment on a Solaris 10 system, including translation from RHEL 3 system calls to Solaris 10 system calls (available only on x86 systems). On SmartOS, lx brand zones can provide a runtime for most modern Linux distributions including Ubuntu, Debian, CentOS, Alpine and others. LX support hasn't been upstreamed to illumos. ** 's10brand' provides a Solaris 10 environment on an OpenSolaris or Oracle Solaris 11 system, including translation from Solaris 10 system calls to OpenSolaris/Oracle Solaris 11 system calls ** 'solaris-kz' provides a separate Solaris 11.2 or newer instance, with its own kernel and independent packages, on an Oracle Solaris 11.2 or newer system. This feature was first available publicly in the Solaris 11.2 Beta (public download). The brand for a zone is set at the time the zone is created. The second category is implemented with interposition points within the OS kernel that can be used to change the behavior of
syscall In computing, a system call (commonly abbreviated to syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, acc ...
s,
process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management *Business process, activities that produce a specific se ...
loading, thread creation, and other elements. For the 'lx' brand, libraries from Red Hat 3 or an equivalent distribution such as
CentOS CentOS (, from Community Enterprise Operating System; also known as CentOS Linux) is a Linux distribution that provides a free and open-source community-supported computing platform, functionally compatible with its upstream source, Red Hat En ...
are required to complete the emulated environment.


Documentation

The Solaris operating system provides
man pages A man page (short for manual page) is a form of software documentation usually found on a Unix or Unix-like operating system. Topics covered include computer programs (including library and system calls), formal standards and conventions, and ev ...
for Solaris Containers by default; more detailed documentation can be found at various on-line technical resources. The first published document and hands-on reference for Solaris Zones was written in February 2004 by Dennis Clarke at Blastwave, providing the essentials to getting started. This document was greatly expanded upon by Brendan Gregg in July 2005. The Solaris 8 and Solaris 9 Containers were documented in detail by Dennis Clarke at Blastwave again in April 2008. The Blastwave Solaris 8 and Solaris 9 Containers document was very early in the release cycle of the Solaris Containers technology and the actions and implementation at Blastwave resulted in a followup by Sun Microsystems marketing. The book ''Oracle Solaris 10 System Virtualization Essentials'' written by Jeff Victor, et al., offers feature details and best practices. More extensive documentation may be found at the Oracle documentation site.


Implementation issues

As of Solaris 10 10/08, Branded Zones are supported on the
sun4us Sun-4 is a series of Unix workstations and servers produced by Sun Microsystems, launched in 1987. The original Sun-4 series were VMEbus-based systems similar to the earlier Sun-3 series, but employing microprocessors based on Sun's own SPARC V7 RI ...
architecture (Fujitsu PRIMEPOWER servers) through packages FJSVs8brandr and FJSVs9brandr.


See also

*
Operating system-level virtualization OS-level virtualization is an operating system (OS) paradigm in which the Kernel (computer science), kernel allows the existence of multiple isolated user space instances, called ''containers'' (LXC, Solaris Containers, Solaris containers, Docker ...
** *
Comparison of platform virtualization software Platform virtualization software, specifically emulators and hypervisors, are software packages that emulate the whole physical computer machine, often providing multiple virtual machines on one physical platform. The table below compares basic i ...
*
Virtual machine In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardw ...
s


References


External links


Documentation
for Solaris Zones (Containers) * Documen

* Blogs devoted to Oracle Solaris Zones *
Jeff Victor's Blog
*
Mike Gerdts' Blog

Moving Solaris 10 Zones
* Key patent: , and also as {{Sun Microsystems Virtualization software Sun Microsystems software