How can I set up and configure a zone under Solaris 10?

ANSWER
Zones are a feature new in Solaris 10, and provide a useful mechanism to create a
Solaris environment for testing, and containment (Apache server, etc.). No
additional hardware is required for a zone, just some disk space. The impact of a
zone on machine performance is minimal. as all zones use the same kernel (not
true any more - see the example for installing a Linux zone to run acroread here),
so some additional memory for extra processes is all that's required.
Resource allocation to a zone can be closely controlled, and this includes processor
shares, resource pools and resource capping with rcapd.
Since update 4 of Solaris 10 (August 2007) dedicated network interfaces can be
assigned to a zone; prior to this they have to be shared with the global zone.
Here is an example of zone creation, but for a fuller picture consider attending
our Solaris 10 Administration Part 2 course
Create a suitable directory, to hold the zone copy of the OS:# mkdir -p

/Zones/Apache

Now create the zone using zonecfg

# zonecfg -z apache

apache: No such zone configured

Use 'create' to begin configuring a new zone
zonecfg:apache> create
zonecfg:apache> set zonepath=/Zones/Apache
zonecfg:apache> add net
zonecfg:apache:net> set address=192.168.200.117
zonecfg:apache:net> set physical=hme0
zonecfg:apache:net> end
zonecfg:apache> set autoboot=true
(The above information is sufficient to configure a basic zone, with most software
shared from the global zone.
Other options could have been used, for example to inherit parts of the Global
zone's file system, mount directories (e.g. /software) from the Global zone, restrict
the zone's resources (e.g. CPU, memory))
zonecfg:apache> info
zonepath: /Zones/Apache
autoboot: true
pool:
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:

dir: /sbin
inherit-pkg-dir:
dir: /usr
net:
address: 192.168.200.117
physical: hme0
zonecfg:apache> verify
zonecfg:apache> commit
zonecfg:apache> exit
(Note that a full copy of Solaris can be installed, rather than sharing directories, by
using the -b flag to the create option within zonecfg.)
Now we use zoneadm to install the zone:# zoneadm

-z

apache install

/Zones/Apache must not be group readable.

/Zones/Apache must not be group executable.
/Zones/Apache must not be world readable.
/Zones/Apache must not be world executable.
could not verify zonepath /Zones/Apache because of the above errors.
zoneadm: zone apache failed to verify
Permissions problem - rectified as follows:# ls

-ld

/Zones/Apache

drwxr-xr-x 2 root

root

512 Jul 5 07:08 /Zones/Apache

# chmod 700 /Zones/Apache

Above sets correct permissions; now we can try again:# zoneadm -z apache install

Preparing to install zone <apache>.

Creating list of files to copy from the global zone.
Copying <2574> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <914> packages on the zone.
Initializing package <535> of <914>: percent complete: 58%
(The install takes about 10-15 minutes.)
While this is going on, open another shell window, and have a look under
/Zones/Apache:# cd
# ls

/Zones/Apache

root
# ls

bin
dev

root

etc
home
export lib

mnt
opt

platform sbin
proc
system

tmp
usr

var

Meanwhile, back at the zone:Initialized <914> packages on zone.

Zone <apache> is initialized.
Installation of these packages generated warnings: <SUNWapchr>
The file </Zones/Apache/root/var/sadm/system/logs/install_log> contains a log of
the zone installation.
The zone is now installed, and we can boot it:# zoneadm

-z

apache

boot

Now login to the zone:- (-C option says we wish to login at the Console device):# zlogin -C apache

[Connected to zone 'apache' console]

You may now have to wait a while to get a response.
95/117
After the above counter finishes (which is showing SMF manifest imports
during initial boot), we have to go through some setup procedures:Select a Language
0. English
1. fr
Please make a choice (0 - 1), or press h or ? for help: 0
This continues:Select a Locale
0. English (C - 7-bit ASCII)
1. Belgium-Flemish (ISO8859-1)
2. Belgium-Flemish (ISO8859-15 - Euro)
3. Great Britain (ISO8859-1)
4. Great Britain (ISO8859-15 - Euro)
5. Ireland (ISO8859-1)
6. Ireland (ISO8859-15 - Euro)

7. Netherlands (ISO8859-1)
8. Netherlands (ISO8859-15 - Euro)
9. Go Back to Previous Screen
Please make a choice (0 - 9), or press h or ? for help: 0
Then:What type of terminal are you using?
1) ANSI Standard CRT
etc.etc.
10) Televideo 925
11) Wyse Model 50
12) X Terminal Emulator (xterms)
13) CDE Terminal Emulator (dtterm)
14) Other
Type the number of your choice and press Return: 13
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair

You are now asked some questions as though you were performing a boot
after a sys-unconfig(1M), and when all information has been entered:System identification is completed.
One more question:This system is configured with NFS version 4, which uses a domain
name that is automatically derived from the system's name services.
The derived domain name is sufficient for most configurations. In a
few cases, mounts that cross different domains might cause files to
be owned by "nobody" due to the lack of a common domain name.
Do you need to override the system's default NFS version 4 domain name
(yes/no) ? [no] : no
rebooting system due to change(s) in /etc/default/init
[NOTICE: Zone rebooting]
SunOS Release 5.10 Version Generic 64-bit
Copyright 1983-2005 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
Hostname: apache
apache console login: root
Password:

Jul 5 07:54:31 apache login: ROOT LOGIN /dev/console

Sun Microsystems Inc. SunOS 5.10
Generic January 2005
#
We have now created the zone, installed it, rebooted and logged in.
Use the usual commands to check things out (df, ifconfig, uname, etc).
Tips: (But make sure your site security allows this)
1. Edit /etc/default/login and comment out the "CONSOLE=/dev/console" line to
permit remote root logins. (password needed of course..)
2. Edit /etc/ssh/sshd_config and set PermitRootLogin=yes if you want to login as
root via ssh. Restart sshd with "svcadm restart ssh"
3. Current zone implementation allows graphical login as the zone runs "dtlogin
-daemon" by default.
We hope this has been useful, see below for additional notes
Mick Hosegood - First Alternative.
NOTES

A variety of additional options are available, including preparing zone pre-configuration data,
controlling zones (booting, halting, etc) from the global zone, configuring zone resource
controls, etc. Further, Solaris 10 updates 3 to 6 contain a number of enhancements, such as
zone renaming, cloning and migration, plus the ability to run other operating systems see here for an example of installing a Linux OS to run acroread on Solaris X86.

Solaris 8 and 9 zones can also be created with additional software downloaded from Sun see here for an example.

All this is covered on the Solaris 10 Administration courses!

QUESTION
I want to run a recent version of Adobe Reader (acroread) under Solaris 10 x86.

ANSWER

You can now run Adobe Reader version 7 under Solaris 10

X86; here's how.
First Alternative course tutors can answer questions like this ... and are happy to do so.
Look around our site for relevant courses in Linux -Unix - Perl - Solaris - FrameMaker