 |
This article relies excessively on referencestoprimary sources. Please improve this article by adding secondary or tertiary sources.
Find sources: "Solaris Containers" – news · newspapers · books · scholar · JSTOR (April 2017) (Learn how and when to remove this message) |
|
This article needs additional citations for verification. Please help improve this articlebyadding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Solaris Containers" – news · newspapers · books · scholar · JSTOR (March 2010) (Learn how and when to remove this message) |
| Original author(s) | Sun Microsystems |
|---|---|
| Developer(s) | illumos and Oracle |
| Initial release | January 2005 (January 2005) |
| Written in | C |
| Operating system | Oracle Solaris |
| Platform | SPARC, x86 |
| Available in | English |
| Type | OS-level virtualization |
| License | CDDL, Proprietary |
| Website | oracle |
Solaris Containers (including Solaris Zones) is an implementation of operating system-level virtualization technology for x86 and SPARC systems, first released publicly in February 2004 in build 51 beta of Solaris 10, and subsequently in the first full release of Solaris 10, 2005. It is present in illumos (formerly OpenSolaris) distributions, such as OpenIndiana, SmartOS, Tribblix and OmniOS, and in the official Oracle Solaris 11 release.
A Solaris Container is the combination of system resource controls and the boundary separation provided by zones. Zones act as completely isolated virtual servers within a single operating system instance. By consolidating multiple sets of application services onto one system and by placing each into isolated virtual server containers, system administrators can reduce cost and provide most of the same protections of separate machines on a single machine.[1]
The name of this technology changed during development and the pre-launch public events. Before the launch of Solaris Zones in 2005, a Solaris Container was any type of workload constrained by Solaris resource management features. The latter had been a separate software package in earlier history. By 2007 the term Solaris Containers came to mean a Solaris Zone combined with resource management controls.
Later, there was a gradual move such that Solaris Containers specifically referred to non-global zones, with or without additional Resource Management. Zones hosted by a global zone are known as "non-global zones" but are sometimes just called "zones". The term "local zone" is specifically discouraged, since in this usage "local" is not an antonym of "global". The global zone has visibility of all resources on the system, whether these are associated with the global zone or a non-global zone. Unless otherwise noted, "zone" will refer to non-global zones in this article.
To simplify terminology, Oracle dropped the use of the term Container in Solaris 11, and reverted to the use of the term Solaris Zone irrespective of the use of resource management controls.
Each zone has its node name, access to virtual or physical network interfaces,[2] and storage assigned to it; there is no requirement for a zone to have any minimum amount of dedicated hardware other than the disk storage necessary for its unique configuration. Specifically, it does not require a dedicated CPU, memory, physical network interface or HBA, although any of these can be allocated specifically to one zone.[3]
Each zone has a security boundary surrounding it, preventing a process associated with one zone from interacting with or observing processes in other zones. Each zone can be configured with its own separate user list. The system automatically manages user ID conflicts; that is, two zones on a system could have a user ID 10000 defined, and each would be mapped to its own unique global identifier.[4]
A zone can be in one of the following states:
Some programs cannot be executed from within a non-global zone; typically this is because the application requires privileges that cannot be granted within a container. As a zone does not have its own separate kernel (in contrast to a hardware virtual machine), applications that require direct manipulation of kernel features, such as the ability to directly read or alter kernel memory space, may not work inside of a container.
Zones induce a very low overhead on CPU and memory. Most types of zones share the global zone's virtual address space. A zone can be assigned to a resource pool (processor set plus scheduling class) to guarantee certain usage, can be capped at a fixed compute capacity ("capped CPU") or can be given shares via fair-share scheduling.[5]
Currently a maximum of 8191 non-global zones can be created within a single operating system instance. "Sparse Zones", in which most filesystem content is shared with the global zone, can take as little as 50 MB of disk space. "Whole Root Zones", in which each zone has its own copy of its operating system files, may occupy anywhere from several hundred megabytes to several gigabytes, depending on installed software. The 8191 limits arise from the limit of 8,192 loopback connections per Solaris instance. Each zone needs a loopback connection. The global zone gets one, leaving 8,191 for the non-global zones.
Even with Whole Root Zones, disk space requirements can be negligible if the zone's OS file system is a ZFS clone of the global zone image, since only the blocks different from a snapshot image need to be stored on disk; this method also makes it possible to create new zones in a few seconds.
Although all zones on the system share a common kernel, an additional feature set has been added called branded zones (BrandZ for short). This allows individual zones to behave in a manner other than the default brand of the global zone. The existing brands (October 2009) can be grouped into two categories:
The brand for a zone is set at the time the zone is created. The second category is implemented with interposition points within the OS kernel that can be used to change the behavior of syscalls, process loading, thread creation, and other elements.
For the 'lx' brand, libraries from Red Hat 3 or an equivalent distribution such as CentOS are required to complete the emulated environment.
The Solaris operating system provides man pages for Solaris Containers by default; more detailed documentation can be found at various on-line technical resources.
The first published document and hands-on reference for Solaris Zones was written in February 2004 by Dennis Clarke at Blastwave, providing the essentials to getting started. This document was greatly expanded upon by Brendan Gregg in July 2005.[8] The Solaris 8 and Solaris 9 Containers were documented in detail by Dennis Clarke at Blastwave again in April 2008. The Blastwave Solaris 8 and Solaris 9 Containers document was very early in the release cycle of the Solaris Containers technology and the actions and implementation at Blastwave resulted in a followup by Sun Microsystems marketing. The book Oracle Solaris 10 System Virtualization Essentials written by Jeff Victor, et al., offers feature details and best practices. More extensive documentation may be found at the Oracle documentation site.[9]
As of Solaris 10 10/08, Branded Zones are supported on the sun4us architecture (Fujitsu PRIMEPOWER servers) through packages FJSVs8brandr and FJSVs9brandr.[10]
|
| |
|---|---|
| Technologies |
|
| OpenSolaris, illumos |
|
|
Virtualization software
| |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Hardware (hypervisors) |
| ||||||||||
| Operating system |
| ||||||||||
| Desktop |
| ||||||||||
| Application |
| ||||||||||
| Network |
| ||||||||||
| See also |
| ||||||||||
See also: List of emulators, List of computer system emulators | |||||||||||
|
| ||||||||
|---|---|---|---|---|---|---|---|---|
| Hardware |
|
| ||||||
| Software |
| |||||||
| Storage |
| |||||||
| Performance |
| |||||||
| Research |
| |||||||
| Education |
| |||||||
| Community |
| |||||||
| Acquisitions |
| |||||||
| Slogans |
| |||||||
