Version 3.1-en Solaris 10 Container Guide - 3.1 5. Cookbooks Effective: 30/11/2009
5.3.10. Shutting down a zone
[dd] Zones can be shut down from the local zone itself or from the global zone. Depending on which
option is used, running services are either completed or simply stopped.
•zoneadm -z zone halt is called in the global zone, halts a zone and stops all
processes in the zone immediately.
•zlogin <zone> init 5 is called in the global zone, changes over to the zone and
shuts down the zone using the service manager, thus ending all processes properly.
•ini t 5 is called in the zone itself, shuts down the zone using the service manager and stops
all processes properly.
5.3.11. Using live upgrade to patch a system with local zones
[dd] According to 4.4.2 Patching a system with local zones , systems with local zones can be patched
with of live upgrade.
To be able to use live upgrade , several additional terms will need to be defined first:
•Boot environment (BE): the sum total of all OS and application software as well as file systems
of a Solaris instance
•Shared file system: a file system that is used (mounted) by more than one BE
•Non-shared file system: a file system that is used by only one BE
The following is assumed:
•Solaris 10 8/07 (or higher) is already installed
•All currently required patches according to Infodoc 72099 are installed
•The OS is installed in a file system (f.e. /dev/dsk/c1t0d0s0)
•The current BE contains another file system mounted to /shared (/dev/dsk/c1t0d0s3)
•/shared must be entered in the /etc/vfstab, so that live upgrade will subsequently be able
to recognize the filesystem as shared
•Two sparse-root zones are installed, one in a non-shared and one in a shared filesystem.
−zone1: zonepath=/non-shared/zone1
−zone2: zonepath=/shared/zone2
First, a copy of the current BE is created.
lucreate -c s10-807 -n s10-807+1 -m /:/dev/dsk/c1t0d0s4:ufs
Shared file systems and swap are not copied automatically. If necessary, the copy can be configured
per lucreate parameter. Furthermore, the name assigned to the current BE here is s10-807 and
for the BE to be created the name assigned is s10-807+1. By lucreate, the content is copied from
/non-shared/zone1 to /non-shared/zone1 of BE s10-807+1. Since zone2 is located in a shared file
system, the zone within this file system is copied to /shared/zone2-s10-807+1. This ensures that each
BE uses the correct zonepath from the shared file system. It must therefore be ensured that there is
sufficient room available in the shared file system.
Next, the inactive BE s10-807+1 including its zones can be patched, while production continues to
run on the active BE. The patches are installed as follows:
luupgrade -t -n s10-807+1 -s <Path to Patches> <patch1> <patch2>
Note: Those who prefer to perform a live upgrade on the BE on a newer Solaris instead of patching
must use the following command:
luupgrade -u -n s10-807+1 -s <Path to install OS-image>
For x86/x64 systems, another step is required to update the boot archive since drivers or system files
may also have been modified by installing the patch. First, the new BE has to be mounted:
lumount s10-807+1
104