The release binding asserted is "Patch/Micro." The stability of the interfaces varies (see below). Background ---------- The changes described in "Zones Upgrade Permanent Solution (Zulu)" (PSARC 2006/167) assume a certain amount of functionality from within the Operating System / Networking (ON) consolidation. Without these features, the Install gate (and Zulu) will be faced with complex dependencies on ON internal data structures and file formats. Currently, Install does have access to private ON interfaces, via contracts established in "Admin/Install Zones Support" (PSARC 2003/460). One of the goals of this project is to minimize any new library dependencies and, to the extent possible, pave the way for removing all of them in the future. Features In Zonecfg ------------------- -R Contracted Consolidation Private As with the other zones-related utilities, zonecfg needs a "-R" option to access alternate root environments. For the time being, the access to this option will be kept under wraps. An updated contract for this interface will be deposited with this case. One of the risks with this feature is that the zones configuration files in the alternate root specified might not be the same (private) version as the running system. The existing "-R" option on zoneadm also has this issue, and the problem is at least centralized in libzonecfg. A future project may complete this functionality and promote it as a stable interface. set -F zonepath= Contracted Project Private This new flag (-F) allows lucopy to change the path of a zone after performing the copy operation. Unlike the regular "set zonepath" operation, it does not check the zone state; it "forces" the operation. Unlike the existing "zoneadm move" command, the actual data are not moved or copied, just the path recorded in the database is changed. Note that the path given must be absolute; meaning that it must include the path to the alternate root itself. The path printed by "zonecfg -R -z info zonepath" will also be absolute and start with the alternate root. This should be a private feature as it relies on actions (copying zone data) that can't necessarily be supported in this manner. The documented way to change a zone path is via the "zoneadm move" option. This is used only in the case zones that exist on shared file systems. Zones on unshared file systems do not change in path during LU operations. Thus, it will be limited to just the "-R" case and won't allow the path on the running system to be altered. It is expected that when ZFS is integrated into Install, Zones using ZFS will have substantially different features (using snapshot/clone operations) and will thus be able to avoid path changes. Features In Zoneadm ------------------- zoneadm [-R path] -z zone mark incomplete Stable This allows lucopy to mark damaged zones (those that cannot be replicated properly) as 'incomplete'. It's probably a useful feature in general for administrative software that uses Zones under the covers, so making it public seems reasonable. Note that only the "mark" and "list" subcommands will be documented as supporting this "-R" option. The mount/unmount subcommands introduced by Ashanti (PSARC 2005/474) are still not ready for wider use. zoneadm [-u uuid-match] list Stable Two separate features are added to the "list" subfunction to enable matching based on UUID (universally unique identifiers). The zone UUID is used to ensure that the zone against which we're synchronizing is the same one that we previously copied. Both features described here will work in the global zone and in non-global zones. Naturally, the non-global zones will only be able to access information about themselves, and not about any other zone on the system. The separate identifier is needed because zones can be uninstalled and reinstalled under the same name (with different contents), and can be renamed (without changing contents). The zone name is thus an unstable handle for the zone. Note that because S10 shipped without UUIDs on zones, and because of CR 6379341, inactive BEs may not necessarily have values to match. Any running system with this new feature will (necessarily) have the fix for those problems, and thus have reliable UUIDs. -u uuid-match This feature enables matching based on the UUID. If the UUID string to match is zero-length, then it is treated as though the option were not present. (I.e., it has no effect.) If both -u and -z are present, then the match is done based on the UUID first. If a zone with the specified UUID is found, it is used, and the -z parameter is ignored. If no zone is found by UUID, then the system searches by zone name instead. This matching logic is identical to the existing "/b" mount logic in zoneadmd that provides access to the running zone from within a scratch zone. It is possible for the user to go out of his way to fool this logic, but the result can only be a false match against an uninstalled zone (lacking a UUID), and no synchronization is ever done (or possible) with an uninstalled zone. Note that the option preceeds the subcommand because the "-z" option also preceeds the subcommand. Standard style would place the option after the subcommand, but adding a new feature that's logically similar but differing in usage would be more confusing. list The UUID is added as the fifth field (after path) in the "zoneadm list -p" output. It is not administratively significant, and thus is not listed with "zoneadm list -v." By allowing this to work in non-global zones, this feature also fixes: 6365741 RFE: add unique identifier to facilitate asset tracking (similar to hostid) zoneadm list -p Stable The output format for this feature is not always parseable, though it was documented that way. 6431731 zoneadm list -p (parseable) output isn't Part of this project will be to make the output parseable so that the UUID can be extracted reliably, and document the escaping mechanism. If the path name contains embedded colons, those will be escaped using "\:" in the output. This allows the resulting string to be parsed properly using "IFS=: read" in the shell, which respects that form of escaping. Note that since the existing output format doesn't properly support its own field delimiters, it seems unlikely that any customer has come to depend on this problem.