This chapter describes what you need to do before you can configure a zone on your system. This chapter also describes how to configure a zone, modify a zone configuration, and delete a zone configuration from your system.For an introduction to the zone configuration process, see Chapter 17, Non-Global Zone Configuration (Overview).For information about lx branded zone configuration, see Chapter 30, Planning the lx Branded Zone Configuration (Overview) and Chapter 31, Configuring the lx Branded Zone (Tasks). Before you set up your system to use zones, you must first collect information and make decisions about how to configure the zones. The following task map summarizes how to plan and configure a zone.Task Description For Instructions Plan your zone strategy. Evaluate the applications running on your system to determine which applications you want to run in a zone. Assess the availability of disk space to hold the files that are unique in the zone. If you are also using resource management features, determine how to align the zone with the resource management boundaries. If you are using resource pools, configure the pools if necessary. Refer to historical usage. Also see Disk Space Requirements and Resource Pools Used in Zones. Determine the name for the zone. Decide what to call the zone based on the naming conventions. See Zone Configuration Data and Zone Host Name. Determine the zone path. Each zone has a path to its root directory that is relative to the global zone's root directory. See Zone Configuration Data. Evaluate the need for CPU restriction if you are not configuring resource pools. Note that with specification in zonecfg, pool settings propagate during migrations. Review your application requirements. See dedicated-cpu Resource. Evaluate the need for memory allocation if you plan to cap memory for the zone by using rcapd from the global zone. Review your application requirements. See Chapter 10, Physical Memory Control Using the Resource Capping Daemon (Overview), Chapter 11, Administering the Resource Capping Daemon (Tasks), and Physical Memory Control and the capped-memory Resource. Make the FSS the default scheduler on the system. Give each zone CPU shares to control the zone's entitlement to CPU resources. The FSS guarantees a fair dispersion of CPU resources among zones that is based on allocated shares. Chapter 8, Fair Share Scheduler (Overview), Scheduling Class. Determine whether the zone will be a shared-IP zone or an exclusive-IP zone. For a shared-IP zone, which is the default, obtain or configure IP addresses for the zone. Depending on your configuration, you must obtain at least one IP address for each non-global zone that you want to have network access.For an exclusive-IP zone, determine the data-link that will be assigned to the zone. The zone requires exclusive access to one or more network interfaces. The interface could be a separate LAN such as bge1, or a separate VLAN such as bge2000. Prior to OpenSolaris build snv_83, the data-link must be GLDv3. See Determine the Zone Host Name and Obtain the Network Address, How to Configure the Zone, and System Administration Guide: IP Services.For more information on GLDv3 interfaces, see Solaris OS Interface Types in System Administration Guide: IP Services. Determine which file systems you want to mount in the zone. Review your application requirements. See File Systems Mounted in Zones for more information. Determine which network interfaces should be made available in the zone. Review your application requirements. See Shared-IP Network Interfaces for more information. Determine whether you must alter the default set of non-global zone permissions. Check the set of privileges: default, privileges that can be added and removed, and privileges that cannot be used at this time. See Privileges in a Non-Global Zone. Determine which devices should be configured in each zone. Review your application requirements. Refer to the documentation for your application. Configure the zone. Use zonecfg to create a configuration for the zone. See Configuring, Verifying, and Committing a Zone. Verify and commit the configured zone. Determine whether the resources and properties specified are valid on a hypothetical system. See Configuring, Verifying, and Committing a Zone. Zones can be used on any machine that runs the Solaris 10 or later release. The following primary machine considerations are associated with the use of zones.The performance requirements of the applications running within each zone. The availability of disk space to hold the files that are unique within each zone. There are no limits on how much disk space can be consumed by a zone. The global administrator is responsible for space restriction. The global administrator must ensure that local storage is sufficient to hold a non-global zone's root file system. Even a small uniprocessor system can support a number of zones running simultaneously.The nature of the packages installed in the global zone affects the space requirements of the non-global zones that are created. The number of packages and space requirements are factors.Non-global zones that have inherit-pkg-dir resources are called sparse root zones.The sparse root zone model optimizes the sharing of objects in the following ways:Only a subset of the packages installed in the global zone are installed directly into the non-global zone. Read-only loopback file systems, identified as inherit-pkg-dir resources, are used to gain access to other files. In this model, all packages appear to be installed in the non-global zone. Packages that do not deliver content into read-only loopback mount file systems are fully installed. There is no need to install content delivered into read-only loopback mounted file systems since that content is inherited (and visible) from the global zone.As a general guideline, a zone requires about 100 megabytes of free disk space per zone when the global zone has been installed with all of the standard Solaris packages. By default, any additional packages installed in the global zone also populate the non-global zones. The amount of disk space required might be increased accordingly, depending on whether the additional packages deliver files that reside in the inherit-pkg-dir resource space. An additional 40 megabytes of RAM per zone are suggested, but not required on a machine with sufficient swap space. The whole root zone model provides the maximum configurability. All of the required and any selected optional Solaris packages are installed into the private file systems of the zone. The advantages of this model include the capability for global administrators to customize their zones file system layout. This would be done, for example, to add arbitrary unbundled or third-party packages.The disk requirements for this model are determined by the disk space used by the packages currently installed in the global zone.If you create a sparse root zone that contains the following inherit-pkg-dir directories, you must remove these directories from the non-global zone's configuration before the zone is installed to have a whole root zone :/lib /platform /sbin /usr See How to Configure the Zone. The following options can be used to restrict zone size:You can place the zone on a lofi-mounted partition. This action will limit the amount of space consumed by the zone to that of the file used by lofi. For more information, see the lofiadm1M and lofi7D man pages. You can use soft partitions to divide disk slices or logical volumes into partitions. You can use these partitions as zone roots, and thus limit per-zone disk consumption. The soft partition limit is 8192 partitions. For more information, see Chapter 12, Soft Partitions (Overview), in Solaris Volume Manager Administration Guide. You can use the standard partitions of a disk for zone roots, and thus limit per-zone disk consumption. You must determine the host name for the zone. Then, you must assign an IPv4 address or manually configure and assign an IPv6 address for the zone if you want it to have network connectivity.The host name you select for the zone must be defined either in the hosts database or in the /etc/inet/hosts database, as specified by the /etc/nsswitch.conf file in the global zone. The network databases are files that provide network configuration information. The nsswitch.conf file specifies which naming service to use.If you use local files for the naming service, the hosts database is maintained in the /etc/inet/hosts file. The host names for zone network interfaces are resolved from the local hosts database in /etc/inet/hosts. Alternatively, the IP address itself can be specified directly when configuring a zone so that no host name resolution is required.For more information, see TCP/IP Configuration Files in System Administration Guide: IP Services and Network Databases and the nsswitch.conf File in System Administration Guide: IP Services. Each shared-IP zone that requires network connectivity has one or more unique IP addresses. Both IPv4 and IPv6 addresses are supported.If you are using IPv4, obtain an address and assign the address to the zone.A prefix length can also be specified with the IP address. The format of this prefix is address/prefix-length, for example, 192.168.1.1/24. Thus, the address to use is 192.168.1.1 and the netmask to use is 255.255.255.0, or the mask where the first 24 bits are 1-bits. If you are using IPv6, you must manually configure the address. Typically, at least the following two types of addresses must be configured:Link-local addressA link-local address is of the form fe80::64-bit interface ID/10. The /10 indicates a prefix length of 10 bits. Address formed from a global prefix configured on the subnetA global unicast address is based off a 64–bit prefix that the administrator configures for each subnet, and a 64-bit interface ID. The prefix can also be obtained by running the ifconfig command with the a6 option on any system on the same subnet that has been configured to use IPv6.The 64–bit interface ID is typically derived from a system's MAC address. For zones use, an alternate address that is unique can be derived from the global zone's IPv4 address as follows:16 bits of zero:upper 16 bits of IPv4 address:lower 16 bits of IPv4 address:a zone-unique numberFor example, if the global zone's IPv4 address is 192.168.200.10, a suitable link-local address for a non-global zone using a zone-unique number of 1 is fe80::c0a8:c80a:1/10. If the global prefix in use on that subnet is 2001:0db8:aabb:ccdd/64, a unique global unicast address for the same non-global zone is 2001:0db8:aabb:ccdd::c0a8:c80a:1/64. Note that you must specify a prefix length when configuring an IPv6 address. For more information about link-local and global unicast addresses, see the inet67P ma page. Inside an exclusive-IP zone, configure addresses as you do for the global zone. Note that DHCP and IPv6 stateless address autoconfiguration can be used to configure addresses. See sysidcfg4 for more information. You can specify a number of mounts to be performed when the virtual platform is set up. File systems that are loopback-mounted into a zone by using the loopback virtual file system (LOFS) file system should be mounted with the nodevices option. For information on the nodevices option, see File Systems and Non-Global Zones.LOFS lets you create a new virtual file system so that you can access files by using an alternative path name. In a non-global zone, a loopback mount makes the file system hierarchy look as though it is duplicated under the zone's root. In the zone, all files will be accessible with a path name that starts from the zone's root. LOFS mounting preserves the file system name space.

Illustration shows loopback-mounted file systems.

See the lofs7S man page for more information. Task Description For Instructions Configure a non-global zone. Use the zonecfg command to create a zone, verify the configuration, and commit the configuration. You can also use a script to configure and boot multiple zones on your system. You can use the zonecfg command to display the configuration of a non-global zone. Configuring, Verifying, and Committing a Zone, Script to Configure Multiple Zones Modify a zone configuration. Use these procedures to modify a resource type in a zone configuration, modify a property type such as the name of a zone, or add a dedicated device to a zone. Using the zonecfg Command to Modify a Zone Configuration Revert a zone configuration or delete a zone configuration. Use the zonecfg command to undo a resource setting made to a zone configuration or to delete a zone configuration. Using the zonecfg Command to Revert or Remove a Zone Configuration Delete a zone configuration. Use the zonecfg command with the delete subcommand to delete a zone configuration from the system. How to Delete a Zone Configuration You use the zonecfg command described in the zonecfg1M man page to perform the following actions.Create the zone configuration Verify that all required information is present Commit the non-global zone configuration The zonecfg command can also be used to persistently specify the resource management settings for the global zone.While configuring a zone with the zonecfg utility, you can use the revert subcommand to undo the setting for a resource. See How to Revert a Zone Configuration.A script to configure multiple zones on your system is provided in Script to Configure Multiple Zones.To display a non-global zone's configuration, see How to Display the Configuration of a Non-Global Zone.Note that the only required elements to create a native non-global zone are the zonename and zonepath properties. Other resources and properties are optional. Some optional resources also require choices between alternatives, such as the decision to use either the dedicated-cpu resource or the capped-cpu resource. See Zone Configuration Data for information on available zonecfg properties and resources.You must be the global administrator in the global zone to perform this procedure. Become superuser, or assume the Primary Administrator role.To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration. Set up a zone configuration with the zone name you have chosen.The name my-zone is used in this example procedure.global# zonecfg -z my-zoneIf this is the first time you have configured this zone, you will see the following system message:my-zone: No such zone configured Use 'create' to begin configuring a new zone. Create the new zone configuration.This procedure uses the Sun default settings.zonecfg:my-zone> create Set the zone path, /export/home/my-zone in this procedure.zonecfg:my-zone> set zonepath=/export/home/my-zone Set the autoboot value.If set to true, the zone is automatically booted when the global zone is booted. Note that for the zones to autoboot, the zones service svc:/system/zones:default must also be enabled. The default value is false.zonecfg:my-zone> set autoboot=true Set persistent boot arguments for a zone.zonecfg:my-zone> set bootargs="-m verbose" Dedicate one CPU to this zone.zonecfg:my-zone> add dedicated-cpuSet the number of CPUs.zonecfg:my-zone:dedicated-cpu> set ncpus=1-2 (Optional) Set the importance.zonecfg:my-zone:dedicated-cpu> set importance=10The default is 1. End the specification.zonecfg:my-zone:dedicated-cpu> end Revise the default set of privileges.zonecfg:my-zone> set limitpriv="default,sys_time"This line adds the ability to set the system clock to the default set of privileges. Set the scheduling class to FSS.zonecfg:my-zone> set scheduling-class=FSS Add a memory cap.zonecfg:my-zone> add capped-memorySet the memory cap.zonecfg:my-zone:capped-memory> set physical=50m Set the swap memory cap.zonecfg:my-zone:capped-memory> set swap=100m Set the locked memory cap.zonecfg:my-zone:capped-memory> set locked=30m End the memory cap specification.zonecfg:my-zone:capped-memory> end Add a file system.zonecfg:my-zone> add fsSet the mount point for the file system, /usr/local in this procedure.zonecfg:my-zone:fs> set dir=/usr/local Specify that /opt/local in the global zone is to be mounted as /usr/local in the zone being configured.zonecfg:my-zone:fs> set special=/opt/localIn the non-global zone, the /usr/local file system will be readable and writable. Specify the file system type, lofs in this procedure.zonecfg:my-zone:fs> set type=lofsThe type indicates how the kernel interacts with the file system. End the file system specification.zonecfg:my-zone:fs> end This step can be performed more than once to add more than one file system. Add a ZFS dataset named sales in the storage pool tankzonecfg:my-zone> add datasetSpecify the path to the ZFS dataset sales.zonecfg:my-zone> set name=tank/sales End the dataset specification.zonecfg:my-zone> end (Sparse Root Zone Only) Add a shared file system that is loopback-mounted from the global zone.Do not perform this step to create a whole root zone, which does not have any shared file systems. See the discussion for whole root zones in Disk Space Requirements.zonecfg:my-zone> add inherit-pkg-dirSpecify that /opt/sfw in the global zone is to be mounted in read-only mode in the zone being configured.zonecfg:my-zone:inherit-pkg-dir> set dir=/opt/sfwThe zone's packaging database is updated to reflect the packages. These resources cannot be modified or removed after the zone has been installed using zoneadm. End the inherit-pkg-dir specification.zonecfg:my-zone:inherit-pkg-dir> end This step can be performed more than once to add more than one shared file system.If you want to create a whole root zone but default shared file systems resources have been added by using inherit-pkg-dir, you must remove these default inherit-pkg-dir resources using zonecfg before you install the zone:zonecfg:my-zone> remove inherit-pkg-dir dir=/lib zonecfg:my-zone> remove inherit-pkg-dir dir=/platform zonecfg:my-zone> remove inherit-pkg-dir dir=/sbin zonecfg:my-zone> remove inherit-pkg-dir dir=/usr (Optional) If you are creating an exclusive-IP zone, set the ip-type.zonecfg:my-zone> set ip-type=exclusiveOnly the physical device type will be specified in the add net step. Add a network interface.zonecfg:my-zone> add net(shared-IP only) Set the IP address for the network interface, 192.168.0.1 in this procedure.zonecfg:my-zone:net> set address=192.168.0.1 Set the physical device type for the network interface, the hme device in this procedure.zonecfg:my-zone:net> set physical=hme0 (Optional, shared-IP only) Set the default router for the network interface, in this procedure.zonecfg:my-zone:net> set defrouter=10.0.0.1 End the specification.zonecfg:my-zone:net> end This step can be performed more than once to add more than one network interface. Add a device.zonecfg:my-zone> add deviceSet the device match, /dev/sound/* in this procedure.zonecfg:my-zone:device> set match=/dev/sound/* End the device specification.zonecfg:my-zone:device> end This step can be performed more than once to add more than one device. Add a zone-wide resource control by using the property name.zonecfg:my-zone> set max-sem-ids=10485200This step can be performed more than once to add more than one resource control. Add a comment by using the attr resource type.zonecfg:my-zone> add attrSet the name to comment.zonecfg:my-zone:attr> set name=comment Set the type to string.zonecfg:my-zone:attr> set type=string Set the value to a comment that describes the zone.zonecfg:my-zone:attr> set value="This is my work zone." End the attr resource type specification.zonecfg:my-zone:attr> end Verify the zone configuration for the zone.zonecfg:my-zone> verify Commit the zone configuration for the zone.zonecfg:my-zone> commit Exit the zonecfg command.zonecfg:my-zone> exitNote that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs. The zonecfg command also supports multiple subcommands, quoted and separated by semicolons, from the same shell invocation.global# zonecfg -z my-zone "create ; set zonepath=/export/home/my-zone" See Installing and Booting Zones to install your committed zone configuration. You can use this script to configure and boot multiple zones on your system. The script takes the following parameters:The number of zones to be created The zonename prefix The directory to use as the base directory You must be the global administrator in the global zone to execute the script. The global administrator has superuser privileges in the global zone or assumes the Primary Administrator role.#!/bin/ksh # # Copyright 2006 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "%Z%%M% %I% %E% SMI" if [[ -z "$1" || -z "$2" || -z "$3" ]]; then echo "usage: $0 <#-of-zones> <zonename-prefix> <basedir>" exit 2 fi if [[ ! -d $3 ]]; then echo "$3 is not a directory" exit 1 fi nprocs=`psrinfo | wc -l` nzones=$1 prefix=$2 dir=$3 ip_addrs_per_if=`ndd /dev/ip ip_addrs_per_if` if [ $ip_addrs_per_if -lt $nzones ]; then echo "ndd parameter ip_addrs_per_if is too low ($ip_addrs_per_if)" echo "set it higher with 'ndd -set /dev/ip ip_addrs_per_if <num>" exit 1 fi i=1 while [ $i -le $nzones ]; do zoneadm -z $prefix$i list > /dev/null 2>&1 if [ $? != 0 ]; then echo configuring $prefix$i F=$dir/$prefix$i.config rm -f $F echo "create" > $F echo "set zonepath=$dir/$prefix$i" >> $F zonecfg -z $prefix$i -f $dir/$prefix$i.config 2>&1 | \ sed 's/^/ /g' else echo "skipping $prefix$i, already configured" fi i=`expr $i + 1` done i=1 while [ $i -le $nzones ]; do j=1 while [ $j -le $nprocs ]; do if [ $i -le $nzones ]; then if [ `zoneadm -z $prefix$i list -p | \ cut -d':' -f 3` != "configured" ]; then echo "skipping $prefix$i, already installed" else echo installing $prefix$i mkdir -pm 0700 $dir/$prefix$i chmod 700 $dir/$prefix$i zoneadm -z $prefix$i install > /dev/null 2>&1 & sleep 1 # spread things out just a tad fi fi i=`expr $i + 1` j=`expr $j + 1` done wait done i=1 while [ $i -le $nzones ]; do echo setting up sysid for $prefix$i cfg=$dir/$prefix$i/root/etc/sysidcfg rm -f $cfg echo "network_interface=NONE {hostname=$prefix$i}" > $cfg echo "system_locale=C" >> $cfg echo "terminal=xterms" >> $cfg echo "security_policy=NONE" >> $cfg echo "name_service=NONE" >> $cfg echo "timezone=US/Pacific" >> $cfg echo "root_password=Qexr7Y/wzkSbc" >> $cfg # 'l1a' i=`expr $i + 1` done i=1 para=`expr $nprocs \* 2` while [ $i -le $nzones ]; do date j=1 while [ $j -le $para ]; do if [ $i -le $nzones ]; then echo booting $prefix$i zoneadm -z $prefix$i boot & fi j=`expr $j + 1` i=`expr $i + 1` done wait done You must be the global administrator in the global zone to perform this procedure. Become superuser, or assume the Primary Administrator role.To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration. Display the configuration of a zone.global# zonecfg -z zonename info You can also use the zonecfg command to do the following:Modify a resource type in a zone configuration Clear a property value in a zone configuration Add a dedicated device to a zone You can select a resource type and modify the specification for that resource.Note that the contents of software packages in the inherit-pkg-dir directory cannot be modified or removed after the zone has been installed with zoneadm.You must be the global administrator in the global zone to perform this procedure. Become superuser, or assume the Primary Administrator role.To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration. Select the zone to be modified, my-zone in this procedure.global# zonecfg -z my-zone Select the resource type to be changed, for example, a resource control.zonecfg:my-zone> select rctl name=zone.cpu-shares Remove the current value.zonecfg:my-zone:rctl> remove value (priv=privileged,limit=20,action=none) Add the new value.zonecfg:my-zone:rctl> add value (priv=privileged,limit=10,action=none) End the revised rctl specification.zonecfg:my-zone:rctl> end Commit the zone configuration for the zone.zonecfg:my-zone> commit Exit the zonecfg command.zonecfg:my-zone> exitNote that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.Committed changes made through zonecfg take effect the next time the zone is booted. Use this procedure to reset a standalone property. Become superuser, or assume the Primary Administrator role.To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration. Select the zone to be modified, my-zone in this procedure.global# zonecfg -z my-zone Clear the property to be changed, the existing pool association in this procedure.zonecfg:my-zone> clear pool Commit the zone configuration for the zone.zonecfg:my-zone> commit Exit the zonecfg command.zonecfg:my-zone> exitNote that even if you did not explicitly type commit at the prompt, a commit is automatically attempted when you type exit or an EOF occurs.Committed changes made through zonecfg take effect the next time the zone is booted. This procedure can be used to rename zones that are in either the configured state or the installed state.You must be the global administrator in the global zone to perform this procedure. Become superuser, or assume the Primary Administrator role.To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration. Select the zone to be renamed, my-zone in this procedure.global# zonecfg -z my-zone Change the name of the zone, for example, to newzone.zonecfg:my-zone> set zonename=newzone Commit the change.zonecfg:newzone> commit Exit the zonecfg command.zonecfg:newzone> exitCommitted changes made through zonecfg take effect the next time the zone is booted. The following specification places a scanning device in a non-global zone configuration.You must be the global administrator in the global zone to perform this procedure. Become superuser, or assume the Primary Administrator role.To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration. Add a device.zonecfg:my-zone> add device Set the device match, /dev/scsi/scanner/c3t4* in this procedure.zonecfg:my-zone:device> set match=/dev/scsi/scanner/c3t4* End the device specification.zonecfg:my-zone:device> end Exit the zonecfg command.zonecfg:my-zone> exit This procedure is used to persistently set shares in the global zone.You must be the global administrator in the global zone to perform this procedure. Become superuser, or assume the Primary Administrator role.To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration. Use the zonecfg command .# zonecfg -z global Set five shares for the global zone.zonecfg:global> set cpu-shares=5 Exit zonecfg.zonecfg:global> exit Use the zonecfg command described in zonecfg1M to revert a zone's configuration or to delete a zone configuration.While configuring a zone with the zonecfg utility, use the revert subcommand to undo a resource setting made to the zone configuration.You must be the global administrator in the global zone to perform this procedure. Become superuser, or assume the Primary Administrator role.To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration. While configuring a zone called tmp-zone, type info to view your configuration:zonecfg:tmp-zone> infoThe net resource segment of the configuration displays as follows:. . . fs: dir: /tmp special: swap type: tmpfs net: address: 192.168.0.1 physical: eri0 device match: /dev/pts/* . . . Remove the net address:zonecfg:tmp-zone> remove net address=192.168.0.1 Verify that the net entry has been removed.zonecfg:tmp-zone> info. . . fs: dir: /tmp special: swap type: tmpfs device match: /dev/pts/* . . . Type revert.zonecfg:tmp-zone> revert Answer yes to the following question:Are you sure you want to revert (y/[n])? y Verify that the net address is once again present:zonecfg:tmp-zone> info. . . fs: dir: /tmp special: swap type: tmpfs net: address: 192.168.0.1 physical: eri0 device match: /dev/pts/* . . . Use zonecfg with the delete subcommand to delete a zone configuration from the system.You must be the global administrator in the global zone to perform this procedure. Become superuser, or assume the Primary Administrator role.To create the role and assign the role to a user, see Using the Solaris Management Tools With RBAC (Task Map) in System Administration Guide: Basic Administration. Delete the zone configuration for the zone a-zone by using one of the following two methods:Use the F option to force the action:global# zonecfg -z a-zone delete -F Delete the zone interactively by answering yes to the system prompt:global# zonecfg -z a-zone delete Are you sure you want to delete zone a-zone (y/[n])? y