Migrating a Solaris 11 Kernel Zone

You can migrate a kernel zone to another host by using the zoneadm suspend command. For zone migrations, a zone configuration must be portable across machines. For example, you cannot use a zvol on the source host.

NOTE: A zone source and destination must be on the same platform for a zone migration. On x86 systems, the vendor as well as the CPU revision must be identical. On SPARC, the hardware platform must be the same. For example, you cannot migrate a kernel zone from a T4 host to a T3 host.

Procedure

For the benefit of this article we are running Oracle Solaris 11.2 on two Oracle SPARC T4-2 Servers (global-src and global-dest).

  1. On both the source and destination global zones, become a superuser or administrator with the correct privilages.
  2. Suspend the file system on the kernel zone to be migrated using:
    zoneadm -z <zonename> suspend
    For example to suspend kernal zone kzone1 on global zone global-src:
    global-src# zoneadm -z kzone1 suspend
  3. Detach the kernel zone file system on the global zone using:
    zoneadm -z <zonename> detach
    For example to detach kernal zone kzone1 on global zone global-src:
    global-src# zoneadm -z kzone1 detach
  4. Export the zone configuration and transfer the file to the new host using:
    zonecfg -z <zonename> export | ssh root@newhost zonecfg -z <zonename> -f -
    For example to export kernal zone kzone1 on global zone global-src and import on global-zone global-dest:
    global-src# zonecfg -z kzone1 export | ssh root@global-dest zonecfg -z kzone1 -f -
  5. Attach the exported zone on the new global zone using:
    zoneadm -z <zonename> attach
    For example to attach kernal zone kzone1 on global zone global-dest:
    global-dest# zoneadm -z kzone1 attach
  6. Boot the kernel zone on the new global zone to resume the migrated zone using:
    zoneadm -z <zonename> boot
    For example to boot kernal zone kzone1 on global zone global-dest:
    global-dest# zoneadm -z kzone1 boot

    NOTE: To prevent loss of the encryption key during a kernel zone migration, use the zonecfg export command on the source system to generate a command file to be used on the destination system. For example, to generate a command file for zone kzone2 migrated from global-src to global-dest:

    global-src# zonecfg -z kzone2 export -f /net/.../kzone2.cfg
    global-dest# zonecfg -z kzone2 -f /net/.../kzone2.cfg