Solaris 11 brought us the ability to have Immutable non global Zones. With Solaris 11.2 we have extended that capability so that it works with Kernel Zones, LDOMs (OVM SPARC) and bare metal global zones.
Now what about deploying Immutable Zones via OpenStack ?
The way to do this is to via the Flavors
facility in Nova.
From the OpenStack Dashboard (Horizon) navigate to the
Admin-> Flavor page. We can either update an existing one of the
Solaris flavours or create a new one. Lets do this by creating a new
one called 'Immutable Solaris non global Zone'
Make sure you set the 'Flavor Access' to include the projects you want to use this.
Then from the 'More' menu on the entry in the table select 'View Extra Specs'
that will bring up a window like this one, since we are creating a new entry from scratch we have to also setup the type of zone this will be.
Select Create and fill in the following to set a non global
zone (if you wanted a kernel zone instead then change the value to
The do the same again and create a key/value pair for
'zonecfg:file-mac-profile' with the value being one of
Thats it close the flavor window and now we can select this as a type when we deploy a new instance.
If create a new VM instance using this flavor and look at
the configuration of the zone that Nova is deploying for us we will see
something like this:
$ zonecfg -z instance-0000000f info
It is possible to set other zonecfg global scope settings here as well. Currently the choice is limited to a fixed set but I'm hoping to change that to allow any of the known global scope settings. This would allow using some of the more advanced Zone resource controls via an OpenStack Nova Flavor.
-- Darren J Moffat