By Darren Moffat-Oracle on Jul 31, 2014
Solaris 11 brought us the ability to have Immutable non global Zones. With Solaris 11.2 we have extended that capability so that it works with Kernel Zones, LDOMs (OVM SPARC) and bare metal global zones.
Now what about deploying Immutable Zones via OpenStack ?
The way to do this is to via the Flavors facility in Nova.
From the OpenStack Dashboard (Horizon) navigate to the
Admin-> Flavor page. We can either update an existing one of the
Solaris flavours or create a new one. Lets do this by creating a new
one called 'Immutable Solaris non global Zone'
Make sure you set the 'Flavor Access' to include the projects you want to use this.
Then from the 'More' menu on the entry in the table select 'View Extra Specs'
that will bring up a window like this one, since we are creating a new entry from scratch we have to also setup the type of zone this will be.
Select Create and fill in the following to set a non global zone (if you wanted a kernel zone instead then change the value to solaris-kz):
The do the same again and create a key/value pair for 'zonecfg:file-mac-profile' with the value being one of 'flexible-configuration,fixed-configuration,strict' eg:
Thats it close the flavor window and now we can select this as a type when we deploy a new instance.
If create a new VM instance using this flavor and look at the configuration of the zone that Nova is deploying for us we will see something like this:
$ zonecfg -z instance-0000000f info zonename: instance-0000000f zonepath: /system/zones/instance-0000000f brand: solaris autoboot: false autoshutdown: shutdown bootargs: file-mac-profile: fixed-configuration ...
It is possible to set other zonecfg global scope settings here as well. Currently the choice is limited to a fixed set but I'm hoping to change that to allow any of the known global scope settings. This would allow using some of the more advanced Zone resource controls via an OpenStack Nova Flavor.