Sunday, April 9, 2017

Kernel zones support

The advent of kernel zones in Solaris 11.2 is another great improvement to Solaris. But it may not be supported on aging hardware as I may have just found out. I happen to use a box more than 5 years old, from later 2009, which seems not support all the required virtualization technology for kernel zones. But I'm pending confirmation if my issue is just because I have VirtualBox installed on my x86-64 and this is posing some sort of conflict with kernel zones availability in terms of lack of (already allocated to VirtualBox) virtualization resources.

So if you're planning to set aside some "cool hardware" for your Solaris 11.3 kernel zones, I suggest you learn from this experience of mine beforehand in order to make sure your "cool hardware" and system setup meet all the requirements.

You may start by checking the man page solaris-kz(5):
...

The  solaris-kz  brand  uses certain hardware features which may not be available in older systems, or in virtualized environments.  To  detect whether  a  system  supports  the  solaris-kz brand, install the brand-solaris-kz package and then run the virtinfo command.

# virtinfo -c supported list kernel-zone

If kernel-zone is not shown in the supported list, you can  see  syslog for  more information. Messages pertaining to kernel zones will contain the string kernel-zone.
 
...
In my case, in general, I've got:

$ virtinfo -c supported list kernel-zone
kernel-zone: no such supported virtual environment found

 $ virtinfo
NAME            CLASS    
non-global-zone supported

And under VirtualBox 5.1.18 r114002, I've got:

$ virtinfo
NAME            CLASS    
virtualbox      current  
non-global-zone supported

Well, it's true that in the logs you'll have to look for kernel-zone.
But you'll have to do so in /var/adm/messages instead.
So I set out to further investigate what was missing.

For my physical box I've got:

$ grep kernel-zone /var/adm/messages | cut -d: -f5,6 | sort -u
... environment not supported: VMX already in use
... unsupported Intel model 15

And under VirtualBox (on that same physical box), I've got:

$ grep kernel-zone /var/adm/messages | cut -d: -f5,6 | sort -u
... environment not supported: CPU doesn't have VMX

According to a wikipedia article on x86 virtualization, VMX happen to be the designation for the CPU flag related to VT-x support. What caught my attention was the single message VMX already in use. It appeared just once and it's true I have enabled virtualization support on my physical box's BIOS which makes me wonder if the situation would change in favor of kernel-zones meeting all its requirements if I completely uninstall VirtualBox. I haven't tried it yet nor I'm willing to do it right now as I do heavy use of VirtualBox. But depending on the scenario, the trade-off would certainly pay off.

By the way, I'd like to mention that I did try something less drastic than uninstalling VirtualBox. I tried disabling (setting to off) the VirtualBox's property hwvirtexclusive but that didn't make any difference in solving the problem (at least as to version 5.1.18). Later I found a forum entry about this that claims to have worked, but this was for earlier versions.
    
Posted by at
Labels: , ,