illumos gate

For some logically distributed systems running in local zones under the same GZ, it may be beneficial to have local zones maintained as separate SMF instances with administrator-defined dependencies on each other (i.e. appserver zone should start only if "its" DBMS zone has started, and appserver zone's reboot should be triggered if DBMS zone is "powercycled"), as well as possibly tweaked start methods to complete the startup method (i.e. DBMS and LDAP should complete startup before an app-server begins starting).

Local-zone lifecycle is by default controlled by /lib/svc/method/svc-zones method script via svc:/system/zones:default SMF service instance, which currently has the following drawbacks:

• the "stop" method tries to "zlogin -S ZONE init 0" and then "zoneadm -z ZONE halt" all of running local zones, including those without the autoboot=true zone property;
• the "start" method tries to start all defined local zones with the autoboot=true property.
• startup of the local zone is deemed to have completed just after its zoneadmd has been spawned

This feature proposes that:
1) a list of exceptions be maintained for the method script to avoid starting/stopping zones which are wrapped into separate SMF instances.
For example, declare support for zones wrapped as "svc:/system/zones:ZONENAME" and parse the SMF instance list (using "svcs -a" to include disabled instances) to exclude such ZONENAME local zones from startup/shutdown if the current SMF_FMRI=="svc:/system/zones:default".
2) if the method script is invoked with current SMF_FMRI=="svc:/system/zones:ZONENAME", it should only try to control the lifecycle of the local zone named ZONENAME (i.e. start it IFF autoboot=true, or "init 0/halt" it if it is running).
3) (optional) the local zone's brand should be consulted to see if the LZ is expected to support "init 0" at all, or if halt (or SIGTERM) should be issued right away?
4) (optional) for non-default zones there should be a configurable method (i.e. "zlogin ZONE /sbin/testmyself.sh" which might issue an ldapsearch or an sql-query on localhost, or whatever) to test whether the zone has completed startup - as defined by the zone's admin, in order to transfer its SMF instance wrapper into "online" mode and allow startup of zones depending on this one's services.
5) (optional) regularly run that self-test method for non-default zones in order to cause zone restarts if the target service is down for too long...

6) in order to maintain the backward feature compatibility, the "zones:default" service might be a dependency wrapper over all non-default zone SMF instances as well as some catch-all instance for "default" zones. The catch-all might be named "global", since this string is already reserved as an invalid LZ name, but that's discussable. Some method is due in this case to automatically maintain the list of dependencies for the "zones:default" instance (to add/remove the catch-all and non-default instances).
In this case actions like "svcadm disable zones:default" would, like before, cause shutdown of all zones - but for non-default zones this would be done in an orderly manner (i.e. stop appservers first, databases last).