config-solaris.md

# <a name="solarisApplicationContainerConfiguration" />Solaris Application Container Configuration

Solaris application containers can be configured using the following properties, all of the below properties have mappings to properties specified under [zonecfg(1M)][zonecfg.1m_2] man page, except milestone.

## <a name="configSolarisMilestone" />milestone
The SMF(Service Management Facility) FMRI which should go to "online" state before we start the desired process within the container.

**`milestone`** *(string, OPTIONAL)*

### Example
```json
"milestone": "svc:/milestone/container:default"
```

## <a name="configSolarisLimitpriv" />limitpriv
The maximum set of privileges any process in this container can obtain.
The property should consist of a comma-separated privilege set specification as described in [priv_str_to_set(3C)][priv-str-to-set.3c] man page for the respective release of Solaris.

**`limitpriv`** *(string, OPTIONAL)*

### Example
```json
"limitpriv": "default"
```

## <a name="configSolarisMaxShmMemory" />maxShmMemory
The maximum amount of shared memory allowed for this application container.
A scale (K, M, G, T) can be applied to the value for each of these numbers (for example, 1M is one megabyte).
Mapped to `max-shm-memory` in [zonecfg(1M)][zonecfg.1m_2] man page.

**`maxShmMemory`** *(string, OPTIONAL)*

### Example
```json
"maxShmMemory": "512m"
```

## <a name="configSolarisCappedCpu" />cappedCPU
Sets a limit on the amount of CPU time that can be used by a container.
The unit used translates to the percentage of a single CPU that can be used by all user threads in a container, expressed as a fraction (for example, .75) or a mixed number (whole number and fraction, for example, 1.25).
An ncpu value of 1 means 100% of a CPU, a value of 1.25 means 125%, .75 mean 75%, and so forth.
When projects within a capped container have their own caps, the minimum value takes precedence.
cappedCPU is mapped to `capped-cpu` in [zonecfg(1M)][zonecfg.1m_2] man page.

* **`ncpus`** *(string, OPTIONAL)*

### Example
```json
"cappedCPU": {
    "ncpus": "8"
}
```

## <a name="configSolarisCappedMemory" />cappedMemory
The physical and swap caps on the memory that can be used by this application container.
A scale (K, M, G, T) can be applied to the value for each of these numbers (for example, 1M is one megabyte).
cappedMemory is mapped to `capped-memory` in [zonecfg(1M)][zonecfg.1m_2] man page.

* **`physical`** *(string, OPTIONAL)*
* **`swap`** *(string, OPTIONAL)*

### Example
```json
"cappedMemory": {
    "physical": "512m",
    "swap": "512m"
}
```

## <a name="configSolarisNetwork" />Network

### <a name="configSolarisAutomaticNetwork" />Automatic Network (anet)
anet is specified as an array that is used to set up networking for Solaris application containers.
The anet resource represents the automatic creation of a network resource for an application container.
The zones administration daemon, zoneadmd, is the primary process for managing the container's virtual platform.
One of the daemon's responsibilities is creation and teardown of the networks for the container.
For more information on the daemon see the [zoneadmd(1M)][zoneadmd.1m] man page.
When such a container is started, a temporary VNIC(Virtual NIC) is automatically created for the container.
The VNIC is deleted when the container is torn down.
The following properties can be used to set up automatic networks.
For additional information on properties, check the [zonecfg(1M)][zonecfg.1m_2] man page for the respective release of Solaris.

* **`linkname`** *(string, OPTIONAL)* Specify a name for the automatically created VNIC datalink.
* **`lowerLink`** *(string, OPTIONAL)* Specify the link over which the VNIC will be created.
Mapped to `lower-link` in the [zonecfg(1M)][zonecfg.1m_2] man page.
* **`allowedAddress`** *(string, OPTIONAL)* The set of IP addresses that the container can use might be constrained by specifying the `allowedAddress` property.
    If `allowedAddress` has not been specified, then they can use any IP address on the associated physical interface for the network resource.
    Otherwise, when `allowedAddress` is specified, the container cannot use IP addresses that are not in the `allowedAddress` list for the physical address.
    Mapped to `allowed-address` in the [zonecfg(1M)][zonecfg.1m_2] man page.
* **`configureAllowedAddress`** *(string, OPTIONAL)* If `configureAllowedAddress` is set to true, the addresses specified by `allowedAddress` are automatically configured on the interface each time the container starts.
    When it is set to false, the `allowedAddress` will not be configured on container start.
    Mapped to `configure-allowed-address` in the [zonecfg(1M)][zonecfg.1m_2] man page.
* **`defrouter`** *(string, OPTIONAL)* The value for the OPTIONAL default router.
* **`macAddress`** *(string, OPTIONAL)* Set the VNIC's MAC addresses based on the specified value or keyword.
    If not a keyword, it is interpreted as a unicast MAC address.
    For a list of the supported keywords please refer to the [zonecfg(1M)][zonecfg.1m_2] man page of the respective Solaris release.
    Mapped to `mac-address` in the [zonecfg(1M)][zonecfg.1m_2] man page.
* **`linkProtection`** *(string, OPTIONAL)* Enables one or more types of link protection using comma-separated values.
    See the protection property in dladm(8) for supported values in respective release of Solaris.
    Mapped to `link-protection` in the [zonecfg(1M)][zonecfg.1m_2] man page.

#### Example
```json
"anet": [
    {
        "allowedAddress": "172.17.0.2/16",
        "configureAllowedAddress": "true",
        "defrouter": "172.17.0.1/16",
        "linkProtection": "mac-nospoof, ip-nospoof",
        "linkname": "net0",
        "lowerLink": "net2",
        "macAddress": "02:42:f8:52:c7:16"
    }
]
```


[priv-str-to-set.3c]: https://docs.oracle.com/cd/E86824_01/html/E54766/priv-str-to-set-3c.html
[zoneadmd.1m]: https://docs.oracle.com/cd/E86824_01/html/E54764/zoneadmd-1m.html
[zonecfg.1m_2]: https://docs.oracle.com/cd/E86824_01/html/E54764/zonecfg-1m.html
[Config Solaris] Add anchor tags for headings Signed-off-by: Rob Dolin <robdolin@microsoft.com> 2016-11-30 15:42:09 -08:00			`# <a name="solarisApplicationContainerConfiguration" />Solaris Application Container Configuration`
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00
config-solaris: Restore 'zonecfg.1m_2' link targets These were added in f9dc90b0 (make link usage consistent across the specification, 2017-08-09, #687) to follow the new _N name-dedup policy discussed in style.md. They were removed in ea65eb3d (config-solaris.md: fix info, 2017-04-28, #786), overlooking that policy. This commit brings them back. Signed-off-by: W. Trevor King <wking@tremily.us> 2017-05-09 14:50:16 -07:00			`Solaris application containers can be configured using the following properties, all of the below properties have mappings to properties specified under [zonecfg(1M)][zonecfg.1m_2] man page, except milestone.`
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00
[Config Solaris] Add anchor tags for headings Signed-off-by: Rob Dolin <robdolin@microsoft.com> 2016-11-30 15:42:09 -08:00			`## <a name="configSolarisMilestone" />milestone`
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00			`The SMF(Service Management Facility) FMRI which should go to "online" state before we start the desired process within the container.`

config: Replace "optional" with "OPTIONAL" In all of these cases we want to use the RFC 2119 semantics. Generated with: $ sed -i 's/optional/OPTIONAL/g' config*.md Signed-off-by: W. Trevor King <wking@tremily.us> 2016-09-17 21:59:07 -07:00			`milestone` (string, OPTIONAL)
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00
			`### Example`
			```json
			`"milestone": "svc:/milestone/container:default"`
			```

[Config Solaris] Add anchor tags for headings Signed-off-by: Rob Dolin <robdolin@microsoft.com> 2016-11-30 15:42:09 -08:00			`## <a name="configSolarisLimitpriv" />limitpriv`
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00			`The maximum set of privileges any process in this container can obtain.`
make link usage consistent across the specification Signed-off-by: Jesse Butler <jesse.butler@oracle.com> 2017-02-09 15:32:39 -05:00			`The property should consist of a comma-separated privilege set specification as described in [priv_str_to_set(3C)][priv-str-to-set.3c] man page for the respective release of Solaris.`
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00
config: Replace "optional" with "OPTIONAL" In all of these cases we want to use the RFC 2119 semantics. Generated with: $ sed -i 's/optional/OPTIONAL/g' config*.md Signed-off-by: W. Trevor King <wking@tremily.us> 2016-09-17 21:59:07 -07:00			`limitpriv` (string, OPTIONAL)
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00
			`### Example`
			```json
			`"limitpriv": "default"`
			```

[Config Solaris] Add anchor tags for headings Signed-off-by: Rob Dolin <robdolin@microsoft.com> 2016-11-30 15:42:09 -08:00			`## <a name="configSolarisMaxShmMemory" />maxShmMemory`
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00			`The maximum amount of shared memory allowed for this application container.`
			`A scale (K, M, G, T) can be applied to the value for each of these numbers (for example, 1M is one megabyte).`
config-solaris: Restore 'zonecfg.1m_2' link targets These were added in f9dc90b0 (make link usage consistent across the specification, 2017-08-09, #687) to follow the new _N name-dedup policy discussed in style.md. They were removed in ea65eb3d (config-solaris.md: fix info, 2017-04-28, #786), overlooking that policy. This commit brings them back. Signed-off-by: W. Trevor King <wking@tremily.us> 2017-05-09 14:50:16 -07:00			Mapped to `max-shm-memory` in [zonecfg(1M)][zonecfg.1m_2] man page.
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00
config: Replace "optional" with "OPTIONAL" In all of these cases we want to use the RFC 2119 semantics. Generated with: $ sed -i 's/optional/OPTIONAL/g' config*.md Signed-off-by: W. Trevor King <wking@tremily.us> 2016-09-17 21:59:07 -07:00			`maxShmMemory` (string, OPTIONAL)
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00
			`### Example`
			```json
			`"maxShmMemory": "512m"`
			```

[Config Solaris] Add anchor tags for headings Signed-off-by: Rob Dolin <robdolin@microsoft.com> 2016-11-30 15:42:09 -08:00			`## <a name="configSolarisCappedCpu" />cappedCPU`
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00			`Sets a limit on the amount of CPU time that can be used by a container.`
			`The unit used translates to the percentage of a single CPU that can be used by all user threads in a container, expressed as a fraction (for example, .75) or a mixed number (whole number and fraction, for example, 1.25).`
			`An ncpu value of 1 means 100% of a CPU, a value of 1.25 means 125%, .75 mean 75%, and so forth.`
			`When projects within a capped container have their own caps, the minimum value takes precedence.`
config-solaris: Restore 'zonecfg.1m_2' link targets These were added in f9dc90b0 (make link usage consistent across the specification, 2017-08-09, #687) to follow the new _N name-dedup policy discussed in style.md. They were removed in ea65eb3d (config-solaris.md: fix info, 2017-04-28, #786), overlooking that policy. This commit brings them back. Signed-off-by: W. Trevor King <wking@tremily.us> 2017-05-09 14:50:16 -07:00			cappedCPU is mapped to `capped-cpu` in [zonecfg(1M)][zonecfg.1m_2] man page.
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00
config: Replace "optional" with "OPTIONAL" In all of these cases we want to use the RFC 2119 semantics. Generated with: $ sed -i 's/optional/OPTIONAL/g' config*.md Signed-off-by: W. Trevor King <wking@tremily.us> 2016-09-17 21:59:07 -07:00			* `ncpus` (string, OPTIONAL)
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00
			`### Example`
			```json
			`"cappedCPU": {`
remove unneeded indent Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com> Signed-off-by: H. Vetinari <h.vetinari@gmx.com> 2017-12-01 11:53:02 +08:00			`"ncpus": "8"`
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00			`}`
			```

[Config Solaris] Add anchor tags for headings Signed-off-by: Rob Dolin <robdolin@microsoft.com> 2016-11-30 15:42:09 -08:00			`## <a name="configSolarisCappedMemory" />cappedMemory`
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00			`The physical and swap caps on the memory that can be used by this application container.`
			`A scale (K, M, G, T) can be applied to the value for each of these numbers (for example, 1M is one megabyte).`
config-solaris: Restore 'zonecfg.1m_2' link targets These were added in f9dc90b0 (make link usage consistent across the specification, 2017-08-09, #687) to follow the new _N name-dedup policy discussed in style.md. They were removed in ea65eb3d (config-solaris.md: fix info, 2017-04-28, #786), overlooking that policy. This commit brings them back. Signed-off-by: W. Trevor King <wking@tremily.us> 2017-05-09 14:50:16 -07:00			cappedMemory is mapped to `capped-memory` in [zonecfg(1M)][zonecfg.1m_2] man page.
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00
config: Replace "optional" with "OPTIONAL" In all of these cases we want to use the RFC 2119 semantics. Generated with: $ sed -i 's/optional/OPTIONAL/g' config*.md Signed-off-by: W. Trevor King <wking@tremily.us> 2016-09-17 21:59:07 -07:00			* `physical` (string, OPTIONAL)
			* `swap` (string, OPTIONAL)
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00
			`### Example`
			```json
			`"cappedMemory": {`
remove unneeded indent Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com> Signed-off-by: H. Vetinari <h.vetinari@gmx.com> 2017-12-01 11:53:02 +08:00			`"physical": "512m",`
			`"swap": "512m"`
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00			`}`
			```

[Config Solaris] Add anchor tags for headings Signed-off-by: Rob Dolin <robdolin@microsoft.com> 2016-11-30 15:42:09 -08:00			`## <a name="configSolarisNetwork" />Network`
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00
[Config Solaris] Add anchor tags for headings Signed-off-by: Rob Dolin <robdolin@microsoft.com> 2016-11-30 15:42:09 -08:00			`### <a name="configSolarisAutomaticNetwork" />Automatic Network (anet)`
tfix: replace setup setup is a noun, 'set up' is a verb Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com> 2017-05-14 14:24:19 +08:00			`anet is specified as an array that is used to set up networking for Solaris application containers.`
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00			`The anet resource represents the automatic creation of a network resource for an application container.`
			`The zones administration daemon, zoneadmd, is the primary process for managing the container's virtual platform.`
make link usage consistent across the specification Signed-off-by: Jesse Butler <jesse.butler@oracle.com> 2017-02-09 15:32:39 -05:00			`One of the daemon's responsibilities is creation and teardown of the networks for the container.`
			`For more information on the daemon see the [zoneadmd(1M)][zoneadmd.1m] man page.`
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00			`When such a container is started, a temporary VNIC(Virtual NIC) is automatically created for the container.`
			`The VNIC is deleted when the container is torn down.`
tfix: replace setup setup is a noun, 'set up' is a verb Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com> 2017-05-14 14:24:19 +08:00			`The following properties can be used to set up automatic networks.`
config-solaris: Restore 'zonecfg.1m_2' link targets These were added in f9dc90b0 (make link usage consistent across the specification, 2017-08-09, #687) to follow the new _N name-dedup policy discussed in style.md. They were removed in ea65eb3d (config-solaris.md: fix info, 2017-04-28, #786), overlooking that policy. This commit brings them back. Signed-off-by: W. Trevor King <wking@tremily.us> 2017-05-09 14:50:16 -07:00			`For additional information on properties, check the [zonecfg(1M)][zonecfg.1m_2] man page for the respective release of Solaris.`
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00
config: Replace "optional" with "OPTIONAL" In all of these cases we want to use the RFC 2119 semantics. Generated with: $ sed -i 's/optional/OPTIONAL/g' config*.md Signed-off-by: W. Trevor King <wking@tremily.us> 2016-09-17 21:59:07 -07:00			* `linkname` (string, OPTIONAL) Specify a name for the automatically created VNIC datalink.
			* `lowerLink` (string, OPTIONAL) Specify the link over which the VNIC will be created.
config-solaris: Restore 'zonecfg.1m_2' link targets These were added in f9dc90b0 (make link usage consistent across the specification, 2017-08-09, #687) to follow the new _N name-dedup policy discussed in style.md. They were removed in ea65eb3d (config-solaris.md: fix info, 2017-04-28, #786), overlooking that policy. This commit brings them back. Signed-off-by: W. Trevor King <wking@tremily.us> 2017-05-09 14:50:16 -07:00			Mapped to `lower-link` in the [zonecfg(1M)][zonecfg.1m_2] man page.
format specs with 4 spaces indent Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com> 2017-05-23 15:32:52 +08:00			* `allowedAddress` (string, OPTIONAL) The set of IP addresses that the container can use might be constrained by specifying the `allowedAddress` property.
			If `allowedAddress` has not been specified, then they can use any IP address on the associated physical interface for the network resource.
			Otherwise, when `allowedAddress` is specified, the container cannot use IP addresses that are not in the `allowedAddress` list for the physical address.
			Mapped to `allowed-address` in the [zonecfg(1M)][zonecfg.1m_2] man page.
			* `configureAllowedAddress` (string, OPTIONAL) If `configureAllowedAddress` is set to true, the addresses specified by `allowedAddress` are automatically configured on the interface each time the container starts.
			When it is set to false, the `allowedAddress` will not be configured on container start.
			Mapped to `configure-allowed-address` in the [zonecfg(1M)][zonecfg.1m_2] man page.
config: Replace "optional" with "OPTIONAL" In all of these cases we want to use the RFC 2119 semantics. Generated with: $ sed -i 's/optional/OPTIONAL/g' config*.md Signed-off-by: W. Trevor King <wking@tremily.us> 2016-09-17 21:59:07 -07:00			* `defrouter` (string, OPTIONAL) The value for the OPTIONAL default router.
config-solaris: Fix "VNIC`s" -> "VNIC's" typo Unwind an overly-aggressive backtick replacement from f9dc90b0 (make link usage consistent across the specification, 2017-02-09, #687). Signed-off-by: W. Trevor King <wking@tremily.us> 2017-03-03 12:22:30 -08:00			* `macAddress` (string, OPTIONAL) Set the VNIC's MAC addresses based on the specified value or keyword.
format specs with 4 spaces indent Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com> 2017-05-23 15:32:52 +08:00			`If not a keyword, it is interpreted as a unicast MAC address.`
			`For a list of the supported keywords please refer to the [zonecfg(1M)][zonecfg.1m_2] man page of the respective Solaris release.`
			Mapped to `mac-address` in the [zonecfg(1M)][zonecfg.1m_2] man page.
config: Replace "optional" with "OPTIONAL" In all of these cases we want to use the RFC 2119 semantics. Generated with: $ sed -i 's/optional/OPTIONAL/g' config*.md Signed-off-by: W. Trevor King <wking@tremily.us> 2016-09-17 21:59:07 -07:00			* `linkProtection` (string, OPTIONAL) Enables one or more types of link protection using comma-separated values.
format specs with 4 spaces indent Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com> 2017-05-23 15:32:52 +08:00			`See the protection property in dladm(8) for supported values in respective release of Solaris.`
			Mapped to `link-protection` in the [zonecfg(1M)][zonecfg.1m_2] man page.
Introducing Solaris in OCI Signed-off-by: Abhijeeth Nuthan <abhijeeth.nuthan@oracle.com> 2016-04-25 20:03:09 -07:00
			`#### Example`
			```json
			`"anet": [`
			`{`
			`"allowedAddress": "172.17.0.2/16",`
			`"configureAllowedAddress": "true",`
			`"defrouter": "172.17.0.1/16",`
			`"linkProtection": "mac-nospoof, ip-nospoof",`
			`"linkname": "net0",`
			`"lowerLink": "net2",`
			`"macAddress": "02:42:f8:52:c7:16"`
			`}`
			`]`
			```
make link usage consistent across the specification Signed-off-by: Jesse Butler <jesse.butler@oracle.com> 2017-02-09 15:32:39 -05:00

update http links to https Most of these either redirect (so changing saves an extra redirect), or have a TLS version available. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2024-11-04 12:25:33 +01:00			`[priv-str-to-set.3c]: https://docs.oracle.com/cd/E86824_01/html/E54766/priv-str-to-set-3c.html`
			`[zoneadmd.1m]: https://docs.oracle.com/cd/E86824_01/html/E54764/zoneadmd-1m.html`
			`[zonecfg.1m_2]: https://docs.oracle.com/cd/E86824_01/html/E54764/zonecfg-1m.html`