Re: [zones-discuss] NFS: Cannot share a zfs dataset added to a labeled zone
I took another look at this configuration, and have yet another suggestion. Instead of specifying the zfs dataset using zonecfg's datatset keyword, where it is mounted by the zone, you can just specify that it should be mounted by zoneadm, instead. I previously suggested doing this: zonecfg:zone-name add dataset zonecfg:zone-name:dataset set name=zone/data zonecfg:zone-name:dataset end But that delays the dataset from being mounted until after the dfstab file is interpreted. To get it mounted earlier (by zoneadm) you should do this instead: zfs set mountpoint=legacy zone/data zfs set zoned=off zone/data zonecfg:zone-name add fs zonecfg:zone-name:fs set dir=/data zonecfg:zone-name:fs set special=zone/data zonecfg:zone-name:fs set type=zfs zonecfg:zone-name:fs end This causes the dataset to be mounted in the zone (at /data) before the dfstab file gets interpreted. The /zone/zone-name/etc/dfs/dfstab file should use the pathname (/data), too. share -F nfs /data There are subtle differences between the two approaches. Giving the dataset to the zone allows the zone's administrator to remount it and set other properties. But mounting the dataset as a filesystem, the zone's administrator no longer has that control. --Glenn This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] NFS: Cannot share a zfs dataset added to a labeled zone
- I set the mount point as follows. zfs set mountpoint=/zone/restricted/root/data zone/data - I then added the dataset to the restricted zone using zonecfg. The full path to the dataset is now /zone/restricted/root/zone/restricted/root/data. I am not sure if that is what you intended, but it is a result of adding it as a dataset to the zone after setting the mountpoint. - I updated the /zone/restricted/etc/dfs/dfstab with the following line. /usr/bin/share -F nfs -o rw /zone/restricted/root/zone/data - During reboot I receive the following error. cannot mount 'zone/data': mountpoint or dataset is busy svc:/system/filesystem/local:default: WARNING: /usr/sbin/zfs mount -a failed: exit status 1 Oct 31 14:43:08 svc.startd[19960]: svc:/system/filesystem/local:default: Method /lib/svc/method/fs-local failed with exit status 95. Oct 31 14:43:08 svc.startd[19960]: system/filesystem/local:default failed fatally: transitioned to maintenance (see 'svcs -xv' for details) - This is exactly the same problem that prompted the original message. Service fail during boot which prevent opening a console. This only occurs when you try to share the dataset. If you remove the line from /zone/restricted/etc/dfs/dfstab and reboot the zone everything works fine. Any ideas what I am doing wrong? This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] NFS: Cannot share a zfs dataset added to a labeled zone
I posted an earlier reply to zones-discuss, but I didn't copy all of the forums in the original posting. I'm doing so now. I am also correcting some errors in my earlier reply: Yes, it is possible to share a zfs dataset that has been added to a labeled zone. Set the mountpoint property of your dataset zone/data to be within the restricted zone's root. For example: # zfs set mountpoint=/zone/needtoknow/root/zone/data zone/data Then you should specify, using zonecfg, that the dataset is associated with the zone. zonecfg:zone-name add dataset zonecfg:zone-name:dataset set name=zone/data zonecfg:zone-name:dataset end I previously stated that you didn't need to specify the dataset via zonecfg, if the zone is already running. However, in the general case, you should do so. If the dataset is mounted before the zone has been booted, zoneadm will fail to boot the zone because its file namespace it not empty. Then you should be able to share it via NFS, by editing the approriate dfstab file in the global zone. In this case, the dfstab file would be: /zone/restricted/etc/dfs/dfstab When the zone is booted, the dataset will be mounted automatically as a read-write mount point in the restricted zone with the correct label. A few subtle points: 1. Setting the zfs mountpoint property has the side-effect of settting its label if the mountpoint corresponds to a labeled zone. Only the global zone can do this. 2. The dataset will only be accessible while the restricted zone is ready or running. Note that it can be shared (via NFS) even when the zone is in the ready state. 3. Labeled zones which dominate the restricted zone (if any) can gain read-only access via NFS mounts (specifying an non-shared global zone IP address and the full pathname of the mounted dataset as viewed from the global zone. For example: /net/gz-name/zone/restricted/root/zone/data The second zone in the pathname is there because it was specified in the original posting, but you can rework the example without it. --Glenn This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] NFS: Cannot share a zfs dataset added to a labeled zone
Please try the following: Set the mountpoint property of your dataset zone/data to be within the restricted zone's root. For example: # zfs set mountpoint=/zone/needtoknow/root/zone/data zone/data That will cause the dataset to appear automatically as a read-write mount point in the restricted zone with the correct label. You don't need to specify it via zonecfg. Then you should be able to share it via NFS. A few subtle points: 1. Setting the zfs mountpoint property has the side-effect of settting its label if the mountpoint is in a labeled zone. 2. The restricted zone's dataset must exist (but doesn't need to be running) before you can mount the new data set. 3. I think zfs mount code figures out dependencies automatically so if you reboot the restricted zone's dataset will be mounted before mounting the zone/data dataset. --Glenn Danny Hayes wrote: Is it possible to share a zfs dataset that has been added to a labeled zone? We are running Solaris 10 U4 w/ TX on x86. Currently, we have a zfs file system named zone/restricted. We have a labeled zone named “restricted” loaded to this zfs. The global path is /zone/restricted. We have another zfs file system named zone/data that we want to add as a dataset to the “restricted” zone. The original global path of this zfs file system is /zone/data. The zone path for the zfs dataset after it has been added to the “restricted” zone is /zone/restricted/root/zone/data. We would like to share the data in the zone/data zfs with “restricted” labeled zones on other systems in my network. We have successfully shared a directory created in the “restricted” zone using /zone/restricted/etc/dfs/dfstab, but have been unable to share the zfs dataset /zone/data. We chose to use a zfs dataset instead of just creating a directory in the zone, because it is a large amount of data with new versions released regularly. With each release the zfs can be destroyed and restored from a snapshot containing the new data very quickly. There is an error during boot up of the zone stating the dataset is busy and cannot be mounted. This causes several services to fail and prevents opening a terminal or console window. Is it possible to share a dataset that has been added to a labeled zone? This is a major piece of our configuration and any help with this issue would be greatly appreciated. I know this might sound confusing, so I listed some paths and dfstab file below to help clarify. Thanks [u]zpool[/u] zone [u]zfs file systems[/u] zone/restricted zone/data [u]zone path after dataset added to zone[/u] /zone/restricted/root/zone/data [u]contents of /zone/restricted/etc/dfs/dfstab[/u] share -F nfs -o rw /zone/data This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] NFS: Cannot share a zfs dataset added to a labeled zone
Is it possible to share a zfs dataset that has been added to a labeled zone? We are running Solaris 10 U4 w/ TX on x86. Currently, we have a zfs file system named zone/restricted. We have a labeled zone named “restricted” loaded to this zfs. The global path is /zone/restricted. We have another zfs file system named zone/data that we want to add as a dataset to the “restricted” zone. The original global path of this zfs file system is /zone/data. The zone path for the zfs dataset after it has been added to the “restricted” zone is /zone/restricted/root/zone/data. We would like to share the data in the zone/data zfs with “restricted” labeled zones on other systems in my network. We have successfully shared a directory created in the “restricted” zone using /zone/restricted/etc/dfs/dfstab, but have been unable to share the zfs dataset /zone/data. We chose to use a zfs dataset instead of just creating a directory in the zone, because it is a large amount of data with new versions released regularly. With each release the zfs can be destroyed and restored from a snapshot containing the new data very quickly. There is an error during boot up of the zone stating the dataset is busy and cannot be mounted. This causes several services to fail and prevents opening a terminal or console window. Is it possible to share a dataset that has been added to a labeled zone? This is a major piece of our configuration and any help with this issue would be greatly appreciated. I know this might sound confusing, so I listed some paths and dfstab file below to help clarify. Thanks [u]zpool[/u] zone [u]zfs file systems[/u] zone/restricted zone/data [u]zone path after dataset added to zone[/u] /zone/restricted/root/zone/data [u]contents of /zone/restricted/etc/dfs/dfstab[/u] share -F nfs -o rw /zone/data This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
