Re: [zones-discuss] Re: zonepath
F.V.(Phil)Porcella wrote: Hi Folks, to recap I asked about NFS mounting /export/home from GZ to NGZ on the same box, using: 1 add inherit-pkg-dir 2 add fs (lofs) OR 3 nfs mount /export/home from the global zone, to the NGS (CIS2) later on. (Christine said) No. 3 is definitely out. You can't have an NGZ nfs-mount something from the GZ on the same box. Bug. No. 1 is out if you want users in your NGZ to be able to write into those home dirs. inherit-pkg-dir is read-only. ***I'm suprised about that bug, I thought nfs-mounted user directories ***were at least not uncommon. It looks like an lofs file system ***may be about the best I can do from within zonecfg. (Jeff said) Why do you want to do that? Each zone has its own namespace. Unless you are using a network-based directory service, this means that each zone has separate user accounts. If the zones are sharing one /export/home, you must ensure that the user names and userID's are unique among the zones. ***OK, we are going to migrate our main academic (student) server (acad) from an old Ultra Enterprise 3000 to a newer SunFire V245. We also have an Ultra 10 box (cis) used for networking class and would like to 'zone' that up in the new V245 (acad). People in the networking class have root access on cis (that stand-alone box) and we feel having that in a 'zone' is a better idea. Since most users login using ldap, I was thinking 'why not just use the same home dir?' thus my question about nfs mounting (which we already do on a few stand alone boxes). The mountpoint we nfs-mount presently comes from acad (old Enterprise 3000). If you continue to use LDAP, and don't give zone-root passwords to students, and use LOFS mounts, you should be OK. The LOFS mounts can be specified in zonecfg, or they can be scripted to happen after the zone boots. Perhaps it would be easier just to create the home directories for those students in the zone as required. ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Re: zonepath
Hi Folks, to recap I asked about NFS mounting /export/home from GZ to NGZ on the same box, using: > 1 add inherit-pkg-dir > 2 add fs (lofs) > OR > 3 nfs mount /export/home from the global zone, to the NGS (CIS2) later on. (Christine said) No. 3 is definitely out. You can't have an NGZ nfs-mount something from the GZ on the same box. Bug. No. 1 is out if you want users in your NGZ to be able to write into those home dirs. inherit-pkg-dir is read-only. ***I'm suprised about that bug, I thought nfs-mounted user directories ***were at least not uncommon. It looks like an lofs file system ***may be about the best I can do from within zonecfg. (Jeff said) Why do you want to do that? Each zone has its own namespace. Unless you are using a network-based directory service, this means that each zone has separate user accounts. If the zones are sharing one /export/home, you must ensure that the user names and userID's are unique among the zones. ***OK, we are going to migrate our main academic (student) server (acad) from an old Ultra Enterprise 3000 to a newer SunFire V245. We also have an Ultra 10 box (cis) used for networking class and would like to 'zone' that up in the new V245 (acad). People in the networking class have root access on cis (that stand-alone box) and we feel having that in a 'zone' is a better idea. Since most users login using ldap, I was thinking 'why not just use the same home dir?' thus my question about nfs mounting (which we already do on a few stand alone boxes). The mountpoint we nfs-mount presently comes from acad (old Enterprise 3000). Perhaps it would be easier just to create the home directories for those students in the zone as required. Thank you all for the help, warnings and ideas, Phil This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: zonepath
I agree with Jerry. To expand on that further: 1) The default directory for ZFS pools is /pool. /zones is somewhat analogous to that default. Consistency is good. 2) I use /zones for simplicity and clarity. On demo systems /zones is usually a directory in the / file system because I/O bandwidth doesn't matter and everything is in the root file system, so why complicate things? On production systems it is usually a separate file system unless the goal of a zone isn't consolidation. Also, I use /zones/roots to store the zones (e.g. zonepath=/zones/roots/myzone) and /zones/cfgs to store files that contain the zonecfg information when the zone is first created. Those are not Sun's Best Practice, but they are Jeff's. :-) Jerry Jelinek wrote: F.V.(Phil)Porcella wrote: Hi Edna, OK so having the zoneroot be under / is NOT required, (thank you), and from what you said, having it on its own mount point is NOT a problem. If fact, you indicate that having the zones under /export may be the best practice. I think having zones on a separate filesystem from / is a best practice. Putting them in /export does not seem like a best practice since there is no reason to export zones. Because of the permissions on the zonepath you can't access them unless you are root on the local host. Also, there is no way to simply look at a zonepath string and guess if it is in the root filesystem or not. From your example, /zones might be its own filesystem that is mounted on /zones. -- -- Jeff VICTOR Sun Microsystemsjeff.victor @ sun.com OS AmbassadorSr. Technical Specialist Solaris 10 Zones FAQ:http://www.opensolaris.org/os/community/zones/faq -- ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: zonepath
F.V.(Phil)Porcella wrote: Hi Edna, OK so having the zoneroot be under / is NOT required, (thank you), and from what you said, having it on its own mount point is NOT a problem. If fact, you indicate that having the zones under /export may be the best practice. I think having zones on a separate filesystem from / is a best practice. Putting them in /export does not seem like a best practice since there is no reason to export zones. Because of the permissions on the zonepath you can't access them unless you are root on the local host. Also, there is no way to simply look at a zonepath string and guess if it is in the root filesystem or not. From your example, /zones might be its own filesystem that is mounted on /zones. Jerry ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Re: zonepath
F.V.(Phil)Porcella wrote: Hi Edna, OK so having the zoneroot be under / is NOT required, (thank you), and from what you said, having it on its own mount point is NOT a problem. If fact, you indicate that having the zones under /export may be the best practice. thank you. This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org Hi Phil Indeed it's own mount is probably preferrable, as long as you ensure it's mounted when say patching in Single User Mode, all is good. Enda ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] Re: zonepath
Hi Edna, OK so having the zoneroot be under / is NOT required, (thank you), and from what you said, having it on its own mount point is NOT a problem. If fact, you indicate that having the zones under /export may be the best practice. thank you. This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org