On Wed, May 27, 2009 at 02:21:22AM +0200, Joep Vesseur wrote: > Right. To come with a concrete example that would--sort of--work as an > administrator expects: > > 1. The admin creates a snapshot to run from, and boots off it > zfs snapshot rpool/ROOT/snv_115 at read-only > zpool set bootfs=rpool/ROOT/snv_115 at read-only rpool > reboot > > 2. after some time, the admin decides he/she doesn't want, e.g., > apache running anymore. Two options would be: modify the original > filesystem and snapshot again, or clone the snapshot, modify the clone, > and snapshot the clone: > > a. svcadm -R rpool/ROOT/snv_115 disable apache22 > zfs snapshot rpool/ROOT/snv_115 at read-only-no-apache > zpool set bootfs=rpool/ROOT/snv_115 at read-only-no-apache rpool > reboot > b zfs clone rpool/ROOT/snv_115 at read-only rpool/ROOT/no-apache > svcadm -R rpool/ROOT/no-apache disable apache22 > zfs snapshot rpool/ROOT/no-apache at read-only > zpool set bootfs=rpool/ROOT/no-apache at read-only > reboot
Incidentally, the way the 7xxx storage appliance works is that it has a read-only / but it stores the SMF repository on a separate, read-write dataset. That approach too has its appeal: you can make administrative changes without changing any files in /etc, ..., but image updates and pkg installs/updates/removes require a reboot. Given that image updates in OpenSolaris create new BEs that one must reboot into to complete the update, I think it'd be very nice to by default run with read-only / and read-write SMF repository, just like the storage appliance. To then make the SMF repository read-only would be a trivial option. Nico --
