----- Original Message -----
From: Lori Alt <[EMAIL PROTECTED]>
Date: Tuesday, December 2, 2008 11:19 am
Subject: Re: [zfs-discuss] Separate /var
To: Gary Mills <[EMAIL PROTECTED]>
Cc: zfs-discuss@opensolaris.org
> On 12/02/08 09:00, Gary Mills wrote:
> > On Mon, Dec 01, 2008 at 04:45:16PM -0700, Lori Alt wrote:
> >
> >> On 11/27/08 17:18, Gary Mills wrote:
> >> On Fri, Nov 28, 2008 at 11:19:14AM +1300, Ian Collins wrote:
> >> On Fri 28/11/08 10:53 , Gary Mills [EMAIL PROTECTED] sent:
> >> On Fri, Nov 28, 2008 at 07:39:43AM +1100, Edward Irvine wrote:
> >>
> >> I'm currently working with an organisation who
> >> want use ZFS for their > full zones. Storage is SAN attached, and
> they
> >> also want to create a > separate /var for each zone, which causes
> issues
> >> when the zone is > installed. They believe that a separate /var is
> >> still good practice.
> >> If your mount options are different for /var and /, you will need
> >> a separate filesystem. In our case, we use `setuid=off' and
> >> `devices=off' on /var for security reasons. We do the same thing
> >> for home directories and /tmp .
> >>
> >> For zones?
> >>
> >> Sure, if you require different mount options in the zones.
> >>
> >> I looked into this and found that, using ufs, you can indeed
> set up
> >> the zone's /var directory as a separate file system. I don't know
> >> about
> >> how LiveUpgrade works with that configuration (I didn't try it).
> >> But I was at least able to get the zone to install and boot.
> >> But with zfs, I couldn't even get a zone with a separate /var
> >> dataset to install, let alone be manageable with LiveUpgrade.
> >> I configured the zone like so:
> >> # zonecfg -z z4
> >> z4: No such zone configured
> >> Use 'create' to begin configuring a new zone.
> >> zonecfg:z4> create
> >> zonecfg:z4> set zonepath=/zfszones/z4
> >> zonecfg:z4> add fs
> >> zonecfg:z4:fs> set dir=/var
> >> zonecfg:z4:fs> set special=rpool/ROOT/s10x_u6wos_07b/zfszones/z4/var
> >> zonecfg:z4:fs> set type=zfs
> >> zonecfg:z4:fs> end
> >> zonecfg:z4> exit
> >> I then get this result from trying to install the zone:
> >> prancer# zoneadm -z z4 install
> >> Preparing to install zone <z4>.
> >> ERROR: No such file or directory: cannot mount </zfszones/z4/root/var>
I think you're running into the problem of defining the var as the filesystem
that already exists under the zone root. We had issues with that, so any time
I've been doing filesystems, I don't push in zfs datasets, I create a zfs
filesystem in the global zone and mount that directory into the zone with lofs.
For example, I've got a pool zdisk with a filesystem down the path -
zdisk/zones/zvars/(zonename)
which mounts itself to -
/zdisk/zones/zvars/(zonename)
It's a ZFS filesystem with quota and reservation setup, and I just do an lofs
to it via these lines in the /etc/zones/(zonename).xml file -
<filesystem special="/zdisk/zones/zvars/(zonename)" directory="/var"
type="lofs">
<fsoption name="nodevices"/>
</filesystem>
I think that's the equivalent of the following zonecfg lines -
zonecfg:z4> add fs
zonecfg:z4:fs> set dir=/var
zonecfg:z4:fs> set special=/zdisk/zones/zvars/z4/var
zonecfg:z4:fs> set type=lofs
zonecfg:z4:fs> end
I think to put the zfs into the zone, you need to do an add dataset, instead of
an add fs. I tried that once and didn't like the results though completely.
The dataset was controllable inside the zone (which is what I wanted at the
time), but it wasn't controllably from the global zone anymore. And I couldn't
access it from the global zone easily to get the backup software to pick it up.
Doing it this way means you have to manage the zfs datasets from the global
zone, but that's not really an issue here.
So, create the separate filesystems you want in the global zone (without
stacking them under the zoneroot - separate directory somewhere), setup the zfs
stuff you want, then lofs it into the local zone. I've had that install
successfully before.
Hope that's helpful in some way!
> >>
> >
> > You might have to pre-create this filesystem. `special' may not be
> > needed at all.
> >
> I did pre-create the file system. Also, I tried omitting "special" and
> zonecfg complains.
>
> I think that there might need to be some changes
> to zonecfg and the zone installation code to get separate
> /var datasets in non-global zones to work.
>
> Lori
> >
> >> in non-global zone to install: the source block device or directory
> >> <rpool/ROOT/s10x_u6wos_07b/zfszones/z1/var> cannot be accessed
> >> ERROR: cannot setup zone <z4> inherited and configured file systems
> >> ERROR: cannot setup zone <z4> file systems inherited and configured
> >> from the global zone
> >> ERROR: cannot create zone boot environment <z4>
> >> I don't fully understand the failures here. I suspect that
> there are
> >> problems both in the zfs code and zones code. It SHOULD work though.
> >> The fact that it doesn't seems like a bug.
> >> In the meantime, I guess we have to conclude that a separate /var
> >> in a non-global zone is not supported on zfs. A separate /var in
> >> the global zone is supported however, even when the root is zfs.
> >>
> >
> > I haven't tried ZFS zone roots myself, but I do have a few comments.
> > ZFS filesystems are cheap because they don't require separate disk
> > slices. As well, they are attribute boundaries. Those are necessary
> > or convenient in some case.
> >
> >
>
> _______________________________________________
> zfs-discuss mailing list
> zfs-discuss@opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
