Hi Simon,

Simon Redmill wrote:
Hi David :


i) Can an NFS share be either mounted directly into a zone relative to the global root or lofs mounted relative to the global root?

I'm not sure on what you're asking specifically.

The global zone can export its own file systems to a non-global zone
via lofs(7FS) (including those it exports to other systems via NFS).

The non-global zone cannot export its own file systems via NFS to its
own non-global zones (due to a deadlock between the VM system and

Here I'm talking about NAS device on the network, separate from the global zone. Basically what I'm trying to achieve is a mechanism whereby I can administer all NFS mounted filesystems into zones from the global zone.

Here are some specific examples of methods that will (or won't) work:

1) A global zone cannot do the following while a zone is running, where 'nfs-server' is another computer, and a zone has a zonepath of /zones/twilight:
   global# mount -F nfs  nfs-server:/remotefs /zones/twilight/root/mnt

2) A global zone *can* create an NFS-mount from another computer onto a directory that is in a non-running zone, but the zone cannot boot until the NFS share is unmounted. (The only point in mentioning that is that you might think that this would be a work-around for the limitation above, but I thought I would save you the trouble...)

3) A global zone root user can use the 'zlogin' command to run any command in any of its zones. This means you can do this while the zone is running:

  global# zlogin twilight mount -F nfs  nfs-server:/remotefs /mnt

4) It also means that the global zone *can* edit a zone's /etc/vfstab (e.g. /zones/twilight/root/etc/vfstab) and add an NFS-mount to that file. When the zone boots, the NFS mount will occur. This could also be used to cause the NFS mount to happen in a zone while the zone is running:

  global# vi /etc/vfstab   (add the mount entry)
  global# zlogin twilight mount /mnt

  Unmounting can be accomplished similarly.

Note: Although (3) and (4) work, they should be used very carefully.

ii) Can an NFS share be lofs mounted via 'zoneadm add fs' into a zone?

If you mean a global zone's own file system, then yes, a "fs" resource
specifying a loopback mount works fine.

However, if you're asking if the global zone can export via lofs
something it's has already mounted from some *other* system, then the
answer is no - the zone itself must do the NFS mount itself.

Yep, this is what I was asking.. So, conversely, would the global zone be able to see NFS filesystems that are mounted from within zones?

If you mean "look at files in an NFS filesystem that a zone has mounted by itself" the answer is "No."

iii) If both are possible, what are the merits of each?

Can you explain what you're trying to do and what the particulars are
of the file systems.  That might make it clearer who is trying to
mount/import/export whose file systems. ;)

As above, a method whereby I can centrally admin all filesystems from the global zone.

The reason for the question is that I cannot administer NFS filesystems from the global zone that have been mounted from within a zone using either /etc/vfstab or mount (although the new zone admin guide on docs.sun.com suggests that no other administration should take place from the global zone apart from zone backups)....

Could you point out which section suggests that?  We can improve the
wording to make it clear that NFS (and other) administration in the
global zone is a perfectly good thing to do.

Sure - PDF on docs.sun.com System Administration Guide : Solaris Containers - Resource Management and Solaris Zones - June 2006 (Beta) P.314, 1st sentence of 1st paragraph under 'Restriction on Accessing A Non-Global Zone From the Global Zone' states 'After a non-global zone is installed, the zone must never be accessed directly from the global zone by any commands other than system backup utilities'

By being unable to administer NFS file systems from the global zone,
can you provide some details?

In my example, I've mounted various filesystems from a NAS fileserver from within a non-global zone. If I then try to access the files on that mount from the global zone, I cannot see any of the files. 'mount' from the global zone confirms the filesystems are mounted into the non-global zones... Is this an affect of NFS? I guess this could be a moot point given that I could mount the filesystems into the global zone and administer from there....

Yes, all of the limitations discussed are due to the implementation of NFS within the Solaris kernel, as David mentioned. And, yes, it is mostly moot for the reason you mention.

Jeff VICTOR              Sun Microsystems            jeff.victor @ sun.com
OS Ambassador            Sr. Technical Specialist
Solaris 10 Zones FAQ:    http://www.opensolaris.org/os/community/zones/faq
zones-discuss mailing list

Reply via email to