Simon Redmill wrote:
Hi David :
[EMAIL PROTECTED] wrote:
i) Can an NFS share be either mounted directly into a zone relative
to the global root or lofs mounted relative to the global root?
I'm not sure on what you're asking specifically.
The global zone can export its own file systems to a non-global zone
via lofs(7FS) (including those it exports to other systems via NFS).
The non-global zone cannot export its own file systems via NFS to its
own non-global zones (due to a deadlock between the VM system and
Here I'm talking about NAS device on the network, separate from the
global zone. Basically what I'm trying to achieve is a mechanism whereby
I can administer all NFS mounted filesystems into zones from the global
Here are some specific examples of methods that will (or won't) work:
1) A global zone cannot do the following while a zone is running, where
'nfs-server' is another computer, and a zone has a zonepath of /zones/twilight:
global# mount -F nfs nfs-server:/remotefs /zones/twilight/root/mnt
2) A global zone *can* create an NFS-mount from another computer onto a directory
that is in a non-running zone, but the zone cannot boot until the NFS share is
unmounted. (The only point in mentioning that is that you might think that this
would be a work-around for the limitation above, but I thought I would save you
3) A global zone root user can use the 'zlogin' command to run any command in any
of its zones. This means you can do this while the zone is running:
global# zlogin twilight mount -F nfs nfs-server:/remotefs /mnt
4) It also means that the global zone *can* edit a zone's /etc/vfstab (e.g.
/zones/twilight/root/etc/vfstab) and add an NFS-mount to that file. When the zone
boots, the NFS mount will occur. This could also be used to cause the NFS mount to
happen in a zone while the zone is running:
global# vi /etc/vfstab (add the mount entry)
global# zlogin twilight mount /mnt
Unmounting can be accomplished similarly.
Note: Although (3) and (4) work, they should be used very carefully.
ii) Can an NFS share be lofs mounted via 'zoneadm add fs' into a zone?
If you mean a global zone's own file system, then yes, a "fs" resource
specifying a loopback mount works fine.
However, if you're asking if the global zone can export via lofs
something it's has already mounted from some *other* system, then the
answer is no - the zone itself must do the NFS mount itself.
Yep, this is what I was asking.. So, conversely, would the global zone
be able to see NFS filesystems that are mounted from within zones?
If you mean "look at files in an NFS filesystem that a zone has mounted by itself"
the answer is "No."
iii) If both are possible, what are the merits of each?
Can you explain what you're trying to do and what the particulars are
of the file systems. That might make it clearer who is trying to
mount/import/export whose file systems. ;)
As above, a method whereby I can centrally admin all filesystems from
the global zone.
The reason for the question is that I cannot administer NFS
filesystems from the global zone that have been mounted from within a
zone using either /etc/vfstab or mount (although the new zone admin
guide on docs.sun.com suggests that no other administration should
take place from the global zone apart from zone backups)....
Could you point out which section suggests that? We can improve the
wording to make it clear that NFS (and other) administration in the
global zone is a perfectly good thing to do.
Sure - PDF on docs.sun.com System Administration Guide : Solaris
Containers - Resource Management and Solaris Zones - June 2006 (Beta)
P.314, 1st sentence of 1st paragraph under 'Restriction on Accessing A
Non-Global Zone From the Global Zone' states 'After a non-global zone is
installed, the zone must never be accessed directly from the global zone
by any commands other than system backup utilities'
In my example, I've mounted various filesystems from a NAS fileserver
from within a non-global zone. If I then try to access the files on that
mount from the global zone, I cannot see any of the files. 'mount' from
the global zone confirms the filesystems are mounted into the non-global
zones... Is this an affect of NFS? I guess this could be a moot point
given that I could mount the filesystems into the global zone and
administer from there....
By being unable to administer NFS file systems from the global zone,
can you provide some details?
Yes, all of the limitations discussed are due to the implementation of NFS within
the Solaris kernel, as David mentioned. And, yes, it is mostly moot for the
reason you mention.
Jeff VICTOR Sun Microsystems jeff.victor @ sun.com
OS Ambassador Sr. Technical Specialist
Solaris 10 Zones FAQ: http://www.opensolaris.org/os/community/zones/faq
zones-discuss mailing list