Re: [zones-discuss] NFS exports from global zone holding local zone mount points open

Steve Lawrence Fri, 19 Jan 2007 12:19:06 -0800

On Thu, Jan 18, 2007 at 04:21:47PM -0500, Tillman, Gregory wrote:
> Thanks, this looks feasible, although awkward.  I also considered simply
> moving the filesystem to the global zone's vfstab, and set it to mount
> under /zones/my_zone/root (ie mount it into the local zone).  This is
> probably a bad idea, but I'm not entirely sure why.


This will cause booting myzone to fail, as there would be an existing
mountpoint in a subdirectory of the zone's root:

# zoneadm -z myzone boot
zoneadm: zone 'myzone': These file-systems are mounted on subdirectories of 
/zones/myzone/root:
zoneadm: zone 'myzone':   /zones/myzone/root/logdir
zoneadm: zone 'myzone': call to zoneadmd failed

I need to dig up the reason for why this restriction exists.  On initial
inspection, it looks like halting a zone unmounts everything under the
zone's root.  If we did not have this restriction, then a non-global zone
root user could cause a umount in the global zone of a filesystem that existed
prior to the zone's existance.

scenerio:
        - mount made under /zones/myzone/root/logdir by global zone root.
        - myzone is attached/booted
        - myzone is halted by non-global zone root, umounting all under
          /zones/myzone/root
                -  This umounts /zones/myzone/root/logdir in the global zone.

This seems like it would be bad.  To lift this restriction, zone halt would
need to be enhanced to know which filesystems under the zone's root should NOT
be umounted on halt.  This could be non-trivial.

You can do the mount AFTER creating myzone.  From global zone:

        zoneadm -z myzone ready
        mount /zones/myzone/root/logdir
        share /zones/myzone/root/logdir
        zoneadm -z myzone boot

But then you have to keep in mind that each time the zone is halted,
/zones/myzone/root/logdir will become unmounted.  If the zone reboots on
its own, then it will unmount /zones/myzone/root/logdir during halt,
boot up again without mounting /zones/myzone/root/logdir, and start loggin
in the wrong place.  Not good.

-Steve

> 
> - greg 
> 
> -----Original Message-----
> From: Steve Lawrence [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, January 18, 2007 4:16 PM
> To: Glenn Faden
> Cc: Tillman, Gregory; zones-discuss@opensolaris.org
> Subject: Re: [zones-discuss] NFS exports from global zone holding local
> zone mount points open
> 
> I'm guessing your zonecfg for myzone looks something like:
> 
> fs:
>         dir: /logdir
>         special: /dev/dsk/c0t1d0s0
>         raw: /dev/rdsk/c0t1d0s0
>         type: ufs
>         options: []
> 
> If you want to share the filesystem from the global zone, mount the
> device in the global zone, and in the non-global zone, just use a lofs
> mount to the global zone:
> 
> In global /etc/vfstab:
> /dev/dsk/c0t1d0s0 /dev/rdsk/c0t1d0s0 /zones/zone_logs/myzone_logdir ufs
> - yes -
> 
> In global /etc/dfs/dfstab
> share -F nfs -o ro=stats.lmig.com /zones/zone_logs/myzone_logdir
> 
> In zonecfg for myzone:
> fs:
>         dir: /logdir
>         special: /zones/zone_logs/myzone_logdir
>         type: lofs
>         options: []
> 
> I tested this using the solaris express developer release, and it works.
> This most likely works on the latest s10 update, but please check.
> 
> -Steve L.
> 
> On Thu, Jan 18, 2007 at 11:07:19AM -0800, Glenn Faden wrote:
> > This feature is not supported with standard Solaris. It is only 
> > supported in Trusted Extensions. There are at least two problems in 
> > standard Solaris. As you pointed out, the NFS sharing should not take 
> > place until the zone is booted, and it should be unshared when the 
> > zone is halted. TX does the share and unshare operations automatically
> 
> > at the right time (within zoneadmd). TX maintains separate dftstab 
> > files for each zone.
> > 
> > Secondly, the pathname, e.g. /zones/myzone, is not searchable  except 
> > by root.. So anything that was exported would not be available anyway.
> 
> > This is also fixed in TX by special casing the zonepath permissions
> for NFS.
> > 
> > --Glenn
> > 
> > Tillman, Gregory wrote:
> > 
> > >I understand that NFS-exports need to be done in the global zone, so 
> > >I dutifully added:
> > >
> > >share -F nfs -o ro=stats.lmig.com /zones/myzone/root/logdir
> > >
> > >to /etc/dfs/dfstab of my global zone.
> > >
> > >But when the master system rebooted, the NFS export happened before 
> > >the local zone could boot.  So the zone could not mount this 
> > >filesystem, because the mount point was busy, and the zone boot 
> > >failed.  The problem may also occur with a simple reboot of the local
> 
> > >zone, I haven't tried that yet.
> > >
> > >This must be a common problem, so I wondered if there is a 
> > >recommended solution.
> > >
> > >Thanks
> > >
> > >- greg
> > >_______________________________________________
> > >zones-discuss mailing list
> > >zones-discuss@opensolaris.org
> > > 
> > >
> > 
> > _______________________________________________
> > zones-discuss mailing list
> > zones-discuss@opensolaris.org
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] NFS exports from global zone holding local zone mount points open

Reply via email to