This has been a major complaint for many sysadmins and beta testers. I
know one of my first bugs filed against the betas of Solaris 10 was the
lack of NFS server functionality within zones. I've even been in the
situation at work where this has been a requirement, only to have to
scrap projects. Probably the most common idea for having a zone NFS
server is for Jumpstart or home directories. As things stand today,
it's not doable. I've even escalated this thru different channels over
the past few years only to see it go no where. I'm sure there is a lot
of demand for this feature for zones.

I think the key requirements would be:

1. Full NFS server functionality within a zone. So things like share,
/etc/dfs/dfstab, sharemgr, ZFS sharing, etc. should work in the same
manner as they do in the global zone.
2. Security. Separation of NFS namespace to insure proper security
between zones. This may be achieved by making the kernel NFS framework
aware of the zoneid context.
3. Performance. NFS serving out of a zone should not be slower or less
scalable than NFS serving from the global zone.

Starting a project would be nice. But I think there should be close
involvement with the NFS engineers at Sun. As for getting their
attention and funding, the best we can do is show enough community
interest for NFS within zones.

So I'd ask all sysadmins, developers, etc. to respond to this thread to
show support for fixing this.

--- Tom Haynes <[EMAIL PROTECTED]> wrote:

> Before I propose a project for NFS to start getting NFS servers
> working 
> in zones, I'd
> like to find out the requirements. I've been going over internal mail
> threads in the NFS
> group and the two things that seem to stand in the way to getting NFS
> completely in
> zones are:
> 1) Staffing - this is not on our roadmaps.
> 2) Lack of requirements - we don't know what people want.
> I look at the first hurdle and see a golden opportunity for a real 
> OpenSolaris project -
> since internal developers aren't scheduled to do this work, we can
> get 
> external
> developers involved from the start of the project.
> Of course, the second hurdle really stops us from kicking off the
> project.
> I'll start the ball rolling by kicking in some thoughts that Spencer
> Shepler
> provided when I asked him about getting this project started:
>  > One of the things we have been struggling with in deciding if and
> how 
> to fund
>  > a zonification of the NFS server is understanding exactly what
> people 
> need/want.
>  > One simple requirement seems to be that of server consolidation.  
> That can
>  > be handled generally with IP address/interface aliasing.  But
> there are
>  > obviously other reasons as well that someone may want a
> zoneification
>  > of the NFS server.
>  >
>  > Are people trying to delegation administration?  Configure a
> system
>  > for testing or software deployment testing or...
>  >
>  > So my suggestion would be to start a thead of discussion about
> what the
>  > requirements are that lead people to thinking of NFS server in a
> zone.
>  > The point of this exercise is to understand if that is the only
>  > or most appropriate answer?
>  >
>  > For example, we may be able to combine the admin delegation stuff
>  > that has been talked about for ZFS to things like the shareadm
>  > command and to the nfsd daemon.  Is it more effective, easier, to
>  > build a delegation of administration of the NFS services than
>  > to require someone to create zones and hand over all of the 
> administration
>  > for those zones.  Maybe it is better to have things in the zone
> since
>  > there would be IP-identity confusion for a strict delegation
> method.
> We should define the requirements as a community and then get the
> project
> started in that community.
> _______________________________________________
> sysadmin-discuss mailing list
> http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss

Octave J. Orgeron
Solaris Systems Engineer

Never Miss an Email
Stay connected with Yahoo! Mail on your mobile.  Get started!
zones-discuss mailing list

Reply via email to