Yes I have seen projects canned due to lack of NFS in a zone. Most recent one was where they wanted to consolidate their dev environments in one server and allow each dev department to have full root access to their container only and no access to any other part of the machine. This could not work without NFS functionality
in the container.

It would be really nice if we could go beyond just NFS. Imagine being able to run Oracle RAC across containers. That would give us some real cool things indeed.
gz

Octave Orgeron wrote:
Hi,

This has been a major complaint for many sysadmins and beta testers. I
know one of my first bugs filed against the betas of Solaris 10 was the
lack of NFS server functionality within zones. I've even been in the
situation at work where this has been a requirement, only to have to
scrap projects. Probably the most common idea for having a zone NFS
server is for Jumpstart or home directories. As things stand today,
it's not doable. I've even escalated this thru different channels over
the past few years only to see it go no where. I'm sure there is a lot
of demand for this feature for zones.

I think the key requirements would be:

1. Full NFS server functionality within a zone. So things like share,
/etc/dfs/dfstab, sharemgr, ZFS sharing, etc. should work in the same
manner as they do in the global zone.
2. Security. Separation of NFS namespace to insure proper security
between zones. This may be achieved by making the kernel NFS framework
aware of the zoneid context.
3. Performance. NFS serving out of a zone should not be slower or less
scalable than NFS serving from the global zone.

Starting a project would be nice. But I think there should be close
involvement with the NFS engineers at Sun. As for getting their
attention and funding, the best we can do is show enough community
interest for NFS within zones.

So I'd ask all sysadmins, developers, etc. to respond to this thread to
show support for fixing this.

--- Tom Haynes <[EMAIL PROTECTED]> wrote:

Before I propose a project for NFS to start getting NFS servers
working in zones, I'd
like to find out the requirements. I've been going over internal mail

threads in the NFS
group and the two things that seem to stand in the way to getting NFS

completely in
zones are:

1) Staffing - this is not on our roadmaps.

2) Lack of requirements - we don't know what people want.

I look at the first hurdle and see a golden opportunity for a real OpenSolaris project -
since internal developers aren't scheduled to do this work, we can
get external
developers involved from the start of the project.

Of course, the second hurdle really stops us from kicking off the
project.

I'll start the ball rolling by kicking in some thoughts that Spencer
Shepler
provided when I asked him about getting this project started:

 > One of the things we have been struggling with in deciding if and
how to fund
 > a zonification of the NFS server is understanding exactly what
people need/want. > One simple requirement seems to be that of server consolidation. That can
 > be handled generally with IP address/interface aliasing.  But
there are
 > obviously other reasons as well that someone may want a
zoneification
 > of the NFS server.
 >
 > Are people trying to delegation administration?  Configure a
system
 > for testing or software deployment testing or...
 >
 > So my suggestion would be to start a thead of discussion about
what the
 > requirements are that lead people to thinking of NFS server in a
zone.
 > The point of this exercise is to understand if that is the only
 > or most appropriate answer?
 >
 > For example, we may be able to combine the admin delegation stuff
 > that has been talked about for ZFS to things like the shareadm
 > command and to the nfsd daemon.  Is it more effective, easier, to
 > build a delegation of administration of the NFS services than
> to require someone to create zones and hand over all of the administration
 > for those zones.  Maybe it is better to have things in the zone
since
 > there would be IP-identity confusion for a strict delegation
method.

We should define the requirements as a community and then get the
project
started in that community.

_______________________________________________
sysadmin-discuss mailing list
[EMAIL PROTECTED]
http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss



*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Octave J. Orgeron
Solaris Systems Engineer
http://www.opensolaris.org/os/community/sysadmin/
http://unixconsole.blogspot.com
[EMAIL PROTECTED]
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


____________________________________________________________________________________
Never Miss an Email
Stay connected with Yahoo! Mail on your mobile.  Get started!
http://mobile.yahoo.com/services?promote=mail
_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org


--
| George Zisis @ home                  | Ph:     +61 2 9466 9445     |
| Senior Systems Engineer              | FAX:    +61 2 9466 9415     |
| Sun Microsystems Australia           | email:   [EMAIL PROTECTED]         |

_______________________________________________
zones-discuss mailing list
zones-discuss@opensolaris.org

Reply via email to