On Tue, Apr 17, 2007 at 09:31:53PM -0700, Dan Price wrote: > On Tue 17 Apr 2007 at 09:22PM, Mike Gerdts wrote: > > > > Surely I am missing something else. What is it? Any interesting > > complications with patching and/or live upgrade? > > Setting aside patching and live upgrade... > > The key thing here is to try to wrap your head around what I think of as > "NFS identity conflict". > > Because zones look to the outside world like separate hosts, the > solution suggested creates an identity crisis-- is traffic from the > zone's "/" coming from the global zone? Or the non-global zone? NFSv4 > complicates this, as well, because of the way it uses credentials (I > think unlike V3 which just uses UIDs, v4 has the idea of a mapping an > identity into your local UID-space-- hence nfsmapid(1m)) and so when > your zone is in a different name service domain, this won't work at all.
The NFSv4 client is zone-aware (and nfsmapidd is zone-aware too). But as you point out this leads to a chicken-egg problem: you need nfsmapidd running in the zone in order to mount is /. The same chicken-egg problem comes up in diskless booting and it has been solved there (the NFSv4 client just knows some mappings, such as root@<domain> <-> 0). So that that particular problem shouldn't come up as hosting a zone on NFS should be much like diskless booting: diskless zone booting. Most of the chicken-egg problems from diskless booting no doubt arise in diskless zone booting as well. The network has to be setup (think crossbow) and the NFS mount has to be done as in diskless booting. Diskless booting relies on information coming from RARP/bootparams/DHCP, but surely that won't be acceptable for diskless zones booting, where the relevant info should come from the g-z, and that would complicate things too (e.g., can't do DNS lookups from the g-z on behalf of a not-yet-booted zone, so the zone config would have to store resolved server addresses, client IP address, netmask, route to the server...). Sounds like quite a bit of work. That said, I know of one customer that lofi-mounts zone roots from NFS-accessed image files. Zones on NFS, in a roundabout way. Not for the faint of heart, that, but they've offered to contribute the scripts that they use to manage this (there was no interest internally when I mentioned this). Nico -- _______________________________________________ zones-discuss mailing list zones-discuss@opensolaris.org
