Hi all,

I would like you take on this for a large zone installation.

I am going to create zones on zpools with a pool for the zoneroot and another 
pool for for application data, the second pool can differ in layout, disk 
system and properties and can easily be separated from the zone and moved to 
another zone, global or local.

Previously we have defined the filesystems for the application data 
specifically in the zone config for every filesystem, but to leverage some of 
the ZFS power to the users or have simpler zone configuration I would like to 
dedicate the pool to the zone.

I would ideally like to do two things:

1. Have all filesystem configuration for the zone in the pool as we have with 
the global zone, only specify the pool(s) for the zone and all filesystems 
would be mounted inside the zone, this without giving away all control to the 
local zone.

2. Delegate ZFS operations to the zone so that privileged users only can 
perform a subset of ZFS operations from inside the zone (or deligate to local 
users), something like:
(zfs allow -z zone01snapshot,mount,rollback zone01_pool01).

3. Be able to do all administration of the pool from inside the global zone 
even if a dataset is exported to a pool. Today I am for example unable to 
create a dataset to a pool owned by a zone and set the mountpoint (which should 
be relative to the zone):

Today I can give away a pool to a zone but it will have control over without 
the ability to restrict it and I would the not be able to create new datasets 
for the pool with alternate mountpoints without going through zlogin. As an RFE 
I would also like to see an option to boot zones into single-user mode even if 
filesystems for pools besides zoneroot are unavalable.

Does anyone have similar setup?  How do you handle datasets for local zones?  
All input is appreciated.



zones-discuss mailing list

Reply via email to