I would like you take on this for a large zone installation.
I am going to create zones on zpools with a pool for the zoneroot and another
pool for for application data, the second pool can differ in layout, disk
system and properties and can easily be separated from the zone and moved to
another zone, global or local.
Previously we have defined the filesystems for the application data
specifically in the zone config for every filesystem, but to leverage some of
the ZFS power to the users or have simpler zone configuration I would like to
dedicate the pool to the zone.
I would ideally like to do two things:
1. Have all filesystem configuration for the zone in the pool as we have with
the global zone, only specify the pool(s) for the zone and all filesystems
would be mounted inside the zone, this without giving away all control to the
2. Delegate ZFS operations to the zone so that privileged users only can
perform a subset of ZFS operations from inside the zone (or deligate to local
users), something like:
(zfs allow -z zone01snapshot,mount,rollback zone01_pool01).
3. Be able to do all administration of the pool from inside the global zone
even if a dataset is exported to a pool. Today I am for example unable to
create a dataset to a pool owned by a zone and set the mountpoint (which should
be relative to the zone):
Today I can give away a pool to a zone but it will have control over without
the ability to restrict it and I would the not be able to create new datasets
for the pool with alternate mountpoints without going through zlogin. As an RFE
I would also like to see an option to boot zones into single-user mode even if
filesystems for pools besides zoneroot are unavalable.
Does anyone have similar setup? How do you handle datasets for local zones?
All input is appreciated.
zones-discuss mailing list