On 11/ 3/10 11:56 AM, Henrik Johansson wrote:
Why don't you want the zones to be able to manage their own
filesystems? One of the main reasons for "zoned" filesystems is to
allow filesystems to have mount points relative to the zone's root
I would like you take on this for a large zone installation.
I am going to create zones on zpools with a pool for the zoneroot and
another pool for for application data, the second pool can differ in
layout, disk system and properties and can easily be separated from
the zone and moved to another zone, global or local.
Previously we have defined the filesystems for the application data
specifically in the zone config for every filesystem, but to leverage
some of the ZFS power to the users or have simpler zone configuration
I would like to dedicate the pool to the zone.
I would ideally like to do two things:
1. Have all filesystem configuration for the zone in the pool as we
have with the global zone, only specify the pool(s) for the zone and
all filesystems would be mounted inside the zone, this without giving
away all control to the local zone.
2. Delegate ZFS operations to the zone so that privileged users only
can perform a subset of ZFS operations from inside the zone (or
deligate to local users), something like:
(zfs allow -z zone01snapshot,mount,rollback zone01_pool01).
3. Be able to do all administration of the pool from inside the global
zone even if a dataset is exported to a pool. Today I am for example
unable to create a dataset to a pool owned by a zone and set the
mountpoint (which should be relative to the zone):
See my comment on mount points.
Today I can give away a pool to a zone but it will have control over
without the ability to restrict it and I would the not be able to
create new datasets for the pool with alternate mountpoints without
going through zlogin. As an RFE I would also like to see an option to
boot zones into single-user mode even if filesystems for pools besides
zoneroot are unavalable.
I tend to create all zones with a dedicated ZFS dataset, which is often
on a different pool from the zone root. This works well when there are
different snapshot/replication cycles for user and system data.
Does anyone have similar setup? How do you handle datasets for local
All input is appreciated.
zones-discuss mailing list