zfs discuss - Oct 2007 - NFS: Cannot share a zfs dataset added to a labeled zone

Is it possible to share a zfs dataset that has been added to a labeled zone?  We
are running Solaris 10 U4 w/ TX on x86. Currently, we have a zfs file system
named zone/restricted. We have a labeled zone named ?restricted? loaded to this
zfs.  The global path is /zone/restricted. We have another zfs file system named
zone/data that we want to add as a dataset to the ?restricted? zone. The
original global path of this zfs file system is /zone/data. The zone path for
the zfs dataset after it has been added to the ?restricted? zone is
/zone/restricted/root/zone/data. We would like to share the data in the
zone/data zfs with ?restricted? labeled zones on other systems in my network. We
have successfully shared a directory created in the ?restricted? zone using
/zone/restricted/etc/dfs/dfstab, but have been unable to share the zfs dataset
/zone/data. We chose to use a zfs dataset instead of just creating a directory
in the zone, because it is a large amount of data with new versions released
regularly. With each release the zfs can be destroyed and restored from a
snapshot containing the new data very quickly. There is an error during boot up
of the zone stating the dataset is busy and cannot be mounted. This causes
several services to fail and prevents opening a terminal or console window. Is
it possible to share a dataset that has been added to a labeled zone? This is a
major piece of our configuration and any help with this issue would be greatly
appreciated. I know this might sound confusing, so I listed some paths and
dfstab file below to help clarify. Thanks

[u]zpool[/u]
zone

[u]zfs file systems[/u]
zone/restricted
zone/data

[u]zone path after dataset added to zone[/u]
/zone/restricted/root/zone/data

[u]contents of /zone/restricted/etc/dfs/dfstab[/u]
share -F nfs -o rw /zone/data
 
 
This message posted from opensolaris.org

I posted an earlier reply to zones-discuss, but I didn''t copy all of
the forums in the original posting. I''m doing so now. I am also
correcting some errors in my earlier reply:

Yes, it is possible to share a zfs dataset that has been added to a labeled
zone.

Set the mountpoint property of your dataset zone/data to be within the 
restricted zone''s root. For example:

   # zfs set mountpoint=/zone/needtoknow/root/zone/data zone/data

Then you should specify, using zonecfg, that the dataset is associated with the
zone.

   zonecfg:zone-name> add dataset
   zonecfg:zone-name:dataset> set name=zone/data
   zonecfg:zone-name:dataset> end

I previously stated that you didn''t need to specify the dataset via
zonecfg, if the zone is already running. However, in the general case, you
should do so. If the dataset is mounted before the zone has been booted, zoneadm
will fail to boot the zone because its file namespace it not empty.

 Then you should be able to share it via NFS, by editing the approriate dfstab
file in the global zone. In this case, the dfstab file would be:

  /zone/restricted/etc/dfs/dfstab

When the zone is booted,  the dataset will be mounted automatically as a
read-write
mount point in the restricted zone with the correct label.

A few subtle points:

1. Setting the zfs mountpoint property has the side-effect of settting 
its label if the mountpoint corresponds to a labeled zone. Only the global zone
can do this.

2. The dataset will only be accessible while the restricted zone is ready or
running. Note that it can be shared (via NFS) even when the zone is in the ready
state.

3. Labeled zones which dominate the restricted zone (if any) can gain read-only
access via NFS mounts (specifying an non-shared global zone IP address and the
full pathname of the mounted dataset as viewed from the global zone. For
example:

    /net/gz-name/zone/restricted/root/zone/data

The second "zone" in the pathname is there because it was specified in
the original posting, but you can rework the example without it.

--Glenn
 
 
This message posted from opensolaris.org

- I set the mount point as follows.

zfs set mountpoint=/zone/restricted/root/data zone/data

- I then added the dataset to the restricted zone using zonecfg. The full path
to the dataset is now /zone/restricted/root/zone/restricted/root/data. I am not
sure if that is what you intended, but it is a result of adding it as a dataset
to the zone after setting the mountpoint.

- I updated the /zone/restricted/etc/dfs/dfstab with the following line.

/usr/bin/share -F nfs -o rw /zone/restricted/root/zone/data

- During reboot I receive the following error.

cannot mount ''zone/data'': mountpoint or dataset is busy
svc:/system/filesystem/local:default: WARNING: /usr/sbin/zfs mount -a failed:
exit status 1
Oct 31 14:43:08 svc.startd[19960]: svc:/system/filesystem/local:default: Method
"/lib/svc/method/fs-local" failed with exit status 95.
Oct 31 14:43:08 svc.startd[19960]: system/filesystem/local:default failed
fatally: transitioned to maintenance (see ''svcs -xv'' for
details)

- This is exactly the same problem that prompted the original message. Service
fail during boot which prevent opening a console. This only occurs when you try
to share the dataset. If you remove the line from
/zone/restricted/etc/dfs/dfstab and reboot the zone everything works fine. Any
ideas what I am doing wrong?
 
 
This message posted from opensolaris.org