Yes I have seen projects canned due to lack of NFS in a zone. Most recent one was where they wanted to consolidate their dev environments in one server and allow each dev department to have full root access to their container only and no access to any other part of the machine. This could not work without NFS functionality in the container.
It would be really nice if we could go beyond just NFS. Imagine being able to run Oracle RAC across containers. That would give us some real cool things indeed. gz Octave Orgeron wrote: > Hi, > > This has been a major complaint for many sysadmins and beta testers. I > know one of my first bugs filed against the betas of Solaris 10 was the > lack of NFS server functionality within zones. I've even been in the > situation at work where this has been a requirement, only to have to > scrap projects. Probably the most common idea for having a zone NFS > server is for Jumpstart or home directories. As things stand today, > it's not doable. I've even escalated this thru different channels over > the past few years only to see it go no where. I'm sure there is a lot > of demand for this feature for zones. > > I think the key requirements would be: > > 1. Full NFS server functionality within a zone. So things like share, > /etc/dfs/dfstab, sharemgr, ZFS sharing, etc. should work in the same > manner as they do in the global zone. > 2. Security. Separation of NFS namespace to insure proper security > between zones. This may be achieved by making the kernel NFS framework > aware of the zoneid context. > 3. Performance. NFS serving out of a zone should not be slower or less > scalable than NFS serving from the global zone. > > Starting a project would be nice. But I think there should be close > involvement with the NFS engineers at Sun. As for getting their > attention and funding, the best we can do is show enough community > interest for NFS within zones. > > So I'd ask all sysadmins, developers, etc. to respond to this thread to > show support for fixing this. > > --- Tom Haynes <Thomas.Haynes at Sun.COM> wrote: > > >> Before I propose a project for NFS to start getting NFS servers >> working >> in zones, I'd >> like to find out the requirements. I've been going over internal mail >> >> threads in the NFS >> group and the two things that seem to stand in the way to getting NFS >> >> completely in >> zones are: >> >> 1) Staffing - this is not on our roadmaps. >> >> 2) Lack of requirements - we don't know what people want. >> >> I look at the first hurdle and see a golden opportunity for a real >> OpenSolaris project - >> since internal developers aren't scheduled to do this work, we can >> get >> external >> developers involved from the start of the project. >> >> Of course, the second hurdle really stops us from kicking off the >> project. >> >> I'll start the ball rolling by kicking in some thoughts that Spencer >> Shepler >> provided when I asked him about getting this project started: >> >> > One of the things we have been struggling with in deciding if and >> how >> to fund >> > a zonification of the NFS server is understanding exactly what >> people >> need/want. >> > One simple requirement seems to be that of server consolidation. >> That can >> > be handled generally with IP address/interface aliasing. But >> there are >> > obviously other reasons as well that someone may want a >> zoneification >> > of the NFS server. >> > >> > Are people trying to delegation administration? Configure a >> system >> > for testing or software deployment testing or... >> > >> > So my suggestion would be to start a thead of discussion about >> what the >> > requirements are that lead people to thinking of NFS server in a >> zone. >> > The point of this exercise is to understand if that is the only >> > or most appropriate answer? >> > >> > For example, we may be able to combine the admin delegation stuff >> > that has been talked about for ZFS to things like the shareadm >> > command and to the nfsd daemon. Is it more effective, easier, to >> > build a delegation of administration of the NFS services than >> > to require someone to create zones and hand over all of the >> administration >> > for those zones. Maybe it is better to have things in the zone >> since >> > there would be IP-identity confusion for a strict delegation >> method. >> >> We should define the requirements as a community and then get the >> project >> started in that community. >> >> _______________________________________________ >> sysadmin-discuss mailing list >> sysadmin-discuss at opensolaris.org >> http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss >> >> > > > *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* > Octave J. Orgeron > Solaris Systems Engineer > http://www.opensolaris.org/os/community/sysadmin/ > http://unixconsole.blogspot.com > unixconsole at yahoo.com > *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* > > > > ____________________________________________________________________________________ > Never Miss an Email > Stay connected with Yahoo! Mail on your mobile. Get started! > http://mobile.yahoo.com/services?promote=mail > _______________________________________________ > zones-discuss mailing list > zones-discuss at opensolaris.org > -- | George Zisis @ home | Ph: +61 2 9466 9445 | | Senior Systems Engineer | FAX: +61 2 9466 9415 | | Sun Microsystems Australia | email: gz at Sun.COM |
