Hi, --- Robert.Thurlow at Sun.COM wrote:
> 1) I think there are a variety of use cases that may have disjoint > requirements from consolidation, and I want to hear about them, too. > One example we had awhile back - SAS shares some of its data via NFS, > and loses this ability in a zone. Do they need anything different? > > 2) Since NFS is mostly an in-kernel service, unlike something like > Apache, if you have some kind of issue with NFS stability, you lose > the whole box, not just the zone. This lack of fault isolation isn't > always something that people are aware of. Does this change anything > for your use case? > This is a great point and shows that there has to be some reorg of the NFS framework. I don't know if that means we need a pseudo instance of the kernel modules for each zone. Or if we have to break it up into components that should be unique to each zone and ones that should be common. > 2) Due to the above, it seems like the global zone admin should have > a knob to turn to enable or disable the ability of a zone to share > out files via NFS. Do people agree? > I agree there is should be knob. Perhaps something in zonecfg like: add service set type=nfs end That would enable the zone to be an nfs server. What do you think? > 2.5) Is this related to whether the global zone can share a resource? > > 3) I know we've talked about a zone not being able to share stuff > outside of its namespace, but I wonder if we should further restrict > this to sharing storage that's fully administered in the zone, e.g. > you can't share a filesystem you got via lofs, but you can share > from a /dev/dsk/cxtxdx or a zpool that had been fully delegated to > you. Opinions? > This might be useful for higher levels of security. Not sure how we would go about that, but it's definitely an interesting idea that I'm sure some gov. agency would love:) > 4) A bug currently prevents a client instance and a server instance > from being safe to use on the same box (apologies, can't quote the > bugid from here). How likely, in your use case, is it that this will > be a problem, i.e. will your boxes be in the position where a zone > needs data shared from another zone as opposed to a separate server? > I can definitely see situations where one zone is a server for another zone. One wacky idea would be a N1GE master zone sharing it's grid shares to execution nodes that could be anywhere on the network or even on the same box! > Rob T > _______________________________________________ > nfs-discuss mailing list > nfs-discuss at opensolaris.org > *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Octave J. Orgeron Solaris Systems Engineer http://www.opensolaris.org/os/community/sysadmin/ http://unixconsole.blogspot.com unixconsole at yahoo.com *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* ____________________________________________________________________________________ Never Miss an Email Stay connected with Yahoo! Mail on your mobile. Get started! http://mobile.yahoo.com/services?promote=mail
