Sun Microsystems
Products & Services
 
Support & Training
 
 

Previous Previous     Contents     Next Next
Chapter 8

Advanced Topics

This chapter describes emulated volumes, using ZFS on a Solaris system with zones installed, and alternate root pools.

The following sections are provided in this chapter.

8.1 Emulated Volumes

An emulated volume is a dataset that represents a block device and can be used like any block device. ZFS volumes are identified as devices in the /dev/zvol/{dsk,rdsk}/path directory.

The following syntax creates a 5-Gbyte ZFS volume, tank/vol:

# zfs create -V 5gb tank/vol

When you create a volume, a reservation is automatically set to the initial size of the volume. The reservation size continues to equal the size of the volume so that unexpected behavior doesn't occur. For example, if the size of volume shrinks, data corruption might occur. This means you should be careful when changing the size of the volume.

If you are using a Solaris system with zones installed, you cannot create or clone a ZFS volume in a non-global zone. Any attempt to create or clone a volume from within a non-global zone fail. For information about using ZFS volumes in a global zone, see 8.2.3 Adding ZFS Volumes to a Non-Global Zone.

8.1.1 Emulated Volumes as Swap or Dump Devices

To set up a swap area, create a ZFS volume of a specific size and then enable swap on that device. Do not swap to a file on a ZFS file system. A ZFS swap file configuration is not supported.

The following syntax adds the 5-Gbyte tank/vol volume as a swap device.

# swap -a /dev/zvol/dsk/tank/vol
# swap -l
swapfile             dev  swaplo blocks   free
/dev/dsk/c0t0d0s1   32,33     16 1048688 1048688
/dev/zvol/dsk/tank/vol 254,1      16 10485744 10485744

Using a ZFS volume as a dump device is currently unsupported. Use the dumpadm command to setup a dump device as you would with a UFS file system.

8.2 Using ZFS on a Solaris System With Zones Installed

ZFS datasets can be added to a zone either as a generic filesystem, or as a delegated dataset.

Adding a filesystem allows the non-global zone to share space with the global zone, though the zone administrator cannot control properties on the underlying dataset or create new filesystems within the dataset. This is identical to adding any other type of filesystem to a zone, and should be used when the primary purpose is solely to share common space.

ZFS also allows datasets to be delegated to a non-global zone, giving complete control over the dataset and all its children to the zone administrator. The zone administrator can create and destroy filesystems within that dataset, and modify properties of the datasets. The zone administrator cannot affect datasets not added to the zone, and cannot exceed any top level quotas set on the exported dataset.

8.2.1 Adding File Systems to a Non-Global Zone

ZFS datasets should be added as generic file systems when the goal is solely to share space with the global zone. You can export a ZFS file system to a non-global zone by using the add fs command in zonecfg(1M):

As the global administrator in the global zone:

# zonecfg -z zion
zion: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:zion> create
zonecfg:zion> add fs
zonecfg:zion:fs> set type=zfs
zonecfg:zion:fs> set special=tank/zone/zion
zonecfg:zion:fs> set dir=/export/shared
zonecfg:zion:fs> end

This syntax adds the ZFS filesystem tank/zone/zion to the zone zion, mounted at /export/shared. The mountpoint property of the dataset must be set to legacy, and the filesystem cannot already be mounted in another location. The zone administrator can create and destroy files within the filesystem. The filesystem cannot be re-mounted in a different location, nor can the administrator change properties on the filesystem such as atime, readonly, compression, etc. The filesystem appears in the /etc/mnttab file, and is present nor visible in zfs(1M) output. The global zone administrator is responsible for setting and controlling properties of the dataset.

For more information about the zonecfg command and about configuring resource types with zonecfg, see System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.

8.2.2 Delegating Datasets to a Non-Global Zone

If the primary goal is to delegate administration of storage to a zone, then ZFS supports adding datasets to a non-global zone through use of the add dataset command in zonecfg(1M):

As the global administrator in the global zone:

# zonecfg -z zion
zion: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:zion> create
zonecfg:zion> add dataset
zonecfg:zion:dataset> set name=tank/zone/zion
zonecfg:zion:dataset> end

Unlike adding a filesystem, this syntax causes the ZFS dataset tank/zone/zion to be visible within the zone zion. The zone administrator is able to set properties on the dataset, as well as create children. It allows the zone administrator to take snapshots, create clones, and otherwise control the entire namespace below the added dataset.

For more information on what actions are allowed, see 8.2.5 Property Management Within a Zone.

8.2.3 Adding ZFS Volumes to a Non-Global Zone

Emulated volumes cannot be added to a zone using zonecfg's add dataset subcommand. If an attempt to add an emulated volume is detected, the zone refuses to boot. However, volumes can be added to a zone by using zonecfg's add dataset subcommand. For example:

As the global administrator in the global zone:

# zonecfg -z zion
zion: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:zion> create
zonecfg:zion> add device
zonecfg:zion:device> set match=/dev/zvol/dsk/tank/vol
zonecfg:zion:device> end

This syntax exports the tank/vol emulated volume to the zone. Note that adding a raw volume to a zone has implicit security risks, even if the volume doesn't correspond to a physical device. In particular, the zone administrator could create malformed filesystems that would panic the system when a mount was attempted. For more information on adding devices to zones and the related security risks, see 8.2.6 Understanding the zoned Property.

For more information about adding devices to zones, see System Administration Guide: Solaris Containers-Resource Management and Solaris Zones.

8.2.4 Using ZFS Storage Pools Within a Zone

ZFS storage pools cannot be created or modified within a zone. The delegated administration model centralizes control of physical storage devices within the global zone, and control of virtual storage to non-global zones. While a pool-level dataset can be added to a zone, any command that modifies the physical characteristics of the pool, such as creation, deletion, adding or removing devices, is not allowed from within a zone. Even if physical devices are added to a zone via zonecfg's add device subcommand, or if files are used, the zpool(1M) command does not allow the creation of any new pools within the zone.

8.2.5 Property Management Within a Zone

Once a dataset is added to a zone, it allows a certain level of control for the zone administrator. When a dataset is added to a zone, all its ancestors are visible as read-only datasets, while the dataset itself is writable as are all its children. For example, if we had the following configuration:

global# zfs list -Ho name
tank
tank/home
tank/data
tank/data/matrix
tank/data/zion
tank/data/zion/home

If we added tank/data/zion to a zone, each dataset would have the following properties:

Dataset

Visible

Writable

Immutable Properties

tank

yes

no

-

tank/home

no

-

-

tank/data

yes

no

-

tank/data/matrix

no

-

-

tank/data/zion

yes

yes

sharenfs, zoned, quota, reservation

tank/data/zion/home

yes

yes

sharenfs, zoned

Note that every parent of tank/zone/zion is visible read-only, all children are writable, and those not part of the parent hierarchy are not visible at all. The zone administrator cannot change the sharenfs property, because non-global zones cannot act as NFS servers. Neither can the administrator change the zoned property, because it would expose a security risk as described in the next section.

Any other property can be changed, except for the added dataset itself, where the quota and reservation properties cannot be changed. This allows the global zone administrator to control the space consumption of all datasets used by the non-global zone.

In addition, the sharenfs and mountpoint properties cannot be changed by the global zone administrator once a dataset has been added to a non-global zone.

Previous Previous     Contents     Next Next