[lxc-users] ZVOL and zfs support inside a container

Stéphane Graber stgraber at ubuntu.com
Sun Apr 2 23:25:39 UTC 2017 

You'd need to pass /dev/zfs, something like this should do:

    lxc config device add CONTAINER zfs unix-char path=/dev/zfs

But I'm a bit concerned as to how zfs will behave since it's not aware
of mount namespaces, so it may attempt to do mounts at the host level or
mount in the container namepsace but show host level paths.

Anyway, if you have a system you don't care too much about, you can
certainly try it and see what happens :)

It's also possible that some of the zfs kernel code does checks for real
root, in which case you'll also need for your container to be
privileged.

On Sun, Apr 02, 2017 at 11:22:45PM +0000, Spike wrote:
> Stéphane,
> 
> for the use case I have in mind it might actually be ok, I'm just trying to
> avoid installing and running some stuff on the root box, but I have no
> problems with the entire zfs pool being exposed to this specific container.
> How would I go about doing that?
> 
> thanks,
> 
> Spike
> 
> On Sun, Apr 2, 2017 at 11:56 AM Stéphane Graber <stgraber at ubuntu.com> wrote:
> 
> > On Sun, Apr 02, 2017 at 06:51:30PM +0000, Spike wrote:
> > > Hi,
> > >
> > > I'm playing with various combinations of virtualization and backends to
> > > find the best way to manage some samba and nfs exports and one of the
> > > options I'm considering is the following:
> > >
> > > - run a lxd container backed up by zfs
> > > - create a ZVOL on zfs
> > > - export the VZOL to the container as a block device
> > > - create a zpool from that device inside the container
> > > - export that
> > >
> > > however I can't seem to be able to make the container see and manage zfs
> > > stuff. firs off it seems that the container needs to be privileged, which
> > > is ok, it's not hosting anything or providing any public services.
> > Second,
> > > I got the impression that I need to expose the /dev/zfs from the host to
> > > the container? is that the case? is there no way to create a second one
> > > with access just to the ZVOL?
> > >
> > > thanks for any help,
> > >
> > > Spike
> >
> > ZFS unfortunately doesn't work in containers.
> >
> > All ZFS configuration goes through /dev/zfs and that device isn't
> > namespace aware, so granting access to it in the container would let the
> > container see and manage the host zpool.
> >
> > I've been told a couple of years ago by the ZFS on Linux maintainer that
> > they were looking at making ZFS on Linux container aware (in a way
> > similar to Solaris' implementation) but I don't believe this has
> > resulted to any code being merged at this point.
> >
> >
> > --
> > Stéphane Graber
> > Ubuntu developer
> > http://www.ubuntu.com
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users

> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users


-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170402/97ae6aab/attachment.sig>

More information about the lxc-users mailing list