Date: Sat, 28 Apr 2018 09:08:42 +0300 From: Daniel Braniss <danny@cs.huji.ac.il> To: Mark Raynsford <list+org.freebsd.virtualization@io7m.com> Cc: freebsd-virtualization@freebsd.org Subject: Re: Read-only view of a ZFS filesystem inside a bhyve guest? Message-ID: <FCEED1DB-80FA-4407-9017-9B17F6E155B9@cs.huji.ac.il> In-Reply-To: <20180427174341.03373bc8@almond.int.arc7.info> References: <20180427174341.03373bc8@almond.int.arc7.info>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 27 Apr 2018, at 19:43, Mark Raynsford via freebsd-virtualization = <freebsd-virtualization@freebsd.org> wrote: >=20 > Hello. >=20 > I'm looking to do what the subject says: I have an existing ZFS > filesystem (/storage/xyz) and I'd like to provide a read-only view of > the filesystem to a set of bhyve guests. The guests in this case could > be solely FreeBSD guests, but if there's a pleasant way to allow for > OpenBSD or Linux guests, I'd like that. >=20 > I'm essentially looking to move some jail-based infrastructure to = bhyve > guests. With the jails, I have a ZFS filesystem on the host that's > mounted read-only inside some of the jails using nullfs. I'm not sure > if there's something analogous for bhyve guests. >=20 > I've looked at NFS, but this seems like overkill and possibly hard to > secure. Same applies to Samba. sshfs might be an option, but I'd = really > prefer to have as few daemons listening on the host machine as = possible > for security reasons. >=20 > --=20 > Mark Raynsford | http://www.io7m.com >=20 since the clients and the server are sharing the zfs volume, I=E2=80=99m doing the following: on the server I did: zfs create -sV 4G h/root.ro <http://root.ro/>; newfs /dev/zvol/h/root.ro <http://root.ro/>; mount /dev/zol/h/root.ro <http://root.ro/>; /mnt copy a working root image to it. umount /mnt the clients then mount it as ro, the vm conflg file has: disk0_type=3Dvirtio-blk=E2=80=9D disk0_name=3D=E2=80=9C/dev/zvol/h/root.ro = <http://root.ro/>=E2=80=9D disk0_dev=3D=E2=80=9Ccustom=E2=80=9D one solution to the fact that the root is read-only is to use unionfs = (probably nullfs will do too) the only problem I have is updating the image. hope this helps danny
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FCEED1DB-80FA-4407-9017-9B17F6E155B9>