Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 28 Apr 2018 09:08:42 +0300
From:      Daniel Braniss <danny@cs.huji.ac.il>
To:        Mark Raynsford <list+org.freebsd.virtualization@io7m.com>
Cc:        freebsd-virtualization@freebsd.org
Subject:   Re: Read-only view of a ZFS filesystem inside a bhyve guest?
Message-ID:  <FCEED1DB-80FA-4407-9017-9B17F6E155B9@cs.huji.ac.il>
In-Reply-To: <20180427174341.03373bc8@almond.int.arc7.info>
index | next in thread | previous in thread | raw e-mail 



> On 27 Apr 2018, at 19:43, Mark Raynsford via freebsd-virtualization <freebsd-virtualization@freebsd.org> wrote:
> 
> Hello.
> 
> I'm looking to do what the subject says: I have an existing ZFS
> filesystem (/storage/xyz) and I'd like to provide a read-only view of
> the filesystem to a set of bhyve guests. The guests in this case could
> be solely FreeBSD guests, but if there's a pleasant way to allow for
> OpenBSD or Linux guests, I'd like that.
> 
> I'm essentially looking to move some jail-based infrastructure to bhyve
> guests. With the jails, I have a ZFS filesystem on the host that's
> mounted read-only inside some of the jails using nullfs. I'm not sure
> if there's something analogous for bhyve guests.
> 
> I've looked at NFS, but this seems like overkill and possibly hard to
> secure. Same applies to Samba. sshfs might be an option, but I'd really
> prefer to have as few daemons listening on the host machine as possible
> for security reasons.
> 
> -- 
> Mark Raynsford | http://www.io7m.com
> 
since the clients and the server are sharing the zfs volume,
I’m doing the following:
on the server I did:
	zfs create -sV 4G h/root.ro <http://root.ro/>;
  	newfs /dev/zvol/h/root.ro <http://root.ro/>;
	mount /dev/zol/h/root.ro <http://root.ro/>; /mnt
	copy a working root image to it.
        umount /mnt
	the clients then mount it as ro,
	the vm conflg file has:
		disk0_type=virtio-blk”
		disk0_name=“/dev/zvol/h/root.ro <http://root.ro/>
		disk0_dev=“custom”

one solution to the fact that the root is read-only is to use unionfs (probably nullfs will do too)

the only problem I have is updating the image.

hope this helps

	danny
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FCEED1DB-80FA-4407-9017-9B17F6E155B9>