From owner-freebsd-virtualization@freebsd.org Sat Apr 28 06:17:38 2018 Return-Path: Delivered-To: freebsd-virtualization@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D2B00FC256B for ; Sat, 28 Apr 2018 06:17:37 +0000 (UTC) (envelope-from danny@cs.huji.ac.il) Received: from kabab.cs.huji.ac.il (kabab.cs.huji.ac.il [132.65.116.210]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 63D2B6AA8D for ; Sat, 28 Apr 2018 06:17:36 +0000 (UTC) (envelope-from danny@cs.huji.ac.il) Received: from imac.bk.cs.huji.ac.il ([132.65.179.42]) by kabab.cs.huji.ac.il with esmtp id 1fCJ2I-000DDU-W2; Sat, 28 Apr 2018 09:08:43 +0300 From: Daniel Braniss Message-Id: Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) Subject: Re: Read-only view of a ZFS filesystem inside a bhyve guest? Date: Sat, 28 Apr 2018 09:08:42 +0300 In-Reply-To: <20180427174341.03373bc8@almond.int.arc7.info> Cc: freebsd-virtualization@freebsd.org To: Mark Raynsford References: <20180427174341.03373bc8@almond.int.arc7.info> X-Mailer: Apple Mail (2.3445.6.18) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Apr 2018 06:17:38 -0000 > On 27 Apr 2018, at 19:43, Mark Raynsford via freebsd-virtualization = wrote: >=20 > Hello. >=20 > I'm looking to do what the subject says: I have an existing ZFS > filesystem (/storage/xyz) and I'd like to provide a read-only view of > the filesystem to a set of bhyve guests. The guests in this case could > be solely FreeBSD guests, but if there's a pleasant way to allow for > OpenBSD or Linux guests, I'd like that. >=20 > I'm essentially looking to move some jail-based infrastructure to = bhyve > guests. With the jails, I have a ZFS filesystem on the host that's > mounted read-only inside some of the jails using nullfs. I'm not sure > if there's something analogous for bhyve guests. >=20 > I've looked at NFS, but this seems like overkill and possibly hard to > secure. Same applies to Samba. sshfs might be an option, but I'd = really > prefer to have as few daemons listening on the host machine as = possible > for security reasons. >=20 > --=20 > Mark Raynsford | http://www.io7m.com >=20 since the clients and the server are sharing the zfs volume, I=E2=80=99m doing the following: on the server I did: zfs create -sV 4G h/root.ro newfs /dev/zvol/h/root.ro mount /dev/zol/h/root.ro /mnt copy a working root image to it. umount /mnt the clients then mount it as ro, the vm conflg file has: disk0_type=3Dvirtio-blk=E2=80=9D disk0_name=3D=E2=80=9C/dev/zvol/h/root.ro = =E2=80=9D disk0_dev=3D=E2=80=9Ccustom=E2=80=9D one solution to the fact that the root is read-only is to use unionfs = (probably nullfs will do too) the only problem I have is updating the image. hope this helps danny