Solved [Solved] Accessing ZFS pool from jails

R

RedBeast

Hi guys,

I'm new to BSD FreeBSD and I'm setting up a headless file server that will also run a couple of other services. At the moment I'm trying to run NFS and Deluge in separate jails, and they will both need access to my main ZFS pool which is mounted at /storage on the host. What is the best way to access the zpool from within the jails? Please let me know if you need any more information about my system.

Thanks a lot.
 
Re: Accessing ZFS pool from jails

Why do you need access to the pool itself? The usual approach would be to create a ZFS filesystem (or "dataset") and then allow your jail to access it. This can be done by using the so called jailed property (see the zfs(8) manualpage for more information on that).

This property will also provide management access over the filesystem from within the jail itself. Keep in mind that if you use this approach then you won't be able to access the filesystem by mounting it somewhere outside the jail.

Still, I personally prefer using nullfs, so basically 'remounting' an already existing filesystem somewhere else. This is also relatively easy to manage; you might want to look into the mount.fstab option for usage in /etc/jail.conf (see the jail.conf(5) manualpage for that).

Also; not trying to scare you here but I don't think you'll have much luck trying to get NFS working from inside a jail. That is, unless of course we're talking about the client component (so mounting remote filesystems; not sure from mind but I could imagine this to be doable).

But running an NFS server from inside a jail is nearly an impossible task. I ended up utilizing net/samba36 just because of that. While the NFS server was an utter pain to set up (well, not so much setting up but actually getting it to work) using Samba was a breeze in comparison.

Edit: s/this\ also/this\ is\ also/
 
Re: Accessing ZFS pool from jails

Hi @ShelLuser,

Thanks for your reply. Sorry, I did mean dataset not pool. Basically I was looking for a way for my server to run only SSH on the host, then have the ZFS dataset shared read-only on the network over NFS from jail1, and then have the deluge daemon running on jail2 with the ability to write to the dataset. It looks like if I use the ZFS jailed property to attach it to jail1, then it wouldn't be accessible by jail2 or the host. I haven't used nullfs before but from looking at the man page...

Code: 
mount -t nullfs -o ro /storage /usr/jails/myJail1/storage  # read-only for NFS server
mount -t nullfs /storage /usr/jails/myJail2/storage  # read-write for deluge daemon
Would that give me access to the dataset in both jails?
 
Last edited by a moderator:
Re: Accessing ZFS pool from jails

That looks about right, yes. But don't forget my comment about mount.fstab. If you're using a jail.conf (and thus also using commands such as jail and jexec) then this can be a very easy feature because it will automatically mount (and dismount) these points whenever your jail gets started or stopped.
 
Re: Accessing ZFS pool from jails

Thanks again for your help. I think I should be able to do it all now.
 
You must log in or register to reply here.
Back
Top